lp:ubuntu/raring/sudo

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

62. By Marc Deslauriers on 2013-02-27

* SECURITY UPDATE: authentication bypass via clock set to epoch
  - debian/patches/CVE-2013-1775.patch: ignore time stamp file if it is
    set to epoch in plugins/sudoers/check.c.
  - CVE-2013-1775

61. By Stéphane Graber on 2012-12-07

The latest sssd upload dropped the soname from libsss_sudo.so, so we
can now drop our sudo delta and just use libsss_sudo.so directly.

60. By Stéphane Graber on 2012-11-16

* New upstream release (1.8.6p3).
* Add patch to fix building with sssd when ldap is disabled.
* Drop sudo.manpages and sudo-ldap.manpages as the upstream build system
  now does the right thing here.
* Build the main sudo package with support for sssd, this doesn't add any
  additional build time or runtime dependency. sudo will dynamically load
  the sssd library if 'sss' is listed for the 'sudoers' nss service.

59. By Tyler Hicks on 2012-07-16

* Merge from debian/testing (LP: #1024154), remaining changes:
  - debian/patches/keep_home_by_default.patch:
    + Set HOME in initial_keepenv_table.
  - debian/rules:
    + compile with --without-lecture --with-tty-tickets (Ubuntu specific)
    + install man/man8/sudo_root.8 in both flavours (Ubuntu specific)
    + install apport hooks
    + The ubuntu-sudo-as-admin-successful.patch was taken upstream by
      Debian however it requires a --enable-admin-flag configure flag to
      actually enable it in both flavours.
  - debian/control:
    + Mark Debian Vcs-* as XS-Debian-Vcs-*
    + update debian/control
  - debian/sudoers:
    + grant admin group sudo access
  - debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
    + add usr/share/apport/package-hooks
  - debian/sudo.pam:
    + Use pam_env to read /etc/environment and /etc/default/locale
      environment files. Reading ~/.pam_environment is not permitted due to
      security reasons.
* Dropped changes:
  - debian/patches/lp927828-fix-abort-in-pam-modules-when-timestamp-valid.patch
    + Fixed upstream in 1.8.5
  - debian/patches/CVE-2012-2337.patch:
    + Fixed upstream in 1.8.4p5
  - debian/patches/pam_env_merge.patch:
    + Feature released upstream in 1.8.5
  - debian/{sudo,sudo-ldap}.{preinst,postinst,postrm}:
    + Drop Ubuntu-specific sudoers file migration code because the only
      upgrade path to quantal is from precise. All necessary sudoers file
      migration will have already been done by the time this version of the
      sudo package is installed.

58. By Steve Langasek on 2012-05-23

* debian/patches/pam_env_merge.patch: Merge the PAM environment into the
  user environment (LP: #982684)
* debian/sudo.pam: Use pam_env to read /etc/environment and
  /etc/default/locale environment files. Reading ~/.pam_environment is not
  permitted due to security reasons.

57. By Steve Langasek on 2012-05-23

Merge version 1.8.3p2-1

56. By Tyler Hicks on 2012-05-16

* SECURITY UPDATE: Properly handle netmasks in sudoers Host and Host_List
  values (LP: #1000276)
  - debian/patches/CVE-2012-2337.patch: Don't perform IPv6 checks on IPv4
    addresses. Based on upstream patch.
  - CVE-2012-2337

55. By TJ (Ubuntu Contributions) on 2012-04-30

Fix Abort in some PAM modules when timestamp is valid. (LP: #927828)

54. By Marc Deslauriers on 2012-01-31

* SECURITY UPDATE: permissions bypass via format string
  - debian/patches/CVE-2012-0809.patch: fix format string vulnerability
    in src/sudo.c.
  - CVE-2012-0809

53. By Marc Deslauriers on 2011-11-24

* debian/sudo.preinst:
  - updated to avoid conffile prompt by migrating to the new sudoers file
    changes in Precise. (LP: #894410)