1 sudo (1.6.8p9-4) unstable; urgency=low
3 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
4 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
5 timestamps in the init.d script, closes: #330868
6 * add dependency header to init.d script, closes: #332849
8 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
10 sudo (1.6.8p9-3) unstable; urgency=high
12 * update debhelper compatibility level from 2 to 4
13 * add man page symlink for sudoedit
14 * Clean SHELLOPTS and PS4 from the environment before executing programs
15 with sudo permissions [env.c, CAN-2005-2959]
16 * fix typo in manpage pointed out by Moray Allen, closes: #285995
17 * fix paths in sample complex sudoers file, closes: #303542
18 * fix type in sudoers man page, closes: #311244
20 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
22 sudo (1.6.8p9-2) unstable; urgency=high
24 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
27 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
29 sudo (1.6.8p9-1) unstable; urgency=high
31 * new upstream version, fixes a race condition in sudo's pathname
32 validation, which is a security issue (CAN-2005-1993),
33 closes: #315115, #315718
35 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
37 sudo (1.6.8p7-1) unstable; urgency=low
39 * new upstream version, closes: #299585
40 * update lintian overrides to squelch the postinst warning
41 * change sudoedit from a hard to a soft link, closes: #296896
42 * fix regex doc in sudoers man page, closes: #300361
44 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
46 sudo (1.6.8p5-1) unstable; urgency=high
48 * new upstream version
49 * restores ability to use config tuples without a value, which was causing
50 problems on upgrade closes: #283306
51 * deliver sudoedit, closes: #283078
52 * marking urgency high since 283306 is a serious upgrade incompatibility
54 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
56 sudo (1.6.8p3-2) unstable; urgency=high
58 * update pam.d deliverable so ldap works again, closes: #282191
60 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
62 sudo (1.6.8p3-1) unstable; urgency=high
64 * new upstream version, fixes a flaw in sudo's environment sanitizing that
65 could allow a malicious user with permission to run a shell script that
66 utilized the bash shell to run arbitrary commands, closes: #281665
67 * patch the sample sudoers to have the proper path for kill on Debian
68 systems, closes: #263486
69 * patch the sudo manpage to reflect Debian's choice of exempt_group
70 default setting, closes: #236465
71 * patch the sudo manpage to reflect Debian's choice of no timeout on the
72 password prompt, closes: #271194
74 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
76 sudo (1.6.7p5-2) unstable; urgency=low
78 * Jeff Bailey reports that seteuid works on current sparc systems, so we
79 no longer need the "grosshack" stuff in the sudo rules file
80 * add a postrm that removes /etc/sudoers on purge. don't do this with the
81 normal conffile mechanism since it would generate noise on every upgrade,
84 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
86 sudo (1.6.7p5-1) unstable; urgency=low
88 * new upstream version, closes: #190265, #193222, #197244
89 * change from '.' to ':' in postinst chown call, closes: #208369
91 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
93 sudo (1.6.7p3-2) unstable; urgency=low
95 * add --disable-setresuid to configure call since 2.2 kernels don't support
96 setresgid, closes: #189044
97 * cosmetic cleanups to debian/rules as long as I'm there
99 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
101 sudo (1.6.7p3-1) unstable; urgency=low
103 * new upstream version
104 * add overrides to quiet lintian about things it doesn't understand,
105 except the source one that can't be overridden until 129510 is fixed
107 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
109 sudo (1.6.6-3) unstable; urgency=low
111 * add code to rules file to update config.sub/guess, closes: #164501
113 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
115 sudo (1.6.6-2) unstable; urgency=low
117 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
118 configure, and lose the build dependency on mail-transport-agent
119 * incorporate changes from LaMont's NMU, closes: #144665, #144737
120 * update init.d to not try and set time on nonexistent timestamp files,
122 * build with --with-all-insults, admin must edit sudoers to turn insults
123 on at runtime if desired, closes: #135374
124 * stop setting /usr/doc symlink in postinst
126 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
128 sudo (1.6.6-1.1) unstable; urgency=high
130 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
131 * Revert patch to auth/pam.c that left pass uninitialized, causing a
132 segfault (Closes: #144665).
134 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
136 sudo (1.6.6-1) unstable; urgency=high
138 * new upstream version, fixes security problem with crafty prompts,
141 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
143 sudo (1.6.5p1-4) unstable; urgency=high
145 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
146 if ctrl/C'ed at password prompt, closes: #131235
148 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
150 sudo (1.6.5p1-3) unstable; urgency=high
152 * ugly hack to add --disable-saved-ids when building on sparc in response
153 to 131592, which will be reassigned to glibc for a real fix
154 * urgency high since the sudo currently in testing for sparc is worthless
156 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
158 sudo (1.6.5p1-2) unstable; urgency=high
160 * patch from upstream to fix seg faults caused by versions of pam that
161 follow a NULL pointer, closes: #129512
163 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
165 sudo (1.6.5p1-1) unstable; urgency=high
167 * new upstream version
168 * add --disable-root-mailer option supported by new version to configure
169 call in rules file, closes: #129648
171 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
173 sudo (1.6.4p1-1) unstable; urgency=high
175 * new upstream version, with fix for segfaulting problem in 1.6.4
177 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
179 sudo (1.6.4-1) unstable; urgency=high
181 * new upstream version, includes an important security fix, closes: #127576
183 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
185 sudo (1.6.3p7-5) unstable; urgency=low
187 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
188 * fix spelling error in init.d, closes: #126847
190 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
192 sudo (1.6.3p7-4) unstable; urgency=medium
194 * use touch to set status files to an ancient date instead of removing them
195 outright on reboot. this achieves the desired effect of keeping elevated
196 privs from living across reboots, without forcing everyone to see the
197 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
198 for systems with good clocks, and 'recent enough' that broken PC hardware
199 setting the clock to commonly-seen bogus dates trips over the "don't trust
200 future timestamps" rule. closes: #76529, #123559
201 * apply patch from Steve Langasek to fix seg faults due to interaction with
202 PAM code. upstream confirms the problem, and says they're fixing this
203 differently for their next release... but this should be useful in the
204 meantime, and would be good to get into woody. closes: #119147
205 * only run the init.d at boot, not on each runlevel change... and don't run
206 it during package configure. closes: #125935
207 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
209 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
211 sudo (1.6.3p7-3) unstable; urgency=low
213 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
214 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
215 * fix a typo in the manpage, closes: #97368
216 * apply patch to configure.in and run autoconf to fix problem building on
217 the hurd, closes: #96325
218 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
219 to not last across reboots, closes: #76529
220 * clean up lintian-noticed cosmetic packaging issues
222 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
224 sudo (1.6.3p7-2) unstable; urgency=low
226 * update config.sub/guess for hppa support
228 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
230 sudo (1.6.3p7-1) unstable; urgency=low
232 * new upstream version
233 * add build dependency on mail-transport-agent, closes: #90685
235 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
237 sudo (1.6.3p6-1) unstable; urgency=high
239 * new upstream version, fixes buffer overflow problem,
240 closes: #87259, #87278, #87263
241 * revert to using --with-secure-path option at build time, since the option
242 available in sudoers is parsed too late to be useful, and upstream says
243 it won't get fixed quickly. This reopens 85123, which I will mark as
244 forwarded. Closes: #86199, #86117, #85676
246 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
248 sudo (1.6.3p5-2) unstable; urgency=low
250 * lose the dh_suidregister call since it's obsolete
251 * stop using the --with-secure-path option at build time, and instead show
252 how to set it in sudoers. Closes: #85123
253 * freshen config.sub and config.guess for ia64 and hppa
254 * update sudoers man page to indicate exempt_group is on by default,
257 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
259 sudo (1.6.3p5-1) unstable; urgency=low
261 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
262 * this version restores core dumps before the exec, while leaving them
263 disabled during sudo's internal execution, closes: #58289
264 * update debhelper calls in rules file
266 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
268 sudo (1.6.2p2-1) frozen unstable; urgency=medium
270 * new upstream source resulting from direct collaboration with the upstream
271 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
272 Closes: #56129, #55978, #55979, #56550, #56772
273 * include more upstream documentation, closes: #55054
274 * pam.d fragment update, closes: #56129
276 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
278 sudo (1.6.1-1) unstable; urgency=low
280 * new upstream source, closes: #52750
282 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
284 sudo (1.6-2) unstable; urgency=low
286 * drop suidregister support for this package. The sudo executable is
287 essentially worthless unless it is setuid root, and making suidregister
288 work involves shipping a non-setuid executable in the .deb and setting the
289 perms in the postinst. On a long upgrade run, this can leave the sudo
290 executable 'broken' for a long time, which is unacceptable. With this
291 version, we ship the executable setuid root in the .deb. Closes: #51742
293 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
295 sudo (1.6-1) unstable; urgency=low
297 * new upstream version, many options previously set at compile-time are now
298 configurable at runtime.
299 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
302 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
304 sudo (1.5.9p4-1) unstable; urgency=low
306 * new upstream version, closes: #43464
307 * empty password handling was fixed in 1.5.8, closes: #31863
309 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
311 sudo (1.5.9p1-1) unstable; urgency=low
313 * new upstream version
315 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
317 sudo (1.5.8p1-1) unstable; urgency=medium
319 * new upstream version, closes 33690
320 * add dependency on libpam-modules, closes 34215, 33432
322 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
324 sudo (1.5.7p4-2) unstable; urgency=medium
326 * update the pam fragment provided so that sudo works with latest pam bits,
329 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
331 sudo (1.5.7p4-1) unstable; urgency=low
333 * new upstream release
335 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
337 sudo (1.5.6p5-1) unstable; urgency=low
339 * new upstream patch release
340 * add PAM support, closes 28594
342 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
344 sudo (1.5.6p2-2) unstable; urgency=low
346 * update copyright file, closes 24136
347 * review and close forwarded bugs believed fixed in this upstream version,
350 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
352 sudo (1.5.6p2-1) unstable; urgency=low
354 * new upstream release
356 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
358 sudo (1.5.4-4) frozen unstable; urgency=low
360 * update postinst to use groupadd, closes 21403
361 * move the suidregister stuff earlier in postinst to ensure it always runs
363 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
365 sudo (1.5.4-3) frozen unstable; urgency=low
367 * change /etc/sudoers from a conffile to being handled in postinst,
369 * add suidmanager support, closes 15711
370 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
371 unlikely to ever fix, and which just don't matter. closes 17146
372 * fix FSF address in copyright file, and submit exception for lintian
373 warning about sudo being setuid root
375 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
377 sudo (1.5.4-2) unstable; urgency=high
379 * patch from upstream author correcting/improving security fix
381 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
383 sudo (1.5.4-1) unstable; urgency=high
385 * new upstream version, includes a security fix
386 * change default editor from /bin/ae to /usr/bin/editor
388 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
390 sudo (1.5.3-1) unstable; urgency=medium
392 * new upstream version, closes bug 15911.
393 * rules file reworked to use debhelper
394 * implement a really gross hack to force use of the sudo-provided
395 lsearch(), since the one in libc6 is broken! This closes bugs
396 12552, 12557, 14881, 15259, 15916.
398 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
400 sudo (1.5.2-6) unstable; urgency=LOW
402 * don't install INSTALL in the doc directory, closes bug 13195.
404 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
406 sudo (1.5.2-5) unstable; urgency=LOW
410 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
412 sudo (1.5.2-4) unstable; urgency=LOW
414 * change TIMEOUT (how long before you have to type your password again)
415 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
416 packages on slower machines much more tolerable. Closes bug 9076.
417 * touch debian/suid before debstd. Closes bug 8709.
419 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
421 sudo (1.5.2-3) frozen unstable; urgency=LOW
423 * patch from upstream maintainer to close Bug 6828
424 * add a debian/suid file to get debstd to leave my perl postinst alone
426 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
428 sudo (1.5.2-2) frozen unstable; urgency=LOW
430 * change rules to use -O2 -Wall as per standards
432 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
434 sudo (1.5.2-1) unstable; urgency=LOW
436 * new upstream version
437 * cosmetic changes to debian package control files
439 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
441 sudo (1.5-2) unstable; urgency=LOW
443 * add /usr/X11R6/bin to the end of the secure path... this makes it
444 much easier to run xmkmf, etc., during package builds. To the extent
445 that /usr/local/sbin and /usr/local/bin were already included, I see
446 no security reasons not to add this.
448 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
450 sudo (1.5-1) unstable; urgency=LOW
452 * New upstream version
454 * New packaging format
456 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
458 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
462 * hard code SECURE_PATH to:
463 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
467 * enabled EXEMPTGROUP "sudo"
469 * moved timestamp dir to /var/log/sudo
471 * changed parser to check for long and short filenames (Bug#1162)
473 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
477 * New upstream source
479 * Fixed postinst script
480 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
482 * Removed special shadow binary. This version works with and without
483 shadow password file.
485 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
489 * Corrected editor path to /bin/ae (Bug#3062)
491 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
493 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
497 * New upstream version
499 * Changed sudoers permission to 440 (owner root, group root) to make
502 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
506 * Applied upstream patch 1
508 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
512 * Applied upstream patch 2
514 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
518 * Applied upstream patch 3 (fixes problems with an NFS-mounted
522 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
526 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
527 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
529 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
533 * Applied upstream patch 4 (fixes several bugs)
535 * Changed priority to optional
537 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
541 * Corrected postinst to create correct permission for /etc/sudoers
544 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
548 * New upstream version
551 sudo (1.4.4-2) admin; urgency=HIGH
553 * Fixed major security bug reported by Peter Tobias
554 <tobias@et-inf.fho-emden.de>
555 * Added dchanges support to debian.rules
557 sudo (1.4.5-1) admin; urgency=LOW
559 * New upstream version
560 * Minor changes to debian.rules