ubuntu/+source/sudo:ubuntu/hardy-updates

Last commit made on 2013-02-28
Get this branch:
git clone -b ubuntu/hardy-updates https://git.launchpad.net/ubuntu/+source/sudo
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/hardy-updates
Repository:
lp:ubuntu/+source/sudo

Recent commits

7302b64... by Marc Deslauriers on 2013-02-27

Import patches-unapplied version 1.6.9p10-1ubuntu3.10 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 3d0a9db1af4ac7f91afe294dffec5cb47fabd182

New changelog entries:
  * SECURITY UPDATE: authentication bypass via clock set to epoch
    - debian/patches/CVE-2013-1775.patch: ignore time stamp file if it is
      set to epoch in check.c.
    - backported from ddf399e3e306ca238f6f1cda8153889b15bba12e
    - CVE-2013-1775

3d0a9db... by Tyler Hicks on 2012-05-16

Import patches-unapplied version 1.6.9p10-1ubuntu3.9 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 71cf0b3b317cec4297f270adcdcf02f00e54d94f

New changelog entries:
  * SECURITY UPDATE: Properly handle multiple netmasks in sudoers Host and
    Host_List values
    - parse.c: Prevent IPv6 netmask-based address matching logic from
      incorrectly being applied to IPv4 addresses. Based on upstream patch
      written by Todd C. Miller.
    - CVE-2012-2337

71cf0b3... by Jamie Strandboge on 2010-06-18

Import patches-unapplied version 1.6.9p10-1ubuntu3.8 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 08f76f858b58767a51f705304e35ce8bd07ad3b9

New changelog entries:
  * SECURITY UPDATE: properly handle multiple PATH variables when using
    secure_path in env.c
    - http://www.sudo.ws/repos/sudo/raw-rev/3057fde43cf0
    - CVE-2010-1646

08f76f8... by Jamie Strandboge on 2010-04-13

Import patches-unapplied version 1.6.9p10-1ubuntu3.7 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: eaf01e7a9d7335e1c9f12ce15e62f2722949afa4

New changelog entries:
  * SECURITY UPDATE: properly verify path in find_path.c for the 'sudoedit'
    pseudo-command when running from the current working directory and
    secure_path is disabled
    - CVE-2010-XXXX

eaf01e7... by Jamie Strandboge on 2010-02-25

Import patches-unapplied version 1.6.9p10-1ubuntu3.6 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 5eacb149845685686aec43bd2e1f77ffcd6224b9

New changelog entries:
  * SECURITY UPDATE: properly verify path for the 'sudoedit' pseudo-command
    in parse.c
    - http://sudo.ws/repos/sudo/rev/f86e1b56d074
    - CVE-2010-0426
  * SECURITY UPDATE: reset cached supplementary runas groups when changing
    the runas user in set_perms.c and sudo.c
    - http://sudo.ws/repos/sudo/rev/aa0b6c01c462
    - CVE-2010-0427

5eacb14... by Mackenzie Morgan on 2009-07-23

Import patches-unapplied version 1.6.9p10-1ubuntu3.5 to ubuntu/hardy-proposed

Imported using git-ubuntu import.

Changelog parent: 867a5ea93671b1cb0c449a211fd0f835bfb93102

New changelog entries:
  * debian/rules:
   - add /usr/lib/kde4/bin to secure_path (LP: #191264)

867a5ea... by Kees Cook on 2009-02-16

Import patches-unapplied version 1.6.9p10-1ubuntu3.4 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: a0ec2c1e723628ddfb9c924888e41c3908c6075e

New changelog entries:
  * SECURITY UPDATE: privilege escalation via non-default system groups.
    - parse.c: upstream fix for CVE-2009-0034:
      http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c?r1=1.160.2.21&r2=1.160.2.22

a0ec2c1... by Martin Pitt on 2008-09-01

Import patches-unapplied version 1.6.9p10-1ubuntu3.3 to ubuntu/hardy-proposed

Imported using git-ubuntu import.

Changelog parent: 25df03ae8312b5d8e457eb8fa4f7213d68b98c61

New changelog entries:
  * sudo.c: Drop usage of locale again, to revert back to the 1.6.8 behaviour.
    fnmatch() and glob() behave differently under different locales and thus
    cause undefined behaviour with (admittedly underspecified) character range
    globs such as "[a-Z]". Patch taken from upstream CVS, see
    http://www.gratisoft.us/bugzilla/show_bug.cgi?id=296 (LP: #228046)

25df03a... by Martin Pitt on 2008-05-14

Import patches-unapplied version 1.6.9p10-1ubuntu3.2 to ubuntu/hardy-proposed

Imported using git-ubuntu import.

Changelog parent: d09717b3515ccdc90729925022cb08bbef25e79b

New changelog entries:
  * env.c: Do not reset $HOME. sudo's documentation specifies that $HOME is
    not changed unless -H/-s is specified, and behaved that way until Gutsy
    (thus this is a regression). Fix backported from latest sudo release:
    http://www.sudo.ws/cgi-bin/cvsweb/sudo/env.c.diff?r1=1.39.2.17&r2=1.39.2.18
    (LP: #221395)
  * debian/postinst: Put "NOPASSWD" example at the bottom, so that
    uncommenting it will actually work (later entries override former ones).
    Also add a comment to point that out. This will only apply to new
    installs, though, touching sudoers on upgrades is a no-go. (LP: #131399)

d09717b... by Martin Pitt on 2008-04-30

Import patches-unapplied version 1.6.9p10-1ubuntu3.1 to ubuntu/hardy-proposed

Imported using git-ubuntu import.

Changelog parent: 1d4c9d376b39789b07b75d605376c480797cff1a

New changelog entries:
  * logging.c: Ignore SIGPIPE when creating an error email, so that non-fatal
    error messages (like "unable to resolve local host name") do not lead to
    being killed with SIGPIPE if /usr/bin/sendmail does not exist or crashes.
    (LP: #32906)