Ubuntu
sudo package

lp:ubuntu/maverick/sudo

  1. Maverick (10.10)
  2. maverick
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/maverick/sudo
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

38. By Jamie Strandboge

* SECURITY UPDATE: privilege escalation via '-g' option when using
  'user:group' in Runas_Spec
  - debian/patches/CVE-2010-2956.patch: update match.c to verify both user
    and group match sudoers when using '-g'
  - CVE-2010-2956

37. By Jamie Strandboge

* Merge from debian unstable. Remaining changes:
 - debian/rules:
   - compile with --without-lecture --with-tty-tickets (Ubuntu specific)
   - install man/man8/sudo_root.8 (Ubuntu specific)
   - install apport hooks
 - debian/sudo-ldap.dirs, debian/sudo.dirs: add
   usr/share/apport/package-hooks
 - debian/patches/ubuntu-sudo-as-admin-successful.patch: adjust sudo.c so
   that if the user successfully authenticated and he is in the 'admin'
   group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
   profile checks for this and displays a short intro about sudo if the flag
   is not present
* Dropped the following, now included upstream:
  - fix for CVE-2010-1163
  - fix for CVE-2010-0426
  - debian/sudo.postinst, debian/sudo-ldap.postinst: update description to
    match behavior in sudoers file
  - don't install init script. Debian moved to /var/lib/sudo from
    /var/run/sudo, so Ubuntu's tmpfs usage won't clean those out
    automatically any more, so we now need the initscript.

36. By Jamie Strandboge

* SECURITY UPDATE: properly verify path in find_path.c for the 'sudoedit'
  pseudo-command when running from the current working directory and
  secure_path is disabled
  - CVE-2010-XXXX

35. By Martin Pitt

env.c: Revert addition of "http_proxy" again. This was an Ubuntu specific
EBW hack, caused inconsistencies with other proxy variables (such as
https_proxy and ftp_proxy), made sudo incompatible to upstream
behaviour/documentation. This is solved in a much better way in apt itself
and gnome-network-properties now. (LP: #432631)

34. By Marc Deslauriers

debian/sudo.postinst, debian/sudo-ldap.postinst: update description to
match behaviour in sudoers file. (LP: #534090)

33. By Jamie Strandboge

* SECURITY UPDATE: properly verify path for the 'sudoedit' pseudo-command
  in match.c
  - http://sudo.ws/repos/sudo/rev/88f3181692fe
  - CVE-2010-0426

32. By Marc Deslauriers

* Merge from debian testing. Remaining changes:
 - debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu
   specific)
 - Add debian/sudo_root.8: Explanation of root handling through sudo.
   Install it in debian/rules. (Ubuntu specific)
 - sudo.c: If the user successfully authenticated and he is in the 'admin'
   group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
   profile checks for this and displays a short intro about sudo if the
   flag is not present. (Ubuntu specific)
 - env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept
   for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at
   some point)
 - debian/{rules,postinst,sudo-ldap.postinst}: Disable init script
   installation. Debian reintroduced it because /var/run tmpfs is not the
   default there, but has been on Ubuntu for ages.
 - debian/{source_sudo.py,rules,sudo-ldap.dirs,sudo.dirs}: Add apport hook

31. By Marc Deslauriers

debian/{source_sudo.py,rules}: Add apport hook

30. By Loïc Minier

env.c: add logic similar to pam_env's stripping of single and double
quotes around /etc/environment env vars; fixes literal quotes in LANG when
using sudo -i; LP: #387262.

29. By Martin Pitt

* Merge from debian unstable, remaining changes:
 - debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu
   specific)
 - Add debian/sudo_root.8: Explanation of root handling through sudo.
   Install it in debian/rules. (Ubuntu specific)
 - sudo.c: If the user successfully authenticated and he is in the 'admin'
   group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
   profile checks for this and displays a short intro about sudo if the
   flag is not present. (Ubuntu specific)
 - env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept
   for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at
   some point)
 - debian/{rules,postinst,sudo-ldap.postinst}: Disable init script
   installation. Debian reintroduced it because /var/run tmpfs is not the
   default there, but has been on Ubuntu for ages.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/natty/sudo
This branch contains Public information 
Everyone can see this information.

Subscribers