1 sudo (1.7.4p4-1) UNRELEASED; urgency=low
3 * new upstream version, includes fix for flaw in Runas group matching
4 (CVE-2010-2956), closes: #595935
5 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
6 re-lecturing existing users, and to clean up after ourselves on upgrade,
7 and remove the RAMRUN section from README.Debian since the new state dir
8 should fix the original problem, closes: #585514
10 -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 10:11:02 -0600
12 sudo (1.7.2p7-1) unstable; urgency=high
14 * new upstream release with security fix for secure path (CVE-2010-1646),
16 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
17 about whether to give the lecture is preserved across reboots even when
18 RAMRUN is set, closes: #581393
19 * add a note to README.Debian about LDAP needing an entry in
20 /etc/nsswitch.conf, closes: #522065
21 * add a note to README.Debian about how to turn off lectures if using
22 RAMRUN in /etc/default/rcS, closes: #581393
24 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
26 sudo (1.7.2p6-1) unstable; urgency=low
28 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
30 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
32 sudo (1.7.2p5-1) unstable; urgency=low
34 * new upstream release, closes a bug filed upstream regarding missing man
35 page processing scripts in the 1.7.2p1 tarball, also includes the fix
36 for CVE-2010-0426 previously the subject of a security team nmu
37 * move to source format 3.0 (quilt) and restructure changes as patches
38 * fix unprocessed substitution variables in man pages, closes: #557204
39 * apply patch from Neil Moore to fix Debian-specific content in the
40 visudo man page, closes: #555013
41 * update descriptions to better explain sudo-ldap, closes: #573108
42 * eliminate spurious 'and' in man page, closes: #571620
43 * fix confusing text in default sudoers, closes: #566607
45 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
47 sudo (1.7.2p1-1) unstable; urgency=low
49 * new upstream version
50 * add support for /etc/sudoers.d using #includedir in default sudoers,
51 which I think is also a good solution to the request for a crontab-like
52 API requested in March of 2001, closes: #539994, #271813, #89743
53 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
55 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
57 sudo (1.7.2-2) unstable; urgency=low
59 * further improve initial sudoers to not include the NOPASSWD option on
60 the group sudo exception, closes: #539136, #198991
62 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
64 sudo (1.7.2-1) unstable; urgency=low
66 * new upstream version, closes: #537103
67 * improve initial sudoers by having the exemption for users in group
68 sudo on by default, and including the ability to run any command as
69 any user. This makes the default install roughly equivalent to our
70 old use of the --with-exempt=sudo build option, closes: #536220, #536222
72 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
74 sudo (1.7.0-1) unstable; urgency=low
76 * new upstream version, closes: #510179, #128268, #520274, #508514
77 * fix ldap config file path for sudo-ldap package, including creating
78 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
79 package, closes: #430826
80 * fix NOPASSWD entry location in default config file for the sudo-ldap
81 instance too, closes: #479616
83 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
85 sudo (1.6.9p17-2) unstable; urgency=high
87 * patch from upstream to fix privilege escalation with certain
88 configurations, CVE-2009-0034
89 * typo in sudoers man page, closes: #507163
91 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
93 sudo (1.6.9p17-1) unstable; urgency=low
95 * new upstream version, closes: #481008
96 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
97 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
98 in move from CVS to git for package management, closes: #475821
99 * re-instate the init.d for the sudo-ldap package too... /o\
101 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
103 sudo (1.6.9p15-2) unstable; urgency=low
105 * revert the fix for 388659 such that visudo once again defaults to using
106 /usr/bin/editor. I was always ambivalent about this change, it has caused
107 more confusion and frustration than it cured, and I find Justin's line of
108 reasoning persuasive. Update the man page source to reflect this choice
109 and the related use of --with-env-editor. Closes: #474197.
110 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
112 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
114 sudo (1.6.9p15-1) unstable; urgency=low
116 * new upstream version, closes: #467126, #473337
117 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
118 thanks to Justin Pryzby for pointing this out
119 * reinstate the init.d, since bootclean doesn't quite do what we want. This
120 also means we don't need the preinst scripts any more. Update the lintian
121 overrides since postinst is a Perl script lintian apparently isn't parsing
122 well. closes: #330868
124 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
126 sudo (1.6.9p12-1) unstable; urgency=low
128 * new upstream version, closes: #464890
130 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
132 sudo (1.6.9p11-3) unstable; urgency=low
134 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
136 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
138 sudo (1.6.9p11-2) unstable; urgency=low
140 * update version compared in preinst when removing obsolete init.d,
142 * implement pam session config suggestions from Elizabeth Fong,
143 closes: #452457, #402329
145 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
147 sudo (1.6.9p11-1) unstable; urgency=low
149 * new upstream version
151 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
153 sudo (1.6.9p10-1) unstable; urgency=low
155 * new upstream version
156 * tweak default password prompt as %u doesn't make sense. Accept patch from
157 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
158 uses it by default, closes: #454409
159 * accept patch from Martin Pitt that adds a prerm making it difficult to
160 "accidentally" remove sudo when there is no root password set on the
161 system, closes: #451241
163 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
165 sudo (1.6.9p9-1) unstable; urgency=low
167 * new upstream version
168 * debian/rules: configure a more informative default password prompt to
169 reduce confusion when using sudo to invoke commands which also ask for
170 passwords, closes: #343268
171 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
172 a custom prompt, closes: #448628.
173 * fix configure's ability to discover that libc has dirfd, closes: #451324
174 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
175 the command 'visudo' invokes a vi variant by default as documented,
178 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
180 sudo (1.6.9p6-1) unstable; urgency=low
182 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
183 closes: #434832, #434608, #430382
184 * eliminate the now-redundant init.d scripts, closes: #397090
185 * fix typo in TROUBLESHOOTING file, closes: #439624
187 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
189 sudo (1.6.8p12-6) unstable; urgency=low
191 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
192 * have init.d touch directories in /var/run/sudo, not just files, as a
194 * fix various typos in sudoers.pod, closes: #419749
195 * don't let Makefile strip binaries, closes: #438073
197 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
199 sudo (1.6.8p12-5) unstable; urgency=low
201 * update debian/copyright to reflect new upstream URL, closes: #368746
202 * add sandwich cartoon URL to the README.Debian
203 * don't remove sudoers on purge. can cause problems when moving between
204 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
205 evil choice for now, closes: #401366
206 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
208 * accept patch that improves debian/rules from Ted Percival, closes: #382122
209 * no longer build with --with-exempt=sudo, provide an example entry in the
210 default sudoers file instead, closes: #296605
211 * add --with-devel to configure and augment build dependencies so that flex
212 and yacc files get re-generated on every build, closes: #316249
214 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
216 sudo (1.6.8p12-4) unstable; urgency=low
218 * patch from Petter Reinholdtsen for the LSB info block in the init.d
219 script, closes: #361055
220 * deliver sudoers sample again, closes: #361593
222 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
224 sudo (1.6.8p12-3) unstable; urgency=low
226 * force-feed configure knowledge of nroff's path so we get unformatted man
227 pages installed without build-depending on groff-base, closes: #360894
228 * add a reference to OPTIONS in the man page, closes: #186226
230 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
232 sudo (1.6.8p12-2) unstable; urgency=low
234 * fix typos in init scripts, closes: #346325
235 * update to debhelper compat level 5
236 * build depend on autotools-dev to ensure config.sub/guess are fresh
237 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
238 use it here as well. Thanks to Martin and the debian-security team.
239 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
240 closes: #315115, #315718, #203874
241 * Non-maintainer upload by the Security Team
242 * Reworked the former patch to limit environment variables from being
243 passed through, set env_reset as default instead [sudo.c, env.c,
244 sudoers.pod, Bug#342948, CVE-2005-4158]
245 * env_reset is now set by default
246 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
247 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
248 (in addition to the SUDO_* variables)
249 * Rebuild sudoers.man.in from the POD file
250 * Added README.Debian
251 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
252 * simplify rules file by using more of Makefile, despite having to override
253 default directories with more arguments to configure, closes: #292833
254 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
255 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
256 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
257 unresolveable (requires adding bison as build dep), closes: #314949
259 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
261 sudo (1.6.8p12-1) unstable; urgency=low
263 * new upstream version, closes: #342948 (CVE-2005-4158)
264 * add env_reset to the sudoers file we create if none already exists,
265 as a further precaution in response to discussion about CVS-2005-4158
266 * split ldap support into a new sudo-ldap package. I was trying to avoid
267 doing this, but the impact of going from 4 to 17 linked shlibs on the
268 autobuilder chroots is sufficient motivation for me.
271 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
273 sudo (1.6.8p9-4) unstable; urgency=low
275 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
276 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
277 timestamps in the init.d script, closes: #330868
278 * add dependency header to init.d script, closes: #332849
280 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
282 sudo (1.6.8p9-3) unstable; urgency=high
284 * update debhelper compatibility level from 2 to 4
285 * add man page symlink for sudoedit
286 * Clean SHELLOPTS and PS4 from the environment before executing programs
287 with sudo permissions [env.c, CAN-2005-2959]
288 * fix typo in manpage pointed out by Moray Allen, closes: #285995
289 * fix paths in sample complex sudoers file, closes: #303542
290 * fix type in sudoers man page, closes: #311244
292 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
294 sudo (1.6.8p9-2) unstable; urgency=high
296 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
299 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
301 sudo (1.6.8p9-1) unstable; urgency=high
303 * new upstream version, fixes a race condition in sudo's pathname
304 validation, which is a security issue (CAN-2005-1993),
305 closes: #315115, #315718
307 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
309 sudo (1.6.8p7-1) unstable; urgency=low
311 * new upstream version, closes: #299585
312 * update lintian overrides to squelch the postinst warning
313 * change sudoedit from a hard to a soft link, closes: #296896
314 * fix regex doc in sudoers man page, closes: #300361
316 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
318 sudo (1.6.8p5-1) unstable; urgency=high
320 * new upstream version
321 * restores ability to use config tuples without a value, which was causing
322 problems on upgrade closes: #283306
323 * deliver sudoedit, closes: #283078
324 * marking urgency high since 283306 is a serious upgrade incompatibility
326 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
328 sudo (1.6.8p3-2) unstable; urgency=high
330 * update pam.d deliverable so ldap works again, closes: #282191
332 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
334 sudo (1.6.8p3-1) unstable; urgency=high
336 * new upstream version, fixes a flaw in sudo's environment sanitizing that
337 could allow a malicious user with permission to run a shell script that
338 utilized the bash shell to run arbitrary commands, closes: #281665
339 * patch the sample sudoers to have the proper path for kill on Debian
340 systems, closes: #263486
341 * patch the sudo manpage to reflect Debian's choice of exempt_group
342 default setting, closes: #236465
343 * patch the sudo manpage to reflect Debian's choice of no timeout on the
344 password prompt, closes: #271194
346 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
348 sudo (1.6.7p5-2) unstable; urgency=low
350 * Jeff Bailey reports that seteuid works on current sparc systems, so we
351 no longer need the "grosshack" stuff in the sudo rules file
352 * add a postrm that removes /etc/sudoers on purge. don't do this with the
353 normal conffile mechanism since it would generate noise on every upgrade,
356 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
358 sudo (1.6.7p5-1) unstable; urgency=low
360 * new upstream version, closes: #190265, #193222, #197244
361 * change from '.' to ':' in postinst chown call, closes: #208369
363 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
365 sudo (1.6.7p3-2) unstable; urgency=low
367 * add --disable-setresuid to configure call since 2.2 kernels don't support
368 setresgid, closes: #189044
369 * cosmetic cleanups to debian/rules as long as I'm there
371 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
373 sudo (1.6.7p3-1) unstable; urgency=low
375 * new upstream version
376 * add overrides to quiet lintian about things it doesn't understand,
377 except the source one that can't be overridden until 129510 is fixed
379 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
381 sudo (1.6.6-3) unstable; urgency=low
383 * add code to rules file to update config.sub/guess, closes: #164501
385 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
387 sudo (1.6.6-2) unstable; urgency=low
389 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
390 configure, and lose the build dependency on mail-transport-agent
391 * incorporate changes from LaMont's NMU, closes: #144665, #144737
392 * update init.d to not try and set time on nonexistent timestamp files,
394 * build with --with-all-insults, admin must edit sudoers to turn insults
395 on at runtime if desired, closes: #135374
396 * stop setting /usr/doc symlink in postinst
398 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
400 sudo (1.6.6-1.1) unstable; urgency=high
402 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
403 * Revert patch to auth/pam.c that left pass uninitialized, causing a
404 segfault (Closes: #144665).
406 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
408 sudo (1.6.6-1) unstable; urgency=high
410 * new upstream version, fixes security problem with crafty prompts,
413 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
415 sudo (1.6.5p1-4) unstable; urgency=high
417 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
418 if ctrl/C'ed at password prompt, closes: #131235
420 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
422 sudo (1.6.5p1-3) unstable; urgency=high
424 * ugly hack to add --disable-saved-ids when building on sparc in response
425 to 131592, which will be reassigned to glibc for a real fix
426 * urgency high since the sudo currently in testing for sparc is worthless
428 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
430 sudo (1.6.5p1-2) unstable; urgency=high
432 * patch from upstream to fix seg faults caused by versions of pam that
433 follow a NULL pointer, closes: #129512
435 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
437 sudo (1.6.5p1-1) unstable; urgency=high
439 * new upstream version
440 * add --disable-root-mailer option supported by new version to configure
441 call in rules file, closes: #129648
443 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
445 sudo (1.6.4p1-1) unstable; urgency=high
447 * new upstream version, with fix for segfaulting problem in 1.6.4
449 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
451 sudo (1.6.4-1) unstable; urgency=high
453 * new upstream version, includes an important security fix, closes: #127576
455 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
457 sudo (1.6.3p7-5) unstable; urgency=low
459 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
460 * fix spelling error in init.d, closes: #126847
462 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
464 sudo (1.6.3p7-4) unstable; urgency=medium
466 * use touch to set status files to an ancient date instead of removing them
467 outright on reboot. this achieves the desired effect of keeping elevated
468 privs from living across reboots, without forcing everyone to see the
469 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
470 for systems with good clocks, and 'recent enough' that broken PC hardware
471 setting the clock to commonly-seen bogus dates trips over the "don't trust
472 future timestamps" rule. closes: #76529, #123559
473 * apply patch from Steve Langasek to fix seg faults due to interaction with
474 PAM code. upstream confirms the problem, and says they're fixing this
475 differently for their next release... but this should be useful in the
476 meantime, and would be good to get into woody. closes: #119147
477 * only run the init.d at boot, not on each runlevel change... and don't run
478 it during package configure. closes: #125935
479 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
481 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
483 sudo (1.6.3p7-3) unstable; urgency=low
485 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
486 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
487 * fix a typo in the manpage, closes: #97368
488 * apply patch to configure.in and run autoconf to fix problem building on
489 the hurd, closes: #96325
490 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
491 to not last across reboots, closes: #76529
492 * clean up lintian-noticed cosmetic packaging issues
494 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
496 sudo (1.6.3p7-2) unstable; urgency=low
498 * update config.sub/guess for hppa support
500 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
502 sudo (1.6.3p7-1) unstable; urgency=low
504 * new upstream version
505 * add build dependency on mail-transport-agent, closes: #90685
507 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
509 sudo (1.6.3p6-1) unstable; urgency=high
511 * new upstream version, fixes buffer overflow problem,
512 closes: #87259, #87278, #87263
513 * revert to using --with-secure-path option at build time, since the option
514 available in sudoers is parsed too late to be useful, and upstream says
515 it won't get fixed quickly. This reopens 85123, which I will mark as
516 forwarded. Closes: #86199, #86117, #85676
518 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
520 sudo (1.6.3p5-2) unstable; urgency=low
522 * lose the dh_suidregister call since it's obsolete
523 * stop using the --with-secure-path option at build time, and instead show
524 how to set it in sudoers. Closes: #85123
525 * freshen config.sub and config.guess for ia64 and hppa
526 * update sudoers man page to indicate exempt_group is on by default,
529 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
531 sudo (1.6.3p5-1) unstable; urgency=low
533 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
534 * this version restores core dumps before the exec, while leaving them
535 disabled during sudo's internal execution, closes: #58289
536 * update debhelper calls in rules file
538 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
540 sudo (1.6.2p2-1) frozen unstable; urgency=medium
542 * new upstream source resulting from direct collaboration with the upstream
543 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
544 Closes: #56129, #55978, #55979, #56550, #56772
545 * include more upstream documentation, closes: #55054
546 * pam.d fragment update, closes: #56129
548 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
550 sudo (1.6.1-1) unstable; urgency=low
552 * new upstream source, closes: #52750
554 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
556 sudo (1.6-2) unstable; urgency=low
558 * drop suidregister support for this package. The sudo executable is
559 essentially worthless unless it is setuid root, and making suidregister
560 work involves shipping a non-setuid executable in the .deb and setting the
561 perms in the postinst. On a long upgrade run, this can leave the sudo
562 executable 'broken' for a long time, which is unacceptable. With this
563 version, we ship the executable setuid root in the .deb. Closes: #51742
565 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
567 sudo (1.6-1) unstable; urgency=low
569 * new upstream version, many options previously set at compile-time are now
570 configurable at runtime.
571 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
574 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
576 sudo (1.5.9p4-1) unstable; urgency=low
578 * new upstream version, closes: #43464
579 * empty password handling was fixed in 1.5.8, closes: #31863
581 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
583 sudo (1.5.9p1-1) unstable; urgency=low
585 * new upstream version
587 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
589 sudo (1.5.8p1-1) unstable; urgency=medium
591 * new upstream version, closes 33690
592 * add dependency on libpam-modules, closes 34215, 33432
594 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
596 sudo (1.5.7p4-2) unstable; urgency=medium
598 * update the pam fragment provided so that sudo works with latest pam bits,
601 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
603 sudo (1.5.7p4-1) unstable; urgency=low
605 * new upstream release
607 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
609 sudo (1.5.6p5-1) unstable; urgency=low
611 * new upstream patch release
612 * add PAM support, closes 28594
614 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
616 sudo (1.5.6p2-2) unstable; urgency=low
618 * update copyright file, closes 24136
619 * review and close forwarded bugs believed fixed in this upstream version,
622 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
624 sudo (1.5.6p2-1) unstable; urgency=low
626 * new upstream release
628 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
630 sudo (1.5.4-4) frozen unstable; urgency=low
632 * update postinst to use groupadd, closes 21403
633 * move the suidregister stuff earlier in postinst to ensure it always runs
635 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
637 sudo (1.5.4-3) frozen unstable; urgency=low
639 * change /etc/sudoers from a conffile to being handled in postinst,
641 * add suidmanager support, closes 15711
642 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
643 unlikely to ever fix, and which just don't matter. closes 17146
644 * fix FSF address in copyright file, and submit exception for lintian
645 warning about sudo being setuid root
647 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
649 sudo (1.5.4-2) unstable; urgency=high
651 * patch from upstream author correcting/improving security fix
653 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
655 sudo (1.5.4-1) unstable; urgency=high
657 * new upstream version, includes a security fix
658 * change default editor from /bin/ae to /usr/bin/editor
660 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
662 sudo (1.5.3-1) unstable; urgency=medium
664 * new upstream version, closes bug 15911.
665 * rules file reworked to use debhelper
666 * implement a really gross hack to force use of the sudo-provided
667 lsearch(), since the one in libc6 is broken! This closes bugs
668 12552, 12557, 14881, 15259, 15916.
670 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
672 sudo (1.5.2-6) unstable; urgency=LOW
674 * don't install INSTALL in the doc directory, closes bug 13195.
676 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
678 sudo (1.5.2-5) unstable; urgency=LOW
682 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
684 sudo (1.5.2-4) unstable; urgency=LOW
686 * change TIMEOUT (how long before you have to type your password again)
687 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
688 packages on slower machines much more tolerable. Closes bug 9076.
689 * touch debian/suid before debstd. Closes bug 8709.
691 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
693 sudo (1.5.2-3) frozen unstable; urgency=LOW
695 * patch from upstream maintainer to close Bug 6828
696 * add a debian/suid file to get debstd to leave my perl postinst alone
698 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
700 sudo (1.5.2-2) frozen unstable; urgency=LOW
702 * change rules to use -O2 -Wall as per standards
704 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
706 sudo (1.5.2-1) unstable; urgency=LOW
708 * new upstream version
709 * cosmetic changes to debian package control files
711 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
713 sudo (1.5-2) unstable; urgency=LOW
715 * add /usr/X11R6/bin to the end of the secure path... this makes it
716 much easier to run xmkmf, etc., during package builds. To the extent
717 that /usr/local/sbin and /usr/local/bin were already included, I see
718 no security reasons not to add this.
720 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
722 sudo (1.5-1) unstable; urgency=LOW
724 * New upstream version
726 * New packaging format
728 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
730 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
734 * hard code SECURE_PATH to:
735 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
739 * enabled EXEMPTGROUP "sudo"
741 * moved timestamp dir to /var/log/sudo
743 * changed parser to check for long and short filenames (Bug#1162)
745 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
749 * New upstream source
751 * Fixed postinst script
752 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
754 * Removed special shadow binary. This version works with and without
755 shadow password file.
757 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
761 * Corrected editor path to /bin/ae (Bug#3062)
763 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
765 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
769 * New upstream version
771 * Changed sudoers permission to 440 (owner root, group root) to make
774 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
778 * Applied upstream patch 1
780 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
784 * Applied upstream patch 2
786 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
790 * Applied upstream patch 3 (fixes problems with an NFS-mounted
794 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
798 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
799 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
801 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
805 * Applied upstream patch 4 (fixes several bugs)
807 * Changed priority to optional
809 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
813 * Corrected postinst to create correct permission for /etc/sudoers
816 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
820 * New upstream version
823 sudo (1.4.4-2) admin; urgency=HIGH
825 * Fixed major security bug reported by Peter Tobias
826 <tobias@et-inf.fho-emden.de>
827 * Added dchanges support to debian.rules
829 sudo (1.4.5-1) admin; urgency=LOW
831 * New upstream version
832 * Minor changes to debian.rules