ubuntu/+source/sudo:ubuntu/xenial-updates

Last commit made on 2019-10-14
Get this branch:
git clone -b ubuntu/xenial-updates https://git.launchpad.net/ubuntu/+source/sudo
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/xenial-updates
Repository:
lp:ubuntu/+source/sudo

Recent commits

0d8471c... by Marc Deslauriers on 2019-10-10

Import patches-unapplied version 1.8.16-0ubuntu1.8 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: b4cd4179c1623927f53767ceec0378763964c398

New changelog entries:
  * SECURITY UPDATE: privilege escalation via UID -1
    - debian/patches/CVE-2019-14287.patch: treat an ID of -1 as invalid
      in lib/util/strtoid.c.
    - CVE-2019-14287
    - debian/patches/CVE-2019-14287-2.patch: fix and add to tests in
      lib/util/regress/atofoo/atofoo_test.c,
      plugins/sudoers/regress/testsudoers/test5.out.ok,
      plugins/sudoers/regress/testsudoers/test5.sh.
    - CVE-2019-14287

b4cd417... by Marc Deslauriers on 2019-06-10

Import patches-unapplied version 1.8.16-0ubuntu1.7 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 15345b19b82f587498573b38554e24ec0ab816cb

New changelog entries:
  * debian/patches/terminate-with-commands-signal.patch: re-enable patch
    that got dropped by mistake in previous upload. (LP: #1832257)

15345b1... by Marc Deslauriers on 2019-05-01

Import patches-unapplied version 1.8.16-0ubuntu1.6 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 2d8b917c28287363a311e9c49b818a4de89826af

New changelog entries:
  [ Steve Beattie ]
  * SECURITY UPDATE: /proc/self/stat parsing newline confusion
    - debian/patches/CVE-2017-1000368.patch: read all lines of
      /proc/self/stat
    - CVE-2017-1000368
  * debian/patches/avoid_sign_extension_tty_nr.patch: hardening to
    ensure sign extension doesn't occur when parsing /proc/self/stat
  [ Marc Deslauriers ]
  * SECURITY UPDATE: sudo noexec bypass
    - debian/patches/CVE-2016-7076-*.patch: wrap wordexp, add seccomp
      filter.
    - CVE-2016-7076

2d8b917... by Balint Reczey on 2017-06-13

Import patches-unapplied version 1.8.16-0ubuntu1.5 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 28e14c1587c5250c4b348034268999c16de35acb

New changelog entries:
  * Terminate with the same signal as the command (LP: #1686803)
    This fixes a regression introduced in sudo 1.8.15 changeset
    10229:153f016db8f1.

28e14c1... by Steve Beattie on 2017-05-29

Import patches-unapplied version 1.8.16-0ubuntu1.4 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 038bded9b7e254d25b1a6210af0fc4eba0159154

New changelog entries:
  * SECURITY UPDATE: /proc/self/stat parsing confusion
    - debian/patches/CVE-2017-1000367.patch: adjust parsing to
      find ttyname
    - CVE-2017-1000367

038bded... by Timo Aaltonen on 2017-01-13

Import patches-unapplied version 1.8.16-0ubuntu1.3 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 843a5ee325fd9f38704b708c97d11921efe9ce34

New changelog entries:
  * sssd-doesnt-handle-netgroups.diff, sssd-fix-matching-loop.diff:
    Only check username as part of the netgroup when netgroup_tuple is enabled.
    (LP: #1607666)

843a5ee... by Michael Vogt on 2016-08-15

Import patches-unapplied version 1.8.16-0ubuntu1.2 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: aa5257e93a5108305e81610462df783d1ba8f134

New changelog entries:
  * debian/sudoers:
    - include /snap/bin in the secure_path (LP: #1595558)

aa5257e... by Marc Deslauriers on 2016-05-04

Import patches-unapplied version 1.8.16-0ubuntu1.1 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: ce5ecd4fe6a1f959965eb8c6979c3fbed1704920

New changelog entries:
  * debian/patches/lp1565567.patch: fix crash when looking up a negative
    cached entry which is stored as a NULL passwd or group struct pointer
    in plugins/sudoers/pwutil.c. (LP: #1565567)

ce5ecd4... by Marc Deslauriers on 2016-03-30

Import patches-unapplied version 1.8.16-0ubuntu1 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 042d941ec39a7eb692354e73980c914bdc61a71d

New changelog entries:
  * Update to new upstream version 1.8.16. (LP: #1563825)
    - Dropped patches no longer needed:
      + CVE-2015-5602-6.patch
      + CVE-2015-5602-7.patch
  * Merge from Debian unstable. Remaining changes:
    - Use tmpfs location to store timestamp files
      + debian/rules: change --with-rundir to /var/run/sudo
      + debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
        shipping init script and service file, as they are no longer
        necessary.
      + debian/*.preinst, debian/*.postinst, debian/*.postrm: remove old
        init script with dpkg-maintscript-helper.
      + debian/*.postinst: remove old /var/run/sudo to /var/lib/sudo
        transition code, remove old /var/lib/sudo/ts timestamp directory.
    - debian/rules:
      + compile with --without-lecture --with-tty-tickets --enable-admin-flag
      + install man/man8/sudo_root.8 in both flavours
      + install apport hooks
    - debian/sudoers:
      + also grant admin group sudo access
    - debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
      + add usr/share/apport/package-hooks
    - debian/sudo.pam:
      + Use pam_env to read /etc/environment and /etc/default/locale
        environment files. Reading ~/.pam_environment is not permitted due to
        security reasons.
    - debian/control:
      + dh-autoreconf dependency fixes missing-build-dependency-for-dh_-command
    - Remaining patches:
      + keep_home_by_default.patch: Keep HOME in the default environment
      + debian/patches/also_check_sudo_group.diff: also check the sudo group
        in plugins/sudoers/sudoers.c to create the admin flag file. Leave the
        admin group check for backwards compatibility.
    - Dropped patches no longer needed:
      + debian/patches/pam_check_untranslated_prompt.patch: upstream.

042d941... by Ben Hutchings on 2016-01-04

Import patches-unapplied version 1.8.15-1.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 850ad0d695ba17bd7ac60ebc466ac5ab8ff3fb62

New changelog entries:
  * Non-maintainer upload
  * Disable editing of files via user-controllable symlinks
    (Closes: #804149) (CVE-2015-5602)
    - Fix directory writability checks for sudoedit
    - Enable sudoedit directory writability checks by default