1 sudo (1.8.2-2) UNRELEASED; urgency=low
3 * patch from upstream for SIGBUS on sparc64, closes: #640304
5 -- Bdale Garbee <bdale@gag.com> Fri, 16 Sep 2011 09:40:03 -0600
7 sudo (1.8.2-1) unstable; urgency=low
9 * new upstream version, closes: #637449, #621830
10 * include common-session in pam config, closes: #519700, #607199
11 * move secure_path from configure to default sudoers, closes: #85123, 85917
12 * improve sudoers self-documentation, closes: #613639
13 * drop --disable-setresuid since modern systems should not run 2.2 kernels
14 * lose the --with-devel configure option since it's breaking builds in
15 subdirectories for some reason
17 -- Bdale Garbee <bdale@gag.com> Wed, 24 Aug 2011 13:33:11 -0600
19 sudo (1.7.4p6-1) unstable; urgency=low
21 * new upstream version
22 * touch the right stamp name after configuring, closes: #611287
23 * patch from Svante Signell to fix build problem on Hurd, closes: #611290
25 -- Bdale Garbee <bdale@gag.com> Wed, 09 Feb 2011 11:32:58 -0700
27 sudo (1.7.4p4-6) unstable; urgency=low
29 * update /etc/sudoers.d/README now that sudoers is a conffile
30 * patch from upstream to fix special case in password checking code
31 when only the gid is changing, closes: #609641
33 -- Bdale Garbee <bdale@gag.com> Tue, 11 Jan 2011 10:22:39 -0700
35 sudo (1.7.4p4-5) unstable; urgency=low
37 * patch from Jakub Wilk to add noopt and nostrip build option support,
39 * make sudoers a conffile, closes: #605130
40 * add descriptions to LSB init headers, closes: #604619
41 * change default sudoers %sudo entry to allow gid changes, closes: #602699
42 * add Vcs entries to the control file
43 * use debhelper install files instead of explicit installs in rules
45 -- Bdale Garbee <bdale@gag.com> Wed, 01 Dec 2010 20:32:31 -0700
47 sudo (1.7.4p4-4) unstable; urgency=low
49 * patch from upstream to resolve problem always prompting for a password
50 when run without a tty, closes: #599376
51 * patch from upstream to resolve interoperability problem between HOME in
52 env_keep and the -H flag, closes: #596493
53 * change path syntax to avoid tar error when /var/run/sudo exists but is
54 empty, closes: #598877
56 -- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600
58 sudo (1.7.4p4-3) unstable; urgency=low
60 * make postinst clause for handling /var/run -> /var/lib transition less
61 fragile, closes: #585514
62 * cope with upstream's Makefile trying to install ChangeLog in our doc
63 directory, closes: #597389
64 * fix README.Debian to reflect that HOME is no longer preserved by default,
67 -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
69 sudo (1.7.4p4-2) unstable; urgency=low
71 * add a NEWS item about change in $HOME handling that impacts programs
74 -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
76 sudo (1.7.4p4-1) unstable; urgency=high
78 * new upstream version, urgency high due to fix for flaw in Runas group
79 matching (CVE-2010-2956), closes: #595935
80 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
81 re-lecturing existing users, and to clean up after ourselves on upgrade,
82 and remove the RAMRUN section from README.Debian since the new state dir
83 should fix the original problem, closes: #585514
84 * deliver README.Debian to both package flavors, closes: #593579
86 -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600
88 sudo (1.7.2p7-1) unstable; urgency=high
90 * new upstream release with security fix for secure path (CVE-2010-1646),
92 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
93 about whether to give the lecture is preserved across reboots even when
94 RAMRUN is set, closes: #581393
95 * add a note to README.Debian about LDAP needing an entry in
96 /etc/nsswitch.conf, closes: #522065
97 * add a note to README.Debian about how to turn off lectures if using
98 RAMRUN in /etc/default/rcS, closes: #581393
100 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
102 sudo (1.7.2p6-1) unstable; urgency=low
104 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
106 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
108 sudo (1.7.2p5-1) unstable; urgency=low
110 * new upstream release, closes a bug filed upstream regarding missing man
111 page processing scripts in the 1.7.2p1 tarball, also includes the fix
112 for CVE-2010-0426 previously the subject of a security team nmu
113 * move to source format 3.0 (quilt) and restructure changes as patches
114 * fix unprocessed substitution variables in man pages, closes: #557204
115 * apply patch from Neil Moore to fix Debian-specific content in the
116 visudo man page, closes: #555013
117 * update descriptions to better explain sudo-ldap, closes: #573108
118 * eliminate spurious 'and' in man page, closes: #571620
119 * fix confusing text in default sudoers, closes: #566607
121 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
123 sudo (1.7.2p1-1) unstable; urgency=low
125 * new upstream version
126 * add support for /etc/sudoers.d using #includedir in default sudoers,
127 which I think is also a good solution to the request for a crontab-like
128 API requested in March of 2001, closes: #539994, #271813, #89743
129 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
131 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
133 sudo (1.7.2-2) unstable; urgency=low
135 * further improve initial sudoers to not include the NOPASSWD option on
136 the group sudo exception, closes: #539136, #198991
138 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
140 sudo (1.7.2-1) unstable; urgency=low
142 * new upstream version, closes: #537103
143 * improve initial sudoers by having the exemption for users in group
144 sudo on by default, and including the ability to run any command as
145 any user. This makes the default install roughly equivalent to our
146 old use of the --with-exempt=sudo build option, closes: #536220, #536222
148 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
150 sudo (1.7.0-1) unstable; urgency=low
152 * new upstream version, closes: #510179, #128268, #520274, #508514
153 * fix ldap config file path for sudo-ldap package, including creating
154 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
155 package, closes: #430826
156 * fix NOPASSWD entry location in default config file for the sudo-ldap
157 instance too, closes: #479616
159 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
161 sudo (1.6.9p17-2) unstable; urgency=high
163 * patch from upstream to fix privilege escalation with certain
164 configurations, CVE-2009-0034
165 * typo in sudoers man page, closes: #507163
167 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
169 sudo (1.6.9p17-1) unstable; urgency=low
171 * new upstream version, closes: #481008
172 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
173 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
174 in move from CVS to git for package management, closes: #475821
175 * re-instate the init.d for the sudo-ldap package too... /o\
177 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
179 sudo (1.6.9p15-2) unstable; urgency=low
181 * revert the fix for 388659 such that visudo once again defaults to using
182 /usr/bin/editor. I was always ambivalent about this change, it has caused
183 more confusion and frustration than it cured, and I find Justin's line of
184 reasoning persuasive. Update the man page source to reflect this choice
185 and the related use of --with-env-editor. Closes: #474197.
186 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
188 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
190 sudo (1.6.9p15-1) unstable; urgency=low
192 * new upstream version, closes: #467126, #473337
193 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
194 thanks to Justin Pryzby for pointing this out
195 * reinstate the init.d, since bootclean doesn't quite do what we want. This
196 also means we don't need the preinst scripts any more. Update the lintian
197 overrides since postinst is a Perl script lintian apparently isn't parsing
198 well. closes: #330868
200 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
202 sudo (1.6.9p12-1) unstable; urgency=low
204 * new upstream version, closes: #464890
206 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
208 sudo (1.6.9p11-3) unstable; urgency=low
210 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
212 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
214 sudo (1.6.9p11-2) unstable; urgency=low
216 * update version compared in preinst when removing obsolete init.d,
218 * implement pam session config suggestions from Elizabeth Fong,
219 closes: #452457, #402329
221 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
223 sudo (1.6.9p11-1) unstable; urgency=low
225 * new upstream version
227 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
229 sudo (1.6.9p10-1) unstable; urgency=low
231 * new upstream version
232 * tweak default password prompt as %u doesn't make sense. Accept patch from
233 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
234 uses it by default, closes: #454409
235 * accept patch from Martin Pitt that adds a prerm making it difficult to
236 "accidentally" remove sudo when there is no root password set on the
237 system, closes: #451241
239 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
241 sudo (1.6.9p9-1) unstable; urgency=low
243 * new upstream version
244 * debian/rules: configure a more informative default password prompt to
245 reduce confusion when using sudo to invoke commands which also ask for
246 passwords, closes: #343268
247 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
248 a custom prompt, closes: #448628.
249 * fix configure's ability to discover that libc has dirfd, closes: #451324
250 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
251 the command 'visudo' invokes a vi variant by default as documented,
254 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
256 sudo (1.6.9p6-1) unstable; urgency=low
258 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
259 closes: #434832, #434608, #430382
260 * eliminate the now-redundant init.d scripts, closes: #397090
261 * fix typo in TROUBLESHOOTING file, closes: #439624
263 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
265 sudo (1.6.8p12-6) unstable; urgency=low
267 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
268 * have init.d touch directories in /var/run/sudo, not just files, as a
270 * fix various typos in sudoers.pod, closes: #419749
271 * don't let Makefile strip binaries, closes: #438073
273 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
275 sudo (1.6.8p12-5) unstable; urgency=low
277 * update debian/copyright to reflect new upstream URL, closes: #368746
278 * add sandwich cartoon URL to the README.Debian
279 * don't remove sudoers on purge. can cause problems when moving between
280 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
281 evil choice for now, closes: #401366
282 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
284 * accept patch that improves debian/rules from Ted Percival, closes: #382122
285 * no longer build with --with-exempt=sudo, provide an example entry in the
286 default sudoers file instead, closes: #296605
287 * add --with-devel to configure and augment build dependencies so that flex
288 and yacc files get re-generated on every build, closes: #316249
290 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
292 sudo (1.6.8p12-4) unstable; urgency=low
294 * patch from Petter Reinholdtsen for the LSB info block in the init.d
295 script, closes: #361055
296 * deliver sudoers sample again, closes: #361593
298 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
300 sudo (1.6.8p12-3) unstable; urgency=low
302 * force-feed configure knowledge of nroff's path so we get unformatted man
303 pages installed without build-depending on groff-base, closes: #360894
304 * add a reference to OPTIONS in the man page, closes: #186226
306 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
308 sudo (1.6.8p12-2) unstable; urgency=low
310 * fix typos in init scripts, closes: #346325
311 * update to debhelper compat level 5
312 * build depend on autotools-dev to ensure config.sub/guess are fresh
313 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
314 use it here as well. Thanks to Martin and the debian-security team.
315 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
316 closes: #315115, #315718, #203874
317 * Non-maintainer upload by the Security Team
318 * Reworked the former patch to limit environment variables from being
319 passed through, set env_reset as default instead [sudo.c, env.c,
320 sudoers.pod, Bug#342948, CVE-2005-4158]
321 * env_reset is now set by default
322 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
323 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
324 (in addition to the SUDO_* variables)
325 * Rebuild sudoers.man.in from the POD file
326 * Added README.Debian
327 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
328 * simplify rules file by using more of Makefile, despite having to override
329 default directories with more arguments to configure, closes: #292833
330 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
331 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
332 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
333 unresolveable (requires adding bison as build dep), closes: #314949
335 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
337 sudo (1.6.8p12-1) unstable; urgency=low
339 * new upstream version, closes: #342948 (CVE-2005-4158)
340 * add env_reset to the sudoers file we create if none already exists,
341 as a further precaution in response to discussion about CVS-2005-4158
342 * split ldap support into a new sudo-ldap package. I was trying to avoid
343 doing this, but the impact of going from 4 to 17 linked shlibs on the
344 autobuilder chroots is sufficient motivation for me.
347 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
349 sudo (1.6.8p9-4) unstable; urgency=low
351 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
352 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
353 timestamps in the init.d script, closes: #330868
354 * add dependency header to init.d script, closes: #332849
356 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
358 sudo (1.6.8p9-3) unstable; urgency=high
360 * update debhelper compatibility level from 2 to 4
361 * add man page symlink for sudoedit
362 * Clean SHELLOPTS and PS4 from the environment before executing programs
363 with sudo permissions [env.c, CAN-2005-2959]
364 * fix typo in manpage pointed out by Moray Allen, closes: #285995
365 * fix paths in sample complex sudoers file, closes: #303542
366 * fix type in sudoers man page, closes: #311244
368 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
370 sudo (1.6.8p9-2) unstable; urgency=high
372 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
375 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
377 sudo (1.6.8p9-1) unstable; urgency=high
379 * new upstream version, fixes a race condition in sudo's pathname
380 validation, which is a security issue (CAN-2005-1993),
381 closes: #315115, #315718
383 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
385 sudo (1.6.8p7-1) unstable; urgency=low
387 * new upstream version, closes: #299585
388 * update lintian overrides to squelch the postinst warning
389 * change sudoedit from a hard to a soft link, closes: #296896
390 * fix regex doc in sudoers man page, closes: #300361
392 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
394 sudo (1.6.8p5-1) unstable; urgency=high
396 * new upstream version
397 * restores ability to use config tuples without a value, which was causing
398 problems on upgrade closes: #283306
399 * deliver sudoedit, closes: #283078
400 * marking urgency high since 283306 is a serious upgrade incompatibility
402 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
404 sudo (1.6.8p3-2) unstable; urgency=high
406 * update pam.d deliverable so ldap works again, closes: #282191
408 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
410 sudo (1.6.8p3-1) unstable; urgency=high
412 * new upstream version, fixes a flaw in sudo's environment sanitizing that
413 could allow a malicious user with permission to run a shell script that
414 utilized the bash shell to run arbitrary commands, closes: #281665
415 * patch the sample sudoers to have the proper path for kill on Debian
416 systems, closes: #263486
417 * patch the sudo manpage to reflect Debian's choice of exempt_group
418 default setting, closes: #236465
419 * patch the sudo manpage to reflect Debian's choice of no timeout on the
420 password prompt, closes: #271194
422 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
424 sudo (1.6.7p5-2) unstable; urgency=low
426 * Jeff Bailey reports that seteuid works on current sparc systems, so we
427 no longer need the "grosshack" stuff in the sudo rules file
428 * add a postrm that removes /etc/sudoers on purge. don't do this with the
429 normal conffile mechanism since it would generate noise on every upgrade,
432 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
434 sudo (1.6.7p5-1) unstable; urgency=low
436 * new upstream version, closes: #190265, #193222, #197244
437 * change from '.' to ':' in postinst chown call, closes: #208369
439 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
441 sudo (1.6.7p3-2) unstable; urgency=low
443 * add --disable-setresuid to configure call since 2.2 kernels don't support
444 setresgid, closes: #189044
445 * cosmetic cleanups to debian/rules as long as I'm there
447 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
449 sudo (1.6.7p3-1) unstable; urgency=low
451 * new upstream version
452 * add overrides to quiet lintian about things it doesn't understand,
453 except the source one that can't be overridden until 129510 is fixed
455 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
457 sudo (1.6.6-3) unstable; urgency=low
459 * add code to rules file to update config.sub/guess, closes: #164501
461 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
463 sudo (1.6.6-2) unstable; urgency=low
465 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
466 configure, and lose the build dependency on mail-transport-agent
467 * incorporate changes from LaMont's NMU, closes: #144665, #144737
468 * update init.d to not try and set time on nonexistent timestamp files,
470 * build with --with-all-insults, admin must edit sudoers to turn insults
471 on at runtime if desired, closes: #135374
472 * stop setting /usr/doc symlink in postinst
474 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
476 sudo (1.6.6-1.1) unstable; urgency=high
478 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
479 * Revert patch to auth/pam.c that left pass uninitialized, causing a
480 segfault (Closes: #144665).
482 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
484 sudo (1.6.6-1) unstable; urgency=high
486 * new upstream version, fixes security problem with crafty prompts,
489 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
491 sudo (1.6.5p1-4) unstable; urgency=high
493 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
494 if ctrl/C'ed at password prompt, closes: #131235
496 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
498 sudo (1.6.5p1-3) unstable; urgency=high
500 * ugly hack to add --disable-saved-ids when building on sparc in response
501 to 131592, which will be reassigned to glibc for a real fix
502 * urgency high since the sudo currently in testing for sparc is worthless
504 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
506 sudo (1.6.5p1-2) unstable; urgency=high
508 * patch from upstream to fix seg faults caused by versions of pam that
509 follow a NULL pointer, closes: #129512
511 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
513 sudo (1.6.5p1-1) unstable; urgency=high
515 * new upstream version
516 * add --disable-root-mailer option supported by new version to configure
517 call in rules file, closes: #129648
519 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
521 sudo (1.6.4p1-1) unstable; urgency=high
523 * new upstream version, with fix for segfaulting problem in 1.6.4
525 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
527 sudo (1.6.4-1) unstable; urgency=high
529 * new upstream version, includes an important security fix, closes: #127576
531 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
533 sudo (1.6.3p7-5) unstable; urgency=low
535 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
536 * fix spelling error in init.d, closes: #126847
538 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
540 sudo (1.6.3p7-4) unstable; urgency=medium
542 * use touch to set status files to an ancient date instead of removing them
543 outright on reboot. this achieves the desired effect of keeping elevated
544 privs from living across reboots, without forcing everyone to see the
545 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
546 for systems with good clocks, and 'recent enough' that broken PC hardware
547 setting the clock to commonly-seen bogus dates trips over the "don't trust
548 future timestamps" rule. closes: #76529, #123559
549 * apply patch from Steve Langasek to fix seg faults due to interaction with
550 PAM code. upstream confirms the problem, and says they're fixing this
551 differently for their next release... but this should be useful in the
552 meantime, and would be good to get into woody. closes: #119147
553 * only run the init.d at boot, not on each runlevel change... and don't run
554 it during package configure. closes: #125935
555 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
557 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
559 sudo (1.6.3p7-3) unstable; urgency=low
561 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
562 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
563 * fix a typo in the manpage, closes: #97368
564 * apply patch to configure.in and run autoconf to fix problem building on
565 the hurd, closes: #96325
566 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
567 to not last across reboots, closes: #76529
568 * clean up lintian-noticed cosmetic packaging issues
570 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
572 sudo (1.6.3p7-2) unstable; urgency=low
574 * update config.sub/guess for hppa support
576 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
578 sudo (1.6.3p7-1) unstable; urgency=low
580 * new upstream version
581 * add build dependency on mail-transport-agent, closes: #90685
583 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
585 sudo (1.6.3p6-1) unstable; urgency=high
587 * new upstream version, fixes buffer overflow problem,
588 closes: #87259, #87278, #87263
589 * revert to using --with-secure-path option at build time, since the option
590 available in sudoers is parsed too late to be useful, and upstream says
591 it won't get fixed quickly. This reopens 85123, which I will mark as
592 forwarded. Closes: #86199, #86117, #85676
594 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
596 sudo (1.6.3p5-2) unstable; urgency=low
598 * lose the dh_suidregister call since it's obsolete
599 * stop using the --with-secure-path option at build time, and instead show
600 how to set it in sudoers. Closes: #85123
601 * freshen config.sub and config.guess for ia64 and hppa
602 * update sudoers man page to indicate exempt_group is on by default,
605 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
607 sudo (1.6.3p5-1) unstable; urgency=low
609 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
610 * this version restores core dumps before the exec, while leaving them
611 disabled during sudo's internal execution, closes: #58289
612 * update debhelper calls in rules file
614 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
616 sudo (1.6.2p2-1) frozen unstable; urgency=medium
618 * new upstream source resulting from direct collaboration with the upstream
619 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
620 Closes: #56129, #55978, #55979, #56550, #56772
621 * include more upstream documentation, closes: #55054
622 * pam.d fragment update, closes: #56129
624 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
626 sudo (1.6.1-1) unstable; urgency=low
628 * new upstream source, closes: #52750
630 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
632 sudo (1.6-2) unstable; urgency=low
634 * drop suidregister support for this package. The sudo executable is
635 essentially worthless unless it is setuid root, and making suidregister
636 work involves shipping a non-setuid executable in the .deb and setting the
637 perms in the postinst. On a long upgrade run, this can leave the sudo
638 executable 'broken' for a long time, which is unacceptable. With this
639 version, we ship the executable setuid root in the .deb. Closes: #51742
641 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
643 sudo (1.6-1) unstable; urgency=low
645 * new upstream version, many options previously set at compile-time are now
646 configurable at runtime.
647 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
650 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
652 sudo (1.5.9p4-1) unstable; urgency=low
654 * new upstream version, closes: #43464
655 * empty password handling was fixed in 1.5.8, closes: #31863
657 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
659 sudo (1.5.9p1-1) unstable; urgency=low
661 * new upstream version
663 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
665 sudo (1.5.8p1-1) unstable; urgency=medium
667 * new upstream version, closes 33690
668 * add dependency on libpam-modules, closes 34215, 33432
670 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
672 sudo (1.5.7p4-2) unstable; urgency=medium
674 * update the pam fragment provided so that sudo works with latest pam bits,
677 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
679 sudo (1.5.7p4-1) unstable; urgency=low
681 * new upstream release
683 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
685 sudo (1.5.6p5-1) unstable; urgency=low
687 * new upstream patch release
688 * add PAM support, closes 28594
690 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
692 sudo (1.5.6p2-2) unstable; urgency=low
694 * update copyright file, closes 24136
695 * review and close forwarded bugs believed fixed in this upstream version,
698 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
700 sudo (1.5.6p2-1) unstable; urgency=low
702 * new upstream release
704 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
706 sudo (1.5.4-4) frozen unstable; urgency=low
708 * update postinst to use groupadd, closes 21403
709 * move the suidregister stuff earlier in postinst to ensure it always runs
711 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
713 sudo (1.5.4-3) frozen unstable; urgency=low
715 * change /etc/sudoers from a conffile to being handled in postinst,
717 * add suidmanager support, closes 15711
718 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
719 unlikely to ever fix, and which just don't matter. closes 17146
720 * fix FSF address in copyright file, and submit exception for lintian
721 warning about sudo being setuid root
723 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
725 sudo (1.5.4-2) unstable; urgency=high
727 * patch from upstream author correcting/improving security fix
729 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
731 sudo (1.5.4-1) unstable; urgency=high
733 * new upstream version, includes a security fix
734 * change default editor from /bin/ae to /usr/bin/editor
736 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
738 sudo (1.5.3-1) unstable; urgency=medium
740 * new upstream version, closes bug 15911.
741 * rules file reworked to use debhelper
742 * implement a really gross hack to force use of the sudo-provided
743 lsearch(), since the one in libc6 is broken! This closes bugs
744 12552, 12557, 14881, 15259, 15916.
746 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
748 sudo (1.5.2-6) unstable; urgency=LOW
750 * don't install INSTALL in the doc directory, closes bug 13195.
752 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
754 sudo (1.5.2-5) unstable; urgency=LOW
758 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
760 sudo (1.5.2-4) unstable; urgency=LOW
762 * change TIMEOUT (how long before you have to type your password again)
763 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
764 packages on slower machines much more tolerable. Closes bug 9076.
765 * touch debian/suid before debstd. Closes bug 8709.
767 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
769 sudo (1.5.2-3) frozen unstable; urgency=LOW
771 * patch from upstream maintainer to close Bug 6828
772 * add a debian/suid file to get debstd to leave my perl postinst alone
774 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
776 sudo (1.5.2-2) frozen unstable; urgency=LOW
778 * change rules to use -O2 -Wall as per standards
780 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
782 sudo (1.5.2-1) unstable; urgency=LOW
784 * new upstream version
785 * cosmetic changes to debian package control files
787 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
789 sudo (1.5-2) unstable; urgency=LOW
791 * add /usr/X11R6/bin to the end of the secure path... this makes it
792 much easier to run xmkmf, etc., during package builds. To the extent
793 that /usr/local/sbin and /usr/local/bin were already included, I see
794 no security reasons not to add this.
796 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
798 sudo (1.5-1) unstable; urgency=LOW
800 * New upstream version
802 * New packaging format
804 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
806 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
810 * hard code SECURE_PATH to:
811 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
815 * enabled EXEMPTGROUP "sudo"
817 * moved timestamp dir to /var/log/sudo
819 * changed parser to check for long and short filenames (Bug#1162)
821 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
825 * New upstream source
827 * Fixed postinst script
828 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
830 * Removed special shadow binary. This version works with and without
831 shadow password file.
833 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
837 * Corrected editor path to /bin/ae (Bug#3062)
839 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
841 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
845 * New upstream version
847 * Changed sudoers permission to 440 (owner root, group root) to make
850 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
854 * Applied upstream patch 1
856 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
860 * Applied upstream patch 2
862 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
866 * Applied upstream patch 3 (fixes problems with an NFS-mounted
870 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
874 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
875 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
877 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
881 * Applied upstream patch 4 (fixes several bugs)
883 * Changed priority to optional
885 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
889 * Corrected postinst to create correct permission for /etc/sudoers
892 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
896 * New upstream version
899 sudo (1.4.4-2) admin; urgency=HIGH
901 * Fixed major security bug reported by Peter Tobias
902 <tobias@et-inf.fho-emden.de>
903 * Added dchanges support to debian.rules
905 sudo (1.4.5-1) admin; urgency=LOW
907 * New upstream version
908 * Minor changes to debian.rules