ubuntu/+source/sudo:ubuntu/lucid-proposed

Last commit made on 2012-11-27
Get this branch:
git clone -b ubuntu/lucid-proposed https://git.launchpad.net/ubuntu/+source/sudo
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/lucid-proposed
Repository:
lp:ubuntu/+source/sudo

Recent commits

1df9541... by Marc Deslauriers on 2012-11-22

Import patches-unapplied version 1.7.2p1-1ubuntu5.5 to ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: 73af2ef010f38cf1fb57e6921b8acf34819b3b74

New changelog entries:
  * toke.{cl}: avoid duplicate fclose() of the sudoers file (LP: #553786)
    - http://www.sudo.ws/repos/sudo/rev/164d39108dde

73af2ef... by Tyler Hicks on 2012-05-16

Import patches-unapplied version 1.7.2p1-1ubuntu5.4 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 76f605c6c625f030e6eeefb2e3468ba08cd82741

New changelog entries:
  * SECURITY UPDATE: Properly handle multiple netmasks in sudoers Host and
    Host_List values
    - match.c: Prevent IPv6 netmask-based address matching logic from
      incorrectly being applied to IPv4 addresses. Based on upstream patch
      written by Todd C. Miller.
    - CVE-2012-2337

76f605c... by Jamie Strandboge on 2011-01-19

Import patches-unapplied version 1.7.2p1-1ubuntu5.3 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: e1c82b7cab195ec78cef96a01f376d45444a9edf

New changelog entries:
  * SECURITY UPDATE: privilege escalation via -g when using group Runas_List
    - pwutil.c, sudo.h: add user_in_group(), backported from upstream commits
      48ca8c2eddf8, 72df368a8a0e and 6ebc55d4716b. This is intended to be used
      only with check.c to fix CVE-2011-0010 instead of doing the refactoring.
      Going forward, will need to look at this code also if a flaw is found in
      this refactored code. If needed, the refactoring work is in 48ca8c2eddf8
      and 6ebc55d4716b.
    - check.c: prompt for password when the user is running sudo as himself
      but as a different group. Backported from fe8a94f96542.
    - CVE-2011-0010

e1c82b7... by Jamie Strandboge on 2010-08-31

Import patches-unapplied version 1.7.2p1-1ubuntu5.2 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 268c5d7d638352fa0e53c37a80384a5f4a2c234a

New changelog entries:
  * SECURITY UPDATE: privilege escalation via '-g' option when using
    'user:group' in Runas_Spec
    - update match.c to verify both user and group match sudoers when using
      '-g'. Patch thanks to upstream.
    - CVE-2010-2956

268c5d7... by Jamie Strandboge on 2010-06-18

Import patches-unapplied version 1.7.2p1-1ubuntu5.1 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 8ea089444129491094386c28ae7b5ea452aadb34

New changelog entries:
  * SECURITY UPDATE: properly handle multiple PATH variables when using
    secure_path in env.c
    - http://www.sudo.ws/repos/sudo/raw-rev/a09c6812eaec
    - CVE-2010-1646

8ea0894... by Jamie Strandboge on 2010-04-07

Import patches-unapplied version 1.7.2p1-1ubuntu5 to ubuntu/lucid

Imported using git-ubuntu import.

Changelog parent: 820967ac3898955f3fbede6b91dbbbeebdb913c3

New changelog entries:
  * SECURITY UPDATE: properly verify path in find_path.c for the 'sudoedit'
    pseudo-command when running from the current working directory and
    secure_path is disabled
    - CVE-2010-XXXX

820967a... by Martin Pitt on 2010-03-26

Import patches-unapplied version 1.7.2p1-1ubuntu4 to ubuntu/lucid

Imported using git-ubuntu import.

Changelog parent: c7c723ffbfa80a0c72b264d011032cada059729f

New changelog entries:
  * env.c: Revert addition of "http_proxy" again. This was an Ubuntu specific
    EBW hack, caused inconsistencies with other proxy variables (such as
    https_proxy and ftp_proxy), made sudo incompatible to upstream
    behaviour/documentation. This is solved in a much better way in apt itself
    and gnome-network-properties now. (LP: #432631)

c7c723f... by Marc Deslauriers on 2010-03-08

Import patches-unapplied version 1.7.2p1-1ubuntu3 to ubuntu/lucid

Imported using git-ubuntu import.

Changelog parent: 2be69e3f69b67ca1d9a0782836827629239e0dd3

New changelog entries:
  * debian/sudo.postinst, debian/sudo-ldap.postinst: update description to
    match behaviour in sudoers file. (LP: #534090)

2be69e3... by Jamie Strandboge on 2010-02-24

Import patches-unapplied version 1.7.2p1-1ubuntu2 to ubuntu/lucid

Imported using git-ubuntu import.

Changelog parent: 1188b9d1a075784a3d8672085f41051406573685

New changelog entries:
  * SECURITY UPDATE: properly verify path for the 'sudoedit' pseudo-command
    in match.c
    - http://sudo.ws/repos/sudo/rev/88f3181692fe
    - CVE-2010-0426

1188b9d... by Marc Deslauriers on 2010-02-08

Import patches-unapplied version 1.7.2p1-1ubuntu1 to ubuntu/lucid

Imported using git-ubuntu import.

Changelog parent: 8e5ef52d3db2228e1174b4f28a4decb125fa1d0a

New changelog entries:
  * Merge from debian testing. Remaining changes:
   - debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu
     specific)
   - Add debian/sudo_root.8: Explanation of root handling through sudo.
     Install it in debian/rules. (Ubuntu specific)
   - sudo.c: If the user successfully authenticated and he is in the 'admin'
     group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
     profile checks for this and displays a short intro about sudo if the
     flag is not present. (Ubuntu specific)
   - env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept
     for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at
     some point)
   - debian/{rules,postinst,sudo-ldap.postinst}: Disable init script
     installation. Debian reintroduced it because /var/run tmpfs is not the
     default there, but has been on Ubuntu for ages.
   - debian/{source_sudo.py,rules,sudo-ldap.dirs,sudo.dirs}: Add apport hook