Bug #1563825 “FFe: Update to sudo 1.8.16” : Bugs : sudo package : Ubuntu

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2016-03-30:

#1

Just to be clear, I will start by merging 1.8.15-1.1 from debian, and will update to 1.8.16 which isn't in Debian yet.

Revision history for this message

Martin Pitt (pitti) wrote on 2016-03-30:

#2

Only trivial new features, mostly bug fixes. Approved.

Changed in sudo (Ubuntu):
status:	New → Triaged

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-03-30:

#3

This bug was fixed in the package sudo - 1.8.16-0ubuntu1

---------------
sudo (1.8.16-0ubuntu1) xenial; urgency=medium

  * Update to new upstream version 1.8.16. (LP: #1563825)
    - Dropped patches no longer needed:
      + CVE-2015-5602-6.patch
      + CVE-2015-5602-7.patch
  * Merge from Debian unstable. Remaining changes:
    - Use tmpfs location to store timestamp files
      + debian/rules: change --with-rundir to /var/run/sudo
      + debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
        shipping init script and service file, as they are no longer
        necessary.
      + debian/*.preinst, debian/*.postinst, debian/*.postrm: remove old
        init script with dpkg-maintscript-helper.
      + debian/*.postinst: remove old /var/run/sudo to /var/lib/sudo
        transition code, remove old /var/lib/sudo/ts timestamp directory.
    - debian/rules:
      + compile with --without-lecture --with-tty-tickets --enable-admin-flag
      + install man/man8/sudo_root.8 in both flavours
      + install apport hooks
    - debian/sudoers:
      + also grant admin group sudo access
    - debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
      + add usr/share/apport/package-hooks
    - debian/sudo.pam:
      + Use pam_env to read /etc/environment and /etc/default/locale
        environment files. Reading ~/.pam_environment is not permitted due to
        security reasons.
    - debian/control:
      + dh-autoreconf dependency fixes missing-build-dependency-for-dh_-command
    - Remaining patches:
      + keep_home_by_default.patch: Keep HOME in the default environment
      + debian/patches/also_check_sudo_group.diff: also check the sudo group
        in plugins/sudoers/sudoers.c to create the admin flag file. Leave the
        admin group check for backwards compatibility.
    - Dropped patches no longer needed:
      + debian/patches/pam_check_untranslated_prompt.patch: upstream.

sudo (1.8.15-1.1) unstable; urgency=medium

  * Non-maintainer upload
  * Disable editing of files via user-controllable symlinks
    (Closes: #804149) (CVE-2015-5602)
    - Fix directory writability checks for sudoedit
    - Enable sudoedit directory writability checks by default

sudo (1.8.15-1) unstable; urgency=low

* new upstream version, closes: #804149
* use --with-exampledir to deliver example files more cleanly

-- Marc Deslauriers <email address hidden> Wed, 30 Mar 2016 08:03:52 -0400

This bug was fixed in the package sudo - 1.8.16-0ubuntu1

---------------
sudo (1.8.16-0ubuntu1) xenial; urgency=medium

* Update to new upstream version 1.8.16. (LP: #1563825)
    - Dropped patches no longer needed:
      + CVE-2015-5602-6.patch
      + CVE-2015-5602-7.patch
  * Merge from Debian unstable. Remaining changes:
    - Use tmpfs location to store timestamp files
      + debian/rules: change --with-rundir to /var/run/sudo
      + debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
        shipping init script and service file, as they are no longer
        necessary.
      + debian/*.preinst, debian/*.postinst, debian/*.postrm: remove old
        init script with dpkg-maintscript-helper.
      + debian/*.postinst: remove old /var/run/sudo to /var/lib/sudo
        transition code, remove old /var/lib/sudo/ts timestamp directory.
    - debian/rules:
      + compile with --without-lecture --with-tty-tickets --enable-admin-flag
      + install man/man8/sudo_root.8 in both flavours
      + install apport hooks
    - debian/sudoers:
      + also grant admin group sudo access
    - debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
      + add usr/share/apport/package-hooks
    - debian/sudo.pam:
      + Use pam_env to read /etc/environment and /etc/default/locale
        environment files. Reading ~/.pam_environment is not permitted due to
        security reasons.
    - debian/control:
      + dh-autoreconf dependency fixes missing-build-dependency-for-dh_-command
    - Remaining patches:
      + keep_home_by_default.patch: Keep HOME in the default environment
      + debian/patches/also_check_sudo_group.diff: also check the sudo group
        in plugins/sudoers/sudoers.c to create the admin flag file. Leave the
        admin group check for backwards compatibility.
    - Dropped patches no longer needed:
      + debian/patches/pam_check_untranslated_prompt.patch: upstream.

sudo (1.8.15-1.1) unstable; urgency=medium

* Non-maintainer upload
  * Disable editing of files via user-controllable symlinks
    (Closes: #804149) (CVE-2015-5602)
    - Fix directory writability checks for sudoedit
    - Enable sudoedit directory writability checks by default

sudo (1.8.15-1) unstable; urgency=low

* new upstream version, closes: #804149
  * use --with-exampledir to deliver example files more cleanly

-- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 30 Mar 2016 08:03:52 -0400

Changed in sudo (Ubuntu):
status:	Triaged → Fix Released

Ubuntu
sudo package

FFe: Update to sudo 1.8.16

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntusudo package

FFe: Update to sudo 1.8.16

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
sudo package