[debian/sudo] / debian / changelog

sudo (1.6.6-1.5) oldstable-security; urgency=high

  * Non-maintainer upload by the Security Team
  * Reverse the environment semantic by forcing users to maintain a
    whitelist [env.c, Bug#342948, CVE-2005-4158]

 -- Martin Schulze <joey@infodrom.org>  Wed, 21 Dec 2005 10:05:52 +0100

sudo (1.6.6-1.4) oldstable-security; urgency=high

  * Non-maintainer upload by the Security Team
  * Clean SHELLOPTS and PS4 from the environment before executing programs
    with sudo permissions [env.c, CAN-2005-2959]

 -- Martin Schulze <joey@infodrom.org>  Thu, 22 Sep 2005 23:32:16 +0200

sudo (1.6.6-1.3) stable-security; urgency=high

  * Non-maintainer upload by the Security Team
  * Removed debugging code again.  Sorry.

 -- Martin Schulze <joey@infodrom.org>  Wed, 24 Nov 2004 15:51:06 +0100

sudo (1.6.6-1.2) stable-security; urgency=high

  * Non-maintainer upload by the Security Team
  * Applied upstream patch to prevent bash functions and the CDPATH
    environment variable from being exported into the sudo environment
    [env.c, CAN-2004-1051]
  * Added special detection routine for big/little endianess on MIPS since
    the line "byteorder : {big|little} endian" from /proc/cpuinfo was
    removed as of Linux 2.4.20, resulting in the mipsel buildd being
    unable to build this package.

 -- Martin Schulze <joey@infodrom.org>  Thu, 18 Nov 2004 08:53:05 +0100

sudo (1.6.6-1.1) unstable; urgency=high

  * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
  * Revert patch to auth/pam.c that left pass uninitialized, causing a
    segfault (Closes: #144665).

 -- LaMont Jones <lamont@debian.org>  Fri, 26 Apr 2002 22:36:04 -0600

sudo (1.6.6-1) unstable; urgency=high

  * new upstream version, fixes security problem with crafty prompts, 
    closes: #144540

 -- Bdale Garbee <bdale@gag.com>  Thu, 25 Apr 2002 12:45:49 -0600

sudo (1.6.5p1-4) unstable; urgency=high

  * apply patch for auth/pam.c to fix yet another way to make sudo segfault
    if ctrl/C'ed at password prompt, closes: #131235

 -- Bdale Garbee <bdale@gag.com>  Sun,  3 Mar 2002 23:18:56 -0700

sudo (1.6.5p1-3) unstable; urgency=high

  * ugly hack to add --disable-saved-ids when building on sparc in response 
    to 131592, which will be reassigned to glibc for a real fix
  * urgency high since the sudo currently in testing for sparc is worthless

 -- Bdale Garbee <bdale@gag.com>  Sun, 17 Feb 2002 22:42:10 -0700

sudo (1.6.5p1-2) unstable; urgency=high

  * patch from upstream to fix seg faults caused by versions of pam that
    follow a NULL pointer, closes: #129512

 -- Bdale Garbee <bdale@gag.com>  Tue, 22 Jan 2002 01:50:13 -0700

sudo (1.6.5p1-1) unstable; urgency=high

  * new upstream version
  * add --disable-root-mailer option supported by new version to configure 
    call in rules file, closes: #129648

 -- Bdale Garbee <bdale@gag.com>  Fri, 18 Jan 2002 11:29:37 -0700

sudo (1.6.4p1-1) unstable; urgency=high

  * new upstream version, with fix for segfaulting problem in 1.6.4

 -- Bdale Garbee <bdale@gag.com>  Mon, 14 Jan 2002 20:09:46 -0700

sudo (1.6.4-1) unstable; urgency=high

  * new upstream version, includes an important security fix, closes: #127576

 -- Bdale Garbee <bdale@gag.com>  Mon, 14 Jan 2002 09:35:48 -0700

sudo (1.6.3p7-5) unstable; urgency=low

  * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
  * fix spelling error in init.d, closes: #126847

 -- Bdale Garbee <bdale@gag.com>  Sat, 29 Dec 2001 11:21:43 -0700

sudo (1.6.3p7-4) unstable; urgency=medium

  * use touch to set status files to an ancient date instead of removing them
    outright on reboot.  this achieves the desired effect of keeping elevated 
    privs from living across reboots, without forcing everyone to see the 
    new-sudo-user lecture after every reboot.  pick a time that's 'old enough'
    for systems with good clocks, and 'recent enough' that broken PC hardware
    setting the clock to commonly-seen bogus dates trips over the "don't trust
    future timestamps" rule.  closes: #76529, #123559
  * apply patch from Steve Langasek to fix seg faults due to interaction with
    PAM code.  upstream confirms the problem, and says they're fixing this 
    differently for their next release... but this should be useful in the 
    meantime, and would be good to get into woody.  closes: #119147
  * only run the init.d at boot, not on each runlevel change... and don't run
    it during package configure.  closes: #125935
  * add DEB_BUILD_OPTIONS support to rules file, closes: #94952

 -- Bdale Garbee <bdale@gag.com>  Wed, 26 Dec 2001 12:40:44 -0700

sudo (1.6.3p7-3) unstable; urgency=low

  * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not 
    resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
  * fix a typo in the manpage, closes: #97368
  * apply patch to configure.in and run autoconf to fix problem building on
    the hurd, closes: #96325
  * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
    to not last across reboots, closes: #76529
  * clean up lintian-noticed cosmetic packaging issues

 -- Bdale Garbee <bdale@gag.com>  Sat,  1 Dec 2001 02:59:52 -0700

sudo (1.6.3p7-2) unstable; urgency=low

  * update config.sub/guess for hppa support

 -- Bdale Garbee <bdale@gag.com>  Sun, 22 Apr 2001 23:23:42 -0600

sudo (1.6.3p7-1) unstable; urgency=low

  * new upstream version
  * add build dependency on mail-transport-agent, closes: #90685

 -- Bdale Garbee <bdale@gag.com>  Thu, 12 Apr 2001 17:02:42 -0600

sudo (1.6.3p6-1) unstable; urgency=high

  * new upstream version, fixes buffer overflow problem, 
    closes: #87259, #87278, #87263
  * revert to using --with-secure-path option at build time, since the option
    available in sudoers is parsed too late to be useful, and upstream says
    it won't get fixed quickly.  This reopens 85123, which I will mark as
    forwarded.  Closes: #86199, #86117, #85676

 -- Bdale Garbee <bdale@gag.com>  Mon, 26 Feb 2001 11:02:51 -0700

sudo (1.6.3p5-2) unstable; urgency=low

  * lose the dh_suidregister call since it's obsolete
  * stop using the --with-secure-path option at build time, and instead show
    how to set it in sudoers.  Closes: #85123
  * freshen config.sub and config.guess for ia64 and hppa
  * update sudoers man page to indicate exempt_group is on by default, 
    closes: #70847

 -- Bdale Garbee <bdale@gag.com>  Sat, 10 Feb 2001 02:05:17 -0700

sudo (1.6.3p5-1) unstable; urgency=low

  * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
  * this version restores core dumps before the exec, while leaving them
    disabled during sudo's internal execution, closes: #58289
  * update debhelper calls in rules file

 -- Bdale Garbee <bdale@gag.com>  Wed, 16 Aug 2000 00:13:15 -0600

sudo (1.6.2p2-1) frozen unstable; urgency=medium

  * new upstream source resulting from direct collaboration with the upstream
    author to fix ugly pam-related problems on Debian in 1.6.1 and later.
    Closes: #56129, #55978, #55979, #56550, #56772
  * include more upstream documentation, closes: #55054
  * pam.d fragment update, closes: #56129

 -- Bdale Garbee <bdale@gag.com>  Sun, 27 Feb 2000 11:48:48 -0700

sudo (1.6.1-1) unstable; urgency=low

  * new upstream source, closes: #52750

 -- Bdale Garbee <bdale@gag.com>  Fri,  7 Jan 2000 21:01:42 -0700

sudo (1.6-2) unstable; urgency=low

  * drop suidregister support for this package.  The sudo executable is 
    essentially worthless unless it is setuid root, and making suidregister
    work involves shipping a non-setuid executable in the .deb and setting the
    perms in the postinst.  On a long upgrade run, this can leave the sudo
    executable 'broken' for a long time, which is unacceptable.  With this
    version, we ship the executable setuid root in the .deb.  Closes: #51742

 -- Bdale Garbee <bdale@gag.com>  Wed,  1 Dec 1999 19:59:44 -0700

sudo (1.6-1) unstable; urgency=low

  * new upstream version, many options previously set at compile-time are now
    configurable at runtime.  
    Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
  * FHS support

 -- Bdale Garbee <bdale@gag.com>  Tue, 23 Nov 1999 16:51:22 -0700

sudo (1.5.9p4-1) unstable; urgency=low

  * new upstream version, closes: #43464
  * empty password handling was fixed in 1.5.8, closes: #31863

 -- Bdale Garbee <bdale@gag.com>  Thu, 26 Aug 1999 00:00:57 -0600

sudo (1.5.9p1-1) unstable; urgency=low

  * new upstream version

 -- Bdale Garbee <bdale@gag.com>  Thu, 15 Apr 1999 22:43:29 -0600

sudo (1.5.8p1-1) unstable; urgency=medium

  * new upstream version, closes 33690
  * add dependency on libpam-modules, closes 34215, 33432

 -- Bdale Garbee <bdale@gag.com>  Mon,  8 Mar 1999 10:27:42 -0700

sudo (1.5.7p4-2) unstable; urgency=medium

  * update the pam fragment provided so that sudo works with latest pam bits,
    closes 33432

 -- Bdale Garbee <bdale@gag.com>  Sun, 21 Feb 1999 00:22:44 -0700

sudo (1.5.7p4-1) unstable; urgency=low

  * new upstream release

 -- Bdale Garbee <bdale@gag.com>  Sun, 27 Dec 1998 16:13:53 -0700               

sudo (1.5.6p5-1) unstable; urgency=low

  * new upstream patch release
  * add PAM support, closes 28594

 -- Bdale Garbee <bdale@gag.com>  Mon,  2 Nov 1998 00:00:24 -0700               

sudo (1.5.6p2-2) unstable; urgency=low

  * update copyright file, closes 24136
  * review and close forwarded bugs believed fixed in this upstream version,
    closes 17606, 15786.

 -- Bdale Garbee <bdale@gag.com>  Mon,  5 Oct 1998 22:30:43 -0600               

sudo (1.5.6p2-1) unstable; urgency=low

  * new upstream release

 -- Bdale Garbee <bdale@gag.com>  Mon,  5 Oct 1998 22:30:43 -0600               

sudo (1.5.4-4) frozen unstable; urgency=low

  * update postinst to use groupadd, closes 21403
  * move the suidregister stuff earlier in postinst to ensure it always runs

 -- Bdale Garbee <bdale@gag.com>  Sun, 19 Apr 1998 22:07:45 -0600               

sudo (1.5.4-3) frozen unstable; urgency=low

  * change /etc/sudoers from a conffile to being handled in postinst, 
    closes 18219
  * add suidmanager support, closes 15711
  * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
    unlikely to ever fix, and which just don't matter.  closes 17146
  * fix FSF address in copyright file, and submit exception for lintian
    warning about sudo being setuid root

 -- Bdale Garbee <bdale@gag.com>  Thu,  9 Apr 1998 23:59:11 -0600               

sudo (1.5.4-2) unstable; urgency=high
 
  * patch from upstream author correcting/improving security fix
  
 -- Bdale Garbee <bdale@gag.com>  Tue, 13 Jan 1998 10:39:35 -0700               

sudo (1.5.4-1) unstable; urgency=high

  * new upstream version, includes a security fix
  * change default editor from /bin/ae to /usr/bin/editor

 -- Bdale Garbee <bdale@gag.com>  Mon, 12 Jan 1998 23:36:41 -0700

sudo (1.5.3-1) unstable; urgency=medium

  * new upstream version, closes bug 15911.
  * rules file reworked to use debhelper
  * implement a really gross hack to force use of the sudo-provided 
    lsearch(), since the one in libc6 is broken!  This closes bugs
    12552, 12557, 14881, 15259, 15916.  

 -- Bdale Garbee <bdale@gag.com>  Sat,  3 Jan 1998 20:39:23 -0700

sudo (1.5.2-6) unstable; urgency=LOW

  * don't install INSTALL in the doc directory, closes bug 13195.

 -- Bdale Garbee <bdale@gag.com>  Sun, 21 Sep 1997 17:10:40 -0600

sudo (1.5.2-5) unstable; urgency=LOW

  * libc6

 -- Bdale Garbee <bdale@gag.com>  Fri,  5 Sep 1997 00:06:22 -0600

sudo (1.5.2-4) unstable; urgency=LOW

  * change TIMEOUT (how long before you have to type your password again)
    to 15 mins, disable PASSWORD_TIMEOUT.  This makes building large Debian
    packages on slower machines much more tolerable.  Closes bug 9076.
  * touch debian/suid before debstd.  Closes bug 8709.

 -- Bdale Garbee <bdale@gag.com>  Sat, 26 Apr 1997 00:48:01 -0600

sudo (1.5.2-3) frozen unstable; urgency=LOW

  * patch from upstream maintainer to close Bug 6828
  * add a debian/suid file to get debstd to leave my perl postinst alone

 -- Bdale Garbee <bdale@gag.com>  Fri, 11 Apr 1997 23:09:55 -0600

sudo (1.5.2-2) frozen unstable; urgency=LOW

  * change rules to use -O2 -Wall as per standards

 -- Bdale Garbee <bdale@gag.com>  Sun, 6 Apr 1997 12:48:53 -0600

sudo (1.5.2-1) unstable; urgency=LOW

  * new upstream version
  * cosmetic changes to debian package control files

 -- Bdale Garbee <bdale@gag.com>  Wed, 30 Oct 1996 09:50:00 -0700

sudo (1.5-2) unstable; urgency=LOW

  * add /usr/X11R6/bin to the end of the secure path... this makes it
    much easier to run xmkmf, etc., during package builds.  To the extent
    that /usr/local/sbin and /usr/local/bin were already included, I see
    no security reasons not to add this.

 -- Bdale Garbee <bdale@gag.com>  Wed, 30 Oct 1996 09:44:58 -0700

sudo (1.5-1) unstable; urgency=LOW

  * New upstream version
  * New maintainer
  * New packaging format

 -- Bdale Garbee <bdale@gag.com>  Thu, 29 Aug 1996 11:44:22 +0200

Tue Mar  5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>

        sudo (1.4.1-1):

        * hard code SECURE_PATH to:
                "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

        * enable ENV_EDITOR

        * enabled EXEMPTGROUP "sudo"

        * moved timestamp dir to /var/log/sudo

        * changed parser to check for long and short filenames (Bug#1162)

Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>

        sudo (1.4.2-1):

        * New upstream source

        * Fixed postinst script
                (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)

        * Removed special shadow binary. This version works with and without
          shadow password file.

Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>

        sudo (1.4.2-2):

        * Corrected editor path to /bin/ae (Bug#3062)

        * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)

Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>

        sudo (1.4.3-1):

        * New upstream version

        * Changed sudoers permission to 440 (owner root, group root) to make
          sudo usable via NFS

Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>

        sudo (1.4.3-2):

        * Applied upstream patch 1

Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>

        sudo (1.4.3-3):

        * Applied upstream patch 2

Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>

        sudo (1.4.3-4):

        * Applied upstream patch 3 (fixes problems with an NFS-mounted
          sudoers file)


Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>

        sudo (1.4.3-5):

        * Corrected postinst to use /usr/bin/perl instead of /bin/perl
          [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]

Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>

        sudo (1.4.3-6):

        * Applied upstream patch 4 (fixes several bugs)

        * Changed priority to optional

Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>

        sudo (1.4.3-7):

        * Corrected postinst to create correct permission for /etc/sudoers
          (Bug#3749)

Fri Aug  2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>

        sudo (1.4.4-1):

        * New upstream version


sudo (1.4.4-2) admin; urgency=HIGH

        * Fixed major security bug reported by Peter Tobias
          <tobias@et-inf.fho-emden.de>
        * Added dchanges support to debian.rules

sudo (1.4.5-1) admin; urgency=LOW

        * New upstream version
        * Minor changes to debian.rules