16446717 add Solaris adt_*() auditing to sudo
17617070 sudo does not use pam_setcred correctly to set the audit context.
--- a/components/sudo/Makefile Thu Apr 03 11:10:33 2014 -0700
+++ b/components/sudo/Makefile Thu Apr 03 15:29:22 2014 -0700
@@ -19,7 +19,7 @@
# CDDL HEADER END
#
-# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
#
include ../../make-rules/shared-macros.mk
@@ -40,6 +40,9 @@
include $(WS_TOP)/make-rules/configure.mk
include $(WS_TOP)/make-rules/ips.mk
+# configure.in has been patched, so re-generate configure file
+COMPONENT_PREP_ACTION = ( cd $(@D) ; $(AUTORECONF) -f -I m4 )
+
CONFIGURE_ENV += "CC=$(CC)"
CONFIGURE_ENV += "CFLAGS=$(CFLAGS)"
CONFIGURE_ENV += "CXX=$(CXX)"
@@ -53,7 +56,7 @@
CONFIGURE_OPTIONS += --without-insults
CONFIGURE_OPTIONS += --without-lecture
CONFIGURE_OPTIONS += --with-ignore-dot
-CONFIGURE_OPTIONS += --with-bsm-audit
+CONFIGURE_OPTIONS += --with-solaris-audit
CONFIGURE_OPTIONS += --libexecdir=/usr/lib/sudo
CONFIGURE_OPTIONS += "sudo_cv_var_nroff_opt_Tascii=no"
@@ -62,6 +65,9 @@
COMPONENT_INSTALL_TARGETS = install
+# Enable aslr for this component
+ASLR_MODE = $(ASLR_ENABLE)
+
# common targets
build: $(BUILD_32)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/sudo/patches/01-sudo_debug.patch Thu Apr 03 15:29:22 2014 -0700
@@ -0,0 +1,13 @@
+Solaris needs missing definition for __printflike
+Solaris-specific; not suitable for upstream.
+
+--- sudo-1.8.4p5.orig/include/sudo_debug.h 2012-03-29 10:37:01.000000000 -0700
++++ sudo-1.8.4p5/include/sudo_debug.h 2012-05-18 11:18:27.886010000 -0700
+@@ -17,6 +17,7 @@
+ #ifndef _SUDO_DEBUG_H
+ #define _SUDO_DEBUG_H
+
++#include "missing.h"
+ #include <stdarg.h>
+
+ /*
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/sudo/patches/02-pam_setcred.patch Thu Apr 03 15:29:22 2014 -0700
@@ -0,0 +1,21 @@
+Fix for
+17617070 sudo does not use pam_setcred correctly to set the audit context
+
+This fix will be submitted upstream to the latest sudo release,
+currently 1.8.10p2.
+
+diff -ru sudo-1.8.6p7-orig//plugins/sudoers/auth/pam.c sudo-1.8.6p7/plugins/sudoers/auth/pam.c
+--- sudo-1.8.6p7-orig//plugins/sudoers/auth/pam.c Mon Feb 25 11:42:44 2013
++++ sudo-1.8.6p7/plugins/sudoers/auth/pam.c Mon Oct 21 13:32:27 2013
+@@ -229,8 +229,10 @@
+ * for the setcred module. Because we haven't called pam_authenticate(),
+ * this is not set and so pam_setcred() returns PAM_PERM_DENIED.
+ * We can't call pam_acct_mgmt() with Linux-PAM for a similar reason.
++ *
++ * Reinitialize credentials when changing a user.
+ */
+- (void) pam_setcred(pamh, PAM_ESTABLISH_CRED);
++ (void) pam_setcred(pamh, PAM_REINITIALIZE_CRED);
+
+ #ifdef HAVE_PAM_GETENVLIST
+ /*
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/sudo/patches/03-solaris_audit.patch Thu Apr 03 15:29:22 2014 -0700
@@ -0,0 +1,279 @@
+Add Solaris auditing to sudo.
+Code was developed in-house.
+Plan is to contribute these changes upstream to
+the latest sudo release, currently 1.8.10p2.
+
+diff -rupN sudo-1.8.6p7-orig/config.h.in sudo-1.8.6p7/config.h.in
+--- sudo-1.8.6p7-orig/config.h.in 2013-02-25 11:46:09.000000000 -0800
++++ sudo-1.8.6p7/config.h.in 2013-12-18 13:23:28.000000000 -0800
+@@ -506,6 +506,9 @@
+ /* Define to 1 if you have the `snprintf' function. */
+ #undef HAVE_SNPRINTF
+
++/* Define to 1 to enable Solaris audit support. */
++#undef HAVE_SOLARIS_AUDIT
++
+ /* Define to 1 if you have the <spawn.h> header file. */
+ #undef HAVE_SPAWN_H
+
+diff -rupN sudo-1.8.6p7-orig/configure.in sudo-1.8.6p7/configure.in
+--- sudo-1.8.6p7-orig/configure.in 2013-02-25 11:47:48.000000000 -0800
++++ sudo-1.8.6p7/configure.in 2014-04-02 15:17:30.692015000 -0700
+@@ -13,6 +13,7 @@ dnl
+ dnl Variables that get substituted in the Makefile and man pages
+ dnl
+ AC_SUBST([HAVE_BSM_AUDIT])
++AC_SUBST([HAVE_SOLARIS_AUDIT])
+ AC_SUBST([SHELL])
+ AC_SUBST([LIBTOOL])
+ AC_SUBST([CFLAGS])
+@@ -305,6 +306,20 @@ AC_ARG_WITH(linux-audit, [AS_HELP_STRING
+ esac])
+
+ dnl
++dnl Handle Solaris auditing support.
++dnl
++AC_ARG_WITH(solaris-audit, [AS_HELP_STRING([--with-solaris-audit], [enable Solaris audit support])],
++[case $with_solaris_audit in
++ yes) AC_DEFINE(HAVE_SOLARIS_AUDIT)
++ SUDOERS_LIBS="${SUDOERS_LIBS} -lbsm"
++ SUDOERS_OBJS="${SUDOERS_OBJS} solaris_audit.lo"
++ ;;
++ no) ;;
++ *) AC_MSG_ERROR(["--with-solaris-audit does not take an argument."])
++ ;;
++esac])
++
++dnl
+ dnl Handle SSSD support.
+ dnl
+ AC_ARG_WITH(sssd, [AS_HELP_STRING([--with-sssd], [enable SSSD support])],
+@@ -1979,6 +1994,13 @@ if test -n "$with_noexec"; then
+ fi
+
+ dnl
++dnl Check for use of Solaris audit with BSM or Linux audit
++dnl
++if test "${with_solaris_audit+set}" = set && ( test "${with_bsm_audit+set}" = set || test "${with_linux_audit+set}" = set); then
++ AC_MSG_ERROR([BSM/Linux and Solaris auditing options are mutually exclusive.])
++fi
++
++dnl
+ dnl Check for mixing mutually exclusive and regular auth methods
+ dnl
+ AUTH_REG=${AUTH_REG# }
+@@ -3622,6 +3644,7 @@ AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1
+ AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
+ AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
+ AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments])
++AH_TEMPLATE(HAVE_SOLARIS_AUDIT, [Define to 1 to enable Solaris audit support.])
+ AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union])
+ AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member])
+ AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member])
+diff -rupN sudo-1.8.6p7-orig/INSTALL sudo-1.8.6p7/INSTALL
+--- sudo-1.8.6p7-orig/INSTALL 2013-02-25 11:42:43.000000000 -0800
++++ sudo-1.8.6p7/INSTALL 2013-12-18 14:06:38.000000000 -0800
+@@ -159,6 +159,9 @@ Special features/options:
+ DIR should contain include and lib directories with skey.h
+ and libskey.a respectively.
+
++ --with-solaris-audit
++ Enable audit support for Solaris systems.
++
+ --with-opie[=DIR]
+ Enable NRL OPIE OTP (One Time Password) support. If specified,
+ DIR should contain include and lib directories with opie.h
+diff -rupN sudo-1.8.6p7-orig/MANIFEST sudo-1.8.6p7/MANIFEST
+--- sudo-1.8.6p7-orig/MANIFEST 2013-02-25 11:42:43.000000000 -0800
++++ sudo-1.8.6p7/MANIFEST 2013-12-18 13:46:06.000000000 -0800
+@@ -261,6 +261,8 @@ plugins/sudoers/regress/sudoers/test8.to
+ plugins/sudoers/regress/testsudoers/test1.out.ok
+ plugins/sudoers/regress/testsudoers/test1.sh
+ plugins/sudoers/set_perms.c
++plugins/sudoers/solaris_audit.c
++plugins/sudoers/solaris_audit.h
+ plugins/sudoers/sssd.c
+ plugins/sudoers/sudo_nss.c
+ plugins/sudoers/sudo_nss.h
+diff -rupN sudo-1.8.6p7-orig/mkdep.pl sudo-1.8.6p7/mkdep.pl
+--- sudo-1.8.6p7-orig/mkdep.pl 2013-02-25 11:42:44.000000000 -0800
++++ sudo-1.8.6p7/mkdep.pl 2013-12-18 14:03:37.000000000 -0800
+@@ -52,7 +52,7 @@ sub mkdep {
+ $makefile =~ s:\@DEV\@::g;
+ $makefile =~ s:\@COMMON_OBJS\@:aix.lo:;
+ $makefile =~ s:\@SUDO_OBJS\@:preload.o selinux.o sesh.o sudo_noexec.lo:;
+- $makefile =~ s:\@SUDOERS_OBJS\@:bsm_audit.lo linux_audit.lo ldap.lo plugin_error.lo sssd.lo:;
++ $makefile =~ s:\@SUDOERS_OBJS\@:bsm_audit.lo linux_audit.lo ldap.lo plugin_error.lo solaris_audit.lo sssd.lo:;
+ # XXX - fill in AUTH_OBJS from contents of the auth dir instead
+ $makefile =~ s:\@AUTH_OBJS\@:afs.lo aix_auth.lo bsdauth.lo dce.lo fwtk.lo getspwuid.lo kerb5.lo pam.lo passwd.lo rfc1938.lo secureware.lo securid5.lo sia.lo:;
+ $makefile =~ s:\@LTLIBOBJS\@:closefrom.lo dlopen.lo fnmatch.lo getcwd.lo getgrouplist.lo getline.lo getprogname.lo glob.lo isblank.lo memrchr.lo mksiglist.lo mksigname.lo mktemp.lo nanosleep.lo pw_dup.lo sig2str.lo siglist.lo signame.lo snprintf.lo strlcat.lo strlcpy.lo strsignal.lo utimes.lo globtest.o fnm_test.o:;
+diff -rupN sudo-1.8.6p7-orig/plugins/sudoers/audit.c sudo-1.8.6p7/plugins/sudoers/audit.c
+--- sudo-1.8.6p7-orig/plugins/sudoers/audit.c 2013-02-25 11:46:09.000000000 -0800
++++ sudo-1.8.6p7/plugins/sudoers/audit.c 2013-12-18 13:48:56.000000000 -0800
+@@ -43,6 +43,9 @@
+ #ifdef HAVE_LINUX_AUDIT
+ # include "linux_audit.h"
+ #endif
++#ifdef HAVE_SOLARIS_AUDIT
++# include "solaris_audit.h"
++#endif
+
+ void
+ audit_success(char *exec_args[])
+@@ -56,6 +59,9 @@ audit_success(char *exec_args[])
+ #ifdef HAVE_LINUX_AUDIT
+ linux_audit_command(exec_args, 1);
+ #endif
++#ifdef HAVE_SOLARIS_AUDIT
++ solaris_audit_success(exec_args);
++#endif
+ }
+
+ debug_return;
+@@ -75,6 +81,9 @@ audit_failure(char *exec_args[], char co
+ #ifdef HAVE_LINUX_AUDIT
+ linux_audit_command(exec_args, 0);
+ #endif
++#ifdef HAVE_SOLARIS_AUDIT
++ solaris_audit_failure(exec_args, fmt, ap);
++#endif
+ va_end(ap);
+ }
+
+diff -rupN sudo-1.8.6p7-orig/plugins/sudoers/Makefile.in sudo-1.8.6p7/plugins/sudoers/Makefile.in
+--- sudo-1.8.6p7-orig/plugins/sudoers/Makefile.in 2013-02-25 11:46:09.000000000 -0800
++++ sudo-1.8.6p7/plugins/sudoers/Makefile.in 2014-04-02 12:31:58.298858000 -0700
+@@ -432,7 +432,7 @@ alias.lo: $(srcdir)/alias.c $(top_buildd
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/alias.c
+ audit.lo: $(srcdir)/audit.c $(top_builddir)/config.h $(incdir)/missing.h \
+ $(srcdir)/logging.h $(incdir)/sudo_debug.h $(srcdir)/bsm_audit.h \
+- $(srcdir)/linux_audit.h
++ $(srcdir)/linux_audit.h $(srcdir)/solaris_audit.h
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/audit.c
+ boottime.lo: $(srcdir)/boottime.c $(top_builddir)/config.h $(incdir)/missing.h \
+ $(incdir)/sudo_debug.h
+@@ -728,6 +728,10 @@ sia.lo: $(authdir)/sia.c $(top_builddir)
+ $(devdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
+ $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/sia.c
++solaris_audit.lo: $(srcdir)/solaris_audit.c $(top_builddir)/config.h \
++ $(srcdir)/sudoers.h $(incdir)/sudo_debug.h \
++ $(srcdir)/solaris_audit.h
++ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/solaris_audit.c
+ sssd.lo: $(srcdir)/sssd.c $(top_builddir)/config.h \
+ $(top_srcdir)/compat/dlfcn.h $(srcdir)/sudoers.h \
+ $(top_srcdir)/compat/stdbool.h $(top_builddir)/pathnames.h \
+diff -rupN sudo-1.8.6p7-orig/plugins/sudoers/solaris_audit.c sudo-1.8.6p7/plugins/sudoers/solaris_audit.c
+--- sudo-1.8.6p7-orig/plugins/sudoers/solaris_audit.c 1969-12-31 16:00:00.000000000 -0800
++++ sudo-1.8.6p7/plugins/sudoers/solaris_audit.c 2014-03-18 12:09:27.000000000 -0700
+@@ -0,0 +1,95 @@
++/*
++ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
++ */
++
++#include <config.h>
++#include <stdarg.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++
++#include <bsm/adt.h>
++#include <bsm/adt_event.h>
++
++#include "sudoers.h"
++#include "sudo_debug.h"
++#include "solaris_audit.h"
++
++adt_session_data_t *ah; /* audit session handle */
++adt_event_data_t *event; /* event to be generated */
++char cwd[MAXPATHLEN];
++char cmdpath[PATH_MAX];
++
++static void
++adt_sudo_common(char *exec_args[])
++{
++ int argc;
++
++ if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0) {
++ log_error(USE_ERRNO | NO_STDERR, _("sudo: adt_start_session"));
++ }
++ if ((event = adt_alloc_event(ah, ADT_sudo)) == NULL) {
++ log_error(USE_ERRNO | NO_STDERR, _("sudo: alloc_event"));
++ }
++ if ((event->adt_sudo.cwdpath = getcwd(cwd, sizeof (cwd))) == NULL) {
++ log_error(USE_ERRNO | NO_STDERR, _("sudo: can't add cwd path"));
++ }
++ for (argc = 0; exec_args[argc] != NULL; argc++) {
++ continue;
++ }
++
++ /* get the real executable name */
++ if (user_cmnd != NULL) {
++ if (strlcpy(cmdpath, (const char *)user_cmnd,
++ sizeof (cmdpath)) >= sizeof (cmdpath)) {
++ log_error(NO_STDERR,
++ _("sudo: truncated audit path " "user_cmnd: %s"),
++ user_cmnd);
++ }
++ } else {
++ if (strlcpy(cmdpath, (const char *)exec_args[0],
++ sizeof (cmdpath)) >= sizeof (cmdpath)) {
++ log_error(NO_STDERR,
++ _("sudo: truncated audit path " "argv[0]: %s"),
++ exec_args[0]);
++ }
++ }
++
++ event->adt_sudo.cmdpath = cmdpath;
++
++ event->adt_sudo.argc = argc - 1;
++ event->adt_sudo.argv = &exec_args[1];
++ event->adt_sudo.envp = env_get();
++}
++
++
++void
++solaris_audit_success(char *exec_args[])
++{
++ adt_sudo_common(exec_args);
++
++ if (adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS) != 0) {
++ log_error(USE_ERRNO | NO_STDERR,
++ _("sudo: adt_put_event(success)"));
++ }
++ adt_free_event(event);
++ (void) adt_end_session(ah);
++}
++
++void
++solaris_audit_failure(char *exec_args[], char const *const fmt, va_list ap)
++{
++ adt_sudo_common(exec_args);
++
++ if (vasprintf(&event->adt_sudo.errmsg, fmt, ap) == -1) {
++ log_error(USE_ERRNO | NO_STDERR,
++ _("sudo: audit_failure message too long"));
++ }
++ if (adt_put_event(event, ADT_FAILURE, ADT_FAIL_VALUE_PROGRAM) != 0) {
++ log_error(USE_ERRNO | NO_STDERR,
++ _("sudo: adt_put_event(failure)"));
++ }
++ free(event->adt_sudo.errmsg);
++ adt_free_event(event);
++ (void) adt_end_session(ah);
++}
+diff -rupN sudo-1.8.6p7-orig/plugins/sudoers/solaris_audit.h sudo-1.8.6p7/plugins/sudoers/solaris_audit.h
+--- sudo-1.8.6p7-orig/plugins/sudoers/solaris_audit.h 1969-12-31 16:00:00.000000000 -0800
++++ sudo-1.8.6p7/plugins/sudoers/solaris_audit.h 2014-03-18 14:20:22.000000000 -0700
+@@ -0,0 +1,11 @@
++/*
++ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
++ */
++
++#ifndef _SUDO_SOLARIS_AUDIT_H
++#define _SUDO_SOLARIS_AUDIT_H
++
++void solaris_audit_success(char **);
++void solaris_audit_failure(char **, char const * const, va_list);
++
++#endif /* _SUDO_SOLARIS_AUDIT_H */
--- a/components/sudo/patches/audit-event.patch Thu Apr 03 11:10:33 2014 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,77 +0,0 @@
-au_* calls need correct parameters.
-This legacy auditing will later be replaced by Solaris adt_* calls,
-so in the future, use of bsm_audit.c and configuring --with-bsm-audit will
-be removed.
-
---- sudo-1.8.6p7.orig/plugins/sudoers/bsm_audit.c 2012-09-18 06:56:29.000000000 -0700
-+++ sudo-1.8.6p7/plugins/sudoers/bsm_audit.c 2013-03-07 10:18:20.309947000 -0800
-@@ -31,8 +31,8 @@
- #include <unistd.h>
-
- #include "gettext.h"
--#include "error.h"
- #include "sudo_debug.h"
-+#include "error.h"
- #include "bsm_audit.h"
-
- /*
-@@ -103,7 +103,7 @@ bsm_audit_success(char **exec_args)
- error(1, _("au_open: failed"));
- if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) {
- tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(),
-- getuid(), pid, pid, &ainfo_addr.ai_termid);
-+ getgid(), pid, ainfo_addr.ai_asid, &ainfo_addr.ai_termid);
- } else if (errno == ENOSYS) {
- /*
- * NB: We should probably watch out for ERANGE here.
-@@ -111,7 +111,7 @@ bsm_audit_success(char **exec_args)
- if (getaudit(&ainfo) < 0)
- error(1, _("getaudit: failed"));
- tok = au_to_subject(auid, geteuid(), getegid(), getuid(),
-- getuid(), pid, pid, &ainfo.ai_termid);
-+ getgid(), pid, ainfo.ai_asid, &ainfo.ai_termid);
- } else
- error(1, _("getaudit: failed"));
- if (tok == NULL)
-@@ -125,7 +125,7 @@ bsm_audit_success(char **exec_args)
- if (tok == NULL)
- error(1, _("au_to_return32: failed"));
- au_write(aufd, tok);
-- if (au_close(aufd, 1, AUE_sudo) == -1)
-+ if (au_close(aufd, 1, AUE_sudo, PAD_FAILURE) == -1)
- error(1, _("unable to commit audit record"));
- debug_return;
- }
-@@ -147,7 +147,7 @@ bsm_audit_failure(char **exec_args, char
- /*
- * If we are not auditing, don't cut an audit record; just return.
- */
-- if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) {
-+ if (auditon(A_GETCOND, (caddr_t)&au_cond, sizeof(long)) < 0) {
- if (errno == AUDIT_NOT_CONFIGURED)
- debug_return;
- error(1, _("Could not determine audit condition"));
-@@ -162,12 +162,12 @@ bsm_audit_failure(char **exec_args, char
- error(1, _("au_open: failed"));
- if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) {
- tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(),
-- getuid(), pid, pid, &ainfo_addr.ai_termid);
-+ getgid(), pid, ainfo_addr.ai_asid, &ainfo_addr.ai_termid);
- } else if (errno == ENOSYS) {
- if (getaudit(&ainfo) < 0)
- error(1, _("getaudit: failed"));
- tok = au_to_subject(auid, geteuid(), getegid(), getuid(),
-- getuid(), pid, pid, &ainfo.ai_termid);
-+ getgid(), pid, ainfo.ai_asid, &ainfo.ai_termid);
- } else
- error(1, _("getaudit: failed"));
- if (tok == NULL)
-@@ -186,7 +186,7 @@ bsm_audit_failure(char **exec_args, char
- if (tok == NULL)
- error(1, _("au_to_return32: failed"));
- au_write(aufd, tok);
-- if (au_close(aufd, 1, AUE_sudo) == -1)
-+ if (au_close(aufd, 1, AUE_sudo, PAD_FAILURE) == -1)
- error(1, _("unable to commit audit record"));
- debug_return;
- }
--- a/components/sudo/patches/sudo_debug.patch Thu Apr 03 11:10:33 2014 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
-Solaris needs missing definition for __printflike
-
---- sudo-1.8.4p5.orig/include/sudo_debug.h 2012-03-29 10:37:01.000000000 -0700
-+++ sudo-1.8.4p5/include/sudo_debug.h 2012-05-18 11:18:27.886010000 -0700
-@@ -17,6 +17,7 @@
- #ifndef _SUDO_DEBUG_H
- #define _SUDO_DEBUG_H
-
-+#include "missing.h"
- #include <stdarg.h>
-
- /*