Accepted sudo 1.6.8p12-1ubuntu1 (source)

Martin Pitt martin.pitt at ubuntu.com
Tue Jan 17 09:10:08 GMT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 17 Jan 2006 10:03:05 +0100
Source: sudo
Binary: sudo-ldap sudo
Architecture: source
Version: 1.6.8p12-1ubuntu1
Distribution: dapper
Urgency: low
Maintainer: Bdale Garbee <bdale at gag.com>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description: 
 sudo       - Provide limited super user privileges to specific users
 sudo-ldap  - Provide limited super user privileges to specific users
Closes: 283231 330868 332849 342948 344034
Changes: 
 sudo (1.6.8p12-1ubuntu1) dapper; urgency=low
 .
   * Resynchronise with Debian, clean up cruft from Ubuntu diff.
   * debian/postinst: Do not set env_reset flag in newly created sudoers files;
     it's incompatible with upgrades.
   * Clean up environment variable handling to fix vulns like CVE-2005-4158 and
     CVE-2006-0151 once and for all: Only keep known-good variables if user has
     limited sudo privileges (blacklist -> whitelist) and keep them all for
     users with unlimited command privileges (to not drive admins and
     developers up the wall which actually need to pass env variables from time
     to time).
     - parse.h, parse.yacc:
       + Add a new flag 'cmdall' to the matchstack, and a new macro 'cmnd_all'
         to access it.
       + In the "cmnd" grammar rule: Set cmdall to TRUE if command specifier is
         'ALL', otherwise to FALSE.
     - sudo.tab.cc: Re-yaccified to match changes to parse.yacc.
     - sudo.h: Add new sudoers_lookup() return flag FLAG_CMND_ALL.
     - parse.c, sudoers_lookup(): Set flag FLAG_CMND_ALL if cmnd_all matched.
     - ldap.c:
       + sudo_ldap_check_command(): Add return parameter all, set to true
         if command specifier is 'ALL'.
       + sudo_ldap_check(): Set flag FLAG_CMND_ALL if sudo_ldap_check_command()
         returned all=1.
     - env.c:
       + Apply Martin Schulze's patch to switch from blacklist to whitelist
         environment cleaning.
       + Add parameter 'noclean' to rebuild_env(); if it is != 0, environment
         variables are not cleaned.
     - sudo.c: Call rebuild_env() with noclean=1 if FLAG_CMND_ALL is set.
 .
 sudo (1.6.8p12-1) unstable; urgency=low
 .
   * new upstream version, closes: #342948 (CVE-2005-4158)
   * add env_reset to the sudoers file we create if none already exists,
     as a further precaution in response to discussion about CVS-2005-4158
   * split ldap support into a new sudo-ldap package.  I was trying to avoid
     doing this, but the impact of going from 4 to 17 linked shlibs on the
     autobuilder chroots is sufficient motivation for me.
     closes: #344034
 .
 sudo (1.6.8p9-4) unstable; urgency=low
 .
   * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
   * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
     timestamps in the init.d script, closes: #330868
   * add dependency header to init.d script, closes: #332849
Files: 
 0e78bb5c28e1dbf811650b294e9a831a 605 admin optional sudo_1.6.8p12-1ubuntu1.dsc
 b29893c06192df6230dd5f340f3badf5 585643 admin optional sudo_1.6.8p12.orig.tar.gz
 87e300a5f5e78cd22dce1af22351908d 34161 admin optional sudo_1.6.8p12-1ubuntu1.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDzLLyDecnbV4Fd/IRAtOLAJ42hCHynCiZXL1tM8UXZcwls2wCRwCg5/md
VSflJRNJkXZhBFuZXemQB24=
=ABLs
-----END PGP SIGNATURE-----


Accepted:
sudo_1.6.8p12-1ubuntu1.diff.gz
  to pool/main/s/sudo/sudo_1.6.8p12-1ubuntu1.diff.gz
sudo_1.6.8p12-1ubuntu1.dsc
  to pool/main/s/sudo/sudo_1.6.8p12-1ubuntu1.dsc
sudo_1.6.8p12.orig.tar.gz
  to pool/main/s/sudo/sudo_1.6.8p12.orig.tar.gz

More information about the dapper-changes mailing list