1 sudo (1.7.4p4-5) UNRELEASED; urgency=low
3 * patch from Jakub Wilk to add noopt and nostrip build option support,
5 * make sudoers a conffile, closes: #605130
6 * add descriptions to LSB init headers, closes: #604619
7 * add Vcs entries to the control file
8 * use debhelper install files instead of explicit installs in rules
10 -- Bdale Garbee <bdale@gag.com> Wed, 01 Dec 2010 10:18:01 -0700
12 sudo (1.7.4p4-4) unstable; urgency=low
14 * patch from upstream to resolve problem always prompting for a password
15 when run without a tty, closes: #599376
16 * patch from upstream to resolve interoperability problem between HOME in
17 env_keep and the -H flag, closes: #596493
18 * change path syntax to avoid tar error when /var/run/sudo exists but is
19 empty, closes: #598877
21 -- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600
23 sudo (1.7.4p4-3) unstable; urgency=low
25 * make postinst clause for handling /var/run -> /var/lib transition less
26 fragile, closes: #585514
27 * cope with upstream's Makefile trying to install ChangeLog in our doc
28 directory, closes: #597389
29 * fix README.Debian to reflect that HOME is no longer preserved by default,
32 -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
34 sudo (1.7.4p4-2) unstable; urgency=low
36 * add a NEWS item about change in $HOME handling that impacts programs
39 -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
41 sudo (1.7.4p4-1) unstable; urgency=high
43 * new upstream version, urgency high due to fix for flaw in Runas group
44 matching (CVE-2010-2956), closes: #595935
45 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
46 re-lecturing existing users, and to clean up after ourselves on upgrade,
47 and remove the RAMRUN section from README.Debian since the new state dir
48 should fix the original problem, closes: #585514
49 * deliver README.Debian to both package flavors, closes: #593579
51 -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600
53 sudo (1.7.2p7-1) unstable; urgency=high
55 * new upstream release with security fix for secure path (CVE-2010-1646),
57 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
58 about whether to give the lecture is preserved across reboots even when
59 RAMRUN is set, closes: #581393
60 * add a note to README.Debian about LDAP needing an entry in
61 /etc/nsswitch.conf, closes: #522065
62 * add a note to README.Debian about how to turn off lectures if using
63 RAMRUN in /etc/default/rcS, closes: #581393
65 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
67 sudo (1.7.2p6-1) unstable; urgency=low
69 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
71 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
73 sudo (1.7.2p5-1) unstable; urgency=low
75 * new upstream release, closes a bug filed upstream regarding missing man
76 page processing scripts in the 1.7.2p1 tarball, also includes the fix
77 for CVE-2010-0426 previously the subject of a security team nmu
78 * move to source format 3.0 (quilt) and restructure changes as patches
79 * fix unprocessed substitution variables in man pages, closes: #557204
80 * apply patch from Neil Moore to fix Debian-specific content in the
81 visudo man page, closes: #555013
82 * update descriptions to better explain sudo-ldap, closes: #573108
83 * eliminate spurious 'and' in man page, closes: #571620
84 * fix confusing text in default sudoers, closes: #566607
86 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
88 sudo (1.7.2p1-1) unstable; urgency=low
90 * new upstream version
91 * add support for /etc/sudoers.d using #includedir in default sudoers,
92 which I think is also a good solution to the request for a crontab-like
93 API requested in March of 2001, closes: #539994, #271813, #89743
94 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
96 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
98 sudo (1.7.2-2) unstable; urgency=low
100 * further improve initial sudoers to not include the NOPASSWD option on
101 the group sudo exception, closes: #539136, #198991
103 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
105 sudo (1.7.2-1) unstable; urgency=low
107 * new upstream version, closes: #537103
108 * improve initial sudoers by having the exemption for users in group
109 sudo on by default, and including the ability to run any command as
110 any user. This makes the default install roughly equivalent to our
111 old use of the --with-exempt=sudo build option, closes: #536220, #536222
113 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
115 sudo (1.7.0-1) unstable; urgency=low
117 * new upstream version, closes: #510179, #128268, #520274, #508514
118 * fix ldap config file path for sudo-ldap package, including creating
119 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
120 package, closes: #430826
121 * fix NOPASSWD entry location in default config file for the sudo-ldap
122 instance too, closes: #479616
124 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
126 sudo (1.6.9p17-2) unstable; urgency=high
128 * patch from upstream to fix privilege escalation with certain
129 configurations, CVE-2009-0034
130 * typo in sudoers man page, closes: #507163
132 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
134 sudo (1.6.9p17-1) unstable; urgency=low
136 * new upstream version, closes: #481008
137 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
138 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
139 in move from CVS to git for package management, closes: #475821
140 * re-instate the init.d for the sudo-ldap package too... /o\
142 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
144 sudo (1.6.9p15-2) unstable; urgency=low
146 * revert the fix for 388659 such that visudo once again defaults to using
147 /usr/bin/editor. I was always ambivalent about this change, it has caused
148 more confusion and frustration than it cured, and I find Justin's line of
149 reasoning persuasive. Update the man page source to reflect this choice
150 and the related use of --with-env-editor. Closes: #474197.
151 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
153 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
155 sudo (1.6.9p15-1) unstable; urgency=low
157 * new upstream version, closes: #467126, #473337
158 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
159 thanks to Justin Pryzby for pointing this out
160 * reinstate the init.d, since bootclean doesn't quite do what we want. This
161 also means we don't need the preinst scripts any more. Update the lintian
162 overrides since postinst is a Perl script lintian apparently isn't parsing
163 well. closes: #330868
165 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
167 sudo (1.6.9p12-1) unstable; urgency=low
169 * new upstream version, closes: #464890
171 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
173 sudo (1.6.9p11-3) unstable; urgency=low
175 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
177 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
179 sudo (1.6.9p11-2) unstable; urgency=low
181 * update version compared in preinst when removing obsolete init.d,
183 * implement pam session config suggestions from Elizabeth Fong,
184 closes: #452457, #402329
186 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
188 sudo (1.6.9p11-1) unstable; urgency=low
190 * new upstream version
192 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
194 sudo (1.6.9p10-1) unstable; urgency=low
196 * new upstream version
197 * tweak default password prompt as %u doesn't make sense. Accept patch from
198 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
199 uses it by default, closes: #454409
200 * accept patch from Martin Pitt that adds a prerm making it difficult to
201 "accidentally" remove sudo when there is no root password set on the
202 system, closes: #451241
204 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
206 sudo (1.6.9p9-1) unstable; urgency=low
208 * new upstream version
209 * debian/rules: configure a more informative default password prompt to
210 reduce confusion when using sudo to invoke commands which also ask for
211 passwords, closes: #343268
212 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
213 a custom prompt, closes: #448628.
214 * fix configure's ability to discover that libc has dirfd, closes: #451324
215 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
216 the command 'visudo' invokes a vi variant by default as documented,
219 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
221 sudo (1.6.9p6-1) unstable; urgency=low
223 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
224 closes: #434832, #434608, #430382
225 * eliminate the now-redundant init.d scripts, closes: #397090
226 * fix typo in TROUBLESHOOTING file, closes: #439624
228 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
230 sudo (1.6.8p12-6) unstable; urgency=low
232 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
233 * have init.d touch directories in /var/run/sudo, not just files, as a
235 * fix various typos in sudoers.pod, closes: #419749
236 * don't let Makefile strip binaries, closes: #438073
238 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
240 sudo (1.6.8p12-5) unstable; urgency=low
242 * update debian/copyright to reflect new upstream URL, closes: #368746
243 * add sandwich cartoon URL to the README.Debian
244 * don't remove sudoers on purge. can cause problems when moving between
245 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
246 evil choice for now, closes: #401366
247 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
249 * accept patch that improves debian/rules from Ted Percival, closes: #382122
250 * no longer build with --with-exempt=sudo, provide an example entry in the
251 default sudoers file instead, closes: #296605
252 * add --with-devel to configure and augment build dependencies so that flex
253 and yacc files get re-generated on every build, closes: #316249
255 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
257 sudo (1.6.8p12-4) unstable; urgency=low
259 * patch from Petter Reinholdtsen for the LSB info block in the init.d
260 script, closes: #361055
261 * deliver sudoers sample again, closes: #361593
263 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
265 sudo (1.6.8p12-3) unstable; urgency=low
267 * force-feed configure knowledge of nroff's path so we get unformatted man
268 pages installed without build-depending on groff-base, closes: #360894
269 * add a reference to OPTIONS in the man page, closes: #186226
271 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
273 sudo (1.6.8p12-2) unstable; urgency=low
275 * fix typos in init scripts, closes: #346325
276 * update to debhelper compat level 5
277 * build depend on autotools-dev to ensure config.sub/guess are fresh
278 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
279 use it here as well. Thanks to Martin and the debian-security team.
280 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
281 closes: #315115, #315718, #203874
282 * Non-maintainer upload by the Security Team
283 * Reworked the former patch to limit environment variables from being
284 passed through, set env_reset as default instead [sudo.c, env.c,
285 sudoers.pod, Bug#342948, CVE-2005-4158]
286 * env_reset is now set by default
287 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
288 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
289 (in addition to the SUDO_* variables)
290 * Rebuild sudoers.man.in from the POD file
291 * Added README.Debian
292 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
293 * simplify rules file by using more of Makefile, despite having to override
294 default directories with more arguments to configure, closes: #292833
295 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
296 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
297 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
298 unresolveable (requires adding bison as build dep), closes: #314949
300 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
302 sudo (1.6.8p12-1) unstable; urgency=low
304 * new upstream version, closes: #342948 (CVE-2005-4158)
305 * add env_reset to the sudoers file we create if none already exists,
306 as a further precaution in response to discussion about CVS-2005-4158
307 * split ldap support into a new sudo-ldap package. I was trying to avoid
308 doing this, but the impact of going from 4 to 17 linked shlibs on the
309 autobuilder chroots is sufficient motivation for me.
312 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
314 sudo (1.6.8p9-4) unstable; urgency=low
316 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
317 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
318 timestamps in the init.d script, closes: #330868
319 * add dependency header to init.d script, closes: #332849
321 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
323 sudo (1.6.8p9-3) unstable; urgency=high
325 * update debhelper compatibility level from 2 to 4
326 * add man page symlink for sudoedit
327 * Clean SHELLOPTS and PS4 from the environment before executing programs
328 with sudo permissions [env.c, CAN-2005-2959]
329 * fix typo in manpage pointed out by Moray Allen, closes: #285995
330 * fix paths in sample complex sudoers file, closes: #303542
331 * fix type in sudoers man page, closes: #311244
333 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
335 sudo (1.6.8p9-2) unstable; urgency=high
337 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
340 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
342 sudo (1.6.8p9-1) unstable; urgency=high
344 * new upstream version, fixes a race condition in sudo's pathname
345 validation, which is a security issue (CAN-2005-1993),
346 closes: #315115, #315718
348 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
350 sudo (1.6.8p7-1) unstable; urgency=low
352 * new upstream version, closes: #299585
353 * update lintian overrides to squelch the postinst warning
354 * change sudoedit from a hard to a soft link, closes: #296896
355 * fix regex doc in sudoers man page, closes: #300361
357 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
359 sudo (1.6.8p5-1) unstable; urgency=high
361 * new upstream version
362 * restores ability to use config tuples without a value, which was causing
363 problems on upgrade closes: #283306
364 * deliver sudoedit, closes: #283078
365 * marking urgency high since 283306 is a serious upgrade incompatibility
367 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
369 sudo (1.6.8p3-2) unstable; urgency=high
371 * update pam.d deliverable so ldap works again, closes: #282191
373 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
375 sudo (1.6.8p3-1) unstable; urgency=high
377 * new upstream version, fixes a flaw in sudo's environment sanitizing that
378 could allow a malicious user with permission to run a shell script that
379 utilized the bash shell to run arbitrary commands, closes: #281665
380 * patch the sample sudoers to have the proper path for kill on Debian
381 systems, closes: #263486
382 * patch the sudo manpage to reflect Debian's choice of exempt_group
383 default setting, closes: #236465
384 * patch the sudo manpage to reflect Debian's choice of no timeout on the
385 password prompt, closes: #271194
387 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
389 sudo (1.6.7p5-2) unstable; urgency=low
391 * Jeff Bailey reports that seteuid works on current sparc systems, so we
392 no longer need the "grosshack" stuff in the sudo rules file
393 * add a postrm that removes /etc/sudoers on purge. don't do this with the
394 normal conffile mechanism since it would generate noise on every upgrade,
397 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
399 sudo (1.6.7p5-1) unstable; urgency=low
401 * new upstream version, closes: #190265, #193222, #197244
402 * change from '.' to ':' in postinst chown call, closes: #208369
404 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
406 sudo (1.6.7p3-2) unstable; urgency=low
408 * add --disable-setresuid to configure call since 2.2 kernels don't support
409 setresgid, closes: #189044
410 * cosmetic cleanups to debian/rules as long as I'm there
412 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
414 sudo (1.6.7p3-1) unstable; urgency=low
416 * new upstream version
417 * add overrides to quiet lintian about things it doesn't understand,
418 except the source one that can't be overridden until 129510 is fixed
420 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
422 sudo (1.6.6-3) unstable; urgency=low
424 * add code to rules file to update config.sub/guess, closes: #164501
426 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
428 sudo (1.6.6-2) unstable; urgency=low
430 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
431 configure, and lose the build dependency on mail-transport-agent
432 * incorporate changes from LaMont's NMU, closes: #144665, #144737
433 * update init.d to not try and set time on nonexistent timestamp files,
435 * build with --with-all-insults, admin must edit sudoers to turn insults
436 on at runtime if desired, closes: #135374
437 * stop setting /usr/doc symlink in postinst
439 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
441 sudo (1.6.6-1.1) unstable; urgency=high
443 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
444 * Revert patch to auth/pam.c that left pass uninitialized, causing a
445 segfault (Closes: #144665).
447 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
449 sudo (1.6.6-1) unstable; urgency=high
451 * new upstream version, fixes security problem with crafty prompts,
454 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
456 sudo (1.6.5p1-4) unstable; urgency=high
458 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
459 if ctrl/C'ed at password prompt, closes: #131235
461 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
463 sudo (1.6.5p1-3) unstable; urgency=high
465 * ugly hack to add --disable-saved-ids when building on sparc in response
466 to 131592, which will be reassigned to glibc for a real fix
467 * urgency high since the sudo currently in testing for sparc is worthless
469 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
471 sudo (1.6.5p1-2) unstable; urgency=high
473 * patch from upstream to fix seg faults caused by versions of pam that
474 follow a NULL pointer, closes: #129512
476 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
478 sudo (1.6.5p1-1) unstable; urgency=high
480 * new upstream version
481 * add --disable-root-mailer option supported by new version to configure
482 call in rules file, closes: #129648
484 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
486 sudo (1.6.4p1-1) unstable; urgency=high
488 * new upstream version, with fix for segfaulting problem in 1.6.4
490 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
492 sudo (1.6.4-1) unstable; urgency=high
494 * new upstream version, includes an important security fix, closes: #127576
496 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
498 sudo (1.6.3p7-5) unstable; urgency=low
500 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
501 * fix spelling error in init.d, closes: #126847
503 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
505 sudo (1.6.3p7-4) unstable; urgency=medium
507 * use touch to set status files to an ancient date instead of removing them
508 outright on reboot. this achieves the desired effect of keeping elevated
509 privs from living across reboots, without forcing everyone to see the
510 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
511 for systems with good clocks, and 'recent enough' that broken PC hardware
512 setting the clock to commonly-seen bogus dates trips over the "don't trust
513 future timestamps" rule. closes: #76529, #123559
514 * apply patch from Steve Langasek to fix seg faults due to interaction with
515 PAM code. upstream confirms the problem, and says they're fixing this
516 differently for their next release... but this should be useful in the
517 meantime, and would be good to get into woody. closes: #119147
518 * only run the init.d at boot, not on each runlevel change... and don't run
519 it during package configure. closes: #125935
520 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
522 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
524 sudo (1.6.3p7-3) unstable; urgency=low
526 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
527 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
528 * fix a typo in the manpage, closes: #97368
529 * apply patch to configure.in and run autoconf to fix problem building on
530 the hurd, closes: #96325
531 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
532 to not last across reboots, closes: #76529
533 * clean up lintian-noticed cosmetic packaging issues
535 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
537 sudo (1.6.3p7-2) unstable; urgency=low
539 * update config.sub/guess for hppa support
541 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
543 sudo (1.6.3p7-1) unstable; urgency=low
545 * new upstream version
546 * add build dependency on mail-transport-agent, closes: #90685
548 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
550 sudo (1.6.3p6-1) unstable; urgency=high
552 * new upstream version, fixes buffer overflow problem,
553 closes: #87259, #87278, #87263
554 * revert to using --with-secure-path option at build time, since the option
555 available in sudoers is parsed too late to be useful, and upstream says
556 it won't get fixed quickly. This reopens 85123, which I will mark as
557 forwarded. Closes: #86199, #86117, #85676
559 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
561 sudo (1.6.3p5-2) unstable; urgency=low
563 * lose the dh_suidregister call since it's obsolete
564 * stop using the --with-secure-path option at build time, and instead show
565 how to set it in sudoers. Closes: #85123
566 * freshen config.sub and config.guess for ia64 and hppa
567 * update sudoers man page to indicate exempt_group is on by default,
570 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
572 sudo (1.6.3p5-1) unstable; urgency=low
574 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
575 * this version restores core dumps before the exec, while leaving them
576 disabled during sudo's internal execution, closes: #58289
577 * update debhelper calls in rules file
579 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
581 sudo (1.6.2p2-1) frozen unstable; urgency=medium
583 * new upstream source resulting from direct collaboration with the upstream
584 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
585 Closes: #56129, #55978, #55979, #56550, #56772
586 * include more upstream documentation, closes: #55054
587 * pam.d fragment update, closes: #56129
589 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
591 sudo (1.6.1-1) unstable; urgency=low
593 * new upstream source, closes: #52750
595 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
597 sudo (1.6-2) unstable; urgency=low
599 * drop suidregister support for this package. The sudo executable is
600 essentially worthless unless it is setuid root, and making suidregister
601 work involves shipping a non-setuid executable in the .deb and setting the
602 perms in the postinst. On a long upgrade run, this can leave the sudo
603 executable 'broken' for a long time, which is unacceptable. With this
604 version, we ship the executable setuid root in the .deb. Closes: #51742
606 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
608 sudo (1.6-1) unstable; urgency=low
610 * new upstream version, many options previously set at compile-time are now
611 configurable at runtime.
612 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
615 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
617 sudo (1.5.9p4-1) unstable; urgency=low
619 * new upstream version, closes: #43464
620 * empty password handling was fixed in 1.5.8, closes: #31863
622 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
624 sudo (1.5.9p1-1) unstable; urgency=low
626 * new upstream version
628 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
630 sudo (1.5.8p1-1) unstable; urgency=medium
632 * new upstream version, closes 33690
633 * add dependency on libpam-modules, closes 34215, 33432
635 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
637 sudo (1.5.7p4-2) unstable; urgency=medium
639 * update the pam fragment provided so that sudo works with latest pam bits,
642 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
644 sudo (1.5.7p4-1) unstable; urgency=low
646 * new upstream release
648 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
650 sudo (1.5.6p5-1) unstable; urgency=low
652 * new upstream patch release
653 * add PAM support, closes 28594
655 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
657 sudo (1.5.6p2-2) unstable; urgency=low
659 * update copyright file, closes 24136
660 * review and close forwarded bugs believed fixed in this upstream version,
663 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
665 sudo (1.5.6p2-1) unstable; urgency=low
667 * new upstream release
669 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
671 sudo (1.5.4-4) frozen unstable; urgency=low
673 * update postinst to use groupadd, closes 21403
674 * move the suidregister stuff earlier in postinst to ensure it always runs
676 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
678 sudo (1.5.4-3) frozen unstable; urgency=low
680 * change /etc/sudoers from a conffile to being handled in postinst,
682 * add suidmanager support, closes 15711
683 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
684 unlikely to ever fix, and which just don't matter. closes 17146
685 * fix FSF address in copyright file, and submit exception for lintian
686 warning about sudo being setuid root
688 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
690 sudo (1.5.4-2) unstable; urgency=high
692 * patch from upstream author correcting/improving security fix
694 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
696 sudo (1.5.4-1) unstable; urgency=high
698 * new upstream version, includes a security fix
699 * change default editor from /bin/ae to /usr/bin/editor
701 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
703 sudo (1.5.3-1) unstable; urgency=medium
705 * new upstream version, closes bug 15911.
706 * rules file reworked to use debhelper
707 * implement a really gross hack to force use of the sudo-provided
708 lsearch(), since the one in libc6 is broken! This closes bugs
709 12552, 12557, 14881, 15259, 15916.
711 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
713 sudo (1.5.2-6) unstable; urgency=LOW
715 * don't install INSTALL in the doc directory, closes bug 13195.
717 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
719 sudo (1.5.2-5) unstable; urgency=LOW
723 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
725 sudo (1.5.2-4) unstable; urgency=LOW
727 * change TIMEOUT (how long before you have to type your password again)
728 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
729 packages on slower machines much more tolerable. Closes bug 9076.
730 * touch debian/suid before debstd. Closes bug 8709.
732 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
734 sudo (1.5.2-3) frozen unstable; urgency=LOW
736 * patch from upstream maintainer to close Bug 6828
737 * add a debian/suid file to get debstd to leave my perl postinst alone
739 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
741 sudo (1.5.2-2) frozen unstable; urgency=LOW
743 * change rules to use -O2 -Wall as per standards
745 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
747 sudo (1.5.2-1) unstable; urgency=LOW
749 * new upstream version
750 * cosmetic changes to debian package control files
752 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
754 sudo (1.5-2) unstable; urgency=LOW
756 * add /usr/X11R6/bin to the end of the secure path... this makes it
757 much easier to run xmkmf, etc., during package builds. To the extent
758 that /usr/local/sbin and /usr/local/bin were already included, I see
759 no security reasons not to add this.
761 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
763 sudo (1.5-1) unstable; urgency=LOW
765 * New upstream version
767 * New packaging format
769 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
771 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
775 * hard code SECURE_PATH to:
776 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
780 * enabled EXEMPTGROUP "sudo"
782 * moved timestamp dir to /var/log/sudo
784 * changed parser to check for long and short filenames (Bug#1162)
786 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
790 * New upstream source
792 * Fixed postinst script
793 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
795 * Removed special shadow binary. This version works with and without
796 shadow password file.
798 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
802 * Corrected editor path to /bin/ae (Bug#3062)
804 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
806 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
810 * New upstream version
812 * Changed sudoers permission to 440 (owner root, group root) to make
815 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
819 * Applied upstream patch 1
821 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
825 * Applied upstream patch 2
827 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
831 * Applied upstream patch 3 (fixes problems with an NFS-mounted
835 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
839 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
840 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
842 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
846 * Applied upstream patch 4 (fixes several bugs)
848 * Changed priority to optional
850 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
854 * Corrected postinst to create correct permission for /etc/sudoers
857 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
861 * New upstream version
864 sudo (1.4.4-2) admin; urgency=HIGH
866 * Fixed major security bug reported by Peter Tobias
867 <tobias@et-inf.fho-emden.de>
868 * Added dchanges support to debian.rules
870 sudo (1.4.5-1) admin; urgency=LOW
872 * New upstream version
873 * Minor changes to debian.rules