lp:ubuntu/hardy-updates/sudo
- Get this branch:
- bzr branch lp:ubuntu/hardy-updates/sudo
Branch merges
Branch information
Recent revisions
- 28. By Marc Deslauriers
-
* SECURITY UPDATE: authentication bypass via clock set to epoch
- debian/patches/ CVE-2013- 1775.patch: ignore time stamp file if it is
set to epoch in check.c.
- backported from ddf399e3e306ca238f6f1cda815388 9b15bba12e
- CVE-2013-1775 - 27. By Tyler Hicks
-
* SECURITY UPDATE: Properly handle multiple netmasks in sudoers Host and
Host_List values
- parse.c: Prevent IPv6 netmask-based address matching logic from
incorrectly being applied to IPv4 addresses. Based on upstream patch
written by Todd C. Miller.
- CVE-2012-2337 - 26. By Jamie Strandboge
-
* SECURITY UPDATE: properly handle multiple PATH variables when using
secure_path in env.c
- http://www.sudo. ws/repos/ sudo/raw- rev/3057fde43cf 0
- CVE-2010-1646 - 25. By Jamie Strandboge
-
* SECURITY UPDATE: properly verify path in find_path.c for the 'sudoedit'
pseudo-command when running from the current working directory and
secure_path is disabled
- CVE-2010-XXXX - 24. By Jamie Strandboge
-
* SECURITY UPDATE: properly verify path for the 'sudoedit' pseudo-command
in parse.c
- http://sudo.ws/ repos/sudo/ rev/f86e1b56d07 4
- CVE-2010-0426
* SECURITY UPDATE: reset cached supplementary runas groups when changing
the runas user in set_perms.c and sudo.c
- http://sudo.ws/ repos/sudo/ rev/aa0b6c01c46 2
- CVE-2010-0427 - 23. By Kees Cook
-
* SECURITY UPDATE: privilege escalation via non-default system groups.
- parse.c: upstream fix for CVE-2009-0034:
http://www.sudo. ws/cgi- bin/cvsweb/ sudo/parse. c?r1=1. 160.2.21& r2=1.160. 2.22 - 22. By Martin Pitt
-
env.c: Add "http_proxy" to initial_
keepenv_ table, so that it is kept
for "sudo apt-get ...". This is an EBW workaround for a design problem of
not having a system-wide proxy setting, but in order to not break existing
practice for upgrades we have to live with it for Hardy. - 20. By Martin Pitt
-
* Merge with Debian unstable. Remaining Ubuntu changes:
- debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu
specific)
- Add debian/sudo_root.8: Explanation of root handling through sudo.
Install it in debian/rules. (Ubuntu specific)
- sudo.c: If the user successfully authenticated and he is in the 'admin'
group, then create a stamp ~/.sudo_as_admin_ successful. Our default bash
profile checks for this and displays a short intro about sudo if the
flag is not present. (Ubuntu specific)
* The password prompt asks for the target user's password now, not the
invoking one's. (LP: #148498) - 19. By Martin Pitt
-
* Merge with Debian unstable. Remaining Ubuntu changes:
- debian/prerm: Abort package removal if there is no root password.
(Debian #451241).
- debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu
specific)
- Add debian/sudo_root.8: Explanation of root handling through sudo.
Install it in debian/rules. (Ubuntu specific)
- sudo.c: If the user successfully authenticated and he is in the 'admin'
group, then create a stamp ~/.sudo_as_admin_ successful. Our default bash
profile checks for this and displays a short intro about sudo if the
flag is not present. (Ubuntu specific)
* sudo.c, parse.c: Apply a change that was missing from the older upstream
tarball that fixes the upstream solution of "SETENV is implicit for ALL".
We do not want to deviate our orig.tar.gz from Debian's, though.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/sudo