diff options
author | Bernhard Reutner-Fischer <rep.dot.nop@gmail.com> | 2006-12-21 13:52:43 +0000 |
---|---|---|
committer | Bernhard Reutner-Fischer <rep.dot.nop@gmail.com> | 2006-12-21 13:52:43 +0000 |
commit | ae5ff6bc509e53f95198e461af40a4c06b743e70 (patch) | |
tree | 8ea4db3457da242c6d26695a8ab64f38da681b52 /package/sudo/sudo_1.6.8p12-1ubuntu6.patch | |
parent | 3c9baee374857de425a0e14f0f13ad27491006be (diff) |
- bump version and make it work
Diffstat (limited to 'package/sudo/sudo_1.6.8p12-1ubuntu6.patch')
-rw-r--r-- | package/sudo/sudo_1.6.8p12-1ubuntu6.patch | 3994 |
1 files changed, 3994 insertions, 0 deletions
diff --git a/package/sudo/sudo_1.6.8p12-1ubuntu6.patch b/package/sudo/sudo_1.6.8p12-1ubuntu6.patch new file mode 100644 index 000000000..a370bd06c --- /dev/null +++ b/package/sudo/sudo_1.6.8p12-1ubuntu6.patch @@ -0,0 +1,3994 @@ +--- sudo-1.6.8p12.orig/sudoers.man.in ++++ sudo-1.6.8p12/sudoers.man.in +@@ -759,7 +759,7 @@ + .IP "exempt_group" 12 + .IX Item "exempt_group" + Users in this group are exempt from password and \s-1PATH\s0 requirements. +-This is not set by default. ++On Debian systems, this is set to the group 'sudo' by default. + .IP "verifypw" 12 + .IX Item "verifypw" + This option controls when a password will be required when a user runs +--- sudo-1.6.8p12.orig/sudo.man.in ++++ sudo-1.6.8p12/sudo.man.in +@@ -185,8 +185,7 @@ + \&\fBsudo\fR determines who is an authorized user by consulting the file + \&\fI@sysconfdir@/sudoers\fR. By giving \fBsudo\fR the \fB\-v\fR flag a user + can update the time stamp without running a \fIcommand.\fR The password +-prompt itself will also time out if the user's password is not +-entered within \f(CW\*(C`@password_timeout@\*(C'\fR minutes (unless overridden via ++prompt itself will not time out in Debian's version (unless overridden via + \&\fIsudoers\fR). + .PP + If a user who is not listed in the \fIsudoers\fR file tries to run a +--- sudo-1.6.8p12.orig/parse.yacc ++++ sudo-1.6.8p12/parse.yacc +@@ -120,6 +120,7 @@ + } \ + match[top].user = UNSPEC; \ + match[top].cmnd = UNSPEC; \ ++ match[top].cmndall= UNSPEC; \ + match[top].host = UNSPEC; \ + match[top].runas = UNSPEC; \ + match[top].nopass = def_authenticate ? UNSPEC : TRUE; \ +@@ -135,6 +136,7 @@ + } \ + match[top].user = match[top-1].user; \ + match[top].cmnd = match[top-1].cmnd; \ ++ match[top].cmndall= match[top-1].cmndall; \ + match[top].host = match[top-1].host; \ + match[top].runas = match[top-1].runas; \ + match[top].nopass = match[top-1].nopass; \ +@@ -675,6 +677,7 @@ + } + } + ++ SETMATCH(cmnd_all, TRUE); + $$ = TRUE; + } + | ALIAS { +@@ -705,6 +708,7 @@ + $$ = NOMATCH; + } + free($1); ++ SETMATCH(cmnd_all, FALSE); + } + | COMMAND { + if (printmatches == TRUE) { +@@ -730,6 +734,7 @@ + free($1.cmnd); + if ($1.args) + free($1.args); ++ SETMATCH(cmnd_all, FALSE); + } + ; + +--- sudo-1.6.8p12.orig/env.c ++++ sudo-1.6.8p12/env.c +@@ -77,7 +77,7 @@ + /* + * Prototypes + */ +-char **rebuild_env __P((char **, int, int)); ++char **rebuild_env __P((char **, int, int, int)); + char **zero_env __P((char **)); + static void insert_env __P((char *, int)); + static char *format_env __P((char *, ...)); +@@ -89,6 +89,8 @@ + static const char *initial_badenv_table[] = { + "IFS", + "CDPATH", ++ "SHELLOPTS", ++ "PS4", + "LOCALDOMAIN", + "RES_OPTIONS", + "HOSTALIASES", +@@ -140,6 +142,12 @@ + "LC_*", + "LANG", + "LANGUAGE", ++ "TERM", ++ "HOME", ++ "LOGNAME", ++ "DISPLAY", ++ "XAUTHORITY", ++ "XAUTHORIZATION", + NULL + }; + +@@ -321,10 +329,11 @@ + * Also adds sudo-specific variables (SUDO_*). + */ + char ** +-rebuild_env(envp, sudo_mode, noexec) ++rebuild_env(envp, sudo_mode, noexec, noclean) + char **envp; + int sudo_mode; + int noexec; ++ int noclean; + { + char **ep, *cp, *ps1; + int okvar, iswild, didvar; +@@ -429,7 +438,7 @@ + * env_check. + */ + for (ep = envp; *ep; ep++) { +- okvar = 1; ++ okvar = noclean; + + /* Skip variables with values beginning with () (bash functions) */ + if ((cp = strchr(*ep, '=')) != NULL) { +@@ -438,6 +447,7 @@ + } + + /* Skip anything listed in env_delete. */ ++#if 0 + for (cur = def_env_delete; cur && okvar; cur = cur->next) { + len = strlen(cur->value); + /* Deal with '*' wildcard */ +@@ -451,9 +461,10 @@ + okvar = 0; + } + } ++#endif + + /* Check certain variables for '%' and '/' characters. */ +- for (cur = def_env_check; cur && okvar; cur = cur->next) { ++ for (cur = def_env_check; cur; cur = cur->next) { + len = strlen(cur->value); + /* Deal with '*' wildcard */ + if (cur->value[len - 1] == '*') { +@@ -463,8 +474,24 @@ + iswild = 0; + if (strncmp(cur->value, *ep, len) == 0 && + (iswild || (*ep)[len] == '=') && +- strpbrk(*ep, "/%")) { +- okvar = 0; ++ strpbrk(*ep, "/%") == NULL) { ++ okvar = 1; ++ } ++ } ++ ++ /* keep variables in env_keep */ ++ for (cur = def_env_keep; cur; cur = cur->next) { ++ len = strlen(cur->value); ++ /* Deal with '*' wildcard */ ++ if (cur->value[len - 1] == '*') { ++ len--; ++ iswild = 1; ++ } else ++ iswild = 0; ++ if (strncmp(cur->value, *ep, len) == 0 && ++ (iswild || (*ep)[len] == '=')) { ++ okvar = 1; ++ break; + } + } + +--- sudo-1.6.8p12.orig/sudoers.pod ++++ sudo-1.6.8p12/sudoers.pod +@@ -93,7 +93,7 @@ + + Cmnd_Alias ::= NAME '=' Cmnd_List + +- NAME ::= [A-Z]([A-Z][0-9]_)* ++ NAME ::= [A-Z]([a-z][A-Z][0-9]_)* + + Each I<alias> definition is of the form + +@@ -568,7 +568,7 @@ + + =item C<%%> + +-two consecutive C<%> characters are collaped into a single C<%> character ++two consecutive C<%> characters are collapsed into a single C<%> character + + =back + +@@ -669,8 +669,8 @@ + + =item exempt_group + +-Users in this group are exempt from password and PATH requirements. +-This is not set by default. ++Users in this group are exempt from password and PATH requirements. This ++option is turned on for Debian. + + =item verifypw + +--- sudo-1.6.8p12.orig/ins_classic.h ++++ sudo-1.6.8p12/ins_classic.h +@@ -32,7 +32,7 @@ + "Where did you learn to type?", + "Are you on drugs?", + "My pet ferret can type better than you!", +- "You type like i drive.", ++ "You type like I drive.", + "Do you think like you type?", + "Your mind just hasn't been the same since the electro-shock, has it?", + +--- sudo-1.6.8p12.orig/config.guess ++++ sudo-1.6.8p12/config.guess +@@ -1,11 +1,9 @@ + #! /bin/sh + # Attempt to guess a canonical system name. + # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, +-# 2000, 2001, 2002 Free Software Foundation, Inc. +-# +-# $Sudo: config.guess,v 1.10 2004/08/09 23:04:35 millert Exp $ ++# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. + +-timestamp='2002-11-30' ++timestamp='2005-08-03' + + # This file is free software; you can redistribute it and/or modify it + # under the terms of the GNU General Public License as published by +@@ -19,13 +17,15 @@ + # + # You should have received a copy of the GNU General Public License + # along with this program; if not, write to the Free Software +-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ++# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA ++# 02110-1301, USA. + # + # As a special exception to the GNU General Public License, if you + # distribute this file as part of a program that contains a + # configuration script generated by Autoconf, you may include it under + # the same distribution terms that you use for the rest of that program. + ++ + # Originally written by Per Bothner <per@bothner.com>. + # Please send patches to <config-patches@gnu.org>. Submit a context + # diff and a properly formatted ChangeLog entry. +@@ -55,7 +55,7 @@ + GNU config.guess ($timestamp) + + Originally written by Per Bothner. +-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 ++Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 + Free Software Foundation, Inc. + + This is free software; see the source for copying conditions. There is NO +@@ -68,11 +68,11 @@ + while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) +- echo "$timestamp" ; exit 0 ;; ++ echo "$timestamp" ; exit ;; + --version | -v ) +- echo "$version" ; exit 0 ;; ++ echo "$version" ; exit ;; + --help | --h* | -h ) +- echo "$usage"; exit 0 ;; ++ echo "$usage"; exit ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. +@@ -100,14 +100,18 @@ + # Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still + # use `HOST_CC' if defined, but it is deprecated. + +-# This shell variable is my proudest work .. or something. --bje ++# Portable tmp directory creation inspired by the Autoconf team. + +-set_cc_for_build='tmpdir=${TMPDIR-/tmp}/config-guess-$$ ; +-(old=`umask` && umask 077 && mkdir $tmpdir && umask $old && unset old) +- || (echo "$me: cannot create $tmpdir" >&2 && exit 1) ; +-dummy=$tmpdir/dummy ; +-files="$dummy.c $dummy.o $dummy.rel $dummy" ; +-trap '"'"'rm -f $files; rmdir $tmpdir; exit 1'"'"' 1 2 15 ; ++set_cc_for_build=' ++trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; ++trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; ++: ${TMPDIR=/tmp} ; ++ { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || ++ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || ++ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || ++ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; ++dummy=$tmp/dummy ; ++tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; + case $CC_FOR_BUILD,$HOST_CC,$CC in + ,,) echo "int x;" > $dummy.c ; + for c in cc gcc c89 c99 ; do +@@ -115,15 +119,13 @@ + CC_FOR_BUILD="$c"; break ; + fi ; + done ; +- rm -f $files ; + if test x"$CC_FOR_BUILD" = x ; then + CC_FOR_BUILD=no_compiler_found ; + fi + ;; + ,,*) CC_FOR_BUILD=$CC ;; + ,*,*) CC_FOR_BUILD=$HOST_CC ;; +-esac ; +-unset files' ++esac ; set_cc_for_build= ;' + + # This is needed to find uname on a Pyramid OSx when run in the BSD universe. + # (ghazi@noc.rutgers.edu 1994-08-24) +@@ -196,104 +198,109 @@ + # contains redundant information, the shorter form: + # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. + echo "${machine}-${os}${release}" +- exit 0 ;; ++ exit ;; + *:OpenBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` + echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; ++ *:ekkoBSD:*:*) ++ echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} ++ exit ;; ++ macppc:MirBSD:*:*) ++ echo powerppc-unknown-mirbsd${UNAME_RELEASE} ++ exit ;; ++ *:MirBSD:*:*) ++ echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} ++ exit ;; + alpha:OSF1:*:*) +- if test $UNAME_RELEASE = "V4.0"; then ++ case $UNAME_RELEASE in ++ *4.0) + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` +- fi ++ ;; ++ *5.*) ++ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` ++ ;; ++ esac ++ # According to Compaq, /usr/sbin/psrinfo has been available on ++ # OSF/1 and Tru64 systems produced since 1995. I hope that ++ # covers most systems running today. This code pipes the CPU ++ # types through head -n 1, so we only detect the type of CPU 0. ++ ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` ++ case "$ALPHA_CPU_TYPE" in ++ "EV4 (21064)") ++ UNAME_MACHINE="alpha" ;; ++ "EV4.5 (21064)") ++ UNAME_MACHINE="alpha" ;; ++ "LCA4 (21066/21068)") ++ UNAME_MACHINE="alpha" ;; ++ "EV5 (21164)") ++ UNAME_MACHINE="alphaev5" ;; ++ "EV5.6 (21164A)") ++ UNAME_MACHINE="alphaev56" ;; ++ "EV5.6 (21164PC)") ++ UNAME_MACHINE="alphapca56" ;; ++ "EV5.7 (21164PC)") ++ UNAME_MACHINE="alphapca57" ;; ++ "EV6 (21264)") ++ UNAME_MACHINE="alphaev6" ;; ++ "EV6.7 (21264A)") ++ UNAME_MACHINE="alphaev67" ;; ++ "EV6.8CB (21264C)") ++ UNAME_MACHINE="alphaev68" ;; ++ "EV6.8AL (21264B)") ++ UNAME_MACHINE="alphaev68" ;; ++ "EV6.8CX (21264D)") ++ UNAME_MACHINE="alphaev68" ;; ++ "EV6.9A (21264/EV69A)") ++ UNAME_MACHINE="alphaev69" ;; ++ "EV7 (21364)") ++ UNAME_MACHINE="alphaev7" ;; ++ "EV7.9 (21364A)") ++ UNAME_MACHINE="alphaev79" ;; ++ esac ++ # A Pn.n version is a patched version. + # A Vn.n version is a released version. + # A Tn.n version is a released field test version. + # A Xn.n version is an unreleased experimental baselevel. + # 1.2 uses "1.2" for uname -r. +- eval $set_cc_for_build +- cat <<EOF >$dummy.s +- .data +-\$Lformat: +- .byte 37,100,45,37,120,10,0 # "%d-%x\n" +- +- .text +- .globl main +- .align 4 +- .ent main +-main: +- .frame \$30,16,\$26,0 +- ldgp \$29,0(\$27) +- .prologue 1 +- .long 0x47e03d80 # implver \$0 +- lda \$2,-1 +- .long 0x47e20c21 # amask \$2,\$1 +- lda \$16,\$Lformat +- mov \$0,\$17 +- not \$1,\$18 +- jsr \$26,printf +- ldgp \$29,0(\$26) +- mov 0,\$16 +- jsr \$26,exit +- .end main +-EOF +- $CC_FOR_BUILD -o $dummy $dummy.s 2>/dev/null +- if test "$?" = 0 ; then +- case `$dummy` in +- 0-0) +- UNAME_MACHINE="alpha" +- ;; +- 1-0) +- UNAME_MACHINE="alphaev5" +- ;; +- 1-1) +- UNAME_MACHINE="alphaev56" +- ;; +- 1-101) +- UNAME_MACHINE="alphapca56" +- ;; +- 2-303) +- UNAME_MACHINE="alphaev6" +- ;; +- 2-307) +- UNAME_MACHINE="alphaev67" +- ;; +- 2-1307) +- UNAME_MACHINE="alphaev68" +- ;; +- 3-1307) +- UNAME_MACHINE="alphaev7" +- ;; +- esac +- fi +- rm -f $dummy.s $dummy && rmdir $tmpdir +- echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` +- exit 0 ;; ++ echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` ++ exit ;; + Alpha\ *:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # Should we change UNAME_MACHINE based on the output of uname instead + # of the specific Alpha model? + echo alpha-pc-interix +- exit 0 ;; ++ exit ;; + 21064:Windows_NT:50:3) + echo alpha-dec-winnt3.5 +- exit 0 ;; ++ exit ;; + Amiga*:UNIX_System_V:4.0:*) + echo m68k-unknown-sysv4 +- exit 0;; ++ exit ;; + *:[Aa]miga[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-amigaos +- exit 0 ;; ++ exit ;; + *:[Mm]orph[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-morphos +- exit 0 ;; ++ exit ;; + *:OS/390:*:*) + echo i370-ibm-openedition +- exit 0 ;; ++ exit ;; ++ *:z/VM:*:*) ++ echo s390-ibm-zvmoe ++ exit ;; ++ *:OS400:*:*) ++ echo powerpc-ibm-os400 ++ exit ;; + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix${UNAME_RELEASE} +- exit 0;; ++ exit ;; ++ arm:riscos:*:*|arm:RISCOS:*:*) ++ echo arm-unknown-riscos ++ exit ;; + SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) + echo hppa1.1-hitachi-hiuxmpp +- exit 0;; ++ exit ;; + Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) + # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. + if test "`(/bin/universe) 2>/dev/null`" = att ; then +@@ -301,29 +308,32 @@ + else + echo pyramid-pyramid-bsd + fi +- exit 0 ;; ++ exit ;; + NILE*:*:*:dcosx) + echo pyramid-pyramid-svr4 +- exit 0 ;; +- DRS?6000:UNIX_SV:4.2*:7*) ++ exit ;; ++ DRS?6000:unix:4.0:6*) ++ echo sparc-icl-nx6 ++ exit ;; ++ DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) + case `/usr/bin/uname -p` in +- sparc) echo sparc-icl-nx7 && exit 0 ;; ++ sparc) echo sparc-icl-nx7; exit ;; + esac ;; + sun4H:SunOS:5.*:*) + echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` +- exit 0 ;; ++ exit ;; + sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) + echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` +- exit 0 ;; ++ exit ;; + i86pc:SunOS:5.*:*) + echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` +- exit 0 ;; ++ exit ;; + sun4*:SunOS:6*:*) + # According to config.sub, this is the proper way to canonicalize + # SunOS6. Hard to guess exactly what SunOS6 will be like, but + # it's likely to be more like Solaris than SunOS4. + echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` +- exit 0 ;; ++ exit ;; + sun4*:SunOS:*:*) + case "`/usr/bin/arch -k`" in + Series*|S4*) +@@ -332,10 +342,10 @@ + esac + # Japanese Language versions have a version number like `4.1.3-JL'. + echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` +- exit 0 ;; ++ exit ;; + sun3*:SunOS:*:*) + echo m68k-sun-sunos${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; + sun*:*:4.2BSD:*) + UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` + test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 +@@ -347,10 +357,10 @@ + echo sparc-sun-sunos${UNAME_RELEASE} + ;; + esac +- exit 0 ;; ++ exit ;; + aushp:SunOS:*:*) + echo sparc-auspex-sunos${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; + # The situation for MiNT is a little confusing. The machine name + # can be virtually everything (everything which is not + # "atarist" or "atariste" at least should have a processor +@@ -361,37 +371,40 @@ + # be no problem. + atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; + atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; + *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; + milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) + echo m68k-milan-mint${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; + hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) + echo m68k-hades-mint${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; + *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) + echo m68k-unknown-mint${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; ++ m68k:machten:*:*) ++ echo m68k-apple-machten${UNAME_RELEASE} ++ exit ;; + powerpc:machten:*:*) + echo powerpc-apple-machten${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; + RISC*:Mach:*:*) + echo mips-dec-mach_bsd4.3 +- exit 0 ;; ++ exit ;; + RISC*:ULTRIX:*:*) + echo mips-dec-ultrix${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; + VAX*:ULTRIX*:*:*) + echo vax-dec-ultrix${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; + 2020:CLIX:*:* | 2430:CLIX:*:*) + echo clipper-intergraph-clix${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; + mips:*:*:UMIPS | mips:*:*:RISCos) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c +@@ -415,33 +428,33 @@ + exit (-1); + } + EOF +- $CC_FOR_BUILD -o $dummy $dummy.c \ +- && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ +- && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0 +- rm -f $dummy.c $dummy && rmdir $tmpdir ++ $CC_FOR_BUILD -o $dummy $dummy.c && ++ dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && ++ SYSTEM_NAME=`$dummy $dummyarg` && ++ { echo "$SYSTEM_NAME"; exit; } + echo mips-mips-riscos${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; + Motorola:PowerMAX_OS:*:*) + echo powerpc-motorola-powermax +- exit 0 ;; ++ exit ;; + Motorola:*:4.3:PL8-*) + echo powerpc-harris-powermax +- exit 0 ;; ++ exit ;; + Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) + echo powerpc-harris-powermax +- exit 0 ;; ++ exit ;; + Night_Hawk:Power_UNIX:*:*) + echo powerpc-harris-powerunix +- exit 0 ;; ++ exit ;; + m88k:CX/UX:7*:*) + echo m88k-harris-cxux7 +- exit 0 ;; ++ exit ;; + m88k:*:4*:R4*) + echo m88k-motorola-sysv4 +- exit 0 ;; ++ exit ;; + m88k:*:3*:R3*) + echo m88k-motorola-sysv3 +- exit 0 ;; ++ exit ;; + AViiON:dgux:*:*) + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` +@@ -457,29 +470,29 @@ + else + echo i586-dg-dgux${UNAME_RELEASE} + fi +- exit 0 ;; ++ exit ;; + M88*:DolphinOS:*:*) # DolphinOS (SVR3) + echo m88k-dolphin-sysv3 +- exit 0 ;; ++ exit ;; + M88*:*:R3*:*) + # Delta 88k system running SVR3 + echo m88k-motorola-sysv3 +- exit 0 ;; ++ exit ;; + XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) + echo m88k-tektronix-sysv3 +- exit 0 ;; ++ exit ;; + Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) + echo m68k-tektronix-bsd +- exit 0 ;; ++ exit ;; + *:IRIX*:*:*) + echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` +- exit 0 ;; ++ exit ;; + ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. +- echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id +- exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' ++ echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id ++ exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + i*86:AIX:*:*) + echo i386-ibm-aix +- exit 0 ;; ++ exit ;; + ia64:AIX:*:*) + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` +@@ -487,7 +500,7 @@ + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} +- exit 0 ;; ++ exit ;; + *:AIX:2:3) + if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then + eval $set_cc_for_build +@@ -502,15 +515,18 @@ + exit(0); + } + EOF +- $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0 +- rm -f $dummy.c $dummy && rmdir $tmpdir +- echo rs6000-ibm-aix3.2.5 ++ if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` ++ then ++ echo "$SYSTEM_NAME" ++ else ++ echo rs6000-ibm-aix3.2.5 ++ fi + elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then + echo rs6000-ibm-aix3.2.4 + else + echo rs6000-ibm-aix3.2 + fi +- exit 0 ;; ++ exit ;; + *:AIX:*:[45]) + IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` + if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then +@@ -524,28 +540,28 @@ + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${IBM_ARCH}-ibm-aix${IBM_REV} +- exit 0 ;; ++ exit ;; + *:AIX:*:*) + echo rs6000-ibm-aix +- exit 0 ;; ++ exit ;; + ibmrt:4.4BSD:*|romp-ibm:BSD:*) + echo romp-ibm-bsd4.4 +- exit 0 ;; ++ exit ;; + ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and + echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to +- exit 0 ;; # report: romp-ibm BSD 4.3 ++ exit ;; # report: romp-ibm BSD 4.3 + *:BOSX:*:*) + echo rs6000-bull-bosx +- exit 0 ;; ++ exit ;; + DPX/2?00:B.O.S.:*:*) + echo m68k-bull-sysv3 +- exit 0 ;; ++ exit ;; + 9000/[34]??:4.3bsd:1.*:*) + echo m68k-hp-bsd +- exit 0 ;; ++ exit ;; + hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) + echo m68k-hp-bsd4.4 +- exit 0 ;; ++ exit ;; + 9000/[34678]??:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + case "${UNAME_MACHINE}" in +@@ -602,16 +618,36 @@ + } + EOF + (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` +- if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi +- rm -f $dummy.c $dummy && rmdir $tmpdir ++ test -z "$HP_ARCH" && HP_ARCH=hppa + fi ;; + esac ++ if [ ${HP_ARCH} = "hppa2.0w" ] ++ then ++ eval $set_cc_for_build ++ ++ # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating ++ # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler ++ # generating 64-bit code. GNU and HP use different nomenclature: ++ # ++ # $ CC_FOR_BUILD=cc ./config.guess ++ # => hppa2.0w-hp-hpux11.23 ++ # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess ++ # => hppa64-hp-hpux11.23 ++ ++ if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | ++ grep __LP64__ >/dev/null ++ then ++ HP_ARCH="hppa2.0w" ++ else ++ HP_ARCH="hppa64" ++ fi ++ fi + echo ${HP_ARCH}-hp-hpux${HPUX_REV} +- exit 0 ;; ++ exit ;; + ia64:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + echo ia64-hp-hpux${HPUX_REV} +- exit 0 ;; ++ exit ;; + 3050*:HI-UX:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c +@@ -639,149 +675,166 @@ + exit (0); + } + EOF +- $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0 +- rm -f $dummy.c $dummy && rmdir $tmpdir ++ $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && ++ { echo "$SYSTEM_NAME"; exit; } + echo unknown-hitachi-hiuxwe2 +- exit 0 ;; ++ exit ;; + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) + echo hppa1.1-hp-bsd +- exit 0 ;; ++ exit ;; + 9000/8??:4.3bsd:*:*) + echo hppa1.0-hp-bsd +- exit 0 ;; ++ exit ;; + *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) + echo hppa1.0-hp-mpeix +- exit 0 ;; ++ exit ;; + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) + echo hppa1.1-hp-osf +- exit 0 ;; ++ exit ;; + hp8??:OSF1:*:*) + echo hppa1.0-hp-osf +- exit 0 ;; ++ exit ;; + i*86:OSF1:*:*) + if [ -x /usr/sbin/sysversion ] ; then + echo ${UNAME_MACHINE}-unknown-osf1mk + else + echo ${UNAME_MACHINE}-unknown-osf1 + fi +- exit 0 ;; ++ exit ;; + parisc*:Lites*:*:*) + echo hppa1.1-hp-lites +- exit 0 ;; ++ exit ;; + C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) + echo c1-convex-bsd +- exit 0 ;; ++ exit ;; + C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi +- exit 0 ;; ++ exit ;; + C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) + echo c34-convex-bsd +- exit 0 ;; ++ exit ;; + C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) + echo c38-convex-bsd +- exit 0 ;; ++ exit ;; + C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) + echo c4-convex-bsd +- exit 0 ;; ++ exit ;; + CRAY*Y-MP:*:*:*) + echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' +- exit 0 ;; ++ exit ;; + CRAY*[A-Z]90:*:*:*) + echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ + | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ + -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ + -e 's/\.[^.]*$/.X/' +- exit 0 ;; ++ exit ;; + CRAY*TS:*:*:*) + echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' +- exit 0 ;; +- CRAY*T3D:*:*:*) +- echo alpha-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' +- exit 0 ;; ++ exit ;; + CRAY*T3E:*:*:*) + echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' +- exit 0 ;; ++ exit ;; + CRAY*SV1:*:*:*) + echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' +- exit 0 ;; ++ exit ;; ++ *:UNICOS/mp:*:*) ++ echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' ++ exit ;; + F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) + FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` + echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" +- exit 0 ;; ++ exit ;; ++ 5000:UNIX_System_V:4.*:*) ++ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` ++ FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` ++ echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" ++ exit ;; + i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) + echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; + sparc*:BSD/OS:*:*) + echo sparc-unknown-bsdi${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; + *:BSD/OS:*:*) + echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; + *:FreeBSD:*:*) +- # Determine whether the default compiler uses glibc. +- eval $set_cc_for_build +- sed 's/^ //' << EOF >$dummy.c +- #include <features.h> +- #if __GLIBC__ >= 2 +- LIBC=gnu +- #else +- LIBC= +- #endif +-EOF +- eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` +- rm -f $dummy.c && rmdir $tmpdir +- echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC} +- exit 0 ;; ++ echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ++ exit ;; + i*:CYGWIN*:*) + echo ${UNAME_MACHINE}-pc-cygwin +- exit 0 ;; ++ exit ;; + i*:MINGW*:*) + echo ${UNAME_MACHINE}-pc-mingw32 +- exit 0 ;; ++ exit ;; ++ i*:windows32*:*) ++ # uname -m includes "-pc" on this system. ++ echo ${UNAME_MACHINE}-mingw32 ++ exit ;; + i*:PW*:*) + echo ${UNAME_MACHINE}-pc-pw32 +- exit 0 ;; +- x86:Interix*:3*) +- echo i586-pc-interix3 +- exit 0 ;; ++ exit ;; ++ x86:Interix*:[34]*) ++ echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//' ++ exit ;; + [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) + echo i${UNAME_MACHINE}-pc-mks +- exit 0 ;; ++ exit ;; + i*:Windows_NT*:* | Pentium*:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we + # UNAME_MACHINE based on the output of uname instead of i386? + echo i586-pc-interix +- exit 0 ;; ++ exit ;; + i*:UWIN*:*) + echo ${UNAME_MACHINE}-pc-uwin +- exit 0 ;; ++ exit ;; ++ amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) ++ echo x86_64-unknown-cygwin ++ exit ;; + p*:CYGWIN*:*) + echo powerpcle-unknown-cygwin +- exit 0 ;; ++ exit ;; + prep*:SunOS:5.*:*) + echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` +- exit 0 ;; ++ exit ;; + *:GNU:*:*) ++ # the GNU system + echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` +- exit 0 ;; ++ exit ;; ++ *:GNU/*:*:*) ++ # other systems with GNU libc and userland ++ echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu ++ exit ;; + i*86:Minix:*:*) + echo ${UNAME_MACHINE}-pc-minix +- exit 0 ;; ++ exit ;; + arm*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu +- exit 0 ;; ++ exit ;; ++ cris:Linux:*:*) ++ echo cris-axis-linux-gnu ++ exit ;; ++ crisv32:Linux:*:*) ++ echo crisv32-axis-linux-gnu ++ exit ;; ++ frv:Linux:*:*) ++ echo frv-unknown-linux-gnu ++ exit ;; + ia64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu +- exit 0 ;; ++ exit ;; ++ m32r*:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; + m68*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu +- exit 0 ;; ++ exit ;; + mips:Linux:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c +@@ -799,8 +852,7 @@ + #endif + EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` +- rm -f $dummy.c && rmdir $tmpdir +- test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 ++ test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } + ;; + mips64:Linux:*:*) + eval $set_cc_for_build +@@ -819,15 +871,17 @@ + #endif + EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` +- rm -f $dummy.c && rmdir $tmpdir +- test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 ++ test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } + ;; ++ or32:Linux:*:*) ++ echo or32-unknown-linux-gnu ++ exit ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-gnu +- exit 0 ;; ++ exit ;; + ppc64:Linux:*:*) + echo powerpc64-unknown-linux-gnu +- exit 0 ;; ++ exit ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; +@@ -841,7 +895,7 @@ + objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null + if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi + echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} +- exit 0 ;; ++ exit ;; + parisc:Linux:*:* | hppa:Linux:*:*) + # Look for CPU level + case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in +@@ -849,22 +903,25 @@ + PA8*) echo hppa2.0-unknown-linux-gnu ;; + *) echo hppa-unknown-linux-gnu ;; + esac +- exit 0 ;; ++ exit ;; + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-gnu +- exit 0 ;; ++ exit ;; + s390:Linux:*:* | s390x:Linux:*:*) + echo ${UNAME_MACHINE}-ibm-linux +- exit 0 ;; ++ exit ;; ++ sh64*:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; + sh*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu +- exit 0 ;; ++ exit ;; + sparc:Linux:*:* | sparc64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu +- exit 0 ;; ++ exit ;; + x86_64:Linux:*:*) + echo x86_64-unknown-linux-gnu +- exit 0 ;; ++ exit ;; + i*86:Linux:*:*) + # The BFD linker knows what the default object file format is, so + # first see if it will tell us. cd to the root directory to prevent +@@ -882,15 +939,15 @@ + ;; + a.out-i386-linux) + echo "${UNAME_MACHINE}-pc-linux-gnuaout" +- exit 0 ;; ++ exit ;; + coff-i386) + echo "${UNAME_MACHINE}-pc-linux-gnucoff" +- exit 0 ;; ++ exit ;; + "") + # Either a pre-BFD a.out linker (linux-gnuoldld) or + # one that does not give us useful --help. + echo "${UNAME_MACHINE}-pc-linux-gnuoldld" +- exit 0 ;; ++ exit ;; + esac + # Determine whether the default compiler is a.out or elf + eval $set_cc_for_build +@@ -913,18 +970,23 @@ + LIBC=gnuaout + #endif + #endif ++ #ifdef __dietlibc__ ++ LIBC=dietlibc ++ #endif + EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` +- rm -f $dummy.c && rmdir $tmpdir +- test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0 +- test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0 ++ test x"${LIBC}" != x && { ++ echo "${UNAME_MACHINE}-pc-linux-${LIBC}" ++ exit ++ } ++ test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; } + ;; + i*86:DYNIX/ptx:4*:*) + # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. + # earlier versions are messed up and put the nodename in both + # sysname and nodename. + echo i386-sequent-sysv4 +- exit 0 ;; ++ exit ;; + i*86:UNIX_SV:4.2MP:2.*) + # Unixware is an offshoot of SVR4, but it has its own version + # number series starting with 2... +@@ -932,24 +994,27 @@ + # I just have to hope. -- rms. + # Use sysv4.2uw... so that sysv4* matches it. + echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} +- exit 0 ;; ++ exit ;; + i*86:OS/2:*:*) + # If we were able to find `uname', then EMX Unix compatibility + # is probably installed. + echo ${UNAME_MACHINE}-pc-os2-emx +- exit 0 ;; ++ exit ;; + i*86:XTS-300:*:STOP) + echo ${UNAME_MACHINE}-unknown-stop +- exit 0 ;; ++ exit ;; + i*86:atheos:*:*) + echo ${UNAME_MACHINE}-unknown-atheos +- exit 0 ;; ++ exit ;; ++ i*86:syllable:*:*) ++ echo ${UNAME_MACHINE}-pc-syllable ++ exit ;; + i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) + echo i386-unknown-lynxos${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; + i*86:*DOS:*:*) + echo ${UNAME_MACHINE}-pc-msdosdjgpp +- exit 0 ;; ++ exit ;; + i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) + UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` + if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then +@@ -957,15 +1022,16 @@ + else + echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} + fi +- exit 0 ;; +- i*86:*:5:[78]*) ++ exit ;; ++ i*86:*:5:[678]*) ++ # UnixWare 7.x, OpenUNIX and OpenServer 6. + case `/bin/uname -X | grep "^Machine"` in + *486*) UNAME_MACHINE=i486 ;; + *Pentium) UNAME_MACHINE=i586 ;; + *Pent*|*Celeron) UNAME_MACHINE=i686 ;; + esac + echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} +- exit 0 ;; ++ exit ;; + i*86:*:3.2:*) + if test -f /usr/options/cb.name; then + UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name` +@@ -983,73 +1049,73 @@ + else + echo ${UNAME_MACHINE}-pc-sysv32 + fi +- exit 0 ;; ++ exit ;; + pc:*:*:*) + # Left here for compatibility: + # uname -m prints for DJGPP always 'pc', but it prints nothing about + # the processor, so we play safe by assuming i386. + echo i386-pc-msdosdjgpp +- exit 0 ;; ++ exit ;; + Intel:Mach:3*:*) + echo i386-pc-mach3 +- exit 0 ;; ++ exit ;; + paragon:*:*:*) + echo i860-intel-osf1 +- exit 0 ;; ++ exit ;; + i860:*:4.*:*) # i860-SVR4 + if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then + echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 + else # Add other i860-SVR4 vendors below as they are discovered. + echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 + fi +- exit 0 ;; ++ exit ;; + mini*:CTIX:SYS*5:*) + # "miniframe" + echo m68010-convergent-sysv +- exit 0 ;; ++ exit ;; + mc68k:UNIX:SYSTEM5:3.51m) + echo m68k-convergent-sysv +- exit 0 ;; ++ exit ;; + M680?0:D-NIX:5.3:*) + echo m68k-diab-dnix +- exit 0 ;; +- M68*:*:R3V[567]*:*) +- test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; +- 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0) ++ exit ;; ++ M68*:*:R3V[5678]*:*) ++ test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; ++ 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) + OS_REL='' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ +- && echo i486-ncr-sysv4.3${OS_REL} && exit 0 ++ && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ +- && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; ++ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; + 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ +- && echo i486-ncr-sysv4 && exit 0 ;; ++ && { echo i486-ncr-sysv4; exit; } ;; + m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) + echo m68k-unknown-lynxos${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; + mc68030:UNIX_System_V:4.*:*) + echo m68k-atari-sysv4 +- exit 0 ;; ++ exit ;; + TSUNAMI:LynxOS:2.*:*) + echo sparc-unknown-lynxos${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; + rs6000:LynxOS:2.*:*) + echo rs6000-unknown-lynxos${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; + PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) + echo powerpc-unknown-lynxos${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; + SM[BE]S:UNIX_SV:*:*) + echo mips-dde-sysv${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; + RM*:ReliantUNIX-*:*:*) + echo mips-sni-sysv4 +- exit 0 ;; ++ exit ;; + RM*:SINIX-*:*:*) + echo mips-sni-sysv4 +- exit 0 ;; ++ exit ;; + *:SINIX-*:*:*) + if uname -p 2>/dev/null >/dev/null ; then + UNAME_MACHINE=`(uname -p) 2>/dev/null` +@@ -1057,64 +1123,73 @@ + else + echo ns32k-sni-sysv + fi +- exit 0 ;; ++ exit ;; + PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says <Richard.M.Bartel@ccMail.Census.GOV> + echo i586-unisys-sysv4 +- exit 0 ;; ++ exit ;; + *:UNIX_System_V:4*:FTX*) + # From Gerald Hewes <hewes@openmarket.com>. + # How about differentiating between stratus architectures? -djm + echo hppa1.1-stratus-sysv4 +- exit 0 ;; ++ exit ;; + *:*:*:FTX*) + # From seanf@swdc.stratus.com. + echo i860-stratus-sysv4 +- exit 0 ;; ++ exit ;; ++ i*86:VOS:*:*) ++ # From Paul.Green@stratus.com. ++ echo ${UNAME_MACHINE}-stratus-vos ++ exit ;; + *:VOS:*:*) + # From Paul.Green@stratus.com. + echo hppa1.1-stratus-vos +- exit 0 ;; ++ exit ;; + mc68*:A/UX:*:*) + echo m68k-apple-aux${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; + news*:NEWS-OS:6*:*) + echo mips-sony-newsos6 +- exit 0 ;; ++ exit ;; + R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) + if [ -d /usr/nec ]; then + echo mips-nec-sysv${UNAME_RELEASE} + else + echo mips-unknown-sysv${UNAME_RELEASE} + fi +- exit 0 ;; ++ exit ;; + BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. + echo powerpc-be-beos +- exit 0 ;; ++ exit ;; + BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. + echo powerpc-apple-beos +- exit 0 ;; ++ exit ;; + BePC:BeOS:*:*) # BeOS running on Intel PC compatible. + echo i586-pc-beos +- exit 0 ;; ++ exit ;; + SX-4:SUPER-UX:*:*) + echo sx4-nec-superux${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; + SX-5:SUPER-UX:*:*) + echo sx5-nec-superux${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; + SX-6:SUPER-UX:*:*) + echo sx6-nec-superux${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; + Power*:Rhapsody:*:*) + echo powerpc-apple-rhapsody${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; + *:Rhapsody:*:*) + echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; + *:Darwin:*:*) +- echo `uname -p`-apple-darwin${UNAME_RELEASE} +- exit 0 ;; ++ UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown ++ case $UNAME_PROCESSOR in ++ *86) UNAME_PROCESSOR=i686 ;; ++ unknown) UNAME_PROCESSOR=powerpc ;; ++ esac ++ echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} ++ exit ;; + *:procnto*:*:* | *:QNX:[0123456789]*:*) + UNAME_PROCESSOR=`uname -p` + if test "$UNAME_PROCESSOR" = "x86"; then +@@ -1122,22 +1197,25 @@ + UNAME_MACHINE=pc + fi + echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; + *:QNX:*:4*) + echo i386-pc-qnx +- exit 0 ;; +- NSR-[DGKLNPTVW]:NONSTOP_KERNEL:*:*) ++ exit ;; ++ NSE-?:NONSTOP_KERNEL:*:*) ++ echo nse-tandem-nsk${UNAME_RELEASE} ++ exit ;; ++ NSR-?:NONSTOP_KERNEL:*:*) + echo nsr-tandem-nsk${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; + *:NonStop-UX:*:*) + echo mips-compaq-nonstopux +- exit 0 ;; ++ exit ;; + BS2000:POSIX*:*:*) + echo bs2000-siemens-sysv +- exit 0 ;; ++ exit ;; + DS/*:UNIX_System_V:*:*) + echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} +- exit 0 ;; ++ exit ;; + *:Plan9:*:*) + # "uname -m" is not consistent, so use $cputype instead. 386 + # is converted to i386 for consistency with other x86 +@@ -1148,25 +1226,44 @@ + UNAME_MACHINE="$cputype" + fi + echo ${UNAME_MACHINE}-unknown-plan9 +- exit 0 ;; ++ exit ;; + *:TOPS-10:*:*) + echo pdp10-unknown-tops10 +- exit 0 ;; ++ exit ;; + *:TENEX:*:*) + echo pdp10-unknown-tenex +- exit 0 ;; ++ exit ;; + KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) + echo pdp10-dec-tops20 +- exit 0 ;; ++ exit ;; + XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) + echo pdp10-xkl-tops20 +- exit 0 ;; ++ exit ;; + *:TOPS-20:*:*) + echo pdp10-unknown-tops20 +- exit 0 ;; ++ exit ;; + *:ITS:*:*) + echo pdp10-unknown-its +- exit 0 ;; ++ exit ;; ++ SEI:*:*:SEIUX) ++ echo mips-sei-seiux${UNAME_RELEASE} ++ exit ;; ++ *:DragonFly:*:*) ++ echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ++ exit ;; ++ *:*VMS:*:*) ++ UNAME_MACHINE=`(uname -p) 2>/dev/null` ++ case "${UNAME_MACHINE}" in ++ A*) echo alpha-dec-vms ; exit ;; ++ I*) echo ia64-dec-vms ; exit ;; ++ V*) echo vax-dec-vms ; exit ;; ++ esac ;; ++ *:XENIX:*:SysV) ++ echo i386-pc-xenix ++ exit ;; ++ i*86:skyos:*:*) ++ echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' ++ exit ;; + esac + + #echo '(No uname command or uname output not recognized.)' 1>&2 +@@ -1198,7 +1295,7 @@ + #endif + + #if defined (__arm) && defined (__acorn) && defined (__unix) +- printf ("arm-acorn-riscix"); exit (0); ++ printf ("arm-acorn-riscix\n"); exit (0); + #endif + + #if defined (hp300) && !defined (hpux) +@@ -1287,12 +1384,12 @@ + } + EOF + +-$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0 +-rm -f $dummy.c $dummy && rmdir $tmpdir ++$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && ++ { echo "$SYSTEM_NAME"; exit; } + + # Apollos put the system type in the environment. + +-test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; } ++test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } + + # Convex versions that predate uname can use getsysinfo(1) + +@@ -1301,22 +1398,22 @@ + case `getsysinfo -f cpu_type` in + c1*) + echo c1-convex-bsd +- exit 0 ;; ++ exit ;; + c2*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi +- exit 0 ;; ++ exit ;; + c34*) + echo c34-convex-bsd +- exit 0 ;; ++ exit ;; + c38*) + echo c38-convex-bsd +- exit 0 ;; ++ exit ;; + c4*) + echo c4-convex-bsd +- exit 0 ;; ++ exit ;; + esac + fi + +@@ -1327,7 +1424,9 @@ + the operating system you are using. It is advised that you + download the most up to date version of the config scripts from + +- ftp://ftp.gnu.org/pub/gnu/config/ ++ http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess ++and ++ http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub + + If the version you run ($0) is already up to date, please + send the following data and any information you think might be +--- sudo-1.6.8p12.orig/config.sub ++++ sudo-1.6.8p12/config.sub +@@ -1,11 +1,9 @@ + #! /bin/sh + # Configuration validation subroutine script. + # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, +-# 2000, 2001, 2002 Free Software Foundation, Inc. +-# +-# $Sudo: config.sub,v 1.11 2003/01/20 21:07:51 millert Exp $ ++# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. + +-timestamp='2002-11-30' ++timestamp='2005-07-08' + + # This file is (in principle) common to ALL GNU software. + # The presence of a machine in this file suggests that SOME GNU software +@@ -23,14 +21,15 @@ + # + # You should have received a copy of the GNU General Public License + # along with this program; if not, write to the Free Software +-# Foundation, Inc., 59 Temple Place - Suite 330, +-# Boston, MA 02111-1307, USA. +- ++# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA ++# 02110-1301, USA. ++# + # As a special exception to the GNU General Public License, if you + # distribute this file as part of a program that contains a + # configuration script generated by Autoconf, you may include it under + # the same distribution terms that you use for the rest of that program. + ++ + # Please send patches to <config-patches@gnu.org>. Submit a context + # diff and a properly formatted ChangeLog entry. + # +@@ -72,7 +71,7 @@ + version="\ + GNU config.sub ($timestamp) + +-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 ++Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 + Free Software Foundation, Inc. + + This is free software; see the source for copying conditions. There is NO +@@ -85,11 +84,11 @@ + while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) +- echo "$timestamp" ; exit 0 ;; ++ echo "$timestamp" ; exit ;; + --version | -v ) +- echo "$version" ; exit 0 ;; ++ echo "$version" ; exit ;; + --help | --h* | -h ) +- echo "$usage"; exit 0 ;; ++ echo "$usage"; exit ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. +@@ -101,7 +100,7 @@ + *local*) + # First pass through any local machine types. + echo $1 +- exit 0;; ++ exit ;; + + * ) + break ;; +@@ -120,7 +119,8 @@ + # Here we must recognize all the valid KERNEL-OS combinations. + maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` + case $maybe_os in +- nto-qnx* | linux-gnu* | freebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*) ++ nto-qnx* | linux-gnu* | linux-dietlibc | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | \ ++ kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*) + os=-$maybe_os + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + ;; +@@ -146,7 +146,7 @@ + -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ + -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ + -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ +- -apple | -axis | -sr2201*) ++ -apple | -axis | -knuth | -cray) + os= + basic_machine=$1 + ;; +@@ -230,14 +230,16 @@ + | a29k \ + | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ + | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ ++ | am33_2.0 \ + | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \ +- | clipper \ ++ | bfin \ ++ | c4x | clipper \ + | d10v | d30v | dlx | dsp16xx \ + | fr30 | frv \ + | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ + | i370 | i860 | i960 | ia64 \ +- | ip2k \ +- | m32r | m68000 | m68k | m88k | mcore \ ++ | ip2k | iq2000 \ ++ | m32r | m32rle | m68000 | m68k | m88k | maxq | mcore \ + | mips | mipsbe | mipseb | mipsel | mipsle \ + | mips16 \ + | mips64 | mips64el \ +@@ -246,28 +248,37 @@ + | mips64vr4100 | mips64vr4100el \ + | mips64vr4300 | mips64vr4300el \ + | mips64vr5000 | mips64vr5000el \ ++ | mips64vr5900 | mips64vr5900el \ + | mipsisa32 | mipsisa32el \ ++ | mipsisa32r2 | mipsisa32r2el \ + | mipsisa64 | mipsisa64el \ ++ | mipsisa64r2 | mipsisa64r2el \ + | mipsisa64sb1 | mipsisa64sb1el \ + | mipsisa64sr71k | mipsisa64sr71kel \ + | mipstx39 | mipstx39el \ + | mn10200 | mn10300 \ ++ | ms1 \ ++ | msp430 \ + | ns16k | ns32k \ +- | openrisc | or32 \ ++ | or32 \ + | pdp10 | pdp11 | pj | pjl \ + | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ + | pyramid \ +- | sh | sh[1234] | sh3e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \ ++ | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \ + | sh64 | sh64le \ +- | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \ ++ | sparc | sparc64 | sparc64b | sparc86x | sparclet | sparclite \ ++ | sparcv8 | sparcv9 | sparcv9b \ + | strongarm \ +- | tahoe | thumb | tic80 | tron \ ++ | tahoe | thumb | tic4x | tic80 | tron \ + | v850 | v850e \ + | we32k \ +- | x86 | xscale | xstormy16 | xtensa \ ++ | x86 | xscale | xscalee[bl] | xstormy16 | xtensa \ + | z8k) + basic_machine=$basic_machine-unknown + ;; ++ m32c) ++ basic_machine=$basic_machine-unknown ++ ;; + m6811 | m68hc11 | m6812 | m68hc12) + # Motorola 68HC11/12. + basic_machine=$basic_machine-unknown +@@ -295,19 +306,19 @@ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ + | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ + | avr-* \ +- | bs2000-* \ +- | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* \ +- | clipper-* | cydra-* \ ++ | bfin-* | bs2000-* \ ++ | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ ++ | clipper-* | craynv-* | cydra-* \ + | d10v-* | d30v-* | dlx-* \ + | elxsi-* \ + | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ + | h8300-* | h8500-* \ + | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ + | i*86-* | i860-* | i960-* | ia64-* \ +- | ip2k-* \ +- | m32r-* \ ++ | ip2k-* | iq2000-* \ ++ | m32r-* | m32rle-* \ + | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ +- | m88110-* | m88k-* | mcore-* \ ++ | m88110-* | m88k-* | maxq-* | mcore-* \ + | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ + | mips16-* \ + | mips64-* | mips64el-* \ +@@ -316,29 +327,40 @@ + | mips64vr4100-* | mips64vr4100el-* \ + | mips64vr4300-* | mips64vr4300el-* \ + | mips64vr5000-* | mips64vr5000el-* \ ++ | mips64vr5900-* | mips64vr5900el-* \ + | mipsisa32-* | mipsisa32el-* \ ++ | mipsisa32r2-* | mipsisa32r2el-* \ + | mipsisa64-* | mipsisa64el-* \ ++ | mipsisa64r2-* | mipsisa64r2el-* \ + | mipsisa64sb1-* | mipsisa64sb1el-* \ + | mipsisa64sr71k-* | mipsisa64sr71kel-* \ +- | mipstx39 | mipstx39el \ ++ | mipstx39-* | mipstx39el-* \ ++ | mmix-* \ ++ | ms1-* \ ++ | msp430-* \ + | none-* | np1-* | ns16k-* | ns32k-* \ + | orion-* \ + | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ + | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ + | pyramid-* \ + | romp-* | rs6000-* \ +- | sh-* | sh[1234]-* | sh3e-* | sh[34]eb-* | shbe-* \ ++ | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | shbe-* \ + | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ +- | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \ +- | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ +- | tahoe-* | thumb-* | tic30-* | tic4x-* | tic54x-* | tic80-* | tron-* \ ++ | sparc-* | sparc64-* | sparc64b-* | sparc86x-* | sparclet-* \ ++ | sparclite-* \ ++ | sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ ++ | tahoe-* | thumb-* \ ++ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ ++ | tron-* \ + | v850-* | v850e-* | vax-* \ + | we32k-* \ +- | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \ +- | xtensa-* \ ++ | x86-* | x86_64-* | xps100-* | xscale-* | xscalee[bl]-* \ ++ | xstormy16-* | xtensa-* \ + | ymp-* \ + | z8k-*) + ;; ++ m32c-*) ++ ;; + # Recognize the various machine names and aliases which stand + # for a CPU type and a company and sometimes even an OS. + 386bsd) +@@ -355,6 +377,9 @@ + basic_machine=a29k-amd + os=-udi + ;; ++ abacus) ++ basic_machine=abacus-unknown ++ ;; + adobe68k) + basic_machine=m68010-adobe + os=-scout +@@ -434,12 +459,27 @@ + basic_machine=j90-cray + os=-unicos + ;; ++ craynv) ++ basic_machine=craynv-cray ++ os=-unicosmp ++ ;; ++ cr16c) ++ basic_machine=cr16c-unknown ++ os=-elf ++ ;; + crds | unos) + basic_machine=m68k-crds + ;; ++ crisv32 | crisv32-* | etraxfs*) ++ basic_machine=crisv32-axis ++ ;; + cris | cris-* | etrax*) + basic_machine=cris-axis + ;; ++ crx) ++ basic_machine=crx-unknown ++ os=-elf ++ ;; + da30 | da30-*) + basic_machine=m68k-da30 + ;; +@@ -462,6 +502,10 @@ + basic_machine=m88k-motorola + os=-sysv3 + ;; ++ djgpp) ++ basic_machine=i586-pc ++ os=-msdosdjgpp ++ ;; + dpx20 | dpx20-*) + basic_machine=rs6000-bull + os=-bosx +@@ -515,10 +559,6 @@ + basic_machine=h8500-hitachi + os=-hms + ;; +- sr2201*) +- basic_machine=harp1e-hitachi +- os=-hiuxmpp +- ;; + harris) + basic_machine=m88k-harris + os=-sysv3 +@@ -644,10 +684,6 @@ + mips3*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown + ;; +- mmix*) +- basic_machine=mmix-knuth +- os=-mmixware +- ;; + monitor) + basic_machine=m68k-rom68k + os=-coff +@@ -735,9 +771,12 @@ + basic_machine=hppa1.1-oki + os=-proelf + ;; +- or32 | or32-*) ++ openrisc | openrisc-*) + basic_machine=or32-unknown +- os=-coff ++ ;; ++ os400) ++ basic_machine=powerpc-ibm ++ os=-os400 + ;; + OSE68000 | ose68000) + basic_machine=m68000-ericsson +@@ -770,18 +809,24 @@ + pentiumpro | p6 | 6x86 | athlon | athlon_*) + basic_machine=i686-pc + ;; +- pentiumii | pentium2) ++ pentiumii | pentium2 | pentiumiii | pentium3) + basic_machine=i686-pc + ;; ++ pentium4) ++ basic_machine=i786-pc ++ ;; + pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) + basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumpro-* | p6-* | 6x86-* | athlon-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; +- pentiumii-* | pentium2-*) ++ pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; ++ pentium4-*) ++ basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` ++ ;; + pn) + basic_machine=pn-gould + ;; +@@ -840,6 +885,10 @@ + sb1el) + basic_machine=mipsisa64sb1el-unknown + ;; ++ sei) ++ basic_machine=mips-sei ++ os=-seiux ++ ;; + sequent) + basic_machine=i386-sequent + ;; +@@ -847,6 +896,9 @@ + basic_machine=sh-hitachi + os=-hms + ;; ++ sh64) ++ basic_machine=sh64-unknown ++ ;; + sparclite-wrs | simso-wrs) + basic_machine=sparclite-wrs + os=-vxworks +@@ -913,10 +965,6 @@ + basic_machine=i386-sequent + os=-dynix + ;; +- t3d) +- basic_machine=alpha-cray +- os=-unicos +- ;; + t3e) + basic_machine=alphaev5-cray + os=-unicos +@@ -925,14 +973,18 @@ + basic_machine=t90-cray + os=-unicos + ;; +- tic4x | c4x*) +- basic_machine=tic4x-unknown +- os=-coff +- ;; + tic54x | c54x*) + basic_machine=tic54x-unknown + os=-coff + ;; ++ tic55x | c55x*) ++ basic_machine=tic55x-unknown ++ os=-coff ++ ;; ++ tic6x | c6x*) ++ basic_machine=tic6x-unknown ++ os=-coff ++ ;; + tx39) + basic_machine=mipstx39-unknown + ;; +@@ -946,6 +998,10 @@ + tower | tower-32) + basic_machine=m68k-ncr + ;; ++ tpf) ++ basic_machine=s390x-ibm ++ os=-tpf ++ ;; + udi29k) + basic_machine=a29k-amd + os=-udi +@@ -989,6 +1045,10 @@ + basic_machine=hppa1.1-winbond + os=-proelf + ;; ++ xbox) ++ basic_machine=i686-pc ++ os=-mingw32 ++ ;; + xps | xps100) + basic_machine=xps100-honeywell + ;; +@@ -1019,6 +1079,9 @@ + romp) + basic_machine=romp-ibm + ;; ++ mmix) ++ basic_machine=mmix-knuth ++ ;; + rs6000) + basic_machine=rs6000-ibm + ;; +@@ -1035,13 +1098,10 @@ + we32k) + basic_machine=we32k-att + ;; +- sh3 | sh4 | sh3eb | sh4eb | sh[1234]le | sh3ele) ++ sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele) + basic_machine=sh-unknown + ;; +- sh64) +- basic_machine=sh64-unknown +- ;; +- sparc | sparcv9 | sparcv9b) ++ sparc | sparcv8 | sparcv9 | sparcv9b) + basic_machine=sparc-sun + ;; + cydra) +@@ -1114,19 +1174,21 @@ + | -aos* \ + | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ + | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ +- | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \ +- | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ ++ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* | -openbsd* \ ++ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ ++ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ + | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ + | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ + | -chorusos* | -chorusrdb* \ + | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ +- | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \ ++ | -mingw32* | -linux-gnu* | -linux-uclibc* | -uxpv* | -beos* | -mpeix* | -udk* \ + | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ + | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ + | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ + | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ + | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ +- | -powermax* | -dnix*) ++ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ ++ | -skyos* | -haiku*) + # Remember, each alternative MUST END IN *, to match a version number. + ;; + -qnx*) +@@ -1144,12 +1206,15 @@ + os=`echo $os | sed -e 's|nto|nto-qnx|'` + ;; + -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ +- | -windows* | -osx | -abug | -netware* | -os9* | -beos* \ ++ | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ + | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) + ;; + -mac*) + os=`echo $os | sed -e 's|mac|macos|'` + ;; ++ -linux-dietlibc) ++ os=-linux-dietlibc ++ ;; + -linux*) + os=`echo $os | sed -e 's|linux|linux-gnu|'` + ;; +@@ -1162,6 +1227,9 @@ + -opened*) + os=-openedition + ;; ++ -os400*) ++ os=-os400 ++ ;; + -wince*) + os=-wince + ;; +@@ -1183,6 +1251,9 @@ + -atheos*) + os=-atheos + ;; ++ -syllable*) ++ os=-syllable ++ ;; + -386bsd) + os=-bsd + ;; +@@ -1205,6 +1276,9 @@ + -sinix*) + os=-sysv4 + ;; ++ -tpf*) ++ os=-tpf ++ ;; + -triton*) + os=-sysv3 + ;; +@@ -1235,6 +1309,15 @@ + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + os=-mint + ;; ++ -aros*) ++ os=-aros ++ ;; ++ -kaos*) ++ os=-kaos ++ ;; ++ -zvmoe) ++ os=-zvmoe ++ ;; + -none) + ;; + *) +@@ -1266,6 +1349,9 @@ + arm*-semi) + os=-aout + ;; ++ c4x-* | tic4x-*) ++ os=-coff ++ ;; + # This must come before the *-dec entry. + pdp10-*) + os=-tops20 +@@ -1309,9 +1395,15 @@ + *-be) + os=-beos + ;; ++ *-haiku) ++ os=-haiku ++ ;; + *-ibm) + os=-aix + ;; ++ *-knuth) ++ os=-mmixware ++ ;; + *-wec) + os=-proelf + ;; +@@ -1444,9 +1536,15 @@ + -mvs* | -opened*) + vendor=ibm + ;; ++ -os400*) ++ vendor=ibm ++ ;; + -ptx*) + vendor=sequent + ;; ++ -tpf*) ++ vendor=ibm ++ ;; + -vxsim* | -vxworks* | -windiss*) + vendor=wrs + ;; +@@ -1471,7 +1569,7 @@ + esac + + echo $basic_machine$os +-exit 0 ++exit + + # Local variables: + # eval: (add-hook 'write-file-hooks 'time-stamp) +--- sudo-1.6.8p12.orig/sudoers ++++ sudo-1.6.8p12/sudoers +@@ -1,10 +1,17 @@ + # sudoers file. + # + # This file MUST be edited with the 'visudo' command as root. ++# 'visudo' edits the suoders file in a safe fashion. visudo ++# locks the sudoers file against multiple simultaneous edits, ++# provides basic sanity checks, and checks for syntax errors. If ++# the sudoers file is currently being edited you will receive a ++# message to try again later. + # + # See the sudoers man page for the details on how to write a sudoers file. + # + ++# Defaults syslog=auth, secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin" ++ + # Host alias specification + + # User alias specification +--- sudo-1.6.8p12.orig/debian/dirs ++++ sudo-1.6.8p12/debian/dirs +@@ -0,0 +1,7 @@ ++etc/pam.d ++usr/bin ++usr/share/man/man8 ++usr/share/man/man5 ++usr/sbin ++usr/share/doc/sudo/examples ++usr/share/lintian/overrides +--- sudo-1.6.8p12.orig/debian/docs ++++ sudo-1.6.8p12/debian/docs +@@ -0,0 +1,9 @@ ++debian/OPTIONS ++BUGS ++RUNSON ++UPGRADE ++PORTING ++TODO ++HISTORY ++README ++TROUBLESHOOTING +--- sudo-1.6.8p12.orig/debian/sudo-ldap.init.d ++++ sudo-1.6.8p12/debian/sudo-ldap.init.d +@@ -0,0 +1,31 @@ ++#! /bin/sh ++ ++### BEGIN INIT INFO ++# Provides: sudu ++# Required-Start: $local_fs $remote_fs ++# Required-Stop: ++# Default-Start: S 1 2 3 4 5 ++# Default-Stop: 0 6 ++### END INIT INFO ++ ++N=/etc/init.d/sudo ++ ++set -e ++ ++case "$1" in ++ start) ++ # make sure privileges don't persist across reboots ++ if [ -d /var/run/sudo ] ++ then ++ find /var/run/sudo -type f -exec touch -t 198501010000 '{}' \; ++ fi ++ ;; ++ stop|reload|restart|force-reload) ++ ;; ++ *) ++ echo "Usage: $N {start|stop|restart|force-reload}" >&2 ++ exit 1 ++ ;; ++esac ++ ++exit 0 +--- sudo-1.6.8p12.orig/debian/control ++++ sudo-1.6.8p12/debian/control +@@ -0,0 +1,32 @@ ++Source: sudo ++Section: admin ++Priority: optional ++Maintainer: Bdale Garbee <bdale@gag.com> ++Build-Depends: debhelper (>= 5), libpam0g-dev, libldap2-dev ++Standards-Version: 3.6.2.1 ++ ++Package: sudo ++Architecture: any ++Depends: ${shlibs:Depends}, libpam-modules ++Conflicts: sudo-ldap ++Replaces: sudo-ldap ++Description: Provide limited super user privileges to specific users ++ Sudo is a program designed to allow a sysadmin to give limited root ++ privileges to users and log root activity. The basic philosophy is to give ++ as few privileges as possible but still allow people to get their work done. ++ . ++ This version is built with minimal shared library dependencies, use the ++ sudo-ldap package instead if you need LDAP support. ++ ++Package: sudo-ldap ++Architecture: any ++Depends: ${shlibs:Depends}, libpam-modules ++Conflicts: sudo ++Replaces: sudo ++Provides: sudo ++Description: Provide limited super user privileges to specific users ++ Sudo is a program designed to allow a sysadmin to give limited root ++ privileges to users and log root activity. The basic philosophy is to give ++ as few privileges as possible but still allow people to get their work done. ++ . ++ This version is built with LDAP support. +--- sudo-1.6.8p12.orig/debian/sudo-ldap.postrm ++++ sudo-1.6.8p12/debian/sudo-ldap.postrm +@@ -0,0 +1,21 @@ ++#! /bin/sh ++ ++set -e ++ ++case "$1" in ++ purge) ++ rm -f /etc/sudoers ++ ;; ++ ++ remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) ++ ;; ++ ++ *) ++ echo "postrm called with unknown argument \`$1'" >&2 ++ exit 1 ++ ++esac ++ ++#DEBHELPER# ++ ++exit 0 +--- sudo-1.6.8p12.orig/debian/prerm ++++ sudo-1.6.8p12/debian/prerm +@@ -0,0 +1,37 @@ ++#!/bin/sh ++ ++set -e ++ ++check_password() { ++ if [ ! "$SUDO_FORCE_REMOVE" = "yes" ]; then ++ # let's check whether the root account is locked. ++ # if it is, we're not going another step. No Sirreee! ++ passwd=$(getent shadow root|cut -f2 -d:) ++ if [ "$passwd" = "*" -o "$passwd" = "!" ]; then ++ # yup, password is locked ++ echo "You have asked that the sudo package be removed," ++ echo "but no root password has been set." ++ echo "Without sudo, you may not be able to gain administrative privileges." ++ echo ++ echo "If you would prefer to access the root account with su(1)" ++ echo "or by logging in directly," ++ echo "you must set a root password with \"sudo passwd\"." ++ echo ++ echo "If you have arranged other means to access the root account," ++ echo "and you are sure this is what you want," ++ echo "you may bypass this check by setting an environment variable " ++ echo "(export SUDO_FORCE_REMOVE=yes)." ++ echo ++ echo "Refusing to remove sudo." ++ exit 1 ++ fi ++ fi ++} ++ ++case $1 in ++ remove) ++ check_password; ++ ;; ++ *) ++ ;; ++esac +--- sudo-1.6.8p12.orig/debian/rules ++++ sudo-1.6.8p12/debian/rules +@@ -0,0 +1,140 @@ ++#!/usr/bin/make -f ++ ++export DH_VERBOSE=1 ++ ++CFLAGS = -O2 -Wall -Wno-comment ++ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS))) ++CFLAGS += -g ++endif ++export CFLAGS ++ ++build: config-stamp ++config-stamp: ++ dh_testdir ++ ++ # simple version ++ mkdir -p build-simple ++ cd build-simple && ../configure --prefix=/usr -v \ ++ --with-all-insults \ ++ --with-exempt=sudo --with-pam --with-fqdn \ ++ --with-logging=syslog --with-logfac=authpriv \ ++ --with-env-editor --with-editor=/usr/bin/editor \ ++ --with-timeout=15 --with-password-timeout=0 \ ++ --disable-root-mailer --disable-setresuid \ ++ --with-sendmail=/usr/sbin/sendmail \ ++ --without-lecture \ ++ --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin" ++ ++ # LDAP version ++ mkdir -p build-ldap ++ cd build-ldap && ../configure --prefix=/usr -v \ ++ --with-all-insults \ ++ --with-exempt=sudo --with-pam --with-ldap --with-fqdn \ ++ --with-logging=syslog --with-logfac=authpriv \ ++ --with-env-editor --with-editor=/usr/bin/editor \ ++ --with-timeout=15 --with-password-timeout=0 \ ++ --disable-root-mailer --disable-setresuid \ ++ --with-sendmail=/usr/sbin/sendmail \ ++ --with-ldap-conf-file=/etc/ldap/ldap.conf \ ++ --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin" ++ ++ touch config-stamp ++ ++build: build-stamp ++build-stamp: config-stamp ++ dh_testdir ++ ++ -$(MAKE) -C build-simple ++ -$(MAKE) -C build-ldap ++ ++ touch build-stamp ++ ++clean: ++ dh_testdir ++ dh_testroot ++ rm -f config-stamp build-stamp ++ rm -rf build-simple build-ldap ++ rm -f config.cache ++ ++ -test -r /usr/share/misc/config.sub && \ ++ cp -f /usr/share/misc/config.sub config.sub ++ -test -r /usr/share/misc/config.guess && \ ++ cp -f /usr/share/misc/config.guess config.guess ++ ++ dh_clean ++ ++install: build-stamp ++ dh_testdir ++ dh_testroot ++ dh_clean -k ++ dh_installdirs ++ ++ # simple version ++ install -o root -g root -m 4755 -s build-simple/sudo debian/sudo/usr/bin/sudo ++ ln -sf sudo debian/sudo/usr/bin/sudoedit ++ install -o root -g root -m 0755 -s build-simple/visudo \ ++ debian/sudo/usr/sbin/visudo ++ install -o root -g root -m 0644 build-simple/sudo.man \ ++ debian/sudo/usr/share/man/man8/sudo.8 ++ ln -sf sudo.8 debian/sudo/usr/share/man/man8/sudoedit.8 ++ install -o root -g root -m 0644 build-simple/visudo.man \ ++ debian/sudo/usr/share/man/man8/visudo.8 ++ install -o root -g root -m 0644 build-simple/sudoers.man \ ++ debian/sudo/usr/share/man/man5/sudoers.5 ++ install -o root -g root -m 0644 sample.sudoers \ ++ debian/sudo/usr/share/doc/sudo/examples/sudoers ++ install -o root -g root -m 0644 debian/sudo.pam \ ++ debian/sudo/etc/pam.d/sudo ++ ++ install -o root -g root -m 0644 debian/sudo.lintian \ ++ debian/sudo/usr/share/lintian/overrides/sudo ++ ++ install -o root -g root -m 0644 debian/sudo_root.8 \ ++ debian/sudo/usr/share/man/man8/sudo_root.8 ++ ++ # LDAP version ++ install -o root -g root -m 4755 -s build-ldap/sudo debian/sudo-ldap/usr/bin/sudo ++ ln -sf sudo debian/sudo-ldap/usr/bin/sudoedit ++ install -o root -g root -m 0755 -s build-ldap/visudo debian/sudo-ldap/usr/sbin/visudo ++ install -o root -g root -m 0644 build-ldap/sudo.man \ ++ debian/sudo-ldap/usr/share/man/man8/sudo.8 ++ ln -sf sudo.8 debian/sudo-ldap/usr/share/man/man8/sudoedit.8 ++ install -o root -g root -m 0644 build-ldap/visudo.man \ ++ debian/sudo-ldap/usr/share/man/man8/visudo.8 ++ install -o root -g root -m 0644 build-ldap/sudoers.man \ ++ debian/sudo-ldap/usr/share/man/man5/sudoers.5 ++ install -o root -g root -m 0644 sample.sudoers \ ++ debian/sudo-ldap/usr/share/doc/sudo-ldap/examples/sudoers ++ install -o root -g root -m 0644 debian/sudo.pam \ ++ debian/sudo-ldap/etc/pam.d/sudo ++ ++ install -o root -g root -m 0644 debian/sudo-ldap.lintian \ ++ debian/sudo-ldap/usr/share/lintian/overrides/sudo-ldap ++ ++ install -o root -g root -m 0644 debian/sudo_root.8 \ ++ debian/sudo/usr/share/man/man8/sudo_root.8 ++ ++binary-indep: build install ++ ++binary-arch: build install ++ dh_testdir ++ dh_testroot ++ dh_installdocs ++ dh_installexamples -A ++# dh_installinit -psudo -psudo-ldap ++ dh_installmanpages fnmatch.3 ++ dh_installinfo -A ++ dh_installchangelogs CHANGES ++ dh_strip ++ dh_compress ++ dh_fixperms ++ chown root.root debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo ++ chmod 4755 debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo ++ dh_installdeb ++ dh_shlibdeps ++ dh_gencontrol ++ dh_md5sums ++ dh_builddeb ++ ++binary: binary-indep binary-arch ++.PHONY: build clean binary-indep binary-arch binary install +--- sudo-1.6.8p12.orig/debian/changelog ++++ sudo-1.6.8p12/debian/changelog +@@ -0,0 +1,769 @@ ++sudo (1.6.8p12-1ubuntu6) dapper; urgency=low ++ ++ * env.c: Preserve additional environment variables for non-almighty sudoers: ++ HOME, LOGNAME, DISPLAY, XAUTHORITY, XAUTHORIZATION. Closes: LP#44500 ++ ++ -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 17 May 2006 09:29:15 +0200 ++ ++sudo (1.6.8p12-1ubuntu5) dapper; urgency=low ++ ++ * env.c: Unbreak the env_keep option. Closes: LP#31690 ++ * sudoers: Add some explanatory text why it is a REALLY good idea to use ++ visudo. Closes: LP#11620 ++ ++ -- Martin Pitt <martin.pitt@ubuntu.com> Tue, 28 Mar 2006 18:52:24 +0200 ++ ++sudo (1.6.8p12-1ubuntu4) dapper; urgency=low ++ ++ * Remove the init script, it only cleans up /var/run which is a tmpfs. ++ ++ -- Scott James Remnant <scott@ubuntu.com> Wed, 22 Feb 2006 16:28:42 +0000 ++ ++sudo (1.6.8p12-1ubuntu3) dapper; urgency=low ++ ++ * Add debian/sudo_root.8: Introduction about root handling in ubuntu with ++ sudo. ++ * debian/rules: Install that new manpage into sudo and sudo-ldap. ++ ++ -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 8 Feb 2006 17:01:50 +0100 ++ ++sudo (1.6.8p12-1ubuntu2) dapper; urgency=low ++ ++ * sudo.c: If the user successfully authenticated and he is in the 'admin' ++ group, then create a stamp ~/.sudo_as_admin_successful. A future ++ /etc/profile will evaluate this flag to display a short help about how to ++ execute things as root. ++ ++ -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 18 Jan 2006 09:32:02 +0100 ++ ++sudo (1.6.8p12-1ubuntu1) dapper; urgency=low ++ ++ * Resynchronise with Debian, clean up cruft from Ubuntu diff. ++ * debian/postinst: Do not set env_reset flag in newly created sudoers files; ++ it's incompatible with upgrades. ++ * Clean up environment variable handling to fix vulns like CVE-2005-4158 and ++ CVE-2006-0151 once and for all: Only keep known-good variables if user has ++ limited sudo privileges (blacklist -> whitelist) and keep them all for ++ users with unlimited command privileges (to not drive admins and ++ developers up the wall which actually need to pass env variables from time ++ to time). ++ - parse.h, parse.yacc: ++ + Add a new flag 'cmdall' to the matchstack, and a new macro 'cmnd_all' ++ to access it. ++ + In the "cmnd" grammar rule: Set cmdall to TRUE if command specifier is ++ 'ALL', otherwise to FALSE. ++ - sudo.tab.cc: Re-yaccified to match changes to parse.yacc. ++ - sudo.h: Add new sudoers_lookup() return flag FLAG_CMND_ALL. ++ - parse.c, sudoers_lookup(): Set flag FLAG_CMND_ALL if cmnd_all matched. ++ - ldap.c: ++ + sudo_ldap_check_command(): Add return parameter all, set to true ++ if command specifier is 'ALL'. ++ + sudo_ldap_check(): Set flag FLAG_CMND_ALL if sudo_ldap_check_command() ++ returned all=1. ++ - env.c: ++ + Apply Martin Schulze's patch to switch from blacklist to whitelist ++ environment cleaning. ++ + Add parameter 'noclean' to rebuild_env(); if it is != 0, environment ++ variables are not cleaned. ++ - sudo.c: Call rebuild_env() with noclean=1 if FLAG_CMND_ALL is set. ++ ++ -- Martin Pitt <martin.pitt@ubuntu.com> Tue, 17 Jan 2006 10:03:05 +0100 ++ ++sudo (1.6.8p12-1) unstable; urgency=low ++ ++ * new upstream version, closes: #342948 (CVE-2005-4158) ++ * add env_reset to the sudoers file we create if none already exists, ++ as a further precaution in response to discussion about CVS-2005-4158 ++ * split ldap support into a new sudo-ldap package. I was trying to avoid ++ doing this, but the impact of going from 4 to 17 linked shlibs on the ++ autobuilder chroots is sufficient motivation for me. ++ closes: #344034 ++ ++ -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700 ++ ++sudo (1.6.8p9-4) unstable; urgency=low ++ ++ * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231 ++ * merge patch from Martin Pitt / Ubuntu to be more robust about resetting ++ timestamps in the init.d script, closes: #330868 ++ * add dependency header to init.d script, closes: #332849 ++ ++ -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800 ++ ++sudo (1.6.8p9-3ubuntu4) dapper; urgency=low ++ ++ * Revert addition of sudo -t, i. e. revert to version 1.6.8p9-3ubuntu1. As ++ per TB discussion, we will not use sudo for implementing ++ https://wiki.ubuntu.com/HideAdminToolsToUsers. ++ ++ -- Martin Pitt <martin.pitt@ubuntu.com> Tue, 29 Nov 2005 23:27:42 +0100 ++ ++sudo (1.6.8p9-3ubuntu3) dapper; urgency=low ++ ++ * sudo.c: Log failures even in test mode, to avoid the possibility of ++ silently poking around for interesting sudo privileges. This will generate ++ a lot of auth log clutter in the desktop case, but will not change sudo ++ semantics where it matters (on servers). ++ ++ -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 17 Nov 2005 10:35:04 +0100 ++ ++sudo (1.6.8p9-3ubuntu2) dapper; urgency=low ++ ++ * Add option -t which only tests whether the given command can be executed ++ and does not require a password. This is required for the ++ https://wiki.ubuntu.com/HideAdminToolsToUsers spec. ++ * sudo.h: Add MODE_TESTONLY mode. ++ * sudo.c: Add -t parsing and do not actually run the command in test mode, ++ just return success or failure. Also, add the new option to the "usage" ++ output. ++ * sudo.pod: Document new -t option. ++ * Put patch into debian/ubuntu-patches/sudo.add-test-option.patch to have ++ it separate for future merges (requires a manual "make sudo.man.in" to ++ actually run pod2man). ++ ++ -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 9 Nov 2005 17:40:43 -0500 ++ ++sudo (1.6.8p9-3ubuntu1) dapper; urgency=low ++ ++ * Resynchronise with Debian. ++ ++ -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 9 Nov 2005 17:12:06 -0500 ++ ++sudo (1.6.8p9-3) unstable; urgency=high ++ ++ * update debhelper compatibility level from 2 to 4 ++ * add man page symlink for sudoedit ++ * Clean SHELLOPTS and PS4 from the environment before executing programs ++ with sudo permissions [env.c, CAN-2005-2959] ++ * fix typo in manpage pointed out by Moray Allen, closes: #285995 ++ * fix paths in sample complex sudoers file, closes: #303542 ++ * fix type in sudoers man page, closes: #311244 ++ ++ -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600 ++ ++sudo (1.6.8p9-2ubuntu2) breezy; urgency=low ++ ++ * debian/init.d: When resetting the timestamps of the tty tags, actually ++ touch the files, not the per-user directories. Since bootclean.sh removes ++ /var/run/* anyway, this is no big deal, but clean it up anyway for the ++ sake of correctness. (Ubuntu #16594) ++ ++ -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 30 Sep 2005 09:52:27 +0200 ++ ++sudo (1.6.8p9-2ubuntu1) breezy; urgency=low ++ ++ * Resynchronise with Debian, resolve merging conflicts and unscramble ++ changelog. ++ ++ -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 7 Jul 2005 09:01:48 +0000 ++ ++sudo (1.6.8p9-2) unstable; urgency=high ++ ++ * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1, ++ closes: #305735 ++ ++ -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400 ++ ++sudo (1.6.8p9-1) unstable; urgency=high ++ ++ * new upstream version, fixes a race condition in sudo's pathname ++ validation, which is a security issue (CAN-2005-1993), ++ closes: #315115, #315718 ++ ++ -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400 ++ ++sudo (1.6.8p7-1) unstable; urgency=low ++ ++ * new upstream version, closes: #299585 ++ * update lintian overrides to squelch the postinst warning ++ * change sudoedit from a hard to a soft link, closes: #296896 ++ * fix regex doc in sudoers man page, closes: #300361 ++ ++ -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700 ++ ++sudo (1.6.8p5-1ubuntu3) breezy; urgency=low ++ ++ * SECURITY UPDATE: Fix privilege escalation. ++ * sudo.c, parse.yacc: safe_cmd contains the actually executed program which ++ is normally taken from /etc/sudoers. However, if sudoers contains "ALL" ++ entries that follow the matching entry, safe_cmd was overwritten with the ++ path the user specified on the command line, which opens up the ++ possibility of executing arbitrary commands by generating symlinks to ++ them. ++ * References: ++ CAN-2005-1993 ++ http://www.securityfocus.com/archive/1/402741 ++ ++ -- Martin Pitt <martin.pitt@ubuntu.com> Tue, 21 Jun 2005 13:41:05 +0200 ++ ++sudo (1.6.8p5-1ubuntu2) hoary; urgency=low ++ ++ * Add !fqdn to the Defaults so we don't die horribly when localhost doesn't ++ resolve (Ubuntu: 2772) ++ ++ -- Thom May <thom@ubuntu.com> Wed, 2 Mar 2005 20:34:20 +0000 ++ ++sudo (1.6.8p5-1ubuntu1) hoary; urgency=low ++ ++ * Resync with Debian ++ ++ -- LaMont Jones <lamont@canonical.com> Mon, 6 Dec 2004 09:31:28 -0700 ++ ++sudo (1.6.8p5-1) unstable; urgency=high ++ ++ * new upstream version ++ * restores ability to use config tuples without a value, which was causing ++ problems on upgrade closes: #283306 ++ * deliver sudoedit, closes: #283078 ++ * marking urgency high since 283306 is a serious upgrade incompatibility ++ ++ -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700 ++ ++sudo (1.6.8p3-2) unstable; urgency=high ++ ++ * update pam.d deliverable so ldap works again, closes: #282191 ++ ++ -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700 ++ ++sudo (1.6.8p3-1) unstable; urgency=high ++ ++ * new upstream version, fixes a flaw in sudo's environment sanitizing that ++ could allow a malicious user with permission to run a shell script that ++ utilized the bash shell to run arbitrary commands, closes: #281665 ++ * patch the sample sudoers to have the proper path for kill on Debian ++ systems, closes: #263486 ++ * patch the sudo manpage to reflect Debian's choice of exempt_group ++ default setting, closes: #236465 ++ * patch the sudo manpage to reflect Debian's choice of no timeout on the ++ password prompt, closes: #271194 ++ ++ -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700 ++ ++sudo (1.6.7p5-2ubuntu2) hoary; urgency=low ++ ++ * SECURITY UPDATE: fix input validation flaw ++ * env.c, rebuild_env(): skip variables with values beginnig with "()" to ++ ignore exported bash functions in the sudo environment; this prevents ++ introducing malicious functions with the name of commands that are ++ executed without full path ++ * References: ++ http://www.sudo.ws/sudo/alerts/bash_functions.html ++ ++ -- Martin Pitt <martin.pitt@canonical.com> Wed, 17 Nov 2004 18:54:30 +0100 ++ ++sudo (1.6.7p5-2ubuntu1) hoary; urgency=low ++ ++ * Resynchronise with Debian. ++ ++ -- Scott James Remnant <scott@canonical.com> Wed, 27 Oct 2004 15:06:39 +0100 ++ ++sudo (1.6.7p5-2) unstable; urgency=low ++ ++ * Jeff Bailey reports that seteuid works on current sparc systems, so we ++ no longer need the "grosshack" stuff in the sudo rules file ++ * add a postrm that removes /etc/sudoers on purge. don't do this with the ++ normal conffile mechanism since it would generate noise on every upgrade, ++ closes: #245405 ++ ++ -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400 ++ ++sudo (1.6.7p5-1ubuntu4) warty; urgency=low ++ ++ * Disable lecture by default. (Warty #987) ++ ++ -- Thom May <thom@canonical.com> Wed, 6 Oct 2004 14:31:31 +0100 ++ ++sudo (1.6.7p5-1ubuntu3) warty; urgency=low ++ ++ * Refuse to remove sudo if the root password is not set and the user is ++ running us via sudo ++ ++ -- Thom May <thom@canonical.com> Mon, 27 Sep 2004 15:30:09 +0100 ++ ++sudo (1.6.7p5-1ubuntu2) warty; urgency=low ++ ++ * Add 'Defaults !lecture,tty_tickets' to initial sudoers file. ++ ++ -- Colin Watson <cjwatson@flatline.org.uk> Mon, 23 Aug 2004 21:03:15 +0100 ++ ++sudo (1.6.7p5-1ubuntu1) warty; urgency=low ++ ++ * Remove /etc/sudoers on purge. (Closes: #245405) ++ ++ -- Fabio M. Di Nitto <fabbione@fabbione.net> Mon, 19 Jul 2004 09:42:04 +0200 ++ ++sudo (1.6.7p5-1) unstable; urgency=low ++ ++ * new upstream version, closes: #190265, #193222, #197244 ++ * change from '.' to ':' in postinst chown call, closes: #208369 ++ ++ -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600 ++ ++sudo (1.6.7p3-2) unstable; urgency=low ++ ++ * add --disable-setresuid to configure call since 2.2 kernels don't support ++ setresgid, closes: #189044 ++ * cosmetic cleanups to debian/rules as long as I'm there ++ ++ -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600 ++ ++sudo (1.6.7p3-1) unstable; urgency=low ++ ++ * new upstream version ++ * add overrides to quiet lintian about things it doesn't understand, ++ except the source one that can't be overridden until 129510 is fixed ++ ++ -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600 ++ ++sudo (1.6.6-3) unstable; urgency=low ++ ++ * add code to rules file to update config.sub/guess, closes: #164501 ++ ++ -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600 ++ ++sudo (1.6.6-2) unstable; urgency=low ++ ++ * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to ++ configure, and lose the build dependency on mail-transport-agent ++ * incorporate changes from LaMont's NMU, closes: #144665, #144737 ++ * update init.d to not try and set time on nonexistent timestamp files, ++ closes: #132616 ++ * build with --with-all-insults, admin must edit sudoers to turn insults ++ on at runtime if desired, closes: #135374 ++ * stop setting /usr/doc symlink in postinst ++ ++ -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600 ++ ++sudo (1.6.6-1.1) unstable; urgency=high ++ ++ * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts. ++ * Revert patch to auth/pam.c that left pass uninitialized, causing a ++ segfault (Closes: #144665). ++ ++ -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600 ++ ++sudo (1.6.6-1) unstable; urgency=high ++ ++ * new upstream version, fixes security problem with crafty prompts, ++ closes: #144540 ++ ++ -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600 ++ ++sudo (1.6.5p1-4) unstable; urgency=high ++ ++ * apply patch for auth/pam.c to fix yet another way to make sudo segfault ++ if ctrl/C'ed at password prompt, closes: #131235 ++ ++ -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700 ++ ++sudo (1.6.5p1-3) unstable; urgency=high ++ ++ * ugly hack to add --disable-saved-ids when building on sparc in response ++ to 131592, which will be reassigned to glibc for a real fix ++ * urgency high since the sudo currently in testing for sparc is worthless ++ ++ -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700 ++ ++sudo (1.6.5p1-2) unstable; urgency=high ++ ++ * patch from upstream to fix seg faults caused by versions of pam that ++ follow a NULL pointer, closes: #129512 ++ ++ -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700 ++ ++sudo (1.6.5p1-1) unstable; urgency=high ++ ++ * new upstream version ++ * add --disable-root-mailer option supported by new version to configure ++ call in rules file, closes: #129648 ++ ++ -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700 ++ ++sudo (1.6.4p1-1) unstable; urgency=high ++ ++ * new upstream version, with fix for segfaulting problem in 1.6.4 ++ ++ -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700 ++ ++sudo (1.6.4-1) unstable; urgency=high ++ ++ * new upstream version, includes an important security fix, closes: #127576 ++ ++ -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700 ++ ++sudo (1.6.3p7-5) unstable; urgency=low ++ ++ * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872 ++ * fix spelling error in init.d, closes: #126847 ++ ++ -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700 ++ ++sudo (1.6.3p7-4) unstable; urgency=medium ++ ++ * use touch to set status files to an ancient date instead of removing them ++ outright on reboot. this achieves the desired effect of keeping elevated ++ privs from living across reboots, without forcing everyone to see the ++ new-sudo-user lecture after every reboot. pick a time that's 'old enough' ++ for systems with good clocks, and 'recent enough' that broken PC hardware ++ setting the clock to commonly-seen bogus dates trips over the "don't trust ++ future timestamps" rule. closes: #76529, #123559 ++ * apply patch from Steve Langasek to fix seg faults due to interaction with ++ PAM code. upstream confirms the problem, and says they're fixing this ++ differently for their next release... but this should be useful in the ++ meantime, and would be good to get into woody. closes: #119147 ++ * only run the init.d at boot, not on each runlevel change... and don't run ++ it during package configure. closes: #125935 ++ * add DEB_BUILD_OPTIONS support to rules file, closes: #94952 ++ ++ -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700 ++ ++sudo (1.6.3p7-3) unstable; urgency=low ++ ++ * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not ++ resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718, ++ * fix a typo in the manpage, closes: #97368 ++ * apply patch to configure.in and run autoconf to fix problem building on ++ the hurd, closes: #96325 ++ * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed ++ to not last across reboots, closes: #76529 ++ * clean up lintian-noticed cosmetic packaging issues ++ ++ -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700 ++ ++sudo (1.6.3p7-2) unstable; urgency=low ++ ++ * update config.sub/guess for hppa support ++ ++ -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600 ++ ++sudo (1.6.3p7-1) unstable; urgency=low ++ ++ * new upstream version ++ * add build dependency on mail-transport-agent, closes: #90685 ++ ++ -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600 ++ ++sudo (1.6.3p6-1) unstable; urgency=high ++ ++ * new upstream version, fixes buffer overflow problem, ++ closes: #87259, #87278, #87263 ++ * revert to using --with-secure-path option at build time, since the option ++ available in sudoers is parsed too late to be useful, and upstream says ++ it won't get fixed quickly. This reopens 85123, which I will mark as ++ forwarded. Closes: #86199, #86117, #85676 ++ ++ -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700 ++ ++sudo (1.6.3p5-2) unstable; urgency=low ++ ++ * lose the dh_suidregister call since it's obsolete ++ * stop using the --with-secure-path option at build time, and instead show ++ how to set it in sudoers. Closes: #85123 ++ * freshen config.sub and config.guess for ia64 and hppa ++ * update sudoers man page to indicate exempt_group is on by default, ++ closes: #70847 ++ ++ -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700 ++ ++sudo (1.6.3p5-1) unstable; urgency=low ++ ++ * new upstream version, closes: #63940, #59175, #61817, #64652, #65743 ++ * this version restores core dumps before the exec, while leaving them ++ disabled during sudo's internal execution, closes: #58289 ++ * update debhelper calls in rules file ++ ++ -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600 ++ ++sudo (1.6.2p2-1) frozen unstable; urgency=medium ++ ++ * new upstream source resulting from direct collaboration with the upstream ++ author to fix ugly pam-related problems on Debian in 1.6.1 and later. ++ Closes: #56129, #55978, #55979, #56550, #56772 ++ * include more upstream documentation, closes: #55054 ++ * pam.d fragment update, closes: #56129 ++ ++ -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700 ++ ++sudo (1.6.1-1) unstable; urgency=low ++ ++ * new upstream source, closes: #52750 ++ ++ -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700 ++ ++sudo (1.6-2) unstable; urgency=low ++ ++ * drop suidregister support for this package. The sudo executable is ++ essentially worthless unless it is setuid root, and making suidregister ++ work involves shipping a non-setuid executable in the .deb and setting the ++ perms in the postinst. On a long upgrade run, this can leave the sudo ++ executable 'broken' for a long time, which is unacceptable. With this ++ version, we ship the executable setuid root in the .deb. Closes: #51742 ++ ++ -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700 ++ ++sudo (1.6-1) unstable; urgency=low ++ ++ * new upstream version, many options previously set at compile-time are now ++ configurable at runtime. ++ Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639 ++ * FHS support ++ ++ -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700 ++ ++sudo (1.5.9p4-1) unstable; urgency=low ++ ++ * new upstream version, closes: #43464 ++ * empty password handling was fixed in 1.5.8, closes: #31863 ++ ++ -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600 ++ ++sudo (1.5.9p1-1) unstable; urgency=low ++ ++ * new upstream version ++ ++ -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600 ++ ++sudo (1.5.8p1-1) unstable; urgency=medium ++ ++ * new upstream version, closes 33690 ++ * add dependency on libpam-modules, closes 34215, 33432 ++ ++ -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700 ++ ++sudo (1.5.7p4-2) unstable; urgency=medium ++ ++ * update the pam fragment provided so that sudo works with latest pam bits, ++ closes 33432 ++ ++ -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700 ++ ++sudo (1.5.7p4-1) unstable; urgency=low ++ ++ * new upstream release ++ ++ -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700 ++ ++sudo (1.5.6p5-1) unstable; urgency=low ++ ++ * new upstream patch release ++ * add PAM support, closes 28594 ++ ++ -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700 ++ ++sudo (1.5.6p2-2) unstable; urgency=low ++ ++ * update copyright file, closes 24136 ++ * review and close forwarded bugs believed fixed in this upstream version, ++ closes 17606, 15786. ++ ++ -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600 ++ ++sudo (1.5.6p2-1) unstable; urgency=low ++ ++ * new upstream release ++ ++ -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600 ++ ++sudo (1.5.4-4) frozen unstable; urgency=low ++ ++ * update postinst to use groupadd, closes 21403 ++ * move the suidregister stuff earlier in postinst to ensure it always runs ++ ++ -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600 ++ ++sudo (1.5.4-3) frozen unstable; urgency=low ++ ++ * change /etc/sudoers from a conffile to being handled in postinst, ++ closes 18219 ++ * add suidmanager support, closes 15711 ++ * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is ++ unlikely to ever fix, and which just don't matter. closes 17146 ++ * fix FSF address in copyright file, and submit exception for lintian ++ warning about sudo being setuid root ++ ++ -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600 ++ ++sudo (1.5.4-2) unstable; urgency=high ++ ++ * patch from upstream author correcting/improving security fix ++ ++ -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700 ++ ++sudo (1.5.4-1) unstable; urgency=high ++ ++ * new upstream version, includes a security fix ++ * change default editor from /bin/ae to /usr/bin/editor ++ ++ -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700 ++ ++sudo (1.5.3-1) unstable; urgency=medium ++ ++ * new upstream version, closes bug 15911. ++ * rules file reworked to use debhelper ++ * implement a really gross hack to force use of the sudo-provided ++ lsearch(), since the one in libc6 is broken! This closes bugs ++ 12552, 12557, 14881, 15259, 15916. ++ ++ -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700 ++ ++sudo (1.5.2-6) unstable; urgency=LOW ++ ++ * don't install INSTALL in the doc directory, closes bug 13195. ++ ++ -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600 ++ ++sudo (1.5.2-5) unstable; urgency=LOW ++ ++ * libc6 ++ ++ -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600 ++ ++sudo (1.5.2-4) unstable; urgency=LOW ++ ++ * change TIMEOUT (how long before you have to type your password again) ++ to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian ++ packages on slower machines much more tolerable. Closes bug 9076. ++ * touch debian/suid before debstd. Closes bug 8709. ++ ++ -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600 ++ ++sudo (1.5.2-3) frozen unstable; urgency=LOW ++ ++ * patch from upstream maintainer to close Bug 6828 ++ * add a debian/suid file to get debstd to leave my perl postinst alone ++ ++ -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600 ++ ++sudo (1.5.2-2) frozen unstable; urgency=LOW ++ ++ * change rules to use -O2 -Wall as per standards ++ ++ -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600 ++ ++sudo (1.5.2-1) unstable; urgency=LOW ++ ++ * new upstream version ++ * cosmetic changes to debian package control files ++ ++ -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700 ++ ++sudo (1.5-2) unstable; urgency=LOW ++ ++ * add /usr/X11R6/bin to the end of the secure path... this makes it ++ much easier to run xmkmf, etc., during package builds. To the extent ++ that /usr/local/sbin and /usr/local/bin were already included, I see ++ no security reasons not to add this. ++ ++ -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700 ++ ++sudo (1.5-1) unstable; urgency=LOW ++ ++ * New upstream version ++ * New maintainer ++ * New packaging format ++ ++ -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200 ++ ++Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de> ++ ++ sudo (1.4.1-1): ++ ++ * hard code SECURE_PATH to: ++ "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ++ ++ * enable ENV_EDITOR ++ ++ * enabled EXEMPTGROUP "sudo" ++ ++ * moved timestamp dir to /var/log/sudo ++ ++ * changed parser to check for long and short filenames (Bug#1162) ++ ++Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de> ++ ++ sudo (1.4.2-1): ++ ++ * New upstream source ++ ++ * Fixed postinst script ++ (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>) ++ ++ * Removed special shadow binary. This version works with and without ++ shadow password file. ++ ++Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org> ++ ++ sudo (1.4.2-2): ++ ++ * Corrected editor path to /bin/ae (Bug#3062) ++ ++ * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063) ++ ++Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org> ++ ++ sudo (1.4.3-1): ++ ++ * New upstream version ++ ++ * Changed sudoers permission to 440 (owner root, group root) to make ++ sudo usable via NFS ++ ++Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org> ++ ++ sudo (1.4.3-2): ++ ++ * Applied upstream patch 1 ++ ++Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org> ++ ++ sudo (1.4.3-3): ++ ++ * Applied upstream patch 2 ++ ++Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org> ++ ++ sudo (1.4.3-4): ++ ++ * Applied upstream patch 3 (fixes problems with an NFS-mounted ++ sudoers file) ++ ++ ++Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org> ++ ++ sudo (1.4.3-5): ++ ++ * Corrected postinst to use /usr/bin/perl instead of /bin/perl ++ [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)] ++ ++Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org> ++ ++ sudo (1.4.3-6): ++ ++ * Applied upstream patch 4 (fixes several bugs) ++ ++ * Changed priority to optional ++ ++Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org> ++ ++ sudo (1.4.3-7): ++ ++ * Corrected postinst to create correct permission for /etc/sudoers ++ (Bug#3749) ++ ++Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org> ++ ++ sudo (1.4.4-1): ++ ++ * New upstream version ++ ++ ++sudo (1.4.4-2) admin; urgency=HIGH ++ ++ * Fixed major security bug reported by Peter Tobias ++ <tobias@et-inf.fho-emden.de> ++ * Added dchanges support to debian.rules ++ ++sudo (1.4.5-1) admin; urgency=LOW ++ ++ * New upstream version ++ * Minor changes to debian.rules +--- sudo-1.6.8p12.orig/debian/sudo_root.8 ++++ sudo-1.6.8p12/debian/sudo_root.8 +@@ -0,0 +1,135 @@ ++.TH sudo_root 8 "February 8, 2006" ++ ++.SH NAME ++sudo_root \- How to run administrative commands ++ ++.SH SYNOPSIS ++ ++.B sudo ++.I command ++ ++.B sudo \-i ++ ++.SH INTRODUCTION ++ ++By default, the password for the user "root" (the system ++administrator) is locked. This means you cannot login as root or use ++su. Instead, the installer will set up sudo to allow the user that is ++created during install to run all administrative commands. ++ ++This means that in the terminal you can use sudo for commands that ++require root privileges. All programs in the menu will use a graphical ++sudo to prompt for a password. When sudo asks for a password, it needs ++.B your password, ++this means that a root password is not needed. ++ ++To run a command which requires root privileges in a terminal, simply ++prepend ++.B sudo ++in front of it. To get an interactive root shell, use ++.B sudo \-i\fR. ++ ++.SH ALLOWING OTHER USERS TO RUN SUDO ++ ++By default, only the user who installed the system is permitted to run ++sudo. To add more administrators, i. e. users who can run sudo, you ++have to add these users to the group 'admin' by doing one of the ++following steps: ++ ++.IP * 2 ++In a shell, do ++ ++.RS 4 ++.B sudo adduser ++.I username ++.B admin ++.RE ++ ++.IP * 2 ++Use the graphical "Users & Groups" program in the "System settings" ++menu to add the new user to the ++.B admin ++group. ++ ++.SH BENEFITS OF USING SUDO ++ ++The benefits of leaving root disabled by default include the following: ++ ++.IP * 2 ++Users do not have to remember an extra password, which they are likely to forget. ++.IP * 2 ++The installer is able to ask fewer questions. ++.IP * 2 ++It avoids the "I can do anything" interactive login by default \- you ++will be prompted for a password before major changes can happen, which ++should make you think about the consequences of what you are doing. ++.IP * 2 ++Sudo adds a log entry of the command(s) run (in \fB/var/log/auth.log\fR). ++.IP * 2 ++Every attacker trying to brute\-force their way into your box will ++know it has an account named root and will try that first. What they ++do not know is what the usernames of your other users are. ++.IP * 2 ++Allows easy transfer for admin rights, in a short term or long term ++period, by adding and removing users from the admin group, while not ++compromising the root account. ++.IP * 2 ++sudo can be set up with a much more fine\-grained security policy. ++ ++.SH DOWNSIDES OF USING SUDO ++ ++Although for desktops the benefits of using sudo are great, there are ++possible issues which need to be noted: ++ ++.IP * 2 ++Redirecting the output of commands run with sudo can be confusing at ++first. For instance consider ++ ++.RS 4 ++.B sudo ls > /root/somefile ++.RE ++ ++.RS 2 ++will not work since it is the shell that tries to write to that file. You can use ++.RE ++ ++.RS 4 ++.B ls | sudo tee /root/somefile ++.RE ++ ++.RS 2 ++to get the behaviour you want. ++.RE ++ ++.IP * 2 ++In a lot of office environments the ONLY local user on a system is ++root. All other users are imported using NSS techniques such as ++nss\-ldap. To setup a workstation, or fix it, in the case of a network ++failure where nss\-ldap is broken, root is required. This tends to ++leave the system unusable. An extra local user, or an enabled root ++password is needed here. ++ ++.SH GOING BACK TO A TRADITIONAL ROOT ACCOUNT ++ ++.B This is not recommended! ++ ++To enable the root account (i.e. set a password) use: ++ ++.RS 4 ++.B sudo passwd root ++.RE ++ ++Afterwards, edit ++.B /etc/sudoers ++and comment out the line ++ ++.RS 4 ++%admin ALL=(ALL) ALL ++.RE ++ ++to disable sudo access to members of the admin group. ++ ++.SH SEE ALSO ++.BR sudo (8), ++.B https://wiki.ubuntu.com/RootSudo ++ +--- sudo-1.6.8p12.orig/debian/sudo-ldap.postinst ++++ sudo-1.6.8p12/debian/sudo-ldap.postinst +@@ -0,0 +1,62 @@ ++#!/usr/bin/perl ++ ++# remove old link ++ ++unlink ("/etc/alternatives/sudo") if ( -l "/etc/alternatives/sudo"); ++ ++# make sure we have a sudoers file ++if ( ! -f "/etc/sudoers") { ++ ++ print "No /etc/sudoers found... creating one for you.\n"; ++ ++ open (SUDOERS, "> /etc/sudoers"); ++ print SUDOERS "# /etc/sudoers\n", ++ "#\n", ++ "# This file MUST be edited with the 'visudo' command as root.\n", ++ "#\n", ++ "# See the man page for details on how to write a sudoers file.\n", ++ "#\n\nDefaults\tenv_reset\n\n", ++ "# Host alias specification\n\n", ++ "# User alias specification\n\n", ++ "# Cmnd alias specification\n\n", ++ "# User privilege specification\nroot\tALL=(ALL) ALL\n"; ++ close SUDOERS; ++ ++} ++ ++# make sure sudoers has the correct permissions and owner/group ++system ('chown root:root /etc/sudoers'); ++system ('chmod 440 /etc/sudoers'); ++ ++# must do a remove first to un-do the "bad" links created by previous version ++system ('update-rc.d -f sudo remove >/dev/null 2>&1'); ++ ++#system ('update-rc.d sudo start 75 S . >/dev/null'); ++ ++# make sure we have a sudo group ++ ++exit 0 if getgrnam("sudo"); # we're finished if there is a group sudo ++ ++$gid = 27; # start searcg with gid 27 ++setgrent; ++while (getgrgid($gid)) { ++ ++$gid; ++} ++endgrent; ++ ++if ($gid != 27) { ++ print "On Debian we normally use gid 27 for 'sudo'.\n"; ++ $gname = getgrgid(27); ++ print "However, on your system gid 27 is group '$gname'.\n\n"; ++ print "Would you like me to stop configuring sudo so that you can change this? [n] "; ++ $ans = <STDIN>; ++ if ($ans =~ m/^[yY].*/) { ++ print "'dpkg --pending --configure' will restart the configuration.\n\n\n"; ++ exit 1; ++ } ++} ++ ++print "Creating group 'sudo' with gid = $gid\n"; ++system("groupadd -g $gid sudo"); ++ ++print ""; +--- sudo-1.6.8p12.orig/debian/sudo.lintian ++++ sudo-1.6.8p12/debian/sudo.lintian +@@ -0,0 +1,3 @@ ++sudo: setuid-binary usr/bin/sudo 4755 root/root ++sudo: postrm-contains-additional-updaterc.d-calls /etc/init.d/sudo ++sudo: script-in-etc-init.d-not-registered-via-update-rc.d /etc/init.d/sudo +--- sudo-1.6.8p12.orig/debian/postinst ++++ sudo-1.6.8p12/debian/postinst +@@ -0,0 +1,62 @@ ++#!/usr/bin/perl ++ ++# remove old link ++ ++unlink ("/etc/alternatives/sudo") if ( -l "/etc/alternatives/sudo"); ++ ++# make sure we have a sudoers file ++if ( ! -f "/etc/sudoers") { ++ ++ print "No /etc/sudoers found... creating one for you.\n"; ++ ++ open (SUDOERS, "> /etc/sudoers"); ++ print SUDOERS "# /etc/sudoers\n", ++ "#\n", ++ "# This file MUST be edited with the 'visudo' command as root.\n", ++ "#\n", ++ "# See the man page for details on how to write a sudoers file.\n", ++ "# Host alias specification\n\n", ++ "# User alias specification\n\n", ++ "# Cmnd alias specification\n\n", ++ "# Defaults\n\nDefaults\t!lecture,tty_tickets,!fqdn\n\n", ++ "# User privilege specification\nroot\tALL=(ALL) ALL\n"; ++ close SUDOERS; ++ ++} ++ ++# make sure sudoers has the correct permissions and owner/group ++system ('chown root:root /etc/sudoers'); ++system ('chmod 440 /etc/sudoers'); ++ ++# must do a remove first to un-do the "bad" links created by previous version ++system ('update-rc.d -f sudo remove >/dev/null 2>&1'); ++ ++#system ('update-rc.d sudo start 75 S . >/dev/null'); ++ ++# make sure we have a sudo group ++ ++exit 0 if getgrnam("sudo"); # we're finished if there is a group sudo ++ ++$gid = 27; # start searcg with gid 27 ++setgrent; ++while (getgrgid($gid)) { ++ ++$gid; ++} ++endgrent; ++ ++if ($gid != 27) { ++ print "On Debian we normally use gid 27 for 'sudo'.\n"; ++ $gname = getgrgid(27); ++ print "However, on your system gid 27 is group '$gname'.\n\n"; ++ print "Would you like me to stop configuring sudo so that you can change this? [n] "; ++ $ans = <STDIN>; ++ if ($ans =~ m/^[yY].*/) { ++ print "'dpkg --pending --configure' will restart the configuration.\n\n\n"; ++ exit 1; ++ } ++} ++ ++print "Creating group 'sudo' with gid = $gid\n"; ++system("groupadd -g $gid sudo"); ++ ++print ""; +--- sudo-1.6.8p12.orig/debian/compat ++++ sudo-1.6.8p12/debian/compat +@@ -0,0 +1 @@ ++4 +--- sudo-1.6.8p12.orig/debian/init.d ++++ sudo-1.6.8p12/debian/init.d +@@ -0,0 +1,31 @@ ++#! /bin/sh ++ ++### BEGIN INIT INFO ++# Provides: sudu ++# Required-Start: $local_fs $remote_fs ++# Required-Stop: ++# Default-Start: S 1 2 3 4 5 ++# Default-Stop: 0 6 ++### END INIT INFO ++ ++N=/etc/init.d/sudo ++ ++set -e ++ ++case "$1" in ++ start) ++ # make sure privileges don't persist across reboots ++ if [ -d /var/run/sudo ] ++ then ++ find /var/run/sudo -type f -exec touch -t 198501010000 '{}' \; ++ fi ++ ;; ++ stop|reload|restart|force-reload) ++ ;; ++ *) ++ echo "Usage: $N {start|stop|restart|force-reload}" >&2 ++ exit 1 ++ ;; ++esac ++ ++exit 0 +--- sudo-1.6.8p12.orig/debian/sudo-ldap.lintian ++++ sudo-1.6.8p12/debian/sudo-ldap.lintian +@@ -0,0 +1,3 @@ ++sudo-ldap: setuid-binary usr/bin/sudo 4755 root/root ++sudo-ldap: postrm-contains-additional-updaterc.d-calls /etc/init.d/sudo-ldap ++sudo-ldap: script-in-etc-init.d-not-registered-via-update-rc.d /etc/init.d/sudo-ldap +--- sudo-1.6.8p12.orig/debian/sudo-ldap.dirs ++++ sudo-1.6.8p12/debian/sudo-ldap.dirs +@@ -0,0 +1,7 @@ ++etc/pam.d ++usr/bin ++usr/share/man/man8 ++usr/share/man/man5 ++usr/sbin ++usr/share/doc/sudo-ldap/examples ++usr/share/lintian/overrides +--- sudo-1.6.8p12.orig/debian/sudo-ldap.docs ++++ sudo-1.6.8p12/debian/sudo-ldap.docs +@@ -0,0 +1,11 @@ ++debian/OPTIONS ++BUGS ++RUNSON ++UPGRADE ++PORTING ++TODO ++HISTORY ++README ++README.LDAP ++TROUBLESHOOTING ++sudoers2ldif +--- sudo-1.6.8p12.orig/debian/postrm ++++ sudo-1.6.8p12/debian/postrm +@@ -0,0 +1,21 @@ ++#! /bin/sh ++ ++set -e ++ ++case "$1" in ++ purge) ++ rm -f /etc/sudoers ++ ;; ++ ++ remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) ++ ;; ++ ++ *) ++ echo "postrm called with unknown argument \`$1'" >&2 ++ exit 1 ++ ++esac ++ ++#DEBHELPER# ++ ++exit 0 +--- sudo-1.6.8p12.orig/debian/OPTIONS ++++ sudo-1.6.8p12/debian/OPTIONS +@@ -0,0 +1,61 @@ ++The following options were used to configure sudo for Debian GNU/Linux. ++ ++ --with-exempt=sudo ++ ++ Any user in group 'sudo' will not need to type their password. It ++ is strongly recommended that no users be put in group sudo, and that ++ instead the NOPASSWD option in the sudoers file be used if desired. ++ ++ --with-pam ++ ++ Support for pluggable authentication modules. ++ ++ --with-ldap ++ ++ Support for LDAP authentication. ++ ++ --with-fqdn ++ ++ Allow use of fully qualified domain names in the sudoers file. ++ ++ --disable-root-mailer ++ ++ Send mail as the invoking user, not as root. ++ ++ --with-logging=syslog ++ --with-logfac=authpriv ++ ++ Where logging information goes. ++ ++ --with-env-editor ++ --with-editor=/usr/bin/editor ++ ++ Honor the EDITOR and VISUAL environment variables. If they are not ++ present, default to the Debian default system editor. ++ ++ --with-timeout=15 ++ --with-password-timeout=0 ++ ++ Allow 15 minutes before a user has to re-type their passord, versus ++ the sudo usual default of 5. Never time out while waiting for a ++ password to be typed, this is a seriously big deal for Debian package ++ developers using 'dpkg-buildpackage -rsudo'. ++ ++ --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:\ ++ /sbin:/bin:/usr/X11R6/bin" ++ ++ Give a reasonable default path for commands run as root via sudo. ++ ++ --with-all-insults ++ ++ Include all the insults in the binary, won't be enabled unless turned ++ on in the sudoers file. ++ ++ --with-sendmail=/usr/sbin/sendmail ++ ++ Use Debian policy to know the location of sendmail instead of trying ++ to detect it at build time. ++ ++ --disable-setresuid ++ ++ Linux 2.2 kernels don't support setresgid. +--- sudo-1.6.8p12.orig/debian/copyright ++++ sudo-1.6.8p12/debian/copyright +@@ -0,0 +1,72 @@ ++This is the Debian GNU/Linux prepackaged version of sudo. sudo is ++used to provide limited super user privileges to specific users. ++ ++This package was put together by Bdale Garbee <bdale@gag.com> using sources ++from ++ ftp://ftp.cs.colorado.edu/pub/sudo/ ++ ++Sudo is distributed under the following BSD-style license: ++ ++ Copyright (c) 1994-1996,1998-2002 Todd C. Miller <Todd.Miller@courtesan.com> ++ All rights reserved. ++ ++ Redistribution and use in source and binary forms, with or without ++ modification, are permitted provided that the following conditions ++ are met: ++ ++ 1. Redistributions of source code must retain the above copyright ++ notice, this list of conditions and the following disclaimer. ++ ++ 2. Redistributions in binary form must reproduce the above copyright ++ notice, this list of conditions and the following disclaimer in the ++ documentation and/or other materials provided with the distribution. ++ ++ 3. The name of the author may not be used to endorse or promote products ++ derived from this software without specific prior written permission ++ from the author. ++ ++ 4. Products derived from this software may not be called "Sudo" nor ++ may "Sudo" appear in their names without specific prior written ++ permission from the author. ++ ++ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, ++ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY ++ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ++ THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, ++ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, ++ PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; ++ OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, ++ WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR ++ OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ++ ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ ++ ++Additionally, lsearch.c, fnmatch.c, getcwd.c, snprintf.c, strcasecmp.c ++and fnmatch.3 bear the following UCB license: ++ ++ Copyright (c) 1987, 1989, 1990, 1991, 1993, 1994 ++ The Regents of the University of California. All rights reserved. ++ ++ Redistribution and use in source and binary forms, with or without ++ modification, are permitted provided that the following conditions ++ are met: ++ 1. Redistributions of source code must retain the above copyright ++ notice, this list of conditions and the following disclaimer. ++ 2. Redistributions in binary form must reproduce the above copyright ++ notice, this list of conditions and the following disclaimer in the ++ documentation and/or other materials provided with the distribution. ++ 3. Neither the name of the University nor the names of its contributors ++ may be used to endorse or promote products derived from this software ++ without specific prior written permission. ++ ++ THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ++ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE ++ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ SUCH DAMAGE. +--- sudo-1.6.8p12.orig/debian/sudo.pam ++++ sudo-1.6.8p12/debian/sudo.pam +@@ -0,0 +1,4 @@ ++#%PAM-1.0 ++ ++@include common-auth ++@include common-account +--- sudo-1.6.8p12.orig/debian/source.lintian-overrides ++++ sudo-1.6.8p12/debian/source.lintian-overrides +@@ -0,0 +1 @@ ++sudo source: maintainer-script-lacks-debhelper-token debian/postinst +--- sudo-1.6.8p12.orig/sample.sudoers ++++ sudo-1.6.8p12/sample.sudoers +@@ -35,16 +35,16 @@ + # Cmnd alias specification + ## + Cmnd_Alias DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \ +- /usr/sbin/rrestore, /usr/bin/mt +-Cmnd_Alias KILL = /usr/bin/kill ++ /usr/sbin/rrestore, /bin/mt ++Cmnd_Alias KILL = /bin/kill + Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm +-Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown +-Cmnd_Alias HALT = /usr/sbin/halt +-Cmnd_Alias REBOOT = /usr/sbin/reboot +-Cmnd_Alias SHELLS = /sbin/sh, /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \ +- /usr/local/bin/tcsh, /usr/bin/rsh, \ +- /usr/local/bin/zsh +-Cmnd_Alias SU = /usr/bin/su ++Cmnd_Alias SHUTDOWN = /sbin/shutdown ++Cmnd_Alias HALT = /sbin/halt ++Cmnd_Alias REBOOT = /sbin/reboot ++Cmnd_Alias SHELLS = /sbin/sh, /bin/sh, /bin/csh, /usr/bin/ksh, \ ++ /usr/bin/tcsh, /usr/bin/rsh, \ ++ /usr/bin/zsh ++Cmnd_Alias SU = /bin/su + Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \ + /usr/bin/chfn + +@@ -82,7 +82,7 @@ + sudoedit /etc/printcap, /usr/oper/bin/ + + # joe may su only to operator +-joe ALL = /usr/bin/su operator ++joe ALL = /bin/su operator + + # pete may change passwords for anyone but root on the hp snakes + pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root +@@ -96,13 +96,13 @@ + + # users in the secretaries netgroup need to help manage the printers + # as well as add and remove users +-+secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser +++secretaries ALL = PRINTING, /usr/sbin/adduser, /usr/bin/rmuser + + # fred can run commands as oracle or sybase without a password + fred ALL = (DB) NOPASSWD: ALL + + # on the alphas, john may su to anyone but root and flags are not allowed +-john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* ++john ALPHA = /bin/su [!-]*, !/bin/su *root* + + # jen can run anything on all machines except the ones + # in the "SERVERS" Host_Alias +--- sudo-1.6.8p12.orig/sudo.tab.c ++++ sudo-1.6.8p12/sudo.tab.c +@@ -138,6 +138,7 @@ + } \ + match[top].user = UNSPEC; \ + match[top].cmnd = UNSPEC; \ ++ match[top].cmndall= UNSPEC; \ + match[top].host = UNSPEC; \ + match[top].runas = UNSPEC; \ + match[top].nopass = def_authenticate ? UNSPEC : TRUE; \ +@@ -153,6 +154,7 @@ + } \ + match[top].user = match[top-1].user; \ + match[top].cmnd = match[top-1].cmnd; \ ++ match[top].cmndall= match[top-1].cmndall; \ + match[top].host = match[top-1].host; \ + match[top].runas = match[top-1].runas; \ + match[top].nopass = match[top-1].nopass; \ +@@ -1739,6 +1741,7 @@ + } + } + ++ SETMATCH(cmnd_all, TRUE); + yyval.BOOLEAN = TRUE; + } + break; +@@ -1769,6 +1772,7 @@ + YYERROR; + } + } ++ SETMATCH(cmnd_all, FALSE); + yyval.BOOLEAN = NOMATCH; + } + free(yyvsp[0].string); +@@ -1800,6 +1804,7 @@ + free(yyvsp[0].command.cmnd); + if (yyvsp[0].command.args) + free(yyvsp[0].command.args); ++ SETMATCH(cmnd_all, FALSE); + } + break; + case 65: +--- sudo-1.6.8p12.orig/ldap.c ++++ sudo-1.6.8p12/ldap.c +@@ -256,9 +256,10 @@ + * Walks through search result and returns true if we have a + * command match + */ +-int sudo_ldap_check_command(ld,entry) ++int sudo_ldap_check_command(ld,entry,all) + LDAP *ld; + LDAPMessage *entry; ++ int* all; + { + char **v=NULL; + char **p=NULL; +@@ -267,6 +268,8 @@ + int ret=0; + int foundbang; + ++ *all=0; ++ + if (!entry) return ret; + + v=ldap_get_values(ld,entry,"sudoCommand"); +@@ -277,6 +280,7 @@ + + /* Match against ALL ? */ + if (!strcasecmp(*p,"ALL")) { ++ *all=1; + ret=1; + if (ldap_conf.debug>1) printf(" MATCH!\n"); + continue; +@@ -711,6 +715,7 @@ + /* flags */ + int ldap_user_matches=0; + int ldap_host_matches=0; ++ int command_all=0; + + if (!sudo_ldap_read_config()) return VALIDATE_ERROR; + +@@ -896,7 +901,7 @@ + /* add matches for listing later */ + sudo_ldap_add_match(ld,entry) && + /* verify command match */ +- sudo_ldap_check_command(ld,entry) && ++ sudo_ldap_check_command(ld,entry,&command_all) && + /* verify runas match */ + sudo_ldap_check_runas(ld,entry) + ) +@@ -907,6 +912,7 @@ + sudo_ldap_parse_options(ld,entry); + /* make sure we dont reenter loop */ + ret=VALIDATE_OK; ++ if(command_all) SET(ret,FLAG_CMND_ALL); + /* break from inside for loop */ + break; + } +--- sudo-1.6.8p12.orig/sudo.c ++++ sudo-1.6.8p12/sudo.c +@@ -106,10 +106,11 @@ + static void set_loginclass __P((struct passwd *)); + static void usage __P((int)); + static void usage_excl __P((int)); ++static void create_admin_success_flag __P((void)); + static struct passwd *get_authpw __P((void)); + extern int sudo_edit __P((int, char **)); + extern void list_matches __P((void)); +-extern char **rebuild_env __P((char **, int, int)); ++extern char **rebuild_env __P((char **, int, int, int)); + extern char **zero_env __P((char **)); + extern struct passwd *sudo_getpwnam __P((const char *)); + extern struct passwd *sudo_getpwuid __P((uid_t)); +@@ -368,11 +369,15 @@ + + /* Build a new environment that avoids any nasty bits if we have a cmnd. */ + if (ISSET(sudo_mode, MODE_RUN)) +- new_environ = rebuild_env(envp, sudo_mode, ISSET(validated, FLAG_NOEXEC)); ++ new_environ = rebuild_env(envp, sudo_mode, ISSET(validated, FLAG_NOEXEC), ISSET(validated, FLAG_CMND_ALL)); + else + new_environ = envp; + + if (ISSET(validated, VALIDATE_OK)) { ++ /* If the user is in the admin group, create a dotfile to signal that ++ * sudo was executed successfully. */ ++ create_admin_success_flag(); ++ + /* Finally tell the user if the command did not exist. */ + if (cmnd_status == NOT_FOUND_DOT) { + warnx("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.", user_cmnd, user_cmnd, user_cmnd); +@@ -1156,3 +1161,46 @@ + putchar('\n'); + exit(exit_val); + } ++ ++static void create_admin_success_flag(void) ++{ ++ struct group* admin; ++ char** g; ++ int is_admin; ++ char flagfile[PATH_MAX]; ++ int f; ++ ++ if (!sudo_user.pw || !sudo_user.pw->pw_name || !sudo_user.pw->pw_dir) ++ return; ++ ++ /* check whether the user is in the admin group */ ++ admin = getgrnam("admin"); ++ if (!admin || !admin->gr_mem) ++ return; ++ is_admin = 0; ++ for (g = admin->gr_mem; *g; ++g) { ++ if (!strcmp(*g, sudo_user.pw->pw_name)) { ++ is_admin = 1; ++ break; ++ } ++ } ++ if (!is_admin) ++ return; ++ ++ /* build path to flag file */ ++ snprintf(flagfile, sizeof(flagfile), "%s/.sudo_as_admin_successful", ++ sudo_user.pw->pw_dir); ++ if (strlen(flagfile) >= sizeof(flagfile)-1) ++ return; ++ ++ /* do nothing if the file already exists */ ++ if (!access(flagfile, F_OK)) ++ return; ++ ++ /* create file */ ++ f = open(flagfile, O_CREAT|O_WRONLY|O_EXCL, 0644); ++ if(f >= 0) { ++ fchown(f, sudo_user.pw->pw_uid, sudo_user.pw->pw_gid); ++ close(f); ++ } ++} +--- sudo-1.6.8p12.orig/sudo.h ++++ sudo-1.6.8p12/sudo.h +@@ -65,6 +65,7 @@ + #define FLAG_NO_HOST 0x080 + #define FLAG_NO_CHECK 0x100 + #define FLAG_NOEXEC 0x200 ++#define FLAG_CMND_ALL 0x400 + + /* + * Pseudo-boolean values +--- sudo-1.6.8p12.orig/parse.c ++++ sudo-1.6.8p12/parse.c +@@ -200,7 +200,8 @@ + set_perms(PERM_ROOT); + return(VALIDATE_OK | + (no_passwd == TRUE ? FLAG_NOPASS : 0) | +- (no_execve == TRUE ? FLAG_NOEXEC : 0)); ++ (no_execve == TRUE ? FLAG_NOEXEC : 0) | ++ (cmnd_all == TRUE ? FLAG_CMND_ALL : 0)); + } else if ((runas_matches == TRUE && cmnd_matches == FALSE) || + (runas_matches == FALSE && cmnd_matches == TRUE)) { + /* +--- sudo-1.6.8p12.orig/parse.h ++++ sudo-1.6.8p12/parse.h +@@ -29,6 +29,7 @@ + struct matchstack { + int user; + int cmnd; ++ int cmndall; + int host; + int runas; + int nopass; +@@ -46,6 +47,7 @@ + + #define user_matches (match[top-1].user) + #define cmnd_matches (match[top-1].cmnd) ++#define cmnd_all (match[top-1].cmndall) + #define host_matches (match[top-1].host) + #define runas_matches (match[top-1].runas) + #define no_passwd (match[top-1].nopass) |