-
sudo (1.9.9-1ubuntu2.4) jammy-security; urgency=medium
* SECURITY UPDATE: does not escape control characters
- debian/patches/CVE-2023-2848x-1.patch: escape control characters in
log messages and sudoreplay output in docs/sudoers.man.in,
docs/sudoers.mdoc.in, docs/sudoreplay.man.in,
docs/sudoreplay.mdoc.in, include/sudo_lbuf.h,
lib/eventlog/eventlog.c, lib/iolog/iolog_json.c, lib/util/lbuf.c,
lib/util/util.exp.in, plugins/sudoers/sudoreplay.c.
- debian/patches/CVE-2023-2848x-2.patch: fix regression in
lib/eventlog/eventlog.c.
- CVE-2023-28486
- CVE-2023-28487
-- Marc Deslauriers <email address hidden> Mon, 03 Apr 2023 14:00:44 -0400
-
sudo (1.9.9-1ubuntu2.3) jammy-security; urgency=medium
* SECURITY UPDATE: double free with per-command chroot sudoers rules
- debian/patches/CVE-2023-27320.patch: don't free user_cmnd twice in
MANIFEST, plugins/sudoers/match_command.c,
plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
plugins/sudoers/regress/testsudoers/test20.out.ok,
plugins/sudoers/regress/testsudoers/test20.sh,
plugins/sudoers/testsudoers.c,
plugins/sudoers/visudo.c.
- CVE-2023-27320
-- Marc Deslauriers <email address hidden> Wed, 01 Mar 2023 08:59:37 -0500
-
sudo (1.9.9-1ubuntu2.2) jammy-security; urgency=medium
* SECURITY UPDATE: arbitrary file overwrite via sudoedit
- debian/patches/CVE-2023-22809.patch: do not permit editor arguments
to include -- in plugins/sudoers/editor.c, plugins/sudoers/sudoers.c,
plugins/sudoers/visudo.c.
- CVE-2023-22809
* SECURITY UPDATE: DoS via invalid arithmetic shift in Protobuf-c
- debian/patches/CVE-2022-33070.patch: only shift unsigned values in
lib/protobuf-c/protobuf-c.c.
- CVE-2022-33070
-- Marc Deslauriers <email address hidden> Mon, 16 Jan 2023 07:36:33 -0500
-
sudo (1.9.9-1ubuntu2.1) jammy; urgency=medium
* Add XDG_CURRENT_DESKTOP to initial_keepenv_table for Qt to determine the
correct theme (LP: #1958055)
-- Benjamin Drung <email address hidden> Thu, 04 Aug 2022 12:35:21 +0200
-
sudo (1.9.9-1ubuntu2) jammy; urgency=medium
* d/t/control: skip 03-getroot-ldap autopkgtest on non-containers
-- Lukas Märdian <email address hidden> Mon, 14 Feb 2022 12:48:05 +0100
-
sudo (1.9.9-1ubuntu1) jammy; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/control:
+ Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1)
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
- debian/sudo[-ldap].manpages: install man/man8/sudo_root.8
- debian/sudo[-ldap].init: delete init scripts, as they are no longer
necessary.
- debian/etc/pam.d/sudo[-i]:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due
to security reasons.
- debian/etc/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/tests/control: 03-getroot-ldap:
+ allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes)
* Dropped changes:
- debian/rules:
+ use dh-autoreconf (converted to using dh)
sudo (1.9.9-1) unstable; urgency=medium
* new upstream version
* audit plugin now handles unresolvable hostname better
Thanks to Sven Mueller (Closes: #1001969)
* better document environment handling.
Thanks to Arnout Engelen (Closes: #659101)
* README files now come as markdown
* schemas are now in docs subdirectory
* LICENSE is now LICENSE.md
[ Marc Haber ]
* refresh patches
* mark paths-in-samples.diff expicitly as not forwarded
* have systemd-tmpfiles clean up /run/sudo on boot
* lintian overrides:
* improve 'em in various places
* give better explanations
* override long line warnings
* override typo warning for a literal film quote
* use correct lintian tag for override init script without unit
* init script / systemd units
* guarantee init script no-op on systemd systems
* mask sysv init script on systemd systems in postinst
instead of debian/rules
* actually remove masking of service in postrm
* maintainer scripts
* document when .dist file removal was added to that
it can be eventually removed
* document when alternative removal was added to that
it can be eventually removed
* add a test to check for presence of #1003969
* Standards-Version: 4.6.0 (no changes)
* use uscan version 4
* honor nocheck DEB_BUILD_OPTION
[ Hilko Bengen ]
* More improvement for Lintian overrides
* Convert debian/copyright to machine-readable format, using
information from upstream-provided LICENSE.md file
sudo (1.9.8p2-1) unstable; urgency=medium
* add more autopkgtests (especially for LDAP)
* improve existing autopkgtests
* debian/patches:
* Remove typo-in-classic-insults.diff, reflectinc upstream's decision
to not fix the typo as a way of remembering Evi Nemeth.
* remove unneeded sudo-success_return. patch
* mark debian/patches/sudo-ldap-docs as Forwarded: not-needed
* add DEP3 headers
* mention #1001858 in sudo.prerm
* comment some lintian-overrides with unclear results
sudo (1.9.8p2-1~exp1) experimental; urgency=medium
[ Marc Haber ]
* new upstream version 1.9.8p2-1
* this correctly handles double defined alases (Closes: #985412)
* improve sudoers.ldap.manpage. Thanks to Dennis Filder and
Eric Brun (Closes: #981190)
* refresh patches
* remove prompting for wrong sudo group id (Closes: #605576)
* give better docs for LDAP success behavior.
Thanks to Dennis Filder (Closes: 981190)
* remove unneeded mandoc from Build-Depends.
Thanks to Ingo Schwarze
* Restore inclusion of pam_limits.so PAM module.
Thanks to Salvatore Bonaccorso (Closes: 518464)
* Use @includedir in sudoers.d/README (Closes: #993815)
* Other improvements for sudoers.d/README.
Thanks to Josh Triplett (Closes: #994962)
* add some (simple) autopkgtests
* better short description for sudo-ldap
* use https in debian/watch
* some changes to patch headers for Lintian
* manually remove executable bit from shared libs
* explicitly write set -e in maintainer scripts
* debian/control: set Rules-Requires-Root: binary-targets
* add first/trivial autopkgtests
[ Hilko Bengen ]
* Update lintian-overrides files
* Remove group sudo / gid=27 check from postinst scripts
[ Otto Kekäläinen ]
* Add basic Salsa-CI for project quality assurance
sudo (1.9.6-1~exp2) experimental; urgency=low
[ Marc Haber ]
* add use_pty to default configuration, fixing CVE-2005-4890.
Thanks to Daniel Kahn Gillmor (Closes: #657784)
* Add group specific defaults for environment variables (commented out)
Thanks to Josh Triplett
* remove --disable-setresuid from sudo-ldap as well.
Thanks to Dennis Filder (Closes: #985307)
[ Hilko Bengen ]
* Add PAM config for interactive login use (Closes: #690044)
* Actually configure sudo to use pam / sudo-i
sudo (1.9.6-1~exp1) experimental; urgency=medium
* new upstream version
* add upstream signature
* refresh patches
* remove NO_ROOT_MAILER patch (incorporated upstream)
sudo (1.9.5p2-3+exp1) experimental; urgency=medium
[ Marc Haber ]
* convert package to dh
* rename init scripts to be picked up by new debhelper
* rename and update lintian overrides
* let /run directory be created by systemd
* remove documentation files that are installed by upstream scripts
* clear dependency path in .la files
* add Pre-Depends: ${misc:Pre-Depends}
* override package-has-unnecessary-activation-of-ldconfig-trigger
[ Bastian Blank ]
* Move stuff to /usr/libexec.
* Use dpkg provided make snippets
* Provide build-flags via environment
* Use easier to read multi-line variables
* Remove not require prefix override
* Move stuff to /usr/libexec
[ Hilko Bengen ]
* Remove unneeded Built-Using
* Simplify dh_auto_* overrides
* Further simplification
* debian/rules: Remove another unneeded variable
* Don't ship *.la files
* Add Apport script
-- Lukas Märdian <email address hidden> Tue, 08 Feb 2022 12:01:45 +0100
-
sudo (1.9.5p2-3ubuntu2) impish; urgency=medium
* No-change rebuild due to OpenLDAP soname bump.
-- Sergio Durigan Junior <email address hidden> Mon, 21 Jun 2021 18:09:32 -0400