1 sudo (1.8.1p2-1) UNRELEASED; urgency=low
4 * include common-session in pam config, closes: #519700, #607199
5 * move secure_path from configure to default sudoers, closes: #85123, 85917
6 * improve sudoers self-documentation, closes: #613639
7 * drop --disable-setresuid since modern systems should not run 2.2 kernels
9 -- Bdale Garbee <bdale@gag.com> Fri, 22 Jul 2011 15:22:40 +0200
11 sudo (1.7.4p6-1) unstable; urgency=low
13 * new upstream version
14 * touch the right stamp name after configuring, closes: #611287
15 * patch from Svante Signell to fix build problem on Hurd, closes: #611290
17 -- Bdale Garbee <bdale@gag.com> Wed, 09 Feb 2011 11:32:58 -0700
19 sudo (1.7.4p4-6) unstable; urgency=low
21 * update /etc/sudoers.d/README now that sudoers is a conffile
22 * patch from upstream to fix special case in password checking code
23 when only the gid is changing, closes: #609641
25 -- Bdale Garbee <bdale@gag.com> Tue, 11 Jan 2011 10:22:39 -0700
27 sudo (1.7.4p4-5) unstable; urgency=low
29 * patch from Jakub Wilk to add noopt and nostrip build option support,
31 * make sudoers a conffile, closes: #605130
32 * add descriptions to LSB init headers, closes: #604619
33 * change default sudoers %sudo entry to allow gid changes, closes: #602699
34 * add Vcs entries to the control file
35 * use debhelper install files instead of explicit installs in rules
37 -- Bdale Garbee <bdale@gag.com> Wed, 01 Dec 2010 20:32:31 -0700
39 sudo (1.7.4p4-4) unstable; urgency=low
41 * patch from upstream to resolve problem always prompting for a password
42 when run without a tty, closes: #599376
43 * patch from upstream to resolve interoperability problem between HOME in
44 env_keep and the -H flag, closes: #596493
45 * change path syntax to avoid tar error when /var/run/sudo exists but is
46 empty, closes: #598877
48 -- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600
50 sudo (1.7.4p4-3) unstable; urgency=low
52 * make postinst clause for handling /var/run -> /var/lib transition less
53 fragile, closes: #585514
54 * cope with upstream's Makefile trying to install ChangeLog in our doc
55 directory, closes: #597389
56 * fix README.Debian to reflect that HOME is no longer preserved by default,
59 -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
61 sudo (1.7.4p4-2) unstable; urgency=low
63 * add a NEWS item about change in $HOME handling that impacts programs
66 -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
68 sudo (1.7.4p4-1) unstable; urgency=high
70 * new upstream version, urgency high due to fix for flaw in Runas group
71 matching (CVE-2010-2956), closes: #595935
72 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
73 re-lecturing existing users, and to clean up after ourselves on upgrade,
74 and remove the RAMRUN section from README.Debian since the new state dir
75 should fix the original problem, closes: #585514
76 * deliver README.Debian to both package flavors, closes: #593579
78 -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600
80 sudo (1.7.2p7-1) unstable; urgency=high
82 * new upstream release with security fix for secure path (CVE-2010-1646),
84 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
85 about whether to give the lecture is preserved across reboots even when
86 RAMRUN is set, closes: #581393
87 * add a note to README.Debian about LDAP needing an entry in
88 /etc/nsswitch.conf, closes: #522065
89 * add a note to README.Debian about how to turn off lectures if using
90 RAMRUN in /etc/default/rcS, closes: #581393
92 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
94 sudo (1.7.2p6-1) unstable; urgency=low
96 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
98 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
100 sudo (1.7.2p5-1) unstable; urgency=low
102 * new upstream release, closes a bug filed upstream regarding missing man
103 page processing scripts in the 1.7.2p1 tarball, also includes the fix
104 for CVE-2010-0426 previously the subject of a security team nmu
105 * move to source format 3.0 (quilt) and restructure changes as patches
106 * fix unprocessed substitution variables in man pages, closes: #557204
107 * apply patch from Neil Moore to fix Debian-specific content in the
108 visudo man page, closes: #555013
109 * update descriptions to better explain sudo-ldap, closes: #573108
110 * eliminate spurious 'and' in man page, closes: #571620
111 * fix confusing text in default sudoers, closes: #566607
113 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
115 sudo (1.7.2p1-1) unstable; urgency=low
117 * new upstream version
118 * add support for /etc/sudoers.d using #includedir in default sudoers,
119 which I think is also a good solution to the request for a crontab-like
120 API requested in March of 2001, closes: #539994, #271813, #89743
121 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
123 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
125 sudo (1.7.2-2) unstable; urgency=low
127 * further improve initial sudoers to not include the NOPASSWD option on
128 the group sudo exception, closes: #539136, #198991
130 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
132 sudo (1.7.2-1) unstable; urgency=low
134 * new upstream version, closes: #537103
135 * improve initial sudoers by having the exemption for users in group
136 sudo on by default, and including the ability to run any command as
137 any user. This makes the default install roughly equivalent to our
138 old use of the --with-exempt=sudo build option, closes: #536220, #536222
140 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
142 sudo (1.7.0-1) unstable; urgency=low
144 * new upstream version, closes: #510179, #128268, #520274, #508514
145 * fix ldap config file path for sudo-ldap package, including creating
146 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
147 package, closes: #430826
148 * fix NOPASSWD entry location in default config file for the sudo-ldap
149 instance too, closes: #479616
151 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
153 sudo (1.6.9p17-2) unstable; urgency=high
155 * patch from upstream to fix privilege escalation with certain
156 configurations, CVE-2009-0034
157 * typo in sudoers man page, closes: #507163
159 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
161 sudo (1.6.9p17-1) unstable; urgency=low
163 * new upstream version, closes: #481008
164 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
165 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
166 in move from CVS to git for package management, closes: #475821
167 * re-instate the init.d for the sudo-ldap package too... /o\
169 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
171 sudo (1.6.9p15-2) unstable; urgency=low
173 * revert the fix for 388659 such that visudo once again defaults to using
174 /usr/bin/editor. I was always ambivalent about this change, it has caused
175 more confusion and frustration than it cured, and I find Justin's line of
176 reasoning persuasive. Update the man page source to reflect this choice
177 and the related use of --with-env-editor. Closes: #474197.
178 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
180 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
182 sudo (1.6.9p15-1) unstable; urgency=low
184 * new upstream version, closes: #467126, #473337
185 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
186 thanks to Justin Pryzby for pointing this out
187 * reinstate the init.d, since bootclean doesn't quite do what we want. This
188 also means we don't need the preinst scripts any more. Update the lintian
189 overrides since postinst is a Perl script lintian apparently isn't parsing
190 well. closes: #330868
192 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
194 sudo (1.6.9p12-1) unstable; urgency=low
196 * new upstream version, closes: #464890
198 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
200 sudo (1.6.9p11-3) unstable; urgency=low
202 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
204 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
206 sudo (1.6.9p11-2) unstable; urgency=low
208 * update version compared in preinst when removing obsolete init.d,
210 * implement pam session config suggestions from Elizabeth Fong,
211 closes: #452457, #402329
213 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
215 sudo (1.6.9p11-1) unstable; urgency=low
217 * new upstream version
219 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
221 sudo (1.6.9p10-1) unstable; urgency=low
223 * new upstream version
224 * tweak default password prompt as %u doesn't make sense. Accept patch from
225 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
226 uses it by default, closes: #454409
227 * accept patch from Martin Pitt that adds a prerm making it difficult to
228 "accidentally" remove sudo when there is no root password set on the
229 system, closes: #451241
231 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
233 sudo (1.6.9p9-1) unstable; urgency=low
235 * new upstream version
236 * debian/rules: configure a more informative default password prompt to
237 reduce confusion when using sudo to invoke commands which also ask for
238 passwords, closes: #343268
239 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
240 a custom prompt, closes: #448628.
241 * fix configure's ability to discover that libc has dirfd, closes: #451324
242 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
243 the command 'visudo' invokes a vi variant by default as documented,
246 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
248 sudo (1.6.9p6-1) unstable; urgency=low
250 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
251 closes: #434832, #434608, #430382
252 * eliminate the now-redundant init.d scripts, closes: #397090
253 * fix typo in TROUBLESHOOTING file, closes: #439624
255 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
257 sudo (1.6.8p12-6) unstable; urgency=low
259 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
260 * have init.d touch directories in /var/run/sudo, not just files, as a
262 * fix various typos in sudoers.pod, closes: #419749
263 * don't let Makefile strip binaries, closes: #438073
265 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
267 sudo (1.6.8p12-5) unstable; urgency=low
269 * update debian/copyright to reflect new upstream URL, closes: #368746
270 * add sandwich cartoon URL to the README.Debian
271 * don't remove sudoers on purge. can cause problems when moving between
272 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
273 evil choice for now, closes: #401366
274 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
276 * accept patch that improves debian/rules from Ted Percival, closes: #382122
277 * no longer build with --with-exempt=sudo, provide an example entry in the
278 default sudoers file instead, closes: #296605
279 * add --with-devel to configure and augment build dependencies so that flex
280 and yacc files get re-generated on every build, closes: #316249
282 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
284 sudo (1.6.8p12-4) unstable; urgency=low
286 * patch from Petter Reinholdtsen for the LSB info block in the init.d
287 script, closes: #361055
288 * deliver sudoers sample again, closes: #361593
290 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
292 sudo (1.6.8p12-3) unstable; urgency=low
294 * force-feed configure knowledge of nroff's path so we get unformatted man
295 pages installed without build-depending on groff-base, closes: #360894
296 * add a reference to OPTIONS in the man page, closes: #186226
298 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
300 sudo (1.6.8p12-2) unstable; urgency=low
302 * fix typos in init scripts, closes: #346325
303 * update to debhelper compat level 5
304 * build depend on autotools-dev to ensure config.sub/guess are fresh
305 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
306 use it here as well. Thanks to Martin and the debian-security team.
307 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
308 closes: #315115, #315718, #203874
309 * Non-maintainer upload by the Security Team
310 * Reworked the former patch to limit environment variables from being
311 passed through, set env_reset as default instead [sudo.c, env.c,
312 sudoers.pod, Bug#342948, CVE-2005-4158]
313 * env_reset is now set by default
314 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
315 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
316 (in addition to the SUDO_* variables)
317 * Rebuild sudoers.man.in from the POD file
318 * Added README.Debian
319 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
320 * simplify rules file by using more of Makefile, despite having to override
321 default directories with more arguments to configure, closes: #292833
322 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
323 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
324 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
325 unresolveable (requires adding bison as build dep), closes: #314949
327 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
329 sudo (1.6.8p12-1) unstable; urgency=low
331 * new upstream version, closes: #342948 (CVE-2005-4158)
332 * add env_reset to the sudoers file we create if none already exists,
333 as a further precaution in response to discussion about CVS-2005-4158
334 * split ldap support into a new sudo-ldap package. I was trying to avoid
335 doing this, but the impact of going from 4 to 17 linked shlibs on the
336 autobuilder chroots is sufficient motivation for me.
339 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
341 sudo (1.6.8p9-4) unstable; urgency=low
343 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
344 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
345 timestamps in the init.d script, closes: #330868
346 * add dependency header to init.d script, closes: #332849
348 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
350 sudo (1.6.8p9-3) unstable; urgency=high
352 * update debhelper compatibility level from 2 to 4
353 * add man page symlink for sudoedit
354 * Clean SHELLOPTS and PS4 from the environment before executing programs
355 with sudo permissions [env.c, CAN-2005-2959]
356 * fix typo in manpage pointed out by Moray Allen, closes: #285995
357 * fix paths in sample complex sudoers file, closes: #303542
358 * fix type in sudoers man page, closes: #311244
360 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
362 sudo (1.6.8p9-2) unstable; urgency=high
364 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
367 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
369 sudo (1.6.8p9-1) unstable; urgency=high
371 * new upstream version, fixes a race condition in sudo's pathname
372 validation, which is a security issue (CAN-2005-1993),
373 closes: #315115, #315718
375 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
377 sudo (1.6.8p7-1) unstable; urgency=low
379 * new upstream version, closes: #299585
380 * update lintian overrides to squelch the postinst warning
381 * change sudoedit from a hard to a soft link, closes: #296896
382 * fix regex doc in sudoers man page, closes: #300361
384 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
386 sudo (1.6.8p5-1) unstable; urgency=high
388 * new upstream version
389 * restores ability to use config tuples without a value, which was causing
390 problems on upgrade closes: #283306
391 * deliver sudoedit, closes: #283078
392 * marking urgency high since 283306 is a serious upgrade incompatibility
394 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
396 sudo (1.6.8p3-2) unstable; urgency=high
398 * update pam.d deliverable so ldap works again, closes: #282191
400 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
402 sudo (1.6.8p3-1) unstable; urgency=high
404 * new upstream version, fixes a flaw in sudo's environment sanitizing that
405 could allow a malicious user with permission to run a shell script that
406 utilized the bash shell to run arbitrary commands, closes: #281665
407 * patch the sample sudoers to have the proper path for kill on Debian
408 systems, closes: #263486
409 * patch the sudo manpage to reflect Debian's choice of exempt_group
410 default setting, closes: #236465
411 * patch the sudo manpage to reflect Debian's choice of no timeout on the
412 password prompt, closes: #271194
414 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
416 sudo (1.6.7p5-2) unstable; urgency=low
418 * Jeff Bailey reports that seteuid works on current sparc systems, so we
419 no longer need the "grosshack" stuff in the sudo rules file
420 * add a postrm that removes /etc/sudoers on purge. don't do this with the
421 normal conffile mechanism since it would generate noise on every upgrade,
424 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
426 sudo (1.6.7p5-1) unstable; urgency=low
428 * new upstream version, closes: #190265, #193222, #197244
429 * change from '.' to ':' in postinst chown call, closes: #208369
431 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
433 sudo (1.6.7p3-2) unstable; urgency=low
435 * add --disable-setresuid to configure call since 2.2 kernels don't support
436 setresgid, closes: #189044
437 * cosmetic cleanups to debian/rules as long as I'm there
439 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
441 sudo (1.6.7p3-1) unstable; urgency=low
443 * new upstream version
444 * add overrides to quiet lintian about things it doesn't understand,
445 except the source one that can't be overridden until 129510 is fixed
447 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
449 sudo (1.6.6-3) unstable; urgency=low
451 * add code to rules file to update config.sub/guess, closes: #164501
453 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
455 sudo (1.6.6-2) unstable; urgency=low
457 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
458 configure, and lose the build dependency on mail-transport-agent
459 * incorporate changes from LaMont's NMU, closes: #144665, #144737
460 * update init.d to not try and set time on nonexistent timestamp files,
462 * build with --with-all-insults, admin must edit sudoers to turn insults
463 on at runtime if desired, closes: #135374
464 * stop setting /usr/doc symlink in postinst
466 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
468 sudo (1.6.6-1.1) unstable; urgency=high
470 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
471 * Revert patch to auth/pam.c that left pass uninitialized, causing a
472 segfault (Closes: #144665).
474 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
476 sudo (1.6.6-1) unstable; urgency=high
478 * new upstream version, fixes security problem with crafty prompts,
481 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
483 sudo (1.6.5p1-4) unstable; urgency=high
485 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
486 if ctrl/C'ed at password prompt, closes: #131235
488 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
490 sudo (1.6.5p1-3) unstable; urgency=high
492 * ugly hack to add --disable-saved-ids when building on sparc in response
493 to 131592, which will be reassigned to glibc for a real fix
494 * urgency high since the sudo currently in testing for sparc is worthless
496 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
498 sudo (1.6.5p1-2) unstable; urgency=high
500 * patch from upstream to fix seg faults caused by versions of pam that
501 follow a NULL pointer, closes: #129512
503 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
505 sudo (1.6.5p1-1) unstable; urgency=high
507 * new upstream version
508 * add --disable-root-mailer option supported by new version to configure
509 call in rules file, closes: #129648
511 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
513 sudo (1.6.4p1-1) unstable; urgency=high
515 * new upstream version, with fix for segfaulting problem in 1.6.4
517 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
519 sudo (1.6.4-1) unstable; urgency=high
521 * new upstream version, includes an important security fix, closes: #127576
523 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
525 sudo (1.6.3p7-5) unstable; urgency=low
527 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
528 * fix spelling error in init.d, closes: #126847
530 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
532 sudo (1.6.3p7-4) unstable; urgency=medium
534 * use touch to set status files to an ancient date instead of removing them
535 outright on reboot. this achieves the desired effect of keeping elevated
536 privs from living across reboots, without forcing everyone to see the
537 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
538 for systems with good clocks, and 'recent enough' that broken PC hardware
539 setting the clock to commonly-seen bogus dates trips over the "don't trust
540 future timestamps" rule. closes: #76529, #123559
541 * apply patch from Steve Langasek to fix seg faults due to interaction with
542 PAM code. upstream confirms the problem, and says they're fixing this
543 differently for their next release... but this should be useful in the
544 meantime, and would be good to get into woody. closes: #119147
545 * only run the init.d at boot, not on each runlevel change... and don't run
546 it during package configure. closes: #125935
547 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
549 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
551 sudo (1.6.3p7-3) unstable; urgency=low
553 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
554 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
555 * fix a typo in the manpage, closes: #97368
556 * apply patch to configure.in and run autoconf to fix problem building on
557 the hurd, closes: #96325
558 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
559 to not last across reboots, closes: #76529
560 * clean up lintian-noticed cosmetic packaging issues
562 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
564 sudo (1.6.3p7-2) unstable; urgency=low
566 * update config.sub/guess for hppa support
568 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
570 sudo (1.6.3p7-1) unstable; urgency=low
572 * new upstream version
573 * add build dependency on mail-transport-agent, closes: #90685
575 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
577 sudo (1.6.3p6-1) unstable; urgency=high
579 * new upstream version, fixes buffer overflow problem,
580 closes: #87259, #87278, #87263
581 * revert to using --with-secure-path option at build time, since the option
582 available in sudoers is parsed too late to be useful, and upstream says
583 it won't get fixed quickly. This reopens 85123, which I will mark as
584 forwarded. Closes: #86199, #86117, #85676
586 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
588 sudo (1.6.3p5-2) unstable; urgency=low
590 * lose the dh_suidregister call since it's obsolete
591 * stop using the --with-secure-path option at build time, and instead show
592 how to set it in sudoers. Closes: #85123
593 * freshen config.sub and config.guess for ia64 and hppa
594 * update sudoers man page to indicate exempt_group is on by default,
597 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
599 sudo (1.6.3p5-1) unstable; urgency=low
601 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
602 * this version restores core dumps before the exec, while leaving them
603 disabled during sudo's internal execution, closes: #58289
604 * update debhelper calls in rules file
606 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
608 sudo (1.6.2p2-1) frozen unstable; urgency=medium
610 * new upstream source resulting from direct collaboration with the upstream
611 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
612 Closes: #56129, #55978, #55979, #56550, #56772
613 * include more upstream documentation, closes: #55054
614 * pam.d fragment update, closes: #56129
616 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
618 sudo (1.6.1-1) unstable; urgency=low
620 * new upstream source, closes: #52750
622 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
624 sudo (1.6-2) unstable; urgency=low
626 * drop suidregister support for this package. The sudo executable is
627 essentially worthless unless it is setuid root, and making suidregister
628 work involves shipping a non-setuid executable in the .deb and setting the
629 perms in the postinst. On a long upgrade run, this can leave the sudo
630 executable 'broken' for a long time, which is unacceptable. With this
631 version, we ship the executable setuid root in the .deb. Closes: #51742
633 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
635 sudo (1.6-1) unstable; urgency=low
637 * new upstream version, many options previously set at compile-time are now
638 configurable at runtime.
639 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
642 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
644 sudo (1.5.9p4-1) unstable; urgency=low
646 * new upstream version, closes: #43464
647 * empty password handling was fixed in 1.5.8, closes: #31863
649 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
651 sudo (1.5.9p1-1) unstable; urgency=low
653 * new upstream version
655 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
657 sudo (1.5.8p1-1) unstable; urgency=medium
659 * new upstream version, closes 33690
660 * add dependency on libpam-modules, closes 34215, 33432
662 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
664 sudo (1.5.7p4-2) unstable; urgency=medium
666 * update the pam fragment provided so that sudo works with latest pam bits,
669 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
671 sudo (1.5.7p4-1) unstable; urgency=low
673 * new upstream release
675 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
677 sudo (1.5.6p5-1) unstable; urgency=low
679 * new upstream patch release
680 * add PAM support, closes 28594
682 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
684 sudo (1.5.6p2-2) unstable; urgency=low
686 * update copyright file, closes 24136
687 * review and close forwarded bugs believed fixed in this upstream version,
690 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
692 sudo (1.5.6p2-1) unstable; urgency=low
694 * new upstream release
696 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
698 sudo (1.5.4-4) frozen unstable; urgency=low
700 * update postinst to use groupadd, closes 21403
701 * move the suidregister stuff earlier in postinst to ensure it always runs
703 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
705 sudo (1.5.4-3) frozen unstable; urgency=low
707 * change /etc/sudoers from a conffile to being handled in postinst,
709 * add suidmanager support, closes 15711
710 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
711 unlikely to ever fix, and which just don't matter. closes 17146
712 * fix FSF address in copyright file, and submit exception for lintian
713 warning about sudo being setuid root
715 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
717 sudo (1.5.4-2) unstable; urgency=high
719 * patch from upstream author correcting/improving security fix
721 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
723 sudo (1.5.4-1) unstable; urgency=high
725 * new upstream version, includes a security fix
726 * change default editor from /bin/ae to /usr/bin/editor
728 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
730 sudo (1.5.3-1) unstable; urgency=medium
732 * new upstream version, closes bug 15911.
733 * rules file reworked to use debhelper
734 * implement a really gross hack to force use of the sudo-provided
735 lsearch(), since the one in libc6 is broken! This closes bugs
736 12552, 12557, 14881, 15259, 15916.
738 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
740 sudo (1.5.2-6) unstable; urgency=LOW
742 * don't install INSTALL in the doc directory, closes bug 13195.
744 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
746 sudo (1.5.2-5) unstable; urgency=LOW
750 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
752 sudo (1.5.2-4) unstable; urgency=LOW
754 * change TIMEOUT (how long before you have to type your password again)
755 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
756 packages on slower machines much more tolerable. Closes bug 9076.
757 * touch debian/suid before debstd. Closes bug 8709.
759 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
761 sudo (1.5.2-3) frozen unstable; urgency=LOW
763 * patch from upstream maintainer to close Bug 6828
764 * add a debian/suid file to get debstd to leave my perl postinst alone
766 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
768 sudo (1.5.2-2) frozen unstable; urgency=LOW
770 * change rules to use -O2 -Wall as per standards
772 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
774 sudo (1.5.2-1) unstable; urgency=LOW
776 * new upstream version
777 * cosmetic changes to debian package control files
779 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
781 sudo (1.5-2) unstable; urgency=LOW
783 * add /usr/X11R6/bin to the end of the secure path... this makes it
784 much easier to run xmkmf, etc., during package builds. To the extent
785 that /usr/local/sbin and /usr/local/bin were already included, I see
786 no security reasons not to add this.
788 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
790 sudo (1.5-1) unstable; urgency=LOW
792 * New upstream version
794 * New packaging format
796 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
798 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
802 * hard code SECURE_PATH to:
803 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
807 * enabled EXEMPTGROUP "sudo"
809 * moved timestamp dir to /var/log/sudo
811 * changed parser to check for long and short filenames (Bug#1162)
813 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
817 * New upstream source
819 * Fixed postinst script
820 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
822 * Removed special shadow binary. This version works with and without
823 shadow password file.
825 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
829 * Corrected editor path to /bin/ae (Bug#3062)
831 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
833 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
837 * New upstream version
839 * Changed sudoers permission to 440 (owner root, group root) to make
842 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
846 * Applied upstream patch 1
848 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
852 * Applied upstream patch 2
854 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
858 * Applied upstream patch 3 (fixes problems with an NFS-mounted
862 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
866 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
867 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
869 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
873 * Applied upstream patch 4 (fixes several bugs)
875 * Changed priority to optional
877 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
881 * Corrected postinst to create correct permission for /etc/sudoers
884 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
888 * New upstream version
891 sudo (1.4.4-2) admin; urgency=HIGH
893 * Fixed major security bug reported by Peter Tobias
894 <tobias@et-inf.fho-emden.de>
895 * Added dchanges support to debian.rules
897 sudo (1.4.5-1) admin; urgency=LOW
899 * New upstream version
900 * Minor changes to debian.rules