New changelog entries:
* SECURITY UPDATE: buffer overflow in sudo when pwfeedback is enabled
- debian/patches/CVE-2019-18634.patch: fix overflow in src/tgetpass.c.
- CVE-2019-18634
New changelog entries:
* SECURITY UPDATE: privilege escalation via UID -1
- debian/patches/CVE-2019-14287.patch: treat an ID of -1 as invalid
in lib/util/strtoid.c.
- CVE-2019-14287
- debian/patches/CVE-2019-14287-2.patch: fix and add to tests in
lib/util/regress/atofoo/atofoo_test.c,
plugins/sudoers/regress/testsudoers/test5.out.ok,
plugins/sudoers/regress/testsudoers/test5.sh.
- CVE-2019-14287
New changelog entries:
* Merge from Debian unstable.
Remaining changes:
- debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
shipping init script and service file, as they are no longer
necessary.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due to
security reasons.
- debian/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/control, debian/rules:
+ use dh-autoreconf
- Remaining patches:
+ keep_home_by_default.patch: Keep HOME in the default environment
New changelog entries:
[ Bdale Garbee ]
* new upstream version
* don't deliver /etc/sudoers.dist, closes: #862309
* whitelist DPKG_COLORS env var, closes: #823368
[ Laurent Bigonville ]
* debian/sudo*.postinst: Drop /var/run/sudo -> /var/lib/sudo migration code,
this migration happened in 2010 and that code is not necessary anymore
* Move timestamp files to /run/sudo, with systemd the directory is
created/cleaned by tmpfiles.d now, the sudo initscript/service is not
doing anything in that case anymore (Closes: #786555)
* debian/sudo*.postinst: Move the debhelper marker before the creation of
the sudo group, this way the snippets added by debhelper will be executed
even if the group already exists. (Closes: #870456)