diff options
Diffstat (limited to 'package/sudo/sudo-1.6.8p12-001-ubuntu6.patch')
| -rw-r--r-- | package/sudo/sudo-1.6.8p12-001-ubuntu6.patch | 3994 |
1 files changed, 0 insertions, 3994 deletions
diff --git a/package/sudo/sudo-1.6.8p12-001-ubuntu6.patch b/package/sudo/sudo-1.6.8p12-001-ubuntu6.patch deleted file mode 100644 index a370bd06c..000000000 --- a/package/sudo/sudo-1.6.8p12-001-ubuntu6.patch +++ /dev/null @@ -1,3994 +0,0 @@ ---- sudo-1.6.8p12.orig/sudoers.man.in -+++ sudo-1.6.8p12/sudoers.man.in -@@ -759,7 +759,7 @@ - .IP "exempt_group" 12 - .IX Item "exempt_group" - Users in this group are exempt from password and \s-1PATH\s0 requirements. --This is not set by default. -+On Debian systems, this is set to the group 'sudo' by default. - .IP "verifypw" 12 - .IX Item "verifypw" - This option controls when a password will be required when a user runs ---- sudo-1.6.8p12.orig/sudo.man.in -+++ sudo-1.6.8p12/sudo.man.in -@@ -185,8 +185,7 @@ - \&\fBsudo\fR determines who is an authorized user by consulting the file - \&\fI@sysconfdir@/sudoers\fR. By giving \fBsudo\fR the \fB\-v\fR flag a user - can update the time stamp without running a \fIcommand.\fR The password --prompt itself will also time out if the user's password is not --entered within \f(CW\*(C`@password_timeout@\*(C'\fR minutes (unless overridden via -+prompt itself will not time out in Debian's version (unless overridden via - \&\fIsudoers\fR). - .PP - If a user who is not listed in the \fIsudoers\fR file tries to run a ---- sudo-1.6.8p12.orig/parse.yacc -+++ sudo-1.6.8p12/parse.yacc -@@ -120,6 +120,7 @@ - } \ - match[top].user = UNSPEC; \ - match[top].cmnd = UNSPEC; \ -+ match[top].cmndall= UNSPEC; \ - match[top].host = UNSPEC; \ - match[top].runas = UNSPEC; \ - match[top].nopass = def_authenticate ? UNSPEC : TRUE; \ -@@ -135,6 +136,7 @@ - } \ - match[top].user = match[top-1].user; \ - match[top].cmnd = match[top-1].cmnd; \ -+ match[top].cmndall= match[top-1].cmndall; \ - match[top].host = match[top-1].host; \ - match[top].runas = match[top-1].runas; \ - match[top].nopass = match[top-1].nopass; \ -@@ -675,6 +677,7 @@ - } - } - -+ SETMATCH(cmnd_all, TRUE); - $$ = TRUE; - } - | ALIAS { -@@ -705,6 +708,7 @@ - $$ = NOMATCH; - } - free($1); -+ SETMATCH(cmnd_all, FALSE); - } - | COMMAND { - if (printmatches == TRUE) { -@@ -730,6 +734,7 @@ - free($1.cmnd); - if ($1.args) - free($1.args); -+ SETMATCH(cmnd_all, FALSE); - } - ; - ---- sudo-1.6.8p12.orig/env.c -+++ sudo-1.6.8p12/env.c -@@ -77,7 +77,7 @@ - /* - * Prototypes - */ --char **rebuild_env __P((char **, int, int)); -+char **rebuild_env __P((char **, int, int, int)); - char **zero_env __P((char **)); - static void insert_env __P((char *, int)); - static char *format_env __P((char *, ...)); -@@ -89,6 +89,8 @@ - static const char *initial_badenv_table[] = { - "IFS", - "CDPATH", -+ "SHELLOPTS", -+ "PS4", - "LOCALDOMAIN", - "RES_OPTIONS", - "HOSTALIASES", -@@ -140,6 +142,12 @@ - "LC_*", - "LANG", - "LANGUAGE", -+ "TERM", -+ "HOME", -+ "LOGNAME", -+ "DISPLAY", -+ "XAUTHORITY", -+ "XAUTHORIZATION", - NULL - }; - -@@ -321,10 +329,11 @@ - * Also adds sudo-specific variables (SUDO_*). - */ - char ** --rebuild_env(envp, sudo_mode, noexec) -+rebuild_env(envp, sudo_mode, noexec, noclean) - char **envp; - int sudo_mode; - int noexec; -+ int noclean; - { - char **ep, *cp, *ps1; - int okvar, iswild, didvar; -@@ -429,7 +438,7 @@ - * env_check. - */ - for (ep = envp; *ep; ep++) { -- okvar = 1; -+ okvar = noclean; - - /* Skip variables with values beginning with () (bash functions) */ - if ((cp = strchr(*ep, '=')) != NULL) { -@@ -438,6 +447,7 @@ - } - - /* Skip anything listed in env_delete. */ -+#if 0 - for (cur = def_env_delete; cur && okvar; cur = cur->next) { - len = strlen(cur->value); - /* Deal with '*' wildcard */ -@@ -451,9 +461,10 @@ - okvar = 0; - } - } -+#endif - - /* Check certain variables for '%' and '/' characters. */ -- for (cur = def_env_check; cur && okvar; cur = cur->next) { -+ for (cur = def_env_check; cur; cur = cur->next) { - len = strlen(cur->value); - /* Deal with '*' wildcard */ - if (cur->value[len - 1] == '*') { -@@ -463,8 +474,24 @@ - iswild = 0; - if (strncmp(cur->value, *ep, len) == 0 && - (iswild || (*ep)[len] == '=') && -- strpbrk(*ep, "/%")) { -- okvar = 0; -+ strpbrk(*ep, "/%") == NULL) { -+ okvar = 1; -+ } -+ } -+ -+ /* keep variables in env_keep */ -+ for (cur = def_env_keep; cur; cur = cur->next) { -+ len = strlen(cur->value); -+ /* Deal with '*' wildcard */ -+ if (cur->value[len - 1] == '*') { -+ len--; -+ iswild = 1; -+ } else -+ iswild = 0; -+ if (strncmp(cur->value, *ep, len) == 0 && -+ (iswild || (*ep)[len] == '=')) { -+ okvar = 1; -+ break; - } - } - ---- sudo-1.6.8p12.orig/sudoers.pod -+++ sudo-1.6.8p12/sudoers.pod -@@ -93,7 +93,7 @@ - - Cmnd_Alias ::= NAME '=' Cmnd_List - -- NAME ::= [A-Z]([A-Z][0-9]_)* -+ NAME ::= [A-Z]([a-z][A-Z][0-9]_)* - - Each I<alias> definition is of the form - -@@ -568,7 +568,7 @@ - - =item C<%%> - --two consecutive C<%> characters are collaped into a single C<%> character -+two consecutive C<%> characters are collapsed into a single C<%> character - - =back - -@@ -669,8 +669,8 @@ - - =item exempt_group - --Users in this group are exempt from password and PATH requirements. --This is not set by default. -+Users in this group are exempt from password and PATH requirements. This -+option is turned on for Debian. - - =item verifypw - ---- sudo-1.6.8p12.orig/ins_classic.h -+++ sudo-1.6.8p12/ins_classic.h -@@ -32,7 +32,7 @@ - "Where did you learn to type?", - "Are you on drugs?", - "My pet ferret can type better than you!", -- "You type like i drive.", -+ "You type like I drive.", - "Do you think like you type?", - "Your mind just hasn't been the same since the electro-shock, has it?", - ---- sudo-1.6.8p12.orig/config.guess -+++ sudo-1.6.8p12/config.guess -@@ -1,11 +1,9 @@ - #! /bin/sh - # Attempt to guess a canonical system name. - # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, --# 2000, 2001, 2002 Free Software Foundation, Inc. --# --# $Sudo: config.guess,v 1.10 2004/08/09 23:04:35 millert Exp $ -+# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. - --timestamp='2002-11-30' -+timestamp='2005-08-03' - - # This file is free software; you can redistribute it and/or modify it - # under the terms of the GNU General Public License as published by -@@ -19,13 +17,15 @@ - # - # You should have received a copy of the GNU General Public License - # along with this program; if not, write to the Free Software --# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA -+# 02110-1301, USA. - # - # As a special exception to the GNU General Public License, if you - # distribute this file as part of a program that contains a - # configuration script generated by Autoconf, you may include it under - # the same distribution terms that you use for the rest of that program. - -+ - # Originally written by Per Bothner <per@bothner.com>. - # Please send patches to <config-patches@gnu.org>. Submit a context - # diff and a properly formatted ChangeLog entry. -@@ -55,7 +55,7 @@ - GNU config.guess ($timestamp) - - Originally written by Per Bothner. --Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 -+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 - Free Software Foundation, Inc. - - This is free software; see the source for copying conditions. There is NO -@@ -68,11 +68,11 @@ - while test $# -gt 0 ; do - case $1 in - --time-stamp | --time* | -t ) -- echo "$timestamp" ; exit 0 ;; -+ echo "$timestamp" ; exit ;; - --version | -v ) -- echo "$version" ; exit 0 ;; -+ echo "$version" ; exit ;; - --help | --h* | -h ) -- echo "$usage"; exit 0 ;; -+ echo "$usage"; exit ;; - -- ) # Stop option processing - shift; break ;; - - ) # Use stdin as input. -@@ -100,14 +100,18 @@ - # Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still - # use `HOST_CC' if defined, but it is deprecated. - --# This shell variable is my proudest work .. or something. --bje -+# Portable tmp directory creation inspired by the Autoconf team. - --set_cc_for_build='tmpdir=${TMPDIR-/tmp}/config-guess-$$ ; --(old=`umask` && umask 077 && mkdir $tmpdir && umask $old && unset old) -- || (echo "$me: cannot create $tmpdir" >&2 && exit 1) ; --dummy=$tmpdir/dummy ; --files="$dummy.c $dummy.o $dummy.rel $dummy" ; --trap '"'"'rm -f $files; rmdir $tmpdir; exit 1'"'"' 1 2 15 ; -+set_cc_for_build=' -+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; -+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; -+: ${TMPDIR=/tmp} ; -+ { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || -+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || -+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || -+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; -+dummy=$tmp/dummy ; -+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; - case $CC_FOR_BUILD,$HOST_CC,$CC in - ,,) echo "int x;" > $dummy.c ; - for c in cc gcc c89 c99 ; do -@@ -115,15 +119,13 @@ - CC_FOR_BUILD="$c"; break ; - fi ; - done ; -- rm -f $files ; - if test x"$CC_FOR_BUILD" = x ; then - CC_FOR_BUILD=no_compiler_found ; - fi - ;; - ,,*) CC_FOR_BUILD=$CC ;; - ,*,*) CC_FOR_BUILD=$HOST_CC ;; --esac ; --unset files' -+esac ; set_cc_for_build= ;' - - # This is needed to find uname on a Pyramid OSx when run in the BSD universe. - # (ghazi@noc.rutgers.edu 1994-08-24) -@@ -196,104 +198,109 @@ - # contains redundant information, the shorter form: - # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. - echo "${machine}-${os}${release}" -- exit 0 ;; -+ exit ;; - *:OpenBSD:*:*) - UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` - echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; -+ *:ekkoBSD:*:*) -+ echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} -+ exit ;; -+ macppc:MirBSD:*:*) -+ echo powerppc-unknown-mirbsd${UNAME_RELEASE} -+ exit ;; -+ *:MirBSD:*:*) -+ echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} -+ exit ;; - alpha:OSF1:*:*) -- if test $UNAME_RELEASE = "V4.0"; then -+ case $UNAME_RELEASE in -+ *4.0) - UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` -- fi -+ ;; -+ *5.*) -+ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` -+ ;; -+ esac -+ # According to Compaq, /usr/sbin/psrinfo has been available on -+ # OSF/1 and Tru64 systems produced since 1995. I hope that -+ # covers most systems running today. This code pipes the CPU -+ # types through head -n 1, so we only detect the type of CPU 0. -+ ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` -+ case "$ALPHA_CPU_TYPE" in -+ "EV4 (21064)") -+ UNAME_MACHINE="alpha" ;; -+ "EV4.5 (21064)") -+ UNAME_MACHINE="alpha" ;; -+ "LCA4 (21066/21068)") -+ UNAME_MACHINE="alpha" ;; -+ "EV5 (21164)") -+ UNAME_MACHINE="alphaev5" ;; -+ "EV5.6 (21164A)") -+ UNAME_MACHINE="alphaev56" ;; -+ "EV5.6 (21164PC)") -+ UNAME_MACHINE="alphapca56" ;; -+ "EV5.7 (21164PC)") -+ UNAME_MACHINE="alphapca57" ;; -+ "EV6 (21264)") -+ UNAME_MACHINE="alphaev6" ;; -+ "EV6.7 (21264A)") -+ UNAME_MACHINE="alphaev67" ;; -+ "EV6.8CB (21264C)") -+ UNAME_MACHINE="alphaev68" ;; -+ "EV6.8AL (21264B)") -+ UNAME_MACHINE="alphaev68" ;; -+ "EV6.8CX (21264D)") -+ UNAME_MACHINE="alphaev68" ;; -+ "EV6.9A (21264/EV69A)") -+ UNAME_MACHINE="alphaev69" ;; -+ "EV7 (21364)") -+ UNAME_MACHINE="alphaev7" ;; -+ "EV7.9 (21364A)") -+ UNAME_MACHINE="alphaev79" ;; -+ esac -+ # A Pn.n version is a patched version. - # A Vn.n version is a released version. - # A Tn.n version is a released field test version. - # A Xn.n version is an unreleased experimental baselevel. - # 1.2 uses "1.2" for uname -r. -- eval $set_cc_for_build -- cat <<EOF >$dummy.s -- .data --\$Lformat: -- .byte 37,100,45,37,120,10,0 # "%d-%x\n" -- -- .text -- .globl main -- .align 4 -- .ent main --main: -- .frame \$30,16,\$26,0 -- ldgp \$29,0(\$27) -- .prologue 1 -- .long 0x47e03d80 # implver \$0 -- lda \$2,-1 -- .long 0x47e20c21 # amask \$2,\$1 -- lda \$16,\$Lformat -- mov \$0,\$17 -- not \$1,\$18 -- jsr \$26,printf -- ldgp \$29,0(\$26) -- mov 0,\$16 -- jsr \$26,exit -- .end main --EOF -- $CC_FOR_BUILD -o $dummy $dummy.s 2>/dev/null -- if test "$?" = 0 ; then -- case `$dummy` in -- 0-0) -- UNAME_MACHINE="alpha" -- ;; -- 1-0) -- UNAME_MACHINE="alphaev5" -- ;; -- 1-1) -- UNAME_MACHINE="alphaev56" -- ;; -- 1-101) -- UNAME_MACHINE="alphapca56" -- ;; -- 2-303) -- UNAME_MACHINE="alphaev6" -- ;; -- 2-307) -- UNAME_MACHINE="alphaev67" -- ;; -- 2-1307) -- UNAME_MACHINE="alphaev68" -- ;; -- 3-1307) -- UNAME_MACHINE="alphaev7" -- ;; -- esac -- fi -- rm -f $dummy.s $dummy && rmdir $tmpdir -- echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` -- exit 0 ;; -+ echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` -+ exit ;; - Alpha\ *:Windows_NT*:*) - # How do we know it's Interix rather than the generic POSIX subsystem? - # Should we change UNAME_MACHINE based on the output of uname instead - # of the specific Alpha model? - echo alpha-pc-interix -- exit 0 ;; -+ exit ;; - 21064:Windows_NT:50:3) - echo alpha-dec-winnt3.5 -- exit 0 ;; -+ exit ;; - Amiga*:UNIX_System_V:4.0:*) - echo m68k-unknown-sysv4 -- exit 0;; -+ exit ;; - *:[Aa]miga[Oo][Ss]:*:*) - echo ${UNAME_MACHINE}-unknown-amigaos -- exit 0 ;; -+ exit ;; - *:[Mm]orph[Oo][Ss]:*:*) - echo ${UNAME_MACHINE}-unknown-morphos -- exit 0 ;; -+ exit ;; - *:OS/390:*:*) - echo i370-ibm-openedition -- exit 0 ;; -+ exit ;; -+ *:z/VM:*:*) -+ echo s390-ibm-zvmoe -+ exit ;; -+ *:OS400:*:*) -+ echo powerpc-ibm-os400 -+ exit ;; - arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) - echo arm-acorn-riscix${UNAME_RELEASE} -- exit 0;; -+ exit ;; -+ arm:riscos:*:*|arm:RISCOS:*:*) -+ echo arm-unknown-riscos -+ exit ;; - SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) - echo hppa1.1-hitachi-hiuxmpp -- exit 0;; -+ exit ;; - Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) - # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. - if test "`(/bin/universe) 2>/dev/null`" = att ; then -@@ -301,29 +308,32 @@ - else - echo pyramid-pyramid-bsd - fi -- exit 0 ;; -+ exit ;; - NILE*:*:*:dcosx) - echo pyramid-pyramid-svr4 -- exit 0 ;; -- DRS?6000:UNIX_SV:4.2*:7*) -+ exit ;; -+ DRS?6000:unix:4.0:6*) -+ echo sparc-icl-nx6 -+ exit ;; -+ DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) - case `/usr/bin/uname -p` in -- sparc) echo sparc-icl-nx7 && exit 0 ;; -+ sparc) echo sparc-icl-nx7; exit ;; - esac ;; - sun4H:SunOS:5.*:*) - echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` -- exit 0 ;; -+ exit ;; - sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) - echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` -- exit 0 ;; -+ exit ;; - i86pc:SunOS:5.*:*) - echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` -- exit 0 ;; -+ exit ;; - sun4*:SunOS:6*:*) - # According to config.sub, this is the proper way to canonicalize - # SunOS6. Hard to guess exactly what SunOS6 will be like, but - # it's likely to be more like Solaris than SunOS4. - echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` -- exit 0 ;; -+ exit ;; - sun4*:SunOS:*:*) - case "`/usr/bin/arch -k`" in - Series*|S4*) -@@ -332,10 +342,10 @@ - esac - # Japanese Language versions have a version number like `4.1.3-JL'. - echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` -- exit 0 ;; -+ exit ;; - sun3*:SunOS:*:*) - echo m68k-sun-sunos${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - sun*:*:4.2BSD:*) - UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` - test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 -@@ -347,10 +357,10 @@ - echo sparc-sun-sunos${UNAME_RELEASE} - ;; - esac -- exit 0 ;; -+ exit ;; - aushp:SunOS:*:*) - echo sparc-auspex-sunos${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - # The situation for MiNT is a little confusing. The machine name - # can be virtually everything (everything which is not - # "atarist" or "atariste" at least should have a processor -@@ -361,37 +371,40 @@ - # be no problem. - atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) - echo m68k-milan-mint${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) - echo m68k-hades-mint${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) - echo m68k-unknown-mint${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; -+ m68k:machten:*:*) -+ echo m68k-apple-machten${UNAME_RELEASE} -+ exit ;; - powerpc:machten:*:*) - echo powerpc-apple-machten${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - RISC*:Mach:*:*) - echo mips-dec-mach_bsd4.3 -- exit 0 ;; -+ exit ;; - RISC*:ULTRIX:*:*) - echo mips-dec-ultrix${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - VAX*:ULTRIX*:*:*) - echo vax-dec-ultrix${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - 2020:CLIX:*:* | 2430:CLIX:*:*) - echo clipper-intergraph-clix${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - mips:*:*:UMIPS | mips:*:*:RISCos) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c -@@ -415,33 +428,33 @@ - exit (-1); - } - EOF -- $CC_FOR_BUILD -o $dummy $dummy.c \ -- && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ -- && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0 -- rm -f $dummy.c $dummy && rmdir $tmpdir -+ $CC_FOR_BUILD -o $dummy $dummy.c && -+ dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && -+ SYSTEM_NAME=`$dummy $dummyarg` && -+ { echo "$SYSTEM_NAME"; exit; } - echo mips-mips-riscos${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - Motorola:PowerMAX_OS:*:*) - echo powerpc-motorola-powermax -- exit 0 ;; -+ exit ;; - Motorola:*:4.3:PL8-*) - echo powerpc-harris-powermax -- exit 0 ;; -+ exit ;; - Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) - echo powerpc-harris-powermax -- exit 0 ;; -+ exit ;; - Night_Hawk:Power_UNIX:*:*) - echo powerpc-harris-powerunix -- exit 0 ;; -+ exit ;; - m88k:CX/UX:7*:*) - echo m88k-harris-cxux7 -- exit 0 ;; -+ exit ;; - m88k:*:4*:R4*) - echo m88k-motorola-sysv4 -- exit 0 ;; -+ exit ;; - m88k:*:3*:R3*) - echo m88k-motorola-sysv3 -- exit 0 ;; -+ exit ;; - AViiON:dgux:*:*) - # DG/UX returns AViiON for all architectures - UNAME_PROCESSOR=`/usr/bin/uname -p` -@@ -457,29 +470,29 @@ - else - echo i586-dg-dgux${UNAME_RELEASE} - fi -- exit 0 ;; -+ exit ;; - M88*:DolphinOS:*:*) # DolphinOS (SVR3) - echo m88k-dolphin-sysv3 -- exit 0 ;; -+ exit ;; - M88*:*:R3*:*) - # Delta 88k system running SVR3 - echo m88k-motorola-sysv3 -- exit 0 ;; -+ exit ;; - XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) - echo m88k-tektronix-sysv3 -- exit 0 ;; -+ exit ;; - Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) - echo m68k-tektronix-bsd -- exit 0 ;; -+ exit ;; - *:IRIX*:*:*) - echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` -- exit 0 ;; -+ exit ;; - ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. -- echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id -- exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' -+ echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id -+ exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' - i*86:AIX:*:*) - echo i386-ibm-aix -- exit 0 ;; -+ exit ;; - ia64:AIX:*:*) - if [ -x /usr/bin/oslevel ] ; then - IBM_REV=`/usr/bin/oslevel` -@@ -487,7 +500,7 @@ - IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} - fi - echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} -- exit 0 ;; -+ exit ;; - *:AIX:2:3) - if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then - eval $set_cc_for_build -@@ -502,15 +515,18 @@ - exit(0); - } - EOF -- $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0 -- rm -f $dummy.c $dummy && rmdir $tmpdir -- echo rs6000-ibm-aix3.2.5 -+ if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` -+ then -+ echo "$SYSTEM_NAME" -+ else -+ echo rs6000-ibm-aix3.2.5 -+ fi - elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then - echo rs6000-ibm-aix3.2.4 - else - echo rs6000-ibm-aix3.2 - fi -- exit 0 ;; -+ exit ;; - *:AIX:*:[45]) - IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` - if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then -@@ -524,28 +540,28 @@ - IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} - fi - echo ${IBM_ARCH}-ibm-aix${IBM_REV} -- exit 0 ;; -+ exit ;; - *:AIX:*:*) - echo rs6000-ibm-aix -- exit 0 ;; -+ exit ;; - ibmrt:4.4BSD:*|romp-ibm:BSD:*) - echo romp-ibm-bsd4.4 -- exit 0 ;; -+ exit ;; - ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and - echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to -- exit 0 ;; # report: romp-ibm BSD 4.3 -+ exit ;; # report: romp-ibm BSD 4.3 - *:BOSX:*:*) - echo rs6000-bull-bosx -- exit 0 ;; -+ exit ;; - DPX/2?00:B.O.S.:*:*) - echo m68k-bull-sysv3 -- exit 0 ;; -+ exit ;; - 9000/[34]??:4.3bsd:1.*:*) - echo m68k-hp-bsd -- exit 0 ;; -+ exit ;; - hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) - echo m68k-hp-bsd4.4 -- exit 0 ;; -+ exit ;; - 9000/[34678]??:HP-UX:*:*) - HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` - case "${UNAME_MACHINE}" in -@@ -602,16 +618,36 @@ - } - EOF - (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` -- if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi -- rm -f $dummy.c $dummy && rmdir $tmpdir -+ test -z "$HP_ARCH" && HP_ARCH=hppa - fi ;; - esac -+ if [ ${HP_ARCH} = "hppa2.0w" ] -+ then -+ eval $set_cc_for_build -+ -+ # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating -+ # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler -+ # generating 64-bit code. GNU and HP use different nomenclature: -+ # -+ # $ CC_FOR_BUILD=cc ./config.guess -+ # => hppa2.0w-hp-hpux11.23 -+ # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess -+ # => hppa64-hp-hpux11.23 -+ -+ if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | -+ grep __LP64__ >/dev/null -+ then -+ HP_ARCH="hppa2.0w" -+ else -+ HP_ARCH="hppa64" -+ fi -+ fi - echo ${HP_ARCH}-hp-hpux${HPUX_REV} -- exit 0 ;; -+ exit ;; - ia64:HP-UX:*:*) - HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` - echo ia64-hp-hpux${HPUX_REV} -- exit 0 ;; -+ exit ;; - 3050*:HI-UX:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c -@@ -639,149 +675,166 @@ - exit (0); - } - EOF -- $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0 -- rm -f $dummy.c $dummy && rmdir $tmpdir -+ $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && -+ { echo "$SYSTEM_NAME"; exit; } - echo unknown-hitachi-hiuxwe2 -- exit 0 ;; -+ exit ;; - 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) - echo hppa1.1-hp-bsd -- exit 0 ;; -+ exit ;; - 9000/8??:4.3bsd:*:*) - echo hppa1.0-hp-bsd -- exit 0 ;; -+ exit ;; - *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) - echo hppa1.0-hp-mpeix -- exit 0 ;; -+ exit ;; - hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) - echo hppa1.1-hp-osf -- exit 0 ;; -+ exit ;; - hp8??:OSF1:*:*) - echo hppa1.0-hp-osf -- exit 0 ;; -+ exit ;; - i*86:OSF1:*:*) - if [ -x /usr/sbin/sysversion ] ; then - echo ${UNAME_MACHINE}-unknown-osf1mk - else - echo ${UNAME_MACHINE}-unknown-osf1 - fi -- exit 0 ;; -+ exit ;; - parisc*:Lites*:*:*) - echo hppa1.1-hp-lites -- exit 0 ;; -+ exit ;; - C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) - echo c1-convex-bsd -- exit 0 ;; -+ exit ;; - C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) - if getsysinfo -f scalar_acc - then echo c32-convex-bsd - else echo c2-convex-bsd - fi -- exit 0 ;; -+ exit ;; - C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) - echo c34-convex-bsd -- exit 0 ;; -+ exit ;; - C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) - echo c38-convex-bsd -- exit 0 ;; -+ exit ;; - C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) - echo c4-convex-bsd -- exit 0 ;; -+ exit ;; - CRAY*Y-MP:*:*:*) - echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' -- exit 0 ;; -+ exit ;; - CRAY*[A-Z]90:*:*:*) - echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ - | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ - -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ - -e 's/\.[^.]*$/.X/' -- exit 0 ;; -+ exit ;; - CRAY*TS:*:*:*) - echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' -- exit 0 ;; -- CRAY*T3D:*:*:*) -- echo alpha-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' -- exit 0 ;; -+ exit ;; - CRAY*T3E:*:*:*) - echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' -- exit 0 ;; -+ exit ;; - CRAY*SV1:*:*:*) - echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' -- exit 0 ;; -+ exit ;; -+ *:UNICOS/mp:*:*) -+ echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' -+ exit ;; - F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) - FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` - echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" -- exit 0 ;; -+ exit ;; -+ 5000:UNIX_System_V:4.*:*) -+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` -+ FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` -+ echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" -+ exit ;; - i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) - echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - sparc*:BSD/OS:*:*) - echo sparc-unknown-bsdi${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - *:BSD/OS:*:*) - echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - *:FreeBSD:*:*) -- # Determine whether the default compiler uses glibc. -- eval $set_cc_for_build -- sed 's/^ //' << EOF >$dummy.c -- #include <features.h> -- #if __GLIBC__ >= 2 -- LIBC=gnu -- #else -- LIBC= -- #endif --EOF -- eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` -- rm -f $dummy.c && rmdir $tmpdir -- echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC} -- exit 0 ;; -+ echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` -+ exit ;; - i*:CYGWIN*:*) - echo ${UNAME_MACHINE}-pc-cygwin -- exit 0 ;; -+ exit ;; - i*:MINGW*:*) - echo ${UNAME_MACHINE}-pc-mingw32 -- exit 0 ;; -+ exit ;; -+ i*:windows32*:*) -+ # uname -m includes "-pc" on this system. -+ echo ${UNAME_MACHINE}-mingw32 -+ exit ;; - i*:PW*:*) - echo ${UNAME_MACHINE}-pc-pw32 -- exit 0 ;; -- x86:Interix*:3*) -- echo i586-pc-interix3 -- exit 0 ;; -+ exit ;; -+ x86:Interix*:[34]*) -+ echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//' -+ exit ;; - [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) - echo i${UNAME_MACHINE}-pc-mks -- exit 0 ;; -+ exit ;; - i*:Windows_NT*:* | Pentium*:Windows_NT*:*) - # How do we know it's Interix rather than the generic POSIX subsystem? - # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we - # UNAME_MACHINE based on the output of uname instead of i386? - echo i586-pc-interix -- exit 0 ;; -+ exit ;; - i*:UWIN*:*) - echo ${UNAME_MACHINE}-pc-uwin -- exit 0 ;; -+ exit ;; -+ amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) -+ echo x86_64-unknown-cygwin -+ exit ;; - p*:CYGWIN*:*) - echo powerpcle-unknown-cygwin -- exit 0 ;; -+ exit ;; - prep*:SunOS:5.*:*) - echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` -- exit 0 ;; -+ exit ;; - *:GNU:*:*) -+ # the GNU system - echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` -- exit 0 ;; -+ exit ;; -+ *:GNU/*:*:*) -+ # other systems with GNU libc and userland -+ echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu -+ exit ;; - i*86:Minix:*:*) - echo ${UNAME_MACHINE}-pc-minix -- exit 0 ;; -+ exit ;; - arm*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu -- exit 0 ;; -+ exit ;; -+ cris:Linux:*:*) -+ echo cris-axis-linux-gnu -+ exit ;; -+ crisv32:Linux:*:*) -+ echo crisv32-axis-linux-gnu -+ exit ;; -+ frv:Linux:*:*) -+ echo frv-unknown-linux-gnu -+ exit ;; - ia64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu -- exit 0 ;; -+ exit ;; -+ m32r*:Linux:*:*) -+ echo ${UNAME_MACHINE}-unknown-linux-gnu -+ exit ;; - m68*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu -- exit 0 ;; -+ exit ;; - mips:Linux:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c -@@ -799,8 +852,7 @@ - #endif - EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` -- rm -f $dummy.c && rmdir $tmpdir -- test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 -+ test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } - ;; - mips64:Linux:*:*) - eval $set_cc_for_build -@@ -819,15 +871,17 @@ - #endif - EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` -- rm -f $dummy.c && rmdir $tmpdir -- test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 -+ test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } - ;; -+ or32:Linux:*:*) -+ echo or32-unknown-linux-gnu -+ exit ;; - ppc:Linux:*:*) - echo powerpc-unknown-linux-gnu -- exit 0 ;; -+ exit ;; - ppc64:Linux:*:*) - echo powerpc64-unknown-linux-gnu -- exit 0 ;; -+ exit ;; - alpha:Linux:*:*) - case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in - EV5) UNAME_MACHINE=alphaev5 ;; -@@ -841,7 +895,7 @@ - objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null - if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi - echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} -- exit 0 ;; -+ exit ;; - parisc:Linux:*:* | hppa:Linux:*:*) - # Look for CPU level - case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in -@@ -849,22 +903,25 @@ - PA8*) echo hppa2.0-unknown-linux-gnu ;; - *) echo hppa-unknown-linux-gnu ;; - esac -- exit 0 ;; -+ exit ;; - parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-gnu -- exit 0 ;; -+ exit ;; - s390:Linux:*:* | s390x:Linux:*:*) - echo ${UNAME_MACHINE}-ibm-linux -- exit 0 ;; -+ exit ;; -+ sh64*:Linux:*:*) -+ echo ${UNAME_MACHINE}-unknown-linux-gnu -+ exit ;; - sh*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu -- exit 0 ;; -+ exit ;; - sparc:Linux:*:* | sparc64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu -- exit 0 ;; -+ exit ;; - x86_64:Linux:*:*) - echo x86_64-unknown-linux-gnu -- exit 0 ;; -+ exit ;; - i*86:Linux:*:*) - # The BFD linker knows what the default object file format is, so - # first see if it will tell us. cd to the root directory to prevent -@@ -882,15 +939,15 @@ - ;; - a.out-i386-linux) - echo "${UNAME_MACHINE}-pc-linux-gnuaout" -- exit 0 ;; -+ exit ;; - coff-i386) - echo "${UNAME_MACHINE}-pc-linux-gnucoff" -- exit 0 ;; -+ exit ;; - "") - # Either a pre-BFD a.out linker (linux-gnuoldld) or - # one that does not give us useful --help. - echo "${UNAME_MACHINE}-pc-linux-gnuoldld" -- exit 0 ;; -+ exit ;; - esac - # Determine whether the default compiler is a.out or elf - eval $set_cc_for_build -@@ -913,18 +970,23 @@ - LIBC=gnuaout - #endif - #endif -+ #ifdef __dietlibc__ -+ LIBC=dietlibc -+ #endif - EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` -- rm -f $dummy.c && rmdir $tmpdir -- test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0 -- test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0 -+ test x"${LIBC}" != x && { -+ echo "${UNAME_MACHINE}-pc-linux-${LIBC}" -+ exit -+ } -+ test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; } - ;; - i*86:DYNIX/ptx:4*:*) - # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. - # earlier versions are messed up and put the nodename in both - # sysname and nodename. - echo i386-sequent-sysv4 -- exit 0 ;; -+ exit ;; - i*86:UNIX_SV:4.2MP:2.*) - # Unixware is an offshoot of SVR4, but it has its own version - # number series starting with 2... -@@ -932,24 +994,27 @@ - # I just have to hope. -- rms. - # Use sysv4.2uw... so that sysv4* matches it. - echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} -- exit 0 ;; -+ exit ;; - i*86:OS/2:*:*) - # If we were able to find `uname', then EMX Unix compatibility - # is probably installed. - echo ${UNAME_MACHINE}-pc-os2-emx -- exit 0 ;; -+ exit ;; - i*86:XTS-300:*:STOP) - echo ${UNAME_MACHINE}-unknown-stop -- exit 0 ;; -+ exit ;; - i*86:atheos:*:*) - echo ${UNAME_MACHINE}-unknown-atheos -- exit 0 ;; -+ exit ;; -+ i*86:syllable:*:*) -+ echo ${UNAME_MACHINE}-pc-syllable -+ exit ;; - i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) - echo i386-unknown-lynxos${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - i*86:*DOS:*:*) - echo ${UNAME_MACHINE}-pc-msdosdjgpp -- exit 0 ;; -+ exit ;; - i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) - UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` - if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then -@@ -957,15 +1022,16 @@ - else - echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} - fi -- exit 0 ;; -- i*86:*:5:[78]*) -+ exit ;; -+ i*86:*:5:[678]*) -+ # UnixWare 7.x, OpenUNIX and OpenServer 6. - case `/bin/uname -X | grep "^Machine"` in - *486*) UNAME_MACHINE=i486 ;; - *Pentium) UNAME_MACHINE=i586 ;; - *Pent*|*Celeron) UNAME_MACHINE=i686 ;; - esac - echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} -- exit 0 ;; -+ exit ;; - i*86:*:3.2:*) - if test -f /usr/options/cb.name; then - UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name` -@@ -983,73 +1049,73 @@ - else - echo ${UNAME_MACHINE}-pc-sysv32 - fi -- exit 0 ;; -+ exit ;; - pc:*:*:*) - # Left here for compatibility: - # uname -m prints for DJGPP always 'pc', but it prints nothing about - # the processor, so we play safe by assuming i386. - echo i386-pc-msdosdjgpp -- exit 0 ;; -+ exit ;; - Intel:Mach:3*:*) - echo i386-pc-mach3 -- exit 0 ;; -+ exit ;; - paragon:*:*:*) - echo i860-intel-osf1 -- exit 0 ;; -+ exit ;; - i860:*:4.*:*) # i860-SVR4 - if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then - echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 - else # Add other i860-SVR4 vendors below as they are discovered. - echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 - fi -- exit 0 ;; -+ exit ;; - mini*:CTIX:SYS*5:*) - # "miniframe" - echo m68010-convergent-sysv -- exit 0 ;; -+ exit ;; - mc68k:UNIX:SYSTEM5:3.51m) - echo m68k-convergent-sysv -- exit 0 ;; -+ exit ;; - M680?0:D-NIX:5.3:*) - echo m68k-diab-dnix -- exit 0 ;; -- M68*:*:R3V[567]*:*) -- test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; -- 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0) -+ exit ;; -+ M68*:*:R3V[5678]*:*) -+ test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; -+ 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) - OS_REL='' - test -r /etc/.relid \ - && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` - /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ -- && echo i486-ncr-sysv4.3${OS_REL} && exit 0 -+ && { echo i486-ncr-sysv4.3${OS_REL}; exit; } - /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ -- && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; -+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; - 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) - /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ -- && echo i486-ncr-sysv4 && exit 0 ;; -+ && { echo i486-ncr-sysv4; exit; } ;; - m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) - echo m68k-unknown-lynxos${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - mc68030:UNIX_System_V:4.*:*) - echo m68k-atari-sysv4 -- exit 0 ;; -+ exit ;; - TSUNAMI:LynxOS:2.*:*) - echo sparc-unknown-lynxos${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - rs6000:LynxOS:2.*:*) - echo rs6000-unknown-lynxos${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) - echo powerpc-unknown-lynxos${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - SM[BE]S:UNIX_SV:*:*) - echo mips-dde-sysv${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - RM*:ReliantUNIX-*:*:*) - echo mips-sni-sysv4 -- exit 0 ;; -+ exit ;; - RM*:SINIX-*:*:*) - echo mips-sni-sysv4 -- exit 0 ;; -+ exit ;; - *:SINIX-*:*:*) - if uname -p 2>/dev/null >/dev/null ; then - UNAME_MACHINE=`(uname -p) 2>/dev/null` -@@ -1057,64 +1123,73 @@ - else - echo ns32k-sni-sysv - fi -- exit 0 ;; -+ exit ;; - PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort - # says <Richard.M.Bartel@ccMail.Census.GOV> - echo i586-unisys-sysv4 -- exit 0 ;; -+ exit ;; - *:UNIX_System_V:4*:FTX*) - # From Gerald Hewes <hewes@openmarket.com>. - # How about differentiating between stratus architectures? -djm - echo hppa1.1-stratus-sysv4 -- exit 0 ;; -+ exit ;; - *:*:*:FTX*) - # From seanf@swdc.stratus.com. - echo i860-stratus-sysv4 -- exit 0 ;; -+ exit ;; -+ i*86:VOS:*:*) -+ # From Paul.Green@stratus.com. -+ echo ${UNAME_MACHINE}-stratus-vos -+ exit ;; - *:VOS:*:*) - # From Paul.Green@stratus.com. - echo hppa1.1-stratus-vos -- exit 0 ;; -+ exit ;; - mc68*:A/UX:*:*) - echo m68k-apple-aux${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - news*:NEWS-OS:6*:*) - echo mips-sony-newsos6 -- exit 0 ;; -+ exit ;; - R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) - if [ -d /usr/nec ]; then - echo mips-nec-sysv${UNAME_RELEASE} - else - echo mips-unknown-sysv${UNAME_RELEASE} - fi -- exit 0 ;; -+ exit ;; - BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. - echo powerpc-be-beos -- exit 0 ;; -+ exit ;; - BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. - echo powerpc-apple-beos -- exit 0 ;; -+ exit ;; - BePC:BeOS:*:*) # BeOS running on Intel PC compatible. - echo i586-pc-beos -- exit 0 ;; -+ exit ;; - SX-4:SUPER-UX:*:*) - echo sx4-nec-superux${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - SX-5:SUPER-UX:*:*) - echo sx5-nec-superux${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - SX-6:SUPER-UX:*:*) - echo sx6-nec-superux${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - Power*:Rhapsody:*:*) - echo powerpc-apple-rhapsody${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - *:Rhapsody:*:*) - echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - *:Darwin:*:*) -- echo `uname -p`-apple-darwin${UNAME_RELEASE} -- exit 0 ;; -+ UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown -+ case $UNAME_PROCESSOR in -+ *86) UNAME_PROCESSOR=i686 ;; -+ unknown) UNAME_PROCESSOR=powerpc ;; -+ esac -+ echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} -+ exit ;; - *:procnto*:*:* | *:QNX:[0123456789]*:*) - UNAME_PROCESSOR=`uname -p` - if test "$UNAME_PROCESSOR" = "x86"; then -@@ -1122,22 +1197,25 @@ - UNAME_MACHINE=pc - fi - echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - *:QNX:*:4*) - echo i386-pc-qnx -- exit 0 ;; -- NSR-[DGKLNPTVW]:NONSTOP_KERNEL:*:*) -+ exit ;; -+ NSE-?:NONSTOP_KERNEL:*:*) -+ echo nse-tandem-nsk${UNAME_RELEASE} -+ exit ;; -+ NSR-?:NONSTOP_KERNEL:*:*) - echo nsr-tandem-nsk${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - *:NonStop-UX:*:*) - echo mips-compaq-nonstopux -- exit 0 ;; -+ exit ;; - BS2000:POSIX*:*:*) - echo bs2000-siemens-sysv -- exit 0 ;; -+ exit ;; - DS/*:UNIX_System_V:*:*) - echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - *:Plan9:*:*) - # "uname -m" is not consistent, so use $cputype instead. 386 - # is converted to i386 for consistency with other x86 -@@ -1148,25 +1226,44 @@ - UNAME_MACHINE="$cputype" - fi - echo ${UNAME_MACHINE}-unknown-plan9 -- exit 0 ;; -+ exit ;; - *:TOPS-10:*:*) - echo pdp10-unknown-tops10 -- exit 0 ;; -+ exit ;; - *:TENEX:*:*) - echo pdp10-unknown-tenex -- exit 0 ;; -+ exit ;; - KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) - echo pdp10-dec-tops20 -- exit 0 ;; -+ exit ;; - XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) - echo pdp10-xkl-tops20 -- exit 0 ;; -+ exit ;; - *:TOPS-20:*:*) - echo pdp10-unknown-tops20 -- exit 0 ;; -+ exit ;; - *:ITS:*:*) - echo pdp10-unknown-its -- exit 0 ;; -+ exit ;; -+ SEI:*:*:SEIUX) -+ echo mips-sei-seiux${UNAME_RELEASE} -+ exit ;; -+ *:DragonFly:*:*) -+ echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` -+ exit ;; -+ *:*VMS:*:*) -+ UNAME_MACHINE=`(uname -p) 2>/dev/null` -+ case "${UNAME_MACHINE}" in -+ A*) echo alpha-dec-vms ; exit ;; -+ I*) echo ia64-dec-vms ; exit ;; -+ V*) echo vax-dec-vms ; exit ;; -+ esac ;; -+ *:XENIX:*:SysV) -+ echo i386-pc-xenix -+ exit ;; -+ i*86:skyos:*:*) -+ echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' -+ exit ;; - esac - - #echo '(No uname command or uname output not recognized.)' 1>&2 -@@ -1198,7 +1295,7 @@ - #endif - - #if defined (__arm) && defined (__acorn) && defined (__unix) -- printf ("arm-acorn-riscix"); exit (0); -+ printf ("arm-acorn-riscix\n"); exit (0); - #endif - - #if defined (hp300) && !defined (hpux) -@@ -1287,12 +1384,12 @@ - } - EOF - --$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0 --rm -f $dummy.c $dummy && rmdir $tmpdir -+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && -+ { echo "$SYSTEM_NAME"; exit; } - - # Apollos put the system type in the environment. - --test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; } -+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } - - # Convex versions that predate uname can use getsysinfo(1) - -@@ -1301,22 +1398,22 @@ - case `getsysinfo -f cpu_type` in - c1*) - echo c1-convex-bsd -- exit 0 ;; -+ exit ;; - c2*) - if getsysinfo -f scalar_acc - then echo c32-convex-bsd - else echo c2-convex-bsd - fi -- exit 0 ;; -+ exit ;; - c34*) - echo c34-convex-bsd -- exit 0 ;; -+ exit ;; - c38*) - echo c38-convex-bsd -- exit 0 ;; -+ exit ;; - c4*) - echo c4-convex-bsd -- exit 0 ;; -+ exit ;; - esac - fi - -@@ -1327,7 +1424,9 @@ - the operating system you are using. It is advised that you - download the most up to date version of the config scripts from - -- ftp://ftp.gnu.org/pub/gnu/config/ -+ http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess -+and -+ http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub - - If the version you run ($0) is already up to date, please - send the following data and any information you think might be ---- sudo-1.6.8p12.orig/config.sub -+++ sudo-1.6.8p12/config.sub -@@ -1,11 +1,9 @@ - #! /bin/sh - # Configuration validation subroutine script. - # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, --# 2000, 2001, 2002 Free Software Foundation, Inc. --# --# $Sudo: config.sub,v 1.11 2003/01/20 21:07:51 millert Exp $ -+# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. - --timestamp='2002-11-30' -+timestamp='2005-07-08' - - # This file is (in principle) common to ALL GNU software. - # The presence of a machine in this file suggests that SOME GNU software -@@ -23,14 +21,15 @@ - # - # You should have received a copy of the GNU General Public License - # along with this program; if not, write to the Free Software --# Foundation, Inc., 59 Temple Place - Suite 330, --# Boston, MA 02111-1307, USA. -- -+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA -+# 02110-1301, USA. -+# - # As a special exception to the GNU General Public License, if you - # distribute this file as part of a program that contains a - # configuration script generated by Autoconf, you may include it under - # the same distribution terms that you use for the rest of that program. - -+ - # Please send patches to <config-patches@gnu.org>. Submit a context - # diff and a properly formatted ChangeLog entry. - # -@@ -72,7 +71,7 @@ - version="\ - GNU config.sub ($timestamp) - --Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 -+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 - Free Software Foundation, Inc. - - This is free software; see the source for copying conditions. There is NO -@@ -85,11 +84,11 @@ - while test $# -gt 0 ; do - case $1 in - --time-stamp | --time* | -t ) -- echo "$timestamp" ; exit 0 ;; -+ echo "$timestamp" ; exit ;; - --version | -v ) -- echo "$version" ; exit 0 ;; -+ echo "$version" ; exit ;; - --help | --h* | -h ) -- echo "$usage"; exit 0 ;; -+ echo "$usage"; exit ;; - -- ) # Stop option processing - shift; break ;; - - ) # Use stdin as input. -@@ -101,7 +100,7 @@ - *local*) - # First pass through any local machine types. - echo $1 -- exit 0;; -+ exit ;; - - * ) - break ;; -@@ -120,7 +119,8 @@ - # Here we must recognize all the valid KERNEL-OS combinations. - maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` - case $maybe_os in -- nto-qnx* | linux-gnu* | freebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*) -+ nto-qnx* | linux-gnu* | linux-dietlibc | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | \ -+ kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*) - os=-$maybe_os - basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` - ;; -@@ -146,7 +146,7 @@ - -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ - -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ - -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ -- -apple | -axis | -sr2201*) -+ -apple | -axis | -knuth | -cray) - os= - basic_machine=$1 - ;; -@@ -230,14 +230,16 @@ - | a29k \ - | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ - | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ -+ | am33_2.0 \ - | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \ -- | clipper \ -+ | bfin \ -+ | c4x | clipper \ - | d10v | d30v | dlx | dsp16xx \ - | fr30 | frv \ - | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ - | i370 | i860 | i960 | ia64 \ -- | ip2k \ -- | m32r | m68000 | m68k | m88k | mcore \ -+ | ip2k | iq2000 \ -+ | m32r | m32rle | m68000 | m68k | m88k | maxq | mcore \ - | mips | mipsbe | mipseb | mipsel | mipsle \ - | mips16 \ - | mips64 | mips64el \ -@@ -246,28 +248,37 @@ - | mips64vr4100 | mips64vr4100el \ - | mips64vr4300 | mips64vr4300el \ - | mips64vr5000 | mips64vr5000el \ -+ | mips64vr5900 | mips64vr5900el \ - | mipsisa32 | mipsisa32el \ -+ | mipsisa32r2 | mipsisa32r2el \ - | mipsisa64 | mipsisa64el \ -+ | mipsisa64r2 | mipsisa64r2el \ - | mipsisa64sb1 | mipsisa64sb1el \ - | mipsisa64sr71k | mipsisa64sr71kel \ - | mipstx39 | mipstx39el \ - | mn10200 | mn10300 \ -+ | ms1 \ -+ | msp430 \ - | ns16k | ns32k \ -- | openrisc | or32 \ -+ | or32 \ - | pdp10 | pdp11 | pj | pjl \ - | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ - | pyramid \ -- | sh | sh[1234] | sh3e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \ -+ | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \ - | sh64 | sh64le \ -- | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \ -+ | sparc | sparc64 | sparc64b | sparc86x | sparclet | sparclite \ -+ | sparcv8 | sparcv9 | sparcv9b \ - | strongarm \ -- | tahoe | thumb | tic80 | tron \ -+ | tahoe | thumb | tic4x | tic80 | tron \ - | v850 | v850e \ - | we32k \ -- | x86 | xscale | xstormy16 | xtensa \ -+ | x86 | xscale | xscalee[bl] | xstormy16 | xtensa \ - | z8k) - basic_machine=$basic_machine-unknown - ;; -+ m32c) -+ basic_machine=$basic_machine-unknown -+ ;; - m6811 | m68hc11 | m6812 | m68hc12) - # Motorola 68HC11/12. - basic_machine=$basic_machine-unknown -@@ -295,19 +306,19 @@ - | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ - | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ - | avr-* \ -- | bs2000-* \ -- | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* \ -- | clipper-* | cydra-* \ -+ | bfin-* | bs2000-* \ -+ | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ -+ | clipper-* | craynv-* | cydra-* \ - | d10v-* | d30v-* | dlx-* \ - | elxsi-* \ - | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ - | h8300-* | h8500-* \ - | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ - | i*86-* | i860-* | i960-* | ia64-* \ -- | ip2k-* \ -- | m32r-* \ -+ | ip2k-* | iq2000-* \ -+ | m32r-* | m32rle-* \ - | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ -- | m88110-* | m88k-* | mcore-* \ -+ | m88110-* | m88k-* | maxq-* | mcore-* \ - | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ - | mips16-* \ - | mips64-* | mips64el-* \ -@@ -316,29 +327,40 @@ - | mips64vr4100-* | mips64vr4100el-* \ - | mips64vr4300-* | mips64vr4300el-* \ - | mips64vr5000-* | mips64vr5000el-* \ -+ | mips64vr5900-* | mips64vr5900el-* \ - | mipsisa32-* | mipsisa32el-* \ -+ | mipsisa32r2-* | mipsisa32r2el-* \ - | mipsisa64-* | mipsisa64el-* \ -+ | mipsisa64r2-* | mipsisa64r2el-* \ - | mipsisa64sb1-* | mipsisa64sb1el-* \ - | mipsisa64sr71k-* | mipsisa64sr71kel-* \ -- | mipstx39 | mipstx39el \ -+ | mipstx39-* | mipstx39el-* \ -+ | mmix-* \ -+ | ms1-* \ -+ | msp430-* \ - | none-* | np1-* | ns16k-* | ns32k-* \ - | orion-* \ - | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ - | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ - | pyramid-* \ - | romp-* | rs6000-* \ -- | sh-* | sh[1234]-* | sh3e-* | sh[34]eb-* | shbe-* \ -+ | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | shbe-* \ - | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ -- | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \ -- | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ -- | tahoe-* | thumb-* | tic30-* | tic4x-* | tic54x-* | tic80-* | tron-* \ -+ | sparc-* | sparc64-* | sparc64b-* | sparc86x-* | sparclet-* \ -+ | sparclite-* \ -+ | sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ -+ | tahoe-* | thumb-* \ -+ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ -+ | tron-* \ - | v850-* | v850e-* | vax-* \ - | we32k-* \ -- | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \ -- | xtensa-* \ -+ | x86-* | x86_64-* | xps100-* | xscale-* | xscalee[bl]-* \ -+ | xstormy16-* | xtensa-* \ - | ymp-* \ - | z8k-*) - ;; -+ m32c-*) -+ ;; - # Recognize the various machine names and aliases which stand - # for a CPU type and a company and sometimes even an OS. - 386bsd) -@@ -355,6 +377,9 @@ - basic_machine=a29k-amd - os=-udi - ;; -+ abacus) -+ basic_machine=abacus-unknown -+ ;; - adobe68k) - basic_machine=m68010-adobe - os=-scout -@@ -434,12 +459,27 @@ - basic_machine=j90-cray - os=-unicos - ;; -+ craynv) -+ basic_machine=craynv-cray -+ os=-unicosmp -+ ;; -+ cr16c) -+ basic_machine=cr16c-unknown -+ os=-elf -+ ;; - crds | unos) - basic_machine=m68k-crds - ;; -+ crisv32 | crisv32-* | etraxfs*) -+ basic_machine=crisv32-axis -+ ;; - cris | cris-* | etrax*) - basic_machine=cris-axis - ;; -+ crx) -+ basic_machine=crx-unknown -+ os=-elf -+ ;; - da30 | da30-*) - basic_machine=m68k-da30 - ;; -@@ -462,6 +502,10 @@ - basic_machine=m88k-motorola - os=-sysv3 - ;; -+ djgpp) -+ basic_machine=i586-pc -+ os=-msdosdjgpp -+ ;; - dpx20 | dpx20-*) - basic_machine=rs6000-bull - os=-bosx -@@ -515,10 +559,6 @@ - basic_machine=h8500-hitachi - os=-hms - ;; -- sr2201*) -- basic_machine=harp1e-hitachi -- os=-hiuxmpp -- ;; - harris) - basic_machine=m88k-harris - os=-sysv3 -@@ -644,10 +684,6 @@ - mips3*) - basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown - ;; -- mmix*) -- basic_machine=mmix-knuth -- os=-mmixware -- ;; - monitor) - basic_machine=m68k-rom68k - os=-coff -@@ -735,9 +771,12 @@ - basic_machine=hppa1.1-oki - os=-proelf - ;; -- or32 | or32-*) -+ openrisc | openrisc-*) - basic_machine=or32-unknown -- os=-coff -+ ;; -+ os400) -+ basic_machine=powerpc-ibm -+ os=-os400 - ;; - OSE68000 | ose68000) - basic_machine=m68000-ericsson -@@ -770,18 +809,24 @@ - pentiumpro | p6 | 6x86 | athlon | athlon_*) - basic_machine=i686-pc - ;; -- pentiumii | pentium2) -+ pentiumii | pentium2 | pentiumiii | pentium3) - basic_machine=i686-pc - ;; -+ pentium4) -+ basic_machine=i786-pc -+ ;; - pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) - basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentiumpro-* | p6-* | 6x86-* | athlon-*) - basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; -- pentiumii-* | pentium2-*) -+ pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) - basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; -+ pentium4-*) -+ basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` -+ ;; - pn) - basic_machine=pn-gould - ;; -@@ -840,6 +885,10 @@ - sb1el) - basic_machine=mipsisa64sb1el-unknown - ;; -+ sei) -+ basic_machine=mips-sei -+ os=-seiux -+ ;; - sequent) - basic_machine=i386-sequent - ;; -@@ -847,6 +896,9 @@ - basic_machine=sh-hitachi - os=-hms - ;; -+ sh64) -+ basic_machine=sh64-unknown -+ ;; - sparclite-wrs | simso-wrs) - basic_machine=sparclite-wrs - os=-vxworks -@@ -913,10 +965,6 @@ - basic_machine=i386-sequent - os=-dynix - ;; -- t3d) -- basic_machine=alpha-cray -- os=-unicos -- ;; - t3e) - basic_machine=alphaev5-cray - os=-unicos -@@ -925,14 +973,18 @@ - basic_machine=t90-cray - os=-unicos - ;; -- tic4x | c4x*) -- basic_machine=tic4x-unknown -- os=-coff -- ;; - tic54x | c54x*) - basic_machine=tic54x-unknown - os=-coff - ;; -+ tic55x | c55x*) -+ basic_machine=tic55x-unknown -+ os=-coff -+ ;; -+ tic6x | c6x*) -+ basic_machine=tic6x-unknown -+ os=-coff -+ ;; - tx39) - basic_machine=mipstx39-unknown - ;; -@@ -946,6 +998,10 @@ - tower | tower-32) - basic_machine=m68k-ncr - ;; -+ tpf) -+ basic_machine=s390x-ibm -+ os=-tpf -+ ;; - udi29k) - basic_machine=a29k-amd - os=-udi -@@ -989,6 +1045,10 @@ - basic_machine=hppa1.1-winbond - os=-proelf - ;; -+ xbox) -+ basic_machine=i686-pc -+ os=-mingw32 -+ ;; - xps | xps100) - basic_machine=xps100-honeywell - ;; -@@ -1019,6 +1079,9 @@ - romp) - basic_machine=romp-ibm - ;; -+ mmix) -+ basic_machine=mmix-knuth -+ ;; - rs6000) - basic_machine=rs6000-ibm - ;; -@@ -1035,13 +1098,10 @@ - we32k) - basic_machine=we32k-att - ;; -- sh3 | sh4 | sh3eb | sh4eb | sh[1234]le | sh3ele) -+ sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele) - basic_machine=sh-unknown - ;; -- sh64) -- basic_machine=sh64-unknown -- ;; -- sparc | sparcv9 | sparcv9b) -+ sparc | sparcv8 | sparcv9 | sparcv9b) - basic_machine=sparc-sun - ;; - cydra) -@@ -1114,19 +1174,21 @@ - | -aos* \ - | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ - | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ -- | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \ -- | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ -+ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* | -openbsd* \ -+ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ -+ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ - | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ - | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ - | -chorusos* | -chorusrdb* \ - | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ -- | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \ -+ | -mingw32* | -linux-gnu* | -linux-uclibc* | -uxpv* | -beos* | -mpeix* | -udk* \ - | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ - | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ - | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ - | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ - | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ -- | -powermax* | -dnix*) -+ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ -+ | -skyos* | -haiku*) - # Remember, each alternative MUST END IN *, to match a version number. - ;; - -qnx*) -@@ -1144,12 +1206,15 @@ - os=`echo $os | sed -e 's|nto|nto-qnx|'` - ;; - -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ -- | -windows* | -osx | -abug | -netware* | -os9* | -beos* \ -+ | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ - | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) - ;; - -mac*) - os=`echo $os | sed -e 's|mac|macos|'` - ;; -+ -linux-dietlibc) -+ os=-linux-dietlibc -+ ;; - -linux*) - os=`echo $os | sed -e 's|linux|linux-gnu|'` - ;; -@@ -1162,6 +1227,9 @@ - -opened*) - os=-openedition - ;; -+ -os400*) -+ os=-os400 -+ ;; - -wince*) - os=-wince - ;; -@@ -1183,6 +1251,9 @@ - -atheos*) - os=-atheos - ;; -+ -syllable*) -+ os=-syllable -+ ;; - -386bsd) - os=-bsd - ;; -@@ -1205,6 +1276,9 @@ - -sinix*) - os=-sysv4 - ;; -+ -tpf*) -+ os=-tpf -+ ;; - -triton*) - os=-sysv3 - ;; -@@ -1235,6 +1309,15 @@ - -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) - os=-mint - ;; -+ -aros*) -+ os=-aros -+ ;; -+ -kaos*) -+ os=-kaos -+ ;; -+ -zvmoe) -+ os=-zvmoe -+ ;; - -none) - ;; - *) -@@ -1266,6 +1349,9 @@ - arm*-semi) - os=-aout - ;; -+ c4x-* | tic4x-*) -+ os=-coff -+ ;; - # This must come before the *-dec entry. - pdp10-*) - os=-tops20 -@@ -1309,9 +1395,15 @@ - *-be) - os=-beos - ;; -+ *-haiku) -+ os=-haiku -+ ;; - *-ibm) - os=-aix - ;; -+ *-knuth) -+ os=-mmixware -+ ;; - *-wec) - os=-proelf - ;; -@@ -1444,9 +1536,15 @@ - -mvs* | -opened*) - vendor=ibm - ;; -+ -os400*) -+ vendor=ibm -+ ;; - -ptx*) - vendor=sequent - ;; -+ -tpf*) -+ vendor=ibm -+ ;; - -vxsim* | -vxworks* | -windiss*) - vendor=wrs - ;; -@@ -1471,7 +1569,7 @@ - esac - - echo $basic_machine$os --exit 0 -+exit - - # Local variables: - # eval: (add-hook 'write-file-hooks 'time-stamp) ---- sudo-1.6.8p12.orig/sudoers -+++ sudo-1.6.8p12/sudoers -@@ -1,10 +1,17 @@ - # sudoers file. - # - # This file MUST be edited with the 'visudo' command as root. -+# 'visudo' edits the suoders file in a safe fashion. visudo -+# locks the sudoers file against multiple simultaneous edits, -+# provides basic sanity checks, and checks for syntax errors. If -+# the sudoers file is currently being edited you will receive a -+# message to try again later. - # - # See the sudoers man page for the details on how to write a sudoers file. - # - -+# Defaults syslog=auth, secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin" -+ - # Host alias specification - - # User alias specification ---- sudo-1.6.8p12.orig/debian/dirs -+++ sudo-1.6.8p12/debian/dirs -@@ -0,0 +1,7 @@ -+etc/pam.d -+usr/bin -+usr/share/man/man8 -+usr/share/man/man5 -+usr/sbin -+usr/share/doc/sudo/examples -+usr/share/lintian/overrides ---- sudo-1.6.8p12.orig/debian/docs -+++ sudo-1.6.8p12/debian/docs -@@ -0,0 +1,9 @@ -+debian/OPTIONS -+BUGS -+RUNSON -+UPGRADE -+PORTING -+TODO -+HISTORY -+README -+TROUBLESHOOTING ---- sudo-1.6.8p12.orig/debian/sudo-ldap.init.d -+++ sudo-1.6.8p12/debian/sudo-ldap.init.d -@@ -0,0 +1,31 @@ -+#! /bin/sh -+ -+### BEGIN INIT INFO -+# Provides: sudu -+# Required-Start: $local_fs $remote_fs -+# Required-Stop: -+# Default-Start: S 1 2 3 4 5 -+# Default-Stop: 0 6 -+### END INIT INFO -+ -+N=/etc/init.d/sudo -+ -+set -e -+ -+case "$1" in -+ start) -+ # make sure privileges don't persist across reboots -+ if [ -d /var/run/sudo ] -+ then -+ find /var/run/sudo -type f -exec touch -t 198501010000 '{}' \; -+ fi -+ ;; -+ stop|reload|restart|force-reload) -+ ;; -+ *) -+ echo "Usage: $N {start|stop|restart|force-reload}" >&2 -+ exit 1 -+ ;; -+esac -+ -+exit 0 ---- sudo-1.6.8p12.orig/debian/control -+++ sudo-1.6.8p12/debian/control -@@ -0,0 +1,32 @@ -+Source: sudo -+Section: admin -+Priority: optional -+Maintainer: Bdale Garbee <bdale@gag.com> -+Build-Depends: debhelper (>= 5), libpam0g-dev, libldap2-dev -+Standards-Version: 3.6.2.1 -+ -+Package: sudo -+Architecture: any -+Depends: ${shlibs:Depends}, libpam-modules -+Conflicts: sudo-ldap -+Replaces: sudo-ldap -+Description: Provide limited super user privileges to specific users -+ Sudo is a program designed to allow a sysadmin to give limited root -+ privileges to users and log root activity. The basic philosophy is to give -+ as few privileges as possible but still allow people to get their work done. -+ . -+ This version is built with minimal shared library dependencies, use the -+ sudo-ldap package instead if you need LDAP support. -+ -+Package: sudo-ldap -+Architecture: any -+Depends: ${shlibs:Depends}, libpam-modules -+Conflicts: sudo -+Replaces: sudo -+Provides: sudo -+Description: Provide limited super user privileges to specific users -+ Sudo is a program designed to allow a sysadmin to give limited root -+ privileges to users and log root activity. The basic philosophy is to give -+ as few privileges as possible but still allow people to get their work done. -+ . -+ This version is built with LDAP support. ---- sudo-1.6.8p12.orig/debian/sudo-ldap.postrm -+++ sudo-1.6.8p12/debian/sudo-ldap.postrm -@@ -0,0 +1,21 @@ -+#! /bin/sh -+ -+set -e -+ -+case "$1" in -+ purge) -+ rm -f /etc/sudoers -+ ;; -+ -+ remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) -+ ;; -+ -+ *) -+ echo "postrm called with unknown argument \`$1'" >&2 -+ exit 1 -+ -+esac -+ -+#DEBHELPER# -+ -+exit 0 ---- sudo-1.6.8p12.orig/debian/prerm -+++ sudo-1.6.8p12/debian/prerm -@@ -0,0 +1,37 @@ -+#!/bin/sh -+ -+set -e -+ -+check_password() { -+ if [ ! "$SUDO_FORCE_REMOVE" = "yes" ]; then -+ # let's check whether the root account is locked. -+ # if it is, we're not going another step. No Sirreee! -+ passwd=$(getent shadow root|cut -f2 -d:) -+ if [ "$passwd" = "*" -o "$passwd" = "!" ]; then -+ # yup, password is locked -+ echo "You have asked that the sudo package be removed," -+ echo "but no root password has been set." -+ echo "Without sudo, you may not be able to gain administrative privileges." -+ echo -+ echo "If you would prefer to access the root account with su(1)" -+ echo "or by logging in directly," -+ echo "you must set a root password with \"sudo passwd\"." -+ echo -+ echo "If you have arranged other means to access the root account," -+ echo "and you are sure this is what you want," -+ echo "you may bypass this check by setting an environment variable " -+ echo "(export SUDO_FORCE_REMOVE=yes)." -+ echo -+ echo "Refusing to remove sudo." -+ exit 1 -+ fi -+ fi -+} -+ -+case $1 in -+ remove) -+ check_password; -+ ;; -+ *) -+ ;; -+esac ---- sudo-1.6.8p12.orig/debian/rules -+++ sudo-1.6.8p12/debian/rules -@@ -0,0 +1,140 @@ -+#!/usr/bin/make -f -+ -+export DH_VERBOSE=1 -+ -+CFLAGS = -O2 -Wall -Wno-comment -+ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS))) -+CFLAGS += -g -+endif -+export CFLAGS -+ -+build: config-stamp -+config-stamp: -+ dh_testdir -+ -+ # simple version -+ mkdir -p build-simple -+ cd build-simple && ../configure --prefix=/usr -v \ -+ --with-all-insults \ -+ --with-exempt=sudo --with-pam --with-fqdn \ -+ --with-logging=syslog --with-logfac=authpriv \ -+ --with-env-editor --with-editor=/usr/bin/editor \ -+ --with-timeout=15 --with-password-timeout=0 \ -+ --disable-root-mailer --disable-setresuid \ -+ --with-sendmail=/usr/sbin/sendmail \ -+ --without-lecture \ -+ --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin" -+ -+ # LDAP version -+ mkdir -p build-ldap -+ cd build-ldap && ../configure --prefix=/usr -v \ -+ --with-all-insults \ -+ --with-exempt=sudo --with-pam --with-ldap --with-fqdn \ -+ --with-logging=syslog --with-logfac=authpriv \ -+ --with-env-editor --with-editor=/usr/bin/editor \ -+ --with-timeout=15 --with-password-timeout=0 \ -+ --disable-root-mailer --disable-setresuid \ -+ --with-sendmail=/usr/sbin/sendmail \ -+ --with-ldap-conf-file=/etc/ldap/ldap.conf \ -+ --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin" -+ -+ touch config-stamp -+ -+build: build-stamp -+build-stamp: config-stamp -+ dh_testdir -+ -+ -$(MAKE) -C build-simple -+ -$(MAKE) -C build-ldap -+ -+ touch build-stamp -+ -+clean: -+ dh_testdir -+ dh_testroot -+ rm -f config-stamp build-stamp -+ rm -rf build-simple build-ldap -+ rm -f config.cache -+ -+ -test -r /usr/share/misc/config.sub && \ -+ cp -f /usr/share/misc/config.sub config.sub -+ -test -r /usr/share/misc/config.guess && \ -+ cp -f /usr/share/misc/config.guess config.guess -+ -+ dh_clean -+ -+install: build-stamp -+ dh_testdir -+ dh_testroot -+ dh_clean -k -+ dh_installdirs -+ -+ # simple version -+ install -o root -g root -m 4755 -s build-simple/sudo debian/sudo/usr/bin/sudo -+ ln -sf sudo debian/sudo/usr/bin/sudoedit -+ install -o root -g root -m 0755 -s build-simple/visudo \ -+ debian/sudo/usr/sbin/visudo -+ install -o root -g root -m 0644 build-simple/sudo.man \ -+ debian/sudo/usr/share/man/man8/sudo.8 -+ ln -sf sudo.8 debian/sudo/usr/share/man/man8/sudoedit.8 -+ install -o root -g root -m 0644 build-simple/visudo.man \ -+ debian/sudo/usr/share/man/man8/visudo.8 -+ install -o root -g root -m 0644 build-simple/sudoers.man \ -+ debian/sudo/usr/share/man/man5/sudoers.5 -+ install -o root -g root -m 0644 sample.sudoers \ -+ debian/sudo/usr/share/doc/sudo/examples/sudoers -+ install -o root -g root -m 0644 debian/sudo.pam \ -+ debian/sudo/etc/pam.d/sudo -+ -+ install -o root -g root -m 0644 debian/sudo.lintian \ -+ debian/sudo/usr/share/lintian/overrides/sudo -+ -+ install -o root -g root -m 0644 debian/sudo_root.8 \ -+ debian/sudo/usr/share/man/man8/sudo_root.8 -+ -+ # LDAP version -+ install -o root -g root -m 4755 -s build-ldap/sudo debian/sudo-ldap/usr/bin/sudo -+ ln -sf sudo debian/sudo-ldap/usr/bin/sudoedit -+ install -o root -g root -m 0755 -s build-ldap/visudo debian/sudo-ldap/usr/sbin/visudo -+ install -o root -g root -m 0644 build-ldap/sudo.man \ -+ debian/sudo-ldap/usr/share/man/man8/sudo.8 -+ ln -sf sudo.8 debian/sudo-ldap/usr/share/man/man8/sudoedit.8 -+ install -o root -g root -m 0644 build-ldap/visudo.man \ -+ debian/sudo-ldap/usr/share/man/man8/visudo.8 -+ install -o root -g root -m 0644 build-ldap/sudoers.man \ -+ debian/sudo-ldap/usr/share/man/man5/sudoers.5 -+ install -o root -g root -m 0644 sample.sudoers \ -+ debian/sudo-ldap/usr/share/doc/sudo-ldap/examples/sudoers -+ install -o root -g root -m 0644 debian/sudo.pam \ -+ debian/sudo-ldap/etc/pam.d/sudo -+ -+ install -o root -g root -m 0644 debian/sudo-ldap.lintian \ -+ debian/sudo-ldap/usr/share/lintian/overrides/sudo-ldap -+ -+ install -o root -g root -m 0644 debian/sudo_root.8 \ -+ debian/sudo/usr/share/man/man8/sudo_root.8 -+ -+binary-indep: build install -+ -+binary-arch: build install -+ dh_testdir -+ dh_testroot -+ dh_installdocs -+ dh_installexamples -A -+# dh_installinit -psudo -psudo-ldap -+ dh_installmanpages fnmatch.3 -+ dh_installinfo -A -+ dh_installchangelogs CHANGES -+ dh_strip -+ dh_compress -+ dh_fixperms -+ chown root.root debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo -+ chmod 4755 debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo -+ dh_installdeb -+ dh_shlibdeps -+ dh_gencontrol -+ dh_md5sums -+ dh_builddeb -+ -+binary: binary-indep binary-arch -+.PHONY: build clean binary-indep binary-arch binary install ---- sudo-1.6.8p12.orig/debian/changelog -+++ sudo-1.6.8p12/debian/changelog -@@ -0,0 +1,769 @@ -+sudo (1.6.8p12-1ubuntu6) dapper; urgency=low -+ -+ * env.c: Preserve additional environment variables for non-almighty sudoers: -+ HOME, LOGNAME, DISPLAY, XAUTHORITY, XAUTHORIZATION. Closes: LP#44500 -+ -+ -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 17 May 2006 09:29:15 +0200 -+ -+sudo (1.6.8p12-1ubuntu5) dapper; urgency=low -+ -+ * env.c: Unbreak the env_keep option. Closes: LP#31690 -+ * sudoers: Add some explanatory text why it is a REALLY good idea to use -+ visudo. Closes: LP#11620 -+ -+ -- Martin Pitt <martin.pitt@ubuntu.com> Tue, 28 Mar 2006 18:52:24 +0200 -+ -+sudo (1.6.8p12-1ubuntu4) dapper; urgency=low -+ -+ * Remove the init script, it only cleans up /var/run which is a tmpfs. -+ -+ -- Scott James Remnant <scott@ubuntu.com> Wed, 22 Feb 2006 16:28:42 +0000 -+ -+sudo (1.6.8p12-1ubuntu3) dapper; urgency=low -+ -+ * Add debian/sudo_root.8: Introduction about root handling in ubuntu with -+ sudo. -+ * debian/rules: Install that new manpage into sudo and sudo-ldap. -+ -+ -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 8 Feb 2006 17:01:50 +0100 -+ -+sudo (1.6.8p12-1ubuntu2) dapper; urgency=low -+ -+ * sudo.c: If the user successfully authenticated and he is in the 'admin' -+ group, then create a stamp ~/.sudo_as_admin_successful. A future -+ /etc/profile will evaluate this flag to display a short help about how to -+ execute things as root. -+ -+ -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 18 Jan 2006 09:32:02 +0100 -+ -+sudo (1.6.8p12-1ubuntu1) dapper; urgency=low -+ -+ * Resynchronise with Debian, clean up cruft from Ubuntu diff. -+ * debian/postinst: Do not set env_reset flag in newly created sudoers files; -+ it's incompatible with upgrades. -+ * Clean up environment variable handling to fix vulns like CVE-2005-4158 and -+ CVE-2006-0151 once and for all: Only keep known-good variables if user has -+ limited sudo privileges (blacklist -> whitelist) and keep them all for -+ users with unlimited command privileges (to not drive admins and -+ developers up the wall which actually need to pass env variables from time -+ to time). -+ - parse.h, parse.yacc: -+ + Add a new flag 'cmdall' to the matchstack, and a new macro 'cmnd_all' -+ to access it. -+ + In the "cmnd" grammar rule: Set cmdall to TRUE if command specifier is -+ 'ALL', otherwise to FALSE. -+ - sudo.tab.cc: Re-yaccified to match changes to parse.yacc. -+ - sudo.h: Add new sudoers_lookup() return flag FLAG_CMND_ALL. -+ - parse.c, sudoers_lookup(): Set flag FLAG_CMND_ALL if cmnd_all matched. -+ - ldap.c: -+ + sudo_ldap_check_command(): Add return parameter all, set to true -+ if command specifier is 'ALL'. -+ + sudo_ldap_check(): Set flag FLAG_CMND_ALL if sudo_ldap_check_command() -+ returned all=1. -+ - env.c: -+ + Apply Martin Schulze's patch to switch from blacklist to whitelist -+ environment cleaning. -+ + Add parameter 'noclean' to rebuild_env(); if it is != 0, environment -+ variables are not cleaned. -+ - sudo.c: Call rebuild_env() with noclean=1 if FLAG_CMND_ALL is set. -+ -+ -- Martin Pitt <martin.pitt@ubuntu.com> Tue, 17 Jan 2006 10:03:05 +0100 -+ -+sudo (1.6.8p12-1) unstable; urgency=low -+ -+ * new upstream version, closes: #342948 (CVE-2005-4158) -+ * add env_reset to the sudoers file we create if none already exists, -+ as a further precaution in response to discussion about CVS-2005-4158 -+ * split ldap support into a new sudo-ldap package. I was trying to avoid -+ doing this, but the impact of going from 4 to 17 linked shlibs on the -+ autobuilder chroots is sufficient motivation for me. -+ closes: #344034 -+ -+ -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700 -+ -+sudo (1.6.8p9-4) unstable; urgency=low -+ -+ * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231 -+ * merge patch from Martin Pitt / Ubuntu to be more robust about resetting -+ timestamps in the init.d script, closes: #330868 -+ * add dependency header to init.d script, closes: #332849 -+ -+ -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800 -+ -+sudo (1.6.8p9-3ubuntu4) dapper; urgency=low -+ -+ * Revert addition of sudo -t, i. e. revert to version 1.6.8p9-3ubuntu1. As -+ per TB discussion, we will not use sudo for implementing -+ https://wiki.ubuntu.com/HideAdminToolsToUsers. -+ -+ -- Martin Pitt <martin.pitt@ubuntu.com> Tue, 29 Nov 2005 23:27:42 +0100 -+ -+sudo (1.6.8p9-3ubuntu3) dapper; urgency=low -+ -+ * sudo.c: Log failures even in test mode, to avoid the possibility of -+ silently poking around for interesting sudo privileges. This will generate -+ a lot of auth log clutter in the desktop case, but will not change sudo -+ semantics where it matters (on servers). -+ -+ -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 17 Nov 2005 10:35:04 +0100 -+ -+sudo (1.6.8p9-3ubuntu2) dapper; urgency=low -+ -+ * Add option -t which only tests whether the given command can be executed -+ and does not require a password. This is required for the -+ https://wiki.ubuntu.com/HideAdminToolsToUsers spec. -+ * sudo.h: Add MODE_TESTONLY mode. -+ * sudo.c: Add -t parsing and do not actually run the command in test mode, -+ just return success or failure. Also, add the new option to the "usage" -+ output. -+ * sudo.pod: Document new -t option. -+ * Put patch into debian/ubuntu-patches/sudo.add-test-option.patch to have -+ it separate for future merges (requires a manual "make sudo.man.in" to -+ actually run pod2man). -+ -+ -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 9 Nov 2005 17:40:43 -0500 -+ -+sudo (1.6.8p9-3ubuntu1) dapper; urgency=low -+ -+ * Resynchronise with Debian. -+ -+ -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 9 Nov 2005 17:12:06 -0500 -+ -+sudo (1.6.8p9-3) unstable; urgency=high -+ -+ * update debhelper compatibility level from 2 to 4 -+ * add man page symlink for sudoedit -+ * Clean SHELLOPTS and PS4 from the environment before executing programs -+ with sudo permissions [env.c, CAN-2005-2959] -+ * fix typo in manpage pointed out by Moray Allen, closes: #285995 -+ * fix paths in sample complex sudoers file, closes: #303542 -+ * fix type in sudoers man page, closes: #311244 -+ -+ -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600 -+ -+sudo (1.6.8p9-2ubuntu2) breezy; urgency=low -+ -+ * debian/init.d: When resetting the timestamps of the tty tags, actually -+ touch the files, not the per-user directories. Since bootclean.sh removes -+ /var/run/* anyway, this is no big deal, but clean it up anyway for the -+ sake of correctness. (Ubuntu #16594) -+ -+ -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 30 Sep 2005 09:52:27 +0200 -+ -+sudo (1.6.8p9-2ubuntu1) breezy; urgency=low -+ -+ * Resynchronise with Debian, resolve merging conflicts and unscramble -+ changelog. -+ -+ -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 7 Jul 2005 09:01:48 +0000 -+ -+sudo (1.6.8p9-2) unstable; urgency=high -+ -+ * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1, -+ closes: #305735 -+ -+ -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400 -+ -+sudo (1.6.8p9-1) unstable; urgency=high -+ -+ * new upstream version, fixes a race condition in sudo's pathname -+ validation, which is a security issue (CAN-2005-1993), -+ closes: #315115, #315718 -+ -+ -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400 -+ -+sudo (1.6.8p7-1) unstable; urgency=low -+ -+ * new upstream version, closes: #299585 -+ * update lintian overrides to squelch the postinst warning -+ * change sudoedit from a hard to a soft link, closes: #296896 -+ * fix regex doc in sudoers man page, closes: #300361 -+ -+ -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700 -+ -+sudo (1.6.8p5-1ubuntu3) breezy; urgency=low -+ -+ * SECURITY UPDATE: Fix privilege escalation. -+ * sudo.c, parse.yacc: safe_cmd contains the actually executed program which -+ is normally taken from /etc/sudoers. However, if sudoers contains "ALL" -+ entries that follow the matching entry, safe_cmd was overwritten with the -+ path the user specified on the command line, which opens up the -+ possibility of executing arbitrary commands by generating symlinks to -+ them. -+ * References: -+ CAN-2005-1993 -+ http://www.securityfocus.com/archive/1/402741 -+ -+ -- Martin Pitt <martin.pitt@ubuntu.com> Tue, 21 Jun 2005 13:41:05 +0200 -+ -+sudo (1.6.8p5-1ubuntu2) hoary; urgency=low -+ -+ * Add !fqdn to the Defaults so we don't die horribly when localhost doesn't -+ resolve (Ubuntu: 2772) -+ -+ -- Thom May <thom@ubuntu.com> Wed, 2 Mar 2005 20:34:20 +0000 -+ -+sudo (1.6.8p5-1ubuntu1) hoary; urgency=low -+ -+ * Resync with Debian -+ -+ -- LaMont Jones <lamont@canonical.com> Mon, 6 Dec 2004 09:31:28 -0700 -+ -+sudo (1.6.8p5-1) unstable; urgency=high -+ -+ * new upstream version -+ * restores ability to use config tuples without a value, which was causing -+ problems on upgrade closes: #283306 -+ * deliver sudoedit, closes: #283078 -+ * marking urgency high since 283306 is a serious upgrade incompatibility -+ -+ -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700 -+ -+sudo (1.6.8p3-2) unstable; urgency=high -+ -+ * update pam.d deliverable so ldap works again, closes: #282191 -+ -+ -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700 -+ -+sudo (1.6.8p3-1) unstable; urgency=high -+ -+ * new upstream version, fixes a flaw in sudo's environment sanitizing that -+ could allow a malicious user with permission to run a shell script that -+ utilized the bash shell to run arbitrary commands, closes: #281665 -+ * patch the sample sudoers to have the proper path for kill on Debian -+ systems, closes: #263486 -+ * patch the sudo manpage to reflect Debian's choice of exempt_group -+ default setting, closes: #236465 -+ * patch the sudo manpage to reflect Debian's choice of no timeout on the -+ password prompt, closes: #271194 -+ -+ -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700 -+ -+sudo (1.6.7p5-2ubuntu2) hoary; urgency=low -+ -+ * SECURITY UPDATE: fix input validation flaw -+ * env.c, rebuild_env(): skip variables with values beginnig with "()" to -+ ignore exported bash functions in the sudo environment; this prevents -+ introducing malicious functions with the name of commands that are -+ executed without full path -+ * References: -+ http://www.sudo.ws/sudo/alerts/bash_functions.html -+ -+ -- Martin Pitt <martin.pitt@canonical.com> Wed, 17 Nov 2004 18:54:30 +0100 -+ -+sudo (1.6.7p5-2ubuntu1) hoary; urgency=low -+ -+ * Resynchronise with Debian. -+ -+ -- Scott James Remnant <scott@canonical.com> Wed, 27 Oct 2004 15:06:39 +0100 -+ -+sudo (1.6.7p5-2) unstable; urgency=low -+ -+ * Jeff Bailey reports that seteuid works on current sparc systems, so we -+ no longer need the "grosshack" stuff in the sudo rules file -+ * add a postrm that removes /etc/sudoers on purge. don't do this with the -+ normal conffile mechanism since it would generate noise on every upgrade, -+ closes: #245405 -+ -+ -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400 -+ -+sudo (1.6.7p5-1ubuntu4) warty; urgency=low -+ -+ * Disable lecture by default. (Warty #987) -+ -+ -- Thom May <thom@canonical.com> Wed, 6 Oct 2004 14:31:31 +0100 -+ -+sudo (1.6.7p5-1ubuntu3) warty; urgency=low -+ -+ * Refuse to remove sudo if the root password is not set and the user is -+ running us via sudo -+ -+ -- Thom May <thom@canonical.com> Mon, 27 Sep 2004 15:30:09 +0100 -+ -+sudo (1.6.7p5-1ubuntu2) warty; urgency=low -+ -+ * Add 'Defaults !lecture,tty_tickets' to initial sudoers file. -+ -+ -- Colin Watson <cjwatson@flatline.org.uk> Mon, 23 Aug 2004 21:03:15 +0100 -+ -+sudo (1.6.7p5-1ubuntu1) warty; urgency=low -+ -+ * Remove /etc/sudoers on purge. (Closes: #245405) -+ -+ -- Fabio M. Di Nitto <fabbione@fabbione.net> Mon, 19 Jul 2004 09:42:04 +0200 -+ -+sudo (1.6.7p5-1) unstable; urgency=low -+ -+ * new upstream version, closes: #190265, #193222, #197244 -+ * change from '.' to ':' in postinst chown call, closes: #208369 -+ -+ -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600 -+ -+sudo (1.6.7p3-2) unstable; urgency=low -+ -+ * add --disable-setresuid to configure call since 2.2 kernels don't support -+ setresgid, closes: #189044 -+ * cosmetic cleanups to debian/rules as long as I'm there -+ -+ -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600 -+ -+sudo (1.6.7p3-1) unstable; urgency=low -+ -+ * new upstream version -+ * add overrides to quiet lintian about things it doesn't understand, -+ except the source one that can't be overridden until 129510 is fixed -+ -+ -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600 -+ -+sudo (1.6.6-3) unstable; urgency=low -+ -+ * add code to rules file to update config.sub/guess, closes: #164501 -+ -+ -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600 -+ -+sudo (1.6.6-2) unstable; urgency=low -+ -+ * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to -+ configure, and lose the build dependency on mail-transport-agent -+ * incorporate changes from LaMont's NMU, closes: #144665, #144737 -+ * update init.d to not try and set time on nonexistent timestamp files, -+ closes: #132616 -+ * build with --with-all-insults, admin must edit sudoers to turn insults -+ on at runtime if desired, closes: #135374 -+ * stop setting /usr/doc symlink in postinst -+ -+ -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600 -+ -+sudo (1.6.6-1.1) unstable; urgency=high -+ -+ * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts. -+ * Revert patch to auth/pam.c that left pass uninitialized, causing a -+ segfault (Closes: #144665). -+ -+ -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600 -+ -+sudo (1.6.6-1) unstable; urgency=high -+ -+ * new upstream version, fixes security problem with crafty prompts, -+ closes: #144540 -+ -+ -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600 -+ -+sudo (1.6.5p1-4) unstable; urgency=high -+ -+ * apply patch for auth/pam.c to fix yet another way to make sudo segfault -+ if ctrl/C'ed at password prompt, closes: #131235 -+ -+ -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700 -+ -+sudo (1.6.5p1-3) unstable; urgency=high -+ -+ * ugly hack to add --disable-saved-ids when building on sparc in response -+ to 131592, which will be reassigned to glibc for a real fix -+ * urgency high since the sudo currently in testing for sparc is worthless -+ -+ -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700 -+ -+sudo (1.6.5p1-2) unstable; urgency=high -+ -+ * patch from upstream to fix seg faults caused by versions of pam that -+ follow a NULL pointer, closes: #129512 -+ -+ -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700 -+ -+sudo (1.6.5p1-1) unstable; urgency=high -+ -+ * new upstream version -+ * add --disable-root-mailer option supported by new version to configure -+ call in rules file, closes: #129648 -+ -+ -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700 -+ -+sudo (1.6.4p1-1) unstable; urgency=high -+ -+ * new upstream version, with fix for segfaulting problem in 1.6.4 -+ -+ -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700 -+ -+sudo (1.6.4-1) unstable; urgency=high -+ -+ * new upstream version, includes an important security fix, closes: #127576 -+ -+ -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700 -+ -+sudo (1.6.3p7-5) unstable; urgency=low -+ -+ * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872 -+ * fix spelling error in init.d, closes: #126847 -+ -+ -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700 -+ -+sudo (1.6.3p7-4) unstable; urgency=medium -+ -+ * use touch to set status files to an ancient date instead of removing them -+ outright on reboot. this achieves the desired effect of keeping elevated -+ privs from living across reboots, without forcing everyone to see the -+ new-sudo-user lecture after every reboot. pick a time that's 'old enough' -+ for systems with good clocks, and 'recent enough' that broken PC hardware -+ setting the clock to commonly-seen bogus dates trips over the "don't trust -+ future timestamps" rule. closes: #76529, #123559 -+ * apply patch from Steve Langasek to fix seg faults due to interaction with -+ PAM code. upstream confirms the problem, and says they're fixing this -+ differently for their next release... but this should be useful in the -+ meantime, and would be good to get into woody. closes: #119147 -+ * only run the init.d at boot, not on each runlevel change... and don't run -+ it during package configure. closes: #125935 -+ * add DEB_BUILD_OPTIONS support to rules file, closes: #94952 -+ -+ -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700 -+ -+sudo (1.6.3p7-3) unstable; urgency=low -+ -+ * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not -+ resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718, -+ * fix a typo in the manpage, closes: #97368 -+ * apply patch to configure.in and run autoconf to fix problem building on -+ the hurd, closes: #96325 -+ * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed -+ to not last across reboots, closes: #76529 -+ * clean up lintian-noticed cosmetic packaging issues -+ -+ -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700 -+ -+sudo (1.6.3p7-2) unstable; urgency=low -+ -+ * update config.sub/guess for hppa support -+ -+ -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600 -+ -+sudo (1.6.3p7-1) unstable; urgency=low -+ -+ * new upstream version -+ * add build dependency on mail-transport-agent, closes: #90685 -+ -+ -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600 -+ -+sudo (1.6.3p6-1) unstable; urgency=high -+ -+ * new upstream version, fixes buffer overflow problem, -+ closes: #87259, #87278, #87263 -+ * revert to using --with-secure-path option at build time, since the option -+ available in sudoers is parsed too late to be useful, and upstream says -+ it won't get fixed quickly. This reopens 85123, which I will mark as -+ forwarded. Closes: #86199, #86117, #85676 -+ -+ -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700 -+ -+sudo (1.6.3p5-2) unstable; urgency=low -+ -+ * lose the dh_suidregister call since it's obsolete -+ * stop using the --with-secure-path option at build time, and instead show -+ how to set it in sudoers. Closes: #85123 -+ * freshen config.sub and config.guess for ia64 and hppa -+ * update sudoers man page to indicate exempt_group is on by default, -+ closes: #70847 -+ -+ -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700 -+ -+sudo (1.6.3p5-1) unstable; urgency=low -+ -+ * new upstream version, closes: #63940, #59175, #61817, #64652, #65743 -+ * this version restores core dumps before the exec, while leaving them -+ disabled during sudo's internal execution, closes: #58289 -+ * update debhelper calls in rules file -+ -+ -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600 -+ -+sudo (1.6.2p2-1) frozen unstable; urgency=medium -+ -+ * new upstream source resulting from direct collaboration with the upstream -+ author to fix ugly pam-related problems on Debian in 1.6.1 and later. -+ Closes: #56129, #55978, #55979, #56550, #56772 -+ * include more upstream documentation, closes: #55054 -+ * pam.d fragment update, closes: #56129 -+ -+ -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700 -+ -+sudo (1.6.1-1) unstable; urgency=low -+ -+ * new upstream source, closes: #52750 -+ -+ -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700 -+ -+sudo (1.6-2) unstable; urgency=low -+ -+ * drop suidregister support for this package. The sudo executable is -+ essentially worthless unless it is setuid root, and making suidregister -+ work involves shipping a non-setuid executable in the .deb and setting the -+ perms in the postinst. On a long upgrade run, this can leave the sudo -+ executable 'broken' for a long time, which is unacceptable. With this -+ version, we ship the executable setuid root in the .deb. Closes: #51742 -+ -+ -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700 -+ -+sudo (1.6-1) unstable; urgency=low -+ -+ * new upstream version, many options previously set at compile-time are now -+ configurable at runtime. -+ Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639 -+ * FHS support -+ -+ -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700 -+ -+sudo (1.5.9p4-1) unstable; urgency=low -+ -+ * new upstream version, closes: #43464 -+ * empty password handling was fixed in 1.5.8, closes: #31863 -+ -+ -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600 -+ -+sudo (1.5.9p1-1) unstable; urgency=low -+ -+ * new upstream version -+ -+ -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600 -+ -+sudo (1.5.8p1-1) unstable; urgency=medium -+ -+ * new upstream version, closes 33690 -+ * add dependency on libpam-modules, closes 34215, 33432 -+ -+ -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700 -+ -+sudo (1.5.7p4-2) unstable; urgency=medium -+ -+ * update the pam fragment provided so that sudo works with latest pam bits, -+ closes 33432 -+ -+ -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700 -+ -+sudo (1.5.7p4-1) unstable; urgency=low -+ -+ * new upstream release -+ -+ -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700 -+ -+sudo (1.5.6p5-1) unstable; urgency=low -+ -+ * new upstream patch release -+ * add PAM support, closes 28594 -+ -+ -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700 -+ -+sudo (1.5.6p2-2) unstable; urgency=low -+ -+ * update copyright file, closes 24136 -+ * review and close forwarded bugs believed fixed in this upstream version, -+ closes 17606, 15786. -+ -+ -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600 -+ -+sudo (1.5.6p2-1) unstable; urgency=low -+ -+ * new upstream release -+ -+ -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600 -+ -+sudo (1.5.4-4) frozen unstable; urgency=low -+ -+ * update postinst to use groupadd, closes 21403 -+ * move the suidregister stuff earlier in postinst to ensure it always runs -+ -+ -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600 -+ -+sudo (1.5.4-3) frozen unstable; urgency=low -+ -+ * change /etc/sudoers from a conffile to being handled in postinst, -+ closes 18219 -+ * add suidmanager support, closes 15711 -+ * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is -+ unlikely to ever fix, and which just don't matter. closes 17146 -+ * fix FSF address in copyright file, and submit exception for lintian -+ warning about sudo being setuid root -+ -+ -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600 -+ -+sudo (1.5.4-2) unstable; urgency=high -+ -+ * patch from upstream author correcting/improving security fix -+ -+ -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700 -+ -+sudo (1.5.4-1) unstable; urgency=high -+ -+ * new upstream version, includes a security fix -+ * change default editor from /bin/ae to /usr/bin/editor -+ -+ -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700 -+ -+sudo (1.5.3-1) unstable; urgency=medium -+ -+ * new upstream version, closes bug 15911. -+ * rules file reworked to use debhelper -+ * implement a really gross hack to force use of the sudo-provided -+ lsearch(), since the one in libc6 is broken! This closes bugs -+ 12552, 12557, 14881, 15259, 15916. -+ -+ -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700 -+ -+sudo (1.5.2-6) unstable; urgency=LOW -+ -+ * don't install INSTALL in the doc directory, closes bug 13195. -+ -+ -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600 -+ -+sudo (1.5.2-5) unstable; urgency=LOW -+ -+ * libc6 -+ -+ -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600 -+ -+sudo (1.5.2-4) unstable; urgency=LOW -+ -+ * change TIMEOUT (how long before you have to type your password again) -+ to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian -+ packages on slower machines much more tolerable. Closes bug 9076. -+ * touch debian/suid before debstd. Closes bug 8709. -+ -+ -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600 -+ -+sudo (1.5.2-3) frozen unstable; urgency=LOW -+ -+ * patch from upstream maintainer to close Bug 6828 -+ * add a debian/suid file to get debstd to leave my perl postinst alone -+ -+ -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600 -+ -+sudo (1.5.2-2) frozen unstable; urgency=LOW -+ -+ * change rules to use -O2 -Wall as per standards -+ -+ -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600 -+ -+sudo (1.5.2-1) unstable; urgency=LOW -+ -+ * new upstream version -+ * cosmetic changes to debian package control files -+ -+ -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700 -+ -+sudo (1.5-2) unstable; urgency=LOW -+ -+ * add /usr/X11R6/bin to the end of the secure path... this makes it -+ much easier to run xmkmf, etc., during package builds. To the extent -+ that /usr/local/sbin and /usr/local/bin were already included, I see -+ no security reasons not to add this. -+ -+ -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700 -+ -+sudo (1.5-1) unstable; urgency=LOW -+ -+ * New upstream version -+ * New maintainer -+ * New packaging format -+ -+ -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200 -+ -+Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de> -+ -+ sudo (1.4.1-1): -+ -+ * hard code SECURE_PATH to: -+ "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -+ -+ * enable ENV_EDITOR -+ -+ * enabled EXEMPTGROUP "sudo" -+ -+ * moved timestamp dir to /var/log/sudo -+ -+ * changed parser to check for long and short filenames (Bug#1162) -+ -+Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de> -+ -+ sudo (1.4.2-1): -+ -+ * New upstream source -+ -+ * Fixed postinst script -+ (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>) -+ -+ * Removed special shadow binary. This version works with and without -+ shadow password file. -+ -+Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org> -+ -+ sudo (1.4.2-2): -+ -+ * Corrected editor path to /bin/ae (Bug#3062) -+ -+ * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063) -+ -+Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org> -+ -+ sudo (1.4.3-1): -+ -+ * New upstream version -+ -+ * Changed sudoers permission to 440 (owner root, group root) to make -+ sudo usable via NFS -+ -+Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org> -+ -+ sudo (1.4.3-2): -+ -+ * Applied upstream patch 1 -+ -+Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org> -+ -+ sudo (1.4.3-3): -+ -+ * Applied upstream patch 2 -+ -+Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org> -+ -+ sudo (1.4.3-4): -+ -+ * Applied upstream patch 3 (fixes problems with an NFS-mounted -+ sudoers file) -+ -+ -+Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org> -+ -+ sudo (1.4.3-5): -+ -+ * Corrected postinst to use /usr/bin/perl instead of /bin/perl -+ [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)] -+ -+Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org> -+ -+ sudo (1.4.3-6): -+ -+ * Applied upstream patch 4 (fixes several bugs) -+ -+ * Changed priority to optional -+ -+Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org> -+ -+ sudo (1.4.3-7): -+ -+ * Corrected postinst to create correct permission for /etc/sudoers -+ (Bug#3749) -+ -+Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org> -+ -+ sudo (1.4.4-1): -+ -+ * New upstream version -+ -+ -+sudo (1.4.4-2) admin; urgency=HIGH -+ -+ * Fixed major security bug reported by Peter Tobias -+ <tobias@et-inf.fho-emden.de> -+ * Added dchanges support to debian.rules -+ -+sudo (1.4.5-1) admin; urgency=LOW -+ -+ * New upstream version -+ * Minor changes to debian.rules ---- sudo-1.6.8p12.orig/debian/sudo_root.8 -+++ sudo-1.6.8p12/debian/sudo_root.8 -@@ -0,0 +1,135 @@ -+.TH sudo_root 8 "February 8, 2006" -+ -+.SH NAME -+sudo_root \- How to run administrative commands -+ -+.SH SYNOPSIS -+ -+.B sudo -+.I command -+ -+.B sudo \-i -+ -+.SH INTRODUCTION -+ -+By default, the password for the user "root" (the system -+administrator) is locked. This means you cannot login as root or use -+su. Instead, the installer will set up sudo to allow the user that is -+created during install to run all administrative commands. -+ -+This means that in the terminal you can use sudo for commands that -+require root privileges. All programs in the menu will use a graphical -+sudo to prompt for a password. When sudo asks for a password, it needs -+.B your password, -+this means that a root password is not needed. -+ -+To run a command which requires root privileges in a terminal, simply -+prepend -+.B sudo -+in front of it. To get an interactive root shell, use -+.B sudo \-i\fR. -+ -+.SH ALLOWING OTHER USERS TO RUN SUDO -+ -+By default, only the user who installed the system is permitted to run -+sudo. To add more administrators, i. e. users who can run sudo, you -+have to add these users to the group 'admin' by doing one of the -+following steps: -+ -+.IP * 2 -+In a shell, do -+ -+.RS 4 -+.B sudo adduser -+.I username -+.B admin -+.RE -+ -+.IP * 2 -+Use the graphical "Users & Groups" program in the "System settings" -+menu to add the new user to the -+.B admin -+group. -+ -+.SH BENEFITS OF USING SUDO -+ -+The benefits of leaving root disabled by default include the following: -+ -+.IP * 2 -+Users do not have to remember an extra password, which they are likely to forget. -+.IP * 2 -+The installer is able to ask fewer questions. -+.IP * 2 -+It avoids the "I can do anything" interactive login by default \- you -+will be prompted for a password before major changes can happen, which -+should make you think about the consequences of what you are doing. -+.IP * 2 -+Sudo adds a log entry of the command(s) run (in \fB/var/log/auth.log\fR). -+.IP * 2 -+Every attacker trying to brute\-force their way into your box will -+know it has an account named root and will try that first. What they -+do not know is what the usernames of your other users are. -+.IP * 2 -+Allows easy transfer for admin rights, in a short term or long term -+period, by adding and removing users from the admin group, while not -+compromising the root account. -+.IP * 2 -+sudo can be set up with a much more fine\-grained security policy. -+ -+.SH DOWNSIDES OF USING SUDO -+ -+Although for desktops the benefits of using sudo are great, there are -+possible issues which need to be noted: -+ -+.IP * 2 -+Redirecting the output of commands run with sudo can be confusing at -+first. For instance consider -+ -+.RS 4 -+.B sudo ls > /root/somefile -+.RE -+ -+.RS 2 -+will not work since it is the shell that tries to write to that file. You can use -+.RE -+ -+.RS 4 -+.B ls | sudo tee /root/somefile -+.RE -+ -+.RS 2 -+to get the behaviour you want. -+.RE -+ -+.IP * 2 -+In a lot of office environments the ONLY local user on a system is -+root. All other users are imported using NSS techniques such as -+nss\-ldap. To setup a workstation, or fix it, in the case of a network -+failure where nss\-ldap is broken, root is required. This tends to -+leave the system unusable. An extra local user, or an enabled root -+password is needed here. -+ -+.SH GOING BACK TO A TRADITIONAL ROOT ACCOUNT -+ -+.B This is not recommended! -+ -+To enable the root account (i.e. set a password) use: -+ -+.RS 4 -+.B sudo passwd root -+.RE -+ -+Afterwards, edit -+.B /etc/sudoers -+and comment out the line -+ -+.RS 4 -+%admin ALL=(ALL) ALL -+.RE -+ -+to disable sudo access to members of the admin group. -+ -+.SH SEE ALSO -+.BR sudo (8), -+.B https://wiki.ubuntu.com/RootSudo -+ ---- sudo-1.6.8p12.orig/debian/sudo-ldap.postinst -+++ sudo-1.6.8p12/debian/sudo-ldap.postinst -@@ -0,0 +1,62 @@ -+#!/usr/bin/perl -+ -+# remove old link -+ -+unlink ("/etc/alternatives/sudo") if ( -l "/etc/alternatives/sudo"); -+ -+# make sure we have a sudoers file -+if ( ! -f "/etc/sudoers") { -+ -+ print "No /etc/sudoers found... creating one for you.\n"; -+ -+ open (SUDOERS, "> /etc/sudoers"); -+ print SUDOERS "# /etc/sudoers\n", -+ "#\n", -+ "# This file MUST be edited with the 'visudo' command as root.\n", -+ "#\n", -+ "# See the man page for details on how to write a sudoers file.\n", -+ "#\n\nDefaults\tenv_reset\n\n", -+ "# Host alias specification\n\n", -+ "# User alias specification\n\n", -+ "# Cmnd alias specification\n\n", -+ "# User privilege specification\nroot\tALL=(ALL) ALL\n"; -+ close SUDOERS; -+ -+} -+ -+# make sure sudoers has the correct permissions and owner/group -+system ('chown root:root /etc/sudoers'); -+system ('chmod 440 /etc/sudoers'); -+ -+# must do a remove first to un-do the "bad" links created by previous version -+system ('update-rc.d -f sudo remove >/dev/null 2>&1'); -+ -+#system ('update-rc.d sudo start 75 S . >/dev/null'); -+ -+# make sure we have a sudo group -+ -+exit 0 if getgrnam("sudo"); # we're finished if there is a group sudo -+ -+$gid = 27; # start searcg with gid 27 -+setgrent; -+while (getgrgid($gid)) { -+ ++$gid; -+} -+endgrent; -+ -+if ($gid != 27) { -+ print "On Debian we normally use gid 27 for 'sudo'.\n"; -+ $gname = getgrgid(27); -+ print "However, on your system gid 27 is group '$gname'.\n\n"; -+ print "Would you like me to stop configuring sudo so that you can change this? [n] "; -+ $ans = <STDIN>; -+ if ($ans =~ m/^[yY].*/) { -+ print "'dpkg --pending --configure' will restart the configuration.\n\n\n"; -+ exit 1; -+ } -+} -+ -+print "Creating group 'sudo' with gid = $gid\n"; -+system("groupadd -g $gid sudo"); -+ -+print ""; ---- sudo-1.6.8p12.orig/debian/sudo.lintian -+++ sudo-1.6.8p12/debian/sudo.lintian -@@ -0,0 +1,3 @@ -+sudo: setuid-binary usr/bin/sudo 4755 root/root -+sudo: postrm-contains-additional-updaterc.d-calls /etc/init.d/sudo -+sudo: script-in-etc-init.d-not-registered-via-update-rc.d /etc/init.d/sudo ---- sudo-1.6.8p12.orig/debian/postinst -+++ sudo-1.6.8p12/debian/postinst -@@ -0,0 +1,62 @@ -+#!/usr/bin/perl -+ -+# remove old link -+ -+unlink ("/etc/alternatives/sudo") if ( -l "/etc/alternatives/sudo"); -+ -+# make sure we have a sudoers file -+if ( ! -f "/etc/sudoers") { -+ -+ print "No /etc/sudoers found... creating one for you.\n"; -+ -+ open (SUDOERS, "> /etc/sudoers"); -+ print SUDOERS "# /etc/sudoers\n", -+ "#\n", -+ "# This file MUST be edited with the 'visudo' command as root.\n", -+ "#\n", -+ "# See the man page for details on how to write a sudoers file.\n", -+ "# Host alias specification\n\n", -+ "# User alias specification\n\n", -+ "# Cmnd alias specification\n\n", -+ "# Defaults\n\nDefaults\t!lecture,tty_tickets,!fqdn\n\n", -+ "# User privilege specification\nroot\tALL=(ALL) ALL\n"; -+ close SUDOERS; -+ -+} -+ -+# make sure sudoers has the correct permissions and owner/group -+system ('chown root:root /etc/sudoers'); -+system ('chmod 440 /etc/sudoers'); -+ -+# must do a remove first to un-do the "bad" links created by previous version -+system ('update-rc.d -f sudo remove >/dev/null 2>&1'); -+ -+#system ('update-rc.d sudo start 75 S . >/dev/null'); -+ -+# make sure we have a sudo group -+ -+exit 0 if getgrnam("sudo"); # we're finished if there is a group sudo -+ -+$gid = 27; # start searcg with gid 27 -+setgrent; -+while (getgrgid($gid)) { -+ ++$gid; -+} -+endgrent; -+ -+if ($gid != 27) { -+ print "On Debian we normally use gid 27 for 'sudo'.\n"; -+ $gname = getgrgid(27); -+ print "However, on your system gid 27 is group '$gname'.\n\n"; -+ print "Would you like me to stop configuring sudo so that you can change this? [n] "; -+ $ans = <STDIN>; -+ if ($ans =~ m/^[yY].*/) { -+ print "'dpkg --pending --configure' will restart the configuration.\n\n\n"; -+ exit 1; -+ } -+} -+ -+print "Creating group 'sudo' with gid = $gid\n"; -+system("groupadd -g $gid sudo"); -+ -+print ""; ---- sudo-1.6.8p12.orig/debian/compat -+++ sudo-1.6.8p12/debian/compat -@@ -0,0 +1 @@ -+4 ---- sudo-1.6.8p12.orig/debian/init.d -+++ sudo-1.6.8p12/debian/init.d -@@ -0,0 +1,31 @@ -+#! /bin/sh -+ -+### BEGIN INIT INFO -+# Provides: sudu -+# Required-Start: $local_fs $remote_fs -+# Required-Stop: -+# Default-Start: S 1 2 3 4 5 -+# Default-Stop: 0 6 -+### END INIT INFO -+ -+N=/etc/init.d/sudo -+ -+set -e -+ -+case "$1" in -+ start) -+ # make sure privileges don't persist across reboots -+ if [ -d /var/run/sudo ] -+ then -+ find /var/run/sudo -type f -exec touch -t 198501010000 '{}' \; -+ fi -+ ;; -+ stop|reload|restart|force-reload) -+ ;; -+ *) -+ echo "Usage: $N {start|stop|restart|force-reload}" >&2 -+ exit 1 -+ ;; -+esac -+ -+exit 0 ---- sudo-1.6.8p12.orig/debian/sudo-ldap.lintian -+++ sudo-1.6.8p12/debian/sudo-ldap.lintian -@@ -0,0 +1,3 @@ -+sudo-ldap: setuid-binary usr/bin/sudo 4755 root/root -+sudo-ldap: postrm-contains-additional-updaterc.d-calls /etc/init.d/sudo-ldap -+sudo-ldap: script-in-etc-init.d-not-registered-via-update-rc.d /etc/init.d/sudo-ldap ---- sudo-1.6.8p12.orig/debian/sudo-ldap.dirs -+++ sudo-1.6.8p12/debian/sudo-ldap.dirs -@@ -0,0 +1,7 @@ -+etc/pam.d -+usr/bin -+usr/share/man/man8 -+usr/share/man/man5 -+usr/sbin -+usr/share/doc/sudo-ldap/examples -+usr/share/lintian/overrides ---- sudo-1.6.8p12.orig/debian/sudo-ldap.docs -+++ sudo-1.6.8p12/debian/sudo-ldap.docs -@@ -0,0 +1,11 @@ -+debian/OPTIONS -+BUGS -+RUNSON -+UPGRADE -+PORTING -+TODO -+HISTORY -+README -+README.LDAP -+TROUBLESHOOTING -+sudoers2ldif ---- sudo-1.6.8p12.orig/debian/postrm -+++ sudo-1.6.8p12/debian/postrm -@@ -0,0 +1,21 @@ -+#! /bin/sh -+ -+set -e -+ -+case "$1" in -+ purge) -+ rm -f /etc/sudoers -+ ;; -+ -+ remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) -+ ;; -+ -+ *) -+ echo "postrm called with unknown argument \`$1'" >&2 -+ exit 1 -+ -+esac -+ -+#DEBHELPER# -+ -+exit 0 ---- sudo-1.6.8p12.orig/debian/OPTIONS -+++ sudo-1.6.8p12/debian/OPTIONS -@@ -0,0 +1,61 @@ -+The following options were used to configure sudo for Debian GNU/Linux. -+ -+ --with-exempt=sudo -+ -+ Any user in group 'sudo' will not need to type their password. It -+ is strongly recommended that no users be put in group sudo, and that -+ instead the NOPASSWD option in the sudoers file be used if desired. -+ -+ --with-pam -+ -+ Support for pluggable authentication modules. -+ -+ --with-ldap -+ -+ Support for LDAP authentication. -+ -+ --with-fqdn -+ -+ Allow use of fully qualified domain names in the sudoers file. -+ -+ --disable-root-mailer -+ -+ Send mail as the invoking user, not as root. -+ -+ --with-logging=syslog -+ --with-logfac=authpriv -+ -+ Where logging information goes. -+ -+ --with-env-editor -+ --with-editor=/usr/bin/editor -+ -+ Honor the EDITOR and VISUAL environment variables. If they are not -+ present, default to the Debian default system editor. -+ -+ --with-timeout=15 -+ --with-password-timeout=0 -+ -+ Allow 15 minutes before a user has to re-type their passord, versus -+ the sudo usual default of 5. Never time out while waiting for a -+ password to be typed, this is a seriously big deal for Debian package -+ developers using 'dpkg-buildpackage -rsudo'. -+ -+ --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:\ -+ /sbin:/bin:/usr/X11R6/bin" -+ -+ Give a reasonable default path for commands run as root via sudo. -+ -+ --with-all-insults -+ -+ Include all the insults in the binary, won't be enabled unless turned -+ on in the sudoers file. -+ -+ --with-sendmail=/usr/sbin/sendmail -+ -+ Use Debian policy to know the location of sendmail instead of trying -+ to detect it at build time. -+ -+ --disable-setresuid -+ -+ Linux 2.2 kernels don't support setresgid. ---- sudo-1.6.8p12.orig/debian/copyright -+++ sudo-1.6.8p12/debian/copyright -@@ -0,0 +1,72 @@ -+This is the Debian GNU/Linux prepackaged version of sudo. sudo is -+used to provide limited super user privileges to specific users. -+ -+This package was put together by Bdale Garbee <bdale@gag.com> using sources -+from -+ ftp://ftp.cs.colorado.edu/pub/sudo/ -+ -+Sudo is distributed under the following BSD-style license: -+ -+ Copyright (c) 1994-1996,1998-2002 Todd C. Miller <Todd.Miller@courtesan.com> -+ All rights reserved. -+ -+ Redistribution and use in source and binary forms, with or without -+ modification, are permitted provided that the following conditions -+ are met: -+ -+ 1. Redistributions of source code must retain the above copyright -+ notice, this list of conditions and the following disclaimer. -+ -+ 2. Redistributions in binary form must reproduce the above copyright -+ notice, this list of conditions and the following disclaimer in the -+ documentation and/or other materials provided with the distribution. -+ -+ 3. The name of the author may not be used to endorse or promote products -+ derived from this software without specific prior written permission -+ from the author. -+ -+ 4. Products derived from this software may not be called "Sudo" nor -+ may "Sudo" appear in their names without specific prior written -+ permission from the author. -+ -+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, -+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL -+ THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, -+ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -+ PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; -+ OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -+ WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -+ OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF -+ ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ -+ -+Additionally, lsearch.c, fnmatch.c, getcwd.c, snprintf.c, strcasecmp.c -+and fnmatch.3 bear the following UCB license: -+ -+ Copyright (c) 1987, 1989, 1990, 1991, 1993, 1994 -+ The Regents of the University of California. All rights reserved. -+ -+ Redistribution and use in source and binary forms, with or without -+ modification, are permitted provided that the following conditions -+ are met: -+ 1. Redistributions of source code must retain the above copyright -+ notice, this list of conditions and the following disclaimer. -+ 2. Redistributions in binary form must reproduce the above copyright -+ notice, this list of conditions and the following disclaimer in the -+ documentation and/or other materials provided with the distribution. -+ 3. Neither the name of the University nor the names of its contributors -+ may be used to endorse or promote products derived from this software -+ without specific prior written permission. -+ -+ THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ SUCH DAMAGE. ---- sudo-1.6.8p12.orig/debian/sudo.pam -+++ sudo-1.6.8p12/debian/sudo.pam -@@ -0,0 +1,4 @@ -+#%PAM-1.0 -+ -+@include common-auth -+@include common-account ---- sudo-1.6.8p12.orig/debian/source.lintian-overrides -+++ sudo-1.6.8p12/debian/source.lintian-overrides -@@ -0,0 +1 @@ -+sudo source: maintainer-script-lacks-debhelper-token debian/postinst ---- sudo-1.6.8p12.orig/sample.sudoers -+++ sudo-1.6.8p12/sample.sudoers -@@ -35,16 +35,16 @@ - # Cmnd alias specification - ## - Cmnd_Alias DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \ -- /usr/sbin/rrestore, /usr/bin/mt --Cmnd_Alias KILL = /usr/bin/kill -+ /usr/sbin/rrestore, /bin/mt -+Cmnd_Alias KILL = /bin/kill - Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm --Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown --Cmnd_Alias HALT = /usr/sbin/halt --Cmnd_Alias REBOOT = /usr/sbin/reboot --Cmnd_Alias SHELLS = /sbin/sh, /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \ -- /usr/local/bin/tcsh, /usr/bin/rsh, \ -- /usr/local/bin/zsh --Cmnd_Alias SU = /usr/bin/su -+Cmnd_Alias SHUTDOWN = /sbin/shutdown -+Cmnd_Alias HALT = /sbin/halt -+Cmnd_Alias REBOOT = /sbin/reboot -+Cmnd_Alias SHELLS = /sbin/sh, /bin/sh, /bin/csh, /usr/bin/ksh, \ -+ /usr/bin/tcsh, /usr/bin/rsh, \ -+ /usr/bin/zsh -+Cmnd_Alias SU = /bin/su - Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \ - /usr/bin/chfn - -@@ -82,7 +82,7 @@ - sudoedit /etc/printcap, /usr/oper/bin/ - - # joe may su only to operator --joe ALL = /usr/bin/su operator -+joe ALL = /bin/su operator - - # pete may change passwords for anyone but root on the hp snakes - pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root -@@ -96,13 +96,13 @@ - - # users in the secretaries netgroup need to help manage the printers - # as well as add and remove users --+secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser -++secretaries ALL = PRINTING, /usr/sbin/adduser, /usr/bin/rmuser - - # fred can run commands as oracle or sybase without a password - fred ALL = (DB) NOPASSWD: ALL - - # on the alphas, john may su to anyone but root and flags are not allowed --john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* -+john ALPHA = /bin/su [!-]*, !/bin/su *root* - - # jen can run anything on all machines except the ones - # in the "SERVERS" Host_Alias ---- sudo-1.6.8p12.orig/sudo.tab.c -+++ sudo-1.6.8p12/sudo.tab.c -@@ -138,6 +138,7 @@ - } \ - match[top].user = UNSPEC; \ - match[top].cmnd = UNSPEC; \ -+ match[top].cmndall= UNSPEC; \ - match[top].host = UNSPEC; \ - match[top].runas = UNSPEC; \ - match[top].nopass = def_authenticate ? UNSPEC : TRUE; \ -@@ -153,6 +154,7 @@ - } \ - match[top].user = match[top-1].user; \ - match[top].cmnd = match[top-1].cmnd; \ -+ match[top].cmndall= match[top-1].cmndall; \ - match[top].host = match[top-1].host; \ - match[top].runas = match[top-1].runas; \ - match[top].nopass = match[top-1].nopass; \ -@@ -1739,6 +1741,7 @@ - } - } - -+ SETMATCH(cmnd_all, TRUE); - yyval.BOOLEAN = TRUE; - } - break; -@@ -1769,6 +1772,7 @@ - YYERROR; - } - } -+ SETMATCH(cmnd_all, FALSE); - yyval.BOOLEAN = NOMATCH; - } - free(yyvsp[0].string); -@@ -1800,6 +1804,7 @@ - free(yyvsp[0].command.cmnd); - if (yyvsp[0].command.args) - free(yyvsp[0].command.args); -+ SETMATCH(cmnd_all, FALSE); - } - break; - case 65: ---- sudo-1.6.8p12.orig/ldap.c -+++ sudo-1.6.8p12/ldap.c -@@ -256,9 +256,10 @@ - * Walks through search result and returns true if we have a - * command match - */ --int sudo_ldap_check_command(ld,entry) -+int sudo_ldap_check_command(ld,entry,all) - LDAP *ld; - LDAPMessage *entry; -+ int* all; - { - char **v=NULL; - char **p=NULL; -@@ -267,6 +268,8 @@ - int ret=0; - int foundbang; - -+ *all=0; -+ - if (!entry) return ret; - - v=ldap_get_values(ld,entry,"sudoCommand"); -@@ -277,6 +280,7 @@ - - /* Match against ALL ? */ - if (!strcasecmp(*p,"ALL")) { -+ *all=1; - ret=1; - if (ldap_conf.debug>1) printf(" MATCH!\n"); - continue; -@@ -711,6 +715,7 @@ - /* flags */ - int ldap_user_matches=0; - int ldap_host_matches=0; -+ int command_all=0; - - if (!sudo_ldap_read_config()) return VALIDATE_ERROR; - -@@ -896,7 +901,7 @@ - /* add matches for listing later */ - sudo_ldap_add_match(ld,entry) && - /* verify command match */ -- sudo_ldap_check_command(ld,entry) && -+ sudo_ldap_check_command(ld,entry,&command_all) && - /* verify runas match */ - sudo_ldap_check_runas(ld,entry) - ) -@@ -907,6 +912,7 @@ - sudo_ldap_parse_options(ld,entry); - /* make sure we dont reenter loop */ - ret=VALIDATE_OK; -+ if(command_all) SET(ret,FLAG_CMND_ALL); - /* break from inside for loop */ - break; - } ---- sudo-1.6.8p12.orig/sudo.c -+++ sudo-1.6.8p12/sudo.c -@@ -106,10 +106,11 @@ - static void set_loginclass __P((struct passwd *)); - static void usage __P((int)); - static void usage_excl __P((int)); -+static void create_admin_success_flag __P((void)); - static struct passwd *get_authpw __P((void)); - extern int sudo_edit __P((int, char **)); - extern void list_matches __P((void)); --extern char **rebuild_env __P((char **, int, int)); -+extern char **rebuild_env __P((char **, int, int, int)); - extern char **zero_env __P((char **)); - extern struct passwd *sudo_getpwnam __P((const char *)); - extern struct passwd *sudo_getpwuid __P((uid_t)); -@@ -368,11 +369,15 @@ - - /* Build a new environment that avoids any nasty bits if we have a cmnd. */ - if (ISSET(sudo_mode, MODE_RUN)) -- new_environ = rebuild_env(envp, sudo_mode, ISSET(validated, FLAG_NOEXEC)); -+ new_environ = rebuild_env(envp, sudo_mode, ISSET(validated, FLAG_NOEXEC), ISSET(validated, FLAG_CMND_ALL)); - else - new_environ = envp; - - if (ISSET(validated, VALIDATE_OK)) { -+ /* If the user is in the admin group, create a dotfile to signal that -+ * sudo was executed successfully. */ -+ create_admin_success_flag(); -+ - /* Finally tell the user if the command did not exist. */ - if (cmnd_status == NOT_FOUND_DOT) { - warnx("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.", user_cmnd, user_cmnd, user_cmnd); -@@ -1156,3 +1161,46 @@ - putchar('\n'); - exit(exit_val); - } -+ -+static void create_admin_success_flag(void) -+{ -+ struct group* admin; -+ char** g; -+ int is_admin; -+ char flagfile[PATH_MAX]; -+ int f; -+ -+ if (!sudo_user.pw || !sudo_user.pw->pw_name || !sudo_user.pw->pw_dir) -+ return; -+ -+ /* check whether the user is in the admin group */ -+ admin = getgrnam("admin"); -+ if (!admin || !admin->gr_mem) -+ return; -+ is_admin = 0; -+ for (g = admin->gr_mem; *g; ++g) { -+ if (!strcmp(*g, sudo_user.pw->pw_name)) { -+ is_admin = 1; -+ break; -+ } -+ } -+ if (!is_admin) -+ return; -+ -+ /* build path to flag file */ -+ snprintf(flagfile, sizeof(flagfile), "%s/.sudo_as_admin_successful", -+ sudo_user.pw->pw_dir); -+ if (strlen(flagfile) >= sizeof(flagfile)-1) -+ return; -+ -+ /* do nothing if the file already exists */ -+ if (!access(flagfile, F_OK)) -+ return; -+ -+ /* create file */ -+ f = open(flagfile, O_CREAT|O_WRONLY|O_EXCL, 0644); -+ if(f >= 0) { -+ fchown(f, sudo_user.pw->pw_uid, sudo_user.pw->pw_gid); -+ close(f); -+ } -+} ---- sudo-1.6.8p12.orig/sudo.h -+++ sudo-1.6.8p12/sudo.h -@@ -65,6 +65,7 @@ - #define FLAG_NO_HOST 0x080 - #define FLAG_NO_CHECK 0x100 - #define FLAG_NOEXEC 0x200 -+#define FLAG_CMND_ALL 0x400 - - /* - * Pseudo-boolean values ---- sudo-1.6.8p12.orig/parse.c -+++ sudo-1.6.8p12/parse.c -@@ -200,7 +200,8 @@ - set_perms(PERM_ROOT); - return(VALIDATE_OK | - (no_passwd == TRUE ? FLAG_NOPASS : 0) | -- (no_execve == TRUE ? FLAG_NOEXEC : 0)); -+ (no_execve == TRUE ? FLAG_NOEXEC : 0) | -+ (cmnd_all == TRUE ? FLAG_CMND_ALL : 0)); - } else if ((runas_matches == TRUE && cmnd_matches == FALSE) || - (runas_matches == FALSE && cmnd_matches == TRUE)) { - /* ---- sudo-1.6.8p12.orig/parse.h -+++ sudo-1.6.8p12/parse.h -@@ -29,6 +29,7 @@ - struct matchstack { - int user; - int cmnd; -+ int cmndall; - int host; - int runas; - int nopass; -@@ -46,6 +47,7 @@ - - #define user_matches (match[top-1].user) - #define cmnd_matches (match[top-1].cmnd) -+#define cmnd_all (match[top-1].cmndall) - #define host_matches (match[top-1].host) - #define runas_matches (match[top-1].runas) - #define no_passwd (match[top-1].nopass) |