ubuntu/+source/sudo:ubuntu/precise-security

Last commit made on 2015-03-16
Get this branch:
git clone -b ubuntu/precise-security https://git.launchpad.net/ubuntu/+source/sudo
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/precise-security
Repository:
lp:ubuntu/+source/sudo

Recent commits

4fcf776... by Marc Deslauriers on 2015-03-12

Import patches-unapplied version 1.8.3p1-1ubuntu3.7 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 1ff87b50c0608fc4bf07dd3996237b694d7f6174

New changelog entries:
  * SECURITY UPDATE: arbitrary file access via TZ
    - debian/patches/CVE-2014-9680.patch: sanity check TZ env variable in
      configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
      pathnames.h.in, plugins/sudoers/env.c.
    - CVE-2014-9680

1ff87b5... by Marc Deslauriers on 2014-03-11

Import patches-unapplied version 1.8.3p1-1ubuntu3.6 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 9916dc4a65c543e6f6067948aff441f41e684a49

New changelog entries:
  * SECURITY UPDATE: security policy bypass when env_reset is disabled
    - debian/patches/CVE-2014-0106.patch: fix logic inversion in
      plugins/sudoers/env.c.
    - CVE-2014-0106
  * debian/sudo.sudo.init, debian/sudo-ldap.sudo.init: Set timestamps to
    epoch in init scripts so they are properly invalidated. (LP: #1223297)

9916dc4... by Marc Deslauriers on 2013-02-27

Import patches-unapplied version 1.8.3p1-1ubuntu3.4 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: d57c7c17430adac84509a399e025c40c57b744ec

New changelog entries:
  * SECURITY UPDATE: authentication bypass via clock set to epoch
    - debian/patches/CVE-2013-1775.patch: ignore time stamp file if it is
      set to epoch in plugins/sudoers/check.c.
    - CVE-2013-1775

d57c7c1... by Tyler Hicks on 2012-05-21

Import patches-unapplied version 1.8.3p1-1ubuntu3.3 to ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: fb39f00ca6f9abc0c56edd2d3cdfce3b9cdea376

New changelog entries:
  * debian/patches/pam_env_merge.patch: Merge the PAM environment into the
    user environment (LP: #982684)
  * debian/sudo.pam: Use pam_env to read /etc/environment and
    /etc/default/locale environment files. Reading ~/.pam_environment is not
    permitted due to security reasons.

fb39f00... by Tyler Hicks on 2012-05-16

Import patches-unapplied version 1.8.3p1-1ubuntu3.2 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 787d9f8deee92ad2c3ee706b2f9a764ffbd9c1bd

New changelog entries:
  * SECURITY UPDATE: Properly handle multiple netmasks in sudoers Host and
    Host_List values
    - debian/patches/CVE-2012-2337.patch: Don't perform IPv6 checks on IPv4
      addresses. Based on upstream patch.
    - CVE-2012-2337

787d9f8... by TJ (Ubuntu Contributions) on 2012-04-30

Import patches-unapplied version 1.8.3p1-1ubuntu3.1 to ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: 73e55bd3e427af89ceec44c35f82f4edb3cc31fb

New changelog entries:
  * Fix Abort in some PAM modules when timestamp is valid. (LP: #927828)

73e55bd... by Marc Deslauriers on 2012-01-31

Import patches-unapplied version 1.8.3p1-1ubuntu3 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: 368ba98919c0e97f8b9cbb5d9a1ad2a83cfdd859

New changelog entries:
  * SECURITY UPDATE: permissions bypass via format string
    - debian/patches/CVE-2012-0809.patch: fix format string vulnerability
      in src/sudo.c.
    - CVE-2012-0809

368ba98... by Marc Deslauriers on 2011-11-24

Import patches-unapplied version 1.8.3p1-1ubuntu2 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: 19e0435beea2cbad323864517198be981462fe16

New changelog entries:
  * debian/sudo.preinst:
    - updated to avoid conffile prompt by migrating to the new sudoers file
      changes in Precise. (LP: #894410)

19e0435... by Marc Deslauriers on 2011-11-20

Import patches-unapplied version 1.8.3p1-1ubuntu1 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: c4e739921351d54be100375a2e0690569b461a3b

New changelog entries:
  * Merge from debian/testing, remaining changes:
    - debian/patches/keep_home_by_default.patch:
      + Set HOME in initial_keepenv_table. (rebased for 1.8.3p1)
    - debian/patches/enable_badpass.patch: turn on "mail_badpass" by default:
      + attempting sudo without knowing a login password is as bad as not
        being listed in the sudoers file, especially if getting the password
        wrong means doing the access-check-email-notification never happens
        (rebased for 1.8.3p1)
    - debian/rules:
      + compile with --without-lecture --with-tty-tickets (Ubuntu specific)
      + install man/man8/sudo_root.8 (Ubuntu specific)
      + install apport hooks
      + The ubuntu-sudo-as-admin-successful.patch was taken upstream by
        Debian however it requires a --enable-admin-flag configure flag to
        actually enable it.
    - debian/sudoers:
      + grant admin group sudo access
    - debian/sudo-ldap.dirs, debian/sudo.dirs:
      + add usr/share/apport/package-hooks
    - debian/sudo.preinst:
      + avoid conffile prompt by checking for known default /etc/sudoers
        and if found installing the correct default /etc/sudoers file

c4e7399... by Bdale Garbee on 2011-10-26

Import patches-unapplied version 1.8.3p1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 09387619bbc659f34e8001aec1674573a105aff7

New changelog entries:
  * new upstream version, closes: #646478