Bug#985307: marked as done (sudo-ldap is built with --disable-setresuid)

Sat, 18 Dec 2021 07:36:26 -0800 

Your message dated Sat, 18 Dec 2021 15:33:43 +0000
with message-id <[email protected]>
and subject line Bug#985307: fixed in sudo 1.9.8p2-1
has caused the Debian Bug report #985307,
regarding sudo-ldap is built with --disable-setresuid
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
985307: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985307
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: sudo-ldap
Version: 1.9.5p2-3
Tags: patch
Severity: normal
Control: found -1 1.8.2-1

While looking into #783889 I noticed that the sudo binary shipped in
sudo-ldap does not use setresuid.  The changelog entry for 1.8.2-1
reads: "drop --disable-setresuid since modern systems should not run
2.2 kernels", but apparently only the first configure statement in
d/rules was changed.

Using a variable for common options should prevent such accidents in
the future.

Attachment: sudo-rules.diff.gz
Description: application/gzip


--- End Message ---
--- Begin Message --- 
Source: sudo
Source-Version: 1.9.8p2-1
Done: Marc Haber <[email protected]>

We believe that the bug you reported is fixed in the latest version of
sudo, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Marc Haber <[email protected]> (supplier of updated sudo package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 18 Dec 2021 14:55:08 +0100
Source: sudo
Architecture: source
Version: 1.9.8p2-1
Distribution: unstable
Urgency: medium
Maintainer: Sudo Maintainers <[email protected]>
Changed-By: Marc Haber <[email protected]>
Closes: 518464 605576 657784 690044 981190 985307 985412 993815 994962
Changes:
 sudo (1.9.8p2-1) unstable; urgency=medium
 .
   * add more autopkgtests (especially for LDAP)
   * improve existing autopkgtests
   * debian/patches:
     * Remove typo-in-classic-insults.diff, reflectinc upstream's decision
       to not fix the typo as a way of remembering Evi Nemeth.
     * remove unneeded sudo-success_return. patch
     * mark debian/patches/sudo-ldap-docs as Forwarded: not-needed
     * add DEP3 headers
   * mention #1001858 in sudo.prerm
   * comment some lintian-overrides with unclear results
 .
 sudo (1.9.8p2-1~exp1) experimental; urgency=medium
 .
   [ Marc Haber ]
   * new upstream version 1.9.8p2-1
     * this correctly handles double defined alases (Closes: #985412)
     * improve sudoers.ldap.manpage. Thanks to Dennis Filder and
       Eric Brun (Closes: #981190)
     * refresh patches
   * remove prompting for wrong sudo group id (Closes: #605576)
   * give better docs for LDAP success behavior.
     Thanks to Dennis Filder (Closes: 981190)
   * remove unneeded mandoc from Build-Depends.
     Thanks to Ingo Schwarze
   * Restore inclusion of pam_limits.so PAM module.
     Thanks to Salvatore Bonaccorso (Closes: 518464)
   * Use @includedir in sudoers.d/README (Closes: #993815)
   * Other improvements for sudoers.d/README.
     Thanks to Josh Triplett (Closes: #994962)
   * add some (simple) autopkgtests
   * better short description for sudo-ldap
   * use https in debian/watch
   * some changes to patch headers for Lintian
   * manually remove executable bit from shared libs
   * explicitly write set -e in maintainer scripts
   * debian/control: set Rules-Requires-Root: binary-targets
   * add first/trivial autopkgtests
 .
   [ Hilko Bengen ]
   * Update lintian-overrides files
   * Remove group sudo / gid=27 check from postinst scripts
 .
   [ Otto Kekäläinen ]
   * Add basic Salsa-CI for project quality assurance
 .
 sudo (1.9.6-1~exp2) experimental; urgency=low
 .
   [ Marc Haber ]
   * add use_pty to default configuration, fixing CVE-2005-4890.
     Thanks to Daniel Kahn Gillmor (Closes: #657784)
   * Add group specific defaults for environment variables (commented out)
     Thanks to Josh Triplett
   * remove --disable-setresuid from sudo-ldap as well.
     Thanks to Dennis Filder (Closes: #985307)
 .
   [ Hilko Bengen ]
   * Add PAM config for interactive login use (Closes: #690044)
   * Actually configure sudo to use pam / sudo-i
 .
 sudo (1.9.6-1~exp1) experimental; urgency=medium
 .
   * new upstream version
   * add upstream signature
   * refresh patches
   * remove NO_ROOT_MAILER patch (incorporated upstream)
 .
 sudo (1.9.5p2-3+exp1) experimental; urgency=medium
 .
   [ Marc Haber ]
   * convert package to dh
     * rename init scripts to be picked up by new debhelper
     * rename and update lintian overrides
     * let /run directory be created by systemd
     * remove documentation files that are installed by upstream scripts
     * clear dependency path in .la files
   * add Pre-Depends: ${misc:Pre-Depends}
   * override package-has-unnecessary-activation-of-ldconfig-trigger
 .
   [ Bastian Blank ]
   * Move stuff to /usr/libexec.
   * Use dpkg provided make snippets
   * Provide build-flags via environment
   * Use easier to read multi-line variables
   * Remove not require prefix override
   * Move stuff to /usr/libexec
 .
   [ Hilko Bengen ]
   * Remove unneeded Built-Using
   * Simplify dh_auto_* overrides
   * Further simplification
   * debian/rules: Remove another unneeded variable
   * Don't ship *.la files
   * Add Apport script
Checksums-Sha1:
 542acfb119c857185ee527d259b379b670220002 2451 sudo_1.9.8p2-1.dsc
 dab038b5cd131bb66585f64f6ec9b17b009ee658 30852 sudo_1.9.8p2-1.debian.tar.xz
 7877429f5d2f0d3c19a2a82e47f7c537e676994d 6255 sudo_1.9.8p2-1_source.buildinfo
Checksums-Sha256:
 68d4b8b451033fe32026b55376259ea41becb20b249d61659020673887cee648 2451 
sudo_1.9.8p2-1.dsc
 a4e018425b14928fa8b69a0640ff6d80ae49f6609ab296deb4e12d2dac44d6c1 30852 
sudo_1.9.8p2-1.debian.tar.xz
 9d39fcd7beb5e2ff3c7c5dc4c3c5eb3ff7299a60947a667560e5178e75c1f294 6255 
sudo_1.9.8p2-1_source.buildinfo
Files:
 eb6a9d98e4e425f9f19cc2e9907ccef5 2451 admin optional sudo_1.9.8p2-1.dsc
 e0a7a71df31faab084386f18140c1f4e 30852 admin optional 
sudo_1.9.8p2-1.debian.tar.xz
 0e310152b1231ed660f8d0d8617d6426 6255 admin optional 
sudo_1.9.8p2-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE6QL5UJ/L0pcuNEbjj3cgEwEyBEIFAmG9+dAACgkQj3cgEwEy
BEKu4g//Yqx6cLcqk/QOt5RPsREQKiD1CbX3EuuuoUPUtOwCwjRzMlN9qO6BXNOA
y5adUBjtDAbAB2QifNfYrdpFpVdBRA2Sn91EB4tNqMUyt0+qMt87K4d/eYX0vS4l
64IRFSHisA0htmPoeDwe/rLWDazVYk3yC0CHkyjwyWOxYwHlqZWVCfvjP0yZk8aZ
1I94CxgbtqaTKwHFIFjFAgwBrrBwVi/D6NmEcIDxYLpxL7Jg65FqWJetw73TDsW2
wzswzBv4YrCD2dOepILzA6pY4kzOd1eTTH1kUYBiYo5cxX0Z8Y/NH8TvI7l/XQ8z
fWgq/PSBBXlFdFLk9sU4xq25sPVeJq9ZNJXKkFS1eEzHfD/nHlLvOuUBlUyB4206
Ymr4g31g+OHQNRctD1Vznqv8sK+jt7tHMft6TUvT5QaTeEhgPRGdflCwN4Xy50KW
CfEv4bH6V71EMkAjW0RCaRgc61DxxKe1q67oRSf2QfzfjKqd2w5Fnf8lBLJgK8Sg
/wv42Hp3FMApAa7QR+dFYXwjykTNHPFKP36BIZoM52LaVdrYZz4+0spbc6C340o+
+5RYtfdjTCUVp+cBHMixjqcuOPd3nvDRUysIetdW9MykT9fv5we0G+EdIbxoBQWy
LeSCDp1RDB1kBKJaz0Zueh2WUMJqsTNSwfNiR7np0BTFSkfKs0c=
=xeSx
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to