Debian Bug report logs - #349549
XAUTHORITY broken

version graph

Package: sudo; Maintainer for sudo is Bdale Garbee <bdale@gag.com>; Source for sudo is src:sudo.

Reported by: Anthony DeRobertis <anthony@derobert.net>

Date: Mon, 23 Jan 2006 18:48:02 UTC

Severity: critical

Tags: patch

Merged with 349196, 349587, 349729

Found in version sudo/1.6.8p7-1.3

Fixed in version sudo/1.6.8p12-2

Done: Steve Langasek <vorlon@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Bdale Garbee <bdale@gag.com>:
Bug#349549; Package sudo. Full text and rfc822 format available.

Acknowledgement sent to Anthony DeRobertis <anthony@derobert.net>:
New Bug report received and forwarded. Copy sent to Bdale Garbee <bdale@gag.com>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Anthony DeRobertis <anthony@derobert.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: XAUTHORITY broken
Date: Mon, 23 Jan 2006 13:43:03 -0500
Package: sudo
Version: 1.6.8p7-1.3
Severity: grave

sudo <x-app> no longer works due to XAUTHORITY not being forwarded.
Futher, adding in:

	Defaults env_keep += XAUTHORITY

makes no difference whatsoever. It appears you have to turn on env_reset
to have any hope of getting this to work. But then env_check no longer
works, so how do you pass things like LANG?

AFAICT, it seems the new version of sudo in stable has broken the
ability to run X11 apps under sudo.

-- System Information:
Debian Release: 3.1
  APT prefers stable
  APT policy: (500, 'stable'), (100, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-686-smp
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages sudo depends on:
ii  libc6                       2.3.2.ds1-22 GNU C Library: Shared libraries an
ii  libpam-modules              0.76-22      Pluggable Authentication Modules f
ii  libpam0g                    0.76-22      Pluggable Authentication Modules l

sudo recommends no packages.

-- no debconf information



Merged 349196 349549 349587. Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Severity set to `critical'. Request was from Jeroen van Wolffelaar <jeroen@wolffelaar.nl> to control@bugs.debian.org. Full text and rfc822 format available.

Merged 349196 349549 349587 349729. Request was from Jeroen van Wolffelaar <jeroen@wolffelaar.nl> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: patch Request was from Jeroen van Wolffelaar <jeroen@wolffelaar.nl> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Bdale Garbee <bdale@gag.com>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Anthony DeRobertis <anthony@derobert.net>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #18 received at 349196-close@bugs.debian.org (full text, mbox):

From: Bdale Garbee <bdale@gag.com>
To: 349196-close@bugs.debian.org
Subject: Bug#349196: fixed in sudo 1.6.8p12-2
Date: Sun, 02 Apr 2006 15:02:19 -0700
Source: sudo
Source-Version: 1.6.8p12-2

We believe that the bug you reported is fixed in the latest version of
sudo, which is due to be installed in the Debian FTP archive:

sudo-ldap_1.6.8p12-2_i386.deb
  to pool/main/s/sudo/sudo-ldap_1.6.8p12-2_i386.deb
sudo_1.6.8p12-2.diff.gz
  to pool/main/s/sudo/sudo_1.6.8p12-2.diff.gz
sudo_1.6.8p12-2.dsc
  to pool/main/s/sudo/sudo_1.6.8p12-2.dsc
sudo_1.6.8p12-2_i386.deb
  to pool/main/s/sudo/sudo_1.6.8p12-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 349196@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bdale Garbee <bdale@gag.com> (supplier of updated sudo package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun,  2 Apr 2006 14:26:20 -0700
Source: sudo
Binary: sudo-ldap sudo
Architecture: source i386
Version: 1.6.8p12-2
Distribution: unstable
Urgency: low
Maintainer: Bdale Garbee <bdale@gag.com>
Changed-By: Bdale Garbee <bdale@gag.com>
Description: 
 sudo       - Provide limited super user privileges to specific users
 sudo-ldap  - Provide limited super user privileges to specific users
Closes: 161012 203874 220808 228551 292833 314949 315115 315718 346325 349085 349129 349196 349549 349587 349729 350776 354431
Changes: 
 sudo (1.6.8p12-2) unstable; urgency=low
 .
   * fix typos in init scripts, closes: #346325
   * update to debhelper compat level 5
   * build depend on autotools-dev to ensure config.sub/guess are fresh
   * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
     use it here as well.  Thanks to Martin and the debian-security team.
     closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
     closes: #315115, #315718, #203874
     * Non-maintainer upload by the Security Team
     * Reworked the former patch to limit environment variables from being
       passed through, set env_reset as default instead [sudo.c, env.c,
       sudoers.pod, Bug#342948, CVE-2005-4158]
     * env_reset is now set by default
     * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
       DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
       (in addition to the SUDO_* variables)
     * Rebuild sudoers.man.in from the POD file
     * Added README.Debian
   * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
   * simplify rules file by using more of Makefile, despite having to override
     default directories with more arguments to configure, closes: #292833
   * update sudo man page to reflect use of SECURE_PATH, closes: #228551
   * inconsistencies in sudoers man page resolved, closes: #220808, #161012
   * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
     unresolveable (requires adding bison as build dep), closes: #314949
Files: 
 73d77951ae86e88e906d28d0f94abb33 615 admin optional sudo_1.6.8p12-2.dsc
 b3205e53c871e64824c6b338c9fa8a35 33108 admin optional sudo_1.6.8p12-2.diff.gz
 22698e7f33a3f7179ec3ab59d24e4fec 161506 admin optional sudo_1.6.8p12-2_i386.deb
 d2418ccc65a98154b15c7b3c1342462b 173910 admin optional sudo-ldap_1.6.8p12-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEMEhZZKfAp/LPAagRAkw0AJwJq5L7amKiN48J0ldHRH3Sv29yFACbBi1b
LP3jMinYQ8qNMfE81BL1G9U=
=NSf8
-----END PGP SIGNATURE-----




Reply sent to Bdale Garbee <bdale@gag.com>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Anthony DeRobertis <anthony@derobert.net>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #23 received at 349549-close@bugs.debian.org (full text, mbox):

From: Bdale Garbee <bdale@gag.com>
To: 349549-close@bugs.debian.org
Subject: Bug#349549: fixed in sudo 1.6.8p12-2
Date: Sun, 02 Apr 2006 15:02:19 -0700
Source: sudo
Source-Version: 1.6.8p12-2

We believe that the bug you reported is fixed in the latest version of
sudo, which is due to be installed in the Debian FTP archive:

sudo-ldap_1.6.8p12-2_i386.deb
  to pool/main/s/sudo/sudo-ldap_1.6.8p12-2_i386.deb
sudo_1.6.8p12-2.diff.gz
  to pool/main/s/sudo/sudo_1.6.8p12-2.diff.gz
sudo_1.6.8p12-2.dsc
  to pool/main/s/sudo/sudo_1.6.8p12-2.dsc
sudo_1.6.8p12-2_i386.deb
  to pool/main/s/sudo/sudo_1.6.8p12-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 349549@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bdale Garbee <bdale@gag.com> (supplier of updated sudo package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun,  2 Apr 2006 14:26:20 -0700
Source: sudo
Binary: sudo-ldap sudo
Architecture: source i386
Version: 1.6.8p12-2
Distribution: unstable
Urgency: low
Maintainer: Bdale Garbee <bdale@gag.com>
Changed-By: Bdale Garbee <bdale@gag.com>
Description: 
 sudo       - Provide limited super user privileges to specific users
 sudo-ldap  - Provide limited super user privileges to specific users
Closes: 161012 203874 220808 228551 292833 314949 315115 315718 346325 349085 349129 349196 349549 349587 349729 350776 354431
Changes: 
 sudo (1.6.8p12-2) unstable; urgency=low
 .
   * fix typos in init scripts, closes: #346325
   * update to debhelper compat level 5
   * build depend on autotools-dev to ensure config.sub/guess are fresh
   * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
     use it here as well.  Thanks to Martin and the debian-security team.
     closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
     closes: #315115, #315718, #203874
     * Non-maintainer upload by the Security Team
     * Reworked the former patch to limit environment variables from being
       passed through, set env_reset as default instead [sudo.c, env.c,
       sudoers.pod, Bug#342948, CVE-2005-4158]
     * env_reset is now set by default
     * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
       DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
       (in addition to the SUDO_* variables)
     * Rebuild sudoers.man.in from the POD file
     * Added README.Debian
   * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
   * simplify rules file by using more of Makefile, despite having to override
     default directories with more arguments to configure, closes: #292833
   * update sudo man page to reflect use of SECURE_PATH, closes: #228551
   * inconsistencies in sudoers man page resolved, closes: #220808, #161012
   * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
     unresolveable (requires adding bison as build dep), closes: #314949
Files: 
 73d77951ae86e88e906d28d0f94abb33 615 admin optional sudo_1.6.8p12-2.dsc
 b3205e53c871e64824c6b338c9fa8a35 33108 admin optional sudo_1.6.8p12-2.diff.gz
 22698e7f33a3f7179ec3ab59d24e4fec 161506 admin optional sudo_1.6.8p12-2_i386.deb
 d2418ccc65a98154b15c7b3c1342462b 173910 admin optional sudo-ldap_1.6.8p12-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEMEhZZKfAp/LPAagRAkw0AJwJq5L7amKiN48J0ldHRH3Sv29yFACbBi1b
LP3jMinYQ8qNMfE81BL1G9U=
=NSf8
-----END PGP SIGNATURE-----




Reply sent to Bdale Garbee <bdale@gag.com>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Anthony DeRobertis <anthony@derobert.net>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #28 received at 349587-close@bugs.debian.org (full text, mbox):

From: Bdale Garbee <bdale@gag.com>
To: 349587-close@bugs.debian.org
Subject: Bug#349587: fixed in sudo 1.6.8p12-2
Date: Sun, 02 Apr 2006 15:02:19 -0700
Source: sudo
Source-Version: 1.6.8p12-2

We believe that the bug you reported is fixed in the latest version of
sudo, which is due to be installed in the Debian FTP archive:

sudo-ldap_1.6.8p12-2_i386.deb
  to pool/main/s/sudo/sudo-ldap_1.6.8p12-2_i386.deb
sudo_1.6.8p12-2.diff.gz
  to pool/main/s/sudo/sudo_1.6.8p12-2.diff.gz
sudo_1.6.8p12-2.dsc
  to pool/main/s/sudo/sudo_1.6.8p12-2.dsc
sudo_1.6.8p12-2_i386.deb
  to pool/main/s/sudo/sudo_1.6.8p12-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 349587@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bdale Garbee <bdale@gag.com> (supplier of updated sudo package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun,  2 Apr 2006 14:26:20 -0700
Source: sudo
Binary: sudo-ldap sudo
Architecture: source i386
Version: 1.6.8p12-2
Distribution: unstable
Urgency: low
Maintainer: Bdale Garbee <bdale@gag.com>
Changed-By: Bdale Garbee <bdale@gag.com>
Description: 
 sudo       - Provide limited super user privileges to specific users
 sudo-ldap  - Provide limited super user privileges to specific users
Closes: 161012 203874 220808 228551 292833 314949 315115 315718 346325 349085 349129 349196 349549 349587 349729 350776 354431
Changes: 
 sudo (1.6.8p12-2) unstable; urgency=low
 .
   * fix typos in init scripts, closes: #346325
   * update to debhelper compat level 5
   * build depend on autotools-dev to ensure config.sub/guess are fresh
   * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
     use it here as well.  Thanks to Martin and the debian-security team.
     closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
     closes: #315115, #315718, #203874
     * Non-maintainer upload by the Security Team
     * Reworked the former patch to limit environment variables from being
       passed through, set env_reset as default instead [sudo.c, env.c,
       sudoers.pod, Bug#342948, CVE-2005-4158]
     * env_reset is now set by default
     * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
       DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
       (in addition to the SUDO_* variables)
     * Rebuild sudoers.man.in from the POD file
     * Added README.Debian
   * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
   * simplify rules file by using more of Makefile, despite having to override
     default directories with more arguments to configure, closes: #292833
   * update sudo man page to reflect use of SECURE_PATH, closes: #228551
   * inconsistencies in sudoers man page resolved, closes: #220808, #161012
   * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
     unresolveable (requires adding bison as build dep), closes: #314949
Files: 
 73d77951ae86e88e906d28d0f94abb33 615 admin optional sudo_1.6.8p12-2.dsc
 b3205e53c871e64824c6b338c9fa8a35 33108 admin optional sudo_1.6.8p12-2.diff.gz
 22698e7f33a3f7179ec3ab59d24e4fec 161506 admin optional sudo_1.6.8p12-2_i386.deb
 d2418ccc65a98154b15c7b3c1342462b 173910 admin optional sudo-ldap_1.6.8p12-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEMEhZZKfAp/LPAagRAkw0AJwJq5L7amKiN48J0ldHRH3Sv29yFACbBi1b
LP3jMinYQ8qNMfE81BL1G9U=
=NSf8
-----END PGP SIGNATURE-----




Reply sent to Bdale Garbee <bdale@gag.com>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Anthony DeRobertis <anthony@derobert.net>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #33 received at 349729-close@bugs.debian.org (full text, mbox):

From: Bdale Garbee <bdale@gag.com>
To: 349729-close@bugs.debian.org
Subject: Bug#349729: fixed in sudo 1.6.8p12-2
Date: Sun, 02 Apr 2006 15:02:19 -0700
Source: sudo
Source-Version: 1.6.8p12-2

We believe that the bug you reported is fixed in the latest version of
sudo, which is due to be installed in the Debian FTP archive:

sudo-ldap_1.6.8p12-2_i386.deb
  to pool/main/s/sudo/sudo-ldap_1.6.8p12-2_i386.deb
sudo_1.6.8p12-2.diff.gz
  to pool/main/s/sudo/sudo_1.6.8p12-2.diff.gz
sudo_1.6.8p12-2.dsc
  to pool/main/s/sudo/sudo_1.6.8p12-2.dsc
sudo_1.6.8p12-2_i386.deb
  to pool/main/s/sudo/sudo_1.6.8p12-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 349729@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bdale Garbee <bdale@gag.com> (supplier of updated sudo package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun,  2 Apr 2006 14:26:20 -0700
Source: sudo
Binary: sudo-ldap sudo
Architecture: source i386
Version: 1.6.8p12-2
Distribution: unstable
Urgency: low
Maintainer: Bdale Garbee <bdale@gag.com>
Changed-By: Bdale Garbee <bdale@gag.com>
Description: 
 sudo       - Provide limited super user privileges to specific users
 sudo-ldap  - Provide limited super user privileges to specific users
Closes: 161012 203874 220808 228551 292833 314949 315115 315718 346325 349085 349129 349196 349549 349587 349729 350776 354431
Changes: 
 sudo (1.6.8p12-2) unstable; urgency=low
 .
   * fix typos in init scripts, closes: #346325
   * update to debhelper compat level 5
   * build depend on autotools-dev to ensure config.sub/guess are fresh
   * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
     use it here as well.  Thanks to Martin and the debian-security team.
     closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
     closes: #315115, #315718, #203874
     * Non-maintainer upload by the Security Team
     * Reworked the former patch to limit environment variables from being
       passed through, set env_reset as default instead [sudo.c, env.c,
       sudoers.pod, Bug#342948, CVE-2005-4158]
     * env_reset is now set by default
     * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
       DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
       (in addition to the SUDO_* variables)
     * Rebuild sudoers.man.in from the POD file
     * Added README.Debian
   * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
   * simplify rules file by using more of Makefile, despite having to override
     default directories with more arguments to configure, closes: #292833
   * update sudo man page to reflect use of SECURE_PATH, closes: #228551
   * inconsistencies in sudoers man page resolved, closes: #220808, #161012
   * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
     unresolveable (requires adding bison as build dep), closes: #314949
Files: 
 73d77951ae86e88e906d28d0f94abb33 615 admin optional sudo_1.6.8p12-2.dsc
 b3205e53c871e64824c6b338c9fa8a35 33108 admin optional sudo_1.6.8p12-2.diff.gz
 22698e7f33a3f7179ec3ab59d24e4fec 161506 admin optional sudo_1.6.8p12-2_i386.deb
 d2418ccc65a98154b15c7b3c1342462b 173910 admin optional sudo-ldap_1.6.8p12-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEMEhZZKfAp/LPAagRAkw0AJwJq5L7amKiN48J0ldHRH3Sv29yFACbBi1b
LP3jMinYQ8qNMfE81BL1G9U=
=NSf8
-----END PGP SIGNATURE-----




Bug reopened, originator not changed. Request was from Cyril Bouthors <cyb@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Bug marked as fixed in version 1.6.8p12-2, send any further explanations to Berend Reitsma <breitsma@gmail.com> Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 25 Jun 2007 01:31:15 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 16:52:43 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.