diff -Nru sudo-1.8.10p3/debian/changelog sudo-1.8.10p3/debian/changelog
--- sudo-1.8.10p3/debian/changelog	2015-01-19 06:56:53.000000000 +0100
+++ sudo-1.8.10p3/debian/changelog	2015-03-01 18:56:36.000000000 +0100
@@ -1,3 +1,22 @@
+sudo (1.8.10p3-1+deb8u2) testing-proposed-updates; urgency=medium
+
+  [ Salvatore Bonaccorso ]
+  * Add CVE-2014-9680-1.patch patch.
+    CVE-2014-9680: unsafe handling of TZ environment variable. (Closes: #772707)
+  * Add CVE-2014-9680-2.patch patch.
+    Documents that a leading ':' is skipped when checking TZ for a
+    fully-qualified path name.
+
+  [ Christian Kastner ]
+  * In the *.preinst scripts, make sure that dpkg --compare-versions actually
+    has two versions to compare. Closes: #776137
+  * Also in the *.preinst scripts, make sure that /etc/sudoers exists before
+    attempting to chown/chmod it
+  * Include patch from Jakub Wilk to fix 'ignoring time stamp from the
+    future' messages. Closes: #764817
+
+ -- Christian Kastner <debian@kvr.at>  Sun, 01 Mar 2015 18:56:17 +0100
+
 sudo (1.8.10p3-1+deb8u1) testing-proposed-updates; urgency=medium
 
   * Non-maintainer upload.
diff -Nru sudo-1.8.10p3/debian/patches/CVE-2014-9680-1.patch sudo-1.8.10p3/debian/patches/CVE-2014-9680-1.patch
--- sudo-1.8.10p3/debian/patches/CVE-2014-9680-1.patch	1970-01-01 01:00:00.000000000 +0100
+++ sudo-1.8.10p3/debian/patches/CVE-2014-9680-1.patch	2015-03-01 18:50:20.000000000 +0100
@@ -0,0 +1,380 @@
+Description: CVE-2014-9680: unsafe handling of TZ environment variable
+ The TZ environment variable was passed through unchecked.  Most libc
+ tzset() implementations support passing an absolute pathname in the time
+ zone to point to an arbitrary, user-controlled file.  This may be used
+ to exploit bugs in the C library's TZ parser or open files the user
+ would not otherwise have access to.  Arbitrary file access via TZ could
+ also be used in a denial of service attack by reading from a file or
+ fifo that will block.
+Origin: backport, http://www.sudo.ws/repos/sudo/rev/650ac6938b59,
+ http://www.sudo.ws/repos/sudo/rev/ac1467f71ac0
+Bug-Debian: https://bugs.debian.org/772707
+Forwarded: not-needed
+Author: Todd C. Miller <Todd.Miller@courtesan.com>
+Author: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2015-02-18
+Applied-Upstream: 1.8.12
+
+--- a/configure
++++ b/configure
+@@ -882,6 +882,7 @@ with_timedir
+ with_rundir
+ with_vardir
+ with_iologdir
++with_tzdir
+ with_sendmail
+ with_sudoers_mode
+ with_sudoers_uid
+@@ -1670,6 +1671,7 @@ Optional Packages:
+   --with-rundir=DIR       path to the sudo time stamp parent dir
+   --with-vardir=DIR       path to the sudo var dir
+   --with-iologdir=DIR     directory to store sudo I/O log files in
++  --with-tzdir=DIR        path to the time zone data directory
+   --with-sendmail         set path to sendmail
+   --without-sendmail      do not send mail at all
+   --with-sudoers-mode     mode of sudoers file (defaults to 0440)
+@@ -4773,6 +4775,16 @@ fi
+ 
+ 
+ 
++# Check whether --with-tzdir was given.
++if test "${with_tzdir+set}" = set; then :
++  withval=$with_tzdir; case $with_tzdir in
++    yes)	as_fn_error $? "\"must give --with-tzdir an argument.\"" "$LINENO" 5
++		;;
++esac
++fi
++
++
++
+ # Check whether --with-sendmail was given.
+ if test "${with_sendmail+set}" = set; then :
+   withval=$with_sendmail; case $with_sendmail in
+@@ -21483,6 +21495,27 @@ EOF
+     { $as_echo "$as_me:${as_lineno-$LINENO}: result: $iolog_dir" >&5
+ $as_echo "$iolog_dir" >&6; }
+ 
++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking time zone data directory" >&5
++$as_echo_n "checking time zone data directory... " >&6; }
++tzdir="$with_tzdir"
++if test -z "$tzdir"; then
++    tzdir=no
++    for d in /usr/share /usr/share/lib /usr/lib /etc; do
++	if test -d "$d/zoneinfo"; then
++	    tzdir="$d/zoneinfo"
++	    break
++	fi
++    done
++fi
++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $tzdir" >&5
++$as_echo "$tzdir" >&6; }
++if test "${tzdir}" != "no"; then
++    cat >>confdefs.h <<EOF
++#define _PATH_ZONEINFO "$tzdir"
++EOF
++
++fi
++
+ 
+ 
+ ac_c_werror_flag=yes
+--- a/configure.ac
++++ b/configure.ac
+@@ -816,6 +816,12 @@ AC_ARG_WITH(iologdir, [AS_HELP_STRING([-
+ 	    ;;
+ esac])
+ 
++AC_ARG_WITH(tzdir, [AS_HELP_STRING([--with-tzdir=DIR], [path to the time zone data directory])],
++[case $with_tzdir in
++    yes)	AC_MSG_ERROR(["must give --with-tzdir an argument."])
++		;;
++esac])
++
+ AC_ARG_WITH(sendmail, [AS_HELP_STRING([--with-sendmail], [set path to sendmail])
+ AS_HELP_STRING([--without-sendmail], [do not send mail at all])],
+ [case $with_sendmail in
+@@ -3446,6 +3452,7 @@ SUDO_LOGFILE
+ SUDO_RUNDIR
+ SUDO_VARDIR
+ SUDO_IO_LOGDIR
++SUDO_TZDIR
+ 
+ dnl
+ dnl Turn warnings into errors.
+--- a/doc/sudoers.cat
++++ b/doc/sudoers.cat
+@@ -1628,19 +1628,35 @@ SSUUDDOOEERRSS OOPPTTIIOONN
+      LLiissttss tthhaatt ccaann bbee uusseedd iinn aa bboooolleeaann ccoonntteexxtt:
+ 
+      env_check         Environment variables to be removed from the user's
+-                       environment if the variable's value contains `%' or `/'
++                       environment unless they are considered ``safe''.
++                       For all variables except TZ, ``safe'' means that the
++                       variable's value does not contain any `%' or `/'
+                        characters.  This can be used to guard against printf-
+                        style format vulnerabilities in poorly-written
+-                       programs.  The argument may be a double-quoted, space-
+-                       separated list or a single value without double-quotes.
+-                       The list can be replaced, added to, deleted from, or
+-                       disabled by using the =, +=, -=, and ! operators
+-                       respectively.  Regardless of whether the env_reset
+-                       option is enabled or disabled, variables specified by
+-                       env_check will be preserved in the environment if they
+-                       pass the aforementioned check.  The default list of
+-                       environment variables to check is displayed when ssuuddoo
+-                       is run by root with the --VV option.
++                       programs.  The TZ variable is considered unsafe if any
++                       of the following are true:
++
++                       ++oo   It consists of a fully-qualified path name that
++                           does not match the location of the _z_o_n_e_i_n_f_o
++                           directory.
++
++                       ++oo   It contains a _._. path element.
++
++                       ++oo   It contains white space or non-printable
++                           characters.
++
++                       ++oo   It is longer than the value of PATH_MAX.
++
++                       The argument may be a double-quoted, space-separated
++                       list or a single value without double-quotes.  The list
++                       can be replaced, added to, deleted from, or disabled by
++                       using the =, +=, -=, and ! operators respectively.
++                       Regardless of whether the env_reset option is enabled
++                       or disabled, variables specified by env_check will be
++                       preserved in the environment if they pass the
++                       aforementioned check.  The default list of environment
++                       variables to check is displayed when ssuuddoo is run by
++                       root with the --VV option.
+ 
+      env_delete        Environment variables to be removed from the user's
+                        environment when the _e_n_v___r_e_s_e_t option is not in effect.
+--- a/doc/sudoers.man.in
++++ b/doc/sudoers.man.in
+@@ -3336,14 +3336,45 @@ The default value is
+ \fBLists that can be used in a boolean context\fR:
+ .TP 18n
+ env_check
+-Environment variables to be removed from the user's environment if
+-the variable's value contains
++Environment variables to be removed from the user's environment
++unless they are considered
++\(lqsafe\(rq.
++For all variables except
++\fRTZ\fR,
++\(lqsafe\(rq
++means that the variable's value does not contain any
+ \(oq%\(cq
+ or
+ \(oq/\(cq
+ characters.
+ This can be used to guard against printf-style format vulnerabilities
+ in poorly-written programs.
++The
++\fRTZ\fR
++variable is considered unsafe if any of the following are true:
++.PP
++.RS 18n
++.PD 0
++.TP 4n
++\fB\(bu\fR
++It consists of a fully-qualified path name that does not match
++the location of the
++\fIzoneinfo\fR
++directory.
++.PD
++.TP 4n
++\fB\(bu\fR
++It contains a
++\fI..\fR
++path element.
++.TP 4n
++\fB\(bu\fR
++It contains white space or non-printable characters.
++.TP 4n
++\fB\(bu\fR
++It is longer than the value of
++\fRPATH_MAX\fR.
++.PP
+ The argument may be a double-quoted, space-separated list or a
+ single value without double-quotes.
+ The list can be replaced, added to, deleted from, or disabled by using
+@@ -3365,6 +3396,7 @@ is run by root with
+ the
+ \fB\-V\fR
+ option.
++.RE
+ .TP 18n
+ env_delete
+ Environment variables to be removed from the user's environment when the
+--- a/doc/sudoers.mdoc.in
++++ b/doc/sudoers.mdoc.in
+@@ -3095,14 +3095,39 @@ The default value is
+ .Sy Lists that can be used in a boolean context :
+ .Bl -tag -width 16n
+ .It env_check
+-Environment variables to be removed from the user's environment if
+-the variable's value contains
++Environment variables to be removed from the user's environment
++unless they are considered
++.Dq safe .
++For all variables except
++.Li TZ ,
++.Dq safe
++means that the variable's value does not contain any
+ .Ql %
+ or
+ .Ql /
+ characters.
+ This can be used to guard against printf-style format vulnerabilities
+ in poorly-written programs.
++The
++.Li TZ 
++variable is considered unsafe if any of the following are true:
++.Bl -bullet
++.It
++It consists of a fully-qualified path name that does not match
++the location of the
++.Pa zoneinfo
++directory.
++.It
++It contains a
++.Pa ..
++path element.
++.It
++It contains white space or non-printable characters.
++.It
++It is longer than the value of
++.Li PATH_MAX .
++.El
++.Pp
+ The argument may be a double-quoted, space-separated list or a
+ single value without double-quotes.
+ The list can be replaced, added to, deleted from, or disabled by using
+--- a/m4/sudo.m4
++++ b/m4/sudo.m4
+@@ -119,6 +119,26 @@ fi
+ ])dnl
+ 
+ dnl
++dnl Detect time zone file directory, if any.
++dnl
++AC_DEFUN([SUDO_TZDIR], [AC_MSG_CHECKING(time zone data directory)
++tzdir="$with_tzdir"
++if test -z "$tzdir"; then
++    tzdir=no
++    for d in /usr/share /usr/share/lib /usr/lib /etc; do
++	if test -d "$d/zoneinfo"; then
++	    tzdir="$d/zoneinfo"
++	    break
++	fi
++    done
++fi
++AC_MSG_RESULT([$tzdir])
++if test "${tzdir}" != "no"; then
++    SUDO_DEFINE_UNQUOTED(_PATH_ZONEINFO, "$tzdir")
++fi
++])dnl
++
++dnl
+ dnl Parent directory for time stamp dir.
+ dnl
+ AC_DEFUN([SUDO_RUNDIR], [AC_MSG_CHECKING(for sudo run dir location)
+--- a/pathnames.h.in
++++ b/pathnames.h.in
+@@ -178,3 +178,7 @@
+ #ifndef _PATH_NETSVC_CONF
+ #undef	_PATH_NETSVC_CONF
+ #endif /* _PATH_NETSVC_CONF */
++
++#ifndef _PATH_ZONEINFO
++# undef        _PATH_ZONEINFO
++#endif /* _PATH_ZONEINFO */
+--- a/plugins/sudoers/env.c
++++ b/plugins/sudoers/env.c
+@@ -197,6 +197,7 @@ static const char *initial_checkenv_tabl
+     "LC_*",
+     "LINGUAS",
+     "TERM",
++    "TZ",
+     NULL
+ };
+ 
+@@ -212,7 +213,6 @@ static const char *initial_keepenv_table
+     "PATH",
+     "PS1",
+     "PS2",
+-    "TZ",
+     "XAUTHORITY",
+     "XAUTHORIZATION",
+     NULL
+@@ -576,6 +576,54 @@ matches_env_delete(const char *var)
+ }
+ 
+ /*
++ * Sanity-check the TZ environment variable.
++ * On many systems it is possible to set this to a pathname.
++ */
++static bool
++tz_is_sane(const char *tzval)
++{
++    const char *cp;
++    char lastch;
++    debug_decl(tz_is_sane, SUDO_DEBUG_ENV)
++
++    /* tzcode treats a value beginning with a ':' as a path. */
++    if (tzval[0] == ':')
++	tzval++;
++
++    /* Reject fully-qualified TZ that doesn't being with the zoneinfo dir. */
++    if (tzval[0] == '/') {
++#ifdef _PATH_ZONEINFO
++	if (strncmp(tzval, _PATH_ZONEINFO, sizeof(_PATH_ZONEINFO) - 1) != 0 ||
++	    tzval[sizeof(_PATH_ZONEINFO) - 1] != '/')
++	    debug_return_bool(false);
++#else
++	/* Assume the worst. */
++	debug_return_bool(false);
++#endif
++    }
++
++    /*
++     * Make sure TZ only contains printable non-space characters
++     * and does not contain a '..' path element.
++     */
++    lastch = '/';
++    for (cp = tzval; *cp != '\0'; cp++) {
++	if (isspace((unsigned char)*cp) || !isprint((unsigned char)*cp))
++	    debug_return_bool(false);
++	if (lastch == '/' && cp[0] == '.' && cp[1] == '.' &&
++	    (cp[2] == '/' || cp[2] == '\0'))
++	    debug_return_bool(false);
++	lastch = *cp;
++    }
++
++    /* Reject extra long TZ values (even if not a path). */
++    if ((size_t)(cp - tzval) >= PATH_MAX)
++	debug_return_bool(false);
++
++    debug_return_bool(true);
++}
++
++/*
+  * Apply the env_check list.
+  * Returns true if the variable is allowed, false if denied
+  * or -1 if no match.
+@@ -599,7 +647,12 @@ matches_env_check(const char *var)
+ 	    iswild = false;
+ 	if (strncmp(cur->value, var, len) == 0 &&
+ 	    (iswild || var[len] == '=')) {
+-	    keepit = !strpbrk(var, "/%");
++	    if (strncmp(var, "TZ=", 3) == 0) {
++	        /* Special case for TZ */
++	        keepit = tz_is_sane(var + 3);
++	    } else {
++	        keepit = !strpbrk(var, "/%");
++	    }
+ 	    break;
+ 	}
+     }
diff -Nru sudo-1.8.10p3/debian/patches/CVE-2014-9680-2.patch sudo-1.8.10p3/debian/patches/CVE-2014-9680-2.patch
--- sudo-1.8.10p3/debian/patches/CVE-2014-9680-2.patch	1970-01-01 01:00:00.000000000 +0100
+++ sudo-1.8.10p3/debian/patches/CVE-2014-9680-2.patch	2015-03-01 18:50:20.000000000 +0100
@@ -0,0 +1,56 @@
+Description: Document handling of leading ':' when checking TZ variable
+ Document that a leading ':' is skipped when checking TZ for a
+ fully-qualified path name.
+Origin: backport, http://www.sudo.ws/repos/sudo/rev/91859f613b88,
+ http://www.sudo.ws/repos/sudo/rev/579b02f0dbe0
+Forwarded: not-needed
+Author: Todd C. Miller <Todd.Miller@courtesan.com>
+Author: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2015-02-18
+Applied-Upstream: 1.8.12
+
+--- a/doc/sudoers.cat
++++ b/doc/sudoers.cat
+@@ -1636,9 +1636,9 @@ SSUUDDOOEERRSS OOPPTTIIOONN
+                        programs.  The TZ variable is considered unsafe if any
+                        of the following are true:
+ 
+-                       ++oo   It consists of a fully-qualified path name that
+-                           does not match the location of the _z_o_n_e_i_n_f_o
+-                           directory.
++                       ++oo   It consists of a fully-qualified path name,
++                           optionally prefixed with a colon (`:'), that does
++                           not match the location of the _z_o_n_e_i_n_f_o directory.
+ 
+                        ++oo   It contains a _._. path element.
+ 
+--- a/doc/sudoers.man.in
++++ b/doc/sudoers.man.in
+@@ -3357,8 +3357,10 @@ variable is considered unsafe if any of
+ .PD 0
+ .TP 4n
+ \fB\(bu\fR
+-It consists of a fully-qualified path name that does not match
+-the location of the
++It consists of a fully-qualified path name,
++optionally prefixed with a colon
++(\(oq:\&\(cq),
++that does not match the location of the
+ \fIzoneinfo\fR
+ directory.
+ .PD
+--- a/doc/sudoers.mdoc.in
++++ b/doc/sudoers.mdoc.in
+@@ -3113,8 +3113,10 @@ The
+ variable is considered unsafe if any of the following are true:
+ .Bl -bullet
+ .It
+-It consists of a fully-qualified path name that does not match
+-the location of the
++It consists of a fully-qualified path name,
++optionally prefixed with a colon
++.Pq Ql :\& ,
++that does not match the location of the
+ .Pa zoneinfo
+ directory.
+ .It
diff -Nru sudo-1.8.10p3/debian/patches/future-timestamp.diff sudo-1.8.10p3/debian/patches/future-timestamp.diff
--- sudo-1.8.10p3/debian/patches/future-timestamp.diff	1970-01-01 01:00:00.000000000 +0100
+++ sudo-1.8.10p3/debian/patches/future-timestamp.diff	2015-03-01 18:50:24.000000000 +0100
@@ -0,0 +1,11 @@
+--- a/plugins/sudoers/boottime.c
++++ b/plugins/sudoers/boottime.c
+@@ -80,6 +80,8 @@
+     if (fp != NULL) {
+ 	while ((len = getline(&line, &linesize, fp)) != -1) {
+ 	    if (strncmp(line, "btime ", 6) == 0) {
++		if (line[len - 1] == '\n')
++		    line[len - 1] = '\0';
+ 		long long llval = strtonum(line + 6, 1, LLONG_MAX, NULL);
+ 		if (llval > 0) {
+ 		    tv->tv_sec = (time_t)llval;
diff -Nru sudo-1.8.10p3/debian/patches/series sudo-1.8.10p3/debian/patches/series
--- sudo-1.8.10p3/debian/patches/series	2015-01-19 06:56:17.000000000 +0100
+++ sudo-1.8.10p3/debian/patches/series	2015-03-01 18:50:24.000000000 +0100
@@ -1,3 +1,6 @@
 typo-in-classic-insults.diff
 paths-in-samples.diff
 Fix-for-broken-FQDN-host-specifications.diff
+future-timestamp.diff
+CVE-2014-9680-1.patch
+CVE-2014-9680-2.patch
diff -Nru sudo-1.8.10p3/debian/sudo-ldap.postinst sudo-1.8.10p3/debian/sudo-ldap.postinst
--- sudo-1.8.10p3/debian/sudo-ldap.postinst	2014-09-14 18:26:06.000000000 +0200
+++ sudo-1.8.10p3/debian/sudo-ldap.postinst	2015-03-01 18:50:20.000000000 +0100
@@ -28,8 +28,10 @@
 fi
 
 # make sure sudoers has the correct permissions and owner/group
-chown root:root /etc/sudoers
-chmod 440 /etc/sudoers
+if [ -f /etc/sudoers ];then
+    chown root:root /etc/sudoers
+    chmod 440 /etc/sudoers
+fi
 
 # create symlink to ease transition to new path for ldap config
 # if old config file exists and new one doesn't
diff -Nru sudo-1.8.10p3/debian/sudo-ldap.preinst sudo-1.8.10p3/debian/sudo-ldap.preinst
--- sudo-1.8.10p3/debian/sudo-ldap.preinst	2014-09-14 18:26:06.000000000 +0200
+++ sudo-1.8.10p3/debian/sudo-ldap.preinst	2015-03-01 18:50:20.000000000 +0100
@@ -2,7 +2,7 @@
 
 case "$1" in
   install|upgrade)
-    if dpkg --compare-versions "$2" le "1.7.4p4-4"; then
+    if [ -n "$2" ] && dpkg --compare-versions "$2" le "1.7.4p4-4"; then
 
       SUDOERS="/etc/sudoers"
 
diff -Nru sudo-1.8.10p3/debian/sudo.postinst sudo-1.8.10p3/debian/sudo.postinst
--- sudo-1.8.10p3/debian/sudo.postinst	2014-09-14 18:26:06.000000000 +0200
+++ sudo-1.8.10p3/debian/sudo.postinst	2015-03-01 18:50:20.000000000 +0100
@@ -22,8 +22,10 @@
 fi
 
 # make sure sudoers has the correct permissions and owner/group
-chown root:root /etc/sudoers
-chmod 440 /etc/sudoers
+if [ -f /etc/sudoers ];then
+    chown root:root /etc/sudoers
+    chmod 440 /etc/sudoers
+fi
 
 # if we've gotten this far .. remove the saved, unchanged old sudoers file
 rm -f /etc/sudoers.pre-conffile
diff -Nru sudo-1.8.10p3/debian/sudo.preinst sudo-1.8.10p3/debian/sudo.preinst
--- sudo-1.8.10p3/debian/sudo.preinst	2014-09-14 18:26:06.000000000 +0200
+++ sudo-1.8.10p3/debian/sudo.preinst	2015-03-01 18:50:20.000000000 +0100
@@ -2,7 +2,7 @@
 
 case "$1" in
   install|upgrade)
-    if dpkg --compare-versions "$2" le "1.7.4p4-4"; then
+    if [ -n "$2" ] && dpkg --compare-versions "$2" le "1.7.4p4-4"; then
 
       SUDOERS="/etc/sudoers"