1 sudo (1.8.2-2) UNRELEASED; urgency=low
4 * debian/rules improvements, closes: #642535
5 + mv upstream sample.* files to the examples folder.
6 - do not call dh_installexamples.
9 * patch from upstream for SIGBUS on sparc64, closes: #640304
10 * use common-session-noninteractive in the pam config to reduce log noise
11 when sudo is used in cron, etc, closes: #519700
12 * patch from Steven McDonald to fix segfault on startup under certain
13 conditions, closes: #639568
14 * add a NEWS entry regarding the secure_path change made in 1.8.2-1,
17 -- Bdale Garbee <bdale@gag.com> Mon, 26 Sep 2011 21:55:56 -0600
19 sudo (1.8.2-1) unstable; urgency=low
21 * new upstream version, closes: #637449, #621830
22 * include common-session in pam config, closes: #519700, #607199
23 * move secure_path from configure to default sudoers, closes: #85123, 85917
24 * improve sudoers self-documentation, closes: #613639
25 * drop --disable-setresuid since modern systems should not run 2.2 kernels
26 * lose the --with-devel configure option since it's breaking builds in
27 subdirectories for some reason
29 -- Bdale Garbee <bdale@gag.com> Wed, 24 Aug 2011 13:33:11 -0600
31 sudo (1.7.4p6-1) unstable; urgency=low
33 * new upstream version
34 * touch the right stamp name after configuring, closes: #611287
35 * patch from Svante Signell to fix build problem on Hurd, closes: #611290
37 -- Bdale Garbee <bdale@gag.com> Wed, 09 Feb 2011 11:32:58 -0700
39 sudo (1.7.4p4-6) unstable; urgency=low
41 * update /etc/sudoers.d/README now that sudoers is a conffile
42 * patch from upstream to fix special case in password checking code
43 when only the gid is changing, closes: #609641
45 -- Bdale Garbee <bdale@gag.com> Tue, 11 Jan 2011 10:22:39 -0700
47 sudo (1.7.4p4-5) unstable; urgency=low
49 * patch from Jakub Wilk to add noopt and nostrip build option support,
51 * make sudoers a conffile, closes: #605130
52 * add descriptions to LSB init headers, closes: #604619
53 * change default sudoers %sudo entry to allow gid changes, closes: #602699
54 * add Vcs entries to the control file
55 * use debhelper install files instead of explicit installs in rules
57 -- Bdale Garbee <bdale@gag.com> Wed, 01 Dec 2010 20:32:31 -0700
59 sudo (1.7.4p4-4) unstable; urgency=low
61 * patch from upstream to resolve problem always prompting for a password
62 when run without a tty, closes: #599376
63 * patch from upstream to resolve interoperability problem between HOME in
64 env_keep and the -H flag, closes: #596493
65 * change path syntax to avoid tar error when /var/run/sudo exists but is
66 empty, closes: #598877
68 -- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600
70 sudo (1.7.4p4-3) unstable; urgency=low
72 * make postinst clause for handling /var/run -> /var/lib transition less
73 fragile, closes: #585514
74 * cope with upstream's Makefile trying to install ChangeLog in our doc
75 directory, closes: #597389
76 * fix README.Debian to reflect that HOME is no longer preserved by default,
79 -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
81 sudo (1.7.4p4-2) unstable; urgency=low
83 * add a NEWS item about change in $HOME handling that impacts programs
86 -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
88 sudo (1.7.4p4-1) unstable; urgency=high
90 * new upstream version, urgency high due to fix for flaw in Runas group
91 matching (CVE-2010-2956), closes: #595935
92 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
93 re-lecturing existing users, and to clean up after ourselves on upgrade,
94 and remove the RAMRUN section from README.Debian since the new state dir
95 should fix the original problem, closes: #585514
96 * deliver README.Debian to both package flavors, closes: #593579
98 -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600
100 sudo (1.7.2p7-1) unstable; urgency=high
102 * new upstream release with security fix for secure path (CVE-2010-1646),
104 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
105 about whether to give the lecture is preserved across reboots even when
106 RAMRUN is set, closes: #581393
107 * add a note to README.Debian about LDAP needing an entry in
108 /etc/nsswitch.conf, closes: #522065
109 * add a note to README.Debian about how to turn off lectures if using
110 RAMRUN in /etc/default/rcS, closes: #581393
112 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
114 sudo (1.7.2p6-1) unstable; urgency=low
116 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
118 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
120 sudo (1.7.2p5-1) unstable; urgency=low
122 * new upstream release, closes a bug filed upstream regarding missing man
123 page processing scripts in the 1.7.2p1 tarball, also includes the fix
124 for CVE-2010-0426 previously the subject of a security team nmu
125 * move to source format 3.0 (quilt) and restructure changes as patches
126 * fix unprocessed substitution variables in man pages, closes: #557204
127 * apply patch from Neil Moore to fix Debian-specific content in the
128 visudo man page, closes: #555013
129 * update descriptions to better explain sudo-ldap, closes: #573108
130 * eliminate spurious 'and' in man page, closes: #571620
131 * fix confusing text in default sudoers, closes: #566607
133 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
135 sudo (1.7.2p1-1) unstable; urgency=low
137 * new upstream version
138 * add support for /etc/sudoers.d using #includedir in default sudoers,
139 which I think is also a good solution to the request for a crontab-like
140 API requested in March of 2001, closes: #539994, #271813, #89743
141 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
143 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
145 sudo (1.7.2-2) unstable; urgency=low
147 * further improve initial sudoers to not include the NOPASSWD option on
148 the group sudo exception, closes: #539136, #198991
150 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
152 sudo (1.7.2-1) unstable; urgency=low
154 * new upstream version, closes: #537103
155 * improve initial sudoers by having the exemption for users in group
156 sudo on by default, and including the ability to run any command as
157 any user. This makes the default install roughly equivalent to our
158 old use of the --with-exempt=sudo build option, closes: #536220, #536222
160 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
162 sudo (1.7.0-1) unstable; urgency=low
164 * new upstream version, closes: #510179, #128268, #520274, #508514
165 * fix ldap config file path for sudo-ldap package, including creating
166 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
167 package, closes: #430826
168 * fix NOPASSWD entry location in default config file for the sudo-ldap
169 instance too, closes: #479616
171 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
173 sudo (1.6.9p17-2) unstable; urgency=high
175 * patch from upstream to fix privilege escalation with certain
176 configurations, CVE-2009-0034
177 * typo in sudoers man page, closes: #507163
179 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
181 sudo (1.6.9p17-1) unstable; urgency=low
183 * new upstream version, closes: #481008
184 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
185 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
186 in move from CVS to git for package management, closes: #475821
187 * re-instate the init.d for the sudo-ldap package too... /o\
189 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
191 sudo (1.6.9p15-2) unstable; urgency=low
193 * revert the fix for 388659 such that visudo once again defaults to using
194 /usr/bin/editor. I was always ambivalent about this change, it has caused
195 more confusion and frustration than it cured, and I find Justin's line of
196 reasoning persuasive. Update the man page source to reflect this choice
197 and the related use of --with-env-editor. Closes: #474197.
198 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
200 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
202 sudo (1.6.9p15-1) unstable; urgency=low
204 * new upstream version, closes: #467126, #473337
205 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
206 thanks to Justin Pryzby for pointing this out
207 * reinstate the init.d, since bootclean doesn't quite do what we want. This
208 also means we don't need the preinst scripts any more. Update the lintian
209 overrides since postinst is a Perl script lintian apparently isn't parsing
210 well. closes: #330868
212 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
214 sudo (1.6.9p12-1) unstable; urgency=low
216 * new upstream version, closes: #464890
218 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
220 sudo (1.6.9p11-3) unstable; urgency=low
222 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
224 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
226 sudo (1.6.9p11-2) unstable; urgency=low
228 * update version compared in preinst when removing obsolete init.d,
230 * implement pam session config suggestions from Elizabeth Fong,
231 closes: #452457, #402329
233 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
235 sudo (1.6.9p11-1) unstable; urgency=low
237 * new upstream version
239 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
241 sudo (1.6.9p10-1) unstable; urgency=low
243 * new upstream version
244 * tweak default password prompt as %u doesn't make sense. Accept patch from
245 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
246 uses it by default, closes: #454409
247 * accept patch from Martin Pitt that adds a prerm making it difficult to
248 "accidentally" remove sudo when there is no root password set on the
249 system, closes: #451241
251 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
253 sudo (1.6.9p9-1) unstable; urgency=low
255 * new upstream version
256 * debian/rules: configure a more informative default password prompt to
257 reduce confusion when using sudo to invoke commands which also ask for
258 passwords, closes: #343268
259 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
260 a custom prompt, closes: #448628.
261 * fix configure's ability to discover that libc has dirfd, closes: #451324
262 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
263 the command 'visudo' invokes a vi variant by default as documented,
266 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
268 sudo (1.6.9p6-1) unstable; urgency=low
270 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
271 closes: #434832, #434608, #430382
272 * eliminate the now-redundant init.d scripts, closes: #397090
273 * fix typo in TROUBLESHOOTING file, closes: #439624
275 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
277 sudo (1.6.8p12-6) unstable; urgency=low
279 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
280 * have init.d touch directories in /var/run/sudo, not just files, as a
282 * fix various typos in sudoers.pod, closes: #419749
283 * don't let Makefile strip binaries, closes: #438073
285 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
287 sudo (1.6.8p12-5) unstable; urgency=low
289 * update debian/copyright to reflect new upstream URL, closes: #368746
290 * add sandwich cartoon URL to the README.Debian
291 * don't remove sudoers on purge. can cause problems when moving between
292 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
293 evil choice for now, closes: #401366
294 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
296 * accept patch that improves debian/rules from Ted Percival, closes: #382122
297 * no longer build with --with-exempt=sudo, provide an example entry in the
298 default sudoers file instead, closes: #296605
299 * add --with-devel to configure and augment build dependencies so that flex
300 and yacc files get re-generated on every build, closes: #316249
302 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
304 sudo (1.6.8p12-4) unstable; urgency=low
306 * patch from Petter Reinholdtsen for the LSB info block in the init.d
307 script, closes: #361055
308 * deliver sudoers sample again, closes: #361593
310 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
312 sudo (1.6.8p12-3) unstable; urgency=low
314 * force-feed configure knowledge of nroff's path so we get unformatted man
315 pages installed without build-depending on groff-base, closes: #360894
316 * add a reference to OPTIONS in the man page, closes: #186226
318 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
320 sudo (1.6.8p12-2) unstable; urgency=low
322 * fix typos in init scripts, closes: #346325
323 * update to debhelper compat level 5
324 * build depend on autotools-dev to ensure config.sub/guess are fresh
325 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
326 use it here as well. Thanks to Martin and the debian-security team.
327 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
328 closes: #315115, #315718, #203874
329 * Non-maintainer upload by the Security Team
330 * Reworked the former patch to limit environment variables from being
331 passed through, set env_reset as default instead [sudo.c, env.c,
332 sudoers.pod, Bug#342948, CVE-2005-4158]
333 * env_reset is now set by default
334 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
335 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
336 (in addition to the SUDO_* variables)
337 * Rebuild sudoers.man.in from the POD file
338 * Added README.Debian
339 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
340 * simplify rules file by using more of Makefile, despite having to override
341 default directories with more arguments to configure, closes: #292833
342 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
343 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
344 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
345 unresolveable (requires adding bison as build dep), closes: #314949
347 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
349 sudo (1.6.8p12-1) unstable; urgency=low
351 * new upstream version, closes: #342948 (CVE-2005-4158)
352 * add env_reset to the sudoers file we create if none already exists,
353 as a further precaution in response to discussion about CVS-2005-4158
354 * split ldap support into a new sudo-ldap package. I was trying to avoid
355 doing this, but the impact of going from 4 to 17 linked shlibs on the
356 autobuilder chroots is sufficient motivation for me.
359 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
361 sudo (1.6.8p9-4) unstable; urgency=low
363 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
364 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
365 timestamps in the init.d script, closes: #330868
366 * add dependency header to init.d script, closes: #332849
368 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
370 sudo (1.6.8p9-3) unstable; urgency=high
372 * update debhelper compatibility level from 2 to 4
373 * add man page symlink for sudoedit
374 * Clean SHELLOPTS and PS4 from the environment before executing programs
375 with sudo permissions [env.c, CAN-2005-2959]
376 * fix typo in manpage pointed out by Moray Allen, closes: #285995
377 * fix paths in sample complex sudoers file, closes: #303542
378 * fix type in sudoers man page, closes: #311244
380 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
382 sudo (1.6.8p9-2) unstable; urgency=high
384 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
387 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
389 sudo (1.6.8p9-1) unstable; urgency=high
391 * new upstream version, fixes a race condition in sudo's pathname
392 validation, which is a security issue (CAN-2005-1993),
393 closes: #315115, #315718
395 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
397 sudo (1.6.8p7-1) unstable; urgency=low
399 * new upstream version, closes: #299585
400 * update lintian overrides to squelch the postinst warning
401 * change sudoedit from a hard to a soft link, closes: #296896
402 * fix regex doc in sudoers man page, closes: #300361
404 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
406 sudo (1.6.8p5-1) unstable; urgency=high
408 * new upstream version
409 * restores ability to use config tuples without a value, which was causing
410 problems on upgrade closes: #283306
411 * deliver sudoedit, closes: #283078
412 * marking urgency high since 283306 is a serious upgrade incompatibility
414 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
416 sudo (1.6.8p3-2) unstable; urgency=high
418 * update pam.d deliverable so ldap works again, closes: #282191
420 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
422 sudo (1.6.8p3-1) unstable; urgency=high
424 * new upstream version, fixes a flaw in sudo's environment sanitizing that
425 could allow a malicious user with permission to run a shell script that
426 utilized the bash shell to run arbitrary commands, closes: #281665
427 * patch the sample sudoers to have the proper path for kill on Debian
428 systems, closes: #263486
429 * patch the sudo manpage to reflect Debian's choice of exempt_group
430 default setting, closes: #236465
431 * patch the sudo manpage to reflect Debian's choice of no timeout on the
432 password prompt, closes: #271194
434 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
436 sudo (1.6.7p5-2) unstable; urgency=low
438 * Jeff Bailey reports that seteuid works on current sparc systems, so we
439 no longer need the "grosshack" stuff in the sudo rules file
440 * add a postrm that removes /etc/sudoers on purge. don't do this with the
441 normal conffile mechanism since it would generate noise on every upgrade,
444 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
446 sudo (1.6.7p5-1) unstable; urgency=low
448 * new upstream version, closes: #190265, #193222, #197244
449 * change from '.' to ':' in postinst chown call, closes: #208369
451 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
453 sudo (1.6.7p3-2) unstable; urgency=low
455 * add --disable-setresuid to configure call since 2.2 kernels don't support
456 setresgid, closes: #189044
457 * cosmetic cleanups to debian/rules as long as I'm there
459 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
461 sudo (1.6.7p3-1) unstable; urgency=low
463 * new upstream version
464 * add overrides to quiet lintian about things it doesn't understand,
465 except the source one that can't be overridden until 129510 is fixed
467 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
469 sudo (1.6.6-3) unstable; urgency=low
471 * add code to rules file to update config.sub/guess, closes: #164501
473 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
475 sudo (1.6.6-2) unstable; urgency=low
477 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
478 configure, and lose the build dependency on mail-transport-agent
479 * incorporate changes from LaMont's NMU, closes: #144665, #144737
480 * update init.d to not try and set time on nonexistent timestamp files,
482 * build with --with-all-insults, admin must edit sudoers to turn insults
483 on at runtime if desired, closes: #135374
484 * stop setting /usr/doc symlink in postinst
486 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
488 sudo (1.6.6-1.1) unstable; urgency=high
490 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
491 * Revert patch to auth/pam.c that left pass uninitialized, causing a
492 segfault (Closes: #144665).
494 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
496 sudo (1.6.6-1) unstable; urgency=high
498 * new upstream version, fixes security problem with crafty prompts,
501 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
503 sudo (1.6.5p1-4) unstable; urgency=high
505 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
506 if ctrl/C'ed at password prompt, closes: #131235
508 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
510 sudo (1.6.5p1-3) unstable; urgency=high
512 * ugly hack to add --disable-saved-ids when building on sparc in response
513 to 131592, which will be reassigned to glibc for a real fix
514 * urgency high since the sudo currently in testing for sparc is worthless
516 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
518 sudo (1.6.5p1-2) unstable; urgency=high
520 * patch from upstream to fix seg faults caused by versions of pam that
521 follow a NULL pointer, closes: #129512
523 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
525 sudo (1.6.5p1-1) unstable; urgency=high
527 * new upstream version
528 * add --disable-root-mailer option supported by new version to configure
529 call in rules file, closes: #129648
531 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
533 sudo (1.6.4p1-1) unstable; urgency=high
535 * new upstream version, with fix for segfaulting problem in 1.6.4
537 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
539 sudo (1.6.4-1) unstable; urgency=high
541 * new upstream version, includes an important security fix, closes: #127576
543 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
545 sudo (1.6.3p7-5) unstable; urgency=low
547 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
548 * fix spelling error in init.d, closes: #126847
550 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
552 sudo (1.6.3p7-4) unstable; urgency=medium
554 * use touch to set status files to an ancient date instead of removing them
555 outright on reboot. this achieves the desired effect of keeping elevated
556 privs from living across reboots, without forcing everyone to see the
557 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
558 for systems with good clocks, and 'recent enough' that broken PC hardware
559 setting the clock to commonly-seen bogus dates trips over the "don't trust
560 future timestamps" rule. closes: #76529, #123559
561 * apply patch from Steve Langasek to fix seg faults due to interaction with
562 PAM code. upstream confirms the problem, and says they're fixing this
563 differently for their next release... but this should be useful in the
564 meantime, and would be good to get into woody. closes: #119147
565 * only run the init.d at boot, not on each runlevel change... and don't run
566 it during package configure. closes: #125935
567 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
569 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
571 sudo (1.6.3p7-3) unstable; urgency=low
573 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
574 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
575 * fix a typo in the manpage, closes: #97368
576 * apply patch to configure.in and run autoconf to fix problem building on
577 the hurd, closes: #96325
578 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
579 to not last across reboots, closes: #76529
580 * clean up lintian-noticed cosmetic packaging issues
582 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
584 sudo (1.6.3p7-2) unstable; urgency=low
586 * update config.sub/guess for hppa support
588 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
590 sudo (1.6.3p7-1) unstable; urgency=low
592 * new upstream version
593 * add build dependency on mail-transport-agent, closes: #90685
595 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
597 sudo (1.6.3p6-1) unstable; urgency=high
599 * new upstream version, fixes buffer overflow problem,
600 closes: #87259, #87278, #87263
601 * revert to using --with-secure-path option at build time, since the option
602 available in sudoers is parsed too late to be useful, and upstream says
603 it won't get fixed quickly. This reopens 85123, which I will mark as
604 forwarded. Closes: #86199, #86117, #85676
606 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
608 sudo (1.6.3p5-2) unstable; urgency=low
610 * lose the dh_suidregister call since it's obsolete
611 * stop using the --with-secure-path option at build time, and instead show
612 how to set it in sudoers. Closes: #85123
613 * freshen config.sub and config.guess for ia64 and hppa
614 * update sudoers man page to indicate exempt_group is on by default,
617 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
619 sudo (1.6.3p5-1) unstable; urgency=low
621 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
622 * this version restores core dumps before the exec, while leaving them
623 disabled during sudo's internal execution, closes: #58289
624 * update debhelper calls in rules file
626 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
628 sudo (1.6.2p2-1) frozen unstable; urgency=medium
630 * new upstream source resulting from direct collaboration with the upstream
631 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
632 Closes: #56129, #55978, #55979, #56550, #56772
633 * include more upstream documentation, closes: #55054
634 * pam.d fragment update, closes: #56129
636 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
638 sudo (1.6.1-1) unstable; urgency=low
640 * new upstream source, closes: #52750
642 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
644 sudo (1.6-2) unstable; urgency=low
646 * drop suidregister support for this package. The sudo executable is
647 essentially worthless unless it is setuid root, and making suidregister
648 work involves shipping a non-setuid executable in the .deb and setting the
649 perms in the postinst. On a long upgrade run, this can leave the sudo
650 executable 'broken' for a long time, which is unacceptable. With this
651 version, we ship the executable setuid root in the .deb. Closes: #51742
653 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
655 sudo (1.6-1) unstable; urgency=low
657 * new upstream version, many options previously set at compile-time are now
658 configurable at runtime.
659 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
662 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
664 sudo (1.5.9p4-1) unstable; urgency=low
666 * new upstream version, closes: #43464
667 * empty password handling was fixed in 1.5.8, closes: #31863
669 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
671 sudo (1.5.9p1-1) unstable; urgency=low
673 * new upstream version
675 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
677 sudo (1.5.8p1-1) unstable; urgency=medium
679 * new upstream version, closes 33690
680 * add dependency on libpam-modules, closes 34215, 33432
682 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
684 sudo (1.5.7p4-2) unstable; urgency=medium
686 * update the pam fragment provided so that sudo works with latest pam bits,
689 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
691 sudo (1.5.7p4-1) unstable; urgency=low
693 * new upstream release
695 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
697 sudo (1.5.6p5-1) unstable; urgency=low
699 * new upstream patch release
700 * add PAM support, closes 28594
702 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
704 sudo (1.5.6p2-2) unstable; urgency=low
706 * update copyright file, closes 24136
707 * review and close forwarded bugs believed fixed in this upstream version,
710 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
712 sudo (1.5.6p2-1) unstable; urgency=low
714 * new upstream release
716 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
718 sudo (1.5.4-4) frozen unstable; urgency=low
720 * update postinst to use groupadd, closes 21403
721 * move the suidregister stuff earlier in postinst to ensure it always runs
723 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
725 sudo (1.5.4-3) frozen unstable; urgency=low
727 * change /etc/sudoers from a conffile to being handled in postinst,
729 * add suidmanager support, closes 15711
730 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
731 unlikely to ever fix, and which just don't matter. closes 17146
732 * fix FSF address in copyright file, and submit exception for lintian
733 warning about sudo being setuid root
735 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
737 sudo (1.5.4-2) unstable; urgency=high
739 * patch from upstream author correcting/improving security fix
741 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
743 sudo (1.5.4-1) unstable; urgency=high
745 * new upstream version, includes a security fix
746 * change default editor from /bin/ae to /usr/bin/editor
748 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
750 sudo (1.5.3-1) unstable; urgency=medium
752 * new upstream version, closes bug 15911.
753 * rules file reworked to use debhelper
754 * implement a really gross hack to force use of the sudo-provided
755 lsearch(), since the one in libc6 is broken! This closes bugs
756 12552, 12557, 14881, 15259, 15916.
758 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
760 sudo (1.5.2-6) unstable; urgency=LOW
762 * don't install INSTALL in the doc directory, closes bug 13195.
764 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
766 sudo (1.5.2-5) unstable; urgency=LOW
770 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
772 sudo (1.5.2-4) unstable; urgency=LOW
774 * change TIMEOUT (how long before you have to type your password again)
775 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
776 packages on slower machines much more tolerable. Closes bug 9076.
777 * touch debian/suid before debstd. Closes bug 8709.
779 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
781 sudo (1.5.2-3) frozen unstable; urgency=LOW
783 * patch from upstream maintainer to close Bug 6828
784 * add a debian/suid file to get debstd to leave my perl postinst alone
786 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
788 sudo (1.5.2-2) frozen unstable; urgency=LOW
790 * change rules to use -O2 -Wall as per standards
792 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
794 sudo (1.5.2-1) unstable; urgency=LOW
796 * new upstream version
797 * cosmetic changes to debian package control files
799 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
801 sudo (1.5-2) unstable; urgency=LOW
803 * add /usr/X11R6/bin to the end of the secure path... this makes it
804 much easier to run xmkmf, etc., during package builds. To the extent
805 that /usr/local/sbin and /usr/local/bin were already included, I see
806 no security reasons not to add this.
808 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
810 sudo (1.5-1) unstable; urgency=LOW
812 * New upstream version
814 * New packaging format
816 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
818 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
822 * hard code SECURE_PATH to:
823 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
827 * enabled EXEMPTGROUP "sudo"
829 * moved timestamp dir to /var/log/sudo
831 * changed parser to check for long and short filenames (Bug#1162)
833 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
837 * New upstream source
839 * Fixed postinst script
840 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
842 * Removed special shadow binary. This version works with and without
843 shadow password file.
845 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
849 * Corrected editor path to /bin/ae (Bug#3062)
851 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
853 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
857 * New upstream version
859 * Changed sudoers permission to 440 (owner root, group root) to make
862 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
866 * Applied upstream patch 1
868 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
872 * Applied upstream patch 2
874 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
878 * Applied upstream patch 3 (fixes problems with an NFS-mounted
882 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
886 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
887 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
889 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
893 * Applied upstream patch 4 (fixes several bugs)
895 * Changed priority to optional
897 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
901 * Corrected postinst to create correct permission for /etc/sudoers
904 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
908 * New upstream version
911 sudo (1.4.4-2) admin; urgency=HIGH
913 * Fixed major security bug reported by Peter Tobias
914 <tobias@et-inf.fho-emden.de>
915 * Added dchanges support to debian.rules
917 sudo (1.4.5-1) admin; urgency=LOW
919 * New upstream version
920 * Minor changes to debian.rules