1 sudo (1.6.6-1.5) oldstable-security; urgency=high
3 * Non-maintainer upload by the Security Team
4 * Reverse the environment semantic by forcing users to maintain a
5 whitelist [env.c, Bug#342948, CVE-2005-4158]
7 -- Martin Schulze <joey@infodrom.org> Wed, 21 Dec 2005 10:05:52 +0100
9 sudo (1.6.6-1.4) oldstable-security; urgency=high
11 * Non-maintainer upload by the Security Team
12 * Clean SHELLOPTS and PS4 from the environment before executing programs
13 with sudo permissions [env.c, CAN-2005-2959]
15 -- Martin Schulze <joey@infodrom.org> Thu, 22 Sep 2005 23:32:16 +0200
17 sudo (1.6.6-1.3) stable-security; urgency=high
19 * Non-maintainer upload by the Security Team
20 * Removed debugging code again. Sorry.
22 -- Martin Schulze <joey@infodrom.org> Wed, 24 Nov 2004 15:51:06 +0100
24 sudo (1.6.6-1.2) stable-security; urgency=high
26 * Non-maintainer upload by the Security Team
27 * Applied upstream patch to prevent bash functions and the CDPATH
28 environment variable from being exported into the sudo environment
29 [env.c, CAN-2004-1051]
30 * Added special detection routine for big/little endianess on MIPS since
31 the line "byteorder : {big|little} endian" from /proc/cpuinfo was
32 removed as of Linux 2.4.20, resulting in the mipsel buildd being
33 unable to build this package.
35 -- Martin Schulze <joey@infodrom.org> Thu, 18 Nov 2004 08:53:05 +0100
37 sudo (1.6.6-1.1) unstable; urgency=high
39 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
40 * Revert patch to auth/pam.c that left pass uninitialized, causing a
41 segfault (Closes: #144665).
43 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
45 sudo (1.6.6-1) unstable; urgency=high
47 * new upstream version, fixes security problem with crafty prompts,
50 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
52 sudo (1.6.5p1-4) unstable; urgency=high
54 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
55 if ctrl/C'ed at password prompt, closes: #131235
57 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
59 sudo (1.6.5p1-3) unstable; urgency=high
61 * ugly hack to add --disable-saved-ids when building on sparc in response
62 to 131592, which will be reassigned to glibc for a real fix
63 * urgency high since the sudo currently in testing for sparc is worthless
65 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
67 sudo (1.6.5p1-2) unstable; urgency=high
69 * patch from upstream to fix seg faults caused by versions of pam that
70 follow a NULL pointer, closes: #129512
72 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
74 sudo (1.6.5p1-1) unstable; urgency=high
76 * new upstream version
77 * add --disable-root-mailer option supported by new version to configure
78 call in rules file, closes: #129648
80 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
82 sudo (1.6.4p1-1) unstable; urgency=high
84 * new upstream version, with fix for segfaulting problem in 1.6.4
86 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
88 sudo (1.6.4-1) unstable; urgency=high
90 * new upstream version, includes an important security fix, closes: #127576
92 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
94 sudo (1.6.3p7-5) unstable; urgency=low
96 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
97 * fix spelling error in init.d, closes: #126847
99 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
101 sudo (1.6.3p7-4) unstable; urgency=medium
103 * use touch to set status files to an ancient date instead of removing them
104 outright on reboot. this achieves the desired effect of keeping elevated
105 privs from living across reboots, without forcing everyone to see the
106 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
107 for systems with good clocks, and 'recent enough' that broken PC hardware
108 setting the clock to commonly-seen bogus dates trips over the "don't trust
109 future timestamps" rule. closes: #76529, #123559
110 * apply patch from Steve Langasek to fix seg faults due to interaction with
111 PAM code. upstream confirms the problem, and says they're fixing this
112 differently for their next release... but this should be useful in the
113 meantime, and would be good to get into woody. closes: #119147
114 * only run the init.d at boot, not on each runlevel change... and don't run
115 it during package configure. closes: #125935
116 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
118 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
120 sudo (1.6.3p7-3) unstable; urgency=low
122 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
123 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
124 * fix a typo in the manpage, closes: #97368
125 * apply patch to configure.in and run autoconf to fix problem building on
126 the hurd, closes: #96325
127 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
128 to not last across reboots, closes: #76529
129 * clean up lintian-noticed cosmetic packaging issues
131 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
133 sudo (1.6.3p7-2) unstable; urgency=low
135 * update config.sub/guess for hppa support
137 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
139 sudo (1.6.3p7-1) unstable; urgency=low
141 * new upstream version
142 * add build dependency on mail-transport-agent, closes: #90685
144 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
146 sudo (1.6.3p6-1) unstable; urgency=high
148 * new upstream version, fixes buffer overflow problem,
149 closes: #87259, #87278, #87263
150 * revert to using --with-secure-path option at build time, since the option
151 available in sudoers is parsed too late to be useful, and upstream says
152 it won't get fixed quickly. This reopens 85123, which I will mark as
153 forwarded. Closes: #86199, #86117, #85676
155 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
157 sudo (1.6.3p5-2) unstable; urgency=low
159 * lose the dh_suidregister call since it's obsolete
160 * stop using the --with-secure-path option at build time, and instead show
161 how to set it in sudoers. Closes: #85123
162 * freshen config.sub and config.guess for ia64 and hppa
163 * update sudoers man page to indicate exempt_group is on by default,
166 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
168 sudo (1.6.3p5-1) unstable; urgency=low
170 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
171 * this version restores core dumps before the exec, while leaving them
172 disabled during sudo's internal execution, closes: #58289
173 * update debhelper calls in rules file
175 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
177 sudo (1.6.2p2-1) frozen unstable; urgency=medium
179 * new upstream source resulting from direct collaboration with the upstream
180 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
181 Closes: #56129, #55978, #55979, #56550, #56772
182 * include more upstream documentation, closes: #55054
183 * pam.d fragment update, closes: #56129
185 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
187 sudo (1.6.1-1) unstable; urgency=low
189 * new upstream source, closes: #52750
191 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
193 sudo (1.6-2) unstable; urgency=low
195 * drop suidregister support for this package. The sudo executable is
196 essentially worthless unless it is setuid root, and making suidregister
197 work involves shipping a non-setuid executable in the .deb and setting the
198 perms in the postinst. On a long upgrade run, this can leave the sudo
199 executable 'broken' for a long time, which is unacceptable. With this
200 version, we ship the executable setuid root in the .deb. Closes: #51742
202 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
204 sudo (1.6-1) unstable; urgency=low
206 * new upstream version, many options previously set at compile-time are now
207 configurable at runtime.
208 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
211 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
213 sudo (1.5.9p4-1) unstable; urgency=low
215 * new upstream version, closes: #43464
216 * empty password handling was fixed in 1.5.8, closes: #31863
218 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
220 sudo (1.5.9p1-1) unstable; urgency=low
222 * new upstream version
224 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
226 sudo (1.5.8p1-1) unstable; urgency=medium
228 * new upstream version, closes 33690
229 * add dependency on libpam-modules, closes 34215, 33432
231 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
233 sudo (1.5.7p4-2) unstable; urgency=medium
235 * update the pam fragment provided so that sudo works with latest pam bits,
238 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
240 sudo (1.5.7p4-1) unstable; urgency=low
242 * new upstream release
244 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
246 sudo (1.5.6p5-1) unstable; urgency=low
248 * new upstream patch release
249 * add PAM support, closes 28594
251 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
253 sudo (1.5.6p2-2) unstable; urgency=low
255 * update copyright file, closes 24136
256 * review and close forwarded bugs believed fixed in this upstream version,
259 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
261 sudo (1.5.6p2-1) unstable; urgency=low
263 * new upstream release
265 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
267 sudo (1.5.4-4) frozen unstable; urgency=low
269 * update postinst to use groupadd, closes 21403
270 * move the suidregister stuff earlier in postinst to ensure it always runs
272 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
274 sudo (1.5.4-3) frozen unstable; urgency=low
276 * change /etc/sudoers from a conffile to being handled in postinst,
278 * add suidmanager support, closes 15711
279 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
280 unlikely to ever fix, and which just don't matter. closes 17146
281 * fix FSF address in copyright file, and submit exception for lintian
282 warning about sudo being setuid root
284 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
286 sudo (1.5.4-2) unstable; urgency=high
288 * patch from upstream author correcting/improving security fix
290 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
292 sudo (1.5.4-1) unstable; urgency=high
294 * new upstream version, includes a security fix
295 * change default editor from /bin/ae to /usr/bin/editor
297 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
299 sudo (1.5.3-1) unstable; urgency=medium
301 * new upstream version, closes bug 15911.
302 * rules file reworked to use debhelper
303 * implement a really gross hack to force use of the sudo-provided
304 lsearch(), since the one in libc6 is broken! This closes bugs
305 12552, 12557, 14881, 15259, 15916.
307 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
309 sudo (1.5.2-6) unstable; urgency=LOW
311 * don't install INSTALL in the doc directory, closes bug 13195.
313 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
315 sudo (1.5.2-5) unstable; urgency=LOW
319 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
321 sudo (1.5.2-4) unstable; urgency=LOW
323 * change TIMEOUT (how long before you have to type your password again)
324 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
325 packages on slower machines much more tolerable. Closes bug 9076.
326 * touch debian/suid before debstd. Closes bug 8709.
328 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
330 sudo (1.5.2-3) frozen unstable; urgency=LOW
332 * patch from upstream maintainer to close Bug 6828
333 * add a debian/suid file to get debstd to leave my perl postinst alone
335 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
337 sudo (1.5.2-2) frozen unstable; urgency=LOW
339 * change rules to use -O2 -Wall as per standards
341 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
343 sudo (1.5.2-1) unstable; urgency=LOW
345 * new upstream version
346 * cosmetic changes to debian package control files
348 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
350 sudo (1.5-2) unstable; urgency=LOW
352 * add /usr/X11R6/bin to the end of the secure path... this makes it
353 much easier to run xmkmf, etc., during package builds. To the extent
354 that /usr/local/sbin and /usr/local/bin were already included, I see
355 no security reasons not to add this.
357 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
359 sudo (1.5-1) unstable; urgency=LOW
361 * New upstream version
363 * New packaging format
365 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
367 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
371 * hard code SECURE_PATH to:
372 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
376 * enabled EXEMPTGROUP "sudo"
378 * moved timestamp dir to /var/log/sudo
380 * changed parser to check for long and short filenames (Bug#1162)
382 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
386 * New upstream source
388 * Fixed postinst script
389 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
391 * Removed special shadow binary. This version works with and without
392 shadow password file.
394 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
398 * Corrected editor path to /bin/ae (Bug#3062)
400 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
402 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
406 * New upstream version
408 * Changed sudoers permission to 440 (owner root, group root) to make
411 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
415 * Applied upstream patch 1
417 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
421 * Applied upstream patch 2
423 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
427 * Applied upstream patch 3 (fixes problems with an NFS-mounted
431 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
435 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
436 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
438 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
442 * Applied upstream patch 4 (fixes several bugs)
444 * Changed priority to optional
446 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
450 * Corrected postinst to create correct permission for /etc/sudoers
453 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
457 * New upstream version
460 sudo (1.4.4-2) admin; urgency=HIGH
462 * Fixed major security bug reported by Peter Tobias
463 <tobias@et-inf.fho-emden.de>
464 * Added dchanges support to debian.rules
466 sudo (1.4.5-1) admin; urgency=LOW
468 * New upstream version
469 * Minor changes to debian.rules