Ubuntu
sudo package

Merge ~danilogondolfo/ubuntu/+source/sudo:merge_mantic_lp2025655 into ubuntu/+source/sudo:debian/sid

Proposed by Danilo Egea Gondolfo on 2023-07-05

Status:

Needs review

Proposed branch:

~danilogondolfo/ubuntu/+source/sudo:merge_mantic_lp2025655

Merge into:

ubuntu/+source/sudo:debian/sid

Diff against target:

1847 lines (+1424/-52)

11 files modified

debian/changelog (+1253/-0)
debian/control (+2/-1)
debian/etc/pam.d/sudo (+3/-0)
debian/etc/pam.d/sudo-i (+3/-0)
debian/etc/sudoers (+4/-1)
debian/sudo-ldap.manpages (+1/-0)
debian/sudo.manpages (+1/-0)
debian/sudo_root.8 (+138/-0)
debian/tests/04-getroot-sssd (+11/-0)
debian/tests/control (+8/-4)
dev/null (+0/-46)

Undecided

Fix Released

Link a bug report

Reviewer	Date Requested	Status
Christian Ehrhardt  (community)	2023-07-05	Approve on 2023-07-14
Steve Langasek	2023-07-12	Pending
git-ubuntu import	2023-07-05	Pending
Review via email: mp+446052@code.launchpad.net

Revision history for this message

Athos Ribeiro (athos-ribeiro) wrote on 2023-07-07:

Hi Danilo,

Did you follow the process described in https://github.com/canonical/ubuntu-maintainers-handbook/blob/main/PackageMerging.md?

If so, would you mind also pushing the tags generated through that merge process?

Revision history for this message

Danilo Egea Gondolfo (danilogondolfo) wrote on 2023-07-10:

Hi Athos,

I didn't. I did the merge and reconstructed the git history manually so I don't have the tags created by git ubuntu merge... I did that for all my recent merges actually. But I'll fully adopt the process for my next merges.

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2023-07-10:

(patch pilot of the day) Ok, I'll try to see what i can do without ...

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2023-07-10:

Download full text (4.5 KiB)

FYI This kind of is the second run of https://code.launchpad.net/~danilogondolfo/ubuntu/+source/sudo/+git/sudo/+merge/443422

Sadly without pushing any tags (or anything else representing the old history) I have a hard time to compare and ensure this is a correct merge. Essentially I'll have to do the same effort again.
To explain - with you doing that I can compare your split to what is in Ubuntu, if that is the same I can compare what you have put on top of latest Debian with the delta we had on top of the former Debian.
Just wanted to explain why it helps to provide your git history of the old delta :-)

Ok, this is messy enough - I can give you a few comments for things to

0. Please provide the split delta on top of current Ubuntu as it would help.
I've seen that 1.9.13p3-1ubuntu1 is from you as well, shouldn't that be somewhere.
I found this branch and it is split \o/
So that is what I'll use.

---

1. In the old changelog you had:
      - debian/control:
        + Drop Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1)
        (for context see LP 1915250)

In the commit this was actually the change
-Maintainer: Sudo Maintainers <email address hidden>
+Maintainer: Ubuntu Developers <email address hidden>

Now this is confusing.

I see that the new merge has a proper "Update maintainer" commit. (f3d882bd)

And now that I found all that I realize why it isn't mentioned in changelog.

Other people might be confused and run into a rabbit hole here.
You should IMHO mention this in the changelog like for example:
  20 * Dropped changes
  21 - Drop Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1)
  22 [ This wasn't in the former Ubuntu version, just mentioned
  23 in the changelog by accident ]

---

2. In new changelog, but not mentioned as added:
      - debian/tests/04-getroot-sssd:
        + wait for 2 seconds before trying to access the slapd daemon.
          In some situations, the next command (ldapmodify) runs before
          the service is ready.

Prepend this by something like
* Added changes
Because without it is listed under "Remaining" which isn't true.

---

3. the fix of debian/tests/04-getroot-sssd itself

There is no bug reference, no nothing.
I have to assume that the test failed autopktest.
You have to understand any "sleep x" causes allergic reactions.
What if tomorrow the machine is slower, then it fails again.

It would be much better (and I'd ask to add this instead) to do

# 1. Start the server as you already do
slapd -h "ldaps:/// ldapi:///" -g openldap -u openldap -F /etc/ldap/slapd.d
# 2. check if it is ready
$ ldapwhoami -Y external -H ldapi:///

This is not doing anything (no-op) but will deliver

root@m:~# ldapwhoami -Y external -H ldapi:///
ldap_sasl_interactive_bind: Can't contact LDAP server (-1)
root@m:~# echo $?
255

root@m:~# ldapwhoami -Y external -H ldapi:///
SASL/EXTERNAL authentication started
SASL use...

FYI This kind of is the second run of https://code.launchpad.net/~danilogondolfo/ubuntu/+source/sudo/+git/sudo/+merge/443422

Ok, this is messy enough - I can give you a few comments for things to

---

1. In the old changelog you had:
      - debian/control:                                                            
        + Drop Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1)                  
        (for context see LP 1915250)

In the commit this was actually the change
-Maintainer: Sudo Maintainers <sudo@packages.debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>

Now this is confusing.

I see that the new merge has a proper "Update maintainer" commit. (f3d882bd)

And now that I found all that I realize why it isn't mentioned in changelog.

Other people might be confused and run into a rabbit hole here.
You should IMHO mention this in the changelog like for example:
  20   * Dropped changes                                                              
  21     - Drop Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1)                    
  22       [ This wasn't in the former Ubuntu version, just mentioned                    
  23         in the changelog by accident ]

---

2. In new changelog, but not mentioned as added:
      - debian/tests/04-getroot-sssd:                                              
        + wait for 2 seconds before trying to access the slapd daemon.             
          In some situations, the next command (ldapmodify) runs before            
          the service is ready.

Prepend this by something like
  * Added changes
Because without it is listed under "Remaining" which isn't true.

---

3. the fix of debian/tests/04-getroot-sssd itself

It would be much better (and I'd ask to add this instead) to do

# 1. Start the server as you already do
slapd -h "ldaps:/// ldapi:///" -g openldap -u openldap -F /etc/ldap/slapd.d
# 2. check if it is ready
$ ldapwhoami -Y external -H ldapi:///

This is not doing anything (no-op) but will deliver

root@m:~# ldapwhoami -Y external -H ldapi:///
ldap_sasl_interactive_bind: Can't contact LDAP server (-1)
root@m:~# echo $?
255

root@m:~# ldapwhoami -Y external -H ldapi:///
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn:gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
root@m:~# echo $?
0

So with that you can differentiate good/bad case before the test goes on.
Do that in a loop with a much longer overall timeout.
Then you can be sure it is not failing again another day / another platform.

---

4. commit messages

You used to have commit messages that you could directly re-use as d/changelog entries in
1.9.13p3-1ubuntu1
But now you have changed them all, example:

1:  29450519 ! 1:  7089bfc9 - debian/sudo[-ldap].manpages: install man/man8/sudo_root.8
    @@ Metadata
     Author: Danilo Egea Gondolfo <danilogondolfo@gmail.com>
     
      ## Commit message ##
    -    - debian/sudo[-ldap].manpages: install man/man8/sudo_root.8
    +    debian/sudo[-ldap].manpages: install man/man8/sudo_root.8
     
      ## debian/sudo-ldap.manpages (new) ##
     @@

This isn't strictly required, but I personally prefer the former form.
As then people can just re-merge with tooling without any manual interaction.

---

I didn't find more in
$ git range-diff pkg/import/1.9.13p3-1..OLD-UBUNTU pkg/import/1.9.13p3-3..danilogondolfo/merge_mantic_lp2025655

So it should be good after fixing the above.

Please ping back the next patch pilot or me or Athos for re-review once this was adressed.

review: Needs Fixing

Revision history for this message

Danilo Egea Gondolfo (danilogondolfo) wrote on 2023-07-11:

Hi Christian, thanks a lot for looking at this (and for the lesson).

I tried to address all your comments. I'll start following the git ubuntu merge process from now on. Doing it manually was how I learned when I started doing it few months ago and I think it's quick and simple enough (and nobody complained until the patch pilot started :P) so I guess I was resisting adopting git ubuntu merge.

I replaced the sleep with a loop checking if slapd is responding, you can see the retry being triggered once here https://autopkgtest.ubuntu.com/results/autopkgtest-mantic-danilogondolfo-sudo2/mantic/ppc64el/s/sudo/20230711_210349_531f6@/log.gz
I also created a bug report about the problem.

The simple sleep is already used somewhere else in the same script so I just went for the simpler solution as slapd would very much likely be ready in 2 seconds in most of the situations, unless the system is completely dying...

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2023-07-13:

Hey Danilo,
to be clear I'm not at all insisting on you using the full git ubuntu workflow - that is and should be entirely up to you.

But if sometimes - due to not using it - I can not (or only with many hours of extra work as it is kind of doing the merge myself to compare) deliver some part of the review - then I'd let you know.

Like in this case - all I wanted was some way to get the split you did, not everything else the process gives us. And as I have stated, I found the branch of your former merge which unblocked me. It was just harder to find.

I can't fit this today, but I'll try to re-review tomorrow

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2023-07-14:

Having a look again

#0 was just a recommendation that would have helped me, nothing to fix here

#1 is done - thanks

#2 is done - thanks

#3 is done
I know often we finds bad examples in other places :-)
But if - like in this case - doing it better isn't too complex we should try to do so.
Thanks for adding what I wanted :-) !

#4 was only about style anyway (not a blocker) and you have adapted them a bit - thanks.

Overall, all open issues are addressed.
I do not see anything further that is of deep concern.

+1 now
Doing some final checks and then likely uploading ...

P.S. Not a blocker, but a hint. That test timing fix you did is IMHO generally helpful.
And before forgetting about this package you might want to submit it to Debian?

review: Approve

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2023-07-14:

ok, LGTM

Uploading sudo_1.9.13p3-3ubuntu1.dsc
Uploading sudo_1.9.13p3.orig.tar.gz
Uploading sudo_1.9.13p3.orig.tar.gz.asc
Uploading sudo_1.9.13p3-3ubuntu1.debian.tar.xz
Uploading sudo_1.9.13p3-3ubuntu1_source.buildinfo
Uploading sudo_1.9.13p3-3ubuntu1_source.changes

Unmerged commits

19ff91f... by Danilo Egea Gondolfo on 2023-07-05

Changelog

a1956a1... by Danilo Egea Gondolfo on 2023-07-05

Update maintainer

8864bed... by Danilo Egea Gondolfo on 2023-07-05

debian/tests/04-getroot-sssd:

  + Check if the slapd daemon is ready before proceeding.
    In some situations, the next command (ldapmodify) runs before
    the service is ready. See LP:#2026888

2b916e4... by Danilo Egea Gondolfo on 2023-07-05

debian/tests/control: 03-getroot-ldap

+ allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes)

ebffbaa... by Danilo Egea Gondolfo on 2023-07-05

debian/etc/sudoers:

+ also grant admin group sudo access
+ include /snap/bin in the secure_path

c1e6ba2... by Danilo Egea Gondolfo on 2023-07-05

debian/etc/pam.d/sudo[-i]:

  + Use pam_env to read /etc/environment and /etc/default/locale
    environment files. Reading ~/.pam_environment is not permitted due
    to security reasons.

bd0ec79... by Danilo Egea Gondolfo on 2023-07-05

debian/sudo[-ldap].init: delete init scripts, as they are no longer
necessary.

f2fd598... by Danilo Egea Gondolfo on 2023-07-05

debian/sudo[-ldap].manpages: install man/man8/sudo_root.8

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Danilo Egea Gondolfo

git-ubuntu developers

 diff --git a/debian/changelog b/debian/changelog
 index e6798fd..4416484 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,30 @@
++sudo (1.9.13p3-3ubuntu1) mantic; urgency=medium
++
++  * Merge with Debian unstable (LP: #2025655). Remaining changes:
++    - debian/sudo[-ldap].manpages: install man/man8/sudo_root.8
++    - debian/sudo[-ldap].init: delete init scripts, as they are no longer
++      necessary.
++    - debian/etc/pam.d/sudo[-i]:
++      + Use pam_env to read /etc/environment and /etc/default/locale
++        environment files. Reading ~/.pam_environment is not permitted due
++        to security reasons.
++    - debian/etc/sudoers:
++      + also grant admin group sudo access
++      + include /snap/bin in the secure_path
++    - debian/tests/control: 03-getroot-ldap:
++      + allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes)
++  * Added changes:
++    - debian/tests/04-getroot-sssd:
++      + Check if the slapd daemon is ready before proceeding.
++        In some situations, the next command (ldapmodify) runs before
++        the service is ready. See LP:#2026888
++  * Dropped changes:
++    - Drop Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1)
++      This wasn't in the former Ubuntu version, just mentioned
++      in the changelog by accident
++
++ -- Danilo Egea Gondolfo <danilo.egea.gondolfo@canonical.com>  Mon, 03 Jul 2023 15:23:30 +0100
++
  sudo (1.9.13p3-3) unstable; urgency=medium
    * fix wrong patch to fix event log format
@@ -13,6 +40,29 @@ sudo (1.9.13p3-2) unstable; urgency=medium
   -- Marc Haber <mh+debian-packages@zugschlus.de>  Tue, 27 Jun 2023 11:09:16 +0200
++sudo (1.9.13p3-1ubuntu1) mantic; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/sudo[-ldap].manpages: install man/man8/sudo_root.8
++    - debian/sudo[-ldap].init: delete init scripts, as they are no longer
++      necessary.
++    - debian/etc/pam.d/sudo[-i]:
++      + Use pam_env to read /etc/environment and /etc/default/locale
++        environment files. Reading ~/.pam_environment is not permitted due
++        to security reasons.
++    - debian/etc/sudoers:
++      + also grant admin group sudo access
++      + include /snap/bin in the secure_path
++    - debian/tests/control: 03-getroot-ldap:
++      + allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes)
++    - debian/control:
++      + Drop Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1)
++      (for context see LP 1915250)
++  * Dropped changes, now included in Debian:
++    - debian/patches/CVE-2023-27320.patch
++
++ -- Danilo Egea Gondolfo <danilo.egea.gondolfo@canonical.com>  Tue, 23 May 2023 14:34:04 +0100
++
  sudo (1.9.13p3-1) unstable; urgency=medium
    * new upstream version:
@@ -28,6 +78,44 @@ sudo (1.9.13p3-1) unstable; urgency=medium
   -- Marc Haber <mh+debian-packages@zugschlus.de>  Wed, 08 Mar 2023 21:17:05 +0100
++sudo (1.9.13p1-1ubuntu2) lunar; urgency=medium
++
++  * SECURITY UPDATE: double free with per-command chroot sudoers rules
++    - debian/patches/CVE-2023-27320.patch: don't free user_cmnd twice in
++      MANIFEST, plugins/sudoers/match_command.c,
++      plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
++      plugins/sudoers/regress/testsudoers/test20.out.ok,
++      plugins/sudoers/regress/testsudoers/test20.sh,
++      plugins/sudoers/testsudoers.c,
++      plugins/sudoers/visudo.c.
++    - CVE-2023-27320
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 01 Mar 2023 08:51:34 -0500
++
++sudo (1.9.13p1-1ubuntu1) lunar; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/sudo[-ldap].manpages: install man/man8/sudo_root.8
++    - debian/sudo[-ldap].init: delete init scripts, as they are no longer
++      necessary.
++    - debian/etc/pam.d/sudo[-i]:
++      + Use pam_env to read /etc/environment and /etc/default/locale
++        environment files. Reading ~/.pam_environment is not permitted due
++        to security reasons.
++    - debian/etc/sudoers:
++      + also grant admin group sudo access
++      + include /snap/bin in the secure_path
++    - debian/tests/control: 03-getroot-ldap:
++      + allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes)
++    - debian/control:
++      + Drop Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1)
++        (for context see LP: 1915250)
++    - Drop patches for issues fixed upstream
++      + d/p/CVE-2023-22809.patch
++      + d/p/Add-XDG_CURRENT_DESKTOP-to-initial_keepenv_table.patch
++
++ -- Danilo Egea Gondolfo <danilo.egea.gondolfo@canonical.com>  Mon, 20 Feb 2023 17:38:07 +0000
++
  sudo (1.9.13p1-1) unstable; urgency=medium
    * new upstream version 1.9.13p1
@@ -67,12 +155,75 @@ sudo (1.9.12p1-1) unstable; urgency=low
   -- Marc Haber <mh+debian-packages@zugschlus.de>  Sun, 15 Jan 2023 13:58:48 +0100
++sudo (1.9.11p3-1ubuntu3) lunar; urgency=medium
++
++  * SECURITY UPDATE: arbitrary file overwrite via sudoedit
++    - debian/patches/CVE-2023-22809.patch: do not permit editor arguments
++      to include -- in plugins/sudoers/editor.c, plugins/sudoers/sudoers.c,
++      plugins/sudoers/visudo.c.
++    - CVE-2023-22809
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 18 Jan 2023 12:46:34 -0500
++
++sudo (1.9.11p3-1ubuntu2) lunar; urgency=medium
++
++  * No-change rebuild against libldap-2
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 15 Dec 2022 19:57:01 +0000
++
++sudo (1.9.11p3-1ubuntu1) kinetic; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/control:
++      + Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1)
++    - debian/sudo[-ldap].manpages: install man/man8/sudo_root.8
++    - debian/sudo[-ldap].init: delete init scripts, as they are no longer
++      necessary.
++    - debian/etc/pam.d/sudo[-i]:
++      + Use pam_env to read /etc/environment and /etc/default/locale
++        environment files. Reading ~/.pam_environment is not permitted due
++        to security reasons.
++    - debian/etc/sudoers:
++      + also grant admin group sudo access
++      + include /snap/bin in the secure_path
++    - debian/tests/control: 03-getroot-ldap:
++      + allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes)
++    - Add XDG_CURRENT_DESKTOP to initial_keepenv_table for Qt to determine the
++      correct theme (LP: #1958055)
++
++ -- Benjamin Drung <bdrung@ubuntu.com>  Tue, 23 Aug 2022 10:06:34 +0200
++
  sudo (1.9.11p3-1) unstable; urgency=low
    * new upstream version 1.9.11p3
   -- Marc Haber <mh+debian-packages@zugschlus.de>  Wed, 23 Mar 2022 10:50:16 +0100
++sudo (1.9.10-3ubuntu1) kinetic; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/control:
++      + Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1)
++    - debian/sudo[-ldap].manpages: install man/man8/sudo_root.8
++    - debian/sudo[-ldap].init: delete init scripts, as they are no longer
++      necessary.
++    - debian/etc/pam.d/sudo[-i]:
++      + Use pam_env to read /etc/environment and /etc/default/locale
++        environment files. Reading ~/.pam_environment is not permitted due
++        to security reasons.
++    - debian/etc/sudoers:
++      + also grant admin group sudo access
++      + include /snap/bin in the secure_path
++    - debian/tests/control: 03-getroot-ldap:
++      + allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes)
++  * Dropped changes (applied in Debian):
++    - debian/rules:
++      + compile with --without-lecture --with-tty-tickets --enable-admin-flag
++  * Add XDG_CURRENT_DESKTOP to initial_keepenv_table for Qt to determine the
++    correct theme (LP: #1958055)
++
++ -- Benjamin Drung <bdrung@ubuntu.com>  Wed, 03 Aug 2022 10:45:04 +0200
++
  sudo (1.9.10-3) unstable; urgency=medium
    * some changes to 03-getroot-ldap autopkgtest to find out
@@ -119,6 +270,37 @@ sudo (1.9.10-1) experimental; urgency=medium
   -- Marc Haber <mh+debian-packages@zugschlus.de>  Fri, 18 Mar 2022 14:31:30 +0100
++sudo (1.9.9-1ubuntu2) jammy; urgency=medium
++
++  * d/t/control: skip 03-getroot-ldap autopkgtest on non-containers
++
++ -- Lukas Märdian <slyon@ubuntu.com>  Mon, 14 Feb 2022 12:48:05 +0100
++
++sudo (1.9.9-1ubuntu1) jammy; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/control:
++      + Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1)
++    - debian/rules:
++      + compile with --without-lecture --with-tty-tickets --enable-admin-flag
++    - debian/sudo[-ldap].manpages: install man/man8/sudo_root.8
++    - debian/sudo[-ldap].init: delete init scripts, as they are no longer
++      necessary.
++    - debian/etc/pam.d/sudo[-i]:
++      + Use pam_env to read /etc/environment and /etc/default/locale
++        environment files. Reading ~/.pam_environment is not permitted due
++        to security reasons.
++    - debian/etc/sudoers:
++      + also grant admin group sudo access
++      + include /snap/bin in the secure_path
++    - debian/tests/control: 03-getroot-ldap:
++      + allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes)
++  * Dropped changes:
++    - debian/rules:
++       + use dh-autoreconf (converted to using dh)
++
++ -- Lukas Märdian <slyon@ubuntu.com>  Tue, 08 Feb 2022 12:01:45 +0100
++
  sudo (1.9.9-1) unstable; urgency=medium
    * new upstream version
@@ -268,6 +450,37 @@ sudo (1.9.5p2-3+exp1) experimental; urgency=medium
   -- Marc Haber <mh+debian-packages@zugschlus.de>  Fri, 12 Mar 2021 20:48:13 +0100
++sudo (1.9.5p2-3ubuntu2) impish; urgency=medium
++
++  * No-change rebuild due to OpenLDAP soname bump.
++
++ -- Sergio Durigan Junior <sergio.durigan@canonical.com>  Mon, 21 Jun 2021 18:09:32 -0400
++
++sudo (1.9.5p2-3ubuntu1) impish; urgency=low
++
++  * Merge from Debian unstable (LP: #1929110). Remaining changes:
++    - debian/rules:
++       + use dh-autoreconf
++    - debian/rules: stop shipping init scripts, as they are no longer
++      necessary.
++    - debian/rules:
++      + compile with --without-lecture --with-tty-tickets --enable-admin-flag
++      + install man/man8/sudo_root.8 in both flavours
++    - debian/sudo.pam:
++      + Use pam_env to read /etc/environment and /etc/default/locale
++        environment files. Reading ~/.pam_environment is not permitted due
++        to security reasons.
++    - debian/sudoers:
++      + also grant admin group sudo access
++      + include /snap/bin in the secure_path
++  * Dropped changes, now included in Debian:
++    - debian/rules:
++      + install apport hooks
++    - debian/sudo-ldap.dirs, debian/sudo.dirs:
++      + add usr/share/apport/package-hooks
++
++ -- William 'jawn-smith' Wilson <william.wilson@canonical.com>  Thu, 20 May 2021 15:43:31 +0000
++
  sudo (1.9.5p2-3) unstable; urgency=medium
    * new maintainer team and uploaders (Closes: #976244)
@@ -281,6 +494,49 @@ sudo (1.9.5p2-3) unstable; urgency=medium
   -- Marc Haber <mh+debian-packages@zugschlus.de>  Sat, 27 Feb 2021 09:28:03 +0100
++sudo (1.9.5p2-2ubuntu3) hirsute; urgency=medium
++
++  * No change rebuild with fixed ownership.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Thu, 18 Feb 2021 00:03:21 +0000
++
++sudo (1.9.5p2-2ubuntu2) hirsute; urgency=medium
++
++  * No change rebuild against new permissions ABI. LP: #1915250
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Tue, 16 Feb 2021 10:39:16 +0000
++
++sudo (1.9.5p2-2ubuntu1) hirsute; urgency=low
++
++  * Merge from Debian unstable. (LP: #1915307)
++    * Remaining changes:
++      - debian/rules:
++        + use dh-autoreconf
++      - debian/rules: stop shipping init scripts, as they are no longer
++        necessary.
++      - debian/rules:
++        + compile with --without-lecture --with-tty-tickets --enable-admin-flag
++        + install man/man8/sudo_root.8 in both flavours
++        + install apport hooks
++      - debian/sudo-ldap.dirs, debian/sudo.dirs:
++        + add usr/share/apport/package-hooks
++      - debian/sudo.pam:
++        + Use pam_env to read /etc/environment and /etc/default/locale
++          environment files. Reading ~/.pam_environment is not permitted due
++          to security reasons.
++      - debian/sudoers:
++        + also grant admin group sudo access
++        + include /snap/bin in the secure_path
++    * Dropped patches, no longer needed because they are integrated in Debian:
++      - CVE-2021-23239.patch
++      - CVE-2021-3156-1.patch
++      - CVE-2021-3156-2.patch
++      - CVE-2021-3156-3.patch
++      - CVE-2021-3156-4.patch
++      - CVE-2021-3156-5.patch
++
++ -- William 'jawn-smith' Wilson <william.wilson@canonical.com>  Wed, 10 Feb 2021 05:42:42 -0600
++
  sudo (1.9.5p2-2) unstable; urgency=medium
    * patch from upstream repo to fix NO_ROOT_MAILER
@@ -317,6 +573,60 @@ sudo (1.9.5-1) unstable; urgency=medium
   -- Bdale Garbee <bdale@gag.com>  Mon, 11 Jan 2021 15:15:48 -0700
++sudo (1.9.4p2-2ubuntu3) hirsute; urgency=medium
++
++  * SECURITY UPDATE: ineffective NO_ROOT_MAILER hardening option
++    - debian/patches/ineffective_no_root_mailer.patch: fix NO_ROOT_MAILER
++      in plugins/sudoers/logging.c, plugins/sudoers/policy.c.
++    - No CVE number
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Sat, 30 Jan 2021 14:35:13 -0500
++
++sudo (1.9.4p2-2ubuntu2) hirsute; urgency=medium
++
++  * SECURITY UPDATE: dir existence issue via sudoedit race
++    - debian/patches/CVE-2021-23239.patch: fix potential directory existing
++      info leak in sudoedit in src/sudo_edit.c.
++    - CVE-2021-23239
++  * SECURITY UPDATE: heap-based buffer overflow
++    - debian/patches/CVE-2021-3156-1.patch: reset valid_flags to
++      MODE_NONINTERACTIVE for sudoedit in src/parse_args.c.
++    - debian/patches/CVE-2021-3156-2.patch: add sudoedit flag checks in
++      plugin in plugins/sudoers/policy.c.
++    - debian/patches/CVE-2021-3156-3.patch: fix potential buffer overflow
++      when unescaping backslashes in plugins/sudoers/sudoers.c.
++    - debian/patches/CVE-2021-3156-4.patch: fix the memset offset when
++      converting a v1 timestamp to TS_LOCKEXCL in
++      plugins/sudoers/timestamp.c.
++    - debian/patches/CVE-2021-3156-5.patch: don't assume that argv is
++      allocated as a single flat buffer in src/parse_args.c.
++    - CVE-2021-3156
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 26 Jan 2021 14:37:48 -0500
++
++sudo (1.9.4p2-2ubuntu1) hirsute; urgency=low
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/rules:
++      + use dh-autoreconf
++    - debian/rules: stop shipping init scripts, as they are no longer
++      necessary.
++    - debian/rules:
++      + compile with --without-lecture --with-tty-tickets --enable-admin-flag
++      + install man/man8/sudo_root.8 in both flavours
++      + install apport hooks
++    - debian/sudo-ldap.dirs, debian/sudo.dirs:
++      + add usr/share/apport/package-hooks
++    - debian/sudo.pam:
++      + Use pam_env to read /etc/environment and /etc/default/locale
++        environment files. Reading ~/.pam_environment is not permitted due
++        to security reasons.
++    - debian/sudoers:
++      + also grant admin group sudo access
++      + include /snap/bin in the secure_path
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Wed, 06 Jan 2021 13:51:07 -0800
++
  sudo (1.9.4p2-2) unstable; urgency=medium
    * always use /bin/mv to ensure reproducible builds whether built on a
@@ -342,6 +652,29 @@ sudo (1.9.4-1) unstable; urgency=medium
   -- Bdale Garbee <bdale@gag.com>  Tue, 01 Dec 2020 22:10:03 -0500
++sudo (1.9.3p1-1ubuntu1) hirsute; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/rules:
++      + use dh-autoreconf
++    - debian/rules: stop shipping init scripts, as they are no longer
++      necessary.
++    - debian/rules:
++      + compile with --without-lecture --with-tty-tickets --enable-admin-flag
++      + install man/man8/sudo_root.8 in both flavours
++      + install apport hooks
++    - debian/sudo-ldap.dirs, debian/sudo.dirs:
++      + add usr/share/apport/package-hooks
++    - debian/sudo.pam:
++      + Use pam_env to read /etc/environment and /etc/default/locale
++        environment files. Reading ~/.pam_environment is not permitted due
++        to security reasons.
++    - debian/sudoers:
++      + also grant admin group sudo access
++      + include /snap/bin in the secure_path
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Sat, 24 Oct 2020 17:14:39 -0700
++
  sudo (1.9.3p1-1) unstable; urgency=medium
    * new upstream version
@@ -363,12 +696,61 @@ sudo (1.9.1-2) unstable; urgency=medium
   -- Bdale Garbee <bdale@gag.com>  Sun, 12 Jul 2020 09:52:08 -0600
++sudo (1.9.1-1ubuntu1) groovy; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/rules:
++      + use dh-autoreconf
++    - debian/rules: stop shipping init scripts, as they are no longer
++      necessary.
++    - debian/rules:
++      + compile with --without-lecture --with-tty-tickets --enable-admin-flag
++      + install man/man8/sudo_root.8 in both flavours
++      + install apport hooks
++    - debian/sudo-ldap.dirs, debian/sudo.dirs:
++      + add usr/share/apport/package-hooks
++    - debian/sudo.pam:
++      + Use pam_env to read /etc/environment and /etc/default/locale
++        environment files. Reading ~/.pam_environment is not permitted due
++        to security reasons.
++    - debian/sudoers:
++      + also grant admin group sudo access
++      + include /snap/bin in the secure_path
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Wed, 08 Jul 2020 09:38:55 -0700
++
  sudo (1.9.1-1) unstable; urgency=medium
    * new upstream version
   -- Bdale Garbee <bdale@gag.com>  Fri, 19 Jun 2020 15:44:09 -0600
++sudo (1.9.0-1ubuntu1) groovy; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/rules:
++      + use dh-autoreconf
++    - debian/rules: stop shipping init scripts, as they are no longer
++      necessary.
++    - debian/rules:
++      + compile with --without-lecture --with-tty-tickets --enable-admin-flag
++      + install man/man8/sudo_root.8 in both flavours
++      + install apport hooks
++    - debian/sudo-ldap.dirs, debian/sudo.dirs:
++      + add usr/share/apport/package-hooks
++    - debian/sudo.pam:
++      + Use pam_env to read /etc/environment and /etc/default/locale
++        environment files. Reading ~/.pam_environment is not permitted due
++        to security reasons.
++    - debian/sudoers:
++      + also grant admin group sudo access
++      + include /snap/bin in the secure_path
++  * Dropped changes, no longer needed:
++    - debian/control:
++      + use dh-autoreconf
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Wed, 20 May 2020 17:07:02 -0700
++
  sudo (1.9.0-1) unstable; urgency=medium
    * new upstream version, closes: #669687, #571621, #734752
@@ -381,12 +763,64 @@ sudo (1.8.31p1-1) unstable; urgency=medium
   -- Bdale Garbee <bdale@gag.com>  Thu, 19 Mar 2020 15:47:17 -0600
++sudo (1.8.31-1ubuntu1) focal; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
++      shipping init script and service file, as they are no longer
++      necessary.
++    - debian/rules:
++      + compile with --without-lecture --with-tty-tickets --enable-admin-flag
++      + install man/man8/sudo_root.8 in both flavours
++      + install apport hooks
++    - debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
++      + add usr/share/apport/package-hooks
++    - debian/sudo.pam:
++      + Use pam_env to read /etc/environment and /etc/default/locale
++        environment files. Reading ~/.pam_environment is not permitted due to
++        security reasons.
++    - debian/sudoers:
++      + also grant admin group sudo access
++      + include /snap/bin in the secure_path
++    - debian/control, debian/rules:
++      + use dh-autoreconf
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 03 Feb 2020 09:32:18 -0500
++
  sudo (1.8.31-1) unstable; urgency=medium
    * new upstream version
   -- Bdale Garbee <bdale@gag.com>  Sat, 01 Feb 2020 23:07:09 -0800
++sudo (1.8.29-1ubuntu1) focal; urgency=medium
++
++  * Merge from Debian unstable.
++    Remaining changes:
++    - debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
++      shipping init script and service file, as they are no longer
++      necessary.
++    - debian/rules:
++      + compile with --without-lecture --with-tty-tickets --enable-admin-flag
++      + install man/man8/sudo_root.8 in both flavours
++      + install apport hooks
++    - debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
++      + add usr/share/apport/package-hooks
++    - debian/sudo.pam:
++      + Use pam_env to read /etc/environment and /etc/default/locale
++        environment files. Reading ~/.pam_environment is not permitted due to
++        security reasons.
++    - debian/sudoers:
++      + also grant admin group sudo access
++      + include /snap/bin in the secure_path
++    - debian/control, debian/rules:
++      + use dh-autoreconf
++  * Removed patches included in new version:
++    - debian/patches/CVE-2019-14287.patch
++    - debian/patches/CVE-2019-14287-2.patch
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 26 Nov 2019 13:13:21 -0500
++
  sudo (1.8.29-1) unstable; urgency=medium
    * new upstream version
@@ -409,6 +843,59 @@ sudo (1.8.27-1.1) unstable; urgency=high
   -- Salvatore Bonaccorso <carnil@debian.org>  Mon, 14 Oct 2019 21:10:58 +0200
++sudo (1.8.27-1ubuntu4) eoan; urgency=medium
++
++  * SECURITY UPDATE: privilege escalation via UID -1
++    - debian/patches/CVE-2019-14287.patch: treat an ID of -1 as invalid
++      in lib/util/strtoid.c.
++    - debian/patches/CVE-2019-14287-2.patch: fix and add to tests in
++      lib/util/regress/atofoo/atofoo_test.c,
++      plugins/sudoers/regress/testsudoers/test5.out.ok,
++      plugins/sudoers/regress/testsudoers/test5.sh.
++    - CVE-2019-14287
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 15 Oct 2019 07:09:02 -0400
++
++sudo (1.8.27-1ubuntu3) eoan; urgency=medium
++
++  * No-change upload with strops.h and sys/strops.h removed in glibc.
++
++ -- Matthias Klose <doko@ubuntu.com>  Thu, 05 Sep 2019 11:12:29 +0000
++
++sudo (1.8.27-1ubuntu2) eoan; urgency=medium
++
++  * Remove d/p/keep_home_by_default.patch (LP: #1556302)
++    - This restores sudo handling of $HOME to what everyone else does
++
++ -- Dan Streetman <ddstreet@canonical.com>  Tue, 04 Jun 2019 08:58:02 -0400
++
++sudo (1.8.27-1ubuntu1) disco; urgency=medium
++
++  * Merge from Debian unstable.
++    Remaining changes:
++    - debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
++      shipping init script and service file, as they are no longer
++      necessary.
++    - debian/rules:
++      + compile with --without-lecture --with-tty-tickets --enable-admin-flag
++      + install man/man8/sudo_root.8 in both flavours
++      + install apport hooks
++    - debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
++      + add usr/share/apport/package-hooks
++    - debian/sudo.pam:
++      + Use pam_env to read /etc/environment and /etc/default/locale
++        environment files. Reading ~/.pam_environment is not permitted due to
++        security reasons.
++    - debian/sudoers:
++      + also grant admin group sudo access
++      + include /snap/bin in the secure_path
++    - debian/control, debian/rules:
++      + use dh-autoreconf
++    - Remaining patches:
++      + keep_home_by_default.patch: Keep HOME in the default environment
++
++ -- Balint Reczey <rbalint@ubuntu.com>  Tue, 19 Feb 2019 09:30:21 +0100
++
  sudo (1.8.27-1) unstable; urgency=medium
    * new upstream version
@@ -433,6 +920,33 @@ sudo (1.8.26-1) unstable; urgency=medium
   -- Bdale Garbee <bdale@gag.com>  Mon, 19 Nov 2018 00:32:06 -1000
++sudo (1.8.23-2ubuntu1) cosmic; urgency=medium
++
++  * Merge from Debian unstable.
++    Remaining changes:
++    - debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
++      shipping init script and service file, as they are no longer
++      necessary.
++    - debian/rules:
++      + compile with --without-lecture --with-tty-tickets --enable-admin-flag
++      + install man/man8/sudo_root.8 in both flavours
++      + install apport hooks
++    - debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
++      + add usr/share/apport/package-hooks
++    - debian/sudo.pam:
++      + Use pam_env to read /etc/environment and /etc/default/locale
++        environment files. Reading ~/.pam_environment is not permitted due to
++        security reasons.
++    - debian/sudoers:
++      + also grant admin group sudo access
++      + include /snap/bin in the secure_path
++    - debian/control, debian/rules:
++      + use dh-autoreconf
++    - Remaining patches:
++      + keep_home_by_default.patch: Keep HOME in the default environment
++
++ -- Balint Reczey <rbalint@ubuntu.com>  Thu, 23 Aug 2018 19:36:40 +0200
++
  sudo (1.8.23-2) unstable; urgency=high
    * fix FTBFS due to earlier sudoers2ldif removal, closes: #903415
@@ -445,12 +959,76 @@ sudo (1.8.23-1) unstable; urgency=medium
   -- Bdale Garbee <bdale@gag.com>  Mon, 30 Apr 2018 20:55:10 -0600
++sudo (1.8.21p2-3ubuntu1) bionic; urgency=medium
++
++  * Merge from Debian unstable.
++    Remaining changes:
++    - debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
++      shipping init script and service file, as they are no longer
++      necessary.
++    - debian/rules:
++      + compile with --without-lecture --with-tty-tickets --enable-admin-flag
++      + install man/man8/sudo_root.8 in both flavours
++      + install apport hooks
++    - debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
++      + add usr/share/apport/package-hooks
++    - debian/sudo.pam:
++      + Use pam_env to read /etc/environment and /etc/default/locale
++        environment files. Reading ~/.pam_environment is not permitted due to
++        security reasons.
++    - debian/sudoers:
++      + also grant admin group sudo access
++      + include /snap/bin in the secure_path
++    - debian/control, debian/rules:
++      + use dh-autoreconf
++    - Remaining patches:
++      + keep_home_by_default.patch: Keep HOME in the default environment
++
++ -- Balint Reczey <rbalint@ubuntu.com>  Thu, 18 Jan 2018 01:08:16 +0100
++
  sudo (1.8.21p2-3) unstable; urgency=medium
    * include sssd support in the sudo-ldap build too, closes: #884741
   -- Bdale Garbee <bdale@gag.com>  Mon, 18 Dec 2017 21:55:18 -0700
++sudo (1.8.21p2-2ubuntu1) bionic; urgency=medium
++
++  * Merge from Debian unstable. (LP: #1731981)
++    Remaining changes:
++    - debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
++      shipping init script and service file, as they are no longer
++      necessary.
++    - debian/rules:
++      + compile with --without-lecture --with-tty-tickets --enable-admin-flag
++      + install man/man8/sudo_root.8 in both flavours
++      + install apport hooks
++    - debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
++      + add usr/share/apport/package-hooks
++    - debian/sudo.pam:
++      + Use pam_env to read /etc/environment and /etc/default/locale
++        environment files. Reading ~/.pam_environment is not permitted due to
++        security reasons.
++    - debian/sudoers:
++      + also grant admin group sudo access
++      + include /snap/bin in the secure_path
++    - debian/control, debian/rules:
++      + use dh-autoreconf
++    - Remaining patches:
++      + keep_home_by_default.patch: Keep HOME in the default environment
++    Dropped changes since they are integrated in Debian:
++    - Use tmpfs location to store timestamp files
++      + debian/rules: change --with-rundir to /var/run/sudo
++      + debian/*.preinst, debian/*.postinst, debian/*.postrm: remove old
++        init script with dpkg-maintscript-helper.
++    Dropped changes since the the transition took place already in every
++    release the package can be upgraded from:
++      + debian/*.postinst: remove old /var/run/sudo to /var/lib/sudo
++        transition code, remove old /var/lib/sudo/ts timestamp directory.
++  * Refresh patches
++
++ -- Balint Reczey <rbalint@ubuntu.com>  Mon, 13 Nov 2017 17:53:45 +0100
++
  sudo (1.8.21p2-2) unstable; urgency=medium
    * work harder to clean up mess left by sudo-ldap using /etc/init.d/sudo
@@ -484,6 +1062,41 @@ sudo (1.8.21-1) unstable; urgency=medium
   -- Bdale Garbee <bdale@gag.com>  Mon, 28 Aug 2017 09:44:06 -0600
++sudo (1.8.20p2-1ubuntu1) artful; urgency=low
++
++  * Merge from Debian unstable. (LP: #1697587)
++    Remaining changes:
++    - Use tmpfs location to store timestamp files
++      + debian/rules: change --with-rundir to /var/run/sudo
++      + debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
++        shipping init script and service file, as they are no longer
++        necessary.
++      + debian/*.preinst, debian/*.postinst, debian/*.postrm: remove old
++        init script with dpkg-maintscript-helper.
++      + debian/*.postinst: remove old /var/run/sudo to /var/lib/sudo
++        transition code, remove old /var/lib/sudo/ts timestamp directory.
++    - debian/rules:
++      + compile with --without-lecture --with-tty-tickets --enable-admin-flag
++      + install man/man8/sudo_root.8 in both flavours
++      + install apport hooks
++    - debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
++      + add usr/share/apport/package-hooks
++    - debian/sudo.pam:
++      + Use pam_env to read /etc/environment and /etc/default/locale
++        environment files. Reading ~/.pam_environment is not permitted due to
++        security reasons.
++    - debian/sudoers:
++      + also grant admin group sudo access
++      + include /snap/bin in the secure_path
++    - debian/control, debian/rules:
++      + use dh-autoreconf
++    - Remaining patches:
++      + keep_home_by_default.patch: Keep HOME in the default environment
++    - Dropped patches no longer needed:
++      + CVE-2017-1000367.patch
++
++ -- Balint Reczey <rbalint@ubuntu.com>  Mon, 12 Jun 2017 21:51:31 +0200
++
  sudo (1.8.20p2-1) unstable; urgency=medium
    * new upstream version
@@ -513,6 +1126,51 @@ sudo (1.8.20-1) unstable; urgency=medium
   -- Bdale Garbee <bdale@gag.com>  Wed, 10 May 2017 10:25:46 -0600
++sudo (1.8.19p1-1ubuntu2) artful; urgency=medium
++
++  * SECURITY UPDATE: /proc/self/stat parsing confusion
++    - debian/patches/CVE-2017-1000367.patch: adjust parsing to
++      find ttyname
++    - CVE-2017-1000367
++
++ -- Steve Beattie <sbeattie@ubuntu.com>  Mon, 29 May 2017 03:13:37 -0700
++
++sudo (1.8.19p1-1ubuntu1) zesty; urgency=low
++
++  * Merge from Debian unstable. (LP: #1607666)
++    Remaining changes:
++    - Use tmpfs location to store timestamp files
++      + debian/rules: change --with-rundir to /var/run/sudo
++      + debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
++        shipping init script and service file, as they are no longer
++        necessary.
++      + debian/*.preinst, debian/*.postinst, debian/*.postrm: remove old
++        init script with dpkg-maintscript-helper.
++      + debian/*.postinst: remove old /var/run/sudo to /var/lib/sudo
++        transition code, remove old /var/lib/sudo/ts timestamp directory.
++    - debian/rules:
++      + compile with --without-lecture --with-tty-tickets --enable-admin-flag
++      + install man/man8/sudo_root.8 in both flavours
++      + install apport hooks
++    - debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
++      + add usr/share/apport/package-hooks
++    - debian/sudo.pam:
++      + Use pam_env to read /etc/environment and /etc/default/locale
++        environment files. Reading ~/.pam_environment is not permitted due to
++        security reasons.
++    - debian/sudoers:
++      + also grant admin group sudo access
++      + include /snap/bin in the secure_path
++    - debian/control, debian/rules:
++      + use dh-autoreconf
++    - Remaining patches:
++      + keep_home_by_default.patch: Keep HOME in the default environment
++    - Dropped patches no longer needed:
++      + debian/patches/lp1565567.patch: upstream.
++      + debian/patches/also_check_sudo_group.diff: upstream.
++
++ -- Timo Aaltonen <tjaalton@debian.org>  Sat, 14 Jan 2017 01:41:17 +0200
++
  sudo (1.8.19p1-1) unstable; urgency=medium
    * new upstream version
@@ -553,6 +1211,61 @@ sudo (1.8.17p1-1) unstable; urgency=low
   -- Bdale Garbee <bdale@gag.com>  Tue, 05 Jul 2016 16:01:55 +0200
++sudo (1.8.16-0ubuntu3) yakkety; urgency=medium
++
++  * debian/sudoers:
++    - include /snap/bin in the secure_path (LP: #1595558)
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 15 Aug 2016 18:08:34 +0200
++
++sudo (1.8.16-0ubuntu2) yakkety; urgency=medium
++
++  * debian/patches/lp1565567.patch: fix crash when looking up a negative
++    cached entry which is stored as a NULL passwd or group struct pointer
++    in plugins/sudoers/pwutil.c. (LP: #1565567)
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 04 May 2016 11:31:55 -0400
++
++sudo (1.8.16-0ubuntu1) xenial; urgency=medium
++
++  * Update to new upstream version 1.8.16. (LP: #1563825)
++    - Dropped patches no longer needed:
++      + CVE-2015-5602-6.patch
++      + CVE-2015-5602-7.patch
++  * Merge from Debian unstable. Remaining changes:
++    - Use tmpfs location to store timestamp files
++      + debian/rules: change --with-rundir to /var/run/sudo
++      + debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
++        shipping init script and service file, as they are no longer
++        necessary.
++      + debian/*.preinst, debian/*.postinst, debian/*.postrm: remove old
++        init script with dpkg-maintscript-helper.
++      + debian/*.postinst: remove old /var/run/sudo to /var/lib/sudo
++        transition code, remove old /var/lib/sudo/ts timestamp directory.
++    - debian/rules:
++      + compile with --without-lecture --with-tty-tickets --enable-admin-flag
++      + install man/man8/sudo_root.8 in both flavours
++      + install apport hooks
++    - debian/sudoers:
++      + also grant admin group sudo access
++    - debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
++      + add usr/share/apport/package-hooks
++    - debian/sudo.pam:
++      + Use pam_env to read /etc/environment and /etc/default/locale
++        environment files. Reading ~/.pam_environment is not permitted due to
++        security reasons.
++    - debian/control:
++      + dh-autoreconf dependency fixes missing-build-dependency-for-dh_-command
++    - Remaining patches:
++      + keep_home_by_default.patch: Keep HOME in the default environment
++      + debian/patches/also_check_sudo_group.diff: also check the sudo group
++        in plugins/sudoers/sudoers.c to create the admin flag file. Leave the
++        admin group check for backwards compatibility.
++    - Dropped patches no longer needed:
++      + debian/patches/pam_check_untranslated_prompt.patch: upstream.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 30 Mar 2016 08:03:52 -0400
++
  sudo (1.8.15-1.1) unstable; urgency=medium
    * Non-maintainer upload
@@ -570,6 +1283,58 @@ sudo (1.8.15-1) unstable; urgency=low
   -- Bdale Garbee <bdale@gag.com>  Wed, 23 Dec 2015 11:15:22 -0700
++sudo (1.8.12-1ubuntu3) wily; urgency=medium
++
++  * debian/patches/pam_check_untranslated_prompt.patch: also check the un-
++    translated version of the prompt when checking if the PAM prompt matches
++    "Password:". Patch from Joel Pelaez Jorge. (LP: #1414303)
++
++ -- Mathieu Trudel-Lapierre <mathieu-tl@ubuntu.com>  Tue, 22 Sep 2015 11:57:43 -0400
++
++sudo (1.8.12-1ubuntu2) wily; urgency=medium
++
++  * Use tmpfs location to store timestamp files (LP: #1458031)
++    - debian/rules: change --with-rundir to /var/run/sudo
++    - debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
++      shipping init script and service file, as they are no longer
++      necessary.
++    - debian/*.preinst, debian/*.postinst, debian/*.postrm: remove old init
++      script with dpkg-maintscript-helper.
++    - debian/*.postinst: remove old /var/run/sudo to /var/lib/sudo
++      transition code, remove old /var/lib/sudo/ts timestamp directory.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 05 Jun 2015 09:31:38 -0400
++
++sudo (1.8.12-1ubuntu1) wily; urgency=medium
++
++  * Merge from Debian unstable. (LP: #1451274, LP: #1219337)
++    Remaining changes:
++    - debian/rules:
++      + compile with --without-lecture --with-tty-tickets --enable-admin-flag
++      + install man/man8/sudo_root.8 in both flavours
++      + install apport hooks
++    - debian/sudoers:
++      + also grant admin group sudo access
++    - debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
++      + add usr/share/apport/package-hooks
++    - debian/sudo.pam:
++      + Use pam_env to read /etc/environment and /etc/default/locale
++        environment files. Reading ~/.pam_environment is not permitted due to
++        security reasons.
++    - debian/control:
++      + dh-autoreconf dependency fixes missing-build-dependency-for-dh_-command
++    - Remaining patches:
++      + keep_home_by_default.patch: Keep HOME in the default environment
++      + debian/patches/also_check_sudo_group.diff: also check the sudo group
++        in plugins/sudoers/sudoers.c to create the admin flag file. Leave the
++        admin group check for backwards compatibility.
++  * Dropped patches no longer needed:
++      + add_probe_interfaces_setting.diff
++      + actually-use-buildflags.diff
++      + CVE-2014-9680.patch
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 13 May 2015 15:43:49 -0400
++
  sudo (1.8.12-1) unstable; urgency=low
    * new upstream version, closes: #772707, #773383
@@ -612,6 +1377,64 @@ sudo (1.8.10p3-1) unstable; urgency=low
   -- Bdale Garbee <bdale@gag.com>  Sun, 14 Sep 2014 10:20:15 -0600
++sudo (1.8.9p5-1ubuntu5) vivid; urgency=medium
++
++  * SECURITY UPDATE: arbitrary file access via TZ
++    - debian/patches/CVE-2014-9680.patch: sanity check TZ env variable in
++      configure, configure.ac, doc/sudoers.cat, doc/sudoers.man.in,
++      doc/sudoers.mdoc.in, m4/sudo.m4, pathnames.h.in,
++      plugins/sudoers/env.c.
++    - CVE-2014-9680
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 12 Mar 2015 10:45:21 -0400
++
++sudo (1.8.9p5-1ubuntu4) vivid; urgency=medium
++
++  * Correct sudo.pam use "session" for pam_env.so, not "auth". (LP:
++    #155794, LP: #25700)
++
++ -- Dimitri John Ledkov <dimitri.j.ledkov@linux.intel.com>  Tue, 23 Dec 2014 04:08:33 +0000
++
++sudo (1.8.9p5-1ubuntu3) vivid; urgency=medium
++
++  * debian/patches/also_check_sudo_group.diff: also check the sudo group
++    in plugins/sudoers/sudoers.c to create the admin flag file. Leave the
++    admin group check for backwards compatibility. (LP: #1387347)
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 29 Oct 2014 15:55:34 -0400
++
++sudo (1.8.9p5-1ubuntu2) utopic; urgency=medium
++
++  * debian/sudo_root.8: mention sudo group instead of deprecated group
++    admin (LP: #1130643)
++
++ -- Andrey Bondarenko <abondarenko@users.sourceforge.net>  Sat, 23 Aug 2014 01:18:05 +0600
++
++sudo (1.8.9p5-1ubuntu1) trusty; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/rules:
++      + compile with --without-lecture --with-tty-tickets --enable-admin-flag
++      + install man/man8/sudo_root.8 in both flavours
++      + install apport hooks
++    - debian/sudoers:
++      + also grant admin group sudo access
++    - debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
++      + add usr/share/apport/package-hooks
++    - debian/sudo.pam:
++      + Use pam_env to read /etc/environment and /etc/default/locale
++        environment files. Reading ~/.pam_environment is not permitted due to
++        security reasons.
++    - debian/control:
++      + dh-autoreconf dependency fixes missing-build-dependency-for-dh_-command
++    - Remaining patches:
++      + keep_home_by_default.patch: Keep HOME in the default environment
++      + actually-use-buildflags: Pass LDFLAGS everywhere
++      + add_probe_interfaces_setting.diff: option to disable network inf probe
++  * add_probe_interfaces_setting.diff: fix to not modify NEWS file.
++
++ -- Chris J Arges <chris.j.arges@ubuntu.com>  Mon, 10 Feb 2014 12:21:53 -0600
++
  sudo (1.8.9p5-1) unstable; urgency=low
    * new upstream release, closes: #735328
@@ -658,6 +1481,33 @@ sudo (1.8.8-3) unstable; urgency=low
   -- Bdale Garbee <bdale@gag.com>  Wed, 30 Oct 2013 10:33:44 -0600
++sudo (1.8.8-2ubuntu2) trusty; urgency=medium
++
++  * Build using dh-autoreconf.
++
++ -- Matthias Klose <doko@ubuntu.com>  Sun, 15 Dec 2013 16:24:49 +0100
++
++sudo (1.8.8-2ubuntu1) trusty; urgency=low
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/rules:
++      + compile with --without-lecture --with-tty-tickets --enable-admin-flag
++      + install man/man8/sudo_root.8 in both flavours
++      + install apport hooks
++    - debian/sudoers:
++      + also grant admin group sudo access
++    - debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
++      + add usr/share/apport/package-hooks
++    - debian/sudo.pam:
++      + Use pam_env to read /etc/environment and /etc/default/locale
++        environment files. Reading ~/.pam_environment is not permitted due to
++        security reasons.
++    - Remaining patches:
++      + keep_home_by_default.patch: Keep HOME in the default environment
++      + actually-use-buildflags: Pass LDFLAGS everywhere
++
++ -- Stéphane Graber <stgraber@ubuntu.com>  Tue, 22 Oct 2013 17:43:37 -0400
++
  sudo (1.8.8-2) unstable; urgency=low
    * fix touch errors on boot, closes: #725193
@@ -713,6 +1563,72 @@ sudo (1.8.7-1) unstable; urgency=low
   -- Bdale Garbee <bdale@gag.com>  Wed, 14 Aug 2013 00:01:14 +0200
++sudo (1.8.6p3-0ubuntu3) raring; urgency=low
++
++  * SECURITY UPDATE: authentication bypass via clock set to epoch
++    - debian/patches/CVE-2013-1775.patch: ignore time stamp file if it is
++      set to epoch in plugins/sudoers/check.c.
++    - CVE-2013-1775
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 27 Feb 2013 13:26:26 -0500
++
++sudo (1.8.6p3-0ubuntu2) raring; urgency=low
++
++  * The latest sssd upload dropped the soname from libsss_sudo.so, so we
++    can now drop our sudo delta and just use libsss_sudo.so directly.
++
++ -- Stéphane Graber <stgraber@ubuntu.com>  Fri, 07 Dec 2012 23:11:45 -0500
++
++sudo (1.8.6p3-0ubuntu1) raring; urgency=low
++
++  * New upstream release (1.8.6p3).
++  * Add patch to fix building with sssd when ldap is disabled.
++  * Drop sudo.manpages and sudo-ldap.manpages as the upstream build system
++    now does the right thing here.
++  * Build the main sudo package with support for sssd, this doesn't add any
++    additional build time or runtime dependency. sudo will dynamically load
++    the sssd library if 'sss' is listed for the 'sudoers' nss service.
++
++ -- Stéphane Graber <stgraber@ubuntu.com>  Fri, 16 Nov 2012 09:31:32 -0500
++
++sudo (1.8.5p2-1ubuntu1) quantal; urgency=low
++
++  * Merge from debian/testing (LP: #1024154), remaining changes:
++    - debian/patches/keep_home_by_default.patch:
++      + Set HOME in initial_keepenv_table.
++    - debian/rules:
++      + compile with --without-lecture --with-tty-tickets (Ubuntu specific)
++      + install man/man8/sudo_root.8 in both flavours (Ubuntu specific)
++      + install apport hooks
++      + The ubuntu-sudo-as-admin-successful.patch was taken upstream by
++        Debian however it requires a --enable-admin-flag configure flag to
++        actually enable it in both flavours.
++    - debian/control:
++      + Mark Debian Vcs-* as XS-Debian-Vcs-*
++      + update debian/control
++    - debian/sudoers:
++      + grant admin group sudo access
++    - debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
++      + add usr/share/apport/package-hooks
++    - debian/sudo.pam:
++      + Use pam_env to read /etc/environment and /etc/default/locale
++        environment files. Reading ~/.pam_environment is not permitted due to
++        security reasons.
++  * Dropped changes:
++    - debian/patches/lp927828-fix-abort-in-pam-modules-when-timestamp-valid.patch
++      + Fixed upstream in 1.8.5
++    - debian/patches/CVE-2012-2337.patch:
++      + Fixed upstream in 1.8.4p5
++    - debian/patches/pam_env_merge.patch:
++      + Feature released upstream in 1.8.5
++    - debian/{sudo,sudo-ldap}.{preinst,postinst,postrm}:
++      + Drop Ubuntu-specific sudoers file migration code because the only
++        upgrade path to quantal is from precise. All necessary sudoers file
++        migration will have already been done by the time this version of the
++        sudo package is installed.
++
++ -- Tyler Hicks <tyhicks@canonical.com>  Mon, 16 Jul 2012 14:01:42 +0200
++
  sudo (1.8.5p2-1) unstable; urgency=low
    * new upstream version
@@ -723,6 +1639,54 @@ sudo (1.8.5p2-1) unstable; urgency=low
   -- Bdale Garbee <bdale@gag.com>  Thu, 28 Jun 2012 12:01:37 -0600
++sudo (1.8.3p2-1ubuntu2) quantal; urgency=low
++
++  * debian/patches/pam_env_merge.patch: Merge the PAM environment into the
++    user environment (LP: #982684)
++  * debian/sudo.pam: Use pam_env to read /etc/environment and
++    /etc/default/locale environment files. Reading ~/.pam_environment is not
++    permitted due to security reasons.
++
++ -- Tyler Hicks <tyhicks@canonical.com>  Mon, 21 May 2012 00:48:10 -0500
++
++sudo (1.8.3p2-1ubuntu1) quantal; urgency=low
++
++  * Merge from debian/testing, remaining changes:
++    - debian/patches/keep_home_by_default.patch:
++      + Set HOME in initial_keepenv_table. (rebased for 1.8.3p1)
++    - debian/patches/lp927828-fix-abort-in-pam-modules-when-timestamp-valid.patch
++      + Fix Abort in some PAM modules when timestamp is valid. (LP: #927828)
++    - debian/patches/CVE-2012-2337.patch: Don't perform IPv6 checks on IPv4
++      addresses. Based on upstream patch.
++    - debian/rules:
++      + compile with --without-lecture --with-tty-tickets (Ubuntu specific)
++      + install man/man8/sudo_root.8 in both flavours (Ubuntu specific)
++      + install apport hooks
++      + The ubuntu-sudo-as-admin-successful.patch was taken upstream by
++        Debian however it requires a --enable-admin-flag configure flag to
++        actually enable it in both flavours.
++    - debian/control:
++      + Mark Debian Vcs-* as XS-Debian-Vcs-*
++      + update debian/control
++    - debian/sudoers:
++      + grant admin group sudo access
++    - debian/sudo-ldap.dirs, debian/sudo.dirs:
++      + add usr/share/apport/package-hooks
++    - debian/sudo.preinst:
++      + avoid conffile prompt by checking for known default /etc/sudoers
++        and if found installing the correct default /etc/sudoers file.
++        Modified for updated default sudoers. Aproach taken is different
++        from Debian. Maybe this should now be dropped, since an LTS was
++        released.
++
++  * Dropped changes:
++    - debian/patches/CVE-2012-0809.patch:
++      + dropped, included in this new upstream release.
++    - debian/patches/enable_badpass.patch:
++      + dropped as Debian chose to set this by default in the sudoers.
++
++ -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com>  Tue, 01 May 2012 16:12:45 +0100
++
  sudo (1.8.3p2-1) unstable; urgency=high
    * new upstream version, closes: #657985 (CVE-2012-0809)
@@ -753,6 +1717,66 @@ sudo (1.8.3p1-2) unstable; urgency=low
   -- Bdale Garbee <bdale@gag.com>  Sat, 12 Nov 2011 16:27:13 -0700
++sudo (1.8.3p1-1ubuntu5) quantal; urgency=low
++
++  * SECURITY UPDATE: Properly handle netmasks in sudoers Host and Host_List
++    values (LP: #1000276)
++    - debian/patches/CVE-2012-2337.patch: Don't perform IPv6 checks on IPv4
++      addresses. Based on upstream patch.
++    - CVE-2012-2337
++
++ -- Tyler Hicks <tyhicks@canonical.com>  Wed, 16 May 2012 09:42:17 -0500
++
++sudo (1.8.3p1-1ubuntu4) quantal; urgency=low
++
++  * Fix Abort in some PAM modules when timestamp is valid. (LP: #927828)
++
++ -- TJ (Ubuntu Contributions) <ubuntu@tjworld.net>  Mon, 30 Apr 2012 17:55:27 +0100
++
++sudo (1.8.3p1-1ubuntu3) precise; urgency=low
++
++  * SECURITY UPDATE: permissions bypass via format string
++    - debian/patches/CVE-2012-0809.patch: fix format string vulnerability
++      in src/sudo.c.
++    - CVE-2012-0809
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 31 Jan 2012 10:25:52 -0500
++
++sudo (1.8.3p1-1ubuntu2) precise; urgency=low
++
++  * debian/sudo.preinst:
++    - updated to avoid conffile prompt by migrating to the new sudoers file
++      changes in Precise. (LP: #894410)
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 24 Nov 2011 10:48:58 -0500
++
++sudo (1.8.3p1-1ubuntu1) precise; urgency=low
++
++  * Merge from debian/testing, remaining changes:
++    - debian/patches/keep_home_by_default.patch:
++      + Set HOME in initial_keepenv_table. (rebased for 1.8.3p1)
++    - debian/patches/enable_badpass.patch: turn on "mail_badpass" by default:
++      + attempting sudo without knowing a login password is as bad as not
++        being listed in the sudoers file, especially if getting the password
++        wrong means doing the access-check-email-notification never happens
++        (rebased for 1.8.3p1)
++    - debian/rules:
++      + compile with --without-lecture --with-tty-tickets (Ubuntu specific)
++      + install man/man8/sudo_root.8 (Ubuntu specific)
++      + install apport hooks
++      + The ubuntu-sudo-as-admin-successful.patch was taken upstream by
++        Debian however it requires a --enable-admin-flag configure flag to
++        actually enable it.
++    - debian/sudoers:
++      + grant admin group sudo access
++    - debian/sudo-ldap.dirs, debian/sudo.dirs:
++      + add usr/share/apport/package-hooks
++    - debian/sudo.preinst:
++      + avoid conffile prompt by checking for known default /etc/sudoers
++        and if found installing the correct default /etc/sudoers file
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Sun, 20 Nov 2011 12:07:45 -0500
++
  sudo (1.8.3p1-1) unstable; urgency=low
    * new upstream version, closes: #646478
@@ -795,6 +1819,33 @@ sudo (1.8.2-1) unstable; urgency=low
   -- Bdale Garbee <bdale@gag.com>  Wed, 24 Aug 2011 13:33:11 -0600
++sudo (1.7.4p6-1ubuntu2) oneiric; urgency=low
++
++  * debian/patches/enable_badpass.patch: turn on "mail_badpass" by default:
++    - attempting sudo without knowing a login password is as bad as not
++      being listed in the sudoers file, especially if getting the password
++      wrong means doing the access-check-email-notification never happens
++      (Closes: 641218).
++
++ -- Kees Cook <kees@ubuntu.com>  Sun, 11 Sep 2011 10:29:08 -0700
++
++sudo (1.7.4p6-1ubuntu1) oneiric; urgency=low
++
++  * Merge from debian/unstable, remaining changes:
++    - debian/patches/keep_home_by_default.patch:
++      + Set HOME in initial_keepenv_table.
++    - debian/rules:
++      + compile with --without-lecture --with-tty-tickets (Ubuntu specific)
++      + install man/man8/sudo_root.8 (Ubuntu specific)
++      + install apport hooks
++    - debian/sudoers:
++      + grant admin group sudo access
++    - debian/sudo-ldap.dirs, debian/sudo.dirs:
++      + add usr/share/apport/package-hooks
++  * drop debian/patches/CVE-2011-0010.patch, applied upstream now
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 23 May 2011 09:50:37 +0200
++
  sudo (1.7.4p6-1) unstable; urgency=low
    * new upstream version
@@ -811,6 +1862,77 @@ sudo (1.7.4p4-6) unstable; urgency=low
   -- Bdale Garbee <bdale@gag.com>  Tue, 11 Jan 2011 10:22:39 -0700
++sudo (1.7.4p4-5ubuntu8) oneiric; urgency=low
++
++  * debian/sudo.preinst:
++    - if well-known ec2 vmbuilder file is found, write a file in
++      sudoers.d for the 'ubuntu' user (LP: #768625)
++
++ -- Scott Moser <smoser@ubuntu.com>  Thu, 21 Apr 2011 18:04:34 -0400
++
++sudo (1.7.4p4-5ubuntu7) natty; urgency=low
++
++  * debian/sudo.preinst:
++    - do not consider the ec2 vmbuilder default sudoers file
++      verbatim as its actually customized (LP: #761689)
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 15 Apr 2011 16:40:10 +0200
++
++sudo (1.7.4p4-5ubuntu6) natty; urgency=low
++
++  * debian/patches/keep_home_by_default.patch: Set HOME in
++    initial_keepenv_table.  LP: #760140
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Wed, 13 Apr 2011 12:32:25 -0700
++
++sudo (1.7.4p4-5ubuntu5) natty; urgency=low
++
++  * debian/sudo.preinst:
++    - avoid conffile prompt by checking for known default /etc/sudoers
++      and if found installing the correct default /etc/sudoers file
++      (LP: #690873)
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 25 Mar 2011 09:13:43 +0100
++
++sudo (1.7.4p4-5ubuntu4) natty; urgency=low
++
++  * debian/rules: The ubuntu-sudo-as-admin-successful.patch was taken
++    upstream by Debian however it requires a --enable-admin-flag configure
++    flag to actually enable it.
++    (LP: #706045)
++
++ -- Bryce Harrington <bryce@ubuntu.com>  Thu, 10 Feb 2011 12:01:53 -0800
++
++sudo (1.7.4p4-5ubuntu3) natty; urgency=low
++
++  * SECURITY UPDATE: privilege escalation via -g when using group Runas_List
++    - debian/patches/CVE-2011-0010.patch: prompt for password when the user is
++      running sudo as himself but as a different group
++    - CVE-2011-0010
++
++ -- Jamie Strandboge <jamie@ubuntu.com>  Tue, 18 Jan 2011 16:37:09 -0600
++
++sudo (1.7.4p4-5ubuntu2) natty; urgency=low
++
++  * debian/sudoers: temporarily workaround LP #690873 by adding %admin
++    into the default sudoers file in case people just say "yes" to the
++    dpkg conffile prompt.
++
++ -- Kees Cook <kees@ubuntu.com>  Wed, 15 Dec 2010 15:38:17 -0800
++
++sudo (1.7.4p4-5ubuntu1) natty; urgency=low
++
++  * Merge from debian unstable (LP: #689025), remaining changes:
++    - debian/rules:
++      + compile with --without-lecture --with-tty-tickets (Ubuntu specific)
++      + install man/man8/sudo_root.8 (Ubuntu specific)
++      + install apport hooks
++    - debian/sudo-ldap.dirs, debian/sudo.dirs: add
++      usr/share/apport/package-hooks
++  * This upload also fixes: LP: #609645
++
++ -- Lorenzo De Liso <blackz@ubuntu.com>  Wed, 15 Dec 2010 21:32:57 +0100
++
  sudo (1.7.4p4-5) unstable; urgency=low
    * patch from Jakub Wilk to add noopt and nostrip build option support,
@@ -864,6 +1986,47 @@ sudo (1.7.4p4-1) unstable; urgency=high
   -- Bdale Garbee <bdale@gag.com>  Tue, 07 Sep 2010 12:22:42 -0600
++sudo (1.7.2p7-1ubuntu3) natty; urgency=low
++
++  * No-change upload to drop sizable upstream changelog.
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Mon, 22 Nov 2010 11:24:33 +0100
++
++sudo (1.7.2p7-1ubuntu2) maverick; urgency=low
++
++  * SECURITY UPDATE: privilege escalation via '-g' option when using
++    'user:group' in Runas_Spec
++    - debian/patches/CVE-2010-2956.patch: update match.c to verify both user
++      and group match sudoers when using '-g'
++    - CVE-2010-2956
++
++ -- Jamie Strandboge <jamie@ubuntu.com>  Tue, 31 Aug 2010 14:54:06 -0500
++
++sudo (1.7.2p7-1ubuntu1) maverick; urgency=low
++
++  * Merge from debian unstable.  Remaining changes:
++   - debian/rules:
++     - compile with --without-lecture --with-tty-tickets (Ubuntu specific)
++     - install man/man8/sudo_root.8 (Ubuntu specific)
++     - install apport hooks
++   - debian/sudo-ldap.dirs, debian/sudo.dirs: add
++     usr/share/apport/package-hooks
++   - debian/patches/ubuntu-sudo-as-admin-successful.patch: adjust sudo.c so
++     that if the user successfully authenticated and he is in the 'admin'
++     group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
++     profile checks for this and displays a short intro about sudo if the flag
++     is not present
++  * Dropped the following, now included upstream:
++    - fix for CVE-2010-1163
++    - fix for CVE-2010-0426
++    - debian/sudo.postinst, debian/sudo-ldap.postinst: update description to
++      match behavior in sudoers file
++    - don't install init script. Debian moved to /var/lib/sudo from
++      /var/run/sudo, so Ubuntu's tmpfs usage won't clean those out
++      automatically any more, so we now need the initscript.
++
++ -- Jamie Strandboge <jamie@ubuntu.com>  Tue, 06 Jul 2010 11:43:05 -0500
++
  sudo (1.7.2p7-1) unstable; urgency=high
    * new upstream release with security fix for secure path (CVE-2010-1646),
@@ -899,6 +2062,62 @@ sudo (1.7.2p5-1) unstable; urgency=low
   -- Bdale Garbee <bdale@gag.com>  Thu, 11 Mar 2010 15:44:53 -0700
++sudo (1.7.2p1-1ubuntu5) lucid; urgency=low
++
++  * SECURITY UPDATE: properly verify path in find_path.c for the 'sudoedit'
++    pseudo-command when running from the current working directory and
++    secure_path is disabled
++    - CVE-2010-XXXX
++
++ -- Jamie Strandboge <jamie@ubuntu.com>  Wed, 07 Apr 2010 15:35:36 -0500
++
++sudo (1.7.2p1-1ubuntu4) lucid; urgency=low
++
++  * env.c: Revert addition of "http_proxy" again. This was an Ubuntu specific
++    EBW hack, caused inconsistencies with other proxy variables (such as
++    https_proxy and ftp_proxy), made sudo incompatible to upstream
++    behaviour/documentation. This is solved in a much better way in apt itself
++    and gnome-network-properties now. (LP: #432631)
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Fri, 26 Mar 2010 18:48:18 +0100
++
++sudo (1.7.2p1-1ubuntu3) lucid; urgency=low
++
++  * debian/sudo.postinst, debian/sudo-ldap.postinst: update description to
++    match behaviour in sudoers file. (LP: #534090)
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Sun, 07 Mar 2010 19:49:39 -0500
++
++sudo (1.7.2p1-1ubuntu2) lucid; urgency=low
++
++  * SECURITY UPDATE: properly verify path for the 'sudoedit' pseudo-command
++    in match.c
++    - http://sudo.ws/repos/sudo/rev/88f3181692fe
++    - CVE-2010-0426
++
++ -- Jamie Strandboge <jamie@ubuntu.com>  Wed, 24 Feb 2010 16:50:11 -0600
++
++sudo (1.7.2p1-1ubuntu1) lucid; urgency=low
++
++  * Merge from debian testing.  Remaining changes:
++   - debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu
++     specific)
++   - Add debian/sudo_root.8: Explanation of root handling through sudo.
++     Install it in debian/rules. (Ubuntu specific)
++   - sudo.c: If the user successfully authenticated and he is in the 'admin'
++     group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
++     profile checks for this and displays a short intro about sudo if the
++     flag is not present. (Ubuntu specific)
++   - env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept
++     for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at
++     some point)
++   - debian/{rules,postinst,sudo-ldap.postinst}: Disable init script
++     installation. Debian reintroduced it because /var/run tmpfs is not the
++     default there, but has been on Ubuntu for ages.
++   - debian/{source_sudo.py,rules,sudo-ldap.dirs,sudo.dirs}: Add apport hook
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 08 Feb 2010 18:47:06 -0500
++
  sudo (1.7.2p1-1) unstable; urgency=low
    * new upstream version
@@ -926,6 +2145,40 @@ sudo (1.7.2-1) unstable; urgency=low
   -- Bdale Garbee <bdale@gag.com>  Wed, 15 Jul 2009 01:29:46 -0600
++sudo (1.7.0-1ubuntu3) lucid; urgency=low
++
++  * debian/{source_sudo.py,rules}: Add apport hook
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 29 Jan 2010 09:31:00 -0500
++
++sudo (1.7.0-1ubuntu2) karmic; urgency=low
++
++  * env.c: add logic similar to pam_env's stripping of single and double
++    quotes around /etc/environment env vars; fixes literal quotes in LANG when
++    using sudo -i; LP: #387262.
++
++ -- Loïc Minier <loic.minier@ubuntu.com>  Mon, 22 Jun 2009 18:03:45 +0200
++
++sudo (1.7.0-1ubuntu1) karmic; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++   - debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu
++     specific)
++   - Add debian/sudo_root.8: Explanation of root handling through sudo.
++     Install it in debian/rules. (Ubuntu specific)
++   - sudo.c: If the user successfully authenticated and he is in the 'admin'
++     group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
++     profile checks for this and displays a short intro about sudo if the
++     flag is not present. (Ubuntu specific)
++   - env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept
++     for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at
++     some point)
++   - debian/{rules,postinst,sudo-ldap.postinst}: Disable init script
++     installation. Debian reintroduced it because /var/run tmpfs is not the
++     default there, but has been on Ubuntu for ages.
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Mon, 11 May 2009 18:07:03 +0200
++
  sudo (1.7.0-1) unstable; urgency=low
    * new upstream version, closes: #510179, #128268, #520274, #508514
 diff --git a/debian/control b/debian/control
 index b5a73de..92387f8 100644
 --- a/debian/control
 +++ b/debian/control
@@ -1,7 +1,8 @@
  Source: sudo
  Section: admin
  Priority: optional
--Maintainer: Sudo Maintainers <sudo@packages.debian.org>
++Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
++XSBC-Original-Maintainer: Sudo Maintainers <sudo@packages.debian.org>
  Uploaders: Marc Haber <mh+debian-packages@zugschlus.de>,
    Hanno Wagner <wagner@debian.org>,
    Hilko Bengen <bengen@debian.org>,
 diff --git a/debian/etc/pam.d/sudo b/debian/etc/pam.d/sudo
 index 96e8906..7819ab1 100644
 --- a/debian/etc/pam.d/sudo
 +++ b/debian/etc/pam.d/sudo
@@ -3,6 +3,9 @@
  # Set up user limits from /etc/security/limits.conf.
  session    required   pam_limits.so
++session    required   pam_env.so readenv=1 user_readenv=0
++session    required   pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0
++
  @include common-auth
  @include common-account
  @include common-session-noninteractive
 diff --git a/debian/etc/pam.d/sudo-i b/debian/etc/pam.d/sudo-i
 index d638522..584b2d8 100644
 --- a/debian/etc/pam.d/sudo-i
 +++ b/debian/etc/pam.d/sudo-i
@@ -3,6 +3,9 @@
  # Set up user limits from /etc/security/limits.conf.
  session    required   pam_limits.so
++session    required   pam_env.so readenv=1 user_readenv=0
++session    required   pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0
++
  @include common-auth
  @include common-account
  @include common-session
 diff --git a/debian/etc/sudoers b/debian/etc/sudoers
 index b5da8e9..8b0fb7f 100644
 --- a/debian/etc/sudoers
 +++ b/debian/etc/sudoers
@@ -8,7 +8,7 @@
+ #
  Defaults	env_reset
  Defaults	mail_badpass
--Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
++Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
  # This fixes CVE-2005-4890 and possibly breaks some versions of kdesu
  # (#1011624, https://bugs.kde.org/show_bug.cgi?id=452532)
@@ -46,6 +46,9 @@ Defaults	use_pty
  # User privilege specification
  root	ALL=(ALL:ALL) ALL
++# Members of the admin group may gain root privileges
++%admin ALL=(ALL) ALL
++
  # Allow members of group sudo to execute any command
  %sudo	ALL=(ALL:ALL) ALL
 diff --git a/debian/sudo-ldap.init b/debian/sudo-ldap.init
 deleted file mode 100644
 index b907b8a..0000000
 --- a/debian/sudo-ldap.init
 +++ /dev/null
@@ -1,46 +0,0 @@
--#! /bin/sh
--
--### BEGIN INIT INFO
--# Provides:          sudo-ldap
--# Required-Start:    $local_fs $remote_fs
--# Required-Stop:
--# X-Start-Before:    rmnologin
--# Default-Start:     2 3 4 5
--# Default-Stop:
--# Short-Description: Provide limited super user privileges to specific users
--# Description: Provide limited super user privileges to specific users.
--### END INIT INFO
--
--. /lib/lsb/init-functions
--
--N=/etc/init.d/sudo-ldap
--
--set -e
--
--case "$1" in
--  start)
--	# make sure privileges don't persist across reboots
--	# if the /run/sudo directory doesn't exist, let's create it with the
--	# correct permissions and SELinux label
--        if ! [ -d /run/systemd/system ] ; then
--	        if [ -d /run/sudo ]
--	        then
--                        find /run/sudo -exec touch -d @0 '{}' \;
--	        else
--	        	mkdir /run/sudo /run/sudo/ts
--	        	chown root:root /run/sudo /run/sudo/ts
--	        	chmod 0711 /run/sudo
--	        	chmod 0700 /run/sudo/ts
--	        	[ -x /sbin/restorecon ] && /sbin/restorecon /run/sudo /run/sudo/ts
--	        fi
--	fi
--	;;
--  stop|reload|restart|force-reload|status)
--	;;
--  *)
--	echo "Usage: $N {start|stop|restart|force-reload|status}" >&2
--	exit 1
--	;;
--esac
--
--exit 0
 diff --git a/debian/sudo-ldap.manpages b/debian/sudo-ldap.manpages
 new file mode 100644
 index 0000000..72826b8
 --- /dev/null
 +++ b/debian/sudo-ldap.manpages
@@ -0,0 +1 @@
++debian/sudo_root.8
 diff --git a/debian/sudo.init b/debian/sudo.init
 deleted file mode 100644
 index 602d9bf..0000000
 --- a/debian/sudo.init
 +++ /dev/null
@@ -1,46 +0,0 @@
--#! /bin/sh
--
--### BEGIN INIT INFO
--# Provides:          sudo
--# Required-Start:    $local_fs $remote_fs
--# Required-Stop:
--# X-Start-Before:    rmnologin
--# Default-Start:     2 3 4 5
--# Default-Stop:
--# Short-Description: Provide limited super user privileges to specific users
--# Description: Provide limited super user privileges to specific users.
--### END INIT INFO
--
--. /lib/lsb/init-functions
--
--N=/etc/init.d/sudo
--
--set -e
--
--case "$1" in
--  start)
--	# make sure privileges don't persist across reboots
--	# if the /run/sudo directory doesn't exist, let's create it with the
--	# correct permissions and SELinux label
--        if ! [ -d /run/systemd/system ] ; then
--	        if [ -d /run/sudo ]
--	        then
--                        find /run/sudo -exec touch -d @0 '{}' \;
--	        else
--	        	mkdir /run/sudo /run/sudo/ts
--	        	chown root:root /run/sudo /run/sudo/ts
--	        	chmod 0711 /run/sudo
--	        	chmod 0700 /run/sudo/ts
--	        	[ -x /sbin/restorecon ] && /sbin/restorecon /run/sudo /run/sudo/ts
--	        fi
--	fi
--	;;
--  stop|reload|restart|force-reload|status)
--	;;
--  *)
--	echo "Usage: $N {start|stop|restart|force-reload|status}" >&2
--	exit 1
--	;;
--esac
--
--exit 0
 diff --git a/debian/sudo.manpages b/debian/sudo.manpages
 new file mode 100644
 index 0000000..72826b8
 --- /dev/null
 +++ b/debian/sudo.manpages
@@ -0,0 +1 @@
++debian/sudo_root.8
 diff --git a/debian/sudo_root.8 b/debian/sudo_root.8
 new file mode 100644
 index 0000000..47532ed
 --- /dev/null
 +++ b/debian/sudo_root.8
@@ -0,0 +1,138 @@
++.TH sudo_root 8 "February 8, 2006"
++
++.SH NAME
++sudo_root \- How to run administrative commands
++
++.SH SYNOPSIS
++
++.B sudo
++.I command
++
++.B sudo \-i
++
++.SH INTRODUCTION
++
++By default, the password for the user "root" (the system
++administrator) is locked. This means you cannot login as root or use
++su. Instead, the installer will set up sudo to allow the user that is
++created during install to run all administrative commands.
++
++This means that in the terminal you can use sudo for commands that
++require root privileges. All programs in the menu will use a graphical
++sudo to prompt for a password. When sudo asks for a password, it needs
++.B your password,
++this means that a root password is not needed.
++
++To run a command which requires root privileges in a terminal, simply
++prepend
++.B sudo
++in front of it. To get an interactive root shell, use
++.B sudo \-i\fR.
++
++.SH ALLOWING OTHER USERS TO RUN SUDO
++
++By default, only the user who installed the system is permitted to run
++sudo. To add more administrators, i. e. users who can run sudo, you
++have to add these users to the group 'sudo' by doing one of the
++following steps:
++
++.IP * 2
++In a shell, do
++
++.RS 4
++.B sudo adduser
++.I username
++.B sudo
++.RE
++
++.IP * 2
++Use the graphical "Users & Groups" program in the "System settings"
++menu to add the new user to the
++.B sudo
++group.
++
++.SH BENEFITS OF USING SUDO
++
++The benefits of leaving root disabled by default include the following:
++
++.IP * 2
++Users do not have to remember an extra password, which they are likely to forget.
++.IP * 2
++The installer is able to ask fewer questions.
++.IP * 2
++It avoids the "I can do anything" interactive login by default \- you
++will be prompted for a password before major changes can happen, which
++should make you think about the consequences of what you are doing.
++.IP * 2
++Sudo adds a log entry of the command(s) run (in \fB/var/log/auth.log\fR).
++.IP * 2
++Every attacker trying to brute\-force their way into your box will
++know it has an account named root and will try that first. What they
++do not know is what the usernames of your other users are.
++.IP * 2
++Allows easy transfer for admin rights, in a short term or long term
++period, by adding and removing users from the sudo group, while not
++compromising the root account.
++.IP * 2
++sudo can be set up with a much more fine\-grained security policy.
++.IP * 2
++On systems with more than one administrator using sudo avoids sharing
++a password amongst them.
++
++.SH DOWNSIDES OF USING SUDO
++
++Although for desktops the benefits of using sudo are great, there are
++possible issues which need to be noted:
++
++.IP * 2
++Redirecting the output of commands run with sudo can be confusing at
++first. For instance consider
++
++.RS 4
++.B sudo ls > /root/somefile
++.RE
++
++.RS 2
++will not work since it is the shell that tries to write to that file. You can use
++.RE
++
++.RS 4
++.B ls | sudo tee /root/somefile
++.RE
++
++.RS 2
++to get the behaviour you want.
++.RE
++
++.IP * 2
++In a lot of office environments the ONLY local user on a system is
++root. All other users are imported using NSS techniques such as
++nss\-ldap. To setup a workstation, or fix it, in the case of a network
++failure where nss\-ldap is broken, root is required. This tends to
++leave the system unusable. An extra local user, or an enabled root
++password is needed here.
++
++.SH GOING BACK TO A TRADITIONAL ROOT ACCOUNT
++
++.B This is not recommended!
++
++To enable the root account (i.e. set a password) use:
++
++.RS 4
++.B sudo passwd root
++.RE
++
++Afterwards, edit the sudo configuration with
++.B sudo visudo
++and comment out the line
++
++.RS 4
++%sudo  ALL=(ALL) ALL
++.RE
++
++to disable sudo access to members of the sudo group.
++
++.SH SEE ALSO
++.BR sudo (8),
++.B https://wiki.ubuntu.com/RootSudo
++
 diff --git a/debian/tests/04-getroot-sssd b/debian/tests/04-getroot-sssd
 index bcafaf8..286c9ab 100755
 --- a/debian/tests/04-getroot-sssd
 +++ b/debian/tests/04-getroot-sssd
@@ -45,6 +45,17 @@ kill $(pidof slapd) 2>/dev/null || true
  sleep 1
  printf "start slapd ... "
  slapd -h "ldaps:/// ldapi:///" -g openldap -u openldap -F /etc/ldap/slapd.d
++
++# Workaround for autopkgtest failing on s390x. See LP: #2026888
++# slapd is not responding properly yet when ldapmodify is called
++retries=3
++while ! ldapwhoami -Y external -H ldapi:/// > /dev/null 2>&1 && [ $retries -gt 0 ]
++do
++    echo "slapd is not ready yet..."
++    retries=$(($retries-1))
++    sleep 1
++done
++
  # ldapsearch -x -LLL -s base -b "" namingContexts should work here
  printf "set LDAP passwords"
  ldapmodify -Y external -H ldapi:/// -f ${LDIFDIR}/tls.ldif 2>/dev/null
 diff --git a/debian/tests/control b/debian/tests/control
 index abea94c..75e51a0 100644
 --- a/debian/tests/control
 +++ b/debian/tests/control
@@ -6,11 +6,15 @@ Tests: 02-1003969-audit-no-resolve
  Depends: sudo
  Restrictions: needs-root
--Tests: 03-getroot-ldap
--Depends: sudo-ldap, adduser, slapd, ldap-utils, cron
--Restrictions: needs-root
++# We cannot add 'sudo-ldap' as a Depends: as there is a removal conflict with
++# 'sudo' in Ubuntu and we need to pass the SUDO_FORCE_REMOVE env var to avoid
++# this. Removing sudo conflicts with autopkgtest-virt-ssh, so we skip this test
++# (except for armhf/LXD containers). Needs more investigation...
++Test-Command: systemd-detect-virt -q --container || exit 77; env SUDO_FORCE_REMOVE=yes apt-get -y install sudo-ldap && debian/tests/03-getroot-ldap
++Depends: adduser, slapd, ldap-utils, cron
++Restrictions: needs-root, skippable
++Features: test-name=03-getroot-ldap
  Tests: 04-getroot-sssd
  Depends: sudo, adduser, slapd, ldap-utils, sssd-common, sssd-ldap, cron
  Restrictions: needs-root
--

Ubuntusudo package

Merge ~danilogondolfo/ubuntu/+source/sudo:merge_mantic_lp2025655 into ubuntu/+source/sudo:debian/sid

Commit message

Description of the change

Unmerged commits

Preview Diff

Subscribers

Ubuntu
sudo package