1 sudo (1.8.5-1) UNRELEASED; urgency=low
4 * fix sudo-ldap.postinst syntax issue, closes: #669576
6 -- Bdale Garbee <bdale@gag.com> Wed, 16 May 2012 09:28:00 -0600
8 sudo (1.8.3p2-2) unstable; urgency=low
10 * patch to actually use hardening build flags, closes: #655417
12 -- Bdale Garbee <bdale@gag.com> Mon, 19 Mar 2012 14:58:39 +0100
14 sudo (1.8.3p2-1) unstable; urgency=high
16 * new upstream version, closes: #657985 (CVE-2012-0809)
17 * patch from Pino Toscano to only use selinux on Linux, closes: #655894
19 -- Bdale Garbee <bdale@gag.com> Mon, 30 Jan 2012 16:11:54 -0700
21 sudo (1.8.3p1-3) unstable; urgency=low
23 * patch from Moritz Muehlenhoff enables hardened build flags, closes: #655417
24 * replacement postinst script from Mike Beattie using shell instead of Perl
25 * include systemd service file from Michael Stapelberg, closes: #639633
26 * add init.d status support, closes: #641782
27 * make sudo-ldap package manage a sudoers entry in nsswitch.conf,
28 closes: #610600, #639530
29 * enable mail_badpass in the default sudoers file, closes: #641218
30 * enable selinux support, closes: #655510
32 -- Bdale Garbee <bdale@gag.com> Wed, 11 Jan 2012 16:18:13 -0700
34 sudo (1.8.3p1-2) unstable; urgency=low
36 * if upgrading from squeeze, and the sudoers file is unmodified, avoid
37 the packaging system prompting the user about a change they didn't make
38 now that sudoers is a conffile, closes: #612532, #636049
39 * add a recommendation for the use of visudo to the sudoers.d/README file,
42 -- Bdale Garbee <bdale@gag.com> Sat, 12 Nov 2011 16:27:13 -0700
44 sudo (1.8.3p1-1) unstable; urgency=low
46 * new upstream version, closes: #646478
48 -- Bdale Garbee <bdale@gag.com> Thu, 27 Oct 2011 01:03:44 +0200
50 sudo (1.8.3-1) unstable; urgency=low
52 * new upstream version, closes: #639391, #639568
54 -- Bdale Garbee <bdale@gag.com> Sat, 22 Oct 2011 23:49:16 -0600
56 sudo (1.8.2-2) unstable; urgency=low
59 * debian/rules improvements, closes: #642535
60 + mv upstream sample.* files to the examples folder.
61 - do not call dh_installexamples.
64 * patch from upstream for SIGBUS on sparc64, closes: #640304
65 * use common-session-noninteractive in the pam config to reduce log noise
66 when sudo is used in cron, etc, closes: #519700
67 * patch from Steven McDonald to fix segfault on startup under certain
68 conditions, closes: #639568
69 * add a NEWS entry regarding the secure_path change made in 1.8.2-1,
72 -- Bdale Garbee <bdale@gag.com> Mon, 26 Sep 2011 21:55:56 -0600
74 sudo (1.8.2-1) unstable; urgency=low
76 * new upstream version, closes: #637449, #621830
77 * include common-session in pam config, closes: #519700, #607199
78 * move secure_path from configure to default sudoers, closes: #85123, 85917
79 * improve sudoers self-documentation, closes: #613639
80 * drop --disable-setresuid since modern systems should not run 2.2 kernels
81 * lose the --with-devel configure option since it's breaking builds in
82 subdirectories for some reason
84 -- Bdale Garbee <bdale@gag.com> Wed, 24 Aug 2011 13:33:11 -0600
86 sudo (1.7.4p6-1) unstable; urgency=low
88 * new upstream version
89 * touch the right stamp name after configuring, closes: #611287
90 * patch from Svante Signell to fix build problem on Hurd, closes: #611290
92 -- Bdale Garbee <bdale@gag.com> Wed, 09 Feb 2011 11:32:58 -0700
94 sudo (1.7.4p4-6) unstable; urgency=low
96 * update /etc/sudoers.d/README now that sudoers is a conffile
97 * patch from upstream to fix special case in password checking code
98 when only the gid is changing, closes: #609641
100 -- Bdale Garbee <bdale@gag.com> Tue, 11 Jan 2011 10:22:39 -0700
102 sudo (1.7.4p4-5) unstable; urgency=low
104 * patch from Jakub Wilk to add noopt and nostrip build option support,
106 * make sudoers a conffile, closes: #605130
107 * add descriptions to LSB init headers, closes: #604619
108 * change default sudoers %sudo entry to allow gid changes, closes: #602699
109 * add Vcs entries to the control file
110 * use debhelper install files instead of explicit installs in rules
112 -- Bdale Garbee <bdale@gag.com> Wed, 01 Dec 2010 20:32:31 -0700
114 sudo (1.7.4p4-4) unstable; urgency=low
116 * patch from upstream to resolve problem always prompting for a password
117 when run without a tty, closes: #599376
118 * patch from upstream to resolve interoperability problem between HOME in
119 env_keep and the -H flag, closes: #596493
120 * change path syntax to avoid tar error when /var/run/sudo exists but is
121 empty, closes: #598877
123 -- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600
125 sudo (1.7.4p4-3) unstable; urgency=low
127 * make postinst clause for handling /var/run -> /var/lib transition less
128 fragile, closes: #585514
129 * cope with upstream's Makefile trying to install ChangeLog in our doc
130 directory, closes: #597389
131 * fix README.Debian to reflect that HOME is no longer preserved by default,
134 -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
136 sudo (1.7.4p4-2) unstable; urgency=low
138 * add a NEWS item about change in $HOME handling that impacts programs
141 -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
143 sudo (1.7.4p4-1) unstable; urgency=high
145 * new upstream version, urgency high due to fix for flaw in Runas group
146 matching (CVE-2010-2956), closes: #595935
147 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
148 re-lecturing existing users, and to clean up after ourselves on upgrade,
149 and remove the RAMRUN section from README.Debian since the new state dir
150 should fix the original problem, closes: #585514
151 * deliver README.Debian to both package flavors, closes: #593579
153 -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600
155 sudo (1.7.2p7-1) unstable; urgency=high
157 * new upstream release with security fix for secure path (CVE-2010-1646),
159 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
160 about whether to give the lecture is preserved across reboots even when
161 RAMRUN is set, closes: #581393
162 * add a note to README.Debian about LDAP needing an entry in
163 /etc/nsswitch.conf, closes: #522065
164 * add a note to README.Debian about how to turn off lectures if using
165 RAMRUN in /etc/default/rcS, closes: #581393
167 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
169 sudo (1.7.2p6-1) unstable; urgency=low
171 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
173 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
175 sudo (1.7.2p5-1) unstable; urgency=low
177 * new upstream release, closes a bug filed upstream regarding missing man
178 page processing scripts in the 1.7.2p1 tarball, also includes the fix
179 for CVE-2010-0426 previously the subject of a security team nmu
180 * move to source format 3.0 (quilt) and restructure changes as patches
181 * fix unprocessed substitution variables in man pages, closes: #557204
182 * apply patch from Neil Moore to fix Debian-specific content in the
183 visudo man page, closes: #555013
184 * update descriptions to better explain sudo-ldap, closes: #573108
185 * eliminate spurious 'and' in man page, closes: #571620
186 * fix confusing text in default sudoers, closes: #566607
188 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
190 sudo (1.7.2p1-1) unstable; urgency=low
192 * new upstream version
193 * add support for /etc/sudoers.d using #includedir in default sudoers,
194 which I think is also a good solution to the request for a crontab-like
195 API requested in March of 2001, closes: #539994, #271813, #89743
196 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
198 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
200 sudo (1.7.2-2) unstable; urgency=low
202 * further improve initial sudoers to not include the NOPASSWD option on
203 the group sudo exception, closes: #539136, #198991
205 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
207 sudo (1.7.2-1) unstable; urgency=low
209 * new upstream version, closes: #537103
210 * improve initial sudoers by having the exemption for users in group
211 sudo on by default, and including the ability to run any command as
212 any user. This makes the default install roughly equivalent to our
213 old use of the --with-exempt=sudo build option, closes: #536220, #536222
215 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
217 sudo (1.7.0-1) unstable; urgency=low
219 * new upstream version, closes: #510179, #128268, #520274, #508514
220 * fix ldap config file path for sudo-ldap package, including creating
221 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
222 package, closes: #430826
223 * fix NOPASSWD entry location in default config file for the sudo-ldap
224 instance too, closes: #479616
226 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
228 sudo (1.6.9p17-2) unstable; urgency=high
230 * patch from upstream to fix privilege escalation with certain
231 configurations, CVE-2009-0034
232 * typo in sudoers man page, closes: #507163
234 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
236 sudo (1.6.9p17-1) unstable; urgency=low
238 * new upstream version, closes: #481008
239 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
240 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
241 in move from CVS to git for package management, closes: #475821
242 * re-instate the init.d for the sudo-ldap package too... /o\
244 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
246 sudo (1.6.9p15-2) unstable; urgency=low
248 * revert the fix for 388659 such that visudo once again defaults to using
249 /usr/bin/editor. I was always ambivalent about this change, it has caused
250 more confusion and frustration than it cured, and I find Justin's line of
251 reasoning persuasive. Update the man page source to reflect this choice
252 and the related use of --with-env-editor. Closes: #474197.
253 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
255 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
257 sudo (1.6.9p15-1) unstable; urgency=low
259 * new upstream version, closes: #467126, #473337
260 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
261 thanks to Justin Pryzby for pointing this out
262 * reinstate the init.d, since bootclean doesn't quite do what we want. This
263 also means we don't need the preinst scripts any more. Update the lintian
264 overrides since postinst is a Perl script lintian apparently isn't parsing
265 well. closes: #330868
267 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
269 sudo (1.6.9p12-1) unstable; urgency=low
271 * new upstream version, closes: #464890
273 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
275 sudo (1.6.9p11-3) unstable; urgency=low
277 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
279 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
281 sudo (1.6.9p11-2) unstable; urgency=low
283 * update version compared in preinst when removing obsolete init.d,
285 * implement pam session config suggestions from Elizabeth Fong,
286 closes: #452457, #402329
288 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
290 sudo (1.6.9p11-1) unstable; urgency=low
292 * new upstream version
294 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
296 sudo (1.6.9p10-1) unstable; urgency=low
298 * new upstream version
299 * tweak default password prompt as %u doesn't make sense. Accept patch from
300 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
301 uses it by default, closes: #454409
302 * accept patch from Martin Pitt that adds a prerm making it difficult to
303 "accidentally" remove sudo when there is no root password set on the
304 system, closes: #451241
306 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
308 sudo (1.6.9p9-1) unstable; urgency=low
310 * new upstream version
311 * debian/rules: configure a more informative default password prompt to
312 reduce confusion when using sudo to invoke commands which also ask for
313 passwords, closes: #343268
314 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
315 a custom prompt, closes: #448628.
316 * fix configure's ability to discover that libc has dirfd, closes: #451324
317 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
318 the command 'visudo' invokes a vi variant by default as documented,
321 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
323 sudo (1.6.9p6-1) unstable; urgency=low
325 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
326 closes: #434832, #434608, #430382
327 * eliminate the now-redundant init.d scripts, closes: #397090
328 * fix typo in TROUBLESHOOTING file, closes: #439624
330 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
332 sudo (1.6.8p12-6) unstable; urgency=low
334 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
335 * have init.d touch directories in /var/run/sudo, not just files, as a
337 * fix various typos in sudoers.pod, closes: #419749
338 * don't let Makefile strip binaries, closes: #438073
340 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
342 sudo (1.6.8p12-5) unstable; urgency=low
344 * update debian/copyright to reflect new upstream URL, closes: #368746
345 * add sandwich cartoon URL to the README.Debian
346 * don't remove sudoers on purge. can cause problems when moving between
347 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
348 evil choice for now, closes: #401366
349 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
351 * accept patch that improves debian/rules from Ted Percival, closes: #382122
352 * no longer build with --with-exempt=sudo, provide an example entry in the
353 default sudoers file instead, closes: #296605
354 * add --with-devel to configure and augment build dependencies so that flex
355 and yacc files get re-generated on every build, closes: #316249
357 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
359 sudo (1.6.8p12-4) unstable; urgency=low
361 * patch from Petter Reinholdtsen for the LSB info block in the init.d
362 script, closes: #361055
363 * deliver sudoers sample again, closes: #361593
365 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
367 sudo (1.6.8p12-3) unstable; urgency=low
369 * force-feed configure knowledge of nroff's path so we get unformatted man
370 pages installed without build-depending on groff-base, closes: #360894
371 * add a reference to OPTIONS in the man page, closes: #186226
373 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
375 sudo (1.6.8p12-2) unstable; urgency=low
377 * fix typos in init scripts, closes: #346325
378 * update to debhelper compat level 5
379 * build depend on autotools-dev to ensure config.sub/guess are fresh
380 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
381 use it here as well. Thanks to Martin and the debian-security team.
382 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
383 closes: #315115, #315718, #203874
384 * Non-maintainer upload by the Security Team
385 * Reworked the former patch to limit environment variables from being
386 passed through, set env_reset as default instead [sudo.c, env.c,
387 sudoers.pod, Bug#342948, CVE-2005-4158]
388 * env_reset is now set by default
389 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
390 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
391 (in addition to the SUDO_* variables)
392 * Rebuild sudoers.man.in from the POD file
393 * Added README.Debian
394 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
395 * simplify rules file by using more of Makefile, despite having to override
396 default directories with more arguments to configure, closes: #292833
397 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
398 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
399 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
400 unresolveable (requires adding bison as build dep), closes: #314949
402 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
404 sudo (1.6.8p12-1) unstable; urgency=low
406 * new upstream version, closes: #342948 (CVE-2005-4158)
407 * add env_reset to the sudoers file we create if none already exists,
408 as a further precaution in response to discussion about CVS-2005-4158
409 * split ldap support into a new sudo-ldap package. I was trying to avoid
410 doing this, but the impact of going from 4 to 17 linked shlibs on the
411 autobuilder chroots is sufficient motivation for me.
414 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
416 sudo (1.6.8p9-4) unstable; urgency=low
418 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
419 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
420 timestamps in the init.d script, closes: #330868
421 * add dependency header to init.d script, closes: #332849
423 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
425 sudo (1.6.8p9-3) unstable; urgency=high
427 * update debhelper compatibility level from 2 to 4
428 * add man page symlink for sudoedit
429 * Clean SHELLOPTS and PS4 from the environment before executing programs
430 with sudo permissions [env.c, CAN-2005-2959]
431 * fix typo in manpage pointed out by Moray Allen, closes: #285995
432 * fix paths in sample complex sudoers file, closes: #303542
433 * fix type in sudoers man page, closes: #311244
435 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
437 sudo (1.6.8p9-2) unstable; urgency=high
439 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
442 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
444 sudo (1.6.8p9-1) unstable; urgency=high
446 * new upstream version, fixes a race condition in sudo's pathname
447 validation, which is a security issue (CAN-2005-1993),
448 closes: #315115, #315718
450 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
452 sudo (1.6.8p7-1) unstable; urgency=low
454 * new upstream version, closes: #299585
455 * update lintian overrides to squelch the postinst warning
456 * change sudoedit from a hard to a soft link, closes: #296896
457 * fix regex doc in sudoers man page, closes: #300361
459 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
461 sudo (1.6.8p5-1) unstable; urgency=high
463 * new upstream version
464 * restores ability to use config tuples without a value, which was causing
465 problems on upgrade closes: #283306
466 * deliver sudoedit, closes: #283078
467 * marking urgency high since 283306 is a serious upgrade incompatibility
469 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
471 sudo (1.6.8p3-2) unstable; urgency=high
473 * update pam.d deliverable so ldap works again, closes: #282191
475 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
477 sudo (1.6.8p3-1) unstable; urgency=high
479 * new upstream version, fixes a flaw in sudo's environment sanitizing that
480 could allow a malicious user with permission to run a shell script that
481 utilized the bash shell to run arbitrary commands, closes: #281665
482 * patch the sample sudoers to have the proper path for kill on Debian
483 systems, closes: #263486
484 * patch the sudo manpage to reflect Debian's choice of exempt_group
485 default setting, closes: #236465
486 * patch the sudo manpage to reflect Debian's choice of no timeout on the
487 password prompt, closes: #271194
489 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
491 sudo (1.6.7p5-2) unstable; urgency=low
493 * Jeff Bailey reports that seteuid works on current sparc systems, so we
494 no longer need the "grosshack" stuff in the sudo rules file
495 * add a postrm that removes /etc/sudoers on purge. don't do this with the
496 normal conffile mechanism since it would generate noise on every upgrade,
499 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
501 sudo (1.6.7p5-1) unstable; urgency=low
503 * new upstream version, closes: #190265, #193222, #197244
504 * change from '.' to ':' in postinst chown call, closes: #208369
506 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
508 sudo (1.6.7p3-2) unstable; urgency=low
510 * add --disable-setresuid to configure call since 2.2 kernels don't support
511 setresgid, closes: #189044
512 * cosmetic cleanups to debian/rules as long as I'm there
514 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
516 sudo (1.6.7p3-1) unstable; urgency=low
518 * new upstream version
519 * add overrides to quiet lintian about things it doesn't understand,
520 except the source one that can't be overridden until 129510 is fixed
522 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
524 sudo (1.6.6-3) unstable; urgency=low
526 * add code to rules file to update config.sub/guess, closes: #164501
528 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
530 sudo (1.6.6-2) unstable; urgency=low
532 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
533 configure, and lose the build dependency on mail-transport-agent
534 * incorporate changes from LaMont's NMU, closes: #144665, #144737
535 * update init.d to not try and set time on nonexistent timestamp files,
537 * build with --with-all-insults, admin must edit sudoers to turn insults
538 on at runtime if desired, closes: #135374
539 * stop setting /usr/doc symlink in postinst
541 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
543 sudo (1.6.6-1.1) unstable; urgency=high
545 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
546 * Revert patch to auth/pam.c that left pass uninitialized, causing a
547 segfault (Closes: #144665).
549 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
551 sudo (1.6.6-1) unstable; urgency=high
553 * new upstream version, fixes security problem with crafty prompts,
556 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
558 sudo (1.6.5p1-4) unstable; urgency=high
560 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
561 if ctrl/C'ed at password prompt, closes: #131235
563 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
565 sudo (1.6.5p1-3) unstable; urgency=high
567 * ugly hack to add --disable-saved-ids when building on sparc in response
568 to 131592, which will be reassigned to glibc for a real fix
569 * urgency high since the sudo currently in testing for sparc is worthless
571 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
573 sudo (1.6.5p1-2) unstable; urgency=high
575 * patch from upstream to fix seg faults caused by versions of pam that
576 follow a NULL pointer, closes: #129512
578 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
580 sudo (1.6.5p1-1) unstable; urgency=high
582 * new upstream version
583 * add --disable-root-mailer option supported by new version to configure
584 call in rules file, closes: #129648
586 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
588 sudo (1.6.4p1-1) unstable; urgency=high
590 * new upstream version, with fix for segfaulting problem in 1.6.4
592 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
594 sudo (1.6.4-1) unstable; urgency=high
596 * new upstream version, includes an important security fix, closes: #127576
598 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
600 sudo (1.6.3p7-5) unstable; urgency=low
602 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
603 * fix spelling error in init.d, closes: #126847
605 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
607 sudo (1.6.3p7-4) unstable; urgency=medium
609 * use touch to set status files to an ancient date instead of removing them
610 outright on reboot. this achieves the desired effect of keeping elevated
611 privs from living across reboots, without forcing everyone to see the
612 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
613 for systems with good clocks, and 'recent enough' that broken PC hardware
614 setting the clock to commonly-seen bogus dates trips over the "don't trust
615 future timestamps" rule. closes: #76529, #123559
616 * apply patch from Steve Langasek to fix seg faults due to interaction with
617 PAM code. upstream confirms the problem, and says they're fixing this
618 differently for their next release... but this should be useful in the
619 meantime, and would be good to get into woody. closes: #119147
620 * only run the init.d at boot, not on each runlevel change... and don't run
621 it during package configure. closes: #125935
622 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
624 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
626 sudo (1.6.3p7-3) unstable; urgency=low
628 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
629 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
630 * fix a typo in the manpage, closes: #97368
631 * apply patch to configure.in and run autoconf to fix problem building on
632 the hurd, closes: #96325
633 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
634 to not last across reboots, closes: #76529
635 * clean up lintian-noticed cosmetic packaging issues
637 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
639 sudo (1.6.3p7-2) unstable; urgency=low
641 * update config.sub/guess for hppa support
643 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
645 sudo (1.6.3p7-1) unstable; urgency=low
647 * new upstream version
648 * add build dependency on mail-transport-agent, closes: #90685
650 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
652 sudo (1.6.3p6-1) unstable; urgency=high
654 * new upstream version, fixes buffer overflow problem,
655 closes: #87259, #87278, #87263
656 * revert to using --with-secure-path option at build time, since the option
657 available in sudoers is parsed too late to be useful, and upstream says
658 it won't get fixed quickly. This reopens 85123, which I will mark as
659 forwarded. Closes: #86199, #86117, #85676
661 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
663 sudo (1.6.3p5-2) unstable; urgency=low
665 * lose the dh_suidregister call since it's obsolete
666 * stop using the --with-secure-path option at build time, and instead show
667 how to set it in sudoers. Closes: #85123
668 * freshen config.sub and config.guess for ia64 and hppa
669 * update sudoers man page to indicate exempt_group is on by default,
672 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
674 sudo (1.6.3p5-1) unstable; urgency=low
676 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
677 * this version restores core dumps before the exec, while leaving them
678 disabled during sudo's internal execution, closes: #58289
679 * update debhelper calls in rules file
681 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
683 sudo (1.6.2p2-1) frozen unstable; urgency=medium
685 * new upstream source resulting from direct collaboration with the upstream
686 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
687 Closes: #56129, #55978, #55979, #56550, #56772
688 * include more upstream documentation, closes: #55054
689 * pam.d fragment update, closes: #56129
691 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
693 sudo (1.6.1-1) unstable; urgency=low
695 * new upstream source, closes: #52750
697 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
699 sudo (1.6-2) unstable; urgency=low
701 * drop suidregister support for this package. The sudo executable is
702 essentially worthless unless it is setuid root, and making suidregister
703 work involves shipping a non-setuid executable in the .deb and setting the
704 perms in the postinst. On a long upgrade run, this can leave the sudo
705 executable 'broken' for a long time, which is unacceptable. With this
706 version, we ship the executable setuid root in the .deb. Closes: #51742
708 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
710 sudo (1.6-1) unstable; urgency=low
712 * new upstream version, many options previously set at compile-time are now
713 configurable at runtime.
714 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
717 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
719 sudo (1.5.9p4-1) unstable; urgency=low
721 * new upstream version, closes: #43464
722 * empty password handling was fixed in 1.5.8, closes: #31863
724 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
726 sudo (1.5.9p1-1) unstable; urgency=low
728 * new upstream version
730 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
732 sudo (1.5.8p1-1) unstable; urgency=medium
734 * new upstream version, closes 33690
735 * add dependency on libpam-modules, closes 34215, 33432
737 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
739 sudo (1.5.7p4-2) unstable; urgency=medium
741 * update the pam fragment provided so that sudo works with latest pam bits,
744 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
746 sudo (1.5.7p4-1) unstable; urgency=low
748 * new upstream release
750 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
752 sudo (1.5.6p5-1) unstable; urgency=low
754 * new upstream patch release
755 * add PAM support, closes 28594
757 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
759 sudo (1.5.6p2-2) unstable; urgency=low
761 * update copyright file, closes 24136
762 * review and close forwarded bugs believed fixed in this upstream version,
765 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
767 sudo (1.5.6p2-1) unstable; urgency=low
769 * new upstream release
771 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
773 sudo (1.5.4-4) frozen unstable; urgency=low
775 * update postinst to use groupadd, closes 21403
776 * move the suidregister stuff earlier in postinst to ensure it always runs
778 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
780 sudo (1.5.4-3) frozen unstable; urgency=low
782 * change /etc/sudoers from a conffile to being handled in postinst,
784 * add suidmanager support, closes 15711
785 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
786 unlikely to ever fix, and which just don't matter. closes 17146
787 * fix FSF address in copyright file, and submit exception for lintian
788 warning about sudo being setuid root
790 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
792 sudo (1.5.4-2) unstable; urgency=high
794 * patch from upstream author correcting/improving security fix
796 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
798 sudo (1.5.4-1) unstable; urgency=high
800 * new upstream version, includes a security fix
801 * change default editor from /bin/ae to /usr/bin/editor
803 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
805 sudo (1.5.3-1) unstable; urgency=medium
807 * new upstream version, closes bug 15911.
808 * rules file reworked to use debhelper
809 * implement a really gross hack to force use of the sudo-provided
810 lsearch(), since the one in libc6 is broken! This closes bugs
811 12552, 12557, 14881, 15259, 15916.
813 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
815 sudo (1.5.2-6) unstable; urgency=LOW
817 * don't install INSTALL in the doc directory, closes bug 13195.
819 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
821 sudo (1.5.2-5) unstable; urgency=LOW
825 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
827 sudo (1.5.2-4) unstable; urgency=LOW
829 * change TIMEOUT (how long before you have to type your password again)
830 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
831 packages on slower machines much more tolerable. Closes bug 9076.
832 * touch debian/suid before debstd. Closes bug 8709.
834 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
836 sudo (1.5.2-3) frozen unstable; urgency=LOW
838 * patch from upstream maintainer to close Bug 6828
839 * add a debian/suid file to get debstd to leave my perl postinst alone
841 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
843 sudo (1.5.2-2) frozen unstable; urgency=LOW
845 * change rules to use -O2 -Wall as per standards
847 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
849 sudo (1.5.2-1) unstable; urgency=LOW
851 * new upstream version
852 * cosmetic changes to debian package control files
854 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
856 sudo (1.5-2) unstable; urgency=LOW
858 * add /usr/X11R6/bin to the end of the secure path... this makes it
859 much easier to run xmkmf, etc., during package builds. To the extent
860 that /usr/local/sbin and /usr/local/bin were already included, I see
861 no security reasons not to add this.
863 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
865 sudo (1.5-1) unstable; urgency=LOW
867 * New upstream version
869 * New packaging format
871 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
873 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
877 * hard code SECURE_PATH to:
878 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
882 * enabled EXEMPTGROUP "sudo"
884 * moved timestamp dir to /var/log/sudo
886 * changed parser to check for long and short filenames (Bug#1162)
888 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
892 * New upstream source
894 * Fixed postinst script
895 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
897 * Removed special shadow binary. This version works with and without
898 shadow password file.
900 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
904 * Corrected editor path to /bin/ae (Bug#3062)
906 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
908 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
912 * New upstream version
914 * Changed sudoers permission to 440 (owner root, group root) to make
917 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
921 * Applied upstream patch 1
923 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
927 * Applied upstream patch 2
929 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
933 * Applied upstream patch 3 (fixes problems with an NFS-mounted
937 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
941 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
942 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
944 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
948 * Applied upstream patch 4 (fixes several bugs)
950 * Changed priority to optional
952 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
956 * Corrected postinst to create correct permission for /etc/sudoers
959 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
963 * New upstream version
966 sudo (1.4.4-2) admin; urgency=HIGH
968 * Fixed major security bug reported by Peter Tobias
969 <tobias@et-inf.fho-emden.de>
970 * Added dchanges support to debian.rules
972 sudo (1.4.5-1) admin; urgency=LOW
974 * New upstream version
975 * Minor changes to debian.rules