Changelog
sudo (1.7.2p7-1ubuntu1) maverick; urgency=low
* Merge from debian unstable. Remaining changes:
- debian/rules:
- compile with --without-lecture --with-tty-tickets (Ubuntu specific)
- install man/man8/sudo_root.8 (Ubuntu specific)
- install apport hooks
- debian/sudo-ldap.dirs, debian/sudo.dirs: add
usr/share/apport/package-hooks
- debian/patches/ubuntu-sudo-as-admin-successful.patch: adjust sudo.c so
that if the user successfully authenticated and he is in the 'admin'
group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
profile checks for this and displays a short intro about sudo if the flag
is not present
* Dropped the following, now included upstream:
- fix for CVE-2010-1163
- fix for CVE-2010-0426
- debian/sudo.postinst, debian/sudo-ldap.postinst: update description to
match behavior in sudoers file
- don't install init script. Debian moved to /var/lib/sudo from
/var/run/sudo, so Ubuntu's tmpfs usage won't clean those out
automatically any more, so we now need the initscript.
sudo (1.7.2p7-1) unstable; urgency=high
* new upstream release with security fix for secure path (CVE-2010-1646),
closes: #585394
* move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
about whether to give the lecture is preserved across reboots even when
RAMRUN is set, closes: #581393
* add a note to README.Debian about LDAP needing an entry in
/etc/nsswitch.conf, closes: #522065
* add a note to README.Debian about how to turn off lectures if using
RAMRUN in /etc/default/rcS, closes: #581393
sudo (1.7.2p6-1) unstable; urgency=low
* new upstream version fixing CVE-2010-1163, closes: #578275, #570737
sudo (1.7.2p5-1) unstable; urgency=low
* new upstream release, closes a bug filed upstream regarding missing man
page processing scripts in the 1.7.2p1 tarball, also includes the fix
for CVE-2010-0426 previously the subject of a security team nmu
* move to source format 3.0 (quilt) and restructure changes as patches
* fix unprocessed substitution variables in man pages, closes: #557204
* apply patch from Neil Moore to fix Debian-specific content in the
visudo man page, closes: #555013
* update descriptions to better explain sudo-ldap, closes: #573108
* eliminate spurious 'and' in man page, closes: #571620
* fix confusing text in default sudoers, closes: #566607
-- Jamie Strandboge <email address hidden> Tue, 06 Jul 2010 11:43:05 -0500