1 sudo (1.7.4p4-4) unstable; urgency=low
3 * patch from upstream to resolve problem always prompting for a password
4 when run without a tty, closes: #599376
5 * patch from upstream to resolve interoperability problem between HOME in
6 env_keep and the -H flag, closes: #596493
7 * change path syntax to avoid tar error when /var/run/sudo exists but is
10 -- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600
12 sudo (1.7.4p4-3) unstable; urgency=low
14 * make postinst clause for handling /var/run -> /var/lib transition less
15 fragile, closes: #585514
16 * cope with upstream's Makefile trying to install ChangeLog in our doc
17 directory, closes: #597389
18 * fix README.Debian to reflect that HOME is no longer preserved by default,
21 -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
23 sudo (1.7.4p4-2) unstable; urgency=low
25 * add a NEWS item about change in $HOME handling that impacts programs
28 -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
30 sudo (1.7.4p4-1) unstable; urgency=high
32 * new upstream version, urgency high due to fix for flaw in Runas group
33 matching (CVE-2010-2956), closes: #595935
34 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
35 re-lecturing existing users, and to clean up after ourselves on upgrade,
36 and remove the RAMRUN section from README.Debian since the new state dir
37 should fix the original problem, closes: #585514
38 * deliver README.Debian to both package flavors, closes: #593579
40 -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600
42 sudo (1.7.2p7-1) unstable; urgency=high
44 * new upstream release with security fix for secure path (CVE-2010-1646),
46 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
47 about whether to give the lecture is preserved across reboots even when
48 RAMRUN is set, closes: #581393
49 * add a note to README.Debian about LDAP needing an entry in
50 /etc/nsswitch.conf, closes: #522065
51 * add a note to README.Debian about how to turn off lectures if using
52 RAMRUN in /etc/default/rcS, closes: #581393
54 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
56 sudo (1.7.2p6-1) unstable; urgency=low
58 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
60 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
62 sudo (1.7.2p5-1) unstable; urgency=low
64 * new upstream release, closes a bug filed upstream regarding missing man
65 page processing scripts in the 1.7.2p1 tarball, also includes the fix
66 for CVE-2010-0426 previously the subject of a security team nmu
67 * move to source format 3.0 (quilt) and restructure changes as patches
68 * fix unprocessed substitution variables in man pages, closes: #557204
69 * apply patch from Neil Moore to fix Debian-specific content in the
70 visudo man page, closes: #555013
71 * update descriptions to better explain sudo-ldap, closes: #573108
72 * eliminate spurious 'and' in man page, closes: #571620
73 * fix confusing text in default sudoers, closes: #566607
75 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
77 sudo (1.7.2p1-1) unstable; urgency=low
79 * new upstream version
80 * add support for /etc/sudoers.d using #includedir in default sudoers,
81 which I think is also a good solution to the request for a crontab-like
82 API requested in March of 2001, closes: #539994, #271813, #89743
83 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
85 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
87 sudo (1.7.2-2) unstable; urgency=low
89 * further improve initial sudoers to not include the NOPASSWD option on
90 the group sudo exception, closes: #539136, #198991
92 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
94 sudo (1.7.2-1) unstable; urgency=low
96 * new upstream version, closes: #537103
97 * improve initial sudoers by having the exemption for users in group
98 sudo on by default, and including the ability to run any command as
99 any user. This makes the default install roughly equivalent to our
100 old use of the --with-exempt=sudo build option, closes: #536220, #536222
102 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
104 sudo (1.7.0-1) unstable; urgency=low
106 * new upstream version, closes: #510179, #128268, #520274, #508514
107 * fix ldap config file path for sudo-ldap package, including creating
108 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
109 package, closes: #430826
110 * fix NOPASSWD entry location in default config file for the sudo-ldap
111 instance too, closes: #479616
113 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
115 sudo (1.6.9p17-2) unstable; urgency=high
117 * patch from upstream to fix privilege escalation with certain
118 configurations, CVE-2009-0034
119 * typo in sudoers man page, closes: #507163
121 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
123 sudo (1.6.9p17-1) unstable; urgency=low
125 * new upstream version, closes: #481008
126 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
127 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
128 in move from CVS to git for package management, closes: #475821
129 * re-instate the init.d for the sudo-ldap package too... /o\
131 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
133 sudo (1.6.9p15-2) unstable; urgency=low
135 * revert the fix for 388659 such that visudo once again defaults to using
136 /usr/bin/editor. I was always ambivalent about this change, it has caused
137 more confusion and frustration than it cured, and I find Justin's line of
138 reasoning persuasive. Update the man page source to reflect this choice
139 and the related use of --with-env-editor. Closes: #474197.
140 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
142 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
144 sudo (1.6.9p15-1) unstable; urgency=low
146 * new upstream version, closes: #467126, #473337
147 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
148 thanks to Justin Pryzby for pointing this out
149 * reinstate the init.d, since bootclean doesn't quite do what we want. This
150 also means we don't need the preinst scripts any more. Update the lintian
151 overrides since postinst is a Perl script lintian apparently isn't parsing
152 well. closes: #330868
154 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
156 sudo (1.6.9p12-1) unstable; urgency=low
158 * new upstream version, closes: #464890
160 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
162 sudo (1.6.9p11-3) unstable; urgency=low
164 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
166 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
168 sudo (1.6.9p11-2) unstable; urgency=low
170 * update version compared in preinst when removing obsolete init.d,
172 * implement pam session config suggestions from Elizabeth Fong,
173 closes: #452457, #402329
175 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
177 sudo (1.6.9p11-1) unstable; urgency=low
179 * new upstream version
181 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
183 sudo (1.6.9p10-1) unstable; urgency=low
185 * new upstream version
186 * tweak default password prompt as %u doesn't make sense. Accept patch from
187 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
188 uses it by default, closes: #454409
189 * accept patch from Martin Pitt that adds a prerm making it difficult to
190 "accidentally" remove sudo when there is no root password set on the
191 system, closes: #451241
193 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
195 sudo (1.6.9p9-1) unstable; urgency=low
197 * new upstream version
198 * debian/rules: configure a more informative default password prompt to
199 reduce confusion when using sudo to invoke commands which also ask for
200 passwords, closes: #343268
201 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
202 a custom prompt, closes: #448628.
203 * fix configure's ability to discover that libc has dirfd, closes: #451324
204 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
205 the command 'visudo' invokes a vi variant by default as documented,
208 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
210 sudo (1.6.9p6-1) unstable; urgency=low
212 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
213 closes: #434832, #434608, #430382
214 * eliminate the now-redundant init.d scripts, closes: #397090
215 * fix typo in TROUBLESHOOTING file, closes: #439624
217 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
219 sudo (1.6.8p12-6) unstable; urgency=low
221 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
222 * have init.d touch directories in /var/run/sudo, not just files, as a
224 * fix various typos in sudoers.pod, closes: #419749
225 * don't let Makefile strip binaries, closes: #438073
227 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
229 sudo (1.6.8p12-5) unstable; urgency=low
231 * update debian/copyright to reflect new upstream URL, closes: #368746
232 * add sandwich cartoon URL to the README.Debian
233 * don't remove sudoers on purge. can cause problems when moving between
234 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
235 evil choice for now, closes: #401366
236 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
238 * accept patch that improves debian/rules from Ted Percival, closes: #382122
239 * no longer build with --with-exempt=sudo, provide an example entry in the
240 default sudoers file instead, closes: #296605
241 * add --with-devel to configure and augment build dependencies so that flex
242 and yacc files get re-generated on every build, closes: #316249
244 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
246 sudo (1.6.8p12-4) unstable; urgency=low
248 * patch from Petter Reinholdtsen for the LSB info block in the init.d
249 script, closes: #361055
250 * deliver sudoers sample again, closes: #361593
252 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
254 sudo (1.6.8p12-3) unstable; urgency=low
256 * force-feed configure knowledge of nroff's path so we get unformatted man
257 pages installed without build-depending on groff-base, closes: #360894
258 * add a reference to OPTIONS in the man page, closes: #186226
260 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
262 sudo (1.6.8p12-2) unstable; urgency=low
264 * fix typos in init scripts, closes: #346325
265 * update to debhelper compat level 5
266 * build depend on autotools-dev to ensure config.sub/guess are fresh
267 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
268 use it here as well. Thanks to Martin and the debian-security team.
269 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
270 closes: #315115, #315718, #203874
271 * Non-maintainer upload by the Security Team
272 * Reworked the former patch to limit environment variables from being
273 passed through, set env_reset as default instead [sudo.c, env.c,
274 sudoers.pod, Bug#342948, CVE-2005-4158]
275 * env_reset is now set by default
276 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
277 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
278 (in addition to the SUDO_* variables)
279 * Rebuild sudoers.man.in from the POD file
280 * Added README.Debian
281 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
282 * simplify rules file by using more of Makefile, despite having to override
283 default directories with more arguments to configure, closes: #292833
284 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
285 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
286 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
287 unresolveable (requires adding bison as build dep), closes: #314949
289 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
291 sudo (1.6.8p12-1) unstable; urgency=low
293 * new upstream version, closes: #342948 (CVE-2005-4158)
294 * add env_reset to the sudoers file we create if none already exists,
295 as a further precaution in response to discussion about CVS-2005-4158
296 * split ldap support into a new sudo-ldap package. I was trying to avoid
297 doing this, but the impact of going from 4 to 17 linked shlibs on the
298 autobuilder chroots is sufficient motivation for me.
301 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
303 sudo (1.6.8p9-4) unstable; urgency=low
305 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
306 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
307 timestamps in the init.d script, closes: #330868
308 * add dependency header to init.d script, closes: #332849
310 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
312 sudo (1.6.8p9-3) unstable; urgency=high
314 * update debhelper compatibility level from 2 to 4
315 * add man page symlink for sudoedit
316 * Clean SHELLOPTS and PS4 from the environment before executing programs
317 with sudo permissions [env.c, CAN-2005-2959]
318 * fix typo in manpage pointed out by Moray Allen, closes: #285995
319 * fix paths in sample complex sudoers file, closes: #303542
320 * fix type in sudoers man page, closes: #311244
322 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
324 sudo (1.6.8p9-2) unstable; urgency=high
326 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
329 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
331 sudo (1.6.8p9-1) unstable; urgency=high
333 * new upstream version, fixes a race condition in sudo's pathname
334 validation, which is a security issue (CAN-2005-1993),
335 closes: #315115, #315718
337 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
339 sudo (1.6.8p7-1) unstable; urgency=low
341 * new upstream version, closes: #299585
342 * update lintian overrides to squelch the postinst warning
343 * change sudoedit from a hard to a soft link, closes: #296896
344 * fix regex doc in sudoers man page, closes: #300361
346 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
348 sudo (1.6.8p5-1) unstable; urgency=high
350 * new upstream version
351 * restores ability to use config tuples without a value, which was causing
352 problems on upgrade closes: #283306
353 * deliver sudoedit, closes: #283078
354 * marking urgency high since 283306 is a serious upgrade incompatibility
356 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
358 sudo (1.6.8p3-2) unstable; urgency=high
360 * update pam.d deliverable so ldap works again, closes: #282191
362 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
364 sudo (1.6.8p3-1) unstable; urgency=high
366 * new upstream version, fixes a flaw in sudo's environment sanitizing that
367 could allow a malicious user with permission to run a shell script that
368 utilized the bash shell to run arbitrary commands, closes: #281665
369 * patch the sample sudoers to have the proper path for kill on Debian
370 systems, closes: #263486
371 * patch the sudo manpage to reflect Debian's choice of exempt_group
372 default setting, closes: #236465
373 * patch the sudo manpage to reflect Debian's choice of no timeout on the
374 password prompt, closes: #271194
376 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
378 sudo (1.6.7p5-2) unstable; urgency=low
380 * Jeff Bailey reports that seteuid works on current sparc systems, so we
381 no longer need the "grosshack" stuff in the sudo rules file
382 * add a postrm that removes /etc/sudoers on purge. don't do this with the
383 normal conffile mechanism since it would generate noise on every upgrade,
386 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
388 sudo (1.6.7p5-1) unstable; urgency=low
390 * new upstream version, closes: #190265, #193222, #197244
391 * change from '.' to ':' in postinst chown call, closes: #208369
393 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
395 sudo (1.6.7p3-2) unstable; urgency=low
397 * add --disable-setresuid to configure call since 2.2 kernels don't support
398 setresgid, closes: #189044
399 * cosmetic cleanups to debian/rules as long as I'm there
401 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
403 sudo (1.6.7p3-1) unstable; urgency=low
405 * new upstream version
406 * add overrides to quiet lintian about things it doesn't understand,
407 except the source one that can't be overridden until 129510 is fixed
409 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
411 sudo (1.6.6-3) unstable; urgency=low
413 * add code to rules file to update config.sub/guess, closes: #164501
415 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
417 sudo (1.6.6-2) unstable; urgency=low
419 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
420 configure, and lose the build dependency on mail-transport-agent
421 * incorporate changes from LaMont's NMU, closes: #144665, #144737
422 * update init.d to not try and set time on nonexistent timestamp files,
424 * build with --with-all-insults, admin must edit sudoers to turn insults
425 on at runtime if desired, closes: #135374
426 * stop setting /usr/doc symlink in postinst
428 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
430 sudo (1.6.6-1.1) unstable; urgency=high
432 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
433 * Revert patch to auth/pam.c that left pass uninitialized, causing a
434 segfault (Closes: #144665).
436 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
438 sudo (1.6.6-1) unstable; urgency=high
440 * new upstream version, fixes security problem with crafty prompts,
443 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
445 sudo (1.6.5p1-4) unstable; urgency=high
447 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
448 if ctrl/C'ed at password prompt, closes: #131235
450 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
452 sudo (1.6.5p1-3) unstable; urgency=high
454 * ugly hack to add --disable-saved-ids when building on sparc in response
455 to 131592, which will be reassigned to glibc for a real fix
456 * urgency high since the sudo currently in testing for sparc is worthless
458 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
460 sudo (1.6.5p1-2) unstable; urgency=high
462 * patch from upstream to fix seg faults caused by versions of pam that
463 follow a NULL pointer, closes: #129512
465 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
467 sudo (1.6.5p1-1) unstable; urgency=high
469 * new upstream version
470 * add --disable-root-mailer option supported by new version to configure
471 call in rules file, closes: #129648
473 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
475 sudo (1.6.4p1-1) unstable; urgency=high
477 * new upstream version, with fix for segfaulting problem in 1.6.4
479 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
481 sudo (1.6.4-1) unstable; urgency=high
483 * new upstream version, includes an important security fix, closes: #127576
485 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
487 sudo (1.6.3p7-5) unstable; urgency=low
489 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
490 * fix spelling error in init.d, closes: #126847
492 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
494 sudo (1.6.3p7-4) unstable; urgency=medium
496 * use touch to set status files to an ancient date instead of removing them
497 outright on reboot. this achieves the desired effect of keeping elevated
498 privs from living across reboots, without forcing everyone to see the
499 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
500 for systems with good clocks, and 'recent enough' that broken PC hardware
501 setting the clock to commonly-seen bogus dates trips over the "don't trust
502 future timestamps" rule. closes: #76529, #123559
503 * apply patch from Steve Langasek to fix seg faults due to interaction with
504 PAM code. upstream confirms the problem, and says they're fixing this
505 differently for their next release... but this should be useful in the
506 meantime, and would be good to get into woody. closes: #119147
507 * only run the init.d at boot, not on each runlevel change... and don't run
508 it during package configure. closes: #125935
509 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
511 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
513 sudo (1.6.3p7-3) unstable; urgency=low
515 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
516 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
517 * fix a typo in the manpage, closes: #97368
518 * apply patch to configure.in and run autoconf to fix problem building on
519 the hurd, closes: #96325
520 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
521 to not last across reboots, closes: #76529
522 * clean up lintian-noticed cosmetic packaging issues
524 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
526 sudo (1.6.3p7-2) unstable; urgency=low
528 * update config.sub/guess for hppa support
530 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
532 sudo (1.6.3p7-1) unstable; urgency=low
534 * new upstream version
535 * add build dependency on mail-transport-agent, closes: #90685
537 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
539 sudo (1.6.3p6-1) unstable; urgency=high
541 * new upstream version, fixes buffer overflow problem,
542 closes: #87259, #87278, #87263
543 * revert to using --with-secure-path option at build time, since the option
544 available in sudoers is parsed too late to be useful, and upstream says
545 it won't get fixed quickly. This reopens 85123, which I will mark as
546 forwarded. Closes: #86199, #86117, #85676
548 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
550 sudo (1.6.3p5-2) unstable; urgency=low
552 * lose the dh_suidregister call since it's obsolete
553 * stop using the --with-secure-path option at build time, and instead show
554 how to set it in sudoers. Closes: #85123
555 * freshen config.sub and config.guess for ia64 and hppa
556 * update sudoers man page to indicate exempt_group is on by default,
559 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
561 sudo (1.6.3p5-1) unstable; urgency=low
563 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
564 * this version restores core dumps before the exec, while leaving them
565 disabled during sudo's internal execution, closes: #58289
566 * update debhelper calls in rules file
568 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
570 sudo (1.6.2p2-1) frozen unstable; urgency=medium
572 * new upstream source resulting from direct collaboration with the upstream
573 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
574 Closes: #56129, #55978, #55979, #56550, #56772
575 * include more upstream documentation, closes: #55054
576 * pam.d fragment update, closes: #56129
578 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
580 sudo (1.6.1-1) unstable; urgency=low
582 * new upstream source, closes: #52750
584 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
586 sudo (1.6-2) unstable; urgency=low
588 * drop suidregister support for this package. The sudo executable is
589 essentially worthless unless it is setuid root, and making suidregister
590 work involves shipping a non-setuid executable in the .deb and setting the
591 perms in the postinst. On a long upgrade run, this can leave the sudo
592 executable 'broken' for a long time, which is unacceptable. With this
593 version, we ship the executable setuid root in the .deb. Closes: #51742
595 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
597 sudo (1.6-1) unstable; urgency=low
599 * new upstream version, many options previously set at compile-time are now
600 configurable at runtime.
601 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
604 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
606 sudo (1.5.9p4-1) unstable; urgency=low
608 * new upstream version, closes: #43464
609 * empty password handling was fixed in 1.5.8, closes: #31863
611 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
613 sudo (1.5.9p1-1) unstable; urgency=low
615 * new upstream version
617 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
619 sudo (1.5.8p1-1) unstable; urgency=medium
621 * new upstream version, closes 33690
622 * add dependency on libpam-modules, closes 34215, 33432
624 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
626 sudo (1.5.7p4-2) unstable; urgency=medium
628 * update the pam fragment provided so that sudo works with latest pam bits,
631 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
633 sudo (1.5.7p4-1) unstable; urgency=low
635 * new upstream release
637 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
639 sudo (1.5.6p5-1) unstable; urgency=low
641 * new upstream patch release
642 * add PAM support, closes 28594
644 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
646 sudo (1.5.6p2-2) unstable; urgency=low
648 * update copyright file, closes 24136
649 * review and close forwarded bugs believed fixed in this upstream version,
652 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
654 sudo (1.5.6p2-1) unstable; urgency=low
656 * new upstream release
658 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
660 sudo (1.5.4-4) frozen unstable; urgency=low
662 * update postinst to use groupadd, closes 21403
663 * move the suidregister stuff earlier in postinst to ensure it always runs
665 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
667 sudo (1.5.4-3) frozen unstable; urgency=low
669 * change /etc/sudoers from a conffile to being handled in postinst,
671 * add suidmanager support, closes 15711
672 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
673 unlikely to ever fix, and which just don't matter. closes 17146
674 * fix FSF address in copyright file, and submit exception for lintian
675 warning about sudo being setuid root
677 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
679 sudo (1.5.4-2) unstable; urgency=high
681 * patch from upstream author correcting/improving security fix
683 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
685 sudo (1.5.4-1) unstable; urgency=high
687 * new upstream version, includes a security fix
688 * change default editor from /bin/ae to /usr/bin/editor
690 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
692 sudo (1.5.3-1) unstable; urgency=medium
694 * new upstream version, closes bug 15911.
695 * rules file reworked to use debhelper
696 * implement a really gross hack to force use of the sudo-provided
697 lsearch(), since the one in libc6 is broken! This closes bugs
698 12552, 12557, 14881, 15259, 15916.
700 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
702 sudo (1.5.2-6) unstable; urgency=LOW
704 * don't install INSTALL in the doc directory, closes bug 13195.
706 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
708 sudo (1.5.2-5) unstable; urgency=LOW
712 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
714 sudo (1.5.2-4) unstable; urgency=LOW
716 * change TIMEOUT (how long before you have to type your password again)
717 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
718 packages on slower machines much more tolerable. Closes bug 9076.
719 * touch debian/suid before debstd. Closes bug 8709.
721 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
723 sudo (1.5.2-3) frozen unstable; urgency=LOW
725 * patch from upstream maintainer to close Bug 6828
726 * add a debian/suid file to get debstd to leave my perl postinst alone
728 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
730 sudo (1.5.2-2) frozen unstable; urgency=LOW
732 * change rules to use -O2 -Wall as per standards
734 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
736 sudo (1.5.2-1) unstable; urgency=LOW
738 * new upstream version
739 * cosmetic changes to debian package control files
741 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
743 sudo (1.5-2) unstable; urgency=LOW
745 * add /usr/X11R6/bin to the end of the secure path... this makes it
746 much easier to run xmkmf, etc., during package builds. To the extent
747 that /usr/local/sbin and /usr/local/bin were already included, I see
748 no security reasons not to add this.
750 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
752 sudo (1.5-1) unstable; urgency=LOW
754 * New upstream version
756 * New packaging format
758 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
760 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
764 * hard code SECURE_PATH to:
765 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
769 * enabled EXEMPTGROUP "sudo"
771 * moved timestamp dir to /var/log/sudo
773 * changed parser to check for long and short filenames (Bug#1162)
775 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
779 * New upstream source
781 * Fixed postinst script
782 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
784 * Removed special shadow binary. This version works with and without
785 shadow password file.
787 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
791 * Corrected editor path to /bin/ae (Bug#3062)
793 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
795 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
799 * New upstream version
801 * Changed sudoers permission to 440 (owner root, group root) to make
804 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
808 * Applied upstream patch 1
810 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
814 * Applied upstream patch 2
816 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
820 * Applied upstream patch 3 (fixes problems with an NFS-mounted
824 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
828 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
829 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
831 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
835 * Applied upstream patch 4 (fixes several bugs)
837 * Changed priority to optional
839 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
843 * Corrected postinst to create correct permission for /etc/sudoers
846 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
850 * New upstream version
853 sudo (1.4.4-2) admin; urgency=HIGH
855 * Fixed major security bug reported by Peter Tobias
856 <tobias@et-inf.fho-emden.de>
857 * Added dchanges support to debian.rules
859 sudo (1.4.5-1) admin; urgency=LOW
861 * New upstream version
862 * Minor changes to debian.rules