1 sudo (1.8.5-1) UNRELEASED; urgency=low
4 * patch to use flock on hurd, run autoconf in rules, closes: #655883
5 * patch to actually use hardening build flags, closes: #655417
6 * fix sudo-ldap.postinst syntax issue, closes: #669576
8 -- Bdale Garbee <bdale@gag.com> Wed, 16 May 2012 09:28:00 -0600
10 sudo (1.8.3p2-1) unstable; urgency=high
12 * new upstream version, closes: #657985 (CVE-2012-0809)
13 * patch from Pino Toscano to only use selinux on Linux, closes: #655894
15 -- Bdale Garbee <bdale@gag.com> Mon, 30 Jan 2012 16:11:54 -0700
17 sudo (1.8.3p1-3) unstable; urgency=low
19 * patch from Moritz Muehlenhoff enables hardened build flags, closes: #655417
20 * replacement postinst script from Mike Beattie using shell instead of Perl
21 * include systemd service file from Michael Stapelberg, closes: #639633
22 * add init.d status support, closes: #641782
23 * make sudo-ldap package manage a sudoers entry in nsswitch.conf,
24 closes: #610600, #639530
25 * enable mail_badpass in the default sudoers file, closes: #641218
26 * enable selinux support, closes: #655510
28 -- Bdale Garbee <bdale@gag.com> Wed, 11 Jan 2012 16:18:13 -0700
30 sudo (1.8.3p1-2) unstable; urgency=low
32 * if upgrading from squeeze, and the sudoers file is unmodified, avoid
33 the packaging system prompting the user about a change they didn't make
34 now that sudoers is a conffile, closes: #612532, #636049
35 * add a recommendation for the use of visudo to the sudoers.d/README file,
38 -- Bdale Garbee <bdale@gag.com> Sat, 12 Nov 2011 16:27:13 -0700
40 sudo (1.8.3p1-1) unstable; urgency=low
42 * new upstream version, closes: #646478
44 -- Bdale Garbee <bdale@gag.com> Thu, 27 Oct 2011 01:03:44 +0200
46 sudo (1.8.3-1) unstable; urgency=low
48 * new upstream version, closes: #639391, #639568
50 -- Bdale Garbee <bdale@gag.com> Sat, 22 Oct 2011 23:49:16 -0600
52 sudo (1.8.2-2) unstable; urgency=low
55 * debian/rules improvements, closes: #642535
56 + mv upstream sample.* files to the examples folder.
57 - do not call dh_installexamples.
60 * patch from upstream for SIGBUS on sparc64, closes: #640304
61 * use common-session-noninteractive in the pam config to reduce log noise
62 when sudo is used in cron, etc, closes: #519700
63 * patch from Steven McDonald to fix segfault on startup under certain
64 conditions, closes: #639568
65 * add a NEWS entry regarding the secure_path change made in 1.8.2-1,
68 -- Bdale Garbee <bdale@gag.com> Mon, 26 Sep 2011 21:55:56 -0600
70 sudo (1.8.2-1) unstable; urgency=low
72 * new upstream version, closes: #637449, #621830
73 * include common-session in pam config, closes: #519700, #607199
74 * move secure_path from configure to default sudoers, closes: #85123, 85917
75 * improve sudoers self-documentation, closes: #613639
76 * drop --disable-setresuid since modern systems should not run 2.2 kernels
77 * lose the --with-devel configure option since it's breaking builds in
78 subdirectories for some reason
80 -- Bdale Garbee <bdale@gag.com> Wed, 24 Aug 2011 13:33:11 -0600
82 sudo (1.7.4p6-1) unstable; urgency=low
84 * new upstream version
85 * touch the right stamp name after configuring, closes: #611287
86 * patch from Svante Signell to fix build problem on Hurd, closes: #611290
88 -- Bdale Garbee <bdale@gag.com> Wed, 09 Feb 2011 11:32:58 -0700
90 sudo (1.7.4p4-6) unstable; urgency=low
92 * update /etc/sudoers.d/README now that sudoers is a conffile
93 * patch from upstream to fix special case in password checking code
94 when only the gid is changing, closes: #609641
96 -- Bdale Garbee <bdale@gag.com> Tue, 11 Jan 2011 10:22:39 -0700
98 sudo (1.7.4p4-5) unstable; urgency=low
100 * patch from Jakub Wilk to add noopt and nostrip build option support,
102 * make sudoers a conffile, closes: #605130
103 * add descriptions to LSB init headers, closes: #604619
104 * change default sudoers %sudo entry to allow gid changes, closes: #602699
105 * add Vcs entries to the control file
106 * use debhelper install files instead of explicit installs in rules
108 -- Bdale Garbee <bdale@gag.com> Wed, 01 Dec 2010 20:32:31 -0700
110 sudo (1.7.4p4-4) unstable; urgency=low
112 * patch from upstream to resolve problem always prompting for a password
113 when run without a tty, closes: #599376
114 * patch from upstream to resolve interoperability problem between HOME in
115 env_keep and the -H flag, closes: #596493
116 * change path syntax to avoid tar error when /var/run/sudo exists but is
117 empty, closes: #598877
119 -- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600
121 sudo (1.7.4p4-3) unstable; urgency=low
123 * make postinst clause for handling /var/run -> /var/lib transition less
124 fragile, closes: #585514
125 * cope with upstream's Makefile trying to install ChangeLog in our doc
126 directory, closes: #597389
127 * fix README.Debian to reflect that HOME is no longer preserved by default,
130 -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
132 sudo (1.7.4p4-2) unstable; urgency=low
134 * add a NEWS item about change in $HOME handling that impacts programs
137 -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
139 sudo (1.7.4p4-1) unstable; urgency=high
141 * new upstream version, urgency high due to fix for flaw in Runas group
142 matching (CVE-2010-2956), closes: #595935
143 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
144 re-lecturing existing users, and to clean up after ourselves on upgrade,
145 and remove the RAMRUN section from README.Debian since the new state dir
146 should fix the original problem, closes: #585514
147 * deliver README.Debian to both package flavors, closes: #593579
149 -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600
151 sudo (1.7.2p7-1) unstable; urgency=high
153 * new upstream release with security fix for secure path (CVE-2010-1646),
155 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
156 about whether to give the lecture is preserved across reboots even when
157 RAMRUN is set, closes: #581393
158 * add a note to README.Debian about LDAP needing an entry in
159 /etc/nsswitch.conf, closes: #522065
160 * add a note to README.Debian about how to turn off lectures if using
161 RAMRUN in /etc/default/rcS, closes: #581393
163 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
165 sudo (1.7.2p6-1) unstable; urgency=low
167 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
169 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
171 sudo (1.7.2p5-1) unstable; urgency=low
173 * new upstream release, closes a bug filed upstream regarding missing man
174 page processing scripts in the 1.7.2p1 tarball, also includes the fix
175 for CVE-2010-0426 previously the subject of a security team nmu
176 * move to source format 3.0 (quilt) and restructure changes as patches
177 * fix unprocessed substitution variables in man pages, closes: #557204
178 * apply patch from Neil Moore to fix Debian-specific content in the
179 visudo man page, closes: #555013
180 * update descriptions to better explain sudo-ldap, closes: #573108
181 * eliminate spurious 'and' in man page, closes: #571620
182 * fix confusing text in default sudoers, closes: #566607
184 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
186 sudo (1.7.2p1-1) unstable; urgency=low
188 * new upstream version
189 * add support for /etc/sudoers.d using #includedir in default sudoers,
190 which I think is also a good solution to the request for a crontab-like
191 API requested in March of 2001, closes: #539994, #271813, #89743
192 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
194 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
196 sudo (1.7.2-2) unstable; urgency=low
198 * further improve initial sudoers to not include the NOPASSWD option on
199 the group sudo exception, closes: #539136, #198991
201 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
203 sudo (1.7.2-1) unstable; urgency=low
205 * new upstream version, closes: #537103
206 * improve initial sudoers by having the exemption for users in group
207 sudo on by default, and including the ability to run any command as
208 any user. This makes the default install roughly equivalent to our
209 old use of the --with-exempt=sudo build option, closes: #536220, #536222
211 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
213 sudo (1.7.0-1) unstable; urgency=low
215 * new upstream version, closes: #510179, #128268, #520274, #508514
216 * fix ldap config file path for sudo-ldap package, including creating
217 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
218 package, closes: #430826
219 * fix NOPASSWD entry location in default config file for the sudo-ldap
220 instance too, closes: #479616
222 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
224 sudo (1.6.9p17-2) unstable; urgency=high
226 * patch from upstream to fix privilege escalation with certain
227 configurations, CVE-2009-0034
228 * typo in sudoers man page, closes: #507163
230 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
232 sudo (1.6.9p17-1) unstable; urgency=low
234 * new upstream version, closes: #481008
235 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
236 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
237 in move from CVS to git for package management, closes: #475821
238 * re-instate the init.d for the sudo-ldap package too... /o\
240 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
242 sudo (1.6.9p15-2) unstable; urgency=low
244 * revert the fix for 388659 such that visudo once again defaults to using
245 /usr/bin/editor. I was always ambivalent about this change, it has caused
246 more confusion and frustration than it cured, and I find Justin's line of
247 reasoning persuasive. Update the man page source to reflect this choice
248 and the related use of --with-env-editor. Closes: #474197.
249 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
251 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
253 sudo (1.6.9p15-1) unstable; urgency=low
255 * new upstream version, closes: #467126, #473337
256 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
257 thanks to Justin Pryzby for pointing this out
258 * reinstate the init.d, since bootclean doesn't quite do what we want. This
259 also means we don't need the preinst scripts any more. Update the lintian
260 overrides since postinst is a Perl script lintian apparently isn't parsing
261 well. closes: #330868
263 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
265 sudo (1.6.9p12-1) unstable; urgency=low
267 * new upstream version, closes: #464890
269 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
271 sudo (1.6.9p11-3) unstable; urgency=low
273 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
275 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
277 sudo (1.6.9p11-2) unstable; urgency=low
279 * update version compared in preinst when removing obsolete init.d,
281 * implement pam session config suggestions from Elizabeth Fong,
282 closes: #452457, #402329
284 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
286 sudo (1.6.9p11-1) unstable; urgency=low
288 * new upstream version
290 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
292 sudo (1.6.9p10-1) unstable; urgency=low
294 * new upstream version
295 * tweak default password prompt as %u doesn't make sense. Accept patch from
296 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
297 uses it by default, closes: #454409
298 * accept patch from Martin Pitt that adds a prerm making it difficult to
299 "accidentally" remove sudo when there is no root password set on the
300 system, closes: #451241
302 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
304 sudo (1.6.9p9-1) unstable; urgency=low
306 * new upstream version
307 * debian/rules: configure a more informative default password prompt to
308 reduce confusion when using sudo to invoke commands which also ask for
309 passwords, closes: #343268
310 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
311 a custom prompt, closes: #448628.
312 * fix configure's ability to discover that libc has dirfd, closes: #451324
313 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
314 the command 'visudo' invokes a vi variant by default as documented,
317 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
319 sudo (1.6.9p6-1) unstable; urgency=low
321 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
322 closes: #434832, #434608, #430382
323 * eliminate the now-redundant init.d scripts, closes: #397090
324 * fix typo in TROUBLESHOOTING file, closes: #439624
326 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
328 sudo (1.6.8p12-6) unstable; urgency=low
330 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
331 * have init.d touch directories in /var/run/sudo, not just files, as a
333 * fix various typos in sudoers.pod, closes: #419749
334 * don't let Makefile strip binaries, closes: #438073
336 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
338 sudo (1.6.8p12-5) unstable; urgency=low
340 * update debian/copyright to reflect new upstream URL, closes: #368746
341 * add sandwich cartoon URL to the README.Debian
342 * don't remove sudoers on purge. can cause problems when moving between
343 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
344 evil choice for now, closes: #401366
345 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
347 * accept patch that improves debian/rules from Ted Percival, closes: #382122
348 * no longer build with --with-exempt=sudo, provide an example entry in the
349 default sudoers file instead, closes: #296605
350 * add --with-devel to configure and augment build dependencies so that flex
351 and yacc files get re-generated on every build, closes: #316249
353 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
355 sudo (1.6.8p12-4) unstable; urgency=low
357 * patch from Petter Reinholdtsen for the LSB info block in the init.d
358 script, closes: #361055
359 * deliver sudoers sample again, closes: #361593
361 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
363 sudo (1.6.8p12-3) unstable; urgency=low
365 * force-feed configure knowledge of nroff's path so we get unformatted man
366 pages installed without build-depending on groff-base, closes: #360894
367 * add a reference to OPTIONS in the man page, closes: #186226
369 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
371 sudo (1.6.8p12-2) unstable; urgency=low
373 * fix typos in init scripts, closes: #346325
374 * update to debhelper compat level 5
375 * build depend on autotools-dev to ensure config.sub/guess are fresh
376 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
377 use it here as well. Thanks to Martin and the debian-security team.
378 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
379 closes: #315115, #315718, #203874
380 * Non-maintainer upload by the Security Team
381 * Reworked the former patch to limit environment variables from being
382 passed through, set env_reset as default instead [sudo.c, env.c,
383 sudoers.pod, Bug#342948, CVE-2005-4158]
384 * env_reset is now set by default
385 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
386 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
387 (in addition to the SUDO_* variables)
388 * Rebuild sudoers.man.in from the POD file
389 * Added README.Debian
390 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
391 * simplify rules file by using more of Makefile, despite having to override
392 default directories with more arguments to configure, closes: #292833
393 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
394 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
395 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
396 unresolveable (requires adding bison as build dep), closes: #314949
398 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
400 sudo (1.6.8p12-1) unstable; urgency=low
402 * new upstream version, closes: #342948 (CVE-2005-4158)
403 * add env_reset to the sudoers file we create if none already exists,
404 as a further precaution in response to discussion about CVS-2005-4158
405 * split ldap support into a new sudo-ldap package. I was trying to avoid
406 doing this, but the impact of going from 4 to 17 linked shlibs on the
407 autobuilder chroots is sufficient motivation for me.
410 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
412 sudo (1.6.8p9-4) unstable; urgency=low
414 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
415 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
416 timestamps in the init.d script, closes: #330868
417 * add dependency header to init.d script, closes: #332849
419 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
421 sudo (1.6.8p9-3) unstable; urgency=high
423 * update debhelper compatibility level from 2 to 4
424 * add man page symlink for sudoedit
425 * Clean SHELLOPTS and PS4 from the environment before executing programs
426 with sudo permissions [env.c, CAN-2005-2959]
427 * fix typo in manpage pointed out by Moray Allen, closes: #285995
428 * fix paths in sample complex sudoers file, closes: #303542
429 * fix type in sudoers man page, closes: #311244
431 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
433 sudo (1.6.8p9-2) unstable; urgency=high
435 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
438 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
440 sudo (1.6.8p9-1) unstable; urgency=high
442 * new upstream version, fixes a race condition in sudo's pathname
443 validation, which is a security issue (CAN-2005-1993),
444 closes: #315115, #315718
446 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
448 sudo (1.6.8p7-1) unstable; urgency=low
450 * new upstream version, closes: #299585
451 * update lintian overrides to squelch the postinst warning
452 * change sudoedit from a hard to a soft link, closes: #296896
453 * fix regex doc in sudoers man page, closes: #300361
455 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
457 sudo (1.6.8p5-1) unstable; urgency=high
459 * new upstream version
460 * restores ability to use config tuples without a value, which was causing
461 problems on upgrade closes: #283306
462 * deliver sudoedit, closes: #283078
463 * marking urgency high since 283306 is a serious upgrade incompatibility
465 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
467 sudo (1.6.8p3-2) unstable; urgency=high
469 * update pam.d deliverable so ldap works again, closes: #282191
471 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
473 sudo (1.6.8p3-1) unstable; urgency=high
475 * new upstream version, fixes a flaw in sudo's environment sanitizing that
476 could allow a malicious user with permission to run a shell script that
477 utilized the bash shell to run arbitrary commands, closes: #281665
478 * patch the sample sudoers to have the proper path for kill on Debian
479 systems, closes: #263486
480 * patch the sudo manpage to reflect Debian's choice of exempt_group
481 default setting, closes: #236465
482 * patch the sudo manpage to reflect Debian's choice of no timeout on the
483 password prompt, closes: #271194
485 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
487 sudo (1.6.7p5-2) unstable; urgency=low
489 * Jeff Bailey reports that seteuid works on current sparc systems, so we
490 no longer need the "grosshack" stuff in the sudo rules file
491 * add a postrm that removes /etc/sudoers on purge. don't do this with the
492 normal conffile mechanism since it would generate noise on every upgrade,
495 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
497 sudo (1.6.7p5-1) unstable; urgency=low
499 * new upstream version, closes: #190265, #193222, #197244
500 * change from '.' to ':' in postinst chown call, closes: #208369
502 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
504 sudo (1.6.7p3-2) unstable; urgency=low
506 * add --disable-setresuid to configure call since 2.2 kernels don't support
507 setresgid, closes: #189044
508 * cosmetic cleanups to debian/rules as long as I'm there
510 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
512 sudo (1.6.7p3-1) unstable; urgency=low
514 * new upstream version
515 * add overrides to quiet lintian about things it doesn't understand,
516 except the source one that can't be overridden until 129510 is fixed
518 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
520 sudo (1.6.6-3) unstable; urgency=low
522 * add code to rules file to update config.sub/guess, closes: #164501
524 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
526 sudo (1.6.6-2) unstable; urgency=low
528 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
529 configure, and lose the build dependency on mail-transport-agent
530 * incorporate changes from LaMont's NMU, closes: #144665, #144737
531 * update init.d to not try and set time on nonexistent timestamp files,
533 * build with --with-all-insults, admin must edit sudoers to turn insults
534 on at runtime if desired, closes: #135374
535 * stop setting /usr/doc symlink in postinst
537 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
539 sudo (1.6.6-1.1) unstable; urgency=high
541 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
542 * Revert patch to auth/pam.c that left pass uninitialized, causing a
543 segfault (Closes: #144665).
545 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
547 sudo (1.6.6-1) unstable; urgency=high
549 * new upstream version, fixes security problem with crafty prompts,
552 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
554 sudo (1.6.5p1-4) unstable; urgency=high
556 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
557 if ctrl/C'ed at password prompt, closes: #131235
559 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
561 sudo (1.6.5p1-3) unstable; urgency=high
563 * ugly hack to add --disable-saved-ids when building on sparc in response
564 to 131592, which will be reassigned to glibc for a real fix
565 * urgency high since the sudo currently in testing for sparc is worthless
567 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
569 sudo (1.6.5p1-2) unstable; urgency=high
571 * patch from upstream to fix seg faults caused by versions of pam that
572 follow a NULL pointer, closes: #129512
574 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
576 sudo (1.6.5p1-1) unstable; urgency=high
578 * new upstream version
579 * add --disable-root-mailer option supported by new version to configure
580 call in rules file, closes: #129648
582 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
584 sudo (1.6.4p1-1) unstable; urgency=high
586 * new upstream version, with fix for segfaulting problem in 1.6.4
588 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
590 sudo (1.6.4-1) unstable; urgency=high
592 * new upstream version, includes an important security fix, closes: #127576
594 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
596 sudo (1.6.3p7-5) unstable; urgency=low
598 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
599 * fix spelling error in init.d, closes: #126847
601 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
603 sudo (1.6.3p7-4) unstable; urgency=medium
605 * use touch to set status files to an ancient date instead of removing them
606 outright on reboot. this achieves the desired effect of keeping elevated
607 privs from living across reboots, without forcing everyone to see the
608 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
609 for systems with good clocks, and 'recent enough' that broken PC hardware
610 setting the clock to commonly-seen bogus dates trips over the "don't trust
611 future timestamps" rule. closes: #76529, #123559
612 * apply patch from Steve Langasek to fix seg faults due to interaction with
613 PAM code. upstream confirms the problem, and says they're fixing this
614 differently for their next release... but this should be useful in the
615 meantime, and would be good to get into woody. closes: #119147
616 * only run the init.d at boot, not on each runlevel change... and don't run
617 it during package configure. closes: #125935
618 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
620 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
622 sudo (1.6.3p7-3) unstable; urgency=low
624 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
625 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
626 * fix a typo in the manpage, closes: #97368
627 * apply patch to configure.in and run autoconf to fix problem building on
628 the hurd, closes: #96325
629 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
630 to not last across reboots, closes: #76529
631 * clean up lintian-noticed cosmetic packaging issues
633 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
635 sudo (1.6.3p7-2) unstable; urgency=low
637 * update config.sub/guess for hppa support
639 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
641 sudo (1.6.3p7-1) unstable; urgency=low
643 * new upstream version
644 * add build dependency on mail-transport-agent, closes: #90685
646 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
648 sudo (1.6.3p6-1) unstable; urgency=high
650 * new upstream version, fixes buffer overflow problem,
651 closes: #87259, #87278, #87263
652 * revert to using --with-secure-path option at build time, since the option
653 available in sudoers is parsed too late to be useful, and upstream says
654 it won't get fixed quickly. This reopens 85123, which I will mark as
655 forwarded. Closes: #86199, #86117, #85676
657 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
659 sudo (1.6.3p5-2) unstable; urgency=low
661 * lose the dh_suidregister call since it's obsolete
662 * stop using the --with-secure-path option at build time, and instead show
663 how to set it in sudoers. Closes: #85123
664 * freshen config.sub and config.guess for ia64 and hppa
665 * update sudoers man page to indicate exempt_group is on by default,
668 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
670 sudo (1.6.3p5-1) unstable; urgency=low
672 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
673 * this version restores core dumps before the exec, while leaving them
674 disabled during sudo's internal execution, closes: #58289
675 * update debhelper calls in rules file
677 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
679 sudo (1.6.2p2-1) frozen unstable; urgency=medium
681 * new upstream source resulting from direct collaboration with the upstream
682 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
683 Closes: #56129, #55978, #55979, #56550, #56772
684 * include more upstream documentation, closes: #55054
685 * pam.d fragment update, closes: #56129
687 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
689 sudo (1.6.1-1) unstable; urgency=low
691 * new upstream source, closes: #52750
693 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
695 sudo (1.6-2) unstable; urgency=low
697 * drop suidregister support for this package. The sudo executable is
698 essentially worthless unless it is setuid root, and making suidregister
699 work involves shipping a non-setuid executable in the .deb and setting the
700 perms in the postinst. On a long upgrade run, this can leave the sudo
701 executable 'broken' for a long time, which is unacceptable. With this
702 version, we ship the executable setuid root in the .deb. Closes: #51742
704 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
706 sudo (1.6-1) unstable; urgency=low
708 * new upstream version, many options previously set at compile-time are now
709 configurable at runtime.
710 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
713 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
715 sudo (1.5.9p4-1) unstable; urgency=low
717 * new upstream version, closes: #43464
718 * empty password handling was fixed in 1.5.8, closes: #31863
720 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
722 sudo (1.5.9p1-1) unstable; urgency=low
724 * new upstream version
726 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
728 sudo (1.5.8p1-1) unstable; urgency=medium
730 * new upstream version, closes 33690
731 * add dependency on libpam-modules, closes 34215, 33432
733 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
735 sudo (1.5.7p4-2) unstable; urgency=medium
737 * update the pam fragment provided so that sudo works with latest pam bits,
740 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
742 sudo (1.5.7p4-1) unstable; urgency=low
744 * new upstream release
746 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
748 sudo (1.5.6p5-1) unstable; urgency=low
750 * new upstream patch release
751 * add PAM support, closes 28594
753 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
755 sudo (1.5.6p2-2) unstable; urgency=low
757 * update copyright file, closes 24136
758 * review and close forwarded bugs believed fixed in this upstream version,
761 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
763 sudo (1.5.6p2-1) unstable; urgency=low
765 * new upstream release
767 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
769 sudo (1.5.4-4) frozen unstable; urgency=low
771 * update postinst to use groupadd, closes 21403
772 * move the suidregister stuff earlier in postinst to ensure it always runs
774 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
776 sudo (1.5.4-3) frozen unstable; urgency=low
778 * change /etc/sudoers from a conffile to being handled in postinst,
780 * add suidmanager support, closes 15711
781 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
782 unlikely to ever fix, and which just don't matter. closes 17146
783 * fix FSF address in copyright file, and submit exception for lintian
784 warning about sudo being setuid root
786 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
788 sudo (1.5.4-2) unstable; urgency=high
790 * patch from upstream author correcting/improving security fix
792 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
794 sudo (1.5.4-1) unstable; urgency=high
796 * new upstream version, includes a security fix
797 * change default editor from /bin/ae to /usr/bin/editor
799 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
801 sudo (1.5.3-1) unstable; urgency=medium
803 * new upstream version, closes bug 15911.
804 * rules file reworked to use debhelper
805 * implement a really gross hack to force use of the sudo-provided
806 lsearch(), since the one in libc6 is broken! This closes bugs
807 12552, 12557, 14881, 15259, 15916.
809 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
811 sudo (1.5.2-6) unstable; urgency=LOW
813 * don't install INSTALL in the doc directory, closes bug 13195.
815 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
817 sudo (1.5.2-5) unstable; urgency=LOW
821 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
823 sudo (1.5.2-4) unstable; urgency=LOW
825 * change TIMEOUT (how long before you have to type your password again)
826 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
827 packages on slower machines much more tolerable. Closes bug 9076.
828 * touch debian/suid before debstd. Closes bug 8709.
830 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
832 sudo (1.5.2-3) frozen unstable; urgency=LOW
834 * patch from upstream maintainer to close Bug 6828
835 * add a debian/suid file to get debstd to leave my perl postinst alone
837 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
839 sudo (1.5.2-2) frozen unstable; urgency=LOW
841 * change rules to use -O2 -Wall as per standards
843 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
845 sudo (1.5.2-1) unstable; urgency=LOW
847 * new upstream version
848 * cosmetic changes to debian package control files
850 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
852 sudo (1.5-2) unstable; urgency=LOW
854 * add /usr/X11R6/bin to the end of the secure path... this makes it
855 much easier to run xmkmf, etc., during package builds. To the extent
856 that /usr/local/sbin and /usr/local/bin were already included, I see
857 no security reasons not to add this.
859 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
861 sudo (1.5-1) unstable; urgency=LOW
863 * New upstream version
865 * New packaging format
867 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
869 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
873 * hard code SECURE_PATH to:
874 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
878 * enabled EXEMPTGROUP "sudo"
880 * moved timestamp dir to /var/log/sudo
882 * changed parser to check for long and short filenames (Bug#1162)
884 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
888 * New upstream source
890 * Fixed postinst script
891 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
893 * Removed special shadow binary. This version works with and without
894 shadow password file.
896 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
900 * Corrected editor path to /bin/ae (Bug#3062)
902 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
904 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
908 * New upstream version
910 * Changed sudoers permission to 440 (owner root, group root) to make
913 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
917 * Applied upstream patch 1
919 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
923 * Applied upstream patch 2
925 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
929 * Applied upstream patch 3 (fixes problems with an NFS-mounted
933 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
937 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
938 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
940 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
944 * Applied upstream patch 4 (fixes several bugs)
946 * Changed priority to optional
948 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
952 * Corrected postinst to create correct permission for /etc/sudoers
955 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
959 * New upstream version
962 sudo (1.4.4-2) admin; urgency=HIGH
964 * Fixed major security bug reported by Peter Tobias
965 <tobias@et-inf.fho-emden.de>
966 * Added dchanges support to debian.rules
968 sudo (1.4.5-1) admin; urgency=LOW
970 * New upstream version
971 * Minor changes to debian.rules