diff options
40 files changed, 2563 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS new file mode 100644 index 0000000..3c0b573 --- /dev/null +++ b/debian/NEWS @@ -0,0 +1,40 @@ +sudo (1.8.2-1) unstable; urgency=low + + The sudo package is no longer configured using --with-secure-path. + Instead, the provided sudoers file now contains a line declaring + 'Defaults secure_path=' with the same path content that was previously + hard-coded in the binary. A consequence of this change is that if you + do not have such a definition in sudoers, the PATH searched for commands + by sudo may be empty. + + Using explicit paths for each command you want to run with sudo will work + well enough to allow the sudoers file to be updated with a suitable entry + if one is not already present and you choose to not accept the updated + version provided by the package. + + -- Bdale Garbee <bdale@gag.com> Wed, 24 Aug 2011 13:33:11 -0600 + +sudo (1.7.4p4-2) unstable; urgency=low + + The HOME and MAIL environment variables are now reset based on the + target user's password database entry when the env_reset sudoers option + is enabled (which is the case in the default configuration). Users + wishing to preserve the original values should use a sudoers entry like: + Defaults env_keep += HOME + to preserve the old value of HOME and + Defaults env_keep += MAIL + to preserve the old value of MAIL. + + The change in handling of HOME is known to affect programs like pbuilder. + + -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600 + +sudo (1.6.8p12-5) unstable; urgency=low + + The sudo package is no longer configured --with-exempt=sudo. If you + depend on members of group sudo being able to run sudo without needing + a password, you will need to put "%sudo ALL=NOPASSWD: ALL" in + /etc/sudoers to preserve equivalent functionality. + + -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:13:39 -0600 + diff --git a/debian/OPTIONS b/debian/OPTIONS new file mode 100644 index 0000000..49938d7 --- /dev/null +++ b/debian/OPTIONS @@ -0,0 +1,59 @@ +The following options were used to configure sudo for Debian GNU/Linux. + + --with-all-insults + + Include all the insults in the binary, won't be enabled unless turned + on in the sudoers file. + + --with-devel + + Force flex and bison runs on each build. + + --with-pam + + Support for pluggable authentication modules. + + --with-fqdn + + Allow use of fully qualified domain names in the sudoers file. + + --with-logging=syslog + --with-logfac=authpriv + + Where logging information goes. + + --with-env-editor + --with-editor=/usr/bin/editor + + Honor the EDITOR and VISUAL environment variables. If they are not + present, default to the preferred systemwide default editor. + + --with-timeout=15 + --with-password-timeout=0 + --with-passprompt="[sudo] password for %p: " + + Allow 15 minutes before a user has to re-type their passord, versus + the sudo usual default of 5. Never time out while waiting for a + password to be typed, this is important to Debian package developers + using 'dpkg-buildpackage -rsudo'. Make it clear which password is + requested. + + --disable-root-mailer + + Send mail as the invoking user, not as root. + + --with-sendmail=/usr/sbin/sendmail + + Use Debian policy to know the location of sendmail instead of trying + to detect it at build time. + + --with-timedir=/var/lib/sudo + --mandir=/usr/share/man + --libexecdir=/usr/lib/sudo + + Comply with Debian policy on suitable paths. + + --with-ldap + + Support for LDAP authentication, in the sudo-ldap package version only. + diff --git a/debian/README b/debian/README new file mode 100644 index 0000000..b5ed892 --- /dev/null +++ b/debian/README @@ -0,0 +1,21 @@ +# +# As of Debian version 1.7.2p1-1, the default /etc/sudoers file created on +# installation of the package now includes the directive: +# +# #includedir /etc/sudoers.d +# +# This will cause sudo to read and parse any files in the /etc/sudoers.d +# directory that do not end in '~' or contain a '.' character. +# +# Note that there must be at least one file in the sudoers.d directory (this +# one will do), and all files in this directory should be mode 0440. +# +# Note also, that because sudoers contents can vary widely, no attempt is +# made to add this directive to existing sudoers files on upgrade. Feel free +# to add the above directive to the end of your /etc/sudoers file to enable +# this functionality for existing installations if you wish! +# +# Finally, please note that using the visudo command is the recommended way +# to update sudoers content, since it protects against many failure modes. +# See the man page for visudo for more information. +# diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 0000000..413d529 --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,56 @@ +The version of sudo that ships with Debian by default resets the +environment, as described by the "env_reset" flag in the sudoers file. + +This implies that all environment variables are removed, except for +LOGNAME, PATH, SHELL, TERM, DISPLAY, XAUTHORITY, XAUTHORIZATION, XAPPLRESDIR, +XFILESEARCHPATH, XUSERFILESEARCHPATH, LANG, LANGUAGE, LC_*, and USER. + +In case you want sudo to preserve more environment variables, you must +specify the env_keep variable in the sudoers file. You should edit the +sudoers file using the visudo tool. + +Examples: +Preserve the default variables plus the EDITOR variable: + + Defaults env_keep+="EDITOR" + +Preserve the default variables plus all variables starting with LC_: + + Defaults env_keep+="LC_*" + + - - - - - + +If you're using the sudo-ldap package, note that it is now configured to +look for /etc/sudo-ldap.conf. Depending on your system configuration, it +probably makes sense for this to be a symlink to /etc/ldap.conf, or perhaps +to /etc/libnss-ldap.conf or /etc/pam_ldap.conf. By default, no symlink or +file is provided, you'll need to decide what to do and create a suitable +file before sudo-ldap will work. + + - - - - - + +As of version 1.7, sudo-ldap now requires the LDAP source to be specified +in /etc/nsswitch.conf with a line like: + + sudoers: ldap + + - - - - - + +Note that the support for the sss provider (libsss_sudo.so) that allows sudo +to use SSSD as a cache for policies stored in LDAP is included in the sudo +package, not in the sudo-ldap package. I have some hope that this turns out +to be a better overall solution for using sudo with LDAP, as the sudo-ldap +package is difficult to maintain and I'd love to be able to eliminate it! + + - - - - - + +See the file OPTIONS in this directory for more information on the sudo +build options used in building the Debian package. + + - - - - - + +If you're having trouble grasping the fundamental idea of what sudo is all +about, here's a succinct and humorous take on it... + + http://www.xkcd.com/c149.html + diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..bd694f2 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,1186 @@ +sudo (1.8.19p1-2.1) stretch; urgency=high + + * Non-maintainer upload. + * Use /proc/self consistently on Linux + * CVE-2017-1000368: Arbitrary terminal access (Closes: #863897) + + -- Salvatore Bonaccorso <carnil@debian.org> Mon, 05 Jun 2017 14:22:55 +0200 + +sudo (1.8.19p1-2) stretch; urgency=high + + * patch from upstream to fix CVE-2017-1000367, closes: #863731 + + -- Bdale Garbee <bdale@gag.com> Tue, 30 May 2017 22:35:01 -0600 + +sudo (1.8.19p1-1) unstable; urgency=medium + + * new upstream version + + -- Bdale Garbee <bdale@gag.com> Fri, 13 Jan 2017 11:12:49 -0700 + +sudo (1.8.19-1) unstable; urgency=medium + + * new upstream version + + -- Bdale Garbee <bdale@gag.com> Mon, 19 Dec 2016 13:00:21 -0700 + +sudo (1.8.18p1-2) unstable; urgency=medium + + * merge work done by Balint Reczey in parallel / conflict with my offline work + + -- Bdale Garbee <bdale@gag.com> Thu, 15 Dec 2016 19:08:46 -0700 + +sudo (1.8.18p1-1) unstable; urgency=medium + + * new upstream version + * explicitly depend on lsb-base since we use init-functions + * move to latest debhelper compat level + + -- Bdale Garbee <bdale@gag.com> Thu, 15 Dec 2016 18:10:29 -0700 + +sudo (1.8.17p1-2) unstable; urgency=medium + + * merge 1.8.15-1.1 NMU changes + + -- Bdale Garbee <bdale@gag.com> Tue, 05 Jul 2016 16:01:55 +0200 + +sudo (1.8.17p1-1) unstable; urgency=low + + * new upstream version, closes: #805563 + * build-depend on the new mandoc package so we can rebuild man pages + properly if needed, closes: #809984 + + -- Bdale Garbee <bdale@gag.com> Tue, 05 Jul 2016 16:01:55 +0200 + +sudo (1.8.15-1.1) unstable; urgency=medium + + * Non-maintainer upload + * Disable editing of files via user-controllable symlinks + (Closes: #804149) (CVE-2015-5602) + - Fix directory writability checks for sudoedit + - Enable sudoedit directory writability checks by default + + -- Ben Hutchings <ben@decadent.org.uk> Mon, 04 Jan 2016 23:36:50 +0000 + +sudo (1.8.15-1) unstable; urgency=low + + * new upstream version, closes: #804149 + * use --with-exampledir to deliver example files more cleanly + + -- Bdale Garbee <bdale@gag.com> Wed, 23 Dec 2015 11:15:22 -0700 + +sudo (1.8.12-1) unstable; urgency=low + + * new upstream version, closes: #772707, #773383 + * patch from Christian Kastner to fix sudoers handling error when moving + between sudo and sudo-ldap packages, closes: #776137 + + -- Bdale Garbee <bdale@gag.com> Mon, 23 Feb 2015 08:56:06 -0700 + +sudo (1.8.11p2-1) unstable; urgency=low + + * new upstream version + + -- Bdale Garbee <bdale@gag.com> Thu, 30 Oct 2014 11:14:06 -0700 + +sudo (1.8.11p1-2) unstable; urgency=low + + * patch from Jakub Wilk to fix 'ignoring time stamp from the future' + messages, closes: #762465 + * upstream patch forwarded by Laurent Bigonville that fixes problem with + Linux kernel auditing code, closes: #764817 + + -- Bdale Garbee <bdale@gag.com> Mon, 20 Oct 2014 11:06:44 -0600 + +sudo (1.8.11p1-1) unstable; urgency=low + + * new upstream version, closes: #764286 + * fix typo in German translation, closes: #761601 + + -- Bdale Garbee <bdale@gag.com> Fri, 10 Oct 2014 10:16:08 -0600 + +sudo (1.8.10p3-1) unstable; urgency=low + + * new upstream release + * add hardening=+all to match login and su + * updated VCS URLs and crypto verified watch file, closes: #747473 + * harmonize configure options for LDAP version to match non-LDAP version, + in particular stop using --with-secure-path and add configure_args + * enable audit support on Linux systems, closes: #745779 + * follow upstream change from --with-timedir to --with-rundir + + -- Bdale Garbee <bdale@gag.com> Sun, 14 Sep 2014 10:20:15 -0600 + +sudo (1.8.9p5-1) unstable; urgency=low + + * new upstream release, closes: #735328 + + -- Bdale Garbee <bdale@gag.com> Tue, 04 Feb 2014 11:46:19 -0700 + +sudo (1.8.9p4-1) unstable; urgency=low + + * new upstream release, closes: #732008 + + -- Bdale Garbee <bdale@gag.com> Wed, 15 Jan 2014 14:55:25 -0700 + +sudo (1.8.9p3-1) unstable; urgency=low + + * new upstream release + + -- Bdale Garbee <bdale@gag.com> Mon, 13 Jan 2014 14:49:42 -0700 + +sudo (1.8.9~rc1-1) experimental; urgency=low + + * upstream release candidate + + -- Bdale Garbee <bdale@gag.com> Sun, 29 Dec 2013 21:36:12 -0700 + +sudo (1.8.9~b2-1) experimental; urgency=low + + * upstream beta release + * update Debian standards version + * squelch lintian complaint about missing sudo-ldap systemd service, since + the service file is always called 'sudo.service' + + -- Bdale Garbee <bdale@gag.com> Wed, 25 Dec 2013 14:48:23 -0700 + +sudo (1.8.9~b1-1) experimental; urgency=low + + * upstream beta release + + -- Bdale Garbee <bdale@gag.com> Wed, 27 Nov 2013 09:37:00 -0700 + +sudo (1.8.8-3) unstable; urgency=low + + * document in README.Debian that the sssd support is enabled in the sudo + package, not in the sudo-ldap package, closes: #728289 + + -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 2013 10:33:44 -0600 + +sudo (1.8.8-2) unstable; urgency=low + + * fix touch errors on boot, closes: #725193 + + -- Bdale Garbee <bdale@gag.com> Tue, 08 Oct 2013 20:11:38 -0600 + +sudo (1.8.8-1) unstable; urgency=low + + * new upstream release + + -- Bdale Garbee <bdale@gag.com> Mon, 30 Sep 2013 23:08:49 -0600 + +sudo (1.8.8~rc1-1) experimental; urgency=low + + * upstream release candidate with several of our patches folded in + * set filestamps to epoch instead of an arbitrary old date in the init + fragment, closes: #722335 + + -- Bdale Garbee <bdale@gag.com> Thu, 12 Sep 2013 10:16:58 -0700 + +sudo (1.8.8~b3-1) experimental; urgency=low + + * pre-release of new upstream version, put in experimental + + -- Bdale Garbee <bdale@gag.com> Wed, 04 Sep 2013 07:53:08 -0600 + +sudo (1.8.7-4) unstable; urgency=low + + * looks like we actually need both --with-sssd and --with-sssd-lib, + closes: #719987, #724763 + + -- Bdale Garbee <bdale@gag.com> Fri, 27 Sep 2013 11:48:55 -0600 + +sudo (1.8.7-3) unstable; urgency=low + + * use --with-sssd-lib to help sudo find libsss-sudo in multiarch path, + closes: #719987 + + -- Bdale Garbee <bdale@gag.com> Sat, 17 Aug 2013 15:38:53 +0200 + +sudo (1.8.7-2) unstable; urgency=low + + * let debhelper scripts manage the update-rc.d calls, closes: #719755 + + -- Bdale Garbee <bdale@gag.com> Fri, 16 Aug 2013 01:48:23 +0200 + +sudo (1.8.7-1) unstable; urgency=low + + * new upstream version, closes: #715157, #655879 + * make sudo-ldap package's init.d script be called sudo-ldap + * add sssd support to sudo, closes: #719574 + * recognize lenny, squeeze, and wheezy unmodified sudoers, closes: #660594 + + -- Bdale Garbee <bdale@gag.com> Wed, 14 Aug 2013 00:01:14 +0200 + +sudo (1.8.5p2-1) unstable; urgency=low + + * new upstream version + * patch to use flock on hurd, run autoconf in rules, closes: #655883 + * patch to avoid calling unlink with null pointer on hurd, closes: #655948 + * patch to actually use hardening build flags, closes: #655417 + * fix sudo-ldap.postinst syntax issue, closes: #669576 + + -- Bdale Garbee <bdale@gag.com> Thu, 28 Jun 2012 12:01:37 -0600 + +sudo (1.8.3p2-1) unstable; urgency=high + + * new upstream version, closes: #657985 (CVE-2012-0809) + * patch from Pino Toscano to only use selinux on Linux, closes: #655894 + + -- Bdale Garbee <bdale@gag.com> Mon, 30 Jan 2012 16:11:54 -0700 + +sudo (1.8.3p1-3) unstable; urgency=low + + * patch from Moritz Muehlenhoff enables hardened build flags, closes: #655417 + * replacement postinst script from Mike Beattie using shell instead of Perl + * include systemd service file from Michael Stapelberg, closes: #639633 + * add init.d status support, closes: #641782 + * make sudo-ldap package manage a sudoers entry in nsswitch.conf, + closes: #610600, #639530 + * enable mail_badpass in the default sudoers file, closes: #641218 + * enable selinux support, closes: #655510 + + -- Bdale Garbee <bdale@gag.com> Wed, 11 Jan 2012 16:18:13 -0700 + +sudo (1.8.3p1-2) unstable; urgency=low + + * if upgrading from squeeze, and the sudoers file is unmodified, avoid + the packaging system prompting the user about a change they didn't make + now that sudoers is a conffile, closes: #612532, #636049 + * add a recommendation for the use of visudo to the sudoers.d/README file, + closes: #648104 + + -- Bdale Garbee <bdale@gag.com> Sat, 12 Nov 2011 16:27:13 -0700 + +sudo (1.8.3p1-1) unstable; urgency=low + + * new upstream version, closes: #646478 + + -- Bdale Garbee <bdale@gag.com> Thu, 27 Oct 2011 01:03:44 +0200 + +sudo (1.8.3-1) unstable; urgency=low + + * new upstream version, closes: #639391, #639568 + + -- Bdale Garbee <bdale@gag.com> Sat, 22 Oct 2011 23:49:16 -0600 + +sudo (1.8.2-2) unstable; urgency=low + + [ Luca Capello ] + * debian/rules improvements, closes: #642535 + + mv upstream sample.* files to the examples folder. + - do not call dh_installexamples. + + [ Bdale Garbee ] + * patch from upstream for SIGBUS on sparc64, closes: #640304 + * use common-session-noninteractive in the pam config to reduce log noise + when sudo is used in cron, etc, closes: #519700 + * patch from Steven McDonald to fix segfault on startup under certain + conditions, closes: #639568 + * add a NEWS entry regarding the secure_path change made in 1.8.2-1, + closes: #639336 + + -- Bdale Garbee <bdale@gag.com> Mon, 26 Sep 2011 21:55:56 -0600 + +sudo (1.8.2-1) unstable; urgency=low + + * new upstream version, closes: #637449, #621830 + * include common-session in pam config, closes: #519700, #607199 + * move secure_path from configure to default sudoers, closes: #85123, 85917 + * improve sudoers self-documentation, closes: #613639 + * drop --disable-setresuid since modern systems should not run 2.2 kernels + * lose the --with-devel configure option since it's breaking builds in + subdirectories for some reason + + -- Bdale Garbee <bdale@gag.com> Wed, 24 Aug 2011 13:33:11 -0600 + +sudo (1.7.4p6-1) unstable; urgency=low + + * new upstream version + * touch the right stamp name after configuring, closes: #611287 + * patch from Svante Signell to fix build problem on Hurd, closes: #611290 + + -- Bdale Garbee <bdale@gag.com> Wed, 09 Feb 2011 11:32:58 -0700 + +sudo (1.7.4p4-6) unstable; urgency=low + + * update /etc/sudoers.d/README now that sudoers is a conffile + * patch from upstream to fix special case in password checking code + when only the gid is changing, closes: #609641 + + -- Bdale Garbee <bdale@gag.com> Tue, 11 Jan 2011 10:22:39 -0700 + +sudo (1.7.4p4-5) unstable; urgency=low + + * patch from Jakub Wilk to add noopt and nostrip build option support, + closes: #605580 + * make sudoers a conffile, closes: #605130 + * add descriptions to LSB init headers, closes: #604619 + * change default sudoers %sudo entry to allow gid changes, closes: #602699 + * add Vcs entries to the control file + * use debhelper install files instead of explicit installs in rules + + -- Bdale Garbee <bdale@gag.com> Wed, 01 Dec 2010 20:32:31 -0700 + +sudo (1.7.4p4-4) unstable; urgency=low + + * patch from upstream to resolve problem always prompting for a password + when run without a tty, closes: #599376 + * patch from upstream to resolve interoperability problem between HOME in + env_keep and the -H flag, closes: #596493 + * change path syntax to avoid tar error when /var/run/sudo exists but is + empty, closes: #598877 + + -- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600 + +sudo (1.7.4p4-3) unstable; urgency=low + + * make postinst clause for handling /var/run -> /var/lib transition less + fragile, closes: #585514 + * cope with upstream's Makefile trying to install ChangeLog in our doc + directory, closes: #597389 + * fix README.Debian to reflect that HOME is no longer preserved by default, + closes: #596847 + + -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600 + +sudo (1.7.4p4-2) unstable; urgency=low + + * add a NEWS item about change in $HOME handling that impacts programs + like pbuilder + + -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600 + +sudo (1.7.4p4-1) unstable; urgency=high + + * new upstream version, urgency high due to fix for flaw in Runas group + matching (CVE-2010-2956), closes: #595935 + * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid + re-lecturing existing users, and to clean up after ourselves on upgrade, + and remove the RAMRUN section from README.Debian since the new state dir + should fix the original problem, closes: #585514 + * deliver README.Debian to both package flavors, closes: #593579 + + -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600 + +sudo (1.7.2p7-1) unstable; urgency=high + + * new upstream release with security fix for secure path (CVE-2010-1646), + closes: #585394 + * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state + about whether to give the lecture is preserved across reboots even when + RAMRUN is set, closes: #581393 + * add a note to README.Debian about LDAP needing an entry in + /etc/nsswitch.conf, closes: #522065 + * add a note to README.Debian about how to turn off lectures if using + RAMRUN in /etc/default/rcS, closes: #581393 + + -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600 + +sudo (1.7.2p6-1) unstable; urgency=low + + * new upstream version fixing CVE-2010-1163, closes: #578275, #570737 + + -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600 + +sudo (1.7.2p5-1) unstable; urgency=low + + * new upstream release, closes a bug filed upstream regarding missing man + page processing scripts in the 1.7.2p1 tarball, also includes the fix + for CVE-2010-0426 previously the subject of a security team nmu + * move to source format 3.0 (quilt) and restructure changes as patches + * fix unprocessed substitution variables in man pages, closes: #557204 + * apply patch from Neil Moore to fix Debian-specific content in the + visudo man page, closes: #555013 + * update descriptions to better explain sudo-ldap, closes: #573108 + * eliminate spurious 'and' in man page, closes: #571620 + * fix confusing text in default sudoers, closes: #566607 + + -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700 + +sudo (1.7.2p1-1) unstable; urgency=low + + * new upstream version + * add support for /etc/sudoers.d using #includedir in default sudoers, + which I think is also a good solution to the request for a crontab-like + API requested in March of 2001, closes: #539994, #271813, #89743 + * move init.d script from using rcS.d to rc[0-6].d, closes: #542924 + + -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600 + +sudo (1.7.2-2) unstable; urgency=low + + * further improve initial sudoers to not include the NOPASSWD option on + the group sudo exception, closes: #539136, #198991 + + -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200 + +sudo (1.7.2-1) unstable; urgency=low + + * new upstream version, closes: #537103 + * improve initial sudoers by having the exemption for users in group + sudo on by default, and including the ability to run any command as + any user. This makes the default install roughly equivalent to our + old use of the --with-exempt=sudo build option, closes: #536220, #536222 + + -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600 + +sudo (1.7.0-1) unstable; urgency=low + + * new upstream version, closes: #510179, #128268, #520274, #508514 + * fix ldap config file path for sudo-ldap package, including creating + a symlink in postinst and cleaning it up in postrm for the sudo-ldap + package, closes: #430826 + * fix NOPASSWD entry location in default config file for the sudo-ldap + instance too, closes: #479616 + + -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600 + +sudo (1.6.9p17-2) unstable; urgency=high + + * patch from upstream to fix privilege escalation with certain + configurations, CVE-2009-0034 + * typo in sudoers man page, closes: #507163 + + -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700 + +sudo (1.6.9p17-1) unstable; urgency=low + + * new upstream version, closes: #481008 + * deliver schemas to doc directory in sudo-ldap package, closes: #474331 + * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost + in move from CVS to git for package management, closes: #475821 + * re-instate the init.d for the sudo-ldap package too... /o\ + + -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600 + +sudo (1.6.9p15-2) unstable; urgency=low + + * revert the fix for 388659 such that visudo once again defaults to using + /usr/bin/editor. I was always ambivalent about this change, it has caused + more confusion and frustration than it cured, and I find Justin's line of + reasoning persuasive. Update the man page source to reflect this choice + and the related use of --with-env-editor. Closes: #474197. + * patch from Petter Reinholdtsen to improve init.d, closes: #475821 + + -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600 + +sudo (1.6.9p15-1) unstable; urgency=low + + * new upstream version, closes: #467126, #473337 + * remove pointless postrm scripts, leaving debhelper do its thing if needed, + thanks to Justin Pryzby for pointing this out + * reinstate the init.d, since bootclean doesn't quite do what we want. This + also means we don't need the preinst scripts any more. Update the lintian + overrides since postinst is a Perl script lintian apparently isn't parsing + well. closes: #330868 + + -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600 + +sudo (1.6.9p12-1) unstable; urgency=low + + * new upstream version, closes: #464890 + + -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900 + +sudo (1.6.9p11-3) unstable; urgency=low + + * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956 + + -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700 + +sudo (1.6.9p11-2) unstable; urgency=low + + * update version compared in preinst when removing obsolete init.d, + closes: #459681 + * implement pam session config suggestions from Elizabeth Fong, + closes: #452457, #402329 + + -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700 + +sudo (1.6.9p11-1) unstable; urgency=low + + * new upstream version + + -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700 + +sudo (1.6.9p10-1) unstable; urgency=low + + * new upstream version + * tweak default password prompt as %u doesn't make sense. Accept patch from + Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and + uses it by default, closes: #454409 + * accept patch from Martin Pitt that adds a prerm making it difficult to + "accidentally" remove sudo when there is no root password set on the + system, closes: #451241 + + -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700 + +sudo (1.6.9p9-1) unstable; urgency=low + + * new upstream version + * debian/rules: configure a more informative default password prompt to + reduce confusion when using sudo to invoke commands which also ask for + passwords, closes: #343268 + * auth/pam.c: don't use the PAM prompt if the user explicitly requested + a custom prompt, closes: #448628. + * fix configure's ability to discover that libc has dirfd, closes: #451324 + * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that + the command 'visudo' invokes a vi variant by default as documented, + closes: #388659 + + -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700 + +sudo (1.6.9p6-1) unstable; urgency=low + + * new upstream version, closes: #442815, #446146, #438699, #435768, #435314 + closes: #434832, #434608, #430382 + * eliminate the now-redundant init.d scripts, closes: #397090 + * fix typo in TROUBLESHOOTING file, closes: #439624 + + -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600 + +sudo (1.6.8p12-6) unstable; urgency=low + + * fix typos in visudo.pod relating to env_editor variable, closes: #418886 + * have init.d touch directories in /var/run/sudo, not just files, as a + followup to #330868. + * fix various typos in sudoers.pod, closes: #419749 + * don't let Makefile strip binaries, closes: #438073 + + -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100 + +sudo (1.6.8p12-5) unstable; urgency=low + + * update debian/copyright to reflect new upstream URL, closes: #368746 + * add sandwich cartoon URL to the README.Debian + * don't remove sudoers on purge. can cause problems when moving between + sudo and sudo-ldap. leaving sudoers around on purge seems like the least + evil choice for now, closes: #401366 + * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH, + closes: #374509 + * accept patch that improves debian/rules from Ted Percival, closes: #382122 + * no longer build with --with-exempt=sudo, provide an example entry in the + default sudoers file instead, closes: #296605 + * add --with-devel to configure and augment build dependencies so that flex + and yacc files get re-generated on every build, closes: #316249 + + -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600 + +sudo (1.6.8p12-4) unstable; urgency=low + + * patch from Petter Reinholdtsen for the LSB info block in the init.d + script, closes: #361055 + * deliver sudoers sample again, closes: #361593 + + -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600 + +sudo (1.6.8p12-3) unstable; urgency=low + + * force-feed configure knowledge of nroff's path so we get unformatted man + pages installed without build-depending on groff-base, closes: #360894 + * add a reference to OPTIONS in the man page, closes: #186226 + + -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700 + +sudo (1.6.8p12-2) unstable; urgency=low + + * fix typos in init scripts, closes: #346325 + * update to debhelper compat level 5 + * build depend on autotools-dev to ensure config.sub/guess are fresh + * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and + use it here as well. Thanks to Martin and the debian-security team. + closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085 + closes: #315115, #315718, #203874 + * Non-maintainer upload by the Security Team + * Reworked the former patch to limit environment variables from being + passed through, set env_reset as default instead [sudo.c, env.c, + sudoers.pod, Bug#342948, CVE-2005-4158] + * env_reset is now set by default + * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM, + DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER + (in addition to the SUDO_* variables) + * Rebuild sudoers.man.in from the POD file + * Added README.Debian + * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431 + * simplify rules file by using more of Makefile, despite having to override + default directories with more arguments to configure, closes: #292833 + * update sudo man page to reflect use of SECURE_PATH, closes: #228551 + * inconsistencies in sudoers man page resolved, closes: #220808, #161012 + * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are + unresolveable (requires adding bison as build dep), closes: #314949 + + -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700 + +sudo (1.6.8p12-1) unstable; urgency=low + + * new upstream version, closes: #342948 (CVE-2005-4158) + * add env_reset to the sudoers file we create if none already exists, + as a further precaution in response to discussion about CVS-2005-4158 + * split ldap support into a new sudo-ldap package. I was trying to avoid + doing this, but the impact of going from 4 to 17 linked shlibs on the + autobuilder chroots is sufficient motivation for me. + closes: #344034 + + -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700 + +sudo (1.6.8p9-4) unstable; urgency=low + + * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231 + * merge patch from Martin Pitt / Ubuntu to be more robust about resetting + timestamps in the init.d script, closes: #330868 + * add dependency header to init.d script, closes: #332849 + + -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800 + +sudo (1.6.8p9-3) unstable; urgency=high + + * update debhelper compatibility level from 2 to 4 + * add man page symlink for sudoedit + * Clean SHELLOPTS and PS4 from the environment before executing programs + with sudo permissions [env.c, CAN-2005-2959] + * fix typo in manpage pointed out by Moray Allen, closes: #285995 + * fix paths in sample complex sudoers file, closes: #303542 + * fix type in sudoers man page, closes: #311244 + + -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600 + +sudo (1.6.8p9-2) unstable; urgency=high + + * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1, + closes: #305735 + + -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400 + +sudo (1.6.8p9-1) unstable; urgency=high + + * new upstream version, fixes a race condition in sudo's pathname + validation, which is a security issue (CAN-2005-1993), + closes: #315115, #315718 + + -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400 + +sudo (1.6.8p7-1) unstable; urgency=low + + * new upstream version, closes: #299585 + * update lintian overrides to squelch the postinst warning + * change sudoedit from a hard to a soft link, closes: #296896 + * fix regex doc in sudoers man page, closes: #300361 + + -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700 + +sudo (1.6.8p5-1) unstable; urgency=high + + * new upstream version + * restores ability to use config tuples without a value, which was causing + problems on upgrade closes: #283306 + * deliver sudoedit, closes: #283078 + * marking urgency high since 283306 is a serious upgrade incompatibility + + -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700 + +sudo (1.6.8p3-2) unstable; urgency=high + + * update pam.d deliverable so ldap works again, closes: #282191 + + -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700 + +sudo (1.6.8p3-1) unstable; urgency=high + + * new upstream version, fixes a flaw in sudo's environment sanitizing that + could allow a malicious user with permission to run a shell script that + utilized the bash shell to run arbitrary commands, closes: #281665 + * patch the sample sudoers to have the proper path for kill on Debian + systems, closes: #263486 + * patch the sudo manpage to reflect Debian's choice of exempt_group + default setting, closes: #236465 + * patch the sudo manpage to reflect Debian's choice of no timeout on the + password prompt, closes: #271194 + + -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700 + +sudo (1.6.7p5-2) unstable; urgency=low + + * Jeff Bailey reports that seteuid works on current sparc systems, so we + no longer need the "grosshack" stuff in the sudo rules file + * add a postrm that removes /etc/sudoers on purge. don't do this with the + normal conffile mechanism since it would generate noise on every upgrade, + closes: #245405 + + -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400 + +sudo (1.6.7p5-1) unstable; urgency=low + + * new upstream version, closes: #190265, #193222, #197244 + * change from '.' to ':' in postinst chown call, closes: #208369 + + -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600 + +sudo (1.6.7p3-2) unstable; urgency=low + + * add --disable-setresuid to configure call since 2.2 kernels don't support + setresgid, closes: #189044 + * cosmetic cleanups to debian/rules as long as I'm there + + -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600 + +sudo (1.6.7p3-1) unstable; urgency=low + + * new upstream version + * add overrides to quiet lintian about things it doesn't understand, + except the source one that can't be overridden until 129510 is fixed + + -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600 + +sudo (1.6.6-3) unstable; urgency=low + + * add code to rules file to update config.sub/guess, closes: #164501 + + -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600 + +sudo (1.6.6-2) unstable; urgency=low + + * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to + configure, and lose the build dependency on mail-transport-agent + * incorporate changes from LaMont's NMU, closes: #144665, #144737 + * update init.d to not try and set time on nonexistent timestamp files, + closes: #132616 + * build with --with-all-insults, admin must edit sudoers to turn insults + on at runtime if desired, closes: #135374 + * stop setting /usr/doc symlink in postinst + + -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600 + +sudo (1.6.6-1.1) unstable; urgency=high + + * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts. + * Revert patch to auth/pam.c that left pass uninitialized, causing a + segfault (Closes: #144665). + + -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600 + +sudo (1.6.6-1) unstable; urgency=high + + * new upstream version, fixes security problem with crafty prompts, + closes: #144540 + + -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600 + +sudo (1.6.5p1-4) unstable; urgency=high + + * apply patch for auth/pam.c to fix yet another way to make sudo segfault + if ctrl/C'ed at password prompt, closes: #131235 + + -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700 + +sudo (1.6.5p1-3) unstable; urgency=high + + * ugly hack to add --disable-saved-ids when building on sparc in response + to 131592, which will be reassigned to glibc for a real fix + * urgency high since the sudo currently in testing for sparc is worthless + + -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700 + +sudo (1.6.5p1-2) unstable; urgency=high + + * patch from upstream to fix seg faults caused by versions of pam that + follow a NULL pointer, closes: #129512 + + -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700 + +sudo (1.6.5p1-1) unstable; urgency=high + + * new upstream version + * add --disable-root-mailer option supported by new version to configure + call in rules file, closes: #129648 + + -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700 + +sudo (1.6.4p1-1) unstable; urgency=high + + * new upstream version, with fix for segfaulting problem in 1.6.4 + + -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700 + +sudo (1.6.4-1) unstable; urgency=high + + * new upstream version, includes an important security fix, closes: #127576 + + -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700 + +sudo (1.6.3p7-5) unstable; urgency=low + + * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872 + * fix spelling error in init.d, closes: #126847 + + -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700 + +sudo (1.6.3p7-4) unstable; urgency=medium + + * use touch to set status files to an ancient date instead of removing them + outright on reboot. this achieves the desired effect of keeping elevated + privs from living across reboots, without forcing everyone to see the + new-sudo-user lecture after every reboot. pick a time that's 'old enough' + for systems with good clocks, and 'recent enough' that broken PC hardware + setting the clock to commonly-seen bogus dates trips over the "don't trust + future timestamps" rule. closes: #76529, #123559 + * apply patch from Steve Langasek to fix seg faults due to interaction with + PAM code. upstream confirms the problem, and says they're fixing this + differently for their next release... but this should be useful in the + meantime, and would be good to get into woody. closes: #119147 + * only run the init.d at boot, not on each runlevel change... and don't run + it during package configure. closes: #125935 + * add DEB_BUILD_OPTIONS support to rules file, closes: #94952 + + -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700 + +sudo (1.6.3p7-3) unstable; urgency=low + + * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not + resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718, + * fix a typo in the manpage, closes: #97368 + * apply patch to configure.in and run autoconf to fix problem building on + the hurd, closes: #96325 + * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed + to not last across reboots, closes: #76529 + * clean up lintian-noticed cosmetic packaging issues + + -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700 + +sudo (1.6.3p7-2) unstable; urgency=low + + * update config.sub/guess for hppa support + + -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600 + +sudo (1.6.3p7-1) unstable; urgency=low + + * new upstream version + * add build dependency on mail-transport-agent, closes: #90685 + + -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600 + +sudo (1.6.3p6-1) unstable; urgency=high + + * new upstream version, fixes buffer overflow problem, + closes: #87259, #87278, #87263 + * revert to using --with-secure-path option at build time, since the option + available in sudoers is parsed too late to be useful, and upstream says + it won't get fixed quickly. This reopens 85123, which I will mark as + forwarded. Closes: #86199, #86117, #85676 + + -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700 + +sudo (1.6.3p5-2) unstable; urgency=low + + * lose the dh_suidregister call since it's obsolete + * stop using the --with-secure-path option at build time, and instead show + how to set it in sudoers. Closes: #85123 + * freshen config.sub and config.guess for ia64 and hppa + * update sudoers man page to indicate exempt_group is on by default, + closes: #70847 + + -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700 + +sudo (1.6.3p5-1) unstable; urgency=low + + * new upstream version, closes: #63940, #59175, #61817, #64652, #65743 + * this version restores core dumps before the exec, while leaving them + disabled during sudo's internal execution, closes: #58289 + * update debhelper calls in rules file + + -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600 + +sudo (1.6.2p2-1) frozen unstable; urgency=medium + + * new upstream source resulting from direct collaboration with the upstream + author to fix ugly pam-related problems on Debian in 1.6.1 and later. + Closes: #56129, #55978, #55979, #56550, #56772 + * include more upstream documentation, closes: #55054 + * pam.d fragment update, closes: #56129 + + -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700 + +sudo (1.6.1-1) unstable; urgency=low + + * new upstream source, closes: #52750 + + -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700 + +sudo (1.6-2) unstable; urgency=low + + * drop suidregister support for this package. The sudo executable is + essentially worthless unless it is setuid root, and making suidregister + work involves shipping a non-setuid executable in the .deb and setting the + perms in the postinst. On a long upgrade run, this can leave the sudo + executable 'broken' for a long time, which is unacceptable. With this + version, we ship the executable setuid root in the .deb. Closes: #51742 + + -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700 + +sudo (1.6-1) unstable; urgency=low + + * new upstream version, many options previously set at compile-time are now + configurable at runtime. + Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639 + * FHS support + + -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700 + +sudo (1.5.9p4-1) unstable; urgency=low + + * new upstream version, closes: #43464 + * empty password handling was fixed in 1.5.8, closes: #31863 + + -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600 + +sudo (1.5.9p1-1) unstable; urgency=low + + * new upstream version + + -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600 + +sudo (1.5.8p1-1) unstable; urgency=medium + + * new upstream version, closes 33690 + * add dependency on libpam-modules, closes 34215, 33432 + + -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700 + +sudo (1.5.7p4-2) unstable; urgency=medium + + * update the pam fragment provided so that sudo works with latest pam bits, + closes 33432 + + -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700 + +sudo (1.5.7p4-1) unstable; urgency=low + + * new upstream release + + -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700 + +sudo (1.5.6p5-1) unstable; urgency=low + + * new upstream patch release + * add PAM support, closes 28594 + + -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700 + +sudo (1.5.6p2-2) unstable; urgency=low + + * update copyright file, closes 24136 + * review and close forwarded bugs believed fixed in this upstream version, + closes 17606, 15786. + + -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600 + +sudo (1.5.6p2-1) unstable; urgency=low + + * new upstream release + + -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600 + +sudo (1.5.4-4) frozen unstable; urgency=low + + * update postinst to use groupadd, closes 21403 + * move the suidregister stuff earlier in postinst to ensure it always runs + + -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600 + +sudo (1.5.4-3) frozen unstable; urgency=low + + * change /etc/sudoers from a conffile to being handled in postinst, + closes 18219 + * add suidmanager support, closes 15711 + * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is + unlikely to ever fix, and which just don't matter. closes 17146 + * fix FSF address in copyright file, and submit exception for lintian + warning about sudo being setuid root + + -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600 + +sudo (1.5.4-2) unstable; urgency=high + + * patch from upstream author correcting/improving security fix + + -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700 + +sudo (1.5.4-1) unstable; urgency=high + + * new upstream version, includes a security fix + * change default editor from /bin/ae to /usr/bin/editor + + -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700 + +sudo (1.5.3-1) unstable; urgency=medium + + * new upstream version, closes bug 15911. + * rules file reworked to use debhelper + * implement a really gross hack to force use of the sudo-provided + lsearch(), since the one in libc6 is broken! This closes bugs + 12552, 12557, 14881, 15259, 15916. + + -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700 + +sudo (1.5.2-6) unstable; urgency=LOW + + * don't install INSTALL in the doc directory, closes bug 13195. + + -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600 + +sudo (1.5.2-5) unstable; urgency=LOW + + * libc6 + + -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600 + +sudo (1.5.2-4) unstable; urgency=LOW + + * change TIMEOUT (how long before you have to type your password again) + to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian + packages on slower machines much more tolerable. Closes bug 9076. + * touch debian/suid before debstd. Closes bug 8709. + + -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600 + +sudo (1.5.2-3) frozen unstable; urgency=LOW + + * patch from upstream maintainer to close Bug 6828 + * add a debian/suid file to get debstd to leave my perl postinst alone + + -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600 + +sudo (1.5.2-2) frozen unstable; urgency=LOW + + * change rules to use -O2 -Wall as per standards + + -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600 + +sudo (1.5.2-1) unstable; urgency=LOW + + * new upstream version + * cosmetic changes to debian package control files + + -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700 + +sudo (1.5-2) unstable; urgency=LOW + + * add /usr/X11R6/bin to the end of the secure path... this makes it + much easier to run xmkmf, etc., during package builds. To the extent + that /usr/local/sbin and /usr/local/bin were already included, I see + no security reasons not to add this. + + -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700 + +sudo (1.5-1) unstable; urgency=LOW + + * New upstream version + * New maintainer + * New packaging format + + -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200 + +Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de> + + sudo (1.4.1-1): + + * hard code SECURE_PATH to: + "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + + * enable ENV_EDITOR + + * enabled EXEMPTGROUP "sudo" + + * moved timestamp dir to /var/log/sudo + + * changed parser to check for long and short filenames (Bug#1162) + +Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de> + + sudo (1.4.2-1): + + * New upstream source + + * Fixed postinst script + (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>) + + * Removed special shadow binary. This version works with and without + shadow password file. + +Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org> + + sudo (1.4.2-2): + + * Corrected editor path to /bin/ae (Bug#3062) + + * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063) + +Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org> + + sudo (1.4.3-1): + + * New upstream version + + * Changed sudoers permission to 440 (owner root, group root) to make + sudo usable via NFS + +Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org> + + sudo (1.4.3-2): + + * Applied upstream patch 1 + +Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org> + + sudo (1.4.3-3): + + * Applied upstream patch 2 + +Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org> + + sudo (1.4.3-4): + + * Applied upstream patch 3 (fixes problems with an NFS-mounted + sudoers file) + + +Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org> + + sudo (1.4.3-5): + + * Corrected postinst to use /usr/bin/perl instead of /bin/perl + [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)] + +Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org> + + sudo (1.4.3-6): + + * Applied upstream patch 4 (fixes several bugs) + + * Changed priority to optional + +Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org> + + sudo (1.4.3-7): + + * Corrected postinst to create correct permission for /etc/sudoers + (Bug#3749) + +Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org> + + sudo (1.4.4-1): + + * New upstream version + + +sudo (1.4.4-2) admin; urgency=HIGH + + * Fixed major security bug reported by Peter Tobias + <tobias@et-inf.fho-emden.de> + * Added dchanges support to debian.rules + +sudo (1.4.5-1) admin; urgency=LOW + + * New upstream version + * Minor changes to debian.rules diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..f599e28 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +10 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..c4d209c --- /dev/null +++ b/debian/control @@ -0,0 +1,37 @@ +Source: sudo +Section: admin +Priority: optional +Maintainer: Bdale Garbee <bdale@gag.com> +Build-Depends: debhelper (>= 10), libpam0g-dev, libldap2-dev, libsasl2-dev, libselinux1-dev [linux-any], autoconf, autotools-dev, bison, flex, libaudit-dev [linux-any], mandoc +Standards-Version: 3.9.8 +Vcs-Git: git://anonscm.debian.org/collab-maint/sudo.git +Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/sudo.git +Homepage: http://www.sudo.ws/ + +Package: sudo +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-modules, lsb-base +Conflicts: sudo-ldap +Replaces: sudo-ldap +Description: Provide limited super user privileges to specific users + Sudo is a program designed to allow a sysadmin to give limited root + privileges to users and log root activity. The basic philosophy is to give + as few privileges as possible but still allow people to get their work done. + . + This version is built with minimal shared library dependencies, use the + sudo-ldap package instead if you need LDAP support for sudoers. + +Package: sudo-ldap +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-modules, lsb-base +Conflicts: sudo +Replaces: sudo +Provides: sudo +Description: Provide limited super user privileges to specific users + Sudo is a program designed to allow a sysadmin to give limited root + privileges to users and log root activity. The basic philosophy is to give + as few privileges as possible but still allow people to get their work done. + . + This version is built with LDAP support, which allows an equivalent of the + sudoers database to be distributed via LDAP. Authentication is still + performed via pam. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..8e76500 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,57 @@ +This is the Debian GNU/Linux prepackaged version of sudo. sudo is +used to provide limited super user privileges to specific users. + +Bdale Garbee <bdale@gag.com> maintains this package using sources from + + http://www.sudo.ws/ + +Sudo is distributed under the following ISC-style license: + + Copyright (c) 1994-1996, 1998-2008 + Todd C. Miller <Todd.Miller@courtesan.com> + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + Sponsored in part by the Defense Advanced Research Projects + Agency (DARPA) and Air Force Research Laboratory, Air Force + Materiel Command, USAF, under agreement number F39502-99-1-0512. + +Additionally, fnmatch.c, fnmatch.h, getcwd.c, glob.c, glob.h and snprintf.c +bear the following UCB license: + + Copyright (c) 1987, 1989, 1990, 1991, 1992, 1993, 1994 + The Regents of the University of California. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. diff --git a/debian/patches/CVE-2017-1000367.patch b/debian/patches/CVE-2017-1000367.patch new file mode 100644 index 0000000..8d26c7c --- /dev/null +++ b/debian/patches/CVE-2017-1000367.patch @@ -0,0 +1,246 @@ +diff --git a/src/ttyname.c b/src/ttyname.c +index 9b94ba8..ab0f2d3 100644 +--- a/src/ttyname.c ++++ b/src/ttyname.c +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2012-2016 Todd C. Miller <Todd.Miller@courtesan.com> ++ * Copyright (c) 2012-2017 Todd C. Miller <Todd.Miller@courtesan.com> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above +@@ -145,20 +145,22 @@ sudo_ttyname_dev(dev_t tdev, char *name, size_t namelen) + } + #elif defined(HAVE_STRUCT_PSINFO_PR_TTYDEV) || defined(HAVE_PSTAT_GETPROC) || defined(__linux__) + /* +- * Devices to search before doing a breadth-first scan. ++ * Device nodes and directories to search before searching all of /dev + */ + static char *search_devs[] = { + "/dev/console", +- "/dev/wscons", +- "/dev/pts/", +- "/dev/vt/", +- "/dev/term/", +- "/dev/zcons/", ++ "/dev/pts/", /* POSIX pty */ ++ "/dev/vt/", /* Solaris virtual console */ ++ "/dev/term/", /* Solaris serial ports */ ++ "/dev/zcons/", /* Solaris zone console */ ++ "/dev/pty/", /* HP-UX old-style pty */ + NULL + }; + ++/* ++ * Device nodes to ignore when searching all of /dev ++ */ + static char *ignore_devs[] = { +- "/dev/fd/", + "/dev/stdin", + "/dev/stdout", + "/dev/stderr", +@@ -166,16 +168,18 @@ static char *ignore_devs[] = { + }; + + /* +- * Do a breadth-first scan of dir looking for the specified device. ++ * Do a scan of a directory looking for the specified device. ++ * Does not descend into subdirectories. + * Returns name on success and NULL on failure, setting errno. + */ + static char * +-sudo_ttyname_scan(const char *dir, dev_t rdev, bool builtin, char *name, size_t namelen) ++sudo_ttyname_scan(const char *dir, dev_t rdev, char *name, size_t namelen) + { +- size_t sdlen, num_subdirs = 0, max_subdirs = 0; +- char pathbuf[PATH_MAX], **subdirs = NULL; ++ size_t sdlen; ++ char pathbuf[PATH_MAX]; + char *ret = NULL; + struct dirent *dp; ++ struct stat sb; + unsigned int i; + DIR *d = NULL; + debug_decl(sudo_ttyname_scan, SUDO_DEBUG_UTIL) +@@ -183,6 +187,18 @@ sudo_ttyname_scan(const char *dir, dev_t rdev, bool builtin, char *name, size_t + if (dir[0] == '\0' || (d = opendir(dir)) == NULL) + goto done; + ++ if (fstat(dirfd(d), &sb) == -1) { ++ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, ++ "unable to fstat %s", dir); ++ goto done; ++ } ++ if ((sb.st_mode & S_IWOTH) != 0) { ++ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, ++ "ignoring world-writable directory %s", dir); ++ errno = ENOENT; ++ goto done; ++ } ++ + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "scanning for dev %u in %s", (unsigned int)rdev, dir); + +@@ -220,18 +236,6 @@ sudo_ttyname_scan(const char *dir, dev_t rdev, bool builtin, char *name, size_t + } + if (ignore_devs[i] != NULL) + continue; +- if (!builtin) { +- /* Skip entries in search_devs; we already checked them. */ +- for (i = 0; search_devs[i] != NULL; i++) { +- len = strlen(search_devs[i]); +- if (search_devs[i][len - 1] == '/') +- len--; +- if (d_len == len && strncmp(pathbuf, search_devs[i], len) == 0) +- break; +- } +- if (search_devs[i] != NULL) +- continue; +- } + # if defined(HAVE_STRUCT_DIRENT_D_TYPE) && defined(DTTOIF) + /* + * Avoid excessive stat() calls by checking dp->d_type. +@@ -244,39 +248,14 @@ sudo_ttyname_scan(const char *dir, dev_t rdev, bool builtin, char *name, size_t + if (stat(pathbuf, &sb) == -1) + continue; + break; +- case DT_DIR: +- /* Directory, no need to stat() it. */ +- sb.st_mode = DTTOIF(dp->d_type); +- sb.st_rdev = 0; /* quiet ccc-analyzer false positive */ +- break; + default: +- /* Not a character device, link or directory, skip it. */ ++ /* Not a character device or link, skip it. */ + continue; + } + # else + if (stat(pathbuf, &sb) == -1) + continue; + # endif +- if (S_ISDIR(sb.st_mode)) { +- if (!builtin) { +- /* Add to list of subdirs to search. */ +- if (num_subdirs + 1 > max_subdirs) { +- char **new_subdirs; +- +- new_subdirs = reallocarray(subdirs, max_subdirs + 64, +- sizeof(char *)); +- if (new_subdirs == NULL) +- goto done; +- subdirs = new_subdirs; +- max_subdirs += 64; +- } +- subdirs[num_subdirs] = strdup(pathbuf); +- if (subdirs[num_subdirs] == NULL) +- goto done; +- num_subdirs++; +- } +- continue; +- } + if (S_ISCHR(sb.st_mode) && sb.st_rdev == rdev) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "resolved dev %u as %s", (unsigned int)rdev, pathbuf); +@@ -292,16 +271,9 @@ sudo_ttyname_scan(const char *dir, dev_t rdev, bool builtin, char *name, size_t + } + } + +- /* Search subdirs if we didn't find it in the root level. */ +- for (i = 0; ret == NULL && i < num_subdirs; i++) +- ret = sudo_ttyname_scan(subdirs[i], rdev, false, name, namelen); +- + done: + if (d != NULL) + closedir(d); +- for (i = 0; i < num_subdirs; i++) +- free(subdirs[i]); +- free(subdirs); + debug_return_str(ret); + } + +@@ -320,7 +292,7 @@ sudo_ttyname_dev(dev_t rdev, char *name, size_t namelen) + debug_decl(sudo_ttyname_dev, SUDO_DEBUG_UTIL) + + /* +- * First check search_devs for common tty devices. ++ * First check search_devs[] for common tty devices. + */ + for (sd = search_devs; (devname = *sd) != NULL; sd++) { + len = strlen(devname); +@@ -345,7 +317,7 @@ sudo_ttyname_dev(dev_t rdev, char *name, size_t namelen) + "comparing dev %u to %s: no", (unsigned int)rdev, buf); + } else { + /* Traverse directory */ +- ret = sudo_ttyname_scan(devname, rdev, true, name, namelen); ++ ret = sudo_ttyname_scan(devname, rdev, name, namelen); + if (ret != NULL || errno == ENOMEM) + goto done; + } +@@ -363,9 +335,9 @@ sudo_ttyname_dev(dev_t rdev, char *name, size_t namelen) + } + + /* +- * Not found? Do a breadth-first traversal of /dev/. ++ * Not found? Check all device nodes in /dev. + */ +- ret = sudo_ttyname_scan(_PATH_DEV, rdev, false, name, namelen); ++ ret = sudo_ttyname_scan(_PATH_DEV, rdev, name, namelen); + + done: + debug_return_str(ret); +@@ -489,28 +461,35 @@ get_process_ttyname(char *name, size_t namelen) + len = getline(&line, &linesize, fp); + fclose(fp); + if (len != -1) { +- /* Field 7 is the tty dev (0 if no tty) */ +- char *cp = line; +- char *ep = line; +- const char *errstr; +- int field = 0; +- while (*++ep != '\0') { +- if (*ep == ' ') { +- *ep = '\0'; +- if (++field == 7) { +- dev_t tdev = strtonum(cp, INT_MIN, INT_MAX, &errstr); +- if (errstr) { +- sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, +- "%s: tty device %s: %s", path, cp, errstr); +- } +- if (tdev > 0) { +- errno = serrno; +- ret = sudo_ttyname_dev(tdev, name, namelen); +- goto done; ++ /* ++ * Field 7 is the tty dev (0 if no tty). ++ * Since the process name at field 2 "(comm)" may include spaces, ++ * start at the last ')' found. ++ */ ++ char *cp = strrchr(line, ')'); ++ if (cp != NULL) { ++ char *ep = cp; ++ const char *errstr; ++ int field = 1; ++ ++ while (*++ep != '\0') { ++ if (*ep == ' ') { ++ *ep = '\0'; ++ if (++field == 7) { ++ dev_t tdev = strtonum(cp, INT_MIN, INT_MAX, &errstr); ++ if (errstr) { ++ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, ++ "%s: tty device %s: %s", path, cp, errstr); ++ } ++ if (tdev > 0) { ++ errno = serrno; ++ ret = sudo_ttyname_dev(tdev, name, namelen); ++ goto done; ++ } ++ break; + } +- break; ++ cp = ep + 1; + } +- cp = ep + 1; + } + } + } diff --git a/debian/patches/CVE-2017-1000368.diff b/debian/patches/CVE-2017-1000368.diff new file mode 100644 index 0000000..593dea3 --- /dev/null +++ b/debian/patches/CVE-2017-1000368.diff @@ -0,0 +1,78 @@ + +# HG changeset patch +# User Todd C. Miller <Todd.Miller@courtesan.com> +# Date 1496243671 21600 +# Node ID 15a46f4007dde8e819dd2c70e670a529bbb9d312 +# Parent 6f3d9816541ba84055ae5aec6ff9d9523c2a96f3 +A command name may also contain newline characters so read +/proc/self/stat until EOF. It is not legal for /proc/self/stat to +contain embedded NUL bytes so treat the file as corrupt if we see +any. With help from Qualys. + +This is not exploitable due to the /dev traversal changes in sudo +1.8.20p1 (thanks Solar!). + +diff -r 6f3d9816541b -r 15a46f4007dd src/ttyname.c +--- a/src/ttyname.c Tue May 30 10:44:11 2017 -0600 ++++ b/src/ttyname.c Wed May 31 09:14:31 2017 -0600 +@@ -452,25 +452,37 @@ + get_process_ttyname(char *name, size_t namelen) + { + const char path[] = "/proc/self/stat"; +- char *line = NULL; ++ char *cp, buf[1024]; + char *ret = NULL; +- size_t linesize = 0; + int serrno = errno; +- ssize_t len; +- FILE *fp; ++ ssize_t nread; ++ int fd; + debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL) + +- /* Try to determine the tty from tty_nr in /proc/self/stat. */ +- if ((fp = fopen(path, "r")) != NULL) { +- len = getline(&line, &linesize, fp); +- fclose(fp); +- if (len != -1) { ++ /* ++ * Try to determine the tty from tty_nr in /proc/self/stat. ++ * Ignore /proc/self/stat if it contains embedded NUL bytes. ++ */ ++ if ((fd = open(path, O_RDONLY | O_NOFOLLOW)) != -1) { ++ cp = buf; ++ while ((nread = read(fd, cp, buf + sizeof(buf) - cp)) != 0) { ++ if (nread == -1) { ++ if (errno == EAGAIN || errno == EINTR) ++ continue; ++ break; ++ } ++ cp += nread; ++ if (cp >= buf + sizeof(buf)) ++ break; ++ } ++ if (nread == 0 && memchr(buf, '\0', cp - buf) == NULL) { + /* + * Field 7 is the tty dev (0 if no tty). +- * Since the process name at field 2 "(comm)" may include spaces, +- * start at the last ')' found. ++ * Since the process name at field 2 "(comm)" may include ++ * whitespace (including newlines), start at the last ')' found. + */ +- char *cp = strrchr(line, ')'); ++ *cp = '\0'; ++ cp = strrchr(buf, ')'); + if (cp != NULL) { + char *ep = cp; + const char *errstr; +@@ -501,7 +513,8 @@ + errno = ENOENT; + + done: +- free(line); ++ if (fd != -1) ++ close(fd); + if (ret == NULL) + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to resolve tty via %s", path); + diff --git a/debian/patches/paths-in-samples.diff b/debian/patches/paths-in-samples.diff new file mode 100644 index 0000000..42788a8 --- /dev/null +++ b/debian/patches/paths-in-samples.diff @@ -0,0 +1,42 @@ +diff --git a/examples/sudoers b/examples/sudoers +index 9946008..cd4c796 100644 +--- a/examples/sudoers ++++ b/examples/sudoers +@@ -44,10 +44,10 @@ Host_Alias CDROM = orion, perseus, hercules + # Cmnd alias specification + ## + Cmnd_Alias DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \ +- /usr/sbin/rrestore, /usr/bin/mt, \ ++ /usr/sbin/rrestore, /bin/mt, \ + sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \ + /home/operator/bin/start_backups +-Cmnd_Alias KILL = /usr/bin/kill ++Cmnd_Alias KILL = /bin/kill + Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm + Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown + Cmnd_Alias HALT = /usr/sbin/halt +@@ -85,7 +85,7 @@ operator ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\ + sudoedit /etc/printcap, /usr/oper/bin/ + + # joe may su only to operator +-joe ALL = /usr/bin/su operator ++joe ALL = /bin/su operator + + # pete may change passwords for anyone but root on the hp snakes + pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root +@@ -99,13 +99,13 @@ jim +biglab = ALL + + # users in the secretaries netgroup need to help manage the printers + # as well as add and remove users +-+secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser +++secretaries ALL = PRINTING, /usr/sbin/adduser + + # fred can run commands as oracle or sybase without a password + fred ALL = (DB) NOPASSWD: ALL + + # on the alphas, john may su to anyone but root and flags are not allowed +-john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* ++john ALPHA = /bin/su [!-]*, !/bin/su *root* + + # jen can run anything on all machines except the ones + # in the "SERVERS" Host_Alias diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..3fd503a --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,5 @@ +typo-in-classic-insults.diff +paths-in-samples.diff +CVE-2017-1000367.patch +use-proc-self-consistently-on-linux.diff +CVE-2017-1000368.diff diff --git a/debian/patches/skip-noedit.diff b/debian/patches/skip-noedit.diff new file mode 100644 index 0000000..569bc13 --- /dev/null +++ b/debian/patches/skip-noedit.diff @@ -0,0 +1,12 @@ +Skip installing/unlinking files without doedit set +--- a/plugins/sudoers/visudo.c ++++ b/plugins/sudoers/visudo.c +@@ -247,6 +247,8 @@ + + /* Install the sudoers temp files. */ + tq_foreach_fwd(&sudoerslist, sp) { ++ if (!sp->doedit) ++ continue; + if (!sp->modified) + (void) unlink(sp->tpath); + else diff --git a/debian/patches/typo-in-classic-insults.diff b/debian/patches/typo-in-classic-insults.diff new file mode 100644 index 0000000..57e78c6 --- /dev/null +++ b/debian/patches/typo-in-classic-insults.diff @@ -0,0 +1,11 @@ +--- a/plugins/sudoers/ins_classic.h ++++ b/plugins/sudoers/ins_classic.h +@@ -30,7 +30,7 @@ + "Where did you learn to type?", + "Are you on drugs?", + "My pet ferret can type better than you!", +- "You type like i drive.", ++ "You type like I drive.", + "Do you think like you type?", + "Your mind just hasn't been the same since the electro-shock, has it?", + diff --git a/debian/patches/use-flock-on-hurd.diff b/debian/patches/use-flock-on-hurd.diff new file mode 100644 index 0000000..fb0b81c --- /dev/null +++ b/debian/patches/use-flock-on-hurd.diff @@ -0,0 +1,15 @@ +Use flock instead of lockf for visudo on hurd +Index: sudo-1.8.3p1/configure.in +=================================================================== +--- sudo-1.8.3p1.orig/configure.in 2011-10-25 14:11:40.000000000 +0000 ++++ sudo-1.8.3p1/configure.in 2012-01-08 04:05:23.000000000 +0000 +@@ -1864,6 +1864,9 @@ + ;; + *-gnu*) + OSDEFS="${OSDEFS} -D_GNU_SOURCE" ++ # lockf() isn't implemented on the Hurd -- use flock instead ++ ac_cv_func_lockf=no ++ ac_cv_func_flock=yes + ;; + esac + diff --git a/debian/patches/use-proc-self-consistently-on-linux.diff b/debian/patches/use-proc-self-consistently-on-linux.diff new file mode 100644 index 0000000..944830f --- /dev/null +++ b/debian/patches/use-proc-self-consistently-on-linux.diff @@ -0,0 +1,33 @@ + +# HG changeset patch +# User Todd C. Miller <Todd.Miller@courtesan.com> +# Date 1496162651 21600 +# Node ID 6f3d9816541ba84055ae5aec6ff9d9523c2a96f3 +# Parent 98ef2ef47aba10f6b83904dca4d446c4b8f24987 +Use /proc/self consistently on Linux. As far as I know, only AIX +doesn't support /proc/self. + +diff -r 98ef2ef47aba -r 6f3d9816541b src/ttyname.c +--- a/src/ttyname.c Mon May 29 14:36:35 2017 -0600 ++++ b/src/ttyname.c Tue May 30 10:44:11 2017 -0600 +@@ -451,7 +451,8 @@ + char * + get_process_ttyname(char *name, size_t namelen) + { +- char path[PATH_MAX], *line = NULL; ++ const char path[] = "/proc/self/stat"; ++ char *line = NULL; + char *ret = NULL; + size_t linesize = 0; + int serrno = errno; +@@ -459,8 +460,7 @@ + FILE *fp; + debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL) + +- /* Try to determine the tty from tty_nr in /proc/pid/stat. */ +- snprintf(path, sizeof(path), "/proc/%u/stat", (unsigned int)getpid()); ++ /* Try to determine the tty from tty_nr in /proc/self/stat. */ + if ((fp = fopen(path, "r")) != NULL) { + len = getline(&line, &linesize, fp); + fclose(fp); + diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..9d1c693 --- /dev/null +++ b/debian/rules @@ -0,0 +1,174 @@ +#!/usr/bin/make -f + +export DH_VERBOSE=1 +export DEB_BUILD_MAINT_OPTIONS = hardening=+all + +CFLAGS = `dpkg-buildflags --get CFLAGS` +CFLAGS += -Wall -Wno-comment +LDFLAGS = `dpkg-buildflags --get LDFLAGS` +CPPFLAGS = `dpkg-buildflags --get CPPFLAGS` + +DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) +DEB_HOST_ARCH_OS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS) +ifeq ($(DEB_HOST_ARCH_OS),linux) + configure_args += --with-selinux --with-linux-audit +endif + +reconf-stamp: + cp -f /usr/share/misc/config.sub config.sub + cp -f /usr/share/misc/config.guess config.guess + autoconf -I m4 + touch $@ + +configure: configure-stamp +configure-stamp: reconf-stamp + dh_testdir + cp -f /usr/share/misc/config.sub config.sub + cp -f /usr/share/misc/config.guess config.guess + + # simple version + mkdir -p build-simple + cd build-simple && NROFFPROG=/usr/bin/nroff CFLAGS="$(CFLAGS)" \ + CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" $(CURDIR)/configure \ + --prefix=/usr -v \ + --with-all-insults \ + --with-pam \ + --with-fqdn \ + --with-logging=syslog \ + --with-logfac=authpriv \ + --with-env-editor \ + --with-editor=/usr/bin/editor \ + --with-exampledir=/usr/share/doc/sudo/examples \ + --with-timeout=15 \ + --with-password-timeout=0 \ + --with-passprompt="[sudo] password for %p: " \ + --disable-root-mailer \ + --with-sendmail=/usr/sbin/sendmail \ + --with-rundir=/var/lib/sudo \ + --mandir=/usr/share/man \ + --libexecdir=/usr/lib/sudo \ + --with-sssd --with-sssd-lib=/usr/lib/$(DEB_HOST_MULTIARCH) \ + $(configure_args) + + # LDAP version + mkdir -p build-ldap + cd build-ldap && NROFFPROG=/usr/bin/nroff CFLAGS="$(CFLAGS)" \ + CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" $(CURDIR)/configure \ + --prefix=/usr -v \ + --with-all-insults \ + --with-pam \ + --with-ldap \ + --with-fqdn \ + --with-logging=syslog \ + --with-logfac=authpriv \ + --with-env-editor \ + --with-editor=/usr/bin/editor \ + --with-exampledir=/usr/share/doc/sudo-ldap/examples \ + --with-timeout=15 \ + --with-password-timeout=0 \ + --with-passprompt="[sudo] password for %p: " \ + --disable-root-mailer \ + --disable-setresuid \ + --with-sendmail=/usr/sbin/sendmail \ + --with-rundir=/var/lib/sudo \ + --with-ldap-conf-file=/etc/sudo-ldap.conf \ + --mandir=/usr/share/man \ + --libexecdir=/usr/lib/sudo \ + $(configure_args) + + touch configure-stamp + +build: build-arch build-indep +build-arch: build-stamp +build-indep: build-stamp +build-stamp: configure-stamp + dh_testdir + + $(MAKE) -C build-simple + $(MAKE) -C build-ldap + + $(MAKE) -C build-simple check + + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f configure-stamp build-stamp + rm -rf build-simple build-ldap + rm -f config.cache + dh_clean + +install: build-stamp + dh_testdir + dh_testroot + dh_prep + dh_installdirs + + $(MAKE) -C build-simple install DESTDIR=$(CURDIR)/debian/sudo + $(MAKE) -C build-ldap install DESTDIR=$(CURDIR)/debian/sudo-ldap + + # remove stuff we don't want + rm -f debian/sudo*/etc/sudoers \ + debian/sudo*/usr/share/doc/sudo/LICENSE* \ + debian/sudo*/usr/share/doc/sudo/ChangeLog + + # move upstream-installed docs to the right place for ldap package + mv debian/sudo-ldap/usr/share/doc/sudo/* \ + debian/sudo-ldap/usr/share/doc/sudo-ldap/ + rmdir debian/sudo-ldap/usr/share/doc/sudo + + # and install things we do want that make install doesn't know about + install -o root -g root -m 0644 debian/sudo.pam \ + debian/sudo/etc/pam.d/sudo + install -o root -g root -m 0644 debian/sudo.pam \ + debian/sudo-ldap/etc/pam.d/sudo + + install -o root -g root -m 0644 debian/sudo.lintian \ + debian/sudo/usr/share/lintian/overrides/sudo + install -o root -g root -m 0644 debian/sudo-ldap.lintian \ + debian/sudo-ldap/usr/share/lintian/overrides/sudo-ldap + + install -o root -g root -m 0440 debian/sudoers \ + debian/sudo/etc/sudoers + install -o root -g root -m 0440 debian/sudoers \ + debian/sudo-ldap/etc/sudoers + + install -o root -g root -m 0440 debian/README \ + debian/sudo/etc/sudoers.d/README + install -o root -g root -m 0440 debian/README \ + debian/sudo-ldap/etc/sudoers.d/README + + install -o root -g root -m 0644 debian/sudo.service \ + debian/sudo/lib/systemd/system/sudo.service + install -o root -g root -m 0644 debian/sudo.service \ + debian/sudo-ldap/lib/systemd/system/sudo.service + +binary-indep: build install + +binary-arch: build install + dh_testdir + dh_testroot + dh_installdocs -A + dh_installinit -psudo --name=sudo + dh_installinit -psudo-ldap --name=sudo-ldap + dh_installman -A + dh_installinfo -A + dh_installchangelogs ChangeLog + # clear dependency_libs field in .la files + sed -i "/dependency_libs/ s/'.*'/''/" `find . -name '*.la'` + dh_strip + dh_compress + dh_fixperms + chown root.root debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo + chmod 4755 debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo + chmod 0440 debian/sudo/etc/sudoers.d/README \ + debian/sudo-ldap/etc/sudoers.d/README + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: configure build-indep build-arch build clean binary-indep binary-arch binary install diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/sudo-ldap.dirs b/debian/sudo-ldap.dirs new file mode 100644 index 0000000..8b95431 --- /dev/null +++ b/debian/sudo-ldap.dirs @@ -0,0 +1,9 @@ +etc/pam.d +etc/sudoers.d +lib/systemd/system +usr/bin +usr/share/man/man8 +usr/share/man/man5 +usr/sbin +usr/share/doc/sudo-ldap +usr/share/lintian/overrides diff --git a/debian/sudo-ldap.docs b/debian/sudo-ldap.docs new file mode 100644 index 0000000..565ca2d --- /dev/null +++ b/debian/sudo-ldap.docs @@ -0,0 +1,8 @@ +debian/OPTIONS +doc/UPGRADE +doc/HISTORY +doc/TROUBLESHOOTING +doc/schema.* +plugins/sudoers/sudoers2ldif +README +README.LDAP diff --git a/debian/sudo-ldap.lintian b/debian/sudo-ldap.lintian new file mode 100644 index 0000000..1e58bc1 --- /dev/null +++ b/debian/sudo-ldap.lintian @@ -0,0 +1,7 @@ +sudo-ldap: non-standard-file-perm etc/sudoers.d/README 0440 != 0644 +sudo-ldap: setuid-binary usr/bin/sudo 4755 root/root +sudo-ldap: setuid-binary usr/bin/sudoedit 4755 root/root +sudo-ldap: read-in-maintainer-script +sudo-ldap: duplicate-updaterc.d-calls-in-postinst +sudo-ldap: hardening-no-stackprotector usr/lib/sudo/sudo_noexec.so +sudo-ldap: systemd-no-service-for-init-script sudo-ldap diff --git a/debian/sudo-ldap.manpages b/debian/sudo-ldap.manpages new file mode 100644 index 0000000..d2afb07 --- /dev/null +++ b/debian/sudo-ldap.manpages @@ -0,0 +1,4 @@ +build-ldap/doc/sudo.mdoc +build-ldap/doc/sudoers.mdoc +build-ldap/doc/sudoers.ldap.mdoc +build-ldap/doc/visudo.mdoc diff --git a/debian/sudo-ldap.postinst b/debian/sudo-ldap.postinst new file mode 100644 index 0000000..be913a1 --- /dev/null +++ b/debian/sudo-ldap.postinst @@ -0,0 +1,79 @@ +#!/bin/sh + +set -e + +# remove old link + +if [ -L /etc/alternatives/sudo ]; then + rm /etc/alternatives/sudo +fi + +# complain if no sudoers file is present +if [ ! -f /etc/sudoers ];then + echo "WARNING: /etc/sudoers not present!"; +fi + +# modify nsswitch.conf if needed +if [ -z "`grep \"^sudoers:\" /etc/nsswitch.conf`" ] +then + echo "sudoers: files ldap" >> /etc/nsswitch.conf +fi + +# handle state directory transition from /var/run/sudo to /var/lib/sudo, +# moving any existing content over to avoid re-lecturing existing users +if [ -d "/var/run/sudo" ];then + mkdir -p /var/lib/sudo + (cd /var/run/sudo ; tar cf - .) | (cd /var/lib/sudo ; tar xf -) + rm -rf /var/run/sudo +fi + +# make sure sudoers has the correct permissions and owner/group +if [ -f /etc/sudoers ];then + chown root:root /etc/sudoers + chmod 440 /etc/sudoers +fi + +# create symlink to ease transition to new path for ldap config +# if old config file exists and new one doesn't +if [ -e /etc/ldap/ldap.conf -a ! -e /etc/sudo-ldap.conf ];then + ln -s ldap/ldap.conf /etc/sudo-ldap.conf +fi + +# if we've gotten this far .. remove the saved, unchanged old sudoers file +rm -f /etc/sudoers.pre-conffile + +# make sure we have a sudo group + +[ -n "`getent group sudo`" ] && exit 0 # we're finished if there is a group sudo: + +# start search with gid 27 +gid="27" +while [ -n "`getent group $gid | cut -d: -f3`" ];do + gid=`expr $gid + 1` +done + + +if [ "$gid" -ne "27" ];then + echo "On Debian we normally use gid 27 for 'sudo'." + gname="`getent group 27 | cut -d: -f1`" + echo "However, on your system gid 27 is group '$gname'." + echo "" + echo "Would you like me to stop configuring sudo so that you can change this?"; + while true;do + echo -n "(Enter 'yes' to stop, enter to continue): " + read ans + [ "$ans" = "" ] && break + if [ "$ans" = "yes" -o "$ans" = "YES" ];then + echo "'dpkg --pending --configure' will restart the configuration." + exit 1; + fi + echo "Please enter exactly 'yes' to stop, or press the enter key to continue without stopping" + done +fi + +echo "Creating group 'sudo' with gid = $gid"; +groupadd -g $gid sudo + +echo "" + +#DEBHELPER# diff --git a/debian/sudo-ldap.postrm b/debian/sudo-ldap.postrm new file mode 100644 index 0000000..246f99d --- /dev/null +++ b/debian/sudo-ldap.postrm @@ -0,0 +1,30 @@ +#!/bin/sh -e + +case "$1" in + purge) + rm -f /etc/sudo-ldap.conf + rm -rf /var/lib/sudo + ;; + + remove|upgrade|deconfigure) + ;; + + abort-upgrade|failed-upgrade) + if [ -e "/etc/sudoers.pre-conffile" ]; then + mv /etc/sudoers.pre-conffile /etc/sudoers + fi + ;; + + + *) + echo "unknown argument --> $1" >&2 + exit 0 + ;; +esac + +# remove sudoers entries, if any, from nsswitch.conf +if [ -w /etc/nsswitch.conf ] ; then + sed -i /^sudoers:/d /etc/nsswitch.conf +fi + +#DEBHELPER# diff --git a/debian/sudo-ldap.preinst b/debian/sudo-ldap.preinst new file mode 100644 index 0000000..9a39d94 --- /dev/null +++ b/debian/sudo-ldap.preinst @@ -0,0 +1,22 @@ +#!/bin/sh -e + +case "$1" in + install|upgrade) + if [ -n "$2" ] && dpkg --compare-versions "$2" le "1.7.4p4-4"; then + + SUDOERS="/etc/sudoers" + + if [ -e "$SUDOERS" ]; then + md5sum="$(md5sum $SUDOERS | sed -e 's/ .*//')" + if [ "$md5sum" = "c310ef4892a00cca8134f6e4fcd64b6d" ] || #lenny + [ "$md5sum" = "c5dab0f2771411ed7e67d6dab60a311f" ] || #squeeze + [ "$md5sum" = "45437b4e86fba2ab890ac81db2ec3606" ]; then #wheezy + # move unchanged sudoers file to avoid conffile question + mv "$SUDOERS" "$SUDOERS.pre-conffile" + fi + fi + fi + ;; +esac + +#DEBHELPER# diff --git a/debian/sudo-ldap.sudo-ldap.init b/debian/sudo-ldap.sudo-ldap.init new file mode 100644 index 0000000..1726dae --- /dev/null +++ b/debian/sudo-ldap.sudo-ldap.init @@ -0,0 +1,36 @@ +#! /bin/sh + +### BEGIN INIT INFO +# Provides: sudo-ldap +# Required-Start: $local_fs $remote_fs +# Required-Stop: +# X-Start-Before: rmnologin +# Default-Start: 2 3 4 5 +# Default-Stop: +# Short-Description: Provide limited super user privileges to specific users +# Description: Provide limited super user privileges to specific users. +### END INIT INFO + +. /lib/lsb/init-functions + +N=/etc/init.d/sudo-ldap + +set -e + +case "$1" in + start) + # make sure privileges don't persist across reboots + if [ -d /var/lib/sudo ] + then + find /var/lib/sudo -exec touch -d @0 '{}' \; + fi + ;; + stop|reload|restart|force-reload|status) + ;; + *) + echo "Usage: $N {start|stop|restart|force-reload|status}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/debian/sudo.dirs b/debian/sudo.dirs new file mode 100644 index 0000000..96b5de3 --- /dev/null +++ b/debian/sudo.dirs @@ -0,0 +1,9 @@ +etc/pam.d +etc/sudoers.d +lib/systemd/system +usr/bin +usr/share/man/man8 +usr/share/man/man5 +usr/sbin +usr/share/doc/sudo +usr/share/lintian/overrides diff --git a/debian/sudo.docs b/debian/sudo.docs new file mode 100644 index 0000000..b590209 --- /dev/null +++ b/debian/sudo.docs @@ -0,0 +1,5 @@ +debian/OPTIONS +doc/UPGRADE +doc/HISTORY +doc/TROUBLESHOOTING +README diff --git a/debian/sudo.lintian b/debian/sudo.lintian new file mode 100644 index 0000000..454a914 --- /dev/null +++ b/debian/sudo.lintian @@ -0,0 +1,6 @@ +sudo: non-standard-file-perm etc/sudoers.d/README 0440 != 0644 +sudo: setuid-binary usr/bin/sudo 4755 root/root +sudo: setuid-binary usr/bin/sudoedit 4755 root/root +sudo: read-in-maintainer-script +sudo: duplicate-updaterc.d-calls-in-postinst +sudo: hardening-no-stackprotector usr/lib/sudo/sudo_noexec.so diff --git a/debian/sudo.manpages b/debian/sudo.manpages new file mode 100644 index 0000000..a1110a2 --- /dev/null +++ b/debian/sudo.manpages @@ -0,0 +1,3 @@ +build-simple/doc/sudo.mdoc +build-simple/doc/sudoers.mdoc +build-simple/doc/visudo.mdoc diff --git a/debian/sudo.pam b/debian/sudo.pam new file mode 100644 index 0000000..68c261a --- /dev/null +++ b/debian/sudo.pam @@ -0,0 +1,5 @@ +#%PAM-1.0 + +@include common-auth +@include common-account +@include common-session-noninteractive diff --git a/debian/sudo.postinst b/debian/sudo.postinst new file mode 100644 index 0000000..7f94155 --- /dev/null +++ b/debian/sudo.postinst @@ -0,0 +1,67 @@ +#!/bin/sh + +set -e + +# remove old link + +if [ -L /etc/alternatives/sudo ]; then + rm /etc/alternatives/sudo +fi + +# complain if no sudoers file is present +if [ ! -f /etc/sudoers ];then + echo "WARNING: /etc/sudoers not present!"; +fi + +# handle state directory transition from /var/run/sudo to /var/lib/sudo, +# moving any existing content over to avoid re-lecturing existing users +if [ -d "/var/run/sudo" ];then + mkdir -p /var/lib/sudo + (cd /var/run/sudo ; tar cf - .) | (cd /var/lib/sudo ; tar xf -) + rm -rf /var/run/sudo +fi + +# make sure sudoers has the correct permissions and owner/group +if [ -f /etc/sudoers ];then + chown root:root /etc/sudoers + chmod 440 /etc/sudoers +fi + +# if we've gotten this far .. remove the saved, unchanged old sudoers file +rm -f /etc/sudoers.pre-conffile + +# make sure we have a sudo group + +[ -n "`getent group sudo`" ] && exit 0 # we're finished if there is a group sudo: + +# start search with gid 27 +gid="27" +while [ -n "`getent group $gid | cut -d: -f3`" ];do + gid=`expr $gid + 1` +done + + +if [ "$gid" -ne "27" ];then + echo "On Debian we normally use gid 27 for 'sudo'." + gname="`getent group 27 | cut -d: -f1`" + echo "However, on your system gid 27 is group '$gname'." + echo "" + echo "Would you like me to stop configuring sudo so that you can change this?"; + while true;do + echo -n "(Enter 'yes' to stop, enter to continue): " + read ans + [ "$ans" = "" ] && break + if [ "$ans" = "yes" -o "$ans" = "YES" ];then + echo "'dpkg --pending --configure' will restart the configuration." + exit 1; + fi + echo "Please enter exactly 'yes' to stop, or press the enter key to continue without stopping" + done +fi + +echo "Creating group 'sudo' with gid = $gid"; +groupadd -g $gid sudo + +echo "" + +#DEBHELPER# diff --git a/debian/sudo.postrm b/debian/sudo.postrm new file mode 100644 index 0000000..ab1425a --- /dev/null +++ b/debian/sudo.postrm @@ -0,0 +1,23 @@ +#!/bin/sh -e + +case "$1" in + purge) + rm -rf /var/lib/sudo + ;; + + remove|upgrade|deconfigure) + ;; + + abort-upgrade|failed-upgrade) + if [ -e "/etc/sudoers.pre-conffile" ]; then + mv /etc/sudoers.pre-conffile /etc/sudoers + fi + ;; + + *) + echo "unknown argument --> $1" >&2 + exit 0 + ;; +esac + +#DEBHELPER# diff --git a/debian/sudo.preinst b/debian/sudo.preinst new file mode 100644 index 0000000..9a39d94 --- /dev/null +++ b/debian/sudo.preinst @@ -0,0 +1,22 @@ +#!/bin/sh -e + +case "$1" in + install|upgrade) + if [ -n "$2" ] && dpkg --compare-versions "$2" le "1.7.4p4-4"; then + + SUDOERS="/etc/sudoers" + + if [ -e "$SUDOERS" ]; then + md5sum="$(md5sum $SUDOERS | sed -e 's/ .*//')" + if [ "$md5sum" = "c310ef4892a00cca8134f6e4fcd64b6d" ] || #lenny + [ "$md5sum" = "c5dab0f2771411ed7e67d6dab60a311f" ] || #squeeze + [ "$md5sum" = "45437b4e86fba2ab890ac81db2ec3606" ]; then #wheezy + # move unchanged sudoers file to avoid conffile question + mv "$SUDOERS" "$SUDOERS.pre-conffile" + fi + fi + fi + ;; +esac + +#DEBHELPER# diff --git a/debian/sudo.prerm b/debian/sudo.prerm new file mode 100644 index 0000000..c3b8c46 --- /dev/null +++ b/debian/sudo.prerm @@ -0,0 +1,45 @@ +#!/bin/sh + +set -e + +check_password() { + if [ ! "$SUDO_FORCE_REMOVE" = "yes" ]; then + # let's check whether the root account is locked. + # if it is, we're not going another step. No Sirreee! + passwd=$(getent shadow root|cut -f2 -d:) + passwd1=$(echo "$passwd" |cut -c1) + # Note: we do need the 'xfoo' syntax here, since POSIX special-cases + # the $passwd value '!' as negation. + if [ "x$passwd" = "x*" ] || [ "x$passwd1" = "x!" ]; then + # yup, password is locked + echo "You have asked that the sudo package be removed," + echo "but no root password has been set." + echo "Without sudo, you may not be able to gain administrative privileges." + echo + echo "If you would prefer to access the root account with su(1)" + echo "or by logging in directly," + echo "you must set a root password with \"sudo passwd\"." + echo + echo "If you have arranged other means to access the root account," + echo "and you are sure this is what you want," + echo "you may bypass this check by setting an environment variable " + echo "(export SUDO_FORCE_REMOVE=yes)." + echo + echo "Refusing to remove sudo." + exit 1 + fi + fi +} + +case $1 in + remove) + check_password; + ;; + *) + ;; +esac + +#DEBHELPER# + +exit 0 + diff --git a/debian/sudo.service b/debian/sudo.service new file mode 100644 index 0000000..a8c5460 --- /dev/null +++ b/debian/sudo.service @@ -0,0 +1,10 @@ +[Unit] +Description=Provide limited super user privileges to specific users + +[Service] +Type=oneshot +# \073 is ';' which needs to be part of the find parameters +ExecStart=/usr/bin/find /var/lib/sudo -exec /usr/bin/touch -d @0 '{}' \073 + +[Install] +WantedBy=multi-user.target diff --git a/debian/sudo.sudo.init b/debian/sudo.sudo.init new file mode 100644 index 0000000..0f01b97 --- /dev/null +++ b/debian/sudo.sudo.init @@ -0,0 +1,36 @@ +#! /bin/sh + +### BEGIN INIT INFO +# Provides: sudo +# Required-Start: $local_fs $remote_fs +# Required-Stop: +# X-Start-Before: rmnologin +# Default-Start: 2 3 4 5 +# Default-Stop: +# Short-Description: Provide limited super user privileges to specific users +# Description: Provide limited super user privileges to specific users. +### END INIT INFO + +. /lib/lsb/init-functions + +N=/etc/init.d/sudo + +set -e + +case "$1" in + start) + # make sure privileges don't persist across reboots + if [ -d /var/lib/sudo ] + then + find /var/lib/sudo -exec touch -d @0 '{}' \; + fi + ;; + stop|reload|restart|force-reload|status) + ;; + *) + echo "Usage: $N {start|stop|restart|force-reload|status}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/debian/sudoers b/debian/sudoers new file mode 100644 index 0000000..d4cc632 --- /dev/null +++ b/debian/sudoers @@ -0,0 +1,27 @@ +# +# This file MUST be edited with the 'visudo' command as root. +# +# Please consider adding local content in /etc/sudoers.d/ instead of +# directly modifying this file. +# +# See the man page for details on how to write a sudoers file. +# +Defaults env_reset +Defaults mail_badpass +Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL:ALL) ALL + +# Allow members of group sudo to execute any command +%sudo ALL=(ALL:ALL) ALL + +# See sudoers(5) for more information on "#include" directives: + +#includedir /etc/sudoers.d diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc new file mode 100644 index 0000000..d047571 --- /dev/null +++ b/debian/upstream/signing-key.asc @@ -0,0 +1,34 @@ +pub 1024D/7EE470C4 2002-10-02 Todd C. Miller <Todd.Miller@courtesan.com> + Key fingerprint = CCB2 4BE9 E948 1B15 D341 5953 5A89 DFA2 7EE4 70C4 + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.13 (OpenBSD) + +mQGiBD2bdiURBACyoSsYq9t8jiLnhABRZcgDP2vaoJoGJD3eb9HNsv2+0IrcHaut +s1QR1AY88AGTMnQTFWjH1vIXz/YCKnvgqklfbVCMehvkOUKvGv2eP7IkmWvVPIQb +kayHCtChOKW86hqxZXyT8sbBJqHGHq7xBbg71uZ/CSaTY3ATencRX+UndwCg6ujz +FFQhKoVwnPdYPkYA10kp2UsD/2Act3O9UJabaln5MLqLQrxo1Cqa3+ht4liAAOr3 +psMPcieyIULQ4yE19Jvb90s2sao88BUPVeDxBHV/nhcNQxlH4Boc+kWtU36XSxU3 +yrUhZDQIvrM4o1yCSgNSwUM88+qYm6ETAT0sZAiFT9biMjsT4Bw13KihyYtE2L36 +LdXOA/9MEH8zWRqUjQMt4X1yKTjwmIotAd9xetVNj+4lfTgmsnlZoex7T94Id0+B +FDDSj4gpQ7GpFa0qOQgTyaUo5HgoPFw4F9TjebWiyey2SznIw4960KoAwfSTdSOG +GoD96xuBsmQGCfdIFW43SJngXKiOpF/3VHoUxGYhTefOSGHAvLQqVG9kZCBDLiBN +aWxsZXIgPFRvZGQuTWlsbGVyQGNvdXJ0ZXNhbi5jb20+iFkEExECABkFAj2bdiUE +CwcDAgMVAgMDFgIBAh4BAheAAAoJEFqJ36J+5HDEQigAoLdD+y5EQzvogb6oybhC +pBBmefqYAKDGlnXX7JNBJYBv/r5TBg4+zLOOL4hGBBIRAgAGBQJBRe2EAAoJEHbc +LD8Bvl1KkGcAoIkEEMxMKxVqFODJb+UB0l4SckGNAJ0cbUUrRBd6CuC43gMocJjf +CIu6A4hGBBMRAgAGBQI+lby2AAoJEO+q29VP9Jttjb4AoImefkVHaJKjEsHhK2ND +DSapGyBOAJ0UwMYRCd+/WohvvBUsWZLfGl1LjIicBBABAgAGBQJRdsCIAAoJEDQB +qWfpGXNhvlwD/1qaXdVB0F/90q/TD+K4wGSNTgxzSz7WxfeEFnaOmyKzPzZYo7PD +Apfb68IxLGutG+LJjOiC+46smQBSFETiyM5U7YycpOFH0I908uJzMDqZm2UuVn9V +WM/Y8oCjZbdmmECqbO+Mh+E+YHu7ojnVCXxXN+J21eVec781Q7YmRpPbuQENBD2b +dicQBADOE3R8587Pf7ObSscn6EJbTowT1bVRZOA92SHqLMw7b2Pm2yrswM4SiIED +x8Y1X37WepdLc9axik+qeb5jH/zMc+x6mI5Z7dRomu4F8VPwGUZLM3qn1o7WWJA6 +e/ntei5Fpvm1QVk8MzsAMcYCWu7K9mPPLCP+/oVY2hjoMuKqiwADBQQApJqntyzD ++yQUQPSUX+WyWW+ZFrviR3+URgY8HrYLJq7/ie5yudmsE0/vBIh2kIvNDGrqX+P+ +8/lpRXyo3Zbr4NjUJkCuh21ko9Q0YcJ2in1lyyQTHp44baK9imCfTPqxyhdQniDm +QJKyHM950bgM4scUy0SFUNbGcd22fRQUKe2IRgQYEQIABgUCPZt2JwAKCRBaid+i +fuRwxM54AKCYI8PUizkqFGZz7uRjggt91Rfk5QCfaZ1IGT+k5sB+l0/NqwlPtDEh +AUs= +=zwJJ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..ef2d335 --- /dev/null +++ b/debian/watch @@ -0,0 +1,2 @@ +version=3 +opts=pgpsigurlmangle=s/$/.sig/ http://www.sudo.ws/sudo/dist/sudo-(.*)[.]tar[.]gz |