lp:ubuntu/maverick/sudo
- Get this branch:
- bzr branch lp:ubuntu/maverick/sudo
Branch merges
Branch information
Recent revisions
- 38. By Jamie Strandboge
-
* SECURITY UPDATE: privilege escalation via '-g' option when using
'user:group' in Runas_Spec
- debian/patches/ CVE-2010- 2956.patch: update match.c to verify both user
and group match sudoers when using '-g'
- CVE-2010-2956 - 37. By Jamie Strandboge
-
* Merge from debian unstable. Remaining changes:
- debian/rules:
- compile with --without-lecture --with-tty-tickets (Ubuntu specific)
- install man/man8/sudo_root. 8 (Ubuntu specific)
- install apport hooks
- debian/sudo-ldap. dirs, debian/sudo.dirs: add
usr/share/apport/ package- hooks
- debian/patches/ ubuntu- sudo-as- admin-successfu l.patch: adjust sudo.c so
that if the user successfully authenticated and he is in the 'admin'
group, then create a stamp ~/.sudo_as_admin_ successful. Our default bash
profile checks for this and displays a short intro about sudo if the flag
is not present
* Dropped the following, now included upstream:
- fix for CVE-2010-1163
- fix for CVE-2010-0426
- debian/sudo.postinst, debian/ sudo-ldap. postinst: update description to
match behavior in sudoers file
- don't install init script. Debian moved to /var/lib/sudo from
/var/run/sudo, so Ubuntu's tmpfs usage won't clean those out
automatically any more, so we now need the initscript. - 36. By Jamie Strandboge
-
* SECURITY UPDATE: properly verify path in find_path.c for the 'sudoedit'
pseudo-command when running from the current working directory and
secure_path is disabled
- CVE-2010-XXXX - 35. By Martin Pitt
-
env.c: Revert addition of "http_proxy" again. This was an Ubuntu specific
EBW hack, caused inconsistencies with other proxy variables (such as
https_proxy and ftp_proxy), made sudo incompatible to upstream
behaviour/documentation. This is solved in a much better way in apt itself
and gnome-network-properties now. (LP: #432631) - 34. By Marc Deslauriers
-
debian/
sudo.postinst, debian/ sudo-ldap. postinst: update description to
match behaviour in sudoers file. (LP: #534090) - 33. By Jamie Strandboge
-
* SECURITY UPDATE: properly verify path for the 'sudoedit' pseudo-command
in match.c
- http://sudo.ws/ repos/sudo/ rev/88f3181692f e
- CVE-2010-0426 - 32. By Marc Deslauriers
-
* Merge from debian testing. Remaining changes:
- debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu
specific)
- Add debian/sudo_root.8: Explanation of root handling through sudo.
Install it in debian/rules. (Ubuntu specific)
- sudo.c: If the user successfully authenticated and he is in the 'admin'
group, then create a stamp ~/.sudo_as_admin_ successful. Our default bash
profile checks for this and displays a short intro about sudo if the
flag is not present. (Ubuntu specific)
- env.c: Add "http_proxy" to initial_keepenv_ table, so that it is kept
for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at
some point)
- debian/{rules, postinst, sudo-ldap. postinst} : Disable init script
installation. Debian reintroduced it because /var/run tmpfs is not the
default there, but has been on Ubuntu for ages.
- debian/{source_ sudo.py, rules,sudo- ldap.dirs, sudo.dirs} : Add apport hook - 30. By Loïc Minier
-
env.c: add logic similar to pam_env's stripping of single and double
quotes around /etc/environment env vars; fixes literal quotes in LANG when
using sudo -i; LP: #387262. - 29. By Martin Pitt
-
* Merge from debian unstable, remaining changes:
- debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu
specific)
- Add debian/sudo_root.8: Explanation of root handling through sudo.
Install it in debian/rules. (Ubuntu specific)
- sudo.c: If the user successfully authenticated and he is in the 'admin'
group, then create a stamp ~/.sudo_as_admin_ successful. Our default bash
profile checks for this and displays a short intro about sudo if the
flag is not present. (Ubuntu specific)
- env.c: Add "http_proxy" to initial_keepenv_ table, so that it is kept
for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at
some point)
- debian/{rules, postinst, sudo-ldap. postinst} : Disable init script
installation. Debian reintroduced it because /var/run tmpfs is not the
default there, but has been on Ubuntu for ages.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/natty/sudo