1 sudo (1.7.4p6-2) UNRELEASED; urgency=low
3 * include common-session in pam config, closes: #519700, #607199
5 -- Bdale Garbee <bdale@gag.com> Fri, 22 Jul 2011 14:51:28 +0200
7 sudo (1.7.4p6-1) unstable; urgency=low
10 * touch the right stamp name after configuring, closes: #611287
11 * patch from Svante Signell to fix build problem on Hurd, closes: #611290
13 -- Bdale Garbee <bdale@gag.com> Wed, 09 Feb 2011 11:32:58 -0700
15 sudo (1.7.4p4-6) unstable; urgency=low
17 * update /etc/sudoers.d/README now that sudoers is a conffile
18 * patch from upstream to fix special case in password checking code
19 when only the gid is changing, closes: #609641
21 -- Bdale Garbee <bdale@gag.com> Tue, 11 Jan 2011 10:22:39 -0700
23 sudo (1.7.4p4-5) unstable; urgency=low
25 * patch from Jakub Wilk to add noopt and nostrip build option support,
27 * make sudoers a conffile, closes: #605130
28 * add descriptions to LSB init headers, closes: #604619
29 * change default sudoers %sudo entry to allow gid changes, closes: #602699
30 * add Vcs entries to the control file
31 * use debhelper install files instead of explicit installs in rules
33 -- Bdale Garbee <bdale@gag.com> Wed, 01 Dec 2010 20:32:31 -0700
35 sudo (1.7.4p4-4) unstable; urgency=low
37 * patch from upstream to resolve problem always prompting for a password
38 when run without a tty, closes: #599376
39 * patch from upstream to resolve interoperability problem between HOME in
40 env_keep and the -H flag, closes: #596493
41 * change path syntax to avoid tar error when /var/run/sudo exists but is
42 empty, closes: #598877
44 -- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600
46 sudo (1.7.4p4-3) unstable; urgency=low
48 * make postinst clause for handling /var/run -> /var/lib transition less
49 fragile, closes: #585514
50 * cope with upstream's Makefile trying to install ChangeLog in our doc
51 directory, closes: #597389
52 * fix README.Debian to reflect that HOME is no longer preserved by default,
55 -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
57 sudo (1.7.4p4-2) unstable; urgency=low
59 * add a NEWS item about change in $HOME handling that impacts programs
62 -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
64 sudo (1.7.4p4-1) unstable; urgency=high
66 * new upstream version, urgency high due to fix for flaw in Runas group
67 matching (CVE-2010-2956), closes: #595935
68 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
69 re-lecturing existing users, and to clean up after ourselves on upgrade,
70 and remove the RAMRUN section from README.Debian since the new state dir
71 should fix the original problem, closes: #585514
72 * deliver README.Debian to both package flavors, closes: #593579
74 -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600
76 sudo (1.7.2p7-1) unstable; urgency=high
78 * new upstream release with security fix for secure path (CVE-2010-1646),
80 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
81 about whether to give the lecture is preserved across reboots even when
82 RAMRUN is set, closes: #581393
83 * add a note to README.Debian about LDAP needing an entry in
84 /etc/nsswitch.conf, closes: #522065
85 * add a note to README.Debian about how to turn off lectures if using
86 RAMRUN in /etc/default/rcS, closes: #581393
88 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
90 sudo (1.7.2p6-1) unstable; urgency=low
92 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
94 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
96 sudo (1.7.2p5-1) unstable; urgency=low
98 * new upstream release, closes a bug filed upstream regarding missing man
99 page processing scripts in the 1.7.2p1 tarball, also includes the fix
100 for CVE-2010-0426 previously the subject of a security team nmu
101 * move to source format 3.0 (quilt) and restructure changes as patches
102 * fix unprocessed substitution variables in man pages, closes: #557204
103 * apply patch from Neil Moore to fix Debian-specific content in the
104 visudo man page, closes: #555013
105 * update descriptions to better explain sudo-ldap, closes: #573108
106 * eliminate spurious 'and' in man page, closes: #571620
107 * fix confusing text in default sudoers, closes: #566607
109 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
111 sudo (1.7.2p1-1) unstable; urgency=low
113 * new upstream version
114 * add support for /etc/sudoers.d using #includedir in default sudoers,
115 which I think is also a good solution to the request for a crontab-like
116 API requested in March of 2001, closes: #539994, #271813, #89743
117 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
119 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
121 sudo (1.7.2-2) unstable; urgency=low
123 * further improve initial sudoers to not include the NOPASSWD option on
124 the group sudo exception, closes: #539136, #198991
126 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
128 sudo (1.7.2-1) unstable; urgency=low
130 * new upstream version, closes: #537103
131 * improve initial sudoers by having the exemption for users in group
132 sudo on by default, and including the ability to run any command as
133 any user. This makes the default install roughly equivalent to our
134 old use of the --with-exempt=sudo build option, closes: #536220, #536222
136 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
138 sudo (1.7.0-1) unstable; urgency=low
140 * new upstream version, closes: #510179, #128268, #520274, #508514
141 * fix ldap config file path for sudo-ldap package, including creating
142 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
143 package, closes: #430826
144 * fix NOPASSWD entry location in default config file for the sudo-ldap
145 instance too, closes: #479616
147 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
149 sudo (1.6.9p17-2) unstable; urgency=high
151 * patch from upstream to fix privilege escalation with certain
152 configurations, CVE-2009-0034
153 * typo in sudoers man page, closes: #507163
155 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
157 sudo (1.6.9p17-1) unstable; urgency=low
159 * new upstream version, closes: #481008
160 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
161 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
162 in move from CVS to git for package management, closes: #475821
163 * re-instate the init.d for the sudo-ldap package too... /o\
165 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
167 sudo (1.6.9p15-2) unstable; urgency=low
169 * revert the fix for 388659 such that visudo once again defaults to using
170 /usr/bin/editor. I was always ambivalent about this change, it has caused
171 more confusion and frustration than it cured, and I find Justin's line of
172 reasoning persuasive. Update the man page source to reflect this choice
173 and the related use of --with-env-editor. Closes: #474197.
174 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
176 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
178 sudo (1.6.9p15-1) unstable; urgency=low
180 * new upstream version, closes: #467126, #473337
181 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
182 thanks to Justin Pryzby for pointing this out
183 * reinstate the init.d, since bootclean doesn't quite do what we want. This
184 also means we don't need the preinst scripts any more. Update the lintian
185 overrides since postinst is a Perl script lintian apparently isn't parsing
186 well. closes: #330868
188 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
190 sudo (1.6.9p12-1) unstable; urgency=low
192 * new upstream version, closes: #464890
194 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
196 sudo (1.6.9p11-3) unstable; urgency=low
198 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
200 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
202 sudo (1.6.9p11-2) unstable; urgency=low
204 * update version compared in preinst when removing obsolete init.d,
206 * implement pam session config suggestions from Elizabeth Fong,
207 closes: #452457, #402329
209 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
211 sudo (1.6.9p11-1) unstable; urgency=low
213 * new upstream version
215 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
217 sudo (1.6.9p10-1) unstable; urgency=low
219 * new upstream version
220 * tweak default password prompt as %u doesn't make sense. Accept patch from
221 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
222 uses it by default, closes: #454409
223 * accept patch from Martin Pitt that adds a prerm making it difficult to
224 "accidentally" remove sudo when there is no root password set on the
225 system, closes: #451241
227 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
229 sudo (1.6.9p9-1) unstable; urgency=low
231 * new upstream version
232 * debian/rules: configure a more informative default password prompt to
233 reduce confusion when using sudo to invoke commands which also ask for
234 passwords, closes: #343268
235 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
236 a custom prompt, closes: #448628.
237 * fix configure's ability to discover that libc has dirfd, closes: #451324
238 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
239 the command 'visudo' invokes a vi variant by default as documented,
242 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
244 sudo (1.6.9p6-1) unstable; urgency=low
246 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
247 closes: #434832, #434608, #430382
248 * eliminate the now-redundant init.d scripts, closes: #397090
249 * fix typo in TROUBLESHOOTING file, closes: #439624
251 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
253 sudo (1.6.8p12-6) unstable; urgency=low
255 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
256 * have init.d touch directories in /var/run/sudo, not just files, as a
258 * fix various typos in sudoers.pod, closes: #419749
259 * don't let Makefile strip binaries, closes: #438073
261 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
263 sudo (1.6.8p12-5) unstable; urgency=low
265 * update debian/copyright to reflect new upstream URL, closes: #368746
266 * add sandwich cartoon URL to the README.Debian
267 * don't remove sudoers on purge. can cause problems when moving between
268 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
269 evil choice for now, closes: #401366
270 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
272 * accept patch that improves debian/rules from Ted Percival, closes: #382122
273 * no longer build with --with-exempt=sudo, provide an example entry in the
274 default sudoers file instead, closes: #296605
275 * add --with-devel to configure and augment build dependencies so that flex
276 and yacc files get re-generated on every build, closes: #316249
278 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
280 sudo (1.6.8p12-4) unstable; urgency=low
282 * patch from Petter Reinholdtsen for the LSB info block in the init.d
283 script, closes: #361055
284 * deliver sudoers sample again, closes: #361593
286 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
288 sudo (1.6.8p12-3) unstable; urgency=low
290 * force-feed configure knowledge of nroff's path so we get unformatted man
291 pages installed without build-depending on groff-base, closes: #360894
292 * add a reference to OPTIONS in the man page, closes: #186226
294 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
296 sudo (1.6.8p12-2) unstable; urgency=low
298 * fix typos in init scripts, closes: #346325
299 * update to debhelper compat level 5
300 * build depend on autotools-dev to ensure config.sub/guess are fresh
301 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
302 use it here as well. Thanks to Martin and the debian-security team.
303 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
304 closes: #315115, #315718, #203874
305 * Non-maintainer upload by the Security Team
306 * Reworked the former patch to limit environment variables from being
307 passed through, set env_reset as default instead [sudo.c, env.c,
308 sudoers.pod, Bug#342948, CVE-2005-4158]
309 * env_reset is now set by default
310 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
311 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
312 (in addition to the SUDO_* variables)
313 * Rebuild sudoers.man.in from the POD file
314 * Added README.Debian
315 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
316 * simplify rules file by using more of Makefile, despite having to override
317 default directories with more arguments to configure, closes: #292833
318 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
319 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
320 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
321 unresolveable (requires adding bison as build dep), closes: #314949
323 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
325 sudo (1.6.8p12-1) unstable; urgency=low
327 * new upstream version, closes: #342948 (CVE-2005-4158)
328 * add env_reset to the sudoers file we create if none already exists,
329 as a further precaution in response to discussion about CVS-2005-4158
330 * split ldap support into a new sudo-ldap package. I was trying to avoid
331 doing this, but the impact of going from 4 to 17 linked shlibs on the
332 autobuilder chroots is sufficient motivation for me.
335 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
337 sudo (1.6.8p9-4) unstable; urgency=low
339 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
340 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
341 timestamps in the init.d script, closes: #330868
342 * add dependency header to init.d script, closes: #332849
344 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
346 sudo (1.6.8p9-3) unstable; urgency=high
348 * update debhelper compatibility level from 2 to 4
349 * add man page symlink for sudoedit
350 * Clean SHELLOPTS and PS4 from the environment before executing programs
351 with sudo permissions [env.c, CAN-2005-2959]
352 * fix typo in manpage pointed out by Moray Allen, closes: #285995
353 * fix paths in sample complex sudoers file, closes: #303542
354 * fix type in sudoers man page, closes: #311244
356 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
358 sudo (1.6.8p9-2) unstable; urgency=high
360 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
363 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
365 sudo (1.6.8p9-1) unstable; urgency=high
367 * new upstream version, fixes a race condition in sudo's pathname
368 validation, which is a security issue (CAN-2005-1993),
369 closes: #315115, #315718
371 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
373 sudo (1.6.8p7-1) unstable; urgency=low
375 * new upstream version, closes: #299585
376 * update lintian overrides to squelch the postinst warning
377 * change sudoedit from a hard to a soft link, closes: #296896
378 * fix regex doc in sudoers man page, closes: #300361
380 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
382 sudo (1.6.8p5-1) unstable; urgency=high
384 * new upstream version
385 * restores ability to use config tuples without a value, which was causing
386 problems on upgrade closes: #283306
387 * deliver sudoedit, closes: #283078
388 * marking urgency high since 283306 is a serious upgrade incompatibility
390 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
392 sudo (1.6.8p3-2) unstable; urgency=high
394 * update pam.d deliverable so ldap works again, closes: #282191
396 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
398 sudo (1.6.8p3-1) unstable; urgency=high
400 * new upstream version, fixes a flaw in sudo's environment sanitizing that
401 could allow a malicious user with permission to run a shell script that
402 utilized the bash shell to run arbitrary commands, closes: #281665
403 * patch the sample sudoers to have the proper path for kill on Debian
404 systems, closes: #263486
405 * patch the sudo manpage to reflect Debian's choice of exempt_group
406 default setting, closes: #236465
407 * patch the sudo manpage to reflect Debian's choice of no timeout on the
408 password prompt, closes: #271194
410 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
412 sudo (1.6.7p5-2) unstable; urgency=low
414 * Jeff Bailey reports that seteuid works on current sparc systems, so we
415 no longer need the "grosshack" stuff in the sudo rules file
416 * add a postrm that removes /etc/sudoers on purge. don't do this with the
417 normal conffile mechanism since it would generate noise on every upgrade,
420 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
422 sudo (1.6.7p5-1) unstable; urgency=low
424 * new upstream version, closes: #190265, #193222, #197244
425 * change from '.' to ':' in postinst chown call, closes: #208369
427 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
429 sudo (1.6.7p3-2) unstable; urgency=low
431 * add --disable-setresuid to configure call since 2.2 kernels don't support
432 setresgid, closes: #189044
433 * cosmetic cleanups to debian/rules as long as I'm there
435 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
437 sudo (1.6.7p3-1) unstable; urgency=low
439 * new upstream version
440 * add overrides to quiet lintian about things it doesn't understand,
441 except the source one that can't be overridden until 129510 is fixed
443 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
445 sudo (1.6.6-3) unstable; urgency=low
447 * add code to rules file to update config.sub/guess, closes: #164501
449 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
451 sudo (1.6.6-2) unstable; urgency=low
453 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
454 configure, and lose the build dependency on mail-transport-agent
455 * incorporate changes from LaMont's NMU, closes: #144665, #144737
456 * update init.d to not try and set time on nonexistent timestamp files,
458 * build with --with-all-insults, admin must edit sudoers to turn insults
459 on at runtime if desired, closes: #135374
460 * stop setting /usr/doc symlink in postinst
462 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
464 sudo (1.6.6-1.1) unstable; urgency=high
466 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
467 * Revert patch to auth/pam.c that left pass uninitialized, causing a
468 segfault (Closes: #144665).
470 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
472 sudo (1.6.6-1) unstable; urgency=high
474 * new upstream version, fixes security problem with crafty prompts,
477 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
479 sudo (1.6.5p1-4) unstable; urgency=high
481 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
482 if ctrl/C'ed at password prompt, closes: #131235
484 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
486 sudo (1.6.5p1-3) unstable; urgency=high
488 * ugly hack to add --disable-saved-ids when building on sparc in response
489 to 131592, which will be reassigned to glibc for a real fix
490 * urgency high since the sudo currently in testing for sparc is worthless
492 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
494 sudo (1.6.5p1-2) unstable; urgency=high
496 * patch from upstream to fix seg faults caused by versions of pam that
497 follow a NULL pointer, closes: #129512
499 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
501 sudo (1.6.5p1-1) unstable; urgency=high
503 * new upstream version
504 * add --disable-root-mailer option supported by new version to configure
505 call in rules file, closes: #129648
507 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
509 sudo (1.6.4p1-1) unstable; urgency=high
511 * new upstream version, with fix for segfaulting problem in 1.6.4
513 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
515 sudo (1.6.4-1) unstable; urgency=high
517 * new upstream version, includes an important security fix, closes: #127576
519 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
521 sudo (1.6.3p7-5) unstable; urgency=low
523 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
524 * fix spelling error in init.d, closes: #126847
526 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
528 sudo (1.6.3p7-4) unstable; urgency=medium
530 * use touch to set status files to an ancient date instead of removing them
531 outright on reboot. this achieves the desired effect of keeping elevated
532 privs from living across reboots, without forcing everyone to see the
533 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
534 for systems with good clocks, and 'recent enough' that broken PC hardware
535 setting the clock to commonly-seen bogus dates trips over the "don't trust
536 future timestamps" rule. closes: #76529, #123559
537 * apply patch from Steve Langasek to fix seg faults due to interaction with
538 PAM code. upstream confirms the problem, and says they're fixing this
539 differently for their next release... but this should be useful in the
540 meantime, and would be good to get into woody. closes: #119147
541 * only run the init.d at boot, not on each runlevel change... and don't run
542 it during package configure. closes: #125935
543 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
545 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
547 sudo (1.6.3p7-3) unstable; urgency=low
549 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
550 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
551 * fix a typo in the manpage, closes: #97368
552 * apply patch to configure.in and run autoconf to fix problem building on
553 the hurd, closes: #96325
554 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
555 to not last across reboots, closes: #76529
556 * clean up lintian-noticed cosmetic packaging issues
558 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
560 sudo (1.6.3p7-2) unstable; urgency=low
562 * update config.sub/guess for hppa support
564 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
566 sudo (1.6.3p7-1) unstable; urgency=low
568 * new upstream version
569 * add build dependency on mail-transport-agent, closes: #90685
571 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
573 sudo (1.6.3p6-1) unstable; urgency=high
575 * new upstream version, fixes buffer overflow problem,
576 closes: #87259, #87278, #87263
577 * revert to using --with-secure-path option at build time, since the option
578 available in sudoers is parsed too late to be useful, and upstream says
579 it won't get fixed quickly. This reopens 85123, which I will mark as
580 forwarded. Closes: #86199, #86117, #85676
582 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
584 sudo (1.6.3p5-2) unstable; urgency=low
586 * lose the dh_suidregister call since it's obsolete
587 * stop using the --with-secure-path option at build time, and instead show
588 how to set it in sudoers. Closes: #85123
589 * freshen config.sub and config.guess for ia64 and hppa
590 * update sudoers man page to indicate exempt_group is on by default,
593 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
595 sudo (1.6.3p5-1) unstable; urgency=low
597 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
598 * this version restores core dumps before the exec, while leaving them
599 disabled during sudo's internal execution, closes: #58289
600 * update debhelper calls in rules file
602 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
604 sudo (1.6.2p2-1) frozen unstable; urgency=medium
606 * new upstream source resulting from direct collaboration with the upstream
607 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
608 Closes: #56129, #55978, #55979, #56550, #56772
609 * include more upstream documentation, closes: #55054
610 * pam.d fragment update, closes: #56129
612 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
614 sudo (1.6.1-1) unstable; urgency=low
616 * new upstream source, closes: #52750
618 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
620 sudo (1.6-2) unstable; urgency=low
622 * drop suidregister support for this package. The sudo executable is
623 essentially worthless unless it is setuid root, and making suidregister
624 work involves shipping a non-setuid executable in the .deb and setting the
625 perms in the postinst. On a long upgrade run, this can leave the sudo
626 executable 'broken' for a long time, which is unacceptable. With this
627 version, we ship the executable setuid root in the .deb. Closes: #51742
629 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
631 sudo (1.6-1) unstable; urgency=low
633 * new upstream version, many options previously set at compile-time are now
634 configurable at runtime.
635 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
638 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
640 sudo (1.5.9p4-1) unstable; urgency=low
642 * new upstream version, closes: #43464
643 * empty password handling was fixed in 1.5.8, closes: #31863
645 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
647 sudo (1.5.9p1-1) unstable; urgency=low
649 * new upstream version
651 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
653 sudo (1.5.8p1-1) unstable; urgency=medium
655 * new upstream version, closes 33690
656 * add dependency on libpam-modules, closes 34215, 33432
658 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
660 sudo (1.5.7p4-2) unstable; urgency=medium
662 * update the pam fragment provided so that sudo works with latest pam bits,
665 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
667 sudo (1.5.7p4-1) unstable; urgency=low
669 * new upstream release
671 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
673 sudo (1.5.6p5-1) unstable; urgency=low
675 * new upstream patch release
676 * add PAM support, closes 28594
678 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
680 sudo (1.5.6p2-2) unstable; urgency=low
682 * update copyright file, closes 24136
683 * review and close forwarded bugs believed fixed in this upstream version,
686 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
688 sudo (1.5.6p2-1) unstable; urgency=low
690 * new upstream release
692 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
694 sudo (1.5.4-4) frozen unstable; urgency=low
696 * update postinst to use groupadd, closes 21403
697 * move the suidregister stuff earlier in postinst to ensure it always runs
699 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
701 sudo (1.5.4-3) frozen unstable; urgency=low
703 * change /etc/sudoers from a conffile to being handled in postinst,
705 * add suidmanager support, closes 15711
706 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
707 unlikely to ever fix, and which just don't matter. closes 17146
708 * fix FSF address in copyright file, and submit exception for lintian
709 warning about sudo being setuid root
711 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
713 sudo (1.5.4-2) unstable; urgency=high
715 * patch from upstream author correcting/improving security fix
717 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
719 sudo (1.5.4-1) unstable; urgency=high
721 * new upstream version, includes a security fix
722 * change default editor from /bin/ae to /usr/bin/editor
724 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
726 sudo (1.5.3-1) unstable; urgency=medium
728 * new upstream version, closes bug 15911.
729 * rules file reworked to use debhelper
730 * implement a really gross hack to force use of the sudo-provided
731 lsearch(), since the one in libc6 is broken! This closes bugs
732 12552, 12557, 14881, 15259, 15916.
734 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
736 sudo (1.5.2-6) unstable; urgency=LOW
738 * don't install INSTALL in the doc directory, closes bug 13195.
740 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
742 sudo (1.5.2-5) unstable; urgency=LOW
746 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
748 sudo (1.5.2-4) unstable; urgency=LOW
750 * change TIMEOUT (how long before you have to type your password again)
751 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
752 packages on slower machines much more tolerable. Closes bug 9076.
753 * touch debian/suid before debstd. Closes bug 8709.
755 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
757 sudo (1.5.2-3) frozen unstable; urgency=LOW
759 * patch from upstream maintainer to close Bug 6828
760 * add a debian/suid file to get debstd to leave my perl postinst alone
762 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
764 sudo (1.5.2-2) frozen unstable; urgency=LOW
766 * change rules to use -O2 -Wall as per standards
768 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
770 sudo (1.5.2-1) unstable; urgency=LOW
772 * new upstream version
773 * cosmetic changes to debian package control files
775 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
777 sudo (1.5-2) unstable; urgency=LOW
779 * add /usr/X11R6/bin to the end of the secure path... this makes it
780 much easier to run xmkmf, etc., during package builds. To the extent
781 that /usr/local/sbin and /usr/local/bin were already included, I see
782 no security reasons not to add this.
784 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
786 sudo (1.5-1) unstable; urgency=LOW
788 * New upstream version
790 * New packaging format
792 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
794 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
798 * hard code SECURE_PATH to:
799 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
803 * enabled EXEMPTGROUP "sudo"
805 * moved timestamp dir to /var/log/sudo
807 * changed parser to check for long and short filenames (Bug#1162)
809 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
813 * New upstream source
815 * Fixed postinst script
816 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
818 * Removed special shadow binary. This version works with and without
819 shadow password file.
821 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
825 * Corrected editor path to /bin/ae (Bug#3062)
827 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
829 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
833 * New upstream version
835 * Changed sudoers permission to 440 (owner root, group root) to make
838 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
842 * Applied upstream patch 1
844 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
848 * Applied upstream patch 2
850 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
854 * Applied upstream patch 3 (fixes problems with an NFS-mounted
858 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
862 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
863 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
865 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
869 * Applied upstream patch 4 (fixes several bugs)
871 * Changed priority to optional
873 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
877 * Corrected postinst to create correct permission for /etc/sudoers
880 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
884 * New upstream version
887 sudo (1.4.4-2) admin; urgency=HIGH
889 * Fixed major security bug reported by Peter Tobias
890 <tobias@et-inf.fho-emden.de>
891 * Added dchanges support to debian.rules
893 sudo (1.4.5-1) admin; urgency=LOW
895 * New upstream version
896 * Minor changes to debian.rules