Re: sudo fix
On Tue, Jun 28, 2005 at 05:36:13PM +0200, Markus Kolb wrote: Hello, I've done a fix for sudo of sarge. Code from new upstream version. Did you check the BTS? Please read #315115 and #315718. Unstable actually has 1.6.8p9-1 (uploaded yesterday) It seems that it is only pending the stable security team approving the packages for woody / sarge. Javier signature.asc Description: Digital signature
Re: sudo fix
Javier Fernández-Sanguino Peña wrote on Wed, Jun 29, 2005 at 09:28:37 +0200: On Tue, Jun 28, 2005 at 05:36:13PM +0200, Markus Kolb wrote: Hello, I've done a fix for sudo of sarge. Code from new upstream version. Did you check the BTS? Please read #315115 and #315718. Unstable actually has 1.6.8p9-1 (uploaded yesterday) I've read both BTS entries and when I've wrote my mail there was no information about any new releases or fixing actions. You can check the dates in the BTS! ;) It seems that it is only pending the stable security team approving the packages for woody / sarge. Well, I've written it is for sarge. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: sudo fix
On Wed, Jun 29, 2005 at 03:13:47PM +0200, Markus Kolb wrote: Javier Fernández-Sanguino Peña wrote on Wed, Jun 29, 2005 at 09:28:37 +0200: On Tue, Jun 28, 2005 at 05:36:13PM +0200, Markus Kolb wrote: Hello, I've done a fix for sudo of sarge. Code from new upstream version. Did you check the BTS? Please read #315115 and #315718. Unstable actually has 1.6.8p9-1 (uploaded yesterday) I've read both BTS entries and when I've wrote my mail there was no information about any new releases or fixing actions. You can check the dates in the BTS! ;) You are right, the upload and your mail are from the same day. It seems that it is only pending the stable security team approving the packages for woody / sarge. Well, I've written it is for sarge. Jeroen van Wolffelaar commented, when he reopened the bugs, that packages had been mailed to the security team. BTW, if you do an analysis of a vulnerability like this CC: the bug report just in case the maintainer does not follow -security (or open up the bug report is there isn't one). Thanks for you report Javier signature.asc Description: Digital signature
Re: sudo fix
On Wed, Jun 29, 2005 at 03:56:41PM +0200, Javier Fern?ndez-Sanguino Pe?a wrote: On Wed, Jun 29, 2005 at 03:13:47PM +0200, Markus Kolb wrote: Well, I've written it is for sarge. Jeroen van Wolffelaar commented, when he reopened the bugs, that packages had been mailed to the security team. BTW, if you do an analysis of a vulnerability like this CC: the bug report just in case the maintainer does not follow -security (or open up the bug report is there isn't one). Hm, yeah, I missed this thread when preparing a fix (and as far as I know, Bdale isn't subscribed here). Cc'ing the bug definitely would have prevented that. That being said, I failed to find the actual patch/package in the original mail in this thread. Could you please download the fixed packages as referenced in #315115, and (1) check whether they work and not have regressions, and (2) whether there is a difference with the patch prepared by you, and if so, whether that's significant in any way? Please followup to the bug and cc me if you've tested and/or compared the updated packages. --Jeroen -- Jeroen van Wolffelaar [EMAIL PROTECTED] (also for Jabber MSN; ICQ: 33944357) http://Jeroen.A-Eskwadraat.nl
Re: sudo fix
Jeroen van Wolffelaar wrote on Wed, Jun 29, 2005 at 16:06:59 +0200: That being said, I failed to find the actual patch/package in the original mail in this thread. Could you please download the fixed packages as referenced in #315115, and (1) check whether they work and not have regressions, and (2) whether there is a difference with the patch prepared by you, and if so, whether that's significant in any way? Your patch does the same in fixing #315115 for Sarge. In addition your patch changes a few other trivial things not in relation to #315115 and adds a few lines to manpages. Is this ok for security updates? I think, at least it should be mentioned in Changefile. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: sudo fix
On Wed, Jun 29, 2005 at 06:50:51PM +0200, Markus Kolb wrote: Jeroen van Wolffelaar wrote on Wed, Jun 29, 2005 at 16:06:59 +0200: That being said, I failed to find the actual patch/package in the original mail in this thread. Could you please download the fixed packages as referenced in #315115, and (1) check whether they work and not have regressions, and (2) whether there is a difference with the patch prepared by you, and if so, whether that's significant in any way? Your patch does the same in fixing #315115 for Sarge. In addition your patch changes a few other trivial things not in relation to #315115 and adds a few lines to manpages. Is this ok for security updates? I think, at least it should be mentioned in Changefile. Huh? $ debdiff /org/ftp.debian.org/ftp/pool/main/s/sudo/sudo_1.6.8p7-1.1.dsc sudo_1.6.8p7-1.1sarge1.dsc | diffstat ldap.c|2 - parse.yacc|4 --- sudo-1.6.8p7/config.guess |6 - sudo-1.6.8p7/config.sub | 11 ++--- sudo-1.6.8p7/debian/changelog |8 +++ sudo.c| 16 -- sudo.tab.c| 48 +++--- 7 files changed, 47 insertions(+), 48 deletions(-) $ I fail to see the changes you describe, as far as I can see, this is minimal. sudo.tab.c is autogenerated, hence that is has a bit more changes. --Jeroen -- Jeroen van Wolffelaar [EMAIL PROTECTED] (also for Jabber MSN; ICQ: 33944357) http://Jeroen.A-Eskwadraat.nl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: sudo fix
Jeroen van Wolffelaar wrote on Wed, Jun 29, 2005 at 19:14:59 +0200: On Wed, Jun 29, 2005 at 06:50:51PM +0200, Markus Kolb wrote: Your patch does the same in fixing #315115 for Sarge. In addition your patch changes a few other trivial things not in relation to #315115 and adds a few lines to manpages. Huh? [...] I fail to see the changes you describe, as far as I can see, this is minimal. sudo.tab.c is autogenerated, hence that is has a bit more changes. I'm sorry. The manpage changes are already in the p7-1.1. So it looks fine. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]