--- sudo-1.6.8p12.orig/sudoers.man.in
+++ sudo-1.6.8p12/sudoers.man.in
@@ -759,7 +759,7 @@
 .IP "exempt_group" 12
 .IX Item "exempt_group"
 Users in this group are exempt from password and \s-1PATH\s0 requirements.
-This is not set by default.
+On Debian systems, this is set to the group 'sudo' by default. 
 .IP "verifypw" 12
 .IX Item "verifypw"
 This option controls when a password will be required when a user runs
--- sudo-1.6.8p12.orig/sudo.man.in
+++ sudo-1.6.8p12/sudo.man.in
@@ -185,8 +185,7 @@
 \&\fBsudo\fR determines who is an authorized user by consulting the file
 \&\fI@sysconfdir@/sudoers\fR.  By giving \fBsudo\fR the \fB\-v\fR flag a user
 can update the time stamp without running a \fIcommand.\fR The password
-prompt itself will also time out if the user's password is not
-entered within \f(CW\*(C`@password_timeout@\*(C'\fR minutes (unless overridden via
+prompt itself will not time out in Debian's version (unless overridden via
 \&\fIsudoers\fR).
 .PP
 If a user who is not listed in the \fIsudoers\fR file tries to run a
--- sudo-1.6.8p12.orig/parse.yacc
+++ sudo-1.6.8p12/parse.yacc
@@ -120,6 +120,7 @@
 	} \
 	match[top].user   = UNSPEC; \
 	match[top].cmnd   = UNSPEC; \
+	match[top].cmndall= UNSPEC; \
 	match[top].host   = UNSPEC; \
 	match[top].runas  = UNSPEC; \
 	match[top].nopass = def_authenticate ? UNSPEC : TRUE; \
@@ -135,6 +136,7 @@
 	} \
 	match[top].user   = match[top-1].user; \
 	match[top].cmnd   = match[top-1].cmnd; \
+	match[top].cmndall= match[top-1].cmndall; \
 	match[top].host   = match[top-1].host; \
 	match[top].runas  = match[top-1].runas; \
 	match[top].nopass = match[top-1].nopass; \
@@ -675,6 +677,7 @@
 				}
 			    }
 
+			    SETMATCH(cmnd_all, TRUE);
 			    $$ = TRUE;
 			}
 		|	ALIAS {
@@ -705,6 +708,7 @@
 				$$ = NOMATCH;
 			    }
 			    free($1);
+			    SETMATCH(cmnd_all, FALSE);
 			}
 		|	 COMMAND {
 			    if (printmatches == TRUE) {
@@ -730,6 +734,7 @@
 			    free($1.cmnd);
 			    if ($1.args)
 				free($1.args);
+			    SETMATCH(cmnd_all, FALSE);
 			}
 		;
 
--- sudo-1.6.8p12.orig/env.c
+++ sudo-1.6.8p12/env.c
@@ -77,7 +77,7 @@
 /*
  * Prototypes
  */
-char **rebuild_env		__P((char **, int, int));
+char **rebuild_env		__P((char **, int, int, int));
 char **zero_env			__P((char **));
 static void insert_env		__P((char *, int));
 static char *format_env		__P((char *, ...));
@@ -89,6 +89,8 @@
 static const char *initial_badenv_table[] = {
     "IFS",
     "CDPATH",
+    "SHELLOPTS",
+    "PS4",
     "LOCALDOMAIN",
     "RES_OPTIONS",
     "HOSTALIASES",
@@ -140,6 +142,12 @@
     "LC_*",
     "LANG",
     "LANGUAGE",
+    "TERM",
+    "HOME",
+    "LOGNAME",
+    "DISPLAY",
+    "XAUTHORITY",
+    "XAUTHORIZATION",
     NULL
 };
 
@@ -321,10 +329,11 @@
  * Also adds sudo-specific variables (SUDO_*).
  */
 char **
-rebuild_env(envp, sudo_mode, noexec)
+rebuild_env(envp, sudo_mode, noexec, noclean)
     char **envp;
     int sudo_mode;
     int noexec;
+    int noclean;
 {
     char **ep, *cp, *ps1;
     int okvar, iswild, didvar;
@@ -429,7 +438,7 @@
 	 * env_check.
 	 */
 	for (ep = envp; *ep; ep++) {
-	    okvar = 1;
+	    okvar = noclean;
 
 	    /* Skip variables with values beginning with () (bash functions) */
 	    if ((cp = strchr(*ep, '=')) != NULL) {
@@ -438,6 +447,7 @@
 	    }
 
 	    /* Skip anything listed in env_delete. */
+#if 0
 	    for (cur = def_env_delete; cur && okvar; cur = cur->next) {
 		len = strlen(cur->value);
 		/* Deal with '*' wildcard */
@@ -451,9 +461,10 @@
 		    okvar = 0;
 		}
 	    }
+#endif
 
 	    /* Check certain variables for '%' and '/' characters. */
-	    for (cur = def_env_check; cur && okvar; cur = cur->next) {
+	    for (cur = def_env_check; cur; cur = cur->next) {
 		len = strlen(cur->value);
 		/* Deal with '*' wildcard */
 		if (cur->value[len - 1] == '*') {
@@ -463,8 +474,24 @@
 		    iswild = 0;
 		if (strncmp(cur->value, *ep, len) == 0 &&
 		    (iswild || (*ep)[len] == '=') &&
-		    strpbrk(*ep, "/%")) {
-		    okvar = 0;
+		    strpbrk(*ep, "/%") == NULL) {
+		    okvar = 1;
+		}
+	    }
+
+	    /* keep variables in env_keep */
+	    for (cur = def_env_keep; cur; cur = cur->next) {
+		len = strlen(cur->value);
+		/* Deal with '*' wildcard */
+		if (cur->value[len - 1] == '*') {
+		    len--;
+		    iswild = 1;
+		} else
+		    iswild = 0;
+		if (strncmp(cur->value, *ep, len) == 0 &&
+		    (iswild || (*ep)[len] == '=')) {
+		    okvar = 1;
+		    break;
 		}
 	    }
 
--- sudo-1.6.8p12.orig/sudoers.pod
+++ sudo-1.6.8p12/sudoers.pod
@@ -93,7 +93,7 @@
 
  Cmnd_Alias ::= NAME '=' Cmnd_List
 
- NAME ::= [A-Z]([A-Z][0-9]_)*
+ NAME ::= [A-Z]([a-z][A-Z][0-9]_)*
 
 Each I<alias> definition is of the form
 
@@ -568,7 +568,7 @@
 
 =item C<%%>
 
-two consecutive C<%> characters are collaped into a single C<%> character
+two consecutive C<%> characters are collapsed into a single C<%> character
 
 =back
 
@@ -669,8 +669,8 @@
 
 =item exempt_group
 
-Users in this group are exempt from password and PATH requirements.
-This is not set by default.
+Users in this group are exempt from password and PATH requirements.  This
+option is turned on for Debian.
 
 =item verifypw
 
--- sudo-1.6.8p12.orig/ins_classic.h
+++ sudo-1.6.8p12/ins_classic.h
@@ -32,7 +32,7 @@
     "Where did you learn to type?",
     "Are you on drugs?",
     "My pet ferret can type better than you!",
-    "You type like i drive.",
+    "You type like I drive.",
     "Do you think like you type?",
     "Your mind just hasn't been the same since the electro-shock, has it?",
 
--- sudo-1.6.8p12.orig/config.guess
+++ sudo-1.6.8p12/config.guess
@@ -1,11 +1,9 @@
 #! /bin/sh
 # Attempt to guess a canonical system name.
 #   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-#   2000, 2001, 2002 Free Software Foundation, Inc.
-#
-# $Sudo: config.guess,v 1.10 2004/08/09 23:04:35 millert Exp $
+#   2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
 
-timestamp='2002-11-30'
+timestamp='2005-08-03'
 
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@@ -19,13 +17,15 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
 #
 # As a special exception to the GNU General Public License, if you
 # distribute this file as part of a program that contains a
 # configuration script generated by Autoconf, you may include it under
 # the same distribution terms that you use for the rest of that program.
 
+
 # Originally written by Per Bothner <per@bothner.com>.
 # Please send patches to <config-patches@gnu.org>.  Submit a context
 # diff and a properly formatted ChangeLog entry.
@@ -55,7 +55,7 @@
 GNU config.guess ($timestamp)
 
 Originally written by Per Bothner.
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
 Free Software Foundation, Inc.
 
 This is free software; see the source for copying conditions.  There is NO
@@ -68,11 +68,11 @@
 while test $# -gt 0 ; do
   case $1 in
     --time-stamp | --time* | -t )
-       echo "$timestamp" ; exit 0 ;;
+       echo "$timestamp" ; exit ;;
     --version | -v )
-       echo "$version" ; exit 0 ;;
+       echo "$version" ; exit ;;
     --help | --h* | -h )
-       echo "$usage"; exit 0 ;;
+       echo "$usage"; exit ;;
     -- )     # Stop option processing
        shift; break ;;
     - )	# Use stdin as input.
@@ -100,14 +100,18 @@
 # Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
 # use `HOST_CC' if defined, but it is deprecated.
 
-# This shell variable is my proudest work .. or something. --bje
+# Portable tmp directory creation inspired by the Autoconf team.
 
-set_cc_for_build='tmpdir=${TMPDIR-/tmp}/config-guess-$$ ;
-(old=`umask` && umask 077 && mkdir $tmpdir && umask $old && unset old)
-   || (echo "$me: cannot create $tmpdir" >&2 && exit 1) ;
-dummy=$tmpdir/dummy ;
-files="$dummy.c $dummy.o $dummy.rel $dummy" ;
-trap '"'"'rm -f $files; rmdir $tmpdir; exit 1'"'"' 1 2 15 ;
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
 case $CC_FOR_BUILD,$HOST_CC,$CC in
  ,,)    echo "int x;" > $dummy.c ;
 	for c in cc gcc c89 c99 ; do
@@ -115,15 +119,13 @@
 	     CC_FOR_BUILD="$c"; break ;
 	  fi ;
 	done ;
-	rm -f $files ;
 	if test x"$CC_FOR_BUILD" = x ; then
 	  CC_FOR_BUILD=no_compiler_found ;
 	fi
 	;;
  ,,*)   CC_FOR_BUILD=$CC ;;
  ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
-esac ;
-unset files'
+esac ; set_cc_for_build= ;'
 
 # This is needed to find uname on a Pyramid OSx when run in the BSD universe.
 # (ghazi@noc.rutgers.edu 1994-08-24)
@@ -196,104 +198,109 @@
 	# contains redundant information, the shorter form:
 	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
 	echo "${machine}-${os}${release}"
-	exit 0 ;;
+	exit ;;
     *:OpenBSD:*:*)
 	UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
 	echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
-	exit 0 ;;
+	exit ;;
+    *:ekkoBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+	exit ;;
+    macppc:MirBSD:*:*)
+	echo powerppc-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    *:MirBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
     alpha:OSF1:*:*)
-	if test $UNAME_RELEASE = "V4.0"; then
+	case $UNAME_RELEASE in
+	*4.0)
 		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
-	fi
+		;;
+	*5.*)
+	        UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+		;;
+	esac
+	# According to Compaq, /usr/sbin/psrinfo has been available on
+	# OSF/1 and Tru64 systems produced since 1995.  I hope that
+	# covers most systems running today.  This code pipes the CPU
+	# types through head -n 1, so we only detect the type of CPU 0.
+	ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^  The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+	case "$ALPHA_CPU_TYPE" in
+	    "EV4 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV4.5 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "LCA4 (21066/21068)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV5 (21164)")
+		UNAME_MACHINE="alphaev5" ;;
+	    "EV5.6 (21164A)")
+		UNAME_MACHINE="alphaev56" ;;
+	    "EV5.6 (21164PC)")
+		UNAME_MACHINE="alphapca56" ;;
+	    "EV5.7 (21164PC)")
+		UNAME_MACHINE="alphapca57" ;;
+	    "EV6 (21264)")
+		UNAME_MACHINE="alphaev6" ;;
+	    "EV6.7 (21264A)")
+		UNAME_MACHINE="alphaev67" ;;
+	    "EV6.8CB (21264C)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8AL (21264B)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8CX (21264D)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.9A (21264/EV69A)")
+		UNAME_MACHINE="alphaev69" ;;
+	    "EV7 (21364)")
+		UNAME_MACHINE="alphaev7" ;;
+	    "EV7.9 (21364A)")
+		UNAME_MACHINE="alphaev79" ;;
+	esac
+	# A Pn.n version is a patched version.
 	# A Vn.n version is a released version.
 	# A Tn.n version is a released field test version.
 	# A Xn.n version is an unreleased experimental baselevel.
 	# 1.2 uses "1.2" for uname -r.
-	eval $set_cc_for_build
-	cat <<EOF >$dummy.s
-	.data
-\$Lformat:
-	.byte 37,100,45,37,120,10,0	# "%d-%x\n"
-
-	.text
-	.globl main
-	.align 4
-	.ent main
-main:
-	.frame \$30,16,\$26,0
-	ldgp \$29,0(\$27)
-	.prologue 1
-	.long 0x47e03d80 # implver \$0
-	lda \$2,-1
-	.long 0x47e20c21 # amask \$2,\$1
-	lda \$16,\$Lformat
-	mov \$0,\$17
-	not \$1,\$18
-	jsr \$26,printf
-	ldgp \$29,0(\$26)
-	mov 0,\$16
-	jsr \$26,exit
-	.end main
-EOF
-	$CC_FOR_BUILD -o $dummy $dummy.s 2>/dev/null
-	if test "$?" = 0 ; then
-		case `$dummy` in
-			0-0)
-				UNAME_MACHINE="alpha"
-				;;
-			1-0)
-				UNAME_MACHINE="alphaev5"
-				;;
-			1-1)
-				UNAME_MACHINE="alphaev56"
-				;;
-			1-101)
-				UNAME_MACHINE="alphapca56"
-				;;
-			2-303)
-				UNAME_MACHINE="alphaev6"
-				;;
-			2-307)
-				UNAME_MACHINE="alphaev67"
-				;;
-			2-1307)
-				UNAME_MACHINE="alphaev68"
-				;;
-			3-1307)
-				UNAME_MACHINE="alphaev7"
-				;;
-		esac
-	fi
-	rm -f $dummy.s $dummy && rmdir $tmpdir
-	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
-	exit 0 ;;
+	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+	exit ;;
     Alpha\ *:Windows_NT*:*)
 	# How do we know it's Interix rather than the generic POSIX subsystem?
 	# Should we change UNAME_MACHINE based on the output of uname instead
 	# of the specific Alpha model?
 	echo alpha-pc-interix
-	exit 0 ;;
+	exit ;;
     21064:Windows_NT:50:3)
 	echo alpha-dec-winnt3.5
-	exit 0 ;;
+	exit ;;
     Amiga*:UNIX_System_V:4.0:*)
 	echo m68k-unknown-sysv4
-	exit 0;;
+	exit ;;
     *:[Aa]miga[Oo][Ss]:*:*)
 	echo ${UNAME_MACHINE}-unknown-amigaos
-	exit 0 ;;
+	exit ;;
     *:[Mm]orph[Oo][Ss]:*:*)
 	echo ${UNAME_MACHINE}-unknown-morphos
-	exit 0 ;;
+	exit ;;
     *:OS/390:*:*)
 	echo i370-ibm-openedition
-	exit 0 ;;
+	exit ;;
+    *:z/VM:*:*)
+	echo s390-ibm-zvmoe
+	exit ;;
+    *:OS400:*:*)
+        echo powerpc-ibm-os400
+	exit ;;
     arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
 	echo arm-acorn-riscix${UNAME_RELEASE}
-	exit 0;;
+	exit ;;
+    arm:riscos:*:*|arm:RISCOS:*:*)
+	echo arm-unknown-riscos
+	exit ;;
     SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
 	echo hppa1.1-hitachi-hiuxmpp
-	exit 0;;
+	exit ;;
     Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
 	# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
 	if test "`(/bin/universe) 2>/dev/null`" = att ; then
@@ -301,29 +308,32 @@
 	else
 		echo pyramid-pyramid-bsd
 	fi
-	exit 0 ;;
+	exit ;;
     NILE*:*:*:dcosx)
 	echo pyramid-pyramid-svr4
-	exit 0 ;;
-    DRS?6000:UNIX_SV:4.2*:7*)
+	exit ;;
+    DRS?6000:unix:4.0:6*)
+	echo sparc-icl-nx6
+	exit ;;
+    DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
 	case `/usr/bin/uname -p` in
-	    sparc) echo sparc-icl-nx7 && exit 0 ;;
+	    sparc) echo sparc-icl-nx7; exit ;;
 	esac ;;
     sun4H:SunOS:5.*:*)
 	echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
-	exit 0 ;;
+	exit ;;
     sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
 	echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
-	exit 0 ;;
+	exit ;;
     i86pc:SunOS:5.*:*)
 	echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
-	exit 0 ;;
+	exit ;;
     sun4*:SunOS:6*:*)
 	# According to config.sub, this is the proper way to canonicalize
 	# SunOS6.  Hard to guess exactly what SunOS6 will be like, but
 	# it's likely to be more like Solaris than SunOS4.
 	echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
-	exit 0 ;;
+	exit ;;
     sun4*:SunOS:*:*)
 	case "`/usr/bin/arch -k`" in
 	    Series*|S4*)
@@ -332,10 +342,10 @@
 	esac
 	# Japanese Language versions have a version number like `4.1.3-JL'.
 	echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
-	exit 0 ;;
+	exit ;;
     sun3*:SunOS:*:*)
 	echo m68k-sun-sunos${UNAME_RELEASE}
-	exit 0 ;;
+	exit ;;
     sun*:*:4.2BSD:*)
 	UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
 	test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
@@ -347,10 +357,10 @@
 		echo sparc-sun-sunos${UNAME_RELEASE}
 		;;
 	esac
-	exit 0 ;;
+	exit ;;
     aushp:SunOS:*:*)
 	echo sparc-auspex-sunos${UNAME_RELEASE}
-	exit 0 ;;
+	exit ;;
     # The situation for MiNT is a little confusing.  The machine name
     # can be virtually everything (everything which is not
     # "atarist" or "atariste" at least should have a processor
@@ -361,37 +371,40 @@
     # be no problem.
     atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
         echo m68k-atari-mint${UNAME_RELEASE}
-	exit 0 ;;
+	exit ;;
     atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
 	echo m68k-atari-mint${UNAME_RELEASE}
-        exit 0 ;;
+        exit ;;
     *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
         echo m68k-atari-mint${UNAME_RELEASE}
-	exit 0 ;;
+	exit ;;
     milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
         echo m68k-milan-mint${UNAME_RELEASE}
-        exit 0 ;;
+        exit ;;
     hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
         echo m68k-hades-mint${UNAME_RELEASE}
-        exit 0 ;;
+        exit ;;
     *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
         echo m68k-unknown-mint${UNAME_RELEASE}
-        exit 0 ;;
+        exit ;;
+    m68k:machten:*:*)
+	echo m68k-apple-machten${UNAME_RELEASE}
+	exit ;;
     powerpc:machten:*:*)
 	echo powerpc-apple-machten${UNAME_RELEASE}
-	exit 0 ;;
+	exit ;;
     RISC*:Mach:*:*)
 	echo mips-dec-mach_bsd4.3
-	exit 0 ;;
+	exit ;;
     RISC*:ULTRIX:*:*)
 	echo mips-dec-ultrix${UNAME_RELEASE}
-	exit 0 ;;
+	exit ;;
     VAX*:ULTRIX*:*:*)
 	echo vax-dec-ultrix${UNAME_RELEASE}
-	exit 0 ;;
+	exit ;;
     2020:CLIX:*:* | 2430:CLIX:*:*)
 	echo clipper-intergraph-clix${UNAME_RELEASE}
-	exit 0 ;;
+	exit ;;
     mips:*:*:UMIPS | mips:*:*:RISCos)
 	eval $set_cc_for_build
 	sed 's/^	//' << EOF >$dummy.c
@@ -415,33 +428,33 @@
 	  exit (-1);
 	}
 EOF
-	$CC_FOR_BUILD -o $dummy $dummy.c \
-	  && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
-	  && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
-	rm -f $dummy.c $dummy && rmdir $tmpdir
+	$CC_FOR_BUILD -o $dummy $dummy.c &&
+	  dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+	  SYSTEM_NAME=`$dummy $dummyarg` &&
+	    { echo "$SYSTEM_NAME"; exit; }
 	echo mips-mips-riscos${UNAME_RELEASE}
-	exit 0 ;;
+	exit ;;
     Motorola:PowerMAX_OS:*:*)
 	echo powerpc-motorola-powermax
-	exit 0 ;;
+	exit ;;
     Motorola:*:4.3:PL8-*)
 	echo powerpc-harris-powermax
-	exit 0 ;;
+	exit ;;
     Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
 	echo powerpc-harris-powermax
-	exit 0 ;;
+	exit ;;
     Night_Hawk:Power_UNIX:*:*)
 	echo powerpc-harris-powerunix
-	exit 0 ;;
+	exit ;;
     m88k:CX/UX:7*:*)
 	echo m88k-harris-cxux7
-	exit 0 ;;
+	exit ;;
     m88k:*:4*:R4*)
 	echo m88k-motorola-sysv4
-	exit 0 ;;
+	exit ;;
     m88k:*:3*:R3*)
 	echo m88k-motorola-sysv3
-	exit 0 ;;
+	exit ;;
     AViiON:dgux:*:*)
         # DG/UX returns AViiON for all architectures
         UNAME_PROCESSOR=`/usr/bin/uname -p`
@@ -457,29 +470,29 @@
 	else
 	    echo i586-dg-dgux${UNAME_RELEASE}
 	fi
- 	exit 0 ;;
+ 	exit ;;
     M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
 	echo m88k-dolphin-sysv3
-	exit 0 ;;
+	exit ;;
     M88*:*:R3*:*)
 	# Delta 88k system running SVR3
 	echo m88k-motorola-sysv3
-	exit 0 ;;
+	exit ;;
     XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
 	echo m88k-tektronix-sysv3
-	exit 0 ;;
+	exit ;;
     Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
 	echo m68k-tektronix-bsd
-	exit 0 ;;
+	exit ;;
     *:IRIX*:*:*)
 	echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
-	exit 0 ;;
+	exit ;;
     ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
-	echo romp-ibm-aix      # uname -m gives an 8 hex-code CPU id
-	exit 0 ;;              # Note that: echo "'`uname -s`'" gives 'AIX '
+	echo romp-ibm-aix     # uname -m gives an 8 hex-code CPU id
+	exit ;;               # Note that: echo "'`uname -s`'" gives 'AIX '
     i*86:AIX:*:*)
 	echo i386-ibm-aix
-	exit 0 ;;
+	exit ;;
     ia64:AIX:*:*)
 	if [ -x /usr/bin/oslevel ] ; then
 		IBM_REV=`/usr/bin/oslevel`
@@ -487,7 +500,7 @@
 		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
 	fi
 	echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
-	exit 0 ;;
+	exit ;;
     *:AIX:2:3)
 	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
 		eval $set_cc_for_build
@@ -502,15 +515,18 @@
 			exit(0);
 			}
 EOF
-		$CC_FOR_BUILD -o $dummy $dummy.c && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
-		rm -f $dummy.c $dummy && rmdir $tmpdir
-		echo rs6000-ibm-aix3.2.5
+		if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+		then
+			echo "$SYSTEM_NAME"
+		else
+			echo rs6000-ibm-aix3.2.5
+		fi
 	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
 		echo rs6000-ibm-aix3.2.4
 	else
 		echo rs6000-ibm-aix3.2
 	fi
-	exit 0 ;;
+	exit ;;
     *:AIX:*:[45])
 	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
 	if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
@@ -524,28 +540,28 @@
 		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
 	fi
 	echo ${IBM_ARCH}-ibm-aix${IBM_REV}
-	exit 0 ;;
+	exit ;;
     *:AIX:*:*)
 	echo rs6000-ibm-aix
-	exit 0 ;;
+	exit ;;
     ibmrt:4.4BSD:*|romp-ibm:BSD:*)
 	echo romp-ibm-bsd4.4
-	exit 0 ;;
+	exit ;;
     ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
 	echo romp-ibm-bsd${UNAME_RELEASE}   # 4.3 with uname added to
-	exit 0 ;;                           # report: romp-ibm BSD 4.3
+	exit ;;                             # report: romp-ibm BSD 4.3
     *:BOSX:*:*)
 	echo rs6000-bull-bosx
-	exit 0 ;;
+	exit ;;
     DPX/2?00:B.O.S.:*:*)
 	echo m68k-bull-sysv3
-	exit 0 ;;
+	exit ;;
     9000/[34]??:4.3bsd:1.*:*)
 	echo m68k-hp-bsd
-	exit 0 ;;
+	exit ;;
     hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
 	echo m68k-hp-bsd4.4
-	exit 0 ;;
+	exit ;;
     9000/[34678]??:HP-UX:*:*)
 	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
 	case "${UNAME_MACHINE}" in
@@ -602,16 +618,36 @@
               }
 EOF
 		    (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
-		    if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi
-		    rm -f $dummy.c $dummy && rmdir $tmpdir
+		    test -z "$HP_ARCH" && HP_ARCH=hppa
 		fi ;;
 	esac
+	if [ ${HP_ARCH} = "hppa2.0w" ]
+	then
+	    eval $set_cc_for_build
+
+	    # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+	    # 32-bit code.  hppa64-hp-hpux* has the same kernel and a compiler
+	    # generating 64-bit code.  GNU and HP use different nomenclature:
+	    #
+	    # $ CC_FOR_BUILD=cc ./config.guess
+	    # => hppa2.0w-hp-hpux11.23
+	    # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+	    # => hppa64-hp-hpux11.23
+
+	    if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+		grep __LP64__ >/dev/null
+	    then
+		HP_ARCH="hppa2.0w"
+	    else
+		HP_ARCH="hppa64"
+	    fi
+	fi
 	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
-	exit 0 ;;
+	exit ;;
     ia64:HP-UX:*:*)
 	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
 	echo ia64-hp-hpux${HPUX_REV}
-	exit 0 ;;
+	exit ;;
     3050*:HI-UX:*:*)
 	eval $set_cc_for_build
 	sed 's/^	//' << EOF >$dummy.c
@@ -639,149 +675,166 @@
 	  exit (0);
 	}
 EOF
-	$CC_FOR_BUILD -o $dummy $dummy.c && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
-	rm -f $dummy.c $dummy && rmdir $tmpdir
+	$CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+		{ echo "$SYSTEM_NAME"; exit; }
 	echo unknown-hitachi-hiuxwe2
-	exit 0 ;;
+	exit ;;
     9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
 	echo hppa1.1-hp-bsd
-	exit 0 ;;
+	exit ;;
     9000/8??:4.3bsd:*:*)
 	echo hppa1.0-hp-bsd
-	exit 0 ;;
+	exit ;;
     *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
 	echo hppa1.0-hp-mpeix
-	exit 0 ;;
+	exit ;;
     hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
 	echo hppa1.1-hp-osf
-	exit 0 ;;
+	exit ;;
     hp8??:OSF1:*:*)
 	echo hppa1.0-hp-osf
-	exit 0 ;;
+	exit ;;
     i*86:OSF1:*:*)
 	if [ -x /usr/sbin/sysversion ] ; then
 	    echo ${UNAME_MACHINE}-unknown-osf1mk
 	else
 	    echo ${UNAME_MACHINE}-unknown-osf1
 	fi
-	exit 0 ;;
+	exit ;;
     parisc*:Lites*:*:*)
 	echo hppa1.1-hp-lites
-	exit 0 ;;
+	exit ;;
     C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
 	echo c1-convex-bsd
-        exit 0 ;;
+        exit ;;
     C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
 	if getsysinfo -f scalar_acc
 	then echo c32-convex-bsd
 	else echo c2-convex-bsd
 	fi
-        exit 0 ;;
+        exit ;;
     C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
 	echo c34-convex-bsd
-        exit 0 ;;
+        exit ;;
     C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
 	echo c38-convex-bsd
-        exit 0 ;;
+        exit ;;
     C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
 	echo c4-convex-bsd
-        exit 0 ;;
+        exit ;;
     CRAY*Y-MP:*:*:*)
 	echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
-	exit 0 ;;
+	exit ;;
     CRAY*[A-Z]90:*:*:*)
 	echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
 	| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
 	      -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
 	      -e 's/\.[^.]*$/.X/'
-	exit 0 ;;
+	exit ;;
     CRAY*TS:*:*:*)
 	echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
-	exit 0 ;;
-    CRAY*T3D:*:*:*)
-	echo alpha-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
-	exit 0 ;;
+	exit ;;
     CRAY*T3E:*:*:*)
 	echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
-	exit 0 ;;
+	exit ;;
     CRAY*SV1:*:*:*)
 	echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
-	exit 0 ;;
+	exit ;;
+    *:UNICOS/mp:*:*)
+	echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
     F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
 	FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
         FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
         FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
         echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
-        exit 0 ;;
+        exit ;;
+    5000:UNIX_System_V:4.*:*)
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+        echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+	exit ;;
     i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
 	echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
-	exit 0 ;;
+	exit ;;
     sparc*:BSD/OS:*:*)
 	echo sparc-unknown-bsdi${UNAME_RELEASE}
-	exit 0 ;;
+	exit ;;
     *:BSD/OS:*:*)
 	echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
-	exit 0 ;;
+	exit ;;
     *:FreeBSD:*:*)
-	# Determine whether the default compiler uses glibc.
-	eval $set_cc_for_build
-	sed 's/^	//' << EOF >$dummy.c
-	#include <features.h>
-	#if __GLIBC__ >= 2
-	LIBC=gnu
-	#else
-	LIBC=
-	#endif
-EOF
-	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
-	rm -f $dummy.c && rmdir $tmpdir
-	echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC}
-	exit 0 ;;
+	echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+	exit ;;
     i*:CYGWIN*:*)
 	echo ${UNAME_MACHINE}-pc-cygwin
-	exit 0 ;;
+	exit ;;
     i*:MINGW*:*)
 	echo ${UNAME_MACHINE}-pc-mingw32
-	exit 0 ;;
+	exit ;;
+    i*:windows32*:*)
+    	# uname -m includes "-pc" on this system.
+    	echo ${UNAME_MACHINE}-mingw32
+	exit ;;
     i*:PW*:*)
 	echo ${UNAME_MACHINE}-pc-pw32
-	exit 0 ;;
-    x86:Interix*:3*)
-	echo i586-pc-interix3
-	exit 0 ;;
+	exit ;;
+    x86:Interix*:[34]*)
+	echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//'
+	exit ;;
     [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
 	echo i${UNAME_MACHINE}-pc-mks
-	exit 0 ;;
+	exit ;;
     i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
 	# How do we know it's Interix rather than the generic POSIX subsystem?
 	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
 	# UNAME_MACHINE based on the output of uname instead of i386?
 	echo i586-pc-interix
-	exit 0 ;;
+	exit ;;
     i*:UWIN*:*)
 	echo ${UNAME_MACHINE}-pc-uwin
-	exit 0 ;;
+	exit ;;
+    amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+	echo x86_64-unknown-cygwin
+	exit ;;
     p*:CYGWIN*:*)
 	echo powerpcle-unknown-cygwin
-	exit 0 ;;
+	exit ;;
     prep*:SunOS:5.*:*)
 	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
-	exit 0 ;;
+	exit ;;
     *:GNU:*:*)
+	# the GNU system
 	echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
-	exit 0 ;;
+	exit ;;
+    *:GNU/*:*:*)
+	# other systems with GNU libc and userland
+	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
+	exit ;;
     i*86:Minix:*:*)
 	echo ${UNAME_MACHINE}-pc-minix
-	exit 0 ;;
+	exit ;;
     arm*:Linux:*:*)
 	echo ${UNAME_MACHINE}-unknown-linux-gnu
-	exit 0 ;;
+	exit ;;
+    cris:Linux:*:*)
+	echo cris-axis-linux-gnu
+	exit ;;
+    crisv32:Linux:*:*)
+	echo crisv32-axis-linux-gnu
+	exit ;;
+    frv:Linux:*:*)
+    	echo frv-unknown-linux-gnu
+	exit ;;
     ia64:Linux:*:*)
 	echo ${UNAME_MACHINE}-unknown-linux-gnu
-	exit 0 ;;
+	exit ;;
+    m32r*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
     m68*:Linux:*:*)
 	echo ${UNAME_MACHINE}-unknown-linux-gnu
-	exit 0 ;;
+	exit ;;
     mips:Linux:*:*)
 	eval $set_cc_for_build
 	sed 's/^	//' << EOF >$dummy.c
@@ -799,8 +852,7 @@
 	#endif
 EOF
 	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
-	rm -f $dummy.c && rmdir $tmpdir
-	test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
 	;;
     mips64:Linux:*:*)
 	eval $set_cc_for_build
@@ -819,15 +871,17 @@
 	#endif
 EOF
 	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
-	rm -f $dummy.c && rmdir $tmpdir
-	test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
 	;;
+    or32:Linux:*:*)
+	echo or32-unknown-linux-gnu
+	exit ;;
     ppc:Linux:*:*)
 	echo powerpc-unknown-linux-gnu
-	exit 0 ;;
+	exit ;;
     ppc64:Linux:*:*)
 	echo powerpc64-unknown-linux-gnu
-	exit 0 ;;
+	exit ;;
     alpha:Linux:*:*)
 	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
 	  EV5)   UNAME_MACHINE=alphaev5 ;;
@@ -841,7 +895,7 @@
 	objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
 	if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
 	echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
-	exit 0 ;;
+	exit ;;
     parisc:Linux:*:* | hppa:Linux:*:*)
 	# Look for CPU level
 	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
@@ -849,22 +903,25 @@
 	  PA8*) echo hppa2.0-unknown-linux-gnu ;;
 	  *)    echo hppa-unknown-linux-gnu ;;
 	esac
-	exit 0 ;;
+	exit ;;
     parisc64:Linux:*:* | hppa64:Linux:*:*)
 	echo hppa64-unknown-linux-gnu
-	exit 0 ;;
+	exit ;;
     s390:Linux:*:* | s390x:Linux:*:*)
 	echo ${UNAME_MACHINE}-ibm-linux
-	exit 0 ;;
+	exit ;;
+    sh64*:Linux:*:*)
+    	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
     sh*:Linux:*:*)
 	echo ${UNAME_MACHINE}-unknown-linux-gnu
-	exit 0 ;;
+	exit ;;
     sparc:Linux:*:* | sparc64:Linux:*:*)
 	echo ${UNAME_MACHINE}-unknown-linux-gnu
-	exit 0 ;;
+	exit ;;
     x86_64:Linux:*:*)
 	echo x86_64-unknown-linux-gnu
-	exit 0 ;;
+	exit ;;
     i*86:Linux:*:*)
 	# The BFD linker knows what the default object file format is, so
 	# first see if it will tell us. cd to the root directory to prevent
@@ -882,15 +939,15 @@
 		;;
 	  a.out-i386-linux)
 		echo "${UNAME_MACHINE}-pc-linux-gnuaout"
-		exit 0 ;;
+		exit ;;
 	  coff-i386)
 		echo "${UNAME_MACHINE}-pc-linux-gnucoff"
-		exit 0 ;;
+		exit ;;
 	  "")
 		# Either a pre-BFD a.out linker (linux-gnuoldld) or
 		# one that does not give us useful --help.
 		echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
-		exit 0 ;;
+		exit ;;
 	esac
 	# Determine whether the default compiler is a.out or elf
 	eval $set_cc_for_build
@@ -913,18 +970,23 @@
 	LIBC=gnuaout
 	#endif
 	#endif
+	#ifdef __dietlibc__
+	LIBC=dietlibc
+	#endif
 EOF
 	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
-	rm -f $dummy.c && rmdir $tmpdir
-	test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0
-	test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0
+	test x"${LIBC}" != x && {
+		echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+		exit
+	}
+	test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; }
 	;;
     i*86:DYNIX/ptx:4*:*)
 	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
 	# earlier versions are messed up and put the nodename in both
 	# sysname and nodename.
 	echo i386-sequent-sysv4
-	exit 0 ;;
+	exit ;;
     i*86:UNIX_SV:4.2MP:2.*)
         # Unixware is an offshoot of SVR4, but it has its own version
         # number series starting with 2...
@@ -932,24 +994,27 @@
 	# I just have to hope.  -- rms.
         # Use sysv4.2uw... so that sysv4* matches it.
 	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
-	exit 0 ;;
+	exit ;;
     i*86:OS/2:*:*)
 	# If we were able to find `uname', then EMX Unix compatibility
 	# is probably installed.
 	echo ${UNAME_MACHINE}-pc-os2-emx
-	exit 0 ;;
+	exit ;;
     i*86:XTS-300:*:STOP)
 	echo ${UNAME_MACHINE}-unknown-stop
-	exit 0 ;;
+	exit ;;
     i*86:atheos:*:*)
 	echo ${UNAME_MACHINE}-unknown-atheos
-	exit 0 ;;
+	exit ;;
+    i*86:syllable:*:*)
+	echo ${UNAME_MACHINE}-pc-syllable
+	exit ;;
     i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
 	echo i386-unknown-lynxos${UNAME_RELEASE}
-	exit 0 ;;
+	exit ;;
     i*86:*DOS:*:*)
 	echo ${UNAME_MACHINE}-pc-msdosdjgpp
-	exit 0 ;;
+	exit ;;
     i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
 	UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
 	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
@@ -957,15 +1022,16 @@
 	else
 		echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
 	fi
-	exit 0 ;;
-    i*86:*:5:[78]*)
+	exit ;;
+    i*86:*:5:[678]*)
+    	# UnixWare 7.x, OpenUNIX and OpenServer 6.
 	case `/bin/uname -X | grep "^Machine"` in
 	    *486*)	     UNAME_MACHINE=i486 ;;
 	    *Pentium)	     UNAME_MACHINE=i586 ;;
 	    *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
 	esac
 	echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
-	exit 0 ;;
+	exit ;;
     i*86:*:3.2:*)
 	if test -f /usr/options/cb.name; then
 		UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
@@ -983,73 +1049,73 @@
 	else
 		echo ${UNAME_MACHINE}-pc-sysv32
 	fi
-	exit 0 ;;
+	exit ;;
     pc:*:*:*)
 	# Left here for compatibility:
         # uname -m prints for DJGPP always 'pc', but it prints nothing about
         # the processor, so we play safe by assuming i386.
 	echo i386-pc-msdosdjgpp
-        exit 0 ;;
+        exit ;;
     Intel:Mach:3*:*)
 	echo i386-pc-mach3
-	exit 0 ;;
+	exit ;;
     paragon:*:*:*)
 	echo i860-intel-osf1
-	exit 0 ;;
+	exit ;;
     i860:*:4.*:*) # i860-SVR4
 	if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
 	  echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
 	else # Add other i860-SVR4 vendors below as they are discovered.
 	  echo i860-unknown-sysv${UNAME_RELEASE}  # Unknown i860-SVR4
 	fi
-	exit 0 ;;
+	exit ;;
     mini*:CTIX:SYS*5:*)
 	# "miniframe"
 	echo m68010-convergent-sysv
-	exit 0 ;;
+	exit ;;
     mc68k:UNIX:SYSTEM5:3.51m)
 	echo m68k-convergent-sysv
-	exit 0 ;;
+	exit ;;
     M680?0:D-NIX:5.3:*)
 	echo m68k-diab-dnix
-	exit 0 ;;
-    M68*:*:R3V[567]*:*)
-	test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;;
-    3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0)
+	exit ;;
+    M68*:*:R3V[5678]*:*)
+	test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+    3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
 	OS_REL=''
 	test -r /etc/.relid \
 	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
 	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
-	  && echo i486-ncr-sysv4.3${OS_REL} && exit 0
+	  && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
 	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
-	  && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;;
+	  && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
     3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
         /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
-          && echo i486-ncr-sysv4 && exit 0 ;;
+          && { echo i486-ncr-sysv4; exit; } ;;
     m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
 	echo m68k-unknown-lynxos${UNAME_RELEASE}
-	exit 0 ;;
+	exit ;;
     mc68030:UNIX_System_V:4.*:*)
 	echo m68k-atari-sysv4
-	exit 0 ;;
+	exit ;;
     TSUNAMI:LynxOS:2.*:*)
 	echo sparc-unknown-lynxos${UNAME_RELEASE}
-	exit 0 ;;
+	exit ;;
     rs6000:LynxOS:2.*:*)
 	echo rs6000-unknown-lynxos${UNAME_RELEASE}
-	exit 0 ;;
+	exit ;;
     PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
 	echo powerpc-unknown-lynxos${UNAME_RELEASE}
-	exit 0 ;;
+	exit ;;
     SM[BE]S:UNIX_SV:*:*)
 	echo mips-dde-sysv${UNAME_RELEASE}
-	exit 0 ;;
+	exit ;;
     RM*:ReliantUNIX-*:*:*)
 	echo mips-sni-sysv4
-	exit 0 ;;
+	exit ;;
     RM*:SINIX-*:*:*)
 	echo mips-sni-sysv4
-	exit 0 ;;
+	exit ;;
     *:SINIX-*:*:*)
 	if uname -p 2>/dev/null >/dev/null ; then
 		UNAME_MACHINE=`(uname -p) 2>/dev/null`
@@ -1057,64 +1123,73 @@
 	else
 		echo ns32k-sni-sysv
 	fi
-	exit 0 ;;
+	exit ;;
     PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
                       # says <Richard.M.Bartel@ccMail.Census.GOV>
         echo i586-unisys-sysv4
-        exit 0 ;;
+        exit ;;
     *:UNIX_System_V:4*:FTX*)
 	# From Gerald Hewes <hewes@openmarket.com>.
 	# How about differentiating between stratus architectures? -djm
 	echo hppa1.1-stratus-sysv4
-	exit 0 ;;
+	exit ;;
     *:*:*:FTX*)
 	# From seanf@swdc.stratus.com.
 	echo i860-stratus-sysv4
-	exit 0 ;;
+	exit ;;
+    i*86:VOS:*:*)
+	# From Paul.Green@stratus.com.
+	echo ${UNAME_MACHINE}-stratus-vos
+	exit ;;
     *:VOS:*:*)
 	# From Paul.Green@stratus.com.
 	echo hppa1.1-stratus-vos
-	exit 0 ;;
+	exit ;;
     mc68*:A/UX:*:*)
 	echo m68k-apple-aux${UNAME_RELEASE}
-	exit 0 ;;
+	exit ;;
     news*:NEWS-OS:6*:*)
 	echo mips-sony-newsos6
-	exit 0 ;;
+	exit ;;
     R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
 	if [ -d /usr/nec ]; then
 	        echo mips-nec-sysv${UNAME_RELEASE}
 	else
 	        echo mips-unknown-sysv${UNAME_RELEASE}
 	fi
-        exit 0 ;;
+        exit ;;
     BeBox:BeOS:*:*)	# BeOS running on hardware made by Be, PPC only.
 	echo powerpc-be-beos
-	exit 0 ;;
+	exit ;;
     BeMac:BeOS:*:*)	# BeOS running on Mac or Mac clone, PPC only.
 	echo powerpc-apple-beos
-	exit 0 ;;
+	exit ;;
     BePC:BeOS:*:*)	# BeOS running on Intel PC compatible.
 	echo i586-pc-beos
-	exit 0 ;;
+	exit ;;
     SX-4:SUPER-UX:*:*)
 	echo sx4-nec-superux${UNAME_RELEASE}
-	exit 0 ;;
+	exit ;;
     SX-5:SUPER-UX:*:*)
 	echo sx5-nec-superux${UNAME_RELEASE}
-	exit 0 ;;
+	exit ;;
     SX-6:SUPER-UX:*:*)
 	echo sx6-nec-superux${UNAME_RELEASE}
-	exit 0 ;;
+	exit ;;
     Power*:Rhapsody:*:*)
 	echo powerpc-apple-rhapsody${UNAME_RELEASE}
-	exit 0 ;;
+	exit ;;
     *:Rhapsody:*:*)
 	echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
-	exit 0 ;;
+	exit ;;
     *:Darwin:*:*)
-	echo `uname -p`-apple-darwin${UNAME_RELEASE}
-	exit 0 ;;
+	UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+	case $UNAME_PROCESSOR in
+	    *86) UNAME_PROCESSOR=i686 ;;
+	    unknown) UNAME_PROCESSOR=powerpc ;;
+	esac
+	echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+	exit ;;
     *:procnto*:*:* | *:QNX:[0123456789]*:*)
 	UNAME_PROCESSOR=`uname -p`
 	if test "$UNAME_PROCESSOR" = "x86"; then
@@ -1122,22 +1197,25 @@
 		UNAME_MACHINE=pc
 	fi
 	echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
-	exit 0 ;;
+	exit ;;
     *:QNX:*:4*)
 	echo i386-pc-qnx
-	exit 0 ;;
-    NSR-[DGKLNPTVW]:NONSTOP_KERNEL:*:*)
+	exit ;;
+    NSE-?:NONSTOP_KERNEL:*:*)
+	echo nse-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    NSR-?:NONSTOP_KERNEL:*:*)
 	echo nsr-tandem-nsk${UNAME_RELEASE}
-	exit 0 ;;
+	exit ;;
     *:NonStop-UX:*:*)
 	echo mips-compaq-nonstopux
-	exit 0 ;;
+	exit ;;
     BS2000:POSIX*:*:*)
 	echo bs2000-siemens-sysv
-	exit 0 ;;
+	exit ;;
     DS/*:UNIX_System_V:*:*)
 	echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
-	exit 0 ;;
+	exit ;;
     *:Plan9:*:*)
 	# "uname -m" is not consistent, so use $cputype instead. 386
 	# is converted to i386 for consistency with other x86
@@ -1148,25 +1226,44 @@
 	    UNAME_MACHINE="$cputype"
 	fi
 	echo ${UNAME_MACHINE}-unknown-plan9
-	exit 0 ;;
+	exit ;;
     *:TOPS-10:*:*)
 	echo pdp10-unknown-tops10
-	exit 0 ;;
+	exit ;;
     *:TENEX:*:*)
 	echo pdp10-unknown-tenex
-	exit 0 ;;
+	exit ;;
     KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
 	echo pdp10-dec-tops20
-	exit 0 ;;
+	exit ;;
     XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
 	echo pdp10-xkl-tops20
-	exit 0 ;;
+	exit ;;
     *:TOPS-20:*:*)
 	echo pdp10-unknown-tops20
-	exit 0 ;;
+	exit ;;
     *:ITS:*:*)
 	echo pdp10-unknown-its
-	exit 0 ;;
+	exit ;;
+    SEI:*:*:SEIUX)
+        echo mips-sei-seiux${UNAME_RELEASE}
+	exit ;;
+    *:DragonFly:*:*)
+	echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+	exit ;;
+    *:*VMS:*:*)
+    	UNAME_MACHINE=`(uname -p) 2>/dev/null`
+	case "${UNAME_MACHINE}" in
+	    A*) echo alpha-dec-vms ; exit ;;
+	    I*) echo ia64-dec-vms ; exit ;;
+	    V*) echo vax-dec-vms ; exit ;;
+	esac ;;
+    *:XENIX:*:SysV)
+	echo i386-pc-xenix
+	exit ;;
+    i*86:skyos:*:*)
+	echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+	exit ;;
 esac
 
 #echo '(No uname command or uname output not recognized.)' 1>&2
@@ -1198,7 +1295,7 @@
 #endif
 
 #if defined (__arm) && defined (__acorn) && defined (__unix)
-  printf ("arm-acorn-riscix"); exit (0);
+  printf ("arm-acorn-riscix\n"); exit (0);
 #endif
 
 #if defined (hp300) && !defined (hpux)
@@ -1287,12 +1384,12 @@
 }
 EOF
 
-$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
-rm -f $dummy.c $dummy && rmdir $tmpdir
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+	{ echo "$SYSTEM_NAME"; exit; }
 
 # Apollos put the system type in the environment.
 
-test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; }
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
 
 # Convex versions that predate uname can use getsysinfo(1)
 
@@ -1301,22 +1398,22 @@
     case `getsysinfo -f cpu_type` in
     c1*)
 	echo c1-convex-bsd
-	exit 0 ;;
+	exit ;;
     c2*)
 	if getsysinfo -f scalar_acc
 	then echo c32-convex-bsd
 	else echo c2-convex-bsd
 	fi
-	exit 0 ;;
+	exit ;;
     c34*)
 	echo c34-convex-bsd
-	exit 0 ;;
+	exit ;;
     c38*)
 	echo c38-convex-bsd
-	exit 0 ;;
+	exit ;;
     c4*)
 	echo c4-convex-bsd
-	exit 0 ;;
+	exit ;;
     esac
 fi
 
@@ -1327,7 +1424,9 @@
 the operating system you are using. It is advised that you
 download the most up to date version of the config scripts from
 
-    ftp://ftp.gnu.org/pub/gnu/config/
+  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess
+and
+  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub
 
 If the version you run ($0) is already up to date, please
 send the following data and any information you think might be
--- sudo-1.6.8p12.orig/config.sub
+++ sudo-1.6.8p12/config.sub
@@ -1,11 +1,9 @@
 #! /bin/sh
 # Configuration validation subroutine script.
 #   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-#   2000, 2001, 2002 Free Software Foundation, Inc.
-#
-# $Sudo: config.sub,v 1.11 2003/01/20 21:07:51 millert Exp $
+#   2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
 
-timestamp='2002-11-30'
+timestamp='2005-07-08'
 
 # This file is (in principle) common to ALL GNU software.
 # The presence of a machine in this file suggests that SOME GNU software
@@ -23,14 +21,15 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330,
-# Boston, MA 02111-1307, USA.
-
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
 # As a special exception to the GNU General Public License, if you
 # distribute this file as part of a program that contains a
 # configuration script generated by Autoconf, you may include it under
 # the same distribution terms that you use for the rest of that program.
 
+
 # Please send patches to <config-patches@gnu.org>.  Submit a context
 # diff and a properly formatted ChangeLog entry.
 #
@@ -72,7 +71,7 @@
 version="\
 GNU config.sub ($timestamp)
 
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
 Free Software Foundation, Inc.
 
 This is free software; see the source for copying conditions.  There is NO
@@ -85,11 +84,11 @@
 while test $# -gt 0 ; do
   case $1 in
     --time-stamp | --time* | -t )
-       echo "$timestamp" ; exit 0 ;;
+       echo "$timestamp" ; exit ;;
     --version | -v )
-       echo "$version" ; exit 0 ;;
+       echo "$version" ; exit ;;
     --help | --h* | -h )
-       echo "$usage"; exit 0 ;;
+       echo "$usage"; exit ;;
     -- )     # Stop option processing
        shift; break ;;
     - )	# Use stdin as input.
@@ -101,7 +100,7 @@
     *local*)
        # First pass through any local machine types.
        echo $1
-       exit 0;;
+       exit ;;
 
     * )
        break ;;
@@ -120,7 +119,8 @@
 # Here we must recognize all the valid KERNEL-OS combinations.
 maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
 case $maybe_os in
-  nto-qnx* | linux-gnu* | freebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
+  nto-qnx* | linux-gnu* | linux-dietlibc | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | \
+  kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
     os=-$maybe_os
     basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
     ;;
@@ -146,7 +146,7 @@
 	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
 	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
 	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
-	-apple | -axis | -sr2201*)
+	-apple | -axis | -knuth | -cray)
 		os=
 		basic_machine=$1
 		;;
@@ -230,14 +230,16 @@
 	| a29k \
 	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
 	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+	| am33_2.0 \
 	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
-	| clipper \
+	| bfin \
+	| c4x | clipper \
 	| d10v | d30v | dlx | dsp16xx \
 	| fr30 | frv \
 	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
 	| i370 | i860 | i960 | ia64 \
-	| ip2k \
-	| m32r | m68000 | m68k | m88k | mcore \
+	| ip2k | iq2000 \
+	| m32r | m32rle | m68000 | m68k | m88k | maxq | mcore \
 	| mips | mipsbe | mipseb | mipsel | mipsle \
 	| mips16 \
 	| mips64 | mips64el \
@@ -246,28 +248,37 @@
 	| mips64vr4100 | mips64vr4100el \
 	| mips64vr4300 | mips64vr4300el \
 	| mips64vr5000 | mips64vr5000el \
+	| mips64vr5900 | mips64vr5900el \
 	| mipsisa32 | mipsisa32el \
+	| mipsisa32r2 | mipsisa32r2el \
 	| mipsisa64 | mipsisa64el \
+	| mipsisa64r2 | mipsisa64r2el \
 	| mipsisa64sb1 | mipsisa64sb1el \
 	| mipsisa64sr71k | mipsisa64sr71kel \
 	| mipstx39 | mipstx39el \
 	| mn10200 | mn10300 \
+	| ms1 \
+	| msp430 \
 	| ns16k | ns32k \
-	| openrisc | or32 \
+	| or32 \
 	| pdp10 | pdp11 | pj | pjl \
 	| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
 	| pyramid \
-	| sh | sh[1234] | sh3e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
+	| sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
 	| sh64 | sh64le \
-	| sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \
+	| sparc | sparc64 | sparc64b | sparc86x | sparclet | sparclite \
+	| sparcv8 | sparcv9 | sparcv9b \
 	| strongarm \
-	| tahoe | thumb | tic80 | tron \
+	| tahoe | thumb | tic4x | tic80 | tron \
 	| v850 | v850e \
 	| we32k \
-	| x86 | xscale | xstormy16 | xtensa \
+	| x86 | xscale | xscalee[bl] | xstormy16 | xtensa \
 	| z8k)
 		basic_machine=$basic_machine-unknown
 		;;
+	m32c)
+		basic_machine=$basic_machine-unknown
+		;;
 	m6811 | m68hc11 | m6812 | m68hc12)
 		# Motorola 68HC11/12.
 		basic_machine=$basic_machine-unknown
@@ -295,19 +306,19 @@
 	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
 	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
 	| avr-* \
-	| bs2000-* \
-	| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* \
-	| clipper-* | cydra-* \
+	| bfin-* | bs2000-* \
+	| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
+	| clipper-* | craynv-* | cydra-* \
 	| d10v-* | d30v-* | dlx-* \
 	| elxsi-* \
 	| f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
 	| h8300-* | h8500-* \
 	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
 	| i*86-* | i860-* | i960-* | ia64-* \
-	| ip2k-* \
-	| m32r-* \
+	| ip2k-* | iq2000-* \
+	| m32r-* | m32rle-* \
 	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
-	| m88110-* | m88k-* | mcore-* \
+	| m88110-* | m88k-* | maxq-* | mcore-* \
 	| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
 	| mips16-* \
 	| mips64-* | mips64el-* \
@@ -316,29 +327,40 @@
 	| mips64vr4100-* | mips64vr4100el-* \
 	| mips64vr4300-* | mips64vr4300el-* \
 	| mips64vr5000-* | mips64vr5000el-* \
+	| mips64vr5900-* | mips64vr5900el-* \
 	| mipsisa32-* | mipsisa32el-* \
+	| mipsisa32r2-* | mipsisa32r2el-* \
 	| mipsisa64-* | mipsisa64el-* \
+	| mipsisa64r2-* | mipsisa64r2el-* \
 	| mipsisa64sb1-* | mipsisa64sb1el-* \
 	| mipsisa64sr71k-* | mipsisa64sr71kel-* \
-	| mipstx39 | mipstx39el \
+	| mipstx39-* | mipstx39el-* \
+	| mmix-* \
+	| ms1-* \
+	| msp430-* \
 	| none-* | np1-* | ns16k-* | ns32k-* \
 	| orion-* \
 	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
 	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
 	| pyramid-* \
 	| romp-* | rs6000-* \
-	| sh-* | sh[1234]-* | sh3e-* | sh[34]eb-* | shbe-* \
+	| sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | shbe-* \
 	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
-	| sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \
-	| sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
-	| tahoe-* | thumb-* | tic30-* | tic4x-* | tic54x-* | tic80-* | tron-* \
+	| sparc-* | sparc64-* | sparc64b-* | sparc86x-* | sparclet-* \
+	| sparclite-* \
+	| sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
+	| tahoe-* | thumb-* \
+	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+	| tron-* \
 	| v850-* | v850e-* | vax-* \
 	| we32k-* \
-	| x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \
-	| xtensa-* \
+	| x86-* | x86_64-* | xps100-* | xscale-* | xscalee[bl]-* \
+	| xstormy16-* | xtensa-* \
 	| ymp-* \
 	| z8k-*)
 		;;
+	m32c-*)
+		;;
 	# Recognize the various machine names and aliases which stand
 	# for a CPU type and a company and sometimes even an OS.
 	386bsd)
@@ -355,6 +377,9 @@
 		basic_machine=a29k-amd
 		os=-udi
 		;;
+    	abacus)
+		basic_machine=abacus-unknown
+		;;
 	adobe68k)
 		basic_machine=m68010-adobe
 		os=-scout
@@ -434,12 +459,27 @@
 		basic_machine=j90-cray
 		os=-unicos
 		;;
+	craynv)
+		basic_machine=craynv-cray
+		os=-unicosmp
+		;;
+	cr16c)
+		basic_machine=cr16c-unknown
+		os=-elf
+		;;
 	crds | unos)
 		basic_machine=m68k-crds
 		;;
+	crisv32 | crisv32-* | etraxfs*)
+		basic_machine=crisv32-axis
+		;;
 	cris | cris-* | etrax*)
 		basic_machine=cris-axis
 		;;
+	crx)
+		basic_machine=crx-unknown
+		os=-elf
+		;;
 	da30 | da30-*)
 		basic_machine=m68k-da30
 		;;
@@ -462,6 +502,10 @@
 		basic_machine=m88k-motorola
 		os=-sysv3
 		;;
+	djgpp)
+		basic_machine=i586-pc
+		os=-msdosdjgpp
+		;;
 	dpx20 | dpx20-*)
 		basic_machine=rs6000-bull
 		os=-bosx
@@ -515,10 +559,6 @@
 		basic_machine=h8500-hitachi
 		os=-hms
 		;;
-	sr2201*)
-		basic_machine=harp1e-hitachi
-		os=-hiuxmpp
-		;;
 	harris)
 		basic_machine=m88k-harris
 		os=-sysv3
@@ -644,10 +684,6 @@
 	mips3*)
 		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
 		;;
-	mmix*)
-		basic_machine=mmix-knuth
-		os=-mmixware
-		;;
 	monitor)
 		basic_machine=m68k-rom68k
 		os=-coff
@@ -735,9 +771,12 @@
 		basic_machine=hppa1.1-oki
 		os=-proelf
 		;;
-	or32 | or32-*)
+	openrisc | openrisc-*)
 		basic_machine=or32-unknown
-		os=-coff
+		;;
+	os400)
+		basic_machine=powerpc-ibm
+		os=-os400
 		;;
 	OSE68000 | ose68000)
 		basic_machine=m68000-ericsson
@@ -770,18 +809,24 @@
 	pentiumpro | p6 | 6x86 | athlon | athlon_*)
 		basic_machine=i686-pc
 		;;
-	pentiumii | pentium2)
+	pentiumii | pentium2 | pentiumiii | pentium3)
 		basic_machine=i686-pc
 		;;
+	pentium4)
+		basic_machine=i786-pc
+		;;
 	pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
 		basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
 		;;
 	pentiumpro-* | p6-* | 6x86-* | athlon-*)
 		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
 		;;
-	pentiumii-* | pentium2-*)
+	pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
 		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
 		;;
+	pentium4-*)
+		basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
 	pn)
 		basic_machine=pn-gould
 		;;
@@ -840,6 +885,10 @@
 	sb1el)
 		basic_machine=mipsisa64sb1el-unknown
 		;;
+	sei)
+		basic_machine=mips-sei
+		os=-seiux
+		;;
 	sequent)
 		basic_machine=i386-sequent
 		;;
@@ -847,6 +896,9 @@
 		basic_machine=sh-hitachi
 		os=-hms
 		;;
+	sh64)
+		basic_machine=sh64-unknown
+		;;
 	sparclite-wrs | simso-wrs)
 		basic_machine=sparclite-wrs
 		os=-vxworks
@@ -913,10 +965,6 @@
 		basic_machine=i386-sequent
 		os=-dynix
 		;;
-	t3d)
-		basic_machine=alpha-cray
-		os=-unicos
-		;;
 	t3e)
 		basic_machine=alphaev5-cray
 		os=-unicos
@@ -925,14 +973,18 @@
 		basic_machine=t90-cray
 		os=-unicos
 		;;
-        tic4x | c4x*)
-		basic_machine=tic4x-unknown
-		os=-coff
-		;;
 	tic54x | c54x*)
 		basic_machine=tic54x-unknown
 		os=-coff
 		;;
+	tic55x | c55x*)
+		basic_machine=tic55x-unknown
+		os=-coff
+		;;
+	tic6x | c6x*)
+		basic_machine=tic6x-unknown
+		os=-coff
+		;;
 	tx39)
 		basic_machine=mipstx39-unknown
 		;;
@@ -946,6 +998,10 @@
 	tower | tower-32)
 		basic_machine=m68k-ncr
 		;;
+	tpf)
+		basic_machine=s390x-ibm
+		os=-tpf
+		;;
 	udi29k)
 		basic_machine=a29k-amd
 		os=-udi
@@ -989,6 +1045,10 @@
 		basic_machine=hppa1.1-winbond
 		os=-proelf
 		;;
+	xbox)
+		basic_machine=i686-pc
+		os=-mingw32
+		;;
 	xps | xps100)
 		basic_machine=xps100-honeywell
 		;;
@@ -1019,6 +1079,9 @@
 	romp)
 		basic_machine=romp-ibm
 		;;
+	mmix)
+		basic_machine=mmix-knuth
+		;;
 	rs6000)
 		basic_machine=rs6000-ibm
 		;;
@@ -1035,13 +1098,10 @@
 	we32k)
 		basic_machine=we32k-att
 		;;
-	sh3 | sh4 | sh3eb | sh4eb | sh[1234]le | sh3ele)
+	sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele)
 		basic_machine=sh-unknown
 		;;
-	sh64)
-		basic_machine=sh64-unknown
-		;;
-	sparc | sparcv9 | sparcv9b)
+	sparc | sparcv8 | sparcv9 | sparcv9b)
 		basic_machine=sparc-sun
 		;;
 	cydra)
@@ -1114,19 +1174,21 @@
 	      | -aos* \
 	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
 	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
-	      | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \
-	      | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+	      | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* | -openbsd* \
+	      | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+	      | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
 	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
 	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
 	      | -chorusos* | -chorusrdb* \
 	      | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
-	      | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \
+	      | -mingw32* | -linux-gnu* | -linux-uclibc* | -uxpv* | -beos* | -mpeix* | -udk* \
 	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
 	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
 	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
 	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
 	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
-	      | -powermax* | -dnix*)
+	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+	      | -skyos* | -haiku*)
 	# Remember, each alternative MUST END IN *, to match a version number.
 		;;
 	-qnx*)
@@ -1144,12 +1206,15 @@
 		os=`echo $os | sed -e 's|nto|nto-qnx|'`
 		;;
 	-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
-	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* \
+	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
 	      | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
 		;;
 	-mac*)
 		os=`echo $os | sed -e 's|mac|macos|'`
 		;;
+	-linux-dietlibc)
+		os=-linux-dietlibc
+		;;
 	-linux*)
 		os=`echo $os | sed -e 's|linux|linux-gnu|'`
 		;;
@@ -1162,6 +1227,9 @@
 	-opened*)
 		os=-openedition
 		;;
+        -os400*)
+		os=-os400
+		;;
 	-wince*)
 		os=-wince
 		;;
@@ -1183,6 +1251,9 @@
 	-atheos*)
 		os=-atheos
 		;;
+	-syllable*)
+		os=-syllable
+		;;
 	-386bsd)
 		os=-bsd
 		;;
@@ -1205,6 +1276,9 @@
 	-sinix*)
 		os=-sysv4
 		;;
+        -tpf*)
+		os=-tpf
+		;;
 	-triton*)
 		os=-sysv3
 		;;
@@ -1235,6 +1309,15 @@
 	-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
 		os=-mint
 		;;
+	-aros*)
+		os=-aros
+		;;
+	-kaos*)
+		os=-kaos
+		;;
+	-zvmoe)
+		os=-zvmoe
+		;;
 	-none)
 		;;
 	*)
@@ -1266,6 +1349,9 @@
 	arm*-semi)
 		os=-aout
 		;;
+    c4x-* | tic4x-*)
+        os=-coff
+        ;;
 	# This must come before the *-dec entry.
 	pdp10-*)
 		os=-tops20
@@ -1309,9 +1395,15 @@
 	*-be)
 		os=-beos
 		;;
+	*-haiku)
+		os=-haiku
+		;;
 	*-ibm)
 		os=-aix
 		;;
+    	*-knuth)
+		os=-mmixware
+		;;
 	*-wec)
 		os=-proelf
 		;;
@@ -1444,9 +1536,15 @@
 			-mvs* | -opened*)
 				vendor=ibm
 				;;
+			-os400*)
+				vendor=ibm
+				;;
 			-ptx*)
 				vendor=sequent
 				;;
+			-tpf*)
+				vendor=ibm
+				;;
 			-vxsim* | -vxworks* | -windiss*)
 				vendor=wrs
 				;;
@@ -1471,7 +1569,7 @@
 esac
 
 echo $basic_machine$os
-exit 0
+exit
 
 # Local variables:
 # eval: (add-hook 'write-file-hooks 'time-stamp)
--- sudo-1.6.8p12.orig/sudoers
+++ sudo-1.6.8p12/sudoers
@@ -1,10 +1,17 @@
 # sudoers file.
 #
 # This file MUST be edited with the 'visudo' command as root.
+# 'visudo' edits the suoders file in a safe fashion. visudo
+# locks the sudoers file against multiple simultaneous edits,
+# provides basic sanity checks, and checks for syntax errors. If
+# the sudoers file is currently being edited you will receive a 
+# message to try again later.
 #
 # See the sudoers man page for the details on how to write a sudoers file.
 #
 
+# Defaults syslog=auth, secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin"
+
 # Host alias specification
 
 # User alias specification
--- sudo-1.6.8p12.orig/debian/dirs
+++ sudo-1.6.8p12/debian/dirs
@@ -0,0 +1,7 @@
+etc/pam.d
+usr/bin
+usr/share/man/man8
+usr/share/man/man5
+usr/sbin
+usr/share/doc/sudo/examples
+usr/share/lintian/overrides
--- sudo-1.6.8p12.orig/debian/docs
+++ sudo-1.6.8p12/debian/docs
@@ -0,0 +1,9 @@
+debian/OPTIONS 
+BUGS 
+RUNSON 
+UPGRADE 
+PORTING
+TODO 
+HISTORY 
+README 
+TROUBLESHOOTING
--- sudo-1.6.8p12.orig/debian/sudo-ldap.init.d
+++ sudo-1.6.8p12/debian/sudo-ldap.init.d
@@ -0,0 +1,31 @@
+#! /bin/sh
+
+### BEGIN INIT INFO
+# Provides:          sudu
+# Required-Start:    $local_fs $remote_fs
+# Required-Stop:
+# Default-Start:     S 1 2 3 4 5
+# Default-Stop:      0 6
+### END INIT INFO
+
+N=/etc/init.d/sudo
+
+set -e
+
+case "$1" in
+  start)
+	# make sure privileges don't persist across reboots
+	if [ -d /var/run/sudo ]
+	then
+                find /var/run/sudo -type f -exec touch -t 198501010000 '{}' \;
+	fi
+	;;
+  stop|reload|restart|force-reload)
+	;;
+  *)
+	echo "Usage: $N {start|stop|restart|force-reload}" >&2
+	exit 1
+	;;
+esac
+
+exit 0
--- sudo-1.6.8p12.orig/debian/control
+++ sudo-1.6.8p12/debian/control
@@ -0,0 +1,32 @@
+Source: sudo
+Section: admin
+Priority: optional
+Maintainer: Bdale Garbee <bdale@gag.com>
+Build-Depends: debhelper (>= 5), libpam0g-dev, libldap2-dev
+Standards-Version: 3.6.2.1
+
+Package: sudo
+Architecture: any
+Depends: ${shlibs:Depends}, libpam-modules
+Conflicts: sudo-ldap
+Replaces: sudo-ldap
+Description: Provide limited super user privileges to specific users
+ Sudo is a program designed to allow a sysadmin to give limited root
+ privileges to users and log root activity.  The basic philosophy is to give
+ as few privileges as possible but still allow people to get their work done.
+ .
+ This version is built with minimal shared library dependencies, use the
+ sudo-ldap package instead if you need LDAP support.
+
+Package: sudo-ldap
+Architecture: any
+Depends: ${shlibs:Depends}, libpam-modules
+Conflicts: sudo
+Replaces: sudo
+Provides: sudo
+Description: Provide limited super user privileges to specific users
+ Sudo is a program designed to allow a sysadmin to give limited root
+ privileges to users and log root activity.  The basic philosophy is to give
+ as few privileges as possible but still allow people to get their work done.
+ .
+ This version is built with LDAP support.
--- sudo-1.6.8p12.orig/debian/sudo-ldap.postrm
+++ sudo-1.6.8p12/debian/sudo-ldap.postrm
@@ -0,0 +1,21 @@
+#! /bin/sh
+
+set -e
+
+case "$1" in
+       purge)
+	rm -f /etc/sudoers
+        ;;
+
+       remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+        ;;
+
+    *)
+        echo "postrm called with unknown argument \`$1'" >&2
+        exit 1
+
+esac
+
+#DEBHELPER#
+
+exit 0
--- sudo-1.6.8p12.orig/debian/prerm
+++ sudo-1.6.8p12/debian/prerm
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+check_password() {
+   if [ ! "$SUDO_FORCE_REMOVE" = "yes" ]; then
+        # let's check whether the root account is locked.
+        # if it is, we're not going another step. No Sirreee!
+        passwd=$(getent shadow root|cut -f2 -d:)
+        if [ "$passwd" = "*" -o "$passwd" = "!" ]; then
+            # yup, password is locked
+            echo "You have asked that the sudo package be removed,"
+            echo "but no root password has been set."
+            echo "Without sudo, you may not be able to gain administrative privileges."
+            echo
+            echo "If you would prefer to access the root account with su(1)"
+            echo "or by logging in directly,"
+            echo "you must set a root password with \"sudo passwd\"."
+            echo 
+            echo "If you have arranged other means to access the root account,"
+            echo "and you are sure this is what you want,"
+            echo "you may bypass this check by setting an environment variable "
+            echo "(export SUDO_FORCE_REMOVE=yes)."
+            echo
+            echo "Refusing to remove sudo."
+            exit 1
+        fi
+   fi
+}
+        
+case $1 in
+        remove)
+                check_password;
+                ;;
+        *)
+                ;;
+esac
--- sudo-1.6.8p12.orig/debian/rules
+++ sudo-1.6.8p12/debian/rules
@@ -0,0 +1,140 @@
+#!/usr/bin/make -f
+
+export DH_VERBOSE=1
+
+CFLAGS = -O2 -Wall -Wno-comment
+ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS)))
+CFLAGS += -g
+endif
+export CFLAGS
+
+build: config-stamp
+config-stamp:
+	dh_testdir
+
+	# simple version
+	mkdir -p build-simple
+	cd build-simple && ../configure --prefix=/usr -v \
+		--with-all-insults \
+		--with-exempt=sudo --with-pam --with-fqdn \
+		--with-logging=syslog --with-logfac=authpriv \
+		--with-env-editor --with-editor=/usr/bin/editor \
+		--with-timeout=15 --with-password-timeout=0 \
+		--disable-root-mailer --disable-setresuid \
+		--with-sendmail=/usr/sbin/sendmail \
+		--without-lecture \
+		--with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin"
+
+	# LDAP version
+	mkdir -p build-ldap
+	cd build-ldap && ../configure --prefix=/usr -v \
+		--with-all-insults \
+		--with-exempt=sudo --with-pam --with-ldap --with-fqdn \
+		--with-logging=syslog --with-logfac=authpriv \
+		--with-env-editor --with-editor=/usr/bin/editor \
+		--with-timeout=15 --with-password-timeout=0 \
+		--disable-root-mailer --disable-setresuid \
+		--with-sendmail=/usr/sbin/sendmail \
+		--with-ldap-conf-file=/etc/ldap/ldap.conf \
+		--with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin"
+
+	touch config-stamp
+
+build: build-stamp
+build-stamp: config-stamp
+	dh_testdir
+
+	-$(MAKE) -C build-simple
+	-$(MAKE) -C build-ldap
+
+	touch build-stamp
+
+clean:
+	dh_testdir
+	dh_testroot
+	rm -f config-stamp build-stamp
+	rm -rf build-simple build-ldap
+	rm -f config.cache
+
+	-test -r /usr/share/misc/config.sub && \
+		cp -f /usr/share/misc/config.sub config.sub
+	-test -r /usr/share/misc/config.guess && \
+		cp -f /usr/share/misc/config.guess config.guess
+
+	dh_clean
+
+install: build-stamp
+	dh_testdir
+	dh_testroot
+	dh_clean -k
+	dh_installdirs
+
+	# simple version
+	install -o root -g root -m 4755 -s build-simple/sudo debian/sudo/usr/bin/sudo
+	ln -sf sudo debian/sudo/usr/bin/sudoedit
+	install -o root -g root -m 0755 -s build-simple/visudo \
+		debian/sudo/usr/sbin/visudo
+	install -o root -g root -m 0644 build-simple/sudo.man \
+		debian/sudo/usr/share/man/man8/sudo.8 
+	ln -sf sudo.8 debian/sudo/usr/share/man/man8/sudoedit.8
+	install -o root -g root -m 0644 build-simple/visudo.man \
+		debian/sudo/usr/share/man/man8/visudo.8 
+	install -o root -g root -m 0644 build-simple/sudoers.man \
+		debian/sudo/usr/share/man/man5/sudoers.5 
+	install -o root -g root -m 0644 sample.sudoers \
+		debian/sudo/usr/share/doc/sudo/examples/sudoers
+	install -o root -g root -m 0644 debian/sudo.pam \
+		debian/sudo/etc/pam.d/sudo
+
+	install -o root -g root -m 0644 debian/sudo.lintian \
+		debian/sudo/usr/share/lintian/overrides/sudo
+
+	install -o root -g root -m 0644 debian/sudo_root.8 \
+		debian/sudo/usr/share/man/man8/sudo_root.8 
+
+	# LDAP version
+	install -o root -g root -m 4755 -s build-ldap/sudo debian/sudo-ldap/usr/bin/sudo
+	ln -sf sudo debian/sudo-ldap/usr/bin/sudoedit
+	install -o root -g root -m 0755 -s build-ldap/visudo debian/sudo-ldap/usr/sbin/visudo
+	install -o root -g root -m 0644 build-ldap/sudo.man \
+		debian/sudo-ldap/usr/share/man/man8/sudo.8 
+	ln -sf sudo.8 debian/sudo-ldap/usr/share/man/man8/sudoedit.8
+	install -o root -g root -m 0644 build-ldap/visudo.man \
+		debian/sudo-ldap/usr/share/man/man8/visudo.8 
+	install -o root -g root -m 0644 build-ldap/sudoers.man \
+		debian/sudo-ldap/usr/share/man/man5/sudoers.5 
+	install -o root -g root -m 0644 sample.sudoers \
+		debian/sudo-ldap/usr/share/doc/sudo-ldap/examples/sudoers
+	install -o root -g root -m 0644 debian/sudo.pam \
+		debian/sudo-ldap/etc/pam.d/sudo
+
+	install -o root -g root -m 0644 debian/sudo-ldap.lintian \
+		debian/sudo-ldap/usr/share/lintian/overrides/sudo-ldap
+
+	install -o root -g root -m 0644 debian/sudo_root.8 \
+		debian/sudo/usr/share/man/man8/sudo_root.8 
+
+binary-indep: build install
+
+binary-arch: build install
+	dh_testdir
+	dh_testroot
+	dh_installdocs
+	dh_installexamples -A
+#	dh_installinit -psudo -psudo-ldap
+	dh_installmanpages fnmatch.3
+	dh_installinfo -A
+	dh_installchangelogs CHANGES
+	dh_strip
+	dh_compress
+	dh_fixperms
+	chown root.root debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo
+	chmod 4755 debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo
+	dh_installdeb
+	dh_shlibdeps
+	dh_gencontrol
+	dh_md5sums
+	dh_builddeb
+
+binary: binary-indep binary-arch
+.PHONY: build clean binary-indep binary-arch binary install
--- sudo-1.6.8p12.orig/debian/changelog
+++ sudo-1.6.8p12/debian/changelog
@@ -0,0 +1,769 @@
+sudo (1.6.8p12-1ubuntu6) dapper; urgency=low
+
+  * env.c: Preserve additional environment variables for non-almighty sudoers:
+    HOME, LOGNAME, DISPLAY, XAUTHORITY, XAUTHORIZATION. Closes: LP#44500
+
+ -- Martin Pitt <martin.pitt@ubuntu.com>  Wed, 17 May 2006 09:29:15 +0200
+
+sudo (1.6.8p12-1ubuntu5) dapper; urgency=low
+
+  * env.c: Unbreak the env_keep option. Closes: LP#31690
+  * sudoers: Add some explanatory text why it is a REALLY good idea to use
+    visudo. Closes: LP#11620
+
+ -- Martin Pitt <martin.pitt@ubuntu.com>  Tue, 28 Mar 2006 18:52:24 +0200
+
+sudo (1.6.8p12-1ubuntu4) dapper; urgency=low
+
+  * Remove the init script, it only cleans up /var/run which is a tmpfs.
+
+ -- Scott James Remnant <scott@ubuntu.com>  Wed, 22 Feb 2006 16:28:42 +0000
+
+sudo (1.6.8p12-1ubuntu3) dapper; urgency=low
+
+  * Add debian/sudo_root.8: Introduction about root handling in ubuntu with
+    sudo.
+  * debian/rules: Install that new manpage into sudo and sudo-ldap.
+
+ -- Martin Pitt <martin.pitt@ubuntu.com>  Wed,  8 Feb 2006 17:01:50 +0100
+
+sudo (1.6.8p12-1ubuntu2) dapper; urgency=low
+
+  * sudo.c: If the user successfully authenticated and he is in the 'admin'
+    group, then create a stamp ~/.sudo_as_admin_successful. A future
+    /etc/profile will evaluate this flag to display a short help about how to
+    execute things as root.
+
+ -- Martin Pitt <martin.pitt@ubuntu.com>  Wed, 18 Jan 2006 09:32:02 +0100
+
+sudo (1.6.8p12-1ubuntu1) dapper; urgency=low
+
+  * Resynchronise with Debian, clean up cruft from Ubuntu diff.
+  * debian/postinst: Do not set env_reset flag in newly created sudoers files;
+    it's incompatible with upgrades.
+  * Clean up environment variable handling to fix vulns like CVE-2005-4158 and
+    CVE-2006-0151 once and for all: Only keep known-good variables if user has
+    limited sudo privileges (blacklist -> whitelist) and keep them all for
+    users with unlimited command privileges (to not drive admins and
+    developers up the wall which actually need to pass env variables from time
+    to time).
+    - parse.h, parse.yacc:
+      + Add a new flag 'cmdall' to the matchstack, and a new macro 'cmnd_all'
+        to access it.
+      + In the "cmnd" grammar rule: Set cmdall to TRUE if command specifier is
+        'ALL', otherwise to FALSE.
+    - sudo.tab.cc: Re-yaccified to match changes to parse.yacc.
+    - sudo.h: Add new sudoers_lookup() return flag FLAG_CMND_ALL.
+    - parse.c, sudoers_lookup(): Set flag FLAG_CMND_ALL if cmnd_all matched.
+    - ldap.c:
+      + sudo_ldap_check_command(): Add return parameter all, set to true
+        if command specifier is 'ALL'.
+      + sudo_ldap_check(): Set flag FLAG_CMND_ALL if sudo_ldap_check_command()
+        returned all=1.
+    - env.c:
+      + Apply Martin Schulze's patch to switch from blacklist to whitelist
+        environment cleaning.
+      + Add parameter 'noclean' to rebuild_env(); if it is != 0, environment
+        variables are not cleaned.
+    - sudo.c: Call rebuild_env() with noclean=1 if FLAG_CMND_ALL is set.
+
+ -- Martin Pitt <martin.pitt@ubuntu.com>  Tue, 17 Jan 2006 10:03:05 +0100
+
+sudo (1.6.8p12-1) unstable; urgency=low
+
+  * new upstream version, closes: #342948 (CVE-2005-4158)
+  * add env_reset to the sudoers file we create if none already exists,
+    as a further precaution in response to discussion about CVS-2005-4158
+  * split ldap support into a new sudo-ldap package.  I was trying to avoid
+    doing this, but the impact of going from 4 to 17 linked shlibs on the 
+    autobuilder chroots is sufficient motivation for me.
+    closes: #344034
+
+ -- Bdale Garbee <bdale@gag.com>  Wed, 28 Dec 2005 13:49:10 -0700
+
+sudo (1.6.8p9-4) unstable; urgency=low
+
+  * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231 
+  * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
+    timestamps in the init.d script, closes: #330868
+  * add dependency header to init.d script, closes: #332849
+
+ -- Bdale Garbee <bdale@gag.com>  Sat, 10 Dec 2005 07:47:07 -0800
+
+sudo (1.6.8p9-3ubuntu4) dapper; urgency=low
+
+  * Revert addition of sudo -t, i. e. revert to version 1.6.8p9-3ubuntu1. As
+    per TB discussion, we will not use sudo for implementing
+    https://wiki.ubuntu.com/HideAdminToolsToUsers.
+
+ -- Martin Pitt <martin.pitt@ubuntu.com>  Tue, 29 Nov 2005 23:27:42 +0100
+
+sudo (1.6.8p9-3ubuntu3) dapper; urgency=low
+
+  * sudo.c: Log failures even in test mode, to avoid the possibility of
+    silently poking around for interesting sudo privileges. This will generate
+    a lot of auth log clutter in the desktop case, but will not change sudo
+    semantics where it matters (on servers).
+
+ -- Martin Pitt <martin.pitt@ubuntu.com>  Thu, 17 Nov 2005 10:35:04 +0100
+
+sudo (1.6.8p9-3ubuntu2) dapper; urgency=low
+
+  * Add option -t which only tests whether the given command can be executed
+    and does not require a password. This is required for the
+    https://wiki.ubuntu.com/HideAdminToolsToUsers spec.
+  * sudo.h: Add MODE_TESTONLY mode.
+  * sudo.c: Add -t parsing and do not actually run the command in test mode,
+    just return success or failure. Also, add the new option to the "usage"
+    output.
+  * sudo.pod: Document new -t option.
+  * Put patch into debian/ubuntu-patches/sudo.add-test-option.patch to have
+    it separate for future merges (requires a manual "make sudo.man.in" to
+    actually run pod2man).
+
+ -- Martin Pitt <martin.pitt@ubuntu.com>  Wed,  9 Nov 2005 17:40:43 -0500
+
+sudo (1.6.8p9-3ubuntu1) dapper; urgency=low
+
+  * Resynchronise with Debian.
+
+ -- Martin Pitt <martin.pitt@ubuntu.com>  Wed,  9 Nov 2005 17:12:06 -0500
+
+sudo (1.6.8p9-3) unstable; urgency=high
+
+  * update debhelper compatibility level from 2 to 4
+  * add man page symlink for sudoedit
+  * Clean SHELLOPTS and PS4 from the environment before executing programs
+    with sudo permissions [env.c, CAN-2005-2959]
+  * fix typo in manpage pointed out by Moray Allen, closes: #285995
+  * fix paths in sample complex sudoers file, closes: #303542
+  * fix type in sudoers man page, closes: #311244
+
+ -- Bdale Garbee <bdale@gag.com>  Wed, 28 Sep 2005 01:18:04 -0600
+
+sudo (1.6.8p9-2ubuntu2) breezy; urgency=low
+
+  * debian/init.d: When resetting the timestamps of the tty tags, actually
+    touch the files, not the per-user directories. Since bootclean.sh removes
+    /var/run/* anyway, this is no big deal, but clean it up anyway for the
+    sake of correctness. (Ubuntu #16594)
+
+ -- Martin Pitt <martin.pitt@ubuntu.com>  Fri, 30 Sep 2005 09:52:27 +0200
+
+sudo (1.6.8p9-2ubuntu1) breezy; urgency=low
+
+  * Resynchronise with Debian, resolve merging conflicts and unscramble
+    changelog.
+
+ -- Martin Pitt <martin.pitt@ubuntu.com>  Thu,  7 Jul 2005 09:01:48 +0000
+
+sudo (1.6.8p9-2) unstable; urgency=high
+
+  * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
+    closes: #305735
+
+ -- Bdale Garbee <bdale@gag.com>  Tue, 28 Jun 2005 16:18:47 -0400
+
+sudo (1.6.8p9-1) unstable; urgency=high
+
+  * new upstream version, fixes a race condition in sudo's pathname
+    validation, which is a security issue (CAN-2005-1993), 
+    closes: #315115, #315718
+
+ -- Bdale Garbee <bdale@gag.com>  Tue, 28 Jun 2005 15:33:11 -0400
+
+sudo (1.6.8p7-1) unstable; urgency=low
+
+  * new upstream version, closes: #299585
+  * update lintian overrides to squelch the postinst warning
+  * change sudoedit from a hard to a soft link, closes: #296896
+  * fix regex doc in sudoers man page, closes: #300361
+
+ -- Bdale Garbee <bdale@gag.com>  Sat, 26 Mar 2005 22:18:34 -0700
+
+sudo (1.6.8p5-1ubuntu3) breezy; urgency=low
+
+  * SECURITY UPDATE: Fix privilege escalation.
+  * sudo.c, parse.yacc: safe_cmd contains the actually executed program which
+    is normally taken from /etc/sudoers. However, if sudoers contains "ALL"
+    entries that follow the matching entry, safe_cmd was overwritten with the
+    path the user specified on the command line, which opens up the
+    possibility of executing arbitrary commands by generating symlinks to
+    them.
+  * References:
+    CAN-2005-1993
+    http://www.securityfocus.com/archive/1/402741
+
+ -- Martin Pitt <martin.pitt@ubuntu.com>  Tue, 21 Jun 2005 13:41:05 +0200
+
+sudo (1.6.8p5-1ubuntu2) hoary; urgency=low
+
+  * Add !fqdn to the Defaults so we don't die horribly when localhost doesn't
+    resolve (Ubuntu: 2772)
+
+ -- Thom May <thom@ubuntu.com>  Wed,  2 Mar 2005 20:34:20 +0000
+
+sudo (1.6.8p5-1ubuntu1) hoary; urgency=low
+
+  * Resync with Debian
+
+ -- LaMont Jones <lamont@canonical.com>  Mon,  6 Dec 2004 09:31:28 -0700
+
+sudo (1.6.8p5-1) unstable; urgency=high
+
+  * new upstream version
+  * restores ability to use config tuples without a value, which was causing
+    problems on upgrade closes: #283306
+  * deliver sudoedit, closes: #283078
+  * marking urgency high since 283306 is a serious upgrade incompatibility
+
+ -- Bdale Garbee <bdale@gag.com>  Fri,  3 Dec 2004 10:11:16 -0700
+
+sudo (1.6.8p3-2) unstable; urgency=high
+
+  * update pam.d deliverable so ldap works again, closes: #282191
+
+ -- Bdale Garbee <bdale@gag.com>  Mon, 22 Nov 2004 11:44:46 -0700
+
+sudo (1.6.8p3-1) unstable; urgency=high
+
+  * new upstream version, fixes a flaw in sudo's environment sanitizing that 
+    could allow a malicious user with permission to run a shell script that 
+    utilized the bash shell to run arbitrary commands, closes: #281665
+  * patch the sample sudoers to have the proper path for kill on Debian
+    systems, closes: #263486
+  * patch the sudo manpage to reflect Debian's choice of exempt_group 
+    default setting, closes: #236465
+  * patch the sudo manpage to reflect Debian's choice of no timeout on the
+    password prompt, closes: #271194
+
+ -- Bdale Garbee <bdale@gag.com>  Tue, 16 Nov 2004 23:23:41 -0700
+
+sudo (1.6.7p5-2ubuntu2) hoary; urgency=low
+
+  * SECURITY UPDATE: fix input validation flaw
+  * env.c, rebuild_env(): skip variables with values beginnig with "()" to
+    ignore exported bash functions in the sudo environment; this prevents
+    introducing malicious functions with the name of commands that are
+    executed without full path
+  * References:
+    http://www.sudo.ws/sudo/alerts/bash_functions.html
+
+ -- Martin Pitt <martin.pitt@canonical.com>  Wed, 17 Nov 2004 18:54:30 +0100
+
+sudo (1.6.7p5-2ubuntu1) hoary; urgency=low
+
+  * Resynchronise with Debian.
+
+ -- Scott James Remnant <scott@canonical.com>  Wed, 27 Oct 2004 15:06:39 +0100
+
+sudo (1.6.7p5-2) unstable; urgency=low
+
+  * Jeff Bailey reports that seteuid works on current sparc systems, so we
+    no longer need the "grosshack" stuff in the sudo rules file
+  * add a postrm that removes /etc/sudoers on purge.  don't do this with the
+    normal conffile mechanism since it would generate noise on every upgrade,
+    closes: #245405
+
+ -- Bdale Garbee <bdale@gag.com>  Tue, 20 Jul 2004 12:29:48 -0400
+
+sudo (1.6.7p5-1ubuntu4) warty; urgency=low
+
+  * Disable lecture by default. (Warty #987)
+
+ -- Thom May <thom@canonical.com>  Wed,  6 Oct 2004 14:31:31 +0100
+
+sudo (1.6.7p5-1ubuntu3) warty; urgency=low
+
+  * Refuse to remove sudo if the root password is not set and the user is
+    running us via sudo
+
+ -- Thom May <thom@canonical.com>  Mon, 27 Sep 2004 15:30:09 +0100
+
+sudo (1.6.7p5-1ubuntu2) warty; urgency=low
+
+  * Add 'Defaults !lecture,tty_tickets' to initial sudoers file.
+
+ -- Colin Watson <cjwatson@flatline.org.uk>  Mon, 23 Aug 2004 21:03:15 +0100
+
+sudo (1.6.7p5-1ubuntu1) warty; urgency=low
+
+  * Remove /etc/sudoers on purge. (Closes: #245405)
+
+ -- Fabio M. Di Nitto <fabbione@fabbione.net>  Mon, 19 Jul 2004 09:42:04 +0200
+
+sudo (1.6.7p5-1) unstable; urgency=low
+
+  * new upstream version, closes: #190265, #193222, #197244
+  * change from '.' to ':' in postinst chown call, closes: #208369
+
+ -- Bdale Garbee <bdale@gag.com>  Tue,  2 Sep 2003 21:27:06 -0600
+
+sudo (1.6.7p3-2) unstable; urgency=low
+
+  * add --disable-setresuid to configure call since 2.2 kernels don't support
+    setresgid, closes: #189044
+  * cosmetic cleanups to debian/rules as long as I'm there
+
+ -- Bdale Garbee <bdale@gag.com>  Tue, 15 Apr 2003 16:04:48 -0600
+
+sudo (1.6.7p3-1) unstable; urgency=low
+
+  * new upstream version
+  * add overrides to quiet lintian about things it doesn't understand,
+    except the source one that can't be overridden until 129510 is fixed
+
+ -- Bdale Garbee <bdale@gag.com>  Mon,  7 Apr 2003 17:34:05 -0600
+
+sudo (1.6.6-3) unstable; urgency=low
+
+  * add code to rules file to update config.sub/guess, closes: #164501
+
+ -- Bdale Garbee <bdale@gag.com>  Sat, 12 Oct 2002 15:35:22 -0600
+
+sudo (1.6.6-2) unstable; urgency=low
+
+  * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
+    configure, and lose the build dependency on mail-transport-agent
+  * incorporate changes from LaMont's NMU, closes: #144665, #144737
+  * update init.d to not try and set time on nonexistent timestamp files, 
+    closes: #132616
+  * build with --with-all-insults, admin must edit sudoers to turn insults 
+    on at runtime if desired, closes: #135374
+  * stop setting /usr/doc symlink in postinst
+
+ -- Bdale Garbee <bdale@gag.com>  Sat, 12 Oct 2002 01:54:24 -0600
+
+sudo (1.6.6-1.1) unstable; urgency=high
+
+  * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
+  * Revert patch to auth/pam.c that left pass uninitialized, causing a
+    segfault (Closes: #144665).
+
+ -- LaMont Jones <lamont@debian.org>  Fri, 26 Apr 2002 22:36:04 -0600
+
+sudo (1.6.6-1) unstable; urgency=high
+
+  * new upstream version, fixes security problem with crafty prompts, 
+    closes: #144540
+
+ -- Bdale Garbee <bdale@gag.com>  Thu, 25 Apr 2002 12:45:49 -0600
+
+sudo (1.6.5p1-4) unstable; urgency=high
+
+  * apply patch for auth/pam.c to fix yet another way to make sudo segfault
+    if ctrl/C'ed at password prompt, closes: #131235
+
+ -- Bdale Garbee <bdale@gag.com>  Sun,  3 Mar 2002 23:18:56 -0700
+
+sudo (1.6.5p1-3) unstable; urgency=high
+
+  * ugly hack to add --disable-saved-ids when building on sparc in response 
+    to 131592, which will be reassigned to glibc for a real fix
+  * urgency high since the sudo currently in testing for sparc is worthless
+
+ -- Bdale Garbee <bdale@gag.com>  Sun, 17 Feb 2002 22:42:10 -0700
+
+sudo (1.6.5p1-2) unstable; urgency=high
+
+  * patch from upstream to fix seg faults caused by versions of pam that
+    follow a NULL pointer, closes: #129512
+
+ -- Bdale Garbee <bdale@gag.com>  Tue, 22 Jan 2002 01:50:13 -0700
+
+sudo (1.6.5p1-1) unstable; urgency=high
+
+  * new upstream version
+  * add --disable-root-mailer option supported by new version to configure 
+    call in rules file, closes: #129648
+
+ -- Bdale Garbee <bdale@gag.com>  Fri, 18 Jan 2002 11:29:37 -0700
+
+sudo (1.6.4p1-1) unstable; urgency=high
+
+  * new upstream version, with fix for segfaulting problem in 1.6.4
+
+ -- Bdale Garbee <bdale@gag.com>  Mon, 14 Jan 2002 20:09:46 -0700
+
+sudo (1.6.4-1) unstable; urgency=high
+
+  * new upstream version, includes an important security fix, closes: #127576
+
+ -- Bdale Garbee <bdale@gag.com>  Mon, 14 Jan 2002 09:35:48 -0700
+
+sudo (1.6.3p7-5) unstable; urgency=low
+
+  * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
+  * fix spelling error in init.d, closes: #126847
+
+ -- Bdale Garbee <bdale@gag.com>  Sat, 29 Dec 2001 11:21:43 -0700
+
+sudo (1.6.3p7-4) unstable; urgency=medium
+
+  * use touch to set status files to an ancient date instead of removing them
+    outright on reboot.  this achieves the desired effect of keeping elevated 
+    privs from living across reboots, without forcing everyone to see the 
+    new-sudo-user lecture after every reboot.  pick a time that's 'old enough'
+    for systems with good clocks, and 'recent enough' that broken PC hardware
+    setting the clock to commonly-seen bogus dates trips over the "don't trust
+    future timestamps" rule.  closes: #76529, #123559
+  * apply patch from Steve Langasek to fix seg faults due to interaction with
+    PAM code.  upstream confirms the problem, and says they're fixing this 
+    differently for their next release... but this should be useful in the 
+    meantime, and would be good to get into woody.  closes: #119147
+  * only run the init.d at boot, not on each runlevel change... and don't run
+    it during package configure.  closes: #125935
+  * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
+
+ -- Bdale Garbee <bdale@gag.com>  Wed, 26 Dec 2001 12:40:44 -0700
+
+sudo (1.6.3p7-3) unstable; urgency=low
+
+  * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not 
+    resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
+  * fix a typo in the manpage, closes: #97368
+  * apply patch to configure.in and run autoconf to fix problem building on
+    the hurd, closes: #96325
+  * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
+    to not last across reboots, closes: #76529
+  * clean up lintian-noticed cosmetic packaging issues
+
+ -- Bdale Garbee <bdale@gag.com>  Sat,  1 Dec 2001 02:59:52 -0700
+
+sudo (1.6.3p7-2) unstable; urgency=low
+
+  * update config.sub/guess for hppa support
+
+ -- Bdale Garbee <bdale@gag.com>  Sun, 22 Apr 2001 23:23:42 -0600
+
+sudo (1.6.3p7-1) unstable; urgency=low
+
+  * new upstream version
+  * add build dependency on mail-transport-agent, closes: #90685
+
+ -- Bdale Garbee <bdale@gag.com>  Thu, 12 Apr 2001 17:02:42 -0600
+
+sudo (1.6.3p6-1) unstable; urgency=high
+
+  * new upstream version, fixes buffer overflow problem, 
+    closes: #87259, #87278, #87263
+  * revert to using --with-secure-path option at build time, since the option
+    available in sudoers is parsed too late to be useful, and upstream says
+    it won't get fixed quickly.  This reopens 85123, which I will mark as
+    forwarded.  Closes: #86199, #86117, #85676
+
+ -- Bdale Garbee <bdale@gag.com>  Mon, 26 Feb 2001 11:02:51 -0700
+
+sudo (1.6.3p5-2) unstable; urgency=low
+
+  * lose the dh_suidregister call since it's obsolete
+  * stop using the --with-secure-path option at build time, and instead show
+    how to set it in sudoers.  Closes: #85123
+  * freshen config.sub and config.guess for ia64 and hppa
+  * update sudoers man page to indicate exempt_group is on by default, 
+    closes: #70847
+
+ -- Bdale Garbee <bdale@gag.com>  Sat, 10 Feb 2001 02:05:17 -0700
+
+sudo (1.6.3p5-1) unstable; urgency=low
+
+  * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
+  * this version restores core dumps before the exec, while leaving them
+    disabled during sudo's internal execution, closes: #58289
+  * update debhelper calls in rules file
+
+ -- Bdale Garbee <bdale@gag.com>  Wed, 16 Aug 2000 00:13:15 -0600
+
+sudo (1.6.2p2-1) frozen unstable; urgency=medium
+
+  * new upstream source resulting from direct collaboration with the upstream
+    author to fix ugly pam-related problems on Debian in 1.6.1 and later.
+    Closes: #56129, #55978, #55979, #56550, #56772
+  * include more upstream documentation, closes: #55054
+  * pam.d fragment update, closes: #56129
+
+ -- Bdale Garbee <bdale@gag.com>  Sun, 27 Feb 2000 11:48:48 -0700
+
+sudo (1.6.1-1) unstable; urgency=low
+
+  * new upstream source, closes: #52750
+
+ -- Bdale Garbee <bdale@gag.com>  Fri,  7 Jan 2000 21:01:42 -0700
+
+sudo (1.6-2) unstable; urgency=low
+
+  * drop suidregister support for this package.  The sudo executable is 
+    essentially worthless unless it is setuid root, and making suidregister
+    work involves shipping a non-setuid executable in the .deb and setting the
+    perms in the postinst.  On a long upgrade run, this can leave the sudo
+    executable 'broken' for a long time, which is unacceptable.  With this
+    version, we ship the executable setuid root in the .deb.  Closes: #51742
+
+ -- Bdale Garbee <bdale@gag.com>  Wed,  1 Dec 1999 19:59:44 -0700
+
+sudo (1.6-1) unstable; urgency=low
+
+  * new upstream version, many options previously set at compile-time are now
+    configurable at runtime.  
+    Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
+  * FHS support
+
+ -- Bdale Garbee <bdale@gag.com>  Tue, 23 Nov 1999 16:51:22 -0700
+
+sudo (1.5.9p4-1) unstable; urgency=low
+
+  * new upstream version, closes: #43464
+  * empty password handling was fixed in 1.5.8, closes: #31863
+
+ -- Bdale Garbee <bdale@gag.com>  Thu, 26 Aug 1999 00:00:57 -0600
+
+sudo (1.5.9p1-1) unstable; urgency=low
+
+  * new upstream version
+
+ -- Bdale Garbee <bdale@gag.com>  Thu, 15 Apr 1999 22:43:29 -0600
+
+sudo (1.5.8p1-1) unstable; urgency=medium
+
+  * new upstream version, closes 33690
+  * add dependency on libpam-modules, closes 34215, 33432
+
+ -- Bdale Garbee <bdale@gag.com>  Mon,  8 Mar 1999 10:27:42 -0700
+
+sudo (1.5.7p4-2) unstable; urgency=medium
+
+  * update the pam fragment provided so that sudo works with latest pam bits,
+    closes 33432
+
+ -- Bdale Garbee <bdale@gag.com>  Sun, 21 Feb 1999 00:22:44 -0700
+
+sudo (1.5.7p4-1) unstable; urgency=low
+
+  * new upstream release
+
+ -- Bdale Garbee <bdale@gag.com>  Sun, 27 Dec 1998 16:13:53 -0700               
+
+sudo (1.5.6p5-1) unstable; urgency=low
+
+  * new upstream patch release
+  * add PAM support, closes 28594
+
+ -- Bdale Garbee <bdale@gag.com>  Mon,  2 Nov 1998 00:00:24 -0700               
+
+sudo (1.5.6p2-2) unstable; urgency=low
+
+  * update copyright file, closes 24136
+  * review and close forwarded bugs believed fixed in this upstream version,
+    closes 17606, 15786.
+
+ -- Bdale Garbee <bdale@gag.com>  Mon,  5 Oct 1998 22:30:43 -0600               
+
+sudo (1.5.6p2-1) unstable; urgency=low
+
+  * new upstream release
+
+ -- Bdale Garbee <bdale@gag.com>  Mon,  5 Oct 1998 22:30:43 -0600               
+
+sudo (1.5.4-4) frozen unstable; urgency=low
+
+  * update postinst to use groupadd, closes 21403
+  * move the suidregister stuff earlier in postinst to ensure it always runs
+
+ -- Bdale Garbee <bdale@gag.com>  Sun, 19 Apr 1998 22:07:45 -0600               
+
+sudo (1.5.4-3) frozen unstable; urgency=low
+
+  * change /etc/sudoers from a conffile to being handled in postinst, 
+    closes 18219
+  * add suidmanager support, closes 15711
+  * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
+    unlikely to ever fix, and which just don't matter.  closes 17146
+  * fix FSF address in copyright file, and submit exception for lintian
+    warning about sudo being setuid root
+
+ -- Bdale Garbee <bdale@gag.com>  Thu,  9 Apr 1998 23:59:11 -0600               
+
+sudo (1.5.4-2) unstable; urgency=high
+ 
+  * patch from upstream author correcting/improving security fix
+  
+ -- Bdale Garbee <bdale@gag.com>  Tue, 13 Jan 1998 10:39:35 -0700               
+
+sudo (1.5.4-1) unstable; urgency=high
+
+  * new upstream version, includes a security fix
+  * change default editor from /bin/ae to /usr/bin/editor
+
+ -- Bdale Garbee <bdale@gag.com>  Mon, 12 Jan 1998 23:36:41 -0700
+
+sudo (1.5.3-1) unstable; urgency=medium
+
+  * new upstream version, closes bug 15911.
+  * rules file reworked to use debhelper
+  * implement a really gross hack to force use of the sudo-provided 
+    lsearch(), since the one in libc6 is broken!  This closes bugs
+    12552, 12557, 14881, 15259, 15916.  
+
+ -- Bdale Garbee <bdale@gag.com>  Sat,  3 Jan 1998 20:39:23 -0700
+
+sudo (1.5.2-6) unstable; urgency=LOW
+
+  * don't install INSTALL in the doc directory, closes bug 13195.
+
+ -- Bdale Garbee <bdale@gag.com>  Sun, 21 Sep 1997 17:10:40 -0600
+
+sudo (1.5.2-5) unstable; urgency=LOW
+
+  * libc6
+
+ -- Bdale Garbee <bdale@gag.com>  Fri,  5 Sep 1997 00:06:22 -0600
+
+sudo (1.5.2-4) unstable; urgency=LOW
+
+  * change TIMEOUT (how long before you have to type your password again)
+    to 15 mins, disable PASSWORD_TIMEOUT.  This makes building large Debian
+    packages on slower machines much more tolerable.  Closes bug 9076.
+  * touch debian/suid before debstd.  Closes bug 8709.
+
+ -- Bdale Garbee <bdale@gag.com>  Sat, 26 Apr 1997 00:48:01 -0600
+
+sudo (1.5.2-3) frozen unstable; urgency=LOW
+
+  * patch from upstream maintainer to close Bug 6828
+  * add a debian/suid file to get debstd to leave my perl postinst alone
+
+ -- Bdale Garbee <bdale@gag.com>  Fri, 11 Apr 1997 23:09:55 -0600
+
+sudo (1.5.2-2) frozen unstable; urgency=LOW
+
+  * change rules to use -O2 -Wall as per standards
+
+ -- Bdale Garbee <bdale@gag.com>  Sun, 6 Apr 1997 12:48:53 -0600
+
+sudo (1.5.2-1) unstable; urgency=LOW
+
+  * new upstream version
+  * cosmetic changes to debian package control files
+
+ -- Bdale Garbee <bdale@gag.com>  Wed, 30 Oct 1996 09:50:00 -0700
+
+sudo (1.5-2) unstable; urgency=LOW
+
+  * add /usr/X11R6/bin to the end of the secure path... this makes it
+    much easier to run xmkmf, etc., during package builds.  To the extent
+    that /usr/local/sbin and /usr/local/bin were already included, I see
+    no security reasons not to add this.
+
+ -- Bdale Garbee <bdale@gag.com>  Wed, 30 Oct 1996 09:44:58 -0700
+
+sudo (1.5-1) unstable; urgency=LOW
+
+  * New upstream version
+  * New maintainer
+  * New packaging format
+
+ -- Bdale Garbee <bdale@gag.com>  Thu, 29 Aug 1996 11:44:22 +0200
+
+Tue Mar  5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
+
+        sudo (1.4.1-1):
+
+        * hard code SECURE_PATH to:
+		"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+	* enable ENV_EDITOR
+
+	* enabled EXEMPTGROUP "sudo"
+
+	* moved timestamp dir to /var/log/sudo
+
+	* changed parser to check for long and short filenames (Bug#1162)
+
+Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
+
+        sudo (1.4.2-1):
+
+	* New upstream source
+
+	* Fixed postinst script
+		(thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
+
+	* Removed special shadow binary. This version works with and without
+	  shadow password file.
+
+Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+        sudo (1.4.2-2):
+
+	* Corrected editor path to /bin/ae (Bug#3062)
+
+	* Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
+
+Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+        sudo (1.4.3-1):
+
+	* New upstream version
+
+	* Changed sudoers permission to 440 (owner root, group root) to make
+	  sudo usable via NFS
+
+Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+        sudo (1.4.3-2):
+
+	* Applied upstream patch 1
+
+Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+        sudo (1.4.3-3):
+
+        * Applied upstream patch 2
+
+Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+        sudo (1.4.3-4):
+
+        * Applied upstream patch 3 (fixes problems with an NFS-mounted
+          sudoers file)
+
+
+Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+        sudo (1.4.3-5):
+
+	* Corrected postinst to use /usr/bin/perl instead of /bin/perl
+	  [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
+
+Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+        sudo (1.4.3-6):
+
+	* Applied upstream patch 4 (fixes several bugs)
+
+	* Changed priority to optional
+
+Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+        sudo (1.4.3-7):
+
+	* Corrected postinst to create correct permission for /etc/sudoers
+	  (Bug#3749)
+
+Fri Aug  2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+        sudo (1.4.4-1):
+
+	* New upstream version
+
+
+sudo (1.4.4-2) admin; urgency=HIGH
+
+	* Fixed major security bug reported by Peter Tobias
+	  <tobias@et-inf.fho-emden.de>
+	* Added dchanges support to debian.rules
+
+sudo (1.4.5-1) admin; urgency=LOW
+
+	* New upstream version
+	* Minor changes to debian.rules
--- sudo-1.6.8p12.orig/debian/sudo_root.8
+++ sudo-1.6.8p12/debian/sudo_root.8
@@ -0,0 +1,135 @@
+.TH sudo_root 8 "February 8, 2006"
+
+.SH NAME
+sudo_root \- How to run administrative commands
+
+.SH SYNOPSIS
+
+.B sudo
+.I command
+
+.B sudo \-i
+
+.SH INTRODUCTION
+
+By default, the password for the user "root" (the system
+administrator) is locked. This means you cannot login as root or use
+su. Instead, the installer will set up sudo to allow the user that is
+created during install to run all administrative commands.
+
+This means that in the terminal you can use sudo for commands that
+require root privileges. All programs in the menu will use a graphical
+sudo to prompt for a password. When sudo asks for a password, it needs
+.B your password, 
+this means that a root password is not needed.
+
+To run a command which requires root privileges in a terminal, simply
+prepend 
+.B sudo
+in front of it. To get an interactive root shell, use
+.B sudo \-i\fR.
+
+.SH ALLOWING OTHER USERS TO RUN SUDO
+
+By default, only the user who installed the system is permitted to run
+sudo. To add more administrators, i. e. users who can run sudo, you
+have to add these users to the group 'admin' by doing one of the
+following steps:
+
+.IP * 2
+In a shell, do
+
+.RS 4
+.B sudo adduser
+.I username
+.B admin
+.RE
+
+.IP * 2
+Use the graphical "Users & Groups" program in the "System settings"
+menu to add the new user to the
+.B admin
+group.
+
+.SH BENEFITS OF USING SUDO
+
+The benefits of leaving root disabled by default include the following:
+
+.IP * 2
+Users do not have to remember an extra password, which they are likely to forget.
+.IP * 2
+The installer is able to ask fewer questions.
+.IP * 2
+It avoids the "I can do anything" interactive login by default \- you
+will be prompted for a password before major changes can happen, which
+should make you think about the consequences of what you are doing.
+.IP * 2
+Sudo adds a log entry of the command(s) run (in \fB/var/log/auth.log\fR).
+.IP * 2
+Every attacker trying to brute\-force their way into your box will
+know it has an account named root and will try that first. What they
+do not know is what the usernames of your other users are.
+.IP * 2
+Allows easy transfer for admin rights, in a short term or long term
+period, by adding and removing users from the admin group, while not
+compromising the root account.
+.IP * 2
+sudo can be set up with a much more fine\-grained security policy.
+
+.SH DOWNSIDES OF USING SUDO
+
+Although for desktops the benefits of using sudo are great, there are
+possible issues which need to be noted:
+
+.IP * 2
+Redirecting the output of commands run with sudo can be confusing at
+first. For instance consider
+
+.RS 4
+.B sudo ls > /root/somefile
+.RE
+
+.RS 2
+will not work since it is the shell that tries to write to that file. You can use 
+.RE
+
+.RS 4
+.B ls | sudo tee /root/somefile
+.RE
+
+.RS 2
+to get the behaviour you want.
+.RE
+
+.IP * 2
+In a lot of office environments the ONLY local user on a system is
+root. All other users are imported using NSS techniques such as
+nss\-ldap. To setup a workstation, or fix it, in the case of a network
+failure where nss\-ldap is broken, root is required. This tends to
+leave the system unusable. An extra local user, or an enabled root
+password is needed here.
+
+.SH GOING BACK TO A TRADITIONAL ROOT ACCOUNT
+
+.B This is not recommended!
+
+To enable the root account (i.e. set a password) use:
+
+.RS 4
+.B sudo passwd root
+.RE
+
+Afterwards, edit
+.B /etc/sudoers
+and comment out the line
+
+.RS 4
+%admin  ALL=(ALL) ALL
+.RE
+
+to disable sudo access to members of the admin group.
+
+.SH SEE ALSO
+.BR sudo (8),
+.B https://wiki.ubuntu.com/RootSudo
+
--- sudo-1.6.8p12.orig/debian/sudo-ldap.postinst
+++ sudo-1.6.8p12/debian/sudo-ldap.postinst
@@ -0,0 +1,62 @@
+#!/usr/bin/perl
+
+# remove old link
+
+unlink ("/etc/alternatives/sudo") if ( -l "/etc/alternatives/sudo");
+
+# make sure we have a sudoers file
+if ( ! -f "/etc/sudoers") {
+
+	print "No /etc/sudoers found... creating one for you.\n";
+
+	open (SUDOERS, "> /etc/sudoers");
+	print SUDOERS "# /etc/sudoers\n",
+	  "#\n",
+	  "# This file MUST be edited with the 'visudo' command as root.\n",
+	  "#\n",
+	  "# See the man page for details on how to write a sudoers file.\n",
+	  "#\n\nDefaults\tenv_reset\n\n",
+	  "# Host alias specification\n\n",
+	  "# User alias specification\n\n",
+	  "# Cmnd alias specification\n\n",
+	  "# User privilege specification\nroot\tALL=(ALL) ALL\n";
+	close SUDOERS;
+
+}
+
+# make sure sudoers has the correct permissions and owner/group
+system ('chown root:root /etc/sudoers');
+system ('chmod 440 /etc/sudoers');
+
+# must do a remove first to un-do the "bad" links created by previous version
+system ('update-rc.d -f sudo remove >/dev/null 2>&1');
+
+#system ('update-rc.d sudo start 75 S . >/dev/null');
+
+# make sure we have a sudo group
+
+exit 0 if getgrnam("sudo"); # we're finished if there is a group sudo
+
+$gid = 27;                 # start searcg with gid 27
+setgrent;
+while (getgrgid($gid)) {
+	++$gid;
+}
+endgrent;
+
+if ($gid != 27) {
+	print "On Debian we normally use gid 27 for 'sudo'.\n";
+	$gname = getgrgid(27);
+	print "However, on your system gid 27 is group '$gname'.\n\n";
+	print "Would you like me to stop configuring sudo so that you can change this? [n] "; 
+	$ans = <STDIN>;
+        if ($ans =~ m/^[yY].*/) {
+		print "'dpkg --pending --configure' will restart the configuration.\n\n\n";
+		exit 1;
+	}
+}
+
+print "Creating group 'sudo' with gid = $gid\n";
+system("groupadd -g $gid sudo");
+
+print "";
--- sudo-1.6.8p12.orig/debian/sudo.lintian
+++ sudo-1.6.8p12/debian/sudo.lintian
@@ -0,0 +1,3 @@
+sudo: setuid-binary usr/bin/sudo 4755 root/root
+sudo: postrm-contains-additional-updaterc.d-calls /etc/init.d/sudo
+sudo: script-in-etc-init.d-not-registered-via-update-rc.d /etc/init.d/sudo
--- sudo-1.6.8p12.orig/debian/postinst
+++ sudo-1.6.8p12/debian/postinst
@@ -0,0 +1,62 @@
+#!/usr/bin/perl
+
+# remove old link
+
+unlink ("/etc/alternatives/sudo") if ( -l "/etc/alternatives/sudo");
+
+# make sure we have a sudoers file
+if ( ! -f "/etc/sudoers") {
+
+	print "No /etc/sudoers found... creating one for you.\n";
+
+	open (SUDOERS, "> /etc/sudoers");
+	print SUDOERS "# /etc/sudoers\n",
+	  "#\n",
+	  "# This file MUST be edited with the 'visudo' command as root.\n",
+	  "#\n",
+	  "# See the man page for details on how to write a sudoers file.\n",
+	  "# Host alias specification\n\n",
+	  "# User alias specification\n\n",
+	  "# Cmnd alias specification\n\n",
+	  "# Defaults\n\nDefaults\t!lecture,tty_tickets,!fqdn\n\n",
+	  "# User privilege specification\nroot\tALL=(ALL) ALL\n";
+	close SUDOERS;
+
+}
+
+# make sure sudoers has the correct permissions and owner/group
+system ('chown root:root /etc/sudoers');
+system ('chmod 440 /etc/sudoers');
+
+# must do a remove first to un-do the "bad" links created by previous version
+system ('update-rc.d -f sudo remove >/dev/null 2>&1');
+
+#system ('update-rc.d sudo start 75 S . >/dev/null');
+
+# make sure we have a sudo group
+
+exit 0 if getgrnam("sudo"); # we're finished if there is a group sudo
+
+$gid = 27;                 # start searcg with gid 27
+setgrent;
+while (getgrgid($gid)) {
+	++$gid;
+}
+endgrent;
+
+if ($gid != 27) {
+	print "On Debian we normally use gid 27 for 'sudo'.\n";
+	$gname = getgrgid(27);
+	print "However, on your system gid 27 is group '$gname'.\n\n";
+	print "Would you like me to stop configuring sudo so that you can change this? [n] "; 
+	$ans = <STDIN>;
+        if ($ans =~ m/^[yY].*/) {
+		print "'dpkg --pending --configure' will restart the configuration.\n\n\n";
+		exit 1;
+	}
+}
+
+print "Creating group 'sudo' with gid = $gid\n";
+system("groupadd -g $gid sudo");
+
+print "";
--- sudo-1.6.8p12.orig/debian/compat
+++ sudo-1.6.8p12/debian/compat
@@ -0,0 +1 @@
+4
--- sudo-1.6.8p12.orig/debian/init.d
+++ sudo-1.6.8p12/debian/init.d
@@ -0,0 +1,31 @@
+#! /bin/sh
+
+### BEGIN INIT INFO
+# Provides:          sudu
+# Required-Start:    $local_fs $remote_fs
+# Required-Stop:
+# Default-Start:     S 1 2 3 4 5
+# Default-Stop:      0 6
+### END INIT INFO
+
+N=/etc/init.d/sudo
+
+set -e
+
+case "$1" in
+  start)
+	# make sure privileges don't persist across reboots
+	if [ -d /var/run/sudo ]
+	then
+                find /var/run/sudo -type f -exec touch -t 198501010000 '{}' \;
+	fi
+	;;
+  stop|reload|restart|force-reload)
+	;;
+  *)
+	echo "Usage: $N {start|stop|restart|force-reload}" >&2
+	exit 1
+	;;
+esac
+
+exit 0
--- sudo-1.6.8p12.orig/debian/sudo-ldap.lintian
+++ sudo-1.6.8p12/debian/sudo-ldap.lintian
@@ -0,0 +1,3 @@
+sudo-ldap: setuid-binary usr/bin/sudo 4755 root/root
+sudo-ldap: postrm-contains-additional-updaterc.d-calls /etc/init.d/sudo-ldap
+sudo-ldap: script-in-etc-init.d-not-registered-via-update-rc.d /etc/init.d/sudo-ldap
--- sudo-1.6.8p12.orig/debian/sudo-ldap.dirs
+++ sudo-1.6.8p12/debian/sudo-ldap.dirs
@@ -0,0 +1,7 @@
+etc/pam.d
+usr/bin
+usr/share/man/man8
+usr/share/man/man5
+usr/sbin
+usr/share/doc/sudo-ldap/examples
+usr/share/lintian/overrides
--- sudo-1.6.8p12.orig/debian/sudo-ldap.docs
+++ sudo-1.6.8p12/debian/sudo-ldap.docs
@@ -0,0 +1,11 @@
+debian/OPTIONS 
+BUGS 
+RUNSON 
+UPGRADE 
+PORTING
+TODO 
+HISTORY 
+README 
+README.LDAP 
+TROUBLESHOOTING
+sudoers2ldif
--- sudo-1.6.8p12.orig/debian/postrm
+++ sudo-1.6.8p12/debian/postrm
@@ -0,0 +1,21 @@
+#! /bin/sh
+
+set -e
+
+case "$1" in
+       purge)
+	rm -f /etc/sudoers
+        ;;
+
+       remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+        ;;
+
+    *)
+        echo "postrm called with unknown argument \`$1'" >&2
+        exit 1
+
+esac
+
+#DEBHELPER#
+
+exit 0
--- sudo-1.6.8p12.orig/debian/OPTIONS
+++ sudo-1.6.8p12/debian/OPTIONS
@@ -0,0 +1,61 @@
+The following options were used to configure sudo for Debian GNU/Linux.
+
+  --with-exempt=sudo 
+
+	Any user in group 'sudo' will not need to type their password.  It
+	is strongly recommended that no users be put in group sudo, and that
+	instead the NOPASSWD option in the sudoers file be used if desired.
+
+  --with-pam 
+	
+	Support for pluggable authentication modules.
+
+  --with-ldap
+
+	Support for LDAP authentication.
+
+  --with-fqdn 
+
+	Allow use of fully qualified domain names in the sudoers file.
+
+  --disable-root-mailer
+
+	Send mail as the invoking user, not as root.
+
+  --with-logging=syslog
+  --with-logfac=authpriv 
+
+	Where logging information goes.
+
+  --with-env-editor 
+  --with-editor=/usr/bin/editor 
+
+	Honor the EDITOR and VISUAL environment variables.  If they are not
+	present, default to the Debian default system editor.
+
+  --with-timeout=15 
+  --with-password-timeout=0 
+
+	Allow 15 minutes before a user has to re-type their passord, versus
+	the sudo usual default of 5.  Never time out while waiting for a
+	password to be typed, this is a seriously big deal for Debian package
+	developers using 'dpkg-buildpackage -rsudo'.
+
+  --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:\
+	/sbin:/bin:/usr/X11R6/bin"  
+
+	Give a reasonable default path for commands run as root via sudo.
+
+  --with-all-insults
+
+	Include all the insults in the binary, won't be enabled unless turned
+	on in the sudoers file.
+
+  --with-sendmail=/usr/sbin/sendmail
+
+	Use Debian policy to know the location of sendmail instead of trying 
+	to detect it at build time.
+
+  --disable-setresuid
+
+	Linux 2.2 kernels don't support setresgid.
--- sudo-1.6.8p12.orig/debian/copyright
+++ sudo-1.6.8p12/debian/copyright
@@ -0,0 +1,72 @@
+This is the Debian GNU/Linux prepackaged version of sudo.  sudo is
+used to provide limited super user privileges to specific users.
+
+This package was put together by Bdale Garbee <bdale@gag.com> using sources
+from 
+	ftp://ftp.cs.colorado.edu/pub/sudo/
+
+Sudo is distributed under the following BSD-style license:
+
+   Copyright (c) 1994-1996,1998-2002 Todd C. Miller <Todd.Miller@courtesan.com>
+   All rights reserved.
+
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+   are met:
+
+   1. Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+
+   3. The name of the author may not be used to endorse or promote products
+      derived from this software without specific prior written permission
+      from the author.
+
+   4. Products derived from this software may not be called "Sudo" nor
+      may "Sudo" appear in their names without specific prior written
+      permission from the author.
+
+   THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+   INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+   AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+   THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+   EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+   PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+   OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+   OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+   ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+Additionally, lsearch.c, fnmatch.c, getcwd.c, snprintf.c, strcasecmp.c
+and fnmatch.3 bear the following UCB license:
+
+   Copyright (c) 1987, 1989, 1990, 1991, 1993, 1994
+	The Regents of the University of California.  All rights reserved.
+
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+   are met:
+   1. Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+   2. Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+   3. Neither the name of the University nor the names of its contributors
+      may be used to endorse or promote products derived from this software
+      without specific prior written permission.
+
+   THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+   ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+   IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+   ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+   FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+   DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+   OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+   HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+   LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+   OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+   SUCH DAMAGE.
--- sudo-1.6.8p12.orig/debian/sudo.pam
+++ sudo-1.6.8p12/debian/sudo.pam
@@ -0,0 +1,4 @@
+#%PAM-1.0
+
+@include common-auth
+@include common-account
--- sudo-1.6.8p12.orig/debian/source.lintian-overrides
+++ sudo-1.6.8p12/debian/source.lintian-overrides
@@ -0,0 +1 @@
+sudo source: maintainer-script-lacks-debhelper-token debian/postinst
--- sudo-1.6.8p12.orig/sample.sudoers
+++ sudo-1.6.8p12/sample.sudoers
@@ -35,16 +35,16 @@
 # Cmnd alias specification
 ##
 Cmnd_Alias	DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \
-			/usr/sbin/rrestore, /usr/bin/mt
-Cmnd_Alias	KILL = /usr/bin/kill
+			/usr/sbin/rrestore, /bin/mt
+Cmnd_Alias	KILL = /bin/kill
 Cmnd_Alias	PRINTING = /usr/sbin/lpc, /usr/bin/lprm
-Cmnd_Alias	SHUTDOWN = /usr/sbin/shutdown
-Cmnd_Alias	HALT = /usr/sbin/halt
-Cmnd_Alias	REBOOT = /usr/sbin/reboot
-Cmnd_Alias	SHELLS = /sbin/sh, /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
-			 /usr/local/bin/tcsh, /usr/bin/rsh, \
-			 /usr/local/bin/zsh
-Cmnd_Alias	SU = /usr/bin/su
+Cmnd_Alias	SHUTDOWN = /sbin/shutdown
+Cmnd_Alias	HALT = /sbin/halt
+Cmnd_Alias	REBOOT = /sbin/reboot
+Cmnd_Alias	SHELLS = /sbin/sh, /bin/sh, /bin/csh, /usr/bin/ksh, \
+			 /usr/bin/tcsh, /usr/bin/rsh, \
+			 /usr/bin/zsh
+Cmnd_Alias	SU = /bin/su
 Cmnd_Alias	VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \
 		       /usr/bin/chfn
 
@@ -82,7 +82,7 @@
 		sudoedit /etc/printcap, /usr/oper/bin/
 
 # joe may su only to operator
-joe		ALL = /usr/bin/su operator
+joe		ALL = /bin/su operator
 
 # pete may change passwords for anyone but root on the hp snakes
 pete		HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
@@ -96,13 +96,13 @@
 
 # users in the secretaries netgroup need to help manage the printers
 # as well as add and remove users
-+secretaries	ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
++secretaries	ALL = PRINTING, /usr/sbin/adduser, /usr/bin/rmuser
 
 # fred can run commands as oracle or sybase without a password
 fred		ALL = (DB) NOPASSWD: ALL
 
 # on the alphas, john may su to anyone but root and flags are not allowed
-john		ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
+john		ALPHA = /bin/su [!-]*, !/bin/su *root*
 
 # jen can run anything on all machines except the ones
 # in the "SERVERS" Host_Alias
--- sudo-1.6.8p12.orig/sudo.tab.c
+++ sudo-1.6.8p12/sudo.tab.c
@@ -138,6 +138,7 @@
 	} \
 	match[top].user   = UNSPEC; \
 	match[top].cmnd   = UNSPEC; \
+	match[top].cmndall= UNSPEC; \
 	match[top].host   = UNSPEC; \
 	match[top].runas  = UNSPEC; \
 	match[top].nopass = def_authenticate ? UNSPEC : TRUE; \
@@ -153,6 +154,7 @@
 	} \
 	match[top].user   = match[top-1].user; \
 	match[top].cmnd   = match[top-1].cmnd; \
+	match[top].cmndall= match[top-1].cmndall; \
 	match[top].host   = match[top-1].host; \
 	match[top].runas  = match[top-1].runas; \
 	match[top].nopass = match[top-1].nopass; \
@@ -1739,6 +1741,7 @@
 				}
 			    }
 
+			    SETMATCH(cmnd_all, TRUE);
 			    yyval.BOOLEAN = TRUE;
 			}
 break;
@@ -1769,6 +1772,7 @@
 					YYERROR;
 				    }
 				}
+				SETMATCH(cmnd_all, FALSE);
 				yyval.BOOLEAN = NOMATCH;
 			    }
 			    free(yyvsp[0].string);
@@ -1800,6 +1804,7 @@
 			    free(yyvsp[0].command.cmnd);
 			    if (yyvsp[0].command.args)
 				free(yyvsp[0].command.args);
+			    SETMATCH(cmnd_all, FALSE);
 			}
 break;
 case 65:
--- sudo-1.6.8p12.orig/ldap.c
+++ sudo-1.6.8p12/ldap.c
@@ -256,9 +256,10 @@
  * Walks through search result and returns true if we have a
  * command match
  */
-int sudo_ldap_check_command(ld,entry)
+int sudo_ldap_check_command(ld,entry,all)
   LDAP *ld;
   LDAPMessage *entry;
+  int* all;
 {
   char **v=NULL;
   char **p=NULL;
@@ -267,6 +268,8 @@
   int  ret=0;
   int  foundbang;
 
+  *all=0;
+
   if (!entry) return ret;
 
   v=ldap_get_values(ld,entry,"sudoCommand");
@@ -277,6 +280,7 @@
 
     /* Match against ALL ? */
     if (!strcasecmp(*p,"ALL")) {
+      *all=1;
       ret=1;
       if (ldap_conf.debug>1) printf(" MATCH!\n");
       continue;
@@ -711,6 +715,7 @@
   /* flags */
   int ldap_user_matches=0;
   int ldap_host_matches=0;
+  int command_all=0;
 
   if (!sudo_ldap_read_config())  return VALIDATE_ERROR;
 
@@ -896,7 +901,7 @@
           /* add matches for listing later */
           sudo_ldap_add_match(ld,entry) &&
           /* verify command match */
-          sudo_ldap_check_command(ld,entry) &&
+          sudo_ldap_check_command(ld,entry,&command_all) &&
           /* verify runas match */
           sudo_ldap_check_runas(ld,entry)
       )
@@ -907,6 +912,7 @@
         sudo_ldap_parse_options(ld,entry);
         /* make sure we dont reenter loop */
         ret=VALIDATE_OK;
+        if(command_all) SET(ret,FLAG_CMND_ALL);
         /* break from inside for loop */
         break;
       }
--- sudo-1.6.8p12.orig/sudo.c
+++ sudo-1.6.8p12/sudo.c
@@ -106,10 +106,11 @@
 static void set_loginclass		__P((struct passwd *));
 static void usage			__P((int));
 static void usage_excl			__P((int));
+static void create_admin_success_flag   __P((void));
 static struct passwd *get_authpw	__P((void));
 extern int sudo_edit			__P((int, char **));
 extern void list_matches		__P((void));
-extern char **rebuild_env		__P((char **, int, int));
+extern char **rebuild_env		__P((char **, int, int, int));
 extern char **zero_env			__P((char **));
 extern struct passwd *sudo_getpwnam	__P((const char *));
 extern struct passwd *sudo_getpwuid	__P((uid_t));
@@ -368,11 +369,15 @@
 
     /* Build a new environment that avoids any nasty bits if we have a cmnd. */
     if (ISSET(sudo_mode, MODE_RUN))
-	new_environ = rebuild_env(envp, sudo_mode, ISSET(validated, FLAG_NOEXEC));
+	new_environ = rebuild_env(envp, sudo_mode, ISSET(validated, FLAG_NOEXEC), ISSET(validated, FLAG_CMND_ALL));
     else
 	new_environ = envp;
 
     if (ISSET(validated, VALIDATE_OK)) {
+	/* If the user is in the admin group, create a dotfile to signal that
+	 * sudo was executed successfully. */
+	create_admin_success_flag();
+
 	/* Finally tell the user if the command did not exist. */
 	if (cmnd_status == NOT_FOUND_DOT) {
 	    warnx("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.", user_cmnd, user_cmnd, user_cmnd);
@@ -1156,3 +1161,46 @@
     putchar('\n');
     exit(exit_val);
 }
+
+static void create_admin_success_flag(void)
+{
+    struct group* admin;
+    char** g;
+    int is_admin;
+    char flagfile[PATH_MAX];
+    int f;
+
+    if (!sudo_user.pw || !sudo_user.pw->pw_name || !sudo_user.pw->pw_dir)
+	return;
+
+    /* check whether the user is in the admin group */
+    admin = getgrnam("admin");
+    if (!admin || !admin->gr_mem)
+	return;
+    is_admin = 0;
+    for (g = admin->gr_mem; *g; ++g) {
+	if (!strcmp(*g, sudo_user.pw->pw_name)) {
+	    is_admin = 1;
+	    break;
+	}
+    }
+    if (!is_admin)
+	return;
+
+    /* build path to flag file */
+    snprintf(flagfile, sizeof(flagfile), "%s/.sudo_as_admin_successful",
+	    sudo_user.pw->pw_dir);
+    if (strlen(flagfile) >= sizeof(flagfile)-1)
+	return;
+
+    /* do nothing if the file already exists */
+    if (!access(flagfile, F_OK))
+	return;
+
+    /* create file */
+    f = open(flagfile, O_CREAT|O_WRONLY|O_EXCL, 0644);
+    if(f >= 0) {
+	fchown(f, sudo_user.pw->pw_uid, sudo_user.pw->pw_gid);
+	close(f);
+    }
+}
--- sudo-1.6.8p12.orig/sudo.h
+++ sudo-1.6.8p12/sudo.h
@@ -65,6 +65,7 @@
 #define FLAG_NO_HOST		0x080
 #define FLAG_NO_CHECK		0x100
 #define FLAG_NOEXEC		0x200
+#define FLAG_CMND_ALL           0x400
 
 /*
  * Pseudo-boolean values
--- sudo-1.6.8p12.orig/parse.c
+++ sudo-1.6.8p12/parse.c
@@ -200,7 +200,8 @@
 		    set_perms(PERM_ROOT);
 		    return(VALIDATE_OK |
 			(no_passwd == TRUE ? FLAG_NOPASS : 0) |
-			(no_execve == TRUE ? FLAG_NOEXEC : 0));
+			(no_execve == TRUE ? FLAG_NOEXEC : 0) |
+                        (cmnd_all == TRUE ? FLAG_CMND_ALL : 0));
 		} else if ((runas_matches == TRUE && cmnd_matches == FALSE) ||
 		    (runas_matches == FALSE && cmnd_matches == TRUE)) {
 		    /*
--- sudo-1.6.8p12.orig/parse.h
+++ sudo-1.6.8p12/parse.h
@@ -29,6 +29,7 @@
 struct matchstack {
 	int user;
 	int cmnd;
+	int cmndall;
 	int host;
 	int runas;
 	int nopass;
@@ -46,6 +47,7 @@
 
 #define user_matches	(match[top-1].user)
 #define cmnd_matches	(match[top-1].cmnd)
+#define cmnd_all	(match[top-1].cmndall)
 #define host_matches	(match[top-1].host)
 #define runas_matches	(match[top-1].runas)
 #define no_passwd	(match[top-1].nopass)