Version in base suite: 1.9.16p2-3 Base version: sudo_1.9.16p2-3 Target version: sudo_1.9.16p2-3+deb13u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/s/sudo/sudo_1.9.16p2-3.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/s/sudo/sudo_1.9.16p2-3+deb13u1.dsc changelog | 11 ++ patches/0008-open_sudoers-Do-not-perform-path-expansion-on-files-.patch | 34 ++++++ patches/amd64-ibt.diff | 28 +++++ patches/series | 2 tests/01-getroot | 4 tests/02-1003969-audit-no-resolve | 26 +++-- tests/03-1126085-sudoersd | 32 ++++++ tests/03/10_dsa::util::sudo[dfsg-team-role] | 1 tests/03/root | 1 tests/03/sudoersd/10_dsa::util::sudo[dfsg-team-role] | 1 tests/03/sudoersd/root | 1 tests/04-getroot-sssd | 51 ++++++++-- tests/04/ldif/ldap.conf | 2 tests/04/ldif/slapd.conf | 22 ++++ tests/04/ldif/sss-ous.ldif | 7 + tests/04/ldif/sssd.conf | 2 tests/04/ldif/tls.ldif | 26 ++++- tests/control | 9 - 18 files changed, 228 insertions(+), 32 deletions(-) dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpnzmpxjtl/sudo_1.9.16p2-3.dsc: no acceptable signature found dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpnzmpxjtl/sudo_1.9.16p2-3+deb13u1.dsc: no acceptable signature found diff -Nru sudo-1.9.16p2/debian/changelog sudo-1.9.16p2/debian/changelog --- sudo-1.9.16p2/debian/changelog 2025-06-30 05:55:33.000000000 +0000 +++ sudo-1.9.16p2/debian/changelog 2026-02-11 19:22:01.000000000 +0000 @@ -1,3 +1,14 @@ +sudo (1.9.16p2-3+deb13u1) trixie; urgency=medium + + [ Marc Haber ] + * add upstream patch: Do not perform path expansion + Thanks to Adam D. Barratt" (Closes: #1126085) + * Enable Intel CET on amd64 only. + Thanks to Marcos Del Sol Vives (Closes: #1124339) + * Pull more robust test suite from unstable + + -- Marc Haber Wed, 11 Feb 2026 20:22:01 +0100 + sudo (1.9.16p2-3) unstable; urgency=high * backport upstream patch for CVE-2025-32463 diff -Nru sudo-1.9.16p2/debian/patches/0008-open_sudoers-Do-not-perform-path-expansion-on-files-.patch sudo-1.9.16p2/debian/patches/0008-open_sudoers-Do-not-perform-path-expansion-on-files-.patch --- sudo-1.9.16p2/debian/patches/0008-open_sudoers-Do-not-perform-path-expansion-on-files-.patch 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.16p2/debian/patches/0008-open_sudoers-Do-not-perform-path-expansion-on-files-.patch 2026-02-11 19:22:01.000000000 +0000 @@ -0,0 +1,34 @@ +From: "Todd C. Miller" +Date: Sat, 24 Jan 2026 11:30:06 -0700 +Subject: open_sudoers: Do not perform path expansion on files in an + includedir + +A file in an includedir containing one or more colons (':') in the +name we was being expanded as a colon-separated path instead of +being opened as-is. This fixes a regression introduced in +sudo 1.9.14. Bug #1085 +--- + plugins/sudoers/sudoers.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c +index 0f75c96..fecd279 100644 +--- a/plugins/sudoers/sudoers.c ++++ b/plugins/sudoers/sudoers.c +@@ -1286,7 +1286,15 @@ open_sudoers(const char *path, char **outfile, bool doedit, bool *keepopen) + int error, fd; + debug_decl(open_sudoers, SUDOERS_DEBUG_PLUGIN); + +- fd = sudo_open_conf_path(path, fname, sizeof(fname), open_file); ++ if (outfile == NULL) { ++ /* Single file, do not treat as a path. */ ++ fd = open_file(path, O_RDONLY|O_NONBLOCK); ++ if (fd != -1) ++ (void)fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); ++ } else { ++ /* Could be a colon-separated path of file names. */ ++ fd = sudo_open_conf_path(path, fname, sizeof(fname), open_file); ++ } + if (sudoers_ctx.parser_conf.ignore_perms) { + /* Skip sudoers security checks when ignore_perms is set. */ + if (fd == -1 || fstat(fd, &sb) == -1) diff -Nru sudo-1.9.16p2/debian/patches/amd64-ibt.diff sudo-1.9.16p2/debian/patches/amd64-ibt.diff --- sudo-1.9.16p2/debian/patches/amd64-ibt.diff 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.16p2/debian/patches/amd64-ibt.diff 2026-02-11 19:22:01.000000000 +0000 @@ -0,0 +1,28 @@ +From: Marcos Del Sol Vives +Date: Tue, 2 Sep 2025 00:00:35 +0200 +Subject: Enable Intel CET on amd64 only + +--- + m4/hardening.m4 | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/m4/hardening.m4 b/m4/hardening.m4 +index f7d2a8c..cc7ee01 100644 +--- a/m4/hardening.m4 ++++ b/m4/hardening.m4 +@@ -105,6 +105,7 @@ AC_DEFUN([SUDO_CHECK_HARDENING], [ + ]) + fi + ++ if test "$host_cpu" = "x86_64"; then + # Check for control-flow transfer instrumentation (Intel CET). + AX_CHECK_COMPILE_FLAG([-fcf-protection], [ + AX_CHECK_LINK_FLAG([-fcf-protection], [ +@@ -112,6 +113,7 @@ AC_DEFUN([SUDO_CHECK_HARDENING], [ + AX_APPEND_FLAG([-Wc,-fcf-protection], [HARDENING_LDFLAGS]) + ]) + ]) ++ fi + fi + + # Linker-specific hardening flags. diff -Nru sudo-1.9.16p2/debian/patches/series sudo-1.9.16p2/debian/patches/series --- sudo-1.9.16p2/debian/patches/series 2025-06-30 05:55:33.000000000 +0000 +++ sudo-1.9.16p2/debian/patches/series 2026-02-11 19:22:01.000000000 +0000 @@ -5,3 +5,5 @@ X11R6.patch 0007-upstream-patch-for-CVE-2025-32463.patch 0008-upstream-patch-for-CVE-2025-32462.patch +0008-open_sudoers-Do-not-perform-path-expansion-on-files-.patch +amd64-ibt.diff diff -Nru sudo-1.9.16p2/debian/tests/01-getroot sudo-1.9.16p2/debian/tests/01-getroot --- sudo-1.9.16p2/debian/tests/01-getroot 2025-06-30 05:55:33.000000000 +0000 +++ sudo-1.9.16p2/debian/tests/01-getroot 2026-02-11 19:22:01.000000000 +0000 @@ -9,7 +9,7 @@ # Note: we do need the 'xfoo' syntax here, since POSIX special-cases # the $passwd value '!' as negation. if [ "x$passwd" = "x*" ] || [ "x$passwd1" = "x!" ]; then - echo "root:rootpassword" | chpasswd + echo "root:riegh@oh4ahR" | chpasswd fi TESTNR="01" @@ -19,7 +19,7 @@ PATH="/bin:/usr/bin:/sbin:/usr/sbin" ACCTA="test${TESTNR}a" ACCTB="test${TESTNR}b" -PASSWD="test${TESTNR}23456" +PASSWD="test${TESTNR}Terah9ien7e" HOMEDIRA="/home/${ACCTA}" HOMEDIRB="/home/${ACCTB}" LDIFDIR="${DIR}/ldif" diff -Nru sudo-1.9.16p2/debian/tests/02-1003969-audit-no-resolve sudo-1.9.16p2/debian/tests/02-1003969-audit-no-resolve --- sudo-1.9.16p2/debian/tests/02-1003969-audit-no-resolve 2025-06-30 05:55:33.000000000 +0000 +++ sudo-1.9.16p2/debian/tests/02-1003969-audit-no-resolve 2026-02-11 19:22:01.000000000 +0000 @@ -7,21 +7,29 @@ COMMONDIR="${BASEDIR}/common" DIR="${BASEDIR}/${TESTNR}" PATH="/bin:/usr/bin:/sbin:/usr/sbin" -ACCTA="test${TESTNR}a" -ACCTB="test${TESTNR}b" -PASSWD="test${TESTNR}23456" HOMEDIRA="/root" -LDIFDIR="${DIR}/ldif" trap ' printf "\ntrap handler\n" - mv /etc/resolv.conf.disabled /etc/resolv.conf || true - mv /etc/hosts.disabled /etc/hosts || true + if [ -e /etc/resolv.conf.disabled ]; then + cp /etc/resolv.conf.disabled /etc/resolv.conf || true + rm -f /etc/resolv.conf.disabled || true + fi + if [ -e /etc/hosts.disabled ]; then + cp /etc/hosts.disabled /etc/hosts || true + rm -f /etc/hosts.disabled || true + fi ' 0 INT QUIT ABRT PIPE TERM printf "========= test %s\.1: sudo to nobody\n" "${TESTNR}" -mv /etc/resolv.conf /etc/resolv.conf.disabled -mv /etc/hosts /etc/hosts.disabled +if [ -e /etc/resolv.conf ]; then + cp /etc/resolv.conf /etc/resolv.conf.disabled + : >/etc/resolv.conf +fi +if [ -e /etc/hosts ]; then + cp /etc/hosts /etc/hosts.disabled + : >/etc/hosts +fi RET=0 printf "trying sudo to nobody\n" cd "${HOMEDIRA}" @@ -35,7 +43,7 @@ printf >&2 "stderr:\n" cat >&2 ${HOMEDIRA}/stderr printf >&2 "exit code %s\n" "${RET}" - printf >&2 "exit 1\n" "${RET}" + printf >&2 "exit 1\n" exit 1 fi diff -Nru sudo-1.9.16p2/debian/tests/03/10_dsa::util::sudo[dfsg-team-role] sudo-1.9.16p2/debian/tests/03/10_dsa::util::sudo[dfsg-team-role] --- sudo-1.9.16p2/debian/tests/03/10_dsa::util::sudo[dfsg-team-role] 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.16p2/debian/tests/03/10_dsa::util::sudo[dfsg-team-role] 2026-02-11 19:22:01.000000000 +0000 @@ -0,0 +1 @@ +root ALL=(ALL:ALL) /usr/bin/----marker----/this-is-the-sudoersd-10_dsa\:\:util\:\:sudo[dfsg-team-role]-file diff -Nru sudo-1.9.16p2/debian/tests/03/root sudo-1.9.16p2/debian/tests/03/root --- sudo-1.9.16p2/debian/tests/03/root 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.16p2/debian/tests/03/root 2026-02-11 19:22:01.000000000 +0000 @@ -0,0 +1 @@ +root ALL=(ALL:ALL) /usr/bin/----marker----/this-is-the-sudoersd-root-file diff -Nru sudo-1.9.16p2/debian/tests/03/sudoersd/10_dsa::util::sudo[dfsg-team-role] sudo-1.9.16p2/debian/tests/03/sudoersd/10_dsa::util::sudo[dfsg-team-role] --- sudo-1.9.16p2/debian/tests/03/sudoersd/10_dsa::util::sudo[dfsg-team-role] 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.16p2/debian/tests/03/sudoersd/10_dsa::util::sudo[dfsg-team-role] 2026-02-11 19:22:01.000000000 +0000 @@ -0,0 +1 @@ +root ALL=(ALL:ALL) /usr/bin/----marker----/this-is-the-sudoersd-10_dsa\:\:util\:\:sudo[dfsg-team-role]-file diff -Nru sudo-1.9.16p2/debian/tests/03/sudoersd/root sudo-1.9.16p2/debian/tests/03/sudoersd/root --- sudo-1.9.16p2/debian/tests/03/sudoersd/root 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.16p2/debian/tests/03/sudoersd/root 2026-02-11 19:22:01.000000000 +0000 @@ -0,0 +1 @@ +root ALL=(ALL:ALL) /usr/bin/----marker----/this-is-the-sudoersd-root-file diff -Nru sudo-1.9.16p2/debian/tests/03-1126085-sudoersd sudo-1.9.16p2/debian/tests/03-1126085-sudoersd --- sudo-1.9.16p2/debian/tests/03-1126085-sudoersd 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.16p2/debian/tests/03-1126085-sudoersd 2026-02-11 19:22:01.000000000 +0000 @@ -0,0 +1,32 @@ +#!/bin/sh + +set -e + +TESTNR="03" +BASEDIR="$(pwd)/debian/tests" +COMMONDIR="${BASEDIR}/common" +DIR="${BASEDIR}/${TESTNR}" +PATH="/bin:/usr/bin:/sbin:/usr/sbin" +FILES="$(find $DIR/sudoersd/ -type f)" +echo $FILES +DSTFILES="$(echo $FILES | sed "s|${DIR}/sudoersd|/etc/sudoers.d|g")" +echo $DSTFILES + +trap ' + true +' 0 INT QUIT ABRT PIPE TERM + +printf "copy files to sudoers ... " +cp $FILES /etc/sudoers.d/ +printf "collect sudo -l output ... " +OUTPUT="$(sudo -l | grep -- ----marker----)" +EXPECTED=" (ALL : ALL) /usr/bin/----marker----/this-is-the-sudoersd-10_dsa\:\:util\:\:sudo[dfsg-team-role]-file + (ALL : ALL) /usr/bin/----marker----/this-is-the-sudoersd-root-file" +if [ "$OUTPUT" != "$EXPECTED" ]; then + printf "sudo -l output not as expected, Test failed\n" + exit 1 +fi + +printf "test series sucessful, exit 0\n" +exit 0 + diff -Nru sudo-1.9.16p2/debian/tests/04/ldif/ldap.conf sudo-1.9.16p2/debian/tests/04/ldif/ldap.conf --- sudo-1.9.16p2/debian/tests/04/ldif/ldap.conf 2025-06-30 05:55:33.000000000 +0000 +++ sudo-1.9.16p2/debian/tests/04/ldif/ldap.conf 2026-02-11 19:22:01.000000000 +0000 @@ -1,5 +1,5 @@ BASE dc=example,dc=com -URI ldaps://[::1]:636/ +URI ldaps://[::1]:1636/ TLS_CACERT /etc/ldap/server_cert.pem TLS_REQCERT allow SASL_NOCANON on diff -Nru sudo-1.9.16p2/debian/tests/04/ldif/slapd.conf sudo-1.9.16p2/debian/tests/04/ldif/slapd.conf --- sudo-1.9.16p2/debian/tests/04/ldif/slapd.conf 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.16p2/debian/tests/04/ldif/slapd.conf 2026-02-11 19:22:01.000000000 +0000 @@ -0,0 +1,22 @@ +# OpenLDAP 2.4 (bullseye) only +modulepath /usr/lib/ldap +moduleload back_mdb +include /etc/ldap/schema/core.schema +include /etc/ldap/schema/cosine.schema +include /etc/ldap/schema/nis.schema +include /etc/ldap/schema/inetorgperson.schema + +database mdb +maxsize 1073741824 +directory /var/lib/ldap + +# Suffix and root DN must come in this order +suffix "dc=example,dc=com" +rootdn "cn=admin,dc=example,dc=com" +rootpw ldappw + +# TLS optional +TLSCertificateFile /etc/ldap/server_cert.pem +TLSCertificateKeyFile /etc/ldap/server_key.pem +TLSCACertificateFile /etc/ldap/server_cert.pem + diff -Nru sudo-1.9.16p2/debian/tests/04/ldif/sss-ous.ldif sudo-1.9.16p2/debian/tests/04/ldif/sss-ous.ldif --- sudo-1.9.16p2/debian/tests/04/ldif/sss-ous.ldif 2025-06-30 05:55:33.000000000 +0000 +++ sudo-1.9.16p2/debian/tests/04/ldif/sss-ous.ldif 2026-02-11 19:22:01.000000000 +0000 @@ -1,3 +1,10 @@ +dn: dc=example,dc=com +objectClass: top +objectClass: dcObject +objectClass: organization +o: Example Organization +dc: example + dn: ou=users,dc=example,dc=com objectClass: top objectClass: organizationalUnit diff -Nru sudo-1.9.16p2/debian/tests/04/ldif/sssd.conf sudo-1.9.16p2/debian/tests/04/ldif/sssd.conf --- sudo-1.9.16p2/debian/tests/04/ldif/sssd.conf 2025-06-30 05:55:33.000000000 +0000 +++ sudo-1.9.16p2/debian/tests/04/ldif/sssd.conf 2026-02-11 19:22:01.000000000 +0000 @@ -7,7 +7,7 @@ id_provider = ldap auth_provider = ldap -ldap_uri = ldaps://[::1]:636/ +ldap_uri = ldaps://[::1]:1636/ ldap_search_base = dc=example,dc=com ldap_tls_cacert = /etc/ldap/server_cert.pem diff -Nru sudo-1.9.16p2/debian/tests/04/ldif/tls.ldif sudo-1.9.16p2/debian/tests/04/ldif/tls.ldif --- sudo-1.9.16p2/debian/tests/04/ldif/tls.ldif 2025-06-30 05:55:33.000000000 +0000 +++ sudo-1.9.16p2/debian/tests/04/ldif/tls.ldif 2026-02-11 19:22:01.000000000 +0000 @@ -1,10 +1,32 @@ dn: cn=config changetype: modify +delete: olcTLSCACertificateFile +- + +dn: cn=config +changetype: modify +delete: olcTLSCertificateFile +- + +dn: cn=config +changetype: modify +delete: olcTLSCertificateKeyFile +- + +dn: cn=config +changetype: modify add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ldap/server_cert.pem - + +dn: cn=config +changetype: modify +add: olcTLSCertificateFile +olcTLSCertificateFile: /etc/ldap/server_cert.pem +- + +dn: cn=config +changetype: modify add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ldap/server_key.pem - -add: olcTLSCertificateFile -olcTLSCertificateFile: /etc/ldap/server_cert.pem diff -Nru sudo-1.9.16p2/debian/tests/04-getroot-sssd sudo-1.9.16p2/debian/tests/04-getroot-sssd --- sudo-1.9.16p2/debian/tests/04-getroot-sssd 2025-06-30 05:55:33.000000000 +0000 +++ sudo-1.9.16p2/debian/tests/04-getroot-sssd 2026-02-11 19:22:01.000000000 +0000 @@ -17,58 +17,89 @@ HOMEDIRB="/home/${ACCTB}" LDIFDIR="${DIR}/ldif" SSSDCONF="/etc/sssd/sssd.conf" +RUNDIR="/run/slapd" +VARRUNDIR="/var/run/slapd" trap ' kill $(pidof slapd) 2>/dev/null || true kill $(pidof sssd) 2>/dev/null || true + kill $(pidof socat) 2>/dev/null || true + rm -f /dev/log || true ' 0 INT QUIT ABRT PIPE TERM # openssl req -x509 -days 365 -nodes -newkey rsa:4096 -keyout server_key.pem -out server_cert.pem --subj "/C=DE/CN=emptysid86.zugschlus.de" +printf "make and chown dirs ... " +mkdir -p "${RUNDIR}" "${VARRUNDIR}" +chown openldap "${VARRUNDIR}" < ${LDIFDIR}/debconf debconf-set-selections + printf "clean up ldap database ... " rm -rf /var/lib/ldap/*.mdb + printf "move configuration in place ... " mkdir -p /etc/ldap /etc/sssd cp ${LDIFDIR}/server_*.pem /etc/ldap/ cp ${LDIFDIR}/ldap.conf /etc/ldap/ chown openldap:openldap /etc/ldap/server_*.pem chmod 600 /etc/ldap/server_key.pem +# slapd.conf is only needed for OpenLDAP 2.4 on bullseye +# but since it's already there now, use it for OpenLDAP 2.5+ as well +# this is a testsuite. If you want /etc/ldap/slapd.d to be used (again), +# please submit a patch that will also work on bullseye. +cp ${LDIFDIR}/slapd.conf /etc/ldap/ cp ${LDIFDIR}/sssd.conf /etc/sssd chown root:root /etc/sssd/sssd.conf chmod 600 /etc/sssd/sssd.conf cp ${LDIFDIR}/slapd-default /etc/default/slapd echo "slapd: [::1]" >> /etc/hosts.allow + printf "reconfigure slapd ... " DEBIAN_FRONTEND=noninteractive dpkg-reconfigure -pcritical slapd 2>/dev/null kill $(pidof slapd) 2>/dev/null || true sleep 1 + +if ! [ -S /dev/log ]; then + echo "starting fake syslog socket on /dev/log" + + # remove stale file if present + [ -e /dev/log ] && rm -f /dev/log + + socat -u UNIX-RECV:/dev/log,mode=666 STDOUT >/dev/null 2>/dev/null & +fi + printf "start slapd ... " -slapd -h "ldaps:/// ldapi:///" -g openldap -u openldap -F /etc/ldap/slapd.d +slapd -f /etc/ldap/slapd.conf -h "ldaps://:1636/ ldapi:///" -g openldap -u openldap + +printf "check slapd running .... " +pgrep -a slapd # ldapsearch -x -LLL -s base -b "" namingContexts should work here -printf "set LDAP passwords" -ldapmodify -Y external -H ldapi:/// -f ${LDIFDIR}/tls.ldif 2>/dev/null -ldapmodify -Y external -H ldapi:/// -f ${LDIFDIR}/adminpw.ldif 2>/dev/null -ldapmodify -Y external -H ldapi:/// -f ${LDIFDIR}/adminpw-example-com.ldif 2>/dev/null -printf "add users and groups OUs ..." -ldapadd -x -D "cn=admin,dc=example,dc=com" -w ldappw -f ${LDIFDIR}/sss-ous.ldif 2>/dev/null -printf "add users ..." + +printf "add users and groups OUs ...\n" +ldapadd -x -c -D "cn=admin,dc=example,dc=com" -w ldappw -f ${LDIFDIR}/sss-ous.ldif 2>/dev/null || true printf "sssd.conf ...\n" cp ${LDIFDIR}/sssd.conf "${SSSDCONF}" -printf "sudoers file ...\n"A +printf "sudoers file ...\n" mkdir -p /etc/sudoers.d/ -mv ${LDIFDIR}/ldapsudoers /etc/sudoers.d/ +cp ${LDIFDIR}/ldapsudoers /etc/sudoers.d/ chown root:root "${SSSDCONF}" /etc/sudoers.d/ /etc/sudoers.d/* chmod 755 /etc/sudoers.d/ chmod 600 "${SSSDCONF}" /etc/sudoers.d/* + +printf "start sssd ..." kill $(pidof sssd) 2>/dev/null || true sleep 1 sssd --logger=files -D +printf "check sssd running .... " +pgrep -a sssd + +printf "add users ..." for user in testuser1 testuser2; do ldapadd -x -D "cn=admin,dc=example,dc=com" -w ldappw -f ${LDIFDIR}/${user}.ldif 2>/dev/null + getent passwd ${user} mkdir -p /home/${user} chown ${user}:nogroup /home/${user} done diff -Nru sudo-1.9.16p2/debian/tests/control sudo-1.9.16p2/debian/tests/control --- sudo-1.9.16p2/debian/tests/control 2025-06-30 05:55:33.000000000 +0000 +++ sudo-1.9.16p2/debian/tests/control 2026-02-11 19:22:01.000000000 +0000 @@ -1,16 +1,11 @@ Tests: 01-getroot -Depends: sudo, adduser +Depends: adduser, sudo, cracklib-runtime Restrictions: needs-root Tests: 02-1003969-audit-no-resolve Depends: sudo Restrictions: needs-root -Tests: 03-getroot-ldap -Depends: sudo-ldap, adduser, slapd, ldap-utils, cron -Restrictions: needs-root - Tests: 04-getroot-sssd -Depends: sudo, adduser, slapd, ldap-utils, sssd-common, sssd-ldap, cron +Depends: adduser, cron, ldap-utils, procps, slapd, sssd-common, sssd-ldap, sudo, socat, libnss-sss, libpam-sss Restrictions: needs-root -