6 files changed, 163 insertions, 0 deletions

diff --git a/debian/patches/1004909-ftbfs-kfreebsd b/debian/patches/1004909-ftbfs-kfreebsd
new file mode 100644
index 0000000..1451b30
--- /dev/null
+++ b/debian/patches/1004909-ftbfs-kfreebsd
@@ -0,0 +1,24 @@
+Description: Fix FTBFS Issue on kFreeBSD
+Author: Laurent Bigonville <bigon@debian.org>
+Bug: https://bugs.debian.org/1004909
+Forwarded: https://bugzilla.sudo.ws/show_bug.cgi?id=1021
+--- a/include/sudo_compat.h
++++ b/include/sudo_compat.h
+@@ -472,7 +472,7 @@ sudo_dso_public time_t sudo_timegm(struc
+ #ifndef HAVE_UTIMENSAT
+ sudo_dso_public int sudo_utimensat(int fd, const char *file, const struct timespec *times, int flag);
+ # undef utimensat
+-# define utimensat(_a, _b, _c, _d) sudo_utimensat((_a), (_b), (_c), (_d))
++# define utimensat(_a, _b, _c, _d) sudo_utimensat(_a, _b, _c, _d)
+ #endif /* HAVE_UTIMENSAT */
+ #ifndef HAVE_FCHMODAT
+ sudo_dso_public int sudo_fchmodat(int dfd, const char *path, mode_t mode, int flag);
+@@ -487,7 +487,7 @@ sudo_dso_public int sudo_fstatat(int dfd
+ #ifndef HAVE_FUTIMENS
+ sudo_dso_public int sudo_futimens(int fd, const struct timespec *times);
+ # undef futimens
+-# define futimens(_a, _b) sudo_futimens((_a), (_b))
++# define futimens(_a, _b) sudo_futimens(_a, _b)
+ #endif /* HAVE_FUTIMENS */
+ #if !defined(HAVE_SNPRINTF) || defined(PREFER_PORTABLE_SNPRINTF)
+ sudo_dso_public int sudo_snprintf(char *str, size_t n, char const *fmt, ...) __printflike(3, 4);
diff --git a/debian/patches/Whitelist-DPKG_COLORS-environment-variable.diff b/debian/patches/Whitelist-DPKG_COLORS-environment-variable.diff
new file mode 100644
index 0000000..7b54b46
--- /dev/null
+++ b/debian/patches/Whitelist-DPKG_COLORS-environment-variable.diff
@@ -0,0 +1,19 @@
+From 18087bc16ec20ca2c8f0045a6b0408e94c53075c Mon Sep 17 00:00:00 2001
+From: Guillem Jover <guillem@hadrons.org>
+Date: Wed, 4 May 2016 01:53:13 +0200
+Subject: [PATCH] Whitelist DPKG_COLORS environment variable
+
+---
+ plugins/sudoers/env.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/plugins/sudoers/env.c
++++ b/plugins/sudoers/env.c
+@@ -216,6 +216,7 @@ static const char *initial_checkenv_tabl
+ static const char *initial_keepenv_table[] = {
+     "COLORS",
+     "DISPLAY",
++    "DPKG_COLORS",
+     "HOSTNAME",
+     "KRB5CCNAME",
+     "LS_COLORS",
diff --git a/debian/patches/debian-bug-1039557 b/debian/patches/debian-bug-1039557
new file mode 100644
index 0000000..947c3ed
--- /dev/null
+++ b/debian/patches/debian-bug-1039557
@@ -0,0 +1,14 @@
+Desciption: fix event log format with environment variables
+Origin: https://github.com/sudo-project/sudo/commit/12648b4e0a8cf486480442efd52f0e0b6cab6e8b
+Bug: https://github.com/sudo-project/sudo/issues/254
+Forwarded: not-needed
+--- a/lib/eventlog/eventlog.c
++++ b/lib/eventlog/eventlog.c
+@@ -189,6 +189,7 @@ new_logline(int event_type, int flags, s
+ 	    sudo_lbuf_append_esc(lbuf, LBUF_ESC_CNTRL, " %s",
+ 		evlog->env_add[i]);
+ 	}
++	sudo_lbuf_append(lbuf, " ; ");
+     }
+     if (evlog->command != NULL && evlog->argv != NULL) {
+ 	/* Command plus argv. */
diff --git a/debian/patches/paths-in-samples.diff b/debian/patches/paths-in-samples.diff
new file mode 100644
index 0000000..d0144b6
--- /dev/null
+++ b/debian/patches/paths-in-samples.diff
@@ -0,0 +1,40 @@
+Description: fix paths in sudoers example to match Debian's
+Last-Update: 2021-12-13
+Author: Bdale Garbee <bdale@gag.com>
+Forwarded: not-needed
+--- a/examples/sudoers.in
++++ b/examples/sudoers.in
+@@ -44,7 +44,7 @@ Host_Alias	CDROM = orion, perseus, hercu
+ # Cmnd alias specification
+ ##
+ Cmnd_Alias	DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \
+-			/usr/sbin/rrestore, /usr/bin/mt, \
++			/usr/sbin/rrestore, /bin/mt, \
+ 			sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \
+ 			/home/operator/bin/start_backups
+ Cmnd_Alias	KILL = /usr/bin/kill, /usr/bin/top
+@@ -85,7 +85,7 @@ operator	ALL = DUMPS, KILL, SHUTDOWN, HA
+ 		sudoedit /etc/printcap, /usr/oper/bin/
+ 
+ # joe may su only to operator
+-joe		ALL = /usr/bin/su operator
++joe		ALL = /bin/su operator
+ 
+ # pete may change passwords for anyone but root on the hp snakes
+ pete		HPPA = /usr/bin/passwd ^[a-zA-Z0-9_]+$, !/usr/bin/passwd root
+@@ -99,13 +99,13 @@ jim		+biglab = ALL
+ 
+ # users in the secretaries netgroup need to help manage the printers
+ # as well as add and remove users
+-+secretaries	ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
+++secretaries	ALL = PRINTING, /usr/sbin/adduser
+ 
+ # fred can run commands as oracle or sybase without a password
+ fred		ALL = (DB) NOPASSWD: ALL
+ 
+ # on the alphas, john may su to anyone except root, no flags are allowed.
+-john		ALPHA = /usr/bin/su ^[a-zA-Z0-9_]+$, !/usr/bin/su root
++john		ALPHA = /bin/su ^[a-zA-Z0-9_]+$, !/bin/su root
+ 
+ # jen can run anything on all machines except the ones
+ # in the "SERVERS" Host_Alias
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..6f71106
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,7 @@
+# 1004909-ftbfs-kfreebsd
+# debian-bugs-1019428
+# dont-create-ChangeLog
+debian-bug-1039557
+paths-in-samples.diff
+Whitelist-DPKG_COLORS-environment-variable.diff
+sudo-ldap-docs
diff --git a/debian/patches/sudo-ldap-docs b/debian/patches/sudo-ldap-docs
new file mode 100644
index 0000000..10378dd
--- /dev/null
+++ b/debian/patches/sudo-ldap-docs
@@ -0,0 +1,59 @@
+Description: Adapt README.LDAP to the actual state of the sudo-ldap package
+Author: Marc Haber <mh+debian-packages@zugschlus.de>
+Forwarded: not-needed
+--- a/README.LDAP.md
++++ b/README.LDAP.md
+@@ -35,22 +35,8 @@ They are one and the same.
+ 
+ ## Build instructions
+ 
+-The simplest way to build sudo with LDAP support is to include the
+-`--with-ldap` option.
+-
+-    $ ./configure --with-ldap
+-
+-If your ldap libraries and headers are in a non-standard place, you will need
+-to specify them at configure time.  E.g.
+-
+-    $ ./configure --with-ldap=/usr/local/ldapsdk
+-
+-Sudo is developed using OpenLDAP but Netscape-based LDAP libraries
+-(such as those present in Solaris) and IBM LDAP are also known to work.
+-
+-If special configuration was required to build an LDAP-enabled sudo,
+-let the sudo workers mailing list <sudo-workers@sudo.ws> know so
+-we can improve sudo.
++The Debian package of sudo-ldap is already built with LDAP support
++using the OpenLDAP libs.
+ 
+ ## Schema Changes
+ 
+@@ -177,13 +163,10 @@ I recommend using any of the following L
+ 
+   There are dozens of others, some Open Source, some free, some not.
+ 
+-## Configure your /etc/ldap.conf and /etc/nsswitch.conf
++## Configure your /etc/sudo-ldap.conf and /etc/nsswitch.conf
+ 
+-The /etc/ldap.conf file is meant to be shared between sudo, pam_ldap, nss_ldap
+-and other ldap applications and modules.  IBM Secureway unfortunately uses
+-the same file name but has a different syntax.  If you need to change where
+-this file is stored, re-run configure with the `--with-ldap-conf-file=PATH`
+-option.
++The Debian package sudo-ldap uses /etc/sudo-ldap.conf as configuration file
++and is configured to use nsswitch.
+ 
+ See the "Configuring ldap.conf" section in the sudoers.ldap manual
+ for a list of supported ldap.conf parameters and an example ldap.conf
+@@ -195,10 +178,7 @@ After configuring /etc/ldap.conf, you mu
+ /etc/nsswitch.conf file to tell sudo to look in LDAP for sudoers.
+ See the "Configuring nsswitch.conf" section in the sudoers.ldap
+ manual for details.  Sudo will use /etc/nsswitch.conf even if the
+-underlying operating system does not support it.  To disable nsswitch
+-support, run configure with the `--with-nsswitch=no` option.  This
+-will cause sudo to consult LDAP first and /etc/sudoers second,
+-unless the ignore_sudoers_file flag is set in the global LDAP options.
++underlying operating system does not support it.
+ 
+ ## Debugging your LDAP configuration
+