Ubuntu
sudo package

Merge lp:~ubuntu-branches/ubuntu/oneiric/sudo/oneiric-201105230807 into lp:ubuntu/oneiric/sudo

Proposed by James Westby on 2011-05-23

Status:	Rejected
Rejected by:	James Westby on 2011-05-24
Proposed branch:	lp:~ubuntu-branches/ubuntu/oneiric/sudo/oneiric-201105230807
Merge into:	lp:ubuntu/oneiric/sudo
Diff against target:	2856 lines (+2801/-0) (has conflicts) 5 files modified .pc/CVE-2011-0010.patch/check.c (+694/-0) .pc/applied-patches (+6/-0) .pc/debian-changes-1.7.4p6-1/env.c (+996/-0) .pc/keep_home_by_default.patch/env.c (+1000/-0) debian/changelog (+105/-0) Text conflict in .pc/applied-patches Text conflict in .pc/debian-changes-1.7.4p6-1/env.c Text conflict in .pc/keep_home_by_default.patch/env.c Text conflict in debian/changelog
To merge this branch:	bzr merge lp:~ubuntu-branches/ubuntu/oneiric/sudo/oneiric-201105230807
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Ubuntu branches		2011-05-23	Pending
Review via email: mp+61926@code.launchpad.net

Description of the change

The package history in the archive and the history in the bzr branch differ. As the archive is authoritative the history of lp:ubuntu/oneiric/sudo now reflects that and the old bzr branch has been pushed to lp:~ubuntu-branches/ubuntu/oneiric/sudo/oneiric-201105230807. A merge should be performed if necessary.

Unmerged revisions

50. By Michael Vogt on 2011-05-23: merged from lp:debian/sudo and resolved conflicts
49. By Michael Vogt on 2011-05-23: * debian/sudo.preinst:
- if well-known ec2 vmbuilder file is found, write a file in
sudoers.d for the 'ubuntu' user (LP: #768625)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Ubuntu branches

 === added directory '.pc/CVE-2011-0010.patch'
 === added file '.pc/CVE-2011-0010.patch/check.c'
 --- .pc/CVE-2011-0010.patch/check.c	1970-01-01 00:00:00 +0000
 +++ .pc/CVE-2011-0010.patch/check.c	2011-05-23 08:12:57 +0000
@@ -0,0 +1,694 @@
++/*
++ * Copyright (c) 1993-1996,1998-2005, 2007-2010
++ *	Todd C. Miller <Todd.Miller@courtesan.com>
++ *
++ * Permission to use, copy, modify, and distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ *
++ * Sponsored in part by the Defense Advanced Research Projects
++ * Agency (DARPA) and Air Force Research Laboratory, Air Force
++ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
++ */
++
++#include <config.h>
++
++#include <sys/types.h>
++#include <sys/param.h>
++#include <sys/time.h>
++#include <sys/stat.h>
++#ifdef __linux__
++# include <sys/vfs.h>
++#endif
++#if defined(__sun) && defined(__SVR4)
++# include <sys/statvfs.h>
++#endif
++#ifndef __TANDEM
++# include <sys/file.h>
++#endif
++#include <stdio.h>
++#ifdef STDC_HEADERS
++# include <stdlib.h>
++# include <stddef.h>
++#else
++# ifdef HAVE_STDLIB_H
++#  include <stdlib.h>
++# endif
++#endif /* STDC_HEADERS */
++#ifdef HAVE_STRING_H
++# include <string.h>
++#endif /* HAVE_STRING_H */
++#ifdef HAVE_STRINGS_H
++# include <strings.h>
++#endif /* HAVE_STRINGS_H */
++#ifdef HAVE_UNISTD_H
++# include <unistd.h>
++#endif /* HAVE_UNISTD_H */
++#if TIME_WITH_SYS_TIME
++# include <time.h>
++#endif
++#include <errno.h>
++#include <fcntl.h>
++#include <signal.h>
++#include <pwd.h>
++#include <grp.h>
++
++#include "sudo.h"
++
++/* Status codes for timestamp_status() */
++#define TS_CURRENT		0
++#define TS_OLD			1
++#define TS_MISSING		2
++#define TS_NOFILE		3
++#define TS_ERROR		4
++
++/* Flags for timestamp_status() */
++#define TS_MAKE_DIRS		1
++#define TS_REMOVE		2
++
++/*
++ * Info stored in tty ticket from stat(2) to help with tty matching.
++ */
++static struct tty_info {
++    dev_t dev;			/* ID of device tty resides on */
++    dev_t rdev;			/* tty device ID */
++    ino_t ino;			/* tty inode number */
++    struct timeval ctime;	/* tty inode change time */
++} tty_info;
++
++static void  build_timestamp	__P((char **, char **));
++static int   timestamp_status	__P((char *, char *, char *, int));
++static char *expand_prompt	__P((char *, char *, char *));
++static void  lecture		__P((int));
++static void  update_timestamp	__P((char *, char *));
++static int   tty_is_devpts	__P((const char *));
++
++/*
++ * This function only returns if the user can successfully
++ * verify who he/she is.
++ */
++void
++check_user(validated, mode)
++    int validated;
++    int mode;
++{
++    char *timestampdir = NULL;
++    char *timestampfile = NULL;
++    char *prompt;
++    struct stat sb;
++    int status;
++
++    /* Stash the tty's ctime for tty ticket comparison. */
++    if (def_tty_tickets && user_ttypath && stat(user_ttypath, &sb) == 0) {
++	tty_info.dev = sb.st_dev;
++	tty_info.ino = sb.st_ino;
++	tty_info.rdev = sb.st_rdev;
++	if (tty_is_devpts(user_ttypath))
++	    ctim_get(&sb, &tty_info.ctime);
++    }
++
++    /* Always prompt for a password when -k was specified with the command. */
++    if (ISSET(mode, MODE_INVALIDATE)) {
++	SET(validated, FLAG_CHECK_USER);
++    } else {
++	if (user_uid == 0 || user_uid == runas_pw->pw_uid || user_is_exempt())
++	    return;
++    }
++
++    build_timestamp(&timestampdir, &timestampfile);
++    status = timestamp_status(timestampdir, timestampfile, user_name,
++	TS_MAKE_DIRS);
++
++    if (status != TS_CURRENT || ISSET(validated, FLAG_CHECK_USER)) {
++	/* Bail out if we are non-interactive and a password is required */
++	if (ISSET(mode, MODE_NONINTERACTIVE))
++	    errorx(1, "sorry, a password is required to run %s", getprogname());
++
++	/* If user specified -A, make sure we have an askpass helper. */
++	if (ISSET(tgetpass_flags, TGP_ASKPASS)) {
++	    if (user_askpass == NULL)
++		log_error(NO_MAIL,
++		    "no askpass program specified, try setting SUDO_ASKPASS");
++	} else if (!ISSET(tgetpass_flags, TGP_STDIN)) {
++	    /* If no tty but DISPLAY is set, use askpass if we have it. */
++	    if (!user_ttypath && !tty_present()) {
++		if (user_askpass && user_display && *user_display != '\0') {
++		    SET(tgetpass_flags, TGP_ASKPASS);
++		} else if (!def_visiblepw) {
++		    log_error(NO_MAIL,
++			"no tty present and no askpass program specified");
++		}
++	    }
++	}
++
++	if (!ISSET(tgetpass_flags, TGP_ASKPASS))
++	    lecture(status);
++
++	/* Expand any escapes in the prompt. */
++	prompt = expand_prompt(user_prompt ? user_prompt : def_passprompt,
++	    user_name, user_shost);
++
++	verify_user(auth_pw, prompt);
++    }
++    /* Only update timestamp if user was validated. */
++    if (ISSET(validated, VALIDATE_OK) && !ISSET(mode, MODE_INVALIDATE) && status != TS_ERROR)
++	update_timestamp(timestampdir, timestampfile);
++    efree(timestampdir);
++    efree(timestampfile);
++}
++
++/*
++ * Standard sudo lecture.
++ */
++static void
++lecture(status)
++    int status;
++{
++    FILE *fp;
++    char buf[BUFSIZ];
++    ssize_t nread;
++
++    if (def_lecture == never ||
++	(def_lecture == once && status != TS_MISSING && status != TS_ERROR))
++	return;
++
++    if (def_lecture_file && (fp = fopen(def_lecture_file, "r")) != NULL) {
++	while ((nread = fread(buf, sizeof(char), sizeof(buf), fp)) != 0)
++	    fwrite(buf, nread, 1, stderr);
++	fclose(fp);
++    } else {
++	(void) fputs("\n\
++We trust you have received the usual lecture from the local System\n\
++Administrator. It usually boils down to these three things:\n\
++\n\
++    #1) Respect the privacy of others.\n\
++    #2) Think before you type.\n\
++    #3) With great power comes great responsibility.\n\n",
++    stderr);
++    }
++}
++
++/*
++ * Update the time on the timestamp file/dir or create it if necessary.
++ */
++static void
++update_timestamp(timestampdir, timestampfile)
++    char *timestampdir;
++    char *timestampfile;
++{
++    /* If using tty timestamps but we have no tty there is nothing to do. */
++    if (def_tty_tickets && !user_ttypath)
++	return;
++
++    if (timestamp_uid != 0)
++	set_perms(PERM_TIMESTAMP);
++    if (timestampfile) {
++	/*
++	 * Store tty info in timestamp file
++	 */
++	int fd = open(timestampfile, O_WRONLY|O_CREAT, 0600);
++	if (fd == -1)
++	    log_error(NO_EXIT|USE_ERRNO, "Can't open %s", timestampfile);
++	else {
++	    lock_file(fd, SUDO_LOCK);
++	    write(fd, &tty_info, sizeof(tty_info));
++	    close(fd);
++	}
++    } else {
++	if (touch(-1, timestampdir, NULL) == -1) {
++	    if (mkdir(timestampdir, 0700) == -1)
++		log_error(NO_EXIT|USE_ERRNO, "Can't mkdir %s", timestampdir);
++	}
++    }
++    if (timestamp_uid != 0)
++	set_perms(PERM_ROOT);
++}
++
++/*
++ * Expand %h and %u escapes in the prompt and pass back the dynamically
++ * allocated result.  Returns the same string if there are no escapes.
++ */
++static char *
++expand_prompt(old_prompt, user, host)
++    char *old_prompt;
++    char *user;
++    char *host;
++{
++    size_t len, n;
++    int subst;
++    char *p, *np, *new_prompt, *endp;
++
++    /* How much space do we need to malloc for the prompt? */
++    subst = 0;
++    for (p = old_prompt, len = strlen(old_prompt); *p; p++) {
++	if (p[0] =='%') {
++	    switch (p[1]) {
++		case 'h':
++		    p++;
++		    len += strlen(user_shost) - 2;
++		    subst = 1;
++		    break;
++		case 'H':
++		    p++;
++		    len += strlen(user_host) - 2;
++		    subst = 1;
++		    break;
++		case 'p':
++		    p++;
++		    if (def_rootpw)
++			    len += 2;
++		    else if (def_targetpw || def_runaspw)
++			    len += strlen(runas_pw->pw_name) - 2;
++		    else
++			    len += strlen(user_name) - 2;
++		    subst = 1;
++		    break;
++		case 'u':
++		    p++;
++		    len += strlen(user_name) - 2;
++		    subst = 1;
++		    break;
++		case 'U':
++		    p++;
++		    len += strlen(runas_pw->pw_name) - 2;
++		    subst = 1;
++		    break;
++		case '%':
++		    p++;
++		    len--;
++		    subst = 1;
++		    break;
++		default:
++		    break;
++	    }
++	}
++    }
++
++    if (subst) {
++	new_prompt = (char *) emalloc(++len);
++	endp = new_prompt + len;
++	for (p = old_prompt, np = new_prompt; *p; p++) {
++	    if (p[0] =='%') {
++		switch (p[1]) {
++		    case 'h':
++			p++;
++			n = strlcpy(np, user_shost, np - endp);
++			if (n >= np - endp)
++			    goto oflow;
++			np += n;
++			continue;
++		    case 'H':
++			p++;
++			n = strlcpy(np, user_host, np - endp);
++			if (n >= np - endp)
++			    goto oflow;
++			np += n;
++			continue;
++		    case 'p':
++			p++;
++			if (def_rootpw)
++				n = strlcpy(np, "root", np - endp);
++			else if (def_targetpw || def_runaspw)
++				n = strlcpy(np, runas_pw->pw_name, np - endp);
++			else
++				n = strlcpy(np, user_name, np - endp);
++			if (n >= np - endp)
++				goto oflow;
++			np += n;
++			continue;
++		    case 'u':
++			p++;
++			n = strlcpy(np, user_name, np - endp);
++			if (n >= np - endp)
++			    goto oflow;
++			np += n;
++			continue;
++		    case 'U':
++			p++;
++			n = strlcpy(np,  runas_pw->pw_name, np - endp);
++			if (n >= np - endp)
++			    goto oflow;
++			np += n;
++			continue;
++		    case '%':
++			/* convert %% -> % */
++			p++;
++			break;
++		    default:
++			/* no conversion */
++			break;
++		}
++	    }
++	    *np++ = *p;
++	    if (np >= endp)
++		goto oflow;
++	}
++	*np = '\0';
++    } else
++	new_prompt = old_prompt;
++
++    return(new_prompt);
++
++oflow:
++    /* We pre-allocate enough space, so this should never happen. */
++    errorx(1, "internal error, expand_prompt() overflow");
++}
++
++/*
++ * Checks if the user is exempt from supplying a password.
++ */
++int
++user_is_exempt()
++{
++    if (!def_exempt_group)
++	return(FALSE);
++    return(user_in_group(sudo_user.pw, def_exempt_group));
++}
++
++/*
++ * Fills in timestampdir as well as timestampfile if using tty tickets.
++ */
++static void
++build_timestamp(timestampdir, timestampfile)
++    char **timestampdir;
++    char **timestampfile;
++{
++    char *dirparent;
++    int len;
++
++    dirparent = def_timestampdir;
++    len = easprintf(timestampdir, "%s/%s", dirparent, user_name);
++    if (len >= PATH_MAX)
++	log_error(0, "timestamp path too long: %s", *timestampdir);
++
++    /*
++     * Timestamp file may be a file in the directory or NUL to use
++     * the directory as the timestamp.
++     */
++    if (def_tty_tickets) {
++	char *p;
++
++	if ((p = strrchr(user_tty, '/')))
++	    p++;
++	else
++	    p = user_tty;
++	if (def_targetpw)
++	    len = easprintf(timestampfile, "%s/%s/%s:%s", dirparent, user_name,
++		p, runas_pw->pw_name);
++	else
++	    len = easprintf(timestampfile, "%s/%s/%s", dirparent, user_name, p);
++	if (len >= PATH_MAX)
++	    log_error(0, "timestamp path too long: %s", *timestampfile);
++    } else if (def_targetpw) {
++	len = easprintf(timestampfile, "%s/%s/%s", dirparent, user_name,
++	    runas_pw->pw_name);
++	if (len >= PATH_MAX)
++	    log_error(0, "timestamp path too long: %s", *timestampfile);
++    } else
++	*timestampfile = NULL;
++}
++
++/*
++ * Check the timestamp file and directory and return their status.
++ */
++static int
++timestamp_status(timestampdir, timestampfile, user, flags)
++    char *timestampdir;
++    char *timestampfile;
++    char *user;
++    int flags;
++{
++    struct stat sb;
++    struct timeval boottime, mtime;
++    time_t now;
++    char *dirparent = def_timestampdir;
++    int status = TS_ERROR;		/* assume the worst */
++
++    if (timestamp_uid != 0)
++	set_perms(PERM_TIMESTAMP);
++
++    /*
++     * Sanity check dirparent and make it if it doesn't already exist.
++     * We start out assuming the worst (that the dir is not sane) and
++     * if it is ok upgrade the status to ``no timestamp file''.
++     * Note that we don't check the parent(s) of dirparent for
++     * sanity since the sudo dir is often just located in /tmp.
++     */
++    if (lstat(dirparent, &sb) == 0) {
++	if (!S_ISDIR(sb.st_mode))
++	    log_error(NO_EXIT, "%s exists but is not a directory (0%o)",
++		dirparent, (unsigned int) sb.st_mode);
++	else if (sb.st_uid != timestamp_uid)
++	    log_error(NO_EXIT, "%s owned by uid %lu, should be uid %lu",
++		dirparent, (unsigned long) sb.st_uid,
++		(unsigned long) timestamp_uid);
++	else if ((sb.st_mode & 0000022))
++	    log_error(NO_EXIT,
++		"%s writable by non-owner (0%o), should be mode 0700",
++		dirparent, (unsigned int) sb.st_mode);
++	else {
++	    if ((sb.st_mode & 0000777) != 0700)
++		(void) chmod(dirparent, 0700);
++	    status = TS_MISSING;
++	}
++    } else if (errno != ENOENT) {
++	log_error(NO_EXIT|USE_ERRNO, "can't stat %s", dirparent);
++    } else {
++	/* No dirparent, try to make one. */
++	if (ISSET(flags, TS_MAKE_DIRS)) {
++	    if (mkdir(dirparent, S_IRWXU))
++		log_error(NO_EXIT|USE_ERRNO, "can't mkdir %s",
++		    dirparent);
++	    else
++		status = TS_MISSING;
++	}
++    }
++    if (status == TS_ERROR) {
++	if (timestamp_uid != 0)
++	    set_perms(PERM_ROOT);
++	return(status);
++    }
++
++    /*
++     * Sanity check the user's ticket dir.  We start by downgrading
++     * the status to TS_ERROR.  If the ticket dir exists and is sane
++     * this will be upgraded to TS_OLD.  If the dir does not exist,
++     * it will be upgraded to TS_MISSING.
++     */
++    status = TS_ERROR;			/* downgrade status again */
++    if (lstat(timestampdir, &sb) == 0) {
++	if (!S_ISDIR(sb.st_mode)) {
++	    if (S_ISREG(sb.st_mode)) {
++		/* convert from old style */
++		if (unlink(timestampdir) == 0)
++		    status = TS_MISSING;
++	    } else
++		log_error(NO_EXIT, "%s exists but is not a directory (0%o)",
++		    timestampdir, (unsigned int) sb.st_mode);
++	} else if (sb.st_uid != timestamp_uid)
++	    log_error(NO_EXIT, "%s owned by uid %lu, should be uid %lu",
++		timestampdir, (unsigned long) sb.st_uid,
++		(unsigned long) timestamp_uid);
++	else if ((sb.st_mode & 0000022))
++	    log_error(NO_EXIT,
++		"%s writable by non-owner (0%o), should be mode 0700",
++		timestampdir, (unsigned int) sb.st_mode);
++	else {
++	    if ((sb.st_mode & 0000777) != 0700)
++		(void) chmod(timestampdir, 0700);
++	    status = TS_OLD;		/* do date check later */
++	}
++    } else if (errno != ENOENT) {
++	log_error(NO_EXIT|USE_ERRNO, "can't stat %s", timestampdir);
++    } else
++	status = TS_MISSING;
++
++    /*
++     * If there is no user ticket dir, AND we are in tty ticket mode,
++     * AND the TS_MAKE_DIRS flag is set, create the user ticket dir.
++     */
++    if (status == TS_MISSING && timestampfile && ISSET(flags, TS_MAKE_DIRS)) {
++	if (mkdir(timestampdir, S_IRWXU) == -1) {
++	    status = TS_ERROR;
++	    log_error(NO_EXIT|USE_ERRNO, "can't mkdir %s", timestampdir);
++	}
++    }
++
++    /*
++     * Sanity check the tty ticket file if it exists.
++     */
++    if (timestampfile && status != TS_ERROR) {
++	if (status != TS_MISSING)
++	    status = TS_NOFILE;			/* dir there, file missing */
++	if (def_tty_tickets && !user_ttypath)
++	    goto done;				/* no tty, always prompt */
++	if (lstat(timestampfile, &sb) == 0) {
++	    if (!S_ISREG(sb.st_mode)) {
++		status = TS_ERROR;
++		log_error(NO_EXIT, "%s exists but is not a regular file (0%o)",
++		    timestampfile, (unsigned int) sb.st_mode);
++	    } else {
++		/* If bad uid or file mode, complain and kill the bogus file. */
++		if (sb.st_uid != timestamp_uid) {
++		    log_error(NO_EXIT,
++			"%s owned by uid %lu, should be uid %lu",
++			timestampfile, (unsigned long) sb.st_uid,
++			(unsigned long) timestamp_uid);
++		    (void) unlink(timestampfile);
++		} else if ((sb.st_mode & 0000022)) {
++		    log_error(NO_EXIT,
++			"%s writable by non-owner (0%o), should be mode 0600",
++			timestampfile, (unsigned int) sb.st_mode);
++		    (void) unlink(timestampfile);
++		} else {
++		    /* If not mode 0600, fix it. */
++		    if ((sb.st_mode & 0000777) != 0600)
++			(void) chmod(timestampfile, 0600);
++
++		    /*
++		     * Check for stored tty info.  If the file is zero-sized
++		     * it is an old-style timestamp with no tty info in it.
++		     * If removing, we don't care about the contents.
++		     * The actual mtime check is done later.
++		     */
++		    if (ISSET(flags, TS_REMOVE)) {
++			status = TS_OLD;
++		    } else if (sb.st_size != 0) {
++			struct tty_info info;
++			int fd = open(timestampfile, O_RDONLY, 0644);
++			if (fd != -1) {
++			    if (read(fd, &info, sizeof(info)) == sizeof(info) &&
++				memcmp(&info, &tty_info, sizeof(info)) == 0) {
++				status = TS_OLD;
++			    }
++			    close(fd);
++			}
++		    }
++		}
++	    }
++	} else if (errno != ENOENT) {
++	    log_error(NO_EXIT|USE_ERRNO, "can't stat %s", timestampfile);
++	    status = TS_ERROR;
++	}
++    }
++
++    /*
++     * If the file/dir exists and we are not removing it, check its mtime.
++     */
++    if (status == TS_OLD && !ISSET(flags, TS_REMOVE)) {
++	mtim_get(&sb, &mtime);
++	/* Negative timeouts only expire manually (sudo -k). */
++	if (def_timestamp_timeout < 0 && mtime.tv_sec != 0)
++	    status = TS_CURRENT;
++	else {
++	    now = time(NULL);
++	    if (def_timestamp_timeout &&
++		now - mtime.tv_sec < 60 * def_timestamp_timeout) {
++		/*
++		 * Check for bogus time on the stampfile.  The clock may
++		 * have been set back or someone could be trying to spoof us.
++		 */
++		if (mtime.tv_sec > now + 60 * def_timestamp_timeout * 2) {
++		    time_t tv_sec = (time_t)mtime.tv_sec;
++		    log_error(NO_EXIT,
++			"timestamp too far in the future: %20.20s",
++			4 + ctime(&tv_sec));
++		    if (timestampfile)
++			(void) unlink(timestampfile);
++		    else
++			(void) rmdir(timestampdir);
++		    status = TS_MISSING;
++		} else if (get_boottime(&boottime) && timevalcmp(&mtime, &boottime, <)) {
++		    status = TS_OLD;
++		} else {
++		    status = TS_CURRENT;
++		}
++	    }
++	}
++    }
++
++done:
++    if (timestamp_uid != 0)
++	set_perms(PERM_ROOT);
++    return(status);
++}
++
++/*
++ * Remove the timestamp ticket file/dir.
++ */
++void
++remove_timestamp(remove)
++    int remove;
++{
++    struct timeval tv;
++    char *timestampdir, *timestampfile, *path;
++    int status;
++
++    build_timestamp(&timestampdir, &timestampfile);
++    status = timestamp_status(timestampdir, timestampfile, user_name,
++	TS_REMOVE);
++    if (status == TS_OLD || status == TS_CURRENT) {
++	path = timestampfile ? timestampfile : timestampdir;
++	if (remove) {
++	    if (timestampfile)
++		status = unlink(timestampfile);
++	    else
++		status = rmdir(timestampdir);
++	    if (status == -1 && errno != ENOENT) {
++		log_error(NO_EXIT, "can't remove %s (%s), will reset to Epoch",
++		    path, strerror(errno));
++		remove = FALSE;
++	    }
++	} else {
++	    timevalclear(&tv);
++	    if (touch(-1, path, &tv) == -1 && errno != ENOENT)
++		error(1, "can't reset %s to Epoch", path);
++	}
++    }
++
++    efree(timestampdir);
++    efree(timestampfile);
++}
++
++/*
++ * Returns TRUE if tty lives on a devpts or /devices filesystem, else FALSE.
++ * Unlike most filesystems, the ctime of devpts nodes is not updated when
++ * the device node is written to, only when the inode's status changes,
++ * typically via the chmod, chown, link, rename, or utimes system calls.
++ * Since the ctime is "stable" in this case, we can stash it the tty ticket
++ * file and use it to determine whether the tty ticket file is stale.
++ */
++static int
++tty_is_devpts(tty)
++    const char *tty;
++{
++    int retval = FALSE;
++#ifdef __linux__
++    struct statfs sfs;
++
++#ifndef DEVPTS_SUPER_MAGIC
++# define DEVPTS_SUPER_MAGIC 0x1cd1
++#endif
++
++    if (statfs(tty, &sfs) == 0) {
++	if (sfs.f_type == DEVPTS_SUPER_MAGIC)
++	    retval = TRUE;
++    }
++#elif defined(__sun) && defined(__SVR4)
++    struct statvfs sfs;
++
++    if (statvfs(tty, &sfs) == 0) {
++	if (strcmp(sfs.f_fstr, "devices") == 0)
++	    retval = TRUE;
++    }
++#endif /* __linux__ */
++    return retval;
++}
 === modified file '.pc/applied-patches'
 --- .pc/applied-patches	2011-05-23 09:50:37 +0000
 +++ .pc/applied-patches	2011-05-23 08:12:57 +0000
@@ -1,6 +1,12 @@
  typo-in-classic-insults.diff
  env.c-safety.diff
  paths-in-samples.diff
++<<<<<<< TREE
  keep_home_by_default.patch
  hurd-have-getutid.diff
  debian-changes-1.7.4p6-1
++=======
++debian-changes-1.7.4p4-5
++CVE-2011-0010.patch
++keep_home_by_default.patch
++>>>>>>> MERGE-SOURCE
 === modified file '.pc/debian-changes-1.7.4p6-1/env.c'
 --- .pc/debian-changes-1.7.4p6-1/env.c	2011-05-23 09:50:37 +0000
 +++ .pc/debian-changes-1.7.4p6-1/env.c	2011-05-23 08:12:57 +0000
@@ -1,3 +1,4 @@
++<<<<<<< TREE
  /*
   * Copyright (c) 2000-2005, 2007-2010
   *	Todd C. Miller <Todd.Miller@courtesan.com>
@@ -992,3 +993,998 @@
  	def_env_keep = cur;
+     }
+ }
++=======
++/*
++ * Copyright (c) 2000-2005, 2007-2010
++ *	Todd C. Miller <Todd.Miller@courtesan.com>
++ *
++ * Permission to use, copy, modify, and distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ *
++ * Sponsored in part by the Defense Advanced Research Projects
++ * Agency (DARPA) and Air Force Research Laboratory, Air Force
++ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
++ */
++
++#include <config.h>
++
++#include <sys/types.h>
++#include <sys/param.h>
++#include <sys/stat.h>
++#include <stdio.h>
++#ifdef STDC_HEADERS
++# include <stdlib.h>
++# include <stddef.h>
++#else
++# ifdef HAVE_STDLIB_H
++#  include <stdlib.h>
++# endif
++#endif /* STDC_HEADERS */
++#ifdef HAVE_STRING_H
++# include <string.h>
++#endif /* HAVE_STRING_H */
++#ifdef HAVE_STRINGS_H
++# include <strings.h>
++#endif /* HAVE_STRINGS_H */
++#ifdef HAVE_UNISTD_H
++# include <unistd.h>
++#endif /* HAVE_UNISTD_H */
++#include <ctype.h>
++#include <errno.h>
++#include <pwd.h>
++
++#include "sudo.h"
++
++/*
++ * Flags used in rebuild_env()
++ */
++#undef DID_TERM
++#define DID_TERM	0x0001
++#undef DID_PATH
++#define DID_PATH	0x0002
++#undef DID_HOME
++#define DID_HOME	0x0004
++#undef DID_SHELL
++#define DID_SHELL	0x0008
++#undef DID_LOGNAME
++#define DID_LOGNAME	0x0010
++#undef DID_USER
++#define DID_USER    	0x0020
++#undef DID_USERNAME
++#define DID_USERNAME   	0x0040
++#undef DID_MAIL
++#define DID_MAIL   	0x0080
++#undef DID_MAX
++#define DID_MAX    	0x00ff
++
++#undef KEPT_TERM
++#define KEPT_TERM	0x0100
++#undef KEPT_PATH
++#define KEPT_PATH	0x0200
++#undef KEPT_HOME
++#define KEPT_HOME	0x0400
++#undef KEPT_SHELL
++#define KEPT_SHELL	0x0800
++#undef KEPT_LOGNAME
++#define KEPT_LOGNAME	0x1000
++#undef KEPT_USER
++#define KEPT_USER    	0x2000
++#undef KEPT_USERNAME
++#define KEPT_USERNAME	0x4000
++#undef KEPT_MAIL
++#define KEPT_MAIL	0x8000
++#undef KEPT_MAX
++#define KEPT_MAX    	0xff00
++
++struct environment {
++    char **envp;		/* pointer to the new environment */
++    size_t env_size;		/* size of new_environ in char **'s */
++    size_t env_len;		/* number of slots used, not counting NULL */
++    int owned;			/* do we own envp or is it the system's? */
++};
++
++/*
++ * Prototypes
++ */
++static void sudo_setenv		__P((const char *, const char *, int));
++static void sudo_putenv		__P((char *, int, int));
++
++extern char **environ;		/* global environment */
++
++/*
++ * Copy of the sudo-managed environment.
++ */
++static struct environment env;
++
++/*
++ * Default table of "bad" variables to remove from the environment.
++ * XXX - how to omit TERMCAP if it starts with '/'?
++ */
++static const char *initial_badenv_table[] = {
++    "IFS",
++    "CDPATH",
++    "SHELLOPTS",
++    "PS4",
++    "LOCALDOMAIN",
++    "RES_OPTIONS",
++    "HOSTALIASES",
++    "NLSPATH",
++    "PATH_LOCALE",
++    "LD_*",
++    "_RLD*",
++#ifdef __hpux
++    "SHLIB_PATH",
++#endif /* __hpux */
++#ifdef _AIX
++    "LDR_*",
++    "LIBPATH",
++    "AUTHSTATE",
++#endif
++#ifdef __APPLE__
++    "DYLD_*",
++#endif
++#ifdef HAVE_KERB4
++    "KRB_CONF*",
++    "KRBCONFDIR",
++    "KRBTKFILE",
++#endif /* HAVE_KERB4 */
++#ifdef HAVE_KERB5
++    "KRB5_CONFIG*",
++    "KRB5_KTNAME",
++#endif /* HAVE_KERB5 */
++#ifdef HAVE_SECURID
++    "VAR_ACE",
++    "USR_ACE",
++    "DLC_ACE",
++#endif /* HAVE_SECURID */
++    "TERMINFO",			/* terminfo, exclusive path to terminfo files */
++    "TERMINFO_DIRS",		/* terminfo, path(s) to terminfo files */
++    "TERMPATH",			/* termcap, path(s) to termcap files */
++    "TERMCAP",			/* XXX - only if it starts with '/' */
++    "ENV",			/* ksh, file to source before script runs */
++    "BASH_ENV",			/* bash, file to source before script runs */
++    "PS4",			/* bash, prefix for lines in xtrace mode */
++    "GLOBIGNORE",		/* bash, globbing patterns to ignore */
++    "SHELLOPTS",		/* bash, extra command line options */
++    "JAVA_TOOL_OPTIONS",	/* java, extra command line options */
++    "PERLIO_DEBUG ",		/* perl, debugging output file */
++    "PERLLIB",			/* perl, search path for modules/includes */
++    "PERL5LIB",			/* perl 5, search path for modules/includes */
++    "PERL5OPT",			/* perl 5, extra command line options */
++    "PERL5DB",			/* perl 5, command used to load debugger */
++    "FPATH",			/* ksh, search path for functions */
++    "NULLCMD",			/* zsh, command for null file redirection */
++    "READNULLCMD",		/* zsh, command for null file redirection */
++    "ZDOTDIR",			/* zsh, search path for dot files */
++    "TMPPREFIX",		/* zsh, prefix for temporary files */
++    "PYTHONHOME",		/* python, module search path */
++    "PYTHONPATH",		/* python, search path */
++    "PYTHONINSPECT",		/* python, allow inspection */
++    "PYTHONUSERBASE",		/* python, per user site-packages directory */
++    "RUBYLIB",			/* ruby, library load path */
++    "RUBYOPT",			/* ruby, extra command line options */
++    NULL
++};
++
++/*
++ * Default table of variables to check for '%' and '/' characters.
++ */
++static const char *initial_checkenv_table[] = {
++    "COLORTERM",
++    "LANG",
++    "LANGUAGE",
++    "LC_*",
++    "LINGUAS",
++    "TERM",
++    NULL
++};
++
++/*
++ * Default table of variables to preserve in the environment.
++ */
++static const char *initial_keepenv_table[] = {
++    "COLORS",
++    "DISPLAY",
++    "HOSTNAME",
++    "KRB5CCNAME",
++    "LS_COLORS",
++    "PATH",
++    "PS1",
++    "PS2",
++    "TZ",
++    "XAUTHORITY",
++    "XAUTHORIZATION",
++    NULL
++};
++
++/*
++ * Initialize env based on envp.
++ */
++void
++env_init(lazy)
++    int lazy;
++{
++    char * const *ep;
++    size_t len;
++
++    for (ep = environ; *ep != NULL; ep++)
++	continue;
++    len = (size_t)(ep - environ);
++
++    if (lazy) {
++	/*
++	 * If we are already initialized due to lazy init (usualy via getenv())
++	 * we need to avoid calling malloc() as it may call getenv() itself.
++	 */
++	env.envp = environ;
++	env.env_len = len;
++	env.env_size = len;
++    } else if (!env.owned) {
++	env.env_len = len;
++	env.env_size = len + 1 + 128;
++	env.envp = emalloc2(env.env_size, sizeof(char *));
++#ifdef ENV_DEBUG
++	memset(env.envp, 0, env.env_size * sizeof(char *));
++#endif
++	memcpy(env.envp, environ, len * sizeof(char *));
++	env.envp[len] = '\0';
++	env.owned = TRUE;
++    }
++}
++
++char **
++env_get()
++{
++    return env.envp;
++}
++
++/*
++ * Similar to setenv(3) but operates on sudo's private copy of the environment
++ * (not environ) and it always overwrites.  The dupcheck param determines
++ * whether we need to verify that the variable is not already set.
++ */
++static void
++sudo_setenv(var, val, dupcheck)
++    const char *var;
++    const char *val;
++    int dupcheck;
++{
++    char *estring;
++    size_t esize;
++
++    esize = strlen(var) + 1 + strlen(val) + 1;
++    estring = emalloc(esize);
++
++    /* Build environment string and insert it. */
++    if (strlcpy(estring, var, esize) >= esize ||
++	strlcat(estring, "=", esize) >= esize ||
++	strlcat(estring, val, esize) >= esize) {
++
++	errorx(1, "internal error, sudo_setenv() overflow");
++    }
++    sudo_putenv(estring, dupcheck, TRUE);
++}
++
++/*
++ * Version of getenv(3) that uses our own environ pointer.
++ */
++char *
++getenv(var)
++    const char *var;
++{
++    char *cp, **ev;
++    size_t vlen = strlen(var);
++
++    if (env.envp == NULL)
++	env_init(TRUE);
++
++    for (ev = env.envp; (cp = *ev) != NULL; ev++) {
++	if (strncmp(var, cp, vlen) == 0 && cp[vlen] == '=')
++	    return cp + vlen + 1;
++    }
++    return NULL;
++}
++
++/*
++ * Version of setenv(3) that uses our own environ pointer.
++ */
++int
++setenv(var, val, overwrite)
++    const char *var;
++    const char *val;
++    int overwrite;
++{
++    char *estring, *ep;
++    const char *cp;
++    size_t esize;
++
++    if (!var || *var == '\0') {
++	errno = EINVAL;
++	return(-1);
++    }
++
++    if (env.envp == NULL)
++	env_init(TRUE);
++
++    /*
++     * POSIX says a var name with '=' is an error but BSD
++     * just ignores the '=' and anything after it.
++     */
++    for (cp = var; *cp && *cp != '='; cp++)
++	;
++    esize = (size_t)(cp - var) + 2;
++    if (val) {
++	esize += strlen(val);	/* glibc treats a NULL val as "" */
++    }
++
++    /* Allocate and fill in estring. */
++    estring = ep = emalloc(esize);
++    for (cp = var; *cp && *cp != '='; cp++)
++	*ep++ = *cp;
++    *ep++ = '=';
++    if (val) {
++	for (cp = val; *cp; cp++)
++	    *ep++ = *cp;
++    }
++    *ep = '\0';
++
++#ifdef ENV_DEBUG
++    if (env.envp[env.env_len] != NULL)
++	errorx(1, "setenv: corrupted envp, len mismatch");
++#endif
++    sudo_putenv(estring, TRUE, overwrite);
++    return(0);
++}
++
++/*
++ * Version of unsetenv(3) that uses our own environ pointer.
++ */
++#ifdef UNSETENV_VOID
++void
++#else
++int
++#endif
++unsetenv(var)
++    const char *var;
++{
++    char **ep;
++    size_t len;
++
++    if (var == NULL || *var == '\0' || strchr(var, '=') != NULL) {
++	errno = EINVAL;
++#ifdef UNSETENV_VOID
++	return;
++#else
++	return(-1);
++#endif
++    }
++
++    if (env.envp == NULL)
++	env_init(TRUE);
++
++#ifdef ENV_DEBUG
++    if (env.envp[env.env_len] != NULL)
++	errorx(1, "unsetenv: corrupted envp, len mismatch");
++#endif
++
++    len = strlen(var);
++    for (ep = env.envp; *ep != NULL;) {
++	if (strncmp(var, *ep, len) == 0 && (*ep)[len] == '=') {
++	    /* Found it; shift remainder + NULL over by one. */
++	    char **cur = ep;
++	    while ((*cur = *(cur + 1)) != NULL)
++		cur++;
++	    /* Keep going, could be multiple instances of the var. */
++	} else {
++	    ep++;
++	}
++    }
++    env.env_len = ep - env.envp;
++#ifndef UNSETENV_VOID
++    return(0);
++#endif
++}
++
++/*
++ * Version of putenv(3) that uses our own environ pointer.
++ */
++int
++#ifdef PUTENV_CONST
++putenv(const char *string)
++#else
++putenv(string)
++    char *string;
++#endif
++{
++    if (env.envp == NULL)
++	env_init(TRUE);
++
++    if (strchr(string, '=') == NULL) {
++	errno = EINVAL;
++	return(-1);
++    }
++#ifdef ENV_DEBUG
++    if (env.envp[env.env_len] != NULL)
++	errorx(1, "putenv: corrupted envp, len mismatch");
++#endif
++    sudo_putenv((char *)string, TRUE, TRUE);
++    return(0);
++}
++
++/*
++ * Similar to putenv(3) but operates on sudo's private copy of the
++ * environment (not environ) and it always overwrites.  The dupcheck param
++ * determines whether we need to verify that the variable is not already set.
++ * Will only overwrite an existing variable if overwrite is set.
++ */
++static void
++sudo_putenv(str, dupcheck, overwrite)
++    char *str;
++    int dupcheck;
++    int overwrite;
++{
++    char **ep;
++    size_t len;
++    int found = FALSE;
++
++    /* Make sure there is room for the new entry plus a NULL. */
++    if (env.env_len + 2 > env.env_size) {
++	env.env_size += 128;
++	if (env.owned) {
++	    env.envp = erealloc3(env.envp, env.env_size, sizeof(char *));
++	} else {
++	    /* We don't own env.envp, allocate a new one. */
++	    ep = emalloc2(env.env_size, sizeof(char *));
++	    memcpy(ep, env.envp, env.env_size * sizeof(char *));
++	    env.envp = ep;
++	    env.owned = TRUE;
++	}
++#ifdef ENV_DEBUG
++	memset(env.envp + env.env_len, 0,
++	    (env.env_size - env.env_len) * sizeof(char *));
++#endif
++    }
++
++#ifdef ENV_DEBUG
++    if (env.envp[env.env_len] != NULL)
++	errorx(1, "sudo_putenv: corrupted envp, len mismatch");
++#endif
++
++    if (dupcheck) {
++	len = (strchr(str, '=') - str) + 1;
++	for (ep = env.envp; !found && *ep != NULL; ep++) {
++	    if (strncmp(str, *ep, len) == 0) {
++		if (overwrite)
++		    *ep = str;
++		found = TRUE;
++	    }
++	}
++	/* Prune out duplicate variables. */
++	if (found && overwrite) {
++	    while (*ep != NULL) {
++		if (strncmp(str, *ep, len) == 0) {
++		    char **cur = ep;
++		    while ((*cur = *(cur + 1)) != NULL)
++			cur++;
++		} else {
++		    ep++;
++		}
++	    }
++	    env.env_len = ep - env.envp;
++	}
++    }
++
++    if (!found) {
++	ep = env.envp + env.env_len;
++	env.env_len++;
++	*ep++ = str;
++	*ep = NULL;
++    }
++}
++
++/*
++ * Check the env_delete blacklist.
++ * Returns TRUE if the variable was found, else false.
++ */
++static int
++matches_env_delete(var)
++    const char *var;
++{
++    struct list_member *cur;
++    size_t len;
++    int iswild, match = FALSE;
++
++    /* Skip anything listed in env_delete. */
++    for (cur = def_env_delete; cur; cur = cur->next) {
++	len = strlen(cur->value);
++	/* Deal with '*' wildcard */
++	if (cur->value[len - 1] == '*') {
++	    len--;
++	    iswild = TRUE;
++	} else
++	    iswild = FALSE;
++	if (strncmp(cur->value, var, len) == 0 &&
++	    (iswild || var[len] == '=')) {
++	    match = TRUE;
++	    break;
++	}
++    }
++    return(match);
++}
++
++/*
++ * Apply the env_check list.
++ * Returns TRUE if the variable is allowed, FALSE if denied
++ * or -1 if no match.
++ */
++static int
++matches_env_check(var)
++    const char *var;
++{
++    struct list_member *cur;
++    size_t len;
++    int iswild, keepit = -1;
++
++    for (cur = def_env_check; cur; cur = cur->next) {
++	len = strlen(cur->value);
++	/* Deal with '*' wildcard */
++	if (cur->value[len - 1] == '*') {
++	    len--;
++	    iswild = TRUE;
++	} else
++	    iswild = FALSE;
++	if (strncmp(cur->value, var, len) == 0 &&
++	    (iswild || var[len] == '=')) {
++	    keepit = !strpbrk(var, "/%");
++	    break;
++	}
++    }
++    return(keepit);
++}
++
++/*
++ * Check the env_keep list.
++ * Returns TRUE if the variable is allowed else FALSE.
++ */
++static int
++matches_env_keep(var)
++    const char *var;
++{
++    struct list_member *cur;
++    size_t len;
++    int iswild, keepit = FALSE;
++
++    for (cur = def_env_keep; cur; cur = cur->next) {
++	len = strlen(cur->value);
++	/* Deal with '*' wildcard */
++	if (cur->value[len - 1] == '*') {
++	    len--;
++	    iswild = TRUE;
++	} else
++	    iswild = FALSE;
++	if (strncmp(cur->value, var, len) == 0 &&
++	    (iswild || var[len] == '=')) {
++	    keepit = TRUE;
++	    break;
++	}
++    }
++    return(keepit);
++}
++
++/*
++ * Build a new environment and ether clear potentially dangerous
++ * variables from the old one or start with a clean slate.
++ * Also adds sudo-specific variables (SUDO_*).
++ */
++void
++rebuild_env(noexec)
++    int noexec;
++{
++    char **old_envp, **ep, *cp, *ps1;
++    char idbuf[MAX_UID_T_LEN];
++    unsigned int didvar;
++    int reset_home = FALSE;
++
++    /*
++     * Either clean out the environment or reset to a safe default.
++     */
++    ps1 = NULL;
++    didvar = 0;
++    env.env_len = 0;
++    env.env_size = 128;
++    old_envp = env.envp;
++    env.envp = emalloc2(env.env_size, sizeof(char *));
++#ifdef ENV_DEBUG
++    memset(env.envp, 0, env.env_size * sizeof(char *));
++#endif
++    if (def_env_reset || ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
++	/* Reset HOME based on target user unless keeping old value. */
++	reset_home = TRUE;
++
++	/* Pull in vars we want to keep from the old environment. */
++	for (ep = old_envp; *ep; ep++) {
++	    int keepit;
++
++	    /* Skip variables with values beginning with () (bash functions) */
++	    if ((cp = strchr(*ep, '=')) != NULL) {
++		if (strncmp(cp, "=() ", 3) == 0)
++		    continue;
++	    }
++
++	    /*
++	     * First check certain variables for '%' and '/' characters.
++	     * If no match there, check the keep list.
++	     * If nothing matched, we remove it from the environment.
++	     */
++	    keepit = matches_env_check(*ep);
++	    if (keepit == -1)
++		keepit = matches_env_keep(*ep);
++
++	    if (!strncmp (*ep, "DISPLAY=",8)
++		|| !strncmp (*ep, "XAUTHORITY=", 11)
++		|| !strncmp (*ep, "XAUTHORIZATION=", 15)
++		|| !strncmp (*ep, "XAPPLRESDIR=", 12)
++		|| !strncmp (*ep, "XFILESEARCHPATH=", 16)
++		|| !strncmp (*ep, "XUSERFILESEARCHPATH=", 20)
++		|| !strncmp (*ep, "LANG=", 5)
++		|| !strncmp (*ep, "LANGUAGE=", 9)
++		|| !strncmp (*ep, "LC_", 3))
++	      keepit = 1;
++
++	    /* For SUDO_PS1 -> PS1 conversion. */
++	    if (strncmp(*ep, "SUDO_PS1=", 8) == 0)
++		ps1 = *ep + 5;
++
++	    if (keepit) {
++		/* Preserve variable. */
++		switch (**ep) {
++		    case 'H':
++			if (strncmp(*ep, "HOME=", 5) == 0)
++			    SET(didvar, DID_HOME);
++			break;
++		    case 'L':
++			if (strncmp(*ep, "LOGNAME=", 8) == 0)
++			    SET(didvar, DID_LOGNAME);
++			break;
++		    case 'M':
++			if (strncmp(*ep, "MAIL=", 5) == 0)
++			    SET(didvar, DID_MAIL);
++			break;
++		    case 'P':
++			if (strncmp(*ep, "PATH=", 5) == 0)
++			    SET(didvar, DID_PATH);
++			break;
++		    case 'S':
++			if (strncmp(*ep, "SHELL=", 6) == 0)
++			    SET(didvar, DID_SHELL);
++			break;
++		    case 'T':
++			if (strncmp(*ep, "TERM=", 5) == 0)
++			    SET(didvar, DID_TERM);
++			break;
++		    case 'U':
++			if (strncmp(*ep, "USER=", 5) == 0)
++			    SET(didvar, DID_USER);
++			if (strncmp(*ep, "USERNAME=", 5) == 0)
++			    SET(didvar, DID_USERNAME);
++			break;
++		}
++		sudo_putenv(*ep, FALSE, FALSE);
++	    }
++	}
++	didvar |= didvar << 8;		/* convert DID_* to KEPT_* */
++
++	/*
++	 * Add in defaults.  In -i mode these come from the runas user,
++	 * otherwise they may be from the user's environment (depends
++	 * on sudoers options).
++	 */
++	if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
++	    sudo_setenv("SHELL", runas_pw->pw_shell, ISSET(didvar, DID_SHELL));
++	    sudo_setenv("LOGNAME", runas_pw->pw_name,
++		ISSET(didvar, DID_LOGNAME));
++	    sudo_setenv("USER", runas_pw->pw_name, ISSET(didvar, DID_USER));
++	    sudo_setenv("USERNAME", runas_pw->pw_name,
++		ISSET(didvar, DID_USERNAME));
++	} else {
++	    if (!ISSET(didvar, DID_SHELL))
++		sudo_setenv("SHELL", sudo_user.pw->pw_shell, FALSE);
++	    if (!ISSET(didvar, DID_LOGNAME))
++		sudo_setenv("LOGNAME", user_name, FALSE);
++	    if (!ISSET(didvar, DID_USER))
++		sudo_setenv("USER", user_name, FALSE);
++	    if (!ISSET(didvar, DID_USERNAME))
++		sudo_setenv("USERNAME", user_name, FALSE);
++	}
++	/*
++	 * Set MAIL to target user in -i mode or if MAIL is not preserved
++	 * from user's environment.
++	 */
++	if (ISSET(sudo_mode, MODE_LOGIN_SHELL) || !ISSET(didvar, KEPT_MAIL)) {
++	    cp = _PATH_MAILDIR;
++	    if (cp[sizeof(_PATH_MAILDIR) - 2] == '/')
++		easprintf(&cp, "MAIL=%s%s", _PATH_MAILDIR, runas_pw->pw_name);
++	    else
++		easprintf(&cp, "MAIL=%s/%s", _PATH_MAILDIR, runas_pw->pw_name);
++	    sudo_putenv(cp, ISSET(didvar, DID_MAIL), TRUE);
++	}
++    } else {
++	/* Reset HOME based on target user if configured to. */
++	if (ISSET(sudo_mode, MODE_RUN)) {
++	    if (def_always_set_home || ISSET(sudo_mode, MODE_RESET_HOME) ||
++		(ISSET(sudo_mode, MODE_SHELL) && def_set_home))
++		reset_home = TRUE;
++	}
++
++	/*
++	 * Copy environ entries as long as they don't match env_delete or
++	 * env_check.
++	 */
++	for (ep = old_envp; *ep; ep++) {
++	    int okvar;
++
++	    /* Skip variables with values beginning with () (bash functions) */
++	    if ((cp = strchr(*ep, '=')) != NULL) {
++		if (strncmp(cp, "=() ", 3) == 0)
++		    continue;
++	    }
++
++	    /*
++	     * First check variables against the blacklist in env_delete.
++	     * If no match there check for '%' and '/' characters.
++	     */
++	    okvar = matches_env_delete(*ep) != TRUE;
++	    if (okvar)
++		okvar = matches_env_check(*ep) != FALSE;
++
++	    if (okvar) {
++		if (strncmp(*ep, "SUDO_PS1=", 9) == 0)
++		    ps1 = *ep + 5;
++		else if (strncmp(*ep, "PATH=", 5) == 0)
++		    SET(didvar, DID_PATH);
++		else if (strncmp(*ep, "TERM=", 5) == 0)
++		    SET(didvar, DID_TERM);
++		sudo_putenv(*ep, FALSE, FALSE);
++	    }
++	}
++    }
++    /* Replace the PATH envariable with a secure one? */
++    if (def_secure_path && !user_is_exempt()) {
++	sudo_setenv("PATH", def_secure_path, TRUE);
++	SET(didvar, DID_PATH);
++    }
++
++    /* Set $USER, $LOGNAME and $USERNAME to target if "set_logname" is true. */
++    if (def_set_logname && !ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
++	if (!ISSET(didvar, KEPT_LOGNAME))
++	    sudo_setenv("LOGNAME", runas_pw->pw_name, TRUE);
++	if (!ISSET(didvar, KEPT_USER))
++	    sudo_setenv("USER", runas_pw->pw_name, TRUE);
++	if (!ISSET(didvar, KEPT_USERNAME))
++	    sudo_setenv("USERNAME", runas_pw->pw_name, TRUE);
++    }
++
++    /* Set $HOME to target user if not preserving user's value. */
++    if (reset_home && !ISSET(didvar, KEPT_HOME))
++	sudo_setenv("HOME", runas_pw->pw_dir, TRUE);
++
++    /* Provide default values for $TERM and $PATH if they are not set. */
++    if (!ISSET(didvar, DID_TERM))
++	sudo_putenv("TERM=unknown", FALSE, FALSE);
++    if (!ISSET(didvar, DID_PATH))
++	sudo_setenv("PATH", _PATH_STDPATH, FALSE);
++
++    /*
++     * Preload a noexec file?  For a list of LD_PRELOAD-alikes, see
++     * http://www.fortran-2000.com/ArnaudRecipes/sharedlib.html
++     * XXX - should prepend to original value, if any
++     */
++    if (noexec && def_noexec_file != NULL) {
++#if defined(__darwin__) || defined(__APPLE__)
++	sudo_setenv("DYLD_INSERT_LIBRARIES", def_noexec_file, TRUE);
++	sudo_setenv("DYLD_FORCE_FLAT_NAMESPACE", "", TRUE);
++#else
++# if defined(__osf__) || defined(__sgi)
++	easprintf(&cp, "%s:DEFAULT", def_noexec_file);
++	sudo_setenv("_RLD_LIST", cp, TRUE);
++	efree(cp);
++# else
++#  ifdef _AIX
++	sudo_setenv("LDR_PRELOAD", def_noexec_file, TRUE);
++#  else
++	sudo_setenv("LD_PRELOAD", def_noexec_file, TRUE);
++#  endif /* _AIX */
++# endif /* __osf__ || __sgi */
++#endif /* __darwin__ || __APPLE__ */
++    }
++
++    /* Set PS1 if SUDO_PS1 is set. */
++    if (ps1 != NULL)
++	sudo_putenv(ps1, TRUE, TRUE);
++
++    /* Add the SUDO_COMMAND envariable (cmnd + args). */
++    if (user_args) {
++	easprintf(&cp, "%s %s", user_cmnd, user_args);
++	sudo_setenv("SUDO_COMMAND", cp, TRUE);
++	efree(cp);
++    } else {
++	sudo_setenv("SUDO_COMMAND", user_cmnd, TRUE);
++    }
++
++    /* Add the SUDO_USER, SUDO_UID, SUDO_GID environment variables. */
++    sudo_setenv("SUDO_USER", user_name, TRUE);
++    snprintf(idbuf, sizeof(idbuf), "%lu", (unsigned long) user_uid);
++    sudo_setenv("SUDO_UID", idbuf, TRUE);
++    snprintf(idbuf, sizeof(idbuf), "%lu", (unsigned long) user_gid);
++    sudo_setenv("SUDO_GID", idbuf, TRUE);
++
++    /* Free old environment. */
++    efree(old_envp);
++}
++
++void
++insert_env_vars(env_vars)
++    struct list_member *env_vars;
++{
++    struct list_member *cur;
++
++    /* Add user-specified environment variables. */
++    for (cur = env_vars; cur != NULL; cur = cur->next)
++	putenv(cur->value);
++}
++
++/*
++ * Validate the list of environment variables passed in on the command
++ * line against env_delete, env_check, and env_keep.
++ * Calls log_error() if any specified variables are not allowed.
++ */
++void
++validate_env_vars(env_vars)
++    struct list_member *env_vars;
++{
++    struct list_member *var;
++    char *eq, *bad = NULL;
++    size_t len, blen = 0, bsize = 0;
++    int okvar;
++
++    /* Add user-specified environment variables. */
++    for (var = env_vars; var != NULL; var = var->next) {
++	if (def_secure_path && !user_is_exempt() &&
++	    strncmp(var->value, "PATH=", 5) == 0) {
++	    okvar = FALSE;
++	} else if (def_env_reset) {
++	    okvar = matches_env_check(var->value);
++	    if (okvar == -1)
++		okvar = matches_env_keep(var->value);
++	} else {
++	    okvar = matches_env_delete(var->value) == FALSE;
++	    if (okvar == FALSE)
++		okvar = matches_env_check(var->value) != FALSE;
++	}
++	if (okvar == FALSE) {
++	    /* Not allowed, add to error string, allocating as needed. */
++	    if ((eq = strchr(var->value, '=')) != NULL)
++		*eq = '\0';
++	    len = strlen(var->value) + 2;
++	    if (blen + len >= bsize) {
++		do {
++		    bsize += 1024;
++		} while (blen + len >= bsize);
++		bad = erealloc(bad, bsize);
++		bad[blen] = '\0';
++	    }
++	    strlcat(bad, var->value, bsize);
++	    strlcat(bad, ", ", bsize);
++	    blen += len;
++	    if (eq != NULL)
++		*eq = '=';
++	}
++    }
++    if (bad != NULL) {
++	bad[blen - 2] = '\0';		/* remove trailing ", " */
++	log_error(NO_MAIL,
++	    "sorry, you are not allowed to set the following environment variables: %s", bad);
++	/* NOTREACHED */
++	efree(bad);
++    }
++}
++
++/*
++ * Read in /etc/environment ala AIX and Linux.
++ * Lines may be in either of three formats:
++ *  NAME=VALUE
++ *  NAME="VALUE"
++ *  NAME='VALUE'
++ * with an optional "export" prefix so the shell can source the file.
++ * Invalid lines, blank lines, or lines consisting solely of a comment
++ * character are skipped.
++ */
++void
++read_env_file(path, overwrite)
++    const char *path;
++    int overwrite;
++{
++    FILE *fp;
++    char *cp, *var, *val;
++    size_t var_len, val_len;
++
++    if ((fp = fopen(path, "r")) == NULL)
++	return;
++
++    while ((var = sudo_parseln(fp)) != NULL) {
++	/* Skip blank or comment lines */
++	if (*var == '\0')
++	    continue;
++
++	/* Skip optional "export " */
++	if (strncmp(var, "export", 6) == 0 && isspace((unsigned char) var[6])) {
++	    var += 7;
++	    while (isspace((unsigned char) *var)) {
++		var++;
++	    }
++	}
++
++	/* Must be of the form name=["']value['"] */
++	for (val = var; *val != '\0' && *val != '='; val++)
++	    ;
++	if (var == val || *val != '=')
++	    continue;
++	var_len = (size_t)(val - var);
++	val_len = strlen(++val);
++
++	/* Strip leading and trailing single/double quotes */
++	if ((val[0] == '\'' || val[0] == '\"') && val[0] == val[val_len - 1]) {
++	    val[val_len - 1] = '\0';
++	    val++;
++	    val_len -= 2;
++	}
++
++	cp = emalloc(var_len + 1 + val_len + 1);
++	memcpy(cp, var, var_len + 1); /* includes '=' */
++	memcpy(cp + var_len + 1, val, val_len + 1); /* includes NUL */
++
++	sudo_putenv(cp, TRUE, overwrite);
++    }
++    fclose(fp);
++}
++
++void
++init_envtables()
++{
++    struct list_member *cur;
++    const char **p;
++
++    /* Fill in the "env_delete" list. */
++    for (p = initial_badenv_table; *p; p++) {
++	cur = emalloc(sizeof(struct list_member));
++	cur->value = estrdup(*p);
++	cur->next = def_env_delete;
++	def_env_delete = cur;
++    }
++
++    /* Fill in the "env_check" list. */
++    for (p = initial_checkenv_table; *p; p++) {
++	cur = emalloc(sizeof(struct list_member));
++	cur->value = estrdup(*p);
++	cur->next = def_env_check;
++	def_env_check = cur;
++    }
++
++    /* Fill in the "env_keep" list. */
++    for (p = initial_keepenv_table; *p; p++) {
++	cur = emalloc(sizeof(struct list_member));
++	cur->value = estrdup(*p);
++	cur->next = def_env_keep;
++	def_env_keep = cur;
++    }
++}
++>>>>>>> MERGE-SOURCE
 === modified file '.pc/keep_home_by_default.patch/env.c'
 --- .pc/keep_home_by_default.patch/env.c	2011-05-23 09:50:37 +0000
 +++ .pc/keep_home_by_default.patch/env.c	2011-05-23 08:12:57 +0000
@@ -1,3 +1,4 @@
++<<<<<<< TREE
  /*
   * Copyright (c) 2000-2005, 2007-2010
   *	Todd C. Miller <Todd.Miller@courtesan.com>
@@ -991,3 +992,1002 @@
  	def_env_keep = cur;
+     }
+ }
++=======
++/*
++ * Copyright (c) 2000-2005, 2007-2010
++ *	Todd C. Miller <Todd.Miller@courtesan.com>
++ *
++ * Permission to use, copy, modify, and distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ *
++ * Sponsored in part by the Defense Advanced Research Projects
++ * Agency (DARPA) and Air Force Research Laboratory, Air Force
++ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
++ */
++
++#include <config.h>
++
++#include <sys/types.h>
++#include <sys/param.h>
++#include <sys/stat.h>
++#include <stdio.h>
++#ifdef STDC_HEADERS
++# include <stdlib.h>
++# include <stddef.h>
++#else
++# ifdef HAVE_STDLIB_H
++#  include <stdlib.h>
++# endif
++#endif /* STDC_HEADERS */
++#ifdef HAVE_STRING_H
++# include <string.h>
++#endif /* HAVE_STRING_H */
++#ifdef HAVE_STRINGS_H
++# include <strings.h>
++#endif /* HAVE_STRINGS_H */
++#ifdef HAVE_UNISTD_H
++# include <unistd.h>
++#endif /* HAVE_UNISTD_H */
++#include <ctype.h>
++#include <errno.h>
++#include <pwd.h>
++
++#include "sudo.h"
++
++/*
++ * Flags used in rebuild_env()
++ */
++#undef DID_TERM
++#define DID_TERM	0x0001
++#undef DID_PATH
++#define DID_PATH	0x0002
++#undef DID_HOME
++#define DID_HOME	0x0004
++#undef DID_SHELL
++#define DID_SHELL	0x0008
++#undef DID_LOGNAME
++#define DID_LOGNAME	0x0010
++#undef DID_USER
++#define DID_USER    	0x0020
++#undef DID_USERNAME
++#define DID_USERNAME   	0x0040
++#undef DID_MAIL
++#define DID_MAIL   	0x0080
++#undef DID_MAX
++#define DID_MAX    	0x00ff
++
++#undef KEPT_TERM
++#define KEPT_TERM	0x0100
++#undef KEPT_PATH
++#define KEPT_PATH	0x0200
++#undef KEPT_HOME
++#define KEPT_HOME	0x0400
++#undef KEPT_SHELL
++#define KEPT_SHELL	0x0800
++#undef KEPT_LOGNAME
++#define KEPT_LOGNAME	0x1000
++#undef KEPT_USER
++#define KEPT_USER    	0x2000
++#undef KEPT_USERNAME
++#define KEPT_USERNAME	0x4000
++#undef KEPT_MAIL
++#define KEPT_MAIL	0x8000
++#undef KEPT_MAX
++#define KEPT_MAX    	0xff00
++
++struct environment {
++    char **envp;		/* pointer to the new environment */
++    size_t env_size;		/* size of new_environ in char **'s */
++    size_t env_len;		/* number of slots used, not counting NULL */
++    int owned;			/* do we own envp or is it the system's? */
++};
++
++/*
++ * Prototypes
++ */
++static void sudo_setenv		__P((const char *, const char *, int));
++static void sudo_putenv		__P((char *, int, int));
++
++extern char **environ;		/* global environment */
++
++/*
++ * Copy of the sudo-managed environment.
++ */
++static struct environment env;
++
++/*
++ * Default table of "bad" variables to remove from the environment.
++ * XXX - how to omit TERMCAP if it starts with '/'?
++ */
++static const char *initial_badenv_table[] = {
++    "IFS",
++    "CDPATH",
++    "SHELLOPTS",
++    "PS4",
++    "LOCALDOMAIN",
++    "RES_OPTIONS",
++    "HOSTALIASES",
++    "NLSPATH",
++    "PATH_LOCALE",
++    "LD_*",
++    "_RLD*",
++#ifdef __hpux
++    "SHLIB_PATH",
++#endif /* __hpux */
++#ifdef _AIX
++    "LDR_*",
++    "LIBPATH",
++    "AUTHSTATE",
++#endif
++#ifdef __APPLE__
++    "DYLD_*",
++#endif
++#ifdef HAVE_KERB4
++    "KRB_CONF*",
++    "KRBCONFDIR",
++    "KRBTKFILE",
++#endif /* HAVE_KERB4 */
++#ifdef HAVE_KERB5
++    "KRB5_CONFIG*",
++    "KRB5_KTNAME",
++#endif /* HAVE_KERB5 */
++#ifdef HAVE_SECURID
++    "VAR_ACE",
++    "USR_ACE",
++    "DLC_ACE",
++#endif /* HAVE_SECURID */
++    "TERMINFO",			/* terminfo, exclusive path to terminfo files */
++    "TERMINFO_DIRS",		/* terminfo, path(s) to terminfo files */
++    "TERMPATH",			/* termcap, path(s) to termcap files */
++    "TERMCAP",			/* XXX - only if it starts with '/' */
++    "ENV",			/* ksh, file to source before script runs */
++    "BASH_ENV",			/* bash, file to source before script runs */
++    "PS4",			/* bash, prefix for lines in xtrace mode */
++    "GLOBIGNORE",		/* bash, globbing patterns to ignore */
++    "SHELLOPTS",		/* bash, extra command line options */
++    "JAVA_TOOL_OPTIONS",	/* java, extra command line options */
++    "PERLIO_DEBUG ",		/* perl, debugging output file */
++    "PERLLIB",			/* perl, search path for modules/includes */
++    "PERL5LIB",			/* perl 5, search path for modules/includes */
++    "PERL5OPT",			/* perl 5, extra command line options */
++    "PERL5DB",			/* perl 5, command used to load debugger */
++    "FPATH",			/* ksh, search path for functions */
++    "NULLCMD",			/* zsh, command for null file redirection */
++    "READNULLCMD",		/* zsh, command for null file redirection */
++    "ZDOTDIR",			/* zsh, search path for dot files */
++    "TMPPREFIX",		/* zsh, prefix for temporary files */
++    "PYTHONHOME",		/* python, module search path */
++    "PYTHONPATH",		/* python, search path */
++    "PYTHONINSPECT",		/* python, allow inspection */
++    "PYTHONUSERBASE",		/* python, per user site-packages directory */
++    "RUBYLIB",			/* ruby, library load path */
++    "RUBYOPT",			/* ruby, extra command line options */
++    NULL
++};
++
++/*
++ * Default table of variables to check for '%' and '/' characters.
++ */
++static const char *initial_checkenv_table[] = {
++    "COLORTERM",
++    "LANG",
++    "LANGUAGE",
++    "LC_*",
++    "LINGUAS",
++    "TERM",
++    NULL
++};
++
++/*
++ * Default table of variables to preserve in the environment.
++ */
++static const char *initial_keepenv_table[] = {
++    "COLORS",
++    "DISPLAY",
++    "HOSTNAME",
++    "KRB5CCNAME",
++    "LS_COLORS",
++    "PATH",
++    "PS1",
++    "PS2",
++    "TZ",
++    "XAUTHORITY",
++    "XAUTHORIZATION",
++    NULL
++};
++
++/*
++ * Initialize env based on envp.
++ */
++void
++env_init(lazy)
++    int lazy;
++{
++    char * const *ep;
++    size_t len;
++
++    for (ep = environ; *ep != NULL; ep++)
++	continue;
++    len = (size_t)(ep - environ);
++
++    if (lazy) {
++	/*
++	 * If we are already initialized due to lazy init (usualy via getenv())
++	 * we need to avoid calling malloc() as it may call getenv() itself.
++	 */
++	env.envp = environ;
++	env.env_len = len;
++	env.env_size = len;
++    } else if (!env.owned) {
++	env.env_len = len;
++	env.env_size = len + 1 + 128;
++	env.envp = emalloc2(env.env_size, sizeof(char *));
++#ifdef ENV_DEBUG
++	memset(env.envp, 0, env.env_size * sizeof(char *));
++#endif
++	memcpy(env.envp, environ, len * sizeof(char *));
++	env.envp[len] = '\0';
++	env.owned = TRUE;
++    }
++}
++
++char **
++env_get()
++{
++    return env.envp;
++}
++
++/*
++ * Similar to setenv(3) but operates on sudo's private copy of the environment
++ * (not environ) and it always overwrites.  The dupcheck param determines
++ * whether we need to verify that the variable is not already set.
++ */
++static void
++sudo_setenv(var, val, dupcheck)
++    const char *var;
++    const char *val;
++    int dupcheck;
++{
++    char *estring;
++    size_t esize;
++
++    esize = strlen(var) + 1 + strlen(val) + 1;
++    estring = emalloc(esize);
++
++    /* Build environment string and insert it. */
++    if (strlcpy(estring, var, esize) >= esize ||
++	strlcat(estring, "=", esize) >= esize ||
++	strlcat(estring, val, esize) >= esize) {
++
++	errorx(1, "internal error, sudo_setenv() overflow");
++    }
++    sudo_putenv(estring, dupcheck, TRUE);
++}
++
++/*
++ * Version of getenv(3) that uses our own environ pointer.
++ */
++char *
++getenv(var)
++    const char *var;
++{
++    char *cp, **ev;
++    size_t vlen = strlen(var);
++
++    if (env.envp == NULL)
++	env_init(TRUE);
++
++    for (ev = env.envp; (cp = *ev) != NULL; ev++) {
++	if (strncmp(var, cp, vlen) == 0 && cp[vlen] == '=')
++	    return cp + vlen + 1;
++    }
++    return NULL;
++}
++
++/*
++ * Version of setenv(3) that uses our own environ pointer.
++ */
++int
++setenv(var, val, overwrite)
++    const char *var;
++    const char *val;
++    int overwrite;
++{
++    char *estring, *ep;
++    const char *cp;
++    size_t esize;
++
++    if (!var || *var == '\0') {
++	errno = EINVAL;
++	return(-1);
++    }
++
++    if (env.envp == NULL)
++	env_init(TRUE);
++
++    /*
++     * POSIX says a var name with '=' is an error but BSD
++     * just ignores the '=' and anything after it.
++     */
++    for (cp = var; *cp && *cp != '='; cp++)
++	;
++    esize = (size_t)(cp - var) + 2;
++    if (val) {
++	esize += strlen(val);	/* glibc treats a NULL val as "" */
++    }
++
++    /* Allocate and fill in estring. */
++    estring = ep = emalloc(esize);
++    for (cp = var; *cp && *cp != '='; cp++)
++	*ep++ = *cp;
++    *ep++ = '=';
++    if (val) {
++	for (cp = val; *cp; cp++)
++	    *ep++ = *cp;
++    }
++    *ep = '\0';
++
++#ifdef ENV_DEBUG
++    if (env.envp[env.env_len] != NULL)
++	errorx(1, "setenv: corrupted envp, len mismatch");
++#endif
++    sudo_putenv(estring, TRUE, overwrite);
++    return(0);
++}
++
++/*
++ * Version of unsetenv(3) that uses our own environ pointer.
++ */
++#ifdef UNSETENV_VOID
++void
++#else
++int
++#endif
++unsetenv(var)
++    const char *var;
++{
++    char **ep;
++    size_t len;
++
++    if (var == NULL || *var == '\0' || strchr(var, '=') != NULL) {
++	errno = EINVAL;
++#ifdef UNSETENV_VOID
++	return;
++#else
++	return(-1);
++#endif
++    }
++
++    if (env.envp == NULL)
++	env_init(TRUE);
++
++#ifdef ENV_DEBUG
++    if (env.envp[env.env_len] != NULL)
++	errorx(1, "unsetenv: corrupted envp, len mismatch");
++#endif
++
++    len = strlen(var);
++    for (ep = env.envp; *ep != NULL;) {
++	if (strncmp(var, *ep, len) == 0 && (*ep)[len] == '=') {
++	    /* Found it; shift remainder + NULL over by one. */
++	    char **cur = ep;
++	    while ((*cur = *(cur + 1)) != NULL)
++		cur++;
++	    /* Keep going, could be multiple instances of the var. */
++	} else {
++	    ep++;
++	}
++    }
++    env.env_len = ep - env.envp;
++#ifndef UNSETENV_VOID
++    return(0);
++#endif
++}
++
++/*
++ * Version of putenv(3) that uses our own environ pointer.
++ */
++int
++#ifdef PUTENV_CONST
++putenv(const char *string)
++#else
++putenv(string)
++    char *string;
++#endif
++{
++    if (env.envp == NULL)
++	env_init(TRUE);
++
++    if (strchr(string, '=') == NULL) {
++	errno = EINVAL;
++	return(-1);
++    }
++#ifdef ENV_DEBUG
++    if (env.envp[env.env_len] != NULL)
++	errorx(1, "putenv: corrupted envp, len mismatch");
++#endif
++    sudo_putenv((char *)string, TRUE, TRUE);
++    return(0);
++}
++
++/*
++ * Similar to putenv(3) but operates on sudo's private copy of the
++ * environment (not environ) and it always overwrites.  The dupcheck param
++ * determines whether we need to verify that the variable is not already set.
++ * Will only overwrite an existing variable if overwrite is set.
++ */
++static void
++sudo_putenv(str, dupcheck, overwrite)
++    char *str;
++    int dupcheck;
++    int overwrite;
++{
++    char **ep;
++    size_t len;
++    int found = FALSE;
++
++    /* Make sure there is room for the new entry plus a NULL. */
++    if (env.env_len + 2 > env.env_size) {
++	env.env_size += 128;
++	if (env.owned) {
++	    env.envp = erealloc3(env.envp, env.env_size, sizeof(char *));
++	} else {
++	    /* We don't own env.envp, allocate a new one. */
++	    ep = emalloc2(env.env_size, sizeof(char *));
++	    memcpy(ep, env.envp, env.env_size * sizeof(char *));
++	    env.envp = ep;
++	    env.owned = TRUE;
++	}
++#ifdef ENV_DEBUG
++	memset(env.envp + env.env_len, 0,
++	    (env.env_size - env.env_len) * sizeof(char *));
++#endif
++    }
++
++#ifdef ENV_DEBUG
++    if (env.envp[env.env_len] != NULL)
++	errorx(1, "sudo_putenv: corrupted envp, len mismatch");
++#endif
++
++    if (dupcheck) {
++	len = (strchr(str, '=') - str) + 1;
++	for (ep = env.envp; !found && *ep != NULL; ep++) {
++	    if (strncmp(str, *ep, len) == 0) {
++		if (overwrite)
++		    *ep = str;
++		found = TRUE;
++	    }
++	}
++	/* Prune out duplicate variables. */
++	if (found && overwrite) {
++	    while (*ep != NULL) {
++		if (strncmp(str, *ep, len) == 0) {
++		    char **cur = ep;
++		    while ((*cur = *(cur + 1)) != NULL)
++			cur++;
++		} else {
++		    ep++;
++		}
++	    }
++	    env.env_len = ep - env.envp;
++	}
++    }
++
++    if (!found) {
++	ep = env.envp + env.env_len;
++	env.env_len++;
++	*ep++ = str;
++	*ep = NULL;
++    }
++}
++
++/*
++ * Check the env_delete blacklist.
++ * Returns TRUE if the variable was found, else false.
++ */
++static int
++matches_env_delete(var)
++    const char *var;
++{
++    struct list_member *cur;
++    size_t len;
++    int iswild, match = FALSE;
++
++    /* Skip anything listed in env_delete. */
++    for (cur = def_env_delete; cur; cur = cur->next) {
++	len = strlen(cur->value);
++	/* Deal with '*' wildcard */
++	if (cur->value[len - 1] == '*') {
++	    len--;
++	    iswild = TRUE;
++	} else
++	    iswild = FALSE;
++	if (strncmp(cur->value, var, len) == 0 &&
++	    (iswild || var[len] == '=')) {
++	    match = TRUE;
++	    break;
++	}
++    }
++    return(match);
++}
++
++/*
++ * Apply the env_check list.
++ * Returns TRUE if the variable is allowed, FALSE if denied
++ * or -1 if no match.
++ */
++static int
++matches_env_check(var)
++    const char *var;
++{
++    struct list_member *cur;
++    size_t len;
++    int iswild, keepit = -1;
++
++    for (cur = def_env_check; cur; cur = cur->next) {
++	len = strlen(cur->value);
++	/* Deal with '*' wildcard */
++	if (cur->value[len - 1] == '*') {
++	    len--;
++	    iswild = TRUE;
++	} else
++	    iswild = FALSE;
++	if (strncmp(cur->value, var, len) == 0 &&
++	    (iswild || var[len] == '=')) {
++	    keepit = !strpbrk(var, "/%");
++	    break;
++	}
++    }
++    return(keepit);
++}
++
++/*
++ * Check the env_keep list.
++ * Returns TRUE if the variable is allowed else FALSE.
++ */
++static int
++matches_env_keep(var)
++    const char *var;
++{
++    struct list_member *cur;
++    size_t len;
++    int iswild, keepit = FALSE;
++
++    for (cur = def_env_keep; cur; cur = cur->next) {
++	len = strlen(cur->value);
++	/* Deal with '*' wildcard */
++	if (cur->value[len - 1] == '*') {
++	    len--;
++	    iswild = TRUE;
++	} else
++	    iswild = FALSE;
++	if (strncmp(cur->value, var, len) == 0 &&
++	    (iswild || var[len] == '=')) {
++	    keepit = TRUE;
++	    break;
++	}
++    }
++    return(keepit);
++}
++
++/*
++ * Build a new environment and ether clear potentially dangerous
++ * variables from the old one or start with a clean slate.
++ * Also adds sudo-specific variables (SUDO_*).
++ */
++void
++rebuild_env(noexec)
++    int noexec;
++{
++    char **old_envp, **ep, *cp, *ps1;
++    char idbuf[MAX_UID_T_LEN];
++    unsigned int didvar;
++    int reset_home = FALSE;
++
++    /*
++     * Either clean out the environment or reset to a safe default.
++     */
++    ps1 = NULL;
++    didvar = 0;
++    env.env_len = 0;
++    env.env_size = 128;
++    old_envp = env.envp;
++    env.envp = emalloc2(env.env_size, sizeof(char *));
++#ifdef ENV_DEBUG
++    memset(env.envp, 0, env.env_size * sizeof(char *));
++#endif
++
++    /* Reset HOME based on target user if configured to. */
++    if (ISSET(sudo_mode, MODE_RUN)) {
++	if (def_always_set_home ||
++	    ISSET(sudo_mode, MODE_RESET_HOME | MODE_LOGIN_SHELL) ||
++	    (ISSET(sudo_mode, MODE_SHELL) && def_set_home))
++	    reset_home = TRUE;
++    }
++
++    if (def_env_reset || ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
++	/* Pull in vars we want to keep from the old environment. */
++	for (ep = old_envp; *ep; ep++) {
++	    int keepit;
++
++	    /* Skip variables with values beginning with () (bash functions) */
++	    if ((cp = strchr(*ep, '=')) != NULL) {
++		if (strncmp(cp, "=() ", 3) == 0)
++		    continue;
++	    }
++
++	    /*
++	     * First check certain variables for '%' and '/' characters.
++	     * If no match there, check the keep list.
++	     * If nothing matched, we remove it from the environment.
++	     */
++	    keepit = matches_env_check(*ep);
++	    if (keepit == -1)
++		keepit = matches_env_keep(*ep);
++
++	    if (!strncmp (*ep, "DISPLAY=",8)
++		|| !strncmp (*ep, "XAUTHORITY=", 11)
++		|| !strncmp (*ep, "XAUTHORIZATION=", 15)
++		|| !strncmp (*ep, "XAPPLRESDIR=", 12)
++		|| !strncmp (*ep, "XFILESEARCHPATH=", 16)
++		|| !strncmp (*ep, "XUSERFILESEARCHPATH=", 20)
++		|| !strncmp (*ep, "LANG=", 5)
++		|| !strncmp (*ep, "LANGUAGE=", 9)
++		|| !strncmp (*ep, "LC_", 3))
++	      keepit = 1;
++
++	    /* For SUDO_PS1 -> PS1 conversion. */
++	    if (strncmp(*ep, "SUDO_PS1=", 8) == 0)
++		ps1 = *ep + 5;
++
++	    if (keepit) {
++		/* Preserve variable. */
++		switch (**ep) {
++		    case 'H':
++			if (strncmp(*ep, "HOME=", 5) == 0)
++			    SET(didvar, DID_HOME);
++			break;
++		    case 'L':
++			if (strncmp(*ep, "LOGNAME=", 8) == 0)
++			    SET(didvar, DID_LOGNAME);
++			break;
++		    case 'M':
++			if (strncmp(*ep, "MAIL=", 5) == 0)
++			    SET(didvar, DID_MAIL);
++			break;
++		    case 'P':
++			if (strncmp(*ep, "PATH=", 5) == 0)
++			    SET(didvar, DID_PATH);
++			break;
++		    case 'S':
++			if (strncmp(*ep, "SHELL=", 6) == 0)
++			    SET(didvar, DID_SHELL);
++			break;
++		    case 'T':
++			if (strncmp(*ep, "TERM=", 5) == 0)
++			    SET(didvar, DID_TERM);
++			break;
++		    case 'U':
++			if (strncmp(*ep, "USER=", 5) == 0)
++			    SET(didvar, DID_USER);
++			if (strncmp(*ep, "USERNAME=", 5) == 0)
++			    SET(didvar, DID_USERNAME);
++			break;
++		}
++		sudo_putenv(*ep, FALSE, FALSE);
++	    }
++	}
++	didvar |= didvar << 8;		/* convert DID_* to KEPT_* */
++
++	/*
++	 * Add in defaults.  In -i mode these come from the runas user,
++	 * otherwise they may be from the user's environment (depends
++	 * on sudoers options).
++	 */
++	if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
++	    sudo_setenv("SHELL", runas_pw->pw_shell, ISSET(didvar, DID_SHELL));
++	    sudo_setenv("LOGNAME", runas_pw->pw_name,
++		ISSET(didvar, DID_LOGNAME));
++	    sudo_setenv("USER", runas_pw->pw_name, ISSET(didvar, DID_USER));
++	    sudo_setenv("USERNAME", runas_pw->pw_name,
++		ISSET(didvar, DID_USERNAME));
++	} else {
++	    if (!ISSET(didvar, DID_SHELL))
++		sudo_setenv("SHELL", sudo_user.pw->pw_shell, FALSE);
++	    if (!ISSET(didvar, DID_LOGNAME))
++		sudo_setenv("LOGNAME", user_name, FALSE);
++	    if (!ISSET(didvar, DID_USER))
++		sudo_setenv("USER", user_name, FALSE);
++	    if (!ISSET(didvar, DID_USERNAME))
++		sudo_setenv("USERNAME", user_name, FALSE);
++	}
++
++	/* If we didn't keep HOME, reset it based on target user. */
++	if (!ISSET(didvar, KEPT_HOME))
++	    reset_home = TRUE;
++
++	/*
++	 * Set MAIL to target user in -i mode or if MAIL is not preserved
++	 * from user's environment.
++	 */
++	if (ISSET(sudo_mode, MODE_LOGIN_SHELL) || !ISSET(didvar, KEPT_MAIL)) {
++	    cp = _PATH_MAILDIR;
++	    if (cp[sizeof(_PATH_MAILDIR) - 2] == '/')
++		easprintf(&cp, "MAIL=%s%s", _PATH_MAILDIR, runas_pw->pw_name);
++	    else
++		easprintf(&cp, "MAIL=%s/%s", _PATH_MAILDIR, runas_pw->pw_name);
++	    sudo_putenv(cp, ISSET(didvar, DID_MAIL), TRUE);
++	}
++    } else {
++	/*
++	 * Copy environ entries as long as they don't match env_delete or
++	 * env_check.
++	 */
++	for (ep = old_envp; *ep; ep++) {
++	    int okvar;
++
++	    /* Skip variables with values beginning with () (bash functions) */
++	    if ((cp = strchr(*ep, '=')) != NULL) {
++		if (strncmp(cp, "=() ", 3) == 0)
++		    continue;
++	    }
++
++	    /*
++	     * First check variables against the blacklist in env_delete.
++	     * If no match there check for '%' and '/' characters.
++	     */
++	    okvar = matches_env_delete(*ep) != TRUE;
++	    if (okvar)
++		okvar = matches_env_check(*ep) != FALSE;
++
++	    if (okvar) {
++		if (strncmp(*ep, "SUDO_PS1=", 9) == 0)
++		    ps1 = *ep + 5;
++		else if (strncmp(*ep, "PATH=", 5) == 0)
++		    SET(didvar, DID_PATH);
++		else if (strncmp(*ep, "TERM=", 5) == 0)
++		    SET(didvar, DID_TERM);
++		sudo_putenv(*ep, FALSE, FALSE);
++	    }
++	}
++    }
++    /* Replace the PATH envariable with a secure one? */
++    if (def_secure_path && !user_is_exempt()) {
++	sudo_setenv("PATH", def_secure_path, TRUE);
++	SET(didvar, DID_PATH);
++    }
++
++    /* Set $USER, $LOGNAME and $USERNAME to target if "set_logname" is true. */
++    if (def_set_logname && !ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
++	if (!ISSET(didvar, KEPT_LOGNAME))
++	    sudo_setenv("LOGNAME", runas_pw->pw_name, TRUE);
++	if (!ISSET(didvar, KEPT_USER))
++	    sudo_setenv("USER", runas_pw->pw_name, TRUE);
++	if (!ISSET(didvar, KEPT_USERNAME))
++	    sudo_setenv("USERNAME", runas_pw->pw_name, TRUE);
++    }
++
++    /* Set $HOME to target user if not preserving user's value. */
++    if (reset_home)
++	sudo_setenv("HOME", runas_pw->pw_dir, TRUE);
++
++    /* Provide default values for $TERM and $PATH if they are not set. */
++    if (!ISSET(didvar, DID_TERM))
++	sudo_putenv("TERM=unknown", FALSE, FALSE);
++    if (!ISSET(didvar, DID_PATH))
++	sudo_setenv("PATH", _PATH_STDPATH, FALSE);
++
++    /*
++     * Preload a noexec file?  For a list of LD_PRELOAD-alikes, see
++     * http://www.fortran-2000.com/ArnaudRecipes/sharedlib.html
++     * XXX - should prepend to original value, if any
++     */
++    if (noexec && def_noexec_file != NULL) {
++#if defined(__darwin__) || defined(__APPLE__)
++	sudo_setenv("DYLD_INSERT_LIBRARIES", def_noexec_file, TRUE);
++	sudo_setenv("DYLD_FORCE_FLAT_NAMESPACE", "", TRUE);
++#else
++# if defined(__osf__) || defined(__sgi)
++	easprintf(&cp, "%s:DEFAULT", def_noexec_file);
++	sudo_setenv("_RLD_LIST", cp, TRUE);
++	efree(cp);
++# else
++#  ifdef _AIX
++	sudo_setenv("LDR_PRELOAD", def_noexec_file, TRUE);
++#  else
++	sudo_setenv("LD_PRELOAD", def_noexec_file, TRUE);
++#  endif /* _AIX */
++# endif /* __osf__ || __sgi */
++#endif /* __darwin__ || __APPLE__ */
++    }
++
++    /* Set PS1 if SUDO_PS1 is set. */
++    if (ps1 != NULL)
++	sudo_putenv(ps1, TRUE, TRUE);
++
++    /* Add the SUDO_COMMAND envariable (cmnd + args). */
++    if (user_args) {
++	easprintf(&cp, "%s %s", user_cmnd, user_args);
++	sudo_setenv("SUDO_COMMAND", cp, TRUE);
++	efree(cp);
++    } else {
++	sudo_setenv("SUDO_COMMAND", user_cmnd, TRUE);
++    }
++
++    /* Add the SUDO_USER, SUDO_UID, SUDO_GID environment variables. */
++    sudo_setenv("SUDO_USER", user_name, TRUE);
++    snprintf(idbuf, sizeof(idbuf), "%lu", (unsigned long) user_uid);
++    sudo_setenv("SUDO_UID", idbuf, TRUE);
++    snprintf(idbuf, sizeof(idbuf), "%lu", (unsigned long) user_gid);
++    sudo_setenv("SUDO_GID", idbuf, TRUE);
++
++    /* Free old environment. */
++    efree(old_envp);
++}
++
++void
++insert_env_vars(env_vars)
++    struct list_member *env_vars;
++{
++    struct list_member *cur;
++
++    /* Add user-specified environment variables. */
++    for (cur = env_vars; cur != NULL; cur = cur->next)
++	putenv(cur->value);
++}
++
++/*
++ * Validate the list of environment variables passed in on the command
++ * line against env_delete, env_check, and env_keep.
++ * Calls log_error() if any specified variables are not allowed.
++ */
++void
++validate_env_vars(env_vars)
++    struct list_member *env_vars;
++{
++    struct list_member *var;
++    char *eq, *bad = NULL;
++    size_t len, blen = 0, bsize = 0;
++    int okvar;
++
++    /* Add user-specified environment variables. */
++    for (var = env_vars; var != NULL; var = var->next) {
++	if (def_secure_path && !user_is_exempt() &&
++	    strncmp(var->value, "PATH=", 5) == 0) {
++	    okvar = FALSE;
++	} else if (def_env_reset) {
++	    okvar = matches_env_check(var->value);
++	    if (okvar == -1)
++		okvar = matches_env_keep(var->value);
++	} else {
++	    okvar = matches_env_delete(var->value) == FALSE;
++	    if (okvar == FALSE)
++		okvar = matches_env_check(var->value) != FALSE;
++	}
++	if (okvar == FALSE) {
++	    /* Not allowed, add to error string, allocating as needed. */
++	    if ((eq = strchr(var->value, '=')) != NULL)
++		*eq = '\0';
++	    len = strlen(var->value) + 2;
++	    if (blen + len >= bsize) {
++		do {
++		    bsize += 1024;
++		} while (blen + len >= bsize);
++		bad = erealloc(bad, bsize);
++		bad[blen] = '\0';
++	    }
++	    strlcat(bad, var->value, bsize);
++	    strlcat(bad, ", ", bsize);
++	    blen += len;
++	    if (eq != NULL)
++		*eq = '=';
++	}
++    }
++    if (bad != NULL) {
++	bad[blen - 2] = '\0';		/* remove trailing ", " */
++	log_error(NO_MAIL,
++	    "sorry, you are not allowed to set the following environment variables: %s", bad);
++	/* NOTREACHED */
++	efree(bad);
++    }
++}
++
++/*
++ * Read in /etc/environment ala AIX and Linux.
++ * Lines may be in either of three formats:
++ *  NAME=VALUE
++ *  NAME="VALUE"
++ *  NAME='VALUE'
++ * with an optional "export" prefix so the shell can source the file.
++ * Invalid lines, blank lines, or lines consisting solely of a comment
++ * character are skipped.
++ */
++void
++read_env_file(path, overwrite)
++    const char *path;
++    int overwrite;
++{
++    FILE *fp;
++    char *cp, *var, *val;
++    size_t var_len, val_len;
++
++    if ((fp = fopen(path, "r")) == NULL)
++	return;
++
++    while ((var = sudo_parseln(fp)) != NULL) {
++	/* Skip blank or comment lines */
++	if (*var == '\0')
++	    continue;
++
++	/* Skip optional "export " */
++	if (strncmp(var, "export", 6) == 0 && isspace((unsigned char) var[6])) {
++	    var += 7;
++	    while (isspace((unsigned char) *var)) {
++		var++;
++	    }
++	}
++
++	/* Must be of the form name=["']value['"] */
++	for (val = var; *val != '\0' && *val != '='; val++)
++	    ;
++	if (var == val || *val != '=')
++	    continue;
++	var_len = (size_t)(val - var);
++	val_len = strlen(++val);
++
++	/* Strip leading and trailing single/double quotes */
++	if ((val[0] == '\'' || val[0] == '\"') && val[0] == val[val_len - 1]) {
++	    val[val_len - 1] = '\0';
++	    val++;
++	    val_len -= 2;
++	}
++
++	cp = emalloc(var_len + 1 + val_len + 1);
++	memcpy(cp, var, var_len + 1); /* includes '=' */
++	memcpy(cp + var_len + 1, val, val_len + 1); /* includes NUL */
++
++	sudo_putenv(cp, TRUE, overwrite);
++    }
++    fclose(fp);
++}
++
++void
++init_envtables()
++{
++    struct list_member *cur;
++    const char **p;
++
++    /* Fill in the "env_delete" list. */
++    for (p = initial_badenv_table; *p; p++) {
++	cur = emalloc(sizeof(struct list_member));
++	cur->value = estrdup(*p);
++	cur->next = def_env_delete;
++	def_env_delete = cur;
++    }
++
++    /* Fill in the "env_check" list. */
++    for (p = initial_checkenv_table; *p; p++) {
++	cur = emalloc(sizeof(struct list_member));
++	cur->value = estrdup(*p);
++	cur->next = def_env_check;
++	def_env_check = cur;
++    }
++
++    /* Fill in the "env_keep" list. */
++    for (p = initial_keepenv_table; *p; p++) {
++	cur = emalloc(sizeof(struct list_member));
++	cur->value = estrdup(*p);
++	cur->next = def_env_keep;
++	def_env_keep = cur;
++    }
++}
++>>>>>>> MERGE-SOURCE
 === modified file 'debian/changelog'
 --- debian/changelog	2011-05-23 09:50:37 +0000
 +++ debian/changelog	2011-05-23 08:12:57 +0000
@@ -1,3 +1,4 @@
++<<<<<<< TREE
  sudo (1.7.4p6-1ubuntu1) oneiric; urgency=low
    * Merge from debian/unstable, remaining changes:
@@ -102,6 +103,110 @@
   -- Lorenzo De Liso <blackz@ubuntu.com>  Wed, 15 Dec 2010 21:32:57 +0100
++=======
++sudo (1.7.4p6-1ubuntu1) oneiric; urgency=low
++
++  * Merge from debian/unstable, remaining changes:
++      + debian/patches/keep_home_by_default.patch: Set HOME in
++        initial_keepenv_table.  LP: #760140
++      + compile with --without-lecture --with-tty-tickets (Ubuntu specific)
++      + install man/man8/sudo_root.8 (Ubuntu specific)
++      + install apport hooks
++      + debian/sudoers: grant admin group sudo access
++    - debian/sudo-ldap.dirs, debian/sudo.dirs: add
++      usr/share/apport/package-hooks
++  * drop debian/patches/CVE-2011-0010.patch applied upstream now
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 23 May 2011 09:25:09 +0200
++
++sudo (1.7.4p6-1) unstable; urgency=low
++
++  * new upstream version
++  * touch the right stamp name after configuring, closes: #611287
++  * patch from Svante Signell to fix build problem on Hurd, closes: #611290
++
++ -- Bdale Garbee <bdale@gag.com>  Wed, 09 Feb 2011 11:32:58 -0700
++
++sudo (1.7.4p4-6) unstable; urgency=low
++
++  * update /etc/sudoers.d/README now that sudoers is a conffile
++  * patch from upstream to fix special case in password checking code
++    when only the gid is changing, closes: #609641
++
++ -- Bdale Garbee <bdale@gag.com>  Tue, 11 Jan 2011 10:22:39 -0700
++
++sudo (1.7.4p4-5ubuntu8) oneiric; urgency=low
++
++  * debian/sudo.preinst:
++    - if well-known ec2 vmbuilder file is found, write a file in
++      sudoers.d for the 'ubuntu' user (LP: #768625)
++
++ -- Scott Moser <smoser@ubuntu.com>  Thu, 21 Apr 2011 18:04:34 -0400
++
++sudo (1.7.4p4-5ubuntu7) natty; urgency=low
++
++  * debian/sudo.preinst:
++    - do not consider the ec2 vmbuilder default sudoers file
++      verbatim as its actually customized (LP: #761689)
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 15 Apr 2011 16:40:10 +0200
++
++sudo (1.7.4p4-5ubuntu6) natty; urgency=low
++
++  * debian/patches/keep_home_by_default.patch: Set HOME in
++    initial_keepenv_table.  LP: #760140
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Wed, 13 Apr 2011 12:32:25 -0700
++
++sudo (1.7.4p4-5ubuntu5) natty; urgency=low
++
++  * debian/sudo.preinst:
++    - avoid conffile prompt by checking for known default /etc/sudoers
++      and if found installing the correct default /etc/sudoers file
++      (LP: #690873)
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 25 Mar 2011 09:13:43 +0100
++
++sudo (1.7.4p4-5ubuntu4) natty; urgency=low
++
++  * debian/rules: The ubuntu-sudo-as-admin-successful.patch was taken
++    upstream by Debian however it requires a --enable-admin-flag configure
++    flag to actually enable it.
++    (LP: #706045)
++
++ -- Bryce Harrington <bryce@ubuntu.com>  Thu, 10 Feb 2011 12:01:53 -0800
++
++sudo (1.7.4p4-5ubuntu3) natty; urgency=low
++
++  * SECURITY UPDATE: privilege escalation via -g when using group Runas_List
++    - debian/patches/CVE-2011-0010.patch: prompt for password when the user is
++      running sudo as himself but as a different group
++    - CVE-2011-0010
++
++ -- Jamie Strandboge <jamie@ubuntu.com>  Tue, 18 Jan 2011 16:37:09 -0600
++
++sudo (1.7.4p4-5ubuntu2) natty; urgency=low
++
++  * debian/sudoers: temporarily workaround LP #690873 by adding %admin
++    into the default sudoers file in case people just say "yes" to the
++    dpkg conffile prompt.
++
++ -- Kees Cook <kees@ubuntu.com>  Wed, 15 Dec 2010 15:38:17 -0800
++
++sudo (1.7.4p4-5ubuntu1) natty; urgency=low
++
++  * Merge from debian unstable (LP: #689025), remaining changes:
++    - debian/rules:
++      + compile with --without-lecture --with-tty-tickets (Ubuntu specific)
++      + install man/man8/sudo_root.8 (Ubuntu specific)
++      + install apport hooks
++    - debian/sudo-ldap.dirs, debian/sudo.dirs: add
++      usr/share/apport/package-hooks
++  * This upload also fixes: LP: #609645
++
++ -- Lorenzo De Liso <blackz@ubuntu.com>  Wed, 15 Dec 2010 21:32:57 +0100
++
++>>>>>>> MERGE-SOURCE
  sudo (1.7.4p4-5) unstable; urgency=low
    * patch from Jakub Wilk to add noopt and nostrip build option support,

Ubuntusudo package