Your message dated Sun, 01 Mar 2026 15:17:07 +0000
with message-id <[email protected]>
and subject line Bug#1126085: fixed in sudo 1.9.16p2-3+deb13u1
has caused the Debian Bug report #1126085,
regarding sudo: no longer accepts previously valid configuration files
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1126085: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126085
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: sudo
Version: 1.9.17p2-1
Severity: serious
Tags: security
X-Debbugs-Cc: [email protected]
X-Debbugs-Cc: [email protected]
Control: found -1 1.9.16p2-3
[Filed as RC and a security issue as it can lead to sudoers
configuration being implicitly disabled during a bookworm -> trixie
upgrade. Please adjust if appropriate.]
Hi,
While investigating issues with sudo configuration not working as
expected on a newly-built trixie machine, I noticed that the output of
"sudo -l" included:
sudo: unable to open /etc/sudoers.d/10_dsa::util::sudo[dfsg-team-role]: No such
file or directory
However, the file existed, and had the same permissions as other files
in the directory, that were being used as expected. Investigating with
strace showed several openat() calls, the first for "10_dsa".
I believe this change was caused by
https://git.sudo.ws/sudo/commit/?id=f17b35471 - "Support sudoers_file
being a colon-separated path of files". Due to the way that includedir
directives are processed, this change affects not just literal (lists
of) filenames used in sudoers, but also filenames found in the included
directory.
One might say "who would use colons in filenames", but in any case the
filenames were correctly parsed by bookworm's sudo.
The error message output by sudo is also misleading, as it was not
"/etc/sudoers.d/10_dsa::util::sudo[dfsg-team-role]" which returned
ENOENT, but rather "/etc/sudoers.d/10_dsa", which indeed does not
exist.
Regards,
Adam
--- End Message ---
--- Begin Message ---
Source: sudo
Source-Version: 1.9.16p2-3+deb13u1
Done: Marc Haber <[email protected]>
We believe that the bug you reported is fixed in the latest version of
sudo, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Marc Haber <[email protected]> (supplier of updated sudo package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 11 Feb 2026 20:22:01 +0100
Source: sudo
Architecture: source
Version: 1.9.16p2-3+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian Sudo Maintainers <[email protected]>
Changed-By: Marc Haber <[email protected]>
Closes: 1124339 1126085
Changes:
sudo (1.9.16p2-3+deb13u1) trixie; urgency=medium
.
[ Marc Haber ]
* add upstream patch: Do not perform path expansion
Thanks to Adam D. Barratt" <[email protected]> (Closes: #1126085)
* Enable Intel CET on amd64 only.
Thanks to Marcos Del Sol Vives (Closes: #1124339)
* Pull more robust test suite from unstable
Checksums-Sha1:
f19129dca3429fdd07c0d96fbca90eb12c88e58f 2496 sudo_1.9.16p2-3+deb13u1.dsc
dcac02450d1e14619190a067b36900409d8747aa 67820
sudo_1.9.16p2-3+deb13u1.debian.tar.xz
8e9e5d44eda34387a6820ec1a08649f2c9757e8c 6360
sudo_1.9.16p2-3+deb13u1_source.buildinfo
Checksums-Sha256:
fd33a987be9b561bc79b52094276264c6beb5edf21fc606e661950e4a314d9af 2496
sudo_1.9.16p2-3+deb13u1.dsc
d1e1284ea78cde856060a5240d5a2a528770efcdf1b18131ccb07bd285dde8cf 67820
sudo_1.9.16p2-3+deb13u1.debian.tar.xz
0c814108ee361651c3c10061a2b8d4720c70f4b43dcf88c56005f73e34e3aa63 6360
sudo_1.9.16p2-3+deb13u1_source.buildinfo
Files:
e64092eab817914a21ff6ff9aa8ac96a 2496 admin optional
sudo_1.9.16p2-3+deb13u1.dsc
4980ec283669e1c8f808cd5dc6b395c8 67820 admin optional
sudo_1.9.16p2-3+deb13u1.debian.tar.xz
dc373771b36f74a23bc1f46e82a7cc85 6360 admin optional
sudo_1.9.16p2-3+deb13u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIyBAEBCgAdFiEE6QL5UJ/L0pcuNEbjj3cgEwEyBEIFAmmjSEkACgkQj3cgEwEy
BEIMbw/3ZKuUgjGlQeDwyYM6Xwq1Cdh7AjgJRvKqV/bTnZzgUcJSZQo0avRrbFXX
knqvzCyXG+AzdqXUuGEPD0iqA0IlJ+9USRYQAp1l1US9OJwt9bMx2XZzKEIofiSW
ZLdITtiOcLFo0co4YL3H7RAvH3srFmIwwCNEL9/6qF3nIaXI8uOIpplCvLZYnW/u
lXHUSghQP4KRk5eP+ntxcCDgw/81S3yrTqMKsLqKrm912gZbWekEoKHrVz/cVoX9
WbkF3mpg0cccgPNf4xf3OmbIWGqEzo6r+9+NmkweG9borjAYroC7kzYxw2qhgroF
XtMPC06iVjXjapy3615bZH64Cz1qkP9+hdxziEUuOXQJOqb9YDL3GM/9S35koaN3
bVlbNTKa8sl4rhrXp62ahcSB2el3NnJKUvZBQyd/I5UQtqJUJKDFFvreht1JM3u1
bcJwcxizldRWK/CoMsp9DOTAzYz9Llye/UeMrwnAzKTgGjxbdok9Wd5dnKSJJLCV
lfrIMaL70Bk8ORvI//9EGB9nyTG60d3DEnCaA52rO2GGPI+2RHD/3d27sqAd9g1D
BeZZHNVZtYKQGnxtbfpPtuE7vV0X9ySw9VYjB4LHdn8Hbx7N2K9J/4ph3/ujZT8+
jYBEea5qiqDf0M9jCzlytc912owrRTwWzIny9+6s9t2UovIbBQ==
=BUpq
-----END PGP SIGNATURE-----
pgp6WJs_5ac6A.pgp
Description: PGP signature
--- End Message ---
