summaryrefslogtreecommitdiffstats
path: root/debian
diff options
context:
space:
mode:
Diffstat (limited to 'debian')
-rw-r--r--debian/NEWS40
-rw-r--r--debian/OPTIONS59
-rw-r--r--debian/README21
-rw-r--r--debian/README.Debian56
-rw-r--r--debian/changelog1305
-rw-r--r--debian/compat1
-rw-r--r--debian/control37
-rw-r--r--debian/copyright57
-rw-r--r--debian/patches/Add-sudoedit-flag-checks-in-plugin-that-are-consiste.patch43
-rw-r--r--debian/patches/Don-t-assume-that-argv-is-allocated-as-a-single-flat.patch39
-rw-r--r--debian/patches/Fix-a-buffer-overflow-when-pwfeedback-is-enabled-and.patch95
-rw-r--r--debian/patches/Fix-potential-buffer-overflow-when-unescaping-backsl.patch71
-rw-r--r--debian/patches/Fix-the-memset-offset-when-converting-a-v1-timestamp.patch30
-rw-r--r--debian/patches/Reset-valid_flags-to-MODE_NONINTERACTIVE-for-sudoedi.patch97
-rw-r--r--debian/patches/Sanity-check-size-when-converting-the-first-record-t.patch107
-rw-r--r--debian/patches/Whitelist-DPKG_COLORS-environment-variable.diff24
-rw-r--r--debian/patches/paths-in-samples.diff40
-rw-r--r--debian/patches/series12
-rw-r--r--debian/patches/strtoid_minus_1_test_fix.diff103
-rw-r--r--debian/patches/sudo_minus_1_uid.diff177
-rw-r--r--debian/patches/typo-in-classic-insults.diff11
-rwxr-xr-xdebian/rules186
-rw-r--r--debian/source/format1
-rw-r--r--debian/sudo-ldap.dirs9
-rw-r--r--debian/sudo-ldap.docs7
-rw-r--r--debian/sudo-ldap.lintian7
-rw-r--r--debian/sudo-ldap.maintscript1
-rw-r--r--debian/sudo-ldap.manpages4
-rw-r--r--debian/sudo-ldap.postinst83
-rw-r--r--debian/sudo-ldap.postrm31
-rw-r--r--debian/sudo-ldap.preinst22
-rw-r--r--debian/sudo-ldap.sudo-ldap.init44
-rw-r--r--debian/sudo.dirs9
-rw-r--r--debian/sudo.docs5
-rw-r--r--debian/sudo.lintian6
-rw-r--r--debian/sudo.manpages3
-rw-r--r--debian/sudo.pam5
-rw-r--r--debian/sudo.postinst65
-rw-r--r--debian/sudo.postrm24
-rw-r--r--debian/sudo.preinst22
-rw-r--r--debian/sudo.prerm45
-rw-r--r--debian/sudo.sudo.init44
-rw-r--r--debian/sudoers27
-rw-r--r--debian/upstream/signing-key.asc34
-rw-r--r--debian/watch2
45 files changed, 3111 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS
new file mode 100644
index 0000000..3c0b573
--- /dev/null
+++ b/debian/NEWS
@@ -0,0 +1,40 @@
+sudo (1.8.2-1) unstable; urgency=low
+
+ The sudo package is no longer configured using --with-secure-path.
+ Instead, the provided sudoers file now contains a line declaring
+ 'Defaults secure_path=' with the same path content that was previously
+ hard-coded in the binary. A consequence of this change is that if you
+ do not have such a definition in sudoers, the PATH searched for commands
+ by sudo may be empty.
+
+ Using explicit paths for each command you want to run with sudo will work
+ well enough to allow the sudoers file to be updated with a suitable entry
+ if one is not already present and you choose to not accept the updated
+ version provided by the package.
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 24 Aug 2011 13:33:11 -0600
+
+sudo (1.7.4p4-2) unstable; urgency=low
+
+ The HOME and MAIL environment variables are now reset based on the
+ target user's password database entry when the env_reset sudoers option
+ is enabled (which is the case in the default configuration). Users
+ wishing to preserve the original values should use a sudoers entry like:
+ Defaults env_keep += HOME
+ to preserve the old value of HOME and
+ Defaults env_keep += MAIL
+ to preserve the old value of MAIL.
+
+ The change in handling of HOME is known to affect programs like pbuilder.
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
+
+sudo (1.6.8p12-5) unstable; urgency=low
+
+ The sudo package is no longer configured --with-exempt=sudo. If you
+ depend on members of group sudo being able to run sudo without needing
+ a password, you will need to put "%sudo ALL=NOPASSWD: ALL" in
+ /etc/sudoers to preserve equivalent functionality.
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:13:39 -0600
+
diff --git a/debian/OPTIONS b/debian/OPTIONS
new file mode 100644
index 0000000..49938d7
--- /dev/null
+++ b/debian/OPTIONS
@@ -0,0 +1,59 @@
+The following options were used to configure sudo for Debian GNU/Linux.
+
+ --with-all-insults
+
+ Include all the insults in the binary, won't be enabled unless turned
+ on in the sudoers file.
+
+ --with-devel
+
+ Force flex and bison runs on each build.
+
+ --with-pam
+
+ Support for pluggable authentication modules.
+
+ --with-fqdn
+
+ Allow use of fully qualified domain names in the sudoers file.
+
+ --with-logging=syslog
+ --with-logfac=authpriv
+
+ Where logging information goes.
+
+ --with-env-editor
+ --with-editor=/usr/bin/editor
+
+ Honor the EDITOR and VISUAL environment variables. If they are not
+ present, default to the preferred systemwide default editor.
+
+ --with-timeout=15
+ --with-password-timeout=0
+ --with-passprompt="[sudo] password for %p: "
+
+ Allow 15 minutes before a user has to re-type their passord, versus
+ the sudo usual default of 5. Never time out while waiting for a
+ password to be typed, this is important to Debian package developers
+ using 'dpkg-buildpackage -rsudo'. Make it clear which password is
+ requested.
+
+ --disable-root-mailer
+
+ Send mail as the invoking user, not as root.
+
+ --with-sendmail=/usr/sbin/sendmail
+
+ Use Debian policy to know the location of sendmail instead of trying
+ to detect it at build time.
+
+ --with-timedir=/var/lib/sudo
+ --mandir=/usr/share/man
+ --libexecdir=/usr/lib/sudo
+
+ Comply with Debian policy on suitable paths.
+
+ --with-ldap
+
+ Support for LDAP authentication, in the sudo-ldap package version only.
+
diff --git a/debian/README b/debian/README
new file mode 100644
index 0000000..b5ed892
--- /dev/null
+++ b/debian/README
@@ -0,0 +1,21 @@
+#
+# As of Debian version 1.7.2p1-1, the default /etc/sudoers file created on
+# installation of the package now includes the directive:
+#
+# #includedir /etc/sudoers.d
+#
+# This will cause sudo to read and parse any files in the /etc/sudoers.d
+# directory that do not end in '~' or contain a '.' character.
+#
+# Note that there must be at least one file in the sudoers.d directory (this
+# one will do), and all files in this directory should be mode 0440.
+#
+# Note also, that because sudoers contents can vary widely, no attempt is
+# made to add this directive to existing sudoers files on upgrade. Feel free
+# to add the above directive to the end of your /etc/sudoers file to enable
+# this functionality for existing installations if you wish!
+#
+# Finally, please note that using the visudo command is the recommended way
+# to update sudoers content, since it protects against many failure modes.
+# See the man page for visudo for more information.
+#
diff --git a/debian/README.Debian b/debian/README.Debian
new file mode 100644
index 0000000..413d529
--- /dev/null
+++ b/debian/README.Debian
@@ -0,0 +1,56 @@
+The version of sudo that ships with Debian by default resets the
+environment, as described by the "env_reset" flag in the sudoers file.
+
+This implies that all environment variables are removed, except for
+LOGNAME, PATH, SHELL, TERM, DISPLAY, XAUTHORITY, XAUTHORIZATION, XAPPLRESDIR,
+XFILESEARCHPATH, XUSERFILESEARCHPATH, LANG, LANGUAGE, LC_*, and USER.
+
+In case you want sudo to preserve more environment variables, you must
+specify the env_keep variable in the sudoers file. You should edit the
+sudoers file using the visudo tool.
+
+Examples:
+Preserve the default variables plus the EDITOR variable:
+
+ Defaults env_keep+="EDITOR"
+
+Preserve the default variables plus all variables starting with LC_:
+
+ Defaults env_keep+="LC_*"
+
+ - - - - -
+
+If you're using the sudo-ldap package, note that it is now configured to
+look for /etc/sudo-ldap.conf. Depending on your system configuration, it
+probably makes sense for this to be a symlink to /etc/ldap.conf, or perhaps
+to /etc/libnss-ldap.conf or /etc/pam_ldap.conf. By default, no symlink or
+file is provided, you'll need to decide what to do and create a suitable
+file before sudo-ldap will work.
+
+ - - - - -
+
+As of version 1.7, sudo-ldap now requires the LDAP source to be specified
+in /etc/nsswitch.conf with a line like:
+
+ sudoers: ldap
+
+ - - - - -
+
+Note that the support for the sss provider (libsss_sudo.so) that allows sudo
+to use SSSD as a cache for policies stored in LDAP is included in the sudo
+package, not in the sudo-ldap package. I have some hope that this turns out
+to be a better overall solution for using sudo with LDAP, as the sudo-ldap
+package is difficult to maintain and I'd love to be able to eliminate it!
+
+ - - - - -
+
+See the file OPTIONS in this directory for more information on the sudo
+build options used in building the Debian package.
+
+ - - - - -
+
+If you're having trouble grasping the fundamental idea of what sudo is all
+about, here's a succinct and humorous take on it...
+
+ http://www.xkcd.com/c149.html
+
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..246bf10
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,1305 @@
+sudo (1.8.27-1+deb10u3) buster-security; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Sanity check size when converting the first record to TS_LOCKEXCL
+ * Heap-based buffer overflow (CVE-2021-3156)
+ - Reset valid_flags to MODE_NONINTERACTIVE for sudoedit
+ - Add sudoedit flag checks in plugin that are consistent with front-end
+ - Fix potential buffer overflow when unescaping backslashes in user_args
+ - Fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL
+ - Don't assume that argv is allocated as a single flat buffer
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Wed, 20 Jan 2021 13:26:17 +0100
+
+sudo (1.8.27-1+deb10u2) buster; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix a buffer overflow when pwfeedback is enabled and input is a not a tty
+ (CVE-2019-18634) (Closes: #950371)
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Sun, 02 Feb 2020 08:41:42 +0100
+
+sudo (1.8.27-1+deb10u1) buster-security; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Treat an ID of -1 as invalid since that means "no change" (CVE-2019-14287)
+ * Fix test failure in plugins/sudoers/regress/testsudoers/test5.sh
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Sat, 12 Oct 2019 15:49:01 +0200
+
+sudo (1.8.27-1) unstable; urgency=medium
+
+ * new upstream version
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 12 Jan 2019 11:10:05 -0700
+
+sudo (1.8.26-2) unstable; urgency=medium
+
+ * patch from upstream to fix man page truncation, closes: #914469
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 23 Nov 2018 14:59:17 -0700
+
+sudo (1.8.26-1) unstable; urgency=medium
+
+ [Bdale Garbee]
+ * new upstream version
+
+ [Ondřej Nový]
+ * d/changelog: Remove trailing whitespaces
+ * d/control: Remove trailing whitespaces
+ * d/rules: Remove trailing whitespaces
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 19 Nov 2018 00:32:06 -1000
+
+sudo (1.8.23-2) unstable; urgency=high
+
+ * fix FTBFS due to earlier sudoers2ldif removal, closes: #903415
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 21 Jul 2018 11:22:37 -0600
+
+sudo (1.8.23-1) unstable; urgency=medium
+
+ * new upstream version
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 30 Apr 2018 20:55:10 -0600
+
+sudo (1.8.21p2-3) unstable; urgency=medium
+
+ * include sssd support in the sudo-ldap build too, closes: #884741
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 18 Dec 2017 21:55:18 -0700
+
+sudo (1.8.21p2-2) unstable; urgency=medium
+
+ * work harder to clean up mess left by sudo-ldap using /etc/init.d/sudo
+ prior to version 1.8.7-1, closes: #877516
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 02 Oct 2017 13:02:27 -0600
+
+sudo (1.8.21p2-1) unstable; urgency=medium
+
+ * new upstream version, closes: #873623, #873600, #874000
+ * remove legacy /etc/sudoers.dist we no longer deliver, closes: #873561
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 07 Sep 2017 10:42:19 -0600
+
+sudo (1.8.21-1) unstable; urgency=medium
+
+ [ Bdale Garbee ]
+ * new upstream version
+ * don't deliver /etc/sudoers.dist, closes: #862309
+ * whitelist DPKG_COLORS env var, closes: #823368
+
+ [ Laurent Bigonville ]
+ * debian/sudo*.postinst: Drop /var/run/sudo -> /var/lib/sudo migration code,
+ this migration happened in 2010 and that code is not necessary anymore
+ * Move timestamp files to /run/sudo, with systemd the directory is
+ created/cleaned by tmpfiles.d now, the sudo initscript/service is not
+ doing anything in that case anymore (Closes: #786555)
+ * debian/sudo*.postinst: Move the debhelper marker before the creation of
+ the sudo group, this way the snippets added by debhelper will be executed
+ even if the group already exists. (Closes: #870456)
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 28 Aug 2017 09:44:06 -0600
+
+sudo (1.8.20p2-1) unstable; urgency=medium
+
+ * new upstream version
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 08 Jun 2017 11:57:02 -0600
+
+sudo (1.8.20p1-1.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Use /proc/self consistently on Linux
+ * CVE-2017-1000368: Arbitrary terminal access (Closes: #863897)
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Mon, 05 Jun 2017 14:19:33 +0200
+
+sudo (1.8.20p1-1) unstable; urgency=high
+
+ * New upstream version with fix for CVE-2017-1000367, closes: #863731
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 30 May 2017 14:41:58 -0600
+
+sudo (1.8.20-1) unstable; urgency=medium
+
+ * New upstream version
+ * patch from Helmut Grohne to fix cross-building issues, closes: #847131
+ + Let dh_auto_configure pass --host to configure
+ + Honour DEB_BUILD_OPTIONS=nocheck
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 10 May 2017 10:25:46 -0600
+
+sudo (1.8.19p1-1) unstable; urgency=medium
+
+ * new upstream version
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 13 Jan 2017 11:12:49 -0700
+
+sudo (1.8.19-1) unstable; urgency=medium
+
+ * new upstream version
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 19 Dec 2016 13:00:21 -0700
+
+sudo (1.8.18p1-2) unstable; urgency=medium
+
+ * merge work done by Balint Reczey in parallel / conflict with my offline work
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 15 Dec 2016 19:08:46 -0700
+
+sudo (1.8.18p1-1) unstable; urgency=medium
+
+ * new upstream version
+ * explicitly depend on lsb-base since we use init-functions
+ * move to latest debhelper compat level
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 15 Dec 2016 18:10:29 -0700
+
+sudo (1.8.17p1-2) unstable; urgency=medium
+
+ * merge 1.8.15-1.1 NMU changes
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 05 Jul 2016 16:01:55 +0200
+
+sudo (1.8.17p1-1) unstable; urgency=low
+
+ * new upstream version, closes: #805563
+ * build-depend on the new mandoc package so we can rebuild man pages
+ properly if needed, closes: #809984
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 05 Jul 2016 16:01:55 +0200
+
+sudo (1.8.15-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload
+ * Disable editing of files via user-controllable symlinks
+ (Closes: #804149) (CVE-2015-5602)
+ - Fix directory writability checks for sudoedit
+ - Enable sudoedit directory writability checks by default
+
+ -- Ben Hutchings <ben@decadent.org.uk> Mon, 04 Jan 2016 23:36:50 +0000
+
+sudo (1.8.15-1) unstable; urgency=low
+
+ * new upstream version, closes: #804149
+ * use --with-exampledir to deliver example files more cleanly
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 23 Dec 2015 11:15:22 -0700
+
+sudo (1.8.12-1) unstable; urgency=low
+
+ * new upstream version, closes: #772707, #773383
+ * patch from Christian Kastner to fix sudoers handling error when moving
+ between sudo and sudo-ldap packages, closes: #776137
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 23 Feb 2015 08:56:06 -0700
+
+sudo (1.8.11p2-1) unstable; urgency=low
+
+ * new upstream version
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 30 Oct 2014 11:14:06 -0700
+
+sudo (1.8.11p1-2) unstable; urgency=low
+
+ * patch from Jakub Wilk to fix 'ignoring time stamp from the future'
+ messages, closes: #762465
+ * upstream patch forwarded by Laurent Bigonville that fixes problem with
+ Linux kernel auditing code, closes: #764817
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 20 Oct 2014 11:06:44 -0600
+
+sudo (1.8.11p1-1) unstable; urgency=low
+
+ * new upstream version, closes: #764286
+ * fix typo in German translation, closes: #761601
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 10 Oct 2014 10:16:08 -0600
+
+sudo (1.8.10p3-1) unstable; urgency=low
+
+ * new upstream release
+ * add hardening=+all to match login and su
+ * updated VCS URLs and crypto verified watch file, closes: #747473
+ * harmonize configure options for LDAP version to match non-LDAP version,
+ in particular stop using --with-secure-path and add configure_args
+ * enable audit support on Linux systems, closes: #745779
+ * follow upstream change from --with-timedir to --with-rundir
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 14 Sep 2014 10:20:15 -0600
+
+sudo (1.8.9p5-1) unstable; urgency=low
+
+ * new upstream release, closes: #735328
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 04 Feb 2014 11:46:19 -0700
+
+sudo (1.8.9p4-1) unstable; urgency=low
+
+ * new upstream release, closes: #732008
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 15 Jan 2014 14:55:25 -0700
+
+sudo (1.8.9p3-1) unstable; urgency=low
+
+ * new upstream release
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 13 Jan 2014 14:49:42 -0700
+
+sudo (1.8.9~rc1-1) experimental; urgency=low
+
+ * upstream release candidate
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 29 Dec 2013 21:36:12 -0700
+
+sudo (1.8.9~b2-1) experimental; urgency=low
+
+ * upstream beta release
+ * update Debian standards version
+ * squelch lintian complaint about missing sudo-ldap systemd service, since
+ the service file is always called 'sudo.service'
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 25 Dec 2013 14:48:23 -0700
+
+sudo (1.8.9~b1-1) experimental; urgency=low
+
+ * upstream beta release
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 27 Nov 2013 09:37:00 -0700
+
+sudo (1.8.8-3) unstable; urgency=low
+
+ * document in README.Debian that the sssd support is enabled in the sudo
+ package, not in the sudo-ldap package, closes: #728289
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 2013 10:33:44 -0600
+
+sudo (1.8.8-2) unstable; urgency=low
+
+ * fix touch errors on boot, closes: #725193
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 08 Oct 2013 20:11:38 -0600
+
+sudo (1.8.8-1) unstable; urgency=low
+
+ * new upstream release
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 30 Sep 2013 23:08:49 -0600
+
+sudo (1.8.8~rc1-1) experimental; urgency=low
+
+ * upstream release candidate with several of our patches folded in
+ * set filestamps to epoch instead of an arbitrary old date in the init
+ fragment, closes: #722335
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 12 Sep 2013 10:16:58 -0700
+
+sudo (1.8.8~b3-1) experimental; urgency=low
+
+ * pre-release of new upstream version, put in experimental
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 04 Sep 2013 07:53:08 -0600
+
+sudo (1.8.7-4) unstable; urgency=low
+
+ * looks like we actually need both --with-sssd and --with-sssd-lib,
+ closes: #719987, #724763
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 27 Sep 2013 11:48:55 -0600
+
+sudo (1.8.7-3) unstable; urgency=low
+
+ * use --with-sssd-lib to help sudo find libsss-sudo in multiarch path,
+ closes: #719987
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 17 Aug 2013 15:38:53 +0200
+
+sudo (1.8.7-2) unstable; urgency=low
+
+ * let debhelper scripts manage the update-rc.d calls, closes: #719755
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 16 Aug 2013 01:48:23 +0200
+
+sudo (1.8.7-1) unstable; urgency=low
+
+ * new upstream version, closes: #715157, #655879
+ * make sudo-ldap package's init.d script be called sudo-ldap
+ * add sssd support to sudo, closes: #719574
+ * recognize lenny, squeeze, and wheezy unmodified sudoers, closes: #660594
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 14 Aug 2013 00:01:14 +0200
+
+sudo (1.8.5p2-1) unstable; urgency=low
+
+ * new upstream version
+ * patch to use flock on hurd, run autoconf in rules, closes: #655883
+ * patch to avoid calling unlink with null pointer on hurd, closes: #655948
+ * patch to actually use hardening build flags, closes: #655417
+ * fix sudo-ldap.postinst syntax issue, closes: #669576
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 28 Jun 2012 12:01:37 -0600
+
+sudo (1.8.3p2-1) unstable; urgency=high
+
+ * new upstream version, closes: #657985 (CVE-2012-0809)
+ * patch from Pino Toscano to only use selinux on Linux, closes: #655894
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 30 Jan 2012 16:11:54 -0700
+
+sudo (1.8.3p1-3) unstable; urgency=low
+
+ * patch from Moritz Muehlenhoff enables hardened build flags, closes: #655417
+ * replacement postinst script from Mike Beattie using shell instead of Perl
+ * include systemd service file from Michael Stapelberg, closes: #639633
+ * add init.d status support, closes: #641782
+ * make sudo-ldap package manage a sudoers entry in nsswitch.conf,
+ closes: #610600, #639530
+ * enable mail_badpass in the default sudoers file, closes: #641218
+ * enable selinux support, closes: #655510
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 11 Jan 2012 16:18:13 -0700
+
+sudo (1.8.3p1-2) unstable; urgency=low
+
+ * if upgrading from squeeze, and the sudoers file is unmodified, avoid
+ the packaging system prompting the user about a change they didn't make
+ now that sudoers is a conffile, closes: #612532, #636049
+ * add a recommendation for the use of visudo to the sudoers.d/README file,
+ closes: #648104
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 12 Nov 2011 16:27:13 -0700
+
+sudo (1.8.3p1-1) unstable; urgency=low
+
+ * new upstream version, closes: #646478
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 27 Oct 2011 01:03:44 +0200
+
+sudo (1.8.3-1) unstable; urgency=low
+
+ * new upstream version, closes: #639391, #639568
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 22 Oct 2011 23:49:16 -0600
+
+sudo (1.8.2-2) unstable; urgency=low
+
+ [ Luca Capello ]
+ * debian/rules improvements, closes: #642535
+ + mv upstream sample.* files to the examples folder.
+ - do not call dh_installexamples.
+
+ [ Bdale Garbee ]
+ * patch from upstream for SIGBUS on sparc64, closes: #640304
+ * use common-session-noninteractive in the pam config to reduce log noise
+ when sudo is used in cron, etc, closes: #519700
+ * patch from Steven McDonald to fix segfault on startup under certain
+ conditions, closes: #639568
+ * add a NEWS entry regarding the secure_path change made in 1.8.2-1,
+ closes: #639336
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 26 Sep 2011 21:55:56 -0600
+
+sudo (1.8.2-1) unstable; urgency=low
+
+ * new upstream version, closes: #637449, #621830
+ * include common-session in pam config, closes: #519700, #607199
+ * move secure_path from configure to default sudoers, closes: #85123, 85917
+ * improve sudoers self-documentation, closes: #613639
+ * drop --disable-setresuid since modern systems should not run 2.2 kernels
+ * lose the --with-devel configure option since it's breaking builds in
+ subdirectories for some reason
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 24 Aug 2011 13:33:11 -0600
+
+sudo (1.7.4p6-1) unstable; urgency=low
+
+ * new upstream version
+ * touch the right stamp name after configuring, closes: #611287
+ * patch from Svante Signell to fix build problem on Hurd, closes: #611290
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 09 Feb 2011 11:32:58 -0700
+
+sudo (1.7.4p4-6) unstable; urgency=low
+
+ * update /etc/sudoers.d/README now that sudoers is a conffile
+ * patch from upstream to fix special case in password checking code
+ when only the gid is changing, closes: #609641
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 11 Jan 2011 10:22:39 -0700
+
+sudo (1.7.4p4-5) unstable; urgency=low
+
+ * patch from Jakub Wilk to add noopt and nostrip build option support,
+ closes: #605580
+ * make sudoers a conffile, closes: #605130
+ * add descriptions to LSB init headers, closes: #604619
+ * change default sudoers %sudo entry to allow gid changes, closes: #602699
+ * add Vcs entries to the control file
+ * use debhelper install files instead of explicit installs in rules
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 01 Dec 2010 20:32:31 -0700
+
+sudo (1.7.4p4-4) unstable; urgency=low
+
+ * patch from upstream to resolve problem always prompting for a password
+ when run without a tty, closes: #599376
+ * patch from upstream to resolve interoperability problem between HOME in
+ env_keep and the -H flag, closes: #596493
+ * change path syntax to avoid tar error when /var/run/sudo exists but is
+ empty, closes: #598877
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600
+
+sudo (1.7.4p4-3) unstable; urgency=low
+
+ * make postinst clause for handling /var/run -> /var/lib transition less
+ fragile, closes: #585514
+ * cope with upstream's Makefile trying to install ChangeLog in our doc
+ directory, closes: #597389
+ * fix README.Debian to reflect that HOME is no longer preserved by default,
+ closes: #596847
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
+
+sudo (1.7.4p4-2) unstable; urgency=low
+
+ * add a NEWS item about change in $HOME handling that impacts programs
+ like pbuilder
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
+
+sudo (1.7.4p4-1) unstable; urgency=high
+
+ * new upstream version, urgency high due to fix for flaw in Runas group
+ matching (CVE-2010-2956), closes: #595935
+ * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
+ re-lecturing existing users, and to clean up after ourselves on upgrade,
+ and remove the RAMRUN section from README.Debian since the new state dir
+ should fix the original problem, closes: #585514
+ * deliver README.Debian to both package flavors, closes: #593579
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600
+
+sudo (1.7.2p7-1) unstable; urgency=high
+
+ * new upstream release with security fix for secure path (CVE-2010-1646),
+ closes: #585394
+ * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
+ about whether to give the lecture is preserved across reboots even when
+ RAMRUN is set, closes: #581393
+ * add a note to README.Debian about LDAP needing an entry in
+ /etc/nsswitch.conf, closes: #522065
+ * add a note to README.Debian about how to turn off lectures if using
+ RAMRUN in /etc/default/rcS, closes: #581393
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
+
+sudo (1.7.2p6-1) unstable; urgency=low
+
+ * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
+
+sudo (1.7.2p5-1) unstable; urgency=low
+
+ * new upstream release, closes a bug filed upstream regarding missing man
+ page processing scripts in the 1.7.2p1 tarball, also includes the fix
+ for CVE-2010-0426 previously the subject of a security team nmu
+ * move to source format 3.0 (quilt) and restructure changes as patches
+ * fix unprocessed substitution variables in man pages, closes: #557204
+ * apply patch from Neil Moore to fix Debian-specific content in the
+ visudo man page, closes: #555013
+ * update descriptions to better explain sudo-ldap, closes: #573108
+ * eliminate spurious 'and' in man page, closes: #571620
+ * fix confusing text in default sudoers, closes: #566607
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
+
+sudo (1.7.2p1-1) unstable; urgency=low
+
+ * new upstream version
+ * add support for /etc/sudoers.d using #includedir in default sudoers,
+ which I think is also a good solution to the request for a crontab-like
+ API requested in March of 2001, closes: #539994, #271813, #89743
+ * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
+
+sudo (1.7.2-2) unstable; urgency=low
+
+ * further improve initial sudoers to not include the NOPASSWD option on
+ the group sudo exception, closes: #539136, #198991
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
+
+sudo (1.7.2-1) unstable; urgency=low
+
+ * new upstream version, closes: #537103
+ * improve initial sudoers by having the exemption for users in group
+ sudo on by default, and including the ability to run any command as
+ any user. This makes the default install roughly equivalent to our
+ old use of the --with-exempt=sudo build option, closes: #536220, #536222
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
+
+sudo (1.7.0-1) unstable; urgency=low
+
+ * new upstream version, closes: #510179, #128268, #520274, #508514
+ * fix ldap config file path for sudo-ldap package, including creating
+ a symlink in postinst and cleaning it up in postrm for the sudo-ldap
+ package, closes: #430826
+ * fix NOPASSWD entry location in default config file for the sudo-ldap
+ instance too, closes: #479616
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
+
+sudo (1.6.9p17-2) unstable; urgency=high
+
+ * patch from upstream to fix privilege escalation with certain
+ configurations, CVE-2009-0034
+ * typo in sudoers man page, closes: #507163
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
+
+sudo (1.6.9p17-1) unstable; urgency=low
+
+ * new upstream version, closes: #481008
+ * deliver schemas to doc directory in sudo-ldap package, closes: #474331
+ * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
+ in move from CVS to git for package management, closes: #475821
+ * re-instate the init.d for the sudo-ldap package too... /o\
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
+
+sudo (1.6.9p15-2) unstable; urgency=low
+
+ * revert the fix for 388659 such that visudo once again defaults to using
+ /usr/bin/editor. I was always ambivalent about this change, it has caused
+ more confusion and frustration than it cured, and I find Justin's line of
+ reasoning persuasive. Update the man page source to reflect this choice
+ and the related use of --with-env-editor. Closes: #474197.
+ * patch from Petter Reinholdtsen to improve init.d, closes: #475821
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
+
+sudo (1.6.9p15-1) unstable; urgency=low
+
+ * new upstream version, closes: #467126, #473337
+ * remove pointless postrm scripts, leaving debhelper do its thing if needed,
+ thanks to Justin Pryzby for pointing this out
+ * reinstate the init.d, since bootclean doesn't quite do what we want. This
+ also means we don't need the preinst scripts any more. Update the lintian
+ overrides since postinst is a Perl script lintian apparently isn't parsing
+ well. closes: #330868
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
+
+sudo (1.6.9p12-1) unstable; urgency=low
+
+ * new upstream version, closes: #464890
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
+
+sudo (1.6.9p11-3) unstable; urgency=low
+
+ * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
+
+sudo (1.6.9p11-2) unstable; urgency=low
+
+ * update version compared in preinst when removing obsolete init.d,
+ closes: #459681
+ * implement pam session config suggestions from Elizabeth Fong,
+ closes: #452457, #402329
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
+
+sudo (1.6.9p11-1) unstable; urgency=low
+
+ * new upstream version
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
+
+sudo (1.6.9p10-1) unstable; urgency=low
+
+ * new upstream version
+ * tweak default password prompt as %u doesn't make sense. Accept patch from
+ Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
+ uses it by default, closes: #454409
+ * accept patch from Martin Pitt that adds a prerm making it difficult to
+ "accidentally" remove sudo when there is no root password set on the
+ system, closes: #451241
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
+
+sudo (1.6.9p9-1) unstable; urgency=low
+
+ * new upstream version
+ * debian/rules: configure a more informative default password prompt to
+ reduce confusion when using sudo to invoke commands which also ask for
+ passwords, closes: #343268
+ * auth/pam.c: don't use the PAM prompt if the user explicitly requested
+ a custom prompt, closes: #448628.
+ * fix configure's ability to discover that libc has dirfd, closes: #451324
+ * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
+ the command 'visudo' invokes a vi variant by default as documented,
+ closes: #388659
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
+
+sudo (1.6.9p6-1) unstable; urgency=low
+
+ * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
+ closes: #434832, #434608, #430382
+ * eliminate the now-redundant init.d scripts, closes: #397090
+ * fix typo in TROUBLESHOOTING file, closes: #439624
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
+
+sudo (1.6.8p12-6) unstable; urgency=low
+
+ * fix typos in visudo.pod relating to env_editor variable, closes: #418886
+ * have init.d touch directories in /var/run/sudo, not just files, as a
+ followup to #330868.
+ * fix various typos in sudoers.pod, closes: #419749
+ * don't let Makefile strip binaries, closes: #438073
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
+
+sudo (1.6.8p12-5) unstable; urgency=low
+
+ * update debian/copyright to reflect new upstream URL, closes: #368746
+ * add sandwich cartoon URL to the README.Debian
+ * don't remove sudoers on purge. can cause problems when moving between
+ sudo and sudo-ldap. leaving sudoers around on purge seems like the least
+ evil choice for now, closes: #401366
+ * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
+ closes: #374509
+ * accept patch that improves debian/rules from Ted Percival, closes: #382122
+ * no longer build with --with-exempt=sudo, provide an example entry in the
+ default sudoers file instead, closes: #296605
+ * add --with-devel to configure and augment build dependencies so that flex
+ and yacc files get re-generated on every build, closes: #316249
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
+
+sudo (1.6.8p12-4) unstable; urgency=low
+
+ * patch from Petter Reinholdtsen for the LSB info block in the init.d
+ script, closes: #361055
+ * deliver sudoers sample again, closes: #361593
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
+
+sudo (1.6.8p12-3) unstable; urgency=low
+
+ * force-feed configure knowledge of nroff's path so we get unformatted man
+ pages installed without build-depending on groff-base, closes: #360894
+ * add a reference to OPTIONS in the man page, closes: #186226
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
+
+sudo (1.6.8p12-2) unstable; urgency=low
+
+ * fix typos in init scripts, closes: #346325
+ * update to debhelper compat level 5
+ * build depend on autotools-dev to ensure config.sub/guess are fresh
+ * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
+ use it here as well. Thanks to Martin and the debian-security team.
+ closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
+ closes: #315115, #315718, #203874
+ * Non-maintainer upload by the Security Team
+ * Reworked the former patch to limit environment variables from being
+ passed through, set env_reset as default instead [sudo.c, env.c,
+ sudoers.pod, Bug#342948, CVE-2005-4158]
+ * env_reset is now set by default
+ * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
+ DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
+ (in addition to the SUDO_* variables)
+ * Rebuild sudoers.man.in from the POD file
+ * Added README.Debian
+ * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
+ * simplify rules file by using more of Makefile, despite having to override
+ default directories with more arguments to configure, closes: #292833
+ * update sudo man page to reflect use of SECURE_PATH, closes: #228551
+ * inconsistencies in sudoers man page resolved, closes: #220808, #161012
+ * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
+ unresolveable (requires adding bison as build dep), closes: #314949
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
+
+sudo (1.6.8p12-1) unstable; urgency=low
+
+ * new upstream version, closes: #342948 (CVE-2005-4158)
+ * add env_reset to the sudoers file we create if none already exists,
+ as a further precaution in response to discussion about CVS-2005-4158
+ * split ldap support into a new sudo-ldap package. I was trying to avoid
+ doing this, but the impact of going from 4 to 17 linked shlibs on the
+ autobuilder chroots is sufficient motivation for me.
+ closes: #344034
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
+
+sudo (1.6.8p9-4) unstable; urgency=low
+
+ * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
+ * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
+ timestamps in the init.d script, closes: #330868
+ * add dependency header to init.d script, closes: #332849
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
+
+sudo (1.6.8p9-3) unstable; urgency=high
+
+ * update debhelper compatibility level from 2 to 4
+ * add man page symlink for sudoedit
+ * Clean SHELLOPTS and PS4 from the environment before executing programs
+ with sudo permissions [env.c, CAN-2005-2959]
+ * fix typo in manpage pointed out by Moray Allen, closes: #285995
+ * fix paths in sample complex sudoers file, closes: #303542
+ * fix type in sudoers man page, closes: #311244
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
+
+sudo (1.6.8p9-2) unstable; urgency=high
+
+ * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
+ closes: #305735
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
+
+sudo (1.6.8p9-1) unstable; urgency=high
+
+ * new upstream version, fixes a race condition in sudo's pathname
+ validation, which is a security issue (CAN-2005-1993),
+ closes: #315115, #315718
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
+
+sudo (1.6.8p7-1) unstable; urgency=low
+
+ * new upstream version, closes: #299585
+ * update lintian overrides to squelch the postinst warning
+ * change sudoedit from a hard to a soft link, closes: #296896
+ * fix regex doc in sudoers man page, closes: #300361
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
+
+sudo (1.6.8p5-1) unstable; urgency=high
+
+ * new upstream version
+ * restores ability to use config tuples without a value, which was causing
+ problems on upgrade closes: #283306
+ * deliver sudoedit, closes: #283078
+ * marking urgency high since 283306 is a serious upgrade incompatibility
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
+
+sudo (1.6.8p3-2) unstable; urgency=high
+
+ * update pam.d deliverable so ldap works again, closes: #282191
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
+
+sudo (1.6.8p3-1) unstable; urgency=high
+
+ * new upstream version, fixes a flaw in sudo's environment sanitizing that
+ could allow a malicious user with permission to run a shell script that
+ utilized the bash shell to run arbitrary commands, closes: #281665
+ * patch the sample sudoers to have the proper path for kill on Debian
+ systems, closes: #263486
+ * patch the sudo manpage to reflect Debian's choice of exempt_group
+ default setting, closes: #236465
+ * patch the sudo manpage to reflect Debian's choice of no timeout on the
+ password prompt, closes: #271194
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
+
+sudo (1.6.7p5-2) unstable; urgency=low
+
+ * Jeff Bailey reports that seteuid works on current sparc systems, so we
+ no longer need the "grosshack" stuff in the sudo rules file
+ * add a postrm that removes /etc/sudoers on purge. don't do this with the
+ normal conffile mechanism since it would generate noise on every upgrade,
+ closes: #245405
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
+
+sudo (1.6.7p5-1) unstable; urgency=low
+
+ * new upstream version, closes: #190265, #193222, #197244
+ * change from '.' to ':' in postinst chown call, closes: #208369
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
+
+sudo (1.6.7p3-2) unstable; urgency=low
+
+ * add --disable-setresuid to configure call since 2.2 kernels don't support
+ setresgid, closes: #189044
+ * cosmetic cleanups to debian/rules as long as I'm there
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
+
+sudo (1.6.7p3-1) unstable; urgency=low
+
+ * new upstream version
+ * add overrides to quiet lintian about things it doesn't understand,
+ except the source one that can't be overridden until 129510 is fixed
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
+
+sudo (1.6.6-3) unstable; urgency=low
+
+ * add code to rules file to update config.sub/guess, closes: #164501
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
+
+sudo (1.6.6-2) unstable; urgency=low
+
+ * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
+ configure, and lose the build dependency on mail-transport-agent
+ * incorporate changes from LaMont's NMU, closes: #144665, #144737
+ * update init.d to not try and set time on nonexistent timestamp files,
+ closes: #132616
+ * build with --with-all-insults, admin must edit sudoers to turn insults
+ on at runtime if desired, closes: #135374
+ * stop setting /usr/doc symlink in postinst
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
+
+sudo (1.6.6-1.1) unstable; urgency=high
+
+ * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
+ * Revert patch to auth/pam.c that left pass uninitialized, causing a
+ segfault (Closes: #144665).
+
+ -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
+
+sudo (1.6.6-1) unstable; urgency=high
+
+ * new upstream version, fixes security problem with crafty prompts,
+ closes: #144540
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
+
+sudo (1.6.5p1-4) unstable; urgency=high
+
+ * apply patch for auth/pam.c to fix yet another way to make sudo segfault
+ if ctrl/C'ed at password prompt, closes: #131235
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
+
+sudo (1.6.5p1-3) unstable; urgency=high
+
+ * ugly hack to add --disable-saved-ids when building on sparc in response
+ to 131592, which will be reassigned to glibc for a real fix
+ * urgency high since the sudo currently in testing for sparc is worthless
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
+
+sudo (1.6.5p1-2) unstable; urgency=high
+
+ * patch from upstream to fix seg faults caused by versions of pam that
+ follow a NULL pointer, closes: #129512
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
+
+sudo (1.6.5p1-1) unstable; urgency=high
+
+ * new upstream version
+ * add --disable-root-mailer option supported by new version to configure
+ call in rules file, closes: #129648
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
+
+sudo (1.6.4p1-1) unstable; urgency=high
+
+ * new upstream version, with fix for segfaulting problem in 1.6.4
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
+
+sudo (1.6.4-1) unstable; urgency=high
+
+ * new upstream version, includes an important security fix, closes: #127576
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
+
+sudo (1.6.3p7-5) unstable; urgency=low
+
+ * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
+ * fix spelling error in init.d, closes: #126847
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
+
+sudo (1.6.3p7-4) unstable; urgency=medium
+
+ * use touch to set status files to an ancient date instead of removing them
+ outright on reboot. this achieves the desired effect of keeping elevated
+ privs from living across reboots, without forcing everyone to see the
+ new-sudo-user lecture after every reboot. pick a time that's 'old enough'
+ for systems with good clocks, and 'recent enough' that broken PC hardware
+ setting the clock to commonly-seen bogus dates trips over the "don't trust
+ future timestamps" rule. closes: #76529, #123559
+ * apply patch from Steve Langasek to fix seg faults due to interaction with
+ PAM code. upstream confirms the problem, and says they're fixing this
+ differently for their next release... but this should be useful in the
+ meantime, and would be good to get into woody. closes: #119147
+ * only run the init.d at boot, not on each runlevel change... and don't run
+ it during package configure. closes: #125935
+ * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
+
+sudo (1.6.3p7-3) unstable; urgency=low
+
+ * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
+ resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
+ * fix a typo in the manpage, closes: #97368
+ * apply patch to configure.in and run autoconf to fix problem building on
+ the hurd, closes: #96325
+ * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
+ to not last across reboots, closes: #76529
+ * clean up lintian-noticed cosmetic packaging issues
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
+
+sudo (1.6.3p7-2) unstable; urgency=low
+
+ * update config.sub/guess for hppa support
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
+
+sudo (1.6.3p7-1) unstable; urgency=low
+
+ * new upstream version
+ * add build dependency on mail-transport-agent, closes: #90685
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
+
+sudo (1.6.3p6-1) unstable; urgency=high
+
+ * new upstream version, fixes buffer overflow problem,
+ closes: #87259, #87278, #87263
+ * revert to using --with-secure-path option at build time, since the option
+ available in sudoers is parsed too late to be useful, and upstream says
+ it won't get fixed quickly. This reopens 85123, which I will mark as
+ forwarded. Closes: #86199, #86117, #85676
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
+
+sudo (1.6.3p5-2) unstable; urgency=low
+
+ * lose the dh_suidregister call since it's obsolete
+ * stop using the --with-secure-path option at build time, and instead show
+ how to set it in sudoers. Closes: #85123
+ * freshen config.sub and config.guess for ia64 and hppa
+ * update sudoers man page to indicate exempt_group is on by default,
+ closes: #70847
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
+
+sudo (1.6.3p5-1) unstable; urgency=low
+
+ * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
+ * this version restores core dumps before the exec, while leaving them
+ disabled during sudo's internal execution, closes: #58289
+ * update debhelper calls in rules file
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
+
+sudo (1.6.2p2-1) frozen unstable; urgency=medium
+
+ * new upstream source resulting from direct collaboration with the upstream
+ author to fix ugly pam-related problems on Debian in 1.6.1 and later.
+ Closes: #56129, #55978, #55979, #56550, #56772
+ * include more upstream documentation, closes: #55054
+ * pam.d fragment update, closes: #56129
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
+
+sudo (1.6.1-1) unstable; urgency=low
+
+ * new upstream source, closes: #52750
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
+
+sudo (1.6-2) unstable; urgency=low
+
+ * drop suidregister support for this package. The sudo executable is
+ essentially worthless unless it is setuid root, and making suidregister
+ work involves shipping a non-setuid executable in the .deb and setting the
+ perms in the postinst. On a long upgrade run, this can leave the sudo
+ executable 'broken' for a long time, which is unacceptable. With this
+ version, we ship the executable setuid root in the .deb. Closes: #51742
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
+
+sudo (1.6-1) unstable; urgency=low
+
+ * new upstream version, many options previously set at compile-time are now
+ configurable at runtime.
+ Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
+ * FHS support
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
+
+sudo (1.5.9p4-1) unstable; urgency=low
+
+ * new upstream version, closes: #43464
+ * empty password handling was fixed in 1.5.8, closes: #31863
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
+
+sudo (1.5.9p1-1) unstable; urgency=low
+
+ * new upstream version
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
+
+sudo (1.5.8p1-1) unstable; urgency=medium
+
+ * new upstream version, closes 33690
+ * add dependency on libpam-modules, closes 34215, 33432
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
+
+sudo (1.5.7p4-2) unstable; urgency=medium
+
+ * update the pam fragment provided so that sudo works with latest pam bits,
+ closes 33432
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
+
+sudo (1.5.7p4-1) unstable; urgency=low
+
+ * new upstream release
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
+
+sudo (1.5.6p5-1) unstable; urgency=low
+
+ * new upstream patch release
+ * add PAM support, closes 28594
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
+
+sudo (1.5.6p2-2) unstable; urgency=low
+
+ * update copyright file, closes 24136
+ * review and close forwarded bugs believed fixed in this upstream version,
+ closes 17606, 15786.
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
+
+sudo (1.5.6p2-1) unstable; urgency=low
+
+ * new upstream release
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
+
+sudo (1.5.4-4) frozen unstable; urgency=low
+
+ * update postinst to use groupadd, closes 21403
+ * move the suidregister stuff earlier in postinst to ensure it always runs
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
+
+sudo (1.5.4-3) frozen unstable; urgency=low
+
+ * change /etc/sudoers from a conffile to being handled in postinst,
+ closes 18219
+ * add suidmanager support, closes 15711
+ * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
+ unlikely to ever fix, and which just don't matter. closes 17146
+ * fix FSF address in copyright file, and submit exception for lintian
+ warning about sudo being setuid root
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
+
+sudo (1.5.4-2) unstable; urgency=high
+
+ * patch from upstream author correcting/improving security fix
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
+
+sudo (1.5.4-1) unstable; urgency=high
+
+ * new upstream version, includes a security fix
+ * change default editor from /bin/ae to /usr/bin/editor
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
+
+sudo (1.5.3-1) unstable; urgency=medium
+
+ * new upstream version, closes bug 15911.
+ * rules file reworked to use debhelper
+ * implement a really gross hack to force use of the sudo-provided
+ lsearch(), since the one in libc6 is broken! This closes bugs
+ 12552, 12557, 14881, 15259, 15916.
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
+
+sudo (1.5.2-6) unstable; urgency=LOW
+
+ * don't install INSTALL in the doc directory, closes bug 13195.
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
+
+sudo (1.5.2-5) unstable; urgency=LOW
+
+ * libc6
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
+
+sudo (1.5.2-4) unstable; urgency=LOW
+
+ * change TIMEOUT (how long before you have to type your password again)
+ to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
+ packages on slower machines much more tolerable. Closes bug 9076.
+ * touch debian/suid before debstd. Closes bug 8709.
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
+
+sudo (1.5.2-3) frozen unstable; urgency=LOW
+
+ * patch from upstream maintainer to close Bug 6828
+ * add a debian/suid file to get debstd to leave my perl postinst alone
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
+
+sudo (1.5.2-2) frozen unstable; urgency=LOW
+
+ * change rules to use -O2 -Wall as per standards
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
+
+sudo (1.5.2-1) unstable; urgency=LOW
+
+ * new upstream version
+ * cosmetic changes to debian package control files
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
+
+sudo (1.5-2) unstable; urgency=LOW
+
+ * add /usr/X11R6/bin to the end of the secure path... this makes it
+ much easier to run xmkmf, etc., during package builds. To the extent
+ that /usr/local/sbin and /usr/local/bin were already included, I see
+ no security reasons not to add this.
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
+
+sudo (1.5-1) unstable; urgency=LOW
+
+ * New upstream version
+ * New maintainer
+ * New packaging format
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
+
+Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
+
+ sudo (1.4.1-1):
+
+ * hard code SECURE_PATH to:
+ "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+ * enable ENV_EDITOR
+
+ * enabled EXEMPTGROUP "sudo"
+
+ * moved timestamp dir to /var/log/sudo
+
+ * changed parser to check for long and short filenames (Bug#1162)
+
+Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
+
+ sudo (1.4.2-1):
+
+ * New upstream source
+
+ * Fixed postinst script
+ (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
+
+ * Removed special shadow binary. This version works with and without
+ shadow password file.
+
+Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+ sudo (1.4.2-2):
+
+ * Corrected editor path to /bin/ae (Bug#3062)
+
+ * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
+
+Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+ sudo (1.4.3-1):
+
+ * New upstream version
+
+ * Changed sudoers permission to 440 (owner root, group root) to make
+ sudo usable via NFS
+
+Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+ sudo (1.4.3-2):
+
+ * Applied upstream patch 1
+
+Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+ sudo (1.4.3-3):
+
+ * Applied upstream patch 2
+
+Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+ sudo (1.4.3-4):
+
+ * Applied upstream patch 3 (fixes problems with an NFS-mounted
+ sudoers file)
+
+
+Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+ sudo (1.4.3-5):
+
+ * Corrected postinst to use /usr/bin/perl instead of /bin/perl
+ [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
+
+Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+ sudo (1.4.3-6):
+
+ * Applied upstream patch 4 (fixes several bugs)
+
+ * Changed priority to optional
+
+Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+ sudo (1.4.3-7):
+
+ * Corrected postinst to create correct permission for /etc/sudoers
+ (Bug#3749)
+
+Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+ sudo (1.4.4-1):
+
+ * New upstream version
+
+
+sudo (1.4.4-2) admin; urgency=HIGH
+
+ * Fixed major security bug reported by Peter Tobias
+ <tobias@et-inf.fho-emden.de>
+ * Added dchanges support to debian.rules
+
+sudo (1.4.5-1) admin; urgency=LOW
+
+ * New upstream version
+ * Minor changes to debian.rules
diff --git a/debian/compat b/debian/compat
new file mode 100644
index 0000000..f599e28
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
+10
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..7df48a3
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,37 @@
+Source: sudo
+Section: admin
+Priority: optional
+Maintainer: Bdale Garbee <bdale@gag.com>
+Build-Depends: debhelper (>= 10), libpam0g-dev, libldap2-dev, libsasl2-dev, libselinux1-dev [linux-any], autoconf, bison, flex, libaudit-dev [linux-any], mandoc
+Standards-Version: 4.1.1
+Vcs-Git: https://salsa.debian.org/debian/sudo.git
+Vcs-Browser: https://salsa.debian.org/debian/sudo
+Homepage: http://www.sudo.ws/
+
+Package: sudo
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-modules, lsb-base
+Conflicts: sudo-ldap
+Replaces: sudo-ldap
+Description: Provide limited super user privileges to specific users
+ Sudo is a program designed to allow a sysadmin to give limited root
+ privileges to users and log root activity. The basic philosophy is to give
+ as few privileges as possible but still allow people to get their work done.
+ .
+ This version is built with minimal shared library dependencies, use the
+ sudo-ldap package instead if you need LDAP support for sudoers.
+
+Package: sudo-ldap
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-modules, lsb-base
+Conflicts: sudo
+Replaces: sudo
+Provides: sudo
+Description: Provide limited super user privileges to specific users
+ Sudo is a program designed to allow a sysadmin to give limited root
+ privileges to users and log root activity. The basic philosophy is to give
+ as few privileges as possible but still allow people to get their work done.
+ .
+ This version is built with LDAP support, which allows an equivalent of the
+ sudoers database to be distributed via LDAP. Authentication is still
+ performed via pam.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..8e76500
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,57 @@
+This is the Debian GNU/Linux prepackaged version of sudo. sudo is
+used to provide limited super user privileges to specific users.
+
+Bdale Garbee <bdale@gag.com> maintains this package using sources from
+
+ http://www.sudo.ws/
+
+Sudo is distributed under the following ISC-style license:
+
+ Copyright (c) 1994-1996, 1998-2008
+ Todd C. Miller <Todd.Miller@courtesan.com>
+
+ Permission to use, copy, modify, and distribute this software for any
+ purpose with or without fee is hereby granted, provided that the above
+ copyright notice and this permission notice appear in all copies.
+
+ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+ Sponsored in part by the Defense Advanced Research Projects
+ Agency (DARPA) and Air Force Research Laboratory, Air Force
+ Materiel Command, USAF, under agreement number F39502-99-1-0512.
+
+Additionally, fnmatch.c, fnmatch.h, getcwd.c, glob.c, glob.h and snprintf.c
+bear the following UCB license:
+
+ Copyright (c) 1987, 1989, 1990, 1991, 1992, 1993, 1994
+ The Regents of the University of California. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the University nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ SUCH DAMAGE.
diff --git a/debian/patches/Add-sudoedit-flag-checks-in-plugin-that-are-consiste.patch b/debian/patches/Add-sudoedit-flag-checks-in-plugin-that-are-consiste.patch
new file mode 100644
index 0000000..0fd3071
--- /dev/null
+++ b/debian/patches/Add-sudoedit-flag-checks-in-plugin-that-are-consiste.patch
@@ -0,0 +1,43 @@
+From 9f8d2f158166512511aac5e32928dcf6c65005c3 Mon Sep 17 00:00:00 2001
+From: "Todd C. Miller" <Todd.Miller@sudo.ws>
+Date: Wed, 20 Jan 2021 09:03:17 +0100
+Subject: [PATCH 2/5] Add sudoedit flag checks in plugin that are consistent
+ with front-end.
+
+Don't assume the sudo front-end is sending reasonable mode flags.
+These checks need to be kept consistent between the sudo front-end
+and the sudoers plugin.
+
+[Salvatore Bonaccorso: Backport to 1.8.27: Context changes]
+---
+ plugins/sudoers/policy.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+--- a/plugins/sudoers/policy.c
++++ b/plugins/sudoers/policy.c
+@@ -98,10 +98,11 @@ parse_bool(const char *line, int varlen,
+ int
+ sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group)
+ {
++ const int edit_mask = MODE_EDIT|MODE_IGNORE_TICKET|MODE_NONINTERACTIVE;
+ struct sudoers_policy_open_info *info = v;
+- char * const *cur;
+ const char *p, *errstr, *groups = NULL;
+ const char *remhost = NULL;
++ char * const *cur;
+ bool uid_set = false, gid_set = false;
+ int flags = 0;
+ debug_decl(sudoers_policy_deserialize_info, SUDOERS_DEBUG_PLUGIN)
+@@ -331,6 +332,12 @@ sudoers_policy_deserialize_info(void *v,
+ #endif
+ }
+
++ /* Sudo front-end should restrict mode flags for sudoedit. */
++ if (ISSET(flags, MODE_EDIT) && (flags & edit_mask) != flags) {
++ sudo_warnx(U_("invalid mode flags from sudo front end: 0x%x"), flags);
++ goto bad;
++ }
++
+ user_umask = (mode_t)-1;
+ for (cur = info->user_info; *cur != NULL; cur++) {
+ if (MATCHES(*cur, "user=")) {
diff --git a/debian/patches/Don-t-assume-that-argv-is-allocated-as-a-single-flat.patch b/debian/patches/Don-t-assume-that-argv-is-allocated-as-a-single-flat.patch
new file mode 100644
index 0000000..0fa8d84
--- /dev/null
+++ b/debian/patches/Don-t-assume-that-argv-is-allocated-as-a-single-flat.patch
@@ -0,0 +1,39 @@
+From 61470612e3bc1a0aca268d80bc55c36c1802b7fd Mon Sep 17 00:00:00 2001
+From: "Todd C. Miller" <Todd.Miller@sudo.ws>
+Date: Wed, 20 Jan 2021 09:04:39 +0100
+Subject: [PATCH 5/5] Don't assume that argv is allocated as a single flat
+ buffer.
+
+While this is how the kernel behaves it is not a portable assumption.
+The assumption may also be violated if getopt_long(3) permutes arguments.
+Found by Qualys.
+
+[Salvatore Bonaccorso: Backport to 1.8.27: Context changes]
+---
+ src/parse_args.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+--- a/src/parse_args.c
++++ b/src/parse_args.c
+@@ -563,16 +563,16 @@ parse_args(int argc, char **argv, int *n
+ if (argc != 0) {
+ /* shell -c "command" */
+ char *src, *dst;
+- size_t cmnd_size = (size_t) (argv[argc - 1] - argv[0]) +
+- strlen(argv[argc - 1]) + 1;
++ size_t size = 0;
+
+- cmnd = dst = reallocarray(NULL, cmnd_size, 2);
+- if (cmnd == NULL)
++ for (av = argv; *av != NULL; av++)
++ size += strlen(*av) + 1;
++ if (size == 0 || (cmnd = reallocarray(NULL, size, 2)) == NULL)
+ sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
+ if (!gc_add(GC_PTR, cmnd))
+ exit(1);
+
+- for (av = argv; *av != NULL; av++) {
++ for (dst = cmnd, av = argv; *av != NULL; av++) {
+ for (src = *av; *src != '\0'; src++) {
+ /* quote potential meta characters */
+ if (!isalnum((unsigned char)*src) && *src != '_' && *src != '-' && *src != '$')
diff --git a/debian/patches/Fix-a-buffer-overflow-when-pwfeedback-is-enabled-and.patch b/debian/patches/Fix-a-buffer-overflow-when-pwfeedback-is-enabled-and.patch
new file mode 100644
index 0000000..5d6f227
--- /dev/null
+++ b/debian/patches/Fix-a-buffer-overflow-when-pwfeedback-is-enabled-and.patch
@@ -0,0 +1,95 @@
+From: "Todd C. Miller" <Todd.Miller@sudo.ws>
+Date: Wed, 29 Jan 2020 20:15:21 -0700
+Subject: Fix a buffer overflow when pwfeedback is enabled and input is a not a
+ tty. In getln() if the user enters ^U (erase line) and the write(2) fails,
+ the remaining buffer size is reset but the current pointer is not. While
+ here, fix an incorrect break for erase when write(2) fails. Also disable
+ pwfeedback when input is not a tty as it cannot work. CVE-2019-18634 Credit:
+ Joe Vennix from Apple Information Security.
+Origin: https://github.com/sudo-project/sudo/commit/b5d2010b6514ff45693509273bb07df3abb0bf0a
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-18634
+Bug-Debian: https://bugs.debian.org/950371
+
+--HG--
+branch : 1.8
+[Salvatore Bonaccorso: Backport to 1.8.27 for context changes]
+---
+ src/tgetpass.c | 20 ++++++++++++--------
+ 1 file changed, 12 insertions(+), 8 deletions(-)
+
+--- a/src/tgetpass.c
++++ b/src/tgetpass.c
+@@ -60,7 +60,7 @@ static volatile sig_atomic_t signo[NSIG]
+
+ static bool tty_present(void);
+ static void tgetpass_handler(int);
+-static char *getln(int, char *, size_t, int, enum tgetpass_errval *);
++static char *getln(int, char *, size_t, bool, enum tgetpass_errval *);
+ static char *sudo_askpass(const char *, const char *);
+
+ static int
+@@ -123,6 +123,7 @@ tgetpass(const char *prompt, int timeout
+ static const char *askpass;
+ static char buf[SUDO_CONV_REPL_MAX + 1];
+ int i, input, output, save_errno, neednl = 0, need_restart;
++ bool feedback = ISSET(flags, TGP_MASK);
+ enum tgetpass_errval errval;
+ debug_decl(tgetpass, SUDO_DEBUG_CONV)
+
+@@ -170,7 +171,7 @@ restart:
+ */
+ if (!ISSET(flags, TGP_ECHO)) {
+ for (;;) {
+- if (ISSET(flags, TGP_MASK))
++ if (feedback)
+ neednl = sudo_term_cbreak(input);
+ else
+ neednl = sudo_term_noecho(input);
+@@ -184,6 +185,9 @@ restart:
+ }
+ }
+ }
++ /* Only use feedback mode when we can disable echo. */
++ if (!neednl)
++ feedback = false;
+
+ /*
+ * Catch signals that would otherwise cause the user to end
+@@ -209,7 +213,7 @@ restart:
+
+ if (timeout > 0)
+ alarm(timeout);
+- pass = getln(input, buf, sizeof(buf), ISSET(flags, TGP_MASK), &errval);
++ pass = getln(input, buf, sizeof(buf), feedback, &errval);
+ alarm(0);
+ save_errno = errno;
+
+@@ -345,7 +349,7 @@ sudo_askpass(const char *askpass, const
+ extern int sudo_term_eof, sudo_term_erase, sudo_term_kill;
+
+ static char *
+-getln(int fd, char *buf, size_t bufsiz, int feedback,
++getln(int fd, char *buf, size_t bufsiz, bool feedback,
+ enum tgetpass_errval *errval)
+ {
+ size_t left = bufsiz;
+@@ -374,15 +378,15 @@ getln(int fd, char *buf, size_t bufsiz,
+ while (cp > buf) {
+ if (write(fd, "\b \b", 3) == -1)
+ break;
+- --cp;
++ cp--;
+ }
++ cp = buf;
+ left = bufsiz;
+ continue;
+ } else if (c == sudo_term_erase) {
+ if (cp > buf) {
+- if (write(fd, "\b \b", 3) == -1)
+- break;
+- --cp;
++ ignore_result(write(fd, "\b \b", 3));
++ cp--;
+ left++;
+ }
+ continue;
diff --git a/debian/patches/Fix-potential-buffer-overflow-when-unescaping-backsl.patch b/debian/patches/Fix-potential-buffer-overflow-when-unescaping-backsl.patch
new file mode 100644
index 0000000..414c0d9
--- /dev/null
+++ b/debian/patches/Fix-potential-buffer-overflow-when-unescaping-backsl.patch
@@ -0,0 +1,71 @@
+From 1e94630a10326635ea5cdd8dc575f43e40a80469 Mon Sep 17 00:00:00 2001
+From: "Todd C. Miller" <Todd.Miller@sudo.ws>
+Date: Wed, 20 Jan 2021 09:03:43 +0100
+Subject: [PATCH 3/5] Fix potential buffer overflow when unescaping backslashes
+ in user_args.
+
+Do not try to unescaping backslashes unless in run mode *and* we are
+running the command via a shell.
+Found by Qualys.
+
+[Salvatore Bonaccorso: Backport to 1.8.27: Context changes]
+---
+ plugins/sudoers/sudoers.c | 23 ++++++++++++++++++-----
+ 1 file changed, 18 insertions(+), 5 deletions(-)
+
+--- a/plugins/sudoers/sudoers.c
++++ b/plugins/sudoers/sudoers.c
+@@ -404,7 +404,7 @@ sudoers_policy_main(int argc, char * con
+
+ /* If run as root with SUDO_USER set, set sudo_user.pw to that user. */
+ /* XXX - causes confusion when root is not listed in sudoers */
+- if (sudo_mode & (MODE_RUN | MODE_EDIT) && prev_user != NULL) {
++ if (ISSET(sudo_mode, MODE_RUN|MODE_EDIT) && prev_user != NULL) {
+ if (user_uid == 0 && strcmp(prev_user, "root") != 0) {
+ struct passwd *pw;
+
+@@ -784,8 +784,8 @@ set_cmnd(void)
+ if (user_cmnd == NULL)
+ user_cmnd = NewArgv[0];
+
+- if (sudo_mode & (MODE_RUN | MODE_EDIT | MODE_CHECK)) {
+- if (ISSET(sudo_mode, MODE_RUN | MODE_CHECK)) {
++ if (ISSET(sudo_mode, MODE_RUN|MODE_EDIT|MODE_CHECK)) {
++ if (!ISSET(sudo_mode, MODE_EDIT)) {
+ if (def_secure_path && !user_is_exempt())
+ path = def_secure_path;
+ if (!set_perms(PERM_RUNAS))
+@@ -823,7 +823,8 @@ set_cmnd(void)
+ sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
+ debug_return_int(-1);
+ }
+- if (ISSET(sudo_mode, MODE_SHELL|MODE_LOGIN_SHELL)) {
++ if (ISSET(sudo_mode, MODE_SHELL|MODE_LOGIN_SHELL) &&
++ ISSET(sudo_mode, MODE_RUN)) {
+ /*
+ * When running a command via a shell, the sudo front-end
+ * escapes potential meta chars. We unescape non-spaces
+@@ -831,10 +832,22 @@ set_cmnd(void)
+ */
+ for (to = user_args, av = NewArgv + 1; (from = *av); av++) {
+ while (*from) {
+- if (from[0] == '\\' && !isspace((unsigned char)from[1]))
++ if (from[0] == '\\' && from[1] != '\0' &&
++ !isspace((unsigned char)from[1])) {
+ from++;
++ }
++ if (size - (to - user_args) < 1) {
++ sudo_warnx(U_("internal error, %s overflow"),
++ __func__);
++ debug_return_int(NOT_FOUND_ERROR);
++ }
+ *to++ = *from++;
+ }
++ if (size - (to - user_args) < 1) {
++ sudo_warnx(U_("internal error, %s overflow"),
++ __func__);
++ debug_return_int(NOT_FOUND_ERROR);
++ }
+ *to++ = ' ';
+ }
+ *--to = '\0';
diff --git a/debian/patches/Fix-the-memset-offset-when-converting-a-v1-timestamp.patch b/debian/patches/Fix-the-memset-offset-when-converting-a-v1-timestamp.patch
new file mode 100644
index 0000000..aa46b0f
--- /dev/null
+++ b/debian/patches/Fix-the-memset-offset-when-converting-a-v1-timestamp.patch
@@ -0,0 +1,30 @@
+From 6ab23a7a9fe7be865e5c93363b520c704867326a Mon Sep 17 00:00:00 2001
+From: "Todd C. Miller" <Todd.Miller@sudo.ws>
+Date: Wed, 20 Jan 2021 09:04:12 +0100
+Subject: [PATCH 4/5] Fix the memset offset when converting a v1 timestamp to
+ TS_LOCKEXCL.
+
+We want to zero the struct starting at flags, not type (which was just set).
+Found by Qualys.
+---
+ plugins/sudoers/timestamp.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/plugins/sudoers/timestamp.c b/plugins/sudoers/timestamp.c
+index ace568e5a4fe..dfc9bdfc5f26 100644
+--- a/plugins/sudoers/timestamp.c
++++ b/plugins/sudoers/timestamp.c
+@@ -643,8 +643,8 @@ timestamp_lock(void *vcookie, struct passwd *pw)
+ if (entry.size == sizeof(struct timestamp_entry_v1)) {
+ /* Old sudo record, convert it to TS_LOCKEXCL. */
+ entry.type = TS_LOCKEXCL;
+- memset((char *)&entry + offsetof(struct timestamp_entry, type), 0,
+- nread - offsetof(struct timestamp_entry, type));
++ memset((char *)&entry + offsetof(struct timestamp_entry, flags), 0,
++ nread - offsetof(struct timestamp_entry, flags));
+ if (ts_write(cookie->fd, cookie->fname, &entry, 0) == -1)
+ debug_return_bool(false);
+ } else {
+--
+2.30.0
+
diff --git a/debian/patches/Reset-valid_flags-to-MODE_NONINTERACTIVE-for-sudoedi.patch b/debian/patches/Reset-valid_flags-to-MODE_NONINTERACTIVE-for-sudoedi.patch
new file mode 100644
index 0000000..ac62729
--- /dev/null
+++ b/debian/patches/Reset-valid_flags-to-MODE_NONINTERACTIVE-for-sudoedi.patch
@@ -0,0 +1,97 @@
+From 6f726f8a6f5e203ae2f4675902ba4aa03a8393af Mon Sep 17 00:00:00 2001
+From: "Todd C. Miller" <Todd.Miller@sudo.ws>
+Date: Wed, 20 Jan 2021 09:02:42 +0100
+Subject: [PATCH 1/5] Reset valid_flags to MODE_NONINTERACTIVE for sudoedit.
+
+This is consistent with how the -e option is handled.
+Also reject -H and -P flags for sudoedit as was done in sudo 1.7.
+Found by Qualys.
+
+[Salvatore Bonaccorso: Backport to 1.8.27: Context changes]
+---
+ src/parse_args.c | 18 ++++++++++++------
+ 1 file changed, 12 insertions(+), 6 deletions(-)
+
+--- a/src/parse_args.c
++++ b/src/parse_args.c
+@@ -121,7 +121,10 @@ struct environment {
+ /*
+ * Default flags allowed when running a command.
+ */
+-#define DEFAULT_VALID_FLAGS (MODE_BACKGROUND|MODE_PRESERVE_ENV|MODE_RESET_HOME|MODE_LOGIN_SHELL|MODE_NONINTERACTIVE|MODE_SHELL)
++#define DEFAULT_VALID_FLAGS (MODE_BACKGROUND|MODE_PRESERVE_ENV|MODE_RESET_HOME|MODE_LOGIN_SHELL|MODE_NONINTERACTIVE|MODE_PRESERVE_GROUPS|MODE_SHELL)
++#define EDIT_VALID_FLAGS MODE_NONINTERACTIVE
++#define LIST_VALID_FLAGS (MODE_NONINTERACTIVE|MODE_LONG_LIST)
++#define VALIDATE_VALID_FLAGS MODE_NONINTERACTIVE
+
+ /* Option number for the --host long option due to ambiguity of the -h flag. */
+ #define OPT_HOSTNAME 256
+@@ -265,6 +268,7 @@ parse_args(int argc, char **argv, int *n
+ progname = "sudoedit";
+ mode = MODE_EDIT;
+ sudo_settings[ARG_SUDOEDIT].value = "true";
++ valid_flags = EDIT_VALID_FLAGS;
+ }
+
+ /* Load local IP addresses and masks. */
+@@ -350,7 +354,7 @@ parse_args(int argc, char **argv, int *n
+ usage_excl(1);
+ mode = MODE_EDIT;
+ sudo_settings[ARG_SUDOEDIT].value = "true";
+- valid_flags = MODE_NONINTERACTIVE;
++ valid_flags = EDIT_VALID_FLAGS;
+ break;
+ case 'g':
+ if (*optarg == '\0')
+@@ -360,6 +364,7 @@ parse_args(int argc, char **argv, int *n
+ break;
+ case 'H':
+ sudo_settings[ARG_SET_HOME].value = "true";
++ SET(flags, MODE_RESET_HOME);
+ break;
+ case 'h':
+ if (optarg == NULL) {
+@@ -409,7 +414,7 @@ parse_args(int argc, char **argv, int *n
+ usage_excl(1);
+ }
+ mode = MODE_LIST;
+- valid_flags = MODE_NONINTERACTIVE|MODE_LONG_LIST;
++ valid_flags = LIST_VALID_FLAGS;
+ break;
+ case 'n':
+ SET(flags, MODE_NONINTERACTIVE);
+@@ -417,6 +422,7 @@ parse_args(int argc, char **argv, int *n
+ break;
+ case 'P':
+ sudo_settings[ARG_PRESERVE_GROUPS].value = "true";
++ SET(flags, MODE_PRESERVE_GROUPS);
+ break;
+ case 'p':
+ /* An empty prompt is allowed. */
+@@ -460,7 +466,7 @@ parse_args(int argc, char **argv, int *n
+ if (mode && mode != MODE_VALIDATE)
+ usage_excl(1);
+ mode = MODE_VALIDATE;
+- valid_flags = MODE_NONINTERACTIVE;
++ valid_flags = VALIDATE_VALID_FLAGS;
+ break;
+ case 'V':
+ if (mode && mode != MODE_VERSION)
+@@ -487,7 +493,7 @@ parse_args(int argc, char **argv, int *n
+ if (!mode) {
+ /* Defer -k mode setting until we know whether it is a flag or not */
+ if (sudo_settings[ARG_IGNORE_TICKET].value != NULL) {
+- if (argc == 0 && !(flags & (MODE_SHELL|MODE_LOGIN_SHELL))) {
++ if (argc == 0 && !ISSET(flags, MODE_SHELL|MODE_LOGIN_SHELL)) {
+ mode = MODE_INVALIDATE; /* -k by itself */
+ sudo_settings[ARG_IGNORE_TICKET].value = NULL;
+ valid_flags = 0;
+@@ -550,7 +556,7 @@ parse_args(int argc, char **argv, int *n
+ /*
+ * For shell mode we need to rewrite argv
+ */
+- if (ISSET(mode, MODE_RUN) && ISSET(flags, MODE_SHELL)) {
++ if (ISSET(flags, MODE_SHELL|MODE_LOGIN_SHELL) && ISSET(mode, MODE_RUN)) {
+ char **av, *cmnd = NULL;
+ int ac = 1;
+
diff --git a/debian/patches/Sanity-check-size-when-converting-the-first-record-t.patch b/debian/patches/Sanity-check-size-when-converting-the-first-record-t.patch
new file mode 100644
index 0000000..c0964be
--- /dev/null
+++ b/debian/patches/Sanity-check-size-when-converting-the-first-record-t.patch
@@ -0,0 +1,107 @@
+From 586b418ad85ff8c2e756eff7063ffaeca631fa02 Mon Sep 17 00:00:00 2001
+From: "Todd C. Miller" <Todd.Miller@sudo.ws>
+Date: Sun, 5 Jan 2020 09:37:09 -0700
+Subject: [PATCH] Sanity check size when converting the first record to
+ TS_LOCKEXCL Coverity CID 206591
+
+[Salvatore Bonaccorso: Backport to 1.8.27:
+ - Context changes
+ - Drop hunk about copyright years update
+ - Cast sizeof(struct timestamp_entry_v1) into ssize_t as 1.8.27 does
+ not contain the "Add ssizeof macro that returns ssize_t" change.
+]
+---
+ plugins/sudoers/timestamp.c | 65 ++++++++++++++++++++++++++++---------
+ 1 file changed, 49 insertions(+), 16 deletions(-)
+
+--- a/plugins/sudoers/timestamp.c
++++ b/plugins/sudoers/timestamp.c
+@@ -611,6 +611,25 @@ done:
+ }
+
+ /*
++ * Write a TS_LOCKEXCL record at the beginning of the time stamp file.
++ */
++bool
++timestamp_lock_write(struct ts_cookie *cookie)
++{
++ struct timestamp_entry entry;
++ bool ret = true;
++ debug_decl(timestamp_lock_write, SUDOERS_DEBUG_AUTH);
++
++ memset(&entry, 0, sizeof(entry));
++ entry.version = TS_VERSION;
++ entry.size = sizeof(entry);
++ entry.type = TS_LOCKEXCL;
++ if (ts_write(cookie->fd, cookie->fname, &entry, -1) == -1)
++ ret = false;
++ debug_return_bool(ret);
++}
++
++/*
+ * Lock a record in the time stamp file for exclusive access.
+ * If the record does not exist, it is created (as disabled).
+ */
+@@ -619,6 +638,7 @@ timestamp_lock(void *vcookie, struct pas
+ {
+ struct ts_cookie *cookie = vcookie;
+ struct timestamp_entry entry;
++ bool overwrite = false;
+ off_t lock_pos;
+ ssize_t nread;
+ debug_decl(timestamp_lock, SUDOERS_DEBUG_AUTH)
+@@ -640,26 +660,39 @@ timestamp_lock(void *vcookie, struct pas
+ /* Make sure the first record is of type TS_LOCKEXCL. */
+ memset(&entry, 0, sizeof(entry));
+ nread = read(cookie->fd, &entry, sizeof(entry));
+- if (nread == 0) {
+- /* New file, add TS_LOCKEXCL record. */
+- entry.version = TS_VERSION;
+- entry.size = sizeof(entry);
+- entry.type = TS_LOCKEXCL;
+- if (ts_write(cookie->fd, cookie->fname, &entry, -1) == -1)
+- debug_return_bool(false);
++ if (nread < (ssize_t)sizeof(struct timestamp_entry_v1)) {
++ /* New or invalid time stamp file. */
++ overwrite = true;
+ } else if (entry.type != TS_LOCKEXCL) {
+- /* Old sudo record, convert it to TS_LOCKEXCL. */
+- entry.type = TS_LOCKEXCL;
+- memset((char *)&entry + offsetof(struct timestamp_entry, type), 0,
+- nread - offsetof(struct timestamp_entry, type));
+- if (ts_write(cookie->fd, cookie->fname, &entry, 0) == -1)
+- debug_return_bool(false);
++ if (entry.size == sizeof(struct timestamp_entry_v1)) {
++ /* Old sudo record, convert it to TS_LOCKEXCL. */
++ entry.type = TS_LOCKEXCL;
++ memset((char *)&entry + offsetof(struct timestamp_entry, type), 0,
++ nread - offsetof(struct timestamp_entry, type));
++ if (ts_write(cookie->fd, cookie->fname, &entry, 0) == -1)
++ debug_return_bool(false);
++ } else {
++ /* Corrupted time stamp file? Just overwrite it. */
++ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO,
++ "corrupt initial record, type: %hu, size: %hu (expected %zu)",
++ entry.type, entry.size, sizeof(struct timestamp_entry_v1));
++ overwrite = true;
++ }
+ }
+- if (entry.size != sizeof(entry)) {
++ if (overwrite) {
++ /* Rewrite existing time stamp file or create new one. */
++ if (ftruncate(cookie->fd, 0) != 0) {
++ sudo_warn(U_("unable to truncate time stamp file to %lld bytes"),
++ 0LL);
++ debug_return_bool(false);
++ }
++ if (!timestamp_lock_write(cookie))
++ debug_return_bool(false);
++ } else if (entry.size != sizeof(entry)) {
+ /* Reset position if the lock record has an unexpected size. */
+ if (lseek(cookie->fd, entry.size, SEEK_SET) == -1) {
+ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO,
+- "unable to seek to %lld", (long long)entry.size);
++ "unable to seek to %hu", entry.size);
+ debug_return_bool(false);
+ }
+ }
diff --git a/debian/patches/Whitelist-DPKG_COLORS-environment-variable.diff b/debian/patches/Whitelist-DPKG_COLORS-environment-variable.diff
new file mode 100644
index 0000000..c2e1711
--- /dev/null
+++ b/debian/patches/Whitelist-DPKG_COLORS-environment-variable.diff
@@ -0,0 +1,24 @@
+From 18087bc16ec20ca2c8f0045a6b0408e94c53075c Mon Sep 17 00:00:00 2001
+From: Guillem Jover <guillem@hadrons.org>
+Date: Wed, 4 May 2016 01:53:13 +0200
+Subject: [PATCH] Whitelist DPKG_COLORS environment variable
+
+---
+ plugins/sudoers/env.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/plugins/sudoers/env.c b/plugins/sudoers/env.c
+index 9065250..c037bd8 100644
+--- a/plugins/sudoers/env.c
++++ b/plugins/sudoers/env.c
+@@ -188,6 +188,7 @@ static const char *initial_checkenv_table[] = {
+ static const char *initial_keepenv_table[] = {
+ "COLORS",
+ "DISPLAY",
++ "DPKG_COLORS",
+ "HOSTNAME",
+ "KRB5CCNAME",
+ "LS_COLORS",
+--
+2.8.1
+
diff --git a/debian/patches/paths-in-samples.diff b/debian/patches/paths-in-samples.diff
new file mode 100644
index 0000000..4fef5d9
--- /dev/null
+++ b/debian/patches/paths-in-samples.diff
@@ -0,0 +1,40 @@
+--- a/examples/sudoers
++++ b/examples/sudoers
+@@ -44,10 +44,10 @@
+ # Cmnd alias specification
+ ##
+ Cmnd_Alias DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \
+- /usr/sbin/rrestore, /usr/bin/mt, \
++ /usr/sbin/rrestore, /bin/mt, \
+ sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \
+ /home/operator/bin/start_backups
+-Cmnd_Alias KILL = /usr/bin/kill, /usr/bin/top
++Cmnd_Alias KILL = /bin/kill, /usr/bin/top
+ Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
+ Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
+ Cmnd_Alias HALT = /usr/sbin/halt
+@@ -85,7 +85,7 @@
+ sudoedit /etc/printcap, /usr/oper/bin/
+
+ # joe may su only to operator
+-joe ALL = /usr/bin/su operator
++joe ALL = /bin/su operator
+
+ # pete may change passwords for anyone but root on the hp snakes
+ pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd *root*
+@@ -99,13 +99,13 @@
+
+ # users in the secretaries netgroup need to help manage the printers
+ # as well as add and remove users
+-+secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
+++secretaries ALL = PRINTING, /usr/sbin/adduser
+
+ # fred can run commands as oracle or sybase without a password
+ fred ALL = (DB) NOPASSWD: ALL
+
+ # on the alphas, john may su to anyone but root and flags are not allowed
+-john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
++john ALPHA = /bin/su [!-]*, !/bin/su *root*
+
+ # jen can run anything on all machines except the ones
+ # in the "SERVERS" Host_Alias
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..fe0bf5a
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,12 @@
+typo-in-classic-insults.diff
+paths-in-samples.diff
+Whitelist-DPKG_COLORS-environment-variable.diff
+sudo_minus_1_uid.diff
+strtoid_minus_1_test_fix.diff
+Fix-a-buffer-overflow-when-pwfeedback-is-enabled-and.patch
+Sanity-check-size-when-converting-the-first-record-t.patch
+Reset-valid_flags-to-MODE_NONINTERACTIVE-for-sudoedi.patch
+Add-sudoedit-flag-checks-in-plugin-that-are-consiste.patch
+Fix-potential-buffer-overflow-when-unescaping-backsl.patch
+Fix-the-memset-offset-when-converting-a-v1-timestamp.patch
+Don-t-assume-that-argv-is-allocated-as-a-single-flat.patch
diff --git a/debian/patches/strtoid_minus_1_test_fix.diff b/debian/patches/strtoid_minus_1_test_fix.diff
new file mode 100644
index 0000000..6a2f148
--- /dev/null
+++ b/debian/patches/strtoid_minus_1_test_fix.diff
@@ -0,0 +1,103 @@
+Description: Fix test failure in plugins/sudoers/regress/testsudoers/test5.sh
+ Fix test failure after fix for CVE-2019-14287 .
+Origin: upstream
+Author: Todd C. Miller <Todd.Miller@sudo.ws>
+Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2019-10-10
+
+diff -r fcd7a6d8330e lib/util/regress/atofoo/atofoo_test.c
+--- a/lib/util/regress/atofoo/atofoo_test.c Fri Jan 11 13:31:15 2019 -0700
++++ b/lib/util/regress/atofoo/atofoo_test.c Thu Oct 10 14:02:30 2019 -0600
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2014 Todd C. Miller <Todd.Miller@sudo.ws>
++ * Copyright (c) 2014-2019 Todd C. Miller <Todd.Miller@sudo.ws>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+@@ -24,6 +24,7 @@
+ #else
+ # include "compat/stdbool.h"
+ #endif
++#include <errno.h>
+
+ #include "sudo_compat.h"
+ #include "sudo_util.h"
+@@ -78,15 +79,20 @@ static struct strtoid_data {
+ id_t id;
+ const char *sep;
+ const char *ep;
++ int errnum;
+ } strtoid_data[] = {
+- { "0,1", 0, ",", "," },
+- { "10", 10, NULL, NULL },
+- { "-2", -2, NULL, NULL },
++ { "0,1", 0, ",", ",", 0 },
++ { "10", 10, NULL, NULL, 0 },
++ { "-1", 0, NULL, NULL, EINVAL },
++ { "4294967295", 0, NULL, NULL, EINVAL },
++ { "4294967296", 0, NULL, NULL, ERANGE },
++ { "-2147483649", 0, NULL, NULL, ERANGE },
++ { "-2", -2, NULL, NULL, 0 },
+ #if SIZEOF_ID_T != SIZEOF_LONG_LONG
+- { "-2", (id_t)4294967294U, NULL, NULL },
++ { "-2", (id_t)4294967294U, NULL, NULL, 0 },
+ #endif
+- { "4294967294", (id_t)4294967294U, NULL, NULL },
+- { NULL, 0, NULL, NULL }
++ { "4294967294", (id_t)4294967294U, NULL, NULL, 0 },
++ { NULL, 0, NULL, NULL, 0 }
+ };
+
+ static int
+@@ -102,11 +108,23 @@ test_strtoid(int *ntests)
+ (*ntests)++;
+ errstr = "some error";
+ value = sudo_strtoid(d->idstr, d->sep, &ep, &errstr);
+- if (errstr != NULL) {
+- if (d->id != (id_t)-1) {
+- sudo_warnx_nodebug("FAIL: %s: %s", d->idstr, errstr);
++ if (d->errnum != 0) {
++ if (errstr == NULL) {
++ sudo_warnx_nodebug("FAIL: %s: missing errstr for errno %d",
++ d->idstr, d->errnum);
++ errors++;
++ } else if (value != 0) {
++ sudo_warnx_nodebug("FAIL: %s should return 0 on error",
++ d->idstr);
++ errors++;
++ } else if (errno != d->errnum) {
++ sudo_warnx_nodebug("FAIL: %s: errno mismatch, %d != %d",
++ d->idstr, errno, d->errnum);
+ errors++;
+ }
++ } else if (errstr != NULL) {
++ sudo_warnx_nodebug("FAIL: %s: %s", d->idstr, errstr);
++ errors++;
+ } else if (value != d->id) {
+ sudo_warnx_nodebug("FAIL: %s != %u", d->idstr, (unsigned int)d->id);
+ errors++;
+diff -r fcd7a6d8330e plugins/sudoers/regress/testsudoers/test5.out.ok
+--- a/plugins/sudoers/regress/testsudoers/test5.out.ok Fri Jan 11 13:31:15 2019 -0700
++++ b/plugins/sudoers/regress/testsudoers/test5.out.ok Thu Oct 10 14:02:30 2019 -0600
+@@ -4,7 +4,7 @@ Parse error in sudoers near line 1.
+ Entries for user root:
+
+ Command unmatched
+-testsudoers: test5.inc should be owned by gid 4294967295
++testsudoers: test5.inc should be owned by gid 4294967294
+ Parse error in sudoers near line 1.
+
+ Entries for user root:
+diff -r fcd7a6d8330e plugins/sudoers/regress/testsudoers/test5.sh
+--- a/plugins/sudoers/regress/testsudoers/test5.sh Fri Jan 11 13:31:15 2019 -0700
++++ b/plugins/sudoers/regress/testsudoers/test5.sh Thu Oct 10 14:02:30 2019 -0600
+@@ -24,7 +24,7 @@ EOF
+
+ # Test group writable
+ chmod 664 $TESTFILE
+-./testsudoers -U $MYUID -G -1 root id <<EOF
++./testsudoers -U $MYUID -G -2 root id <<EOF
+ #include $TESTFILE
+ EOF
+
diff --git a/debian/patches/sudo_minus_1_uid.diff b/debian/patches/sudo_minus_1_uid.diff
new file mode 100644
index 0000000..167b75d
--- /dev/null
+++ b/debian/patches/sudo_minus_1_uid.diff
@@ -0,0 +1,177 @@
+Description: Treat an ID of -1 as invalid since that means "no change".
+ Fixes CVE-2019-14287.
+ Found by Joe Vennix from Apple Information Security.
+Origin: upstream
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-14287
+Author: Todd C. Miller <Todd.Miller@sudo.ws>
+Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2019-10-10
+
+diff -r fcd7a6d8330e lib/util/strtoid.c
+--- a/lib/util/strtoid.c Fri Jan 11 13:31:15 2019 -0700
++++ b/lib/util/strtoid.c Thu Oct 10 09:52:12 2019 -0600
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2013-2016 Todd C. Miller <Todd.Miller@sudo.ws>
++ * Copyright (c) 2013-2019 Todd C. Miller <Todd.Miller@sudo.ws>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+@@ -47,6 +47,27 @@
+ #include "sudo_util.h"
+
+ /*
++ * Make sure that the ID ends with a valid separator char.
++ */
++static bool
++valid_separator(const char *p, const char *ep, const char *sep)
++{
++ bool valid = false;
++ debug_decl(valid_separator, SUDO_DEBUG_UTIL)
++
++ if (ep != p) {
++ /* check for valid separator (including '\0') */
++ if (sep == NULL)
++ sep = "";
++ do {
++ if (*ep == *sep)
++ valid = true;
++ } while (*sep++ != '\0');
++ }
++ debug_return_bool(valid);
++}
++
++/*
+ * Parse a uid/gid in string form.
+ * If sep is non-NULL, it contains valid separator characters (e.g. comma, space)
+ * If endp is non-NULL it is set to the next char after the ID.
+@@ -60,38 +81,35 @@ sudo_strtoid_v1(const char *p, const cha
+ char *ep;
+ id_t ret = 0;
+ long long llval;
+- bool valid = false;
+ debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL)
+
+ /* skip leading space so we can pick up the sign, if any */
+ while (isspace((unsigned char)*p))
+ p++;
+- if (sep == NULL)
+- sep = "";
++
++ /* While id_t may be 64-bit signed, uid_t and gid_t are 32-bit unsigned. */
+ errno = 0;
+ llval = strtoll(p, &ep, 10);
+- if (ep != p) {
+- /* check for valid separator (including '\0') */
+- do {
+- if (*ep == *sep)
+- valid = true;
+- } while (*sep++ != '\0');
++ if ((errno == ERANGE && llval == LLONG_MAX) || llval > (id_t)UINT_MAX) {
++ errno = ERANGE;
++ if (errstr != NULL)
++ *errstr = N_("value too large");
++ goto done;
+ }
+- if (!valid) {
++ if ((errno == ERANGE && llval == LLONG_MIN) || llval < INT_MIN) {
++ errno = ERANGE;
++ if (errstr != NULL)
++ *errstr = N_("value too small");
++ goto done;
++ }
++
++ /* Disallow id -1, which means "no change". */
++ if (!valid_separator(p, ep, sep) || llval == -1 || llval == (id_t)UINT_MAX) {
+ if (errstr != NULL)
+ *errstr = N_("invalid value");
+ errno = EINVAL;
+ goto done;
+ }
+- if (errno == ERANGE) {
+- if (errstr != NULL) {
+- if (llval == LLONG_MAX)
+- *errstr = N_("value too large");
+- else
+- *errstr = N_("value too small");
+- }
+- goto done;
+- }
+ ret = (id_t)llval;
+ if (errstr != NULL)
+ *errstr = NULL;
+@@ -106,30 +124,15 @@ sudo_strtoid_v1(const char *p, const cha
+ {
+ char *ep;
+ id_t ret = 0;
+- bool valid = false;
+ debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL)
+
+ /* skip leading space so we can pick up the sign, if any */
+ while (isspace((unsigned char)*p))
+ p++;
+- if (sep == NULL)
+- sep = "";
++
+ errno = 0;
+ if (*p == '-') {
+ long lval = strtol(p, &ep, 10);
+- if (ep != p) {
+- /* check for valid separator (including '\0') */
+- do {
+- if (*ep == *sep)
+- valid = true;
+- } while (*sep++ != '\0');
+- }
+- if (!valid) {
+- if (errstr != NULL)
+- *errstr = N_("invalid value");
+- errno = EINVAL;
+- goto done;
+- }
+ if ((errno == ERANGE && lval == LONG_MAX) || lval > INT_MAX) {
+ errno = ERANGE;
+ if (errstr != NULL)
+@@ -142,28 +145,31 @@ sudo_strtoid_v1(const char *p, const cha
+ *errstr = N_("value too small");
+ goto done;
+ }
+- ret = (id_t)lval;
+- } else {
+- unsigned long ulval = strtoul(p, &ep, 10);
+- if (ep != p) {
+- /* check for valid separator (including '\0') */
+- do {
+- if (*ep == *sep)
+- valid = true;
+- } while (*sep++ != '\0');
+- }
+- if (!valid) {
++
++ /* Disallow id -1, which means "no change". */
++ if (!valid_separator(p, ep, sep) || lval == -1) {
+ if (errstr != NULL)
+ *errstr = N_("invalid value");
+ errno = EINVAL;
+ goto done;
+ }
++ ret = (id_t)lval;
++ } else {
++ unsigned long ulval = strtoul(p, &ep, 10);
+ if ((errno == ERANGE && ulval == ULONG_MAX) || ulval > UINT_MAX) {
+ errno = ERANGE;
+ if (errstr != NULL)
+ *errstr = N_("value too large");
+ goto done;
+ }
++
++ /* Disallow id -1, which means "no change". */
++ if (!valid_separator(p, ep, sep) || ulval == UINT_MAX) {
++ if (errstr != NULL)
++ *errstr = N_("invalid value");
++ errno = EINVAL;
++ goto done;
++ }
+ ret = (id_t)ulval;
+ }
+ if (errstr != NULL)
diff --git a/debian/patches/typo-in-classic-insults.diff b/debian/patches/typo-in-classic-insults.diff
new file mode 100644
index 0000000..57e78c6
--- /dev/null
+++ b/debian/patches/typo-in-classic-insults.diff
@@ -0,0 +1,11 @@
+--- a/plugins/sudoers/ins_classic.h
++++ b/plugins/sudoers/ins_classic.h
+@@ -30,7 +30,7 @@
+ "Where did you learn to type?",
+ "Are you on drugs?",
+ "My pet ferret can type better than you!",
+- "You type like i drive.",
++ "You type like I drive.",
+ "Do you think like you type?",
+ "Your mind just hasn't been the same since the electro-shock, has it?",
+
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..2b5375b
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,186 @@
+#!/usr/bin/make -f
+
+export DH_VERBOSE=1
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
+CFLAGS = `dpkg-buildflags --get CFLAGS`
+CFLAGS += -Wall -Wno-comment
+LDFLAGS = `dpkg-buildflags --get LDFLAGS`
+CPPFLAGS = `dpkg-buildflags --get CPPFLAGS`
+
+DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
+DEB_HOST_ARCH_OS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS)
+ifeq ($(DEB_HOST_ARCH_OS),linux)
+ configure_args += --with-selinux --with-linux-audit --enable-tmpfiles.d=yes
+endif
+
+reconf-stamp:
+ cp -f /usr/share/misc/config.sub config.sub
+ cp -f /usr/share/misc/config.guess config.guess
+ autoconf -I m4
+ touch $@
+
+configure: configure-stamp
+configure-stamp: reconf-stamp
+ dh_testdir
+ cp -f /usr/share/misc/config.sub config.sub
+ cp -f /usr/share/misc/config.guess config.guess
+
+ # simple version
+ NROFFPROG=/usr/bin/nroff CFLAGS="$(CFLAGS)" \
+ CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" \
+ dh_auto_configure --builddirectory=build-simple -- \
+ -v \
+ --with-all-insults \
+ --with-pam \
+ --with-fqdn \
+ --with-logging=syslog \
+ --with-logfac=authpriv \
+ --with-env-editor \
+ --with-editor=/usr/bin/editor \
+ --with-exampledir=/usr/share/doc/sudo/examples \
+ --with-timeout=15 \
+ --with-password-timeout=0 \
+ --with-passprompt="[sudo] password for %p: " \
+ --disable-root-mailer \
+ --with-sendmail=/usr/sbin/sendmail \
+ --with-rundir=/run/sudo \
+ --libexecdir=/usr/lib/sudo \
+ --with-sssd --with-sssd-lib=/usr/lib/$(DEB_HOST_MULTIARCH) \
+ $(configure_args)
+
+ # LDAP version
+ NROFFPROG=/usr/bin/nroff CFLAGS="$(CFLAGS)" \
+ CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" \
+ dh_auto_configure --builddirectory=build-ldap -- \
+ -v \
+ --with-all-insults \
+ --with-pam \
+ --with-ldap \
+ --with-fqdn \
+ --with-logging=syslog \
+ --with-logfac=authpriv \
+ --with-env-editor \
+ --with-editor=/usr/bin/editor \
+ --with-exampledir=/usr/share/doc/sudo-ldap/examples \
+ --with-timeout=15 \
+ --with-password-timeout=0 \
+ --with-passprompt="[sudo] password for %p: " \
+ --disable-root-mailer \
+ --disable-setresuid \
+ --with-sendmail=/usr/sbin/sendmail \
+ --with-rundir=/run/sudo \
+ --with-ldap-conf-file=/etc/sudo-ldap.conf \
+ --libexecdir=/usr/lib/sudo \
+ --with-sssd --with-sssd-lib=/usr/lib/$(DEB_HOST_MULTIARCH) \
+ $(configure_args)
+
+ touch configure-stamp
+
+build: build-arch build-indep
+build-arch: build-stamp
+build-indep: build-stamp
+build-stamp: configure-stamp
+ dh_testdir
+
+ $(MAKE) -C build-simple
+ $(MAKE) -C build-ldap
+
+ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
+ $(MAKE) -C build-simple check
+endif
+
+ touch build-stamp
+
+clean:
+ dh_testdir
+ dh_testroot
+ rm -f configure-stamp build-stamp
+ rm -rf build-simple build-ldap
+ rm -f config.cache
+ dh_clean
+
+install: build-stamp
+ dh_testdir
+ dh_testroot
+ dh_prep
+ dh_installdirs
+
+ $(MAKE) -C build-simple install DESTDIR=$(CURDIR)/debian/sudo
+ $(MAKE) -C build-ldap install DESTDIR=$(CURDIR)/debian/sudo-ldap
+
+ # remove stuff we don't want
+ rm -f debian/sudo*/etc/sudoers \
+ debian/sudo*/usr/share/doc/sudo/LICENSE* \
+ debian/sudo*/usr/share/doc/sudo/ChangeLog
+
+ # provide upstream sudoers.dist as an alternate example
+ mv debian/sudo/etc/sudoers.dist \
+ debian/sudo/usr/share/doc/sudo/examples/sudoers.dist
+ mv debian/sudo-ldap/etc/sudoers.dist \
+ debian/sudo-ldap/usr/share/doc/sudo-ldap/examples/sudoers.dist
+
+ # /run/sudo directory is created at boot time and shouldn't be in the
+ # package
+ rm -rf debian/sudo*/run
+
+ # move upstream-installed docs to the right place for ldap package
+ mv debian/sudo-ldap/usr/share/doc/sudo/* \
+ debian/sudo-ldap/usr/share/doc/sudo-ldap/
+ rmdir debian/sudo-ldap/usr/share/doc/sudo
+
+ # and install things we do want that make install doesn't know about
+ install -o root -g root -m 0644 debian/sudo.pam \
+ debian/sudo/etc/pam.d/sudo
+ install -o root -g root -m 0644 debian/sudo.pam \
+ debian/sudo-ldap/etc/pam.d/sudo
+
+ install -o root -g root -m 0644 debian/sudo.lintian \
+ debian/sudo/usr/share/lintian/overrides/sudo
+ install -o root -g root -m 0644 debian/sudo-ldap.lintian \
+ debian/sudo-ldap/usr/share/lintian/overrides/sudo-ldap
+
+ install -o root -g root -m 0440 debian/sudoers \
+ debian/sudo/etc/sudoers
+ install -o root -g root -m 0440 debian/sudoers \
+ debian/sudo-ldap/etc/sudoers
+
+ install -o root -g root -m 0440 debian/README \
+ debian/sudo/etc/sudoers.d/README
+ install -o root -g root -m 0440 debian/README \
+ debian/sudo-ldap/etc/sudoers.d/README
+
+ # we don't want the initscript to run, the creation of the rundir and
+ # the cleanup the stamp files is now done by tmpfiles when using
+ # systemd
+ ln -s /dev/null debian/sudo/lib/systemd/system/sudo.service
+ ln -s /dev/null debian/sudo-ldap/lib/systemd/system/sudo.service
+
+binary-indep: build install
+
+binary-arch: build install
+ dh_testdir
+ dh_testroot
+ dh_installdocs -A
+ dh_installinit -psudo --name=sudo
+ dh_installinit -psudo-ldap --name=sudo-ldap
+ dh_installman -A
+ dh_installinfo -A
+ dh_installchangelogs ChangeLog
+ # clear dependency_libs field in .la files
+ sed -i "/dependency_libs/ s/'.*'/''/" `find . -name '*.la'`
+ dh_strip
+ dh_compress
+ dh_fixperms
+ chown root.root debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo
+ chmod 4755 debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo
+ chmod 0440 debian/sudo/etc/sudoers.d/README \
+ debian/sudo-ldap/etc/sudoers.d/README
+ dh_installdeb
+ dh_shlibdeps
+ dh_gencontrol
+ dh_md5sums
+ dh_builddeb
+
+binary: binary-indep binary-arch
+.PHONY: configure build-indep build-arch build clean binary-indep binary-arch binary install
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/sudo-ldap.dirs b/debian/sudo-ldap.dirs
new file mode 100644
index 0000000..8b95431
--- /dev/null
+++ b/debian/sudo-ldap.dirs
@@ -0,0 +1,9 @@
+etc/pam.d
+etc/sudoers.d
+lib/systemd/system
+usr/bin
+usr/share/man/man8
+usr/share/man/man5
+usr/sbin
+usr/share/doc/sudo-ldap
+usr/share/lintian/overrides
diff --git a/debian/sudo-ldap.docs b/debian/sudo-ldap.docs
new file mode 100644
index 0000000..05c5a2b
--- /dev/null
+++ b/debian/sudo-ldap.docs
@@ -0,0 +1,7 @@
+debian/OPTIONS
+doc/UPGRADE
+doc/HISTORY
+doc/TROUBLESHOOTING
+doc/schema.*
+README
+README.LDAP
diff --git a/debian/sudo-ldap.lintian b/debian/sudo-ldap.lintian
new file mode 100644
index 0000000..1e58bc1
--- /dev/null
+++ b/debian/sudo-ldap.lintian
@@ -0,0 +1,7 @@
+sudo-ldap: non-standard-file-perm etc/sudoers.d/README 0440 != 0644
+sudo-ldap: setuid-binary usr/bin/sudo 4755 root/root
+sudo-ldap: setuid-binary usr/bin/sudoedit 4755 root/root
+sudo-ldap: read-in-maintainer-script
+sudo-ldap: duplicate-updaterc.d-calls-in-postinst
+sudo-ldap: hardening-no-stackprotector usr/lib/sudo/sudo_noexec.so
+sudo-ldap: systemd-no-service-for-init-script sudo-ldap
diff --git a/debian/sudo-ldap.maintscript b/debian/sudo-ldap.maintscript
new file mode 100644
index 0000000..d0244ac
--- /dev/null
+++ b/debian/sudo-ldap.maintscript
@@ -0,0 +1 @@
+rm_conffile /etc/init.d/sudo 1.8.21p2-2~
diff --git a/debian/sudo-ldap.manpages b/debian/sudo-ldap.manpages
new file mode 100644
index 0000000..d2afb07
--- /dev/null
+++ b/debian/sudo-ldap.manpages
@@ -0,0 +1,4 @@
+build-ldap/doc/sudo.mdoc
+build-ldap/doc/sudoers.mdoc
+build-ldap/doc/sudoers.ldap.mdoc
+build-ldap/doc/visudo.mdoc
diff --git a/debian/sudo-ldap.postinst b/debian/sudo-ldap.postinst
new file mode 100644
index 0000000..6218aee
--- /dev/null
+++ b/debian/sudo-ldap.postinst
@@ -0,0 +1,83 @@
+#!/bin/sh
+
+set -e
+
+# remove old link
+
+if [ -L /etc/alternatives/sudo ]; then
+ rm /etc/alternatives/sudo
+fi
+
+# remove legacy conffile no longer delivered
+
+if [ -f /etc/sudoers.dist ]; then
+ rm /etc/sudoers.dist
+fi
+
+# complain if no sudoers file is present
+if [ ! -f /etc/sudoers ];then
+ echo "WARNING: /etc/sudoers not present!";
+fi
+
+# modify nsswitch.conf if needed
+if [ -z "`grep \"^sudoers:\" /etc/nsswitch.conf`" ]
+then
+ echo "sudoers: files ldap" >> /etc/nsswitch.conf
+fi
+
+# make sure sudoers has the correct permissions and owner/group
+if [ -f /etc/sudoers ];then
+ chown root:root /etc/sudoers
+ chmod 440 /etc/sudoers
+fi
+
+# create symlink to ease transition to new path for ldap config
+# if old config file exists and new one doesn't
+if [ -e /etc/ldap/ldap.conf -a ! -e /etc/sudo-ldap.conf ];then
+ ln -s ldap/ldap.conf /etc/sudo-ldap.conf
+fi
+
+# if we've gotten this far .. remove the saved, unchanged old sudoers file
+rm -f /etc/sudoers.pre-conffile
+
+# before 1.8.7-1 sudo-ldap used /etc/init.d/sudo instead of /etc/init.d/sudo-ldap,
+# let's make sure that's taken care of
+if [ "$1" = "configure" ] && dpkg --compare-versions "$2" lt-nl "1.8.21p2-2~" ; then
+ update-rc.d sudo remove
+fi
+
+#DEBHELPER#
+
+# make sure we have a sudo group
+
+[ -n "`getent group sudo`" ] && exit 0 # we're finished if there is a group sudo:
+
+# start search with gid 27
+gid="27"
+while [ -n "`getent group $gid | cut -d: -f3`" ];do
+ gid=`expr $gid + 1`
+done
+
+
+if [ "$gid" -ne "27" ];then
+ echo "On Debian we normally use gid 27 for 'sudo'."
+ gname="`getent group 27 | cut -d: -f1`"
+ echo "However, on your system gid 27 is group '$gname'."
+ echo ""
+ echo "Would you like me to stop configuring sudo so that you can change this?";
+ while true;do
+ echo -n "(Enter 'yes' to stop, enter to continue): "
+ read ans
+ [ "$ans" = "" ] && break
+ if [ "$ans" = "yes" -o "$ans" = "YES" ];then
+ echo "'dpkg --pending --configure' will restart the configuration."
+ exit 1;
+ fi
+ echo "Please enter exactly 'yes' to stop, or press the enter key to continue without stopping"
+ done
+fi
+
+echo "Creating group 'sudo' with gid = $gid";
+groupadd -g $gid sudo
+
+echo ""
diff --git a/debian/sudo-ldap.postrm b/debian/sudo-ldap.postrm
new file mode 100644
index 0000000..c3b48c8
--- /dev/null
+++ b/debian/sudo-ldap.postrm
@@ -0,0 +1,31 @@
+#!/bin/sh -e
+
+case "$1" in
+ purge)
+ rm -f /etc/sudo-ldap.conf
+ rm -rf /var/lib/sudo
+ rm -rf /run/sudo
+ ;;
+
+ remove|upgrade|deconfigure)
+ ;;
+
+ abort-upgrade|failed-upgrade)
+ if [ -e "/etc/sudoers.pre-conffile" ]; then
+ mv /etc/sudoers.pre-conffile /etc/sudoers
+ fi
+ ;;
+
+
+ *)
+ echo "unknown argument --> $1" >&2
+ exit 0
+ ;;
+esac
+
+# remove sudoers entries, if any, from nsswitch.conf
+if [ -w /etc/nsswitch.conf ] ; then
+ sed -i /^sudoers:/d /etc/nsswitch.conf
+fi
+
+#DEBHELPER#
diff --git a/debian/sudo-ldap.preinst b/debian/sudo-ldap.preinst
new file mode 100644
index 0000000..9a39d94
--- /dev/null
+++ b/debian/sudo-ldap.preinst
@@ -0,0 +1,22 @@
+#!/bin/sh -e
+
+case "$1" in
+ install|upgrade)
+ if [ -n "$2" ] && dpkg --compare-versions "$2" le "1.7.4p4-4"; then
+
+ SUDOERS="/etc/sudoers"
+
+ if [ -e "$SUDOERS" ]; then
+ md5sum="$(md5sum $SUDOERS | sed -e 's/ .*//')"
+ if [ "$md5sum" = "c310ef4892a00cca8134f6e4fcd64b6d" ] || #lenny
+ [ "$md5sum" = "c5dab0f2771411ed7e67d6dab60a311f" ] || #squeeze
+ [ "$md5sum" = "45437b4e86fba2ab890ac81db2ec3606" ]; then #wheezy
+ # move unchanged sudoers file to avoid conffile question
+ mv "$SUDOERS" "$SUDOERS.pre-conffile"
+ fi
+ fi
+ fi
+ ;;
+esac
+
+#DEBHELPER#
diff --git a/debian/sudo-ldap.sudo-ldap.init b/debian/sudo-ldap.sudo-ldap.init
new file mode 100644
index 0000000..5080db8
--- /dev/null
+++ b/debian/sudo-ldap.sudo-ldap.init
@@ -0,0 +1,44 @@
+#! /bin/sh
+
+### BEGIN INIT INFO
+# Provides: sudo-ldap
+# Required-Start: $local_fs $remote_fs
+# Required-Stop:
+# X-Start-Before: rmnologin
+# Default-Start: 2 3 4 5
+# Default-Stop:
+# Short-Description: Provide limited super user privileges to specific users
+# Description: Provide limited super user privileges to specific users.
+### END INIT INFO
+
+. /lib/lsb/init-functions
+
+N=/etc/init.d/sudo-ldap
+
+set -e
+
+case "$1" in
+ start)
+ # make sure privileges don't persist across reboots
+ # if the /run/sudo directory doesn't exist, let's create it with the
+ # correct permissions and SELinux label
+ if [ -d /run/sudo ]
+ then
+ find /run/sudo -exec touch -d @0 '{}' \;
+ else
+ mkdir /run/sudo /run/sudo/ts
+ chown root:root /run/sudo /run/sudo/ts
+ chmod 0711 /run/sudo
+ chmod 0700 /run/sudo/ts
+ [ -x /sbin/restorecon ] && /sbin/restorecon /run/sudo /run/sudo/ts
+ fi
+ ;;
+ stop|reload|restart|force-reload|status)
+ ;;
+ *)
+ echo "Usage: $N {start|stop|restart|force-reload|status}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
diff --git a/debian/sudo.dirs b/debian/sudo.dirs
new file mode 100644
index 0000000..96b5de3
--- /dev/null
+++ b/debian/sudo.dirs
@@ -0,0 +1,9 @@
+etc/pam.d
+etc/sudoers.d
+lib/systemd/system
+usr/bin
+usr/share/man/man8
+usr/share/man/man5
+usr/sbin
+usr/share/doc/sudo
+usr/share/lintian/overrides
diff --git a/debian/sudo.docs b/debian/sudo.docs
new file mode 100644
index 0000000..b590209
--- /dev/null
+++ b/debian/sudo.docs
@@ -0,0 +1,5 @@
+debian/OPTIONS
+doc/UPGRADE
+doc/HISTORY
+doc/TROUBLESHOOTING
+README
diff --git a/debian/sudo.lintian b/debian/sudo.lintian
new file mode 100644
index 0000000..454a914
--- /dev/null
+++ b/debian/sudo.lintian
@@ -0,0 +1,6 @@
+sudo: non-standard-file-perm etc/sudoers.d/README 0440 != 0644
+sudo: setuid-binary usr/bin/sudo 4755 root/root
+sudo: setuid-binary usr/bin/sudoedit 4755 root/root
+sudo: read-in-maintainer-script
+sudo: duplicate-updaterc.d-calls-in-postinst
+sudo: hardening-no-stackprotector usr/lib/sudo/sudo_noexec.so
diff --git a/debian/sudo.manpages b/debian/sudo.manpages
new file mode 100644
index 0000000..a1110a2
--- /dev/null
+++ b/debian/sudo.manpages
@@ -0,0 +1,3 @@
+build-simple/doc/sudo.mdoc
+build-simple/doc/sudoers.mdoc
+build-simple/doc/visudo.mdoc
diff --git a/debian/sudo.pam b/debian/sudo.pam
new file mode 100644
index 0000000..68c261a
--- /dev/null
+++ b/debian/sudo.pam
@@ -0,0 +1,5 @@
+#%PAM-1.0
+
+@include common-auth
+@include common-account
+@include common-session-noninteractive
diff --git a/debian/sudo.postinst b/debian/sudo.postinst
new file mode 100644
index 0000000..a70e576
--- /dev/null
+++ b/debian/sudo.postinst
@@ -0,0 +1,65 @@
+#!/bin/sh
+
+set -e
+
+# remove old link
+
+if [ -L /etc/alternatives/sudo ]; then
+ rm /etc/alternatives/sudo
+fi
+
+# remove legacy conffile no longer delivered
+
+if [ -f /etc/sudoers.dist ]; then
+ rm /etc/sudoers.dist
+fi
+
+# complain if no sudoers file is present
+if [ ! -f /etc/sudoers ];then
+ echo "WARNING: /etc/sudoers not present!";
+fi
+
+# make sure sudoers has the correct permissions and owner/group
+if [ -f /etc/sudoers ];then
+ chown root:root /etc/sudoers
+ chmod 440 /etc/sudoers
+fi
+
+# if we've gotten this far .. remove the saved, unchanged old sudoers file
+rm -f /etc/sudoers.pre-conffile
+
+#DEBHELPER#
+
+# make sure we have a sudo group
+
+[ -n "`getent group sudo`" ] && exit 0 # we're finished if there is a group sudo:
+
+# start search with gid 27
+gid="27"
+while [ -n "`getent group $gid | cut -d: -f3`" ];do
+ gid=`expr $gid + 1`
+done
+
+
+if [ "$gid" -ne "27" ];then
+ echo "On Debian we normally use gid 27 for 'sudo'."
+ gname="`getent group 27 | cut -d: -f1`"
+ echo "However, on your system gid 27 is group '$gname'."
+ echo ""
+ echo "Would you like me to stop configuring sudo so that you can change this?";
+ while true;do
+ echo -n "(Enter 'yes' to stop, enter to continue): "
+ read ans
+ [ "$ans" = "" ] && break
+ if [ "$ans" = "yes" -o "$ans" = "YES" ];then
+ echo "'dpkg --pending --configure' will restart the configuration."
+ exit 1;
+ fi
+ echo "Please enter exactly 'yes' to stop, or press the enter key to continue without stopping"
+ done
+fi
+
+echo "Creating group 'sudo' with gid = $gid";
+groupadd -g $gid sudo
+
+echo ""
diff --git a/debian/sudo.postrm b/debian/sudo.postrm
new file mode 100644
index 0000000..f683170
--- /dev/null
+++ b/debian/sudo.postrm
@@ -0,0 +1,24 @@
+#!/bin/sh -e
+
+case "$1" in
+ purge)
+ rm -rf /var/lib/sudo
+ rm -rf /run/sudo
+ ;;
+
+ remove|upgrade|deconfigure)
+ ;;
+
+ abort-upgrade|failed-upgrade)
+ if [ -e "/etc/sudoers.pre-conffile" ]; then
+ mv /etc/sudoers.pre-conffile /etc/sudoers
+ fi
+ ;;
+
+ *)
+ echo "unknown argument --> $1" >&2
+ exit 0
+ ;;
+esac
+
+#DEBHELPER#
diff --git a/debian/sudo.preinst b/debian/sudo.preinst
new file mode 100644
index 0000000..9a39d94
--- /dev/null
+++ b/debian/sudo.preinst
@@ -0,0 +1,22 @@
+#!/bin/sh -e
+
+case "$1" in
+ install|upgrade)
+ if [ -n "$2" ] && dpkg --compare-versions "$2" le "1.7.4p4-4"; then
+
+ SUDOERS="/etc/sudoers"
+
+ if [ -e "$SUDOERS" ]; then
+ md5sum="$(md5sum $SUDOERS | sed -e 's/ .*//')"
+ if [ "$md5sum" = "c310ef4892a00cca8134f6e4fcd64b6d" ] || #lenny
+ [ "$md5sum" = "c5dab0f2771411ed7e67d6dab60a311f" ] || #squeeze
+ [ "$md5sum" = "45437b4e86fba2ab890ac81db2ec3606" ]; then #wheezy
+ # move unchanged sudoers file to avoid conffile question
+ mv "$SUDOERS" "$SUDOERS.pre-conffile"
+ fi
+ fi
+ fi
+ ;;
+esac
+
+#DEBHELPER#
diff --git a/debian/sudo.prerm b/debian/sudo.prerm
new file mode 100644
index 0000000..c3b8c46
--- /dev/null
+++ b/debian/sudo.prerm
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+check_password() {
+ if [ ! "$SUDO_FORCE_REMOVE" = "yes" ]; then
+ # let's check whether the root account is locked.
+ # if it is, we're not going another step. No Sirreee!
+ passwd=$(getent shadow root|cut -f2 -d:)
+ passwd1=$(echo "$passwd" |cut -c1)
+ # Note: we do need the 'xfoo' syntax here, since POSIX special-cases
+ # the $passwd value '!' as negation.
+ if [ "x$passwd" = "x*" ] || [ "x$passwd1" = "x!" ]; then
+ # yup, password is locked
+ echo "You have asked that the sudo package be removed,"
+ echo "but no root password has been set."
+ echo "Without sudo, you may not be able to gain administrative privileges."
+ echo
+ echo "If you would prefer to access the root account with su(1)"
+ echo "or by logging in directly,"
+ echo "you must set a root password with \"sudo passwd\"."
+ echo
+ echo "If you have arranged other means to access the root account,"
+ echo "and you are sure this is what you want,"
+ echo "you may bypass this check by setting an environment variable "
+ echo "(export SUDO_FORCE_REMOVE=yes)."
+ echo
+ echo "Refusing to remove sudo."
+ exit 1
+ fi
+ fi
+}
+
+case $1 in
+ remove)
+ check_password;
+ ;;
+ *)
+ ;;
+esac
+
+#DEBHELPER#
+
+exit 0
+
diff --git a/debian/sudo.sudo.init b/debian/sudo.sudo.init
new file mode 100644
index 0000000..c971310
--- /dev/null
+++ b/debian/sudo.sudo.init
@@ -0,0 +1,44 @@
+#! /bin/sh
+
+### BEGIN INIT INFO
+# Provides: sudo
+# Required-Start: $local_fs $remote_fs
+# Required-Stop:
+# X-Start-Before: rmnologin
+# Default-Start: 2 3 4 5
+# Default-Stop:
+# Short-Description: Provide limited super user privileges to specific users
+# Description: Provide limited super user privileges to specific users.
+### END INIT INFO
+
+. /lib/lsb/init-functions
+
+N=/etc/init.d/sudo
+
+set -e
+
+case "$1" in
+ start)
+ # make sure privileges don't persist across reboots
+ # if the /run/sudo directory doesn't exist, let's create it with the
+ # correct permissions and SELinux label
+ if [ -d /run/sudo ]
+ then
+ find /run/sudo -exec touch -d @0 '{}' \;
+ else
+ mkdir /run/sudo /run/sudo/ts
+ chown root:root /run/sudo /run/sudo/ts
+ chmod 0711 /run/sudo
+ chmod 0700 /run/sudo/ts
+ [ -x /sbin/restorecon ] && /sbin/restorecon /run/sudo /run/sudo/ts
+ fi
+ ;;
+ stop|reload|restart|force-reload|status)
+ ;;
+ *)
+ echo "Usage: $N {start|stop|restart|force-reload|status}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
diff --git a/debian/sudoers b/debian/sudoers
new file mode 100644
index 0000000..d4cc632
--- /dev/null
+++ b/debian/sudoers
@@ -0,0 +1,27 @@
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# Please consider adding local content in /etc/sudoers.d/ instead of
+# directly modifying this file.
+#
+# See the man page for details on how to write a sudoers file.
+#
+Defaults env_reset
+Defaults mail_badpass
+Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root ALL=(ALL:ALL) ALL
+
+# Allow members of group sudo to execute any command
+%sudo ALL=(ALL:ALL) ALL
+
+# See sudoers(5) for more information on "#include" directives:
+
+#includedir /etc/sudoers.d
diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc
new file mode 100644
index 0000000..d047571
--- /dev/null
+++ b/debian/upstream/signing-key.asc
@@ -0,0 +1,34 @@
+pub 1024D/7EE470C4 2002-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
+ Key fingerprint = CCB2 4BE9 E948 1B15 D341 5953 5A89 DFA2 7EE4 70C4
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.13 (OpenBSD)
+
+mQGiBD2bdiURBACyoSsYq9t8jiLnhABRZcgDP2vaoJoGJD3eb9HNsv2+0IrcHaut
+s1QR1AY88AGTMnQTFWjH1vIXz/YCKnvgqklfbVCMehvkOUKvGv2eP7IkmWvVPIQb
+kayHCtChOKW86hqxZXyT8sbBJqHGHq7xBbg71uZ/CSaTY3ATencRX+UndwCg6ujz
+FFQhKoVwnPdYPkYA10kp2UsD/2Act3O9UJabaln5MLqLQrxo1Cqa3+ht4liAAOr3
+psMPcieyIULQ4yE19Jvb90s2sao88BUPVeDxBHV/nhcNQxlH4Boc+kWtU36XSxU3
+yrUhZDQIvrM4o1yCSgNSwUM88+qYm6ETAT0sZAiFT9biMjsT4Bw13KihyYtE2L36
+LdXOA/9MEH8zWRqUjQMt4X1yKTjwmIotAd9xetVNj+4lfTgmsnlZoex7T94Id0+B
+FDDSj4gpQ7GpFa0qOQgTyaUo5HgoPFw4F9TjebWiyey2SznIw4960KoAwfSTdSOG
+GoD96xuBsmQGCfdIFW43SJngXKiOpF/3VHoUxGYhTefOSGHAvLQqVG9kZCBDLiBN
+aWxsZXIgPFRvZGQuTWlsbGVyQGNvdXJ0ZXNhbi5jb20+iFkEExECABkFAj2bdiUE
+CwcDAgMVAgMDFgIBAh4BAheAAAoJEFqJ36J+5HDEQigAoLdD+y5EQzvogb6oybhC
+pBBmefqYAKDGlnXX7JNBJYBv/r5TBg4+zLOOL4hGBBIRAgAGBQJBRe2EAAoJEHbc
+LD8Bvl1KkGcAoIkEEMxMKxVqFODJb+UB0l4SckGNAJ0cbUUrRBd6CuC43gMocJjf
+CIu6A4hGBBMRAgAGBQI+lby2AAoJEO+q29VP9Jttjb4AoImefkVHaJKjEsHhK2ND
+DSapGyBOAJ0UwMYRCd+/WohvvBUsWZLfGl1LjIicBBABAgAGBQJRdsCIAAoJEDQB
+qWfpGXNhvlwD/1qaXdVB0F/90q/TD+K4wGSNTgxzSz7WxfeEFnaOmyKzPzZYo7PD
+Apfb68IxLGutG+LJjOiC+46smQBSFETiyM5U7YycpOFH0I908uJzMDqZm2UuVn9V
+WM/Y8oCjZbdmmECqbO+Mh+E+YHu7ojnVCXxXN+J21eVec781Q7YmRpPbuQENBD2b
+dicQBADOE3R8587Pf7ObSscn6EJbTowT1bVRZOA92SHqLMw7b2Pm2yrswM4SiIED
+x8Y1X37WepdLc9axik+qeb5jH/zMc+x6mI5Z7dRomu4F8VPwGUZLM3qn1o7WWJA6
+e/ntei5Fpvm1QVk8MzsAMcYCWu7K9mPPLCP+/oVY2hjoMuKqiwADBQQApJqntyzD
++yQUQPSUX+WyWW+ZFrviR3+URgY8HrYLJq7/ie5yudmsE0/vBIh2kIvNDGrqX+P+
+8/lpRXyo3Zbr4NjUJkCuh21ko9Q0YcJ2in1lyyQTHp44baK9imCfTPqxyhdQniDm
+QJKyHM950bgM4scUy0SFUNbGcd22fRQUKe2IRgQYEQIABgUCPZt2JwAKCRBaid+i
+fuRwxM54AKCYI8PUizkqFGZz7uRjggt91Rfk5QCfaZ1IGT+k5sB+l0/NqwlPtDEh
+AUs=
+=zwJJ
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000..ef2d335
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,2 @@
+version=3
+opts=pgpsigurlmangle=s/$/.sig/ http://www.sudo.ws/sudo/dist/sudo-(.*)[.]tar[.]gz