ins_classic.h | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---

env.c | 13 13 + 0 - 0 !
sudo.man.in | 4 2 + 2 - 0 !
sudo.pod | 4 2 + 2 - 0 !
sudoers.man.in | 7 5 + 2 - 0 !
sudoers.pod | 7 5 + 2 - 0 !
5 files changed, 27 insertions(+), 8 deletions(-)

---

sample.sudoers | 10 5 + 5 - 0 !
1 file changed, 5 insertions(+), 5 deletions(-)

---

check.c | 8 7 + 1 - 0 !
env.c | 26 15 + 11 - 0 !
2 files changed, 22 insertions(+), 12 deletions(-)

 upstream changes introduced in version 1.7.4p4-2.squeeze.2
 This patch has been created by dpkg-source during the package build.
 Here's the last changelog entry, hopefully it gives details on why
 those changes were made:
 .
 sudo (1.7.4p4-2.squeeze.2) stable; urgency=low
 .
   * patch from upstream to resolve interoperability problem between HOME in
     env_keep and the -H flag, originally closed #596493, applying this to
     to squeeze also closes: #614232
 .
 The person named in the Author field signed this changelog entry.

match.c | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

 prevent ipv6 netmask-based address matching logic from incorrectly
 being applied to IPv4 addresses.

match.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 upstream changes introduced in version 1.7.4p4-2.squeeze.3
 This patch has been created by dpkg-source during the package build.
 Here's the last changelog entry, hopefully it gives details on why
 those changes were made:
 .
 sudo (1.7.4p4-2.squeeze.3) stable-security; urgency=high
 .
   * CVE-2012-2337
 .
 The person named in the Author field signed this changelog entry.

check.c | 53 28 + 25 - 0 !
1 file changed, 28 insertions(+), 25 deletions(-)

---

check.c | 4 3 + 1 - 0 !
config.h.in | 3 3 + 0 - 0 !
configure | 2 1 + 1 - 0 !
configure.in | 2 1 + 1 - 0 !
sudo.c | 3 3 + 0 - 0 !
sudo.h | 2 2 + 0 - 0 !
6 files changed, 13 insertions(+), 3 deletions(-)

---

aclocal.m4 | 20 20 + 0 - 0 !
configure | 33 33 + 0 - 0 !
configure.in | 7 7 + 0 - 0 !
env.c | 56 54 + 2 - 0 !
pathnames.h.in | 4 4 + 0 - 0 !
sudoers.man.in | 25 21 + 4 - 0 !
sudoers.pod | 33 29 + 4 - 0 !
7 files changed, 168 insertions(+), 10 deletions(-)

 cve-2014-9680: unsafe handling of tz environment variable
 The TZ environment variable was passed through unchecked.  Most libc
 tzset() implementations support passing an absolute pathname in the time
 zone to point to an arbitrary, user-controlled file.  This may be used
 to exploit bugs in the C library's TZ parser or open files the user
 would not otherwise have access to.  Arbitrary file access via TZ could
 also be used in a denial of service attack by reading from a file or
 fifo that will block.

sudoers.man.in | 5 3 + 2 - 0 !
sudoers.pod | 5 3 + 2 - 0 !
2 files changed, 6 insertions(+), 4 deletions(-)

 document handling of leading ':' when checking tz variable
 Document that a leading ':' is skipped when checking TZ for a
 fully-qualified path name.

env.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 cve-2014-0106: security policy bypass when env_reset is disabled
 Fix logic inversion when checking environment variables on the
 command line against the blacklist.  This is only a problem when
 env_reset is disabled.

compat.h | 3 3 + 0 - 0 !
def_data.in | 3 3 + 0 - 0 !
gram.y | 13 11 + 2 - 0 !
ldap.c | 3 3 + 0 - 0 !
parse.c | 18 8 + 10 - 0 !
parse.h | 46 46 + 0 - 0 !
sudo.h | 2 2 + 0 - 0 !
sudo.pod | 8 8 + 0 - 0 !
sudo_edit.c | 73 61 + 12 - 0 !
sudoers.pod | 26 23 + 3 - 0 !
testsudoers.c | 4 3 + 1 - 0 !
toke.l | 10 10 + 0 - 0 !
12 files changed, 181 insertions(+), 28 deletions(-)

 cve-2015-5602: sudoedit path restriction bypass using symlinks
 Do not follow symbolic links in sudoedit by default.  This behavior
 can be controlled by the sudoedit_follow Defaults flag as well as
 the FOLLOW/NOFOLLOW tags.

def_data.c | 4 4 + 0 - 0 !
def_data.h | 2 2 + 0 - 0 !
gram.c | 3882 2552 + 1330 - 0 !
gram.h | 168 133 + 35 - 0 !
sudo.cat | 128 12 + 116 - 0 !
sudo.man.in | 10 9 + 1 - 0 !
sudoers.cat | 458 66 + 392 - 0 !
sudoers.man.in | 28 24 + 4 - 0 !
toke.c | 3552 1890 + 1662 - 0 !
9 files changed, 4692 insertions(+), 3540 deletions(-)

 cve-2015-5602: sudoedit path restriction bypass using symlinks
 Files regenerated for changes in CVE-2015-5602-1.patch
Bug: https://bugzilla.sudo.ws/show_bug.cgi?id=707
Bug-Debian: https://bugs.debian.org/804149

sudo_edit.c | 8 5 + 3 - 0 !
1 file changed, 5 insertions(+), 3 deletions(-)

 change warning when user tries to sudoedit a symbolic link.

sudo_edit.c | 43 34 + 9 - 0 !
1 file changed, 34 insertions(+), 9 deletions(-)

 open sudoedit files with o_nonblock and fail if they are not regular files.

sudo_edit.c | 21 2 + 19 - 0 !
1 file changed, 2 insertions(+), 19 deletions(-)

 remove s_isreg check from sudo_edit_open(), it is already done in the caller.

configure.in | 2 1 + 1 - 0 !
def_data.in | 3 3 + 0 - 0 !
sudo.h | 1 1 + 0 - 0 !
sudo_edit.c | 146 141 + 5 - 0 !
sudoers.pod | 8 8 + 0 - 0 !
5 files changed, 154 insertions(+), 6 deletions(-)

 cve-2015-5602: add directory writability checks for sudoedit.

config.h.in | 3 3 + 0 - 0 !
configure | 818 434 + 384 - 0 !
def_data.c | 4 4 + 0 - 0 !
def_data.h | 6 4 + 2 - 0 !
sudoers.cat | 8 8 + 0 - 0 !
sudoers.man.in | 7 7 + 0 - 0 !
6 files changed, 460 insertions(+), 386 deletions(-)

 cve-2015-5602: sudoedit path restriction bypass using symlinks
 Files regenerated for changes in CVE-2015-5602-5.patch
Bug: https://bugzilla.sudo.ws/show_bug.cgi?id=707
Bug-Debian: https://bugs.debian.org/804149

sudo_edit.c | 66 37 + 29 - 0 !
1 file changed, 37 insertions(+), 29 deletions(-)

 cve-2015-5602: fix directory writability checks for sudoedit.
Bug: https://bugzilla.sudo.ws/show_bug.cgi?id=707
Bug-Debian: https://bugs.debian.org/804149

defaults.c | 1 1 + 0 - 0 !
sudoers.cat | 4 2 + 2 - 0 !
sudoers.man.in | 2 1 + 1 - 0 !
sudoers.pod | 2 1 + 1 - 0 !
4 files changed, 5 insertions(+), 4 deletions(-)

 cve-2015-5602: enable sudoedit directory writability checks by default
Bug: https://bugzilla.sudo.ws/show_bug.cgi?id=707
Bug-Debian: https://bugs.debian.org/804149