Package: sudo Version: 1.8.27-1+deb10u2 Severity: important Tags: upstream Dear Maintainer,
* justification for Severity: (>=) important: Broken in buster (stable) (at least 1.8.27-1+deb10u2). Works in stretch (oldstable) (at least 1.8.27-1+deb10u2). Existing listpw=never functionality breaks upon stretch (oldstable) --> buster (stable) upgrade. Hopefully listpw=never fix can be cleanly backported into buster (current stable). :-) * What led up to the situation? stretch (oldstable) --> buster (stable) upgrade. Bug apparently from upstream (apparently fixed in upstream 1.8.28). $ sudo -l fails where it used to work * What exactly did you do (or not do) that was effective (or ineffective)? Not fix, but work-around, change sudoers, e.g. to include: # listpw=never bug work-around: # Defaults listpw = never Defaults listpw = any ALL ALL=(nobody:nogroup) NOPASSWD: /bin/true "" * What was the outcome of this action? fails: sudoers: Defaults listpw=never $ sudo -l Above noted work-around is effective but adds spurious additional sudo command. * What outcome did you expect instead? Should work: sudoers: Defaults listpw=never $ sudo -l * +wishlist: add listpw regression tests to Debian sudo build/test, also feed same to upstream See also / references: Apparently (but I've not verified) fixed in upstream 1.8.28: https://unix.stackexchange.com/questions/466326/listpw-default-option-not-working-with-sudo-1-8-24 https://bugzilla.sudo.ws/show_bug.cgi?id=869 https://www.sudo.ws/repos/sudo/rev/ecb89088a884 - nopass = (pwcheck == all) ? true : false; + nopass = (pwcheck == never) ? true : false; -- System Information: Debian Release: 10.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-9-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C), LANGUAGE=en_US.UTF-8 (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages sudo depends on: ii libaudit1 1:2.8.4-3 ii libc6 2.28-10 ii libpam-modules 1.3.1-5 ii libpam0g 1.3.1-5 ii libselinux1 2.8-1+b1 ii lsb-base 10.2019051400 sudo recommends no packages. sudo suggests no packages. -- Configuration Files: (not supplied, see also work-around, etc. above) -- *+Kudos: Debian is fantastic! Much appreciate all the excellent high quality work! Rare that I actually find a bug in stable - been quite a while. https://www.debian.org/intro/help :-)
