~ubuntu-branches/ubuntu/oneiric/sudo/oneiric-updates : changes

~ubuntu-branches/ubuntu/oneiric/sudo/oneiric-updates » Changes from revision 33

From Revision 33 to 14

Rev	Summary	Authors	Tags	Date
33	* SECURITY UPDATE: properly verify path for the 'sudoedit' p... * SECURITY UPDATE: properly verify path for the 'sudoedit' pseudo-command in match.c - http://sudo.ws/repos/sudo/rev/88f3181692fe - CVE-2010-0426	Jamie Strandboge	1.7.2p1-1ubuntu2	14 years ago
32	* Merge from debian testing. Remaining changes: * Merge from debian testing. Remaining changes: - debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu specific) - Add debian/sudo_root.8: Explanation of root handling through sudo. Install it in debian/rules. (Ubuntu specific) - sudo.c: If the user successfully authenticated and he is in the 'admin' group, then create a stamp ~/.sudo_as_admin_successful. Our default bash profile checks for this and displays a short intro about sudo if the flag is not present. (Ubuntu specific) - env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at some point) - debian/{rules,postinst,sudo-ldap.postinst}: Disable init script installation. Debian reintroduced it because /var/run tmpfs is not the default there, but has been on Ubuntu for ages. - debian/{source_sudo.py,rules,sudo-ldap.dirs,sudo.dirs}: Add apport hook	Marc Deslauriers	1.7.2p1-1ubuntu1	14 years ago
31	debian/{source_sudo.py,rules}: Add apport hook debian/{source_sudo.py,rules}: Add apport hook	Marc Deslauriers	1.7.0-1ubuntu3	14 years ago
30	env.c: add logic similar to pam_env's stripping of single an... env.c: add logic similar to pam_env's stripping of single and double quotes around /etc/environment env vars; fixes literal quotes in LANG when using sudo -i; LP: #387262.	Loïc Minier	1.7.0-1ubuntu2	14 years ago
29	* Merge from debian unstable, remaining changes: * Merge from debian unstable, remaining changes: - debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu specific) - Add debian/sudo_root.8: Explanation of root handling through sudo. Install it in debian/rules. (Ubuntu specific) - sudo.c: If the user successfully authenticated and he is in the 'admin' group, then create a stamp ~/.sudo_as_admin_successful. Our default bash profile checks for this and displays a short intro about sudo if the flag is not present. (Ubuntu specific) - env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at some point) - debian/{rules,postinst,sudo-ldap.postinst}: Disable init script installation. Debian reintroduced it because /var/run tmpfs is not the default there, but has been on Ubuntu for ages.	Martin Pitt	1.7.0-1ubuntu1	15 years ago
28	* SECURITY UPDATE: privilege escalation via non-default syst... * SECURITY UPDATE: privilege escalation via non-default system groups. - parse.c: upstream fix for CVE-2009-0034: http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c?r1=1.160.2.21&r2=1.160.2.22	Kees Cook	1.6.9p17-1ubuntu3	15 years ago
27	sudo.c: Drop usage of locale again, to revert back to the 1.... sudo.c: Drop usage of locale again, to revert back to the 1.6.8 behaviour. fnmatch() and glob() behave differently under different locales and thus cause undefined behaviour with (admittedly underspecified) character range globs such as "[a-Z]". Patch taken from upstream CVS, see http://www.gratisoft.us/bugzilla/show_bug.cgi?id=296 (LP: #228046)	Martin Pitt	1.6.9p17-1ubuntu2	15 years ago
26	* Merge from debian unstable, remaining changes: * Merge from debian unstable, remaining changes: - debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu specific) - Add debian/sudo_root.8: Explanation of root handling through sudo. Install it in debian/rules. (Ubuntu specific) - sudo.c: If the user successfully authenticated and he is in the 'admin' group, then create a stamp ~/.sudo_as_admin_successful. Our default bash profile checks for this and displays a short intro about sudo if the flag is not present. (Ubuntu specific) - env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at some point) * debian/{rules,postinst,sudo-ldap.postinst}: Disable init script installation. Debian reintroduced it because /var/run tmpfs is not the default there, but has been on Ubuntu for ages.	Martin Pitt	1.6.9p17-1ubuntu1	15 years ago
25	* Merge from debian unstable, remaining changes: * Merge from debian unstable, remaining changes: - logging.c: Ignore SIGPIPE when creating an error email, so that non-fatal error messages (like "unable to resolve local host name") do not lead to being killed with SIGPIPE if /usr/bin/sendmail does not exist or crashes. (LP #32906, http://www.gratisoft.us/bugzilla/show_bug.cgi?id=285) - debian/postinst: put "NOPASSWD" example at the bottom, so that uncommenting it will actually work (later entries override former ones). (LP #131399, Debian #479616) - debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu specific) - Add debian/sudo_root.8: Explanation of root handling through sudo. Install it in debian/rules. (Ubuntu specific) - sudo.c: If the user successfully authenticated and he is in the 'admin' group, then create a stamp ~/.sudo_as_admin_successful. Our default bash profile checks for this and displays a short intro about sudo if the flag is not present. (Ubuntu specific) - env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at some point) * debian/{rules,postinst}: Disable init script installation. Debian reintroduced it because /var/run tmpfs is not the default there, but has been on Ubuntu for ages.	Martin Pitt	1.6.9p15-2ubuntu1	15 years ago
24	debian/postinst: Fix a typo, and add a more helpful comment ... debian/postinst: Fix a typo, and add a more helpful comment about the ordering and overriding. (LP: #131399)	Martin Pitt	1.6.9p12-1ubuntu2	16 years ago
23	* Merge from debian unstable, remaining changes: * Merge from debian unstable, remaining changes: - debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu specific) - Add debian/sudo_root.8: Explanation of root handling through sudo. Install it in debian/rules. (Ubuntu specific) - sudo.c: If the user successfully authenticated and he is in the 'admin' group, then create a stamp ~/.sudo_as_admin_successful. Our default bash profile checks for this and displays a short intro about sudo if the flag is not present. (Ubuntu specific) - env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at some point) * logging.c: Ignore SIGPIPE when creating an error email, so that non-fatal error messages (like "unable to resolve local host name") do not lead to being killed with SIGPIPE if /usr/bin/sendmail does not exist or crashes. Forwarded upstream to http://www.gratisoft.us/bugzilla/show_bug.cgi?id=285 (LP: #32906) * env.c: Do not clobber $HOME when not specifying -H or -s. Patch taken from upstream CVS. (LP: #221395) * debian/postinst: put "NOPASSWD" example at the bottom, so that uncommenting it will actually work (later entries override former ones). (LP: #131399)	Martin Pitt	1.6.9p12-1ubuntu1	16 years ago
22	env.c: Add "http_proxy" to initial_keepenv_table, so that it... env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept for "sudo apt-get ...". This is an EBW workaround for a design problem of not having a system-wide proxy setting, but in order to not break existing practice for upgrades we have to live with it for Hardy.	Martin Pitt	1.6.9p10-1ubuntu3	16 years ago
21	No-change rebuild against libldap-2.4-2. No-change rebuild against libldap-2.4-2.	Steve Langasek	1.6.9p10-1ubuntu2	16 years ago
20	* Merge with Debian unstable. Remaining Ubuntu changes: * Merge with Debian unstable. Remaining Ubuntu changes: - debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu specific) - Add debian/sudo_root.8: Explanation of root handling through sudo. Install it in debian/rules. (Ubuntu specific) - sudo.c: If the user successfully authenticated and he is in the 'admin' group, then create a stamp ~/.sudo_as_admin_successful. Our default bash profile checks for this and displays a short intro about sudo if the flag is not present. (Ubuntu specific) * The password prompt asks for the target user's password now, not the invoking one's. (LP: #148498)	Martin Pitt	1.6.9p10-1ubuntu1	16 years ago
19	* Merge with Debian unstable. Remaining Ubuntu changes: * Merge with Debian unstable. Remaining Ubuntu changes: - debian/prerm: Abort package removal if there is no root password. (Debian #451241). - debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu specific) - Add debian/sudo_root.8: Explanation of root handling through sudo. Install it in debian/rules. (Ubuntu specific) - sudo.c: If the user successfully authenticated and he is in the 'admin' group, then create a stamp ~/.sudo_as_admin_successful. Our default bash profile checks for this and displays a short intro about sudo if the flag is not present. (Ubuntu specific) * sudo.c, parse.c: Apply a change that was missing from the older upstream tarball that fixes the upstream solution of "SETENV is implicit for ALL". We do not want to deviate our orig.tar.gz from Debian's, though.	Martin Pitt	1.6.9p9-1ubuntu1	16 years ago
18	* Merge with Debian unstable. Remaining Ubuntu changes: * Merge with Debian unstable. Remaining Ubuntu changes: - debian/prerm: Abort package removal if there is no root password. Forwarded to Debian #451241. - sudoers: Add some explanatory text why it is a REALLY good idea to use visudo. (LP #11620) Forwarded upstream: http://www.gratisoft.us/bugzilla/show_bug.cgi?id=269 - debian/rules: Disable lecture, enable tty_tickets by default. - debian/rules: Configure less confusing default password prompt to point out that it is sudo asking for the user's password, as opposed to another program like ssh, or asking for the root password. (LP #8556) Forwarded to Debian #343268. - Add debian/sudo_root.8: Explanation of root handling through sudo. Install it in debian/rules. - sudo.c: If the user successfully authenticated and he is in the 'admin' group, then create a stamp ~/.sudo_as_admin_successful. Our default bash profile checks for this and displays a short intro about sudo if the flag is not present. * New upstream version 1.6.9 fixes the following bugs: - Does not ask for password any more if stdin is not a terminal. (LP: #130636) - sudo -k/-K does not fail any more if timestamp is in the future. (LP: #43233) * Drop our very intrusive patch for selectively cleaning the environment based on whether the user can execute all commands or only some. Debian and upstream now default to cleaning the environment unconditionally and provide option -E and the SETENV tag to override it. Instead, do a tinpy patch to parse.yacc which enables SETENV implicitly for 'ALL' commands. Forwarded upstream: http://www.gratisoft.us/bugzilla/show_bug.cgi?id=268 * sudo.c: Disable i18n for now (upstream enabled it in 1.6.9), since this causes PAM to output localized password prompts, which in turn breaks -p and --with-passprompt, which finally breaks gksu. See http://www.gratisoft.us/bugzilla/show_bug.cgi?id=270 for details.	Martin Pitt	1.6.9p6-1ubuntu1	16 years ago
17	debian/rules: Configure less confusing default password prom... debian/rules: Configure less confusing default password prompt to (a) point out that it wants to know the user's password (instead of root's or whichever) and (b) that it is sudo which asks the question (since those prompts become really unintelligible if the command asks its own password, such as 'ssh', 'passwd', or 'mount -t cifs'). Do not modify --with-badpass-message though, since that breaks gksu. Thanks to Marco Rodrigues, leoquant, and nxvl for the discussion and proposals. (LP: #8556)	Martin Pitt	1.6.8p12-5ubuntu2	16 years ago
16	* Merge to Debian unstable. Remaining Ubuntu changes: * Merge to Debian unstable. Remaining Ubuntu changes: - parse.{h,c,yacc}, sudo.tab.cc, sudo.h, ldap.c, env.c, sudo.c: Clean up environment variable handling to fix vulns like CVE-2005-4158 and CVE-2006-0151 once and for all: Only keep known-good variables if user has limited sudo privileges (blacklist -> whitelist) and keep them all for users with unlimited command privileges (to not drive admins and developers up the wall which actually need to pass env variables from time to time). See 1.6.8p12-1ubuntu1 changelog for details. - sudoers: Add some explanatory text why it is a REALLY good idea to use visudo. (LP #11620) - debian/control, debian/rules: Enable krb5 support, add libkrb5-dev build dependency. (LP #35001) - debian/postinst: Disable lecture, enable tty_tickets in default sudoers. - debian/postinst, debian/sudo-ldap.postinst, debian/rules: Disable init script, since in Ubuntu /var/run is a tmpfs. - Add debian/sudo_root.8: Explanation of root handling through sudo. Install it in debian/rules. - auth/pam.c: Abort immediately if the user presses ^C at the password prompt instead of waiting three seconds. (LP #38810, in upstream CVS) - debian/prerm: Abort package removal if there is no root password. * debian/control: Set myself as Ubuntu maintainer.	Martin Pitt	1.6.8p12-5ubuntu1	17 years ago
15	* auth/pam.c: * auth/pam.c: - Abort immediately if the user presses ^C at the password prompt instead of waiting three seconds. There is no information to be gained from doing that, and it's just annoying if one accidentally uses sudo for something. - Patch taken from upstream CVS: http://www.sudo.ws/cgi-bin/cvsweb/sudo/auth/pam.c.diff?r1=1.51&r2=1.52 - Thanks to Anders Kaseorg for the patch! - Closes: LP#38810	Martin Pitt	1.6.8p12-4ubuntu5	17 years ago
14	* debian/rules: Enable krb5 support (also add libkrb5-dev bu... * debian/rules: Enable krb5 support (also add libkrb5-dev build dependency). Closes: LP#35001. * debian/sudo_root.8: Suggest using visudo instead of editing sudoers directly. Closes: LP#47849 * debian/sudo_root.8: Mention benefit of not sharing a password. Closes: LP#48221 * sudo.c: Temporarily drop to user privileges when creating the .sudo_as_admin_successful stamp to also work on NFS with root squashing. Closes: LP#49233	Martin Pitt	1.6.8p12-4ubuntu4	17 years ago

Older »