-
sudo (1.6.9p17-1ubuntu2.3) intrepid-security; urgency=low
* SECURITY UPDATE: properly verify path in find_path.c for the 'sudoedit'
pseudo-command when running from the current working directory and
secure_path is disabled
- CVE-2010-XXXX
-- Jamie Strandboge <email address hidden> Wed, 07 Apr 2010 15:49:07 -0500
-
sudo (1.6.9p17-1ubuntu2.2) intrepid-security; urgency=low
* SECURITY UPDATE: properly verify path for the 'sudoedit' pseudo-command
in parse.c
- http://sudo.ws/repos/sudo/rev/f86e1b56d074
- CVE-2010-0426
* SECURITY UPDATE: reset cached supplementary runas groups when changing
the runas user in set_perms.c and sudo.c
- http://sudo.ws/repos/sudo/rev/aa0b6c01c462
- CVE-2010-0427
-- Jamie Strandboge <email address hidden> Thu, 25 Feb 2010 06:49:14 -0600
-
sudo (1.6.9p17-1ubuntu2.1) intrepid-security; urgency=low
* SECURITY UPDATE: privilege escalation via non-default system groups.
- parse.c: upstream fix for CVE-2009-0034:
http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c?r1=1.160.2.21&r2=1.160.2.22
-- Kees Cook <email address hidden> Mon, 16 Feb 2009 12:13:47 -0800
-
sudo (1.6.9p17-1ubuntu2) intrepid; urgency=low
* sudo.c: Drop usage of locale again, to revert back to the 1.6.8 behaviour.
fnmatch() and glob() behave differently under different locales and thus
cause undefined behaviour with (admittedly underspecified) character range
globs such as "[a-Z]". Patch taken from upstream CVS, see
http://www.gratisoft.us/bugzilla/show_bug.cgi?id=296 (LP: #228046)
-- Martin Pitt <email address hidden> Mon, 01 Sep 2008 15:05:52 +0200
-
sudo (1.6.9p17-1ubuntu1) intrepid; urgency=low
* Merge from debian unstable, remaining changes:
- debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu
specific)
- Add debian/sudo_root.8: Explanation of root handling through sudo.
Install it in debian/rules. (Ubuntu specific)
- sudo.c: If the user successfully authenticated and he is in the 'admin'
group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
profile checks for this and displays a short intro about sudo if the
flag is not present. (Ubuntu specific)
- env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept
for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at
some point)
* debian/{rules,postinst,sudo-ldap.postinst}: Disable init script
installation. Debian reintroduced it because /var/run tmpfs is not the
default there, but has been on Ubuntu for ages.
sudo (1.6.9p17-1) unstable; urgency=low
* new upstream version, closes: #481008
* deliver schemas to doc directory in sudo-ldap package, closes: #474331
* re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
in move from CVS to git for package management, closes: #475821
* re-instate the init.d for the sudo-ldap package too... /o\
-- Martin Pitt <email address hidden> Wed, 06 Aug 2008 10:41:58 +0200
-
sudo (1.6.9p15-2ubuntu1) intrepid; urgency=low
* Merge from debian unstable, remaining changes:
- logging.c: Ignore SIGPIPE when creating an error email, so that non-fatal
error messages (like "unable to resolve local host name") do not lead to
being killed with SIGPIPE if /usr/bin/sendmail does not exist or crashes.
(LP #32906, http://www.gratisoft.us/bugzilla/show_bug.cgi?id=285)
- debian/postinst: put "NOPASSWD" example at the bottom, so that
uncommenting it will actually work (later entries override former ones).
(LP #131399, Debian #479616)
- debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu
specific)
- Add debian/sudo_root.8: Explanation of root handling through sudo.
Install it in debian/rules. (Ubuntu specific)
- sudo.c: If the user successfully authenticated and he is in the 'admin'
group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
profile checks for this and displays a short intro about sudo if the
flag is not present. (Ubuntu specific)
- env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept
for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at
some point)
* debian/{rules,postinst}: Disable init script installation. Debian
reintroduced it because /var/run tmpfs is not the default there, but has
been on Ubuntu for ages.
sudo (1.6.9p15-2) unstable; urgency=low
* revert the fix for 388659 such that visudo once again defaults to using
/usr/bin/editor. I was always ambivalent about this change, it has caused
more confusion and frustration than it cured, and I find Justin's line of
reasoning persuasive. Update the man page source to reflect this choice
and the related use of --with-env-editor. Closes: #474197.
* patch from Petter Reinholdtsen to improve init.d, closes: #475821
sudo (1.6.9p15-1) unstable; urgency=low
* new upstream version, closes: #467126, #473337
* remove pointless postrm scripts, leaving debhelper do its thing if needed,
thanks to Justin Pryzby for pointing this out
* reinstate the init.d, since bootclean doesn't quite do what we want. This
also means we don't need the preinst scripts any more. Update the lintian
overrides since postinst is a Perl script lintian apparently isn't parsing
well. closes: #330868
-- Martin Pitt <email address hidden> Wed, 18 Jun 2008 11:41:27 +0200
-
sudo (1.6.9p12-1ubuntu2) intrepid; urgency=low
* debian/postinst: Fix a typo, and add a more helpful comment about the
ordering and overriding. (LP: #131399)
-- Martin Pitt <email address hidden> Wed, 14 May 2008 15:46:24 +0200
-
sudo (1.6.9p12-1ubuntu1) intrepid; urgency=low
* Merge from debian unstable, remaining changes:
- debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu
specific)
- Add debian/sudo_root.8: Explanation of root handling through sudo.
Install it in debian/rules. (Ubuntu specific)
- sudo.c: If the user successfully authenticated and he is in the 'admin'
group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
profile checks for this and displays a short intro about sudo if the
flag is not present. (Ubuntu specific)
- env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept
for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at
some point)
* logging.c: Ignore SIGPIPE when creating an error email, so that non-fatal
error messages (like "unable to resolve local host name") do not lead to
being killed with SIGPIPE if /usr/bin/sendmail does not exist or crashes.
Forwarded upstream to http://www.gratisoft.us/bugzilla/show_bug.cgi?id=285
(LP: #32906)
* env.c: Do not clobber $HOME when not specifying -H or -s. Patch taken from
upstream CVS. (LP: #221395)
* debian/postinst: put "NOPASSWD" example at the bottom, so that
uncommenting it will actually work (later entries override former ones).
(LP: #131399)
sudo (1.6.9p12-1) unstable; urgency=low
* new upstream version, closes: #464890
sudo (1.6.9p11-3) unstable; urgency=low
* patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
sudo (1.6.9p11-2) unstable; urgency=low
* update version compared in preinst when removing obsolete init.d,
closes: #459681
* implement pam session config suggestions from Elizabeth Fong,
closes: #452457, #402329
sudo (1.6.9p11-1) unstable; urgency=low
* new upstream version
-- Martin Pitt <email address hidden> Mon, 05 May 2008 20:31:58 +0200
-
sudo (1.6.9p10-1ubuntu3) hardy; urgency=low
* env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept
for "sudo apt-get ...". This is an EBW workaround for a design problem of
not having a system-wide proxy setting, but in order to not break existing
practice for upgrades we have to live with it for Hardy.
-- Martin Pitt <email address hidden> Mon, 25 Feb 2008 11:35:48 +0100