1 sudo (1.8.2-1) UNRELEASED; urgency=low
3 * new upstream version, closes: #637449
4 * include common-session in pam config, closes: #519700, #607199
5 * move secure_path from configure to default sudoers, closes: #85123, 85917
6 * improve sudoers self-documentation, closes: #613639
7 * drop --disable-setresuid since modern systems should not run 2.2 kernels
8 * lose the --with-devel configure option since it's breaking builds in
9 subdirectories for some reason
11 -- Bdale Garbee <bdale@gag.com> Wed, 24 Aug 2011 13:33:11 -0600
13 sudo (1.7.4p6-1) unstable; urgency=low
15 * new upstream version
16 * touch the right stamp name after configuring, closes: #611287
17 * patch from Svante Signell to fix build problem on Hurd, closes: #611290
19 -- Bdale Garbee <bdale@gag.com> Wed, 09 Feb 2011 11:32:58 -0700
21 sudo (1.7.4p4-6) unstable; urgency=low
23 * update /etc/sudoers.d/README now that sudoers is a conffile
24 * patch from upstream to fix special case in password checking code
25 when only the gid is changing, closes: #609641
27 -- Bdale Garbee <bdale@gag.com> Tue, 11 Jan 2011 10:22:39 -0700
29 sudo (1.7.4p4-5) unstable; urgency=low
31 * patch from Jakub Wilk to add noopt and nostrip build option support,
33 * make sudoers a conffile, closes: #605130
34 * add descriptions to LSB init headers, closes: #604619
35 * change default sudoers %sudo entry to allow gid changes, closes: #602699
36 * add Vcs entries to the control file
37 * use debhelper install files instead of explicit installs in rules
39 -- Bdale Garbee <bdale@gag.com> Wed, 01 Dec 2010 20:32:31 -0700
41 sudo (1.7.4p4-4) unstable; urgency=low
43 * patch from upstream to resolve problem always prompting for a password
44 when run without a tty, closes: #599376
45 * patch from upstream to resolve interoperability problem between HOME in
46 env_keep and the -H flag, closes: #596493
47 * change path syntax to avoid tar error when /var/run/sudo exists but is
48 empty, closes: #598877
50 -- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600
52 sudo (1.7.4p4-3) unstable; urgency=low
54 * make postinst clause for handling /var/run -> /var/lib transition less
55 fragile, closes: #585514
56 * cope with upstream's Makefile trying to install ChangeLog in our doc
57 directory, closes: #597389
58 * fix README.Debian to reflect that HOME is no longer preserved by default,
61 -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
63 sudo (1.7.4p4-2) unstable; urgency=low
65 * add a NEWS item about change in $HOME handling that impacts programs
68 -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
70 sudo (1.7.4p4-1) unstable; urgency=high
72 * new upstream version, urgency high due to fix for flaw in Runas group
73 matching (CVE-2010-2956), closes: #595935
74 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
75 re-lecturing existing users, and to clean up after ourselves on upgrade,
76 and remove the RAMRUN section from README.Debian since the new state dir
77 should fix the original problem, closes: #585514
78 * deliver README.Debian to both package flavors, closes: #593579
80 -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600
82 sudo (1.7.2p7-1) unstable; urgency=high
84 * new upstream release with security fix for secure path (CVE-2010-1646),
86 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
87 about whether to give the lecture is preserved across reboots even when
88 RAMRUN is set, closes: #581393
89 * add a note to README.Debian about LDAP needing an entry in
90 /etc/nsswitch.conf, closes: #522065
91 * add a note to README.Debian about how to turn off lectures if using
92 RAMRUN in /etc/default/rcS, closes: #581393
94 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
96 sudo (1.7.2p6-1) unstable; urgency=low
98 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
100 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
102 sudo (1.7.2p5-1) unstable; urgency=low
104 * new upstream release, closes a bug filed upstream regarding missing man
105 page processing scripts in the 1.7.2p1 tarball, also includes the fix
106 for CVE-2010-0426 previously the subject of a security team nmu
107 * move to source format 3.0 (quilt) and restructure changes as patches
108 * fix unprocessed substitution variables in man pages, closes: #557204
109 * apply patch from Neil Moore to fix Debian-specific content in the
110 visudo man page, closes: #555013
111 * update descriptions to better explain sudo-ldap, closes: #573108
112 * eliminate spurious 'and' in man page, closes: #571620
113 * fix confusing text in default sudoers, closes: #566607
115 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
117 sudo (1.7.2p1-1) unstable; urgency=low
119 * new upstream version
120 * add support for /etc/sudoers.d using #includedir in default sudoers,
121 which I think is also a good solution to the request for a crontab-like
122 API requested in March of 2001, closes: #539994, #271813, #89743
123 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
125 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
127 sudo (1.7.2-2) unstable; urgency=low
129 * further improve initial sudoers to not include the NOPASSWD option on
130 the group sudo exception, closes: #539136, #198991
132 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
134 sudo (1.7.2-1) unstable; urgency=low
136 * new upstream version, closes: #537103
137 * improve initial sudoers by having the exemption for users in group
138 sudo on by default, and including the ability to run any command as
139 any user. This makes the default install roughly equivalent to our
140 old use of the --with-exempt=sudo build option, closes: #536220, #536222
142 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
144 sudo (1.7.0-1) unstable; urgency=low
146 * new upstream version, closes: #510179, #128268, #520274, #508514
147 * fix ldap config file path for sudo-ldap package, including creating
148 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
149 package, closes: #430826
150 * fix NOPASSWD entry location in default config file for the sudo-ldap
151 instance too, closes: #479616
153 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
155 sudo (1.6.9p17-2) unstable; urgency=high
157 * patch from upstream to fix privilege escalation with certain
158 configurations, CVE-2009-0034
159 * typo in sudoers man page, closes: #507163
161 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
163 sudo (1.6.9p17-1) unstable; urgency=low
165 * new upstream version, closes: #481008
166 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
167 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
168 in move from CVS to git for package management, closes: #475821
169 * re-instate the init.d for the sudo-ldap package too... /o\
171 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
173 sudo (1.6.9p15-2) unstable; urgency=low
175 * revert the fix for 388659 such that visudo once again defaults to using
176 /usr/bin/editor. I was always ambivalent about this change, it has caused
177 more confusion and frustration than it cured, and I find Justin's line of
178 reasoning persuasive. Update the man page source to reflect this choice
179 and the related use of --with-env-editor. Closes: #474197.
180 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
182 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
184 sudo (1.6.9p15-1) unstable; urgency=low
186 * new upstream version, closes: #467126, #473337
187 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
188 thanks to Justin Pryzby for pointing this out
189 * reinstate the init.d, since bootclean doesn't quite do what we want. This
190 also means we don't need the preinst scripts any more. Update the lintian
191 overrides since postinst is a Perl script lintian apparently isn't parsing
192 well. closes: #330868
194 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
196 sudo (1.6.9p12-1) unstable; urgency=low
198 * new upstream version, closes: #464890
200 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
202 sudo (1.6.9p11-3) unstable; urgency=low
204 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
206 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
208 sudo (1.6.9p11-2) unstable; urgency=low
210 * update version compared in preinst when removing obsolete init.d,
212 * implement pam session config suggestions from Elizabeth Fong,
213 closes: #452457, #402329
215 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
217 sudo (1.6.9p11-1) unstable; urgency=low
219 * new upstream version
221 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
223 sudo (1.6.9p10-1) unstable; urgency=low
225 * new upstream version
226 * tweak default password prompt as %u doesn't make sense. Accept patch from
227 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
228 uses it by default, closes: #454409
229 * accept patch from Martin Pitt that adds a prerm making it difficult to
230 "accidentally" remove sudo when there is no root password set on the
231 system, closes: #451241
233 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
235 sudo (1.6.9p9-1) unstable; urgency=low
237 * new upstream version
238 * debian/rules: configure a more informative default password prompt to
239 reduce confusion when using sudo to invoke commands which also ask for
240 passwords, closes: #343268
241 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
242 a custom prompt, closes: #448628.
243 * fix configure's ability to discover that libc has dirfd, closes: #451324
244 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
245 the command 'visudo' invokes a vi variant by default as documented,
248 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
250 sudo (1.6.9p6-1) unstable; urgency=low
252 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
253 closes: #434832, #434608, #430382
254 * eliminate the now-redundant init.d scripts, closes: #397090
255 * fix typo in TROUBLESHOOTING file, closes: #439624
257 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
259 sudo (1.6.8p12-6) unstable; urgency=low
261 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
262 * have init.d touch directories in /var/run/sudo, not just files, as a
264 * fix various typos in sudoers.pod, closes: #419749
265 * don't let Makefile strip binaries, closes: #438073
267 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
269 sudo (1.6.8p12-5) unstable; urgency=low
271 * update debian/copyright to reflect new upstream URL, closes: #368746
272 * add sandwich cartoon URL to the README.Debian
273 * don't remove sudoers on purge. can cause problems when moving between
274 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
275 evil choice for now, closes: #401366
276 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
278 * accept patch that improves debian/rules from Ted Percival, closes: #382122
279 * no longer build with --with-exempt=sudo, provide an example entry in the
280 default sudoers file instead, closes: #296605
281 * add --with-devel to configure and augment build dependencies so that flex
282 and yacc files get re-generated on every build, closes: #316249
284 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
286 sudo (1.6.8p12-4) unstable; urgency=low
288 * patch from Petter Reinholdtsen for the LSB info block in the init.d
289 script, closes: #361055
290 * deliver sudoers sample again, closes: #361593
292 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
294 sudo (1.6.8p12-3) unstable; urgency=low
296 * force-feed configure knowledge of nroff's path so we get unformatted man
297 pages installed without build-depending on groff-base, closes: #360894
298 * add a reference to OPTIONS in the man page, closes: #186226
300 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
302 sudo (1.6.8p12-2) unstable; urgency=low
304 * fix typos in init scripts, closes: #346325
305 * update to debhelper compat level 5
306 * build depend on autotools-dev to ensure config.sub/guess are fresh
307 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
308 use it here as well. Thanks to Martin and the debian-security team.
309 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
310 closes: #315115, #315718, #203874
311 * Non-maintainer upload by the Security Team
312 * Reworked the former patch to limit environment variables from being
313 passed through, set env_reset as default instead [sudo.c, env.c,
314 sudoers.pod, Bug#342948, CVE-2005-4158]
315 * env_reset is now set by default
316 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
317 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
318 (in addition to the SUDO_* variables)
319 * Rebuild sudoers.man.in from the POD file
320 * Added README.Debian
321 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
322 * simplify rules file by using more of Makefile, despite having to override
323 default directories with more arguments to configure, closes: #292833
324 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
325 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
326 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
327 unresolveable (requires adding bison as build dep), closes: #314949
329 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
331 sudo (1.6.8p12-1) unstable; urgency=low
333 * new upstream version, closes: #342948 (CVE-2005-4158)
334 * add env_reset to the sudoers file we create if none already exists,
335 as a further precaution in response to discussion about CVS-2005-4158
336 * split ldap support into a new sudo-ldap package. I was trying to avoid
337 doing this, but the impact of going from 4 to 17 linked shlibs on the
338 autobuilder chroots is sufficient motivation for me.
341 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
343 sudo (1.6.8p9-4) unstable; urgency=low
345 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
346 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
347 timestamps in the init.d script, closes: #330868
348 * add dependency header to init.d script, closes: #332849
350 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
352 sudo (1.6.8p9-3) unstable; urgency=high
354 * update debhelper compatibility level from 2 to 4
355 * add man page symlink for sudoedit
356 * Clean SHELLOPTS and PS4 from the environment before executing programs
357 with sudo permissions [env.c, CAN-2005-2959]
358 * fix typo in manpage pointed out by Moray Allen, closes: #285995
359 * fix paths in sample complex sudoers file, closes: #303542
360 * fix type in sudoers man page, closes: #311244
362 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
364 sudo (1.6.8p9-2) unstable; urgency=high
366 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
369 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
371 sudo (1.6.8p9-1) unstable; urgency=high
373 * new upstream version, fixes a race condition in sudo's pathname
374 validation, which is a security issue (CAN-2005-1993),
375 closes: #315115, #315718
377 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
379 sudo (1.6.8p7-1) unstable; urgency=low
381 * new upstream version, closes: #299585
382 * update lintian overrides to squelch the postinst warning
383 * change sudoedit from a hard to a soft link, closes: #296896
384 * fix regex doc in sudoers man page, closes: #300361
386 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
388 sudo (1.6.8p5-1) unstable; urgency=high
390 * new upstream version
391 * restores ability to use config tuples without a value, which was causing
392 problems on upgrade closes: #283306
393 * deliver sudoedit, closes: #283078
394 * marking urgency high since 283306 is a serious upgrade incompatibility
396 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
398 sudo (1.6.8p3-2) unstable; urgency=high
400 * update pam.d deliverable so ldap works again, closes: #282191
402 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
404 sudo (1.6.8p3-1) unstable; urgency=high
406 * new upstream version, fixes a flaw in sudo's environment sanitizing that
407 could allow a malicious user with permission to run a shell script that
408 utilized the bash shell to run arbitrary commands, closes: #281665
409 * patch the sample sudoers to have the proper path for kill on Debian
410 systems, closes: #263486
411 * patch the sudo manpage to reflect Debian's choice of exempt_group
412 default setting, closes: #236465
413 * patch the sudo manpage to reflect Debian's choice of no timeout on the
414 password prompt, closes: #271194
416 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
418 sudo (1.6.7p5-2) unstable; urgency=low
420 * Jeff Bailey reports that seteuid works on current sparc systems, so we
421 no longer need the "grosshack" stuff in the sudo rules file
422 * add a postrm that removes /etc/sudoers on purge. don't do this with the
423 normal conffile mechanism since it would generate noise on every upgrade,
426 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
428 sudo (1.6.7p5-1) unstable; urgency=low
430 * new upstream version, closes: #190265, #193222, #197244
431 * change from '.' to ':' in postinst chown call, closes: #208369
433 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
435 sudo (1.6.7p3-2) unstable; urgency=low
437 * add --disable-setresuid to configure call since 2.2 kernels don't support
438 setresgid, closes: #189044
439 * cosmetic cleanups to debian/rules as long as I'm there
441 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
443 sudo (1.6.7p3-1) unstable; urgency=low
445 * new upstream version
446 * add overrides to quiet lintian about things it doesn't understand,
447 except the source one that can't be overridden until 129510 is fixed
449 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
451 sudo (1.6.6-3) unstable; urgency=low
453 * add code to rules file to update config.sub/guess, closes: #164501
455 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
457 sudo (1.6.6-2) unstable; urgency=low
459 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
460 configure, and lose the build dependency on mail-transport-agent
461 * incorporate changes from LaMont's NMU, closes: #144665, #144737
462 * update init.d to not try and set time on nonexistent timestamp files,
464 * build with --with-all-insults, admin must edit sudoers to turn insults
465 on at runtime if desired, closes: #135374
466 * stop setting /usr/doc symlink in postinst
468 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
470 sudo (1.6.6-1.1) unstable; urgency=high
472 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
473 * Revert patch to auth/pam.c that left pass uninitialized, causing a
474 segfault (Closes: #144665).
476 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
478 sudo (1.6.6-1) unstable; urgency=high
480 * new upstream version, fixes security problem with crafty prompts,
483 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
485 sudo (1.6.5p1-4) unstable; urgency=high
487 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
488 if ctrl/C'ed at password prompt, closes: #131235
490 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
492 sudo (1.6.5p1-3) unstable; urgency=high
494 * ugly hack to add --disable-saved-ids when building on sparc in response
495 to 131592, which will be reassigned to glibc for a real fix
496 * urgency high since the sudo currently in testing for sparc is worthless
498 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
500 sudo (1.6.5p1-2) unstable; urgency=high
502 * patch from upstream to fix seg faults caused by versions of pam that
503 follow a NULL pointer, closes: #129512
505 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
507 sudo (1.6.5p1-1) unstable; urgency=high
509 * new upstream version
510 * add --disable-root-mailer option supported by new version to configure
511 call in rules file, closes: #129648
513 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
515 sudo (1.6.4p1-1) unstable; urgency=high
517 * new upstream version, with fix for segfaulting problem in 1.6.4
519 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
521 sudo (1.6.4-1) unstable; urgency=high
523 * new upstream version, includes an important security fix, closes: #127576
525 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
527 sudo (1.6.3p7-5) unstable; urgency=low
529 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
530 * fix spelling error in init.d, closes: #126847
532 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
534 sudo (1.6.3p7-4) unstable; urgency=medium
536 * use touch to set status files to an ancient date instead of removing them
537 outright on reboot. this achieves the desired effect of keeping elevated
538 privs from living across reboots, without forcing everyone to see the
539 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
540 for systems with good clocks, and 'recent enough' that broken PC hardware
541 setting the clock to commonly-seen bogus dates trips over the "don't trust
542 future timestamps" rule. closes: #76529, #123559
543 * apply patch from Steve Langasek to fix seg faults due to interaction with
544 PAM code. upstream confirms the problem, and says they're fixing this
545 differently for their next release... but this should be useful in the
546 meantime, and would be good to get into woody. closes: #119147
547 * only run the init.d at boot, not on each runlevel change... and don't run
548 it during package configure. closes: #125935
549 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
551 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
553 sudo (1.6.3p7-3) unstable; urgency=low
555 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
556 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
557 * fix a typo in the manpage, closes: #97368
558 * apply patch to configure.in and run autoconf to fix problem building on
559 the hurd, closes: #96325
560 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
561 to not last across reboots, closes: #76529
562 * clean up lintian-noticed cosmetic packaging issues
564 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
566 sudo (1.6.3p7-2) unstable; urgency=low
568 * update config.sub/guess for hppa support
570 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
572 sudo (1.6.3p7-1) unstable; urgency=low
574 * new upstream version
575 * add build dependency on mail-transport-agent, closes: #90685
577 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
579 sudo (1.6.3p6-1) unstable; urgency=high
581 * new upstream version, fixes buffer overflow problem,
582 closes: #87259, #87278, #87263
583 * revert to using --with-secure-path option at build time, since the option
584 available in sudoers is parsed too late to be useful, and upstream says
585 it won't get fixed quickly. This reopens 85123, which I will mark as
586 forwarded. Closes: #86199, #86117, #85676
588 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
590 sudo (1.6.3p5-2) unstable; urgency=low
592 * lose the dh_suidregister call since it's obsolete
593 * stop using the --with-secure-path option at build time, and instead show
594 how to set it in sudoers. Closes: #85123
595 * freshen config.sub and config.guess for ia64 and hppa
596 * update sudoers man page to indicate exempt_group is on by default,
599 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
601 sudo (1.6.3p5-1) unstable; urgency=low
603 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
604 * this version restores core dumps before the exec, while leaving them
605 disabled during sudo's internal execution, closes: #58289
606 * update debhelper calls in rules file
608 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
610 sudo (1.6.2p2-1) frozen unstable; urgency=medium
612 * new upstream source resulting from direct collaboration with the upstream
613 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
614 Closes: #56129, #55978, #55979, #56550, #56772
615 * include more upstream documentation, closes: #55054
616 * pam.d fragment update, closes: #56129
618 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
620 sudo (1.6.1-1) unstable; urgency=low
622 * new upstream source, closes: #52750
624 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
626 sudo (1.6-2) unstable; urgency=low
628 * drop suidregister support for this package. The sudo executable is
629 essentially worthless unless it is setuid root, and making suidregister
630 work involves shipping a non-setuid executable in the .deb and setting the
631 perms in the postinst. On a long upgrade run, this can leave the sudo
632 executable 'broken' for a long time, which is unacceptable. With this
633 version, we ship the executable setuid root in the .deb. Closes: #51742
635 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
637 sudo (1.6-1) unstable; urgency=low
639 * new upstream version, many options previously set at compile-time are now
640 configurable at runtime.
641 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
644 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
646 sudo (1.5.9p4-1) unstable; urgency=low
648 * new upstream version, closes: #43464
649 * empty password handling was fixed in 1.5.8, closes: #31863
651 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
653 sudo (1.5.9p1-1) unstable; urgency=low
655 * new upstream version
657 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
659 sudo (1.5.8p1-1) unstable; urgency=medium
661 * new upstream version, closes 33690
662 * add dependency on libpam-modules, closes 34215, 33432
664 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
666 sudo (1.5.7p4-2) unstable; urgency=medium
668 * update the pam fragment provided so that sudo works with latest pam bits,
671 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
673 sudo (1.5.7p4-1) unstable; urgency=low
675 * new upstream release
677 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
679 sudo (1.5.6p5-1) unstable; urgency=low
681 * new upstream patch release
682 * add PAM support, closes 28594
684 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
686 sudo (1.5.6p2-2) unstable; urgency=low
688 * update copyright file, closes 24136
689 * review and close forwarded bugs believed fixed in this upstream version,
692 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
694 sudo (1.5.6p2-1) unstable; urgency=low
696 * new upstream release
698 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
700 sudo (1.5.4-4) frozen unstable; urgency=low
702 * update postinst to use groupadd, closes 21403
703 * move the suidregister stuff earlier in postinst to ensure it always runs
705 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
707 sudo (1.5.4-3) frozen unstable; urgency=low
709 * change /etc/sudoers from a conffile to being handled in postinst,
711 * add suidmanager support, closes 15711
712 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
713 unlikely to ever fix, and which just don't matter. closes 17146
714 * fix FSF address in copyright file, and submit exception for lintian
715 warning about sudo being setuid root
717 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
719 sudo (1.5.4-2) unstable; urgency=high
721 * patch from upstream author correcting/improving security fix
723 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
725 sudo (1.5.4-1) unstable; urgency=high
727 * new upstream version, includes a security fix
728 * change default editor from /bin/ae to /usr/bin/editor
730 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
732 sudo (1.5.3-1) unstable; urgency=medium
734 * new upstream version, closes bug 15911.
735 * rules file reworked to use debhelper
736 * implement a really gross hack to force use of the sudo-provided
737 lsearch(), since the one in libc6 is broken! This closes bugs
738 12552, 12557, 14881, 15259, 15916.
740 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
742 sudo (1.5.2-6) unstable; urgency=LOW
744 * don't install INSTALL in the doc directory, closes bug 13195.
746 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
748 sudo (1.5.2-5) unstable; urgency=LOW
752 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
754 sudo (1.5.2-4) unstable; urgency=LOW
756 * change TIMEOUT (how long before you have to type your password again)
757 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
758 packages on slower machines much more tolerable. Closes bug 9076.
759 * touch debian/suid before debstd. Closes bug 8709.
761 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
763 sudo (1.5.2-3) frozen unstable; urgency=LOW
765 * patch from upstream maintainer to close Bug 6828
766 * add a debian/suid file to get debstd to leave my perl postinst alone
768 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
770 sudo (1.5.2-2) frozen unstable; urgency=LOW
772 * change rules to use -O2 -Wall as per standards
774 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
776 sudo (1.5.2-1) unstable; urgency=LOW
778 * new upstream version
779 * cosmetic changes to debian package control files
781 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
783 sudo (1.5-2) unstable; urgency=LOW
785 * add /usr/X11R6/bin to the end of the secure path... this makes it
786 much easier to run xmkmf, etc., during package builds. To the extent
787 that /usr/local/sbin and /usr/local/bin were already included, I see
788 no security reasons not to add this.
790 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
792 sudo (1.5-1) unstable; urgency=LOW
794 * New upstream version
796 * New packaging format
798 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
800 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
804 * hard code SECURE_PATH to:
805 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
809 * enabled EXEMPTGROUP "sudo"
811 * moved timestamp dir to /var/log/sudo
813 * changed parser to check for long and short filenames (Bug#1162)
815 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
819 * New upstream source
821 * Fixed postinst script
822 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
824 * Removed special shadow binary. This version works with and without
825 shadow password file.
827 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
831 * Corrected editor path to /bin/ae (Bug#3062)
833 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
835 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
839 * New upstream version
841 * Changed sudoers permission to 440 (owner root, group root) to make
844 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
848 * Applied upstream patch 1
850 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
854 * Applied upstream patch 2
856 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
860 * Applied upstream patch 3 (fixes problems with an NFS-mounted
864 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
868 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
869 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
871 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
875 * Applied upstream patch 4 (fixes several bugs)
877 * Changed priority to optional
879 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
883 * Corrected postinst to create correct permission for /etc/sudoers
886 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
890 * New upstream version
893 sudo (1.4.4-2) admin; urgency=HIGH
895 * Fixed major security bug reported by Peter Tobias
896 <tobias@et-inf.fho-emden.de>
897 * Added dchanges support to debian.rules
899 sudo (1.4.5-1) admin; urgency=LOW
901 * New upstream version
902 * Minor changes to debian.rules