From: Bdale Garbee <bdale@gag.com>
Date: Fri, 20 Nov 2009 22:50:40 +0000 (-0700)
Subject: more quiltification
X-Git-Tag: debian/1.7.2p5-1~15
X-Git-Url: https://git.gag.com/?a=commitdiff_plain;h=d766074333d531dd1510a7abc202046a090f9518;p=debian%2Fsudo

more quiltification
---

diff --git a/debian/patches/sudo.pod.diff b/debian/patches/sudo.pod.diff
new file mode 100644
index 0000000..0b2d38c
--- /dev/null
+++ b/debian/patches/sudo.pod.diff
@@ -0,0 +1,24 @@
+--- /home/bdale/Desktop/sudo-1.7.2p1/sudo.pod	2009-06-15 15:19:47.000000000 -0600
++++ sudo/sudo.pod	2009-11-20 07:31:58.000000000 -0700
+@@ -452,8 +452,8 @@
+ To prevent command spoofing, B<sudo> checks "." and "" (both denoting
+ current directory) last when searching for a command in the user's
+ PATH (if one or both are in the PATH).  Note, however, that the
+-actual C<PATH> environment variable is I<not> modified and is passed
+-unchanged to the program that B<sudo> executes.
++C<PATH> environment variable is further modified in Debian because of
++the use of the I<SECURE_PATH> build option.
+ 
+ B<sudo> will check the ownership of its timestamp directory
+ (F<@timedir@> by default) and ignore the directory's contents if
+@@ -616,6 +616,10 @@
+ L<login_cap(3)>,
+ L<passwd(5)>, L<sudoers(5)>, L<visudo(8)>
+ 
++The file /usr/share/doc/sudo/OPTIONS describes the options used for building
++the Debian version of sudo, some of which change default behaviors documented
++elsewhere in this document.
++
+ =head1 AUTHORS
+ 
+ Many people have worked on B<sudo> over the years; this
diff --git a/debian/patches/sudoers.pod.diff b/debian/patches/sudoers.pod.diff
new file mode 100644
index 0000000..b780785
--- /dev/null
+++ b/debian/patches/sudoers.pod.diff
@@ -0,0 +1,57 @@
+--- /home/bdale/Desktop/sudo-1.7.2p1/sudoers.pod	2009-06-30 06:41:09.000000000 -0600
++++ sudo/sudoers.pod	2009-11-20 07:31:58.000000000 -0700
+@@ -93,7 +93,7 @@
+ 
+  Cmnd_Alias ::= NAME '=' Cmnd_List
+ 
+- NAME ::= [A-Z]([A-Z][0-9]_)*
++ NAME ::= [A-Z]([a-z][A-Z][0-9]_)*
+ 
+ Each I<alias> definition is of the form
+ 
+@@ -565,7 +565,7 @@
+ 
+ =over 16
+ 
+-=item always_set_home
++=item mail_badpass
+ 
+ If set, B<sudo> will set the C<HOME> environment variable to the home
+ directory of the target user (which is root unless the B<-u> option is used).
+@@ -1227,6 +1227,9 @@
+ 
+ =item env_delete
+ 
++Not effective due to security issues: only variables listed in 
++I<env_keep> or I<env_check> can be passed through B<sudo>!
++
+ Environment variables to be removed from the user's environment
+ when the I<env_reset> option is not in effect.  The argument may
+ be a double-quoted, space-separated list or a single value without
+@@ -1240,8 +1243,8 @@
+ 
+ =item env_keep
+ 
+-Environment variables to be preserved in the user's environment
+-when the I<env_reset> option is in effect.  This allows fine-grained
++Environment variables to be preserved in the user's environment.
++This allows fine-grained
+ control over the environment B<sudo>-spawned processes will receive.
+ The argument may be a double-quoted, space-separated list or a
+ single value without double-quotes.  The list can be replaced, added
+@@ -1282,6 +1285,15 @@
+ Below are example I<sudoers> entries.  Admittedly, some of
+ these are a bit contrived.  First, we define our I<aliases>:
+ 
++Below are example I<sudoers> entries.  Admittedly, some of
++these are a bit contrived.  First, we allow a few environment
++variables to pass and then define our I<aliases>:
++
++ # Run X applications through sudo; HOME is used to find .Xauthority file
++ # Note that some programs may use HOME for other purposes too and
++ # this may lead to privilege escalation!
++ Defaults env_keep = "DISPLAY HOME"
++ 
+  # User alias specification
+  User_Alias	FULLTIMERS = millert, mikef, dowdy
+  User_Alias	PARTTIMERS = bostley, jwfox, crawl
diff --git a/sudo.pod b/sudo.pod
index d088380..c8b370d 100644
--- a/sudo.pod
+++ b/sudo.pod
@@ -452,8 +452,8 @@ and, as such, it is not possible for B<sudo> to preserve them.
 To prevent command spoofing, B<sudo> checks "." and "" (both denoting
 current directory) last when searching for a command in the user's
 PATH (if one or both are in the PATH).  Note, however, that the
-C<PATH> environment variable is further modified in Debian because of
-the use of the I<SECURE_PATH> build option.
+actual C<PATH> environment variable is I<not> modified and is passed
+unchanged to the program that B<sudo> executes.
 
 B<sudo> will check the ownership of its timestamp directory
 (F<@timedir@> by default) and ignore the directory's contents if
@@ -616,10 +616,6 @@ L<grep(1)>, L<su(1)>, L<stat(2)>,
 L<login_cap(3)>,
 L<passwd(5)>, L<sudoers(5)>, L<visudo(8)>
 
-The file /usr/share/doc/sudo/OPTIONS describes the options used for building
-the Debian version of sudo, some of which change default behaviors documented
-elsewhere in this document.
-
 =head1 AUTHORS
 
 Many people have worked on B<sudo> over the years; this
diff --git a/sudoers.pod b/sudoers.pod
index 60a2843..a55ce0e 100644
--- a/sudoers.pod
+++ b/sudoers.pod
@@ -93,7 +93,7 @@ C<Host_Alias> and C<Cmnd_Alias>.
 
  Cmnd_Alias ::= NAME '=' Cmnd_List
 
- NAME ::= [A-Z]([a-z][A-Z][0-9]_)*
+ NAME ::= [A-Z]([A-Z][0-9]_)*
 
 Each I<alias> definition is of the form
 
@@ -565,7 +565,7 @@ B<Flags>:
 
 =over 16
 
-=item mail_badpass
+=item always_set_home
 
 If set, B<sudo> will set the C<HOME> environment variable to the home
 directory of the target user (which is root unless the B<-u> option is used).
@@ -1227,9 +1227,6 @@ the I<-V> option.
 
 =item env_delete
 
-Not effective due to security issues: only variables listed in 
-I<env_keep> or I<env_check> can be passed through B<sudo>!
-
 Environment variables to be removed from the user's environment
 when the I<env_reset> option is not in effect.  The argument may
 be a double-quoted, space-separated list or a single value without
@@ -1243,8 +1240,8 @@ B<sudo>).
 
 =item env_keep
 
-Environment variables to be preserved in the user's environment.
-This allows fine-grained
+Environment variables to be preserved in the user's environment
+when the I<env_reset> option is in effect.  This allows fine-grained
 control over the environment B<sudo>-spawned processes will receive.
 The argument may be a double-quoted, space-separated list or a
 single value without double-quotes.  The list can be replaced, added
@@ -1285,15 +1282,6 @@ List of network groups
 Below are example I<sudoers> entries.  Admittedly, some of
 these are a bit contrived.  First, we define our I<aliases>:
 
-Below are example I<sudoers> entries.  Admittedly, some of
-these are a bit contrived.  First, we allow a few environment
-variables to pass and then define our I<aliases>:
-
- # Run X applications through sudo; HOME is used to find .Xauthority file
- # Note that some programs may use HOME for other purposes too and
- # this may lead to privilege escalation!
- Defaults env_keep = "DISPLAY HOME"
- 
  # User alias specification
  User_Alias	FULLTIMERS = millert, mikef, dowdy
  User_Alias	PARTTIMERS = bostley, jwfox, crawl