Change log for sudo package in Ubuntu
| 151 → 209 of 209 results | First • Previous • Next • Last |
sudo (1.6.9p10-1ubuntu3.7) hardy-security; urgency=low
* SECURITY UPDATE: properly verify path in find_path.c for the 'sudoedit'
pseudo-command when running from the current working directory and
secure_path is disabled
- CVE-2010-XXXX
-- Jamie Strandboge <email address hidden> Tue, 13 Apr 2010 12:22:18 -0500
Available diffs
sudo (1.7.2p1-1ubuntu5) lucid; urgency=low
* SECURITY UPDATE: properly verify path in find_path.c for the 'sudoedit'
pseudo-command when running from the current working directory and
secure_path is disabled
- CVE-2010-XXXX
-- Jamie Strandboge <email address hidden> Wed, 07 Apr 2010 15:35:36 -0500
Available diffs
- diff from 1.7.2p1-1ubuntu4 to 1.7.2p1-1ubuntu5 (676 bytes)
sudo (1.6.9p17-1ubuntu2.3) intrepid-security; urgency=low
* SECURITY UPDATE: properly verify path in find_path.c for the 'sudoedit'
pseudo-command when running from the current working directory and
secure_path is disabled
- CVE-2010-XXXX
-- Jamie Strandboge <email address hidden> Wed, 07 Apr 2010 15:49:07 -0500
Available diffs
sudo (1.6.9p17-1ubuntu3.2) jaunty-security; urgency=low
* SECURITY UPDATE: properly verify path in find_path.c for the 'sudoedit'
pseudo-command when running from the current working directory and
secure_path is disabled
- CVE-2010-XXXX
-- Jamie Strandboge <email address hidden> Wed, 07 Apr 2010 15:38:30 -0500
Available diffs
sudo (1.7.0-1ubuntu2.2) karmic-security; urgency=low
* SECURITY UPDATE: properly verify path in find_path.c for the 'sudoedit'
pseudo-command when running from the current working directory and
secure_path is disabled
- CVE-2010-XXXX
-- Jamie Strandboge <email address hidden> Wed, 07 Apr 2010 15:06:51 -0500
Available diffs
- diff from 1.7.0-1ubuntu2.1 to 1.7.0-1ubuntu2.2 (640 bytes)
| Superseded in lucid-release |
sudo (1.7.2p1-1ubuntu4) lucid; urgency=low
* env.c: Revert addition of "http_proxy" again. This was an Ubuntu specific
EBW hack, caused inconsistencies with other proxy variables (such as
https_proxy and ftp_proxy), made sudo incompatible to upstream
behaviour/documentation. This is solved in a much better way in apt itself
and gnome-network-properties now. (LP: #432631)
-- Martin Pitt <email address hidden> Fri, 26 Mar 2010 18:48:18 +0100
Available diffs
- diff from 1.7.2p1-1ubuntu3 to 1.7.2p1-1ubuntu4 (576 bytes)
| Superseded in lucid-release |
sudo (1.7.2p1-1ubuntu3) lucid; urgency=low
* debian/sudo.postinst, debian/sudo-ldap.postinst: update description to
match behaviour in sudoers file. (LP: #534090)
-- Marc Deslauriers <email address hidden> Sun, 07 Mar 2010 19:49:39 -0500
Available diffs
- diff from 1.7.2p1-1ubuntu2 to 1.7.2p1-1ubuntu3 (622 bytes)
sudo (1.6.8p12-1ubuntu6.1) dapper-security; urgency=low
* SECURITY UPDATE: properly verify path for the 'sudoedit' pseudo-command
in parse.c. This only affects users who have recompiled sudo without
--secure-path.
- http://sudo.ws/repos/sudo/rev/f86e1b56d074
- CVE-2010-0426
-- Jamie Strandboge <email address hidden> Thu, 25 Feb 2010 16:25:22 -0600
Available diffs
sudo (1.7.0-1ubuntu2.1) karmic-security; urgency=low
* SECURITY UPDATE: properly verify path for the 'sudoedit' pseudo-command
in match.c
- http://sudo.ws/repos/sudo/rev/88f3181692fe
- CVE-2010-0426
-- Jamie Strandboge <email address hidden> Wed, 24 Feb 2010 16:59:51 -0600
Available diffs
| Superseded in lucid-release |
sudo (1.7.2p1-1ubuntu2) lucid; urgency=low
* SECURITY UPDATE: properly verify path for the 'sudoedit' pseudo-command
in match.c
- http://sudo.ws/repos/sudo/rev/88f3181692fe
- CVE-2010-0426
-- Jamie Strandboge <email address hidden> Wed, 24 Feb 2010 16:50:11 -0600
Available diffs
- diff from 1.7.2p1-1ubuntu1 to 1.7.2p1-1ubuntu2 (573 bytes)
sudo (1.6.9p17-1ubuntu3.1) jaunty-security; urgency=low
* SECURITY UPDATE: properly verify path for the 'sudoedit' pseudo-command
in parse.c
- http://sudo.ws/repos/sudo/rev/f86e1b56d074
- CVE-2010-0426
* SECURITY UPDATE: reset cached supplementary runas groups when changing
the runas user in set_perms.c and sudo.c
- http://sudo.ws/repos/sudo/rev/aa0b6c01c462
- CVE-2010-0427
-- Jamie Strandboge <email address hidden> Wed, 24 Feb 2010 17:02:33 -0600
Available diffs
sudo (1.6.9p17-1ubuntu2.2) intrepid-security; urgency=low
* SECURITY UPDATE: properly verify path for the 'sudoedit' pseudo-command
in parse.c
- http://sudo.ws/repos/sudo/rev/f86e1b56d074
- CVE-2010-0426
* SECURITY UPDATE: reset cached supplementary runas groups when changing
the runas user in set_perms.c and sudo.c
- http://sudo.ws/repos/sudo/rev/aa0b6c01c462
- CVE-2010-0427
-- Jamie Strandboge <email address hidden> Thu, 25 Feb 2010 06:49:14 -0600
Available diffs
sudo (1.6.9p10-1ubuntu3.6) hardy-security; urgency=low
* SECURITY UPDATE: properly verify path for the 'sudoedit' pseudo-command
in parse.c
- http://sudo.ws/repos/sudo/rev/f86e1b56d074
- CVE-2010-0426
* SECURITY UPDATE: reset cached supplementary runas groups when changing
the runas user in set_perms.c and sudo.c
- http://sudo.ws/repos/sudo/rev/aa0b6c01c462
- CVE-2010-0427
-- Jamie Strandboge <email address hidden> Thu, 25 Feb 2010 06:49:56 -0600
Available diffs
| Superseded in lucid-release |
sudo (1.7.2p1-1ubuntu1) lucid; urgency=low
* Merge from debian testing. Remaining changes:
- debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu
specific)
- Add debian/sudo_root.8: Explanation of root handling through sudo.
Install it in debian/rules. (Ubuntu specific)
- sudo.c: If the user successfully authenticated and he is in the 'admin'
group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
profile checks for this and displays a short intro about sudo if the
flag is not present. (Ubuntu specific)
- env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept
for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at
some point)
- debian/{rules,postinst,sudo-ldap.postinst}: Disable init script
installation. Debian reintroduced it because /var/run tmpfs is not the
default there, but has been on Ubuntu for ages.
- debian/{source_sudo.py,rules,sudo-ldap.dirs,sudo.dirs}: Add apport hook
Available diffs
- diff from 1.7.0-1ubuntu3 to 1.7.2p1-1ubuntu1 (124.3 KiB)
| Superseded in lucid-release |
sudo (1.7.0-1ubuntu3) lucid; urgency=low
* debian/{source_sudo.py,rules}: Add apport hook
-- Marc Deslauriers <email address hidden> Fri, 29 Jan 2010 09:31:00 -0500
Available diffs
sudo (1.6.9p10-1ubuntu3.5) hardy-proposed; urgency=low * debian/rules: - add /usr/lib/kde4/bin to secure_path (LP: #191264) -- Mackenzie Morgan <email address hidden> Thu, 23 Jul 2009 12:32:28 -0400
Available diffs
sudo (1.7.0-1ubuntu2) karmic; urgency=low
* env.c: add logic similar to pam_env's stripping of single and double
quotes around /etc/environment env vars; fixes literal quotes in LANG when
using sudo -i; LP: #387262.
-- Loic Minier <email address hidden> Mon, 22 Jun 2009 18:03:45 +0200
Available diffs
- diff from 1.7.0-1ubuntu1 to 1.7.0-1ubuntu2 (860 bytes)
| Superseded in karmic-release |
sudo (1.7.0-1ubuntu1) karmic; urgency=low
* Merge from debian unstable, remaining changes:
- debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu
specific)
- Add debian/sudo_root.8: Explanation of root handling through sudo.
Install it in debian/rules. (Ubuntu specific)
- sudo.c: If the user successfully authenticated and he is in the 'admin'
group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
profile checks for this and displays a short intro about sudo if the
flag is not present. (Ubuntu specific)
- env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept
for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at
some point)
- debian/{rules,postinst,sudo-ldap.postinst}: Disable init script
installation. Debian reintroduced it because /var/run tmpfs is not the
default there, but has been on Ubuntu for ages.
Available diffs
- diff from 1.6.9p17-1ubuntu3 to 1.7.0-1ubuntu1 (506.0 KiB)
sudo (1.6.9p17-1ubuntu3) jaunty; urgency=low
* SECURITY UPDATE: privilege escalation via non-default system groups.
- parse.c: upstream fix for CVE-2009-0034:
http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c?r1=1.160.2.21&r2=1.160.2.22
-- Kees Cook <email address hidden> Mon, 16 Feb 2009 12:13:47 -0800
Available diffs
- diff from 1.6.9p17-1ubuntu2 to 1.6.9p17-1ubuntu3 (674 bytes)
sudo (1.6.9p10-1ubuntu3.4) hardy-security; urgency=low
* SECURITY UPDATE: privilege escalation via non-default system groups.
- parse.c: upstream fix for CVE-2009-0034:
http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c?r1=1.160.2.21&r2=1.160.2.22
-- Kees Cook <email address hidden> Mon, 16 Feb 2009 12:13:47 -0800
Available diffs
sudo (1.6.9p17-1ubuntu2.1) intrepid-security; urgency=low
* SECURITY UPDATE: privilege escalation via non-default system groups.
- parse.c: upstream fix for CVE-2009-0034:
http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c?r1=1.160.2.21&r2=1.160.2.22
-- Kees Cook <email address hidden> Mon, 16 Feb 2009 12:13:47 -0800
Available diffs
sudo (1.6.9p10-1ubuntu3.3) hardy-proposed; urgency=low
* sudo.c: Drop usage of locale again, to revert back to the 1.6.8 behaviour.
fnmatch() and glob() behave differently under different locales and thus
cause undefined behaviour with (admittedly underspecified) character range
globs such as "[a-Z]". Patch taken from upstream CVS, see
http://www.gratisoft.us/bugzilla/show_bug.cgi?id=296 (LP: #228046)
-- Martin Pitt <email address hidden> Mon, 01 Sep 2008 13:12:14 +0000
Available diffs
sudo (1.6.9p17-1ubuntu2) intrepid; urgency=low
* sudo.c: Drop usage of locale again, to revert back to the 1.6.8 behaviour.
fnmatch() and glob() behave differently under different locales and thus
cause undefined behaviour with (admittedly underspecified) character range
globs such as "[a-Z]". Patch taken from upstream CVS, see
http://www.gratisoft.us/bugzilla/show_bug.cgi?id=296 (LP: #228046)
-- Martin Pitt <email address hidden> Mon, 01 Sep 2008 15:05:52 +0200
Available diffs
- diff from 1.6.9p17-1ubuntu1 to 1.6.9p17-1ubuntu2 (606 bytes)
| Superseded in intrepid-release |
sudo (1.6.9p17-1ubuntu1) intrepid; urgency=low
* Merge from debian unstable, remaining changes:
- debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu
specific)
- Add debian/sudo_root.8: Explanation of root handling through sudo.
Install it in debian/rules. (Ubuntu specific)
- sudo.c: If the user successfully authenticated and he is in the 'admin'
group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
profile checks for this and displays a short intro about sudo if the
flag is not present. (Ubuntu specific)
- env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept
for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at
some point)
* debian/{rules,postinst,sudo-ldap.postinst}: Disable init script
installation. Debian reintroduced it because /var/run tmpfs is not the
default there, but has been on Ubuntu for ages.
Available diffs
| Superseded in intrepid-release |
sudo (1.6.9p15-2ubuntu1) intrepid; urgency=low
* Merge from debian unstable, remaining changes:
- logging.c: Ignore SIGPIPE when creating an error email, so that non-fatal
error messages (like "unable to resolve local host name") do not lead to
being killed with SIGPIPE if /usr/bin/sendmail does not exist or crashes.
(LP #32906, http://www.gratisoft.us/bugzilla/show_bug.cgi?id=285)
- debian/postinst: put "NOPASSWD" example at the bottom, so that
uncommenting it will actually work (later entries override former ones).
(LP #131399, Debian #479616)
- debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu
specific)
- Add debian/sudo_root.8: Explanation of root handling through sudo.
Install it in debian/rules. (Ubuntu specific)
- sudo.c: If the user successfully authenticated and he is in the 'admin'
group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
profile checks for this and displays a short intro about sudo if the
flag is not present. (Ubuntu specific)
- env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept
for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at
some point)
* debian/{rules,postinst}: Disable init script installation. Debian
reintroduced it because /var/run tmpfs is not the default there, but has
been on Ubuntu for ages.
Available diffs
| Superseded in intrepid-release |
sudo (1.6.9p12-1ubuntu2) intrepid; urgency=low
* debian/postinst: Fix a typo, and add a more helpful comment about the
ordering and overriding. (LP: #131399)
-- Martin Pitt <email address hidden> Wed, 14 May 2008 15:46:24 +0200
sudo (1.6.9p10-1ubuntu3.2) hardy-proposed; urgency=low
* env.c: Do not reset $HOME. sudo's documentation specifies that $HOME is
not changed unless -H/-s is specified, and behaved that way until Gutsy
(thus this is a regression). Fix backported from latest sudo release:
http://www.sudo.ws/cgi-bin/cvsweb/sudo/env.c.diff?r1=1.39.2.17&r2=1.39.2.18
(LP: #221395)
* debian/postinst: Put "NOPASSWD" example at the bottom, so that
uncommenting it will actually work (later entries override former ones).
Also add a comment to point that out. This will only apply to new
installs, though, touching sudoers on upgrades is a no-go. (LP: #131399)
-- Martin Pitt <email address hidden> Wed, 14 May 2008 15:30:00 +0200
| Superseded in intrepid-release |
sudo (1.6.9p12-1ubuntu1) intrepid; urgency=low
* Merge from debian unstable, remaining changes:
- debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu
specific)
- Add debian/sudo_root.8: Explanation of root handling through sudo.
Install it in debian/rules. (Ubuntu specific)
- sudo.c: If the user successfully authenticated and he is in the 'admin'
group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
profile checks for this and displays a short intro about sudo if the
flag is not present. (Ubuntu specific)
- env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept
for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at
some point)
* logging.c: Ignore SIGPIPE when creating an error email, so that non-fatal
error messages (like "unable to resolve local host name") do not lead to
being killed with SIGPIPE if /usr/bin/sendmail does not exist or crashes.
Forwarded upstream to http://www.gratisoft.us/bugzilla/show_bug.cgi?id=285
(LP: #32906)
* env.c: Do not clobber $HOME when not specifying -H or -s. Patch taken from
upstream CVS. (LP: #221395)
* debian/postinst: put "NOPASSWD" example at the bottom, so that
uncommenting it will actually work (later entries override former ones).
(LP: #131399)
sudo (1.6.9p10-1ubuntu3.1) hardy-proposed; urgency=low
* logging.c: Ignore SIGPIPE when creating an error email, so that non-fatal
error messages (like "unable to resolve local host name") do not lead to
being killed with SIGPIPE if /usr/bin/sendmail does not exist or crashes.
(LP: #32906)
-- Martin Pitt <email address hidden> Wed, 30 Apr 2008 13:09:04 +0200
sudo (1.6.9p10-1ubuntu3) hardy; urgency=low
* env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept
for "sudo apt-get ...". This is an EBW workaround for a design problem of
not having a system-wide proxy setting, but in order to not break existing
practice for upgrades we have to live with it for Hardy.
-- Martin Pitt <email address hidden> Mon, 25 Feb 2008 11:35:48 +0100
| Superseded in hardy-release |
sudo (1.6.9p10-1ubuntu2) hardy; urgency=low * No-change rebuild against libldap-2.4-2. -- Steve Langasek <email address hidden> Tue, 22 Jan 2008 17:33:14 +0000
| Superseded in hardy-release |
sudo (1.6.9p10-1ubuntu1) hardy; urgency=low
* Merge with Debian unstable. Remaining Ubuntu changes:
- debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu
specific)
- Add debian/sudo_root.8: Explanation of root handling through sudo.
Install it in debian/rules. (Ubuntu specific)
- sudo.c: If the user successfully authenticated and he is in the 'admin'
group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
profile checks for this and displays a short intro about sudo if the
flag is not present. (Ubuntu specific)
* The password prompt asks for the target user's password now, not the
invoking one's. (LP: #148498)
| Superseded in hardy-release |
sudo (1.6.9p9-1ubuntu1) hardy; urgency=low
* Merge with Debian unstable. Remaining Ubuntu changes:
- debian/prerm: Abort package removal if there is no root password.
(Debian #451241).
- debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu
specific)
- Add debian/sudo_root.8: Explanation of root handling through sudo.
Install it in debian/rules. (Ubuntu specific)
- sudo.c: If the user successfully authenticated and he is in the 'admin'
group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
profile checks for this and displays a short intro about sudo if the
flag is not present. (Ubuntu specific)
* sudo.c, parse.c: Apply a change that was missing from the older upstream
tarball that fixes the upstream solution of "SETENV is implicit for ALL".
We do not want to deviate our orig.tar.gz from Debian's, though.
| Superseded in hardy-release |
sudo (1.6.9p6-1ubuntu1) hardy; urgency=low
* Merge with Debian unstable. Remaining Ubuntu changes:
- debian/prerm: Abort package removal if there is no root password.
Forwarded to Debian #451241.
- sudoers: Add some explanatory text why it is a REALLY good idea to use
visudo. (LP #11620)
Forwarded upstream: http://www.gratisoft.us/bugzilla/show_bug.cgi?id=269
- debian/rules: Disable lecture, enable tty_tickets by default.
- debian/rules: Configure less confusing default password prompt to point
out that it is sudo asking for the user's password, as opposed to
another program like ssh, or asking for the root password. (LP #8556)
Forwarded to Debian #343268.
- Add debian/sudo_root.8: Explanation of root handling through sudo.
Install it in debian/rules.
- sudo.c: If the user successfully authenticated and he is in the 'admin'
group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
profile checks for this and displays a short intro about sudo if the
flag is not present.
* New upstream version 1.6.9 fixes the following bugs:
- Does not ask for password any more if stdin is not a terminal.
(LP: #130636)
- sudo -k/-K does not fail any more if timestamp is in the future.
(LP: #43233)
* Drop our very intrusive patch for selectively cleaning the environment
based on whether the user can execute all commands or only some. Debian
and upstream now default to cleaning the environment unconditionally and
provide option -E and the SETENV tag to override it.
Instead, do a tinpy patch to parse.yacc which enables SETENV implicitly
for 'ALL' commands.
Forwarded upstream: http://www.gratisoft.us/bugzilla/show_bug.cgi?id=268
* sudo.c: Disable i18n for now (upstream enabled it in 1.6.9), since this
causes PAM to output localized password prompts, which in turn breaks -p
and --with-passprompt, which finally breaks gksu. See
http://www.gratisoft.us/bugzilla/show_bug.cgi?id=270 for details.
sudo (1.6.8p12-5ubuntu2) gutsy; urgency=low
* debian/rules: Configure less confusing default password prompt to (a)
point out that it wants to know the user's password (instead of root's or
whichever) and (b) that it is sudo which asks the question (since those
prompts become really unintelligible if the command asks its own password,
such as 'ssh', 'passwd', or 'mount -t cifs'). Do not modify
--with-badpass-message though, since that breaks gksu. Thanks to Marco
Rodrigues, leoquant, and nxvl for the discussion and proposals.
(LP: #8556)
-- Martin Pitt <email address hidden> Fri, 15 Jun 2007 09:22:55 +0200
| Superseded in gutsy-release |
sudo (1.6.8p12-5ubuntu1) gutsy; urgency=low
* Merge to Debian unstable. Remaining Ubuntu changes:
- parse.{h,c,yacc}, sudo.tab.cc, sudo.h, ldap.c, env.c, sudo.c:
Clean up environment variable handling to fix vulns like CVE-2005-4158 and
CVE-2006-0151 once and for all: Only keep known-good variables if user has
limited sudo privileges (blacklist -> whitelist) and keep them all for
users with unlimited command privileges (to not drive admins and
developers up the wall which actually need to pass env variables from time
to time). See 1.6.8p12-1ubuntu1 changelog for details.
- sudoers: Add some explanatory text why it is a REALLY good idea to use
visudo. (LP #11620)
- debian/control, debian/rules: Enable krb5 support, add libkrb5-dev build
dependency. (LP #35001)
- debian/postinst: Disable lecture, enable tty_tickets in default sudoers.
- debian/postinst, debian/sudo-ldap.postinst, debian/rules: Disable init
script, since in Ubuntu /var/run is a tmpfs.
- Add debian/sudo_root.8: Explanation of root handling through sudo.
Install it in debian/rules.
- auth/pam.c: Abort immediately if the user presses ^C at the password
prompt instead of waiting three seconds. (LP #38810, in upstream CVS)
- debian/prerm: Abort package removal if there is no root password.
* debian/control: Set myself as Ubuntu maintainer.
sudo (1.6.8p12-4ubuntu5) edgy; urgency=low
* auth/pam.c:
- Abort immediately if the user presses ^C at the password prompt instead
of waiting three seconds. There is no information to be gained from
doing that, and it's just annoying if one accidentally uses sudo for
something.
- Patch taken from upstream CVS:
http://www.sudo.ws/cgi-bin/cvsweb/sudo/auth/pam.c.diff?r1=1.51&r2=1.52
- Thanks to Anders Kaseorg for the patch!
- Closes: LP#38810
-- Martin Pitt <email address hidden> Mon, 9 Oct 2006 12:01:58 +0200
| Superseded in edgy-release |
sudo (1.6.8p12-4ubuntu4) edgy; urgency=low
* debian/rules: Enable krb5 support (also add libkrb5-dev build dependency).
Closes: LP#35001.
* debian/sudo_root.8: Suggest using visudo instead of editing sudoers
directly. Closes: LP#47849
* debian/sudo_root.8: Mention benefit of not sharing a password.
Closes: LP#48221
* sudo.c: Temporarily drop to user privileges when creating the
.sudo_as_admin_successful stamp to also work on NFS with root squashing.
Closes: LP#49233
-- Martin Pitt <email address hidden> Wed, 23 Aug 2006 18:05:48 +0200
| Superseded in edgy-release |
sudo (1.6.8p12-4ubuntu3) edgy; urgency=low
* sudo.c: Disable 'def_env_reset = TRUE'. This was introduced in 1.6.8p12-2
as Debian's way of treating environment variables safely. We have our own
way with special treatment of unlimited sudo users, so revert this change
to keep all environment variables for unlimited sudoers again.
* debian/prerm:
- Fix bashism and add a note why we need the slightly unusual syntax.
Closes: LP#53273
- Only check the first character of the password against '!' so that we
also catch disabled non-empty root passwords.
-- Martin Pitt <email address hidden> Mon, 17 Jul 2006 20:31:24 +0200
| Superseded in edgy-release |
sudo (1.6.8p12-4ubuntu2) edgy; urgency=low
* Do not ship our pre-generated sudo.tab.c in package diff any more, so that
it gets correctly rebuilt (automatic rebuild was added in 1.6.8p12-2).
Closes: LP#51246)
* debian/rules:
- Remove sudo.tab.[hc] before build to make double sure that it gets
regenerated correctly.
- Fix rebuilding of sudo{,ers}.man.in.
-- Martin Pitt <email address hidden> Thu, 29 Jun 2006 14:09:07 +0200
| Superseded in edgy-release |
sudo (1.6.8p12-4ubuntu1) edgy; urgency=low [ Ongoing Merge Process ] * Merge from debian unstable.
sudo (1.6.8p12-1ubuntu6) dapper; urgency=low
* env.c: Preserve additional environment variables for non-almighty sudoers:
HOME, LOGNAME, DISPLAY, XAUTHORITY, XAUTHORIZATION. Closes: LP#44500
-- Martin Pitt <email address hidden> Wed, 17 May 2006 09:29:15 +0200
| Superseded in dapper-release |
sudo (1.6.8p12-1ubuntu5) dapper; urgency=low
* env.c: Unbreak the env_keep option. Closes: LP#31690
* sudoers: Add some explanatory text why it is a REALLY good idea to use
visudo. Closes: LP#11620
-- Martin Pitt <email address hidden> Tue, 28 Mar 2006 18:52:24 +0200
| Superseded in dapper-release |
sudo (1.6.8p12-1ubuntu4) dapper; urgency=low * Remove the init script, it only cleans up /var/run which is a tmpfs. -- Scott James Remnant <email address hidden> Wed, 22 Feb 2006 16:28:42 +0000
| Superseded in dapper-release |
sudo (1.6.8p12-1ubuntu3) dapper; urgency=low
* Add debian/sudo_root.8: Introduction about root handling in ubuntu with
sudo.
* debian/rules: Install that new manpage into sudo and sudo-ldap.
sudo (1.6.8p12-1ubuntu2) dapper; urgency=low
* sudo.c: If the user successfully authenticated and he is in the 'admin'
group, then create a stamp ~/.sudo_as_admin_successful. A future
/etc/profile will evaluate this flag to display a short help about how to
execute things as root.
-- Martin Pitt <email address hidden> Wed, 18 Jan 2006 09:32:02 +0100
sudo (1.6.8p9-2ubuntu2.3) breezy-security; urgency=low * env.c: Fix typo: PYTHONINSPEC -> PYTHONINSPECT. -- Martin Pitt <email address hidden> Mon, 9 Jan 2006 11:20:12 +0100
sudo (1.6.8p5-1ubuntu2.4) hoary-security; urgency=low * env.c: Fix typo: PYTHONINSPEC -> PYTHONINSPECT. -- Martin Pitt <email address hidden> Mon, 9 Jan 2006 11:18:47 +0100
sudo (1.6.7p5-1ubuntu4.5) warty-security; urgency=low * env.c: Fix typo: PYTHONINSPEC -> PYTHONINSPECT. -- Martin Pitt <email address hidden> Mon, 9 Jan 2006 11:17:20 +0100
| Superseded in breezy-security |
sudo (1.6.8p9-2ubuntu2.2) breezy-security; urgency=low
* SECURITY UPDATE: Privilege escalation.
* env.c: Filter out a whole lot of additional env variables that can lead to
privilege escalation: GLOBIGNORE, JAVA_TOOL_OPTIONS, PERLIO_DEBUG,
PERLLIB, PERL5LIB, PERL5OPT, PERL5DB, FPATH, NULLCMD, READNULLCMD,
ZDOTDIR, TMPPREFIX, PYTHONHOME, PYTHONPATH, PYTHONINSPEC, RUBYLIB,
RUBYOPT. List taken from Mandriva's security update.
* CVE-2005-4158
-- Martin Pitt <email address hidden> Thu, 5 Jan 2006 15:25:45 +0000
| Superseded in hoary-security |
sudo (1.6.8p5-1ubuntu2.3) hoary-security; urgency=low
* SECURITY UPDATE: Privilege escalation.
* env.c: Filter out a whole lot of additional env variables that can lead to
privilege escalation: GLOBIGNORE, JAVA_TOOL_OPTIONS, PERLIO_DEBUG,
PERLLIB, PERL5LIB, PERL5OPT, PERL5DB, FPATH, NULLCMD, READNULLCMD,
ZDOTDIR, TMPPREFIX, PYTHONHOME, PYTHONPATH, PYTHONINSPEC, RUBYLIB,
RUBYOPT. List taken from Mandriva's security update.
* CVE-2005-4158
-- Martin Pitt <email address hidden> Thu, 5 Jan 2006 15:29:26 +0000
| Superseded in warty-security |
sudo (1.6.7p5-1ubuntu4.4) warty-security; urgency=low
* SECURITY UPDATE: Privilege escalation.
* env.c: Filter out a whole lot of additional env variables that can lead to
privilege escalation: GLOBIGNORE, JAVA_TOOL_OPTIONS, PERLIO_DEBUG,
PERLLIB, PERL5LIB, PERL5OPT, PERL5DB, FPATH, NULLCMD, READNULLCMD,
ZDOTDIR, TMPPREFIX, PYTHONHOME, PYTHONPATH, PYTHONINSPEC, RUBYLIB,
RUBYOPT. List taken from Mandriva's security update.
* CVE-2005-4158
-- Martin Pitt <email address hidden> Thu, 5 Jan 2006 16:31:47 +0100
| Superseded in dapper-release |
sudo (1.6.8p9-3ubuntu4) dapper; urgency=low
* Revert addition of sudo -t, i. e. revert to version 1.6.8p9-3ubuntu1. As
per TB discussion, we will not use sudo for implementing
https://wiki.ubuntu.com/HideAdminToolsToUsers.
-- Martin Pitt <email address hidden> Tue, 29 Nov 2005 23:27:42 +0100
| Superseded in breezy-security |
sudo (1.6.8p9-2ubuntu2.1) breezy-security; urgency=low * SECURITY UPDATE: Potential privilege escalation. * env.c: Filter out the SHELLOPTS and PS4 variables. * CVE-2005-2959 -- Martin Pitt <email address hidden> Fri, 28 Oct 2005 14:46:19 -0400
| Obsolete in breezy-release |
sudo (1.6.8p9-2ubuntu2) breezy; urgency=low
* debian/init.d: When resetting the timestamps of the tty tags, actually
touch the files, not the per-user directories. Since bootclean.sh removes
/var/run/* anyway, this is no big deal, but clean it up anyway for the
sake of correctness. (Ubuntu #16594)
-- Martin Pitt <email address hidden> Fri, 30 Sep 2005 09:52:27 +0200
| Superseded in hoary-security |
sudo (1.6.8p5-1ubuntu2.2) hoary-security; urgency=low * SECURITY UPDATE: Potential privilege escalation. * env.c: Filter out the SHELLOPTS and PS4 variables. * CVE-2005-2959 -- Martin Pitt <email address hidden> Fri, 28 Oct 2005 14:55:43 -0400
| Obsolete in hoary-release |
sudo (1.6.8p5-1ubuntu2) hoary; urgency=low
* Add !fqdn to the Defaults so we don't die horribly when localhost doesn't
resolve (Ubuntu: 2772)
-- Thom May <email address hidden> Wed, 2 Mar 2005 20:34:20 +0000
| Superseded in warty-security |
sudo (1.6.7p5-1ubuntu4.3) warty-security; urgency=low * SECURITY UPDATE: Potential privilege escalation. * env.c: Filter out the SHELLOPTS and PS4 variables. * CVE-2005-2959 -- Martin Pitt <email address hidden> Fri, 28 Oct 2005 14:53:11 -0400
| Obsolete in warty-release |
sudo (1.6.7p5-1ubuntu4) warty; urgency=low * Disable lecture by default. (Warty #987) -- Thom May <email address hidden> Wed, 6 Oct 2004 14:31:31 +0100
| 151 → 209 of 209 results | First • Previous • Next • Last |
