Change log for sudo package in Ubuntu
151 → 209 of 209 results | First • Previous • Next • Last |
sudo (1.6.9p10-1ubuntu3.7) hardy-security; urgency=low * SECURITY UPDATE: properly verify path in find_path.c for the 'sudoedit' pseudo-command when running from the current working directory and secure_path is disabled - CVE-2010-XXXX -- Jamie Strandboge <email address hidden> Tue, 13 Apr 2010 12:22:18 -0500
Available diffs
sudo (1.7.2p1-1ubuntu5) lucid; urgency=low * SECURITY UPDATE: properly verify path in find_path.c for the 'sudoedit' pseudo-command when running from the current working directory and secure_path is disabled - CVE-2010-XXXX -- Jamie Strandboge <email address hidden> Wed, 07 Apr 2010 15:35:36 -0500
Available diffs
- diff from 1.7.2p1-1ubuntu4 to 1.7.2p1-1ubuntu5 (676 bytes)
sudo (1.6.9p17-1ubuntu2.3) intrepid-security; urgency=low * SECURITY UPDATE: properly verify path in find_path.c for the 'sudoedit' pseudo-command when running from the current working directory and secure_path is disabled - CVE-2010-XXXX -- Jamie Strandboge <email address hidden> Wed, 07 Apr 2010 15:49:07 -0500
Available diffs
sudo (1.6.9p17-1ubuntu3.2) jaunty-security; urgency=low * SECURITY UPDATE: properly verify path in find_path.c for the 'sudoedit' pseudo-command when running from the current working directory and secure_path is disabled - CVE-2010-XXXX -- Jamie Strandboge <email address hidden> Wed, 07 Apr 2010 15:38:30 -0500
Available diffs
sudo (1.7.0-1ubuntu2.2) karmic-security; urgency=low * SECURITY UPDATE: properly verify path in find_path.c for the 'sudoedit' pseudo-command when running from the current working directory and secure_path is disabled - CVE-2010-XXXX -- Jamie Strandboge <email address hidden> Wed, 07 Apr 2010 15:06:51 -0500
Available diffs
- diff from 1.7.0-1ubuntu2.1 to 1.7.0-1ubuntu2.2 (640 bytes)
Superseded in lucid-release |
sudo (1.7.2p1-1ubuntu4) lucid; urgency=low * env.c: Revert addition of "http_proxy" again. This was an Ubuntu specific EBW hack, caused inconsistencies with other proxy variables (such as https_proxy and ftp_proxy), made sudo incompatible to upstream behaviour/documentation. This is solved in a much better way in apt itself and gnome-network-properties now. (LP: #432631) -- Martin Pitt <email address hidden> Fri, 26 Mar 2010 18:48:18 +0100
Available diffs
- diff from 1.7.2p1-1ubuntu3 to 1.7.2p1-1ubuntu4 (576 bytes)
Superseded in lucid-release |
sudo (1.7.2p1-1ubuntu3) lucid; urgency=low * debian/sudo.postinst, debian/sudo-ldap.postinst: update description to match behaviour in sudoers file. (LP: #534090) -- Marc Deslauriers <email address hidden> Sun, 07 Mar 2010 19:49:39 -0500
Available diffs
- diff from 1.7.2p1-1ubuntu2 to 1.7.2p1-1ubuntu3 (622 bytes)
sudo (1.6.8p12-1ubuntu6.1) dapper-security; urgency=low * SECURITY UPDATE: properly verify path for the 'sudoedit' pseudo-command in parse.c. This only affects users who have recompiled sudo without --secure-path. - http://sudo.ws/repos/sudo/rev/f86e1b56d074 - CVE-2010-0426 -- Jamie Strandboge <email address hidden> Thu, 25 Feb 2010 16:25:22 -0600
Available diffs
sudo (1.7.0-1ubuntu2.1) karmic-security; urgency=low * SECURITY UPDATE: properly verify path for the 'sudoedit' pseudo-command in match.c - http://sudo.ws/repos/sudo/rev/88f3181692fe - CVE-2010-0426 -- Jamie Strandboge <email address hidden> Wed, 24 Feb 2010 16:59:51 -0600
Available diffs
Superseded in lucid-release |
sudo (1.7.2p1-1ubuntu2) lucid; urgency=low * SECURITY UPDATE: properly verify path for the 'sudoedit' pseudo-command in match.c - http://sudo.ws/repos/sudo/rev/88f3181692fe - CVE-2010-0426 -- Jamie Strandboge <email address hidden> Wed, 24 Feb 2010 16:50:11 -0600
Available diffs
- diff from 1.7.2p1-1ubuntu1 to 1.7.2p1-1ubuntu2 (573 bytes)
sudo (1.6.9p17-1ubuntu3.1) jaunty-security; urgency=low * SECURITY UPDATE: properly verify path for the 'sudoedit' pseudo-command in parse.c - http://sudo.ws/repos/sudo/rev/f86e1b56d074 - CVE-2010-0426 * SECURITY UPDATE: reset cached supplementary runas groups when changing the runas user in set_perms.c and sudo.c - http://sudo.ws/repos/sudo/rev/aa0b6c01c462 - CVE-2010-0427 -- Jamie Strandboge <email address hidden> Wed, 24 Feb 2010 17:02:33 -0600
Available diffs
sudo (1.6.9p17-1ubuntu2.2) intrepid-security; urgency=low * SECURITY UPDATE: properly verify path for the 'sudoedit' pseudo-command in parse.c - http://sudo.ws/repos/sudo/rev/f86e1b56d074 - CVE-2010-0426 * SECURITY UPDATE: reset cached supplementary runas groups when changing the runas user in set_perms.c and sudo.c - http://sudo.ws/repos/sudo/rev/aa0b6c01c462 - CVE-2010-0427 -- Jamie Strandboge <email address hidden> Thu, 25 Feb 2010 06:49:14 -0600
Available diffs
sudo (1.6.9p10-1ubuntu3.6) hardy-security; urgency=low * SECURITY UPDATE: properly verify path for the 'sudoedit' pseudo-command in parse.c - http://sudo.ws/repos/sudo/rev/f86e1b56d074 - CVE-2010-0426 * SECURITY UPDATE: reset cached supplementary runas groups when changing the runas user in set_perms.c and sudo.c - http://sudo.ws/repos/sudo/rev/aa0b6c01c462 - CVE-2010-0427 -- Jamie Strandboge <email address hidden> Thu, 25 Feb 2010 06:49:56 -0600
Available diffs
Superseded in lucid-release |
sudo (1.7.2p1-1ubuntu1) lucid; urgency=low * Merge from debian testing. Remaining changes: - debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu specific) - Add debian/sudo_root.8: Explanation of root handling through sudo. Install it in debian/rules. (Ubuntu specific) - sudo.c: If the user successfully authenticated and he is in the 'admin' group, then create a stamp ~/.sudo_as_admin_successful. Our default bash profile checks for this and displays a short intro about sudo if the flag is not present. (Ubuntu specific) - env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at some point) - debian/{rules,postinst,sudo-ldap.postinst}: Disable init script installation. Debian reintroduced it because /var/run tmpfs is not the default there, but has been on Ubuntu for ages. - debian/{source_sudo.py,rules,sudo-ldap.dirs,sudo.dirs}: Add apport hook
Available diffs
- diff from 1.7.0-1ubuntu3 to 1.7.2p1-1ubuntu1 (124.3 KiB)
Superseded in lucid-release |
sudo (1.7.0-1ubuntu3) lucid; urgency=low * debian/{source_sudo.py,rules}: Add apport hook -- Marc Deslauriers <email address hidden> Fri, 29 Jan 2010 09:31:00 -0500
Available diffs
sudo (1.6.9p10-1ubuntu3.5) hardy-proposed; urgency=low * debian/rules: - add /usr/lib/kde4/bin to secure_path (LP: #191264) -- Mackenzie Morgan <email address hidden> Thu, 23 Jul 2009 12:32:28 -0400
Available diffs
sudo (1.7.0-1ubuntu2) karmic; urgency=low * env.c: add logic similar to pam_env's stripping of single and double quotes around /etc/environment env vars; fixes literal quotes in LANG when using sudo -i; LP: #387262. -- Loic Minier <email address hidden> Mon, 22 Jun 2009 18:03:45 +0200
Available diffs
- diff from 1.7.0-1ubuntu1 to 1.7.0-1ubuntu2 (860 bytes)
Superseded in karmic-release |
sudo (1.7.0-1ubuntu1) karmic; urgency=low * Merge from debian unstable, remaining changes: - debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu specific) - Add debian/sudo_root.8: Explanation of root handling through sudo. Install it in debian/rules. (Ubuntu specific) - sudo.c: If the user successfully authenticated and he is in the 'admin' group, then create a stamp ~/.sudo_as_admin_successful. Our default bash profile checks for this and displays a short intro about sudo if the flag is not present. (Ubuntu specific) - env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at some point) - debian/{rules,postinst,sudo-ldap.postinst}: Disable init script installation. Debian reintroduced it because /var/run tmpfs is not the default there, but has been on Ubuntu for ages.
Available diffs
- diff from 1.6.9p17-1ubuntu3 to 1.7.0-1ubuntu1 (506.0 KiB)
sudo (1.6.9p17-1ubuntu3) jaunty; urgency=low * SECURITY UPDATE: privilege escalation via non-default system groups. - parse.c: upstream fix for CVE-2009-0034: http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c?r1=1.160.2.21&r2=1.160.2.22 -- Kees Cook <email address hidden> Mon, 16 Feb 2009 12:13:47 -0800
Available diffs
- diff from 1.6.9p17-1ubuntu2 to 1.6.9p17-1ubuntu3 (674 bytes)
sudo (1.6.9p10-1ubuntu3.4) hardy-security; urgency=low * SECURITY UPDATE: privilege escalation via non-default system groups. - parse.c: upstream fix for CVE-2009-0034: http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c?r1=1.160.2.21&r2=1.160.2.22 -- Kees Cook <email address hidden> Mon, 16 Feb 2009 12:13:47 -0800
Available diffs
sudo (1.6.9p17-1ubuntu2.1) intrepid-security; urgency=low * SECURITY UPDATE: privilege escalation via non-default system groups. - parse.c: upstream fix for CVE-2009-0034: http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c?r1=1.160.2.21&r2=1.160.2.22 -- Kees Cook <email address hidden> Mon, 16 Feb 2009 12:13:47 -0800
Available diffs
sudo (1.6.9p10-1ubuntu3.3) hardy-proposed; urgency=low * sudo.c: Drop usage of locale again, to revert back to the 1.6.8 behaviour. fnmatch() and glob() behave differently under different locales and thus cause undefined behaviour with (admittedly underspecified) character range globs such as "[a-Z]". Patch taken from upstream CVS, see http://www.gratisoft.us/bugzilla/show_bug.cgi?id=296 (LP: #228046) -- Martin Pitt <email address hidden> Mon, 01 Sep 2008 13:12:14 +0000
Available diffs
sudo (1.6.9p17-1ubuntu2) intrepid; urgency=low * sudo.c: Drop usage of locale again, to revert back to the 1.6.8 behaviour. fnmatch() and glob() behave differently under different locales and thus cause undefined behaviour with (admittedly underspecified) character range globs such as "[a-Z]". Patch taken from upstream CVS, see http://www.gratisoft.us/bugzilla/show_bug.cgi?id=296 (LP: #228046) -- Martin Pitt <email address hidden> Mon, 01 Sep 2008 15:05:52 +0200
Available diffs
- diff from 1.6.9p17-1ubuntu1 to 1.6.9p17-1ubuntu2 (606 bytes)
Superseded in intrepid-release |
sudo (1.6.9p17-1ubuntu1) intrepid; urgency=low * Merge from debian unstable, remaining changes: - debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu specific) - Add debian/sudo_root.8: Explanation of root handling through sudo. Install it in debian/rules. (Ubuntu specific) - sudo.c: If the user successfully authenticated and he is in the 'admin' group, then create a stamp ~/.sudo_as_admin_successful. Our default bash profile checks for this and displays a short intro about sudo if the flag is not present. (Ubuntu specific) - env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at some point) * debian/{rules,postinst,sudo-ldap.postinst}: Disable init script installation. Debian reintroduced it because /var/run tmpfs is not the default there, but has been on Ubuntu for ages.
Available diffs
Superseded in intrepid-release |
sudo (1.6.9p15-2ubuntu1) intrepid; urgency=low * Merge from debian unstable, remaining changes: - logging.c: Ignore SIGPIPE when creating an error email, so that non-fatal error messages (like "unable to resolve local host name") do not lead to being killed with SIGPIPE if /usr/bin/sendmail does not exist or crashes. (LP #32906, http://www.gratisoft.us/bugzilla/show_bug.cgi?id=285) - debian/postinst: put "NOPASSWD" example at the bottom, so that uncommenting it will actually work (later entries override former ones). (LP #131399, Debian #479616) - debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu specific) - Add debian/sudo_root.8: Explanation of root handling through sudo. Install it in debian/rules. (Ubuntu specific) - sudo.c: If the user successfully authenticated and he is in the 'admin' group, then create a stamp ~/.sudo_as_admin_successful. Our default bash profile checks for this and displays a short intro about sudo if the flag is not present. (Ubuntu specific) - env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at some point) * debian/{rules,postinst}: Disable init script installation. Debian reintroduced it because /var/run tmpfs is not the default there, but has been on Ubuntu for ages.
Available diffs
Superseded in intrepid-release |
sudo (1.6.9p12-1ubuntu2) intrepid; urgency=low * debian/postinst: Fix a typo, and add a more helpful comment about the ordering and overriding. (LP: #131399) -- Martin Pitt <email address hidden> Wed, 14 May 2008 15:46:24 +0200
sudo (1.6.9p10-1ubuntu3.2) hardy-proposed; urgency=low * env.c: Do not reset $HOME. sudo's documentation specifies that $HOME is not changed unless -H/-s is specified, and behaved that way until Gutsy (thus this is a regression). Fix backported from latest sudo release: http://www.sudo.ws/cgi-bin/cvsweb/sudo/env.c.diff?r1=1.39.2.17&r2=1.39.2.18 (LP: #221395) * debian/postinst: Put "NOPASSWD" example at the bottom, so that uncommenting it will actually work (later entries override former ones). Also add a comment to point that out. This will only apply to new installs, though, touching sudoers on upgrades is a no-go. (LP: #131399) -- Martin Pitt <email address hidden> Wed, 14 May 2008 15:30:00 +0200
Superseded in intrepid-release |
sudo (1.6.9p12-1ubuntu1) intrepid; urgency=low * Merge from debian unstable, remaining changes: - debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu specific) - Add debian/sudo_root.8: Explanation of root handling through sudo. Install it in debian/rules. (Ubuntu specific) - sudo.c: If the user successfully authenticated and he is in the 'admin' group, then create a stamp ~/.sudo_as_admin_successful. Our default bash profile checks for this and displays a short intro about sudo if the flag is not present. (Ubuntu specific) - env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at some point) * logging.c: Ignore SIGPIPE when creating an error email, so that non-fatal error messages (like "unable to resolve local host name") do not lead to being killed with SIGPIPE if /usr/bin/sendmail does not exist or crashes. Forwarded upstream to http://www.gratisoft.us/bugzilla/show_bug.cgi?id=285 (LP: #32906) * env.c: Do not clobber $HOME when not specifying -H or -s. Patch taken from upstream CVS. (LP: #221395) * debian/postinst: put "NOPASSWD" example at the bottom, so that uncommenting it will actually work (later entries override former ones). (LP: #131399)
sudo (1.6.9p10-1ubuntu3.1) hardy-proposed; urgency=low * logging.c: Ignore SIGPIPE when creating an error email, so that non-fatal error messages (like "unable to resolve local host name") do not lead to being killed with SIGPIPE if /usr/bin/sendmail does not exist or crashes. (LP: #32906) -- Martin Pitt <email address hidden> Wed, 30 Apr 2008 13:09:04 +0200
sudo (1.6.9p10-1ubuntu3) hardy; urgency=low * env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept for "sudo apt-get ...". This is an EBW workaround for a design problem of not having a system-wide proxy setting, but in order to not break existing practice for upgrades we have to live with it for Hardy. -- Martin Pitt <email address hidden> Mon, 25 Feb 2008 11:35:48 +0100
Superseded in hardy-release |
sudo (1.6.9p10-1ubuntu2) hardy; urgency=low * No-change rebuild against libldap-2.4-2. -- Steve Langasek <email address hidden> Tue, 22 Jan 2008 17:33:14 +0000
Superseded in hardy-release |
sudo (1.6.9p10-1ubuntu1) hardy; urgency=low * Merge with Debian unstable. Remaining Ubuntu changes: - debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu specific) - Add debian/sudo_root.8: Explanation of root handling through sudo. Install it in debian/rules. (Ubuntu specific) - sudo.c: If the user successfully authenticated and he is in the 'admin' group, then create a stamp ~/.sudo_as_admin_successful. Our default bash profile checks for this and displays a short intro about sudo if the flag is not present. (Ubuntu specific) * The password prompt asks for the target user's password now, not the invoking one's. (LP: #148498)
Superseded in hardy-release |
sudo (1.6.9p9-1ubuntu1) hardy; urgency=low * Merge with Debian unstable. Remaining Ubuntu changes: - debian/prerm: Abort package removal if there is no root password. (Debian #451241). - debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu specific) - Add debian/sudo_root.8: Explanation of root handling through sudo. Install it in debian/rules. (Ubuntu specific) - sudo.c: If the user successfully authenticated and he is in the 'admin' group, then create a stamp ~/.sudo_as_admin_successful. Our default bash profile checks for this and displays a short intro about sudo if the flag is not present. (Ubuntu specific) * sudo.c, parse.c: Apply a change that was missing from the older upstream tarball that fixes the upstream solution of "SETENV is implicit for ALL". We do not want to deviate our orig.tar.gz from Debian's, though.
Superseded in hardy-release |
sudo (1.6.9p6-1ubuntu1) hardy; urgency=low * Merge with Debian unstable. Remaining Ubuntu changes: - debian/prerm: Abort package removal if there is no root password. Forwarded to Debian #451241. - sudoers: Add some explanatory text why it is a REALLY good idea to use visudo. (LP #11620) Forwarded upstream: http://www.gratisoft.us/bugzilla/show_bug.cgi?id=269 - debian/rules: Disable lecture, enable tty_tickets by default. - debian/rules: Configure less confusing default password prompt to point out that it is sudo asking for the user's password, as opposed to another program like ssh, or asking for the root password. (LP #8556) Forwarded to Debian #343268. - Add debian/sudo_root.8: Explanation of root handling through sudo. Install it in debian/rules. - sudo.c: If the user successfully authenticated and he is in the 'admin' group, then create a stamp ~/.sudo_as_admin_successful. Our default bash profile checks for this and displays a short intro about sudo if the flag is not present. * New upstream version 1.6.9 fixes the following bugs: - Does not ask for password any more if stdin is not a terminal. (LP: #130636) - sudo -k/-K does not fail any more if timestamp is in the future. (LP: #43233) * Drop our very intrusive patch for selectively cleaning the environment based on whether the user can execute all commands or only some. Debian and upstream now default to cleaning the environment unconditionally and provide option -E and the SETENV tag to override it. Instead, do a tinpy patch to parse.yacc which enables SETENV implicitly for 'ALL' commands. Forwarded upstream: http://www.gratisoft.us/bugzilla/show_bug.cgi?id=268 * sudo.c: Disable i18n for now (upstream enabled it in 1.6.9), since this causes PAM to output localized password prompts, which in turn breaks -p and --with-passprompt, which finally breaks gksu. See http://www.gratisoft.us/bugzilla/show_bug.cgi?id=270 for details.
sudo (1.6.8p12-5ubuntu2) gutsy; urgency=low * debian/rules: Configure less confusing default password prompt to (a) point out that it wants to know the user's password (instead of root's or whichever) and (b) that it is sudo which asks the question (since those prompts become really unintelligible if the command asks its own password, such as 'ssh', 'passwd', or 'mount -t cifs'). Do not modify --with-badpass-message though, since that breaks gksu. Thanks to Marco Rodrigues, leoquant, and nxvl for the discussion and proposals. (LP: #8556) -- Martin Pitt <email address hidden> Fri, 15 Jun 2007 09:22:55 +0200
Superseded in gutsy-release |
sudo (1.6.8p12-5ubuntu1) gutsy; urgency=low * Merge to Debian unstable. Remaining Ubuntu changes: - parse.{h,c,yacc}, sudo.tab.cc, sudo.h, ldap.c, env.c, sudo.c: Clean up environment variable handling to fix vulns like CVE-2005-4158 and CVE-2006-0151 once and for all: Only keep known-good variables if user has limited sudo privileges (blacklist -> whitelist) and keep them all for users with unlimited command privileges (to not drive admins and developers up the wall which actually need to pass env variables from time to time). See 1.6.8p12-1ubuntu1 changelog for details. - sudoers: Add some explanatory text why it is a REALLY good idea to use visudo. (LP #11620) - debian/control, debian/rules: Enable krb5 support, add libkrb5-dev build dependency. (LP #35001) - debian/postinst: Disable lecture, enable tty_tickets in default sudoers. - debian/postinst, debian/sudo-ldap.postinst, debian/rules: Disable init script, since in Ubuntu /var/run is a tmpfs. - Add debian/sudo_root.8: Explanation of root handling through sudo. Install it in debian/rules. - auth/pam.c: Abort immediately if the user presses ^C at the password prompt instead of waiting three seconds. (LP #38810, in upstream CVS) - debian/prerm: Abort package removal if there is no root password. * debian/control: Set myself as Ubuntu maintainer.
sudo (1.6.8p12-4ubuntu5) edgy; urgency=low * auth/pam.c: - Abort immediately if the user presses ^C at the password prompt instead of waiting three seconds. There is no information to be gained from doing that, and it's just annoying if one accidentally uses sudo for something. - Patch taken from upstream CVS: http://www.sudo.ws/cgi-bin/cvsweb/sudo/auth/pam.c.diff?r1=1.51&r2=1.52 - Thanks to Anders Kaseorg for the patch! - Closes: LP#38810 -- Martin Pitt <email address hidden> Mon, 9 Oct 2006 12:01:58 +0200
Superseded in edgy-release |
sudo (1.6.8p12-4ubuntu4) edgy; urgency=low * debian/rules: Enable krb5 support (also add libkrb5-dev build dependency). Closes: LP#35001. * debian/sudo_root.8: Suggest using visudo instead of editing sudoers directly. Closes: LP#47849 * debian/sudo_root.8: Mention benefit of not sharing a password. Closes: LP#48221 * sudo.c: Temporarily drop to user privileges when creating the .sudo_as_admin_successful stamp to also work on NFS with root squashing. Closes: LP#49233 -- Martin Pitt <email address hidden> Wed, 23 Aug 2006 18:05:48 +0200
Superseded in edgy-release |
sudo (1.6.8p12-4ubuntu3) edgy; urgency=low * sudo.c: Disable 'def_env_reset = TRUE'. This was introduced in 1.6.8p12-2 as Debian's way of treating environment variables safely. We have our own way with special treatment of unlimited sudo users, so revert this change to keep all environment variables for unlimited sudoers again. * debian/prerm: - Fix bashism and add a note why we need the slightly unusual syntax. Closes: LP#53273 - Only check the first character of the password against '!' so that we also catch disabled non-empty root passwords. -- Martin Pitt <email address hidden> Mon, 17 Jul 2006 20:31:24 +0200
Superseded in edgy-release |
sudo (1.6.8p12-4ubuntu2) edgy; urgency=low * Do not ship our pre-generated sudo.tab.c in package diff any more, so that it gets correctly rebuilt (automatic rebuild was added in 1.6.8p12-2). Closes: LP#51246) * debian/rules: - Remove sudo.tab.[hc] before build to make double sure that it gets regenerated correctly. - Fix rebuilding of sudo{,ers}.man.in. -- Martin Pitt <email address hidden> Thu, 29 Jun 2006 14:09:07 +0200
Superseded in edgy-release |
sudo (1.6.8p12-4ubuntu1) edgy; urgency=low [ Ongoing Merge Process ] * Merge from debian unstable.
sudo (1.6.8p12-1ubuntu6) dapper; urgency=low * env.c: Preserve additional environment variables for non-almighty sudoers: HOME, LOGNAME, DISPLAY, XAUTHORITY, XAUTHORIZATION. Closes: LP#44500 -- Martin Pitt <email address hidden> Wed, 17 May 2006 09:29:15 +0200
Superseded in dapper-release |
sudo (1.6.8p12-1ubuntu5) dapper; urgency=low * env.c: Unbreak the env_keep option. Closes: LP#31690 * sudoers: Add some explanatory text why it is a REALLY good idea to use visudo. Closes: LP#11620 -- Martin Pitt <email address hidden> Tue, 28 Mar 2006 18:52:24 +0200
Superseded in dapper-release |
sudo (1.6.8p12-1ubuntu4) dapper; urgency=low * Remove the init script, it only cleans up /var/run which is a tmpfs. -- Scott James Remnant <email address hidden> Wed, 22 Feb 2006 16:28:42 +0000
Superseded in dapper-release |
sudo (1.6.8p12-1ubuntu3) dapper; urgency=low * Add debian/sudo_root.8: Introduction about root handling in ubuntu with sudo. * debian/rules: Install that new manpage into sudo and sudo-ldap.
sudo (1.6.8p12-1ubuntu2) dapper; urgency=low * sudo.c: If the user successfully authenticated and he is in the 'admin' group, then create a stamp ~/.sudo_as_admin_successful. A future /etc/profile will evaluate this flag to display a short help about how to execute things as root. -- Martin Pitt <email address hidden> Wed, 18 Jan 2006 09:32:02 +0100
sudo (1.6.8p9-2ubuntu2.3) breezy-security; urgency=low * env.c: Fix typo: PYTHONINSPEC -> PYTHONINSPECT. -- Martin Pitt <email address hidden> Mon, 9 Jan 2006 11:20:12 +0100
sudo (1.6.8p5-1ubuntu2.4) hoary-security; urgency=low * env.c: Fix typo: PYTHONINSPEC -> PYTHONINSPECT. -- Martin Pitt <email address hidden> Mon, 9 Jan 2006 11:18:47 +0100
sudo (1.6.7p5-1ubuntu4.5) warty-security; urgency=low * env.c: Fix typo: PYTHONINSPEC -> PYTHONINSPECT. -- Martin Pitt <email address hidden> Mon, 9 Jan 2006 11:17:20 +0100
Superseded in breezy-security |
sudo (1.6.8p9-2ubuntu2.2) breezy-security; urgency=low * SECURITY UPDATE: Privilege escalation. * env.c: Filter out a whole lot of additional env variables that can lead to privilege escalation: GLOBIGNORE, JAVA_TOOL_OPTIONS, PERLIO_DEBUG, PERLLIB, PERL5LIB, PERL5OPT, PERL5DB, FPATH, NULLCMD, READNULLCMD, ZDOTDIR, TMPPREFIX, PYTHONHOME, PYTHONPATH, PYTHONINSPEC, RUBYLIB, RUBYOPT. List taken from Mandriva's security update. * CVE-2005-4158 -- Martin Pitt <email address hidden> Thu, 5 Jan 2006 15:25:45 +0000
Superseded in hoary-security |
sudo (1.6.8p5-1ubuntu2.3) hoary-security; urgency=low * SECURITY UPDATE: Privilege escalation. * env.c: Filter out a whole lot of additional env variables that can lead to privilege escalation: GLOBIGNORE, JAVA_TOOL_OPTIONS, PERLIO_DEBUG, PERLLIB, PERL5LIB, PERL5OPT, PERL5DB, FPATH, NULLCMD, READNULLCMD, ZDOTDIR, TMPPREFIX, PYTHONHOME, PYTHONPATH, PYTHONINSPEC, RUBYLIB, RUBYOPT. List taken from Mandriva's security update. * CVE-2005-4158 -- Martin Pitt <email address hidden> Thu, 5 Jan 2006 15:29:26 +0000
Superseded in warty-security |
sudo (1.6.7p5-1ubuntu4.4) warty-security; urgency=low * SECURITY UPDATE: Privilege escalation. * env.c: Filter out a whole lot of additional env variables that can lead to privilege escalation: GLOBIGNORE, JAVA_TOOL_OPTIONS, PERLIO_DEBUG, PERLLIB, PERL5LIB, PERL5OPT, PERL5DB, FPATH, NULLCMD, READNULLCMD, ZDOTDIR, TMPPREFIX, PYTHONHOME, PYTHONPATH, PYTHONINSPEC, RUBYLIB, RUBYOPT. List taken from Mandriva's security update. * CVE-2005-4158 -- Martin Pitt <email address hidden> Thu, 5 Jan 2006 16:31:47 +0100
Superseded in dapper-release |
sudo (1.6.8p9-3ubuntu4) dapper; urgency=low * Revert addition of sudo -t, i. e. revert to version 1.6.8p9-3ubuntu1. As per TB discussion, we will not use sudo for implementing https://wiki.ubuntu.com/HideAdminToolsToUsers. -- Martin Pitt <email address hidden> Tue, 29 Nov 2005 23:27:42 +0100
Superseded in breezy-security |
sudo (1.6.8p9-2ubuntu2.1) breezy-security; urgency=low * SECURITY UPDATE: Potential privilege escalation. * env.c: Filter out the SHELLOPTS and PS4 variables. * CVE-2005-2959 -- Martin Pitt <email address hidden> Fri, 28 Oct 2005 14:46:19 -0400
Obsolete in breezy-release |
sudo (1.6.8p9-2ubuntu2) breezy; urgency=low * debian/init.d: When resetting the timestamps of the tty tags, actually touch the files, not the per-user directories. Since bootclean.sh removes /var/run/* anyway, this is no big deal, but clean it up anyway for the sake of correctness. (Ubuntu #16594) -- Martin Pitt <email address hidden> Fri, 30 Sep 2005 09:52:27 +0200
Superseded in hoary-security |
sudo (1.6.8p5-1ubuntu2.2) hoary-security; urgency=low * SECURITY UPDATE: Potential privilege escalation. * env.c: Filter out the SHELLOPTS and PS4 variables. * CVE-2005-2959 -- Martin Pitt <email address hidden> Fri, 28 Oct 2005 14:55:43 -0400
Obsolete in hoary-release |
sudo (1.6.8p5-1ubuntu2) hoary; urgency=low * Add !fqdn to the Defaults so we don't die horribly when localhost doesn't resolve (Ubuntu: 2772) -- Thom May <email address hidden> Wed, 2 Mar 2005 20:34:20 +0000
Superseded in warty-security |
sudo (1.6.7p5-1ubuntu4.3) warty-security; urgency=low * SECURITY UPDATE: Potential privilege escalation. * env.c: Filter out the SHELLOPTS and PS4 variables. * CVE-2005-2959 -- Martin Pitt <email address hidden> Fri, 28 Oct 2005 14:53:11 -0400
Obsolete in warty-release |
sudo (1.6.7p5-1ubuntu4) warty; urgency=low * Disable lecture by default. (Warty #987) -- Thom May <email address hidden> Wed, 6 Oct 2004 14:31:31 +0100
151 → 209 of 209 results | First • Previous • Next • Last |