sudo (1.9.15p5-3ubuntu5.24.04.1) noble-security; urgency=medium
* SECURITY UPDATE: Local Privilege Escalation via host option
- debian/patches/CVE-2025-32462.patch: only allow specifying a host
when listing privileges.
- CVE-2025-32462
* SECURITY UPDATE: Local Privilege Escalation via chroot option
- debian/patches/CVE-2025-32463.patch: remove user-selected root
directory chroot option.
- CVE-2025-32463
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 25 Jun 2025 08:42:53 -0400
sudo (1.9.15p5-3ubuntu5) noble; urgency=high
* No change rebuild against libssl3t64.
-- Julian Andres Klode <juliank@ubuntu.com> Mon, 08 Apr 2024 16:50:39 +0200
sudo (1.9.15p5-3ubuntu4) noble; urgency=medium
* No-change rebuild for CVE-2024-3094
-- Steve Langasek <steve.langasek@ubuntu.com> Sun, 31 Mar 2024 17:17:28 +0000
sudo (1.9.15p5-3ubuntu3) noble; urgency=medium
* Disable an offensive insult (LP: #2058053)
- d/p/disable_offensive_insult.patch: properly disable an offensive
insult that was fogotten when the configure options were refactored
in plugins/sudoers/ins_csops.h.
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 18 Mar 2024 07:53:26 -0400
sudo (1.9.15p5-3ubuntu2) noble; urgency=medium
* No-change rebuild against libssl3t64
-- Steve Langasek <steve.langasek@ubuntu.com> Mon, 04 Mar 2024 21:28:45 +0000
sudo (1.9.15p5-3ubuntu1) noble; urgency=medium
* Merge with Debian unstable (LP: #2051576). Remaining changes:
- debian/sudo[-ldap].manpages: install man/man8/sudo_root.8
- debian/sudo[-ldap].init: delete init scripts, as they are no longer
necessary.
- debian/etc/pam.d/sudo[-i]:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due
to security reasons.
- debian/etc/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/tests/control: 03-getroot-ldap
+ allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes)
- debian/tests/04-getroot-sssd:
+ Check if the slapd daemon is ready before proceeding.
In some situations, the next command (ldapmodify) runs before
the service is ready. See LP#2026888
-- Danilo Egea Gondolfo <danilo.egea.gondolfo@canonical.com> Mon, 29 Jan 2024 17:09:56 +0000
sudo (1.9.15p5-3) unstable; urgency=medium
* add --with-devel configure option.
Thanks to Bastien Roucariès (Closes: #1061272)
-- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 26 Jan 2024 21:10:13 +0100
sudo (1.9.15p5-2) unstable; urgency=medium
* switch Build-Depends from systemd to systemd-dev
Thanks to Michael Biebl (Closes: #1060511)
* set Multi-Arch: foreign on sudo and sudo-ldap.
Thanks to Andreas Rottmann (Closes: #1060445)
* add debian/copyright clause for source_sudo.py.
Oops.
-- Marc Haber <mh+debian-packages@zugschlus.de> Sat, 13 Jan 2024 21:59:56 +0100
sudo (1.9.15p5-1) unstable; urgency=medium
* new upstream version 1.9.15p5
* This is supposed to properly malloc on hurd.
Thanks to Martin-Éric Racine (Closes: #1057833)
* add durch debconf translation.
Thanks to Frans Spiesschaert (Closes: #1059567)
-- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 03 Jan 2024 21:40:38 +0100
sudo (1.9.15p4-2) unstable; urgency=medium
* upload to unstable
* use pkg-config to place systemd units.
Thanks to Chris Hofstaedtler (Closes: #1059063)
* Add french debconf translation.
Thanks to bubu (Closes: #1058939)
* fix typo in NEWS.Debian.
Thanks to Vincent Danjean (Closes: #1058925)
* add persian debconf translation.
Thanks to Danial Behzadi
* add spanish debconf translation.
Thanks to Camaleón (Closes: #1059460)
-- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 27 Dec 2023 17:53:13 +0100
sudo (1.9.15p4-1) experimental; urgency=medium
* new upstream version 1.9.15p4
* add de.po template translation.
Thanks to Christoph Brinkhaus (Closes: #1058762)
* Enable AppArmor (MR 15, manually apṕlied)
Thanks to Will Shand
* remove legacy debian/rules.predh7
-- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 15 Dec 2023 22:57:27 +0100
sudo (1.9.15p3-1) unstable; urgency=medium
* new upstream version 1.9.15p3
-- Marc Haber <mh+debian-packages@zugschlus.de> Thu, 14 Dec 2023 20:22:51 +0100
sudo (1.9.15p2-2) unstable; urgency=medium
* upload to unstable
-- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 08 Dec 2023 18:31:14 +0100
sudo (1.9.15p2-1) experimental; urgency=medium
* the #DENOG15 release
* New upstream version 1.9.15p2
* mark sudo-ldap as deprecated.
-- Marc Haber <mh+debian-packages@zugschlus.de> Mon, 20 Nov 2023 14:15:22 +0100
sudo (1.9.14p2-1ubuntu1) mantic; urgency=medium
* Merge with Debian unstable (LP: #2030914). Remaining changes:
- debian/sudo[-ldap].manpages: install man/man8/sudo_root.8
- debian/sudo[-ldap].init: delete init scripts, as they are no longer
necessary.
- debian/etc/pam.d/sudo[-i]:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due
to security reasons.
- debian/etc/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/tests/control: 03-getroot-ldap
+ allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes)
- debian/tests/04-getroot-sssd:
+ Check if the slapd daemon is ready before proceeding.
In some situations, the next command (ldapmodify) runs before
the service is ready. See LP#2026888
-- Danilo Egea Gondolfo <danilo.egea.gondolfo@canonical.com> Wed, 09 Aug 2023 21:53:59 +0100
sudo (1.9.14p2-1) unstable; urgency=medium
* new upstream version
-- Marc Haber <mh+debian-packages@zugschlus.de> Thu, 20 Jul 2023 00:31:52 +0200
sudo (1.9.13p3-3ubuntu1) mantic; urgency=medium
* Merge with Debian unstable (LP: #2025655). Remaining changes:
- debian/sudo[-ldap].manpages: install man/man8/sudo_root.8
- debian/sudo[-ldap].init: delete init scripts, as they are no longer
necessary.
- debian/etc/pam.d/sudo[-i]:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due
to security reasons.
- debian/etc/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/tests/control: 03-getroot-ldap:
+ allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes)
* Added changes:
- debian/tests/04-getroot-sssd:
+ Check if the slapd daemon is ready before proceeding.
In some situations, the next command (ldapmodify) runs before
the service is ready. See LP:#2026888
* Dropped changes:
- Drop Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1)
This wasn't in the former Ubuntu version, just mentioned
in the changelog by accident
-- Danilo Egea Gondolfo <danilo.egea.gondolfo@canonical.com> Mon, 03 Jul 2023 15:23:30 +0100
sudo (1.9.13p3-3) unstable; urgency=medium
* fix wrong patch to fix event log format
(added wrongly in 1.9.13p3-2)
-- Marc Haber <mh+debian-packages@zugschlus.de> Tue, 27 Jun 2023 11:43:07 +0200
sudo (1.9.13p3-2) unstable; urgency=medium
* add upstream patch to fix event log format.
Thanks to Kimmo Suominen (Closes: #1039557)
* add patch to improve upstream spanish translation
-- Marc Haber <mh+debian-packages@zugschlus.de> Tue, 27 Jun 2023 11:09:16 +0200
sudo (1.9.13p3-1ubuntu1) mantic; urgency=medium
* Merge with Debian unstable. Remaining changes:
- debian/sudo[-ldap].manpages: install man/man8/sudo_root.8
- debian/sudo[-ldap].init: delete init scripts, as they are no longer
necessary.
- debian/etc/pam.d/sudo[-i]:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due
to security reasons.
- debian/etc/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/tests/control: 03-getroot-ldap:
+ allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes)
- debian/control:
+ Drop Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1)
(for context see LP 1915250)
* Dropped changes, now included in Debian:
- debian/patches/CVE-2023-27320.patch
-- Danilo Egea Gondolfo <danilo.egea.gondolfo@canonical.com> Tue, 23 May 2023 14:34:04 +0100
sudo (1.9.13p3-1) unstable; urgency=medium
* new upstream version:
* Fix potential double free for CHROOT= rules
CVE-2023-27320. (Closes: #1032163)
* Fix --enable-static-sudoers regression
* check for overflow as result of fuzzing efforts
* Fix parser regression disallowing rules for user "list"
* Fix eventloop hang if there is /dev/tty data
* Fix sudo -l command args regression
* Fix sudo -l -U someuser regression
* Fix list privs regression
-- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 08 Mar 2023 21:17:05 +0100
sudo (1.9.13p1-1ubuntu2) lunar; urgency=medium
* SECURITY UPDATE: double free with per-command chroot sudoers rules
- debian/patches/CVE-2023-27320.patch: don't free user_cmnd twice in
MANIFEST, plugins/sudoers/match_command.c,
plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
plugins/sudoers/regress/testsudoers/test20.out.ok,
plugins/sudoers/regress/testsudoers/test20.sh,
plugins/sudoers/testsudoers.c,
plugins/sudoers/visudo.c.
- CVE-2023-27320
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 01 Mar 2023 08:51:34 -0500
sudo (1.9.13p1-1ubuntu1) lunar; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/sudo[-ldap].manpages: install man/man8/sudo_root.8
- debian/sudo[-ldap].init: delete init scripts, as they are no longer
necessary.
- debian/etc/pam.d/sudo[-i]:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due
to security reasons.
- debian/etc/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/tests/control: 03-getroot-ldap:
+ allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes)
- debian/control:
+ Drop Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1)
(for context see LP: 1915250)
- Drop patches for issues fixed upstream
+ d/p/CVE-2023-22809.patch
+ d/p/Add-XDG_CURRENT_DESKTOP-to-initial_keepenv_table.patch
-- Danilo Egea Gondolfo <danilo.egea.gondolfo@canonical.com> Mon, 20 Feb 2023 17:38:07 +0000
sudo (1.9.13p1-1) unstable; urgency=medium
* new upstream version 1.9.13p1
* remove unnecessary changelog creation patch
* remove lsb-base from dependencies
-- Marc Haber <mh+debian-packages@zugschlus.de> Sat, 18 Feb 2023 13:03:19 +0100
sudo (1.9.12p2-1) unstable; urgency=high
* new upstream version 1.9.12p2
* this fixes CVE-2023-22809:
Sudoedit can edit arbitrary files
-- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 18 Jan 2023 16:19:23 +0100
sudo (1.9.12p1-1) unstable; urgency=low
* new upstream version 1.9.12p1
* update patches
* update debian/copyright
* Add upstream patch to silence libgcrypt error message.
Thanks to Francesco P. Lovergine (Closes: #1019428)
* Standards-Version: 4.6.2 (no changes necessary)
* clean out obsolete lintian overrides
* Add patch to disable regeneration of upstream ChangeLog from git.
Thanks to Gioele Barabucci (Closes: #1025740)
* remove extra whitespace from debconf-get-selections output.
* add autopkgtest for sudo with sssd (Closes: #1004910)
[ Niels Thykier ]
* Support building sudo without (fake)root.
[ Gioele Barabucci ]
* Use dh_installnss to add ldap to sudoers NSS database
* Add libnss-sudo package. (Closes: #1023524)
-- Marc Haber <mh+debian-packages@zugschlus.de> Sun, 15 Jan 2023 13:58:48 +0100
sudo (1.9.11p3-1ubuntu3) lunar; urgency=medium
* SECURITY UPDATE: arbitrary file overwrite via sudoedit
- debian/patches/CVE-2023-22809.patch: do not permit editor arguments
to include -- in plugins/sudoers/editor.c, plugins/sudoers/sudoers.c,
plugins/sudoers/visudo.c.
- CVE-2023-22809
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 18 Jan 2023 12:46:34 -0500
sudo (1.9.11p3-1ubuntu2) lunar; urgency=medium
* No-change rebuild against libldap-2
-- Steve Langasek <steve.langasek@ubuntu.com> Thu, 15 Dec 2022 19:57:01 +0000
sudo (1.9.11p3-1ubuntu1) kinetic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/control:
+ Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1)
- debian/sudo[-ldap].manpages: install man/man8/sudo_root.8
- debian/sudo[-ldap].init: delete init scripts, as they are no longer
necessary.
- debian/etc/pam.d/sudo[-i]:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due
to security reasons.
- debian/etc/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/tests/control: 03-getroot-ldap:
+ allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes)
- Add XDG_CURRENT_DESKTOP to initial_keepenv_table for Qt to determine the
correct theme (LP: #1958055)
-- Benjamin Drung <bdrung@ubuntu.com> Tue, 23 Aug 2022 10:06:34 +0200
sudo (1.9.11p3-1) unstable; urgency=low
* new upstream version 1.9.11p3
-- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 23 Mar 2022 10:50:16 +0100
sudo (1.9.10-3ubuntu1) kinetic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/control:
+ Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1)
- debian/sudo[-ldap].manpages: install man/man8/sudo_root.8
- debian/sudo[-ldap].init: delete init scripts, as they are no longer
necessary.
- debian/etc/pam.d/sudo[-i]:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due
to security reasons.
- debian/etc/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/tests/control: 03-getroot-ldap:
+ allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes)
* Dropped changes (applied in Debian):
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
* Add XDG_CURRENT_DESKTOP to initial_keepenv_table for Qt to determine the
correct theme (LP: #1958055)
-- Benjamin Drung <bdrung@ubuntu.com> Wed, 03 Aug 2022 10:45:04 +0200
sudo (1.9.10-3) unstable; urgency=medium
* some changes to 03-getroot-ldap autopkgtest to find out
about ppc64el failure
-- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 23 Mar 2022 10:38:39 +0100
sudo (1.9.10-2) unstable; urgency=medium
* upload to unstable (fixed autopkgtest is needed to allow
adduser to migrate)
-- Marc Haber <mh+debian-packages@zugschlus.de> Mon, 21 Mar 2022 11:49:06 +0100
sudo (1.9.10-1) experimental; urgency=medium
* new upstream version
* unverified upstream changelog
* implement workaround if /proc/self/stat is invalid.
(Closes: #940533)
* Fix compilation problem on kFreeBSD. (Closes: #1004909)
(different fix than the Debian patch, disable Debian patch)
* get rid of e-mails "problem with defaults entries" in sss
configurations. (Closes: #793660)
* regular expression support for sudoers. (Closes: #945366)
* handle /proc/self/fd in qemu.
* Apply Upstream Patch to allow test suite with non-english LANG
https://bugzilla.sudo.ws/show_bug.cgi?id=1025
* Apply Upstream Patch to allow test suite with faketime
* re-introduce MVPROG patch that got lost in dh migration.
Thanks to Vagrant Cascadian (Closes: #976307)
* revert back to directly shipping the mask symlink in the package.
Thanks to Michael Biebl (Closes: #1004730)
* adopt configure changes from Ubuntu
--without-lecture --with-tty-tickets --enable-admin-flag (Closes: #1006273)
* fix wrong handling of --with-systemd-tmpfiles.d
* bring OPTIONS up to date.
* have upstream install docs directly to correct directory
* let debhelper handle the upstream changelog
* remove LICENSE.md in both packages
* autopkgtest: send deluser stderr to null in cleanup
* Add cron to autopkgtest 03-getroot-ldap dependencies
* improve lintian overrides
-- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 18 Mar 2022 14:31:30 +0100
sudo (1.9.9-1ubuntu2) jammy; urgency=medium
* d/t/control: skip 03-getroot-ldap autopkgtest on non-containers
-- Lukas Märdian <slyon@ubuntu.com> Mon, 14 Feb 2022 12:48:05 +0100
sudo (1.9.9-1ubuntu1) jammy; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/control:
+ Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1)
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
- debian/sudo[-ldap].manpages: install man/man8/sudo_root.8
- debian/sudo[-ldap].init: delete init scripts, as they are no longer
necessary.
- debian/etc/pam.d/sudo[-i]:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due
to security reasons.
- debian/etc/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/tests/control: 03-getroot-ldap:
+ allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes)
* Dropped changes:
- debian/rules:
+ use dh-autoreconf (converted to using dh)
-- Lukas Märdian <slyon@ubuntu.com> Tue, 08 Feb 2022 12:01:45 +0100
sudo (1.9.9-1) unstable; urgency=medium
* new upstream version
* audit plugin now handles unresolvable hostname better
Thanks to Sven Mueller (Closes: #1003969)
* better document environment handling.
Thanks to Arnout Engelen (Closes: #659101)
* README files now come as markdown
* schemas are now in docs subdirectory
* LICENSE is now LICENSE.md
[ Marc Haber ]
* refresh patches
* mark paths-in-samples.diff expicitly as not forwarded
* have systemd-tmpfiles clean up /run/sudo on boot
* lintian overrides:
* improve 'em in various places
* give better explanations
* override long line warnings
* override typo warning for a literal film quote
* use correct lintian tag for override init script without unit
* init script / systemd units
* guarantee init script no-op on systemd systems
* mask sysv init script on systemd systems in postinst
instead of debian/rules
* actually remove masking of service in postrm
* maintainer scripts
* document when .dist file removal was added to that
it can be eventually removed
* document when alternative removal was added to that
it can be eventually removed
* add a test to check for presence of #1003969
* Standards-Version: 4.6.0 (no changes)
* use uscan version 4
* honor nocheck DEB_BUILD_OPTION
[ Hilko Bengen ]
* More improvement for Lintian overrides
* Convert debian/copyright to machine-readable format, using
information from upstream-provided LICENSE.md file
-- Marc Haber <mh+debian-packages@zugschlus.de> Mon, 31 Jan 2022 20:19:55 +0100
sudo (1.9.8p2-1) unstable; urgency=medium
* add more autopkgtests (especially for LDAP)
* improve existing autopkgtests
* debian/patches:
* Remove typo-in-classic-insults.diff, reflectinc upstream's decision
to not fix the typo as a way of remembering Evi Nemeth.
* remove unneeded sudo-success_return. patch
* mark debian/patches/sudo-ldap-docs as Forwarded: not-needed
* add DEP3 headers
* mention #1001858 in sudo.prerm
* comment some lintian-overrides with unclear results
-- Marc Haber <mh+debian-packages@zugschlus.de> Sat, 18 Dec 2021 14:55:08 +0100
sudo (1.9.8p2-1~exp1) experimental; urgency=medium
[ Marc Haber ]
* new upstream version 1.9.8p2-1
* this correctly handles double defined alases (Closes: #985412)
* improve sudoers.ldap.manpage. Thanks to Dennis Filder and
Eric Brun (Closes: #981190)
* refresh patches
* remove prompting for wrong sudo group id (Closes: #605576)
* give better docs for LDAP success behavior.
Thanks to Dennis Filder (Closes: 981190)
* remove unneeded mandoc from Build-Depends.
Thanks to Ingo Schwarze
* Restore inclusion of pam_limits.so PAM module.
Thanks to Salvatore Bonaccorso (Closes: 518464)
* Use @includedir in sudoers.d/README (Closes: #993815)
* Other improvements for sudoers.d/README.
Thanks to Josh Triplett (Closes: #994962)
* add some (simple) autopkgtests
* better short description for sudo-ldap
* use https in debian/watch
* some changes to patch headers for Lintian
* manually remove executable bit from shared libs
* explicitly write set -e in maintainer scripts
* debian/control: set Rules-Requires-Root: binary-targets
* add first/trivial autopkgtests
[ Hilko Bengen ]
* Update lintian-overrides files
* Remove group sudo / gid=27 check from postinst scripts
[ Otto Kekäläinen ]
* Add basic Salsa-CI for project quality assurance
-- Marc Haber <mh+debian-packages@zugschlus.de> Sun, 12 Dec 2021 22:45:15 +0100
sudo (1.9.6-1~exp2) experimental; urgency=low
[ Marc Haber ]
* add use_pty to default configuration, fixing CVE-2005-4890.
Thanks to Daniel Kahn Gillmor (Closes: #657784)
* Add group specific defaults for environment variables (commented out)
Thanks to Josh Triplett
* remove --disable-setresuid from sudo-ldap as well.
Thanks to Dennis Filder (Closes: #985307)
[ Hilko Bengen ]
* Add PAM config for interactive login use (Closes: #690044)
* Actually configure sudo to use pam / sudo-i
-- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 02 Apr 2021 18:15:21 +0200
sudo (1.9.6-1~exp1) experimental; urgency=medium
* new upstream version
* add upstream signature
* refresh patches
* remove NO_ROOT_MAILER patch (incorporated upstream)
-- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 12 Mar 2021 22:06:59 +0100
sudo (1.9.5p2-3+exp1) experimental; urgency=medium
[ Marc Haber ]
* convert package to dh
* rename init scripts to be picked up by new debhelper
* rename and update lintian overrides
* let /run directory be created by systemd
* remove documentation files that are installed by upstream scripts
* clear dependency path in .la files
* add Pre-Depends: ${misc:Pre-Depends}
* override package-has-unnecessary-activation-of-ldconfig-trigger
[ Bastian Blank ]
* Move stuff to /usr/libexec.
* Use dpkg provided make snippets
* Provide build-flags via environment
* Use easier to read multi-line variables
* Remove not require prefix override
* Move stuff to /usr/libexec
[ Hilko Bengen ]
* Remove unneeded Built-Using
* Simplify dh_auto_* overrides
* Further simplification
* debian/rules: Remove another unneeded variable
* Don't ship *.la files
* Add Apport script
-- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 12 Mar 2021 20:48:13 +0100
sudo (1.9.5p2-3ubuntu2) impish; urgency=medium
* No-change rebuild due to OpenLDAP soname bump.
-- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 21 Jun 2021 18:09:32 -0400
sudo (1.9.5p2-3ubuntu1) impish; urgency=low
* Merge from Debian unstable (LP: #1929110). Remaining changes:
- debian/rules:
+ use dh-autoreconf
- debian/rules: stop shipping init scripts, as they are no longer
necessary.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due
to security reasons.
- debian/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
* Dropped changes, now included in Debian:
- debian/rules:
+ install apport hooks
- debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
-- William 'jawn-smith' Wilson <william.wilson@canonical.com> Thu, 20 May 2021 15:43:31 +0000
sudo (1.9.5p2-3) unstable; urgency=medium
* new maintainer team and uploaders (Closes: #976244)
* sudo is now team maintained
* add Uploaders field
* move salsa repo to team-sudo group
* refresh patches
* Adapt README.LDAP to the actual state of sudo-ldap (Closes: #442871)
* add Apport hook.
Thanks to Balint Reczey (Closes: 881671)
-- Marc Haber <mh+debian-packages@zugschlus.de> Sat, 27 Feb 2021 09:28:03 +0100
sudo (1.9.5p2-2ubuntu3) hirsute; urgency=medium
* No change rebuild with fixed ownership.
-- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 18 Feb 2021 00:03:21 +0000
sudo (1.9.5p2-2ubuntu2) hirsute; urgency=medium
* No change rebuild against new permissions ABI. LP: #1915250
-- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 16 Feb 2021 10:39:16 +0000
sudo (1.9.5p2-2ubuntu1) hirsute; urgency=low
* Merge from Debian unstable. (LP: #1915307)
* Remaining changes:
- debian/rules:
+ use dh-autoreconf
- debian/rules: stop shipping init scripts, as they are no longer
necessary.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due
to security reasons.
- debian/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
* Dropped patches, no longer needed because they are integrated in Debian:
- CVE-2021-23239.patch
- CVE-2021-3156-1.patch
- CVE-2021-3156-2.patch
- CVE-2021-3156-3.patch
- CVE-2021-3156-4.patch
- CVE-2021-3156-5.patch
-- William 'jawn-smith' Wilson <william.wilson@canonical.com> Wed, 10 Feb 2021 05:42:42 -0600
sudo (1.9.5p2-2) unstable; urgency=medium
* patch from upstream repo to fix NO_ROOT_MAILER
-- Bdale Garbee <bdale@gag.com> Fri, 29 Jan 2021 18:12:32 -0700
sudo (1.9.5p2-1) unstable; urgency=high
* new upstream version, addresses CVE-2021-3156
-- Bdale Garbee <bdale@gag.com> Tue, 26 Jan 2021 21:20:05 -0700
sudo (1.9.5p1-1.1) unstable; urgency=high
* Non-maintainer upload.
* Heap-based buffer overflow (CVE-2021-3156)
- Reset valid_flags to MODE_NONINTERACTIVE for sudoedit
- Add sudoedit flag checks in plugin that are consistent with front-end
- Fix potential buffer overflow when unescaping backslashes in user_args
- Fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL
- Don't assume that argv is allocated as a single flat buffer
-- Salvatore Bonaccorso <carnil@debian.org> Wed, 20 Jan 2021 10:11:47 +0100
sudo (1.9.5p1-1) unstable; urgency=medium
* new upstream version, closes: #980028
-- Bdale Garbee <bdale@gag.com> Wed, 13 Jan 2021 01:09:19 -0700
sudo (1.9.5-1) unstable; urgency=medium
* new upstream version
-- Bdale Garbee <bdale@gag.com> Mon, 11 Jan 2021 15:15:48 -0700
sudo (1.9.4p2-2ubuntu3) hirsute; urgency=medium
* SECURITY UPDATE: ineffective NO_ROOT_MAILER hardening option
- debian/patches/ineffective_no_root_mailer.patch: fix NO_ROOT_MAILER
in plugins/sudoers/logging.c, plugins/sudoers/policy.c.
- No CVE number
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Sat, 30 Jan 2021 14:35:13 -0500
sudo (1.9.4p2-2ubuntu2) hirsute; urgency=medium
* SECURITY UPDATE: dir existence issue via sudoedit race
- debian/patches/CVE-2021-23239.patch: fix potential directory existing
info leak in sudoedit in src/sudo_edit.c.
- CVE-2021-23239
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2021-3156-1.patch: reset valid_flags to
MODE_NONINTERACTIVE for sudoedit in src/parse_args.c.
- debian/patches/CVE-2021-3156-2.patch: add sudoedit flag checks in
plugin in plugins/sudoers/policy.c.
- debian/patches/CVE-2021-3156-3.patch: fix potential buffer overflow
when unescaping backslashes in plugins/sudoers/sudoers.c.
- debian/patches/CVE-2021-3156-4.patch: fix the memset offset when
converting a v1 timestamp to TS_LOCKEXCL in
plugins/sudoers/timestamp.c.
- debian/patches/CVE-2021-3156-5.patch: don't assume that argv is
allocated as a single flat buffer in src/parse_args.c.
- CVE-2021-3156
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 26 Jan 2021 14:37:48 -0500
sudo (1.9.4p2-2ubuntu1) hirsute; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/rules:
+ use dh-autoreconf
- debian/rules: stop shipping init scripts, as they are no longer
necessary.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due
to security reasons.
- debian/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
-- Steve Langasek <steve.langasek@ubuntu.com> Wed, 06 Jan 2021 13:51:07 -0800
sudo (1.9.4p2-2) unstable; urgency=medium
* always use /bin/mv to ensure reproducible builds whether built on a
usrmerge or non-usrmerge system, closes: #976307
-- Bdale Garbee <bdale@gag.com> Sun, 03 Jan 2021 09:11:13 -0700
sudo (1.9.4p2-1) unstable; urgency=medium
* new upstream version
-- Bdale Garbee <bdale@gag.com> Sun, 20 Dec 2020 17:43:54 -0700
sudo (1.9.4p1-1) unstable; urgency=medium
* new upstream version
-- Bdale Garbee <bdale@gag.com> Thu, 17 Dec 2020 17:35:55 -0700
sudo (1.9.4-1) unstable; urgency=medium
* new upstream version
-- Bdale Garbee <bdale@gag.com> Tue, 01 Dec 2020 22:10:03 -0500
sudo (1.9.3p1-1ubuntu1) hirsute; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/rules:
+ use dh-autoreconf
- debian/rules: stop shipping init scripts, as they are no longer
necessary.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due
to security reasons.
- debian/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
-- Steve Langasek <steve.langasek@ubuntu.com> Sat, 24 Oct 2020 17:14:39 -0700
sudo (1.9.3p1-1) unstable; urgency=medium
* new upstream version
-- Bdale Garbee <bdale@gag.com> Thu, 24 Sep 2020 11:10:02 -0600
sudo (1.9.3-1) unstable; urgency=medium
* new upstream version
* make the comment match the text in default sudoers, closes: #964922
* enable zlib, closes: #846077
-- Bdale Garbee <bdale@gag.com> Mon, 21 Sep 2020 17:11:30 -0600
sudo (1.9.1-2) unstable; urgency=medium
* change # to @ on includedir in default sudoers to reduce confusion with
a comment, such as in 964922
-- Bdale Garbee <bdale@gag.com> Sun, 12 Jul 2020 09:52:08 -0600
sudo (1.9.1-1ubuntu1) groovy; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/rules:
+ use dh-autoreconf
- debian/rules: stop shipping init scripts, as they are no longer
necessary.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due
to security reasons.
- debian/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
-- Steve Langasek <steve.langasek@ubuntu.com> Wed, 08 Jul 2020 09:38:55 -0700
sudo (1.9.1-1) unstable; urgency=medium
* new upstream version
-- Bdale Garbee <bdale@gag.com> Fri, 19 Jun 2020 15:44:09 -0600
sudo (1.9.0-1ubuntu1) groovy; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/rules:
+ use dh-autoreconf
- debian/rules: stop shipping init scripts, as they are no longer
necessary.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due
to security reasons.
- debian/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
* Dropped changes, no longer needed:
- debian/control:
+ use dh-autoreconf
-- Steve Langasek <steve.langasek@ubuntu.com> Wed, 20 May 2020 17:07:02 -0700
sudo (1.9.0-1) unstable; urgency=medium
* new upstream version, closes: #669687, #571621, #734752
-- Bdale Garbee <bdale@gag.com> Wed, 13 May 2020 18:34:59 -0600
sudo (1.8.31p1-1) unstable; urgency=medium
* new upstream version
-- Bdale Garbee <bdale@gag.com> Thu, 19 Mar 2020 15:47:17 -0600
sudo (1.8.31-1ubuntu1) focal; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
shipping init script and service file, as they are no longer
necessary.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due to
security reasons.
- debian/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/control, debian/rules:
+ use dh-autoreconf
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 03 Feb 2020 09:32:18 -0500
sudo (1.8.31-1) unstable; urgency=medium
* new upstream version
-- Bdale Garbee <bdale@gag.com> Sat, 01 Feb 2020 23:07:09 -0800
sudo (1.8.29-1ubuntu1) focal; urgency=medium
* Merge from Debian unstable.
Remaining changes:
- debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
shipping init script and service file, as they are no longer
necessary.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due to
security reasons.
- debian/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/control, debian/rules:
+ use dh-autoreconf
* Removed patches included in new version:
- debian/patches/CVE-2019-14287.patch
- debian/patches/CVE-2019-14287-2.patch
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 26 Nov 2019 13:13:21 -0500
sudo (1.8.29-1) unstable; urgency=medium
* new upstream version
* make --libexecdir use /usr/lib instead of /usr/lib/sudo, closes: #943313
-- Bdale Garbee <bdale@gag.com> Mon, 28 Oct 2019 19:27:42 -0600
sudo (1.8.28p1-1) unstable; urgency=medium
* new upstream version
-- Bdale Garbee <bdale@gag.com> Tue, 22 Oct 2019 16:13:34 -0600
sudo (1.8.27-1.1) unstable; urgency=high
* Non-maintainer upload.
* Treat an ID of -1 as invalid since that means "no change" (CVE-2019-14287)
(Closes: #942322)
* Fix test failure in plugins/sudoers/regress/testsudoers/test5.sh
-- Salvatore Bonaccorso <carnil@debian.org> Mon, 14 Oct 2019 21:10:58 +0200
sudo (1.8.27-1ubuntu4) eoan; urgency=medium
* SECURITY UPDATE: privilege escalation via UID -1
- debian/patches/CVE-2019-14287.patch: treat an ID of -1 as invalid
in lib/util/strtoid.c.
- debian/patches/CVE-2019-14287-2.patch: fix and add to tests in
lib/util/regress/atofoo/atofoo_test.c,
plugins/sudoers/regress/testsudoers/test5.out.ok,
plugins/sudoers/regress/testsudoers/test5.sh.
- CVE-2019-14287
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 15 Oct 2019 07:09:02 -0400
sudo (1.8.27-1ubuntu3) eoan; urgency=medium
* No-change upload with strops.h and sys/strops.h removed in glibc.
-- Matthias Klose <doko@ubuntu.com> Thu, 05 Sep 2019 11:12:29 +0000
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog sudo`.
Generated by dwww version 1.16 on Mon Dec 15 21:03:30 CET 2025.