diff -u sudo-1.6.8p12/config.guess sudo-1.6.8p12/config.guess --- sudo-1.6.8p12/config.guess +++ sudo-1.6.8p12/config.guess @@ -1,9 +1,10 @@ #! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, +# Inc. -timestamp='2006-02-23' +timestamp='2006-07-02' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -210,7 +211,7 @@ echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} exit ;; macppc:MirBSD:*:*) - echo powerppc-unknown-mirbsd${UNAME_RELEASE} + echo powerpc-unknown-mirbsd${UNAME_RELEASE} exit ;; *:MirBSD:*:*) echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} @@ -770,6 +771,8 @@ case ${UNAME_MACHINE} in pc98) echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + amd64) + echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; *) echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; esac @@ -780,9 +783,6 @@ i*:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; - i*:MSYS_NT-*:*:*) - echo ${UNAME_MACHINE}-pc-mingw32 - exit ;; i*:windows32*:*) # uname -m includes "-pc" on this system. echo ${UNAME_MACHINE}-mingw32 @@ -790,10 +790,10 @@ i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; - x86:Interix*:[345]*) + x86:Interix*:[3456]*) echo i586-pc-interix${UNAME_RELEASE} exit ;; - EM64T:Interix*:[345]*) + EM64T:Interix*:[3456]*) echo x86_64-unknown-interix${UNAME_RELEASE} exit ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) @@ -831,6 +831,9 @@ arm*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; + avr32*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; cris:Linux:*:*) echo cris-axis-linux-gnu exit ;; @@ -989,7 +992,7 @@ LIBC=gnulibc1 # endif #else - #if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__sun) + #if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) LIBC=gnu #else LIBC=gnuaout diff -u sudo-1.6.8p12/config.sub sudo-1.6.8p12/config.sub --- sudo-1.6.8p12/config.sub +++ sudo-1.6.8p12/config.sub @@ -1,9 +1,10 @@ #! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, +# Inc. -timestamp='2006-02-23' +timestamp='2006-07-02' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -240,7 +241,7 @@ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | am33_2.0 \ - | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \ + | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ | bfin \ | c4x | clipper \ | d10v | d30v | dlx | dsp16xx \ @@ -248,7 +249,8 @@ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ - | m32r | m32rle | m68000 | m68k | m88k | maxq | mb | microblaze | mcore \ + | m32c | m32r | m32rle | m68000 | m68k | m88k \ + | maxq | mb | microblaze | mcore \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ @@ -274,11 +276,11 @@ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ | pyramid \ - | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \ + | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ - | sparc | sparc64 | sparc64b | sparc86x | sparclet | sparclite \ - | sparcv8 | sparcv9 | sparcv9b \ - | strongarm \ + | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ + | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ + | spu | strongarm \ | tahoe | thumb | tic4x | tic80 | tron \ | v850 | v850e \ | we32k \ @@ -286,9 +288,6 @@ | z8k) basic_machine=$basic_machine-unknown ;; - m32c) - basic_machine=$basic_machine-unknown - ;; m6811 | m68hc11 | m6812 | m68hc12) # Motorola 68HC11/12. basic_machine=$basic_machine-unknown @@ -318,7 +317,7 @@ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ - | avr-* \ + | avr-* | avr32-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ | clipper-* | craynv-* | cydra-* \ @@ -329,7 +328,7 @@ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ - | m32r-* | m32rle-* \ + | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ | m88110-* | m88k-* | maxq-* | mcore-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ @@ -358,11 +357,11 @@ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ | pyramid-* \ | romp-* | rs6000-* \ - | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | shbe-* \ + | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ - | sparc-* | sparc64-* | sparc64b-* | sparc86x-* | sparclet-* \ + | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ - | sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ + | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ | tahoe-* | thumb-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ | tron-* \ @@ -373,8 +372,6 @@ | ymp-* \ | z8k-*) ;; - m32c-*) - ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. 386bsd) @@ -1128,7 +1125,7 @@ sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele) basic_machine=sh-unknown ;; - sparc | sparcv8 | sparcv9 | sparcv9b) + sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) basic_machine=sparc-sun ;; cydra) @@ -1217,7 +1214,7 @@ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos*) + | -skyos* | -haiku* | -rdos* | -toppers*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1369,6 +1366,9 @@ # system, and we'll never get to this point. case $basic_machine in + spu-*) + os=-elf + ;; *-acorn) os=-riscix1.2 ;; @@ -1378,9 +1378,9 @@ arm*-semi) os=-aout ;; - c4x-* | tic4x-*) - os=-coff - ;; + c4x-* | tic4x-*) + os=-coff + ;; # This must come before the *-dec entry. pdp10-*) os=-tops20 diff -u sudo-1.6.8p12/debian/changelog sudo-1.6.8p12/debian/changelog --- sudo-1.6.8p12/debian/changelog +++ sudo-1.6.8p12/debian/changelog @@ -1,3 +1,9 @@ +sudo (1.6.8p12-4scanplus1) unstable; urgency=low + + * add -krb5 subpackage + + -- Rene Engelhard Tue, 26 Jun 2007 17:06:47 +0200 + sudo (1.6.8p12-4) unstable; urgency=low * patch from Petter Reinholdtsen for the LSB info block in the init.d diff -u sudo-1.6.8p12/debian/control sudo-1.6.8p12/debian/control --- sudo-1.6.8p12/debian/control +++ sudo-1.6.8p12/debian/control @@ -2,7 +2,7 @@ Section: admin Priority: optional Maintainer: Bdale Garbee -Build-Depends: debhelper (>= 5), libpam0g-dev, libldap2-dev, autotools-dev, bison +Build-Depends: debhelper (>= 5), libpam0g-dev, libldap2-dev, autotools-dev, bison, libkrb5-dev Standards-Version: 3.6.2.1 Package: sudo @@ -32,0 +33,14 @@ + +Package: sudo-krb5 +Architecture: any +Depends: ${shlibs:Depends}, libpam-modules +Conflicts: sudo +Replaces: sudo +Provides: sudo +Description: Provide limited super user privileges to specific users + Sudo is a program designed to allow a sysadmin to give limited root + privileges to users and log root activity. The basic philosophy is to give + as few privileges as possible but still allow people to get their work done. + . + This version is built with Kerberos support. + diff -u sudo-1.6.8p12/debian/rules sudo-1.6.8p12/debian/rules --- sudo-1.6.8p12/debian/rules +++ sudo-1.6.8p12/debian/rules @@ -41,6 +41,21 @@ --mandir=/usr/share/man --libexecdir=/usr/lib/sudo \ --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin" + # krb5 version + mkdir -p build-krb5 + cd build-krb5 && NROFFPROG=/usr/bin/nroff ../configure \ + --prefix=/usr -v \ + --with-all-insults \ + --with-exempt=sudo --with-pam --with-kerb5 --with-fqdn \ + --with-logging=syslog --with-logfac=authpriv \ + --with-env-editor --with-editor=/usr/bin/editor \ + --with-timeout=15 --with-password-timeout=0 \ + --disable-root-mailer --disable-setresuid \ + --with-sendmail=/usr/sbin/sendmail \ + --with-ldap-conf-file=/etc/ldap/ldap.conf \ + --mandir=/usr/share/man --libexecdir=/usr/lib/sudo \ + --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin" + touch config-stamp build: build-stamp @@ -53,6 +68,7 @@ -$(MAKE) -C build-simple -$(MAKE) -C build-ldap + -$(MAKE) -C build-krb5 touch build-stamp @@ -60,7 +76,7 @@ dh_testdir dh_testroot rm -f config-stamp build-stamp - rm -rf build-simple build-ldap + rm -rf build-simple build-ldap build-krb5 rm -f config.cache -test -r /usr/share/misc/config.sub && \ @@ -78,6 +94,7 @@ $(MAKE) -C build-simple install DESTDIR=$(CURDIR)/debian/sudo $(MAKE) -C build-ldap install DESTDIR=$(CURDIR)/debian/sudo-ldap + $(MAKE) -C build-krb5 install DESTDIR=$(CURDIR)/debian/sudo-krb5 # remove stuff we don't want rm -f $(CURDIR)/debian/sudo/etc/sudoers \ @@ -88,11 +105,15 @@ debian/sudo/etc/pam.d/sudo install -o root -g root -m 0644 $(CURDIR)/debian/sudo.pam \ debian/sudo-ldap/etc/pam.d/sudo + install -o root -g root -m 0644 $(CURDIR)/debian/sudo.pam \ + debian/sudo-krb5/etc/pam.d/sudo install -o root -g root -m 0644 $(CURDIR)/debian/sudo.lintian \ debian/sudo/usr/share/lintian/overrides/sudo install -o root -g root -m 0644 $(CURDIR)/debian/sudo-ldap.lintian \ debian/sudo-ldap/usr/share/lintian/overrides/sudo-ldap + install -o root -g root -m 0644 $(CURDIR)/debian/sudo-ldap.lintian \ + debian/sudo-krb5/usr/share/lintian/overrides/sudo-ldap binary-indep: build install @@ -108,8 +129,10 @@ dh_strip dh_compress dh_fixperms - chown root.root debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo - chmod 4755 debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo + chown root.root debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo \ + debian/sudo-krb5/usr/bin/sudo + chmod 4755 debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo \ + debian/sudo-krb5/usr/bin/sudo dh_installdeb dh_shlibdeps dh_gencontrol only in patch2: unchanged: --- sudo-1.6.8p12.orig/debian/sudo-krb5.postinst +++ sudo-1.6.8p12/debian/sudo-krb5.postinst @@ -0,0 +1,62 @@ +#!/usr/bin/perl + +# remove old link + +unlink ("/etc/alternatives/sudo") if ( -l "/etc/alternatives/sudo"); + +# make sure we have a sudoers file +if ( ! -f "/etc/sudoers") { + + print "No /etc/sudoers found... creating one for you.\n"; + + open (SUDOERS, "> /etc/sudoers"); + print SUDOERS "# /etc/sudoers\n", + "#\n", + "# This file MUST be edited with the 'visudo' command as root.\n", + "#\n", + "# See the man page for details on how to write a sudoers file.\n", + "#\n\nDefaults\tenv_reset\n\n", + "# Host alias specification\n\n", + "# User alias specification\n\n", + "# Cmnd alias specification\n\n", + "# User privilege specification\nroot\tALL=(ALL) ALL\n"; + close SUDOERS; + +} + +# make sure sudoers has the correct permissions and owner/group +system ('chown root:root /etc/sudoers'); +system ('chmod 440 /etc/sudoers'); + +# must do a remove first to un-do the "bad" links created by previous version +system ('update-rc.d -f sudo remove >/dev/null 2>&1'); + +system ('update-rc.d sudo start 75 S . >/dev/null'); + +# make sure we have a sudo group + +exit 0 if getgrnam("sudo"); # we're finished if there is a group sudo + +$gid = 27; # start searcg with gid 27 +setgrent; +while (getgrgid($gid)) { + ++$gid; +} +endgrent; + +if ($gid != 27) { + print "On Debian we normally use gid 27 for 'sudo'.\n"; + $gname = getgrgid(27); + print "However, on your system gid 27 is group '$gname'.\n\n"; + print "Would you like me to stop configuring sudo so that you can change this? [n] "; + $ans = ; + if ($ans =~ m/^[yY].*/) { + print "'dpkg --pending --configure' will restart the configuration.\n\n\n"; + exit 1; + } +} + +print "Creating group 'sudo' with gid = $gid\n"; +system("groupadd -g $gid sudo"); + +print ""; only in patch2: unchanged: --- sudo-1.6.8p12.orig/debian/sudo-krb5.dirs +++ sudo-1.6.8p12/debian/sudo-krb5.dirs @@ -0,0 +1,7 @@ +etc/pam.d +usr/bin +usr/share/man/man8 +usr/share/man/man5 +usr/sbin +usr/share/doc/sudo-krb5/examples +usr/share/lintian/overrides only in patch2: unchanged: --- sudo-1.6.8p12.orig/debian/sudo-krb5.init.d +++ sudo-1.6.8p12/debian/sudo-krb5.init.d @@ -0,0 +1,31 @@ +#! /bin/sh + +### BEGIN INIT INFO +# Provides: sudo +# Required-Start: $local_fs $remote_fs +# Required-Stop: +# Default-Start: S 1 2 3 4 5 +# Default-Stop: 0 6 +### END INIT INFO + +N=/etc/init.d/sudo + +set -e + +case "$1" in + start) + # make sure privileges don't persist across reboots + if [ -d /var/run/sudo ] + then + find /var/run/sudo -type f -exec touch -t 198501010000 '{}' \; + fi + ;; + stop|reload|restart|force-reload) + ;; + *) + echo "Usage: $N {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 only in patch2: unchanged: --- sudo-1.6.8p12.orig/debian/sudo-krb5.postrm +++ sudo-1.6.8p12/debian/sudo-krb5.postrm @@ -0,0 +1,21 @@ +#! /bin/sh + +set -e + +case "$1" in + purge) + rm -f /etc/sudoers + ;; + + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + +esac + +#DEBHELPER# + +exit 0 only in patch2: unchanged: --- sudo-1.6.8p12.orig/debian/sudo-krb5.lintian +++ sudo-1.6.8p12/debian/sudo-krb5.lintian @@ -0,0 +1,4 @@ +sudo-ldap: setuid-binary usr/bin/sudo 4755 root/root +sudo-ldap: setuid-binary usr/bin/sudoedit 4755 root/root +sudo-ldap: postrm-contains-additional-updaterc.d-calls /etc/init.d/sudo-ldap +sudo-ldap: script-in-etc-init.d-not-registered-via-update-rc.d /etc/init.d/sudo-ldap only in patch2: unchanged: --- sudo-1.6.8p12.orig/debian/sudo-krb5.docs +++ sudo-1.6.8p12/debian/sudo-krb5.docs @@ -0,0 +1,11 @@ +debian/OPTIONS +BUGS +RUNSON +UPGRADE +PORTING +TODO +HISTORY +README +README.LDAP +TROUBLESHOOTING +sudoers2ldif