1 sudo (1.7.4p4-6) UNRELEASED; urgency=low
3 * update /etc/sudoers.d/README now that sudoers is a conffile
5 -- Bdale Garbee <bdale@gag.com> Fri, 03 Dec 2010 13:31:20 -0700
7 sudo (1.7.4p4-5) unstable; urgency=low
9 * patch from Jakub Wilk to add noopt and nostrip build option support,
11 * make sudoers a conffile, closes: #605130
12 * add descriptions to LSB init headers, closes: #604619
13 * change default sudoers %sudo entry to allow gid changes, closes: #602699
14 * add Vcs entries to the control file
15 * use debhelper install files instead of explicit installs in rules
17 -- Bdale Garbee <bdale@gag.com> Wed, 01 Dec 2010 20:32:31 -0700
19 sudo (1.7.4p4-4) unstable; urgency=low
21 * patch from upstream to resolve problem always prompting for a password
22 when run without a tty, closes: #599376
23 * patch from upstream to resolve interoperability problem between HOME in
24 env_keep and the -H flag, closes: #596493
25 * change path syntax to avoid tar error when /var/run/sudo exists but is
26 empty, closes: #598877
28 -- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600
30 sudo (1.7.4p4-3) unstable; urgency=low
32 * make postinst clause for handling /var/run -> /var/lib transition less
33 fragile, closes: #585514
34 * cope with upstream's Makefile trying to install ChangeLog in our doc
35 directory, closes: #597389
36 * fix README.Debian to reflect that HOME is no longer preserved by default,
39 -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
41 sudo (1.7.4p4-2) unstable; urgency=low
43 * add a NEWS item about change in $HOME handling that impacts programs
46 -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
48 sudo (1.7.4p4-1) unstable; urgency=high
50 * new upstream version, urgency high due to fix for flaw in Runas group
51 matching (CVE-2010-2956), closes: #595935
52 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
53 re-lecturing existing users, and to clean up after ourselves on upgrade,
54 and remove the RAMRUN section from README.Debian since the new state dir
55 should fix the original problem, closes: #585514
56 * deliver README.Debian to both package flavors, closes: #593579
58 -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600
60 sudo (1.7.2p7-1) unstable; urgency=high
62 * new upstream release with security fix for secure path (CVE-2010-1646),
64 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
65 about whether to give the lecture is preserved across reboots even when
66 RAMRUN is set, closes: #581393
67 * add a note to README.Debian about LDAP needing an entry in
68 /etc/nsswitch.conf, closes: #522065
69 * add a note to README.Debian about how to turn off lectures if using
70 RAMRUN in /etc/default/rcS, closes: #581393
72 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
74 sudo (1.7.2p6-1) unstable; urgency=low
76 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
78 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
80 sudo (1.7.2p5-1) unstable; urgency=low
82 * new upstream release, closes a bug filed upstream regarding missing man
83 page processing scripts in the 1.7.2p1 tarball, also includes the fix
84 for CVE-2010-0426 previously the subject of a security team nmu
85 * move to source format 3.0 (quilt) and restructure changes as patches
86 * fix unprocessed substitution variables in man pages, closes: #557204
87 * apply patch from Neil Moore to fix Debian-specific content in the
88 visudo man page, closes: #555013
89 * update descriptions to better explain sudo-ldap, closes: #573108
90 * eliminate spurious 'and' in man page, closes: #571620
91 * fix confusing text in default sudoers, closes: #566607
93 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
95 sudo (1.7.2p1-1) unstable; urgency=low
97 * new upstream version
98 * add support for /etc/sudoers.d using #includedir in default sudoers,
99 which I think is also a good solution to the request for a crontab-like
100 API requested in March of 2001, closes: #539994, #271813, #89743
101 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
103 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
105 sudo (1.7.2-2) unstable; urgency=low
107 * further improve initial sudoers to not include the NOPASSWD option on
108 the group sudo exception, closes: #539136, #198991
110 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
112 sudo (1.7.2-1) unstable; urgency=low
114 * new upstream version, closes: #537103
115 * improve initial sudoers by having the exemption for users in group
116 sudo on by default, and including the ability to run any command as
117 any user. This makes the default install roughly equivalent to our
118 old use of the --with-exempt=sudo build option, closes: #536220, #536222
120 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
122 sudo (1.7.0-1) unstable; urgency=low
124 * new upstream version, closes: #510179, #128268, #520274, #508514
125 * fix ldap config file path for sudo-ldap package, including creating
126 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
127 package, closes: #430826
128 * fix NOPASSWD entry location in default config file for the sudo-ldap
129 instance too, closes: #479616
131 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
133 sudo (1.6.9p17-2) unstable; urgency=high
135 * patch from upstream to fix privilege escalation with certain
136 configurations, CVE-2009-0034
137 * typo in sudoers man page, closes: #507163
139 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
141 sudo (1.6.9p17-1) unstable; urgency=low
143 * new upstream version, closes: #481008
144 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
145 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
146 in move from CVS to git for package management, closes: #475821
147 * re-instate the init.d for the sudo-ldap package too... /o\
149 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
151 sudo (1.6.9p15-2) unstable; urgency=low
153 * revert the fix for 388659 such that visudo once again defaults to using
154 /usr/bin/editor. I was always ambivalent about this change, it has caused
155 more confusion and frustration than it cured, and I find Justin's line of
156 reasoning persuasive. Update the man page source to reflect this choice
157 and the related use of --with-env-editor. Closes: #474197.
158 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
160 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
162 sudo (1.6.9p15-1) unstable; urgency=low
164 * new upstream version, closes: #467126, #473337
165 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
166 thanks to Justin Pryzby for pointing this out
167 * reinstate the init.d, since bootclean doesn't quite do what we want. This
168 also means we don't need the preinst scripts any more. Update the lintian
169 overrides since postinst is a Perl script lintian apparently isn't parsing
170 well. closes: #330868
172 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
174 sudo (1.6.9p12-1) unstable; urgency=low
176 * new upstream version, closes: #464890
178 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
180 sudo (1.6.9p11-3) unstable; urgency=low
182 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
184 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
186 sudo (1.6.9p11-2) unstable; urgency=low
188 * update version compared in preinst when removing obsolete init.d,
190 * implement pam session config suggestions from Elizabeth Fong,
191 closes: #452457, #402329
193 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
195 sudo (1.6.9p11-1) unstable; urgency=low
197 * new upstream version
199 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
201 sudo (1.6.9p10-1) unstable; urgency=low
203 * new upstream version
204 * tweak default password prompt as %u doesn't make sense. Accept patch from
205 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
206 uses it by default, closes: #454409
207 * accept patch from Martin Pitt that adds a prerm making it difficult to
208 "accidentally" remove sudo when there is no root password set on the
209 system, closes: #451241
211 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
213 sudo (1.6.9p9-1) unstable; urgency=low
215 * new upstream version
216 * debian/rules: configure a more informative default password prompt to
217 reduce confusion when using sudo to invoke commands which also ask for
218 passwords, closes: #343268
219 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
220 a custom prompt, closes: #448628.
221 * fix configure's ability to discover that libc has dirfd, closes: #451324
222 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
223 the command 'visudo' invokes a vi variant by default as documented,
226 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
228 sudo (1.6.9p6-1) unstable; urgency=low
230 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
231 closes: #434832, #434608, #430382
232 * eliminate the now-redundant init.d scripts, closes: #397090
233 * fix typo in TROUBLESHOOTING file, closes: #439624
235 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
237 sudo (1.6.8p12-6) unstable; urgency=low
239 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
240 * have init.d touch directories in /var/run/sudo, not just files, as a
242 * fix various typos in sudoers.pod, closes: #419749
243 * don't let Makefile strip binaries, closes: #438073
245 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
247 sudo (1.6.8p12-5) unstable; urgency=low
249 * update debian/copyright to reflect new upstream URL, closes: #368746
250 * add sandwich cartoon URL to the README.Debian
251 * don't remove sudoers on purge. can cause problems when moving between
252 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
253 evil choice for now, closes: #401366
254 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
256 * accept patch that improves debian/rules from Ted Percival, closes: #382122
257 * no longer build with --with-exempt=sudo, provide an example entry in the
258 default sudoers file instead, closes: #296605
259 * add --with-devel to configure and augment build dependencies so that flex
260 and yacc files get re-generated on every build, closes: #316249
262 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
264 sudo (1.6.8p12-4) unstable; urgency=low
266 * patch from Petter Reinholdtsen for the LSB info block in the init.d
267 script, closes: #361055
268 * deliver sudoers sample again, closes: #361593
270 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
272 sudo (1.6.8p12-3) unstable; urgency=low
274 * force-feed configure knowledge of nroff's path so we get unformatted man
275 pages installed without build-depending on groff-base, closes: #360894
276 * add a reference to OPTIONS in the man page, closes: #186226
278 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
280 sudo (1.6.8p12-2) unstable; urgency=low
282 * fix typos in init scripts, closes: #346325
283 * update to debhelper compat level 5
284 * build depend on autotools-dev to ensure config.sub/guess are fresh
285 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
286 use it here as well. Thanks to Martin and the debian-security team.
287 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
288 closes: #315115, #315718, #203874
289 * Non-maintainer upload by the Security Team
290 * Reworked the former patch to limit environment variables from being
291 passed through, set env_reset as default instead [sudo.c, env.c,
292 sudoers.pod, Bug#342948, CVE-2005-4158]
293 * env_reset is now set by default
294 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
295 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
296 (in addition to the SUDO_* variables)
297 * Rebuild sudoers.man.in from the POD file
298 * Added README.Debian
299 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
300 * simplify rules file by using more of Makefile, despite having to override
301 default directories with more arguments to configure, closes: #292833
302 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
303 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
304 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
305 unresolveable (requires adding bison as build dep), closes: #314949
307 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
309 sudo (1.6.8p12-1) unstable; urgency=low
311 * new upstream version, closes: #342948 (CVE-2005-4158)
312 * add env_reset to the sudoers file we create if none already exists,
313 as a further precaution in response to discussion about CVS-2005-4158
314 * split ldap support into a new sudo-ldap package. I was trying to avoid
315 doing this, but the impact of going from 4 to 17 linked shlibs on the
316 autobuilder chroots is sufficient motivation for me.
319 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
321 sudo (1.6.8p9-4) unstable; urgency=low
323 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
324 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
325 timestamps in the init.d script, closes: #330868
326 * add dependency header to init.d script, closes: #332849
328 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
330 sudo (1.6.8p9-3) unstable; urgency=high
332 * update debhelper compatibility level from 2 to 4
333 * add man page symlink for sudoedit
334 * Clean SHELLOPTS and PS4 from the environment before executing programs
335 with sudo permissions [env.c, CAN-2005-2959]
336 * fix typo in manpage pointed out by Moray Allen, closes: #285995
337 * fix paths in sample complex sudoers file, closes: #303542
338 * fix type in sudoers man page, closes: #311244
340 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
342 sudo (1.6.8p9-2) unstable; urgency=high
344 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
347 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
349 sudo (1.6.8p9-1) unstable; urgency=high
351 * new upstream version, fixes a race condition in sudo's pathname
352 validation, which is a security issue (CAN-2005-1993),
353 closes: #315115, #315718
355 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
357 sudo (1.6.8p7-1) unstable; urgency=low
359 * new upstream version, closes: #299585
360 * update lintian overrides to squelch the postinst warning
361 * change sudoedit from a hard to a soft link, closes: #296896
362 * fix regex doc in sudoers man page, closes: #300361
364 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
366 sudo (1.6.8p5-1) unstable; urgency=high
368 * new upstream version
369 * restores ability to use config tuples without a value, which was causing
370 problems on upgrade closes: #283306
371 * deliver sudoedit, closes: #283078
372 * marking urgency high since 283306 is a serious upgrade incompatibility
374 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
376 sudo (1.6.8p3-2) unstable; urgency=high
378 * update pam.d deliverable so ldap works again, closes: #282191
380 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
382 sudo (1.6.8p3-1) unstable; urgency=high
384 * new upstream version, fixes a flaw in sudo's environment sanitizing that
385 could allow a malicious user with permission to run a shell script that
386 utilized the bash shell to run arbitrary commands, closes: #281665
387 * patch the sample sudoers to have the proper path for kill on Debian
388 systems, closes: #263486
389 * patch the sudo manpage to reflect Debian's choice of exempt_group
390 default setting, closes: #236465
391 * patch the sudo manpage to reflect Debian's choice of no timeout on the
392 password prompt, closes: #271194
394 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
396 sudo (1.6.7p5-2) unstable; urgency=low
398 * Jeff Bailey reports that seteuid works on current sparc systems, so we
399 no longer need the "grosshack" stuff in the sudo rules file
400 * add a postrm that removes /etc/sudoers on purge. don't do this with the
401 normal conffile mechanism since it would generate noise on every upgrade,
404 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
406 sudo (1.6.7p5-1) unstable; urgency=low
408 * new upstream version, closes: #190265, #193222, #197244
409 * change from '.' to ':' in postinst chown call, closes: #208369
411 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
413 sudo (1.6.7p3-2) unstable; urgency=low
415 * add --disable-setresuid to configure call since 2.2 kernels don't support
416 setresgid, closes: #189044
417 * cosmetic cleanups to debian/rules as long as I'm there
419 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
421 sudo (1.6.7p3-1) unstable; urgency=low
423 * new upstream version
424 * add overrides to quiet lintian about things it doesn't understand,
425 except the source one that can't be overridden until 129510 is fixed
427 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
429 sudo (1.6.6-3) unstable; urgency=low
431 * add code to rules file to update config.sub/guess, closes: #164501
433 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
435 sudo (1.6.6-2) unstable; urgency=low
437 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
438 configure, and lose the build dependency on mail-transport-agent
439 * incorporate changes from LaMont's NMU, closes: #144665, #144737
440 * update init.d to not try and set time on nonexistent timestamp files,
442 * build with --with-all-insults, admin must edit sudoers to turn insults
443 on at runtime if desired, closes: #135374
444 * stop setting /usr/doc symlink in postinst
446 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
448 sudo (1.6.6-1.1) unstable; urgency=high
450 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
451 * Revert patch to auth/pam.c that left pass uninitialized, causing a
452 segfault (Closes: #144665).
454 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
456 sudo (1.6.6-1) unstable; urgency=high
458 * new upstream version, fixes security problem with crafty prompts,
461 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
463 sudo (1.6.5p1-4) unstable; urgency=high
465 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
466 if ctrl/C'ed at password prompt, closes: #131235
468 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
470 sudo (1.6.5p1-3) unstable; urgency=high
472 * ugly hack to add --disable-saved-ids when building on sparc in response
473 to 131592, which will be reassigned to glibc for a real fix
474 * urgency high since the sudo currently in testing for sparc is worthless
476 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
478 sudo (1.6.5p1-2) unstable; urgency=high
480 * patch from upstream to fix seg faults caused by versions of pam that
481 follow a NULL pointer, closes: #129512
483 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
485 sudo (1.6.5p1-1) unstable; urgency=high
487 * new upstream version
488 * add --disable-root-mailer option supported by new version to configure
489 call in rules file, closes: #129648
491 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
493 sudo (1.6.4p1-1) unstable; urgency=high
495 * new upstream version, with fix for segfaulting problem in 1.6.4
497 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
499 sudo (1.6.4-1) unstable; urgency=high
501 * new upstream version, includes an important security fix, closes: #127576
503 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
505 sudo (1.6.3p7-5) unstable; urgency=low
507 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
508 * fix spelling error in init.d, closes: #126847
510 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
512 sudo (1.6.3p7-4) unstable; urgency=medium
514 * use touch to set status files to an ancient date instead of removing them
515 outright on reboot. this achieves the desired effect of keeping elevated
516 privs from living across reboots, without forcing everyone to see the
517 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
518 for systems with good clocks, and 'recent enough' that broken PC hardware
519 setting the clock to commonly-seen bogus dates trips over the "don't trust
520 future timestamps" rule. closes: #76529, #123559
521 * apply patch from Steve Langasek to fix seg faults due to interaction with
522 PAM code. upstream confirms the problem, and says they're fixing this
523 differently for their next release... but this should be useful in the
524 meantime, and would be good to get into woody. closes: #119147
525 * only run the init.d at boot, not on each runlevel change... and don't run
526 it during package configure. closes: #125935
527 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
529 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
531 sudo (1.6.3p7-3) unstable; urgency=low
533 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
534 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
535 * fix a typo in the manpage, closes: #97368
536 * apply patch to configure.in and run autoconf to fix problem building on
537 the hurd, closes: #96325
538 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
539 to not last across reboots, closes: #76529
540 * clean up lintian-noticed cosmetic packaging issues
542 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
544 sudo (1.6.3p7-2) unstable; urgency=low
546 * update config.sub/guess for hppa support
548 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
550 sudo (1.6.3p7-1) unstable; urgency=low
552 * new upstream version
553 * add build dependency on mail-transport-agent, closes: #90685
555 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
557 sudo (1.6.3p6-1) unstable; urgency=high
559 * new upstream version, fixes buffer overflow problem,
560 closes: #87259, #87278, #87263
561 * revert to using --with-secure-path option at build time, since the option
562 available in sudoers is parsed too late to be useful, and upstream says
563 it won't get fixed quickly. This reopens 85123, which I will mark as
564 forwarded. Closes: #86199, #86117, #85676
566 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
568 sudo (1.6.3p5-2) unstable; urgency=low
570 * lose the dh_suidregister call since it's obsolete
571 * stop using the --with-secure-path option at build time, and instead show
572 how to set it in sudoers. Closes: #85123
573 * freshen config.sub and config.guess for ia64 and hppa
574 * update sudoers man page to indicate exempt_group is on by default,
577 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
579 sudo (1.6.3p5-1) unstable; urgency=low
581 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
582 * this version restores core dumps before the exec, while leaving them
583 disabled during sudo's internal execution, closes: #58289
584 * update debhelper calls in rules file
586 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
588 sudo (1.6.2p2-1) frozen unstable; urgency=medium
590 * new upstream source resulting from direct collaboration with the upstream
591 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
592 Closes: #56129, #55978, #55979, #56550, #56772
593 * include more upstream documentation, closes: #55054
594 * pam.d fragment update, closes: #56129
596 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
598 sudo (1.6.1-1) unstable; urgency=low
600 * new upstream source, closes: #52750
602 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
604 sudo (1.6-2) unstable; urgency=low
606 * drop suidregister support for this package. The sudo executable is
607 essentially worthless unless it is setuid root, and making suidregister
608 work involves shipping a non-setuid executable in the .deb and setting the
609 perms in the postinst. On a long upgrade run, this can leave the sudo
610 executable 'broken' for a long time, which is unacceptable. With this
611 version, we ship the executable setuid root in the .deb. Closes: #51742
613 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
615 sudo (1.6-1) unstable; urgency=low
617 * new upstream version, many options previously set at compile-time are now
618 configurable at runtime.
619 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
622 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
624 sudo (1.5.9p4-1) unstable; urgency=low
626 * new upstream version, closes: #43464
627 * empty password handling was fixed in 1.5.8, closes: #31863
629 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
631 sudo (1.5.9p1-1) unstable; urgency=low
633 * new upstream version
635 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
637 sudo (1.5.8p1-1) unstable; urgency=medium
639 * new upstream version, closes 33690
640 * add dependency on libpam-modules, closes 34215, 33432
642 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
644 sudo (1.5.7p4-2) unstable; urgency=medium
646 * update the pam fragment provided so that sudo works with latest pam bits,
649 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
651 sudo (1.5.7p4-1) unstable; urgency=low
653 * new upstream release
655 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
657 sudo (1.5.6p5-1) unstable; urgency=low
659 * new upstream patch release
660 * add PAM support, closes 28594
662 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
664 sudo (1.5.6p2-2) unstable; urgency=low
666 * update copyright file, closes 24136
667 * review and close forwarded bugs believed fixed in this upstream version,
670 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
672 sudo (1.5.6p2-1) unstable; urgency=low
674 * new upstream release
676 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
678 sudo (1.5.4-4) frozen unstable; urgency=low
680 * update postinst to use groupadd, closes 21403
681 * move the suidregister stuff earlier in postinst to ensure it always runs
683 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
685 sudo (1.5.4-3) frozen unstable; urgency=low
687 * change /etc/sudoers from a conffile to being handled in postinst,
689 * add suidmanager support, closes 15711
690 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
691 unlikely to ever fix, and which just don't matter. closes 17146
692 * fix FSF address in copyright file, and submit exception for lintian
693 warning about sudo being setuid root
695 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
697 sudo (1.5.4-2) unstable; urgency=high
699 * patch from upstream author correcting/improving security fix
701 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
703 sudo (1.5.4-1) unstable; urgency=high
705 * new upstream version, includes a security fix
706 * change default editor from /bin/ae to /usr/bin/editor
708 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
710 sudo (1.5.3-1) unstable; urgency=medium
712 * new upstream version, closes bug 15911.
713 * rules file reworked to use debhelper
714 * implement a really gross hack to force use of the sudo-provided
715 lsearch(), since the one in libc6 is broken! This closes bugs
716 12552, 12557, 14881, 15259, 15916.
718 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
720 sudo (1.5.2-6) unstable; urgency=LOW
722 * don't install INSTALL in the doc directory, closes bug 13195.
724 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
726 sudo (1.5.2-5) unstable; urgency=LOW
730 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
732 sudo (1.5.2-4) unstable; urgency=LOW
734 * change TIMEOUT (how long before you have to type your password again)
735 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
736 packages on slower machines much more tolerable. Closes bug 9076.
737 * touch debian/suid before debstd. Closes bug 8709.
739 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
741 sudo (1.5.2-3) frozen unstable; urgency=LOW
743 * patch from upstream maintainer to close Bug 6828
744 * add a debian/suid file to get debstd to leave my perl postinst alone
746 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
748 sudo (1.5.2-2) frozen unstable; urgency=LOW
750 * change rules to use -O2 -Wall as per standards
752 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
754 sudo (1.5.2-1) unstable; urgency=LOW
756 * new upstream version
757 * cosmetic changes to debian package control files
759 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
761 sudo (1.5-2) unstable; urgency=LOW
763 * add /usr/X11R6/bin to the end of the secure path... this makes it
764 much easier to run xmkmf, etc., during package builds. To the extent
765 that /usr/local/sbin and /usr/local/bin were already included, I see
766 no security reasons not to add this.
768 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
770 sudo (1.5-1) unstable; urgency=LOW
772 * New upstream version
774 * New packaging format
776 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
778 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
782 * hard code SECURE_PATH to:
783 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
787 * enabled EXEMPTGROUP "sudo"
789 * moved timestamp dir to /var/log/sudo
791 * changed parser to check for long and short filenames (Bug#1162)
793 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
797 * New upstream source
799 * Fixed postinst script
800 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
802 * Removed special shadow binary. This version works with and without
803 shadow password file.
805 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
809 * Corrected editor path to /bin/ae (Bug#3062)
811 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
813 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
817 * New upstream version
819 * Changed sudoers permission to 440 (owner root, group root) to make
822 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
826 * Applied upstream patch 1
828 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
832 * Applied upstream patch 2
834 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
838 * Applied upstream patch 3 (fixes problems with an NFS-mounted
842 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
846 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
847 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
849 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
853 * Applied upstream patch 4 (fixes several bugs)
855 * Changed priority to optional
857 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
861 * Corrected postinst to create correct permission for /etc/sudoers
864 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
868 * New upstream version
871 sudo (1.4.4-2) admin; urgency=HIGH
873 * Fixed major security bug reported by Peter Tobias
874 <tobias@et-inf.fho-emden.de>
875 * Added dchanges support to debian.rules
877 sudo (1.4.5-1) admin; urgency=LOW
879 * New upstream version
880 * Minor changes to debian.rules