Change log for sudo package in Ubuntu
| 1 → 75 of 209 results | First • Previous • Next • Last |
sudo (1.9.15p5-3ubuntu5) noble; urgency=high * No change rebuild against libssl3t64. -- Julian Andres Klode <email address hidden> Mon, 08 Apr 2024 16:50:39 +0200
Available diffs
- diff from 1.9.15p5-3ubuntu4 to 1.9.15p5-3ubuntu5 (323 bytes)
sudo (1.9.15p5-3ubuntu4) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <email address hidden> Sun, 31 Mar 2024 17:17:28 +0000
Available diffs
- diff from 1.9.15p5-3ubuntu3 to 1.9.15p5-3ubuntu4 (328 bytes)
sudo (1.9.15p5-3ubuntu3) noble; urgency=medium * Disable an offensive insult (LP: #2058053) - d/p/disable_offensive_insult.patch: properly disable an offensive insult that was fogotten when the configure options were refactored in plugins/sudoers/ins_csops.h. -- Marc Deslauriers <email address hidden> Mon, 18 Mar 2024 07:53:26 -0400
Available diffs
- diff from 1.9.15p5-3ubuntu1 to 1.9.15p5-3ubuntu3 (951 bytes)
- diff from 1.9.15p5-3ubuntu2 to 1.9.15p5-3ubuntu3 (886 bytes)
| Superseded in noble-proposed |
sudo (1.9.15p5-3ubuntu2) noble; urgency=medium * No-change rebuild against libssl3t64 -- Steve Langasek <email address hidden> Mon, 04 Mar 2024 21:28:45 +0000
Available diffs
- diff from 1.9.15p5-3ubuntu1 to 1.9.15p5-3ubuntu2 (341 bytes)
| Deleted in noble-updates (Reason: superseded by release) |
| Superseded in noble-release |
| Deleted in noble-proposed (Reason: Moved to noble) |
sudo (1.9.15p5-3ubuntu1) noble; urgency=medium * Merge with Debian unstable (LP: #2051576). Remaining changes: - debian/sudo[-ldap].manpages: install man/man8/sudo_root.8 - debian/sudo[-ldap].init: delete init scripts, as they are no longer necessary. - debian/etc/pam.d/sudo[-i]: + Use pam_env to read /etc/environment and /etc/default/locale environment files. Reading ~/.pam_environment is not permitted due to security reasons. - debian/etc/sudoers: + also grant admin group sudo access + include /snap/bin in the secure_path - debian/tests/control: 03-getroot-ldap + allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes) - debian/tests/04-getroot-sssd: + Check if the slapd daemon is ready before proceeding. In some situations, the next command (ldapmodify) runs before the service is ready. See LP#2026888
Available diffs
- diff from 1.9.14p2-1ubuntu1 to 1.9.15p5-3ubuntu1 (821.0 KiB)
| Superseded in noble-release |
| Published in mantic-release |
| Deleted in mantic-proposed (Reason: Moved to mantic) |
sudo (1.9.14p2-1ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #2030914). Remaining changes: - debian/sudo[-ldap].manpages: install man/man8/sudo_root.8 - debian/sudo[-ldap].init: delete init scripts, as they are no longer necessary. - debian/etc/pam.d/sudo[-i]: + Use pam_env to read /etc/environment and /etc/default/locale environment files. Reading ~/.pam_environment is not permitted due to security reasons. - debian/etc/sudoers: + also grant admin group sudo access + include /snap/bin in the secure_path - debian/tests/control: 03-getroot-ldap + allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes) - debian/tests/04-getroot-sssd: + Check if the slapd daemon is ready before proceeding. In some situations, the next command (ldapmodify) runs before the service is ready. See LP#2026888 -- Danilo Egea Gondolfo <email address hidden> Wed, 09 Aug 2023 21:53:59 +0100
Available diffs
- diff from 1.9.13p3-3ubuntu1 to 1.9.14p2-1ubuntu1 (615.0 KiB)
sudo (1.9.13p3-3ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #2025655). Remaining changes: - debian/sudo[-ldap].manpages: install man/man8/sudo_root.8 - debian/sudo[-ldap].init: delete init scripts, as they are no longer necessary. - debian/etc/pam.d/sudo[-i]: + Use pam_env to read /etc/environment and /etc/default/locale environment files. Reading ~/.pam_environment is not permitted due to security reasons. - debian/etc/sudoers: + also grant admin group sudo access + include /snap/bin in the secure_path - debian/tests/control: 03-getroot-ldap: + allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes) * Added changes: - debian/tests/04-getroot-sssd: + Check if the slapd daemon is ready before proceeding. In some situations, the next command (ldapmodify) runs before the service is ready. See LP:#2026888 * Dropped changes: - Drop Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1) This wasn't in the former Ubuntu version, just mentioned in the changelog by accident
Available diffs
sudo (1.9.13p3-1ubuntu1) mantic; urgency=medium
* Merge with Debian unstable. Remaining changes:
- debian/sudo[-ldap].manpages: install man/man8/sudo_root.8
- debian/sudo[-ldap].init: delete init scripts, as they are no longer
necessary.
- debian/etc/pam.d/sudo[-i]:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due
to security reasons.
- debian/etc/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/tests/control: 03-getroot-ldap:
+ allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes)
- debian/control:
+ Drop Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1)
(for context see LP 1915250)
* Dropped changes, now included in Debian:
- debian/patches/CVE-2023-27320.patch
-- Danilo Egea Gondolfo <email address hidden> Tue, 23 May 2023 14:34:04 +0100
Available diffs
sudo (1.8.21p2-3ubuntu1.6) bionic-security; urgency=medium
* SECURITY UPDATE: does not escape control characters
- debian/patches/CVE-2023-2848x-1.patch: escape control characters in
log messages and sudoreplay output in docs/sudoers.man.in,
docs/sudoers.mdoc.in, docs/sudoreplay.man.in,
docs/sudoreplay.mdoc.in, include/sudo_compat.h, include/sudo_lbuf.h,
lib/util/lbuf.c, lib/util/util.exp.in, plugins/sudoers/logging.c,
plugins/sudoers/sudoreplay.c.
- debian/patches/CVE-2023-2848x-2.patch: fix regression in
plugins/sudoers/logging.c.
- CVE-2023-28486
- CVE-2023-28487
-- Marc Deslauriers <email address hidden> Tue, 04 Apr 2023 08:44:58 -0400
Available diffs
sudo (1.8.31-1ubuntu1.5) focal-security; urgency=medium
* SECURITY UPDATE: does not escape control characters
- debian/patches/CVE-2023-2848x-1.patch: escape control characters in
log messages and sudoreplay output in docs/sudoers.man.in,
docs/sudoers.mdoc.in, docs/sudoreplay.man.in,
docs/sudoreplay.mdoc.in, include/sudo_compat.h, include/sudo_lbuf.h,
lib/util/lbuf.c, lib/util/util.exp.in, plugins/sudoers/logging.c,
plugins/sudoers/sudoreplay.c.
- debian/patches/CVE-2023-2848x-2.patch: fix regression in
plugins/sudoers/logging.c.
- CVE-2023-28486
- CVE-2023-28487
-- Marc Deslauriers <email address hidden> Tue, 04 Apr 2023 07:56:28 -0400
Available diffs
sudo (1.9.11p3-1ubuntu1.3) kinetic-security; urgency=medium
* SECURITY UPDATE: does not escape control characters
- debian/patches/CVE-2023-2848x-1.patch: escape control characters in
log messages and sudoreplay output in docs/sudoers.man.in,
docs/sudoers.mdoc.in, docs/sudoreplay.man.in,
docs/sudoreplay.mdoc.in, include/sudo_lbuf.h,
lib/eventlog/eventlog.c, lib/iolog/iolog_json.c, lib/util/lbuf.c,
lib/util/util.exp.in, plugins/sudoers/sudoreplay.c.
- debian/patches/CVE-2023-2848x-2.patch: fix regression in
lib/eventlog/eventlog.c.
- CVE-2023-28486
- CVE-2023-28487
-- Marc Deslauriers <email address hidden> Mon, 03 Apr 2023 13:57:25 -0400
Available diffs
sudo (1.9.9-1ubuntu2.4) jammy-security; urgency=medium
* SECURITY UPDATE: does not escape control characters
- debian/patches/CVE-2023-2848x-1.patch: escape control characters in
log messages and sudoreplay output in docs/sudoers.man.in,
docs/sudoers.mdoc.in, docs/sudoreplay.man.in,
docs/sudoreplay.mdoc.in, include/sudo_lbuf.h,
lib/eventlog/eventlog.c, lib/iolog/iolog_json.c, lib/util/lbuf.c,
lib/util/util.exp.in, plugins/sudoers/sudoreplay.c.
- debian/patches/CVE-2023-2848x-2.patch: fix regression in
lib/eventlog/eventlog.c.
- CVE-2023-28486
- CVE-2023-28487
-- Marc Deslauriers <email address hidden> Mon, 03 Apr 2023 14:00:44 -0400
Available diffs
sudo (1.9.11p3-1ubuntu1.2) kinetic-security; urgency=medium
* SECURITY UPDATE: double free with per-command chroot sudoers rules
- debian/patches/CVE-2023-27320.patch: don't free user_cmnd twice in
MANIFEST, plugins/sudoers/match_command.c,
plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
plugins/sudoers/regress/testsudoers/test20.out.ok,
plugins/sudoers/regress/testsudoers/test20.sh,
plugins/sudoers/testsudoers.c,
plugins/sudoers/visudo.c.
- CVE-2023-27320
-- Marc Deslauriers <email address hidden> Wed, 01 Mar 2023 08:59:06 -0500
Available diffs
| Superseded in mantic-release |
| Published in lunar-release |
| Deleted in lunar-proposed (Reason: Moved to lunar) |
sudo (1.9.13p1-1ubuntu2) lunar; urgency=medium
* SECURITY UPDATE: double free with per-command chroot sudoers rules
- debian/patches/CVE-2023-27320.patch: don't free user_cmnd twice in
MANIFEST, plugins/sudoers/match_command.c,
plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
plugins/sudoers/regress/testsudoers/test20.out.ok,
plugins/sudoers/regress/testsudoers/test20.sh,
plugins/sudoers/testsudoers.c,
plugins/sudoers/visudo.c.
- CVE-2023-27320
-- Marc Deslauriers <email address hidden> Wed, 01 Mar 2023 08:51:34 -0500
Available diffs
sudo (1.9.9-1ubuntu2.3) jammy-security; urgency=medium
* SECURITY UPDATE: double free with per-command chroot sudoers rules
- debian/patches/CVE-2023-27320.patch: don't free user_cmnd twice in
MANIFEST, plugins/sudoers/match_command.c,
plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
plugins/sudoers/regress/testsudoers/test20.out.ok,
plugins/sudoers/regress/testsudoers/test20.sh,
plugins/sudoers/testsudoers.c,
plugins/sudoers/visudo.c.
- CVE-2023-27320
-- Marc Deslauriers <email address hidden> Wed, 01 Mar 2023 08:59:37 -0500
Available diffs
| Superseded in lunar-proposed |
sudo (1.9.13p1-1ubuntu1) lunar; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/sudo[-ldap].manpages: install man/man8/sudo_root.8
- debian/sudo[-ldap].init: delete init scripts, as they are no longer
necessary.
- debian/etc/pam.d/sudo[-i]:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due
to security reasons.
- debian/etc/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/tests/control: 03-getroot-ldap:
+ allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes)
- debian/control:
+ Drop Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1)
(for context see LP: 1915250)
- Drop patches for issues fixed upstream
+ d/p/CVE-2023-22809.patch
+ d/p/Add-XDG_CURRENT_DESKTOP-to-initial_keepenv_table.patch
Available diffs
sudo (1.9.11p3-1ubuntu3) lunar; urgency=medium
* SECURITY UPDATE: arbitrary file overwrite via sudoedit
- debian/patches/CVE-2023-22809.patch: do not permit editor arguments
to include -- in plugins/sudoers/editor.c, plugins/sudoers/sudoers.c,
plugins/sudoers/visudo.c.
- CVE-2023-22809
-- Marc Deslauriers <email address hidden> Wed, 18 Jan 2023 12:46:34 -0500
Available diffs
sudo (1.8.21p2-3ubuntu1.5) bionic-security; urgency=medium
* SECURITY UPDATE: arbitrary file overwrite via sudoedit
- debian/patches/CVE-2023-22809.patch: do not permit editor arguments
to include -- in plugins/sudoers/editor.c.
- CVE-2023-22809
-- Marc Deslauriers <email address hidden> Mon, 16 Jan 2023 09:40:55 -0500
Available diffs
sudo (1.8.31-1ubuntu1.4) focal-security; urgency=medium
* SECURITY UPDATE: arbitrary file overwrite via sudoedit
- debian/patches/CVE-2023-22809.patch: do not permit editor arguments
to include -- in plugins/sudoers/editor.c, plugins/sudoers/sudoers.c,
plugins/sudoers/visudo.c.
- CVE-2023-22809
-- Marc Deslauriers <email address hidden> Mon, 16 Jan 2023 08:06:24 -0500
Available diffs
sudo (1.9.9-1ubuntu2.2) jammy-security; urgency=medium
* SECURITY UPDATE: arbitrary file overwrite via sudoedit
- debian/patches/CVE-2023-22809.patch: do not permit editor arguments
to include -- in plugins/sudoers/editor.c, plugins/sudoers/sudoers.c,
plugins/sudoers/visudo.c.
- CVE-2023-22809
* SECURITY UPDATE: DoS via invalid arithmetic shift in Protobuf-c
- debian/patches/CVE-2022-33070.patch: only shift unsigned values in
lib/protobuf-c/protobuf-c.c.
- CVE-2022-33070
-- Marc Deslauriers <email address hidden> Mon, 16 Jan 2023 07:36:33 -0500
Available diffs
sudo (1.9.11p3-1ubuntu1.1) kinetic-security; urgency=medium
* SECURITY UPDATE: arbitrary file overwrite via sudoedit
- debian/patches/CVE-2023-22809.patch: do not permit editor arguments
to include -- in plugins/sudoers/editor.c, plugins/sudoers/sudoers.c,
plugins/sudoers/visudo.c.
- CVE-2023-22809
-- Marc Deslauriers <email address hidden> Mon, 16 Jan 2023 07:34:35 -0500
Available diffs
sudo (1.9.11p3-1ubuntu2) lunar; urgency=medium * No-change rebuild against libldap-2 -- Steve Langasek <email address hidden> Thu, 15 Dec 2022 19:57:01 +0000
Available diffs
- diff from 1.9.11p3-1ubuntu1 to 1.9.11p3-1ubuntu2 (333 bytes)
sudo (1.9.9-1ubuntu2.1) jammy; urgency=medium
* Add XDG_CURRENT_DESKTOP to initial_keepenv_table for Qt to determine the
correct theme (LP: #1958055)
-- Benjamin Drung <email address hidden> Thu, 04 Aug 2022 12:35:21 +0200
Available diffs
- diff from 1.9.9-1ubuntu2 to 1.9.9-1ubuntu2.1 (945 bytes)
| Superseded in lunar-release |
| Obsolete in kinetic-release |
| Deleted in kinetic-proposed (Reason: Moved to kinetic) |
sudo (1.9.11p3-1ubuntu1) kinetic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/control:
+ Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1)
- debian/sudo[-ldap].manpages: install man/man8/sudo_root.8
- debian/sudo[-ldap].init: delete init scripts, as they are no longer
necessary.
- debian/etc/pam.d/sudo[-i]:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due
to security reasons.
- debian/etc/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/tests/control: 03-getroot-ldap:
+ allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes)
- Add XDG_CURRENT_DESKTOP to initial_keepenv_table for Qt to determine the
correct theme (LP: #1958055)
Available diffs
- diff from 1.9.10-3ubuntu1 to 1.9.11p3-1ubuntu1 (868.3 KiB)
sudo (1.9.10-3ubuntu1) kinetic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/control:
+ Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1)
- debian/sudo[-ldap].manpages: install man/man8/sudo_root.8
- debian/sudo[-ldap].init: delete init scripts, as they are no longer
necessary.
- debian/etc/pam.d/sudo[-i]:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due
to security reasons.
- debian/etc/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/tests/control: 03-getroot-ldap:
+ allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes)
* Dropped changes (applied in Debian):
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
* Add XDG_CURRENT_DESKTOP to initial_keepenv_table for Qt to determine the
correct theme (LP: #1958055)
Available diffs
- diff from 1.9.9-1ubuntu2 to 1.9.10-3ubuntu1 (482.7 KiB)
| Superseded in kinetic-release |
| Published in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
sudo (1.9.9-1ubuntu2) jammy; urgency=medium * d/t/control: skip 03-getroot-ldap autopkgtest on non-containers -- Lukas Märdian <email address hidden> Mon, 14 Feb 2022 12:48:05 +0100
Available diffs
- diff from 1.9.5p2-3ubuntu2 to 1.9.9-1ubuntu2 (2.2 MiB)
- diff from 1.9.9-1ubuntu1 to 1.9.9-1ubuntu2 (704 bytes)
| Superseded in jammy-proposed |
sudo (1.9.9-1ubuntu1) jammy; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/control:
+ Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1)
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
- debian/sudo[-ldap].manpages: install man/man8/sudo_root.8
- debian/sudo[-ldap].init: delete init scripts, as they are no longer
necessary.
- debian/etc/pam.d/sudo[-i]:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due
to security reasons.
- debian/etc/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/tests/control: 03-getroot-ldap:
+ allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes)
* Dropped changes:
- debian/rules:
+ use dh-autoreconf (converted to using dh)
Available diffs
| Superseded in jammy-release |
| Obsolete in impish-release |
| Deleted in impish-proposed (Reason: Moved to impish) |
sudo (1.9.5p2-3ubuntu2) impish; urgency=medium * No-change rebuild due to OpenLDAP soname bump. -- Sergio Durigan Junior <email address hidden> Mon, 21 Jun 2021 18:09:32 -0400
Available diffs
- diff from 1.9.5p2-3ubuntu1 to 1.9.5p2-3ubuntu2 (360 bytes)
sudo (1.9.5p2-3ubuntu1) impish; urgency=low * Merge from Debian unstable (LP: #1929110). Remaining changes: - debian/rules: + use dh-autoreconf - debian/rules: stop shipping init scripts, as they are no longer necessary. - debian/rules: + compile with --without-lecture --with-tty-tickets --enable-admin-flag + install man/man8/sudo_root.8 in both flavours - debian/sudo.pam: + Use pam_env to read /etc/environment and /etc/default/locale environment files. Reading ~/.pam_environment is not permitted due to security reasons. - debian/sudoers: + also grant admin group sudo access + include /snap/bin in the secure_path * Dropped changes, now included in Debian: - debian/rules: + install apport hooks - debian/sudo-ldap.dirs, debian/sudo.dirs: + add usr/share/apport/package-hooks -- William 'jawn-smith' Wilson <email address hidden> Thu, 20 May 2021 15:43:31 +0000
Available diffs
| Superseded in impish-release |
| Obsolete in hirsute-release |
| Deleted in hirsute-proposed (Reason: moved to Release) |
sudo (1.9.5p2-2ubuntu3) hirsute; urgency=medium * No change rebuild with fixed ownership. -- Dimitri John Ledkov <email address hidden> Thu, 18 Feb 2021 00:03:21 +0000
Available diffs
| Superseded in hirsute-proposed |
sudo (1.9.5p2-2ubuntu2) hirsute; urgency=medium * No change rebuild against new permissions ABI. LP: #1915250
Available diffs
| Deleted in hirsute-proposed (Reason: remove broken sudo from proposed) |
sudo (1.9.5p2-2ubuntu1) hirsute; urgency=low * Merge from Debian unstable. (LP: #1915307) * Remaining changes: - debian/rules: + use dh-autoreconf - debian/rules: stop shipping init scripts, as they are no longer necessary. - debian/rules: + compile with --without-lecture --with-tty-tickets --enable-admin-flag + install man/man8/sudo_root.8 in both flavours + install apport hooks - debian/sudo-ldap.dirs, debian/sudo.dirs: + add usr/share/apport/package-hooks - debian/sudo.pam: + Use pam_env to read /etc/environment and /etc/default/locale environment files. Reading ~/.pam_environment is not permitted due to security reasons. - debian/sudoers: + also grant admin group sudo access + include /snap/bin in the secure_path * Dropped patches, no longer needed because they are integrated in Debian: - CVE-2021-23239.patch - CVE-2021-3156-1.patch - CVE-2021-3156-2.patch - CVE-2021-3156-3.patch - CVE-2021-3156-4.patch - CVE-2021-3156-5.patch
Available diffs
- diff from 1.9.4p2-2ubuntu3 to 1.9.5p2-2ubuntu1 (186.6 KiB)
sudo (1.9.4p2-2ubuntu3) hirsute; urgency=medium
* SECURITY UPDATE: ineffective NO_ROOT_MAILER hardening option
- debian/patches/ineffective_no_root_mailer.patch: fix NO_ROOT_MAILER
in plugins/sudoers/logging.c, plugins/sudoers/policy.c.
- No CVE number
-- Marc Deslauriers <email address hidden> Sat, 30 Jan 2021 14:35:13 -0500
Available diffs
sudo (1.8.3p1-1ubuntu3.10) precise-security; urgency=medium
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2021-3156-1.patch: reset valid_flags to
MODE_NONINTERACTIVE for sudoedit in src/parse_args.c.
- debian/patches/CVE-2021-3156-2.patch: add sudoedit flag checks in
plugin in plugins/sudoers/sudoers.c.
- debian/patches/CVE-2021-3156-3.patch: fix potential buffer overflow
when unescaping backslashes in plugins/sudoers/sudoers.c.
- debian/patches/CVE-2021-3156-5.patch: don't assume that argv is
allocated as a single flat buffer in src/parse_args.c.
- CVE-2021-3156
-- Leonidas Da Silva Barbosa <email address hidden> Wed, 27 Jan 2021 08:49:33 -0300
Available diffs
sudo (1.9.4p2-2ubuntu2) hirsute; urgency=medium
* SECURITY UPDATE: dir existence issue via sudoedit race
- debian/patches/CVE-2021-23239.patch: fix potential directory existing
info leak in sudoedit in src/sudo_edit.c.
- CVE-2021-23239
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2021-3156-1.patch: reset valid_flags to
MODE_NONINTERACTIVE for sudoedit in src/parse_args.c.
- debian/patches/CVE-2021-3156-2.patch: add sudoedit flag checks in
plugin in plugins/sudoers/policy.c.
- debian/patches/CVE-2021-3156-3.patch: fix potential buffer overflow
when unescaping backslashes in plugins/sudoers/sudoers.c.
- debian/patches/CVE-2021-3156-4.patch: fix the memset offset when
converting a v1 timestamp to TS_LOCKEXCL in
plugins/sudoers/timestamp.c.
- debian/patches/CVE-2021-3156-5.patch: don't assume that argv is
allocated as a single flat buffer in src/parse_args.c.
- CVE-2021-3156
-- Marc Deslauriers <email address hidden> Tue, 26 Jan 2021 14:37:48 -0500
Available diffs
sudo (1.8.31-1ubuntu1.2) focal-security; urgency=medium
* SECURITY UPDATE: dir existence issue via sudoedit race
- debian/patches/CVE-2021-23239.patch: fix potential directory existing
info leak in sudoedit in src/sudo_edit.c.
- CVE-2021-23239
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2021-3156-pre1.patch: sanity check size when
converting the first record to TS_LOCKEXCL in
plugins/sudoers/timestamp.c.
- debian/patches/CVE-2021-3156-1.patch: reset valid_flags to
MODE_NONINTERACTIVE for sudoedit in src/parse_args.c.
- debian/patches/CVE-2021-3156-2.patch: add sudoedit flag checks in
plugin in plugins/sudoers/policy.c.
- debian/patches/CVE-2021-3156-3.patch: fix potential buffer overflow
when unescaping backslashes in plugins/sudoers/sudoers.c.
- debian/patches/CVE-2021-3156-4.patch: fix the memset offset when
converting a v1 timestamp to TS_LOCKEXCL in
plugins/sudoers/timestamp.c.
- debian/patches/CVE-2021-3156-5.patch: don't assume that argv is
allocated as a single flat buffer in src/parse_args.c.
- CVE-2021-3156
-- Marc Deslauriers <email address hidden> Tue, 19 Jan 2021 09:21:02 -0500
Available diffs
sudo (1.8.21p2-3ubuntu1.4) bionic-security; urgency=medium
* SECURITY UPDATE: dir existence issue via sudoedit race
- debian/patches/CVE-2021-23239.patch: fix potential directory existing
info leak in sudoedit in src/sudo_edit.c.
- CVE-2021-23239
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2021-3156-pre1.patch: check lock record size in
plugins/sudoers/timestamp.c.
- debian/patches/CVE-2021-3156-pre2.patch: sanity check size when
converting the first record to TS_LOCKEXCL in
plugins/sudoers/timestamp.c.
- debian/patches/CVE-2021-3156-1.patch: reset valid_flags to
MODE_NONINTERACTIVE for sudoedit in src/parse_args.c.
- debian/patches/CVE-2021-3156-2.patch: add sudoedit flag checks in
plugin in plugins/sudoers/policy.c.
- debian/patches/CVE-2021-3156-3.patch: fix potential buffer overflow
when unescaping backslashes in plugins/sudoers/sudoers.c.
- debian/patches/CVE-2021-3156-4.patch: fix the memset offset when
converting a v1 timestamp to TS_LOCKEXCL in
plugins/sudoers/timestamp.c.
- debian/patches/CVE-2021-3156-5.patch: don't assume that argv is
allocated as a single flat buffer in src/parse_args.c.
- CVE-2021-3156
* debian/control: added tzdata to Build-Depends so that the time zone
data directory is present during builds.
-- Marc Deslauriers <email address hidden> Tue, 19 Jan 2021 09:36:00 -0500
sudo (1.9.1-1ubuntu1.1) groovy-security; urgency=medium
* SECURITY UPDATE: dir existence issue via sudoedit race
- debian/patches/CVE-2021-23239.patch: fix potential directory existing
info leak in sudoedit in src/sudo_edit.c.
- CVE-2021-23239
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2021-3156-1.patch: reset valid_flags to
MODE_NONINTERACTIVE for sudoedit in src/parse_args.c.
- debian/patches/CVE-2021-3156-2.patch: add sudoedit flag checks in
plugin in plugins/sudoers/policy.c.
- debian/patches/CVE-2021-3156-3.patch: fix potential buffer overflow
when unescaping backslashes in plugins/sudoers/sudoers.c.
- debian/patches/CVE-2021-3156-4.patch: fix the memset offset when
converting a v1 timestamp to TS_LOCKEXCL in
plugins/sudoers/timestamp.c.
- debian/patches/CVE-2021-3156-5.patch: don't assume that argv is
allocated as a single flat buffer in src/parse_args.c.
- CVE-2021-3156
* debian/control: added tzdata to Build-Depends so that the time zone
data directory is present during builds.
-- Marc Deslauriers <email address hidden> Tue, 19 Jan 2021 09:08:56 -0500
Available diffs
sudo (1.8.16-0ubuntu1.10) xenial-security; urgency=medium
* SECURITY UPDATE: dir existence issue via sudoedit race
- debian/patches/CVE-2021-23239.patch: fix potential directory existing
info leak in sudoedit in src/sudo_edit.c.
- CVE-2021-23239
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2021-3156-pre1.patch: check lock record size in
plugins/sudoers/timestamp.c.
- debian/patches/CVE-2021-3156-pre2.patch: sanity check size when
converting the first record to TS_LOCKEXCL in
plugins/sudoers/timestamp.c.
- debian/patches/CVE-2021-3156-1.patch: reset valid_flags to
MODE_NONINTERACTIVE for sudoedit in src/parse_args.c.
- debian/patches/CVE-2021-3156-2.patch: add sudoedit flag checks in
plugin in plugins/sudoers/policy.c.
- debian/patches/CVE-2021-3156-3.patch: fix potential buffer overflow
when unescaping backslashes in plugins/sudoers/sudoers.c.
- debian/patches/CVE-2021-3156-4.patch: fix the memset offset when
converting a v1 timestamp to TS_LOCKEXCL in
plugins/sudoers/timestamp.c.
- debian/patches/CVE-2021-3156-5.patch: don't assume that argv is
allocated as a single flat buffer in src/parse_args.c.
- CVE-2021-3156
-- Marc Deslauriers <email address hidden> Tue, 19 Jan 2021 09:48:09 -0500
Available diffs
sudo (1.9.4p2-2ubuntu1) hirsute; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/rules:
+ use dh-autoreconf
- debian/rules: stop shipping init scripts, as they are no longer
necessary.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due
to security reasons.
- debian/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
Available diffs
- diff from 1.9.3p1-1ubuntu1 to 1.9.4p2-2ubuntu1 (520.5 KiB)
sudo (1.9.3p1-1ubuntu1) hirsute; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/rules:
+ use dh-autoreconf
- debian/rules: stop shipping init scripts, as they are no longer
necessary.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due
to security reasons.
- debian/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
Available diffs
- diff from 1.9.1-1ubuntu1 to 1.9.3p1-1ubuntu1 (706.3 KiB)
sudo (1.8.21p2-3ubuntu1.3) bionic; urgency=medium
* d/p/0001-In-pty_close-close-the-slave-and-remove-any-events-a.patch:
- fix sudo hangs when IO logging is enabled (LP: #1895757)
-- Heitor Alves de Siqueira <email address hidden> Wed, 23 Sep 2020 14:59:35 +0000
Available diffs
sudo (1.8.31-1ubuntu1.1) focal; urgency=medium
* d/p/ignore-rlimit-core-failure.patch: Ignore a failure to restore the
RLIMIT_CORE resource limit. Linux containers don't allow RLIMIT_CORE
to be set back to RLIM_INFINITY if we set the limit to zero, even for
root. RLIMIT_NPROC is also not allowed to be set back. This is not a
problem outside the container.
(LP: #1857036)
-- Bryce Harrington <email address hidden> Wed, 15 Jul 2020 00:17:58 +0000
Available diffs
| Superseded in hirsute-release |
| Obsolete in groovy-release |
| Deleted in groovy-proposed (Reason: moved to Release) |
sudo (1.9.1-1ubuntu1) groovy; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/rules:
+ use dh-autoreconf
- debian/rules: stop shipping init scripts, as they are no longer
necessary.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due
to security reasons.
- debian/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
Available diffs
- diff from 1.9.0-1ubuntu1 to 1.9.1-1ubuntu1 (598.9 KiB)
sudo (1.9.0-1ubuntu1) groovy; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/rules:
+ use dh-autoreconf
- debian/rules: stop shipping init scripts, as they are no longer
necessary.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due
to security reasons.
- debian/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
* Dropped changes, no longer needed:
- debian/control:
+ use dh-autoreconf
Available diffs
| Superseded in groovy-release |
| Published in focal-release |
| Deleted in focal-proposed (Reason: moved to Release) |
sudo (1.8.31-1ubuntu1) focal; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
shipping init script and service file, as they are no longer
necessary.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due to
security reasons.
- debian/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/control, debian/rules:
+ use dh-autoreconf
Available diffs
- diff from 1.8.29-1ubuntu1 to 1.8.31-1ubuntu1 (131.6 KiB)
sudo (1.8.16-0ubuntu1.9) xenial-security; urgency=medium
* SECURITY UPDATE: buffer overflow in sudo when pwfeedback is enabled
- debian/patches/CVE-2019-18634.patch: fix overflow in src/tgetpass.c.
- CVE-2019-18634
-- Marc Deslauriers <email address hidden> Fri, 31 Jan 2020 12:19:11 -0500
Available diffs
sudo (1.8.27-1ubuntu4.1) eoan-security; urgency=medium
* SECURITY UPDATE: buffer overflow in sudo when pwfeedback is enabled
- debian/patches/CVE-2019-18634.patch: fix overflow in src/tgetpass.c.
- CVE-2019-18634
-- Marc Deslauriers <email address hidden> Fri, 31 Jan 2020 12:07:33 -0500
Available diffs
sudo (1.8.21p2-3ubuntu1.2) bionic-security; urgency=medium
* SECURITY UPDATE: buffer overflow in sudo when pwfeedback is enabled
- debian/patches/CVE-2019-18634.patch: fix overflow in src/tgetpass.c.
- CVE-2019-18634
-- Marc Deslauriers <email address hidden> Fri, 31 Jan 2020 12:18:41 -0500
Available diffs
sudo (1.8.29-1ubuntu1) focal; urgency=medium
* Merge from Debian unstable.
Remaining changes:
- debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
shipping init script and service file, as they are no longer
necessary.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due to
security reasons.
- debian/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/control, debian/rules:
+ use dh-autoreconf
* Removed patches included in new version:
- debian/patches/CVE-2019-14287.patch
- debian/patches/CVE-2019-14287-2.patch
Available diffs
- diff from 1.8.27-1ubuntu4 to 1.8.29-1ubuntu1 (875.0 KiB)
| Superseded in focal-release |
| Obsolete in eoan-release |
| Deleted in eoan-proposed (Reason: moved to Release) |
sudo (1.8.27-1ubuntu4) eoan; urgency=medium
* SECURITY UPDATE: privilege escalation via UID -1
- debian/patches/CVE-2019-14287.patch: treat an ID of -1 as invalid
in lib/util/strtoid.c.
- debian/patches/CVE-2019-14287-2.patch: fix and add to tests in
lib/util/regress/atofoo/atofoo_test.c,
plugins/sudoers/regress/testsudoers/test5.out.ok,
plugins/sudoers/regress/testsudoers/test5.sh.
- CVE-2019-14287
-- Marc Deslauriers <email address hidden> Tue, 15 Oct 2019 07:09:02 -0400
Available diffs
sudo (1.8.21p2-3ubuntu1.1) bionic-security; urgency=medium
* SECURITY UPDATE: privilege escalation via UID -1
- debian/patches/CVE-2019-14287.patch: treat an ID of -1 as invalid
in lib/util/strtoid.c.
- CVE-2019-14287
- debian/patches/CVE-2019-14287-2.patch: fix and add to tests in
lib/util/regress/atofoo/atofoo_test.c,
plugins/sudoers/regress/testsudoers/test5.out.ok,
plugins/sudoers/regress/testsudoers/test5.sh.
- CVE-2019-14287
-- Marc Deslauriers <email address hidden> Thu, 10 Oct 2019 14:32:59 -0400
Available diffs
sudo (1.8.16-0ubuntu1.8) xenial-security; urgency=medium
* SECURITY UPDATE: privilege escalation via UID -1
- debian/patches/CVE-2019-14287.patch: treat an ID of -1 as invalid
in lib/util/strtoid.c.
- CVE-2019-14287
- debian/patches/CVE-2019-14287-2.patch: fix and add to tests in
lib/util/regress/atofoo/atofoo_test.c,
plugins/sudoers/regress/testsudoers/test5.out.ok,
plugins/sudoers/regress/testsudoers/test5.sh.
- CVE-2019-14287
-- Marc Deslauriers <email address hidden> Thu, 10 Oct 2019 14:47:22 -0400
Available diffs
sudo (1.8.27-1ubuntu1.1) disco-security; urgency=medium
* SECURITY UPDATE: privilege escalation via UID -1
- debian/patches/CVE-2019-14287.patch: treat an ID of -1 as invalid
in lib/util/strtoid.c.
- debian/patches/CVE-2019-14287-2.patch: fix and add to tests in
lib/util/regress/atofoo/atofoo_test.c,
plugins/sudoers/regress/testsudoers/test5.out.ok,
plugins/sudoers/regress/testsudoers/test5.sh.
- CVE-2019-14287
-- Marc Deslauriers <email address hidden> Thu, 10 Oct 2019 14:29:24 -0400
Available diffs
sudo (1.8.27-1ubuntu3) eoan; urgency=medium * No-change upload with strops.h and sys/strops.h removed in glibc. -- Matthias Klose <email address hidden> Thu, 05 Sep 2019 11:12:29 +0000
Available diffs
- diff from 1.8.27-1ubuntu2 to 1.8.27-1ubuntu3 (345 bytes)
sudo (1.8.27-1ubuntu2) eoan; urgency=medium * Remove d/p/keep_home_by_default.patch (LP: #1556302) - This restores sudo handling of $HOME to what everyone else does -- Dan Streetman <email address hidden> Tue, 04 Jun 2019 08:58:02 -0400
Available diffs
- diff from 1.8.27-1ubuntu1 to 1.8.27-1ubuntu2 (792 bytes)
sudo (1.8.16-0ubuntu1.7) xenial-security; urgency=medium
* debian/patches/terminate-with-commands-signal.patch: re-enable patch
that got dropped by mistake in previous upload. (LP: #1832257)
-- Marc Deslauriers <email address hidden> Mon, 10 Jun 2019 15:42:44 -0400
Available diffs
- diff from 1.8.16-0ubuntu1.6 to 1.8.16-0ubuntu1.7 (530 bytes)
sudo (1.8.16-0ubuntu1.6) xenial-security; urgency=medium
[ Steve Beattie ]
* SECURITY UPDATE: /proc/self/stat parsing newline confusion
- debian/patches/CVE-2017-1000368.patch: read all lines of
/proc/self/stat
- CVE-2017-1000368
* debian/patches/avoid_sign_extension_tty_nr.patch: hardening to
ensure sign extension doesn't occur when parsing /proc/self/stat
[ Marc Deslauriers ]
* SECURITY UPDATE: sudo noexec bypass
- debian/patches/CVE-2016-7076-*.patch: wrap wordexp, add seccomp
filter.
- CVE-2016-7076
-- Marc Deslauriers <email address hidden> Wed, 01 May 2019 11:30:39 -0400
Available diffs
| Superseded in eoan-release |
| Obsolete in disco-release |
| Deleted in disco-proposed (Reason: moved to release) |
sudo (1.8.27-1ubuntu1) disco; urgency=medium
* Merge from Debian unstable.
Remaining changes:
- debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
shipping init script and service file, as they are no longer
necessary.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due to
security reasons.
- debian/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/control, debian/rules:
+ use dh-autoreconf
- Remaining patches:
+ keep_home_by_default.patch: Keep HOME in the default environment
Available diffs
- diff from 1.8.23-2ubuntu1 to 1.8.27-1ubuntu1 (712.8 KiB)
| Superseded in disco-release |
| Obsolete in cosmic-release |
| Deleted in cosmic-proposed (Reason: moved to release) |
sudo (1.8.23-2ubuntu1) cosmic; urgency=medium
* Merge from Debian unstable.
Remaining changes:
- debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
shipping init script and service file, as they are no longer
necessary.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due to
security reasons.
- debian/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/control, debian/rules:
+ use dh-autoreconf
- Remaining patches:
+ keep_home_by_default.patch: Keep HOME in the default environment
Available diffs
- diff from 1.8.21p2-3ubuntu1 to 1.8.23-2ubuntu1 (676.3 KiB)
| Superseded in cosmic-release |
| Published in bionic-release |
| Deleted in bionic-proposed (Reason: moved to release) |
sudo (1.8.21p2-3ubuntu1) bionic; urgency=medium
* Merge from Debian unstable.
Remaining changes:
- debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
shipping init script and service file, as they are no longer
necessary.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due to
security reasons.
- debian/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/control, debian/rules:
+ use dh-autoreconf
- Remaining patches:
+ keep_home_by_default.patch: Keep HOME in the default environment
Available diffs
- diff from 1.8.21p2-2ubuntu1 to 1.8.21p2-3ubuntu1 (963 bytes)
sudo (1.8.21p2-2ubuntu1) bionic; urgency=medium * Merge from Debian unstable. (LP: #1731981) Remaining changes: - debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop shipping init script and service file, as they are no longer necessary. - debian/rules: + compile with --without-lecture --with-tty-tickets --enable-admin-flag + install man/man8/sudo_root.8 in both flavours + install apport hooks - debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs: + add usr/share/apport/package-hooks - debian/sudo.pam: + Use pam_env to read /etc/environment and /etc/default/locale environment files. Reading ~/.pam_environment is not permitted due to security reasons. - debian/sudoers: + also grant admin group sudo access + include /snap/bin in the secure_path - debian/control, debian/rules: + use dh-autoreconf - Remaining patches: + keep_home_by_default.patch: Keep HOME in the default environment Dropped changes since they are integrated in Debian: - Use tmpfs location to store timestamp files + debian/rules: change --with-rundir to /var/run/sudo + debian/*.preinst, debian/*.postinst, debian/*.postrm: remove old init script with dpkg-maintscript-helper. Dropped changes since the the transition took place already in every release the package can be upgraded from: + debian/*.postinst: remove old /var/run/sudo to /var/lib/sudo transition code, remove old /var/lib/sudo/ts timestamp directory. * Refresh patches
Available diffs
- diff from 1.8.20p2-1ubuntu1 to 1.8.21p2-2ubuntu1 (369.6 KiB)
| Superseded in bionic-release |
| Obsolete in artful-release |
| Deleted in artful-proposed (Reason: moved to release) |
sudo (1.8.20p2-1ubuntu1) artful; urgency=low * Merge from Debian unstable. (LP: #1697587) Remaining changes: - Use tmpfs location to store timestamp files + debian/rules: change --with-rundir to /var/run/sudo + debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop shipping init script and service file, as they are no longer necessary. + debian/*.preinst, debian/*.postinst, debian/*.postrm: remove old init script with dpkg-maintscript-helper. + debian/*.postinst: remove old /var/run/sudo to /var/lib/sudo transition code, remove old /var/lib/sudo/ts timestamp directory. - debian/rules: + compile with --without-lecture --with-tty-tickets --enable-admin-flag + install man/man8/sudo_root.8 in both flavours + install apport hooks - debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs: + add usr/share/apport/package-hooks - debian/sudo.pam: + Use pam_env to read /etc/environment and /etc/default/locale environment files. Reading ~/.pam_environment is not permitted due to security reasons. - debian/sudoers: + also grant admin group sudo access + include /snap/bin in the secure_path - debian/control, debian/rules: + use dh-autoreconf - Remaining patches: + keep_home_by_default.patch: Keep HOME in the default environment - Dropped patches no longer needed: + CVE-2017-1000367.patch
Available diffs
- diff from 1.8.19p1-1ubuntu1 to 1.8.20p2-1ubuntu1 (536.7 KiB)
- diff from 1.8.19p1-1ubuntu2 to 1.8.20p2-1ubuntu1 (539.2 KiB)
sudo (1.8.19p1-1ubuntu1.2) zesty; urgency=medium * Terminate with the same signal as the command (LP: #1686803) This fixes a regression introduced in sudo 1.8.15 changeset 10229:153f016db8f1. -- Balint Reczey <email address hidden> Tue, 13 Jun 2017 10:00:00 +0200
Available diffs
| Obsolete in yakkety-proposed |
sudo (1.8.16-0ubuntu3.3) yakkety; urgency=medium * Terminate with the same signal as the command (LP: #1686803) This fixes a regression introduced in sudo 1.8.15 changeset 10229:153f016db8f1. -- Balint Reczey <email address hidden> Tue, 13 Jun 2017 11:00:03 +0200
Available diffs
sudo (1.8.16-0ubuntu1.5) xenial; urgency=medium * Terminate with the same signal as the command (LP: #1686803) This fixes a regression introduced in sudo 1.8.15 changeset 10229:153f016db8f1. -- Balint Reczey <email address hidden> Tue, 13 Jun 2017 11:10:50 +0200
Available diffs
| Superseded in artful-proposed |
sudo (1.8.19p1-1ubuntu2) artful; urgency=medium
* SECURITY UPDATE: /proc/self/stat parsing confusion
- debian/patches/CVE-2017-1000367.patch: adjust parsing to
find ttyname
- CVE-2017-1000367
-- Steve Beattie <email address hidden> Mon, 29 May 2017 03:13:37 -0700
Available diffs
sudo (1.8.16-0ubuntu3.2) yakkety-security; urgency=medium
* SECURITY UPDATE: /proc/self/stat parsing confusion
- debian/patches/CVE-2017-1000367.patch: adjust parsing to
find ttyname
- CVE-2017-1000367
-- Steve Beattie <email address hidden> Mon, 29 May 2017 03:24:16 -0700
Available diffs
sudo (1.8.19p1-1ubuntu1.1) zesty-security; urgency=medium
* SECURITY UPDATE: /proc/self/stat parsing confusion
- debian/patches/CVE-2017-1000367.patch: adjust parsing to
find ttyname
- CVE-2017-1000367
-- Steve Beattie <email address hidden> Mon, 29 May 2017 03:25:14 -0700
Available diffs
sudo (1.8.16-0ubuntu1.4) xenial-security; urgency=medium
* SECURITY UPDATE: /proc/self/stat parsing confusion
- debian/patches/CVE-2017-1000367.patch: adjust parsing to
find ttyname
- CVE-2017-1000367
-- Steve Beattie <email address hidden> Mon, 29 May 2017 03:17:46 -0700
Available diffs
sudo (1.8.9p5-1ubuntu1.4) trusty-security; urgency=medium
* SECURITY UPDATE: /proc/self/stat parsing confusion
- debian/patches/CVE-2017-1000367.patch: adjust parsing to
find ttyname
- CVE-2017-1000367
-- Steve Beattie <email address hidden> Mon, 29 May 2017 01:05:33 -0700
Available diffs
| Deleted in yakkety-proposed (Reason: moved to -updates) |
sudo (1.8.16-0ubuntu3.1) yakkety; urgency=medium
* sssd-doesnt-handle-netgroups.diff, sssd-fix-matching-loop.diff:
Only check username as part of the netgroup when netgroup_tuple is enabled.
(LP: #1607666)
-- Timo Aaltonen <email address hidden> Mon, 16 Jan 2017 11:49:18 +0200
Available diffs
sudo (1.8.16-0ubuntu1.3) xenial; urgency=medium
* sssd-doesnt-handle-netgroups.diff, sssd-fix-matching-loop.diff:
Only check username as part of the netgroup when netgroup_tuple is enabled.
(LP: #1607666)
-- Timo Aaltonen <email address hidden> Sat, 14 Jan 2017 01:54:21 +0200
Available diffs
| Superseded in artful-release |
| Obsolete in zesty-release |
| Deleted in zesty-proposed (Reason: moved to release) |
sudo (1.8.19p1-1ubuntu1) zesty; urgency=low * Merge from Debian unstable. (LP: #1607666) Remaining changes: - Use tmpfs location to store timestamp files + debian/rules: change --with-rundir to /var/run/sudo + debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop shipping init script and service file, as they are no longer necessary. + debian/*.preinst, debian/*.postinst, debian/*.postrm: remove old init script with dpkg-maintscript-helper. + debian/*.postinst: remove old /var/run/sudo to /var/lib/sudo transition code, remove old /var/lib/sudo/ts timestamp directory. - debian/rules: + compile with --without-lecture --with-tty-tickets --enable-admin-flag + install man/man8/sudo_root.8 in both flavours + install apport hooks - debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs: + add usr/share/apport/package-hooks - debian/sudo.pam: + Use pam_env to read /etc/environment and /etc/default/locale environment files. Reading ~/.pam_environment is not permitted due to security reasons. - debian/sudoers: + also grant admin group sudo access + include /snap/bin in the secure_path - debian/control, debian/rules: + use dh-autoreconf - Remaining patches: + keep_home_by_default.patch: Keep HOME in the default environment - Dropped patches no longer needed: + debian/patches/lp1565567.patch: upstream. + debian/patches/also_check_sudo_group.diff: upstream. -- Timo Aaltonen <email address hidden> Sat, 14 Jan 2017 01:41:17 +0200
Available diffs
- diff from 1.8.16-0ubuntu3 to 1.8.19p1-1ubuntu1 (604.8 KiB)
sudo (1.8.9p5-1ubuntu1.3) trusty-proposed; urgency=medium
* debian/sudoers:
- include /snap/bin in the secure_path (LP: #1595558)
-- Michael Vogt <email address hidden> Mon, 10 Oct 2016 10:10:46 +0200
Available diffs
| 1 → 75 of 209 results | First • Previous • Next • Last |
