lp:ubuntu/lucid-proposed/sudo
- Get this branch:
- bzr branch lp:ubuntu/lucid-proposed/sudo
Branch merges
Branch information
Recent revisions
- 41. By Marc Deslauriers
-
* toke.{cl}: avoid duplicate fclose() of the sudoers file (LP: #553786)
- http://www.sudo. ws/repos/ sudo/rev/ 164d39108dde - 40. By Tyler Hicks
-
* SECURITY UPDATE: Properly handle multiple netmasks in sudoers Host and
Host_List values
- match.c: Prevent IPv6 netmask-based address matching logic from
incorrectly being applied to IPv4 addresses. Based on upstream patch
written by Todd C. Miller.
- CVE-2012-2337 - 39. By Jamie Strandboge
-
* SECURITY UPDATE: privilege escalation via -g when using group Runas_List
- pwutil.c, sudo.h: add user_in_group(), backported from upstream commits
48ca8c2eddf8, 72df368a8a0e and 6ebc55d4716b. This is intended to be used
only with check.c to fix CVE-2011-0010 instead of doing the refactoring.
Going forward, will need to look at this code also if a flaw is found in
this refactored code. If needed, the refactoring work is in 48ca8c2eddf8
and 6ebc55d4716b.
- check.c: prompt for password when the user is running sudo as himself
but as a different group. Backported from fe8a94f96542.
- CVE-2011-0010 - 38. By Jamie Strandboge
-
* SECURITY UPDATE: privilege escalation via '-g' option when using
'user:group' in Runas_Spec
- update match.c to verify both user and group match sudoers when using
'-g'. Patch thanks to upstream.
- CVE-2010-2956 - 37. By Jamie Strandboge
-
* SECURITY UPDATE: properly handle multiple PATH variables when using
secure_path in env.c
- http://www.sudo. ws/repos/ sudo/raw- rev/a09c6812eae c
- CVE-2010-1646 - 36. By Jamie Strandboge
-
* SECURITY UPDATE: properly verify path in find_path.c for the 'sudoedit'
pseudo-command when running from the current working directory and
secure_path is disabled
- CVE-2010-XXXX - 35. By Martin Pitt
-
env.c: Revert addition of "http_proxy" again. This was an Ubuntu specific
EBW hack, caused inconsistencies with other proxy variables (such as
https_proxy and ftp_proxy), made sudo incompatible to upstream
behaviour/documentation. This is solved in a much better way in apt itself
and gnome-network-properties now. (LP: #432631) - 34. By Marc Deslauriers
-
debian/
sudo.postinst, debian/ sudo-ldap. postinst: update description to
match behaviour in sudoers file. (LP: #534090) - 33. By Jamie Strandboge
-
* SECURITY UPDATE: properly verify path for the 'sudoedit' pseudo-command
in match.c
- http://sudo.ws/ repos/sudo/ rev/88f3181692f e
- CVE-2010-0426 - 32. By Marc Deslauriers
-
* Merge from debian testing. Remaining changes:
- debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu
specific)
- Add debian/sudo_root.8: Explanation of root handling through sudo.
Install it in debian/rules. (Ubuntu specific)
- sudo.c: If the user successfully authenticated and he is in the 'admin'
group, then create a stamp ~/.sudo_as_admin_ successful. Our default bash
profile checks for this and displays a short intro about sudo if the
flag is not present. (Ubuntu specific)
- env.c: Add "http_proxy" to initial_keepenv_ table, so that it is kept
for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at
some point)
- debian/{rules, postinst, sudo-ldap. postinst} : Disable init script
installation. Debian reintroduced it because /var/run tmpfs is not the
default there, but has been on Ubuntu for ages.
- debian/{source_ sudo.py, rules,sudo- ldap.dirs, sudo.dirs} : Add apport hook
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/raring/sudo