1 sudo (1.7.4p4-4) unstable; urgency=low
3 * patch from upstream to resolve problem always prompting for a password
4 when run without a tty, closes: #599376
5 * change path syntax to avoid tar error when /var/run/sudo exists but is
8 -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
10 sudo (1.7.4p4-3) unstable; urgency=low
12 * make postinst clause for handling /var/run -> /var/lib transition less
13 fragile, closes: #585514
14 * cope with upstream's Makefile trying to install ChangeLog in our doc
15 directory, closes: #597389
16 * fix README.Debian to reflect that HOME is no longer preserved by default,
19 -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
21 sudo (1.7.4p4-2) unstable; urgency=low
23 * add a NEWS item about change in $HOME handling that impacts programs
26 -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
28 sudo (1.7.4p4-1) unstable; urgency=high
30 * new upstream version, urgency high due to fix for flaw in Runas group
31 matching (CVE-2010-2956), closes: #595935
32 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
33 re-lecturing existing users, and to clean up after ourselves on upgrade,
34 and remove the RAMRUN section from README.Debian since the new state dir
35 should fix the original problem, closes: #585514
36 * deliver README.Debian to both package flavors, closes: #593579
38 -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600
40 sudo (1.7.2p7-1) unstable; urgency=high
42 * new upstream release with security fix for secure path (CVE-2010-1646),
44 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
45 about whether to give the lecture is preserved across reboots even when
46 RAMRUN is set, closes: #581393
47 * add a note to README.Debian about LDAP needing an entry in
48 /etc/nsswitch.conf, closes: #522065
49 * add a note to README.Debian about how to turn off lectures if using
50 RAMRUN in /etc/default/rcS, closes: #581393
52 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
54 sudo (1.7.2p6-1) unstable; urgency=low
56 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
58 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
60 sudo (1.7.2p5-1) unstable; urgency=low
62 * new upstream release, closes a bug filed upstream regarding missing man
63 page processing scripts in the 1.7.2p1 tarball, also includes the fix
64 for CVE-2010-0426 previously the subject of a security team nmu
65 * move to source format 3.0 (quilt) and restructure changes as patches
66 * fix unprocessed substitution variables in man pages, closes: #557204
67 * apply patch from Neil Moore to fix Debian-specific content in the
68 visudo man page, closes: #555013
69 * update descriptions to better explain sudo-ldap, closes: #573108
70 * eliminate spurious 'and' in man page, closes: #571620
71 * fix confusing text in default sudoers, closes: #566607
73 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
75 sudo (1.7.2p1-1) unstable; urgency=low
77 * new upstream version
78 * add support for /etc/sudoers.d using #includedir in default sudoers,
79 which I think is also a good solution to the request for a crontab-like
80 API requested in March of 2001, closes: #539994, #271813, #89743
81 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
83 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
85 sudo (1.7.2-2) unstable; urgency=low
87 * further improve initial sudoers to not include the NOPASSWD option on
88 the group sudo exception, closes: #539136, #198991
90 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
92 sudo (1.7.2-1) unstable; urgency=low
94 * new upstream version, closes: #537103
95 * improve initial sudoers by having the exemption for users in group
96 sudo on by default, and including the ability to run any command as
97 any user. This makes the default install roughly equivalent to our
98 old use of the --with-exempt=sudo build option, closes: #536220, #536222
100 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
102 sudo (1.7.0-1) unstable; urgency=low
104 * new upstream version, closes: #510179, #128268, #520274, #508514
105 * fix ldap config file path for sudo-ldap package, including creating
106 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
107 package, closes: #430826
108 * fix NOPASSWD entry location in default config file for the sudo-ldap
109 instance too, closes: #479616
111 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
113 sudo (1.6.9p17-2) unstable; urgency=high
115 * patch from upstream to fix privilege escalation with certain
116 configurations, CVE-2009-0034
117 * typo in sudoers man page, closes: #507163
119 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
121 sudo (1.6.9p17-1) unstable; urgency=low
123 * new upstream version, closes: #481008
124 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
125 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
126 in move from CVS to git for package management, closes: #475821
127 * re-instate the init.d for the sudo-ldap package too... /o\
129 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
131 sudo (1.6.9p15-2) unstable; urgency=low
133 * revert the fix for 388659 such that visudo once again defaults to using
134 /usr/bin/editor. I was always ambivalent about this change, it has caused
135 more confusion and frustration than it cured, and I find Justin's line of
136 reasoning persuasive. Update the man page source to reflect this choice
137 and the related use of --with-env-editor. Closes: #474197.
138 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
140 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
142 sudo (1.6.9p15-1) unstable; urgency=low
144 * new upstream version, closes: #467126, #473337
145 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
146 thanks to Justin Pryzby for pointing this out
147 * reinstate the init.d, since bootclean doesn't quite do what we want. This
148 also means we don't need the preinst scripts any more. Update the lintian
149 overrides since postinst is a Perl script lintian apparently isn't parsing
150 well. closes: #330868
152 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
154 sudo (1.6.9p12-1) unstable; urgency=low
156 * new upstream version, closes: #464890
158 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
160 sudo (1.6.9p11-3) unstable; urgency=low
162 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
164 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
166 sudo (1.6.9p11-2) unstable; urgency=low
168 * update version compared in preinst when removing obsolete init.d,
170 * implement pam session config suggestions from Elizabeth Fong,
171 closes: #452457, #402329
173 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
175 sudo (1.6.9p11-1) unstable; urgency=low
177 * new upstream version
179 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
181 sudo (1.6.9p10-1) unstable; urgency=low
183 * new upstream version
184 * tweak default password prompt as %u doesn't make sense. Accept patch from
185 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
186 uses it by default, closes: #454409
187 * accept patch from Martin Pitt that adds a prerm making it difficult to
188 "accidentally" remove sudo when there is no root password set on the
189 system, closes: #451241
191 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
193 sudo (1.6.9p9-1) unstable; urgency=low
195 * new upstream version
196 * debian/rules: configure a more informative default password prompt to
197 reduce confusion when using sudo to invoke commands which also ask for
198 passwords, closes: #343268
199 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
200 a custom prompt, closes: #448628.
201 * fix configure's ability to discover that libc has dirfd, closes: #451324
202 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
203 the command 'visudo' invokes a vi variant by default as documented,
206 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
208 sudo (1.6.9p6-1) unstable; urgency=low
210 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
211 closes: #434832, #434608, #430382
212 * eliminate the now-redundant init.d scripts, closes: #397090
213 * fix typo in TROUBLESHOOTING file, closes: #439624
215 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
217 sudo (1.6.8p12-6) unstable; urgency=low
219 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
220 * have init.d touch directories in /var/run/sudo, not just files, as a
222 * fix various typos in sudoers.pod, closes: #419749
223 * don't let Makefile strip binaries, closes: #438073
225 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
227 sudo (1.6.8p12-5) unstable; urgency=low
229 * update debian/copyright to reflect new upstream URL, closes: #368746
230 * add sandwich cartoon URL to the README.Debian
231 * don't remove sudoers on purge. can cause problems when moving between
232 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
233 evil choice for now, closes: #401366
234 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
236 * accept patch that improves debian/rules from Ted Percival, closes: #382122
237 * no longer build with --with-exempt=sudo, provide an example entry in the
238 default sudoers file instead, closes: #296605
239 * add --with-devel to configure and augment build dependencies so that flex
240 and yacc files get re-generated on every build, closes: #316249
242 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
244 sudo (1.6.8p12-4) unstable; urgency=low
246 * patch from Petter Reinholdtsen for the LSB info block in the init.d
247 script, closes: #361055
248 * deliver sudoers sample again, closes: #361593
250 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
252 sudo (1.6.8p12-3) unstable; urgency=low
254 * force-feed configure knowledge of nroff's path so we get unformatted man
255 pages installed without build-depending on groff-base, closes: #360894
256 * add a reference to OPTIONS in the man page, closes: #186226
258 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
260 sudo (1.6.8p12-2) unstable; urgency=low
262 * fix typos in init scripts, closes: #346325
263 * update to debhelper compat level 5
264 * build depend on autotools-dev to ensure config.sub/guess are fresh
265 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
266 use it here as well. Thanks to Martin and the debian-security team.
267 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
268 closes: #315115, #315718, #203874
269 * Non-maintainer upload by the Security Team
270 * Reworked the former patch to limit environment variables from being
271 passed through, set env_reset as default instead [sudo.c, env.c,
272 sudoers.pod, Bug#342948, CVE-2005-4158]
273 * env_reset is now set by default
274 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
275 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
276 (in addition to the SUDO_* variables)
277 * Rebuild sudoers.man.in from the POD file
278 * Added README.Debian
279 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
280 * simplify rules file by using more of Makefile, despite having to override
281 default directories with more arguments to configure, closes: #292833
282 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
283 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
284 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
285 unresolveable (requires adding bison as build dep), closes: #314949
287 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
289 sudo (1.6.8p12-1) unstable; urgency=low
291 * new upstream version, closes: #342948 (CVE-2005-4158)
292 * add env_reset to the sudoers file we create if none already exists,
293 as a further precaution in response to discussion about CVS-2005-4158
294 * split ldap support into a new sudo-ldap package. I was trying to avoid
295 doing this, but the impact of going from 4 to 17 linked shlibs on the
296 autobuilder chroots is sufficient motivation for me.
299 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
301 sudo (1.6.8p9-4) unstable; urgency=low
303 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
304 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
305 timestamps in the init.d script, closes: #330868
306 * add dependency header to init.d script, closes: #332849
308 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
310 sudo (1.6.8p9-3) unstable; urgency=high
312 * update debhelper compatibility level from 2 to 4
313 * add man page symlink for sudoedit
314 * Clean SHELLOPTS and PS4 from the environment before executing programs
315 with sudo permissions [env.c, CAN-2005-2959]
316 * fix typo in manpage pointed out by Moray Allen, closes: #285995
317 * fix paths in sample complex sudoers file, closes: #303542
318 * fix type in sudoers man page, closes: #311244
320 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
322 sudo (1.6.8p9-2) unstable; urgency=high
324 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
327 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
329 sudo (1.6.8p9-1) unstable; urgency=high
331 * new upstream version, fixes a race condition in sudo's pathname
332 validation, which is a security issue (CAN-2005-1993),
333 closes: #315115, #315718
335 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
337 sudo (1.6.8p7-1) unstable; urgency=low
339 * new upstream version, closes: #299585
340 * update lintian overrides to squelch the postinst warning
341 * change sudoedit from a hard to a soft link, closes: #296896
342 * fix regex doc in sudoers man page, closes: #300361
344 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
346 sudo (1.6.8p5-1) unstable; urgency=high
348 * new upstream version
349 * restores ability to use config tuples without a value, which was causing
350 problems on upgrade closes: #283306
351 * deliver sudoedit, closes: #283078
352 * marking urgency high since 283306 is a serious upgrade incompatibility
354 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
356 sudo (1.6.8p3-2) unstable; urgency=high
358 * update pam.d deliverable so ldap works again, closes: #282191
360 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
362 sudo (1.6.8p3-1) unstable; urgency=high
364 * new upstream version, fixes a flaw in sudo's environment sanitizing that
365 could allow a malicious user with permission to run a shell script that
366 utilized the bash shell to run arbitrary commands, closes: #281665
367 * patch the sample sudoers to have the proper path for kill on Debian
368 systems, closes: #263486
369 * patch the sudo manpage to reflect Debian's choice of exempt_group
370 default setting, closes: #236465
371 * patch the sudo manpage to reflect Debian's choice of no timeout on the
372 password prompt, closes: #271194
374 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
376 sudo (1.6.7p5-2) unstable; urgency=low
378 * Jeff Bailey reports that seteuid works on current sparc systems, so we
379 no longer need the "grosshack" stuff in the sudo rules file
380 * add a postrm that removes /etc/sudoers on purge. don't do this with the
381 normal conffile mechanism since it would generate noise on every upgrade,
384 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
386 sudo (1.6.7p5-1) unstable; urgency=low
388 * new upstream version, closes: #190265, #193222, #197244
389 * change from '.' to ':' in postinst chown call, closes: #208369
391 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
393 sudo (1.6.7p3-2) unstable; urgency=low
395 * add --disable-setresuid to configure call since 2.2 kernels don't support
396 setresgid, closes: #189044
397 * cosmetic cleanups to debian/rules as long as I'm there
399 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
401 sudo (1.6.7p3-1) unstable; urgency=low
403 * new upstream version
404 * add overrides to quiet lintian about things it doesn't understand,
405 except the source one that can't be overridden until 129510 is fixed
407 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
409 sudo (1.6.6-3) unstable; urgency=low
411 * add code to rules file to update config.sub/guess, closes: #164501
413 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
415 sudo (1.6.6-2) unstable; urgency=low
417 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
418 configure, and lose the build dependency on mail-transport-agent
419 * incorporate changes from LaMont's NMU, closes: #144665, #144737
420 * update init.d to not try and set time on nonexistent timestamp files,
422 * build with --with-all-insults, admin must edit sudoers to turn insults
423 on at runtime if desired, closes: #135374
424 * stop setting /usr/doc symlink in postinst
426 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
428 sudo (1.6.6-1.1) unstable; urgency=high
430 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
431 * Revert patch to auth/pam.c that left pass uninitialized, causing a
432 segfault (Closes: #144665).
434 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
436 sudo (1.6.6-1) unstable; urgency=high
438 * new upstream version, fixes security problem with crafty prompts,
441 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
443 sudo (1.6.5p1-4) unstable; urgency=high
445 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
446 if ctrl/C'ed at password prompt, closes: #131235
448 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
450 sudo (1.6.5p1-3) unstable; urgency=high
452 * ugly hack to add --disable-saved-ids when building on sparc in response
453 to 131592, which will be reassigned to glibc for a real fix
454 * urgency high since the sudo currently in testing for sparc is worthless
456 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
458 sudo (1.6.5p1-2) unstable; urgency=high
460 * patch from upstream to fix seg faults caused by versions of pam that
461 follow a NULL pointer, closes: #129512
463 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
465 sudo (1.6.5p1-1) unstable; urgency=high
467 * new upstream version
468 * add --disable-root-mailer option supported by new version to configure
469 call in rules file, closes: #129648
471 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
473 sudo (1.6.4p1-1) unstable; urgency=high
475 * new upstream version, with fix for segfaulting problem in 1.6.4
477 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
479 sudo (1.6.4-1) unstable; urgency=high
481 * new upstream version, includes an important security fix, closes: #127576
483 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
485 sudo (1.6.3p7-5) unstable; urgency=low
487 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
488 * fix spelling error in init.d, closes: #126847
490 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
492 sudo (1.6.3p7-4) unstable; urgency=medium
494 * use touch to set status files to an ancient date instead of removing them
495 outright on reboot. this achieves the desired effect of keeping elevated
496 privs from living across reboots, without forcing everyone to see the
497 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
498 for systems with good clocks, and 'recent enough' that broken PC hardware
499 setting the clock to commonly-seen bogus dates trips over the "don't trust
500 future timestamps" rule. closes: #76529, #123559
501 * apply patch from Steve Langasek to fix seg faults due to interaction with
502 PAM code. upstream confirms the problem, and says they're fixing this
503 differently for their next release... but this should be useful in the
504 meantime, and would be good to get into woody. closes: #119147
505 * only run the init.d at boot, not on each runlevel change... and don't run
506 it during package configure. closes: #125935
507 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
509 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
511 sudo (1.6.3p7-3) unstable; urgency=low
513 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
514 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
515 * fix a typo in the manpage, closes: #97368
516 * apply patch to configure.in and run autoconf to fix problem building on
517 the hurd, closes: #96325
518 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
519 to not last across reboots, closes: #76529
520 * clean up lintian-noticed cosmetic packaging issues
522 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
524 sudo (1.6.3p7-2) unstable; urgency=low
526 * update config.sub/guess for hppa support
528 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
530 sudo (1.6.3p7-1) unstable; urgency=low
532 * new upstream version
533 * add build dependency on mail-transport-agent, closes: #90685
535 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
537 sudo (1.6.3p6-1) unstable; urgency=high
539 * new upstream version, fixes buffer overflow problem,
540 closes: #87259, #87278, #87263
541 * revert to using --with-secure-path option at build time, since the option
542 available in sudoers is parsed too late to be useful, and upstream says
543 it won't get fixed quickly. This reopens 85123, which I will mark as
544 forwarded. Closes: #86199, #86117, #85676
546 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
548 sudo (1.6.3p5-2) unstable; urgency=low
550 * lose the dh_suidregister call since it's obsolete
551 * stop using the --with-secure-path option at build time, and instead show
552 how to set it in sudoers. Closes: #85123
553 * freshen config.sub and config.guess for ia64 and hppa
554 * update sudoers man page to indicate exempt_group is on by default,
557 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
559 sudo (1.6.3p5-1) unstable; urgency=low
561 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
562 * this version restores core dumps before the exec, while leaving them
563 disabled during sudo's internal execution, closes: #58289
564 * update debhelper calls in rules file
566 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
568 sudo (1.6.2p2-1) frozen unstable; urgency=medium
570 * new upstream source resulting from direct collaboration with the upstream
571 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
572 Closes: #56129, #55978, #55979, #56550, #56772
573 * include more upstream documentation, closes: #55054
574 * pam.d fragment update, closes: #56129
576 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
578 sudo (1.6.1-1) unstable; urgency=low
580 * new upstream source, closes: #52750
582 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
584 sudo (1.6-2) unstable; urgency=low
586 * drop suidregister support for this package. The sudo executable is
587 essentially worthless unless it is setuid root, and making suidregister
588 work involves shipping a non-setuid executable in the .deb and setting the
589 perms in the postinst. On a long upgrade run, this can leave the sudo
590 executable 'broken' for a long time, which is unacceptable. With this
591 version, we ship the executable setuid root in the .deb. Closes: #51742
593 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
595 sudo (1.6-1) unstable; urgency=low
597 * new upstream version, many options previously set at compile-time are now
598 configurable at runtime.
599 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
602 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
604 sudo (1.5.9p4-1) unstable; urgency=low
606 * new upstream version, closes: #43464
607 * empty password handling was fixed in 1.5.8, closes: #31863
609 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
611 sudo (1.5.9p1-1) unstable; urgency=low
613 * new upstream version
615 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
617 sudo (1.5.8p1-1) unstable; urgency=medium
619 * new upstream version, closes 33690
620 * add dependency on libpam-modules, closes 34215, 33432
622 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
624 sudo (1.5.7p4-2) unstable; urgency=medium
626 * update the pam fragment provided so that sudo works with latest pam bits,
629 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
631 sudo (1.5.7p4-1) unstable; urgency=low
633 * new upstream release
635 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
637 sudo (1.5.6p5-1) unstable; urgency=low
639 * new upstream patch release
640 * add PAM support, closes 28594
642 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
644 sudo (1.5.6p2-2) unstable; urgency=low
646 * update copyright file, closes 24136
647 * review and close forwarded bugs believed fixed in this upstream version,
650 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
652 sudo (1.5.6p2-1) unstable; urgency=low
654 * new upstream release
656 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
658 sudo (1.5.4-4) frozen unstable; urgency=low
660 * update postinst to use groupadd, closes 21403
661 * move the suidregister stuff earlier in postinst to ensure it always runs
663 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
665 sudo (1.5.4-3) frozen unstable; urgency=low
667 * change /etc/sudoers from a conffile to being handled in postinst,
669 * add suidmanager support, closes 15711
670 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
671 unlikely to ever fix, and which just don't matter. closes 17146
672 * fix FSF address in copyright file, and submit exception for lintian
673 warning about sudo being setuid root
675 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
677 sudo (1.5.4-2) unstable; urgency=high
679 * patch from upstream author correcting/improving security fix
681 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
683 sudo (1.5.4-1) unstable; urgency=high
685 * new upstream version, includes a security fix
686 * change default editor from /bin/ae to /usr/bin/editor
688 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
690 sudo (1.5.3-1) unstable; urgency=medium
692 * new upstream version, closes bug 15911.
693 * rules file reworked to use debhelper
694 * implement a really gross hack to force use of the sudo-provided
695 lsearch(), since the one in libc6 is broken! This closes bugs
696 12552, 12557, 14881, 15259, 15916.
698 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
700 sudo (1.5.2-6) unstable; urgency=LOW
702 * don't install INSTALL in the doc directory, closes bug 13195.
704 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
706 sudo (1.5.2-5) unstable; urgency=LOW
710 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
712 sudo (1.5.2-4) unstable; urgency=LOW
714 * change TIMEOUT (how long before you have to type your password again)
715 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
716 packages on slower machines much more tolerable. Closes bug 9076.
717 * touch debian/suid before debstd. Closes bug 8709.
719 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
721 sudo (1.5.2-3) frozen unstable; urgency=LOW
723 * patch from upstream maintainer to close Bug 6828
724 * add a debian/suid file to get debstd to leave my perl postinst alone
726 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
728 sudo (1.5.2-2) frozen unstable; urgency=LOW
730 * change rules to use -O2 -Wall as per standards
732 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
734 sudo (1.5.2-1) unstable; urgency=LOW
736 * new upstream version
737 * cosmetic changes to debian package control files
739 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
741 sudo (1.5-2) unstable; urgency=LOW
743 * add /usr/X11R6/bin to the end of the secure path... this makes it
744 much easier to run xmkmf, etc., during package builds. To the extent
745 that /usr/local/sbin and /usr/local/bin were already included, I see
746 no security reasons not to add this.
748 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
750 sudo (1.5-1) unstable; urgency=LOW
752 * New upstream version
754 * New packaging format
756 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
758 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
762 * hard code SECURE_PATH to:
763 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
767 * enabled EXEMPTGROUP "sudo"
769 * moved timestamp dir to /var/log/sudo
771 * changed parser to check for long and short filenames (Bug#1162)
773 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
777 * New upstream source
779 * Fixed postinst script
780 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
782 * Removed special shadow binary. This version works with and without
783 shadow password file.
785 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
789 * Corrected editor path to /bin/ae (Bug#3062)
791 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
793 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
797 * New upstream version
799 * Changed sudoers permission to 440 (owner root, group root) to make
802 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
806 * Applied upstream patch 1
808 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
812 * Applied upstream patch 2
814 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
818 * Applied upstream patch 3 (fixes problems with an NFS-mounted
822 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
826 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
827 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
829 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
833 * Applied upstream patch 4 (fixes several bugs)
835 * Changed priority to optional
837 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
841 * Corrected postinst to create correct permission for /etc/sudoers
844 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
848 * New upstream version
851 sudo (1.4.4-2) admin; urgency=HIGH
853 * Fixed major security bug reported by Peter Tobias
854 <tobias@et-inf.fho-emden.de>
855 * Added dchanges support to debian.rules
857 sudo (1.4.5-1) admin; urgency=LOW
859 * New upstream version
860 * Minor changes to debian.rules