~ubuntu-branches/ubuntu/oneiric/sudo/oneiric-security

Viewing changes to ChangeLog

Committer: Package Import Robot
Author(s): Tyler Hicks
Date: 2012-05-15 23:28:04 UTC
Revision ID: package-import@ubuntu.com-20120515232804-2rd0d4k222la647h

Tags: 1.7.4p6-1ubuntu2.1

* SECURITY UPDATE: Properly handle multiple netmasks in sudoers Host and
  Host_List values
  - debian/patches/CVE-2012-2337.patch: Don't perform IPv6 checks on IPv4
    addresses. Based on upstream patch.
  - CVE-2012-2337

files added:
.pc/CVE-2012-2337.patch

.pc/CVE-2012-2337.patch/match.c

.pc/debian-changes-1.7.4p6-1

.pc/debian-changes-1.7.4p6-1/env.c

.pc/enable_badpass.patch

.pc/enable_badpass.patch/defaults.c

.pc/enable_badpass.patch/sudoers.man.in

.pc/enable_badpass.patch/sudoers.pod

.pc/hurd-have-getutid.diff

.pc/hurd-have-getutid.diff/boottime.c

debian/patches/CVE-2012-2337.patch

debian/patches/debian-changes-1.7.4p6-1

debian/patches/enable_badpass.patch

debian/patches/hurd-have-getutid.diff

files removed:
.pc/CVE-2011-0010.patch

.pc/CVE-2011-0010.patch/check.c

.pc/debian-changes-1.7.4p4-5

.pc/debian-changes-1.7.4p4-5/check.c

.pc/debian-changes-1.7.4p4-5/env.c

debian/patches/CVE-2011-0010.patch

debian/patches/debian-changes-1.7.4p4-5

files modified:
.pc/applied-patches

.pc/env.c-safety.diff/sudoers.pod

.pc/keep_home_by_default.patch/env.c

ChangeLog

NEWS

boottime.c

bsm_audit.c

configure

configure.in

debian/README

debian/changelog

debian/patches/series

debian/rules

debian/sudo.preinst

defaults.c

install-sh

linux_audit.c

match.c

pwutil.c

set_perms.c

sudo.c

sudoers.cat

sudoers.man.in

sudoers.pod

term.c

toke.c

toke.l

Show diffs side-by-side

added added

removed removed

ChangeLog

2011-01-18 Todd C. Miller <Todd.Miller@courtesan.com>

* term.c:

Clear, don't set, OPOST in c_oflag as was intended in e26055d17b72.

[eacd774c37c0]

2011-01-11 Todd C. Miller <Todd.Miller@courtesan.com>

* check.c:

If the user is running sudo as himself but as a different group we

need to prompt for a password.

[fe8a94f96542]

2011-01-10 Todd C. Miller <Todd.Miller@courtesan.com>

* pwutil.c:

If user has no supplementary groups, fall back on checking the group

file explicitly.

[c536ddb16bb6]

2011-01-04 Todd C. Miller <Todd.Miller@courtesan.com>

* match.c:

Fix NULL dereference with "sudo -g group" when the sudoers rule has

no runas user or group listed. Fixes RedHat bug Bug 667103.

[c51e2be737b2]

2010-12-21 Todd C. Miller <Todd.Miller@courtesan.com>

* term.c:

Clear OPOST from c_oflag like we used to. Fixes screen-based

editors such as vi.

[e26055d17b72]

* sudoers.pod:

Clarify umask option description. From Reuben Thomas.

[fb8bdcb54feb]

2010-11-24 Todd C. Miller <Todd.Miller@courtesan.com>

* pp:

Add support for RHEL 6 file modes that include a trailing dot on

files with an SELinux security context

[fcc1daaf4df0]

2010-11-22 Todd C. Miller <Todd.Miller@courtesan.com>

* sudoers.pod:

fix typo; from Michael T Hunter

[46e70e2063af]

2010-10-07 Todd C. Miller <Todd.Miller@courtesan.com>

* check.c:

Having a timestamp file defined is no longer indicative of tty

tickets being enabled. Check def_tty_tickets directly.

[6c3803c239d9]

2010-10-01 Todd C. Miller <Todd.Miller@courtesan.com>

* set_perms.c:

Sync set_project() with trunk.

[646fd9bc0537]

* set_perms.c, sudo.c:

Move set_project() into runas_setup(). Fixes a NULL deref when

project support is enabled and sudo's -g flag is used without the

-u flag.

[6ffd892243ab]

2010-09-21 Todd C. Miller <Todd.Miller@courtesan.com>

* linux_audit.c:

Ignore ECONNREFUSED from audit_log_user_command() which will occur

if auditd is not running.

[a686884684ca]

2010-09-13 Todd C. Miller <Todd.Miller@courtesan.com>

* install-sh:

Use sed instead of expr to split a flag from its argument. Fixes a

problem with expr interpreting its arguments as a flag when they

start with a dash.

[16372da8a286]

2010-09-08 Todd C. Miller <Todd.Miller@courtesan.com>

* bsm_audit.c:

Solaris BSM audit return EINVAL when auditing is not enabled,

whereas OpenBSM returns ENOSYS.

[bb9c94a8fa7d]

2010-09-07 Todd C. Miller <Todd.Miller@courtesan.com>

* toke.c, toke.l:

Add missing LOG_INPUT/LOG_OUTPUT support in the lexer.

[0a5519756bf1]

* sudo.c:

100

Set NewArgv[0] to the name of the pseudo-command we are running.

101

Fixes a problem with "sudo -l" when auditing is enabled and the user

102

is not allowed to run any commands on the host. Adapted from a patch

103

from Daniel Kopecek.

104

[694ed1a75a4a]

105

106

2010-09-06 Todd C. Miller <Todd.Miller@courtesan.com>

107

108

* match.c:

Older »