Please merge sudo 1.7.4p4-5 (main) from Debian unstable (main)

Bug #689025 reported by Reuben Thomas
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
sudo (Ubuntu)
Wishlist
Unassigned

Bug Description

Binary package hint: sudo

Please update to at least sudo 1.7.4, as in Debian, as it contains useful bug fixes, in particular Debian bugs #443597 and #602699, which respectively improve things for sudoedit and sudo -g. Since this has been released for a while now, it seems reasonable to include it in natty (it is already in Debian squeeze).

ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: sudo 1.7.2p7-1ubuntu2
ProcVersionSignature: Ubuntu 2.6.35-23.41-generic 2.6.35.7
Uname: Linux 2.6.35-23-generic i686
Architecture: i386
Date: Sat Dec 11 19:01:10 2010
ProcEnviron:
 SHELL=/bin/bash
 PATH=(custom, user)
 LANG=en_GB.UTF-8
SourcePackage: sudo

Related branches

CVE References

Revision history for this message
Reuben Thomas (rrt) wrote :
Revision history for this message
Marcel Stimberg (marcelstimberg) wrote :

Please update your bug so it follows the requirements for sync requests: https://wiki.ubuntu.com/SyncRequestProcess
Please be aware that the Natty would automatically sync the version from Debian Squeeze if there were no Ubuntu specific changes in the package. The most important thing is therefore to check whether these changes are still needed.

Changed in sudo (Ubuntu):
status: New → Incomplete
Revision history for this message
Reuben Thomas (rrt) wrote : Re: [Bug 689025] Re: Please update to Debian's version

Hi,

I am just indicating reasons for the sync, and, by the fact that I
filed this bug, that there is demand. I am not an Ubuntu maintainer,
and don't intend or want to become one. (In case this looks like my
making excuses, I note that I do spend considerable time on free
software, but I prefer, as a developer, to work upstream; on Ubuntu
itself I prefer to stay as a (hopefully intelligent!) user.)

Having said that, a quick look at the changelog.Debian shows that the
existing Ubuntu-specific patches are either ones which need to be
forward-ported (because they modify the Debian package or sudo itself
to support Ubuntu-isms), or should have been applied already (because
they are security fixes). The page you pointed me to doesn't seem to
deal with the first case, as it says: "In particular, if there are
Ubuntu changes in the current package, you must ensure the Ubuntu
changes have been merged or are no longer relevant." But some of the
changes have not been merged, and yet are relevant, because they deal
with differences between Debian/upstream and Ubuntu which will not go
away.

Benjamin Drung (bdrung)
summary: - Please update to Debian's version
+ Please merge sudo 1.7.4p4-5 (main) from Debian unstable (main)
Benjamin Drung (bdrung)
Changed in sudo (Ubuntu):
status: Incomplete → Triaged
importance: Undecided → Wishlist
Lorenzo De Liso (blackz)
Changed in sudo (Ubuntu):
assignee: nobody → Lorenzo De Liso (blackz)
status: Triaged → In Progress
Revision history for this message
Lorenzo De Liso (blackz) wrote :
Changed in sudo (Ubuntu):
assignee: Lorenzo De Liso (blackz) → nobody
status: In Progress → New
Revision history for this message
Benjamin Drung (bdrung) wrote :

What happened to debian/patches/CVE-2010-2956.patch and debian/patches/ubuntu-sudo-as-admin-successful.patch? Are they included upstream?

Revision history for this message
Lorenzo De Liso (blackz) wrote :

Hello Benjamin,

> What happened to debian/patches/CVE-2010-2956.patch and debian/patches/
> ubuntu-sudo-as-admin-successful.patch? Are they included upstream?

The first one has been included in Debian and the second one has been included upstream.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sudo - 1.7.4p4-5ubuntu1

---------------
sudo (1.7.4p4-5ubuntu1) natty; urgency=low

  * Merge from debian unstable (LP: #689025), remaining changes:
    - debian/rules:
      + compile with --without-lecture --with-tty-tickets (Ubuntu specific)
      + install man/man8/sudo_root.8 (Ubuntu specific)
      + install apport hooks
    - debian/sudo-ldap.dirs, debian/sudo.dirs: add
      usr/share/apport/package-hooks
  * This upload also fixes: LP: #609645

sudo (1.7.4p4-5) unstable; urgency=low

  * patch from Jakub Wilk to add noopt and nostrip build option support,
    closes: #605580
  * make sudoers a conffile, closes: #605130
  * add descriptions to LSB init headers, closes: #604619
  * change default sudoers %sudo entry to allow gid changes, closes: #602699
  * add Vcs entries to the control file
  * use debhelper install files instead of explicit installs in rules

sudo (1.7.4p4-4) unstable; urgency=low

  * patch from upstream to resolve problem always prompting for a password
    when run without a tty, closes: #599376
  * patch from upstream to resolve interoperability problem between HOME in
    env_keep and the -H flag, closes: #596493
  * change path syntax to avoid tar error when /var/run/sudo exists but is
    empty, closes: #598877

sudo (1.7.4p4-3) unstable; urgency=low

  * make postinst clause for handling /var/run -> /var/lib transition less
    fragile, closes: #585514
  * cope with upstream's Makefile trying to install ChangeLog in our doc
    directory, closes: #597389
  * fix README.Debian to reflect that HOME is no longer preserved by default,
    closes: #596847

sudo (1.7.4p4-2) unstable; urgency=low

  * add a NEWS item about change in $HOME handling that impacts programs
    like pbuilder

sudo (1.7.4p4-1) unstable; urgency=high

  * new upstream version, urgency high due to fix for flaw in Runas group
    matching (CVE-2010-2956), closes: #595935
  * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
    re-lecturing existing users, and to clean up after ourselves on upgrade,
    and remove the RAMRUN section from README.Debian since the new state dir
    should fix the original problem, closes: #585514
  * deliver README.Debian to both package flavors, closes: #593579
 -- Lorenzo De Liso <email address hidden> Wed, 15 Dec 2010 21:32:57 +0100

Changed in sudo (Ubuntu):
status: New → Fix Released
Revision history for this message
Reuben Thomas (rrt) wrote :

Thanks very much for the merge!

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers