-
sudo (1.8.5p2-1ubuntu1.2) quantal-security; urgency=medium
* debian/sudo.sudo.init, debian/sudo-ldap.sudo.init: Set timestamps to
epoch in init scripts so they are properly invalidated. (LP: #1223297)
-- Marc Deslauriers <email address hidden> Tue, 11 Mar 2014 07:58:51 -0400
-
sudo (1.8.5p2-1ubuntu1.1) quantal-security; urgency=low
* SECURITY UPDATE: authentication bypass via clock set to epoch
- debian/patches/CVE-2013-1775.patch: ignore time stamp file if it is
set to epoch in plugins/sudoers/check.c.
- CVE-2013-1775
-- Marc Deslauriers <email address hidden> Wed, 27 Feb 2013 13:31:24 -0500
-
sudo (1.8.5p2-1ubuntu1) quantal; urgency=low
* Merge from debian/testing (LP: #1024154), remaining changes:
- debian/patches/keep_home_by_default.patch:
+ Set HOME in initial_keepenv_table.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets (Ubuntu specific)
+ install man/man8/sudo_root.8 in both flavours (Ubuntu specific)
+ install apport hooks
+ The ubuntu-sudo-as-admin-successful.patch was taken upstream by
Debian however it requires a --enable-admin-flag configure flag to
actually enable it in both flavours.
- debian/control:
+ Mark Debian Vcs-* as XS-Debian-Vcs-*
+ update debian/control
- debian/sudoers:
+ grant admin group sudo access
- debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due to
security reasons.
* Dropped changes:
- debian/patches/lp927828-fix-abort-in-pam-modules-when-timestamp-valid.patch
+ Fixed upstream in 1.8.5
- debian/patches/CVE-2012-2337.patch:
+ Fixed upstream in 1.8.4p5
- debian/patches/pam_env_merge.patch:
+ Feature released upstream in 1.8.5
- debian/{sudo,sudo-ldap}.{preinst,postinst,postrm}:
+ Drop Ubuntu-specific sudoers file migration code because the only
upgrade path to quantal is from precise. All necessary sudoers file
migration will have already been done by the time this version of the
sudo package is installed.
sudo (1.8.5p2-1) unstable; urgency=low
* new upstream version
* patch to use flock on hurd, run autoconf in rules, closes: #655883
* patch to avoid calling unlink with null pointer on hurd, closes: #655948
* patch to actually use hardening build flags, closes: #655417
* fix sudo-ldap.postinst syntax issue, closes: #669576
-- Tyler Hicks <email address hidden> Mon, 16 Jul 2012 14:01:42 +0200
-
sudo (1.8.3p2-1ubuntu2) quantal; urgency=low
* debian/patches/pam_env_merge.patch: Merge the PAM environment into the
user environment (LP: #982684)
* debian/sudo.pam: Use pam_env to read /etc/environment and
/etc/default/locale environment files. Reading ~/.pam_environment is not
permitted due to security reasons.
-- Tyler Hicks <email address hidden> Mon, 21 May 2012 00:48:10 -0500
-
sudo (1.8.3p2-1ubuntu1) quantal; urgency=low
* Merge from debian/testing, remaining changes:
- debian/patches/keep_home_by_default.patch:
+ Set HOME in initial_keepenv_table. (rebased for 1.8.3p1)
- debian/patches/lp927828-fix-abort-in-pam-modules-when-timestamp-valid.patch
+ Fix Abort in some PAM modules when timestamp is valid. (LP: #927828)
- debian/patches/CVE-2012-2337.patch: Don't perform IPv6 checks on IPv4
addresses. Based on upstream patch.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets (Ubuntu specific)
+ install man/man8/sudo_root.8 in both flavours (Ubuntu specific)
+ install apport hooks
+ The ubuntu-sudo-as-admin-successful.patch was taken upstream by
Debian however it requires a --enable-admin-flag configure flag to
actually enable it in both flavours.
- debian/control:
+ Mark Debian Vcs-* as XS-Debian-Vcs-*
+ update debian/control
- debian/sudoers:
+ grant admin group sudo access
- debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.preinst:
+ avoid conffile prompt by checking for known default /etc/sudoers
and if found installing the correct default /etc/sudoers file.
Modified for updated default sudoers. Aproach taken is different
from Debian. Maybe this should now be dropped, since an LTS was
released.
* Dropped changes:
- debian/patches/CVE-2012-0809.patch:
+ dropped, included in this new upstream release.
- debian/patches/enable_badpass.patch:
+ dropped as Debian chose to set this by default in the sudoers.
sudo (1.8.3p2-1) unstable; urgency=high
* new upstream version, closes: #657985 (CVE-2012-0809)
* patch from Pino Toscano to only use selinux on Linux, closes: #655894
sudo (1.8.3p1-3) unstable; urgency=low
* patch from Moritz Muehlenhoff enables hardened build flags, closes: #655417
* replacement postinst script from Mike Beattie using shell instead of Perl
* include systemd service file from Michael Stapelberg, closes: #639633
* add init.d status support, closes: #641782
* make sudo-ldap package manage a sudoers entry in nsswitch.conf,
closes: #610600, #639530
* enable mail_badpass in the default sudoers file, closes: #641218
* enable selinux support, closes: #655510
sudo (1.8.3p1-2) unstable; urgency=low
* if upgrading from squeeze, and the sudoers file is unmodified, avoid
the packaging system prompting the user about a change they didn't make
now that sudoers is a conffile, closes: #612532, #636049
* add a recommendation for the use of visudo to the sudoers.d/README file,
closes: #648104
-- Dmitrijs Ledkovs <email address hidden> Tue, 01 May 2012 16:12:45 +0100
-
sudo (1.8.3p1-1ubuntu5) quantal; urgency=low
* SECURITY UPDATE: Properly handle netmasks in sudoers Host and Host_List
values (LP: #1000276)
- debian/patches/CVE-2012-2337.patch: Don't perform IPv6 checks on IPv4
addresses. Based on upstream patch.
- CVE-2012-2337
-- Tyler Hicks <email address hidden> Wed, 16 May 2012 09:42:17 -0500
-
sudo (1.8.3p1-1ubuntu4) quantal; urgency=low
* Fix Abort in some PAM modules when timestamp is valid. (LP: #927828)
-- TJ (Ubuntu Contributions) <email address hidden> Mon, 30 Apr 2012 17:55:27 +0100
-
sudo (1.8.3p1-1ubuntu3) precise; urgency=low
* SECURITY UPDATE: permissions bypass via format string
- debian/patches/CVE-2012-0809.patch: fix format string vulnerability
in src/sudo.c.
- CVE-2012-0809
-- Marc Deslauriers <email address hidden> Tue, 31 Jan 2012 10:25:52 -0500
