Ubuntu
sudo package

Change logs for sudo source package in Kinetic

  1. Kinetic (22.10)
  2. Change log 
  • sudo (1.9.11p3-1ubuntu1.3) kinetic-security; urgency=medium

  * SECURITY UPDATE: does not escape control characters
    - debian/patches/CVE-2023-2848x-1.patch: escape control characters in
      log messages and sudoreplay output in docs/sudoers.man.in,
      docs/sudoers.mdoc.in, docs/sudoreplay.man.in,
      docs/sudoreplay.mdoc.in, include/sudo_lbuf.h,
      lib/eventlog/eventlog.c, lib/iolog/iolog_json.c, lib/util/lbuf.c,
      lib/util/util.exp.in, plugins/sudoers/sudoreplay.c.
    - debian/patches/CVE-2023-2848x-2.patch: fix regression in
      lib/eventlog/eventlog.c.
    - CVE-2023-28486
    - CVE-2023-28487

 -- Marc Deslauriers <email address hidden>  Mon, 03 Apr 2023 13:57:25 -0400
  • sudo (1.9.11p3-1ubuntu1.2) kinetic-security; urgency=medium

  * SECURITY UPDATE: double free with per-command chroot sudoers rules
    - debian/patches/CVE-2023-27320.patch: don't free user_cmnd twice in
      MANIFEST, plugins/sudoers/match_command.c,
      plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
      plugins/sudoers/regress/testsudoers/test20.out.ok,
      plugins/sudoers/regress/testsudoers/test20.sh,
      plugins/sudoers/testsudoers.c,
      plugins/sudoers/visudo.c.
    - CVE-2023-27320

 -- Marc Deslauriers <email address hidden>  Wed, 01 Mar 2023 08:59:06 -0500
  • sudo (1.9.11p3-1ubuntu1.1) kinetic-security; urgency=medium

  * SECURITY UPDATE: arbitrary file overwrite via sudoedit
    - debian/patches/CVE-2023-22809.patch: do not permit editor arguments
      to include -- in plugins/sudoers/editor.c, plugins/sudoers/sudoers.c,
      plugins/sudoers/visudo.c.
    - CVE-2023-22809

 -- Marc Deslauriers <email address hidden>  Mon, 16 Jan 2023 07:34:35 -0500
  • sudo (1.9.11p3-1ubuntu1) kinetic; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - debian/control:
      + Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1)
    - debian/sudo[-ldap].manpages: install man/man8/sudo_root.8
    - debian/sudo[-ldap].init: delete init scripts, as they are no longer
      necessary.
    - debian/etc/pam.d/sudo[-i]:
      + Use pam_env to read /etc/environment and /etc/default/locale
        environment files. Reading ~/.pam_environment is not permitted due
        to security reasons.
    - debian/etc/sudoers:
      + also grant admin group sudo access
      + include /snap/bin in the secure_path
    - debian/tests/control: 03-getroot-ldap:
      + allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes)
    - Add XDG_CURRENT_DESKTOP to initial_keepenv_table for Qt to determine the
      correct theme (LP: #1958055)

sudo (1.9.11p3-1) unstable; urgency=low

  * new upstream version 1.9.11p3

 -- Benjamin Drung <email address hidden>  Tue, 23 Aug 2022 10:06:34 +0200
  • sudo (1.9.10-3ubuntu1) kinetic; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - debian/control:
      + Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1)
    - debian/sudo[-ldap].manpages: install man/man8/sudo_root.8
    - debian/sudo[-ldap].init: delete init scripts, as they are no longer
      necessary.
    - debian/etc/pam.d/sudo[-i]:
      + Use pam_env to read /etc/environment and /etc/default/locale
        environment files. Reading ~/.pam_environment is not permitted due
        to security reasons.
    - debian/etc/sudoers:
      + also grant admin group sudo access
      + include /snap/bin in the secure_path
    - debian/tests/control: 03-getroot-ldap:
      + allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes)
  * Dropped changes (applied in Debian):
    - debian/rules:
      + compile with --without-lecture --with-tty-tickets --enable-admin-flag
  * Add XDG_CURRENT_DESKTOP to initial_keepenv_table for Qt to determine the
    correct theme (LP: #1958055)

sudo (1.9.10-3) unstable; urgency=medium

  * some changes to 03-getroot-ldap autopkgtest to find out
    about ppc64el failure

sudo (1.9.10-2) unstable; urgency=medium

  * upload to unstable (fixed autopkgtest is needed to allow
    adduser to migrate)

sudo (1.9.10-1) experimental; urgency=medium

  * new upstream version
    * unverified upstream changelog
    * implement workaround if /proc/self/stat is invalid.
      (Closes: #940533)
    * Fix compilation problem on kFreeBSD. (Closes: #1004909)
      (different fix than the Debian patch, disable Debian patch)
    * get rid of e-mails "problem with defaults entries" in sss
      configurations. (Closes: #793660)
    * regular expression support for sudoers. (Closes: #945366)
    * handle /proc/self/fd in qemu.
    * Apply Upstream Patch to allow test suite with non-english LANG
      https://bugzilla.sudo.ws/show_bug.cgi?id=1025
    * Apply Upstream Patch to allow test suite with faketime
  * re-introduce MVPROG patch that got lost in dh migration.
    Thanks to Vagrant Cascadian (Closes: #976307)
  * revert back to directly shipping the mask symlink in the package.
    Thanks to Michael Biebl (Closes: #1004730)
  * adopt configure changes from Ubuntu
    --without-lecture --with-tty-tickets --enable-admin-flag (Closes: #1006273)
  * fix wrong handling of --with-systemd-tmpfiles.d
  * bring OPTIONS up to date.
  * have upstream install docs directly to correct directory
  * let debhelper handle the upstream changelog
  * remove LICENSE.md in both packages
  * autopkgtest: send deluser stderr to null in cleanup
  * Add cron to autopkgtest 03-getroot-ldap dependencies
  * improve lintian overrides

 -- Benjamin Drung <email address hidden>  Wed, 03 Aug 2022 10:45:04 +0200
  • sudo (1.9.9-1ubuntu2) jammy; urgency=medium

  * d/t/control: skip 03-getroot-ldap autopkgtest on non-containers

 -- Lukas Märdian <email address hidden>  Mon, 14 Feb 2022 12:48:05 +0100