--- sudo-1.6.8p12.orig/sudoers.man.in +++ sudo-1.6.8p12/sudoers.man.in @@ -759,7 +759,7 @@ .IP "exempt_group" 12 .IX Item "exempt_group" Users in this group are exempt from password and \s-1PATH\s0 requirements. -This is not set by default. +On Debian systems, this is set to the group 'sudo' by default. .IP "verifypw" 12 .IX Item "verifypw" This option controls when a password will be required when a user runs --- sudo-1.6.8p12.orig/sudo.man.in +++ sudo-1.6.8p12/sudo.man.in @@ -185,8 +185,7 @@ \&\fBsudo\fR determines who is an authorized user by consulting the file \&\fI@sysconfdir@/sudoers\fR. By giving \fBsudo\fR the \fB\-v\fR flag a user can update the time stamp without running a \fIcommand.\fR The password -prompt itself will also time out if the user's password is not -entered within \f(CW\*(C`@password_timeout@\*(C'\fR minutes (unless overridden via +prompt itself will not time out in Debian's version (unless overridden via \&\fIsudoers\fR). .PP If a user who is not listed in the \fIsudoers\fR file tries to run a --- sudo-1.6.8p12.orig/parse.yacc +++ sudo-1.6.8p12/parse.yacc @@ -120,6 +120,7 @@ } \ match[top].user = UNSPEC; \ match[top].cmnd = UNSPEC; \ + match[top].cmndall= UNSPEC; \ match[top].host = UNSPEC; \ match[top].runas = UNSPEC; \ match[top].nopass = def_authenticate ? UNSPEC : TRUE; \ @@ -135,6 +136,7 @@ } \ match[top].user = match[top-1].user; \ match[top].cmnd = match[top-1].cmnd; \ + match[top].cmndall= match[top-1].cmndall; \ match[top].host = match[top-1].host; \ match[top].runas = match[top-1].runas; \ match[top].nopass = match[top-1].nopass; \ @@ -675,6 +677,7 @@ } } + SETMATCH(cmnd_all, TRUE); $$ = TRUE; } | ALIAS { @@ -705,6 +708,7 @@ $$ = NOMATCH; } free($1); + SETMATCH(cmnd_all, FALSE); } | COMMAND { if (printmatches == TRUE) { @@ -730,6 +734,7 @@ free($1.cmnd); if ($1.args) free($1.args); + SETMATCH(cmnd_all, FALSE); } ; --- sudo-1.6.8p12.orig/env.c +++ sudo-1.6.8p12/env.c @@ -77,7 +77,7 @@ /* * Prototypes */ -char **rebuild_env __P((char **, int, int)); +char **rebuild_env __P((char **, int, int, int)); char **zero_env __P((char **)); static void insert_env __P((char *, int)); static char *format_env __P((char *, ...)); @@ -89,6 +89,8 @@ static const char *initial_badenv_table[] = { "IFS", "CDPATH", + "SHELLOPTS", + "PS4", "LOCALDOMAIN", "RES_OPTIONS", "HOSTALIASES", @@ -140,6 +142,12 @@ "LC_*", "LANG", "LANGUAGE", + "TERM", + "HOME", + "LOGNAME", + "DISPLAY", + "XAUTHORITY", + "XAUTHORIZATION", NULL }; @@ -321,10 +329,11 @@ * Also adds sudo-specific variables (SUDO_*). */ char ** -rebuild_env(envp, sudo_mode, noexec) +rebuild_env(envp, sudo_mode, noexec, noclean) char **envp; int sudo_mode; int noexec; + int noclean; { char **ep, *cp, *ps1; int okvar, iswild, didvar; @@ -429,7 +438,7 @@ * env_check. */ for (ep = envp; *ep; ep++) { - okvar = 1; + okvar = noclean; /* Skip variables with values beginning with () (bash functions) */ if ((cp = strchr(*ep, '=')) != NULL) { @@ -438,6 +447,7 @@ } /* Skip anything listed in env_delete. */ +#if 0 for (cur = def_env_delete; cur && okvar; cur = cur->next) { len = strlen(cur->value); /* Deal with '*' wildcard */ @@ -451,9 +461,10 @@ okvar = 0; } } +#endif /* Check certain variables for '%' and '/' characters. */ - for (cur = def_env_check; cur && okvar; cur = cur->next) { + for (cur = def_env_check; cur; cur = cur->next) { len = strlen(cur->value); /* Deal with '*' wildcard */ if (cur->value[len - 1] == '*') { @@ -463,8 +474,24 @@ iswild = 0; if (strncmp(cur->value, *ep, len) == 0 && (iswild || (*ep)[len] == '=') && - strpbrk(*ep, "/%")) { - okvar = 0; + strpbrk(*ep, "/%") == NULL) { + okvar = 1; + } + } + + /* keep variables in env_keep */ + for (cur = def_env_keep; cur; cur = cur->next) { + len = strlen(cur->value); + /* Deal with '*' wildcard */ + if (cur->value[len - 1] == '*') { + len--; + iswild = 1; + } else + iswild = 0; + if (strncmp(cur->value, *ep, len) == 0 && + (iswild || (*ep)[len] == '=')) { + okvar = 1; + break; } } --- sudo-1.6.8p12.orig/sudoers.pod +++ sudo-1.6.8p12/sudoers.pod @@ -93,7 +93,7 @@ Cmnd_Alias ::= NAME '=' Cmnd_List - NAME ::= [A-Z]([A-Z][0-9]_)* + NAME ::= [A-Z]([a-z][A-Z][0-9]_)* Each I definition is of the form @@ -568,7 +568,7 @@ =item C<%%> -two consecutive C<%> characters are collaped into a single C<%> character +two consecutive C<%> characters are collapsed into a single C<%> character =back @@ -669,8 +669,8 @@ =item exempt_group -Users in this group are exempt from password and PATH requirements. -This is not set by default. +Users in this group are exempt from password and PATH requirements. This +option is turned on for Debian. =item verifypw --- sudo-1.6.8p12.orig/ins_classic.h +++ sudo-1.6.8p12/ins_classic.h @@ -32,7 +32,7 @@ "Where did you learn to type?", "Are you on drugs?", "My pet ferret can type better than you!", - "You type like i drive.", + "You type like I drive.", "Do you think like you type?", "Your mind just hasn't been the same since the electro-shock, has it?", --- sudo-1.6.8p12.orig/config.guess +++ sudo-1.6.8p12/config.guess @@ -1,11 +1,9 @@ #! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002 Free Software Foundation, Inc. -# -# $Sudo: config.guess,v 1.10 2004/08/09 23:04:35 millert Exp $ +# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. -timestamp='2002-11-30' +timestamp='2005-08-03' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -19,13 +17,15 @@ # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA +# 02110-1301, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. + # Originally written by Per Bothner . # Please send patches to . Submit a context # diff and a properly formatted ChangeLog entry. @@ -55,7 +55,7 @@ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO @@ -68,11 +68,11 @@ while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) - echo "$timestamp" ; exit 0 ;; + echo "$timestamp" ; exit ;; --version | -v ) - echo "$version" ; exit 0 ;; + echo "$version" ; exit ;; --help | --h* | -h ) - echo "$usage"; exit 0 ;; + echo "$usage"; exit ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. @@ -100,14 +100,18 @@ # Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still # use `HOST_CC' if defined, but it is deprecated. -# This shell variable is my proudest work .. or something. --bje +# Portable tmp directory creation inspired by the Autoconf team. -set_cc_for_build='tmpdir=${TMPDIR-/tmp}/config-guess-$$ ; -(old=`umask` && umask 077 && mkdir $tmpdir && umask $old && unset old) - || (echo "$me: cannot create $tmpdir" >&2 && exit 1) ; -dummy=$tmpdir/dummy ; -files="$dummy.c $dummy.o $dummy.rel $dummy" ; -trap '"'"'rm -f $files; rmdir $tmpdir; exit 1'"'"' 1 2 15 ; +set_cc_for_build=' +trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; +trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; +: ${TMPDIR=/tmp} ; + { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || + { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || + { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || + { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; +dummy=$tmp/dummy ; +tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; case $CC_FOR_BUILD,$HOST_CC,$CC in ,,) echo "int x;" > $dummy.c ; for c in cc gcc c89 c99 ; do @@ -115,15 +119,13 @@ CC_FOR_BUILD="$c"; break ; fi ; done ; - rm -f $files ; if test x"$CC_FOR_BUILD" = x ; then CC_FOR_BUILD=no_compiler_found ; fi ;; ,,*) CC_FOR_BUILD=$CC ;; ,*,*) CC_FOR_BUILD=$HOST_CC ;; -esac ; -unset files' +esac ; set_cc_for_build= ;' # This is needed to find uname on a Pyramid OSx when run in the BSD universe. # (ghazi@noc.rutgers.edu 1994-08-24) @@ -196,104 +198,109 @@ # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. echo "${machine}-${os}${release}" - exit 0 ;; + exit ;; *:OpenBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; + exit ;; + *:ekkoBSD:*:*) + echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} + exit ;; + macppc:MirBSD:*:*) + echo powerppc-unknown-mirbsd${UNAME_RELEASE} + exit ;; + *:MirBSD:*:*) + echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} + exit ;; alpha:OSF1:*:*) - if test $UNAME_RELEASE = "V4.0"; then + case $UNAME_RELEASE in + *4.0) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` - fi + ;; + *5.*) + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` + ;; + esac + # According to Compaq, /usr/sbin/psrinfo has been available on + # OSF/1 and Tru64 systems produced since 1995. I hope that + # covers most systems running today. This code pipes the CPU + # types through head -n 1, so we only detect the type of CPU 0. + ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` + case "$ALPHA_CPU_TYPE" in + "EV4 (21064)") + UNAME_MACHINE="alpha" ;; + "EV4.5 (21064)") + UNAME_MACHINE="alpha" ;; + "LCA4 (21066/21068)") + UNAME_MACHINE="alpha" ;; + "EV5 (21164)") + UNAME_MACHINE="alphaev5" ;; + "EV5.6 (21164A)") + UNAME_MACHINE="alphaev56" ;; + "EV5.6 (21164PC)") + UNAME_MACHINE="alphapca56" ;; + "EV5.7 (21164PC)") + UNAME_MACHINE="alphapca57" ;; + "EV6 (21264)") + UNAME_MACHINE="alphaev6" ;; + "EV6.7 (21264A)") + UNAME_MACHINE="alphaev67" ;; + "EV6.8CB (21264C)") + UNAME_MACHINE="alphaev68" ;; + "EV6.8AL (21264B)") + UNAME_MACHINE="alphaev68" ;; + "EV6.8CX (21264D)") + UNAME_MACHINE="alphaev68" ;; + "EV6.9A (21264/EV69A)") + UNAME_MACHINE="alphaev69" ;; + "EV7 (21364)") + UNAME_MACHINE="alphaev7" ;; + "EV7.9 (21364A)") + UNAME_MACHINE="alphaev79" ;; + esac + # A Pn.n version is a patched version. # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. - eval $set_cc_for_build - cat <$dummy.s - .data -\$Lformat: - .byte 37,100,45,37,120,10,0 # "%d-%x\n" - - .text - .globl main - .align 4 - .ent main -main: - .frame \$30,16,\$26,0 - ldgp \$29,0(\$27) - .prologue 1 - .long 0x47e03d80 # implver \$0 - lda \$2,-1 - .long 0x47e20c21 # amask \$2,\$1 - lda \$16,\$Lformat - mov \$0,\$17 - not \$1,\$18 - jsr \$26,printf - ldgp \$29,0(\$26) - mov 0,\$16 - jsr \$26,exit - .end main -EOF - $CC_FOR_BUILD -o $dummy $dummy.s 2>/dev/null - if test "$?" = 0 ; then - case `$dummy` in - 0-0) - UNAME_MACHINE="alpha" - ;; - 1-0) - UNAME_MACHINE="alphaev5" - ;; - 1-1) - UNAME_MACHINE="alphaev56" - ;; - 1-101) - UNAME_MACHINE="alphapca56" - ;; - 2-303) - UNAME_MACHINE="alphaev6" - ;; - 2-307) - UNAME_MACHINE="alphaev67" - ;; - 2-1307) - UNAME_MACHINE="alphaev68" - ;; - 3-1307) - UNAME_MACHINE="alphaev7" - ;; - esac - fi - rm -f $dummy.s $dummy && rmdir $tmpdir - echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - exit 0 ;; + echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + exit ;; Alpha\ *:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # Should we change UNAME_MACHINE based on the output of uname instead # of the specific Alpha model? echo alpha-pc-interix - exit 0 ;; + exit ;; 21064:Windows_NT:50:3) echo alpha-dec-winnt3.5 - exit 0 ;; + exit ;; Amiga*:UNIX_System_V:4.0:*) echo m68k-unknown-sysv4 - exit 0;; + exit ;; *:[Aa]miga[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-amigaos - exit 0 ;; + exit ;; *:[Mm]orph[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-morphos - exit 0 ;; + exit ;; *:OS/390:*:*) echo i370-ibm-openedition - exit 0 ;; + exit ;; + *:z/VM:*:*) + echo s390-ibm-zvmoe + exit ;; + *:OS400:*:*) + echo powerpc-ibm-os400 + exit ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} - exit 0;; + exit ;; + arm:riscos:*:*|arm:RISCOS:*:*) + echo arm-unknown-riscos + exit ;; SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) echo hppa1.1-hitachi-hiuxmpp - exit 0;; + exit ;; Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. if test "`(/bin/universe) 2>/dev/null`" = att ; then @@ -301,29 +308,32 @@ else echo pyramid-pyramid-bsd fi - exit 0 ;; + exit ;; NILE*:*:*:dcosx) echo pyramid-pyramid-svr4 - exit 0 ;; - DRS?6000:UNIX_SV:4.2*:7*) + exit ;; + DRS?6000:unix:4.0:6*) + echo sparc-icl-nx6 + exit ;; + DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) case `/usr/bin/uname -p` in - sparc) echo sparc-icl-nx7 && exit 0 ;; + sparc) echo sparc-icl-nx7; exit ;; esac ;; sun4H:SunOS:5.*:*) echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; + exit ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; + exit ;; i86pc:SunOS:5.*:*) echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; + exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; + exit ;; sun4*:SunOS:*:*) case "`/usr/bin/arch -k`" in Series*|S4*) @@ -332,10 +342,10 @@ esac # Japanese Language versions have a version number like `4.1.3-JL'. echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` - exit 0 ;; + exit ;; sun3*:SunOS:*:*) echo m68k-sun-sunos${UNAME_RELEASE} - exit 0 ;; + exit ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 @@ -347,10 +357,10 @@ echo sparc-sun-sunos${UNAME_RELEASE} ;; esac - exit 0 ;; + exit ;; aushp:SunOS:*:*) echo sparc-auspex-sunos${UNAME_RELEASE} - exit 0 ;; + exit ;; # The situation for MiNT is a little confusing. The machine name # can be virtually everything (everything which is not # "atarist" or "atariste" at least should have a processor @@ -361,37 +371,40 @@ # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} - exit 0 ;; + exit ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} - exit 0 ;; + exit ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} - exit 0 ;; + exit ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) echo m68k-milan-mint${UNAME_RELEASE} - exit 0 ;; + exit ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) echo m68k-hades-mint${UNAME_RELEASE} - exit 0 ;; + exit ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) echo m68k-unknown-mint${UNAME_RELEASE} - exit 0 ;; + exit ;; + m68k:machten:*:*) + echo m68k-apple-machten${UNAME_RELEASE} + exit ;; powerpc:machten:*:*) echo powerpc-apple-machten${UNAME_RELEASE} - exit 0 ;; + exit ;; RISC*:Mach:*:*) echo mips-dec-mach_bsd4.3 - exit 0 ;; + exit ;; RISC*:ULTRIX:*:*) echo mips-dec-ultrix${UNAME_RELEASE} - exit 0 ;; + exit ;; VAX*:ULTRIX*:*:*) echo vax-dec-ultrix${UNAME_RELEASE} - exit 0 ;; + exit ;; 2020:CLIX:*:* | 2430:CLIX:*:*) echo clipper-intergraph-clix${UNAME_RELEASE} - exit 0 ;; + exit ;; mips:*:*:UMIPS | mips:*:*:RISCos) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c @@ -415,33 +428,33 @@ exit (-1); } EOF - $CC_FOR_BUILD -o $dummy $dummy.c \ - && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ - && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0 - rm -f $dummy.c $dummy && rmdir $tmpdir + $CC_FOR_BUILD -o $dummy $dummy.c && + dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && + SYSTEM_NAME=`$dummy $dummyarg` && + { echo "$SYSTEM_NAME"; exit; } echo mips-mips-riscos${UNAME_RELEASE} - exit 0 ;; + exit ;; Motorola:PowerMAX_OS:*:*) echo powerpc-motorola-powermax - exit 0 ;; + exit ;; Motorola:*:4.3:PL8-*) echo powerpc-harris-powermax - exit 0 ;; + exit ;; Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) echo powerpc-harris-powermax - exit 0 ;; + exit ;; Night_Hawk:Power_UNIX:*:*) echo powerpc-harris-powerunix - exit 0 ;; + exit ;; m88k:CX/UX:7*:*) echo m88k-harris-cxux7 - exit 0 ;; + exit ;; m88k:*:4*:R4*) echo m88k-motorola-sysv4 - exit 0 ;; + exit ;; m88k:*:3*:R3*) echo m88k-motorola-sysv3 - exit 0 ;; + exit ;; AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` @@ -457,29 +470,29 @@ else echo i586-dg-dgux${UNAME_RELEASE} fi - exit 0 ;; + exit ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) echo m88k-dolphin-sysv3 - exit 0 ;; + exit ;; M88*:*:R3*:*) # Delta 88k system running SVR3 echo m88k-motorola-sysv3 - exit 0 ;; + exit ;; XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) echo m88k-tektronix-sysv3 - exit 0 ;; + exit ;; Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) echo m68k-tektronix-bsd - exit 0 ;; + exit ;; *:IRIX*:*:*) echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` - exit 0 ;; + exit ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. - echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id - exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id + exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' i*86:AIX:*:*) echo i386-ibm-aix - exit 0 ;; + exit ;; ia64:AIX:*:*) if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` @@ -487,7 +500,7 @@ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} - exit 0 ;; + exit ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then eval $set_cc_for_build @@ -502,15 +515,18 @@ exit(0); } EOF - $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0 - rm -f $dummy.c $dummy && rmdir $tmpdir - echo rs6000-ibm-aix3.2.5 + if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` + then + echo "$SYSTEM_NAME" + else + echo rs6000-ibm-aix3.2.5 + fi elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then echo rs6000-ibm-aix3.2.4 else echo rs6000-ibm-aix3.2 fi - exit 0 ;; + exit ;; *:AIX:*:[45]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then @@ -524,28 +540,28 @@ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${IBM_ARCH}-ibm-aix${IBM_REV} - exit 0 ;; + exit ;; *:AIX:*:*) echo rs6000-ibm-aix - exit 0 ;; + exit ;; ibmrt:4.4BSD:*|romp-ibm:BSD:*) echo romp-ibm-bsd4.4 - exit 0 ;; + exit ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to - exit 0 ;; # report: romp-ibm BSD 4.3 + exit ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) echo rs6000-bull-bosx - exit 0 ;; + exit ;; DPX/2?00:B.O.S.:*:*) echo m68k-bull-sysv3 - exit 0 ;; + exit ;; 9000/[34]??:4.3bsd:1.*:*) echo m68k-hp-bsd - exit 0 ;; + exit ;; hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) echo m68k-hp-bsd4.4 - exit 0 ;; + exit ;; 9000/[34678]??:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` case "${UNAME_MACHINE}" in @@ -602,16 +618,36 @@ } EOF (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` - if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi - rm -f $dummy.c $dummy && rmdir $tmpdir + test -z "$HP_ARCH" && HP_ARCH=hppa fi ;; esac + if [ ${HP_ARCH} = "hppa2.0w" ] + then + eval $set_cc_for_build + + # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating + # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler + # generating 64-bit code. GNU and HP use different nomenclature: + # + # $ CC_FOR_BUILD=cc ./config.guess + # => hppa2.0w-hp-hpux11.23 + # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess + # => hppa64-hp-hpux11.23 + + if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | + grep __LP64__ >/dev/null + then + HP_ARCH="hppa2.0w" + else + HP_ARCH="hppa64" + fi + fi echo ${HP_ARCH}-hp-hpux${HPUX_REV} - exit 0 ;; + exit ;; ia64:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` echo ia64-hp-hpux${HPUX_REV} - exit 0 ;; + exit ;; 3050*:HI-UX:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c @@ -639,149 +675,166 @@ exit (0); } EOF - $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0 - rm -f $dummy.c $dummy && rmdir $tmpdir + $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && + { echo "$SYSTEM_NAME"; exit; } echo unknown-hitachi-hiuxwe2 - exit 0 ;; + exit ;; 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) echo hppa1.1-hp-bsd - exit 0 ;; + exit ;; 9000/8??:4.3bsd:*:*) echo hppa1.0-hp-bsd - exit 0 ;; + exit ;; *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) echo hppa1.0-hp-mpeix - exit 0 ;; + exit ;; hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) echo hppa1.1-hp-osf - exit 0 ;; + exit ;; hp8??:OSF1:*:*) echo hppa1.0-hp-osf - exit 0 ;; + exit ;; i*86:OSF1:*:*) if [ -x /usr/sbin/sysversion ] ; then echo ${UNAME_MACHINE}-unknown-osf1mk else echo ${UNAME_MACHINE}-unknown-osf1 fi - exit 0 ;; + exit ;; parisc*:Lites*:*:*) echo hppa1.1-hp-lites - exit 0 ;; + exit ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) echo c1-convex-bsd - exit 0 ;; + exit ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi - exit 0 ;; + exit ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) echo c34-convex-bsd - exit 0 ;; + exit ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) echo c38-convex-bsd - exit 0 ;; + exit ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) echo c4-convex-bsd - exit 0 ;; + exit ;; CRAY*Y-MP:*:*:*) echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit 0 ;; + exit ;; CRAY*[A-Z]90:*:*:*) echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ -e 's/\.[^.]*$/.X/' - exit 0 ;; + exit ;; CRAY*TS:*:*:*) echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit 0 ;; - CRAY*T3D:*:*:*) - echo alpha-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit 0 ;; + exit ;; CRAY*T3E:*:*:*) echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit 0 ;; + exit ;; CRAY*SV1:*:*:*) echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit 0 ;; + exit ;; + *:UNICOS/mp:*:*) + echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" - exit 0 ;; + exit ;; + 5000:UNIX_System_V:4.*:*) + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` + echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} - exit 0 ;; + exit ;; sparc*:BSD/OS:*:*) echo sparc-unknown-bsdi${UNAME_RELEASE} - exit 0 ;; + exit ;; *:BSD/OS:*:*) echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} - exit 0 ;; + exit ;; *:FreeBSD:*:*) - # Determine whether the default compiler uses glibc. - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #include - #if __GLIBC__ >= 2 - LIBC=gnu - #else - LIBC= - #endif -EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` - rm -f $dummy.c && rmdir $tmpdir - echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC} - exit 0 ;; + echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` + exit ;; i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin - exit 0 ;; + exit ;; i*:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 - exit 0 ;; + exit ;; + i*:windows32*:*) + # uname -m includes "-pc" on this system. + echo ${UNAME_MACHINE}-mingw32 + exit ;; i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 - exit 0 ;; - x86:Interix*:3*) - echo i586-pc-interix3 - exit 0 ;; + exit ;; + x86:Interix*:[34]*) + echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//' + exit ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks - exit 0 ;; + exit ;; i*:Windows_NT*:* | Pentium*:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we # UNAME_MACHINE based on the output of uname instead of i386? echo i586-pc-interix - exit 0 ;; + exit ;; i*:UWIN*:*) echo ${UNAME_MACHINE}-pc-uwin - exit 0 ;; + exit ;; + amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) + echo x86_64-unknown-cygwin + exit ;; p*:CYGWIN*:*) echo powerpcle-unknown-cygwin - exit 0 ;; + exit ;; prep*:SunOS:5.*:*) echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; + exit ;; *:GNU:*:*) + # the GNU system echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` - exit 0 ;; + exit ;; + *:GNU/*:*:*) + # other systems with GNU libc and userland + echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu + exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix - exit 0 ;; + exit ;; arm*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu - exit 0 ;; + exit ;; + cris:Linux:*:*) + echo cris-axis-linux-gnu + exit ;; + crisv32:Linux:*:*) + echo crisv32-axis-linux-gnu + exit ;; + frv:Linux:*:*) + echo frv-unknown-linux-gnu + exit ;; ia64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu - exit 0 ;; + exit ;; + m32r*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; m68*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu - exit 0 ;; + exit ;; mips:Linux:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c @@ -799,8 +852,7 @@ #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` - rm -f $dummy.c && rmdir $tmpdir - test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; mips64:Linux:*:*) eval $set_cc_for_build @@ -819,15 +871,17 @@ #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` - rm -f $dummy.c && rmdir $tmpdir - test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; + or32:Linux:*:*) + echo or32-unknown-linux-gnu + exit ;; ppc:Linux:*:*) echo powerpc-unknown-linux-gnu - exit 0 ;; + exit ;; ppc64:Linux:*:*) echo powerpc64-unknown-linux-gnu - exit 0 ;; + exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in EV5) UNAME_MACHINE=alphaev5 ;; @@ -841,7 +895,7 @@ objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} - exit 0 ;; + exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in @@ -849,22 +903,25 @@ PA8*) echo hppa2.0-unknown-linux-gnu ;; *) echo hppa-unknown-linux-gnu ;; esac - exit 0 ;; + exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) echo hppa64-unknown-linux-gnu - exit 0 ;; + exit ;; s390:Linux:*:* | s390x:Linux:*:*) echo ${UNAME_MACHINE}-ibm-linux - exit 0 ;; + exit ;; + sh64*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; sh*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu - exit 0 ;; + exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu - exit 0 ;; + exit ;; x86_64:Linux:*:*) echo x86_64-unknown-linux-gnu - exit 0 ;; + exit ;; i*86:Linux:*:*) # The BFD linker knows what the default object file format is, so # first see if it will tell us. cd to the root directory to prevent @@ -882,15 +939,15 @@ ;; a.out-i386-linux) echo "${UNAME_MACHINE}-pc-linux-gnuaout" - exit 0 ;; + exit ;; coff-i386) echo "${UNAME_MACHINE}-pc-linux-gnucoff" - exit 0 ;; + exit ;; "") # Either a pre-BFD a.out linker (linux-gnuoldld) or # one that does not give us useful --help. echo "${UNAME_MACHINE}-pc-linux-gnuoldld" - exit 0 ;; + exit ;; esac # Determine whether the default compiler is a.out or elf eval $set_cc_for_build @@ -913,18 +970,23 @@ LIBC=gnuaout #endif #endif + #ifdef __dietlibc__ + LIBC=dietlibc + #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` - rm -f $dummy.c && rmdir $tmpdir - test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0 - test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0 + test x"${LIBC}" != x && { + echo "${UNAME_MACHINE}-pc-linux-${LIBC}" + exit + } + test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; } ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both # sysname and nodename. echo i386-sequent-sysv4 - exit 0 ;; + exit ;; i*86:UNIX_SV:4.2MP:2.*) # Unixware is an offshoot of SVR4, but it has its own version # number series starting with 2... @@ -932,24 +994,27 @@ # I just have to hope. -- rms. # Use sysv4.2uw... so that sysv4* matches it. echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} - exit 0 ;; + exit ;; i*86:OS/2:*:*) # If we were able to find `uname', then EMX Unix compatibility # is probably installed. echo ${UNAME_MACHINE}-pc-os2-emx - exit 0 ;; + exit ;; i*86:XTS-300:*:STOP) echo ${UNAME_MACHINE}-unknown-stop - exit 0 ;; + exit ;; i*86:atheos:*:*) echo ${UNAME_MACHINE}-unknown-atheos - exit 0 ;; + exit ;; + i*86:syllable:*:*) + echo ${UNAME_MACHINE}-pc-syllable + exit ;; i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) echo i386-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; + exit ;; i*86:*DOS:*:*) echo ${UNAME_MACHINE}-pc-msdosdjgpp - exit 0 ;; + exit ;; i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then @@ -957,15 +1022,16 @@ else echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} fi - exit 0 ;; - i*86:*:5:[78]*) + exit ;; + i*86:*:5:[678]*) + # UnixWare 7.x, OpenUNIX and OpenServer 6. case `/bin/uname -X | grep "^Machine"` in *486*) UNAME_MACHINE=i486 ;; *Pentium) UNAME_MACHINE=i586 ;; *Pent*|*Celeron) UNAME_MACHINE=i686 ;; esac echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} - exit 0 ;; + exit ;; i*86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' /dev/null 2>&1 ; then echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 fi - exit 0 ;; + exit ;; mini*:CTIX:SYS*5:*) # "miniframe" echo m68010-convergent-sysv - exit 0 ;; + exit ;; mc68k:UNIX:SYSTEM5:3.51m) echo m68k-convergent-sysv - exit 0 ;; + exit ;; M680?0:D-NIX:5.3:*) echo m68k-diab-dnix - exit 0 ;; - M68*:*:R3V[567]*:*) - test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; - 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0) + exit ;; + M68*:*:R3V[5678]*:*) + test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; + 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) OS_REL='' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && echo i486-ncr-sysv4.3${OS_REL} && exit 0 + && { echo i486-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ - && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && echo i486-ncr-sysv4 && exit 0 ;; + && { echo i486-ncr-sysv4; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; + exit ;; mc68030:UNIX_System_V:4.*:*) echo m68k-atari-sysv4 - exit 0 ;; + exit ;; TSUNAMI:LynxOS:2.*:*) echo sparc-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; + exit ;; rs6000:LynxOS:2.*:*) echo rs6000-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; + exit ;; PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) echo powerpc-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; + exit ;; SM[BE]S:UNIX_SV:*:*) echo mips-dde-sysv${UNAME_RELEASE} - exit 0 ;; + exit ;; RM*:ReliantUNIX-*:*:*) echo mips-sni-sysv4 - exit 0 ;; + exit ;; RM*:SINIX-*:*:*) echo mips-sni-sysv4 - exit 0 ;; + exit ;; *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then UNAME_MACHINE=`(uname -p) 2>/dev/null` @@ -1057,64 +1123,73 @@ else echo ns32k-sni-sysv fi - exit 0 ;; + exit ;; PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort # says echo i586-unisys-sysv4 - exit 0 ;; + exit ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes . # How about differentiating between stratus architectures? -djm echo hppa1.1-stratus-sysv4 - exit 0 ;; + exit ;; *:*:*:FTX*) # From seanf@swdc.stratus.com. echo i860-stratus-sysv4 - exit 0 ;; + exit ;; + i*86:VOS:*:*) + # From Paul.Green@stratus.com. + echo ${UNAME_MACHINE}-stratus-vos + exit ;; *:VOS:*:*) # From Paul.Green@stratus.com. echo hppa1.1-stratus-vos - exit 0 ;; + exit ;; mc68*:A/UX:*:*) echo m68k-apple-aux${UNAME_RELEASE} - exit 0 ;; + exit ;; news*:NEWS-OS:6*:*) echo mips-sony-newsos6 - exit 0 ;; + exit ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if [ -d /usr/nec ]; then echo mips-nec-sysv${UNAME_RELEASE} else echo mips-unknown-sysv${UNAME_RELEASE} fi - exit 0 ;; + exit ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. echo powerpc-be-beos - exit 0 ;; + exit ;; BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. echo powerpc-apple-beos - exit 0 ;; + exit ;; BePC:BeOS:*:*) # BeOS running on Intel PC compatible. echo i586-pc-beos - exit 0 ;; + exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} - exit 0 ;; + exit ;; SX-5:SUPER-UX:*:*) echo sx5-nec-superux${UNAME_RELEASE} - exit 0 ;; + exit ;; SX-6:SUPER-UX:*:*) echo sx6-nec-superux${UNAME_RELEASE} - exit 0 ;; + exit ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} - exit 0 ;; + exit ;; *:Rhapsody:*:*) echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} - exit 0 ;; + exit ;; *:Darwin:*:*) - echo `uname -p`-apple-darwin${UNAME_RELEASE} - exit 0 ;; + UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown + case $UNAME_PROCESSOR in + *86) UNAME_PROCESSOR=i686 ;; + unknown) UNAME_PROCESSOR=powerpc ;; + esac + echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} + exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` if test "$UNAME_PROCESSOR" = "x86"; then @@ -1122,22 +1197,25 @@ UNAME_MACHINE=pc fi echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} - exit 0 ;; + exit ;; *:QNX:*:4*) echo i386-pc-qnx - exit 0 ;; - NSR-[DGKLNPTVW]:NONSTOP_KERNEL:*:*) + exit ;; + NSE-?:NONSTOP_KERNEL:*:*) + echo nse-tandem-nsk${UNAME_RELEASE} + exit ;; + NSR-?:NONSTOP_KERNEL:*:*) echo nsr-tandem-nsk${UNAME_RELEASE} - exit 0 ;; + exit ;; *:NonStop-UX:*:*) echo mips-compaq-nonstopux - exit 0 ;; + exit ;; BS2000:POSIX*:*:*) echo bs2000-siemens-sysv - exit 0 ;; + exit ;; DS/*:UNIX_System_V:*:*) echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} - exit 0 ;; + exit ;; *:Plan9:*:*) # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 @@ -1148,25 +1226,44 @@ UNAME_MACHINE="$cputype" fi echo ${UNAME_MACHINE}-unknown-plan9 - exit 0 ;; + exit ;; *:TOPS-10:*:*) echo pdp10-unknown-tops10 - exit 0 ;; + exit ;; *:TENEX:*:*) echo pdp10-unknown-tenex - exit 0 ;; + exit ;; KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) echo pdp10-dec-tops20 - exit 0 ;; + exit ;; XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) echo pdp10-xkl-tops20 - exit 0 ;; + exit ;; *:TOPS-20:*:*) echo pdp10-unknown-tops20 - exit 0 ;; + exit ;; *:ITS:*:*) echo pdp10-unknown-its - exit 0 ;; + exit ;; + SEI:*:*:SEIUX) + echo mips-sei-seiux${UNAME_RELEASE} + exit ;; + *:DragonFly:*:*) + echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` + exit ;; + *:*VMS:*:*) + UNAME_MACHINE=`(uname -p) 2>/dev/null` + case "${UNAME_MACHINE}" in + A*) echo alpha-dec-vms ; exit ;; + I*) echo ia64-dec-vms ; exit ;; + V*) echo vax-dec-vms ; exit ;; + esac ;; + *:XENIX:*:SysV) + echo i386-pc-xenix + exit ;; + i*86:skyos:*:*) + echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' + exit ;; esac #echo '(No uname command or uname output not recognized.)' 1>&2 @@ -1198,7 +1295,7 @@ #endif #if defined (__arm) && defined (__acorn) && defined (__unix) - printf ("arm-acorn-riscix"); exit (0); + printf ("arm-acorn-riscix\n"); exit (0); #endif #if defined (hp300) && !defined (hpux) @@ -1287,12 +1384,12 @@ } EOF -$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0 -rm -f $dummy.c $dummy && rmdir $tmpdir +$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && + { echo "$SYSTEM_NAME"; exit; } # Apollos put the system type in the environment. -test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; } +test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } # Convex versions that predate uname can use getsysinfo(1) @@ -1301,22 +1398,22 @@ case `getsysinfo -f cpu_type` in c1*) echo c1-convex-bsd - exit 0 ;; + exit ;; c2*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi - exit 0 ;; + exit ;; c34*) echo c34-convex-bsd - exit 0 ;; + exit ;; c38*) echo c38-convex-bsd - exit 0 ;; + exit ;; c4*) echo c4-convex-bsd - exit 0 ;; + exit ;; esac fi @@ -1327,7 +1424,9 @@ the operating system you are using. It is advised that you download the most up to date version of the config scripts from - ftp://ftp.gnu.org/pub/gnu/config/ + http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess +and + http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub If the version you run ($0) is already up to date, please send the following data and any information you think might be --- sudo-1.6.8p12.orig/config.sub +++ sudo-1.6.8p12/config.sub @@ -1,11 +1,9 @@ #! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002 Free Software Foundation, Inc. -# -# $Sudo: config.sub,v 1.11 2003/01/20 21:07:51 millert Exp $ +# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. -timestamp='2002-11-30' +timestamp='2005-07-08' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -23,14 +21,15 @@ # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, -# Boston, MA 02111-1307, USA. - +# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA +# 02110-1301, USA. +# # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. + # Please send patches to . Submit a context # diff and a properly formatted ChangeLog entry. # @@ -72,7 +71,7 @@ version="\ GNU config.sub ($timestamp) -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO @@ -85,11 +84,11 @@ while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) - echo "$timestamp" ; exit 0 ;; + echo "$timestamp" ; exit ;; --version | -v ) - echo "$version" ; exit 0 ;; + echo "$version" ; exit ;; --help | --h* | -h ) - echo "$usage"; exit 0 ;; + echo "$usage"; exit ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. @@ -101,7 +100,7 @@ *local*) # First pass through any local machine types. echo $1 - exit 0;; + exit ;; * ) break ;; @@ -120,7 +119,8 @@ # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in - nto-qnx* | linux-gnu* | freebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*) + nto-qnx* | linux-gnu* | linux-dietlibc | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | \ + kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; @@ -146,7 +146,7 @@ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple | -axis | -sr2201*) + -apple | -axis | -knuth | -cray) os= basic_machine=$1 ;; @@ -230,14 +230,16 @@ | a29k \ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ + | am33_2.0 \ | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \ - | clipper \ + | bfin \ + | c4x | clipper \ | d10v | d30v | dlx | dsp16xx \ | fr30 | frv \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | i370 | i860 | i960 | ia64 \ - | ip2k \ - | m32r | m68000 | m68k | m88k | mcore \ + | ip2k | iq2000 \ + | m32r | m32rle | m68000 | m68k | m88k | maxq | mcore \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ @@ -246,28 +248,37 @@ | mips64vr4100 | mips64vr4100el \ | mips64vr4300 | mips64vr4300el \ | mips64vr5000 | mips64vr5000el \ + | mips64vr5900 | mips64vr5900el \ | mipsisa32 | mipsisa32el \ + | mipsisa32r2 | mipsisa32r2el \ | mipsisa64 | mipsisa64el \ + | mipsisa64r2 | mipsisa64r2el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ + | ms1 \ + | msp430 \ | ns16k | ns32k \ - | openrisc | or32 \ + | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ | pyramid \ - | sh | sh[1234] | sh3e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \ + | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ - | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \ + | sparc | sparc64 | sparc64b | sparc86x | sparclet | sparclite \ + | sparcv8 | sparcv9 | sparcv9b \ | strongarm \ - | tahoe | thumb | tic80 | tron \ + | tahoe | thumb | tic4x | tic80 | tron \ | v850 | v850e \ | we32k \ - | x86 | xscale | xstormy16 | xtensa \ + | x86 | xscale | xscalee[bl] | xstormy16 | xtensa \ | z8k) basic_machine=$basic_machine-unknown ;; + m32c) + basic_machine=$basic_machine-unknown + ;; m6811 | m68hc11 | m6812 | m68hc12) # Motorola 68HC11/12. basic_machine=$basic_machine-unknown @@ -295,19 +306,19 @@ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* \ - | bs2000-* \ - | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* \ - | clipper-* | cydra-* \ + | bfin-* | bs2000-* \ + | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ + | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | i*86-* | i860-* | i960-* | ia64-* \ - | ip2k-* \ - | m32r-* \ + | ip2k-* | iq2000-* \ + | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | mcore-* \ + | m88110-* | m88k-* | maxq-* | mcore-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ @@ -316,29 +327,40 @@ | mips64vr4100-* | mips64vr4100el-* \ | mips64vr4300-* | mips64vr4300el-* \ | mips64vr5000-* | mips64vr5000el-* \ + | mips64vr5900-* | mips64vr5900el-* \ | mipsisa32-* | mipsisa32el-* \ + | mipsisa32r2-* | mipsisa32r2el-* \ | mipsisa64-* | mipsisa64el-* \ + | mipsisa64r2-* | mipsisa64r2el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ - | mipstx39 | mipstx39el \ + | mipstx39-* | mipstx39el-* \ + | mmix-* \ + | ms1-* \ + | msp430-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ | pyramid-* \ | romp-* | rs6000-* \ - | sh-* | sh[1234]-* | sh3e-* | sh[34]eb-* | shbe-* \ + | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ - | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \ - | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ - | tahoe-* | thumb-* | tic30-* | tic4x-* | tic54x-* | tic80-* | tron-* \ + | sparc-* | sparc64-* | sparc64b-* | sparc86x-* | sparclet-* \ + | sparclite-* \ + | sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ + | tahoe-* | thumb-* \ + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ + | tron-* \ | v850-* | v850e-* | vax-* \ | we32k-* \ - | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \ - | xtensa-* \ + | x86-* | x86_64-* | xps100-* | xscale-* | xscalee[bl]-* \ + | xstormy16-* | xtensa-* \ | ymp-* \ | z8k-*) ;; + m32c-*) + ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. 386bsd) @@ -355,6 +377,9 @@ basic_machine=a29k-amd os=-udi ;; + abacus) + basic_machine=abacus-unknown + ;; adobe68k) basic_machine=m68010-adobe os=-scout @@ -434,12 +459,27 @@ basic_machine=j90-cray os=-unicos ;; + craynv) + basic_machine=craynv-cray + os=-unicosmp + ;; + cr16c) + basic_machine=cr16c-unknown + os=-elf + ;; crds | unos) basic_machine=m68k-crds ;; + crisv32 | crisv32-* | etraxfs*) + basic_machine=crisv32-axis + ;; cris | cris-* | etrax*) basic_machine=cris-axis ;; + crx) + basic_machine=crx-unknown + os=-elf + ;; da30 | da30-*) basic_machine=m68k-da30 ;; @@ -462,6 +502,10 @@ basic_machine=m88k-motorola os=-sysv3 ;; + djgpp) + basic_machine=i586-pc + os=-msdosdjgpp + ;; dpx20 | dpx20-*) basic_machine=rs6000-bull os=-bosx @@ -515,10 +559,6 @@ basic_machine=h8500-hitachi os=-hms ;; - sr2201*) - basic_machine=harp1e-hitachi - os=-hiuxmpp - ;; harris) basic_machine=m88k-harris os=-sysv3 @@ -644,10 +684,6 @@ mips3*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown ;; - mmix*) - basic_machine=mmix-knuth - os=-mmixware - ;; monitor) basic_machine=m68k-rom68k os=-coff @@ -735,9 +771,12 @@ basic_machine=hppa1.1-oki os=-proelf ;; - or32 | or32-*) + openrisc | openrisc-*) basic_machine=or32-unknown - os=-coff + ;; + os400) + basic_machine=powerpc-ibm + os=-os400 ;; OSE68000 | ose68000) basic_machine=m68000-ericsson @@ -770,18 +809,24 @@ pentiumpro | p6 | 6x86 | athlon | athlon_*) basic_machine=i686-pc ;; - pentiumii | pentium2) + pentiumii | pentium2 | pentiumiii | pentium3) basic_machine=i686-pc ;; + pentium4) + basic_machine=i786-pc + ;; pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentiumpro-* | p6-* | 6x86-* | athlon-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; - pentiumii-* | pentium2-*) + pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; + pentium4-*) + basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; pn) basic_machine=pn-gould ;; @@ -840,6 +885,10 @@ sb1el) basic_machine=mipsisa64sb1el-unknown ;; + sei) + basic_machine=mips-sei + os=-seiux + ;; sequent) basic_machine=i386-sequent ;; @@ -847,6 +896,9 @@ basic_machine=sh-hitachi os=-hms ;; + sh64) + basic_machine=sh64-unknown + ;; sparclite-wrs | simso-wrs) basic_machine=sparclite-wrs os=-vxworks @@ -913,10 +965,6 @@ basic_machine=i386-sequent os=-dynix ;; - t3d) - basic_machine=alpha-cray - os=-unicos - ;; t3e) basic_machine=alphaev5-cray os=-unicos @@ -925,14 +973,18 @@ basic_machine=t90-cray os=-unicos ;; - tic4x | c4x*) - basic_machine=tic4x-unknown - os=-coff - ;; tic54x | c54x*) basic_machine=tic54x-unknown os=-coff ;; + tic55x | c55x*) + basic_machine=tic55x-unknown + os=-coff + ;; + tic6x | c6x*) + basic_machine=tic6x-unknown + os=-coff + ;; tx39) basic_machine=mipstx39-unknown ;; @@ -946,6 +998,10 @@ tower | tower-32) basic_machine=m68k-ncr ;; + tpf) + basic_machine=s390x-ibm + os=-tpf + ;; udi29k) basic_machine=a29k-amd os=-udi @@ -989,6 +1045,10 @@ basic_machine=hppa1.1-winbond os=-proelf ;; + xbox) + basic_machine=i686-pc + os=-mingw32 + ;; xps | xps100) basic_machine=xps100-honeywell ;; @@ -1019,6 +1079,9 @@ romp) basic_machine=romp-ibm ;; + mmix) + basic_machine=mmix-knuth + ;; rs6000) basic_machine=rs6000-ibm ;; @@ -1035,13 +1098,10 @@ we32k) basic_machine=we32k-att ;; - sh3 | sh4 | sh3eb | sh4eb | sh[1234]le | sh3ele) + sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele) basic_machine=sh-unknown ;; - sh64) - basic_machine=sh64-unknown - ;; - sparc | sparcv9 | sparcv9b) + sparc | sparcv8 | sparcv9 | sparcv9b) basic_machine=sparc-sun ;; cydra) @@ -1114,19 +1174,21 @@ | -aos* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ - | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \ - | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ + | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* | -openbsd* \ + | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ + | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | -chorusos* | -chorusrdb* \ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \ + | -mingw32* | -linux-gnu* | -linux-uclibc* | -uxpv* | -beos* | -mpeix* | -udk* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ - | -powermax* | -dnix*) + | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ + | -skyos* | -haiku*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1144,12 +1206,15 @@ os=`echo $os | sed -e 's|nto|nto-qnx|'` ;; -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ - | -windows* | -osx | -abug | -netware* | -os9* | -beos* \ + | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) ;; -mac*) os=`echo $os | sed -e 's|mac|macos|'` ;; + -linux-dietlibc) + os=-linux-dietlibc + ;; -linux*) os=`echo $os | sed -e 's|linux|linux-gnu|'` ;; @@ -1162,6 +1227,9 @@ -opened*) os=-openedition ;; + -os400*) + os=-os400 + ;; -wince*) os=-wince ;; @@ -1183,6 +1251,9 @@ -atheos*) os=-atheos ;; + -syllable*) + os=-syllable + ;; -386bsd) os=-bsd ;; @@ -1205,6 +1276,9 @@ -sinix*) os=-sysv4 ;; + -tpf*) + os=-tpf + ;; -triton*) os=-sysv3 ;; @@ -1235,6 +1309,15 @@ -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) os=-mint ;; + -aros*) + os=-aros + ;; + -kaos*) + os=-kaos + ;; + -zvmoe) + os=-zvmoe + ;; -none) ;; *) @@ -1266,6 +1349,9 @@ arm*-semi) os=-aout ;; + c4x-* | tic4x-*) + os=-coff + ;; # This must come before the *-dec entry. pdp10-*) os=-tops20 @@ -1309,9 +1395,15 @@ *-be) os=-beos ;; + *-haiku) + os=-haiku + ;; *-ibm) os=-aix ;; + *-knuth) + os=-mmixware + ;; *-wec) os=-proelf ;; @@ -1444,9 +1536,15 @@ -mvs* | -opened*) vendor=ibm ;; + -os400*) + vendor=ibm + ;; -ptx*) vendor=sequent ;; + -tpf*) + vendor=ibm + ;; -vxsim* | -vxworks* | -windiss*) vendor=wrs ;; @@ -1471,7 +1569,7 @@ esac echo $basic_machine$os -exit 0 +exit # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) --- sudo-1.6.8p12.orig/sudoers +++ sudo-1.6.8p12/sudoers @@ -1,10 +1,17 @@ # sudoers file. # # This file MUST be edited with the 'visudo' command as root. +# 'visudo' edits the suoders file in a safe fashion. visudo +# locks the sudoers file against multiple simultaneous edits, +# provides basic sanity checks, and checks for syntax errors. If +# the sudoers file is currently being edited you will receive a +# message to try again later. # # See the sudoers man page for the details on how to write a sudoers file. # +# Defaults syslog=auth, secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin" + # Host alias specification # User alias specification --- sudo-1.6.8p12.orig/debian/dirs +++ sudo-1.6.8p12/debian/dirs @@ -0,0 +1,7 @@ +etc/pam.d +usr/bin +usr/share/man/man8 +usr/share/man/man5 +usr/sbin +usr/share/doc/sudo/examples +usr/share/lintian/overrides --- sudo-1.6.8p12.orig/debian/docs +++ sudo-1.6.8p12/debian/docs @@ -0,0 +1,9 @@ +debian/OPTIONS +BUGS +RUNSON +UPGRADE +PORTING +TODO +HISTORY +README +TROUBLESHOOTING --- sudo-1.6.8p12.orig/debian/sudo-ldap.init.d +++ sudo-1.6.8p12/debian/sudo-ldap.init.d @@ -0,0 +1,31 @@ +#! /bin/sh + +### BEGIN INIT INFO +# Provides: sudu +# Required-Start: $local_fs $remote_fs +# Required-Stop: +# Default-Start: S 1 2 3 4 5 +# Default-Stop: 0 6 +### END INIT INFO + +N=/etc/init.d/sudo + +set -e + +case "$1" in + start) + # make sure privileges don't persist across reboots + if [ -d /var/run/sudo ] + then + find /var/run/sudo -type f -exec touch -t 198501010000 '{}' \; + fi + ;; + stop|reload|restart|force-reload) + ;; + *) + echo "Usage: $N {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 --- sudo-1.6.8p12.orig/debian/control +++ sudo-1.6.8p12/debian/control @@ -0,0 +1,32 @@ +Source: sudo +Section: admin +Priority: optional +Maintainer: Bdale Garbee +Build-Depends: debhelper (>= 5), libpam0g-dev, libldap2-dev +Standards-Version: 3.6.2.1 + +Package: sudo +Architecture: any +Depends: ${shlibs:Depends}, libpam-modules +Conflicts: sudo-ldap +Replaces: sudo-ldap +Description: Provide limited super user privileges to specific users + Sudo is a program designed to allow a sysadmin to give limited root + privileges to users and log root activity. The basic philosophy is to give + as few privileges as possible but still allow people to get their work done. + . + This version is built with minimal shared library dependencies, use the + sudo-ldap package instead if you need LDAP support. + +Package: sudo-ldap +Architecture: any +Depends: ${shlibs:Depends}, libpam-modules +Conflicts: sudo +Replaces: sudo +Provides: sudo +Description: Provide limited super user privileges to specific users + Sudo is a program designed to allow a sysadmin to give limited root + privileges to users and log root activity. The basic philosophy is to give + as few privileges as possible but still allow people to get their work done. + . + This version is built with LDAP support. --- sudo-1.6.8p12.orig/debian/sudo-ldap.postrm +++ sudo-1.6.8p12/debian/sudo-ldap.postrm @@ -0,0 +1,21 @@ +#! /bin/sh + +set -e + +case "$1" in + purge) + rm -f /etc/sudoers + ;; + + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + +esac + +#DEBHELPER# + +exit 0 --- sudo-1.6.8p12.orig/debian/prerm +++ sudo-1.6.8p12/debian/prerm @@ -0,0 +1,37 @@ +#!/bin/sh + +set -e + +check_password() { + if [ ! "$SUDO_FORCE_REMOVE" = "yes" ]; then + # let's check whether the root account is locked. + # if it is, we're not going another step. No Sirreee! + passwd=$(getent shadow root|cut -f2 -d:) + if [ "$passwd" = "*" -o "$passwd" = "!" ]; then + # yup, password is locked + echo "You have asked that the sudo package be removed," + echo "but no root password has been set." + echo "Without sudo, you may not be able to gain administrative privileges." + echo + echo "If you would prefer to access the root account with su(1)" + echo "or by logging in directly," + echo "you must set a root password with \"sudo passwd\"." + echo + echo "If you have arranged other means to access the root account," + echo "and you are sure this is what you want," + echo "you may bypass this check by setting an environment variable " + echo "(export SUDO_FORCE_REMOVE=yes)." + echo + echo "Refusing to remove sudo." + exit 1 + fi + fi +} + +case $1 in + remove) + check_password; + ;; + *) + ;; +esac --- sudo-1.6.8p12.orig/debian/rules +++ sudo-1.6.8p12/debian/rules @@ -0,0 +1,140 @@ +#!/usr/bin/make -f + +export DH_VERBOSE=1 + +CFLAGS = -O2 -Wall -Wno-comment +ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS))) +CFLAGS += -g +endif +export CFLAGS + +build: config-stamp +config-stamp: + dh_testdir + + # simple version + mkdir -p build-simple + cd build-simple && ../configure --prefix=/usr -v \ + --with-all-insults \ + --with-exempt=sudo --with-pam --with-fqdn \ + --with-logging=syslog --with-logfac=authpriv \ + --with-env-editor --with-editor=/usr/bin/editor \ + --with-timeout=15 --with-password-timeout=0 \ + --disable-root-mailer --disable-setresuid \ + --with-sendmail=/usr/sbin/sendmail \ + --without-lecture \ + --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin" + + # LDAP version + mkdir -p build-ldap + cd build-ldap && ../configure --prefix=/usr -v \ + --with-all-insults \ + --with-exempt=sudo --with-pam --with-ldap --with-fqdn \ + --with-logging=syslog --with-logfac=authpriv \ + --with-env-editor --with-editor=/usr/bin/editor \ + --with-timeout=15 --with-password-timeout=0 \ + --disable-root-mailer --disable-setresuid \ + --with-sendmail=/usr/sbin/sendmail \ + --with-ldap-conf-file=/etc/ldap/ldap.conf \ + --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin" + + touch config-stamp + +build: build-stamp +build-stamp: config-stamp + dh_testdir + + -$(MAKE) -C build-simple + -$(MAKE) -C build-ldap + + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f config-stamp build-stamp + rm -rf build-simple build-ldap + rm -f config.cache + + -test -r /usr/share/misc/config.sub && \ + cp -f /usr/share/misc/config.sub config.sub + -test -r /usr/share/misc/config.guess && \ + cp -f /usr/share/misc/config.guess config.guess + + dh_clean + +install: build-stamp + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # simple version + install -o root -g root -m 4755 -s build-simple/sudo debian/sudo/usr/bin/sudo + ln -sf sudo debian/sudo/usr/bin/sudoedit + install -o root -g root -m 0755 -s build-simple/visudo \ + debian/sudo/usr/sbin/visudo + install -o root -g root -m 0644 build-simple/sudo.man \ + debian/sudo/usr/share/man/man8/sudo.8 + ln -sf sudo.8 debian/sudo/usr/share/man/man8/sudoedit.8 + install -o root -g root -m 0644 build-simple/visudo.man \ + debian/sudo/usr/share/man/man8/visudo.8 + install -o root -g root -m 0644 build-simple/sudoers.man \ + debian/sudo/usr/share/man/man5/sudoers.5 + install -o root -g root -m 0644 sample.sudoers \ + debian/sudo/usr/share/doc/sudo/examples/sudoers + install -o root -g root -m 0644 debian/sudo.pam \ + debian/sudo/etc/pam.d/sudo + + install -o root -g root -m 0644 debian/sudo.lintian \ + debian/sudo/usr/share/lintian/overrides/sudo + + install -o root -g root -m 0644 debian/sudo_root.8 \ + debian/sudo/usr/share/man/man8/sudo_root.8 + + # LDAP version + install -o root -g root -m 4755 -s build-ldap/sudo debian/sudo-ldap/usr/bin/sudo + ln -sf sudo debian/sudo-ldap/usr/bin/sudoedit + install -o root -g root -m 0755 -s build-ldap/visudo debian/sudo-ldap/usr/sbin/visudo + install -o root -g root -m 0644 build-ldap/sudo.man \ + debian/sudo-ldap/usr/share/man/man8/sudo.8 + ln -sf sudo.8 debian/sudo-ldap/usr/share/man/man8/sudoedit.8 + install -o root -g root -m 0644 build-ldap/visudo.man \ + debian/sudo-ldap/usr/share/man/man8/visudo.8 + install -o root -g root -m 0644 build-ldap/sudoers.man \ + debian/sudo-ldap/usr/share/man/man5/sudoers.5 + install -o root -g root -m 0644 sample.sudoers \ + debian/sudo-ldap/usr/share/doc/sudo-ldap/examples/sudoers + install -o root -g root -m 0644 debian/sudo.pam \ + debian/sudo-ldap/etc/pam.d/sudo + + install -o root -g root -m 0644 debian/sudo-ldap.lintian \ + debian/sudo-ldap/usr/share/lintian/overrides/sudo-ldap + + install -o root -g root -m 0644 debian/sudo_root.8 \ + debian/sudo/usr/share/man/man8/sudo_root.8 + +binary-indep: build install + +binary-arch: build install + dh_testdir + dh_testroot + dh_installdocs + dh_installexamples -A +# dh_installinit -psudo -psudo-ldap + dh_installmanpages fnmatch.3 + dh_installinfo -A + dh_installchangelogs CHANGES + dh_strip + dh_compress + dh_fixperms + chown root.root debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo + chmod 4755 debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install --- sudo-1.6.8p12.orig/debian/changelog +++ sudo-1.6.8p12/debian/changelog @@ -0,0 +1,769 @@ +sudo (1.6.8p12-1ubuntu6) dapper; urgency=low + + * env.c: Preserve additional environment variables for non-almighty sudoers: + HOME, LOGNAME, DISPLAY, XAUTHORITY, XAUTHORIZATION. Closes: LP#44500 + + -- Martin Pitt Wed, 17 May 2006 09:29:15 +0200 + +sudo (1.6.8p12-1ubuntu5) dapper; urgency=low + + * env.c: Unbreak the env_keep option. Closes: LP#31690 + * sudoers: Add some explanatory text why it is a REALLY good idea to use + visudo. Closes: LP#11620 + + -- Martin Pitt Tue, 28 Mar 2006 18:52:24 +0200 + +sudo (1.6.8p12-1ubuntu4) dapper; urgency=low + + * Remove the init script, it only cleans up /var/run which is a tmpfs. + + -- Scott James Remnant Wed, 22 Feb 2006 16:28:42 +0000 + +sudo (1.6.8p12-1ubuntu3) dapper; urgency=low + + * Add debian/sudo_root.8: Introduction about root handling in ubuntu with + sudo. + * debian/rules: Install that new manpage into sudo and sudo-ldap. + + -- Martin Pitt Wed, 8 Feb 2006 17:01:50 +0100 + +sudo (1.6.8p12-1ubuntu2) dapper; urgency=low + + * sudo.c: If the user successfully authenticated and he is in the 'admin' + group, then create a stamp ~/.sudo_as_admin_successful. A future + /etc/profile will evaluate this flag to display a short help about how to + execute things as root. + + -- Martin Pitt Wed, 18 Jan 2006 09:32:02 +0100 + +sudo (1.6.8p12-1ubuntu1) dapper; urgency=low + + * Resynchronise with Debian, clean up cruft from Ubuntu diff. + * debian/postinst: Do not set env_reset flag in newly created sudoers files; + it's incompatible with upgrades. + * Clean up environment variable handling to fix vulns like CVE-2005-4158 and + CVE-2006-0151 once and for all: Only keep known-good variables if user has + limited sudo privileges (blacklist -> whitelist) and keep them all for + users with unlimited command privileges (to not drive admins and + developers up the wall which actually need to pass env variables from time + to time). + - parse.h, parse.yacc: + + Add a new flag 'cmdall' to the matchstack, and a new macro 'cmnd_all' + to access it. + + In the "cmnd" grammar rule: Set cmdall to TRUE if command specifier is + 'ALL', otherwise to FALSE. + - sudo.tab.cc: Re-yaccified to match changes to parse.yacc. + - sudo.h: Add new sudoers_lookup() return flag FLAG_CMND_ALL. + - parse.c, sudoers_lookup(): Set flag FLAG_CMND_ALL if cmnd_all matched. + - ldap.c: + + sudo_ldap_check_command(): Add return parameter all, set to true + if command specifier is 'ALL'. + + sudo_ldap_check(): Set flag FLAG_CMND_ALL if sudo_ldap_check_command() + returned all=1. + - env.c: + + Apply Martin Schulze's patch to switch from blacklist to whitelist + environment cleaning. + + Add parameter 'noclean' to rebuild_env(); if it is != 0, environment + variables are not cleaned. + - sudo.c: Call rebuild_env() with noclean=1 if FLAG_CMND_ALL is set. + + -- Martin Pitt Tue, 17 Jan 2006 10:03:05 +0100 + +sudo (1.6.8p12-1) unstable; urgency=low + + * new upstream version, closes: #342948 (CVE-2005-4158) + * add env_reset to the sudoers file we create if none already exists, + as a further precaution in response to discussion about CVS-2005-4158 + * split ldap support into a new sudo-ldap package. I was trying to avoid + doing this, but the impact of going from 4 to 17 linked shlibs on the + autobuilder chroots is sufficient motivation for me. + closes: #344034 + + -- Bdale Garbee Wed, 28 Dec 2005 13:49:10 -0700 + +sudo (1.6.8p9-4) unstable; urgency=low + + * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231 + * merge patch from Martin Pitt / Ubuntu to be more robust about resetting + timestamps in the init.d script, closes: #330868 + * add dependency header to init.d script, closes: #332849 + + -- Bdale Garbee Sat, 10 Dec 2005 07:47:07 -0800 + +sudo (1.6.8p9-3ubuntu4) dapper; urgency=low + + * Revert addition of sudo -t, i. e. revert to version 1.6.8p9-3ubuntu1. As + per TB discussion, we will not use sudo for implementing + https://wiki.ubuntu.com/HideAdminToolsToUsers. + + -- Martin Pitt Tue, 29 Nov 2005 23:27:42 +0100 + +sudo (1.6.8p9-3ubuntu3) dapper; urgency=low + + * sudo.c: Log failures even in test mode, to avoid the possibility of + silently poking around for interesting sudo privileges. This will generate + a lot of auth log clutter in the desktop case, but will not change sudo + semantics where it matters (on servers). + + -- Martin Pitt Thu, 17 Nov 2005 10:35:04 +0100 + +sudo (1.6.8p9-3ubuntu2) dapper; urgency=low + + * Add option -t which only tests whether the given command can be executed + and does not require a password. This is required for the + https://wiki.ubuntu.com/HideAdminToolsToUsers spec. + * sudo.h: Add MODE_TESTONLY mode. + * sudo.c: Add -t parsing and do not actually run the command in test mode, + just return success or failure. Also, add the new option to the "usage" + output. + * sudo.pod: Document new -t option. + * Put patch into debian/ubuntu-patches/sudo.add-test-option.patch to have + it separate for future merges (requires a manual "make sudo.man.in" to + actually run pod2man). + + -- Martin Pitt Wed, 9 Nov 2005 17:40:43 -0500 + +sudo (1.6.8p9-3ubuntu1) dapper; urgency=low + + * Resynchronise with Debian. + + -- Martin Pitt Wed, 9 Nov 2005 17:12:06 -0500 + +sudo (1.6.8p9-3) unstable; urgency=high + + * update debhelper compatibility level from 2 to 4 + * add man page symlink for sudoedit + * Clean SHELLOPTS and PS4 from the environment before executing programs + with sudo permissions [env.c, CAN-2005-2959] + * fix typo in manpage pointed out by Moray Allen, closes: #285995 + * fix paths in sample complex sudoers file, closes: #303542 + * fix type in sudoers man page, closes: #311244 + + -- Bdale Garbee Wed, 28 Sep 2005 01:18:04 -0600 + +sudo (1.6.8p9-2ubuntu2) breezy; urgency=low + + * debian/init.d: When resetting the timestamps of the tty tags, actually + touch the files, not the per-user directories. Since bootclean.sh removes + /var/run/* anyway, this is no big deal, but clean it up anyway for the + sake of correctness. (Ubuntu #16594) + + -- Martin Pitt Fri, 30 Sep 2005 09:52:27 +0200 + +sudo (1.6.8p9-2ubuntu1) breezy; urgency=low + + * Resynchronise with Debian, resolve merging conflicts and unscramble + changelog. + + -- Martin Pitt Thu, 7 Jul 2005 09:01:48 +0000 + +sudo (1.6.8p9-2) unstable; urgency=high + + * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1, + closes: #305735 + + -- Bdale Garbee Tue, 28 Jun 2005 16:18:47 -0400 + +sudo (1.6.8p9-1) unstable; urgency=high + + * new upstream version, fixes a race condition in sudo's pathname + validation, which is a security issue (CAN-2005-1993), + closes: #315115, #315718 + + -- Bdale Garbee Tue, 28 Jun 2005 15:33:11 -0400 + +sudo (1.6.8p7-1) unstable; urgency=low + + * new upstream version, closes: #299585 + * update lintian overrides to squelch the postinst warning + * change sudoedit from a hard to a soft link, closes: #296896 + * fix regex doc in sudoers man page, closes: #300361 + + -- Bdale Garbee Sat, 26 Mar 2005 22:18:34 -0700 + +sudo (1.6.8p5-1ubuntu3) breezy; urgency=low + + * SECURITY UPDATE: Fix privilege escalation. + * sudo.c, parse.yacc: safe_cmd contains the actually executed program which + is normally taken from /etc/sudoers. However, if sudoers contains "ALL" + entries that follow the matching entry, safe_cmd was overwritten with the + path the user specified on the command line, which opens up the + possibility of executing arbitrary commands by generating symlinks to + them. + * References: + CAN-2005-1993 + http://www.securityfocus.com/archive/1/402741 + + -- Martin Pitt Tue, 21 Jun 2005 13:41:05 +0200 + +sudo (1.6.8p5-1ubuntu2) hoary; urgency=low + + * Add !fqdn to the Defaults so we don't die horribly when localhost doesn't + resolve (Ubuntu: 2772) + + -- Thom May Wed, 2 Mar 2005 20:34:20 +0000 + +sudo (1.6.8p5-1ubuntu1) hoary; urgency=low + + * Resync with Debian + + -- LaMont Jones Mon, 6 Dec 2004 09:31:28 -0700 + +sudo (1.6.8p5-1) unstable; urgency=high + + * new upstream version + * restores ability to use config tuples without a value, which was causing + problems on upgrade closes: #283306 + * deliver sudoedit, closes: #283078 + * marking urgency high since 283306 is a serious upgrade incompatibility + + -- Bdale Garbee Fri, 3 Dec 2004 10:11:16 -0700 + +sudo (1.6.8p3-2) unstable; urgency=high + + * update pam.d deliverable so ldap works again, closes: #282191 + + -- Bdale Garbee Mon, 22 Nov 2004 11:44:46 -0700 + +sudo (1.6.8p3-1) unstable; urgency=high + + * new upstream version, fixes a flaw in sudo's environment sanitizing that + could allow a malicious user with permission to run a shell script that + utilized the bash shell to run arbitrary commands, closes: #281665 + * patch the sample sudoers to have the proper path for kill on Debian + systems, closes: #263486 + * patch the sudo manpage to reflect Debian's choice of exempt_group + default setting, closes: #236465 + * patch the sudo manpage to reflect Debian's choice of no timeout on the + password prompt, closes: #271194 + + -- Bdale Garbee Tue, 16 Nov 2004 23:23:41 -0700 + +sudo (1.6.7p5-2ubuntu2) hoary; urgency=low + + * SECURITY UPDATE: fix input validation flaw + * env.c, rebuild_env(): skip variables with values beginnig with "()" to + ignore exported bash functions in the sudo environment; this prevents + introducing malicious functions with the name of commands that are + executed without full path + * References: + http://www.sudo.ws/sudo/alerts/bash_functions.html + + -- Martin Pitt Wed, 17 Nov 2004 18:54:30 +0100 + +sudo (1.6.7p5-2ubuntu1) hoary; urgency=low + + * Resynchronise with Debian. + + -- Scott James Remnant Wed, 27 Oct 2004 15:06:39 +0100 + +sudo (1.6.7p5-2) unstable; urgency=low + + * Jeff Bailey reports that seteuid works on current sparc systems, so we + no longer need the "grosshack" stuff in the sudo rules file + * add a postrm that removes /etc/sudoers on purge. don't do this with the + normal conffile mechanism since it would generate noise on every upgrade, + closes: #245405 + + -- Bdale Garbee Tue, 20 Jul 2004 12:29:48 -0400 + +sudo (1.6.7p5-1ubuntu4) warty; urgency=low + + * Disable lecture by default. (Warty #987) + + -- Thom May Wed, 6 Oct 2004 14:31:31 +0100 + +sudo (1.6.7p5-1ubuntu3) warty; urgency=low + + * Refuse to remove sudo if the root password is not set and the user is + running us via sudo + + -- Thom May Mon, 27 Sep 2004 15:30:09 +0100 + +sudo (1.6.7p5-1ubuntu2) warty; urgency=low + + * Add 'Defaults !lecture,tty_tickets' to initial sudoers file. + + -- Colin Watson Mon, 23 Aug 2004 21:03:15 +0100 + +sudo (1.6.7p5-1ubuntu1) warty; urgency=low + + * Remove /etc/sudoers on purge. (Closes: #245405) + + -- Fabio M. Di Nitto Mon, 19 Jul 2004 09:42:04 +0200 + +sudo (1.6.7p5-1) unstable; urgency=low + + * new upstream version, closes: #190265, #193222, #197244 + * change from '.' to ':' in postinst chown call, closes: #208369 + + -- Bdale Garbee Tue, 2 Sep 2003 21:27:06 -0600 + +sudo (1.6.7p3-2) unstable; urgency=low + + * add --disable-setresuid to configure call since 2.2 kernels don't support + setresgid, closes: #189044 + * cosmetic cleanups to debian/rules as long as I'm there + + -- Bdale Garbee Tue, 15 Apr 2003 16:04:48 -0600 + +sudo (1.6.7p3-1) unstable; urgency=low + + * new upstream version + * add overrides to quiet lintian about things it doesn't understand, + except the source one that can't be overridden until 129510 is fixed + + -- Bdale Garbee Mon, 7 Apr 2003 17:34:05 -0600 + +sudo (1.6.6-3) unstable; urgency=low + + * add code to rules file to update config.sub/guess, closes: #164501 + + -- Bdale Garbee Sat, 12 Oct 2002 15:35:22 -0600 + +sudo (1.6.6-2) unstable; urgency=low + + * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to + configure, and lose the build dependency on mail-transport-agent + * incorporate changes from LaMont's NMU, closes: #144665, #144737 + * update init.d to not try and set time on nonexistent timestamp files, + closes: #132616 + * build with --with-all-insults, admin must edit sudoers to turn insults + on at runtime if desired, closes: #135374 + * stop setting /usr/doc symlink in postinst + + -- Bdale Garbee Sat, 12 Oct 2002 01:54:24 -0600 + +sudo (1.6.6-1.1) unstable; urgency=high + + * NMU - patch from Colin Watson , in bts. + * Revert patch to auth/pam.c that left pass uninitialized, causing a + segfault (Closes: #144665). + + -- LaMont Jones Fri, 26 Apr 2002 22:36:04 -0600 + +sudo (1.6.6-1) unstable; urgency=high + + * new upstream version, fixes security problem with crafty prompts, + closes: #144540 + + -- Bdale Garbee Thu, 25 Apr 2002 12:45:49 -0600 + +sudo (1.6.5p1-4) unstable; urgency=high + + * apply patch for auth/pam.c to fix yet another way to make sudo segfault + if ctrl/C'ed at password prompt, closes: #131235 + + -- Bdale Garbee Sun, 3 Mar 2002 23:18:56 -0700 + +sudo (1.6.5p1-3) unstable; urgency=high + + * ugly hack to add --disable-saved-ids when building on sparc in response + to 131592, which will be reassigned to glibc for a real fix + * urgency high since the sudo currently in testing for sparc is worthless + + -- Bdale Garbee Sun, 17 Feb 2002 22:42:10 -0700 + +sudo (1.6.5p1-2) unstable; urgency=high + + * patch from upstream to fix seg faults caused by versions of pam that + follow a NULL pointer, closes: #129512 + + -- Bdale Garbee Tue, 22 Jan 2002 01:50:13 -0700 + +sudo (1.6.5p1-1) unstable; urgency=high + + * new upstream version + * add --disable-root-mailer option supported by new version to configure + call in rules file, closes: #129648 + + -- Bdale Garbee Fri, 18 Jan 2002 11:29:37 -0700 + +sudo (1.6.4p1-1) unstable; urgency=high + + * new upstream version, with fix for segfaulting problem in 1.6.4 + + -- Bdale Garbee Mon, 14 Jan 2002 20:09:46 -0700 + +sudo (1.6.4-1) unstable; urgency=high + + * new upstream version, includes an important security fix, closes: #127576 + + -- Bdale Garbee Mon, 14 Jan 2002 09:35:48 -0700 + +sudo (1.6.3p7-5) unstable; urgency=low + + * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872 + * fix spelling error in init.d, closes: #126847 + + -- Bdale Garbee Sat, 29 Dec 2001 11:21:43 -0700 + +sudo (1.6.3p7-4) unstable; urgency=medium + + * use touch to set status files to an ancient date instead of removing them + outright on reboot. this achieves the desired effect of keeping elevated + privs from living across reboots, without forcing everyone to see the + new-sudo-user lecture after every reboot. pick a time that's 'old enough' + for systems with good clocks, and 'recent enough' that broken PC hardware + setting the clock to commonly-seen bogus dates trips over the "don't trust + future timestamps" rule. closes: #76529, #123559 + * apply patch from Steve Langasek to fix seg faults due to interaction with + PAM code. upstream confirms the problem, and says they're fixing this + differently for their next release... but this should be useful in the + meantime, and would be good to get into woody. closes: #119147 + * only run the init.d at boot, not on each runlevel change... and don't run + it during package configure. closes: #125935 + * add DEB_BUILD_OPTIONS support to rules file, closes: #94952 + + -- Bdale Garbee Wed, 26 Dec 2001 12:40:44 -0700 + +sudo (1.6.3p7-3) unstable; urgency=low + + * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not + resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718, + * fix a typo in the manpage, closes: #97368 + * apply patch to configure.in and run autoconf to fix problem building on + the hurd, closes: #96325 + * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed + to not last across reboots, closes: #76529 + * clean up lintian-noticed cosmetic packaging issues + + -- Bdale Garbee Sat, 1 Dec 2001 02:59:52 -0700 + +sudo (1.6.3p7-2) unstable; urgency=low + + * update config.sub/guess for hppa support + + -- Bdale Garbee Sun, 22 Apr 2001 23:23:42 -0600 + +sudo (1.6.3p7-1) unstable; urgency=low + + * new upstream version + * add build dependency on mail-transport-agent, closes: #90685 + + -- Bdale Garbee Thu, 12 Apr 2001 17:02:42 -0600 + +sudo (1.6.3p6-1) unstable; urgency=high + + * new upstream version, fixes buffer overflow problem, + closes: #87259, #87278, #87263 + * revert to using --with-secure-path option at build time, since the option + available in sudoers is parsed too late to be useful, and upstream says + it won't get fixed quickly. This reopens 85123, which I will mark as + forwarded. Closes: #86199, #86117, #85676 + + -- Bdale Garbee Mon, 26 Feb 2001 11:02:51 -0700 + +sudo (1.6.3p5-2) unstable; urgency=low + + * lose the dh_suidregister call since it's obsolete + * stop using the --with-secure-path option at build time, and instead show + how to set it in sudoers. Closes: #85123 + * freshen config.sub and config.guess for ia64 and hppa + * update sudoers man page to indicate exempt_group is on by default, + closes: #70847 + + -- Bdale Garbee Sat, 10 Feb 2001 02:05:17 -0700 + +sudo (1.6.3p5-1) unstable; urgency=low + + * new upstream version, closes: #63940, #59175, #61817, #64652, #65743 + * this version restores core dumps before the exec, while leaving them + disabled during sudo's internal execution, closes: #58289 + * update debhelper calls in rules file + + -- Bdale Garbee Wed, 16 Aug 2000 00:13:15 -0600 + +sudo (1.6.2p2-1) frozen unstable; urgency=medium + + * new upstream source resulting from direct collaboration with the upstream + author to fix ugly pam-related problems on Debian in 1.6.1 and later. + Closes: #56129, #55978, #55979, #56550, #56772 + * include more upstream documentation, closes: #55054 + * pam.d fragment update, closes: #56129 + + -- Bdale Garbee Sun, 27 Feb 2000 11:48:48 -0700 + +sudo (1.6.1-1) unstable; urgency=low + + * new upstream source, closes: #52750 + + -- Bdale Garbee Fri, 7 Jan 2000 21:01:42 -0700 + +sudo (1.6-2) unstable; urgency=low + + * drop suidregister support for this package. The sudo executable is + essentially worthless unless it is setuid root, and making suidregister + work involves shipping a non-setuid executable in the .deb and setting the + perms in the postinst. On a long upgrade run, this can leave the sudo + executable 'broken' for a long time, which is unacceptable. With this + version, we ship the executable setuid root in the .deb. Closes: #51742 + + -- Bdale Garbee Wed, 1 Dec 1999 19:59:44 -0700 + +sudo (1.6-1) unstable; urgency=low + + * new upstream version, many options previously set at compile-time are now + configurable at runtime. + Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639 + * FHS support + + -- Bdale Garbee Tue, 23 Nov 1999 16:51:22 -0700 + +sudo (1.5.9p4-1) unstable; urgency=low + + * new upstream version, closes: #43464 + * empty password handling was fixed in 1.5.8, closes: #31863 + + -- Bdale Garbee Thu, 26 Aug 1999 00:00:57 -0600 + +sudo (1.5.9p1-1) unstable; urgency=low + + * new upstream version + + -- Bdale Garbee Thu, 15 Apr 1999 22:43:29 -0600 + +sudo (1.5.8p1-1) unstable; urgency=medium + + * new upstream version, closes 33690 + * add dependency on libpam-modules, closes 34215, 33432 + + -- Bdale Garbee Mon, 8 Mar 1999 10:27:42 -0700 + +sudo (1.5.7p4-2) unstable; urgency=medium + + * update the pam fragment provided so that sudo works with latest pam bits, + closes 33432 + + -- Bdale Garbee Sun, 21 Feb 1999 00:22:44 -0700 + +sudo (1.5.7p4-1) unstable; urgency=low + + * new upstream release + + -- Bdale Garbee Sun, 27 Dec 1998 16:13:53 -0700 + +sudo (1.5.6p5-1) unstable; urgency=low + + * new upstream patch release + * add PAM support, closes 28594 + + -- Bdale Garbee Mon, 2 Nov 1998 00:00:24 -0700 + +sudo (1.5.6p2-2) unstable; urgency=low + + * update copyright file, closes 24136 + * review and close forwarded bugs believed fixed in this upstream version, + closes 17606, 15786. + + -- Bdale Garbee Mon, 5 Oct 1998 22:30:43 -0600 + +sudo (1.5.6p2-1) unstable; urgency=low + + * new upstream release + + -- Bdale Garbee Mon, 5 Oct 1998 22:30:43 -0600 + +sudo (1.5.4-4) frozen unstable; urgency=low + + * update postinst to use groupadd, closes 21403 + * move the suidregister stuff earlier in postinst to ensure it always runs + + -- Bdale Garbee Sun, 19 Apr 1998 22:07:45 -0600 + +sudo (1.5.4-3) frozen unstable; urgency=low + + * change /etc/sudoers from a conffile to being handled in postinst, + closes 18219 + * add suidmanager support, closes 15711 + * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is + unlikely to ever fix, and which just don't matter. closes 17146 + * fix FSF address in copyright file, and submit exception for lintian + warning about sudo being setuid root + + -- Bdale Garbee Thu, 9 Apr 1998 23:59:11 -0600 + +sudo (1.5.4-2) unstable; urgency=high + + * patch from upstream author correcting/improving security fix + + -- Bdale Garbee Tue, 13 Jan 1998 10:39:35 -0700 + +sudo (1.5.4-1) unstable; urgency=high + + * new upstream version, includes a security fix + * change default editor from /bin/ae to /usr/bin/editor + + -- Bdale Garbee Mon, 12 Jan 1998 23:36:41 -0700 + +sudo (1.5.3-1) unstable; urgency=medium + + * new upstream version, closes bug 15911. + * rules file reworked to use debhelper + * implement a really gross hack to force use of the sudo-provided + lsearch(), since the one in libc6 is broken! This closes bugs + 12552, 12557, 14881, 15259, 15916. + + -- Bdale Garbee Sat, 3 Jan 1998 20:39:23 -0700 + +sudo (1.5.2-6) unstable; urgency=LOW + + * don't install INSTALL in the doc directory, closes bug 13195. + + -- Bdale Garbee Sun, 21 Sep 1997 17:10:40 -0600 + +sudo (1.5.2-5) unstable; urgency=LOW + + * libc6 + + -- Bdale Garbee Fri, 5 Sep 1997 00:06:22 -0600 + +sudo (1.5.2-4) unstable; urgency=LOW + + * change TIMEOUT (how long before you have to type your password again) + to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian + packages on slower machines much more tolerable. Closes bug 9076. + * touch debian/suid before debstd. Closes bug 8709. + + -- Bdale Garbee Sat, 26 Apr 1997 00:48:01 -0600 + +sudo (1.5.2-3) frozen unstable; urgency=LOW + + * patch from upstream maintainer to close Bug 6828 + * add a debian/suid file to get debstd to leave my perl postinst alone + + -- Bdale Garbee Fri, 11 Apr 1997 23:09:55 -0600 + +sudo (1.5.2-2) frozen unstable; urgency=LOW + + * change rules to use -O2 -Wall as per standards + + -- Bdale Garbee Sun, 6 Apr 1997 12:48:53 -0600 + +sudo (1.5.2-1) unstable; urgency=LOW + + * new upstream version + * cosmetic changes to debian package control files + + -- Bdale Garbee Wed, 30 Oct 1996 09:50:00 -0700 + +sudo (1.5-2) unstable; urgency=LOW + + * add /usr/X11R6/bin to the end of the secure path... this makes it + much easier to run xmkmf, etc., during package builds. To the extent + that /usr/local/sbin and /usr/local/bin were already included, I see + no security reasons not to add this. + + -- Bdale Garbee Wed, 30 Oct 1996 09:44:58 -0700 + +sudo (1.5-1) unstable; urgency=LOW + + * New upstream version + * New maintainer + * New packaging format + + -- Bdale Garbee Thu, 29 Aug 1996 11:44:22 +0200 + +Tue Mar 5 09:36:41 MET 1996 Michael Meskes + + sudo (1.4.1-1): + + * hard code SECURE_PATH to: + "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + + * enable ENV_EDITOR + + * enabled EXEMPTGROUP "sudo" + + * moved timestamp dir to /var/log/sudo + + * changed parser to check for long and short filenames (Bug#1162) + +Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes + + sudo (1.4.2-1): + + * New upstream source + + * Fixed postinst script + (thanks to Peter Tobis ) + + * Removed special shadow binary. This version works with and without + shadow password file. + +Mon May 20 09:35:22 MET DST 1996 Michael Meskes + + sudo (1.4.2-2): + + * Corrected editor path to /bin/ae (Bug#3062) + + * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063) + +Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes + + sudo (1.4.3-1): + + * New upstream version + + * Changed sudoers permission to 440 (owner root, group root) to make + sudo usable via NFS + +Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes + + sudo (1.4.3-2): + + * Applied upstream patch 1 + +Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes + + sudo (1.4.3-3): + + * Applied upstream patch 2 + +Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes + + sudo (1.4.3-4): + + * Applied upstream patch 3 (fixes problems with an NFS-mounted + sudoers file) + + +Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes + + sudo (1.4.3-5): + + * Corrected postinst to use /usr/bin/perl instead of /bin/perl + [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)] + +Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes + + sudo (1.4.3-6): + + * Applied upstream patch 4 (fixes several bugs) + + * Changed priority to optional + +Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes + + sudo (1.4.3-7): + + * Corrected postinst to create correct permission for /etc/sudoers + (Bug#3749) + +Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes + + sudo (1.4.4-1): + + * New upstream version + + +sudo (1.4.4-2) admin; urgency=HIGH + + * Fixed major security bug reported by Peter Tobias + + * Added dchanges support to debian.rules + +sudo (1.4.5-1) admin; urgency=LOW + + * New upstream version + * Minor changes to debian.rules --- sudo-1.6.8p12.orig/debian/sudo_root.8 +++ sudo-1.6.8p12/debian/sudo_root.8 @@ -0,0 +1,135 @@ +.TH sudo_root 8 "February 8, 2006" + +.SH NAME +sudo_root \- How to run administrative commands + +.SH SYNOPSIS + +.B sudo +.I command + +.B sudo \-i + +.SH INTRODUCTION + +By default, the password for the user "root" (the system +administrator) is locked. This means you cannot login as root or use +su. Instead, the installer will set up sudo to allow the user that is +created during install to run all administrative commands. + +This means that in the terminal you can use sudo for commands that +require root privileges. All programs in the menu will use a graphical +sudo to prompt for a password. When sudo asks for a password, it needs +.B your password, +this means that a root password is not needed. + +To run a command which requires root privileges in a terminal, simply +prepend +.B sudo +in front of it. To get an interactive root shell, use +.B sudo \-i\fR. + +.SH ALLOWING OTHER USERS TO RUN SUDO + +By default, only the user who installed the system is permitted to run +sudo. To add more administrators, i. e. users who can run sudo, you +have to add these users to the group 'admin' by doing one of the +following steps: + +.IP * 2 +In a shell, do + +.RS 4 +.B sudo adduser +.I username +.B admin +.RE + +.IP * 2 +Use the graphical "Users & Groups" program in the "System settings" +menu to add the new user to the +.B admin +group. + +.SH BENEFITS OF USING SUDO + +The benefits of leaving root disabled by default include the following: + +.IP * 2 +Users do not have to remember an extra password, which they are likely to forget. +.IP * 2 +The installer is able to ask fewer questions. +.IP * 2 +It avoids the "I can do anything" interactive login by default \- you +will be prompted for a password before major changes can happen, which +should make you think about the consequences of what you are doing. +.IP * 2 +Sudo adds a log entry of the command(s) run (in \fB/var/log/auth.log\fR). +.IP * 2 +Every attacker trying to brute\-force their way into your box will +know it has an account named root and will try that first. What they +do not know is what the usernames of your other users are. +.IP * 2 +Allows easy transfer for admin rights, in a short term or long term +period, by adding and removing users from the admin group, while not +compromising the root account. +.IP * 2 +sudo can be set up with a much more fine\-grained security policy. + +.SH DOWNSIDES OF USING SUDO + +Although for desktops the benefits of using sudo are great, there are +possible issues which need to be noted: + +.IP * 2 +Redirecting the output of commands run with sudo can be confusing at +first. For instance consider + +.RS 4 +.B sudo ls > /root/somefile +.RE + +.RS 2 +will not work since it is the shell that tries to write to that file. You can use +.RE + +.RS 4 +.B ls | sudo tee /root/somefile +.RE + +.RS 2 +to get the behaviour you want. +.RE + +.IP * 2 +In a lot of office environments the ONLY local user on a system is +root. All other users are imported using NSS techniques such as +nss\-ldap. To setup a workstation, or fix it, in the case of a network +failure where nss\-ldap is broken, root is required. This tends to +leave the system unusable. An extra local user, or an enabled root +password is needed here. + +.SH GOING BACK TO A TRADITIONAL ROOT ACCOUNT + +.B This is not recommended! + +To enable the root account (i.e. set a password) use: + +.RS 4 +.B sudo passwd root +.RE + +Afterwards, edit +.B /etc/sudoers +and comment out the line + +.RS 4 +%admin ALL=(ALL) ALL +.RE + +to disable sudo access to members of the admin group. + +.SH SEE ALSO +.BR sudo (8), +.B https://wiki.ubuntu.com/RootSudo + --- sudo-1.6.8p12.orig/debian/sudo-ldap.postinst +++ sudo-1.6.8p12/debian/sudo-ldap.postinst @@ -0,0 +1,62 @@ +#!/usr/bin/perl + +# remove old link + +unlink ("/etc/alternatives/sudo") if ( -l "/etc/alternatives/sudo"); + +# make sure we have a sudoers file +if ( ! -f "/etc/sudoers") { + + print "No /etc/sudoers found... creating one for you.\n"; + + open (SUDOERS, "> /etc/sudoers"); + print SUDOERS "# /etc/sudoers\n", + "#\n", + "# This file MUST be edited with the 'visudo' command as root.\n", + "#\n", + "# See the man page for details on how to write a sudoers file.\n", + "#\n\nDefaults\tenv_reset\n\n", + "# Host alias specification\n\n", + "# User alias specification\n\n", + "# Cmnd alias specification\n\n", + "# User privilege specification\nroot\tALL=(ALL) ALL\n"; + close SUDOERS; + +} + +# make sure sudoers has the correct permissions and owner/group +system ('chown root:root /etc/sudoers'); +system ('chmod 440 /etc/sudoers'); + +# must do a remove first to un-do the "bad" links created by previous version +system ('update-rc.d -f sudo remove >/dev/null 2>&1'); + +#system ('update-rc.d sudo start 75 S . >/dev/null'); + +# make sure we have a sudo group + +exit 0 if getgrnam("sudo"); # we're finished if there is a group sudo + +$gid = 27; # start searcg with gid 27 +setgrent; +while (getgrgid($gid)) { + ++$gid; +} +endgrent; + +if ($gid != 27) { + print "On Debian we normally use gid 27 for 'sudo'.\n"; + $gname = getgrgid(27); + print "However, on your system gid 27 is group '$gname'.\n\n"; + print "Would you like me to stop configuring sudo so that you can change this? [n] "; + $ans = ; + if ($ans =~ m/^[yY].*/) { + print "'dpkg --pending --configure' will restart the configuration.\n\n\n"; + exit 1; + } +} + +print "Creating group 'sudo' with gid = $gid\n"; +system("groupadd -g $gid sudo"); + +print ""; --- sudo-1.6.8p12.orig/debian/sudo.lintian +++ sudo-1.6.8p12/debian/sudo.lintian @@ -0,0 +1,3 @@ +sudo: setuid-binary usr/bin/sudo 4755 root/root +sudo: postrm-contains-additional-updaterc.d-calls /etc/init.d/sudo +sudo: script-in-etc-init.d-not-registered-via-update-rc.d /etc/init.d/sudo --- sudo-1.6.8p12.orig/debian/postinst +++ sudo-1.6.8p12/debian/postinst @@ -0,0 +1,62 @@ +#!/usr/bin/perl + +# remove old link + +unlink ("/etc/alternatives/sudo") if ( -l "/etc/alternatives/sudo"); + +# make sure we have a sudoers file +if ( ! -f "/etc/sudoers") { + + print "No /etc/sudoers found... creating one for you.\n"; + + open (SUDOERS, "> /etc/sudoers"); + print SUDOERS "# /etc/sudoers\n", + "#\n", + "# This file MUST be edited with the 'visudo' command as root.\n", + "#\n", + "# See the man page for details on how to write a sudoers file.\n", + "# Host alias specification\n\n", + "# User alias specification\n\n", + "# Cmnd alias specification\n\n", + "# Defaults\n\nDefaults\t!lecture,tty_tickets,!fqdn\n\n", + "# User privilege specification\nroot\tALL=(ALL) ALL\n"; + close SUDOERS; + +} + +# make sure sudoers has the correct permissions and owner/group +system ('chown root:root /etc/sudoers'); +system ('chmod 440 /etc/sudoers'); + +# must do a remove first to un-do the "bad" links created by previous version +system ('update-rc.d -f sudo remove >/dev/null 2>&1'); + +#system ('update-rc.d sudo start 75 S . >/dev/null'); + +# make sure we have a sudo group + +exit 0 if getgrnam("sudo"); # we're finished if there is a group sudo + +$gid = 27; # start searcg with gid 27 +setgrent; +while (getgrgid($gid)) { + ++$gid; +} +endgrent; + +if ($gid != 27) { + print "On Debian we normally use gid 27 for 'sudo'.\n"; + $gname = getgrgid(27); + print "However, on your system gid 27 is group '$gname'.\n\n"; + print "Would you like me to stop configuring sudo so that you can change this? [n] "; + $ans = ; + if ($ans =~ m/^[yY].*/) { + print "'dpkg --pending --configure' will restart the configuration.\n\n\n"; + exit 1; + } +} + +print "Creating group 'sudo' with gid = $gid\n"; +system("groupadd -g $gid sudo"); + +print ""; --- sudo-1.6.8p12.orig/debian/compat +++ sudo-1.6.8p12/debian/compat @@ -0,0 +1 @@ +4 --- sudo-1.6.8p12.orig/debian/init.d +++ sudo-1.6.8p12/debian/init.d @@ -0,0 +1,31 @@ +#! /bin/sh + +### BEGIN INIT INFO +# Provides: sudu +# Required-Start: $local_fs $remote_fs +# Required-Stop: +# Default-Start: S 1 2 3 4 5 +# Default-Stop: 0 6 +### END INIT INFO + +N=/etc/init.d/sudo + +set -e + +case "$1" in + start) + # make sure privileges don't persist across reboots + if [ -d /var/run/sudo ] + then + find /var/run/sudo -type f -exec touch -t 198501010000 '{}' \; + fi + ;; + stop|reload|restart|force-reload) + ;; + *) + echo "Usage: $N {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 --- sudo-1.6.8p12.orig/debian/sudo-ldap.lintian +++ sudo-1.6.8p12/debian/sudo-ldap.lintian @@ -0,0 +1,3 @@ +sudo-ldap: setuid-binary usr/bin/sudo 4755 root/root +sudo-ldap: postrm-contains-additional-updaterc.d-calls /etc/init.d/sudo-ldap +sudo-ldap: script-in-etc-init.d-not-registered-via-update-rc.d /etc/init.d/sudo-ldap --- sudo-1.6.8p12.orig/debian/sudo-ldap.dirs +++ sudo-1.6.8p12/debian/sudo-ldap.dirs @@ -0,0 +1,7 @@ +etc/pam.d +usr/bin +usr/share/man/man8 +usr/share/man/man5 +usr/sbin +usr/share/doc/sudo-ldap/examples +usr/share/lintian/overrides --- sudo-1.6.8p12.orig/debian/sudo-ldap.docs +++ sudo-1.6.8p12/debian/sudo-ldap.docs @@ -0,0 +1,11 @@ +debian/OPTIONS +BUGS +RUNSON +UPGRADE +PORTING +TODO +HISTORY +README +README.LDAP +TROUBLESHOOTING +sudoers2ldif --- sudo-1.6.8p12.orig/debian/postrm +++ sudo-1.6.8p12/debian/postrm @@ -0,0 +1,21 @@ +#! /bin/sh + +set -e + +case "$1" in + purge) + rm -f /etc/sudoers + ;; + + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + +esac + +#DEBHELPER# + +exit 0 --- sudo-1.6.8p12.orig/debian/OPTIONS +++ sudo-1.6.8p12/debian/OPTIONS @@ -0,0 +1,61 @@ +The following options were used to configure sudo for Debian GNU/Linux. + + --with-exempt=sudo + + Any user in group 'sudo' will not need to type their password. It + is strongly recommended that no users be put in group sudo, and that + instead the NOPASSWD option in the sudoers file be used if desired. + + --with-pam + + Support for pluggable authentication modules. + + --with-ldap + + Support for LDAP authentication. + + --with-fqdn + + Allow use of fully qualified domain names in the sudoers file. + + --disable-root-mailer + + Send mail as the invoking user, not as root. + + --with-logging=syslog + --with-logfac=authpriv + + Where logging information goes. + + --with-env-editor + --with-editor=/usr/bin/editor + + Honor the EDITOR and VISUAL environment variables. If they are not + present, default to the Debian default system editor. + + --with-timeout=15 + --with-password-timeout=0 + + Allow 15 minutes before a user has to re-type their passord, versus + the sudo usual default of 5. Never time out while waiting for a + password to be typed, this is a seriously big deal for Debian package + developers using 'dpkg-buildpackage -rsudo'. + + --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:\ + /sbin:/bin:/usr/X11R6/bin" + + Give a reasonable default path for commands run as root via sudo. + + --with-all-insults + + Include all the insults in the binary, won't be enabled unless turned + on in the sudoers file. + + --with-sendmail=/usr/sbin/sendmail + + Use Debian policy to know the location of sendmail instead of trying + to detect it at build time. + + --disable-setresuid + + Linux 2.2 kernels don't support setresgid. --- sudo-1.6.8p12.orig/debian/copyright +++ sudo-1.6.8p12/debian/copyright @@ -0,0 +1,72 @@ +This is the Debian GNU/Linux prepackaged version of sudo. sudo is +used to provide limited super user privileges to specific users. + +This package was put together by Bdale Garbee using sources +from + ftp://ftp.cs.colorado.edu/pub/sudo/ + +Sudo is distributed under the following BSD-style license: + + Copyright (c) 1994-1996,1998-2002 Todd C. Miller + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + 3. The name of the author may not be used to endorse or promote products + derived from this software without specific prior written permission + from the author. + + 4. Products derived from this software may not be called "Sudo" nor + may "Sudo" appear in their names without specific prior written + permission from the author. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL + THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; + OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + +Additionally, lsearch.c, fnmatch.c, getcwd.c, snprintf.c, strcasecmp.c +and fnmatch.3 bear the following UCB license: + + Copyright (c) 1987, 1989, 1990, 1991, 1993, 1994 + The Regents of the University of California. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. --- sudo-1.6.8p12.orig/debian/sudo.pam +++ sudo-1.6.8p12/debian/sudo.pam @@ -0,0 +1,4 @@ +#%PAM-1.0 + +@include common-auth +@include common-account --- sudo-1.6.8p12.orig/debian/source.lintian-overrides +++ sudo-1.6.8p12/debian/source.lintian-overrides @@ -0,0 +1 @@ +sudo source: maintainer-script-lacks-debhelper-token debian/postinst --- sudo-1.6.8p12.orig/sample.sudoers +++ sudo-1.6.8p12/sample.sudoers @@ -35,16 +35,16 @@ # Cmnd alias specification ## Cmnd_Alias DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \ - /usr/sbin/rrestore, /usr/bin/mt -Cmnd_Alias KILL = /usr/bin/kill + /usr/sbin/rrestore, /bin/mt +Cmnd_Alias KILL = /bin/kill Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm -Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown -Cmnd_Alias HALT = /usr/sbin/halt -Cmnd_Alias REBOOT = /usr/sbin/reboot -Cmnd_Alias SHELLS = /sbin/sh, /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \ - /usr/local/bin/tcsh, /usr/bin/rsh, \ - /usr/local/bin/zsh -Cmnd_Alias SU = /usr/bin/su +Cmnd_Alias SHUTDOWN = /sbin/shutdown +Cmnd_Alias HALT = /sbin/halt +Cmnd_Alias REBOOT = /sbin/reboot +Cmnd_Alias SHELLS = /sbin/sh, /bin/sh, /bin/csh, /usr/bin/ksh, \ + /usr/bin/tcsh, /usr/bin/rsh, \ + /usr/bin/zsh +Cmnd_Alias SU = /bin/su Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \ /usr/bin/chfn @@ -82,7 +82,7 @@ sudoedit /etc/printcap, /usr/oper/bin/ # joe may su only to operator -joe ALL = /usr/bin/su operator +joe ALL = /bin/su operator # pete may change passwords for anyone but root on the hp snakes pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root @@ -96,13 +96,13 @@ # users in the secretaries netgroup need to help manage the printers # as well as add and remove users -+secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser ++secretaries ALL = PRINTING, /usr/sbin/adduser, /usr/bin/rmuser # fred can run commands as oracle or sybase without a password fred ALL = (DB) NOPASSWD: ALL # on the alphas, john may su to anyone but root and flags are not allowed -john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* +john ALPHA = /bin/su [!-]*, !/bin/su *root* # jen can run anything on all machines except the ones # in the "SERVERS" Host_Alias --- sudo-1.6.8p12.orig/sudo.tab.c +++ sudo-1.6.8p12/sudo.tab.c @@ -138,6 +138,7 @@ } \ match[top].user = UNSPEC; \ match[top].cmnd = UNSPEC; \ + match[top].cmndall= UNSPEC; \ match[top].host = UNSPEC; \ match[top].runas = UNSPEC; \ match[top].nopass = def_authenticate ? UNSPEC : TRUE; \ @@ -153,6 +154,7 @@ } \ match[top].user = match[top-1].user; \ match[top].cmnd = match[top-1].cmnd; \ + match[top].cmndall= match[top-1].cmndall; \ match[top].host = match[top-1].host; \ match[top].runas = match[top-1].runas; \ match[top].nopass = match[top-1].nopass; \ @@ -1739,6 +1741,7 @@ } } + SETMATCH(cmnd_all, TRUE); yyval.BOOLEAN = TRUE; } break; @@ -1769,6 +1772,7 @@ YYERROR; } } + SETMATCH(cmnd_all, FALSE); yyval.BOOLEAN = NOMATCH; } free(yyvsp[0].string); @@ -1800,6 +1804,7 @@ free(yyvsp[0].command.cmnd); if (yyvsp[0].command.args) free(yyvsp[0].command.args); + SETMATCH(cmnd_all, FALSE); } break; case 65: --- sudo-1.6.8p12.orig/ldap.c +++ sudo-1.6.8p12/ldap.c @@ -256,9 +256,10 @@ * Walks through search result and returns true if we have a * command match */ -int sudo_ldap_check_command(ld,entry) +int sudo_ldap_check_command(ld,entry,all) LDAP *ld; LDAPMessage *entry; + int* all; { char **v=NULL; char **p=NULL; @@ -267,6 +268,8 @@ int ret=0; int foundbang; + *all=0; + if (!entry) return ret; v=ldap_get_values(ld,entry,"sudoCommand"); @@ -277,6 +280,7 @@ /* Match against ALL ? */ if (!strcasecmp(*p,"ALL")) { + *all=1; ret=1; if (ldap_conf.debug>1) printf(" MATCH!\n"); continue; @@ -711,6 +715,7 @@ /* flags */ int ldap_user_matches=0; int ldap_host_matches=0; + int command_all=0; if (!sudo_ldap_read_config()) return VALIDATE_ERROR; @@ -896,7 +901,7 @@ /* add matches for listing later */ sudo_ldap_add_match(ld,entry) && /* verify command match */ - sudo_ldap_check_command(ld,entry) && + sudo_ldap_check_command(ld,entry,&command_all) && /* verify runas match */ sudo_ldap_check_runas(ld,entry) ) @@ -907,6 +912,7 @@ sudo_ldap_parse_options(ld,entry); /* make sure we dont reenter loop */ ret=VALIDATE_OK; + if(command_all) SET(ret,FLAG_CMND_ALL); /* break from inside for loop */ break; } --- sudo-1.6.8p12.orig/sudo.c +++ sudo-1.6.8p12/sudo.c @@ -106,10 +106,11 @@ static void set_loginclass __P((struct passwd *)); static void usage __P((int)); static void usage_excl __P((int)); +static void create_admin_success_flag __P((void)); static struct passwd *get_authpw __P((void)); extern int sudo_edit __P((int, char **)); extern void list_matches __P((void)); -extern char **rebuild_env __P((char **, int, int)); +extern char **rebuild_env __P((char **, int, int, int)); extern char **zero_env __P((char **)); extern struct passwd *sudo_getpwnam __P((const char *)); extern struct passwd *sudo_getpwuid __P((uid_t)); @@ -368,11 +369,15 @@ /* Build a new environment that avoids any nasty bits if we have a cmnd. */ if (ISSET(sudo_mode, MODE_RUN)) - new_environ = rebuild_env(envp, sudo_mode, ISSET(validated, FLAG_NOEXEC)); + new_environ = rebuild_env(envp, sudo_mode, ISSET(validated, FLAG_NOEXEC), ISSET(validated, FLAG_CMND_ALL)); else new_environ = envp; if (ISSET(validated, VALIDATE_OK)) { + /* If the user is in the admin group, create a dotfile to signal that + * sudo was executed successfully. */ + create_admin_success_flag(); + /* Finally tell the user if the command did not exist. */ if (cmnd_status == NOT_FOUND_DOT) { warnx("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.", user_cmnd, user_cmnd, user_cmnd); @@ -1156,3 +1161,46 @@ putchar('\n'); exit(exit_val); } + +static void create_admin_success_flag(void) +{ + struct group* admin; + char** g; + int is_admin; + char flagfile[PATH_MAX]; + int f; + + if (!sudo_user.pw || !sudo_user.pw->pw_name || !sudo_user.pw->pw_dir) + return; + + /* check whether the user is in the admin group */ + admin = getgrnam("admin"); + if (!admin || !admin->gr_mem) + return; + is_admin = 0; + for (g = admin->gr_mem; *g; ++g) { + if (!strcmp(*g, sudo_user.pw->pw_name)) { + is_admin = 1; + break; + } + } + if (!is_admin) + return; + + /* build path to flag file */ + snprintf(flagfile, sizeof(flagfile), "%s/.sudo_as_admin_successful", + sudo_user.pw->pw_dir); + if (strlen(flagfile) >= sizeof(flagfile)-1) + return; + + /* do nothing if the file already exists */ + if (!access(flagfile, F_OK)) + return; + + /* create file */ + f = open(flagfile, O_CREAT|O_WRONLY|O_EXCL, 0644); + if(f >= 0) { + fchown(f, sudo_user.pw->pw_uid, sudo_user.pw->pw_gid); + close(f); + } +} --- sudo-1.6.8p12.orig/sudo.h +++ sudo-1.6.8p12/sudo.h @@ -65,6 +65,7 @@ #define FLAG_NO_HOST 0x080 #define FLAG_NO_CHECK 0x100 #define FLAG_NOEXEC 0x200 +#define FLAG_CMND_ALL 0x400 /* * Pseudo-boolean values --- sudo-1.6.8p12.orig/parse.c +++ sudo-1.6.8p12/parse.c @@ -200,7 +200,8 @@ set_perms(PERM_ROOT); return(VALIDATE_OK | (no_passwd == TRUE ? FLAG_NOPASS : 0) | - (no_execve == TRUE ? FLAG_NOEXEC : 0)); + (no_execve == TRUE ? FLAG_NOEXEC : 0) | + (cmnd_all == TRUE ? FLAG_CMND_ALL : 0)); } else if ((runas_matches == TRUE && cmnd_matches == FALSE) || (runas_matches == FALSE && cmnd_matches == TRUE)) { /* --- sudo-1.6.8p12.orig/parse.h +++ sudo-1.6.8p12/parse.h @@ -29,6 +29,7 @@ struct matchstack { int user; int cmnd; + int cmndall; int host; int runas; int nopass; @@ -46,6 +47,7 @@ #define user_matches (match[top-1].user) #define cmnd_matches (match[top-1].cmnd) +#define cmnd_all (match[top-1].cmndall) #define host_matches (match[top-1].host) #define runas_matches (match[top-1].runas) #define no_passwd (match[top-1].nopass)