Ubuntu
sudo package

lp:ubuntu/karmic-updates/sudo

  1. Karmic (9.10)
  2. karmic-updates
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/karmic-updates/sudo
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

35. By Jamie Strandboge

* SECURITY UPDATE: privilege escalation via -g when using group Runas_List
  - pwutil.c, sudo.h: add user_in_group(), backported from upstream commits
    48ca8c2eddf8, 72df368a8a0e and 6ebc55d4716b. This is intended to be used
    only with check.c to fix CVE-2011-0010 instead of doing the refactoring.
    Going forward, will need to look at this code also if a flaw is found in
    this refactored code. If needed, the refactoring work is in 48ca8c2eddf8
    and 6ebc55d4716b.
  - check.c: prompt for password when the user is running sudo as himself
    but as a different group. Based on fe8a94f96542.
  - CVE-2011-0010

34. By Jamie Strandboge

* SECURITY UPDATE: privilege escalation via '-g' option when using
  'user:group' in Runas_Spec
  - update match.c to verify both user and group match sudoers when using
    '-g'. Based on patch from upstream.
  - CVE-2010-2956

33. By Jamie Strandboge

* SECURITY UPDATE: properly handle multiple PATH variables when using
  secure_path in env.c
  - Adapted http://www.sudo.ws/repos/sudo/raw-rev/a09c6812eaec
  - CVE-2010-1646

32. By Jamie Strandboge

* SECURITY UPDATE: properly verify path in find_path.c for the 'sudoedit'
  pseudo-command when running from the current working directory and
  secure_path is disabled
  - CVE-2010-XXXX

31. By Jamie Strandboge

* SECURITY UPDATE: properly verify path for the 'sudoedit' pseudo-command
  in match.c
  - http://sudo.ws/repos/sudo/rev/88f3181692fe
  - CVE-2010-0426

30. By Loïc Minier

env.c: add logic similar to pam_env's stripping of single and double
quotes around /etc/environment env vars; fixes literal quotes in LANG when
using sudo -i; LP: #387262.

29. By Martin Pitt

* Merge from debian unstable, remaining changes:
 - debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu
   specific)
 - Add debian/sudo_root.8: Explanation of root handling through sudo.
   Install it in debian/rules. (Ubuntu specific)
 - sudo.c: If the user successfully authenticated and he is in the 'admin'
   group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
   profile checks for this and displays a short intro about sudo if the
   flag is not present. (Ubuntu specific)
 - env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept
   for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at
   some point)
 - debian/{rules,postinst,sudo-ldap.postinst}: Disable init script
   installation. Debian reintroduced it because /var/run tmpfs is not the
   default there, but has been on Ubuntu for ages.

28. By Kees Cook

* SECURITY UPDATE: privilege escalation via non-default system groups.
  - parse.c: upstream fix for CVE-2009-0034:
    http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c?r1=1.160.2.21&r2=1.160.2.22

27. By Martin Pitt

sudo.c: Drop usage of locale again, to revert back to the 1.6.8 behaviour.
fnmatch() and glob() behave differently under different locales and thus
cause undefined behaviour with (admittedly underspecified) character range
globs such as "[a-Z]". Patch taken from upstream CVS, see
http://www.gratisoft.us/bugzilla/show_bug.cgi?id=296 (LP: #228046)

26. By Martin Pitt

* Merge from debian unstable, remaining changes:
 - debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu
   specific)
 - Add debian/sudo_root.8: Explanation of root handling through sudo.
   Install it in debian/rules. (Ubuntu specific)
 - sudo.c: If the user successfully authenticated and he is in the 'admin'
   group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
   profile checks for this and displays a short intro about sudo if the
   flag is not present. (Ubuntu specific)
 - env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept
   for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at
   some point)
* debian/{rules,postinst,sudo-ldap.postinst}: Disable init script
  installation. Debian reintroduced it because /var/run tmpfs is not the
  default there, but has been on Ubuntu for ages.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/lucid/sudo
This branch contains Public information 
Everyone can see this information.

Subscribers