Change logs for sudo source package in Lucid

sudo (1.7.2p1-1ubuntu5.8) lucid-security; urgency=medium

  * SECURITY UPDATE: arbitrary file access via TZ
    - configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
      pathnames.h.in, plugins/sudoers/env.c: sanity check TZ env variable.
    - http://www.sudo.ws/repos/sudo/rev/650ac6938b59
    - http://www.sudo.ws/repos/sudo/rev/ac1467f71ac0
    - http://www.sudo.ws/repos/sudo/rev/91859f613b88
    - http://www.sudo.ws/repos/sudo/rev/579b02f0dbe0
    - CVE-2014-9680
 -- Marc Deslauriers <email address hidden>   Thu, 12 Mar 2015 12:21:20 -0400

sudo (1.7.2p1-1ubuntu5.7) lucid-security; urgency=medium

  * SECURITY UPDATE: security policy bypass when env_reset is disabled
    - env.c: fix logic inversion
    - http://www.sudo.ws/repos/sudo/rev/748cefb49422
    - CVE-2014-0106
 -- Marc Deslauriers <email address hidden>   Mon, 10 Mar 2014 13:43:32 -0400

sudo (1.7.2p1-1ubuntu5.6) lucid-security; urgency=low

  * SECURITY UPDATE: authentication bypass via clock set to epoch
    - debian/patches/CVE-2013-1775.patch: ignore time stamp file if it is
      set to epoch in check.c.
    - backported from ddf399e3e306ca238f6f1cda8153889b15bba12e
    - CVE-2013-1775
 -- Marc Deslauriers <email address hidden>   Wed, 27 Feb 2013 13:45:39 -0500

sudo (1.7.2p1-1ubuntu5.5) lucid-proposed; urgency=low

  * toke.{cl}: avoid duplicate fclose() of the sudoers file (LP: #553786)
    - http://www.sudo.ws/repos/sudo/rev/164d39108dde
 -- Marc Deslauriers <email address hidden>   Thu, 22 Nov 2012 16:08:01 -0500

sudo (1.7.2p1-1ubuntu5.4) lucid-security; urgency=low

  * SECURITY UPDATE: Properly handle multiple netmasks in sudoers Host and
    Host_List values
    - match.c: Prevent IPv6 netmask-based address matching logic from
      incorrectly being applied to IPv4 addresses. Based on upstream patch
      written by Todd C. Miller.
    - CVE-2012-2337
 -- Tyler Hicks <email address hidden>   Tue, 15 May 2012 23:28:04 -0500

sudo (1.7.2p1-1ubuntu5.3) lucid-security; urgency=low

  * SECURITY UPDATE: privilege escalation via -g when using group Runas_List
    - pwutil.c, sudo.h: add user_in_group(), backported from upstream commits
      48ca8c2eddf8, 72df368a8a0e and 6ebc55d4716b. This is intended to be used
      only with check.c to fix CVE-2011-0010 instead of doing the refactoring.
      Going forward, will need to look at this code also if a flaw is found in
      this refactored code. If needed, the refactoring work is in 48ca8c2eddf8
      and 6ebc55d4716b.
    - check.c: prompt for password when the user is running sudo as himself
      but as a different group. Backported from fe8a94f96542.
    - CVE-2011-0010
 -- Jamie Strandboge <email address hidden>   Wed, 19 Jan 2011 10:39:09 -0600

sudo (1.7.2p1-1ubuntu5.2) lucid-security; urgency=low

  * SECURITY UPDATE: privilege escalation via '-g' option when using
    'user:group' in Runas_Spec
    - update match.c to verify both user and group match sudoers when using
      '-g'. Patch thanks to upstream.
    - CVE-2010-2956
 -- Jamie Strandboge <email address hidden>   Tue, 31 Aug 2010 15:16:00 -0500

sudo (1.7.2p1-1ubuntu5.1) lucid-security; urgency=low

  * SECURITY UPDATE: properly handle multiple PATH variables when using
    secure_path in env.c
    - http://www.sudo.ws/repos/sudo/raw-rev/a09c6812eaec
    - CVE-2010-1646
 -- Jamie Strandboge <email address hidden>   Fri, 18 Jun 2010 14:00:54 -0500

sudo (1.7.2p1-1ubuntu5) lucid; urgency=low

  * SECURITY UPDATE: properly verify path in find_path.c for the 'sudoedit'
    pseudo-command when running from the current working directory and
    secure_path is disabled
    - CVE-2010-XXXX
 -- Jamie Strandboge <email address hidden>   Wed, 07 Apr 2010 15:35:36 -0500

sudo (1.7.2p1-1ubuntu4) lucid; urgency=low

  * env.c: Revert addition of "http_proxy" again. This was an Ubuntu specific
    EBW hack, caused inconsistencies with other proxy variables (such as
    https_proxy and ftp_proxy), made sudo incompatible to upstream
    behaviour/documentation. This is solved in a much better way in apt itself
    and gnome-network-properties now. (LP: #432631)
 -- Martin Pitt <email address hidden>   Fri, 26 Mar 2010 18:48:18 +0100

sudo (1.7.2p1-1ubuntu3) lucid; urgency=low

  * debian/sudo.postinst, debian/sudo-ldap.postinst: update description to
    match behaviour in sudoers file. (LP: #534090)
 -- Marc Deslauriers <email address hidden>   Sun, 07 Mar 2010 19:49:39 -0500

sudo (1.7.2p1-1ubuntu2) lucid; urgency=low

  * SECURITY UPDATE: properly verify path for the 'sudoedit' pseudo-command
    in match.c
    - http://sudo.ws/repos/sudo/rev/88f3181692fe
    - CVE-2010-0426
 -- Jamie Strandboge <email address hidden>   Wed, 24 Feb 2010 16:50:11 -0600

sudo (1.7.2p1-1ubuntu1) lucid; urgency=low

  * Merge from debian testing.  Remaining changes:
   - debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu
     specific)
   - Add debian/sudo_root.8: Explanation of root handling through sudo.
     Install it in debian/rules. (Ubuntu specific)
   - sudo.c: If the user successfully authenticated and he is in the 'admin'
     group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
     profile checks for this and displays a short intro about sudo if the
     flag is not present. (Ubuntu specific)
   - env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept
     for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at
     some point)
   - debian/{rules,postinst,sudo-ldap.postinst}: Disable init script
     installation. Debian reintroduced it because /var/run tmpfs is not the
     default there, but has been on Ubuntu for ages.
   - debian/{source_sudo.py,rules,sudo-ldap.dirs,sudo.dirs}: Add apport hook

sudo (1.7.2p1-1) unstable; urgency=low

  * new upstream version
  * add support for /etc/sudoers.d using #includedir in default sudoers,
    which I think is also a good solution to the request for a crontab-like
    API requested in March of 2001, closes: #539994, #271813, #89743
  * move init.d script from using rcS.d to rc[0-6].d, closes: #542924

sudo (1.7.2-2) unstable; urgency=low

  * further improve initial sudoers to not include the NOPASSWD option on
    the group sudo exception, closes: #539136, #198991

sudo (1.7.2-1) unstable; urgency=low

  * new upstream version, closes: #537103
  * improve initial sudoers by having the exemption for users in group
    sudo on by default, and including the ability to run any command as
    any user.  This makes the default install roughly equivalent to our
    old use of the --with-exempt=sudo build option, closes: #536220, #536222
 -- Marc Deslauriers <email address hidden>   Mon, 08 Feb 2010 18:47:06 -0500

sudo (1.7.0-1ubuntu3) lucid; urgency=low

  * debian/{source_sudo.py,rules}: Add apport hook
 -- Marc Deslauriers <email address hidden>   Fri, 29 Jan 2010 09:31:00 -0500

sudo (1.7.0-1ubuntu2) karmic; urgency=low

  * env.c: add logic similar to pam_env's stripping of single and double
    quotes around /etc/environment env vars; fixes literal quotes in LANG when
    using sudo -i; LP: #387262.

 -- Loic Minier <email address hidden>   Mon, 22 Jun 2009 18:03:45 +0200