1 sudo (1.6.8p12-1) unstable; urgency=low
3 * new upstream version, closes: #342948 (CVE-2005-4158)
4 * add env_reset to the sudoers file we create if none already exists,
5 as a further precaution in response to discussion about CVS-2005-4158
6 * split ldap support into a new sudo-ldap package. I was trying to avoid
7 doing this, but the impact of going from 4 to 17 linked shlibs on the
8 autobuilder chroots is sufficient motivation for me.
11 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
13 sudo (1.6.8p9-4) unstable; urgency=low
15 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
16 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
17 timestamps in the init.d script, closes: #330868
18 * add dependency header to init.d script, closes: #332849
20 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
22 sudo (1.6.8p9-3) unstable; urgency=high
24 * update debhelper compatibility level from 2 to 4
25 * add man page symlink for sudoedit
26 * Clean SHELLOPTS and PS4 from the environment before executing programs
27 with sudo permissions [env.c, CAN-2005-2959]
28 * fix typo in manpage pointed out by Moray Allen, closes: #285995
29 * fix paths in sample complex sudoers file, closes: #303542
30 * fix type in sudoers man page, closes: #311244
32 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
34 sudo (1.6.8p9-2) unstable; urgency=high
36 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
39 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
41 sudo (1.6.8p9-1) unstable; urgency=high
43 * new upstream version, fixes a race condition in sudo's pathname
44 validation, which is a security issue (CAN-2005-1993),
45 closes: #315115, #315718
47 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
49 sudo (1.6.8p7-1) unstable; urgency=low
51 * new upstream version, closes: #299585
52 * update lintian overrides to squelch the postinst warning
53 * change sudoedit from a hard to a soft link, closes: #296896
54 * fix regex doc in sudoers man page, closes: #300361
56 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
58 sudo (1.6.8p5-1) unstable; urgency=high
60 * new upstream version
61 * restores ability to use config tuples without a value, which was causing
62 problems on upgrade closes: #283306
63 * deliver sudoedit, closes: #283078
64 * marking urgency high since 283306 is a serious upgrade incompatibility
66 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
68 sudo (1.6.8p3-2) unstable; urgency=high
70 * update pam.d deliverable so ldap works again, closes: #282191
72 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
74 sudo (1.6.8p3-1) unstable; urgency=high
76 * new upstream version, fixes a flaw in sudo's environment sanitizing that
77 could allow a malicious user with permission to run a shell script that
78 utilized the bash shell to run arbitrary commands, closes: #281665
79 * patch the sample sudoers to have the proper path for kill on Debian
80 systems, closes: #263486
81 * patch the sudo manpage to reflect Debian's choice of exempt_group
82 default setting, closes: #236465
83 * patch the sudo manpage to reflect Debian's choice of no timeout on the
84 password prompt, closes: #271194
86 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
88 sudo (1.6.7p5-2) unstable; urgency=low
90 * Jeff Bailey reports that seteuid works on current sparc systems, so we
91 no longer need the "grosshack" stuff in the sudo rules file
92 * add a postrm that removes /etc/sudoers on purge. don't do this with the
93 normal conffile mechanism since it would generate noise on every upgrade,
96 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
98 sudo (1.6.7p5-1) unstable; urgency=low
100 * new upstream version, closes: #190265, #193222, #197244
101 * change from '.' to ':' in postinst chown call, closes: #208369
103 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
105 sudo (1.6.7p3-2) unstable; urgency=low
107 * add --disable-setresuid to configure call since 2.2 kernels don't support
108 setresgid, closes: #189044
109 * cosmetic cleanups to debian/rules as long as I'm there
111 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
113 sudo (1.6.7p3-1) unstable; urgency=low
115 * new upstream version
116 * add overrides to quiet lintian about things it doesn't understand,
117 except the source one that can't be overridden until 129510 is fixed
119 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
121 sudo (1.6.6-3) unstable; urgency=low
123 * add code to rules file to update config.sub/guess, closes: #164501
125 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
127 sudo (1.6.6-2) unstable; urgency=low
129 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
130 configure, and lose the build dependency on mail-transport-agent
131 * incorporate changes from LaMont's NMU, closes: #144665, #144737
132 * update init.d to not try and set time on nonexistent timestamp files,
134 * build with --with-all-insults, admin must edit sudoers to turn insults
135 on at runtime if desired, closes: #135374
136 * stop setting /usr/doc symlink in postinst
138 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
140 sudo (1.6.6-1.1) unstable; urgency=high
142 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
143 * Revert patch to auth/pam.c that left pass uninitialized, causing a
144 segfault (Closes: #144665).
146 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
148 sudo (1.6.6-1) unstable; urgency=high
150 * new upstream version, fixes security problem with crafty prompts,
153 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
155 sudo (1.6.5p1-4) unstable; urgency=high
157 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
158 if ctrl/C'ed at password prompt, closes: #131235
160 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
162 sudo (1.6.5p1-3) unstable; urgency=high
164 * ugly hack to add --disable-saved-ids when building on sparc in response
165 to 131592, which will be reassigned to glibc for a real fix
166 * urgency high since the sudo currently in testing for sparc is worthless
168 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
170 sudo (1.6.5p1-2) unstable; urgency=high
172 * patch from upstream to fix seg faults caused by versions of pam that
173 follow a NULL pointer, closes: #129512
175 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
177 sudo (1.6.5p1-1) unstable; urgency=high
179 * new upstream version
180 * add --disable-root-mailer option supported by new version to configure
181 call in rules file, closes: #129648
183 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
185 sudo (1.6.4p1-1) unstable; urgency=high
187 * new upstream version, with fix for segfaulting problem in 1.6.4
189 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
191 sudo (1.6.4-1) unstable; urgency=high
193 * new upstream version, includes an important security fix, closes: #127576
195 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
197 sudo (1.6.3p7-5) unstable; urgency=low
199 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
200 * fix spelling error in init.d, closes: #126847
202 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
204 sudo (1.6.3p7-4) unstable; urgency=medium
206 * use touch to set status files to an ancient date instead of removing them
207 outright on reboot. this achieves the desired effect of keeping elevated
208 privs from living across reboots, without forcing everyone to see the
209 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
210 for systems with good clocks, and 'recent enough' that broken PC hardware
211 setting the clock to commonly-seen bogus dates trips over the "don't trust
212 future timestamps" rule. closes: #76529, #123559
213 * apply patch from Steve Langasek to fix seg faults due to interaction with
214 PAM code. upstream confirms the problem, and says they're fixing this
215 differently for their next release... but this should be useful in the
216 meantime, and would be good to get into woody. closes: #119147
217 * only run the init.d at boot, not on each runlevel change... and don't run
218 it during package configure. closes: #125935
219 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
221 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
223 sudo (1.6.3p7-3) unstable; urgency=low
225 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
226 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
227 * fix a typo in the manpage, closes: #97368
228 * apply patch to configure.in and run autoconf to fix problem building on
229 the hurd, closes: #96325
230 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
231 to not last across reboots, closes: #76529
232 * clean up lintian-noticed cosmetic packaging issues
234 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
236 sudo (1.6.3p7-2) unstable; urgency=low
238 * update config.sub/guess for hppa support
240 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
242 sudo (1.6.3p7-1) unstable; urgency=low
244 * new upstream version
245 * add build dependency on mail-transport-agent, closes: #90685
247 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
249 sudo (1.6.3p6-1) unstable; urgency=high
251 * new upstream version, fixes buffer overflow problem,
252 closes: #87259, #87278, #87263
253 * revert to using --with-secure-path option at build time, since the option
254 available in sudoers is parsed too late to be useful, and upstream says
255 it won't get fixed quickly. This reopens 85123, which I will mark as
256 forwarded. Closes: #86199, #86117, #85676
258 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
260 sudo (1.6.3p5-2) unstable; urgency=low
262 * lose the dh_suidregister call since it's obsolete
263 * stop using the --with-secure-path option at build time, and instead show
264 how to set it in sudoers. Closes: #85123
265 * freshen config.sub and config.guess for ia64 and hppa
266 * update sudoers man page to indicate exempt_group is on by default,
269 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
271 sudo (1.6.3p5-1) unstable; urgency=low
273 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
274 * this version restores core dumps before the exec, while leaving them
275 disabled during sudo's internal execution, closes: #58289
276 * update debhelper calls in rules file
278 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
280 sudo (1.6.2p2-1) frozen unstable; urgency=medium
282 * new upstream source resulting from direct collaboration with the upstream
283 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
284 Closes: #56129, #55978, #55979, #56550, #56772
285 * include more upstream documentation, closes: #55054
286 * pam.d fragment update, closes: #56129
288 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
290 sudo (1.6.1-1) unstable; urgency=low
292 * new upstream source, closes: #52750
294 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
296 sudo (1.6-2) unstable; urgency=low
298 * drop suidregister support for this package. The sudo executable is
299 essentially worthless unless it is setuid root, and making suidregister
300 work involves shipping a non-setuid executable in the .deb and setting the
301 perms in the postinst. On a long upgrade run, this can leave the sudo
302 executable 'broken' for a long time, which is unacceptable. With this
303 version, we ship the executable setuid root in the .deb. Closes: #51742
305 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
307 sudo (1.6-1) unstable; urgency=low
309 * new upstream version, many options previously set at compile-time are now
310 configurable at runtime.
311 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
314 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
316 sudo (1.5.9p4-1) unstable; urgency=low
318 * new upstream version, closes: #43464
319 * empty password handling was fixed in 1.5.8, closes: #31863
321 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
323 sudo (1.5.9p1-1) unstable; urgency=low
325 * new upstream version
327 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
329 sudo (1.5.8p1-1) unstable; urgency=medium
331 * new upstream version, closes 33690
332 * add dependency on libpam-modules, closes 34215, 33432
334 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
336 sudo (1.5.7p4-2) unstable; urgency=medium
338 * update the pam fragment provided so that sudo works with latest pam bits,
341 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
343 sudo (1.5.7p4-1) unstable; urgency=low
345 * new upstream release
347 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
349 sudo (1.5.6p5-1) unstable; urgency=low
351 * new upstream patch release
352 * add PAM support, closes 28594
354 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
356 sudo (1.5.6p2-2) unstable; urgency=low
358 * update copyright file, closes 24136
359 * review and close forwarded bugs believed fixed in this upstream version,
362 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
364 sudo (1.5.6p2-1) unstable; urgency=low
366 * new upstream release
368 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
370 sudo (1.5.4-4) frozen unstable; urgency=low
372 * update postinst to use groupadd, closes 21403
373 * move the suidregister stuff earlier in postinst to ensure it always runs
375 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
377 sudo (1.5.4-3) frozen unstable; urgency=low
379 * change /etc/sudoers from a conffile to being handled in postinst,
381 * add suidmanager support, closes 15711
382 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
383 unlikely to ever fix, and which just don't matter. closes 17146
384 * fix FSF address in copyright file, and submit exception for lintian
385 warning about sudo being setuid root
387 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
389 sudo (1.5.4-2) unstable; urgency=high
391 * patch from upstream author correcting/improving security fix
393 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
395 sudo (1.5.4-1) unstable; urgency=high
397 * new upstream version, includes a security fix
398 * change default editor from /bin/ae to /usr/bin/editor
400 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
402 sudo (1.5.3-1) unstable; urgency=medium
404 * new upstream version, closes bug 15911.
405 * rules file reworked to use debhelper
406 * implement a really gross hack to force use of the sudo-provided
407 lsearch(), since the one in libc6 is broken! This closes bugs
408 12552, 12557, 14881, 15259, 15916.
410 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
412 sudo (1.5.2-6) unstable; urgency=LOW
414 * don't install INSTALL in the doc directory, closes bug 13195.
416 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
418 sudo (1.5.2-5) unstable; urgency=LOW
422 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
424 sudo (1.5.2-4) unstable; urgency=LOW
426 * change TIMEOUT (how long before you have to type your password again)
427 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
428 packages on slower machines much more tolerable. Closes bug 9076.
429 * touch debian/suid before debstd. Closes bug 8709.
431 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
433 sudo (1.5.2-3) frozen unstable; urgency=LOW
435 * patch from upstream maintainer to close Bug 6828
436 * add a debian/suid file to get debstd to leave my perl postinst alone
438 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
440 sudo (1.5.2-2) frozen unstable; urgency=LOW
442 * change rules to use -O2 -Wall as per standards
444 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
446 sudo (1.5.2-1) unstable; urgency=LOW
448 * new upstream version
449 * cosmetic changes to debian package control files
451 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
453 sudo (1.5-2) unstable; urgency=LOW
455 * add /usr/X11R6/bin to the end of the secure path... this makes it
456 much easier to run xmkmf, etc., during package builds. To the extent
457 that /usr/local/sbin and /usr/local/bin were already included, I see
458 no security reasons not to add this.
460 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
462 sudo (1.5-1) unstable; urgency=LOW
464 * New upstream version
466 * New packaging format
468 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
470 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
474 * hard code SECURE_PATH to:
475 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
479 * enabled EXEMPTGROUP "sudo"
481 * moved timestamp dir to /var/log/sudo
483 * changed parser to check for long and short filenames (Bug#1162)
485 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
489 * New upstream source
491 * Fixed postinst script
492 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
494 * Removed special shadow binary. This version works with and without
495 shadow password file.
497 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
501 * Corrected editor path to /bin/ae (Bug#3062)
503 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
505 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
509 * New upstream version
511 * Changed sudoers permission to 440 (owner root, group root) to make
514 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
518 * Applied upstream patch 1
520 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
524 * Applied upstream patch 2
526 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
530 * Applied upstream patch 3 (fixes problems with an NFS-mounted
534 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
538 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
539 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
541 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
545 * Applied upstream patch 4 (fixes several bugs)
547 * Changed priority to optional
549 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
553 * Corrected postinst to create correct permission for /etc/sudoers
556 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
560 * New upstream version
563 sudo (1.4.4-2) admin; urgency=HIGH
565 * Fixed major security bug reported by Peter Tobias
566 <tobias@et-inf.fho-emden.de>
567 * Added dchanges support to debian.rules
569 sudo (1.4.5-1) admin; urgency=LOW
571 * New upstream version
572 * Minor changes to debian.rules