Changelog
sudo (1.6.8p12-5ubuntu1) gutsy; urgency=low
* Merge to Debian unstable. Remaining Ubuntu changes:
- parse.{h,c,yacc}, sudo.tab.cc, sudo.h, ldap.c, env.c, sudo.c:
Clean up environment variable handling to fix vulns like CVE-2005-4158 and
CVE-2006-0151 once and for all: Only keep known-good variables if user has
limited sudo privileges (blacklist -> whitelist) and keep them all for
users with unlimited command privileges (to not drive admins and
developers up the wall which actually need to pass env variables from time
to time). See 1.6.8p12-1ubuntu1 changelog for details.
- sudoers: Add some explanatory text why it is a REALLY good idea to use
visudo. (LP #11620)
- debian/control, debian/rules: Enable krb5 support, add libkrb5-dev build
dependency. (LP #35001)
- debian/postinst: Disable lecture, enable tty_tickets in default sudoers.
- debian/postinst, debian/sudo-ldap.postinst, debian/rules: Disable init
script, since in Ubuntu /var/run is a tmpfs.
- Add debian/sudo_root.8: Explanation of root handling through sudo.
Install it in debian/rules.
- auth/pam.c: Abort immediately if the user presses ^C at the password
prompt instead of waiting three seconds. (LP #38810, in upstream CVS)
- debian/prerm: Abort package removal if there is no root password.
* debian/control: Set myself as Ubuntu maintainer.
sudo (1.6.8p12-5) unstable; urgency=low
* update debian/copyright to reflect new upstream URL, closes: #368746
* add sandwich cartoon URL to the README.Debian
* don't remove sudoers on purge. can cause problems when moving between
sudo and sudo-ldap. leaving sudoers around on purge seems like the least
evil choice for now, closes: #401366
* also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
closes: #374509
* accept patch that improves debian/rules from Ted Percival, closes: #382122
* no longer build with --with-exempt=sudo, provide an example entry in the
default sudoers file instead, closes: #296605
* add --with-devel to configure and augment build dependencies so that flex
and yacc files get re-generated on every build, closes: #316249
-- Martin Pitt <email address hidden> Fri, 18 May 2007 17:23:53 +0200