-
sudo (1.9.11p3-1ubuntu1.3) kinetic-security; urgency=medium
* SECURITY UPDATE: does not escape control characters
- debian/patches/CVE-2023-2848x-1.patch: escape control characters in
log messages and sudoreplay output in docs/sudoers.man.in,
docs/sudoers.mdoc.in, docs/sudoreplay.man.in,
docs/sudoreplay.mdoc.in, include/sudo_lbuf.h,
lib/eventlog/eventlog.c, lib/iolog/iolog_json.c, lib/util/lbuf.c,
lib/util/util.exp.in, plugins/sudoers/sudoreplay.c.
- debian/patches/CVE-2023-2848x-2.patch: fix regression in
lib/eventlog/eventlog.c.
- CVE-2023-28486
- CVE-2023-28487
-- Marc Deslauriers <email address hidden> Mon, 03 Apr 2023 13:57:25 -0400
-
sudo (1.9.11p3-1ubuntu1.2) kinetic-security; urgency=medium
* SECURITY UPDATE: double free with per-command chroot sudoers rules
- debian/patches/CVE-2023-27320.patch: don't free user_cmnd twice in
MANIFEST, plugins/sudoers/match_command.c,
plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
plugins/sudoers/regress/testsudoers/test20.out.ok,
plugins/sudoers/regress/testsudoers/test20.sh,
plugins/sudoers/testsudoers.c,
plugins/sudoers/visudo.c.
- CVE-2023-27320
-- Marc Deslauriers <email address hidden> Wed, 01 Mar 2023 08:59:06 -0500
-
sudo (1.9.11p3-1ubuntu1.1) kinetic-security; urgency=medium
* SECURITY UPDATE: arbitrary file overwrite via sudoedit
- debian/patches/CVE-2023-22809.patch: do not permit editor arguments
to include -- in plugins/sudoers/editor.c, plugins/sudoers/sudoers.c,
plugins/sudoers/visudo.c.
- CVE-2023-22809
-- Marc Deslauriers <email address hidden> Mon, 16 Jan 2023 07:34:35 -0500
-
sudo (1.9.11p3-1ubuntu1) kinetic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/control:
+ Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1)
- debian/sudo[-ldap].manpages: install man/man8/sudo_root.8
- debian/sudo[-ldap].init: delete init scripts, as they are no longer
necessary.
- debian/etc/pam.d/sudo[-i]:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due
to security reasons.
- debian/etc/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/tests/control: 03-getroot-ldap:
+ allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes)
- Add XDG_CURRENT_DESKTOP to initial_keepenv_table for Qt to determine the
correct theme (LP: #1958055)
sudo (1.9.11p3-1) unstable; urgency=low
* new upstream version 1.9.11p3
-- Benjamin Drung <email address hidden> Tue, 23 Aug 2022 10:06:34 +0200
-
sudo (1.9.10-3ubuntu1) kinetic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/control:
+ Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1)
- debian/sudo[-ldap].manpages: install man/man8/sudo_root.8
- debian/sudo[-ldap].init: delete init scripts, as they are no longer
necessary.
- debian/etc/pam.d/sudo[-i]:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due
to security reasons.
- debian/etc/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/tests/control: 03-getroot-ldap:
+ allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes)
* Dropped changes (applied in Debian):
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
* Add XDG_CURRENT_DESKTOP to initial_keepenv_table for Qt to determine the
correct theme (LP: #1958055)
sudo (1.9.10-3) unstable; urgency=medium
* some changes to 03-getroot-ldap autopkgtest to find out
about ppc64el failure
sudo (1.9.10-2) unstable; urgency=medium
* upload to unstable (fixed autopkgtest is needed to allow
adduser to migrate)
sudo (1.9.10-1) experimental; urgency=medium
* new upstream version
* unverified upstream changelog
* implement workaround if /proc/self/stat is invalid.
(Closes: #940533)
* Fix compilation problem on kFreeBSD. (Closes: #1004909)
(different fix than the Debian patch, disable Debian patch)
* get rid of e-mails "problem with defaults entries" in sss
configurations. (Closes: #793660)
* regular expression support for sudoers. (Closes: #945366)
* handle /proc/self/fd in qemu.
* Apply Upstream Patch to allow test suite with non-english LANG
https://bugzilla.sudo.ws/show_bug.cgi?id=1025
* Apply Upstream Patch to allow test suite with faketime
* re-introduce MVPROG patch that got lost in dh migration.
Thanks to Vagrant Cascadian (Closes: #976307)
* revert back to directly shipping the mask symlink in the package.
Thanks to Michael Biebl (Closes: #1004730)
* adopt configure changes from Ubuntu
--without-lecture --with-tty-tickets --enable-admin-flag (Closes: #1006273)
* fix wrong handling of --with-systemd-tmpfiles.d
* bring OPTIONS up to date.
* have upstream install docs directly to correct directory
* let debhelper handle the upstream changelog
* remove LICENSE.md in both packages
* autopkgtest: send deluser stderr to null in cleanup
* Add cron to autopkgtest 03-getroot-ldap dependencies
* improve lintian overrides
-- Benjamin Drung <email address hidden> Wed, 03 Aug 2022 10:45:04 +0200
-
sudo (1.9.9-1ubuntu2) jammy; urgency=medium
* d/t/control: skip 03-getroot-ldap autopkgtest on non-containers
-- Lukas Märdian <email address hidden> Mon, 14 Feb 2022 12:48:05 +0100