1 sudo (1.6.8p9-3) unstable; urgency=high
3 * update debhelper compatibility level from 2 to 4
4 * add man page symlink for sudoedit
5 * Clean SHELLOPTS and PS4 from the environment before executing programs
6 with sudo permissions [env.c, CAN-2005-2959]
7 * fix typo in manpage pointed out by Moray Allen, closes: #285995
8 * fix paths in sample complex sudoers file, closes: #303542
9 * fix type in sudoers man page, closes: #311244
11 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
13 sudo (1.6.8p9-2) unstable; urgency=high
15 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
18 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
20 sudo (1.6.8p9-1) unstable; urgency=high
22 * new upstream version, fixes a race condition in sudo's pathname
23 validation, which is a security issue (CAN-2005-1993),
24 closes: #315115, #315718
26 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
28 sudo (1.6.8p7-1) unstable; urgency=low
30 * new upstream version, closes: #299585
31 * update lintian overrides to squelch the postinst warning
32 * change sudoedit from a hard to a soft link, closes: #296896
33 * fix regex doc in sudoers man page, closes: #300361
35 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
37 sudo (1.6.8p5-1) unstable; urgency=high
39 * new upstream version
40 * restores ability to use config tuples without a value, which was causing
41 problems on upgrade closes: #283306
42 * deliver sudoedit, closes: #283078
43 * marking urgency high since 283306 is a serious upgrade incompatibility
45 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
47 sudo (1.6.8p3-2) unstable; urgency=high
49 * update pam.d deliverable so ldap works again, closes: #282191
51 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
53 sudo (1.6.8p3-1) unstable; urgency=high
55 * new upstream version, fixes a flaw in sudo's environment sanitizing that
56 could allow a malicious user with permission to run a shell script that
57 utilized the bash shell to run arbitrary commands, closes: #281665
58 * patch the sample sudoers to have the proper path for kill on Debian
59 systems, closes: #263486
60 * patch the sudo manpage to reflect Debian's choice of exempt_group
61 default setting, closes: #236465
62 * patch the sudo manpage to reflect Debian's choice of no timeout on the
63 password prompt, closes: #271194
65 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
67 sudo (1.6.7p5-2) unstable; urgency=low
69 * Jeff Bailey reports that seteuid works on current sparc systems, so we
70 no longer need the "grosshack" stuff in the sudo rules file
71 * add a postrm that removes /etc/sudoers on purge. don't do this with the
72 normal conffile mechanism since it would generate noise on every upgrade,
75 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
77 sudo (1.6.7p5-1) unstable; urgency=low
79 * new upstream version, closes: #190265, #193222, #197244
80 * change from '.' to ':' in postinst chown call, closes: #208369
82 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
84 sudo (1.6.7p3-2) unstable; urgency=low
86 * add --disable-setresuid to configure call since 2.2 kernels don't support
87 setresgid, closes: #189044
88 * cosmetic cleanups to debian/rules as long as I'm there
90 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
92 sudo (1.6.7p3-1) unstable; urgency=low
94 * new upstream version
95 * add overrides to quiet lintian about things it doesn't understand,
96 except the source one that can't be overridden until 129510 is fixed
98 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
100 sudo (1.6.6-3) unstable; urgency=low
102 * add code to rules file to update config.sub/guess, closes: #164501
104 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
106 sudo (1.6.6-2) unstable; urgency=low
108 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
109 configure, and lose the build dependency on mail-transport-agent
110 * incorporate changes from LaMont's NMU, closes: #144665, #144737
111 * update init.d to not try and set time on nonexistent timestamp files,
113 * build with --with-all-insults, admin must edit sudoers to turn insults
114 on at runtime if desired, closes: #135374
115 * stop setting /usr/doc symlink in postinst
117 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
119 sudo (1.6.6-1.1) unstable; urgency=high
121 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
122 * Revert patch to auth/pam.c that left pass uninitialized, causing a
123 segfault (Closes: #144665).
125 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
127 sudo (1.6.6-1) unstable; urgency=high
129 * new upstream version, fixes security problem with crafty prompts,
132 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
134 sudo (1.6.5p1-4) unstable; urgency=high
136 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
137 if ctrl/C'ed at password prompt, closes: #131235
139 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
141 sudo (1.6.5p1-3) unstable; urgency=high
143 * ugly hack to add --disable-saved-ids when building on sparc in response
144 to 131592, which will be reassigned to glibc for a real fix
145 * urgency high since the sudo currently in testing for sparc is worthless
147 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
149 sudo (1.6.5p1-2) unstable; urgency=high
151 * patch from upstream to fix seg faults caused by versions of pam that
152 follow a NULL pointer, closes: #129512
154 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
156 sudo (1.6.5p1-1) unstable; urgency=high
158 * new upstream version
159 * add --disable-root-mailer option supported by new version to configure
160 call in rules file, closes: #129648
162 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
164 sudo (1.6.4p1-1) unstable; urgency=high
166 * new upstream version, with fix for segfaulting problem in 1.6.4
168 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
170 sudo (1.6.4-1) unstable; urgency=high
172 * new upstream version, includes an important security fix, closes: #127576
174 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
176 sudo (1.6.3p7-5) unstable; urgency=low
178 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
179 * fix spelling error in init.d, closes: #126847
181 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
183 sudo (1.6.3p7-4) unstable; urgency=medium
185 * use touch to set status files to an ancient date instead of removing them
186 outright on reboot. this achieves the desired effect of keeping elevated
187 privs from living across reboots, without forcing everyone to see the
188 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
189 for systems with good clocks, and 'recent enough' that broken PC hardware
190 setting the clock to commonly-seen bogus dates trips over the "don't trust
191 future timestamps" rule. closes: #76529, #123559
192 * apply patch from Steve Langasek to fix seg faults due to interaction with
193 PAM code. upstream confirms the problem, and says they're fixing this
194 differently for their next release... but this should be useful in the
195 meantime, and would be good to get into woody. closes: #119147
196 * only run the init.d at boot, not on each runlevel change... and don't run
197 it during package configure. closes: #125935
198 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
200 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
202 sudo (1.6.3p7-3) unstable; urgency=low
204 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
205 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
206 * fix a typo in the manpage, closes: #97368
207 * apply patch to configure.in and run autoconf to fix problem building on
208 the hurd, closes: #96325
209 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
210 to not last across reboots, closes: #76529
211 * clean up lintian-noticed cosmetic packaging issues
213 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
215 sudo (1.6.3p7-2) unstable; urgency=low
217 * update config.sub/guess for hppa support
219 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
221 sudo (1.6.3p7-1) unstable; urgency=low
223 * new upstream version
224 * add build dependency on mail-transport-agent, closes: #90685
226 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
228 sudo (1.6.3p6-1) unstable; urgency=high
230 * new upstream version, fixes buffer overflow problem,
231 closes: #87259, #87278, #87263
232 * revert to using --with-secure-path option at build time, since the option
233 available in sudoers is parsed too late to be useful, and upstream says
234 it won't get fixed quickly. This reopens 85123, which I will mark as
235 forwarded. Closes: #86199, #86117, #85676
237 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
239 sudo (1.6.3p5-2) unstable; urgency=low
241 * lose the dh_suidregister call since it's obsolete
242 * stop using the --with-secure-path option at build time, and instead show
243 how to set it in sudoers. Closes: #85123
244 * freshen config.sub and config.guess for ia64 and hppa
245 * update sudoers man page to indicate exempt_group is on by default,
248 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
250 sudo (1.6.3p5-1) unstable; urgency=low
252 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
253 * this version restores core dumps before the exec, while leaving them
254 disabled during sudo's internal execution, closes: #58289
255 * update debhelper calls in rules file
257 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
259 sudo (1.6.2p2-1) frozen unstable; urgency=medium
261 * new upstream source resulting from direct collaboration with the upstream
262 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
263 Closes: #56129, #55978, #55979, #56550, #56772
264 * include more upstream documentation, closes: #55054
265 * pam.d fragment update, closes: #56129
267 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
269 sudo (1.6.1-1) unstable; urgency=low
271 * new upstream source, closes: #52750
273 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
275 sudo (1.6-2) unstable; urgency=low
277 * drop suidregister support for this package. The sudo executable is
278 essentially worthless unless it is setuid root, and making suidregister
279 work involves shipping a non-setuid executable in the .deb and setting the
280 perms in the postinst. On a long upgrade run, this can leave the sudo
281 executable 'broken' for a long time, which is unacceptable. With this
282 version, we ship the executable setuid root in the .deb. Closes: #51742
284 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
286 sudo (1.6-1) unstable; urgency=low
288 * new upstream version, many options previously set at compile-time are now
289 configurable at runtime.
290 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
293 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
295 sudo (1.5.9p4-1) unstable; urgency=low
297 * new upstream version, closes: #43464
298 * empty password handling was fixed in 1.5.8, closes: #31863
300 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
302 sudo (1.5.9p1-1) unstable; urgency=low
304 * new upstream version
306 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
308 sudo (1.5.8p1-1) unstable; urgency=medium
310 * new upstream version, closes 33690
311 * add dependency on libpam-modules, closes 34215, 33432
313 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
315 sudo (1.5.7p4-2) unstable; urgency=medium
317 * update the pam fragment provided so that sudo works with latest pam bits,
320 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
322 sudo (1.5.7p4-1) unstable; urgency=low
324 * new upstream release
326 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
328 sudo (1.5.6p5-1) unstable; urgency=low
330 * new upstream patch release
331 * add PAM support, closes 28594
333 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
335 sudo (1.5.6p2-2) unstable; urgency=low
337 * update copyright file, closes 24136
338 * review and close forwarded bugs believed fixed in this upstream version,
341 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
343 sudo (1.5.6p2-1) unstable; urgency=low
345 * new upstream release
347 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
349 sudo (1.5.4-4) frozen unstable; urgency=low
351 * update postinst to use groupadd, closes 21403
352 * move the suidregister stuff earlier in postinst to ensure it always runs
354 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
356 sudo (1.5.4-3) frozen unstable; urgency=low
358 * change /etc/sudoers from a conffile to being handled in postinst,
360 * add suidmanager support, closes 15711
361 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
362 unlikely to ever fix, and which just don't matter. closes 17146
363 * fix FSF address in copyright file, and submit exception for lintian
364 warning about sudo being setuid root
366 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
368 sudo (1.5.4-2) unstable; urgency=high
370 * patch from upstream author correcting/improving security fix
372 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
374 sudo (1.5.4-1) unstable; urgency=high
376 * new upstream version, includes a security fix
377 * change default editor from /bin/ae to /usr/bin/editor
379 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
381 sudo (1.5.3-1) unstable; urgency=medium
383 * new upstream version, closes bug 15911.
384 * rules file reworked to use debhelper
385 * implement a really gross hack to force use of the sudo-provided
386 lsearch(), since the one in libc6 is broken! This closes bugs
387 12552, 12557, 14881, 15259, 15916.
389 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
391 sudo (1.5.2-6) unstable; urgency=LOW
393 * don't install INSTALL in the doc directory, closes bug 13195.
395 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
397 sudo (1.5.2-5) unstable; urgency=LOW
401 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
403 sudo (1.5.2-4) unstable; urgency=LOW
405 * change TIMEOUT (how long before you have to type your password again)
406 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
407 packages on slower machines much more tolerable. Closes bug 9076.
408 * touch debian/suid before debstd. Closes bug 8709.
410 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
412 sudo (1.5.2-3) frozen unstable; urgency=LOW
414 * patch from upstream maintainer to close Bug 6828
415 * add a debian/suid file to get debstd to leave my perl postinst alone
417 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
419 sudo (1.5.2-2) frozen unstable; urgency=LOW
421 * change rules to use -O2 -Wall as per standards
423 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
425 sudo (1.5.2-1) unstable; urgency=LOW
427 * new upstream version
428 * cosmetic changes to debian package control files
430 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
432 sudo (1.5-2) unstable; urgency=LOW
434 * add /usr/X11R6/bin to the end of the secure path... this makes it
435 much easier to run xmkmf, etc., during package builds. To the extent
436 that /usr/local/sbin and /usr/local/bin were already included, I see
437 no security reasons not to add this.
439 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
441 sudo (1.5-1) unstable; urgency=LOW
443 * New upstream version
445 * New packaging format
447 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
449 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
453 * hard code SECURE_PATH to:
454 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
458 * enabled EXEMPTGROUP "sudo"
460 * moved timestamp dir to /var/log/sudo
462 * changed parser to check for long and short filenames (Bug#1162)
464 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
468 * New upstream source
470 * Fixed postinst script
471 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
473 * Removed special shadow binary. This version works with and without
474 shadow password file.
476 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
480 * Corrected editor path to /bin/ae (Bug#3062)
482 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
484 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
488 * New upstream version
490 * Changed sudoers permission to 440 (owner root, group root) to make
493 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
497 * Applied upstream patch 1
499 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
503 * Applied upstream patch 2
505 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
509 * Applied upstream patch 3 (fixes problems with an NFS-mounted
513 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
517 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
518 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
520 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
524 * Applied upstream patch 4 (fixes several bugs)
526 * Changed priority to optional
528 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
532 * Corrected postinst to create correct permission for /etc/sudoers
535 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
539 * New upstream version
542 sudo (1.4.4-2) admin; urgency=HIGH
544 * Fixed major security bug reported by Peter Tobias
545 <tobias@et-inf.fho-emden.de>
546 * Added dchanges support to debian.rules
548 sudo (1.4.5-1) admin; urgency=LOW
550 * New upstream version
551 * Minor changes to debian.rules