1 sudo (1.7.4p4-5) unstable; urgency=low
3 * patch from Jakub Wilk to add noopt and nostrip build option support,
5 * make sudoers a conffile, closes: #605130
6 * add descriptions to LSB init headers, closes: #604619
7 * change default sudoers %sudo entry to allow gid changes, closes: #602699
8 * add Vcs entries to the control file
9 * use debhelper install files instead of explicit installs in rules
11 -- Bdale Garbee <bdale@gag.com> Wed, 01 Dec 2010 20:32:31 -0700
13 sudo (1.7.4p4-4) unstable; urgency=low
15 * patch from upstream to resolve problem always prompting for a password
16 when run without a tty, closes: #599376
17 * patch from upstream to resolve interoperability problem between HOME in
18 env_keep and the -H flag, closes: #596493
19 * change path syntax to avoid tar error when /var/run/sudo exists but is
20 empty, closes: #598877
22 -- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600
24 sudo (1.7.4p4-3) unstable; urgency=low
26 * make postinst clause for handling /var/run -> /var/lib transition less
27 fragile, closes: #585514
28 * cope with upstream's Makefile trying to install ChangeLog in our doc
29 directory, closes: #597389
30 * fix README.Debian to reflect that HOME is no longer preserved by default,
33 -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
35 sudo (1.7.4p4-2) unstable; urgency=low
37 * add a NEWS item about change in $HOME handling that impacts programs
40 -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
42 sudo (1.7.4p4-1) unstable; urgency=high
44 * new upstream version, urgency high due to fix for flaw in Runas group
45 matching (CVE-2010-2956), closes: #595935
46 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
47 re-lecturing existing users, and to clean up after ourselves on upgrade,
48 and remove the RAMRUN section from README.Debian since the new state dir
49 should fix the original problem, closes: #585514
50 * deliver README.Debian to both package flavors, closes: #593579
52 -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600
54 sudo (1.7.2p7-1) unstable; urgency=high
56 * new upstream release with security fix for secure path (CVE-2010-1646),
58 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
59 about whether to give the lecture is preserved across reboots even when
60 RAMRUN is set, closes: #581393
61 * add a note to README.Debian about LDAP needing an entry in
62 /etc/nsswitch.conf, closes: #522065
63 * add a note to README.Debian about how to turn off lectures if using
64 RAMRUN in /etc/default/rcS, closes: #581393
66 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
68 sudo (1.7.2p6-1) unstable; urgency=low
70 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
72 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
74 sudo (1.7.2p5-1) unstable; urgency=low
76 * new upstream release, closes a bug filed upstream regarding missing man
77 page processing scripts in the 1.7.2p1 tarball, also includes the fix
78 for CVE-2010-0426 previously the subject of a security team nmu
79 * move to source format 3.0 (quilt) and restructure changes as patches
80 * fix unprocessed substitution variables in man pages, closes: #557204
81 * apply patch from Neil Moore to fix Debian-specific content in the
82 visudo man page, closes: #555013
83 * update descriptions to better explain sudo-ldap, closes: #573108
84 * eliminate spurious 'and' in man page, closes: #571620
85 * fix confusing text in default sudoers, closes: #566607
87 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
89 sudo (1.7.2p1-1) unstable; urgency=low
91 * new upstream version
92 * add support for /etc/sudoers.d using #includedir in default sudoers,
93 which I think is also a good solution to the request for a crontab-like
94 API requested in March of 2001, closes: #539994, #271813, #89743
95 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
97 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
99 sudo (1.7.2-2) unstable; urgency=low
101 * further improve initial sudoers to not include the NOPASSWD option on
102 the group sudo exception, closes: #539136, #198991
104 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
106 sudo (1.7.2-1) unstable; urgency=low
108 * new upstream version, closes: #537103
109 * improve initial sudoers by having the exemption for users in group
110 sudo on by default, and including the ability to run any command as
111 any user. This makes the default install roughly equivalent to our
112 old use of the --with-exempt=sudo build option, closes: #536220, #536222
114 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
116 sudo (1.7.0-1) unstable; urgency=low
118 * new upstream version, closes: #510179, #128268, #520274, #508514
119 * fix ldap config file path for sudo-ldap package, including creating
120 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
121 package, closes: #430826
122 * fix NOPASSWD entry location in default config file for the sudo-ldap
123 instance too, closes: #479616
125 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
127 sudo (1.6.9p17-2) unstable; urgency=high
129 * patch from upstream to fix privilege escalation with certain
130 configurations, CVE-2009-0034
131 * typo in sudoers man page, closes: #507163
133 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
135 sudo (1.6.9p17-1) unstable; urgency=low
137 * new upstream version, closes: #481008
138 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
139 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
140 in move from CVS to git for package management, closes: #475821
141 * re-instate the init.d for the sudo-ldap package too... /o\
143 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
145 sudo (1.6.9p15-2) unstable; urgency=low
147 * revert the fix for 388659 such that visudo once again defaults to using
148 /usr/bin/editor. I was always ambivalent about this change, it has caused
149 more confusion and frustration than it cured, and I find Justin's line of
150 reasoning persuasive. Update the man page source to reflect this choice
151 and the related use of --with-env-editor. Closes: #474197.
152 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
154 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
156 sudo (1.6.9p15-1) unstable; urgency=low
158 * new upstream version, closes: #467126, #473337
159 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
160 thanks to Justin Pryzby for pointing this out
161 * reinstate the init.d, since bootclean doesn't quite do what we want. This
162 also means we don't need the preinst scripts any more. Update the lintian
163 overrides since postinst is a Perl script lintian apparently isn't parsing
164 well. closes: #330868
166 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
168 sudo (1.6.9p12-1) unstable; urgency=low
170 * new upstream version, closes: #464890
172 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
174 sudo (1.6.9p11-3) unstable; urgency=low
176 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
178 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
180 sudo (1.6.9p11-2) unstable; urgency=low
182 * update version compared in preinst when removing obsolete init.d,
184 * implement pam session config suggestions from Elizabeth Fong,
185 closes: #452457, #402329
187 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
189 sudo (1.6.9p11-1) unstable; urgency=low
191 * new upstream version
193 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
195 sudo (1.6.9p10-1) unstable; urgency=low
197 * new upstream version
198 * tweak default password prompt as %u doesn't make sense. Accept patch from
199 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
200 uses it by default, closes: #454409
201 * accept patch from Martin Pitt that adds a prerm making it difficult to
202 "accidentally" remove sudo when there is no root password set on the
203 system, closes: #451241
205 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
207 sudo (1.6.9p9-1) unstable; urgency=low
209 * new upstream version
210 * debian/rules: configure a more informative default password prompt to
211 reduce confusion when using sudo to invoke commands which also ask for
212 passwords, closes: #343268
213 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
214 a custom prompt, closes: #448628.
215 * fix configure's ability to discover that libc has dirfd, closes: #451324
216 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
217 the command 'visudo' invokes a vi variant by default as documented,
220 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
222 sudo (1.6.9p6-1) unstable; urgency=low
224 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
225 closes: #434832, #434608, #430382
226 * eliminate the now-redundant init.d scripts, closes: #397090
227 * fix typo in TROUBLESHOOTING file, closes: #439624
229 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
231 sudo (1.6.8p12-6) unstable; urgency=low
233 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
234 * have init.d touch directories in /var/run/sudo, not just files, as a
236 * fix various typos in sudoers.pod, closes: #419749
237 * don't let Makefile strip binaries, closes: #438073
239 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
241 sudo (1.6.8p12-5) unstable; urgency=low
243 * update debian/copyright to reflect new upstream URL, closes: #368746
244 * add sandwich cartoon URL to the README.Debian
245 * don't remove sudoers on purge. can cause problems when moving between
246 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
247 evil choice for now, closes: #401366
248 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
250 * accept patch that improves debian/rules from Ted Percival, closes: #382122
251 * no longer build with --with-exempt=sudo, provide an example entry in the
252 default sudoers file instead, closes: #296605
253 * add --with-devel to configure and augment build dependencies so that flex
254 and yacc files get re-generated on every build, closes: #316249
256 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
258 sudo (1.6.8p12-4) unstable; urgency=low
260 * patch from Petter Reinholdtsen for the LSB info block in the init.d
261 script, closes: #361055
262 * deliver sudoers sample again, closes: #361593
264 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
266 sudo (1.6.8p12-3) unstable; urgency=low
268 * force-feed configure knowledge of nroff's path so we get unformatted man
269 pages installed without build-depending on groff-base, closes: #360894
270 * add a reference to OPTIONS in the man page, closes: #186226
272 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
274 sudo (1.6.8p12-2) unstable; urgency=low
276 * fix typos in init scripts, closes: #346325
277 * update to debhelper compat level 5
278 * build depend on autotools-dev to ensure config.sub/guess are fresh
279 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
280 use it here as well. Thanks to Martin and the debian-security team.
281 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
282 closes: #315115, #315718, #203874
283 * Non-maintainer upload by the Security Team
284 * Reworked the former patch to limit environment variables from being
285 passed through, set env_reset as default instead [sudo.c, env.c,
286 sudoers.pod, Bug#342948, CVE-2005-4158]
287 * env_reset is now set by default
288 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
289 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
290 (in addition to the SUDO_* variables)
291 * Rebuild sudoers.man.in from the POD file
292 * Added README.Debian
293 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
294 * simplify rules file by using more of Makefile, despite having to override
295 default directories with more arguments to configure, closes: #292833
296 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
297 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
298 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
299 unresolveable (requires adding bison as build dep), closes: #314949
301 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
303 sudo (1.6.8p12-1) unstable; urgency=low
305 * new upstream version, closes: #342948 (CVE-2005-4158)
306 * add env_reset to the sudoers file we create if none already exists,
307 as a further precaution in response to discussion about CVS-2005-4158
308 * split ldap support into a new sudo-ldap package. I was trying to avoid
309 doing this, but the impact of going from 4 to 17 linked shlibs on the
310 autobuilder chroots is sufficient motivation for me.
313 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
315 sudo (1.6.8p9-4) unstable; urgency=low
317 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
318 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
319 timestamps in the init.d script, closes: #330868
320 * add dependency header to init.d script, closes: #332849
322 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
324 sudo (1.6.8p9-3) unstable; urgency=high
326 * update debhelper compatibility level from 2 to 4
327 * add man page symlink for sudoedit
328 * Clean SHELLOPTS and PS4 from the environment before executing programs
329 with sudo permissions [env.c, CAN-2005-2959]
330 * fix typo in manpage pointed out by Moray Allen, closes: #285995
331 * fix paths in sample complex sudoers file, closes: #303542
332 * fix type in sudoers man page, closes: #311244
334 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
336 sudo (1.6.8p9-2) unstable; urgency=high
338 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
341 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
343 sudo (1.6.8p9-1) unstable; urgency=high
345 * new upstream version, fixes a race condition in sudo's pathname
346 validation, which is a security issue (CAN-2005-1993),
347 closes: #315115, #315718
349 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
351 sudo (1.6.8p7-1) unstable; urgency=low
353 * new upstream version, closes: #299585
354 * update lintian overrides to squelch the postinst warning
355 * change sudoedit from a hard to a soft link, closes: #296896
356 * fix regex doc in sudoers man page, closes: #300361
358 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
360 sudo (1.6.8p5-1) unstable; urgency=high
362 * new upstream version
363 * restores ability to use config tuples without a value, which was causing
364 problems on upgrade closes: #283306
365 * deliver sudoedit, closes: #283078
366 * marking urgency high since 283306 is a serious upgrade incompatibility
368 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
370 sudo (1.6.8p3-2) unstable; urgency=high
372 * update pam.d deliverable so ldap works again, closes: #282191
374 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
376 sudo (1.6.8p3-1) unstable; urgency=high
378 * new upstream version, fixes a flaw in sudo's environment sanitizing that
379 could allow a malicious user with permission to run a shell script that
380 utilized the bash shell to run arbitrary commands, closes: #281665
381 * patch the sample sudoers to have the proper path for kill on Debian
382 systems, closes: #263486
383 * patch the sudo manpage to reflect Debian's choice of exempt_group
384 default setting, closes: #236465
385 * patch the sudo manpage to reflect Debian's choice of no timeout on the
386 password prompt, closes: #271194
388 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
390 sudo (1.6.7p5-2) unstable; urgency=low
392 * Jeff Bailey reports that seteuid works on current sparc systems, so we
393 no longer need the "grosshack" stuff in the sudo rules file
394 * add a postrm that removes /etc/sudoers on purge. don't do this with the
395 normal conffile mechanism since it would generate noise on every upgrade,
398 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
400 sudo (1.6.7p5-1) unstable; urgency=low
402 * new upstream version, closes: #190265, #193222, #197244
403 * change from '.' to ':' in postinst chown call, closes: #208369
405 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
407 sudo (1.6.7p3-2) unstable; urgency=low
409 * add --disable-setresuid to configure call since 2.2 kernels don't support
410 setresgid, closes: #189044
411 * cosmetic cleanups to debian/rules as long as I'm there
413 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
415 sudo (1.6.7p3-1) unstable; urgency=low
417 * new upstream version
418 * add overrides to quiet lintian about things it doesn't understand,
419 except the source one that can't be overridden until 129510 is fixed
421 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
423 sudo (1.6.6-3) unstable; urgency=low
425 * add code to rules file to update config.sub/guess, closes: #164501
427 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
429 sudo (1.6.6-2) unstable; urgency=low
431 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
432 configure, and lose the build dependency on mail-transport-agent
433 * incorporate changes from LaMont's NMU, closes: #144665, #144737
434 * update init.d to not try and set time on nonexistent timestamp files,
436 * build with --with-all-insults, admin must edit sudoers to turn insults
437 on at runtime if desired, closes: #135374
438 * stop setting /usr/doc symlink in postinst
440 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
442 sudo (1.6.6-1.1) unstable; urgency=high
444 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
445 * Revert patch to auth/pam.c that left pass uninitialized, causing a
446 segfault (Closes: #144665).
448 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
450 sudo (1.6.6-1) unstable; urgency=high
452 * new upstream version, fixes security problem with crafty prompts,
455 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
457 sudo (1.6.5p1-4) unstable; urgency=high
459 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
460 if ctrl/C'ed at password prompt, closes: #131235
462 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
464 sudo (1.6.5p1-3) unstable; urgency=high
466 * ugly hack to add --disable-saved-ids when building on sparc in response
467 to 131592, which will be reassigned to glibc for a real fix
468 * urgency high since the sudo currently in testing for sparc is worthless
470 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
472 sudo (1.6.5p1-2) unstable; urgency=high
474 * patch from upstream to fix seg faults caused by versions of pam that
475 follow a NULL pointer, closes: #129512
477 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
479 sudo (1.6.5p1-1) unstable; urgency=high
481 * new upstream version
482 * add --disable-root-mailer option supported by new version to configure
483 call in rules file, closes: #129648
485 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
487 sudo (1.6.4p1-1) unstable; urgency=high
489 * new upstream version, with fix for segfaulting problem in 1.6.4
491 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
493 sudo (1.6.4-1) unstable; urgency=high
495 * new upstream version, includes an important security fix, closes: #127576
497 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
499 sudo (1.6.3p7-5) unstable; urgency=low
501 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
502 * fix spelling error in init.d, closes: #126847
504 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
506 sudo (1.6.3p7-4) unstable; urgency=medium
508 * use touch to set status files to an ancient date instead of removing them
509 outright on reboot. this achieves the desired effect of keeping elevated
510 privs from living across reboots, without forcing everyone to see the
511 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
512 for systems with good clocks, and 'recent enough' that broken PC hardware
513 setting the clock to commonly-seen bogus dates trips over the "don't trust
514 future timestamps" rule. closes: #76529, #123559
515 * apply patch from Steve Langasek to fix seg faults due to interaction with
516 PAM code. upstream confirms the problem, and says they're fixing this
517 differently for their next release... but this should be useful in the
518 meantime, and would be good to get into woody. closes: #119147
519 * only run the init.d at boot, not on each runlevel change... and don't run
520 it during package configure. closes: #125935
521 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
523 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
525 sudo (1.6.3p7-3) unstable; urgency=low
527 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
528 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
529 * fix a typo in the manpage, closes: #97368
530 * apply patch to configure.in and run autoconf to fix problem building on
531 the hurd, closes: #96325
532 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
533 to not last across reboots, closes: #76529
534 * clean up lintian-noticed cosmetic packaging issues
536 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
538 sudo (1.6.3p7-2) unstable; urgency=low
540 * update config.sub/guess for hppa support
542 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
544 sudo (1.6.3p7-1) unstable; urgency=low
546 * new upstream version
547 * add build dependency on mail-transport-agent, closes: #90685
549 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
551 sudo (1.6.3p6-1) unstable; urgency=high
553 * new upstream version, fixes buffer overflow problem,
554 closes: #87259, #87278, #87263
555 * revert to using --with-secure-path option at build time, since the option
556 available in sudoers is parsed too late to be useful, and upstream says
557 it won't get fixed quickly. This reopens 85123, which I will mark as
558 forwarded. Closes: #86199, #86117, #85676
560 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
562 sudo (1.6.3p5-2) unstable; urgency=low
564 * lose the dh_suidregister call since it's obsolete
565 * stop using the --with-secure-path option at build time, and instead show
566 how to set it in sudoers. Closes: #85123
567 * freshen config.sub and config.guess for ia64 and hppa
568 * update sudoers man page to indicate exempt_group is on by default,
571 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
573 sudo (1.6.3p5-1) unstable; urgency=low
575 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
576 * this version restores core dumps before the exec, while leaving them
577 disabled during sudo's internal execution, closes: #58289
578 * update debhelper calls in rules file
580 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
582 sudo (1.6.2p2-1) frozen unstable; urgency=medium
584 * new upstream source resulting from direct collaboration with the upstream
585 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
586 Closes: #56129, #55978, #55979, #56550, #56772
587 * include more upstream documentation, closes: #55054
588 * pam.d fragment update, closes: #56129
590 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
592 sudo (1.6.1-1) unstable; urgency=low
594 * new upstream source, closes: #52750
596 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
598 sudo (1.6-2) unstable; urgency=low
600 * drop suidregister support for this package. The sudo executable is
601 essentially worthless unless it is setuid root, and making suidregister
602 work involves shipping a non-setuid executable in the .deb and setting the
603 perms in the postinst. On a long upgrade run, this can leave the sudo
604 executable 'broken' for a long time, which is unacceptable. With this
605 version, we ship the executable setuid root in the .deb. Closes: #51742
607 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
609 sudo (1.6-1) unstable; urgency=low
611 * new upstream version, many options previously set at compile-time are now
612 configurable at runtime.
613 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
616 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
618 sudo (1.5.9p4-1) unstable; urgency=low
620 * new upstream version, closes: #43464
621 * empty password handling was fixed in 1.5.8, closes: #31863
623 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
625 sudo (1.5.9p1-1) unstable; urgency=low
627 * new upstream version
629 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
631 sudo (1.5.8p1-1) unstable; urgency=medium
633 * new upstream version, closes 33690
634 * add dependency on libpam-modules, closes 34215, 33432
636 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
638 sudo (1.5.7p4-2) unstable; urgency=medium
640 * update the pam fragment provided so that sudo works with latest pam bits,
643 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
645 sudo (1.5.7p4-1) unstable; urgency=low
647 * new upstream release
649 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
651 sudo (1.5.6p5-1) unstable; urgency=low
653 * new upstream patch release
654 * add PAM support, closes 28594
656 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
658 sudo (1.5.6p2-2) unstable; urgency=low
660 * update copyright file, closes 24136
661 * review and close forwarded bugs believed fixed in this upstream version,
664 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
666 sudo (1.5.6p2-1) unstable; urgency=low
668 * new upstream release
670 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
672 sudo (1.5.4-4) frozen unstable; urgency=low
674 * update postinst to use groupadd, closes 21403
675 * move the suidregister stuff earlier in postinst to ensure it always runs
677 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
679 sudo (1.5.4-3) frozen unstable; urgency=low
681 * change /etc/sudoers from a conffile to being handled in postinst,
683 * add suidmanager support, closes 15711
684 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
685 unlikely to ever fix, and which just don't matter. closes 17146
686 * fix FSF address in copyright file, and submit exception for lintian
687 warning about sudo being setuid root
689 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
691 sudo (1.5.4-2) unstable; urgency=high
693 * patch from upstream author correcting/improving security fix
695 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
697 sudo (1.5.4-1) unstable; urgency=high
699 * new upstream version, includes a security fix
700 * change default editor from /bin/ae to /usr/bin/editor
702 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
704 sudo (1.5.3-1) unstable; urgency=medium
706 * new upstream version, closes bug 15911.
707 * rules file reworked to use debhelper
708 * implement a really gross hack to force use of the sudo-provided
709 lsearch(), since the one in libc6 is broken! This closes bugs
710 12552, 12557, 14881, 15259, 15916.
712 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
714 sudo (1.5.2-6) unstable; urgency=LOW
716 * don't install INSTALL in the doc directory, closes bug 13195.
718 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
720 sudo (1.5.2-5) unstable; urgency=LOW
724 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
726 sudo (1.5.2-4) unstable; urgency=LOW
728 * change TIMEOUT (how long before you have to type your password again)
729 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
730 packages on slower machines much more tolerable. Closes bug 9076.
731 * touch debian/suid before debstd. Closes bug 8709.
733 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
735 sudo (1.5.2-3) frozen unstable; urgency=LOW
737 * patch from upstream maintainer to close Bug 6828
738 * add a debian/suid file to get debstd to leave my perl postinst alone
740 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
742 sudo (1.5.2-2) frozen unstable; urgency=LOW
744 * change rules to use -O2 -Wall as per standards
746 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
748 sudo (1.5.2-1) unstable; urgency=LOW
750 * new upstream version
751 * cosmetic changes to debian package control files
753 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
755 sudo (1.5-2) unstable; urgency=LOW
757 * add /usr/X11R6/bin to the end of the secure path... this makes it
758 much easier to run xmkmf, etc., during package builds. To the extent
759 that /usr/local/sbin and /usr/local/bin were already included, I see
760 no security reasons not to add this.
762 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
764 sudo (1.5-1) unstable; urgency=LOW
766 * New upstream version
768 * New packaging format
770 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
772 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
776 * hard code SECURE_PATH to:
777 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
781 * enabled EXEMPTGROUP "sudo"
783 * moved timestamp dir to /var/log/sudo
785 * changed parser to check for long and short filenames (Bug#1162)
787 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
791 * New upstream source
793 * Fixed postinst script
794 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
796 * Removed special shadow binary. This version works with and without
797 shadow password file.
799 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
803 * Corrected editor path to /bin/ae (Bug#3062)
805 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
807 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
811 * New upstream version
813 * Changed sudoers permission to 440 (owner root, group root) to make
816 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
820 * Applied upstream patch 1
822 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
826 * Applied upstream patch 2
828 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
832 * Applied upstream patch 3 (fixes problems with an NFS-mounted
836 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
840 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
841 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
843 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
847 * Applied upstream patch 4 (fixes several bugs)
849 * Changed priority to optional
851 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
855 * Corrected postinst to create correct permission for /etc/sudoers
858 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
862 * New upstream version
865 sudo (1.4.4-2) admin; urgency=HIGH
867 * Fixed major security bug reported by Peter Tobias
868 <tobias@et-inf.fho-emden.de>
869 * Added dchanges support to debian.rules
871 sudo (1.4.5-1) admin; urgency=LOW
873 * New upstream version
874 * Minor changes to debian.rules