diff -Nru sudo-1.9.5p2/debian/changelog sudo-1.9.5p2/debian/changelog --- sudo-1.9.5p2/debian/changelog 2021-02-17 18:03:21.000000000 -0600 +++ sudo-1.9.5p2/debian/changelog 2021-05-20 10:43:31.000000000 -0500 @@ -1,3 +1,40 @@ +sudo (1.9.5p2-3ubuntu1) impish; urgency=low + + * Merge from Debian unstable (LP: #1929110) + Remaining changes: + - debian/rules: + + use dh-autoreconf + - debian/rules: stop shipping init scripts, as they are no longer + necessary. + - debian/rules: + + compile with --without-lecture --with-tty-tickets --enable-admin-flag + + install man/man8/sudo_root.8 in both flavours + + install apport hooks + - debian/sudo-ldap.dirs, debian/sudo.dirs: + + add usr/share/apport/package-hooks + - debian/sudo.pam: + + Use pam_env to read /etc/environment and /etc/default/locale + environment files. Reading ~/.pam_environment is not permitted due + to security reasons. + - debian/sudoers: + + also grant admin group sudo access + + include /snap/bin in the secure_path + + -- William 'jawn-smith' Wilson Thu, 20 May 2021 15:43:31 +0000 + +sudo (1.9.5p2-3) unstable; urgency=medium + + * new maintainer team and uploaders (Closes: #976244) + * sudo is now team maintained + * add Uploaders field + * move salsa repo to team-sudo group + * refresh patches + * Adapt README.LDAP to the actual state of sudo-ldap (Closes: #442871) + * add Apport hook. + Thanks to Balint Reczey (Closes: 881671) + + -- Marc Haber Sat, 27 Feb 2021 09:28:03 +0100 + sudo (1.9.5p2-2ubuntu3) hirsute; urgency=medium * No change rebuild with fixed ownership. diff -Nru sudo-1.9.5p2/debian/control sudo-1.9.5p2/debian/control --- sudo-1.9.5p2/debian/control 2021-02-16 04:39:16.000000000 -0600 +++ sudo-1.9.5p2/debian/control 2021-05-20 10:43:31.000000000 -0500 @@ -2,13 +2,13 @@ Section: admin Priority: optional Maintainer: Ubuntu Developers -XSBC-Original-Maintainer: Bdale Garbee +XSBC-Original-Maintainer: Sudo Maintainers Build-Depends: debhelper (>= 10), libpam0g-dev, libldap2-dev, libsasl2-dev, libselinux1-dev [linux-any], autoconf, bison, flex, libaudit-dev [linux-any], mandoc, zlib1g-dev Build-Conflicts: fakeroot (<< 1.25.3-1.1ubuntu1) Standards-Version: 4.1.1 -Vcs-Git: https://salsa.debian.org/debian/sudo.git -Vcs-Browser: https://salsa.debian.org/debian/sudo -Homepage: http://www.sudo.ws/ +Vcs-Git: https://salsa.debian.org/sudo-team/sudo.git +Vcs-Browser: https://salsa.debian.org/sudo-team/sudo +Homepage: https://www.sudo.ws/ Package: sudo Architecture: any diff -Nru sudo-1.9.5p2/debian/patches/fix-no-root-mailer.diff sudo-1.9.5p2/debian/patches/fix-no-root-mailer.diff --- sudo-1.9.5p2/debian/patches/fix-no-root-mailer.diff 2021-01-29 19:12:32.000000000 -0600 +++ sudo-1.9.5p2/debian/patches/fix-no-root-mailer.diff 2021-05-20 10:43:31.000000000 -0500 @@ -10,10 +10,9 @@ adds a call to eventlog_set_mailuid() if NO_ROOT_MAILER is defined after the invoking user is determined. Reported by Roman Fiedler. -diff -r cd1c7615e861 -r e0d4f196ba02 plugins/sudoers/logging.c ---- a/plugins/sudoers/logging.c Tue Dec 08 12:35:21 2020 -0700 -+++ b/plugins/sudoers/logging.c Fri Jan 29 05:42:34 2021 -0700 -@@ -786,11 +786,6 @@ +--- a/plugins/sudoers/logging.c ++++ b/plugins/sudoers/logging.c +@@ -786,11 +786,6 @@ void init_eventlog_config(void) { int logtype = 0; @@ -25,7 +24,7 @@ debug_decl(init_eventlog_config, SUDOERS_DEBUG_LOGGING); if (def_syslog) -@@ -805,7 +800,7 @@ +@@ -805,7 +800,7 @@ init_eventlog_config(void) eventlog_set_syslog_alertpri(def_syslog_badpri); eventlog_set_syslog_maxlen(def_syslog_maxlen); eventlog_set_file_maxlen(def_loglinelen); @@ -34,10 +33,9 @@ eventlog_set_omit_hostname(!def_log_host); eventlog_set_logpath(def_logfile); eventlog_set_time_fmt(def_log_year ? "%h %e %T %Y" : "%h %e %T"); -diff -r cd1c7615e861 -r e0d4f196ba02 plugins/sudoers/policy.c ---- a/plugins/sudoers/policy.c Tue Dec 08 12:35:21 2020 -0700 -+++ b/plugins/sudoers/policy.c Fri Jan 29 05:42:34 2021 -0700 -@@ -518,6 +518,10 @@ +--- a/plugins/sudoers/policy.c ++++ b/plugins/sudoers/policy.c +@@ -518,6 +518,10 @@ sudoers_policy_deserialize_info(void *v) /* Some systems support fexecve() which we use for digest matches. */ cmnd_fd = -1; @@ -48,4 +46,3 @@ /* Dump settings and user info (XXX - plugin args) */ for (cur = info->settings; *cur != NULL; cur++) sudo_debug_printf(SUDO_DEBUG_INFO, "settings: %s", *cur); - diff -Nru sudo-1.9.5p2/debian/patches/paths-in-samples.diff sudo-1.9.5p2/debian/patches/paths-in-samples.diff --- sudo-1.9.5p2/debian/patches/paths-in-samples.diff 2021-01-29 19:12:32.000000000 -0600 +++ sudo-1.9.5p2/debian/patches/paths-in-samples.diff 2021-05-20 10:43:31.000000000 -0500 @@ -1,6 +1,6 @@ --- a/examples/sudoers +++ b/examples/sudoers -@@ -44,10 +44,10 @@ +@@ -44,10 +44,10 @@ Host_Alias CDROM = orion, perseus, hercu # Cmnd alias specification ## Cmnd_Alias DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \ @@ -13,7 +13,7 @@ Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown Cmnd_Alias HALT = /usr/sbin/halt -@@ -85,7 +85,7 @@ +@@ -85,7 +85,7 @@ operator ALL = DUMPS, KILL, SHUTDOWN, HA sudoedit /etc/printcap, /usr/oper/bin/ # joe may su only to operator @@ -22,7 +22,7 @@ # pete may change passwords for anyone but root on the hp snakes pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd *root* -@@ -99,13 +99,13 @@ +@@ -99,13 +99,13 @@ jim +biglab = ALL # users in the secretaries netgroup need to help manage the printers # as well as add and remove users diff -Nru sudo-1.9.5p2/debian/patches/series sudo-1.9.5p2/debian/patches/series --- sudo-1.9.5p2/debian/patches/series 2021-01-29 19:12:32.000000000 -0600 +++ sudo-1.9.5p2/debian/patches/series 2021-05-20 10:43:31.000000000 -0500 @@ -2,3 +2,4 @@ paths-in-samples.diff Whitelist-DPKG_COLORS-environment-variable.diff fix-no-root-mailer.diff +sudo-ldap-docs diff -Nru sudo-1.9.5p2/debian/patches/sudo-ldap-docs sudo-1.9.5p2/debian/patches/sudo-ldap-docs --- sudo-1.9.5p2/debian/patches/sudo-ldap-docs 1969-12-31 18:00:00.000000000 -0600 +++ sudo-1.9.5p2/debian/patches/sudo-ldap-docs 2021-05-20 10:43:31.000000000 -0500 @@ -0,0 +1,54 @@ +Description: Adapt README.LDAP to the actual state of the sudo-ldap package +Author: Marc Haber + +--- a/README.LDAP ++++ b/README.LDAP +@@ -35,18 +35,8 @@ They are one and the same. + + Build instructions + ================== +-The simplest way to build sudo with LDAP support is to include the +-'--with-ldap' option. +- +- $ ./configure --with-ldap +- +-If your ldap libraries and headers are in a non-standard place, you will need +-to specify them at configure time. E.g. +- +- $ ./configure --with-ldap=/usr/local/ldapsdk +- +-Sudo is developed using OpenLDAP but Netscape-based LDAP libraries +-(such as those present in Solaris) are also known to work. ++The Debian package of sudo-ldap is already built with LDAP support ++using the OpenLDAP libs. + + Your mileage may vary. Please let the sudo workers mailing list + know if special configuration was required +@@ -174,13 +164,10 @@ I recommend using any of the following L + + There are dozens of others, some Open Source, some free, some not. + +-Configure your /etc/ldap.conf and /etc/nsswitch.conf +-==================================================== +-The /etc/ldap.conf file is meant to be shared between sudo, pam_ldap, nss_ldap +-and other ldap applications and modules. IBM Secureway unfortunately uses +-the same file name but has a different syntax. If you need to change where +-this file is stored, re-run configure with the --with-ldap-conf-file=PATH +-option. ++Configure your /etc/sudo-ldap.conf and /etc/nsswitch.conf ++========================================================= ++The Debian package sudo-ldap uses /etc/sudo-ldap.conf as configuration file ++and is configured to use nsswitch. + + See the "Configuring ldap.conf" section in the sudoers.ldap manual + for a list of supported ldap.conf parameters and an example ldap.conf +@@ -192,9 +179,6 @@ After configuring /etc/ldap.conf, you mu + to tell sudo to look in LDAP for sudoers. See the "Configuring nsswitch.conf" + section in the sudoers.ldap manual for details. Note that sudo will use + /etc/nsswitch.conf even if the underlying operating system does not support it. +-To disable nsswitch support, run configure with the --with-nsswitch=no option. +-This will cause sudo to consult LDAP first and /etc/sudoers second, unless the +-ignore_sudoers_file flag is set in the global LDAP options. + + Debugging your LDAP configuration + ================================= diff -Nru sudo-1.9.5p2/debian/patches/typo-in-classic-insults.diff sudo-1.9.5p2/debian/patches/typo-in-classic-insults.diff --- sudo-1.9.5p2/debian/patches/typo-in-classic-insults.diff 2021-01-29 19:12:32.000000000 -0600 +++ sudo-1.9.5p2/debian/patches/typo-in-classic-insults.diff 2021-05-20 10:43:31.000000000 -0500 @@ -1,6 +1,6 @@ --- a/plugins/sudoers/ins_classic.h +++ b/plugins/sudoers/ins_classic.h -@@ -30,7 +30,7 @@ +@@ -32,7 +32,7 @@ "Where did you learn to type?", "Are you on drugs?", "My pet ferret can type better than you!", diff -Nru sudo-1.9.5p2/debian/patches/Whitelist-DPKG_COLORS-environment-variable.diff sudo-1.9.5p2/debian/patches/Whitelist-DPKG_COLORS-environment-variable.diff --- sudo-1.9.5p2/debian/patches/Whitelist-DPKG_COLORS-environment-variable.diff 2021-01-29 19:12:32.000000000 -0600 +++ sudo-1.9.5p2/debian/patches/Whitelist-DPKG_COLORS-environment-variable.diff 2021-05-20 10:43:31.000000000 -0500 @@ -7,11 +7,9 @@ plugins/sudoers/env.c | 1 + 1 file changed, 1 insertion(+) -diff --git a/plugins/sudoers/env.c b/plugins/sudoers/env.c -index 9065250..c037bd8 100644 --- a/plugins/sudoers/env.c +++ b/plugins/sudoers/env.c -@@ -188,6 +188,7 @@ static const char *initial_checkenv_table[] = { +@@ -216,6 +216,7 @@ static const char *initial_checkenv_tabl static const char *initial_keepenv_table[] = { "COLORS", "DISPLAY", @@ -19,6 +17,3 @@ "HOSTNAME", "KRB5CCNAME", "LS_COLORS", --- -2.8.1 - diff -Nru sudo-1.9.5p2/debian/rules sudo-1.9.5p2/debian/rules --- sudo-1.9.5p2/debian/rules 2021-02-16 04:39:16.000000000 -0600 +++ sudo-1.9.5p2/debian/rules 2021-05-20 10:43:31.000000000 -0500 @@ -176,6 +176,12 @@ ln -s /dev/null debian/sudo/lib/systemd/system/sudo.service ln -s /dev/null debian/sudo-ldap/lib/systemd/system/sudo.service + install -o root -g root -m 0644 $(CURDIR)/debian/source_sudo.py \ + debian/sudo/usr/share/apport/package-hooks/source_sudo.py + install -o root -g root -m 0644 $(CURDIR)/debian/source_sudo.py \ + debian/sudo-ldap/usr/share/apport/package-hooks/source_sudo.py + + binary-indep: build install binary-arch: build install diff -Nru sudo-1.9.5p2/debian/sudo.dirs sudo-1.9.5p2/debian/sudo.dirs --- sudo-1.9.5p2/debian/sudo.dirs 2021-02-10 05:42:42.000000000 -0600 +++ sudo-1.9.5p2/debian/sudo.dirs 2021-05-20 10:43:31.000000000 -0500 @@ -5,6 +5,7 @@ usr/share/man/man8 usr/share/man/man5 usr/sbin +usr/share/apport/package-hooks usr/share/doc/sudo usr/share/lintian/overrides usr/share/apport/package-hooks diff -Nru sudo-1.9.5p2/debian/sudo-ldap.dirs sudo-1.9.5p2/debian/sudo-ldap.dirs --- sudo-1.9.5p2/debian/sudo-ldap.dirs 2021-02-10 05:42:42.000000000 -0600 +++ sudo-1.9.5p2/debian/sudo-ldap.dirs 2021-05-20 10:43:31.000000000 -0500 @@ -5,6 +5,7 @@ usr/share/man/man8 usr/share/man/man5 usr/sbin +usr/share/apport/package-hooks usr/share/doc/sudo-ldap usr/share/lintian/overrides usr/share/apport/package-hooks diff -Nru sudo-1.9.5p2/debian/upstream/signing-key.asc sudo-1.9.5p2/debian/upstream/signing-key.asc --- sudo-1.9.5p2/debian/upstream/signing-key.asc 2021-01-29 19:12:32.000000000 -0600 +++ sudo-1.9.5p2/debian/upstream/signing-key.asc 2021-05-20 10:43:31.000000000 -0500 @@ -1,5 +1,5 @@ pub 1024D/7EE470C4 2002-10-02 Todd C. Miller - Key fingerprint = CCB2 4BE9 E948 1B15 D341 5953 5A89 DFA2 7EE4 70C4 +Key fingerprint = CCB2 4BE9 E948 1B15 D341 5953 5A89 DFA2 7EE4 70C4 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.13 (OpenBSD) @@ -15,20 +15,13 @@ GoD96xuBsmQGCfdIFW43SJngXKiOpF/3VHoUxGYhTefOSGHAvLQqVG9kZCBDLiBN aWxsZXIgPFRvZGQuTWlsbGVyQGNvdXJ0ZXNhbi5jb20+iFkEExECABkFAj2bdiUE CwcDAgMVAgMDFgIBAh4BAheAAAoJEFqJ36J+5HDEQigAoLdD+y5EQzvogb6oybhC -pBBmefqYAKDGlnXX7JNBJYBv/r5TBg4+zLOOL4hGBBIRAgAGBQJBRe2EAAoJEHbc -LD8Bvl1KkGcAoIkEEMxMKxVqFODJb+UB0l4SckGNAJ0cbUUrRBd6CuC43gMocJjf -CIu6A4hGBBMRAgAGBQI+lby2AAoJEO+q29VP9Jttjb4AoImefkVHaJKjEsHhK2ND -DSapGyBOAJ0UwMYRCd+/WohvvBUsWZLfGl1LjIicBBABAgAGBQJRdsCIAAoJEDQB -qWfpGXNhvlwD/1qaXdVB0F/90q/TD+K4wGSNTgxzSz7WxfeEFnaOmyKzPzZYo7PD -Apfb68IxLGutG+LJjOiC+46smQBSFETiyM5U7YycpOFH0I908uJzMDqZm2UuVn9V -WM/Y8oCjZbdmmECqbO+Mh+E+YHu7ojnVCXxXN+J21eVec781Q7YmRpPbuQENBD2b -dicQBADOE3R8587Pf7ObSscn6EJbTowT1bVRZOA92SHqLMw7b2Pm2yrswM4SiIED -x8Y1X37WepdLc9axik+qeb5jH/zMc+x6mI5Z7dRomu4F8VPwGUZLM3qn1o7WWJA6 -e/ntei5Fpvm1QVk8MzsAMcYCWu7K9mPPLCP+/oVY2hjoMuKqiwADBQQApJqntyzD -+yQUQPSUX+WyWW+ZFrviR3+URgY8HrYLJq7/ie5yudmsE0/vBIh2kIvNDGrqX+P+ -8/lpRXyo3Zbr4NjUJkCuh21ko9Q0YcJ2in1lyyQTHp44baK9imCfTPqxyhdQniDm -QJKyHM950bgM4scUy0SFUNbGcd22fRQUKe2IRgQYEQIABgUCPZt2JwAKCRBaid+i -fuRwxM54AKCYI8PUizkqFGZz7uRjggt91Rfk5QCfaZ1IGT+k5sB+l0/NqwlPtDEh -AUs= -=zwJJ +pBBmefqYAKDGlnXX7JNBJYBv/r5TBg4+zLOOL7kBDQQ9m3YnEAQAzhN0fOfOz3+z +m0rHJ+hCW06ME9W1UWTgPdkh6izMO29j5tsq7MDOEoiBA8fGNV9+1nqXS3PWsYpP +qnm+Yx/8zHPsepiOWe3UaJruBfFT8BlGSzN6p9aO1liQOnv57XouRab5tUFZPDM7 +ADHGAlruyvZjzywj/v6FWNoY6DLiqosAAwUEAKSap7csw/skFED0lF/lsllvmRa7 +4kd/lEYGPB62Cyau/4nucrnZrBNP7wSIdpCLzQxq6l/j/vP5aUV8qN2W6+DY1CZA +rodtZKPUNGHCdop9ZcskEx6eOG2ivYpgn0z6scoXUJ4g5kCSshzPedG4DOLHFMtE +hVDWxnHdtn0UFCntiEYEGBECAAYFAj2bdicACgkQWonfon7kcMTOeACgmCPD1Is5 +KhRmc+7kY4ILfdUX5OUAn2mdSBk/pObAfpdPzasJT7QxIQFL +=3GDW -----END PGP PUBLIC KEY BLOCK-----