lp:ubuntu/quantal-security/sudo

Created by Ubuntu Package Importer on 2013-02-28 and last modified on 2014-03-13
Get this branch:
bzr branch lp:ubuntu/quantal-security/sudo
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

61. By Marc Deslauriers on 2014-03-11

debian/sudo.sudo.init, debian/sudo-ldap.sudo.init: Set timestamps to
epoch in init scripts so they are properly invalidated. (LP: #1223297)

60. By Marc Deslauriers on 2013-02-27

* SECURITY UPDATE: authentication bypass via clock set to epoch
  - debian/patches/CVE-2013-1775.patch: ignore time stamp file if it is
    set to epoch in plugins/sudoers/check.c.
  - CVE-2013-1775

59. By Tyler Hicks on 2012-07-16

* Merge from debian/testing (LP: #1024154), remaining changes:
  - debian/patches/keep_home_by_default.patch:
    + Set HOME in initial_keepenv_table.
  - debian/rules:
    + compile with --without-lecture --with-tty-tickets (Ubuntu specific)
    + install man/man8/sudo_root.8 in both flavours (Ubuntu specific)
    + install apport hooks
    + The ubuntu-sudo-as-admin-successful.patch was taken upstream by
      Debian however it requires a --enable-admin-flag configure flag to
      actually enable it in both flavours.
  - debian/control:
    + Mark Debian Vcs-* as XS-Debian-Vcs-*
    + update debian/control
  - debian/sudoers:
    + grant admin group sudo access
  - debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
    + add usr/share/apport/package-hooks
  - debian/sudo.pam:
    + Use pam_env to read /etc/environment and /etc/default/locale
      environment files. Reading ~/.pam_environment is not permitted due to
      security reasons.
* Dropped changes:
  - debian/patches/lp927828-fix-abort-in-pam-modules-when-timestamp-valid.patch
    + Fixed upstream in 1.8.5
  - debian/patches/CVE-2012-2337.patch:
    + Fixed upstream in 1.8.4p5
  - debian/patches/pam_env_merge.patch:
    + Feature released upstream in 1.8.5
  - debian/{sudo,sudo-ldap}.{preinst,postinst,postrm}:
    + Drop Ubuntu-specific sudoers file migration code because the only
      upgrade path to quantal is from precise. All necessary sudoers file
      migration will have already been done by the time this version of the
      sudo package is installed.

58. By Steve Langasek on 2012-05-23

* debian/patches/pam_env_merge.patch: Merge the PAM environment into the
  user environment (LP: #982684)
* debian/sudo.pam: Use pam_env to read /etc/environment and
  /etc/default/locale environment files. Reading ~/.pam_environment is not
  permitted due to security reasons.

57. By Steve Langasek on 2012-05-23

Merge version 1.8.3p2-1

56. By Tyler Hicks on 2012-05-16

* SECURITY UPDATE: Properly handle netmasks in sudoers Host and Host_List
  values (LP: #1000276)
  - debian/patches/CVE-2012-2337.patch: Don't perform IPv6 checks on IPv4
    addresses. Based on upstream patch.
  - CVE-2012-2337

55. By TJ (Ubuntu Contributions) on 2012-04-30

Fix Abort in some PAM modules when timestamp is valid. (LP: #927828)

54. By Marc Deslauriers on 2012-01-31

* SECURITY UPDATE: permissions bypass via format string
  - debian/patches/CVE-2012-0809.patch: fix format string vulnerability
    in src/sudo.c.
  - CVE-2012-0809

53. By Marc Deslauriers on 2011-11-24

* debian/sudo.preinst:
  - updated to avoid conffile prompt by migrating to the new sudoers file
    changes in Precise. (LP: #894410)

52. By Marc Deslauriers on 2011-11-20

* Merge from debian/testing, remaining changes:
  - debian/patches/keep_home_by_default.patch:
    + Set HOME in initial_keepenv_table. (rebased for 1.8.3p1)
  - debian/patches/enable_badpass.patch: turn on "mail_badpass" by default:
    + attempting sudo without knowing a login password is as bad as not
      being listed in the sudoers file, especially if getting the password
      wrong means doing the access-check-email-notification never happens
      (rebased for 1.8.3p1)
  - debian/rules:
    + compile with --without-lecture --with-tty-tickets (Ubuntu specific)
    + install man/man8/sudo_root.8 (Ubuntu specific)
    + install apport hooks
    + The ubuntu-sudo-as-admin-successful.patch was taken upstream by
      Debian however it requires a --enable-admin-flag configure flag to
      actually enable it.
  - debian/sudoers:
    + grant admin group sudo access
  - debian/sudo-ldap.dirs, debian/sudo.dirs:
    + add usr/share/apport/package-hooks
  - debian/sudo.preinst:
    + avoid conffile prompt by checking for known default /etc/sudoers
      and if found installing the correct default /etc/sudoers file

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/raring/sudo
This branch contains Public information 
Everyone can see this information.

Subscribers