Bug#776095: wheezy-pu: package sudo/1.8.5p2-1+nmu2
On 2015-02-19 08:48, Salvatore Bonaccorso wrote: Could you please delay this upload until the update through security.d.o for sudo is done? We have uploaded there and already builded addressing https://security-tracker.debian.org/tracker/CVE-2014-9680 No problem. I want to look into fixing the remaining issue(s) in jessie first anyway (since they are related to my planned wheezy-pu) and I see you posted a t-p-u patch, so I'll wait for your upload there, too, before posting new patches. Do you plan to address sid, too? Andreas -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776095: wheezy-pu: package sudo/1.8.5p2-1+nmu2
Hi Andreas, On Thu, Feb 19, 2015 at 01:19:43PM +0100, Andreas Beckmann wrote: On 2015-02-19 08:48, Salvatore Bonaccorso wrote: Could you please delay this upload until the update through security.d.o for sudo is done? We have uploaded there and already builded addressing https://security-tracker.debian.org/tracker/CVE-2014-9680 No problem. I want to look into fixing the remaining issue(s) in jessie first anyway (since they are related to my planned wheezy-pu) and I see you posted a t-p-u patch, so I'll wait for your upload there, too, before posting new patches. Do you plan to address sid, too? Thank you! Yes I planned to ask for a pre-approval, even though this strictly speaking is not RC, so don't know if release team will accept it. I contacted Christian, Bdale and Mike since there apart from the other seem to be planned further updates, so these might be combined, or at least coordinating work. For unstable: I might too, but Bdale said in https://bugs.debian.org/776137#66 that an upload for sudo in unstable is planned soon, so if it get's updated to 1.8.12 this fixes as well CVE-2014-9680. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776095: wheezy-pu: package sudo/1.8.5p2-1+nmu2
Hi Adam and Andreas, On Sun, Jan 25, 2015 at 02:10:49PM +, Adam D. Barratt wrote: Control: tags -1 + confirmed On Fri, 2015-01-23 at 22:38 +0100, Andreas Beckmann wrote: I'd like to get a fix into wheezy to avoid dpkg complaining about modified conffiles if /etc/sudoers is the unmodified version from lenny (this happens on lenny - squeeze - wheezy upgrades). #660594 Fix is backported from 1.8.7-1, but adding only the md5sum from the lenny config. Verified in piuparts that this allows smooth upgrades. Please go ahead. Version number is nonstandard since the wheezy version has a weird version. Better suggestions welcome. -1+deb7u1 would sort wrongly and -1+nmu1+deb7u1 looks fairly weird as well. -1+nmu2 will do, under the circumstances. Could you please delay this upload until the update through security.d.o for sudo is done? We have uploaded there and already builded addressing https://security-tracker.debian.org/tracker/CVE-2014-9680 Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776095: wheezy-pu: package sudo/1.8.5p2-1+nmu2
Followup-For: Bug #776095 Control: tag -1 - confirmed Hi, further testing revealed that the fix in 1.8.7-1 (that I backported) was insufficient for sudo-ldap since in lenny sudo and sudo-ldap created different /etc/sudoers, but only the one from sudo/lenny was covered so far. An updated diff is attached, adding more md5sums. It also contains some git adjustments. There is not much point in fixing this in jessie, since that would only help on this unsupported upgrade path: lenny - squeeze - jessie i.e. skipping over wheezy. (But since there are other issues with sudo and the patch is pretty straightforward, the fix may end up in jessie anyway.) Regarding the version number, the following would probably work,too: 1.8.5p2-1.2+deb7u2 Andreas diff -Nru sudo-1.8.5p2/debian/changelog sudo-1.8.5p2/debian/changelog --- sudo-1.8.5p2/debian/changelog 2013-03-01 06:18:08.0 +0100 +++ sudo-1.8.5p2/debian/changelog 2015-01-28 02:10:56.0 +0100 @@ -1,3 +1,12 @@ +sudo (1.8.5p2-1+nmu2) wheezy; urgency=medium + + * Non-maintainer upload. + * Backport from 1.8.7-1: recognize lenny and squeeze unmodified sudoers to +avoid dpkg questions about modified conffiles on upgrades to wheezy. +(Closes: #660594) + + -- Andreas Beckmann a...@debian.org Wed, 28 Jan 2015 02:07:46 +0100 + sudo (1.8.5p2-1+nmu1) unstable; urgency=high * Non-maintainer upload by the Security Team. diff -Nru sudo-1.8.5p2/debian/control sudo-1.8.5p2/debian/control --- sudo-1.8.5p2/debian/control 2012-06-28 20:06:35.0 +0200 +++ sudo-1.8.5p2/debian/control 2015-01-28 02:10:56.0 +0100 @@ -4,8 +4,8 @@ Maintainer: Bdale Garbee bd...@gag.com Build-Depends: debhelper (= 7), libpam0g-dev, libldap2-dev, libsasl2-dev, libselinux1-dev [linux-any], autoconf, autotools-dev, bison, flex Standards-Version: 3.9.3 -Vcs-Git: git://git.gag.com/debian/sudo -Vcs-Browser: http://git.gag.com/?p=debian/sudo +Vcs-Git: git://anonscm.debian.org/collab-maint/sudo.git -b wheezy +Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/sudo.git Package: sudo Architecture: any diff -Nru sudo-1.8.5p2/debian/gbp.conf sudo-1.8.5p2/debian/gbp.conf --- sudo-1.8.5p2/debian/gbp.conf 2012-06-28 20:06:35.0 +0200 +++ sudo-1.8.5p2/debian/gbp.conf 2015-01-28 02:10:56.0 +0100 @@ -8,7 +8,7 @@ # the default branch for upstream sources: upstream-branch = upstream # the default branch for the debian patch: -debian-branch = master +debian-branch = wheezy # the default tag formats used: #upstream-tag = upstream/%(version)s #debian-tag = debian/%(version)s diff -Nru sudo-1.8.5p2/debian/sudo-ldap.preinst sudo-1.8.5p2/debian/sudo-ldap.preinst --- sudo-1.8.5p2/debian/sudo-ldap.preinst 2012-06-28 20:06:35.0 +0200 +++ sudo-1.8.5p2/debian/sudo-ldap.preinst 2015-01-28 02:10:56.0 +0100 @@ -8,7 +8,9 @@ if [ -e $SUDOERS ]; then md5sum=$(md5sum $SUDOERS | sed -e 's/ .*//') -if [ $md5sum = c5dab0f2771411ed7e67d6dab60a311f ]; then +if [ $md5sum = c310ef4892a00cca8134f6e4fcd64b6d ] || #lenny/sudo + [ $md5sum = 4f29c034a4229544ffdd9168a14f6cde ] || #lenny/sudo-ldap + [ $md5sum = c5dab0f2771411ed7e67d6dab60a311f ]; then #squeeze # move unchanged sudoers file to avoid conffile question mv $SUDOERS $SUDOERS.pre-conffile fi diff -Nru sudo-1.8.5p2/debian/sudo.preinst sudo-1.8.5p2/debian/sudo.preinst --- sudo-1.8.5p2/debian/sudo.preinst 2012-06-28 20:06:35.0 +0200 +++ sudo-1.8.5p2/debian/sudo.preinst 2015-01-28 02:10:56.0 +0100 @@ -8,7 +8,9 @@ if [ -e $SUDOERS ]; then md5sum=$(md5sum $SUDOERS | sed -e 's/ .*//') -if [ $md5sum = c5dab0f2771411ed7e67d6dab60a311f ]; then +if [ $md5sum = c310ef4892a00cca8134f6e4fcd64b6d ] || #lenny/sudo + [ $md5sum = 4f29c034a4229544ffdd9168a14f6cde ] || #lenny/sudo-ldap + [ $md5sum = c5dab0f2771411ed7e67d6dab60a311f ]; then #squeeze # move unchanged sudoers file to avoid conffile question mv $SUDOERS $SUDOERS.pre-conffile fi
Bug#776095: wheezy-pu: package sudo/1.8.5p2-1+nmu2
Control: tags -1 + confirmed On Fri, 2015-01-23 at 22:38 +0100, Andreas Beckmann wrote: I'd like to get a fix into wheezy to avoid dpkg complaining about modified conffiles if /etc/sudoers is the unmodified version from lenny (this happens on lenny - squeeze - wheezy upgrades). #660594 Fix is backported from 1.8.7-1, but adding only the md5sum from the lenny config. Verified in piuparts that this allows smooth upgrades. Please go ahead. Version number is nonstandard since the wheezy version has a weird version. Better suggestions welcome. -1+deb7u1 would sort wrongly and -1+nmu1+deb7u1 looks fairly weird as well. -1+nmu2 will do, under the circumstances. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776095: wheezy-pu: package sudo/1.8.5p2-1+nmu2
Package: release.debian.org Severity: normal Tags: wheezy User: release.debian@packages.debian.org Usertags: pu I'd like to get a fix into wheezy to avoid dpkg complaining about modified conffiles if /etc/sudoers is the unmodified version from lenny (this happens on lenny - squeeze - wheezy upgrades). #660594 Fix is backported from 1.8.7-1, but adding only the md5sum from the lenny config. Verified in piuparts that this allows smooth upgrades. Version number is nonstandard since the wheezy version has a weird version. Better suggestions welcome. Andreas diff -Nru sudo-1.8.5p2/debian/changelog sudo-1.8.5p2/debian/changelog --- sudo-1.8.5p2/debian/changelog 2013-03-01 06:18:08.0 +0100 +++ sudo-1.8.5p2/debian/changelog 2015-01-23 22:16:01.0 +0100 @@ -1,3 +1,12 @@ +sudo (1.8.5p2-1+nmu2) wheezy; urgency=medium + + * Non-maintainer upload. + * Backport from 1.8.7-1: recognize lenny and squeeze unmodified sudoers to +avoid dpkg questions about modified conffiles on upgrades. +(Closes: #660594) + + -- Andreas Beckmann a...@debian.org Fri, 23 Jan 2015 22:11:54 +0100 + sudo (1.8.5p2-1+nmu1) unstable; urgency=high * Non-maintainer upload by the Security Team. diff -Nru sudo-1.8.5p2/debian/sudo.preinst sudo-1.8.5p2/debian/sudo.preinst --- sudo-1.8.5p2/debian/sudo.preinst 2012-06-28 20:06:35.0 +0200 +++ sudo-1.8.5p2/debian/sudo.preinst 2015-01-23 22:11:08.0 +0100 @@ -8,7 +8,8 @@ if [ -e $SUDOERS ]; then md5sum=$(md5sum $SUDOERS | sed -e 's/ .*//') -if [ $md5sum = c5dab0f2771411ed7e67d6dab60a311f ]; then +if [ $md5sum = c310ef4892a00cca8134f6e4fcd64b6d ] || #lenny + [ $md5sum = c5dab0f2771411ed7e67d6dab60a311f ]; then #squeeze # move unchanged sudoers file to avoid conffile question mv $SUDOERS $SUDOERS.pre-conffile fi