1 sudo (1.7.2p7-1) UNRELEASED; urgency=high
3 * new upstream release with security fix for secure path (CVE-2010-1646),
5 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
6 about whether to give the lecture is preserved across reboots even when
7 RAMRUN is set, closes: #581393
8 * add a note to README.Debian about LDAP needing an entry in
9 /etc/nsswitch.conf, closes: #522065
10 * add a note to README.Debian about how to turn off lectures if using
11 RAMRUN in /etc/default/rcS, closes: #581393
13 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
15 sudo (1.7.2p6-1) unstable; urgency=low
17 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
19 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
21 sudo (1.7.2p5-1) unstable; urgency=low
23 * new upstream release, closes a bug filed upstream regarding missing man
24 page processing scripts in the 1.7.2p1 tarball, also includes the fix
25 for CVE-2010-0426 previously the subject of a security team nmu
26 * move to source format 3.0 (quilt) and restructure changes as patches
27 * fix unprocessed substitution variables in man pages, closes: #557204
28 * apply patch from Neil Moore to fix Debian-specific content in the
29 visudo man page, closes: #555013
30 * update descriptions to better explain sudo-ldap, closes: #573108
31 * eliminate spurious 'and' in man page, closes: #571620
32 * fix confusing text in default sudoers, closes: #566607
34 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
36 sudo (1.7.2p1-1) unstable; urgency=low
38 * new upstream version
39 * add support for /etc/sudoers.d using #includedir in default sudoers,
40 which I think is also a good solution to the request for a crontab-like
41 API requested in March of 2001, closes: #539994, #271813, #89743
42 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
44 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
46 sudo (1.7.2-2) unstable; urgency=low
48 * further improve initial sudoers to not include the NOPASSWD option on
49 the group sudo exception, closes: #539136, #198991
51 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
53 sudo (1.7.2-1) unstable; urgency=low
55 * new upstream version, closes: #537103
56 * improve initial sudoers by having the exemption for users in group
57 sudo on by default, and including the ability to run any command as
58 any user. This makes the default install roughly equivalent to our
59 old use of the --with-exempt=sudo build option, closes: #536220, #536222
61 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
63 sudo (1.7.0-1) unstable; urgency=low
65 * new upstream version, closes: #510179, #128268, #520274, #508514
66 * fix ldap config file path for sudo-ldap package, including creating
67 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
68 package, closes: #430826
69 * fix NOPASSWD entry location in default config file for the sudo-ldap
70 instance too, closes: #479616
72 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
74 sudo (1.6.9p17-2) unstable; urgency=high
76 * patch from upstream to fix privilege escalation with certain
77 configurations, CVE-2009-0034
78 * typo in sudoers man page, closes: #507163
80 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
82 sudo (1.6.9p17-1) unstable; urgency=low
84 * new upstream version, closes: #481008
85 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
86 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
87 in move from CVS to git for package management, closes: #475821
88 * re-instate the init.d for the sudo-ldap package too... /o\
90 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
92 sudo (1.6.9p15-2) unstable; urgency=low
94 * revert the fix for 388659 such that visudo once again defaults to using
95 /usr/bin/editor. I was always ambivalent about this change, it has caused
96 more confusion and frustration than it cured, and I find Justin's line of
97 reasoning persuasive. Update the man page source to reflect this choice
98 and the related use of --with-env-editor. Closes: #474197.
99 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
101 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
103 sudo (1.6.9p15-1) unstable; urgency=low
105 * new upstream version, closes: #467126, #473337
106 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
107 thanks to Justin Pryzby for pointing this out
108 * reinstate the init.d, since bootclean doesn't quite do what we want. This
109 also means we don't need the preinst scripts any more. Update the lintian
110 overrides since postinst is a Perl script lintian apparently isn't parsing
111 well. closes: #330868
113 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
115 sudo (1.6.9p12-1) unstable; urgency=low
117 * new upstream version, closes: #464890
119 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
121 sudo (1.6.9p11-3) unstable; urgency=low
123 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
125 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
127 sudo (1.6.9p11-2) unstable; urgency=low
129 * update version compared in preinst when removing obsolete init.d,
131 * implement pam session config suggestions from Elizabeth Fong,
132 closes: #452457, #402329
134 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
136 sudo (1.6.9p11-1) unstable; urgency=low
138 * new upstream version
140 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
142 sudo (1.6.9p10-1) unstable; urgency=low
144 * new upstream version
145 * tweak default password prompt as %u doesn't make sense. Accept patch from
146 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
147 uses it by default, closes: #454409
148 * accept patch from Martin Pitt that adds a prerm making it difficult to
149 "accidentally" remove sudo when there is no root password set on the
150 system, closes: #451241
152 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
154 sudo (1.6.9p9-1) unstable; urgency=low
156 * new upstream version
157 * debian/rules: configure a more informative default password prompt to
158 reduce confusion when using sudo to invoke commands which also ask for
159 passwords, closes: #343268
160 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
161 a custom prompt, closes: #448628.
162 * fix configure's ability to discover that libc has dirfd, closes: #451324
163 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
164 the command 'visudo' invokes a vi variant by default as documented,
167 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
169 sudo (1.6.9p6-1) unstable; urgency=low
171 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
172 closes: #434832, #434608, #430382
173 * eliminate the now-redundant init.d scripts, closes: #397090
174 * fix typo in TROUBLESHOOTING file, closes: #439624
176 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
178 sudo (1.6.8p12-6) unstable; urgency=low
180 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
181 * have init.d touch directories in /var/run/sudo, not just files, as a
183 * fix various typos in sudoers.pod, closes: #419749
184 * don't let Makefile strip binaries, closes: #438073
186 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
188 sudo (1.6.8p12-5) unstable; urgency=low
190 * update debian/copyright to reflect new upstream URL, closes: #368746
191 * add sandwich cartoon URL to the README.Debian
192 * don't remove sudoers on purge. can cause problems when moving between
193 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
194 evil choice for now, closes: #401366
195 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
197 * accept patch that improves debian/rules from Ted Percival, closes: #382122
198 * no longer build with --with-exempt=sudo, provide an example entry in the
199 default sudoers file instead, closes: #296605
200 * add --with-devel to configure and augment build dependencies so that flex
201 and yacc files get re-generated on every build, closes: #316249
203 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
205 sudo (1.6.8p12-4) unstable; urgency=low
207 * patch from Petter Reinholdtsen for the LSB info block in the init.d
208 script, closes: #361055
209 * deliver sudoers sample again, closes: #361593
211 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
213 sudo (1.6.8p12-3) unstable; urgency=low
215 * force-feed configure knowledge of nroff's path so we get unformatted man
216 pages installed without build-depending on groff-base, closes: #360894
217 * add a reference to OPTIONS in the man page, closes: #186226
219 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
221 sudo (1.6.8p12-2) unstable; urgency=low
223 * fix typos in init scripts, closes: #346325
224 * update to debhelper compat level 5
225 * build depend on autotools-dev to ensure config.sub/guess are fresh
226 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
227 use it here as well. Thanks to Martin and the debian-security team.
228 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
229 closes: #315115, #315718, #203874
230 * Non-maintainer upload by the Security Team
231 * Reworked the former patch to limit environment variables from being
232 passed through, set env_reset as default instead [sudo.c, env.c,
233 sudoers.pod, Bug#342948, CVE-2005-4158]
234 * env_reset is now set by default
235 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
236 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
237 (in addition to the SUDO_* variables)
238 * Rebuild sudoers.man.in from the POD file
239 * Added README.Debian
240 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
241 * simplify rules file by using more of Makefile, despite having to override
242 default directories with more arguments to configure, closes: #292833
243 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
244 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
245 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
246 unresolveable (requires adding bison as build dep), closes: #314949
248 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
250 sudo (1.6.8p12-1) unstable; urgency=low
252 * new upstream version, closes: #342948 (CVE-2005-4158)
253 * add env_reset to the sudoers file we create if none already exists,
254 as a further precaution in response to discussion about CVS-2005-4158
255 * split ldap support into a new sudo-ldap package. I was trying to avoid
256 doing this, but the impact of going from 4 to 17 linked shlibs on the
257 autobuilder chroots is sufficient motivation for me.
260 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
262 sudo (1.6.8p9-4) unstable; urgency=low
264 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
265 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
266 timestamps in the init.d script, closes: #330868
267 * add dependency header to init.d script, closes: #332849
269 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
271 sudo (1.6.8p9-3) unstable; urgency=high
273 * update debhelper compatibility level from 2 to 4
274 * add man page symlink for sudoedit
275 * Clean SHELLOPTS and PS4 from the environment before executing programs
276 with sudo permissions [env.c, CAN-2005-2959]
277 * fix typo in manpage pointed out by Moray Allen, closes: #285995
278 * fix paths in sample complex sudoers file, closes: #303542
279 * fix type in sudoers man page, closes: #311244
281 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
283 sudo (1.6.8p9-2) unstable; urgency=high
285 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
288 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
290 sudo (1.6.8p9-1) unstable; urgency=high
292 * new upstream version, fixes a race condition in sudo's pathname
293 validation, which is a security issue (CAN-2005-1993),
294 closes: #315115, #315718
296 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
298 sudo (1.6.8p7-1) unstable; urgency=low
300 * new upstream version, closes: #299585
301 * update lintian overrides to squelch the postinst warning
302 * change sudoedit from a hard to a soft link, closes: #296896
303 * fix regex doc in sudoers man page, closes: #300361
305 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
307 sudo (1.6.8p5-1) unstable; urgency=high
309 * new upstream version
310 * restores ability to use config tuples without a value, which was causing
311 problems on upgrade closes: #283306
312 * deliver sudoedit, closes: #283078
313 * marking urgency high since 283306 is a serious upgrade incompatibility
315 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
317 sudo (1.6.8p3-2) unstable; urgency=high
319 * update pam.d deliverable so ldap works again, closes: #282191
321 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
323 sudo (1.6.8p3-1) unstable; urgency=high
325 * new upstream version, fixes a flaw in sudo's environment sanitizing that
326 could allow a malicious user with permission to run a shell script that
327 utilized the bash shell to run arbitrary commands, closes: #281665
328 * patch the sample sudoers to have the proper path for kill on Debian
329 systems, closes: #263486
330 * patch the sudo manpage to reflect Debian's choice of exempt_group
331 default setting, closes: #236465
332 * patch the sudo manpage to reflect Debian's choice of no timeout on the
333 password prompt, closes: #271194
335 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
337 sudo (1.6.7p5-2) unstable; urgency=low
339 * Jeff Bailey reports that seteuid works on current sparc systems, so we
340 no longer need the "grosshack" stuff in the sudo rules file
341 * add a postrm that removes /etc/sudoers on purge. don't do this with the
342 normal conffile mechanism since it would generate noise on every upgrade,
345 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
347 sudo (1.6.7p5-1) unstable; urgency=low
349 * new upstream version, closes: #190265, #193222, #197244
350 * change from '.' to ':' in postinst chown call, closes: #208369
352 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
354 sudo (1.6.7p3-2) unstable; urgency=low
356 * add --disable-setresuid to configure call since 2.2 kernels don't support
357 setresgid, closes: #189044
358 * cosmetic cleanups to debian/rules as long as I'm there
360 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
362 sudo (1.6.7p3-1) unstable; urgency=low
364 * new upstream version
365 * add overrides to quiet lintian about things it doesn't understand,
366 except the source one that can't be overridden until 129510 is fixed
368 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
370 sudo (1.6.6-3) unstable; urgency=low
372 * add code to rules file to update config.sub/guess, closes: #164501
374 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
376 sudo (1.6.6-2) unstable; urgency=low
378 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
379 configure, and lose the build dependency on mail-transport-agent
380 * incorporate changes from LaMont's NMU, closes: #144665, #144737
381 * update init.d to not try and set time on nonexistent timestamp files,
383 * build with --with-all-insults, admin must edit sudoers to turn insults
384 on at runtime if desired, closes: #135374
385 * stop setting /usr/doc symlink in postinst
387 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
389 sudo (1.6.6-1.1) unstable; urgency=high
391 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
392 * Revert patch to auth/pam.c that left pass uninitialized, causing a
393 segfault (Closes: #144665).
395 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
397 sudo (1.6.6-1) unstable; urgency=high
399 * new upstream version, fixes security problem with crafty prompts,
402 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
404 sudo (1.6.5p1-4) unstable; urgency=high
406 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
407 if ctrl/C'ed at password prompt, closes: #131235
409 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
411 sudo (1.6.5p1-3) unstable; urgency=high
413 * ugly hack to add --disable-saved-ids when building on sparc in response
414 to 131592, which will be reassigned to glibc for a real fix
415 * urgency high since the sudo currently in testing for sparc is worthless
417 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
419 sudo (1.6.5p1-2) unstable; urgency=high
421 * patch from upstream to fix seg faults caused by versions of pam that
422 follow a NULL pointer, closes: #129512
424 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
426 sudo (1.6.5p1-1) unstable; urgency=high
428 * new upstream version
429 * add --disable-root-mailer option supported by new version to configure
430 call in rules file, closes: #129648
432 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
434 sudo (1.6.4p1-1) unstable; urgency=high
436 * new upstream version, with fix for segfaulting problem in 1.6.4
438 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
440 sudo (1.6.4-1) unstable; urgency=high
442 * new upstream version, includes an important security fix, closes: #127576
444 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
446 sudo (1.6.3p7-5) unstable; urgency=low
448 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
449 * fix spelling error in init.d, closes: #126847
451 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
453 sudo (1.6.3p7-4) unstable; urgency=medium
455 * use touch to set status files to an ancient date instead of removing them
456 outright on reboot. this achieves the desired effect of keeping elevated
457 privs from living across reboots, without forcing everyone to see the
458 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
459 for systems with good clocks, and 'recent enough' that broken PC hardware
460 setting the clock to commonly-seen bogus dates trips over the "don't trust
461 future timestamps" rule. closes: #76529, #123559
462 * apply patch from Steve Langasek to fix seg faults due to interaction with
463 PAM code. upstream confirms the problem, and says they're fixing this
464 differently for their next release... but this should be useful in the
465 meantime, and would be good to get into woody. closes: #119147
466 * only run the init.d at boot, not on each runlevel change... and don't run
467 it during package configure. closes: #125935
468 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
470 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
472 sudo (1.6.3p7-3) unstable; urgency=low
474 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
475 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
476 * fix a typo in the manpage, closes: #97368
477 * apply patch to configure.in and run autoconf to fix problem building on
478 the hurd, closes: #96325
479 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
480 to not last across reboots, closes: #76529
481 * clean up lintian-noticed cosmetic packaging issues
483 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
485 sudo (1.6.3p7-2) unstable; urgency=low
487 * update config.sub/guess for hppa support
489 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
491 sudo (1.6.3p7-1) unstable; urgency=low
493 * new upstream version
494 * add build dependency on mail-transport-agent, closes: #90685
496 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
498 sudo (1.6.3p6-1) unstable; urgency=high
500 * new upstream version, fixes buffer overflow problem,
501 closes: #87259, #87278, #87263
502 * revert to using --with-secure-path option at build time, since the option
503 available in sudoers is parsed too late to be useful, and upstream says
504 it won't get fixed quickly. This reopens 85123, which I will mark as
505 forwarded. Closes: #86199, #86117, #85676
507 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
509 sudo (1.6.3p5-2) unstable; urgency=low
511 * lose the dh_suidregister call since it's obsolete
512 * stop using the --with-secure-path option at build time, and instead show
513 how to set it in sudoers. Closes: #85123
514 * freshen config.sub and config.guess for ia64 and hppa
515 * update sudoers man page to indicate exempt_group is on by default,
518 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
520 sudo (1.6.3p5-1) unstable; urgency=low
522 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
523 * this version restores core dumps before the exec, while leaving them
524 disabled during sudo's internal execution, closes: #58289
525 * update debhelper calls in rules file
527 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
529 sudo (1.6.2p2-1) frozen unstable; urgency=medium
531 * new upstream source resulting from direct collaboration with the upstream
532 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
533 Closes: #56129, #55978, #55979, #56550, #56772
534 * include more upstream documentation, closes: #55054
535 * pam.d fragment update, closes: #56129
537 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
539 sudo (1.6.1-1) unstable; urgency=low
541 * new upstream source, closes: #52750
543 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
545 sudo (1.6-2) unstable; urgency=low
547 * drop suidregister support for this package. The sudo executable is
548 essentially worthless unless it is setuid root, and making suidregister
549 work involves shipping a non-setuid executable in the .deb and setting the
550 perms in the postinst. On a long upgrade run, this can leave the sudo
551 executable 'broken' for a long time, which is unacceptable. With this
552 version, we ship the executable setuid root in the .deb. Closes: #51742
554 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
556 sudo (1.6-1) unstable; urgency=low
558 * new upstream version, many options previously set at compile-time are now
559 configurable at runtime.
560 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
563 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
565 sudo (1.5.9p4-1) unstable; urgency=low
567 * new upstream version, closes: #43464
568 * empty password handling was fixed in 1.5.8, closes: #31863
570 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
572 sudo (1.5.9p1-1) unstable; urgency=low
574 * new upstream version
576 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
578 sudo (1.5.8p1-1) unstable; urgency=medium
580 * new upstream version, closes 33690
581 * add dependency on libpam-modules, closes 34215, 33432
583 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
585 sudo (1.5.7p4-2) unstable; urgency=medium
587 * update the pam fragment provided so that sudo works with latest pam bits,
590 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
592 sudo (1.5.7p4-1) unstable; urgency=low
594 * new upstream release
596 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
598 sudo (1.5.6p5-1) unstable; urgency=low
600 * new upstream patch release
601 * add PAM support, closes 28594
603 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
605 sudo (1.5.6p2-2) unstable; urgency=low
607 * update copyright file, closes 24136
608 * review and close forwarded bugs believed fixed in this upstream version,
611 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
613 sudo (1.5.6p2-1) unstable; urgency=low
615 * new upstream release
617 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
619 sudo (1.5.4-4) frozen unstable; urgency=low
621 * update postinst to use groupadd, closes 21403
622 * move the suidregister stuff earlier in postinst to ensure it always runs
624 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
626 sudo (1.5.4-3) frozen unstable; urgency=low
628 * change /etc/sudoers from a conffile to being handled in postinst,
630 * add suidmanager support, closes 15711
631 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
632 unlikely to ever fix, and which just don't matter. closes 17146
633 * fix FSF address in copyright file, and submit exception for lintian
634 warning about sudo being setuid root
636 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
638 sudo (1.5.4-2) unstable; urgency=high
640 * patch from upstream author correcting/improving security fix
642 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
644 sudo (1.5.4-1) unstable; urgency=high
646 * new upstream version, includes a security fix
647 * change default editor from /bin/ae to /usr/bin/editor
649 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
651 sudo (1.5.3-1) unstable; urgency=medium
653 * new upstream version, closes bug 15911.
654 * rules file reworked to use debhelper
655 * implement a really gross hack to force use of the sudo-provided
656 lsearch(), since the one in libc6 is broken! This closes bugs
657 12552, 12557, 14881, 15259, 15916.
659 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
661 sudo (1.5.2-6) unstable; urgency=LOW
663 * don't install INSTALL in the doc directory, closes bug 13195.
665 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
667 sudo (1.5.2-5) unstable; urgency=LOW
671 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
673 sudo (1.5.2-4) unstable; urgency=LOW
675 * change TIMEOUT (how long before you have to type your password again)
676 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
677 packages on slower machines much more tolerable. Closes bug 9076.
678 * touch debian/suid before debstd. Closes bug 8709.
680 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
682 sudo (1.5.2-3) frozen unstable; urgency=LOW
684 * patch from upstream maintainer to close Bug 6828
685 * add a debian/suid file to get debstd to leave my perl postinst alone
687 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
689 sudo (1.5.2-2) frozen unstable; urgency=LOW
691 * change rules to use -O2 -Wall as per standards
693 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
695 sudo (1.5.2-1) unstable; urgency=LOW
697 * new upstream version
698 * cosmetic changes to debian package control files
700 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
702 sudo (1.5-2) unstable; urgency=LOW
704 * add /usr/X11R6/bin to the end of the secure path... this makes it
705 much easier to run xmkmf, etc., during package builds. To the extent
706 that /usr/local/sbin and /usr/local/bin were already included, I see
707 no security reasons not to add this.
709 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
711 sudo (1.5-1) unstable; urgency=LOW
713 * New upstream version
715 * New packaging format
717 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
719 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
723 * hard code SECURE_PATH to:
724 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
728 * enabled EXEMPTGROUP "sudo"
730 * moved timestamp dir to /var/log/sudo
732 * changed parser to check for long and short filenames (Bug#1162)
734 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
738 * New upstream source
740 * Fixed postinst script
741 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
743 * Removed special shadow binary. This version works with and without
744 shadow password file.
746 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
750 * Corrected editor path to /bin/ae (Bug#3062)
752 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
754 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
758 * New upstream version
760 * Changed sudoers permission to 440 (owner root, group root) to make
763 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
767 * Applied upstream patch 1
769 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
773 * Applied upstream patch 2
775 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
779 * Applied upstream patch 3 (fixes problems with an NFS-mounted
783 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
787 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
788 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
790 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
794 * Applied upstream patch 4 (fixes several bugs)
796 * Changed priority to optional
798 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
802 * Corrected postinst to create correct permission for /etc/sudoers
805 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
809 * New upstream version
812 sudo (1.4.4-2) admin; urgency=HIGH
814 * Fixed major security bug reported by Peter Tobias
815 <tobias@et-inf.fho-emden.de>
816 * Added dchanges support to debian.rules
818 sudo (1.4.5-1) admin; urgency=LOW
820 * New upstream version
821 * Minor changes to debian.rules