Your message dated Wed, 28 Jan 2026 21:51:10 +0000
with message-id <[email protected]>
and subject line Bug#1126085: fixed in sudo 1.9.17p2-2
has caused the Debian Bug report #1126085,
regarding sudo: no longer accepts previously valid configuration files
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1126085: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126085
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: sudo
Version: 1.9.17p2-1
Severity: serious
Tags: security
X-Debbugs-Cc: [email protected]
X-Debbugs-Cc: [email protected]
Control: found -1 1.9.16p2-3
[Filed as RC and a security issue as it can lead to sudoers
configuration being implicitly disabled during a bookworm -> trixie
upgrade. Please adjust if appropriate.]
Hi,
While investigating issues with sudo configuration not working as
expected on a newly-built trixie machine, I noticed that the output of
"sudo -l" included:
sudo: unable to open /etc/sudoers.d/10_dsa::util::sudo[dfsg-team-role]: No such
file or directory
However, the file existed, and had the same permissions as other files
in the directory, that were being used as expected. Investigating with
strace showed several openat() calls, the first for "10_dsa".
I believe this change was caused by
https://git.sudo.ws/sudo/commit/?id=f17b35471 - "Support sudoers_file
being a colon-separated path of files". Due to the way that includedir
directives are processed, this change affects not just literal (lists
of) filenames used in sudoers, but also filenames found in the included
directory.
One might say "who would use colons in filenames", but in any case the
filenames were correctly parsed by bookworm's sudo.
The error message output by sudo is also misleading, as it was not
"/etc/sudoers.d/10_dsa::util::sudo[dfsg-team-role]" which returned
ENOENT, but rather "/etc/sudoers.d/10_dsa", which indeed does not
exist.
Regards,
Adam
--- End Message ---
--- Begin Message ---
Source: sudo
Source-Version: 1.9.17p2-2
Done: Marc Haber <[email protected]>
We believe that the bug you reported is fixed in the latest version of
sudo, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Marc Haber <[email protected]> (supplier of updated sudo package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 28 Jan 2026 22:12:32 +0100
Source: sudo
Architecture: source
Version: 1.9.17p2-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Sudo Maintainers <[email protected]>
Changed-By: Marc Haber <[email protected]>
Closes: 1126085
Changes:
sudo (1.9.17p2-2) unstable; urgency=medium
.
* upload to unstable
* declare proper breaks/replacest
* add upstream patch (and test case): Do not perform path expansion
Thanks to Adam D. Barratt (Closes: #1126085)
Checksums-Sha1:
97fd60208da0d777fd7347bc30fa3d6ec714a5e5 2716 sudo_1.9.17p2-2.dsc
876e6ca75c2050062b5c4e96d6381b67f804453b 50284 sudo_1.9.17p2-2.debian.tar.xz
0619cf82331aecaf9834daf93efc650596290e75 5632 sudo_1.9.17p2-2_source.buildinfo
Checksums-Sha256:
2cc9fb861317af19c4c10ae6bc48730b0a17266e2abaac817f4953068cd329f6 2716
sudo_1.9.17p2-2.dsc
b85f8b8fe098c51affc5168f909b7f4d32a8c79a43e5cac7ac8bb608aacc6b85 50284
sudo_1.9.17p2-2.debian.tar.xz
698e9bd364c94052a3210f3fc34f7c995cc1453b432a02ab5a5141438b73a3bb 5632
sudo_1.9.17p2-2_source.buildinfo
Files:
45e371b1ac8b652e7e7b45868de0556a 2716 admin optional sudo_1.9.17p2-2.dsc
996339d20d7e8ac1d91cf707581f0dc8 50284 admin optional
sudo_1.9.17p2-2.debian.tar.xz
598cd311d8cd07fe2b4e39d7e6803adb 5632 admin optional
sudo_1.9.17p2-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE6QL5UJ/L0pcuNEbjj3cgEwEyBEIFAml6fssACgkQj3cgEwEy
BEITVQ//fh7H81hRZ4ZXpOYETZ5E+QYVG6cWOQZf0y95Up02Z3P4b2p3V5NOxngx
kcXrPeHYmsKxVNZVPB1jY798w6iUmg/s1TIeP6xTanYLHENX2QT1nmV8m2eLBc5B
I8RGTPH6P5jgt7n3JmqoW0hGX0Fssu7xZt/VWP9D8lx2a8eg1wRgCTfnU5SyBGgz
lFudFVgthvmBC4dITdVKMSeG9hVby5xPN0NyauEWZnlBWD+7MQ5Wf8L8QIbOqWYI
khXqXOZF8hh4j7pr6YX2/DMrYQPMrQpkPnEfU0o5TSN6g5MA+BZ9H5SQHeTgq3D8
snvfUU+JXZgjShbAiOAtVJszDEvJFtZAYSFBpi4toDDc+Ga50UaM8eR603unlOuU
4eQkDcxbkeAHVzQ8xXZ2UPZwNGikQq6K51HqBUWORgTszqAOeel9HIixPxyNc7ae
8RsfIdLWaT3p/kvI2g6aRb8h3o9c1VH53vByQTiFhaSffQ9mjLZNugDpGnMeXB/Z
NoDMobzRu6Q/+oCWiWyrNCivBAVWjdh75MxgCMhL6H2JCSm6uju9KPsJUAXT31PK
Hcdawdl6KeSZ1/HEPtf/SzinXSPF06naJFxCbqh7uEd+7oIQLuuZwYr7xhnhCGL1
U40SyJ7kxPDM2aq2Ror8M216nox+WdS0m4RCyorrvAI/6gs0Je8=
=nK3R
-----END PGP SIGNATURE-----
pgpTRlfB9gvfC.pgp
Description: PGP signature
--- End Message ---
