summaryrefslogtreecommitdiff
path: root/package/sudo/sudo-1.6.8p12-001-ubuntu6.patch
diff options
context:
space:
mode:
Diffstat (limited to 'package/sudo/sudo-1.6.8p12-001-ubuntu6.patch')
-rw-r--r--package/sudo/sudo-1.6.8p12-001-ubuntu6.patch3994
1 files changed, 3994 insertions, 0 deletions
diff --git a/package/sudo/sudo-1.6.8p12-001-ubuntu6.patch b/package/sudo/sudo-1.6.8p12-001-ubuntu6.patch
new file mode 100644
index 000000000..a370bd06c
--- /dev/null
+++ b/package/sudo/sudo-1.6.8p12-001-ubuntu6.patch
@@ -0,0 +1,3994 @@
+--- sudo-1.6.8p12.orig/sudoers.man.in
++++ sudo-1.6.8p12/sudoers.man.in
+@@ -759,7 +759,7 @@
+ .IP "exempt_group" 12
+ .IX Item "exempt_group"
+ Users in this group are exempt from password and \s-1PATH\s0 requirements.
+-This is not set by default.
++On Debian systems, this is set to the group 'sudo' by default.
+ .IP "verifypw" 12
+ .IX Item "verifypw"
+ This option controls when a password will be required when a user runs
+--- sudo-1.6.8p12.orig/sudo.man.in
++++ sudo-1.6.8p12/sudo.man.in
+@@ -185,8 +185,7 @@
+ \&\fBsudo\fR determines who is an authorized user by consulting the file
+ \&\fI@sysconfdir@/sudoers\fR. By giving \fBsudo\fR the \fB\-v\fR flag a user
+ can update the time stamp without running a \fIcommand.\fR The password
+-prompt itself will also time out if the user's password is not
+-entered within \f(CW\*(C`@password_timeout@\*(C'\fR minutes (unless overridden via
++prompt itself will not time out in Debian's version (unless overridden via
+ \&\fIsudoers\fR).
+ .PP
+ If a user who is not listed in the \fIsudoers\fR file tries to run a
+--- sudo-1.6.8p12.orig/parse.yacc
++++ sudo-1.6.8p12/parse.yacc
+@@ -120,6 +120,7 @@
+ } \
+ match[top].user = UNSPEC; \
+ match[top].cmnd = UNSPEC; \
++ match[top].cmndall= UNSPEC; \
+ match[top].host = UNSPEC; \
+ match[top].runas = UNSPEC; \
+ match[top].nopass = def_authenticate ? UNSPEC : TRUE; \
+@@ -135,6 +136,7 @@
+ } \
+ match[top].user = match[top-1].user; \
+ match[top].cmnd = match[top-1].cmnd; \
++ match[top].cmndall= match[top-1].cmndall; \
+ match[top].host = match[top-1].host; \
+ match[top].runas = match[top-1].runas; \
+ match[top].nopass = match[top-1].nopass; \
+@@ -675,6 +677,7 @@
+ }
+ }
+
++ SETMATCH(cmnd_all, TRUE);
+ $$ = TRUE;
+ }
+ | ALIAS {
+@@ -705,6 +708,7 @@
+ $$ = NOMATCH;
+ }
+ free($1);
++ SETMATCH(cmnd_all, FALSE);
+ }
+ | COMMAND {
+ if (printmatches == TRUE) {
+@@ -730,6 +734,7 @@
+ free($1.cmnd);
+ if ($1.args)
+ free($1.args);
++ SETMATCH(cmnd_all, FALSE);
+ }
+ ;
+
+--- sudo-1.6.8p12.orig/env.c
++++ sudo-1.6.8p12/env.c
+@@ -77,7 +77,7 @@
+ /*
+ * Prototypes
+ */
+-char **rebuild_env __P((char **, int, int));
++char **rebuild_env __P((char **, int, int, int));
+ char **zero_env __P((char **));
+ static void insert_env __P((char *, int));
+ static char *format_env __P((char *, ...));
+@@ -89,6 +89,8 @@
+ static const char *initial_badenv_table[] = {
+ "IFS",
+ "CDPATH",
++ "SHELLOPTS",
++ "PS4",
+ "LOCALDOMAIN",
+ "RES_OPTIONS",
+ "HOSTALIASES",
+@@ -140,6 +142,12 @@
+ "LC_*",
+ "LANG",
+ "LANGUAGE",
++ "TERM",
++ "HOME",
++ "LOGNAME",
++ "DISPLAY",
++ "XAUTHORITY",
++ "XAUTHORIZATION",
+ NULL
+ };
+
+@@ -321,10 +329,11 @@
+ * Also adds sudo-specific variables (SUDO_*).
+ */
+ char **
+-rebuild_env(envp, sudo_mode, noexec)
++rebuild_env(envp, sudo_mode, noexec, noclean)
+ char **envp;
+ int sudo_mode;
+ int noexec;
++ int noclean;
+ {
+ char **ep, *cp, *ps1;
+ int okvar, iswild, didvar;
+@@ -429,7 +438,7 @@
+ * env_check.
+ */
+ for (ep = envp; *ep; ep++) {
+- okvar = 1;
++ okvar = noclean;
+
+ /* Skip variables with values beginning with () (bash functions) */
+ if ((cp = strchr(*ep, '=')) != NULL) {
+@@ -438,6 +447,7 @@
+ }
+
+ /* Skip anything listed in env_delete. */
++#if 0
+ for (cur = def_env_delete; cur && okvar; cur = cur->next) {
+ len = strlen(cur->value);
+ /* Deal with '*' wildcard */
+@@ -451,9 +461,10 @@
+ okvar = 0;
+ }
+ }
++#endif
+
+ /* Check certain variables for '%' and '/' characters. */
+- for (cur = def_env_check; cur && okvar; cur = cur->next) {
++ for (cur = def_env_check; cur; cur = cur->next) {
+ len = strlen(cur->value);
+ /* Deal with '*' wildcard */
+ if (cur->value[len - 1] == '*') {
+@@ -463,8 +474,24 @@
+ iswild = 0;
+ if (strncmp(cur->value, *ep, len) == 0 &&
+ (iswild || (*ep)[len] == '=') &&
+- strpbrk(*ep, "/%")) {
+- okvar = 0;
++ strpbrk(*ep, "/%") == NULL) {
++ okvar = 1;
++ }
++ }
++
++ /* keep variables in env_keep */
++ for (cur = def_env_keep; cur; cur = cur->next) {
++ len = strlen(cur->value);
++ /* Deal with '*' wildcard */
++ if (cur->value[len - 1] == '*') {
++ len--;
++ iswild = 1;
++ } else
++ iswild = 0;
++ if (strncmp(cur->value, *ep, len) == 0 &&
++ (iswild || (*ep)[len] == '=')) {
++ okvar = 1;
++ break;
+ }
+ }
+
+--- sudo-1.6.8p12.orig/sudoers.pod
++++ sudo-1.6.8p12/sudoers.pod
+@@ -93,7 +93,7 @@
+
+ Cmnd_Alias ::= NAME '=' Cmnd_List
+
+- NAME ::= [A-Z]([A-Z][0-9]_)*
++ NAME ::= [A-Z]([a-z][A-Z][0-9]_)*
+
+ Each I<alias> definition is of the form
+
+@@ -568,7 +568,7 @@
+
+ =item C<%%>
+
+-two consecutive C<%> characters are collaped into a single C<%> character
++two consecutive C<%> characters are collapsed into a single C<%> character
+
+ =back
+
+@@ -669,8 +669,8 @@
+
+ =item exempt_group
+
+-Users in this group are exempt from password and PATH requirements.
+-This is not set by default.
++Users in this group are exempt from password and PATH requirements. This
++option is turned on for Debian.
+
+ =item verifypw
+
+--- sudo-1.6.8p12.orig/ins_classic.h
++++ sudo-1.6.8p12/ins_classic.h
+@@ -32,7 +32,7 @@
+ "Where did you learn to type?",
+ "Are you on drugs?",
+ "My pet ferret can type better than you!",
+- "You type like i drive.",
++ "You type like I drive.",
+ "Do you think like you type?",
+ "Your mind just hasn't been the same since the electro-shock, has it?",
+
+--- sudo-1.6.8p12.orig/config.guess
++++ sudo-1.6.8p12/config.guess
+@@ -1,11 +1,9 @@
+ #! /bin/sh
+ # Attempt to guess a canonical system name.
+ # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+-# 2000, 2001, 2002 Free Software Foundation, Inc.
+-#
+-# $Sudo: config.guess,v 1.10 2004/08/09 23:04:35 millert Exp $
++# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
+
+-timestamp='2002-11-30'
++timestamp='2005-08-03'
+
+ # This file is free software; you can redistribute it and/or modify it
+ # under the terms of the GNU General Public License as published by
+@@ -19,13 +17,15 @@
+ #
+ # You should have received a copy of the GNU General Public License
+ # along with this program; if not, write to the Free Software
+-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
++# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
++# 02110-1301, USA.
+ #
+ # As a special exception to the GNU General Public License, if you
+ # distribute this file as part of a program that contains a
+ # configuration script generated by Autoconf, you may include it under
+ # the same distribution terms that you use for the rest of that program.
+
++
+ # Originally written by Per Bothner <per@bothner.com>.
+ # Please send patches to <config-patches@gnu.org>. Submit a context
+ # diff and a properly formatted ChangeLog entry.
+@@ -55,7 +55,7 @@
+ GNU config.guess ($timestamp)
+
+ Originally written by Per Bothner.
+-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
++Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+ Free Software Foundation, Inc.
+
+ This is free software; see the source for copying conditions. There is NO
+@@ -68,11 +68,11 @@
+ while test $# -gt 0 ; do
+ case $1 in
+ --time-stamp | --time* | -t )
+- echo "$timestamp" ; exit 0 ;;
++ echo "$timestamp" ; exit ;;
+ --version | -v )
+- echo "$version" ; exit 0 ;;
++ echo "$version" ; exit ;;
+ --help | --h* | -h )
+- echo "$usage"; exit 0 ;;
++ echo "$usage"; exit ;;
+ -- ) # Stop option processing
+ shift; break ;;
+ - ) # Use stdin as input.
+@@ -100,14 +100,18 @@
+ # Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+ # use `HOST_CC' if defined, but it is deprecated.
+
+-# This shell variable is my proudest work .. or something. --bje
++# Portable tmp directory creation inspired by the Autoconf team.
+
+-set_cc_for_build='tmpdir=${TMPDIR-/tmp}/config-guess-$$ ;
+-(old=`umask` && umask 077 && mkdir $tmpdir && umask $old && unset old)
+- || (echo "$me: cannot create $tmpdir" >&2 && exit 1) ;
+-dummy=$tmpdir/dummy ;
+-files="$dummy.c $dummy.o $dummy.rel $dummy" ;
+-trap '"'"'rm -f $files; rmdir $tmpdir; exit 1'"'"' 1 2 15 ;
++set_cc_for_build='
++trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
++trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
++: ${TMPDIR=/tmp} ;
++ { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
++ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
++ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
++ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
++dummy=$tmp/dummy ;
++tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+ case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,) echo "int x;" > $dummy.c ;
+ for c in cc gcc c89 c99 ; do
+@@ -115,15 +119,13 @@
+ CC_FOR_BUILD="$c"; break ;
+ fi ;
+ done ;
+- rm -f $files ;
+ if test x"$CC_FOR_BUILD" = x ; then
+ CC_FOR_BUILD=no_compiler_found ;
+ fi
+ ;;
+ ,,*) CC_FOR_BUILD=$CC ;;
+ ,*,*) CC_FOR_BUILD=$HOST_CC ;;
+-esac ;
+-unset files'
++esac ; set_cc_for_build= ;'
+
+ # This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+ # (ghazi@noc.rutgers.edu 1994-08-24)
+@@ -196,104 +198,109 @@
+ # contains redundant information, the shorter form:
+ # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+ echo "${machine}-${os}${release}"
+- exit 0 ;;
++ exit ;;
+ *:OpenBSD:*:*)
+ UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+ echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
++ *:ekkoBSD:*:*)
++ echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
++ exit ;;
++ macppc:MirBSD:*:*)
++ echo powerppc-unknown-mirbsd${UNAME_RELEASE}
++ exit ;;
++ *:MirBSD:*:*)
++ echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
++ exit ;;
+ alpha:OSF1:*:*)
+- if test $UNAME_RELEASE = "V4.0"; then
++ case $UNAME_RELEASE in
++ *4.0)
+ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+- fi
++ ;;
++ *5.*)
++ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
++ ;;
++ esac
++ # According to Compaq, /usr/sbin/psrinfo has been available on
++ # OSF/1 and Tru64 systems produced since 1995. I hope that
++ # covers most systems running today. This code pipes the CPU
++ # types through head -n 1, so we only detect the type of CPU 0.
++ ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
++ case "$ALPHA_CPU_TYPE" in
++ "EV4 (21064)")
++ UNAME_MACHINE="alpha" ;;
++ "EV4.5 (21064)")
++ UNAME_MACHINE="alpha" ;;
++ "LCA4 (21066/21068)")
++ UNAME_MACHINE="alpha" ;;
++ "EV5 (21164)")
++ UNAME_MACHINE="alphaev5" ;;
++ "EV5.6 (21164A)")
++ UNAME_MACHINE="alphaev56" ;;
++ "EV5.6 (21164PC)")
++ UNAME_MACHINE="alphapca56" ;;
++ "EV5.7 (21164PC)")
++ UNAME_MACHINE="alphapca57" ;;
++ "EV6 (21264)")
++ UNAME_MACHINE="alphaev6" ;;
++ "EV6.7 (21264A)")
++ UNAME_MACHINE="alphaev67" ;;
++ "EV6.8CB (21264C)")
++ UNAME_MACHINE="alphaev68" ;;
++ "EV6.8AL (21264B)")
++ UNAME_MACHINE="alphaev68" ;;
++ "EV6.8CX (21264D)")
++ UNAME_MACHINE="alphaev68" ;;
++ "EV6.9A (21264/EV69A)")
++ UNAME_MACHINE="alphaev69" ;;
++ "EV7 (21364)")
++ UNAME_MACHINE="alphaev7" ;;
++ "EV7.9 (21364A)")
++ UNAME_MACHINE="alphaev79" ;;
++ esac
++ # A Pn.n version is a patched version.
+ # A Vn.n version is a released version.
+ # A Tn.n version is a released field test version.
+ # A Xn.n version is an unreleased experimental baselevel.
+ # 1.2 uses "1.2" for uname -r.
+- eval $set_cc_for_build
+- cat <<EOF >$dummy.s
+- .data
+-\$Lformat:
+- .byte 37,100,45,37,120,10,0 # "%d-%x\n"
+-
+- .text
+- .globl main
+- .align 4
+- .ent main
+-main:
+- .frame \$30,16,\$26,0
+- ldgp \$29,0(\$27)
+- .prologue 1
+- .long 0x47e03d80 # implver \$0
+- lda \$2,-1
+- .long 0x47e20c21 # amask \$2,\$1
+- lda \$16,\$Lformat
+- mov \$0,\$17
+- not \$1,\$18
+- jsr \$26,printf
+- ldgp \$29,0(\$26)
+- mov 0,\$16
+- jsr \$26,exit
+- .end main
+-EOF
+- $CC_FOR_BUILD -o $dummy $dummy.s 2>/dev/null
+- if test "$?" = 0 ; then
+- case `$dummy` in
+- 0-0)
+- UNAME_MACHINE="alpha"
+- ;;
+- 1-0)
+- UNAME_MACHINE="alphaev5"
+- ;;
+- 1-1)
+- UNAME_MACHINE="alphaev56"
+- ;;
+- 1-101)
+- UNAME_MACHINE="alphapca56"
+- ;;
+- 2-303)
+- UNAME_MACHINE="alphaev6"
+- ;;
+- 2-307)
+- UNAME_MACHINE="alphaev67"
+- ;;
+- 2-1307)
+- UNAME_MACHINE="alphaev68"
+- ;;
+- 3-1307)
+- UNAME_MACHINE="alphaev7"
+- ;;
+- esac
+- fi
+- rm -f $dummy.s $dummy && rmdir $tmpdir
+- echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+- exit 0 ;;
++ echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
++ exit ;;
+ Alpha\ *:Windows_NT*:*)
+ # How do we know it's Interix rather than the generic POSIX subsystem?
+ # Should we change UNAME_MACHINE based on the output of uname instead
+ # of the specific Alpha model?
+ echo alpha-pc-interix
+- exit 0 ;;
++ exit ;;
+ 21064:Windows_NT:50:3)
+ echo alpha-dec-winnt3.5
+- exit 0 ;;
++ exit ;;
+ Amiga*:UNIX_System_V:4.0:*)
+ echo m68k-unknown-sysv4
+- exit 0;;
++ exit ;;
+ *:[Aa]miga[Oo][Ss]:*:*)
+ echo ${UNAME_MACHINE}-unknown-amigaos
+- exit 0 ;;
++ exit ;;
+ *:[Mm]orph[Oo][Ss]:*:*)
+ echo ${UNAME_MACHINE}-unknown-morphos
+- exit 0 ;;
++ exit ;;
+ *:OS/390:*:*)
+ echo i370-ibm-openedition
+- exit 0 ;;
++ exit ;;
++ *:z/VM:*:*)
++ echo s390-ibm-zvmoe
++ exit ;;
++ *:OS400:*:*)
++ echo powerpc-ibm-os400
++ exit ;;
+ arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+ echo arm-acorn-riscix${UNAME_RELEASE}
+- exit 0;;
++ exit ;;
++ arm:riscos:*:*|arm:RISCOS:*:*)
++ echo arm-unknown-riscos
++ exit ;;
+ SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+ echo hppa1.1-hitachi-hiuxmpp
+- exit 0;;
++ exit ;;
+ Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+ # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
+ if test "`(/bin/universe) 2>/dev/null`" = att ; then
+@@ -301,29 +308,32 @@
+ else
+ echo pyramid-pyramid-bsd
+ fi
+- exit 0 ;;
++ exit ;;
+ NILE*:*:*:dcosx)
+ echo pyramid-pyramid-svr4
+- exit 0 ;;
+- DRS?6000:UNIX_SV:4.2*:7*)
++ exit ;;
++ DRS?6000:unix:4.0:6*)
++ echo sparc-icl-nx6
++ exit ;;
++ DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+ case `/usr/bin/uname -p` in
+- sparc) echo sparc-icl-nx7 && exit 0 ;;
++ sparc) echo sparc-icl-nx7; exit ;;
+ esac ;;
+ sun4H:SunOS:5.*:*)
+ echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+- exit 0 ;;
++ exit ;;
+ sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+ echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+- exit 0 ;;
++ exit ;;
+ i86pc:SunOS:5.*:*)
+ echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+- exit 0 ;;
++ exit ;;
+ sun4*:SunOS:6*:*)
+ # According to config.sub, this is the proper way to canonicalize
+ # SunOS6. Hard to guess exactly what SunOS6 will be like, but
+ # it's likely to be more like Solaris than SunOS4.
+ echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+- exit 0 ;;
++ exit ;;
+ sun4*:SunOS:*:*)
+ case "`/usr/bin/arch -k`" in
+ Series*|S4*)
+@@ -332,10 +342,10 @@
+ esac
+ # Japanese Language versions have a version number like `4.1.3-JL'.
+ echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+- exit 0 ;;
++ exit ;;
+ sun3*:SunOS:*:*)
+ echo m68k-sun-sunos${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
+ sun*:*:4.2BSD:*)
+ UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+ test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+@@ -347,10 +357,10 @@
+ echo sparc-sun-sunos${UNAME_RELEASE}
+ ;;
+ esac
+- exit 0 ;;
++ exit ;;
+ aushp:SunOS:*:*)
+ echo sparc-auspex-sunos${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
+ # The situation for MiNT is a little confusing. The machine name
+ # can be virtually everything (everything which is not
+ # "atarist" or "atariste" at least should have a processor
+@@ -361,37 +371,40 @@
+ # be no problem.
+ atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
+ atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
+ *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
+ milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+ echo m68k-milan-mint${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
+ hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+ echo m68k-hades-mint${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
+ *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+ echo m68k-unknown-mint${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
++ m68k:machten:*:*)
++ echo m68k-apple-machten${UNAME_RELEASE}
++ exit ;;
+ powerpc:machten:*:*)
+ echo powerpc-apple-machten${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
+ RISC*:Mach:*:*)
+ echo mips-dec-mach_bsd4.3
+- exit 0 ;;
++ exit ;;
+ RISC*:ULTRIX:*:*)
+ echo mips-dec-ultrix${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
+ VAX*:ULTRIX*:*:*)
+ echo vax-dec-ultrix${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
+ 2020:CLIX:*:* | 2430:CLIX:*:*)
+ echo clipper-intergraph-clix${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
+ mips:*:*:UMIPS | mips:*:*:RISCos)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+@@ -415,33 +428,33 @@
+ exit (-1);
+ }
+ EOF
+- $CC_FOR_BUILD -o $dummy $dummy.c \
+- && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
+- && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
+- rm -f $dummy.c $dummy && rmdir $tmpdir
++ $CC_FOR_BUILD -o $dummy $dummy.c &&
++ dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
++ SYSTEM_NAME=`$dummy $dummyarg` &&
++ { echo "$SYSTEM_NAME"; exit; }
+ echo mips-mips-riscos${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
+ Motorola:PowerMAX_OS:*:*)
+ echo powerpc-motorola-powermax
+- exit 0 ;;
++ exit ;;
+ Motorola:*:4.3:PL8-*)
+ echo powerpc-harris-powermax
+- exit 0 ;;
++ exit ;;
+ Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+ echo powerpc-harris-powermax
+- exit 0 ;;
++ exit ;;
+ Night_Hawk:Power_UNIX:*:*)
+ echo powerpc-harris-powerunix
+- exit 0 ;;
++ exit ;;
+ m88k:CX/UX:7*:*)
+ echo m88k-harris-cxux7
+- exit 0 ;;
++ exit ;;
+ m88k:*:4*:R4*)
+ echo m88k-motorola-sysv4
+- exit 0 ;;
++ exit ;;
+ m88k:*:3*:R3*)
+ echo m88k-motorola-sysv3
+- exit 0 ;;
++ exit ;;
+ AViiON:dgux:*:*)
+ # DG/UX returns AViiON for all architectures
+ UNAME_PROCESSOR=`/usr/bin/uname -p`
+@@ -457,29 +470,29 @@
+ else
+ echo i586-dg-dgux${UNAME_RELEASE}
+ fi
+- exit 0 ;;
++ exit ;;
+ M88*:DolphinOS:*:*) # DolphinOS (SVR3)
+ echo m88k-dolphin-sysv3
+- exit 0 ;;
++ exit ;;
+ M88*:*:R3*:*)
+ # Delta 88k system running SVR3
+ echo m88k-motorola-sysv3
+- exit 0 ;;
++ exit ;;
+ XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+ echo m88k-tektronix-sysv3
+- exit 0 ;;
++ exit ;;
+ Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+ echo m68k-tektronix-bsd
+- exit 0 ;;
++ exit ;;
+ *:IRIX*:*:*)
+ echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+- exit 0 ;;
++ exit ;;
+ ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+- echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
+- exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX '
++ echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
++ exit ;; # Note that: echo "'`uname -s`'" gives 'AIX '
+ i*86:AIX:*:*)
+ echo i386-ibm-aix
+- exit 0 ;;
++ exit ;;
+ ia64:AIX:*:*)
+ if [ -x /usr/bin/oslevel ] ; then
+ IBM_REV=`/usr/bin/oslevel`
+@@ -487,7 +500,7 @@
+ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+ fi
+ echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+- exit 0 ;;
++ exit ;;
+ *:AIX:2:3)
+ if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+ eval $set_cc_for_build
+@@ -502,15 +515,18 @@
+ exit(0);
+ }
+ EOF
+- $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
+- rm -f $dummy.c $dummy && rmdir $tmpdir
+- echo rs6000-ibm-aix3.2.5
++ if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
++ then
++ echo "$SYSTEM_NAME"
++ else
++ echo rs6000-ibm-aix3.2.5
++ fi
+ elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+ echo rs6000-ibm-aix3.2.4
+ else
+ echo rs6000-ibm-aix3.2
+ fi
+- exit 0 ;;
++ exit ;;
+ *:AIX:*:[45])
+ IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+ if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+@@ -524,28 +540,28 @@
+ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+ fi
+ echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+- exit 0 ;;
++ exit ;;
+ *:AIX:*:*)
+ echo rs6000-ibm-aix
+- exit 0 ;;
++ exit ;;
+ ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+ echo romp-ibm-bsd4.4
+- exit 0 ;;
++ exit ;;
+ ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and
+ echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to
+- exit 0 ;; # report: romp-ibm BSD 4.3
++ exit ;; # report: romp-ibm BSD 4.3
+ *:BOSX:*:*)
+ echo rs6000-bull-bosx
+- exit 0 ;;
++ exit ;;
+ DPX/2?00:B.O.S.:*:*)
+ echo m68k-bull-sysv3
+- exit 0 ;;
++ exit ;;
+ 9000/[34]??:4.3bsd:1.*:*)
+ echo m68k-hp-bsd
+- exit 0 ;;
++ exit ;;
+ hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+ echo m68k-hp-bsd4.4
+- exit 0 ;;
++ exit ;;
+ 9000/[34678]??:HP-UX:*:*)
+ HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+ case "${UNAME_MACHINE}" in
+@@ -602,16 +618,36 @@
+ }
+ EOF
+ (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+- if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi
+- rm -f $dummy.c $dummy && rmdir $tmpdir
++ test -z "$HP_ARCH" && HP_ARCH=hppa
+ fi ;;
+ esac
++ if [ ${HP_ARCH} = "hppa2.0w" ]
++ then
++ eval $set_cc_for_build
++
++ # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
++ # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler
++ # generating 64-bit code. GNU and HP use different nomenclature:
++ #
++ # $ CC_FOR_BUILD=cc ./config.guess
++ # => hppa2.0w-hp-hpux11.23
++ # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
++ # => hppa64-hp-hpux11.23
++
++ if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
++ grep __LP64__ >/dev/null
++ then
++ HP_ARCH="hppa2.0w"
++ else
++ HP_ARCH="hppa64"
++ fi
++ fi
+ echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+- exit 0 ;;
++ exit ;;
+ ia64:HP-UX:*:*)
+ HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+ echo ia64-hp-hpux${HPUX_REV}
+- exit 0 ;;
++ exit ;;
+ 3050*:HI-UX:*:*)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+@@ -639,149 +675,166 @@
+ exit (0);
+ }
+ EOF
+- $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
+- rm -f $dummy.c $dummy && rmdir $tmpdir
++ $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
++ { echo "$SYSTEM_NAME"; exit; }
+ echo unknown-hitachi-hiuxwe2
+- exit 0 ;;
++ exit ;;
+ 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+ echo hppa1.1-hp-bsd
+- exit 0 ;;
++ exit ;;
+ 9000/8??:4.3bsd:*:*)
+ echo hppa1.0-hp-bsd
+- exit 0 ;;
++ exit ;;
+ *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+ echo hppa1.0-hp-mpeix
+- exit 0 ;;
++ exit ;;
+ hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+ echo hppa1.1-hp-osf
+- exit 0 ;;
++ exit ;;
+ hp8??:OSF1:*:*)
+ echo hppa1.0-hp-osf
+- exit 0 ;;
++ exit ;;
+ i*86:OSF1:*:*)
+ if [ -x /usr/sbin/sysversion ] ; then
+ echo ${UNAME_MACHINE}-unknown-osf1mk
+ else
+ echo ${UNAME_MACHINE}-unknown-osf1
+ fi
+- exit 0 ;;
++ exit ;;
+ parisc*:Lites*:*:*)
+ echo hppa1.1-hp-lites
+- exit 0 ;;
++ exit ;;
+ C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+ echo c1-convex-bsd
+- exit 0 ;;
++ exit ;;
+ C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+ if getsysinfo -f scalar_acc
+ then echo c32-convex-bsd
+ else echo c2-convex-bsd
+ fi
+- exit 0 ;;
++ exit ;;
+ C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+ echo c34-convex-bsd
+- exit 0 ;;
++ exit ;;
+ C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+ echo c38-convex-bsd
+- exit 0 ;;
++ exit ;;
+ C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+ echo c4-convex-bsd
+- exit 0 ;;
++ exit ;;
+ CRAY*Y-MP:*:*:*)
+ echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+- exit 0 ;;
++ exit ;;
+ CRAY*[A-Z]90:*:*:*)
+ echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+ -e 's/\.[^.]*$/.X/'
+- exit 0 ;;
++ exit ;;
+ CRAY*TS:*:*:*)
+ echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+- exit 0 ;;
+- CRAY*T3D:*:*:*)
+- echo alpha-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+- exit 0 ;;
++ exit ;;
+ CRAY*T3E:*:*:*)
+ echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+- exit 0 ;;
++ exit ;;
+ CRAY*SV1:*:*:*)
+ echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+- exit 0 ;;
++ exit ;;
++ *:UNICOS/mp:*:*)
++ echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
++ exit ;;
+ F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+ FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+ echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+- exit 0 ;;
++ exit ;;
++ 5000:UNIX_System_V:4.*:*)
++ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
++ FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
++ echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
++ exit ;;
+ i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+ echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
+ sparc*:BSD/OS:*:*)
+ echo sparc-unknown-bsdi${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
+ *:BSD/OS:*:*)
+ echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
+ *:FreeBSD:*:*)
+- # Determine whether the default compiler uses glibc.
+- eval $set_cc_for_build
+- sed 's/^ //' << EOF >$dummy.c
+- #include <features.h>
+- #if __GLIBC__ >= 2
+- LIBC=gnu
+- #else
+- LIBC=
+- #endif
+-EOF
+- eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
+- rm -f $dummy.c && rmdir $tmpdir
+- echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC}
+- exit 0 ;;
++ echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
++ exit ;;
+ i*:CYGWIN*:*)
+ echo ${UNAME_MACHINE}-pc-cygwin
+- exit 0 ;;
++ exit ;;
+ i*:MINGW*:*)
+ echo ${UNAME_MACHINE}-pc-mingw32
+- exit 0 ;;
++ exit ;;
++ i*:windows32*:*)
++ # uname -m includes "-pc" on this system.
++ echo ${UNAME_MACHINE}-mingw32
++ exit ;;
+ i*:PW*:*)
+ echo ${UNAME_MACHINE}-pc-pw32
+- exit 0 ;;
+- x86:Interix*:3*)
+- echo i586-pc-interix3
+- exit 0 ;;
++ exit ;;
++ x86:Interix*:[34]*)
++ echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//'
++ exit ;;
+ [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+ echo i${UNAME_MACHINE}-pc-mks
+- exit 0 ;;
++ exit ;;
+ i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+ # How do we know it's Interix rather than the generic POSIX subsystem?
+ # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+ # UNAME_MACHINE based on the output of uname instead of i386?
+ echo i586-pc-interix
+- exit 0 ;;
++ exit ;;
+ i*:UWIN*:*)
+ echo ${UNAME_MACHINE}-pc-uwin
+- exit 0 ;;
++ exit ;;
++ amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
++ echo x86_64-unknown-cygwin
++ exit ;;
+ p*:CYGWIN*:*)
+ echo powerpcle-unknown-cygwin
+- exit 0 ;;
++ exit ;;
+ prep*:SunOS:5.*:*)
+ echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+- exit 0 ;;
++ exit ;;
+ *:GNU:*:*)
++ # the GNU system
+ echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+- exit 0 ;;
++ exit ;;
++ *:GNU/*:*:*)
++ # other systems with GNU libc and userland
++ echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
++ exit ;;
+ i*86:Minix:*:*)
+ echo ${UNAME_MACHINE}-pc-minix
+- exit 0 ;;
++ exit ;;
+ arm*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+- exit 0 ;;
++ exit ;;
++ cris:Linux:*:*)
++ echo cris-axis-linux-gnu
++ exit ;;
++ crisv32:Linux:*:*)
++ echo crisv32-axis-linux-gnu
++ exit ;;
++ frv:Linux:*:*)
++ echo frv-unknown-linux-gnu
++ exit ;;
+ ia64:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+- exit 0 ;;
++ exit ;;
++ m32r*:Linux:*:*)
++ echo ${UNAME_MACHINE}-unknown-linux-gnu
++ exit ;;
+ m68*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+- exit 0 ;;
++ exit ;;
+ mips:Linux:*:*)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+@@ -799,8 +852,7 @@
+ #endif
+ EOF
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
+- rm -f $dummy.c && rmdir $tmpdir
+- test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
++ test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+ ;;
+ mips64:Linux:*:*)
+ eval $set_cc_for_build
+@@ -819,15 +871,17 @@
+ #endif
+ EOF
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
+- rm -f $dummy.c && rmdir $tmpdir
+- test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
++ test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+ ;;
++ or32:Linux:*:*)
++ echo or32-unknown-linux-gnu
++ exit ;;
+ ppc:Linux:*:*)
+ echo powerpc-unknown-linux-gnu
+- exit 0 ;;
++ exit ;;
+ ppc64:Linux:*:*)
+ echo powerpc64-unknown-linux-gnu
+- exit 0 ;;
++ exit ;;
+ alpha:Linux:*:*)
+ case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+ EV5) UNAME_MACHINE=alphaev5 ;;
+@@ -841,7 +895,7 @@
+ objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
+ if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+ echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+- exit 0 ;;
++ exit ;;
+ parisc:Linux:*:* | hppa:Linux:*:*)
+ # Look for CPU level
+ case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+@@ -849,22 +903,25 @@
+ PA8*) echo hppa2.0-unknown-linux-gnu ;;
+ *) echo hppa-unknown-linux-gnu ;;
+ esac
+- exit 0 ;;
++ exit ;;
+ parisc64:Linux:*:* | hppa64:Linux:*:*)
+ echo hppa64-unknown-linux-gnu
+- exit 0 ;;
++ exit ;;
+ s390:Linux:*:* | s390x:Linux:*:*)
+ echo ${UNAME_MACHINE}-ibm-linux
+- exit 0 ;;
++ exit ;;
++ sh64*:Linux:*:*)
++ echo ${UNAME_MACHINE}-unknown-linux-gnu
++ exit ;;
+ sh*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+- exit 0 ;;
++ exit ;;
+ sparc:Linux:*:* | sparc64:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+- exit 0 ;;
++ exit ;;
+ x86_64:Linux:*:*)
+ echo x86_64-unknown-linux-gnu
+- exit 0 ;;
++ exit ;;
+ i*86:Linux:*:*)
+ # The BFD linker knows what the default object file format is, so
+ # first see if it will tell us. cd to the root directory to prevent
+@@ -882,15 +939,15 @@
+ ;;
+ a.out-i386-linux)
+ echo "${UNAME_MACHINE}-pc-linux-gnuaout"
+- exit 0 ;;
++ exit ;;
+ coff-i386)
+ echo "${UNAME_MACHINE}-pc-linux-gnucoff"
+- exit 0 ;;
++ exit ;;
+ "")
+ # Either a pre-BFD a.out linker (linux-gnuoldld) or
+ # one that does not give us useful --help.
+ echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
+- exit 0 ;;
++ exit ;;
+ esac
+ # Determine whether the default compiler is a.out or elf
+ eval $set_cc_for_build
+@@ -913,18 +970,23 @@
+ LIBC=gnuaout
+ #endif
+ #endif
++ #ifdef __dietlibc__
++ LIBC=dietlibc
++ #endif
+ EOF
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
+- rm -f $dummy.c && rmdir $tmpdir
+- test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0
+- test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0
++ test x"${LIBC}" != x && {
++ echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
++ exit
++ }
++ test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; }
+ ;;
+ i*86:DYNIX/ptx:4*:*)
+ # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+ # earlier versions are messed up and put the nodename in both
+ # sysname and nodename.
+ echo i386-sequent-sysv4
+- exit 0 ;;
++ exit ;;
+ i*86:UNIX_SV:4.2MP:2.*)
+ # Unixware is an offshoot of SVR4, but it has its own version
+ # number series starting with 2...
+@@ -932,24 +994,27 @@
+ # I just have to hope. -- rms.
+ # Use sysv4.2uw... so that sysv4* matches it.
+ echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+- exit 0 ;;
++ exit ;;
+ i*86:OS/2:*:*)
+ # If we were able to find `uname', then EMX Unix compatibility
+ # is probably installed.
+ echo ${UNAME_MACHINE}-pc-os2-emx
+- exit 0 ;;
++ exit ;;
+ i*86:XTS-300:*:STOP)
+ echo ${UNAME_MACHINE}-unknown-stop
+- exit 0 ;;
++ exit ;;
+ i*86:atheos:*:*)
+ echo ${UNAME_MACHINE}-unknown-atheos
+- exit 0 ;;
++ exit ;;
++ i*86:syllable:*:*)
++ echo ${UNAME_MACHINE}-pc-syllable
++ exit ;;
+ i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
+ echo i386-unknown-lynxos${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
+ i*86:*DOS:*:*)
+ echo ${UNAME_MACHINE}-pc-msdosdjgpp
+- exit 0 ;;
++ exit ;;
+ i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+ UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+ if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+@@ -957,15 +1022,16 @@
+ else
+ echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+ fi
+- exit 0 ;;
+- i*86:*:5:[78]*)
++ exit ;;
++ i*86:*:5:[678]*)
++ # UnixWare 7.x, OpenUNIX and OpenServer 6.
+ case `/bin/uname -X | grep "^Machine"` in
+ *486*) UNAME_MACHINE=i486 ;;
+ *Pentium) UNAME_MACHINE=i586 ;;
+ *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+ esac
+ echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+- exit 0 ;;
++ exit ;;
+ i*86:*:3.2:*)
+ if test -f /usr/options/cb.name; then
+ UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+@@ -983,73 +1049,73 @@
+ else
+ echo ${UNAME_MACHINE}-pc-sysv32
+ fi
+- exit 0 ;;
++ exit ;;
+ pc:*:*:*)
+ # Left here for compatibility:
+ # uname -m prints for DJGPP always 'pc', but it prints nothing about
+ # the processor, so we play safe by assuming i386.
+ echo i386-pc-msdosdjgpp
+- exit 0 ;;
++ exit ;;
+ Intel:Mach:3*:*)
+ echo i386-pc-mach3
+- exit 0 ;;
++ exit ;;
+ paragon:*:*:*)
+ echo i860-intel-osf1
+- exit 0 ;;
++ exit ;;
+ i860:*:4.*:*) # i860-SVR4
+ if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+ echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+ else # Add other i860-SVR4 vendors below as they are discovered.
+ echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4
+ fi
+- exit 0 ;;
++ exit ;;
+ mini*:CTIX:SYS*5:*)
+ # "miniframe"
+ echo m68010-convergent-sysv
+- exit 0 ;;
++ exit ;;
+ mc68k:UNIX:SYSTEM5:3.51m)
+ echo m68k-convergent-sysv
+- exit 0 ;;
++ exit ;;
+ M680?0:D-NIX:5.3:*)
+ echo m68k-diab-dnix
+- exit 0 ;;
+- M68*:*:R3V[567]*:*)
+- test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;;
+- 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0)
++ exit ;;
++ M68*:*:R3V[5678]*:*)
++ test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
++ 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+ OS_REL=''
+ test -r /etc/.relid \
+ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+- && echo i486-ncr-sysv4.3${OS_REL} && exit 0
++ && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+- && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;;
++ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+ 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+- && echo i486-ncr-sysv4 && exit 0 ;;
++ && { echo i486-ncr-sysv4; exit; } ;;
+ m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+ echo m68k-unknown-lynxos${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
+ mc68030:UNIX_System_V:4.*:*)
+ echo m68k-atari-sysv4
+- exit 0 ;;
++ exit ;;
+ TSUNAMI:LynxOS:2.*:*)
+ echo sparc-unknown-lynxos${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
+ rs6000:LynxOS:2.*:*)
+ echo rs6000-unknown-lynxos${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
+ PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
+ echo powerpc-unknown-lynxos${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
+ SM[BE]S:UNIX_SV:*:*)
+ echo mips-dde-sysv${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
+ RM*:ReliantUNIX-*:*:*)
+ echo mips-sni-sysv4
+- exit 0 ;;
++ exit ;;
+ RM*:SINIX-*:*:*)
+ echo mips-sni-sysv4
+- exit 0 ;;
++ exit ;;
+ *:SINIX-*:*:*)
+ if uname -p 2>/dev/null >/dev/null ; then
+ UNAME_MACHINE=`(uname -p) 2>/dev/null`
+@@ -1057,64 +1123,73 @@
+ else
+ echo ns32k-sni-sysv
+ fi
+- exit 0 ;;
++ exit ;;
+ PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+ # says <Richard.M.Bartel@ccMail.Census.GOV>
+ echo i586-unisys-sysv4
+- exit 0 ;;
++ exit ;;
+ *:UNIX_System_V:4*:FTX*)
+ # From Gerald Hewes <hewes@openmarket.com>.
+ # How about differentiating between stratus architectures? -djm
+ echo hppa1.1-stratus-sysv4
+- exit 0 ;;
++ exit ;;
+ *:*:*:FTX*)
+ # From seanf@swdc.stratus.com.
+ echo i860-stratus-sysv4
+- exit 0 ;;
++ exit ;;
++ i*86:VOS:*:*)
++ # From Paul.Green@stratus.com.
++ echo ${UNAME_MACHINE}-stratus-vos
++ exit ;;
+ *:VOS:*:*)
+ # From Paul.Green@stratus.com.
+ echo hppa1.1-stratus-vos
+- exit 0 ;;
++ exit ;;
+ mc68*:A/UX:*:*)
+ echo m68k-apple-aux${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
+ news*:NEWS-OS:6*:*)
+ echo mips-sony-newsos6
+- exit 0 ;;
++ exit ;;
+ R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+ if [ -d /usr/nec ]; then
+ echo mips-nec-sysv${UNAME_RELEASE}
+ else
+ echo mips-unknown-sysv${UNAME_RELEASE}
+ fi
+- exit 0 ;;
++ exit ;;
+ BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
+ echo powerpc-be-beos
+- exit 0 ;;
++ exit ;;
+ BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only.
+ echo powerpc-apple-beos
+- exit 0 ;;
++ exit ;;
+ BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
+ echo i586-pc-beos
+- exit 0 ;;
++ exit ;;
+ SX-4:SUPER-UX:*:*)
+ echo sx4-nec-superux${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
+ SX-5:SUPER-UX:*:*)
+ echo sx5-nec-superux${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
+ SX-6:SUPER-UX:*:*)
+ echo sx6-nec-superux${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
+ Power*:Rhapsody:*:*)
+ echo powerpc-apple-rhapsody${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
+ *:Rhapsody:*:*)
+ echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
+ *:Darwin:*:*)
+- echo `uname -p`-apple-darwin${UNAME_RELEASE}
+- exit 0 ;;
++ UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
++ case $UNAME_PROCESSOR in
++ *86) UNAME_PROCESSOR=i686 ;;
++ unknown) UNAME_PROCESSOR=powerpc ;;
++ esac
++ echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
++ exit ;;
+ *:procnto*:*:* | *:QNX:[0123456789]*:*)
+ UNAME_PROCESSOR=`uname -p`
+ if test "$UNAME_PROCESSOR" = "x86"; then
+@@ -1122,22 +1197,25 @@
+ UNAME_MACHINE=pc
+ fi
+ echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
+ *:QNX:*:4*)
+ echo i386-pc-qnx
+- exit 0 ;;
+- NSR-[DGKLNPTVW]:NONSTOP_KERNEL:*:*)
++ exit ;;
++ NSE-?:NONSTOP_KERNEL:*:*)
++ echo nse-tandem-nsk${UNAME_RELEASE}
++ exit ;;
++ NSR-?:NONSTOP_KERNEL:*:*)
+ echo nsr-tandem-nsk${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
+ *:NonStop-UX:*:*)
+ echo mips-compaq-nonstopux
+- exit 0 ;;
++ exit ;;
+ BS2000:POSIX*:*:*)
+ echo bs2000-siemens-sysv
+- exit 0 ;;
++ exit ;;
+ DS/*:UNIX_System_V:*:*)
+ echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+- exit 0 ;;
++ exit ;;
+ *:Plan9:*:*)
+ # "uname -m" is not consistent, so use $cputype instead. 386
+ # is converted to i386 for consistency with other x86
+@@ -1148,25 +1226,44 @@
+ UNAME_MACHINE="$cputype"
+ fi
+ echo ${UNAME_MACHINE}-unknown-plan9
+- exit 0 ;;
++ exit ;;
+ *:TOPS-10:*:*)
+ echo pdp10-unknown-tops10
+- exit 0 ;;
++ exit ;;
+ *:TENEX:*:*)
+ echo pdp10-unknown-tenex
+- exit 0 ;;
++ exit ;;
+ KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+ echo pdp10-dec-tops20
+- exit 0 ;;
++ exit ;;
+ XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+ echo pdp10-xkl-tops20
+- exit 0 ;;
++ exit ;;
+ *:TOPS-20:*:*)
+ echo pdp10-unknown-tops20
+- exit 0 ;;
++ exit ;;
+ *:ITS:*:*)
+ echo pdp10-unknown-its
+- exit 0 ;;
++ exit ;;
++ SEI:*:*:SEIUX)
++ echo mips-sei-seiux${UNAME_RELEASE}
++ exit ;;
++ *:DragonFly:*:*)
++ echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
++ exit ;;
++ *:*VMS:*:*)
++ UNAME_MACHINE=`(uname -p) 2>/dev/null`
++ case "${UNAME_MACHINE}" in
++ A*) echo alpha-dec-vms ; exit ;;
++ I*) echo ia64-dec-vms ; exit ;;
++ V*) echo vax-dec-vms ; exit ;;
++ esac ;;
++ *:XENIX:*:SysV)
++ echo i386-pc-xenix
++ exit ;;
++ i*86:skyos:*:*)
++ echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
++ exit ;;
+ esac
+
+ #echo '(No uname command or uname output not recognized.)' 1>&2
+@@ -1198,7 +1295,7 @@
+ #endif
+
+ #if defined (__arm) && defined (__acorn) && defined (__unix)
+- printf ("arm-acorn-riscix"); exit (0);
++ printf ("arm-acorn-riscix\n"); exit (0);
+ #endif
+
+ #if defined (hp300) && !defined (hpux)
+@@ -1287,12 +1384,12 @@
+ }
+ EOF
+
+-$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
+-rm -f $dummy.c $dummy && rmdir $tmpdir
++$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
++ { echo "$SYSTEM_NAME"; exit; }
+
+ # Apollos put the system type in the environment.
+
+-test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; }
++test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
+
+ # Convex versions that predate uname can use getsysinfo(1)
+
+@@ -1301,22 +1398,22 @@
+ case `getsysinfo -f cpu_type` in
+ c1*)
+ echo c1-convex-bsd
+- exit 0 ;;
++ exit ;;
+ c2*)
+ if getsysinfo -f scalar_acc
+ then echo c32-convex-bsd
+ else echo c2-convex-bsd
+ fi
+- exit 0 ;;
++ exit ;;
+ c34*)
+ echo c34-convex-bsd
+- exit 0 ;;
++ exit ;;
+ c38*)
+ echo c38-convex-bsd
+- exit 0 ;;
++ exit ;;
+ c4*)
+ echo c4-convex-bsd
+- exit 0 ;;
++ exit ;;
+ esac
+ fi
+
+@@ -1327,7 +1424,9 @@
+ the operating system you are using. It is advised that you
+ download the most up to date version of the config scripts from
+
+- ftp://ftp.gnu.org/pub/gnu/config/
++ http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess
++and
++ http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub
+
+ If the version you run ($0) is already up to date, please
+ send the following data and any information you think might be
+--- sudo-1.6.8p12.orig/config.sub
++++ sudo-1.6.8p12/config.sub
+@@ -1,11 +1,9 @@
+ #! /bin/sh
+ # Configuration validation subroutine script.
+ # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+-# 2000, 2001, 2002 Free Software Foundation, Inc.
+-#
+-# $Sudo: config.sub,v 1.11 2003/01/20 21:07:51 millert Exp $
++# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
+
+-timestamp='2002-11-30'
++timestamp='2005-07-08'
+
+ # This file is (in principle) common to ALL GNU software.
+ # The presence of a machine in this file suggests that SOME GNU software
+@@ -23,14 +21,15 @@
+ #
+ # You should have received a copy of the GNU General Public License
+ # along with this program; if not, write to the Free Software
+-# Foundation, Inc., 59 Temple Place - Suite 330,
+-# Boston, MA 02111-1307, USA.
+-
++# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
++# 02110-1301, USA.
++#
+ # As a special exception to the GNU General Public License, if you
+ # distribute this file as part of a program that contains a
+ # configuration script generated by Autoconf, you may include it under
+ # the same distribution terms that you use for the rest of that program.
+
++
+ # Please send patches to <config-patches@gnu.org>. Submit a context
+ # diff and a properly formatted ChangeLog entry.
+ #
+@@ -72,7 +71,7 @@
+ version="\
+ GNU config.sub ($timestamp)
+
+-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
++Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+ Free Software Foundation, Inc.
+
+ This is free software; see the source for copying conditions. There is NO
+@@ -85,11 +84,11 @@
+ while test $# -gt 0 ; do
+ case $1 in
+ --time-stamp | --time* | -t )
+- echo "$timestamp" ; exit 0 ;;
++ echo "$timestamp" ; exit ;;
+ --version | -v )
+- echo "$version" ; exit 0 ;;
++ echo "$version" ; exit ;;
+ --help | --h* | -h )
+- echo "$usage"; exit 0 ;;
++ echo "$usage"; exit ;;
+ -- ) # Stop option processing
+ shift; break ;;
+ - ) # Use stdin as input.
+@@ -101,7 +100,7 @@
+ *local*)
+ # First pass through any local machine types.
+ echo $1
+- exit 0;;
++ exit ;;
+
+ * )
+ break ;;
+@@ -120,7 +119,8 @@
+ # Here we must recognize all the valid KERNEL-OS combinations.
+ maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+ case $maybe_os in
+- nto-qnx* | linux-gnu* | freebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
++ nto-qnx* | linux-gnu* | linux-dietlibc | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | \
++ kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
+ os=-$maybe_os
+ basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+ ;;
+@@ -146,7 +146,7 @@
+ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+- -apple | -axis | -sr2201*)
++ -apple | -axis | -knuth | -cray)
+ os=
+ basic_machine=$1
+ ;;
+@@ -230,14 +230,16 @@
+ | a29k \
+ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
++ | am33_2.0 \
+ | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
+- | clipper \
++ | bfin \
++ | c4x | clipper \
+ | d10v | d30v | dlx | dsp16xx \
+ | fr30 | frv \
+ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+ | i370 | i860 | i960 | ia64 \
+- | ip2k \
+- | m32r | m68000 | m68k | m88k | mcore \
++ | ip2k | iq2000 \
++ | m32r | m32rle | m68000 | m68k | m88k | maxq | mcore \
+ | mips | mipsbe | mipseb | mipsel | mipsle \
+ | mips16 \
+ | mips64 | mips64el \
+@@ -246,28 +248,37 @@
+ | mips64vr4100 | mips64vr4100el \
+ | mips64vr4300 | mips64vr4300el \
+ | mips64vr5000 | mips64vr5000el \
++ | mips64vr5900 | mips64vr5900el \
+ | mipsisa32 | mipsisa32el \
++ | mipsisa32r2 | mipsisa32r2el \
+ | mipsisa64 | mipsisa64el \
++ | mipsisa64r2 | mipsisa64r2el \
+ | mipsisa64sb1 | mipsisa64sb1el \
+ | mipsisa64sr71k | mipsisa64sr71kel \
+ | mipstx39 | mipstx39el \
+ | mn10200 | mn10300 \
++ | ms1 \
++ | msp430 \
+ | ns16k | ns32k \
+- | openrisc | or32 \
++ | or32 \
+ | pdp10 | pdp11 | pj | pjl \
+ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+ | pyramid \
+- | sh | sh[1234] | sh3e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
++ | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
+ | sh64 | sh64le \
+- | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \
++ | sparc | sparc64 | sparc64b | sparc86x | sparclet | sparclite \
++ | sparcv8 | sparcv9 | sparcv9b \
+ | strongarm \
+- | tahoe | thumb | tic80 | tron \
++ | tahoe | thumb | tic4x | tic80 | tron \
+ | v850 | v850e \
+ | we32k \
+- | x86 | xscale | xstormy16 | xtensa \
++ | x86 | xscale | xscalee[bl] | xstormy16 | xtensa \
+ | z8k)
+ basic_machine=$basic_machine-unknown
+ ;;
++ m32c)
++ basic_machine=$basic_machine-unknown
++ ;;
+ m6811 | m68hc11 | m6812 | m68hc12)
+ # Motorola 68HC11/12.
+ basic_machine=$basic_machine-unknown
+@@ -295,19 +306,19 @@
+ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \
+ | avr-* \
+- | bs2000-* \
+- | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* \
+- | clipper-* | cydra-* \
++ | bfin-* | bs2000-* \
++ | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
++ | clipper-* | craynv-* | cydra-* \
+ | d10v-* | d30v-* | dlx-* \
+ | elxsi-* \
+ | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
+ | h8300-* | h8500-* \
+ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+ | i*86-* | i860-* | i960-* | ia64-* \
+- | ip2k-* \
+- | m32r-* \
++ | ip2k-* | iq2000-* \
++ | m32r-* | m32rle-* \
+ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+- | m88110-* | m88k-* | mcore-* \
++ | m88110-* | m88k-* | maxq-* | mcore-* \
+ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+ | mips16-* \
+ | mips64-* | mips64el-* \
+@@ -316,29 +327,40 @@
+ | mips64vr4100-* | mips64vr4100el-* \
+ | mips64vr4300-* | mips64vr4300el-* \
+ | mips64vr5000-* | mips64vr5000el-* \
++ | mips64vr5900-* | mips64vr5900el-* \
+ | mipsisa32-* | mipsisa32el-* \
++ | mipsisa32r2-* | mipsisa32r2el-* \
+ | mipsisa64-* | mipsisa64el-* \
++ | mipsisa64r2-* | mipsisa64r2el-* \
+ | mipsisa64sb1-* | mipsisa64sb1el-* \
+ | mipsisa64sr71k-* | mipsisa64sr71kel-* \
+- | mipstx39 | mipstx39el \
++ | mipstx39-* | mipstx39el-* \
++ | mmix-* \
++ | ms1-* \
++ | msp430-* \
+ | none-* | np1-* | ns16k-* | ns32k-* \
+ | orion-* \
+ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+ | pyramid-* \
+ | romp-* | rs6000-* \
+- | sh-* | sh[1234]-* | sh3e-* | sh[34]eb-* | shbe-* \
++ | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | shbe-* \
+ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+- | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \
+- | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
+- | tahoe-* | thumb-* | tic30-* | tic4x-* | tic54x-* | tic80-* | tron-* \
++ | sparc-* | sparc64-* | sparc64b-* | sparc86x-* | sparclet-* \
++ | sparclite-* \
++ | sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
++ | tahoe-* | thumb-* \
++ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
++ | tron-* \
+ | v850-* | v850e-* | vax-* \
+ | we32k-* \
+- | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \
+- | xtensa-* \
++ | x86-* | x86_64-* | xps100-* | xscale-* | xscalee[bl]-* \
++ | xstormy16-* | xtensa-* \
+ | ymp-* \
+ | z8k-*)
+ ;;
++ m32c-*)
++ ;;
+ # Recognize the various machine names and aliases which stand
+ # for a CPU type and a company and sometimes even an OS.
+ 386bsd)
+@@ -355,6 +377,9 @@
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
++ abacus)
++ basic_machine=abacus-unknown
++ ;;
+ adobe68k)
+ basic_machine=m68010-adobe
+ os=-scout
+@@ -434,12 +459,27 @@
+ basic_machine=j90-cray
+ os=-unicos
+ ;;
++ craynv)
++ basic_machine=craynv-cray
++ os=-unicosmp
++ ;;
++ cr16c)
++ basic_machine=cr16c-unknown
++ os=-elf
++ ;;
+ crds | unos)
+ basic_machine=m68k-crds
+ ;;
++ crisv32 | crisv32-* | etraxfs*)
++ basic_machine=crisv32-axis
++ ;;
+ cris | cris-* | etrax*)
+ basic_machine=cris-axis
+ ;;
++ crx)
++ basic_machine=crx-unknown
++ os=-elf
++ ;;
+ da30 | da30-*)
+ basic_machine=m68k-da30
+ ;;
+@@ -462,6 +502,10 @@
+ basic_machine=m88k-motorola
+ os=-sysv3
+ ;;
++ djgpp)
++ basic_machine=i586-pc
++ os=-msdosdjgpp
++ ;;
+ dpx20 | dpx20-*)
+ basic_machine=rs6000-bull
+ os=-bosx
+@@ -515,10 +559,6 @@
+ basic_machine=h8500-hitachi
+ os=-hms
+ ;;
+- sr2201*)
+- basic_machine=harp1e-hitachi
+- os=-hiuxmpp
+- ;;
+ harris)
+ basic_machine=m88k-harris
+ os=-sysv3
+@@ -644,10 +684,6 @@
+ mips3*)
+ basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+ ;;
+- mmix*)
+- basic_machine=mmix-knuth
+- os=-mmixware
+- ;;
+ monitor)
+ basic_machine=m68k-rom68k
+ os=-coff
+@@ -735,9 +771,12 @@
+ basic_machine=hppa1.1-oki
+ os=-proelf
+ ;;
+- or32 | or32-*)
++ openrisc | openrisc-*)
+ basic_machine=or32-unknown
+- os=-coff
++ ;;
++ os400)
++ basic_machine=powerpc-ibm
++ os=-os400
+ ;;
+ OSE68000 | ose68000)
+ basic_machine=m68000-ericsson
+@@ -770,18 +809,24 @@
+ pentiumpro | p6 | 6x86 | athlon | athlon_*)
+ basic_machine=i686-pc
+ ;;
+- pentiumii | pentium2)
++ pentiumii | pentium2 | pentiumiii | pentium3)
+ basic_machine=i686-pc
+ ;;
++ pentium4)
++ basic_machine=i786-pc
++ ;;
+ pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+ basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentiumpro-* | p6-* | 6x86-* | athlon-*)
+ basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+- pentiumii-* | pentium2-*)
++ pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+ basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
++ pentium4-*)
++ basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
++ ;;
+ pn)
+ basic_machine=pn-gould
+ ;;
+@@ -840,6 +885,10 @@
+ sb1el)
+ basic_machine=mipsisa64sb1el-unknown
+ ;;
++ sei)
++ basic_machine=mips-sei
++ os=-seiux
++ ;;
+ sequent)
+ basic_machine=i386-sequent
+ ;;
+@@ -847,6 +896,9 @@
+ basic_machine=sh-hitachi
+ os=-hms
+ ;;
++ sh64)
++ basic_machine=sh64-unknown
++ ;;
+ sparclite-wrs | simso-wrs)
+ basic_machine=sparclite-wrs
+ os=-vxworks
+@@ -913,10 +965,6 @@
+ basic_machine=i386-sequent
+ os=-dynix
+ ;;
+- t3d)
+- basic_machine=alpha-cray
+- os=-unicos
+- ;;
+ t3e)
+ basic_machine=alphaev5-cray
+ os=-unicos
+@@ -925,14 +973,18 @@
+ basic_machine=t90-cray
+ os=-unicos
+ ;;
+- tic4x | c4x*)
+- basic_machine=tic4x-unknown
+- os=-coff
+- ;;
+ tic54x | c54x*)
+ basic_machine=tic54x-unknown
+ os=-coff
+ ;;
++ tic55x | c55x*)
++ basic_machine=tic55x-unknown
++ os=-coff
++ ;;
++ tic6x | c6x*)
++ basic_machine=tic6x-unknown
++ os=-coff
++ ;;
+ tx39)
+ basic_machine=mipstx39-unknown
+ ;;
+@@ -946,6 +998,10 @@
+ tower | tower-32)
+ basic_machine=m68k-ncr
+ ;;
++ tpf)
++ basic_machine=s390x-ibm
++ os=-tpf
++ ;;
+ udi29k)
+ basic_machine=a29k-amd
+ os=-udi
+@@ -989,6 +1045,10 @@
+ basic_machine=hppa1.1-winbond
+ os=-proelf
+ ;;
++ xbox)
++ basic_machine=i686-pc
++ os=-mingw32
++ ;;
+ xps | xps100)
+ basic_machine=xps100-honeywell
+ ;;
+@@ -1019,6 +1079,9 @@
+ romp)
+ basic_machine=romp-ibm
+ ;;
++ mmix)
++ basic_machine=mmix-knuth
++ ;;
+ rs6000)
+ basic_machine=rs6000-ibm
+ ;;
+@@ -1035,13 +1098,10 @@
+ we32k)
+ basic_machine=we32k-att
+ ;;
+- sh3 | sh4 | sh3eb | sh4eb | sh[1234]le | sh3ele)
++ sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele)
+ basic_machine=sh-unknown
+ ;;
+- sh64)
+- basic_machine=sh64-unknown
+- ;;
+- sparc | sparcv9 | sparcv9b)
++ sparc | sparcv8 | sparcv9 | sparcv9b)
+ basic_machine=sparc-sun
+ ;;
+ cydra)
+@@ -1114,19 +1174,21 @@
+ | -aos* \
+ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+- | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \
+- | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
++ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* | -openbsd* \
++ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
++ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+ | -chorusos* | -chorusrdb* \
+ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+- | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \
++ | -mingw32* | -linux-gnu* | -linux-uclibc* | -uxpv* | -beos* | -mpeix* | -udk* \
+ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+- | -powermax* | -dnix*)
++ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
++ | -skyos* | -haiku*)
+ # Remember, each alternative MUST END IN *, to match a version number.
+ ;;
+ -qnx*)
+@@ -1144,12 +1206,15 @@
+ os=`echo $os | sed -e 's|nto|nto-qnx|'`
+ ;;
+ -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+- | -windows* | -osx | -abug | -netware* | -os9* | -beos* \
++ | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
+ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+ ;;
+ -mac*)
+ os=`echo $os | sed -e 's|mac|macos|'`
+ ;;
++ -linux-dietlibc)
++ os=-linux-dietlibc
++ ;;
+ -linux*)
+ os=`echo $os | sed -e 's|linux|linux-gnu|'`
+ ;;
+@@ -1162,6 +1227,9 @@
+ -opened*)
+ os=-openedition
+ ;;
++ -os400*)
++ os=-os400
++ ;;
+ -wince*)
+ os=-wince
+ ;;
+@@ -1183,6 +1251,9 @@
+ -atheos*)
+ os=-atheos
+ ;;
++ -syllable*)
++ os=-syllable
++ ;;
+ -386bsd)
+ os=-bsd
+ ;;
+@@ -1205,6 +1276,9 @@
+ -sinix*)
+ os=-sysv4
+ ;;
++ -tpf*)
++ os=-tpf
++ ;;
+ -triton*)
+ os=-sysv3
+ ;;
+@@ -1235,6 +1309,15 @@
+ -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+ os=-mint
+ ;;
++ -aros*)
++ os=-aros
++ ;;
++ -kaos*)
++ os=-kaos
++ ;;
++ -zvmoe)
++ os=-zvmoe
++ ;;
+ -none)
+ ;;
+ *)
+@@ -1266,6 +1349,9 @@
+ arm*-semi)
+ os=-aout
+ ;;
++ c4x-* | tic4x-*)
++ os=-coff
++ ;;
+ # This must come before the *-dec entry.
+ pdp10-*)
+ os=-tops20
+@@ -1309,9 +1395,15 @@
+ *-be)
+ os=-beos
+ ;;
++ *-haiku)
++ os=-haiku
++ ;;
+ *-ibm)
+ os=-aix
+ ;;
++ *-knuth)
++ os=-mmixware
++ ;;
+ *-wec)
+ os=-proelf
+ ;;
+@@ -1444,9 +1536,15 @@
+ -mvs* | -opened*)
+ vendor=ibm
+ ;;
++ -os400*)
++ vendor=ibm
++ ;;
+ -ptx*)
+ vendor=sequent
+ ;;
++ -tpf*)
++ vendor=ibm
++ ;;
+ -vxsim* | -vxworks* | -windiss*)
+ vendor=wrs
+ ;;
+@@ -1471,7 +1569,7 @@
+ esac
+
+ echo $basic_machine$os
+-exit 0
++exit
+
+ # Local variables:
+ # eval: (add-hook 'write-file-hooks 'time-stamp)
+--- sudo-1.6.8p12.orig/sudoers
++++ sudo-1.6.8p12/sudoers
+@@ -1,10 +1,17 @@
+ # sudoers file.
+ #
+ # This file MUST be edited with the 'visudo' command as root.
++# 'visudo' edits the suoders file in a safe fashion. visudo
++# locks the sudoers file against multiple simultaneous edits,
++# provides basic sanity checks, and checks for syntax errors. If
++# the sudoers file is currently being edited you will receive a
++# message to try again later.
+ #
+ # See the sudoers man page for the details on how to write a sudoers file.
+ #
+
++# Defaults syslog=auth, secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin"
++
+ # Host alias specification
+
+ # User alias specification
+--- sudo-1.6.8p12.orig/debian/dirs
++++ sudo-1.6.8p12/debian/dirs
+@@ -0,0 +1,7 @@
++etc/pam.d
++usr/bin
++usr/share/man/man8
++usr/share/man/man5
++usr/sbin
++usr/share/doc/sudo/examples
++usr/share/lintian/overrides
+--- sudo-1.6.8p12.orig/debian/docs
++++ sudo-1.6.8p12/debian/docs
+@@ -0,0 +1,9 @@
++debian/OPTIONS
++BUGS
++RUNSON
++UPGRADE
++PORTING
++TODO
++HISTORY
++README
++TROUBLESHOOTING
+--- sudo-1.6.8p12.orig/debian/sudo-ldap.init.d
++++ sudo-1.6.8p12/debian/sudo-ldap.init.d
+@@ -0,0 +1,31 @@
++#! /bin/sh
++
++### BEGIN INIT INFO
++# Provides: sudu
++# Required-Start: $local_fs $remote_fs
++# Required-Stop:
++# Default-Start: S 1 2 3 4 5
++# Default-Stop: 0 6
++### END INIT INFO
++
++N=/etc/init.d/sudo
++
++set -e
++
++case "$1" in
++ start)
++ # make sure privileges don't persist across reboots
++ if [ -d /var/run/sudo ]
++ then
++ find /var/run/sudo -type f -exec touch -t 198501010000 '{}' \;
++ fi
++ ;;
++ stop|reload|restart|force-reload)
++ ;;
++ *)
++ echo "Usage: $N {start|stop|restart|force-reload}" >&2
++ exit 1
++ ;;
++esac
++
++exit 0
+--- sudo-1.6.8p12.orig/debian/control
++++ sudo-1.6.8p12/debian/control
+@@ -0,0 +1,32 @@
++Source: sudo
++Section: admin
++Priority: optional
++Maintainer: Bdale Garbee <bdale@gag.com>
++Build-Depends: debhelper (>= 5), libpam0g-dev, libldap2-dev
++Standards-Version: 3.6.2.1
++
++Package: sudo
++Architecture: any
++Depends: ${shlibs:Depends}, libpam-modules
++Conflicts: sudo-ldap
++Replaces: sudo-ldap
++Description: Provide limited super user privileges to specific users
++ Sudo is a program designed to allow a sysadmin to give limited root
++ privileges to users and log root activity. The basic philosophy is to give
++ as few privileges as possible but still allow people to get their work done.
++ .
++ This version is built with minimal shared library dependencies, use the
++ sudo-ldap package instead if you need LDAP support.
++
++Package: sudo-ldap
++Architecture: any
++Depends: ${shlibs:Depends}, libpam-modules
++Conflicts: sudo
++Replaces: sudo
++Provides: sudo
++Description: Provide limited super user privileges to specific users
++ Sudo is a program designed to allow a sysadmin to give limited root
++ privileges to users and log root activity. The basic philosophy is to give
++ as few privileges as possible but still allow people to get their work done.
++ .
++ This version is built with LDAP support.
+--- sudo-1.6.8p12.orig/debian/sudo-ldap.postrm
++++ sudo-1.6.8p12/debian/sudo-ldap.postrm
+@@ -0,0 +1,21 @@
++#! /bin/sh
++
++set -e
++
++case "$1" in
++ purge)
++ rm -f /etc/sudoers
++ ;;
++
++ remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
++ ;;
++
++ *)
++ echo "postrm called with unknown argument \`$1'" >&2
++ exit 1
++
++esac
++
++#DEBHELPER#
++
++exit 0
+--- sudo-1.6.8p12.orig/debian/prerm
++++ sudo-1.6.8p12/debian/prerm
+@@ -0,0 +1,37 @@
++#!/bin/sh
++
++set -e
++
++check_password() {
++ if [ ! "$SUDO_FORCE_REMOVE" = "yes" ]; then
++ # let's check whether the root account is locked.
++ # if it is, we're not going another step. No Sirreee!
++ passwd=$(getent shadow root|cut -f2 -d:)
++ if [ "$passwd" = "*" -o "$passwd" = "!" ]; then
++ # yup, password is locked
++ echo "You have asked that the sudo package be removed,"
++ echo "but no root password has been set."
++ echo "Without sudo, you may not be able to gain administrative privileges."
++ echo
++ echo "If you would prefer to access the root account with su(1)"
++ echo "or by logging in directly,"
++ echo "you must set a root password with \"sudo passwd\"."
++ echo
++ echo "If you have arranged other means to access the root account,"
++ echo "and you are sure this is what you want,"
++ echo "you may bypass this check by setting an environment variable "
++ echo "(export SUDO_FORCE_REMOVE=yes)."
++ echo
++ echo "Refusing to remove sudo."
++ exit 1
++ fi
++ fi
++}
++
++case $1 in
++ remove)
++ check_password;
++ ;;
++ *)
++ ;;
++esac
+--- sudo-1.6.8p12.orig/debian/rules
++++ sudo-1.6.8p12/debian/rules
+@@ -0,0 +1,140 @@
++#!/usr/bin/make -f
++
++export DH_VERBOSE=1
++
++CFLAGS = -O2 -Wall -Wno-comment
++ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS)))
++CFLAGS += -g
++endif
++export CFLAGS
++
++build: config-stamp
++config-stamp:
++ dh_testdir
++
++ # simple version
++ mkdir -p build-simple
++ cd build-simple && ../configure --prefix=/usr -v \
++ --with-all-insults \
++ --with-exempt=sudo --with-pam --with-fqdn \
++ --with-logging=syslog --with-logfac=authpriv \
++ --with-env-editor --with-editor=/usr/bin/editor \
++ --with-timeout=15 --with-password-timeout=0 \
++ --disable-root-mailer --disable-setresuid \
++ --with-sendmail=/usr/sbin/sendmail \
++ --without-lecture \
++ --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin"
++
++ # LDAP version
++ mkdir -p build-ldap
++ cd build-ldap && ../configure --prefix=/usr -v \
++ --with-all-insults \
++ --with-exempt=sudo --with-pam --with-ldap --with-fqdn \
++ --with-logging=syslog --with-logfac=authpriv \
++ --with-env-editor --with-editor=/usr/bin/editor \
++ --with-timeout=15 --with-password-timeout=0 \
++ --disable-root-mailer --disable-setresuid \
++ --with-sendmail=/usr/sbin/sendmail \
++ --with-ldap-conf-file=/etc/ldap/ldap.conf \
++ --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin"
++
++ touch config-stamp
++
++build: build-stamp
++build-stamp: config-stamp
++ dh_testdir
++
++ -$(MAKE) -C build-simple
++ -$(MAKE) -C build-ldap
++
++ touch build-stamp
++
++clean:
++ dh_testdir
++ dh_testroot
++ rm -f config-stamp build-stamp
++ rm -rf build-simple build-ldap
++ rm -f config.cache
++
++ -test -r /usr/share/misc/config.sub && \
++ cp -f /usr/share/misc/config.sub config.sub
++ -test -r /usr/share/misc/config.guess && \
++ cp -f /usr/share/misc/config.guess config.guess
++
++ dh_clean
++
++install: build-stamp
++ dh_testdir
++ dh_testroot
++ dh_clean -k
++ dh_installdirs
++
++ # simple version
++ install -o root -g root -m 4755 -s build-simple/sudo debian/sudo/usr/bin/sudo
++ ln -sf sudo debian/sudo/usr/bin/sudoedit
++ install -o root -g root -m 0755 -s build-simple/visudo \
++ debian/sudo/usr/sbin/visudo
++ install -o root -g root -m 0644 build-simple/sudo.man \
++ debian/sudo/usr/share/man/man8/sudo.8
++ ln -sf sudo.8 debian/sudo/usr/share/man/man8/sudoedit.8
++ install -o root -g root -m 0644 build-simple/visudo.man \
++ debian/sudo/usr/share/man/man8/visudo.8
++ install -o root -g root -m 0644 build-simple/sudoers.man \
++ debian/sudo/usr/share/man/man5/sudoers.5
++ install -o root -g root -m 0644 sample.sudoers \
++ debian/sudo/usr/share/doc/sudo/examples/sudoers
++ install -o root -g root -m 0644 debian/sudo.pam \
++ debian/sudo/etc/pam.d/sudo
++
++ install -o root -g root -m 0644 debian/sudo.lintian \
++ debian/sudo/usr/share/lintian/overrides/sudo
++
++ install -o root -g root -m 0644 debian/sudo_root.8 \
++ debian/sudo/usr/share/man/man8/sudo_root.8
++
++ # LDAP version
++ install -o root -g root -m 4755 -s build-ldap/sudo debian/sudo-ldap/usr/bin/sudo
++ ln -sf sudo debian/sudo-ldap/usr/bin/sudoedit
++ install -o root -g root -m 0755 -s build-ldap/visudo debian/sudo-ldap/usr/sbin/visudo
++ install -o root -g root -m 0644 build-ldap/sudo.man \
++ debian/sudo-ldap/usr/share/man/man8/sudo.8
++ ln -sf sudo.8 debian/sudo-ldap/usr/share/man/man8/sudoedit.8
++ install -o root -g root -m 0644 build-ldap/visudo.man \
++ debian/sudo-ldap/usr/share/man/man8/visudo.8
++ install -o root -g root -m 0644 build-ldap/sudoers.man \
++ debian/sudo-ldap/usr/share/man/man5/sudoers.5
++ install -o root -g root -m 0644 sample.sudoers \
++ debian/sudo-ldap/usr/share/doc/sudo-ldap/examples/sudoers
++ install -o root -g root -m 0644 debian/sudo.pam \
++ debian/sudo-ldap/etc/pam.d/sudo
++
++ install -o root -g root -m 0644 debian/sudo-ldap.lintian \
++ debian/sudo-ldap/usr/share/lintian/overrides/sudo-ldap
++
++ install -o root -g root -m 0644 debian/sudo_root.8 \
++ debian/sudo/usr/share/man/man8/sudo_root.8
++
++binary-indep: build install
++
++binary-arch: build install
++ dh_testdir
++ dh_testroot
++ dh_installdocs
++ dh_installexamples -A
++# dh_installinit -psudo -psudo-ldap
++ dh_installmanpages fnmatch.3
++ dh_installinfo -A
++ dh_installchangelogs CHANGES
++ dh_strip
++ dh_compress
++ dh_fixperms
++ chown root.root debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo
++ chmod 4755 debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo
++ dh_installdeb
++ dh_shlibdeps
++ dh_gencontrol
++ dh_md5sums
++ dh_builddeb
++
++binary: binary-indep binary-arch
++.PHONY: build clean binary-indep binary-arch binary install
+--- sudo-1.6.8p12.orig/debian/changelog
++++ sudo-1.6.8p12/debian/changelog
+@@ -0,0 +1,769 @@
++sudo (1.6.8p12-1ubuntu6) dapper; urgency=low
++
++ * env.c: Preserve additional environment variables for non-almighty sudoers:
++ HOME, LOGNAME, DISPLAY, XAUTHORITY, XAUTHORIZATION. Closes: LP#44500
++
++ -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 17 May 2006 09:29:15 +0200
++
++sudo (1.6.8p12-1ubuntu5) dapper; urgency=low
++
++ * env.c: Unbreak the env_keep option. Closes: LP#31690
++ * sudoers: Add some explanatory text why it is a REALLY good idea to use
++ visudo. Closes: LP#11620
++
++ -- Martin Pitt <martin.pitt@ubuntu.com> Tue, 28 Mar 2006 18:52:24 +0200
++
++sudo (1.6.8p12-1ubuntu4) dapper; urgency=low
++
++ * Remove the init script, it only cleans up /var/run which is a tmpfs.
++
++ -- Scott James Remnant <scott@ubuntu.com> Wed, 22 Feb 2006 16:28:42 +0000
++
++sudo (1.6.8p12-1ubuntu3) dapper; urgency=low
++
++ * Add debian/sudo_root.8: Introduction about root handling in ubuntu with
++ sudo.
++ * debian/rules: Install that new manpage into sudo and sudo-ldap.
++
++ -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 8 Feb 2006 17:01:50 +0100
++
++sudo (1.6.8p12-1ubuntu2) dapper; urgency=low
++
++ * sudo.c: If the user successfully authenticated and he is in the 'admin'
++ group, then create a stamp ~/.sudo_as_admin_successful. A future
++ /etc/profile will evaluate this flag to display a short help about how to
++ execute things as root.
++
++ -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 18 Jan 2006 09:32:02 +0100
++
++sudo (1.6.8p12-1ubuntu1) dapper; urgency=low
++
++ * Resynchronise with Debian, clean up cruft from Ubuntu diff.
++ * debian/postinst: Do not set env_reset flag in newly created sudoers files;
++ it's incompatible with upgrades.
++ * Clean up environment variable handling to fix vulns like CVE-2005-4158 and
++ CVE-2006-0151 once and for all: Only keep known-good variables if user has
++ limited sudo privileges (blacklist -> whitelist) and keep them all for
++ users with unlimited command privileges (to not drive admins and
++ developers up the wall which actually need to pass env variables from time
++ to time).
++ - parse.h, parse.yacc:
++ + Add a new flag 'cmdall' to the matchstack, and a new macro 'cmnd_all'
++ to access it.
++ + In the "cmnd" grammar rule: Set cmdall to TRUE if command specifier is
++ 'ALL', otherwise to FALSE.
++ - sudo.tab.cc: Re-yaccified to match changes to parse.yacc.
++ - sudo.h: Add new sudoers_lookup() return flag FLAG_CMND_ALL.
++ - parse.c, sudoers_lookup(): Set flag FLAG_CMND_ALL if cmnd_all matched.
++ - ldap.c:
++ + sudo_ldap_check_command(): Add return parameter all, set to true
++ if command specifier is 'ALL'.
++ + sudo_ldap_check(): Set flag FLAG_CMND_ALL if sudo_ldap_check_command()
++ returned all=1.
++ - env.c:
++ + Apply Martin Schulze's patch to switch from blacklist to whitelist
++ environment cleaning.
++ + Add parameter 'noclean' to rebuild_env(); if it is != 0, environment
++ variables are not cleaned.
++ - sudo.c: Call rebuild_env() with noclean=1 if FLAG_CMND_ALL is set.
++
++ -- Martin Pitt <martin.pitt@ubuntu.com> Tue, 17 Jan 2006 10:03:05 +0100
++
++sudo (1.6.8p12-1) unstable; urgency=low
++
++ * new upstream version, closes: #342948 (CVE-2005-4158)
++ * add env_reset to the sudoers file we create if none already exists,
++ as a further precaution in response to discussion about CVS-2005-4158
++ * split ldap support into a new sudo-ldap package. I was trying to avoid
++ doing this, but the impact of going from 4 to 17 linked shlibs on the
++ autobuilder chroots is sufficient motivation for me.
++ closes: #344034
++
++ -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
++
++sudo (1.6.8p9-4) unstable; urgency=low
++
++ * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
++ * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
++ timestamps in the init.d script, closes: #330868
++ * add dependency header to init.d script, closes: #332849
++
++ -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
++
++sudo (1.6.8p9-3ubuntu4) dapper; urgency=low
++
++ * Revert addition of sudo -t, i. e. revert to version 1.6.8p9-3ubuntu1. As
++ per TB discussion, we will not use sudo for implementing
++ https://wiki.ubuntu.com/HideAdminToolsToUsers.
++
++ -- Martin Pitt <martin.pitt@ubuntu.com> Tue, 29 Nov 2005 23:27:42 +0100
++
++sudo (1.6.8p9-3ubuntu3) dapper; urgency=low
++
++ * sudo.c: Log failures even in test mode, to avoid the possibility of
++ silently poking around for interesting sudo privileges. This will generate
++ a lot of auth log clutter in the desktop case, but will not change sudo
++ semantics where it matters (on servers).
++
++ -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 17 Nov 2005 10:35:04 +0100
++
++sudo (1.6.8p9-3ubuntu2) dapper; urgency=low
++
++ * Add option -t which only tests whether the given command can be executed
++ and does not require a password. This is required for the
++ https://wiki.ubuntu.com/HideAdminToolsToUsers spec.
++ * sudo.h: Add MODE_TESTONLY mode.
++ * sudo.c: Add -t parsing and do not actually run the command in test mode,
++ just return success or failure. Also, add the new option to the "usage"
++ output.
++ * sudo.pod: Document new -t option.
++ * Put patch into debian/ubuntu-patches/sudo.add-test-option.patch to have
++ it separate for future merges (requires a manual "make sudo.man.in" to
++ actually run pod2man).
++
++ -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 9 Nov 2005 17:40:43 -0500
++
++sudo (1.6.8p9-3ubuntu1) dapper; urgency=low
++
++ * Resynchronise with Debian.
++
++ -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 9 Nov 2005 17:12:06 -0500
++
++sudo (1.6.8p9-3) unstable; urgency=high
++
++ * update debhelper compatibility level from 2 to 4
++ * add man page symlink for sudoedit
++ * Clean SHELLOPTS and PS4 from the environment before executing programs
++ with sudo permissions [env.c, CAN-2005-2959]
++ * fix typo in manpage pointed out by Moray Allen, closes: #285995
++ * fix paths in sample complex sudoers file, closes: #303542
++ * fix type in sudoers man page, closes: #311244
++
++ -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
++
++sudo (1.6.8p9-2ubuntu2) breezy; urgency=low
++
++ * debian/init.d: When resetting the timestamps of the tty tags, actually
++ touch the files, not the per-user directories. Since bootclean.sh removes
++ /var/run/* anyway, this is no big deal, but clean it up anyway for the
++ sake of correctness. (Ubuntu #16594)
++
++ -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 30 Sep 2005 09:52:27 +0200
++
++sudo (1.6.8p9-2ubuntu1) breezy; urgency=low
++
++ * Resynchronise with Debian, resolve merging conflicts and unscramble
++ changelog.
++
++ -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 7 Jul 2005 09:01:48 +0000
++
++sudo (1.6.8p9-2) unstable; urgency=high
++
++ * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
++ closes: #305735
++
++ -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
++
++sudo (1.6.8p9-1) unstable; urgency=high
++
++ * new upstream version, fixes a race condition in sudo's pathname
++ validation, which is a security issue (CAN-2005-1993),
++ closes: #315115, #315718
++
++ -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
++
++sudo (1.6.8p7-1) unstable; urgency=low
++
++ * new upstream version, closes: #299585
++ * update lintian overrides to squelch the postinst warning
++ * change sudoedit from a hard to a soft link, closes: #296896
++ * fix regex doc in sudoers man page, closes: #300361
++
++ -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
++
++sudo (1.6.8p5-1ubuntu3) breezy; urgency=low
++
++ * SECURITY UPDATE: Fix privilege escalation.
++ * sudo.c, parse.yacc: safe_cmd contains the actually executed program which
++ is normally taken from /etc/sudoers. However, if sudoers contains "ALL"
++ entries that follow the matching entry, safe_cmd was overwritten with the
++ path the user specified on the command line, which opens up the
++ possibility of executing arbitrary commands by generating symlinks to
++ them.
++ * References:
++ CAN-2005-1993
++ http://www.securityfocus.com/archive/1/402741
++
++ -- Martin Pitt <martin.pitt@ubuntu.com> Tue, 21 Jun 2005 13:41:05 +0200
++
++sudo (1.6.8p5-1ubuntu2) hoary; urgency=low
++
++ * Add !fqdn to the Defaults so we don't die horribly when localhost doesn't
++ resolve (Ubuntu: 2772)
++
++ -- Thom May <thom@ubuntu.com> Wed, 2 Mar 2005 20:34:20 +0000
++
++sudo (1.6.8p5-1ubuntu1) hoary; urgency=low
++
++ * Resync with Debian
++
++ -- LaMont Jones <lamont@canonical.com> Mon, 6 Dec 2004 09:31:28 -0700
++
++sudo (1.6.8p5-1) unstable; urgency=high
++
++ * new upstream version
++ * restores ability to use config tuples without a value, which was causing
++ problems on upgrade closes: #283306
++ * deliver sudoedit, closes: #283078
++ * marking urgency high since 283306 is a serious upgrade incompatibility
++
++ -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
++
++sudo (1.6.8p3-2) unstable; urgency=high
++
++ * update pam.d deliverable so ldap works again, closes: #282191
++
++ -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
++
++sudo (1.6.8p3-1) unstable; urgency=high
++
++ * new upstream version, fixes a flaw in sudo's environment sanitizing that
++ could allow a malicious user with permission to run a shell script that
++ utilized the bash shell to run arbitrary commands, closes: #281665
++ * patch the sample sudoers to have the proper path for kill on Debian
++ systems, closes: #263486
++ * patch the sudo manpage to reflect Debian's choice of exempt_group
++ default setting, closes: #236465
++ * patch the sudo manpage to reflect Debian's choice of no timeout on the
++ password prompt, closes: #271194
++
++ -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
++
++sudo (1.6.7p5-2ubuntu2) hoary; urgency=low
++
++ * SECURITY UPDATE: fix input validation flaw
++ * env.c, rebuild_env(): skip variables with values beginnig with "()" to
++ ignore exported bash functions in the sudo environment; this prevents
++ introducing malicious functions with the name of commands that are
++ executed without full path
++ * References:
++ http://www.sudo.ws/sudo/alerts/bash_functions.html
++
++ -- Martin Pitt <martin.pitt@canonical.com> Wed, 17 Nov 2004 18:54:30 +0100
++
++sudo (1.6.7p5-2ubuntu1) hoary; urgency=low
++
++ * Resynchronise with Debian.
++
++ -- Scott James Remnant <scott@canonical.com> Wed, 27 Oct 2004 15:06:39 +0100
++
++sudo (1.6.7p5-2) unstable; urgency=low
++
++ * Jeff Bailey reports that seteuid works on current sparc systems, so we
++ no longer need the "grosshack" stuff in the sudo rules file
++ * add a postrm that removes /etc/sudoers on purge. don't do this with the
++ normal conffile mechanism since it would generate noise on every upgrade,
++ closes: #245405
++
++ -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
++
++sudo (1.6.7p5-1ubuntu4) warty; urgency=low
++
++ * Disable lecture by default. (Warty #987)
++
++ -- Thom May <thom@canonical.com> Wed, 6 Oct 2004 14:31:31 +0100
++
++sudo (1.6.7p5-1ubuntu3) warty; urgency=low
++
++ * Refuse to remove sudo if the root password is not set and the user is
++ running us via sudo
++
++ -- Thom May <thom@canonical.com> Mon, 27 Sep 2004 15:30:09 +0100
++
++sudo (1.6.7p5-1ubuntu2) warty; urgency=low
++
++ * Add 'Defaults !lecture,tty_tickets' to initial sudoers file.
++
++ -- Colin Watson <cjwatson@flatline.org.uk> Mon, 23 Aug 2004 21:03:15 +0100
++
++sudo (1.6.7p5-1ubuntu1) warty; urgency=low
++
++ * Remove /etc/sudoers on purge. (Closes: #245405)
++
++ -- Fabio M. Di Nitto <fabbione@fabbione.net> Mon, 19 Jul 2004 09:42:04 +0200
++
++sudo (1.6.7p5-1) unstable; urgency=low
++
++ * new upstream version, closes: #190265, #193222, #197244
++ * change from '.' to ':' in postinst chown call, closes: #208369
++
++ -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
++
++sudo (1.6.7p3-2) unstable; urgency=low
++
++ * add --disable-setresuid to configure call since 2.2 kernels don't support
++ setresgid, closes: #189044
++ * cosmetic cleanups to debian/rules as long as I'm there
++
++ -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
++
++sudo (1.6.7p3-1) unstable; urgency=low
++
++ * new upstream version
++ * add overrides to quiet lintian about things it doesn't understand,
++ except the source one that can't be overridden until 129510 is fixed
++
++ -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
++
++sudo (1.6.6-3) unstable; urgency=low
++
++ * add code to rules file to update config.sub/guess, closes: #164501
++
++ -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
++
++sudo (1.6.6-2) unstable; urgency=low
++
++ * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
++ configure, and lose the build dependency on mail-transport-agent
++ * incorporate changes from LaMont's NMU, closes: #144665, #144737
++ * update init.d to not try and set time on nonexistent timestamp files,
++ closes: #132616
++ * build with --with-all-insults, admin must edit sudoers to turn insults
++ on at runtime if desired, closes: #135374
++ * stop setting /usr/doc symlink in postinst
++
++ -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
++
++sudo (1.6.6-1.1) unstable; urgency=high
++
++ * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
++ * Revert patch to auth/pam.c that left pass uninitialized, causing a
++ segfault (Closes: #144665).
++
++ -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
++
++sudo (1.6.6-1) unstable; urgency=high
++
++ * new upstream version, fixes security problem with crafty prompts,
++ closes: #144540
++
++ -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
++
++sudo (1.6.5p1-4) unstable; urgency=high
++
++ * apply patch for auth/pam.c to fix yet another way to make sudo segfault
++ if ctrl/C'ed at password prompt, closes: #131235
++
++ -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
++
++sudo (1.6.5p1-3) unstable; urgency=high
++
++ * ugly hack to add --disable-saved-ids when building on sparc in response
++ to 131592, which will be reassigned to glibc for a real fix
++ * urgency high since the sudo currently in testing for sparc is worthless
++
++ -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
++
++sudo (1.6.5p1-2) unstable; urgency=high
++
++ * patch from upstream to fix seg faults caused by versions of pam that
++ follow a NULL pointer, closes: #129512
++
++ -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
++
++sudo (1.6.5p1-1) unstable; urgency=high
++
++ * new upstream version
++ * add --disable-root-mailer option supported by new version to configure
++ call in rules file, closes: #129648
++
++ -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
++
++sudo (1.6.4p1-1) unstable; urgency=high
++
++ * new upstream version, with fix for segfaulting problem in 1.6.4
++
++ -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
++
++sudo (1.6.4-1) unstable; urgency=high
++
++ * new upstream version, includes an important security fix, closes: #127576
++
++ -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
++
++sudo (1.6.3p7-5) unstable; urgency=low
++
++ * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
++ * fix spelling error in init.d, closes: #126847
++
++ -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
++
++sudo (1.6.3p7-4) unstable; urgency=medium
++
++ * use touch to set status files to an ancient date instead of removing them
++ outright on reboot. this achieves the desired effect of keeping elevated
++ privs from living across reboots, without forcing everyone to see the
++ new-sudo-user lecture after every reboot. pick a time that's 'old enough'
++ for systems with good clocks, and 'recent enough' that broken PC hardware
++ setting the clock to commonly-seen bogus dates trips over the "don't trust
++ future timestamps" rule. closes: #76529, #123559
++ * apply patch from Steve Langasek to fix seg faults due to interaction with
++ PAM code. upstream confirms the problem, and says they're fixing this
++ differently for their next release... but this should be useful in the
++ meantime, and would be good to get into woody. closes: #119147
++ * only run the init.d at boot, not on each runlevel change... and don't run
++ it during package configure. closes: #125935
++ * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
++
++ -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
++
++sudo (1.6.3p7-3) unstable; urgency=low
++
++ * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
++ resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
++ * fix a typo in the manpage, closes: #97368
++ * apply patch to configure.in and run autoconf to fix problem building on
++ the hurd, closes: #96325
++ * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
++ to not last across reboots, closes: #76529
++ * clean up lintian-noticed cosmetic packaging issues
++
++ -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
++
++sudo (1.6.3p7-2) unstable; urgency=low
++
++ * update config.sub/guess for hppa support
++
++ -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
++
++sudo (1.6.3p7-1) unstable; urgency=low
++
++ * new upstream version
++ * add build dependency on mail-transport-agent, closes: #90685
++
++ -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
++
++sudo (1.6.3p6-1) unstable; urgency=high
++
++ * new upstream version, fixes buffer overflow problem,
++ closes: #87259, #87278, #87263
++ * revert to using --with-secure-path option at build time, since the option
++ available in sudoers is parsed too late to be useful, and upstream says
++ it won't get fixed quickly. This reopens 85123, which I will mark as
++ forwarded. Closes: #86199, #86117, #85676
++
++ -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
++
++sudo (1.6.3p5-2) unstable; urgency=low
++
++ * lose the dh_suidregister call since it's obsolete
++ * stop using the --with-secure-path option at build time, and instead show
++ how to set it in sudoers. Closes: #85123
++ * freshen config.sub and config.guess for ia64 and hppa
++ * update sudoers man page to indicate exempt_group is on by default,
++ closes: #70847
++
++ -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
++
++sudo (1.6.3p5-1) unstable; urgency=low
++
++ * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
++ * this version restores core dumps before the exec, while leaving them
++ disabled during sudo's internal execution, closes: #58289
++ * update debhelper calls in rules file
++
++ -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
++
++sudo (1.6.2p2-1) frozen unstable; urgency=medium
++
++ * new upstream source resulting from direct collaboration with the upstream
++ author to fix ugly pam-related problems on Debian in 1.6.1 and later.
++ Closes: #56129, #55978, #55979, #56550, #56772
++ * include more upstream documentation, closes: #55054
++ * pam.d fragment update, closes: #56129
++
++ -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
++
++sudo (1.6.1-1) unstable; urgency=low
++
++ * new upstream source, closes: #52750
++
++ -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
++
++sudo (1.6-2) unstable; urgency=low
++
++ * drop suidregister support for this package. The sudo executable is
++ essentially worthless unless it is setuid root, and making suidregister
++ work involves shipping a non-setuid executable in the .deb and setting the
++ perms in the postinst. On a long upgrade run, this can leave the sudo
++ executable 'broken' for a long time, which is unacceptable. With this
++ version, we ship the executable setuid root in the .deb. Closes: #51742
++
++ -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
++
++sudo (1.6-1) unstable; urgency=low
++
++ * new upstream version, many options previously set at compile-time are now
++ configurable at runtime.
++ Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
++ * FHS support
++
++ -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
++
++sudo (1.5.9p4-1) unstable; urgency=low
++
++ * new upstream version, closes: #43464
++ * empty password handling was fixed in 1.5.8, closes: #31863
++
++ -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
++
++sudo (1.5.9p1-1) unstable; urgency=low
++
++ * new upstream version
++
++ -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
++
++sudo (1.5.8p1-1) unstable; urgency=medium
++
++ * new upstream version, closes 33690
++ * add dependency on libpam-modules, closes 34215, 33432
++
++ -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
++
++sudo (1.5.7p4-2) unstable; urgency=medium
++
++ * update the pam fragment provided so that sudo works with latest pam bits,
++ closes 33432
++
++ -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
++
++sudo (1.5.7p4-1) unstable; urgency=low
++
++ * new upstream release
++
++ -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
++
++sudo (1.5.6p5-1) unstable; urgency=low
++
++ * new upstream patch release
++ * add PAM support, closes 28594
++
++ -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
++
++sudo (1.5.6p2-2) unstable; urgency=low
++
++ * update copyright file, closes 24136
++ * review and close forwarded bugs believed fixed in this upstream version,
++ closes 17606, 15786.
++
++ -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
++
++sudo (1.5.6p2-1) unstable; urgency=low
++
++ * new upstream release
++
++ -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
++
++sudo (1.5.4-4) frozen unstable; urgency=low
++
++ * update postinst to use groupadd, closes 21403
++ * move the suidregister stuff earlier in postinst to ensure it always runs
++
++ -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
++
++sudo (1.5.4-3) frozen unstable; urgency=low
++
++ * change /etc/sudoers from a conffile to being handled in postinst,
++ closes 18219
++ * add suidmanager support, closes 15711
++ * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
++ unlikely to ever fix, and which just don't matter. closes 17146
++ * fix FSF address in copyright file, and submit exception for lintian
++ warning about sudo being setuid root
++
++ -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
++
++sudo (1.5.4-2) unstable; urgency=high
++
++ * patch from upstream author correcting/improving security fix
++
++ -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
++
++sudo (1.5.4-1) unstable; urgency=high
++
++ * new upstream version, includes a security fix
++ * change default editor from /bin/ae to /usr/bin/editor
++
++ -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
++
++sudo (1.5.3-1) unstable; urgency=medium
++
++ * new upstream version, closes bug 15911.
++ * rules file reworked to use debhelper
++ * implement a really gross hack to force use of the sudo-provided
++ lsearch(), since the one in libc6 is broken! This closes bugs
++ 12552, 12557, 14881, 15259, 15916.
++
++ -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
++
++sudo (1.5.2-6) unstable; urgency=LOW
++
++ * don't install INSTALL in the doc directory, closes bug 13195.
++
++ -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
++
++sudo (1.5.2-5) unstable; urgency=LOW
++
++ * libc6
++
++ -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
++
++sudo (1.5.2-4) unstable; urgency=LOW
++
++ * change TIMEOUT (how long before you have to type your password again)
++ to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
++ packages on slower machines much more tolerable. Closes bug 9076.
++ * touch debian/suid before debstd. Closes bug 8709.
++
++ -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
++
++sudo (1.5.2-3) frozen unstable; urgency=LOW
++
++ * patch from upstream maintainer to close Bug 6828
++ * add a debian/suid file to get debstd to leave my perl postinst alone
++
++ -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
++
++sudo (1.5.2-2) frozen unstable; urgency=LOW
++
++ * change rules to use -O2 -Wall as per standards
++
++ -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
++
++sudo (1.5.2-1) unstable; urgency=LOW
++
++ * new upstream version
++ * cosmetic changes to debian package control files
++
++ -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
++
++sudo (1.5-2) unstable; urgency=LOW
++
++ * add /usr/X11R6/bin to the end of the secure path... this makes it
++ much easier to run xmkmf, etc., during package builds. To the extent
++ that /usr/local/sbin and /usr/local/bin were already included, I see
++ no security reasons not to add this.
++
++ -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
++
++sudo (1.5-1) unstable; urgency=LOW
++
++ * New upstream version
++ * New maintainer
++ * New packaging format
++
++ -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
++
++Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
++
++ sudo (1.4.1-1):
++
++ * hard code SECURE_PATH to:
++ "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
++
++ * enable ENV_EDITOR
++
++ * enabled EXEMPTGROUP "sudo"
++
++ * moved timestamp dir to /var/log/sudo
++
++ * changed parser to check for long and short filenames (Bug#1162)
++
++Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
++
++ sudo (1.4.2-1):
++
++ * New upstream source
++
++ * Fixed postinst script
++ (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
++
++ * Removed special shadow binary. This version works with and without
++ shadow password file.
++
++Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
++
++ sudo (1.4.2-2):
++
++ * Corrected editor path to /bin/ae (Bug#3062)
++
++ * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
++
++Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
++
++ sudo (1.4.3-1):
++
++ * New upstream version
++
++ * Changed sudoers permission to 440 (owner root, group root) to make
++ sudo usable via NFS
++
++Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
++
++ sudo (1.4.3-2):
++
++ * Applied upstream patch 1
++
++Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
++
++ sudo (1.4.3-3):
++
++ * Applied upstream patch 2
++
++Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
++
++ sudo (1.4.3-4):
++
++ * Applied upstream patch 3 (fixes problems with an NFS-mounted
++ sudoers file)
++
++
++Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
++
++ sudo (1.4.3-5):
++
++ * Corrected postinst to use /usr/bin/perl instead of /bin/perl
++ [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
++
++Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
++
++ sudo (1.4.3-6):
++
++ * Applied upstream patch 4 (fixes several bugs)
++
++ * Changed priority to optional
++
++Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
++
++ sudo (1.4.3-7):
++
++ * Corrected postinst to create correct permission for /etc/sudoers
++ (Bug#3749)
++
++Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
++
++ sudo (1.4.4-1):
++
++ * New upstream version
++
++
++sudo (1.4.4-2) admin; urgency=HIGH
++
++ * Fixed major security bug reported by Peter Tobias
++ <tobias@et-inf.fho-emden.de>
++ * Added dchanges support to debian.rules
++
++sudo (1.4.5-1) admin; urgency=LOW
++
++ * New upstream version
++ * Minor changes to debian.rules
+--- sudo-1.6.8p12.orig/debian/sudo_root.8
++++ sudo-1.6.8p12/debian/sudo_root.8
+@@ -0,0 +1,135 @@
++.TH sudo_root 8 "February 8, 2006"
++
++.SH NAME
++sudo_root \- How to run administrative commands
++
++.SH SYNOPSIS
++
++.B sudo
++.I command
++
++.B sudo \-i
++
++.SH INTRODUCTION
++
++By default, the password for the user "root" (the system
++administrator) is locked. This means you cannot login as root or use
++su. Instead, the installer will set up sudo to allow the user that is
++created during install to run all administrative commands.
++
++This means that in the terminal you can use sudo for commands that
++require root privileges. All programs in the menu will use a graphical
++sudo to prompt for a password. When sudo asks for a password, it needs
++.B your password,
++this means that a root password is not needed.
++
++To run a command which requires root privileges in a terminal, simply
++prepend
++.B sudo
++in front of it. To get an interactive root shell, use
++.B sudo \-i\fR.
++
++.SH ALLOWING OTHER USERS TO RUN SUDO
++
++By default, only the user who installed the system is permitted to run
++sudo. To add more administrators, i. e. users who can run sudo, you
++have to add these users to the group 'admin' by doing one of the
++following steps:
++
++.IP * 2
++In a shell, do
++
++.RS 4
++.B sudo adduser
++.I username
++.B admin
++.RE
++
++.IP * 2
++Use the graphical "Users & Groups" program in the "System settings"
++menu to add the new user to the
++.B admin
++group.
++
++.SH BENEFITS OF USING SUDO
++
++The benefits of leaving root disabled by default include the following:
++
++.IP * 2
++Users do not have to remember an extra password, which they are likely to forget.
++.IP * 2
++The installer is able to ask fewer questions.
++.IP * 2
++It avoids the "I can do anything" interactive login by default \- you
++will be prompted for a password before major changes can happen, which
++should make you think about the consequences of what you are doing.
++.IP * 2
++Sudo adds a log entry of the command(s) run (in \fB/var/log/auth.log\fR).
++.IP * 2
++Every attacker trying to brute\-force their way into your box will
++know it has an account named root and will try that first. What they
++do not know is what the usernames of your other users are.
++.IP * 2
++Allows easy transfer for admin rights, in a short term or long term
++period, by adding and removing users from the admin group, while not
++compromising the root account.
++.IP * 2
++sudo can be set up with a much more fine\-grained security policy.
++
++.SH DOWNSIDES OF USING SUDO
++
++Although for desktops the benefits of using sudo are great, there are
++possible issues which need to be noted:
++
++.IP * 2
++Redirecting the output of commands run with sudo can be confusing at
++first. For instance consider
++
++.RS 4
++.B sudo ls > /root/somefile
++.RE
++
++.RS 2
++will not work since it is the shell that tries to write to that file. You can use
++.RE
++
++.RS 4
++.B ls | sudo tee /root/somefile
++.RE
++
++.RS 2
++to get the behaviour you want.
++.RE
++
++.IP * 2
++In a lot of office environments the ONLY local user on a system is
++root. All other users are imported using NSS techniques such as
++nss\-ldap. To setup a workstation, or fix it, in the case of a network
++failure where nss\-ldap is broken, root is required. This tends to
++leave the system unusable. An extra local user, or an enabled root
++password is needed here.
++
++.SH GOING BACK TO A TRADITIONAL ROOT ACCOUNT
++
++.B This is not recommended!
++
++To enable the root account (i.e. set a password) use:
++
++.RS 4
++.B sudo passwd root
++.RE
++
++Afterwards, edit
++.B /etc/sudoers
++and comment out the line
++
++.RS 4
++%admin ALL=(ALL) ALL
++.RE
++
++to disable sudo access to members of the admin group.
++
++.SH SEE ALSO
++.BR sudo (8),
++.B https://wiki.ubuntu.com/RootSudo
++
+--- sudo-1.6.8p12.orig/debian/sudo-ldap.postinst
++++ sudo-1.6.8p12/debian/sudo-ldap.postinst
+@@ -0,0 +1,62 @@
++#!/usr/bin/perl
++
++# remove old link
++
++unlink ("/etc/alternatives/sudo") if ( -l "/etc/alternatives/sudo");
++
++# make sure we have a sudoers file
++if ( ! -f "/etc/sudoers") {
++
++ print "No /etc/sudoers found... creating one for you.\n";
++
++ open (SUDOERS, "> /etc/sudoers");
++ print SUDOERS "# /etc/sudoers\n",
++ "#\n",
++ "# This file MUST be edited with the 'visudo' command as root.\n",
++ "#\n",
++ "# See the man page for details on how to write a sudoers file.\n",
++ "#\n\nDefaults\tenv_reset\n\n",
++ "# Host alias specification\n\n",
++ "# User alias specification\n\n",
++ "# Cmnd alias specification\n\n",
++ "# User privilege specification\nroot\tALL=(ALL) ALL\n";
++ close SUDOERS;
++
++}
++
++# make sure sudoers has the correct permissions and owner/group
++system ('chown root:root /etc/sudoers');
++system ('chmod 440 /etc/sudoers');
++
++# must do a remove first to un-do the "bad" links created by previous version
++system ('update-rc.d -f sudo remove >/dev/null 2>&1');
++
++#system ('update-rc.d sudo start 75 S . >/dev/null');
++
++# make sure we have a sudo group
++
++exit 0 if getgrnam("sudo"); # we're finished if there is a group sudo
++
++$gid = 27; # start searcg with gid 27
++setgrent;
++while (getgrgid($gid)) {
++ ++$gid;
++}
++endgrent;
++
++if ($gid != 27) {
++ print "On Debian we normally use gid 27 for 'sudo'.\n";
++ $gname = getgrgid(27);
++ print "However, on your system gid 27 is group '$gname'.\n\n";
++ print "Would you like me to stop configuring sudo so that you can change this? [n] ";
++ $ans = <STDIN>;
++ if ($ans =~ m/^[yY].*/) {
++ print "'dpkg --pending --configure' will restart the configuration.\n\n\n";
++ exit 1;
++ }
++}
++
++print "Creating group 'sudo' with gid = $gid\n";
++system("groupadd -g $gid sudo");
++
++print "";
+--- sudo-1.6.8p12.orig/debian/sudo.lintian
++++ sudo-1.6.8p12/debian/sudo.lintian
+@@ -0,0 +1,3 @@
++sudo: setuid-binary usr/bin/sudo 4755 root/root
++sudo: postrm-contains-additional-updaterc.d-calls /etc/init.d/sudo
++sudo: script-in-etc-init.d-not-registered-via-update-rc.d /etc/init.d/sudo
+--- sudo-1.6.8p12.orig/debian/postinst
++++ sudo-1.6.8p12/debian/postinst
+@@ -0,0 +1,62 @@
++#!/usr/bin/perl
++
++# remove old link
++
++unlink ("/etc/alternatives/sudo") if ( -l "/etc/alternatives/sudo");
++
++# make sure we have a sudoers file
++if ( ! -f "/etc/sudoers") {
++
++ print "No /etc/sudoers found... creating one for you.\n";
++
++ open (SUDOERS, "> /etc/sudoers");
++ print SUDOERS "# /etc/sudoers\n",
++ "#\n",
++ "# This file MUST be edited with the 'visudo' command as root.\n",
++ "#\n",
++ "# See the man page for details on how to write a sudoers file.\n",
++ "# Host alias specification\n\n",
++ "# User alias specification\n\n",
++ "# Cmnd alias specification\n\n",
++ "# Defaults\n\nDefaults\t!lecture,tty_tickets,!fqdn\n\n",
++ "# User privilege specification\nroot\tALL=(ALL) ALL\n";
++ close SUDOERS;
++
++}
++
++# make sure sudoers has the correct permissions and owner/group
++system ('chown root:root /etc/sudoers');
++system ('chmod 440 /etc/sudoers');
++
++# must do a remove first to un-do the "bad" links created by previous version
++system ('update-rc.d -f sudo remove >/dev/null 2>&1');
++
++#system ('update-rc.d sudo start 75 S . >/dev/null');
++
++# make sure we have a sudo group
++
++exit 0 if getgrnam("sudo"); # we're finished if there is a group sudo
++
++$gid = 27; # start searcg with gid 27
++setgrent;
++while (getgrgid($gid)) {
++ ++$gid;
++}
++endgrent;
++
++if ($gid != 27) {
++ print "On Debian we normally use gid 27 for 'sudo'.\n";
++ $gname = getgrgid(27);
++ print "However, on your system gid 27 is group '$gname'.\n\n";
++ print "Would you like me to stop configuring sudo so that you can change this? [n] ";
++ $ans = <STDIN>;
++ if ($ans =~ m/^[yY].*/) {
++ print "'dpkg --pending --configure' will restart the configuration.\n\n\n";
++ exit 1;
++ }
++}
++
++print "Creating group 'sudo' with gid = $gid\n";
++system("groupadd -g $gid sudo");
++
++print "";
+--- sudo-1.6.8p12.orig/debian/compat
++++ sudo-1.6.8p12/debian/compat
+@@ -0,0 +1 @@
++4
+--- sudo-1.6.8p12.orig/debian/init.d
++++ sudo-1.6.8p12/debian/init.d
+@@ -0,0 +1,31 @@
++#! /bin/sh
++
++### BEGIN INIT INFO
++# Provides: sudu
++# Required-Start: $local_fs $remote_fs
++# Required-Stop:
++# Default-Start: S 1 2 3 4 5
++# Default-Stop: 0 6
++### END INIT INFO
++
++N=/etc/init.d/sudo
++
++set -e
++
++case "$1" in
++ start)
++ # make sure privileges don't persist across reboots
++ if [ -d /var/run/sudo ]
++ then
++ find /var/run/sudo -type f -exec touch -t 198501010000 '{}' \;
++ fi
++ ;;
++ stop|reload|restart|force-reload)
++ ;;
++ *)
++ echo "Usage: $N {start|stop|restart|force-reload}" >&2
++ exit 1
++ ;;
++esac
++
++exit 0
+--- sudo-1.6.8p12.orig/debian/sudo-ldap.lintian
++++ sudo-1.6.8p12/debian/sudo-ldap.lintian
+@@ -0,0 +1,3 @@
++sudo-ldap: setuid-binary usr/bin/sudo 4755 root/root
++sudo-ldap: postrm-contains-additional-updaterc.d-calls /etc/init.d/sudo-ldap
++sudo-ldap: script-in-etc-init.d-not-registered-via-update-rc.d /etc/init.d/sudo-ldap
+--- sudo-1.6.8p12.orig/debian/sudo-ldap.dirs
++++ sudo-1.6.8p12/debian/sudo-ldap.dirs
+@@ -0,0 +1,7 @@
++etc/pam.d
++usr/bin
++usr/share/man/man8
++usr/share/man/man5
++usr/sbin
++usr/share/doc/sudo-ldap/examples
++usr/share/lintian/overrides
+--- sudo-1.6.8p12.orig/debian/sudo-ldap.docs
++++ sudo-1.6.8p12/debian/sudo-ldap.docs
+@@ -0,0 +1,11 @@
++debian/OPTIONS
++BUGS
++RUNSON
++UPGRADE
++PORTING
++TODO
++HISTORY
++README
++README.LDAP
++TROUBLESHOOTING
++sudoers2ldif
+--- sudo-1.6.8p12.orig/debian/postrm
++++ sudo-1.6.8p12/debian/postrm
+@@ -0,0 +1,21 @@
++#! /bin/sh
++
++set -e
++
++case "$1" in
++ purge)
++ rm -f /etc/sudoers
++ ;;
++
++ remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
++ ;;
++
++ *)
++ echo "postrm called with unknown argument \`$1'" >&2
++ exit 1
++
++esac
++
++#DEBHELPER#
++
++exit 0
+--- sudo-1.6.8p12.orig/debian/OPTIONS
++++ sudo-1.6.8p12/debian/OPTIONS
+@@ -0,0 +1,61 @@
++The following options were used to configure sudo for Debian GNU/Linux.
++
++ --with-exempt=sudo
++
++ Any user in group 'sudo' will not need to type their password. It
++ is strongly recommended that no users be put in group sudo, and that
++ instead the NOPASSWD option in the sudoers file be used if desired.
++
++ --with-pam
++
++ Support for pluggable authentication modules.
++
++ --with-ldap
++
++ Support for LDAP authentication.
++
++ --with-fqdn
++
++ Allow use of fully qualified domain names in the sudoers file.
++
++ --disable-root-mailer
++
++ Send mail as the invoking user, not as root.
++
++ --with-logging=syslog
++ --with-logfac=authpriv
++
++ Where logging information goes.
++
++ --with-env-editor
++ --with-editor=/usr/bin/editor
++
++ Honor the EDITOR and VISUAL environment variables. If they are not
++ present, default to the Debian default system editor.
++
++ --with-timeout=15
++ --with-password-timeout=0
++
++ Allow 15 minutes before a user has to re-type their passord, versus
++ the sudo usual default of 5. Never time out while waiting for a
++ password to be typed, this is a seriously big deal for Debian package
++ developers using 'dpkg-buildpackage -rsudo'.
++
++ --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:\
++ /sbin:/bin:/usr/X11R6/bin"
++
++ Give a reasonable default path for commands run as root via sudo.
++
++ --with-all-insults
++
++ Include all the insults in the binary, won't be enabled unless turned
++ on in the sudoers file.
++
++ --with-sendmail=/usr/sbin/sendmail
++
++ Use Debian policy to know the location of sendmail instead of trying
++ to detect it at build time.
++
++ --disable-setresuid
++
++ Linux 2.2 kernels don't support setresgid.
+--- sudo-1.6.8p12.orig/debian/copyright
++++ sudo-1.6.8p12/debian/copyright
+@@ -0,0 +1,72 @@
++This is the Debian GNU/Linux prepackaged version of sudo. sudo is
++used to provide limited super user privileges to specific users.
++
++This package was put together by Bdale Garbee <bdale@gag.com> using sources
++from
++ ftp://ftp.cs.colorado.edu/pub/sudo/
++
++Sudo is distributed under the following BSD-style license:
++
++ Copyright (c) 1994-1996,1998-2002 Todd C. Miller <Todd.Miller@courtesan.com>
++ All rights reserved.
++
++ Redistribution and use in source and binary forms, with or without
++ modification, are permitted provided that the following conditions
++ are met:
++
++ 1. Redistributions of source code must retain the above copyright
++ notice, this list of conditions and the following disclaimer.
++
++ 2. Redistributions in binary form must reproduce the above copyright
++ notice, this list of conditions and the following disclaimer in the
++ documentation and/or other materials provided with the distribution.
++
++ 3. The name of the author may not be used to endorse or promote products
++ derived from this software without specific prior written permission
++ from the author.
++
++ 4. Products derived from this software may not be called "Sudo" nor
++ may "Sudo" appear in their names without specific prior written
++ permission from the author.
++
++ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
++ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
++ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
++ THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
++ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
++ PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
++ OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
++ WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
++ OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
++ ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++
++
++Additionally, lsearch.c, fnmatch.c, getcwd.c, snprintf.c, strcasecmp.c
++and fnmatch.3 bear the following UCB license:
++
++ Copyright (c) 1987, 1989, 1990, 1991, 1993, 1994
++ The Regents of the University of California. All rights reserved.
++
++ Redistribution and use in source and binary forms, with or without
++ modification, are permitted provided that the following conditions
++ are met:
++ 1. Redistributions of source code must retain the above copyright
++ notice, this list of conditions and the following disclaimer.
++ 2. Redistributions in binary form must reproduce the above copyright
++ notice, this list of conditions and the following disclaimer in the
++ documentation and/or other materials provided with the distribution.
++ 3. Neither the name of the University nor the names of its contributors
++ may be used to endorse or promote products derived from this software
++ without specific prior written permission.
++
++ THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
++ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
++ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ SUCH DAMAGE.
+--- sudo-1.6.8p12.orig/debian/sudo.pam
++++ sudo-1.6.8p12/debian/sudo.pam
+@@ -0,0 +1,4 @@
++#%PAM-1.0
++
++@include common-auth
++@include common-account
+--- sudo-1.6.8p12.orig/debian/source.lintian-overrides
++++ sudo-1.6.8p12/debian/source.lintian-overrides
+@@ -0,0 +1 @@
++sudo source: maintainer-script-lacks-debhelper-token debian/postinst
+--- sudo-1.6.8p12.orig/sample.sudoers
++++ sudo-1.6.8p12/sample.sudoers
+@@ -35,16 +35,16 @@
+ # Cmnd alias specification
+ ##
+ Cmnd_Alias DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \
+- /usr/sbin/rrestore, /usr/bin/mt
+-Cmnd_Alias KILL = /usr/bin/kill
++ /usr/sbin/rrestore, /bin/mt
++Cmnd_Alias KILL = /bin/kill
+ Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
+-Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
+-Cmnd_Alias HALT = /usr/sbin/halt
+-Cmnd_Alias REBOOT = /usr/sbin/reboot
+-Cmnd_Alias SHELLS = /sbin/sh, /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
+- /usr/local/bin/tcsh, /usr/bin/rsh, \
+- /usr/local/bin/zsh
+-Cmnd_Alias SU = /usr/bin/su
++Cmnd_Alias SHUTDOWN = /sbin/shutdown
++Cmnd_Alias HALT = /sbin/halt
++Cmnd_Alias REBOOT = /sbin/reboot
++Cmnd_Alias SHELLS = /sbin/sh, /bin/sh, /bin/csh, /usr/bin/ksh, \
++ /usr/bin/tcsh, /usr/bin/rsh, \
++ /usr/bin/zsh
++Cmnd_Alias SU = /bin/su
+ Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \
+ /usr/bin/chfn
+
+@@ -82,7 +82,7 @@
+ sudoedit /etc/printcap, /usr/oper/bin/
+
+ # joe may su only to operator
+-joe ALL = /usr/bin/su operator
++joe ALL = /bin/su operator
+
+ # pete may change passwords for anyone but root on the hp snakes
+ pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
+@@ -96,13 +96,13 @@
+
+ # users in the secretaries netgroup need to help manage the printers
+ # as well as add and remove users
+-+secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
+++secretaries ALL = PRINTING, /usr/sbin/adduser, /usr/bin/rmuser
+
+ # fred can run commands as oracle or sybase without a password
+ fred ALL = (DB) NOPASSWD: ALL
+
+ # on the alphas, john may su to anyone but root and flags are not allowed
+-john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
++john ALPHA = /bin/su [!-]*, !/bin/su *root*
+
+ # jen can run anything on all machines except the ones
+ # in the "SERVERS" Host_Alias
+--- sudo-1.6.8p12.orig/sudo.tab.c
++++ sudo-1.6.8p12/sudo.tab.c
+@@ -138,6 +138,7 @@
+ } \
+ match[top].user = UNSPEC; \
+ match[top].cmnd = UNSPEC; \
++ match[top].cmndall= UNSPEC; \
+ match[top].host = UNSPEC; \
+ match[top].runas = UNSPEC; \
+ match[top].nopass = def_authenticate ? UNSPEC : TRUE; \
+@@ -153,6 +154,7 @@
+ } \
+ match[top].user = match[top-1].user; \
+ match[top].cmnd = match[top-1].cmnd; \
++ match[top].cmndall= match[top-1].cmndall; \
+ match[top].host = match[top-1].host; \
+ match[top].runas = match[top-1].runas; \
+ match[top].nopass = match[top-1].nopass; \
+@@ -1739,6 +1741,7 @@
+ }
+ }
+
++ SETMATCH(cmnd_all, TRUE);
+ yyval.BOOLEAN = TRUE;
+ }
+ break;
+@@ -1769,6 +1772,7 @@
+ YYERROR;
+ }
+ }
++ SETMATCH(cmnd_all, FALSE);
+ yyval.BOOLEAN = NOMATCH;
+ }
+ free(yyvsp[0].string);
+@@ -1800,6 +1804,7 @@
+ free(yyvsp[0].command.cmnd);
+ if (yyvsp[0].command.args)
+ free(yyvsp[0].command.args);
++ SETMATCH(cmnd_all, FALSE);
+ }
+ break;
+ case 65:
+--- sudo-1.6.8p12.orig/ldap.c
++++ sudo-1.6.8p12/ldap.c
+@@ -256,9 +256,10 @@
+ * Walks through search result and returns true if we have a
+ * command match
+ */
+-int sudo_ldap_check_command(ld,entry)
++int sudo_ldap_check_command(ld,entry,all)
+ LDAP *ld;
+ LDAPMessage *entry;
++ int* all;
+ {
+ char **v=NULL;
+ char **p=NULL;
+@@ -267,6 +268,8 @@
+ int ret=0;
+ int foundbang;
+
++ *all=0;
++
+ if (!entry) return ret;
+
+ v=ldap_get_values(ld,entry,"sudoCommand");
+@@ -277,6 +280,7 @@
+
+ /* Match against ALL ? */
+ if (!strcasecmp(*p,"ALL")) {
++ *all=1;
+ ret=1;
+ if (ldap_conf.debug>1) printf(" MATCH!\n");
+ continue;
+@@ -711,6 +715,7 @@
+ /* flags */
+ int ldap_user_matches=0;
+ int ldap_host_matches=0;
++ int command_all=0;
+
+ if (!sudo_ldap_read_config()) return VALIDATE_ERROR;
+
+@@ -896,7 +901,7 @@
+ /* add matches for listing later */
+ sudo_ldap_add_match(ld,entry) &&
+ /* verify command match */
+- sudo_ldap_check_command(ld,entry) &&
++ sudo_ldap_check_command(ld,entry,&command_all) &&
+ /* verify runas match */
+ sudo_ldap_check_runas(ld,entry)
+ )
+@@ -907,6 +912,7 @@
+ sudo_ldap_parse_options(ld,entry);
+ /* make sure we dont reenter loop */
+ ret=VALIDATE_OK;
++ if(command_all) SET(ret,FLAG_CMND_ALL);
+ /* break from inside for loop */
+ break;
+ }
+--- sudo-1.6.8p12.orig/sudo.c
++++ sudo-1.6.8p12/sudo.c
+@@ -106,10 +106,11 @@
+ static void set_loginclass __P((struct passwd *));
+ static void usage __P((int));
+ static void usage_excl __P((int));
++static void create_admin_success_flag __P((void));
+ static struct passwd *get_authpw __P((void));
+ extern int sudo_edit __P((int, char **));
+ extern void list_matches __P((void));
+-extern char **rebuild_env __P((char **, int, int));
++extern char **rebuild_env __P((char **, int, int, int));
+ extern char **zero_env __P((char **));
+ extern struct passwd *sudo_getpwnam __P((const char *));
+ extern struct passwd *sudo_getpwuid __P((uid_t));
+@@ -368,11 +369,15 @@
+
+ /* Build a new environment that avoids any nasty bits if we have a cmnd. */
+ if (ISSET(sudo_mode, MODE_RUN))
+- new_environ = rebuild_env(envp, sudo_mode, ISSET(validated, FLAG_NOEXEC));
++ new_environ = rebuild_env(envp, sudo_mode, ISSET(validated, FLAG_NOEXEC), ISSET(validated, FLAG_CMND_ALL));
+ else
+ new_environ = envp;
+
+ if (ISSET(validated, VALIDATE_OK)) {
++ /* If the user is in the admin group, create a dotfile to signal that
++ * sudo was executed successfully. */
++ create_admin_success_flag();
++
+ /* Finally tell the user if the command did not exist. */
+ if (cmnd_status == NOT_FOUND_DOT) {
+ warnx("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.", user_cmnd, user_cmnd, user_cmnd);
+@@ -1156,3 +1161,46 @@
+ putchar('\n');
+ exit(exit_val);
+ }
++
++static void create_admin_success_flag(void)
++{
++ struct group* admin;
++ char** g;
++ int is_admin;
++ char flagfile[PATH_MAX];
++ int f;
++
++ if (!sudo_user.pw || !sudo_user.pw->pw_name || !sudo_user.pw->pw_dir)
++ return;
++
++ /* check whether the user is in the admin group */
++ admin = getgrnam("admin");
++ if (!admin || !admin->gr_mem)
++ return;
++ is_admin = 0;
++ for (g = admin->gr_mem; *g; ++g) {
++ if (!strcmp(*g, sudo_user.pw->pw_name)) {
++ is_admin = 1;
++ break;
++ }
++ }
++ if (!is_admin)
++ return;
++
++ /* build path to flag file */
++ snprintf(flagfile, sizeof(flagfile), "%s/.sudo_as_admin_successful",
++ sudo_user.pw->pw_dir);
++ if (strlen(flagfile) >= sizeof(flagfile)-1)
++ return;
++
++ /* do nothing if the file already exists */
++ if (!access(flagfile, F_OK))
++ return;
++
++ /* create file */
++ f = open(flagfile, O_CREAT|O_WRONLY|O_EXCL, 0644);
++ if(f >= 0) {
++ fchown(f, sudo_user.pw->pw_uid, sudo_user.pw->pw_gid);
++ close(f);
++ }
++}
+--- sudo-1.6.8p12.orig/sudo.h
++++ sudo-1.6.8p12/sudo.h
+@@ -65,6 +65,7 @@
+ #define FLAG_NO_HOST 0x080
+ #define FLAG_NO_CHECK 0x100
+ #define FLAG_NOEXEC 0x200
++#define FLAG_CMND_ALL 0x400
+
+ /*
+ * Pseudo-boolean values
+--- sudo-1.6.8p12.orig/parse.c
++++ sudo-1.6.8p12/parse.c
+@@ -200,7 +200,8 @@
+ set_perms(PERM_ROOT);
+ return(VALIDATE_OK |
+ (no_passwd == TRUE ? FLAG_NOPASS : 0) |
+- (no_execve == TRUE ? FLAG_NOEXEC : 0));
++ (no_execve == TRUE ? FLAG_NOEXEC : 0) |
++ (cmnd_all == TRUE ? FLAG_CMND_ALL : 0));
+ } else if ((runas_matches == TRUE && cmnd_matches == FALSE) ||
+ (runas_matches == FALSE && cmnd_matches == TRUE)) {
+ /*
+--- sudo-1.6.8p12.orig/parse.h
++++ sudo-1.6.8p12/parse.h
+@@ -29,6 +29,7 @@
+ struct matchstack {
+ int user;
+ int cmnd;
++ int cmndall;
+ int host;
+ int runas;
+ int nopass;
+@@ -46,6 +47,7 @@
+
+ #define user_matches (match[top-1].user)
+ #define cmnd_matches (match[top-1].cmnd)
++#define cmnd_all (match[top-1].cmndall)
+ #define host_matches (match[top-1].host)
+ #define runas_matches (match[top-1].runas)
+ #define no_passwd (match[top-1].nopass)