-
Committer:
Bazaar Package Importer
-
Author(s):
Martin Pitt
-
Date:
2007-05-18 17:23:53 UTC
-
Revision ID:
james.westby@ubuntu.com-20070518172353-8ghz229i8ba33ket
Tags: 1.6.8p12-5ubuntu1
* Merge to Debian unstable. Remaining Ubuntu changes:
- parse.{h,c,yacc}, sudo.tab.cc, sudo.h, ldap.c, env.c, sudo.c:
Clean up environment variable handling to fix vulns like CVE-2005-4158 and
CVE-2006-0151 once and for all: Only keep known-good variables if user has
limited sudo privileges (blacklist -> whitelist) and keep them all for
users with unlimited command privileges (to not drive admins and
developers up the wall which actually need to pass env variables from time
to time). See 1.6.8p12-1ubuntu1 changelog for details.
- sudoers: Add some explanatory text why it is a REALLY good idea to use
visudo. (LP #11620)
- debian/control, debian/rules: Enable krb5 support, add libkrb5-dev build
dependency. (LP #35001)
- debian/postinst: Disable lecture, enable tty_tickets in default sudoers.
- debian/postinst, debian/sudo-ldap.postinst, debian/rules: Disable init
script, since in Ubuntu /var/run is a tmpfs.
- Add debian/sudo_root.8: Explanation of root handling through sudo.
Install it in debian/rules.
- auth/pam.c: Abort immediately if the user presses ^C at the password
prompt instead of waiting three seconds. (LP #38810, in upstream CVS)
- debian/prerm: Abort package removal if there is no root password.
* debian/control: Set myself as Ubuntu maintainer.