Google Git
Sign in
android-kvm / buildroot / refs/tags/2010.08_rc1 / . / package / sudo / sudo-1.6.8p12-001-ubuntu6.patch
blob: a370bd06cc02fa7a814fcbb31c6d467a3765a60c [file] [log] [blame]
--- sudo-1.6.8p12.orig/sudoers.man.in
+++ sudo-1.6.8p12/sudoers.man.in
@@ -759,7 +759,7 @@
.IP "exempt_group" 12
.IX Item "exempt_group"
Users in this group are exempt from password and \s-1PATH\s0 requirements.
-This is not set by default.
+On Debian systems, this is set to the group 'sudo' by default.
.IP "verifypw" 12
.IX Item "verifypw"
This option controls when a password will be required when a user runs
--- sudo-1.6.8p12.orig/sudo.man.in
+++ sudo-1.6.8p12/sudo.man.in
@@ -185,8 +185,7 @@
\&\fBsudo\fR determines who is an authorized user by consulting the file
\&\fI@sysconfdir@/sudoers\fR. By giving \fBsudo\fR the \fB\-v\fR flag a user
can update the time stamp without running a \fIcommand.\fR The password
-prompt itself will also time out if the user's password is not
-entered within \f(CW\*(C`@password_timeout@\*(C'\fR minutes (unless overridden via
+prompt itself will not time out in Debian's version (unless overridden via
\&\fIsudoers\fR).
.PP
If a user who is not listed in the \fIsudoers\fR file tries to run a
--- sudo-1.6.8p12.orig/parse.yacc
+++ sudo-1.6.8p12/parse.yacc
@@ -120,6 +120,7 @@
} \
match[top].user = UNSPEC; \
match[top].cmnd = UNSPEC; \
+ match[top].cmndall= UNSPEC; \
match[top].host = UNSPEC; \
match[top].runas = UNSPEC; \
match[top].nopass = def_authenticate ? UNSPEC : TRUE; \
@@ -135,6 +136,7 @@
} \
match[top].user = match[top-1].user; \
match[top].cmnd = match[top-1].cmnd; \
+ match[top].cmndall= match[top-1].cmndall; \
match[top].host = match[top-1].host; \
match[top].runas = match[top-1].runas; \
match[top].nopass = match[top-1].nopass; \
@@ -675,6 +677,7 @@
}
}
+ SETMATCH(cmnd_all, TRUE);
$$ = TRUE;
}
| ALIAS {
@@ -705,6 +708,7 @@
$$ = NOMATCH;
}
free($1);
+ SETMATCH(cmnd_all, FALSE);
}
| COMMAND {
if (printmatches == TRUE) {
@@ -730,6 +734,7 @@
free($1.cmnd);
if ($1.args)
free($1.args);
+ SETMATCH(cmnd_all, FALSE);
}
;
--- sudo-1.6.8p12.orig/env.c
+++ sudo-1.6.8p12/env.c
@@ -77,7 +77,7 @@
/*
* Prototypes
*/
-char **rebuild_env __P((char **, int, int));
+char **rebuild_env __P((char **, int, int, int));
char **zero_env __P((char **));
static void insert_env __P((char *, int));
static char *format_env __P((char *, ...));
@@ -89,6 +89,8 @@
static const char *initial_badenv_table[] = {
"IFS",
"CDPATH",
+ "SHELLOPTS",
+ "PS4",
"LOCALDOMAIN",
"RES_OPTIONS",
"HOSTALIASES",
@@ -140,6 +142,12 @@
"LC_*",
"LANG",
"LANGUAGE",
+ "TERM",
+ "HOME",
+ "LOGNAME",
+ "DISPLAY",
+ "XAUTHORITY",
+ "XAUTHORIZATION",
NULL
};
@@ -321,10 +329,11 @@
* Also adds sudo-specific variables (SUDO_*).
*/
char **
-rebuild_env(envp, sudo_mode, noexec)
+rebuild_env(envp, sudo_mode, noexec, noclean)
char **envp;
int sudo_mode;
int noexec;
+ int noclean;
{
char **ep, *cp, *ps1;
int okvar, iswild, didvar;
@@ -429,7 +438,7 @@
* env_check.
*/
for (ep = envp; *ep; ep++) {
- okvar = 1;
+ okvar = noclean;
/* Skip variables with values beginning with () (bash functions) */
if ((cp = strchr(*ep, '=')) != NULL) {
@@ -438,6 +447,7 @@
}
/* Skip anything listed in env_delete. */
+#if 0
for (cur = def_env_delete; cur && okvar; cur = cur->next) {
len = strlen(cur->value);
/* Deal with '*' wildcard */
@@ -451,9 +461,10 @@
okvar = 0;
}
}
+#endif
/* Check certain variables for '%' and '/' characters. */
- for (cur = def_env_check; cur && okvar; cur = cur->next) {
+ for (cur = def_env_check; cur; cur = cur->next) {
len = strlen(cur->value);
/* Deal with '*' wildcard */
if (cur->value[len - 1] == '*') {
@@ -463,8 +474,24 @@
iswild = 0;
if (strncmp(cur->value, *ep, len) == 0 &&
(iswild || (*ep)[len] == '=') &&
- strpbrk(*ep, "/%")) {
- okvar = 0;
+ strpbrk(*ep, "/%") == NULL) {
+ okvar = 1;
+ }
+ }
+
+ /* keep variables in env_keep */
+ for (cur = def_env_keep; cur; cur = cur->next) {
+ len = strlen(cur->value);
+ /* Deal with '*' wildcard */
+ if (cur->value[len - 1] == '*') {
+ len--;
+ iswild = 1;
+ } else
+ iswild = 0;
+ if (strncmp(cur->value, *ep, len) == 0 &&
+ (iswild || (*ep)[len] == '=')) {
+ okvar = 1;
+ break;
}
}
--- sudo-1.6.8p12.orig/sudoers.pod
+++ sudo-1.6.8p12/sudoers.pod
@@ -93,7 +93,7 @@
Cmnd_Alias ::= NAME '=' Cmnd_List
- NAME ::= [A-Z]([A-Z][0-9]_)*
+ NAME ::= [A-Z]([a-z][A-Z][0-9]_)*
Each I<alias> definition is of the form
@@ -568,7 +568,7 @@
=item C<%%>
-two consecutive C<%> characters are collaped into a single C<%> character
+two consecutive C<%> characters are collapsed into a single C<%> character
=back
@@ -669,8 +669,8 @@
=item exempt_group
-Users in this group are exempt from password and PATH requirements.
-This is not set by default.
+Users in this group are exempt from password and PATH requirements. This
+option is turned on for Debian.
=item verifypw
--- sudo-1.6.8p12.orig/ins_classic.h
+++ sudo-1.6.8p12/ins_classic.h
@@ -32,7 +32,7 @@
"Where did you learn to type?",
"Are you on drugs?",
"My pet ferret can type better than you!",
- "You type like i drive.",
+ "You type like I drive.",
"Do you think like you type?",
"Your mind just hasn't been the same since the electro-shock, has it?",
--- sudo-1.6.8p12.orig/config.guess
+++ sudo-1.6.8p12/config.guess
@@ -1,11 +1,9 @@
#! /bin/sh
# Attempt to guess a canonical system name.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-# 2000, 2001, 2002 Free Software Foundation, Inc.
-#
-# $Sudo: config.guess,v 1.10 2004/08/09 23:04:35 millert Exp $
+# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
-timestamp='2002-11-30'
+timestamp='2005-08-03'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@@ -19,13 +17,15 @@
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
#
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
+
# Originally written by Per Bothner <per@bothner.com>.
# Please send patches to <config-patches@gnu.org>. Submit a context
# diff and a properly formatted ChangeLog entry.
@@ -55,7 +55,7 @@
GNU config.guess ($timestamp)
Originally written by Per Bothner.
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
@@ -68,11 +68,11 @@
while test $# -gt 0 ; do
case $1 in
--time-stamp | --time* | -t )
- echo "$timestamp" ; exit 0 ;;
+ echo "$timestamp" ; exit ;;
--version | -v )
- echo "$version" ; exit 0 ;;
+ echo "$version" ; exit ;;
--help | --h* | -h )
- echo "$usage"; exit 0 ;;
+ echo "$usage"; exit ;;
-- ) # Stop option processing
shift; break ;;
- ) # Use stdin as input.
@@ -100,14 +100,18 @@
# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
# use `HOST_CC' if defined, but it is deprecated.
-# This shell variable is my proudest work .. or something. --bje
+# Portable tmp directory creation inspired by the Autoconf team.
-set_cc_for_build='tmpdir=${TMPDIR-/tmp}/config-guess-$$ ;
-(old=`umask` && umask 077 && mkdir $tmpdir && umask $old && unset old)
- || (echo "$me: cannot create $tmpdir" >&2 && exit 1) ;
-dummy=$tmpdir/dummy ;
-files="$dummy.c $dummy.o $dummy.rel $dummy" ;
-trap '"'"'rm -f $files; rmdir $tmpdir; exit 1'"'"' 1 2 15 ;
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
case $CC_FOR_BUILD,$HOST_CC,$CC in
,,) echo "int x;" > $dummy.c ;
for c in cc gcc c89 c99 ; do
@@ -115,15 +119,13 @@
CC_FOR_BUILD="$c"; break ;
fi ;
done ;
- rm -f $files ;
if test x"$CC_FOR_BUILD" = x ; then
CC_FOR_BUILD=no_compiler_found ;
fi
;;
,,*) CC_FOR_BUILD=$CC ;;
,*,*) CC_FOR_BUILD=$HOST_CC ;;
-esac ;
-unset files'
+esac ; set_cc_for_build= ;'
# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
# (ghazi@noc.rutgers.edu 1994-08-24)
@@ -196,104 +198,109 @@
# contains redundant information, the shorter form:
# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
echo "${machine}-${os}${release}"
- exit 0 ;;
+ exit ;;
*:OpenBSD:*:*)
UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
+ *:ekkoBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+ exit ;;
+ macppc:MirBSD:*:*)
+ echo powerppc-unknown-mirbsd${UNAME_RELEASE}
+ exit ;;
+ *:MirBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+ exit ;;
alpha:OSF1:*:*)
- if test $UNAME_RELEASE = "V4.0"; then
+ case $UNAME_RELEASE in
+ *4.0)
UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
- fi
+ ;;
+ *5.*)
+ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+ ;;
+ esac
+ # According to Compaq, /usr/sbin/psrinfo has been available on
+ # OSF/1 and Tru64 systems produced since 1995. I hope that
+ # covers most systems running today. This code pipes the CPU
+ # types through head -n 1, so we only detect the type of CPU 0.
+ ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+ case "$ALPHA_CPU_TYPE" in
+ "EV4 (21064)")
+ UNAME_MACHINE="alpha" ;;
+ "EV4.5 (21064)")
+ UNAME_MACHINE="alpha" ;;
+ "LCA4 (21066/21068)")
+ UNAME_MACHINE="alpha" ;;
+ "EV5 (21164)")
+ UNAME_MACHINE="alphaev5" ;;
+ "EV5.6 (21164A)")
+ UNAME_MACHINE="alphaev56" ;;
+ "EV5.6 (21164PC)")
+ UNAME_MACHINE="alphapca56" ;;
+ "EV5.7 (21164PC)")
+ UNAME_MACHINE="alphapca57" ;;
+ "EV6 (21264)")
+ UNAME_MACHINE="alphaev6" ;;
+ "EV6.7 (21264A)")
+ UNAME_MACHINE="alphaev67" ;;
+ "EV6.8CB (21264C)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.8AL (21264B)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.8CX (21264D)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.9A (21264/EV69A)")
+ UNAME_MACHINE="alphaev69" ;;
+ "EV7 (21364)")
+ UNAME_MACHINE="alphaev7" ;;
+ "EV7.9 (21364A)")
+ UNAME_MACHINE="alphaev79" ;;
+ esac
+ # A Pn.n version is a patched version.
# A Vn.n version is a released version.
# A Tn.n version is a released field test version.
# A Xn.n version is an unreleased experimental baselevel.
# 1.2 uses "1.2" for uname -r.
- eval $set_cc_for_build
- cat <<EOF >$dummy.s
- .data
-\$Lformat:
- .byte 37,100,45,37,120,10,0 # "%d-%x\n"
-
- .text
- .globl main
- .align 4
- .ent main
-main:
- .frame \$30,16,\$26,0
- ldgp \$29,0(\$27)
- .prologue 1
- .long 0x47e03d80 # implver \$0
- lda \$2,-1
- .long 0x47e20c21 # amask \$2,\$1
- lda \$16,\$Lformat
- mov \$0,\$17
- not \$1,\$18
- jsr \$26,printf
- ldgp \$29,0(\$26)
- mov 0,\$16
- jsr \$26,exit
- .end main
-EOF
- $CC_FOR_BUILD -o $dummy $dummy.s 2>/dev/null
- if test "$?" = 0 ; then
- case `$dummy` in
- 0-0)
- UNAME_MACHINE="alpha"
- ;;
- 1-0)
- UNAME_MACHINE="alphaev5"
- ;;
- 1-1)
- UNAME_MACHINE="alphaev56"
- ;;
- 1-101)
- UNAME_MACHINE="alphapca56"
- ;;
- 2-303)
- UNAME_MACHINE="alphaev6"
- ;;
- 2-307)
- UNAME_MACHINE="alphaev67"
- ;;
- 2-1307)
- UNAME_MACHINE="alphaev68"
- ;;
- 3-1307)
- UNAME_MACHINE="alphaev7"
- ;;
- esac
- fi
- rm -f $dummy.s $dummy && rmdir $tmpdir
- echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
- exit 0 ;;
+ echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+ exit ;;
Alpha\ *:Windows_NT*:*)
# How do we know it's Interix rather than the generic POSIX subsystem?
# Should we change UNAME_MACHINE based on the output of uname instead
# of the specific Alpha model?
echo alpha-pc-interix
- exit 0 ;;
+ exit ;;
21064:Windows_NT:50:3)
echo alpha-dec-winnt3.5
- exit 0 ;;
+ exit ;;
Amiga*:UNIX_System_V:4.0:*)
echo m68k-unknown-sysv4
- exit 0;;
+ exit ;;
*:[Aa]miga[Oo][Ss]:*:*)
echo ${UNAME_MACHINE}-unknown-amigaos
- exit 0 ;;
+ exit ;;
*:[Mm]orph[Oo][Ss]:*:*)
echo ${UNAME_MACHINE}-unknown-morphos
- exit 0 ;;
+ exit ;;
*:OS/390:*:*)
echo i370-ibm-openedition
- exit 0 ;;
+ exit ;;
+ *:z/VM:*:*)
+ echo s390-ibm-zvmoe
+ exit ;;
+ *:OS400:*:*)
+ echo powerpc-ibm-os400
+ exit ;;
arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
echo arm-acorn-riscix${UNAME_RELEASE}
- exit 0;;
+ exit ;;
+ arm:riscos:*:*|arm:RISCOS:*:*)
+ echo arm-unknown-riscos
+ exit ;;
SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
echo hppa1.1-hitachi-hiuxmpp
- exit 0;;
+ exit ;;
Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
if test "`(/bin/universe) 2>/dev/null`" = att ; then
@@ -301,29 +308,32 @@
else
echo pyramid-pyramid-bsd
fi
- exit 0 ;;
+ exit ;;
NILE*:*:*:dcosx)
echo pyramid-pyramid-svr4
- exit 0 ;;
- DRS?6000:UNIX_SV:4.2*:7*)
+ exit ;;
+ DRS?6000:unix:4.0:6*)
+ echo sparc-icl-nx6
+ exit ;;
+ DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
case `/usr/bin/uname -p` in
- sparc) echo sparc-icl-nx7 && exit 0 ;;
+ sparc) echo sparc-icl-nx7; exit ;;
esac ;;
sun4H:SunOS:5.*:*)
echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
- exit 0 ;;
+ exit ;;
sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
- exit 0 ;;
+ exit ;;
i86pc:SunOS:5.*:*)
echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
- exit 0 ;;
+ exit ;;
sun4*:SunOS:6*:*)
# According to config.sub, this is the proper way to canonicalize
# SunOS6. Hard to guess exactly what SunOS6 will be like, but
# it's likely to be more like Solaris than SunOS4.
echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
- exit 0 ;;
+ exit ;;
sun4*:SunOS:*:*)
case "`/usr/bin/arch -k`" in
Series*|S4*)
@@ -332,10 +342,10 @@
esac
# Japanese Language versions have a version number like `4.1.3-JL'.
echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
- exit 0 ;;
+ exit ;;
sun3*:SunOS:*:*)
echo m68k-sun-sunos${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
sun*:*:4.2BSD:*)
UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
@@ -347,10 +357,10 @@
echo sparc-sun-sunos${UNAME_RELEASE}
;;
esac
- exit 0 ;;
+ exit ;;
aushp:SunOS:*:*)
echo sparc-auspex-sunos${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
# The situation for MiNT is a little confusing. The machine name
# can be virtually everything (everything which is not
# "atarist" or "atariste" at least should have a processor
@@ -361,37 +371,40 @@
# be no problem.
atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
echo m68k-atari-mint${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
echo m68k-atari-mint${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
*falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
echo m68k-atari-mint${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
echo m68k-milan-mint${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
echo m68k-hades-mint${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
*:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
echo m68k-unknown-mint${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
+ m68k:machten:*:*)
+ echo m68k-apple-machten${UNAME_RELEASE}
+ exit ;;
powerpc:machten:*:*)
echo powerpc-apple-machten${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
RISC*:Mach:*:*)
echo mips-dec-mach_bsd4.3
- exit 0 ;;
+ exit ;;
RISC*:ULTRIX:*:*)
echo mips-dec-ultrix${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
VAX*:ULTRIX*:*:*)
echo vax-dec-ultrix${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
2020:CLIX:*:* | 2430:CLIX:*:*)
echo clipper-intergraph-clix${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
mips:*:*:UMIPS | mips:*:*:RISCos)
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
@@ -415,33 +428,33 @@
exit (-1);
}
EOF
- $CC_FOR_BUILD -o $dummy $dummy.c \
- && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
- && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
- rm -f $dummy.c $dummy && rmdir $tmpdir
+ $CC_FOR_BUILD -o $dummy $dummy.c &&
+ dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+ SYSTEM_NAME=`$dummy $dummyarg` &&
+ { echo "$SYSTEM_NAME"; exit; }
echo mips-mips-riscos${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
Motorola:PowerMAX_OS:*:*)
echo powerpc-motorola-powermax
- exit 0 ;;
+ exit ;;
Motorola:*:4.3:PL8-*)
echo powerpc-harris-powermax
- exit 0 ;;
+ exit ;;
Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
echo powerpc-harris-powermax
- exit 0 ;;
+ exit ;;
Night_Hawk:Power_UNIX:*:*)
echo powerpc-harris-powerunix
- exit 0 ;;
+ exit ;;
m88k:CX/UX:7*:*)
echo m88k-harris-cxux7
- exit 0 ;;
+ exit ;;
m88k:*:4*:R4*)
echo m88k-motorola-sysv4
- exit 0 ;;
+ exit ;;
m88k:*:3*:R3*)
echo m88k-motorola-sysv3
- exit 0 ;;
+ exit ;;
AViiON:dgux:*:*)
# DG/UX returns AViiON for all architectures
UNAME_PROCESSOR=`/usr/bin/uname -p`
@@ -457,29 +470,29 @@
else
echo i586-dg-dgux${UNAME_RELEASE}
fi
- exit 0 ;;
+ exit ;;
M88*:DolphinOS:*:*) # DolphinOS (SVR3)
echo m88k-dolphin-sysv3
- exit 0 ;;
+ exit ;;
M88*:*:R3*:*)
# Delta 88k system running SVR3
echo m88k-motorola-sysv3
- exit 0 ;;
+ exit ;;
XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
echo m88k-tektronix-sysv3
- exit 0 ;;
+ exit ;;
Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
echo m68k-tektronix-bsd
- exit 0 ;;
+ exit ;;
*:IRIX*:*:*)
echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
- exit 0 ;;
+ exit ;;
????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
- echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
- exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX '
+ echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
+ exit ;; # Note that: echo "'`uname -s`'" gives 'AIX '
i*86:AIX:*:*)
echo i386-ibm-aix
- exit 0 ;;
+ exit ;;
ia64:AIX:*:*)
if [ -x /usr/bin/oslevel ] ; then
IBM_REV=`/usr/bin/oslevel`
@@ -487,7 +500,7 @@
IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
fi
echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
- exit 0 ;;
+ exit ;;
*:AIX:2:3)
if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
eval $set_cc_for_build
@@ -502,15 +515,18 @@
exit(0);
}
EOF
- $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
- rm -f $dummy.c $dummy && rmdir $tmpdir
- echo rs6000-ibm-aix3.2.5
+ if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+ then
+ echo "$SYSTEM_NAME"
+ else
+ echo rs6000-ibm-aix3.2.5
+ fi
elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
echo rs6000-ibm-aix3.2.4
else
echo rs6000-ibm-aix3.2
fi
- exit 0 ;;
+ exit ;;
*:AIX:*:[45])
IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
@@ -524,28 +540,28 @@
IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
fi
echo ${IBM_ARCH}-ibm-aix${IBM_REV}
- exit 0 ;;
+ exit ;;
*:AIX:*:*)
echo rs6000-ibm-aix
- exit 0 ;;
+ exit ;;
ibmrt:4.4BSD:*|romp-ibm:BSD:*)
echo romp-ibm-bsd4.4
- exit 0 ;;
+ exit ;;
ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and
echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to
- exit 0 ;; # report: romp-ibm BSD 4.3
+ exit ;; # report: romp-ibm BSD 4.3
*:BOSX:*:*)
echo rs6000-bull-bosx
- exit 0 ;;
+ exit ;;
DPX/2?00:B.O.S.:*:*)
echo m68k-bull-sysv3
- exit 0 ;;
+ exit ;;
9000/[34]??:4.3bsd:1.*:*)
echo m68k-hp-bsd
- exit 0 ;;
+ exit ;;
hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
echo m68k-hp-bsd4.4
- exit 0 ;;
+ exit ;;
9000/[34678]??:HP-UX:*:*)
HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
case "${UNAME_MACHINE}" in
@@ -602,16 +618,36 @@
}
EOF
(CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
- if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi
- rm -f $dummy.c $dummy && rmdir $tmpdir
+ test -z "$HP_ARCH" && HP_ARCH=hppa
fi ;;
esac
+ if [ ${HP_ARCH} = "hppa2.0w" ]
+ then
+ eval $set_cc_for_build
+
+ # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+ # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler
+ # generating 64-bit code. GNU and HP use different nomenclature:
+ #
+ # $ CC_FOR_BUILD=cc ./config.guess
+ # => hppa2.0w-hp-hpux11.23
+ # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+ # => hppa64-hp-hpux11.23
+
+ if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+ grep __LP64__ >/dev/null
+ then
+ HP_ARCH="hppa2.0w"
+ else
+ HP_ARCH="hppa64"
+ fi
+ fi
echo ${HP_ARCH}-hp-hpux${HPUX_REV}
- exit 0 ;;
+ exit ;;
ia64:HP-UX:*:*)
HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
echo ia64-hp-hpux${HPUX_REV}
- exit 0 ;;
+ exit ;;
3050*:HI-UX:*:*)
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
@@ -639,149 +675,166 @@
exit (0);
}
EOF
- $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
- rm -f $dummy.c $dummy && rmdir $tmpdir
+ $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+ { echo "$SYSTEM_NAME"; exit; }
echo unknown-hitachi-hiuxwe2
- exit 0 ;;
+ exit ;;
9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
echo hppa1.1-hp-bsd
- exit 0 ;;
+ exit ;;
9000/8??:4.3bsd:*:*)
echo hppa1.0-hp-bsd
- exit 0 ;;
+ exit ;;
*9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
echo hppa1.0-hp-mpeix
- exit 0 ;;
+ exit ;;
hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
echo hppa1.1-hp-osf
- exit 0 ;;
+ exit ;;
hp8??:OSF1:*:*)
echo hppa1.0-hp-osf
- exit 0 ;;
+ exit ;;
i*86:OSF1:*:*)
if [ -x /usr/sbin/sysversion ] ; then
echo ${UNAME_MACHINE}-unknown-osf1mk
else
echo ${UNAME_MACHINE}-unknown-osf1
fi
- exit 0 ;;
+ exit ;;
parisc*:Lites*:*:*)
echo hppa1.1-hp-lites
- exit 0 ;;
+ exit ;;
C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
echo c1-convex-bsd
- exit 0 ;;
+ exit ;;
C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
if getsysinfo -f scalar_acc
then echo c32-convex-bsd
else echo c2-convex-bsd
fi
- exit 0 ;;
+ exit ;;
C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
echo c34-convex-bsd
- exit 0 ;;
+ exit ;;
C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
echo c38-convex-bsd
- exit 0 ;;
+ exit ;;
C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
echo c4-convex-bsd
- exit 0 ;;
+ exit ;;
CRAY*Y-MP:*:*:*)
echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
- exit 0 ;;
+ exit ;;
CRAY*[A-Z]90:*:*:*)
echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
-e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
-e 's/\.[^.]*$/.X/'
- exit 0 ;;
+ exit ;;
CRAY*TS:*:*:*)
echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
- exit 0 ;;
- CRAY*T3D:*:*:*)
- echo alpha-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
- exit 0 ;;
+ exit ;;
CRAY*T3E:*:*:*)
echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
- exit 0 ;;
+ exit ;;
CRAY*SV1:*:*:*)
echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
- exit 0 ;;
+ exit ;;
+ *:UNICOS/mp:*:*)
+ echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
- exit 0 ;;
+ exit ;;
+ 5000:UNIX_System_V:4.*:*)
+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+ echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+ exit ;;
i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
sparc*:BSD/OS:*:*)
echo sparc-unknown-bsdi${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
*:BSD/OS:*:*)
echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
*:FreeBSD:*:*)
- # Determine whether the default compiler uses glibc.
- eval $set_cc_for_build
- sed 's/^ //' << EOF >$dummy.c
- #include <features.h>
- #if __GLIBC__ >= 2
- LIBC=gnu
- #else
- LIBC=
- #endif
-EOF
- eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
- rm -f $dummy.c && rmdir $tmpdir
- echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC}
- exit 0 ;;
+ echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+ exit ;;
i*:CYGWIN*:*)
echo ${UNAME_MACHINE}-pc-cygwin
- exit 0 ;;
+ exit ;;
i*:MINGW*:*)
echo ${UNAME_MACHINE}-pc-mingw32
- exit 0 ;;
+ exit ;;
+ i*:windows32*:*)
+ # uname -m includes "-pc" on this system.
+ echo ${UNAME_MACHINE}-mingw32
+ exit ;;
i*:PW*:*)
echo ${UNAME_MACHINE}-pc-pw32
- exit 0 ;;
- x86:Interix*:3*)
- echo i586-pc-interix3
- exit 0 ;;
+ exit ;;
+ x86:Interix*:[34]*)
+ echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//'
+ exit ;;
[345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
echo i${UNAME_MACHINE}-pc-mks
- exit 0 ;;
+ exit ;;
i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
# How do we know it's Interix rather than the generic POSIX subsystem?
# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
# UNAME_MACHINE based on the output of uname instead of i386?
echo i586-pc-interix
- exit 0 ;;
+ exit ;;
i*:UWIN*:*)
echo ${UNAME_MACHINE}-pc-uwin
- exit 0 ;;
+ exit ;;
+ amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+ echo x86_64-unknown-cygwin
+ exit ;;
p*:CYGWIN*:*)
echo powerpcle-unknown-cygwin
- exit 0 ;;
+ exit ;;
prep*:SunOS:5.*:*)
echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
- exit 0 ;;
+ exit ;;
*:GNU:*:*)
+ # the GNU system
echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
- exit 0 ;;
+ exit ;;
+ *:GNU/*:*:*)
+ # other systems with GNU libc and userland
+ echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
+ exit ;;
i*86:Minix:*:*)
echo ${UNAME_MACHINE}-pc-minix
- exit 0 ;;
+ exit ;;
arm*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
- exit 0 ;;
+ exit ;;
+ cris:Linux:*:*)
+ echo cris-axis-linux-gnu
+ exit ;;
+ crisv32:Linux:*:*)
+ echo crisv32-axis-linux-gnu
+ exit ;;
+ frv:Linux:*:*)
+ echo frv-unknown-linux-gnu
+ exit ;;
ia64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
- exit 0 ;;
+ exit ;;
+ m32r*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
m68*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
- exit 0 ;;
+ exit ;;
mips:Linux:*:*)
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
@@ -799,8 +852,7 @@
#endif
EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
- rm -f $dummy.c && rmdir $tmpdir
- test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
+ test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
;;
mips64:Linux:*:*)
eval $set_cc_for_build
@@ -819,15 +871,17 @@
#endif
EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
- rm -f $dummy.c && rmdir $tmpdir
- test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
+ test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
;;
+ or32:Linux:*:*)
+ echo or32-unknown-linux-gnu
+ exit ;;
ppc:Linux:*:*)
echo powerpc-unknown-linux-gnu
- exit 0 ;;
+ exit ;;
ppc64:Linux:*:*)
echo powerpc64-unknown-linux-gnu
- exit 0 ;;
+ exit ;;
alpha:Linux:*:*)
case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
EV5) UNAME_MACHINE=alphaev5 ;;
@@ -841,7 +895,7 @@
objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
- exit 0 ;;
+ exit ;;
parisc:Linux:*:* | hppa:Linux:*:*)
# Look for CPU level
case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
@@ -849,22 +903,25 @@
PA8*) echo hppa2.0-unknown-linux-gnu ;;
*) echo hppa-unknown-linux-gnu ;;
esac
- exit 0 ;;
+ exit ;;
parisc64:Linux:*:* | hppa64:Linux:*:*)
echo hppa64-unknown-linux-gnu
- exit 0 ;;
+ exit ;;
s390:Linux:*:* | s390x:Linux:*:*)
echo ${UNAME_MACHINE}-ibm-linux
- exit 0 ;;
+ exit ;;
+ sh64*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
sh*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
- exit 0 ;;
+ exit ;;
sparc:Linux:*:* | sparc64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
- exit 0 ;;
+ exit ;;
x86_64:Linux:*:*)
echo x86_64-unknown-linux-gnu
- exit 0 ;;
+ exit ;;
i*86:Linux:*:*)
# The BFD linker knows what the default object file format is, so
# first see if it will tell us. cd to the root directory to prevent
@@ -882,15 +939,15 @@
;;
a.out-i386-linux)
echo "${UNAME_MACHINE}-pc-linux-gnuaout"
- exit 0 ;;
+ exit ;;
coff-i386)
echo "${UNAME_MACHINE}-pc-linux-gnucoff"
- exit 0 ;;
+ exit ;;
"")
# Either a pre-BFD a.out linker (linux-gnuoldld) or
# one that does not give us useful --help.
echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
- exit 0 ;;
+ exit ;;
esac
# Determine whether the default compiler is a.out or elf
eval $set_cc_for_build
@@ -913,18 +970,23 @@
LIBC=gnuaout
#endif
#endif
+ #ifdef __dietlibc__
+ LIBC=dietlibc
+ #endif
EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
- rm -f $dummy.c && rmdir $tmpdir
- test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0
- test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0
+ test x"${LIBC}" != x && {
+ echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+ exit
+ }
+ test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; }
;;
i*86:DYNIX/ptx:4*:*)
# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
# earlier versions are messed up and put the nodename in both
# sysname and nodename.
echo i386-sequent-sysv4
- exit 0 ;;
+ exit ;;
i*86:UNIX_SV:4.2MP:2.*)
# Unixware is an offshoot of SVR4, but it has its own version
# number series starting with 2...
@@ -932,24 +994,27 @@
# I just have to hope. -- rms.
# Use sysv4.2uw... so that sysv4* matches it.
echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
- exit 0 ;;
+ exit ;;
i*86:OS/2:*:*)
# If we were able to find `uname', then EMX Unix compatibility
# is probably installed.
echo ${UNAME_MACHINE}-pc-os2-emx
- exit 0 ;;
+ exit ;;
i*86:XTS-300:*:STOP)
echo ${UNAME_MACHINE}-unknown-stop
- exit 0 ;;
+ exit ;;
i*86:atheos:*:*)
echo ${UNAME_MACHINE}-unknown-atheos
- exit 0 ;;
+ exit ;;
+ i*86:syllable:*:*)
+ echo ${UNAME_MACHINE}-pc-syllable
+ exit ;;
i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
echo i386-unknown-lynxos${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
i*86:*DOS:*:*)
echo ${UNAME_MACHINE}-pc-msdosdjgpp
- exit 0 ;;
+ exit ;;
i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
@@ -957,15 +1022,16 @@
else
echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
fi
- exit 0 ;;
- i*86:*:5:[78]*)
+ exit ;;
+ i*86:*:5:[678]*)
+ # UnixWare 7.x, OpenUNIX and OpenServer 6.
case `/bin/uname -X | grep "^Machine"` in
*486*) UNAME_MACHINE=i486 ;;
*Pentium) UNAME_MACHINE=i586 ;;
*Pent*|*Celeron) UNAME_MACHINE=i686 ;;
esac
echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
- exit 0 ;;
+ exit ;;
i*86:*:3.2:*)
if test -f /usr/options/cb.name; then
UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
@@ -983,73 +1049,73 @@
else
echo ${UNAME_MACHINE}-pc-sysv32
fi
- exit 0 ;;
+ exit ;;
pc:*:*:*)
# Left here for compatibility:
# uname -m prints for DJGPP always 'pc', but it prints nothing about
# the processor, so we play safe by assuming i386.
echo i386-pc-msdosdjgpp
- exit 0 ;;
+ exit ;;
Intel:Mach:3*:*)
echo i386-pc-mach3
- exit 0 ;;
+ exit ;;
paragon:*:*:*)
echo i860-intel-osf1
- exit 0 ;;
+ exit ;;
i860:*:4.*:*) # i860-SVR4
if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
else # Add other i860-SVR4 vendors below as they are discovered.
echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4
fi
- exit 0 ;;
+ exit ;;
mini*:CTIX:SYS*5:*)
# "miniframe"
echo m68010-convergent-sysv
- exit 0 ;;
+ exit ;;
mc68k:UNIX:SYSTEM5:3.51m)
echo m68k-convergent-sysv
- exit 0 ;;
+ exit ;;
M680?0:D-NIX:5.3:*)
echo m68k-diab-dnix
- exit 0 ;;
- M68*:*:R3V[567]*:*)
- test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;;
- 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0)
+ exit ;;
+ M68*:*:R3V[5678]*:*)
+ test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+ 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
OS_REL=''
test -r /etc/.relid \
&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
- && echo i486-ncr-sysv4.3${OS_REL} && exit 0
+ && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
- && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;;
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
- && echo i486-ncr-sysv4 && exit 0 ;;
+ && { echo i486-ncr-sysv4; exit; } ;;
m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
echo m68k-unknown-lynxos${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
mc68030:UNIX_System_V:4.*:*)
echo m68k-atari-sysv4
- exit 0 ;;
+ exit ;;
TSUNAMI:LynxOS:2.*:*)
echo sparc-unknown-lynxos${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
rs6000:LynxOS:2.*:*)
echo rs6000-unknown-lynxos${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
echo powerpc-unknown-lynxos${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
SM[BE]S:UNIX_SV:*:*)
echo mips-dde-sysv${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
RM*:ReliantUNIX-*:*:*)
echo mips-sni-sysv4
- exit 0 ;;
+ exit ;;
RM*:SINIX-*:*:*)
echo mips-sni-sysv4
- exit 0 ;;
+ exit ;;
*:SINIX-*:*:*)
if uname -p 2>/dev/null >/dev/null ; then
UNAME_MACHINE=`(uname -p) 2>/dev/null`
@@ -1057,64 +1123,73 @@
else
echo ns32k-sni-sysv
fi
- exit 0 ;;
+ exit ;;
PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
# says <Richard.M.Bartel@ccMail.Census.GOV>
echo i586-unisys-sysv4
- exit 0 ;;
+ exit ;;
*:UNIX_System_V:4*:FTX*)
# From Gerald Hewes <hewes@openmarket.com>.
# How about differentiating between stratus architectures? -djm
echo hppa1.1-stratus-sysv4
- exit 0 ;;
+ exit ;;
*:*:*:FTX*)
# From seanf@swdc.stratus.com.
echo i860-stratus-sysv4
- exit 0 ;;
+ exit ;;
+ i*86:VOS:*:*)
+ # From Paul.Green@stratus.com.
+ echo ${UNAME_MACHINE}-stratus-vos
+ exit ;;
*:VOS:*:*)
# From Paul.Green@stratus.com.
echo hppa1.1-stratus-vos
- exit 0 ;;
+ exit ;;
mc68*:A/UX:*:*)
echo m68k-apple-aux${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
news*:NEWS-OS:6*:*)
echo mips-sony-newsos6
- exit 0 ;;
+ exit ;;
R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
if [ -d /usr/nec ]; then
echo mips-nec-sysv${UNAME_RELEASE}
else
echo mips-unknown-sysv${UNAME_RELEASE}
fi
- exit 0 ;;
+ exit ;;
BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
echo powerpc-be-beos
- exit 0 ;;
+ exit ;;
BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only.
echo powerpc-apple-beos
- exit 0 ;;
+ exit ;;
BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
echo i586-pc-beos
- exit 0 ;;
+ exit ;;
SX-4:SUPER-UX:*:*)
echo sx4-nec-superux${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
SX-5:SUPER-UX:*:*)
echo sx5-nec-superux${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
SX-6:SUPER-UX:*:*)
echo sx6-nec-superux${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
Power*:Rhapsody:*:*)
echo powerpc-apple-rhapsody${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
*:Rhapsody:*:*)
echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
*:Darwin:*:*)
- echo `uname -p`-apple-darwin${UNAME_RELEASE}
- exit 0 ;;
+ UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+ case $UNAME_PROCESSOR in
+ *86) UNAME_PROCESSOR=i686 ;;
+ unknown) UNAME_PROCESSOR=powerpc ;;
+ esac
+ echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+ exit ;;
*:procnto*:*:* | *:QNX:[0123456789]*:*)
UNAME_PROCESSOR=`uname -p`
if test "$UNAME_PROCESSOR" = "x86"; then
@@ -1122,22 +1197,25 @@
UNAME_MACHINE=pc
fi
echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
*:QNX:*:4*)
echo i386-pc-qnx
- exit 0 ;;
- NSR-[DGKLNPTVW]:NONSTOP_KERNEL:*:*)
+ exit ;;
+ NSE-?:NONSTOP_KERNEL:*:*)
+ echo nse-tandem-nsk${UNAME_RELEASE}
+ exit ;;
+ NSR-?:NONSTOP_KERNEL:*:*)
echo nsr-tandem-nsk${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
*:NonStop-UX:*:*)
echo mips-compaq-nonstopux
- exit 0 ;;
+ exit ;;
BS2000:POSIX*:*:*)
echo bs2000-siemens-sysv
- exit 0 ;;
+ exit ;;
DS/*:UNIX_System_V:*:*)
echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
*:Plan9:*:*)
# "uname -m" is not consistent, so use $cputype instead. 386
# is converted to i386 for consistency with other x86
@@ -1148,25 +1226,44 @@
UNAME_MACHINE="$cputype"
fi
echo ${UNAME_MACHINE}-unknown-plan9
- exit 0 ;;
+ exit ;;
*:TOPS-10:*:*)
echo pdp10-unknown-tops10
- exit 0 ;;
+ exit ;;
*:TENEX:*:*)
echo pdp10-unknown-tenex
- exit 0 ;;
+ exit ;;
KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
echo pdp10-dec-tops20
- exit 0 ;;
+ exit ;;
XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
echo pdp10-xkl-tops20
- exit 0 ;;
+ exit ;;
*:TOPS-20:*:*)
echo pdp10-unknown-tops20
- exit 0 ;;
+ exit ;;
*:ITS:*:*)
echo pdp10-unknown-its
- exit 0 ;;
+ exit ;;
+ SEI:*:*:SEIUX)
+ echo mips-sei-seiux${UNAME_RELEASE}
+ exit ;;
+ *:DragonFly:*:*)
+ echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+ exit ;;
+ *:*VMS:*:*)
+ UNAME_MACHINE=`(uname -p) 2>/dev/null`
+ case "${UNAME_MACHINE}" in
+ A*) echo alpha-dec-vms ; exit ;;
+ I*) echo ia64-dec-vms ; exit ;;
+ V*) echo vax-dec-vms ; exit ;;
+ esac ;;
+ *:XENIX:*:SysV)
+ echo i386-pc-xenix
+ exit ;;
+ i*86:skyos:*:*)
+ echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+ exit ;;
esac
#echo '(No uname command or uname output not recognized.)' 1>&2
@@ -1198,7 +1295,7 @@
#endif
#if defined (__arm) && defined (__acorn) && defined (__unix)
- printf ("arm-acorn-riscix"); exit (0);
+ printf ("arm-acorn-riscix\n"); exit (0);
#endif
#if defined (hp300) && !defined (hpux)
@@ -1287,12 +1384,12 @@
}
EOF
-$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
-rm -f $dummy.c $dummy && rmdir $tmpdir
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+ { echo "$SYSTEM_NAME"; exit; }
# Apollos put the system type in the environment.
-test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; }
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
# Convex versions that predate uname can use getsysinfo(1)
@@ -1301,22 +1398,22 @@
case `getsysinfo -f cpu_type` in
c1*)
echo c1-convex-bsd
- exit 0 ;;
+ exit ;;
c2*)
if getsysinfo -f scalar_acc
then echo c32-convex-bsd
else echo c2-convex-bsd
fi
- exit 0 ;;
+ exit ;;
c34*)
echo c34-convex-bsd
- exit 0 ;;
+ exit ;;
c38*)
echo c38-convex-bsd
- exit 0 ;;
+ exit ;;
c4*)
echo c4-convex-bsd
- exit 0 ;;
+ exit ;;
esac
fi
@@ -1327,7 +1424,9 @@
the operating system you are using. It is advised that you
download the most up to date version of the config scripts from
- ftp://ftp.gnu.org/pub/gnu/config/
+ http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess
+and
+ http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub
If the version you run ($0) is already up to date, please
send the following data and any information you think might be
--- sudo-1.6.8p12.orig/config.sub
+++ sudo-1.6.8p12/config.sub
@@ -1,11 +1,9 @@
#! /bin/sh
# Configuration validation subroutine script.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-# 2000, 2001, 2002 Free Software Foundation, Inc.
-#
-# $Sudo: config.sub,v 1.11 2003/01/20 21:07:51 millert Exp $
+# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
-timestamp='2002-11-30'
+timestamp='2005-07-08'
# This file is (in principle) common to ALL GNU software.
# The presence of a machine in this file suggests that SOME GNU software
@@ -23,14 +21,15 @@
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330,
-# Boston, MA 02111-1307, USA.
-
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
+
# Please send patches to <config-patches@gnu.org>. Submit a context
# diff and a properly formatted ChangeLog entry.
#
@@ -72,7 +71,7 @@
version="\
GNU config.sub ($timestamp)
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
@@ -85,11 +84,11 @@
while test $# -gt 0 ; do
case $1 in
--time-stamp | --time* | -t )
- echo "$timestamp" ; exit 0 ;;
+ echo "$timestamp" ; exit ;;
--version | -v )
- echo "$version" ; exit 0 ;;
+ echo "$version" ; exit ;;
--help | --h* | -h )
- echo "$usage"; exit 0 ;;
+ echo "$usage"; exit ;;
-- ) # Stop option processing
shift; break ;;
- ) # Use stdin as input.
@@ -101,7 +100,7 @@
*local*)
# First pass through any local machine types.
echo $1
- exit 0;;
+ exit ;;
* )
break ;;
@@ -120,7 +119,8 @@
# Here we must recognize all the valid KERNEL-OS combinations.
maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
case $maybe_os in
- nto-qnx* | linux-gnu* | freebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
+ nto-qnx* | linux-gnu* | linux-dietlibc | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | \
+ kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
os=-$maybe_os
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
;;
@@ -146,7 +146,7 @@
-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
- -apple | -axis | -sr2201*)
+ -apple | -axis | -knuth | -cray)
os=
basic_machine=$1
;;
@@ -230,14 +230,16 @@
| a29k \
| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+ | am33_2.0 \
| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
- | clipper \
+ | bfin \
+ | c4x | clipper \
| d10v | d30v | dlx | dsp16xx \
| fr30 | frv \
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
| i370 | i860 | i960 | ia64 \
- | ip2k \
- | m32r | m68000 | m68k | m88k | mcore \
+ | ip2k | iq2000 \
+ | m32r | m32rle | m68000 | m68k | m88k | maxq | mcore \
| mips | mipsbe | mipseb | mipsel | mipsle \
| mips16 \
| mips64 | mips64el \
@@ -246,28 +248,37 @@
| mips64vr4100 | mips64vr4100el \
| mips64vr4300 | mips64vr4300el \
| mips64vr5000 | mips64vr5000el \
+ | mips64vr5900 | mips64vr5900el \
| mipsisa32 | mipsisa32el \
+ | mipsisa32r2 | mipsisa32r2el \
| mipsisa64 | mipsisa64el \
+ | mipsisa64r2 | mipsisa64r2el \
| mipsisa64sb1 | mipsisa64sb1el \
| mipsisa64sr71k | mipsisa64sr71kel \
| mipstx39 | mipstx39el \
| mn10200 | mn10300 \
+ | ms1 \
+ | msp430 \
| ns16k | ns32k \
- | openrisc | or32 \
+ | or32 \
| pdp10 | pdp11 | pj | pjl \
| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
| pyramid \
- | sh | sh[1234] | sh3e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
+ | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
| sh64 | sh64le \
- | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \
+ | sparc | sparc64 | sparc64b | sparc86x | sparclet | sparclite \
+ | sparcv8 | sparcv9 | sparcv9b \
| strongarm \
- | tahoe | thumb | tic80 | tron \
+ | tahoe | thumb | tic4x | tic80 | tron \
| v850 | v850e \
| we32k \
- | x86 | xscale | xstormy16 | xtensa \
+ | x86 | xscale | xscalee[bl] | xstormy16 | xtensa \
| z8k)
basic_machine=$basic_machine-unknown
;;
+ m32c)
+ basic_machine=$basic_machine-unknown
+ ;;
m6811 | m68hc11 | m6812 | m68hc12)
# Motorola 68HC11/12.
basic_machine=$basic_machine-unknown
@@ -295,19 +306,19 @@
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
| arm-* | armbe-* | armle-* | armeb-* | armv*-* \
| avr-* \
- | bs2000-* \
- | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* \
- | clipper-* | cydra-* \
+ | bfin-* | bs2000-* \
+ | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
+ | clipper-* | craynv-* | cydra-* \
| d10v-* | d30v-* | dlx-* \
| elxsi-* \
| f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
| h8300-* | h8500-* \
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
| i*86-* | i860-* | i960-* | ia64-* \
- | ip2k-* \
- | m32r-* \
+ | ip2k-* | iq2000-* \
+ | m32r-* | m32rle-* \
| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
- | m88110-* | m88k-* | mcore-* \
+ | m88110-* | m88k-* | maxq-* | mcore-* \
| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
| mips16-* \
| mips64-* | mips64el-* \
@@ -316,29 +327,40 @@
| mips64vr4100-* | mips64vr4100el-* \
| mips64vr4300-* | mips64vr4300el-* \
| mips64vr5000-* | mips64vr5000el-* \
+ | mips64vr5900-* | mips64vr5900el-* \
| mipsisa32-* | mipsisa32el-* \
+ | mipsisa32r2-* | mipsisa32r2el-* \
| mipsisa64-* | mipsisa64el-* \
+ | mipsisa64r2-* | mipsisa64r2el-* \
| mipsisa64sb1-* | mipsisa64sb1el-* \
| mipsisa64sr71k-* | mipsisa64sr71kel-* \
- | mipstx39 | mipstx39el \
+ | mipstx39-* | mipstx39el-* \
+ | mmix-* \
+ | ms1-* \
+ | msp430-* \
| none-* | np1-* | ns16k-* | ns32k-* \
| orion-* \
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
| pyramid-* \
| romp-* | rs6000-* \
- | sh-* | sh[1234]-* | sh3e-* | sh[34]eb-* | shbe-* \
+ | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | shbe-* \
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
- | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \
- | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
- | tahoe-* | thumb-* | tic30-* | tic4x-* | tic54x-* | tic80-* | tron-* \
+ | sparc-* | sparc64-* | sparc64b-* | sparc86x-* | sparclet-* \
+ | sparclite-* \
+ | sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
+ | tahoe-* | thumb-* \
+ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+ | tron-* \
| v850-* | v850e-* | vax-* \
| we32k-* \
- | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \
- | xtensa-* \
+ | x86-* | x86_64-* | xps100-* | xscale-* | xscalee[bl]-* \
+ | xstormy16-* | xtensa-* \
| ymp-* \
| z8k-*)
;;
+ m32c-*)
+ ;;
# Recognize the various machine names and aliases which stand
# for a CPU type and a company and sometimes even an OS.
386bsd)
@@ -355,6 +377,9 @@
basic_machine=a29k-amd
os=-udi
;;
+ abacus)
+ basic_machine=abacus-unknown
+ ;;
adobe68k)
basic_machine=m68010-adobe
os=-scout
@@ -434,12 +459,27 @@
basic_machine=j90-cray
os=-unicos
;;
+ craynv)
+ basic_machine=craynv-cray
+ os=-unicosmp
+ ;;
+ cr16c)
+ basic_machine=cr16c-unknown
+ os=-elf
+ ;;
crds | unos)
basic_machine=m68k-crds
;;
+ crisv32 | crisv32-* | etraxfs*)
+ basic_machine=crisv32-axis
+ ;;
cris | cris-* | etrax*)
basic_machine=cris-axis
;;
+ crx)
+ basic_machine=crx-unknown
+ os=-elf
+ ;;
da30 | da30-*)
basic_machine=m68k-da30
;;
@@ -462,6 +502,10 @@
basic_machine=m88k-motorola
os=-sysv3
;;
+ djgpp)
+ basic_machine=i586-pc
+ os=-msdosdjgpp
+ ;;
dpx20 | dpx20-*)
basic_machine=rs6000-bull
os=-bosx
@@ -515,10 +559,6 @@
basic_machine=h8500-hitachi
os=-hms
;;
- sr2201*)
- basic_machine=harp1e-hitachi
- os=-hiuxmpp
- ;;
harris)
basic_machine=m88k-harris
os=-sysv3
@@ -644,10 +684,6 @@
mips3*)
basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
;;
- mmix*)
- basic_machine=mmix-knuth
- os=-mmixware
- ;;
monitor)
basic_machine=m68k-rom68k
os=-coff
@@ -735,9 +771,12 @@
basic_machine=hppa1.1-oki
os=-proelf
;;
- or32 | or32-*)
+ openrisc | openrisc-*)
basic_machine=or32-unknown
- os=-coff
+ ;;
+ os400)
+ basic_machine=powerpc-ibm
+ os=-os400
;;
OSE68000 | ose68000)
basic_machine=m68000-ericsson
@@ -770,18 +809,24 @@
pentiumpro | p6 | 6x86 | athlon | athlon_*)
basic_machine=i686-pc
;;
- pentiumii | pentium2)
+ pentiumii | pentium2 | pentiumiii | pentium3)
basic_machine=i686-pc
;;
+ pentium4)
+ basic_machine=i786-pc
+ ;;
pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
pentiumpro-* | p6-* | 6x86-* | athlon-*)
basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
- pentiumii-* | pentium2-*)
+ pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
+ pentium4-*)
+ basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
pn)
basic_machine=pn-gould
;;
@@ -840,6 +885,10 @@
sb1el)
basic_machine=mipsisa64sb1el-unknown
;;
+ sei)
+ basic_machine=mips-sei
+ os=-seiux
+ ;;
sequent)
basic_machine=i386-sequent
;;
@@ -847,6 +896,9 @@
basic_machine=sh-hitachi
os=-hms
;;
+ sh64)
+ basic_machine=sh64-unknown
+ ;;
sparclite-wrs | simso-wrs)
basic_machine=sparclite-wrs
os=-vxworks
@@ -913,10 +965,6 @@
basic_machine=i386-sequent
os=-dynix
;;
- t3d)
- basic_machine=alpha-cray
- os=-unicos
- ;;
t3e)
basic_machine=alphaev5-cray
os=-unicos
@@ -925,14 +973,18 @@
basic_machine=t90-cray
os=-unicos
;;
- tic4x | c4x*)
- basic_machine=tic4x-unknown
- os=-coff
- ;;
tic54x | c54x*)
basic_machine=tic54x-unknown
os=-coff
;;
+ tic55x | c55x*)
+ basic_machine=tic55x-unknown
+ os=-coff
+ ;;
+ tic6x | c6x*)
+ basic_machine=tic6x-unknown
+ os=-coff
+ ;;
tx39)
basic_machine=mipstx39-unknown
;;
@@ -946,6 +998,10 @@
tower | tower-32)
basic_machine=m68k-ncr
;;
+ tpf)
+ basic_machine=s390x-ibm
+ os=-tpf
+ ;;
udi29k)
basic_machine=a29k-amd
os=-udi
@@ -989,6 +1045,10 @@
basic_machine=hppa1.1-winbond
os=-proelf
;;
+ xbox)
+ basic_machine=i686-pc
+ os=-mingw32
+ ;;
xps | xps100)
basic_machine=xps100-honeywell
;;
@@ -1019,6 +1079,9 @@
romp)
basic_machine=romp-ibm
;;
+ mmix)
+ basic_machine=mmix-knuth
+ ;;
rs6000)
basic_machine=rs6000-ibm
;;
@@ -1035,13 +1098,10 @@
we32k)
basic_machine=we32k-att
;;
- sh3 | sh4 | sh3eb | sh4eb | sh[1234]le | sh3ele)
+ sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele)
basic_machine=sh-unknown
;;
- sh64)
- basic_machine=sh64-unknown
- ;;
- sparc | sparcv9 | sparcv9b)
+ sparc | sparcv8 | sparcv9 | sparcv9b)
basic_machine=sparc-sun
;;
cydra)
@@ -1114,19 +1174,21 @@
| -aos* \
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
- | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \
- | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* | -openbsd* \
+ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
| -chorusos* | -chorusrdb* \
| -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
- | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \
+ | -mingw32* | -linux-gnu* | -linux-uclibc* | -uxpv* | -beos* | -mpeix* | -udk* \
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
| -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
- | -powermax* | -dnix*)
+ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+ | -skyos* | -haiku*)
# Remember, each alternative MUST END IN *, to match a version number.
;;
-qnx*)
@@ -1144,12 +1206,15 @@
os=`echo $os | sed -e 's|nto|nto-qnx|'`
;;
-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
- | -windows* | -osx | -abug | -netware* | -os9* | -beos* \
+ | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
| -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
;;
-mac*)
os=`echo $os | sed -e 's|mac|macos|'`
;;
+ -linux-dietlibc)
+ os=-linux-dietlibc
+ ;;
-linux*)
os=`echo $os | sed -e 's|linux|linux-gnu|'`
;;
@@ -1162,6 +1227,9 @@
-opened*)
os=-openedition
;;
+ -os400*)
+ os=-os400
+ ;;
-wince*)
os=-wince
;;
@@ -1183,6 +1251,9 @@
-atheos*)
os=-atheos
;;
+ -syllable*)
+ os=-syllable
+ ;;
-386bsd)
os=-bsd
;;
@@ -1205,6 +1276,9 @@
-sinix*)
os=-sysv4
;;
+ -tpf*)
+ os=-tpf
+ ;;
-triton*)
os=-sysv3
;;
@@ -1235,6 +1309,15 @@
-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
os=-mint
;;
+ -aros*)
+ os=-aros
+ ;;
+ -kaos*)
+ os=-kaos
+ ;;
+ -zvmoe)
+ os=-zvmoe
+ ;;
-none)
;;
*)
@@ -1266,6 +1349,9 @@
arm*-semi)
os=-aout
;;
+ c4x-* | tic4x-*)
+ os=-coff
+ ;;
# This must come before the *-dec entry.
pdp10-*)
os=-tops20
@@ -1309,9 +1395,15 @@
*-be)
os=-beos
;;
+ *-haiku)
+ os=-haiku
+ ;;
*-ibm)
os=-aix
;;
+ *-knuth)
+ os=-mmixware
+ ;;
*-wec)
os=-proelf
;;
@@ -1444,9 +1536,15 @@
-mvs* | -opened*)
vendor=ibm
;;
+ -os400*)
+ vendor=ibm
+ ;;
-ptx*)
vendor=sequent
;;
+ -tpf*)
+ vendor=ibm
+ ;;
-vxsim* | -vxworks* | -windiss*)
vendor=wrs
;;
@@ -1471,7 +1569,7 @@
esac
echo $basic_machine$os
-exit 0
+exit
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
--- sudo-1.6.8p12.orig/sudoers
+++ sudo-1.6.8p12/sudoers
@@ -1,10 +1,17 @@
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
+# 'visudo' edits the suoders file in a safe fashion. visudo
+# locks the sudoers file against multiple simultaneous edits,
+# provides basic sanity checks, and checks for syntax errors. If
+# the sudoers file is currently being edited you will receive a
+# message to try again later.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
+# Defaults syslog=auth, secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin"
+
# Host alias specification
# User alias specification
--- sudo-1.6.8p12.orig/debian/dirs
+++ sudo-1.6.8p12/debian/dirs
@@ -0,0 +1,7 @@
+etc/pam.d
+usr/bin
+usr/share/man/man8
+usr/share/man/man5
+usr/sbin
+usr/share/doc/sudo/examples
+usr/share/lintian/overrides
--- sudo-1.6.8p12.orig/debian/docs
+++ sudo-1.6.8p12/debian/docs
@@ -0,0 +1,9 @@
+debian/OPTIONS
+BUGS
+RUNSON
+UPGRADE
+PORTING
+TODO
+HISTORY
+README
+TROUBLESHOOTING
--- sudo-1.6.8p12.orig/debian/sudo-ldap.init.d
+++ sudo-1.6.8p12/debian/sudo-ldap.init.d
@@ -0,0 +1,31 @@
+#! /bin/sh
+
+### BEGIN INIT INFO
+# Provides: sudu
+# Required-Start: $local_fs $remote_fs
+# Required-Stop:
+# Default-Start: S 1 2 3 4 5
+# Default-Stop: 0 6
+### END INIT INFO
+
+N=/etc/init.d/sudo
+
+set -e
+
+case "$1" in
+ start)
+ # make sure privileges don't persist across reboots
+ if [ -d /var/run/sudo ]
+ then
+ find /var/run/sudo -type f -exec touch -t 198501010000 '{}' \;
+ fi
+ ;;
+ stop|reload|restart|force-reload)
+ ;;
+ *)
+ echo "Usage: $N {start|stop|restart|force-reload}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
--- sudo-1.6.8p12.orig/debian/control
+++ sudo-1.6.8p12/debian/control
@@ -0,0 +1,32 @@
+Source: sudo
+Section: admin
+Priority: optional
+Maintainer: Bdale Garbee <bdale@gag.com>
+Build-Depends: debhelper (>= 5), libpam0g-dev, libldap2-dev
+Standards-Version: 3.6.2.1
+
+Package: sudo
+Architecture: any
+Depends: ${shlibs:Depends}, libpam-modules
+Conflicts: sudo-ldap
+Replaces: sudo-ldap
+Description: Provide limited super user privileges to specific users
+ Sudo is a program designed to allow a sysadmin to give limited root
+ privileges to users and log root activity. The basic philosophy is to give
+ as few privileges as possible but still allow people to get their work done.
+ .
+ This version is built with minimal shared library dependencies, use the
+ sudo-ldap package instead if you need LDAP support.
+
+Package: sudo-ldap
+Architecture: any
+Depends: ${shlibs:Depends}, libpam-modules
+Conflicts: sudo
+Replaces: sudo
+Provides: sudo
+Description: Provide limited super user privileges to specific users
+ Sudo is a program designed to allow a sysadmin to give limited root
+ privileges to users and log root activity. The basic philosophy is to give
+ as few privileges as possible but still allow people to get their work done.
+ .
+ This version is built with LDAP support.
--- sudo-1.6.8p12.orig/debian/sudo-ldap.postrm
+++ sudo-1.6.8p12/debian/sudo-ldap.postrm
@@ -0,0 +1,21 @@
+#! /bin/sh
+
+set -e
+
+case "$1" in
+ purge)
+ rm -f /etc/sudoers
+ ;;
+
+ remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+ ;;
+
+ *)
+ echo "postrm called with unknown argument \`$1'" >&2
+ exit 1
+
+esac
+
+#DEBHELPER#
+
+exit 0
--- sudo-1.6.8p12.orig/debian/prerm
+++ sudo-1.6.8p12/debian/prerm
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+check_password() {
+ if [ ! "$SUDO_FORCE_REMOVE" = "yes" ]; then
+ # let's check whether the root account is locked.
+ # if it is, we're not going another step. No Sirreee!
+ passwd=$(getent shadow root|cut -f2 -d:)
+ if [ "$passwd" = "*" -o "$passwd" = "!" ]; then
+ # yup, password is locked
+ echo "You have asked that the sudo package be removed,"
+ echo "but no root password has been set."
+ echo "Without sudo, you may not be able to gain administrative privileges."
+ echo
+ echo "If you would prefer to access the root account with su(1)"
+ echo "or by logging in directly,"
+ echo "you must set a root password with \"sudo passwd\"."
+ echo
+ echo "If you have arranged other means to access the root account,"
+ echo "and you are sure this is what you want,"
+ echo "you may bypass this check by setting an environment variable "
+ echo "(export SUDO_FORCE_REMOVE=yes)."
+ echo
+ echo "Refusing to remove sudo."
+ exit 1
+ fi
+ fi
+}
+
+case $1 in
+ remove)
+ check_password;
+ ;;
+ *)
+ ;;
+esac
--- sudo-1.6.8p12.orig/debian/rules
+++ sudo-1.6.8p12/debian/rules
@@ -0,0 +1,140 @@
+#!/usr/bin/make -f
+
+export DH_VERBOSE=1
+
+CFLAGS = -O2 -Wall -Wno-comment
+ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS)))
+CFLAGS += -g
+endif
+export CFLAGS
+
+build: config-stamp
+config-stamp:
+ dh_testdir
+
+ # simple version
+ mkdir -p build-simple
+ cd build-simple && ../configure --prefix=/usr -v \
+ --with-all-insults \
+ --with-exempt=sudo --with-pam --with-fqdn \
+ --with-logging=syslog --with-logfac=authpriv \
+ --with-env-editor --with-editor=/usr/bin/editor \
+ --with-timeout=15 --with-password-timeout=0 \
+ --disable-root-mailer --disable-setresuid \
+ --with-sendmail=/usr/sbin/sendmail \
+ --without-lecture \
+ --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin"
+
+ # LDAP version
+ mkdir -p build-ldap
+ cd build-ldap && ../configure --prefix=/usr -v \
+ --with-all-insults \
+ --with-exempt=sudo --with-pam --with-ldap --with-fqdn \
+ --with-logging=syslog --with-logfac=authpriv \
+ --with-env-editor --with-editor=/usr/bin/editor \
+ --with-timeout=15 --with-password-timeout=0 \
+ --disable-root-mailer --disable-setresuid \
+ --with-sendmail=/usr/sbin/sendmail \
+ --with-ldap-conf-file=/etc/ldap/ldap.conf \
+ --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin"
+
+ touch config-stamp
+
+build: build-stamp
+build-stamp: config-stamp
+ dh_testdir
+
+ -$(MAKE) -C build-simple
+ -$(MAKE) -C build-ldap
+
+ touch build-stamp
+
+clean:
+ dh_testdir
+ dh_testroot
+ rm -f config-stamp build-stamp
+ rm -rf build-simple build-ldap
+ rm -f config.cache
+
+ -test -r /usr/share/misc/config.sub && \
+ cp -f /usr/share/misc/config.sub config.sub
+ -test -r /usr/share/misc/config.guess && \
+ cp -f /usr/share/misc/config.guess config.guess
+
+ dh_clean
+
+install: build-stamp
+ dh_testdir
+ dh_testroot
+ dh_clean -k
+ dh_installdirs
+
+ # simple version
+ install -o root -g root -m 4755 -s build-simple/sudo debian/sudo/usr/bin/sudo
+ ln -sf sudo debian/sudo/usr/bin/sudoedit
+ install -o root -g root -m 0755 -s build-simple/visudo \
+ debian/sudo/usr/sbin/visudo
+ install -o root -g root -m 0644 build-simple/sudo.man \
+ debian/sudo/usr/share/man/man8/sudo.8
+ ln -sf sudo.8 debian/sudo/usr/share/man/man8/sudoedit.8
+ install -o root -g root -m 0644 build-simple/visudo.man \
+ debian/sudo/usr/share/man/man8/visudo.8
+ install -o root -g root -m 0644 build-simple/sudoers.man \
+ debian/sudo/usr/share/man/man5/sudoers.5
+ install -o root -g root -m 0644 sample.sudoers \
+ debian/sudo/usr/share/doc/sudo/examples/sudoers
+ install -o root -g root -m 0644 debian/sudo.pam \
+ debian/sudo/etc/pam.d/sudo
+
+ install -o root -g root -m 0644 debian/sudo.lintian \
+ debian/sudo/usr/share/lintian/overrides/sudo
+
+ install -o root -g root -m 0644 debian/sudo_root.8 \
+ debian/sudo/usr/share/man/man8/sudo_root.8
+
+ # LDAP version
+ install -o root -g root -m 4755 -s build-ldap/sudo debian/sudo-ldap/usr/bin/sudo
+ ln -sf sudo debian/sudo-ldap/usr/bin/sudoedit
+ install -o root -g root -m 0755 -s build-ldap/visudo debian/sudo-ldap/usr/sbin/visudo
+ install -o root -g root -m 0644 build-ldap/sudo.man \
+ debian/sudo-ldap/usr/share/man/man8/sudo.8
+ ln -sf sudo.8 debian/sudo-ldap/usr/share/man/man8/sudoedit.8
+ install -o root -g root -m 0644 build-ldap/visudo.man \
+ debian/sudo-ldap/usr/share/man/man8/visudo.8
+ install -o root -g root -m 0644 build-ldap/sudoers.man \
+ debian/sudo-ldap/usr/share/man/man5/sudoers.5
+ install -o root -g root -m 0644 sample.sudoers \
+ debian/sudo-ldap/usr/share/doc/sudo-ldap/examples/sudoers
+ install -o root -g root -m 0644 debian/sudo.pam \
+ debian/sudo-ldap/etc/pam.d/sudo
+
+ install -o root -g root -m 0644 debian/sudo-ldap.lintian \
+ debian/sudo-ldap/usr/share/lintian/overrides/sudo-ldap
+
+ install -o root -g root -m 0644 debian/sudo_root.8 \
+ debian/sudo/usr/share/man/man8/sudo_root.8
+
+binary-indep: build install
+
+binary-arch: build install
+ dh_testdir
+ dh_testroot
+ dh_installdocs
+ dh_installexamples -A
+# dh_installinit -psudo -psudo-ldap
+ dh_installmanpages fnmatch.3
+ dh_installinfo -A
+ dh_installchangelogs CHANGES
+ dh_strip
+ dh_compress
+ dh_fixperms
+ chown root.root debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo
+ chmod 4755 debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo
+ dh_installdeb
+ dh_shlibdeps
+ dh_gencontrol
+ dh_md5sums
+ dh_builddeb
+
+binary: binary-indep binary-arch
+.PHONY: build clean binary-indep binary-arch binary install
--- sudo-1.6.8p12.orig/debian/changelog
+++ sudo-1.6.8p12/debian/changelog
@@ -0,0 +1,769 @@
+sudo (1.6.8p12-1ubuntu6) dapper; urgency=low
+
+ * env.c: Preserve additional environment variables for non-almighty sudoers:
+ HOME, LOGNAME, DISPLAY, XAUTHORITY, XAUTHORIZATION. Closes: LP#44500
+
+ -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 17 May 2006 09:29:15 +0200
+
+sudo (1.6.8p12-1ubuntu5) dapper; urgency=low
+
+ * env.c: Unbreak the env_keep option. Closes: LP#31690
+ * sudoers: Add some explanatory text why it is a REALLY good idea to use
+ visudo. Closes: LP#11620
+
+ -- Martin Pitt <martin.pitt@ubuntu.com> Tue, 28 Mar 2006 18:52:24 +0200
+
+sudo (1.6.8p12-1ubuntu4) dapper; urgency=low
+
+ * Remove the init script, it only cleans up /var/run which is a tmpfs.
+
+ -- Scott James Remnant <scott@ubuntu.com> Wed, 22 Feb 2006 16:28:42 +0000
+
+sudo (1.6.8p12-1ubuntu3) dapper; urgency=low
+
+ * Add debian/sudo_root.8: Introduction about root handling in ubuntu with
+ sudo.
+ * debian/rules: Install that new manpage into sudo and sudo-ldap.
+
+ -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 8 Feb 2006 17:01:50 +0100
+
+sudo (1.6.8p12-1ubuntu2) dapper; urgency=low
+
+ * sudo.c: If the user successfully authenticated and he is in the 'admin'
+ group, then create a stamp ~/.sudo_as_admin_successful. A future
+ /etc/profile will evaluate this flag to display a short help about how to
+ execute things as root.
+
+ -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 18 Jan 2006 09:32:02 +0100
+
+sudo (1.6.8p12-1ubuntu1) dapper; urgency=low
+
+ * Resynchronise with Debian, clean up cruft from Ubuntu diff.
+ * debian/postinst: Do not set env_reset flag in newly created sudoers files;
+ it's incompatible with upgrades.
+ * Clean up environment variable handling to fix vulns like CVE-2005-4158 and
+ CVE-2006-0151 once and for all: Only keep known-good variables if user has
+ limited sudo privileges (blacklist -> whitelist) and keep them all for
+ users with unlimited command privileges (to not drive admins and
+ developers up the wall which actually need to pass env variables from time
+ to time).
+ - parse.h, parse.yacc:
+ + Add a new flag 'cmdall' to the matchstack, and a new macro 'cmnd_all'
+ to access it.
+ + In the "cmnd" grammar rule: Set cmdall to TRUE if command specifier is
+ 'ALL', otherwise to FALSE.
+ - sudo.tab.cc: Re-yaccified to match changes to parse.yacc.
+ - sudo.h: Add new sudoers_lookup() return flag FLAG_CMND_ALL.
+ - parse.c, sudoers_lookup(): Set flag FLAG_CMND_ALL if cmnd_all matched.
+ - ldap.c:
+ + sudo_ldap_check_command(): Add return parameter all, set to true
+ if command specifier is 'ALL'.
+ + sudo_ldap_check(): Set flag FLAG_CMND_ALL if sudo_ldap_check_command()
+ returned all=1.
+ - env.c:
+ + Apply Martin Schulze's patch to switch from blacklist to whitelist
+ environment cleaning.
+ + Add parameter 'noclean' to rebuild_env(); if it is != 0, environment
+ variables are not cleaned.
+ - sudo.c: Call rebuild_env() with noclean=1 if FLAG_CMND_ALL is set.
+
+ -- Martin Pitt <martin.pitt@ubuntu.com> Tue, 17 Jan 2006 10:03:05 +0100
+
+sudo (1.6.8p12-1) unstable; urgency=low
+
+ * new upstream version, closes: #342948 (CVE-2005-4158)
+ * add env_reset to the sudoers file we create if none already exists,
+ as a further precaution in response to discussion about CVS-2005-4158
+ * split ldap support into a new sudo-ldap package. I was trying to avoid
+ doing this, but the impact of going from 4 to 17 linked shlibs on the
+ autobuilder chroots is sufficient motivation for me.
+ closes: #344034
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
+
+sudo (1.6.8p9-4) unstable; urgency=low
+
+ * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
+ * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
+ timestamps in the init.d script, closes: #330868
+ * add dependency header to init.d script, closes: #332849
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
+
+sudo (1.6.8p9-3ubuntu4) dapper; urgency=low
+
+ * Revert addition of sudo -t, i. e. revert to version 1.6.8p9-3ubuntu1. As
+ per TB discussion, we will not use sudo for implementing
+ https://wiki.ubuntu.com/HideAdminToolsToUsers.
+
+ -- Martin Pitt <martin.pitt@ubuntu.com> Tue, 29 Nov 2005 23:27:42 +0100
+
+sudo (1.6.8p9-3ubuntu3) dapper; urgency=low
+
+ * sudo.c: Log failures even in test mode, to avoid the possibility of
+ silently poking around for interesting sudo privileges. This will generate
+ a lot of auth log clutter in the desktop case, but will not change sudo
+ semantics where it matters (on servers).
+
+ -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 17 Nov 2005 10:35:04 +0100
+
+sudo (1.6.8p9-3ubuntu2) dapper; urgency=low
+
+ * Add option -t which only tests whether the given command can be executed
+ and does not require a password. This is required for the
+ https://wiki.ubuntu.com/HideAdminToolsToUsers spec.
+ * sudo.h: Add MODE_TESTONLY mode.
+ * sudo.c: Add -t parsing and do not actually run the command in test mode,
+ just return success or failure. Also, add the new option to the "usage"
+ output.
+ * sudo.pod: Document new -t option.
+ * Put patch into debian/ubuntu-patches/sudo.add-test-option.patch to have
+ it separate for future merges (requires a manual "make sudo.man.in" to
+ actually run pod2man).
+
+ -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 9 Nov 2005 17:40:43 -0500
+
+sudo (1.6.8p9-3ubuntu1) dapper; urgency=low
+
+ * Resynchronise with Debian.
+
+ -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 9 Nov 2005 17:12:06 -0500
+
+sudo (1.6.8p9-3) unstable; urgency=high
+
+ * update debhelper compatibility level from 2 to 4
+ * add man page symlink for sudoedit
+ * Clean SHELLOPTS and PS4 from the environment before executing programs
+ with sudo permissions [env.c, CAN-2005-2959]
+ * fix typo in manpage pointed out by Moray Allen, closes: #285995
+ * fix paths in sample complex sudoers file, closes: #303542
+ * fix type in sudoers man page, closes: #311244
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
+
+sudo (1.6.8p9-2ubuntu2) breezy; urgency=low
+
+ * debian/init.d: When resetting the timestamps of the tty tags, actually
+ touch the files, not the per-user directories. Since bootclean.sh removes
+ /var/run/* anyway, this is no big deal, but clean it up anyway for the
+ sake of correctness. (Ubuntu #16594)
+
+ -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 30 Sep 2005 09:52:27 +0200
+
+sudo (1.6.8p9-2ubuntu1) breezy; urgency=low
+
+ * Resynchronise with Debian, resolve merging conflicts and unscramble
+ changelog.
+
+ -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 7 Jul 2005 09:01:48 +0000
+
+sudo (1.6.8p9-2) unstable; urgency=high
+
+ * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
+ closes: #305735
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
+
+sudo (1.6.8p9-1) unstable; urgency=high
+
+ * new upstream version, fixes a race condition in sudo's pathname
+ validation, which is a security issue (CAN-2005-1993),
+ closes: #315115, #315718
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
+
+sudo (1.6.8p7-1) unstable; urgency=low
+
+ * new upstream version, closes: #299585
+ * update lintian overrides to squelch the postinst warning
+ * change sudoedit from a hard to a soft link, closes: #296896
+ * fix regex doc in sudoers man page, closes: #300361
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
+
+sudo (1.6.8p5-1ubuntu3) breezy; urgency=low
+
+ * SECURITY UPDATE: Fix privilege escalation.
+ * sudo.c, parse.yacc: safe_cmd contains the actually executed program which
+ is normally taken from /etc/sudoers. However, if sudoers contains "ALL"
+ entries that follow the matching entry, safe_cmd was overwritten with the
+ path the user specified on the command line, which opens up the
+ possibility of executing arbitrary commands by generating symlinks to
+ them.
+ * References:
+ CAN-2005-1993
+ http://www.securityfocus.com/archive/1/402741
+
+ -- Martin Pitt <martin.pitt@ubuntu.com> Tue, 21 Jun 2005 13:41:05 +0200
+
+sudo (1.6.8p5-1ubuntu2) hoary; urgency=low
+
+ * Add !fqdn to the Defaults so we don't die horribly when localhost doesn't
+ resolve (Ubuntu: 2772)
+
+ -- Thom May <thom@ubuntu.com> Wed, 2 Mar 2005 20:34:20 +0000
+
+sudo (1.6.8p5-1ubuntu1) hoary; urgency=low
+
+ * Resync with Debian
+
+ -- LaMont Jones <lamont@canonical.com> Mon, 6 Dec 2004 09:31:28 -0700
+
+sudo (1.6.8p5-1) unstable; urgency=high
+
+ * new upstream version
+ * restores ability to use config tuples without a value, which was causing
+ problems on upgrade closes: #283306
+ * deliver sudoedit, closes: #283078
+ * marking urgency high since 283306 is a serious upgrade incompatibility
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
+
+sudo (1.6.8p3-2) unstable; urgency=high
+
+ * update pam.d deliverable so ldap works again, closes: #282191
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
+
+sudo (1.6.8p3-1) unstable; urgency=high
+
+ * new upstream version, fixes a flaw in sudo's environment sanitizing that
+ could allow a malicious user with permission to run a shell script that
+ utilized the bash shell to run arbitrary commands, closes: #281665
+ * patch the sample sudoers to have the proper path for kill on Debian
+ systems, closes: #263486
+ * patch the sudo manpage to reflect Debian's choice of exempt_group
+ default setting, closes: #236465
+ * patch the sudo manpage to reflect Debian's choice of no timeout on the
+ password prompt, closes: #271194
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
+
+sudo (1.6.7p5-2ubuntu2) hoary; urgency=low
+
+ * SECURITY UPDATE: fix input validation flaw
+ * env.c, rebuild_env(): skip variables with values beginnig with "()" to
+ ignore exported bash functions in the sudo environment; this prevents
+ introducing malicious functions with the name of commands that are
+ executed without full path
+ * References:
+ http://www.sudo.ws/sudo/alerts/bash_functions.html
+
+ -- Martin Pitt <martin.pitt@canonical.com> Wed, 17 Nov 2004 18:54:30 +0100
+
+sudo (1.6.7p5-2ubuntu1) hoary; urgency=low
+
+ * Resynchronise with Debian.
+
+ -- Scott James Remnant <scott@canonical.com> Wed, 27 Oct 2004 15:06:39 +0100
+
+sudo (1.6.7p5-2) unstable; urgency=low
+
+ * Jeff Bailey reports that seteuid works on current sparc systems, so we
+ no longer need the "grosshack" stuff in the sudo rules file
+ * add a postrm that removes /etc/sudoers on purge. don't do this with the
+ normal conffile mechanism since it would generate noise on every upgrade,
+ closes: #245405
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
+
+sudo (1.6.7p5-1ubuntu4) warty; urgency=low
+
+ * Disable lecture by default. (Warty #987)
+
+ -- Thom May <thom@canonical.com> Wed, 6 Oct 2004 14:31:31 +0100
+
+sudo (1.6.7p5-1ubuntu3) warty; urgency=low
+
+ * Refuse to remove sudo if the root password is not set and the user is
+ running us via sudo
+
+ -- Thom May <thom@canonical.com> Mon, 27 Sep 2004 15:30:09 +0100
+
+sudo (1.6.7p5-1ubuntu2) warty; urgency=low
+
+ * Add 'Defaults !lecture,tty_tickets' to initial sudoers file.
+
+ -- Colin Watson <cjwatson@flatline.org.uk> Mon, 23 Aug 2004 21:03:15 +0100
+
+sudo (1.6.7p5-1ubuntu1) warty; urgency=low
+
+ * Remove /etc/sudoers on purge. (Closes: #245405)
+
+ -- Fabio M. Di Nitto <fabbione@fabbione.net> Mon, 19 Jul 2004 09:42:04 +0200
+
+sudo (1.6.7p5-1) unstable; urgency=low
+
+ * new upstream version, closes: #190265, #193222, #197244
+ * change from '.' to ':' in postinst chown call, closes: #208369
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
+
+sudo (1.6.7p3-2) unstable; urgency=low
+
+ * add --disable-setresuid to configure call since 2.2 kernels don't support
+ setresgid, closes: #189044
+ * cosmetic cleanups to debian/rules as long as I'm there
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
+
+sudo (1.6.7p3-1) unstable; urgency=low
+
+ * new upstream version
+ * add overrides to quiet lintian about things it doesn't understand,
+ except the source one that can't be overridden until 129510 is fixed
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
+
+sudo (1.6.6-3) unstable; urgency=low
+
+ * add code to rules file to update config.sub/guess, closes: #164501
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
+
+sudo (1.6.6-2) unstable; urgency=low
+
+ * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
+ configure, and lose the build dependency on mail-transport-agent
+ * incorporate changes from LaMont's NMU, closes: #144665, #144737
+ * update init.d to not try and set time on nonexistent timestamp files,
+ closes: #132616
+ * build with --with-all-insults, admin must edit sudoers to turn insults
+ on at runtime if desired, closes: #135374
+ * stop setting /usr/doc symlink in postinst
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
+
+sudo (1.6.6-1.1) unstable; urgency=high
+
+ * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
+ * Revert patch to auth/pam.c that left pass uninitialized, causing a
+ segfault (Closes: #144665).
+
+ -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
+
+sudo (1.6.6-1) unstable; urgency=high
+
+ * new upstream version, fixes security problem with crafty prompts,
+ closes: #144540
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
+
+sudo (1.6.5p1-4) unstable; urgency=high
+
+ * apply patch for auth/pam.c to fix yet another way to make sudo segfault
+ if ctrl/C'ed at password prompt, closes: #131235
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
+
+sudo (1.6.5p1-3) unstable; urgency=high
+
+ * ugly hack to add --disable-saved-ids when building on sparc in response
+ to 131592, which will be reassigned to glibc for a real fix
+ * urgency high since the sudo currently in testing for sparc is worthless
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
+
+sudo (1.6.5p1-2) unstable; urgency=high
+
+ * patch from upstream to fix seg faults caused by versions of pam that
+ follow a NULL pointer, closes: #129512
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
+
+sudo (1.6.5p1-1) unstable; urgency=high
+
+ * new upstream version
+ * add --disable-root-mailer option supported by new version to configure
+ call in rules file, closes: #129648
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
+
+sudo (1.6.4p1-1) unstable; urgency=high
+
+ * new upstream version, with fix for segfaulting problem in 1.6.4
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
+
+sudo (1.6.4-1) unstable; urgency=high
+
+ * new upstream version, includes an important security fix, closes: #127576
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
+
+sudo (1.6.3p7-5) unstable; urgency=low
+
+ * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
+ * fix spelling error in init.d, closes: #126847
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
+
+sudo (1.6.3p7-4) unstable; urgency=medium
+
+ * use touch to set status files to an ancient date instead of removing them
+ outright on reboot. this achieves the desired effect of keeping elevated
+ privs from living across reboots, without forcing everyone to see the
+ new-sudo-user lecture after every reboot. pick a time that's 'old enough'
+ for systems with good clocks, and 'recent enough' that broken PC hardware
+ setting the clock to commonly-seen bogus dates trips over the "don't trust
+ future timestamps" rule. closes: #76529, #123559
+ * apply patch from Steve Langasek to fix seg faults due to interaction with
+ PAM code. upstream confirms the problem, and says they're fixing this
+ differently for their next release... but this should be useful in the
+ meantime, and would be good to get into woody. closes: #119147
+ * only run the init.d at boot, not on each runlevel change... and don't run
+ it during package configure. closes: #125935
+ * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
+
+sudo (1.6.3p7-3) unstable; urgency=low
+
+ * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
+ resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
+ * fix a typo in the manpage, closes: #97368
+ * apply patch to configure.in and run autoconf to fix problem building on
+ the hurd, closes: #96325
+ * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
+ to not last across reboots, closes: #76529
+ * clean up lintian-noticed cosmetic packaging issues
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
+
+sudo (1.6.3p7-2) unstable; urgency=low
+
+ * update config.sub/guess for hppa support
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
+
+sudo (1.6.3p7-1) unstable; urgency=low
+
+ * new upstream version
+ * add build dependency on mail-transport-agent, closes: #90685
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
+
+sudo (1.6.3p6-1) unstable; urgency=high
+
+ * new upstream version, fixes buffer overflow problem,
+ closes: #87259, #87278, #87263
+ * revert to using --with-secure-path option at build time, since the option
+ available in sudoers is parsed too late to be useful, and upstream says
+ it won't get fixed quickly. This reopens 85123, which I will mark as
+ forwarded. Closes: #86199, #86117, #85676
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
+
+sudo (1.6.3p5-2) unstable; urgency=low
+
+ * lose the dh_suidregister call since it's obsolete
+ * stop using the --with-secure-path option at build time, and instead show
+ how to set it in sudoers. Closes: #85123
+ * freshen config.sub and config.guess for ia64 and hppa
+ * update sudoers man page to indicate exempt_group is on by default,
+ closes: #70847
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
+
+sudo (1.6.3p5-1) unstable; urgency=low
+
+ * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
+ * this version restores core dumps before the exec, while leaving them
+ disabled during sudo's internal execution, closes: #58289
+ * update debhelper calls in rules file
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
+
+sudo (1.6.2p2-1) frozen unstable; urgency=medium
+
+ * new upstream source resulting from direct collaboration with the upstream
+ author to fix ugly pam-related problems on Debian in 1.6.1 and later.
+ Closes: #56129, #55978, #55979, #56550, #56772
+ * include more upstream documentation, closes: #55054
+ * pam.d fragment update, closes: #56129
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
+
+sudo (1.6.1-1) unstable; urgency=low
+
+ * new upstream source, closes: #52750
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
+
+sudo (1.6-2) unstable; urgency=low
+
+ * drop suidregister support for this package. The sudo executable is
+ essentially worthless unless it is setuid root, and making suidregister
+ work involves shipping a non-setuid executable in the .deb and setting the
+ perms in the postinst. On a long upgrade run, this can leave the sudo
+ executable 'broken' for a long time, which is unacceptable. With this
+ version, we ship the executable setuid root in the .deb. Closes: #51742
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
+
+sudo (1.6-1) unstable; urgency=low
+
+ * new upstream version, many options previously set at compile-time are now
+ configurable at runtime.
+ Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
+ * FHS support
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
+
+sudo (1.5.9p4-1) unstable; urgency=low
+
+ * new upstream version, closes: #43464
+ * empty password handling was fixed in 1.5.8, closes: #31863
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
+
+sudo (1.5.9p1-1) unstable; urgency=low
+
+ * new upstream version
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
+
+sudo (1.5.8p1-1) unstable; urgency=medium
+
+ * new upstream version, closes 33690
+ * add dependency on libpam-modules, closes 34215, 33432
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
+
+sudo (1.5.7p4-2) unstable; urgency=medium
+
+ * update the pam fragment provided so that sudo works with latest pam bits,
+ closes 33432
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
+
+sudo (1.5.7p4-1) unstable; urgency=low
+
+ * new upstream release
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
+
+sudo (1.5.6p5-1) unstable; urgency=low
+
+ * new upstream patch release
+ * add PAM support, closes 28594
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
+
+sudo (1.5.6p2-2) unstable; urgency=low
+
+ * update copyright file, closes 24136
+ * review and close forwarded bugs believed fixed in this upstream version,
+ closes 17606, 15786.
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
+
+sudo (1.5.6p2-1) unstable; urgency=low
+
+ * new upstream release
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
+
+sudo (1.5.4-4) frozen unstable; urgency=low
+
+ * update postinst to use groupadd, closes 21403
+ * move the suidregister stuff earlier in postinst to ensure it always runs
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
+
+sudo (1.5.4-3) frozen unstable; urgency=low
+
+ * change /etc/sudoers from a conffile to being handled in postinst,
+ closes 18219
+ * add suidmanager support, closes 15711
+ * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
+ unlikely to ever fix, and which just don't matter. closes 17146
+ * fix FSF address in copyright file, and submit exception for lintian
+ warning about sudo being setuid root
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
+
+sudo (1.5.4-2) unstable; urgency=high
+
+ * patch from upstream author correcting/improving security fix
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
+
+sudo (1.5.4-1) unstable; urgency=high
+
+ * new upstream version, includes a security fix
+ * change default editor from /bin/ae to /usr/bin/editor
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
+
+sudo (1.5.3-1) unstable; urgency=medium
+
+ * new upstream version, closes bug 15911.
+ * rules file reworked to use debhelper
+ * implement a really gross hack to force use of the sudo-provided
+ lsearch(), since the one in libc6 is broken! This closes bugs
+ 12552, 12557, 14881, 15259, 15916.
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
+
+sudo (1.5.2-6) unstable; urgency=LOW
+
+ * don't install INSTALL in the doc directory, closes bug 13195.
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
+
+sudo (1.5.2-5) unstable; urgency=LOW
+
+ * libc6
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
+
+sudo (1.5.2-4) unstable; urgency=LOW
+
+ * change TIMEOUT (how long before you have to type your password again)
+ to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
+ packages on slower machines much more tolerable. Closes bug 9076.
+ * touch debian/suid before debstd. Closes bug 8709.
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
+
+sudo (1.5.2-3) frozen unstable; urgency=LOW
+
+ * patch from upstream maintainer to close Bug 6828
+ * add a debian/suid file to get debstd to leave my perl postinst alone
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
+
+sudo (1.5.2-2) frozen unstable; urgency=LOW
+
+ * change rules to use -O2 -Wall as per standards
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
+
+sudo (1.5.2-1) unstable; urgency=LOW
+
+ * new upstream version
+ * cosmetic changes to debian package control files
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
+
+sudo (1.5-2) unstable; urgency=LOW
+
+ * add /usr/X11R6/bin to the end of the secure path... this makes it
+ much easier to run xmkmf, etc., during package builds. To the extent
+ that /usr/local/sbin and /usr/local/bin were already included, I see
+ no security reasons not to add this.
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
+
+sudo (1.5-1) unstable; urgency=LOW
+
+ * New upstream version
+ * New maintainer
+ * New packaging format
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
+
+Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
+
+ sudo (1.4.1-1):
+
+ * hard code SECURE_PATH to:
+ "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+ * enable ENV_EDITOR
+
+ * enabled EXEMPTGROUP "sudo"
+
+ * moved timestamp dir to /var/log/sudo
+
+ * changed parser to check for long and short filenames (Bug#1162)
+
+Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
+
+ sudo (1.4.2-1):
+
+ * New upstream source
+
+ * Fixed postinst script
+ (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
+
+ * Removed special shadow binary. This version works with and without
+ shadow password file.
+
+Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+ sudo (1.4.2-2):
+
+ * Corrected editor path to /bin/ae (Bug#3062)
+
+ * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
+
+Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+ sudo (1.4.3-1):
+
+ * New upstream version
+
+ * Changed sudoers permission to 440 (owner root, group root) to make
+ sudo usable via NFS
+
+Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+ sudo (1.4.3-2):
+
+ * Applied upstream patch 1
+
+Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+ sudo (1.4.3-3):
+
+ * Applied upstream patch 2
+
+Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+ sudo (1.4.3-4):
+
+ * Applied upstream patch 3 (fixes problems with an NFS-mounted
+ sudoers file)
+
+
+Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+ sudo (1.4.3-5):
+
+ * Corrected postinst to use /usr/bin/perl instead of /bin/perl
+ [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
+
+Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+ sudo (1.4.3-6):
+
+ * Applied upstream patch 4 (fixes several bugs)
+
+ * Changed priority to optional
+
+Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+ sudo (1.4.3-7):
+
+ * Corrected postinst to create correct permission for /etc/sudoers
+ (Bug#3749)
+
+Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+ sudo (1.4.4-1):
+
+ * New upstream version
+
+
+sudo (1.4.4-2) admin; urgency=HIGH
+
+ * Fixed major security bug reported by Peter Tobias
+ <tobias@et-inf.fho-emden.de>
+ * Added dchanges support to debian.rules
+
+sudo (1.4.5-1) admin; urgency=LOW
+
+ * New upstream version
+ * Minor changes to debian.rules
--- sudo-1.6.8p12.orig/debian/sudo_root.8
+++ sudo-1.6.8p12/debian/sudo_root.8
@@ -0,0 +1,135 @@
+.TH sudo_root 8 "February 8, 2006"
+
+.SH NAME
+sudo_root \- How to run administrative commands
+
+.SH SYNOPSIS
+
+.B sudo
+.I command
+
+.B sudo \-i
+
+.SH INTRODUCTION
+
+By default, the password for the user "root" (the system
+administrator) is locked. This means you cannot login as root or use
+su. Instead, the installer will set up sudo to allow the user that is
+created during install to run all administrative commands.
+
+This means that in the terminal you can use sudo for commands that
+require root privileges. All programs in the menu will use a graphical
+sudo to prompt for a password. When sudo asks for a password, it needs
+.B your password,
+this means that a root password is not needed.
+
+To run a command which requires root privileges in a terminal, simply
+prepend
+.B sudo
+in front of it. To get an interactive root shell, use
+.B sudo \-i\fR.
+
+.SH ALLOWING OTHER USERS TO RUN SUDO
+
+By default, only the user who installed the system is permitted to run
+sudo. To add more administrators, i. e. users who can run sudo, you
+have to add these users to the group 'admin' by doing one of the
+following steps:
+
+.IP * 2
+In a shell, do
+
+.RS 4
+.B sudo adduser
+.I username
+.B admin
+.RE
+
+.IP * 2
+Use the graphical "Users & Groups" program in the "System settings"
+menu to add the new user to the
+.B admin
+group.
+
+.SH BENEFITS OF USING SUDO
+
+The benefits of leaving root disabled by default include the following:
+
+.IP * 2
+Users do not have to remember an extra password, which they are likely to forget.
+.IP * 2
+The installer is able to ask fewer questions.
+.IP * 2
+It avoids the "I can do anything" interactive login by default \- you
+will be prompted for a password before major changes can happen, which
+should make you think about the consequences of what you are doing.
+.IP * 2
+Sudo adds a log entry of the command(s) run (in \fB/var/log/auth.log\fR).
+.IP * 2
+Every attacker trying to brute\-force their way into your box will
+know it has an account named root and will try that first. What they
+do not know is what the usernames of your other users are.
+.IP * 2
+Allows easy transfer for admin rights, in a short term or long term
+period, by adding and removing users from the admin group, while not
+compromising the root account.
+.IP * 2
+sudo can be set up with a much more fine\-grained security policy.
+
+.SH DOWNSIDES OF USING SUDO
+
+Although for desktops the benefits of using sudo are great, there are
+possible issues which need to be noted:
+
+.IP * 2
+Redirecting the output of commands run with sudo can be confusing at
+first. For instance consider
+
+.RS 4
+.B sudo ls > /root/somefile
+.RE
+
+.RS 2
+will not work since it is the shell that tries to write to that file. You can use
+.RE
+
+.RS 4
+.B ls | sudo tee /root/somefile
+.RE
+
+.RS 2
+to get the behaviour you want.
+.RE
+
+.IP * 2
+In a lot of office environments the ONLY local user on a system is
+root. All other users are imported using NSS techniques such as
+nss\-ldap. To setup a workstation, or fix it, in the case of a network
+failure where nss\-ldap is broken, root is required. This tends to
+leave the system unusable. An extra local user, or an enabled root
+password is needed here.
+
+.SH GOING BACK TO A TRADITIONAL ROOT ACCOUNT
+
+.B This is not recommended!
+
+To enable the root account (i.e. set a password) use:
+
+.RS 4
+.B sudo passwd root
+.RE
+
+Afterwards, edit
+.B /etc/sudoers
+and comment out the line
+
+.RS 4
+%admin ALL=(ALL) ALL
+.RE
+
+to disable sudo access to members of the admin group.
+
+.SH SEE ALSO
+.BR sudo (8),
+.B https://wiki.ubuntu.com/RootSudo
+
--- sudo-1.6.8p12.orig/debian/sudo-ldap.postinst
+++ sudo-1.6.8p12/debian/sudo-ldap.postinst
@@ -0,0 +1,62 @@
+#!/usr/bin/perl
+
+# remove old link
+
+unlink ("/etc/alternatives/sudo") if ( -l "/etc/alternatives/sudo");
+
+# make sure we have a sudoers file
+if ( ! -f "/etc/sudoers") {
+
+ print "No /etc/sudoers found... creating one for you.\n";
+
+ open (SUDOERS, "> /etc/sudoers");
+ print SUDOERS "# /etc/sudoers\n",
+ "#\n",
+ "# This file MUST be edited with the 'visudo' command as root.\n",
+ "#\n",
+ "# See the man page for details on how to write a sudoers file.\n",
+ "#\n\nDefaults\tenv_reset\n\n",
+ "# Host alias specification\n\n",
+ "# User alias specification\n\n",
+ "# Cmnd alias specification\n\n",
+ "# User privilege specification\nroot\tALL=(ALL) ALL\n";
+ close SUDOERS;
+
+}
+
+# make sure sudoers has the correct permissions and owner/group
+system ('chown root:root /etc/sudoers');
+system ('chmod 440 /etc/sudoers');
+
+# must do a remove first to un-do the "bad" links created by previous version
+system ('update-rc.d -f sudo remove >/dev/null 2>&1');
+
+#system ('update-rc.d sudo start 75 S . >/dev/null');
+
+# make sure we have a sudo group
+
+exit 0 if getgrnam("sudo"); # we're finished if there is a group sudo
+
+$gid = 27; # start searcg with gid 27
+setgrent;
+while (getgrgid($gid)) {
+ ++$gid;
+}
+endgrent;
+
+if ($gid != 27) {
+ print "On Debian we normally use gid 27 for 'sudo'.\n";
+ $gname = getgrgid(27);
+ print "However, on your system gid 27 is group '$gname'.\n\n";
+ print "Would you like me to stop configuring sudo so that you can change this? [n] ";
+ $ans = <STDIN>;
+ if ($ans =~ m/^[yY].*/) {
+ print "'dpkg --pending --configure' will restart the configuration.\n\n\n";
+ exit 1;
+ }
+}
+
+print "Creating group 'sudo' with gid = $gid\n";
+system("groupadd -g $gid sudo");
+
+print "";
--- sudo-1.6.8p12.orig/debian/sudo.lintian
+++ sudo-1.6.8p12/debian/sudo.lintian
@@ -0,0 +1,3 @@
+sudo: setuid-binary usr/bin/sudo 4755 root/root
+sudo: postrm-contains-additional-updaterc.d-calls /etc/init.d/sudo
+sudo: script-in-etc-init.d-not-registered-via-update-rc.d /etc/init.d/sudo
--- sudo-1.6.8p12.orig/debian/postinst
+++ sudo-1.6.8p12/debian/postinst
@@ -0,0 +1,62 @@
+#!/usr/bin/perl
+
+# remove old link
+
+unlink ("/etc/alternatives/sudo") if ( -l "/etc/alternatives/sudo");
+
+# make sure we have a sudoers file
+if ( ! -f "/etc/sudoers") {
+
+ print "No /etc/sudoers found... creating one for you.\n";
+
+ open (SUDOERS, "> /etc/sudoers");
+ print SUDOERS "# /etc/sudoers\n",
+ "#\n",
+ "# This file MUST be edited with the 'visudo' command as root.\n",
+ "#\n",
+ "# See the man page for details on how to write a sudoers file.\n",
+ "# Host alias specification\n\n",
+ "# User alias specification\n\n",
+ "# Cmnd alias specification\n\n",
+ "# Defaults\n\nDefaults\t!lecture,tty_tickets,!fqdn\n\n",
+ "# User privilege specification\nroot\tALL=(ALL) ALL\n";
+ close SUDOERS;
+
+}
+
+# make sure sudoers has the correct permissions and owner/group
+system ('chown root:root /etc/sudoers');
+system ('chmod 440 /etc/sudoers');
+
+# must do a remove first to un-do the "bad" links created by previous version
+system ('update-rc.d -f sudo remove >/dev/null 2>&1');
+
+#system ('update-rc.d sudo start 75 S . >/dev/null');
+
+# make sure we have a sudo group
+
+exit 0 if getgrnam("sudo"); # we're finished if there is a group sudo
+
+$gid = 27; # start searcg with gid 27
+setgrent;
+while (getgrgid($gid)) {
+ ++$gid;
+}
+endgrent;
+
+if ($gid != 27) {
+ print "On Debian we normally use gid 27 for 'sudo'.\n";
+ $gname = getgrgid(27);
+ print "However, on your system gid 27 is group '$gname'.\n\n";
+ print "Would you like me to stop configuring sudo so that you can change this? [n] ";
+ $ans = <STDIN>;
+ if ($ans =~ m/^[yY].*/) {
+ print "'dpkg --pending --configure' will restart the configuration.\n\n\n";
+ exit 1;
+ }
+}
+
+print "Creating group 'sudo' with gid = $gid\n";
+system("groupadd -g $gid sudo");
+
+print "";
--- sudo-1.6.8p12.orig/debian/compat
+++ sudo-1.6.8p12/debian/compat
@@ -0,0 +1 @@
+4
--- sudo-1.6.8p12.orig/debian/init.d
+++ sudo-1.6.8p12/debian/init.d
@@ -0,0 +1,31 @@
+#! /bin/sh
+
+### BEGIN INIT INFO
+# Provides: sudu
+# Required-Start: $local_fs $remote_fs
+# Required-Stop:
+# Default-Start: S 1 2 3 4 5
+# Default-Stop: 0 6
+### END INIT INFO
+
+N=/etc/init.d/sudo
+
+set -e
+
+case "$1" in
+ start)
+ # make sure privileges don't persist across reboots
+ if [ -d /var/run/sudo ]
+ then
+ find /var/run/sudo -type f -exec touch -t 198501010000 '{}' \;
+ fi
+ ;;
+ stop|reload|restart|force-reload)
+ ;;
+ *)
+ echo "Usage: $N {start|stop|restart|force-reload}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
--- sudo-1.6.8p12.orig/debian/sudo-ldap.lintian
+++ sudo-1.6.8p12/debian/sudo-ldap.lintian
@@ -0,0 +1,3 @@
+sudo-ldap: setuid-binary usr/bin/sudo 4755 root/root
+sudo-ldap: postrm-contains-additional-updaterc.d-calls /etc/init.d/sudo-ldap
+sudo-ldap: script-in-etc-init.d-not-registered-via-update-rc.d /etc/init.d/sudo-ldap
--- sudo-1.6.8p12.orig/debian/sudo-ldap.dirs
+++ sudo-1.6.8p12/debian/sudo-ldap.dirs
@@ -0,0 +1,7 @@
+etc/pam.d
+usr/bin
+usr/share/man/man8
+usr/share/man/man5
+usr/sbin
+usr/share/doc/sudo-ldap/examples
+usr/share/lintian/overrides
--- sudo-1.6.8p12.orig/debian/sudo-ldap.docs
+++ sudo-1.6.8p12/debian/sudo-ldap.docs
@@ -0,0 +1,11 @@
+debian/OPTIONS
+BUGS
+RUNSON
+UPGRADE
+PORTING
+TODO
+HISTORY
+README
+README.LDAP
+TROUBLESHOOTING
+sudoers2ldif
--- sudo-1.6.8p12.orig/debian/postrm
+++ sudo-1.6.8p12/debian/postrm
@@ -0,0 +1,21 @@
+#! /bin/sh
+
+set -e
+
+case "$1" in
+ purge)
+ rm -f /etc/sudoers
+ ;;
+
+ remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+ ;;
+
+ *)
+ echo "postrm called with unknown argument \`$1'" >&2
+ exit 1
+
+esac
+
+#DEBHELPER#
+
+exit 0
--- sudo-1.6.8p12.orig/debian/OPTIONS
+++ sudo-1.6.8p12/debian/OPTIONS
@@ -0,0 +1,61 @@
+The following options were used to configure sudo for Debian GNU/Linux.
+
+ --with-exempt=sudo
+
+ Any user in group 'sudo' will not need to type their password. It
+ is strongly recommended that no users be put in group sudo, and that
+ instead the NOPASSWD option in the sudoers file be used if desired.
+
+ --with-pam
+
+ Support for pluggable authentication modules.
+
+ --with-ldap
+
+ Support for LDAP authentication.
+
+ --with-fqdn
+
+ Allow use of fully qualified domain names in the sudoers file.
+
+ --disable-root-mailer
+
+ Send mail as the invoking user, not as root.
+
+ --with-logging=syslog
+ --with-logfac=authpriv
+
+ Where logging information goes.
+
+ --with-env-editor
+ --with-editor=/usr/bin/editor
+
+ Honor the EDITOR and VISUAL environment variables. If they are not
+ present, default to the Debian default system editor.
+
+ --with-timeout=15
+ --with-password-timeout=0
+
+ Allow 15 minutes before a user has to re-type their passord, versus
+ the sudo usual default of 5. Never time out while waiting for a
+ password to be typed, this is a seriously big deal for Debian package
+ developers using 'dpkg-buildpackage -rsudo'.
+
+ --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:\
+ /sbin:/bin:/usr/X11R6/bin"
+
+ Give a reasonable default path for commands run as root via sudo.
+
+ --with-all-insults
+
+ Include all the insults in the binary, won't be enabled unless turned
+ on in the sudoers file.
+
+ --with-sendmail=/usr/sbin/sendmail
+
+ Use Debian policy to know the location of sendmail instead of trying
+ to detect it at build time.
+
+ --disable-setresuid
+
+ Linux 2.2 kernels don't support setresgid.
--- sudo-1.6.8p12.orig/debian/copyright
+++ sudo-1.6.8p12/debian/copyright
@@ -0,0 +1,72 @@
+This is the Debian GNU/Linux prepackaged version of sudo. sudo is
+used to provide limited super user privileges to specific users.
+
+This package was put together by Bdale Garbee <bdale@gag.com> using sources
+from
+ ftp://ftp.cs.colorado.edu/pub/sudo/
+
+Sudo is distributed under the following BSD-style license:
+
+ Copyright (c) 1994-1996,1998-2002 Todd C. Miller <Todd.Miller@courtesan.com>
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. The name of the author may not be used to endorse or promote products
+ derived from this software without specific prior written permission
+ from the author.
+
+ 4. Products derived from this software may not be called "Sudo" nor
+ may "Sudo" appear in their names without specific prior written
+ permission from the author.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+ THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+Additionally, lsearch.c, fnmatch.c, getcwd.c, snprintf.c, strcasecmp.c
+and fnmatch.3 bear the following UCB license:
+
+ Copyright (c) 1987, 1989, 1990, 1991, 1993, 1994
+ The Regents of the University of California. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the University nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ SUCH DAMAGE.
--- sudo-1.6.8p12.orig/debian/sudo.pam
+++ sudo-1.6.8p12/debian/sudo.pam
@@ -0,0 +1,4 @@
+#%PAM-1.0
+
+@include common-auth
+@include common-account
--- sudo-1.6.8p12.orig/debian/source.lintian-overrides
+++ sudo-1.6.8p12/debian/source.lintian-overrides
@@ -0,0 +1 @@
+sudo source: maintainer-script-lacks-debhelper-token debian/postinst
--- sudo-1.6.8p12.orig/sample.sudoers
+++ sudo-1.6.8p12/sample.sudoers
@@ -35,16 +35,16 @@
# Cmnd alias specification
##
Cmnd_Alias DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \
- /usr/sbin/rrestore, /usr/bin/mt
-Cmnd_Alias KILL = /usr/bin/kill
+ /usr/sbin/rrestore, /bin/mt
+Cmnd_Alias KILL = /bin/kill
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
-Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
-Cmnd_Alias HALT = /usr/sbin/halt
-Cmnd_Alias REBOOT = /usr/sbin/reboot
-Cmnd_Alias SHELLS = /sbin/sh, /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
- /usr/local/bin/tcsh, /usr/bin/rsh, \
- /usr/local/bin/zsh
-Cmnd_Alias SU = /usr/bin/su
+Cmnd_Alias SHUTDOWN = /sbin/shutdown
+Cmnd_Alias HALT = /sbin/halt
+Cmnd_Alias REBOOT = /sbin/reboot
+Cmnd_Alias SHELLS = /sbin/sh, /bin/sh, /bin/csh, /usr/bin/ksh, \
+ /usr/bin/tcsh, /usr/bin/rsh, \
+ /usr/bin/zsh
+Cmnd_Alias SU = /bin/su
Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \
/usr/bin/chfn
@@ -82,7 +82,7 @@
sudoedit /etc/printcap, /usr/oper/bin/
# joe may su only to operator
-joe ALL = /usr/bin/su operator
+joe ALL = /bin/su operator
# pete may change passwords for anyone but root on the hp snakes
pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
@@ -96,13 +96,13 @@
# users in the secretaries netgroup need to help manage the printers
# as well as add and remove users
-+secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
++secretaries ALL = PRINTING, /usr/sbin/adduser, /usr/bin/rmuser
# fred can run commands as oracle or sybase without a password
fred ALL = (DB) NOPASSWD: ALL
# on the alphas, john may su to anyone but root and flags are not allowed
-john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
+john ALPHA = /bin/su [!-]*, !/bin/su *root*
# jen can run anything on all machines except the ones
# in the "SERVERS" Host_Alias
--- sudo-1.6.8p12.orig/sudo.tab.c
+++ sudo-1.6.8p12/sudo.tab.c
@@ -138,6 +138,7 @@
} \
match[top].user = UNSPEC; \
match[top].cmnd = UNSPEC; \
+ match[top].cmndall= UNSPEC; \
match[top].host = UNSPEC; \
match[top].runas = UNSPEC; \
match[top].nopass = def_authenticate ? UNSPEC : TRUE; \
@@ -153,6 +154,7 @@
} \
match[top].user = match[top-1].user; \
match[top].cmnd = match[top-1].cmnd; \
+ match[top].cmndall= match[top-1].cmndall; \
match[top].host = match[top-1].host; \
match[top].runas = match[top-1].runas; \
match[top].nopass = match[top-1].nopass; \
@@ -1739,6 +1741,7 @@
}
}
+ SETMATCH(cmnd_all, TRUE);
yyval.BOOLEAN = TRUE;
}
break;
@@ -1769,6 +1772,7 @@
YYERROR;
}
}
+ SETMATCH(cmnd_all, FALSE);
yyval.BOOLEAN = NOMATCH;
}
free(yyvsp[0].string);
@@ -1800,6 +1804,7 @@
free(yyvsp[0].command.cmnd);
if (yyvsp[0].command.args)
free(yyvsp[0].command.args);
+ SETMATCH(cmnd_all, FALSE);
}
break;
case 65:
--- sudo-1.6.8p12.orig/ldap.c
+++ sudo-1.6.8p12/ldap.c
@@ -256,9 +256,10 @@
* Walks through search result and returns true if we have a
* command match
*/
-int sudo_ldap_check_command(ld,entry)
+int sudo_ldap_check_command(ld,entry,all)
LDAP *ld;
LDAPMessage *entry;
+ int* all;
{
char **v=NULL;
char **p=NULL;
@@ -267,6 +268,8 @@
int ret=0;
int foundbang;
+ *all=0;
+
if (!entry) return ret;
v=ldap_get_values(ld,entry,"sudoCommand");
@@ -277,6 +280,7 @@
/* Match against ALL ? */
if (!strcasecmp(*p,"ALL")) {
+ *all=1;
ret=1;
if (ldap_conf.debug>1) printf(" MATCH!\n");
continue;
@@ -711,6 +715,7 @@
/* flags */
int ldap_user_matches=0;
int ldap_host_matches=0;
+ int command_all=0;
if (!sudo_ldap_read_config()) return VALIDATE_ERROR;
@@ -896,7 +901,7 @@
/* add matches for listing later */
sudo_ldap_add_match(ld,entry) &&
/* verify command match */
- sudo_ldap_check_command(ld,entry) &&
+ sudo_ldap_check_command(ld,entry,&command_all) &&
/* verify runas match */
sudo_ldap_check_runas(ld,entry)
)
@@ -907,6 +912,7 @@
sudo_ldap_parse_options(ld,entry);
/* make sure we dont reenter loop */
ret=VALIDATE_OK;
+ if(command_all) SET(ret,FLAG_CMND_ALL);
/* break from inside for loop */
break;
}
--- sudo-1.6.8p12.orig/sudo.c
+++ sudo-1.6.8p12/sudo.c
@@ -106,10 +106,11 @@
static void set_loginclass __P((struct passwd *));
static void usage __P((int));
static void usage_excl __P((int));
+static void create_admin_success_flag __P((void));
static struct passwd *get_authpw __P((void));
extern int sudo_edit __P((int, char **));
extern void list_matches __P((void));
-extern char **rebuild_env __P((char **, int, int));
+extern char **rebuild_env __P((char **, int, int, int));
extern char **zero_env __P((char **));
extern struct passwd *sudo_getpwnam __P((const char *));
extern struct passwd *sudo_getpwuid __P((uid_t));
@@ -368,11 +369,15 @@
/* Build a new environment that avoids any nasty bits if we have a cmnd. */
if (ISSET(sudo_mode, MODE_RUN))
- new_environ = rebuild_env(envp, sudo_mode, ISSET(validated, FLAG_NOEXEC));
+ new_environ = rebuild_env(envp, sudo_mode, ISSET(validated, FLAG_NOEXEC), ISSET(validated, FLAG_CMND_ALL));
else
new_environ = envp;
if (ISSET(validated, VALIDATE_OK)) {
+ /* If the user is in the admin group, create a dotfile to signal that
+ * sudo was executed successfully. */
+ create_admin_success_flag();
+
/* Finally tell the user if the command did not exist. */
if (cmnd_status == NOT_FOUND_DOT) {
warnx("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.", user_cmnd, user_cmnd, user_cmnd);
@@ -1156,3 +1161,46 @@
putchar('\n');
exit(exit_val);
}
+
+static void create_admin_success_flag(void)
+{
+ struct group* admin;
+ char** g;
+ int is_admin;
+ char flagfile[PATH_MAX];
+ int f;
+
+ if (!sudo_user.pw || !sudo_user.pw->pw_name || !sudo_user.pw->pw_dir)
+ return;
+
+ /* check whether the user is in the admin group */
+ admin = getgrnam("admin");
+ if (!admin || !admin->gr_mem)
+ return;
+ is_admin = 0;
+ for (g = admin->gr_mem; *g; ++g) {
+ if (!strcmp(*g, sudo_user.pw->pw_name)) {
+ is_admin = 1;
+ break;
+ }
+ }
+ if (!is_admin)
+ return;
+
+ /* build path to flag file */
+ snprintf(flagfile, sizeof(flagfile), "%s/.sudo_as_admin_successful",
+ sudo_user.pw->pw_dir);
+ if (strlen(flagfile) >= sizeof(flagfile)-1)
+ return;
+
+ /* do nothing if the file already exists */
+ if (!access(flagfile, F_OK))
+ return;
+
+ /* create file */
+ f = open(flagfile, O_CREAT|O_WRONLY|O_EXCL, 0644);
+ if(f >= 0) {
+ fchown(f, sudo_user.pw->pw_uid, sudo_user.pw->pw_gid);
+ close(f);
+ }
+}
--- sudo-1.6.8p12.orig/sudo.h
+++ sudo-1.6.8p12/sudo.h
@@ -65,6 +65,7 @@
#define FLAG_NO_HOST 0x080
#define FLAG_NO_CHECK 0x100
#define FLAG_NOEXEC 0x200
+#define FLAG_CMND_ALL 0x400
/*
* Pseudo-boolean values
--- sudo-1.6.8p12.orig/parse.c
+++ sudo-1.6.8p12/parse.c
@@ -200,7 +200,8 @@
set_perms(PERM_ROOT);
return(VALIDATE_OK |
(no_passwd == TRUE ? FLAG_NOPASS : 0) |
- (no_execve == TRUE ? FLAG_NOEXEC : 0));
+ (no_execve == TRUE ? FLAG_NOEXEC : 0) |
+ (cmnd_all == TRUE ? FLAG_CMND_ALL : 0));
} else if ((runas_matches == TRUE && cmnd_matches == FALSE) ||
(runas_matches == FALSE && cmnd_matches == TRUE)) {
/*
--- sudo-1.6.8p12.orig/parse.h
+++ sudo-1.6.8p12/parse.h
@@ -29,6 +29,7 @@
struct matchstack {
int user;
int cmnd;
+ int cmndall;
int host;
int runas;
int nopass;
@@ -46,6 +47,7 @@
#define user_matches (match[top-1].user)
#define cmnd_matches (match[top-1].cmnd)
+#define cmnd_all (match[top-1].cmndall)
#define host_matches (match[top-1].host)
#define runas_matches (match[top-1].runas)
#define no_passwd (match[top-1].nopass)