1 sudo (1.8.3p1-3) unstable; urgency=low
3 * patch from Moritz Muehlenhoff enables hardened build flags, closes: #655417
4 * replacement postinst script from Mike Beattie using shell instead of Perl
5 * include systemd service file from Michael Stapelberg, closes: #639633
7 -- Bdale Garbee <bdale@gag.com> Wed, 11 Jan 2012 12:38:28 -0700
9 sudo (1.8.3p1-2) unstable; urgency=low
11 * if upgrading from squeeze, and the sudoers file is unmodified, avoid
12 the packaging system prompting the user about a change they didn't make
13 now that sudoers is a conffile, closes: #612532, #636049
14 * add a recommendation for the use of visudo to the sudoers.d/README file,
17 -- Bdale Garbee <bdale@gag.com> Sat, 12 Nov 2011 16:27:13 -0700
19 sudo (1.8.3p1-1) unstable; urgency=low
21 * new upstream version, closes: #646478
23 -- Bdale Garbee <bdale@gag.com> Thu, 27 Oct 2011 01:03:44 +0200
25 sudo (1.8.3-1) unstable; urgency=low
27 * new upstream version, closes: #639391, #639568
29 -- Bdale Garbee <bdale@gag.com> Sat, 22 Oct 2011 23:49:16 -0600
31 sudo (1.8.2-2) unstable; urgency=low
34 * debian/rules improvements, closes: #642535
35 + mv upstream sample.* files to the examples folder.
36 - do not call dh_installexamples.
39 * patch from upstream for SIGBUS on sparc64, closes: #640304
40 * use common-session-noninteractive in the pam config to reduce log noise
41 when sudo is used in cron, etc, closes: #519700
42 * patch from Steven McDonald to fix segfault on startup under certain
43 conditions, closes: #639568
44 * add a NEWS entry regarding the secure_path change made in 1.8.2-1,
47 -- Bdale Garbee <bdale@gag.com> Mon, 26 Sep 2011 21:55:56 -0600
49 sudo (1.8.2-1) unstable; urgency=low
51 * new upstream version, closes: #637449, #621830
52 * include common-session in pam config, closes: #519700, #607199
53 * move secure_path from configure to default sudoers, closes: #85123, 85917
54 * improve sudoers self-documentation, closes: #613639
55 * drop --disable-setresuid since modern systems should not run 2.2 kernels
56 * lose the --with-devel configure option since it's breaking builds in
57 subdirectories for some reason
59 -- Bdale Garbee <bdale@gag.com> Wed, 24 Aug 2011 13:33:11 -0600
61 sudo (1.7.4p6-1) unstable; urgency=low
63 * new upstream version
64 * touch the right stamp name after configuring, closes: #611287
65 * patch from Svante Signell to fix build problem on Hurd, closes: #611290
67 -- Bdale Garbee <bdale@gag.com> Wed, 09 Feb 2011 11:32:58 -0700
69 sudo (1.7.4p4-6) unstable; urgency=low
71 * update /etc/sudoers.d/README now that sudoers is a conffile
72 * patch from upstream to fix special case in password checking code
73 when only the gid is changing, closes: #609641
75 -- Bdale Garbee <bdale@gag.com> Tue, 11 Jan 2011 10:22:39 -0700
77 sudo (1.7.4p4-5) unstable; urgency=low
79 * patch from Jakub Wilk to add noopt and nostrip build option support,
81 * make sudoers a conffile, closes: #605130
82 * add descriptions to LSB init headers, closes: #604619
83 * change default sudoers %sudo entry to allow gid changes, closes: #602699
84 * add Vcs entries to the control file
85 * use debhelper install files instead of explicit installs in rules
87 -- Bdale Garbee <bdale@gag.com> Wed, 01 Dec 2010 20:32:31 -0700
89 sudo (1.7.4p4-4) unstable; urgency=low
91 * patch from upstream to resolve problem always prompting for a password
92 when run without a tty, closes: #599376
93 * patch from upstream to resolve interoperability problem between HOME in
94 env_keep and the -H flag, closes: #596493
95 * change path syntax to avoid tar error when /var/run/sudo exists but is
96 empty, closes: #598877
98 -- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600
100 sudo (1.7.4p4-3) unstable; urgency=low
102 * make postinst clause for handling /var/run -> /var/lib transition less
103 fragile, closes: #585514
104 * cope with upstream's Makefile trying to install ChangeLog in our doc
105 directory, closes: #597389
106 * fix README.Debian to reflect that HOME is no longer preserved by default,
109 -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
111 sudo (1.7.4p4-2) unstable; urgency=low
113 * add a NEWS item about change in $HOME handling that impacts programs
116 -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
118 sudo (1.7.4p4-1) unstable; urgency=high
120 * new upstream version, urgency high due to fix for flaw in Runas group
121 matching (CVE-2010-2956), closes: #595935
122 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
123 re-lecturing existing users, and to clean up after ourselves on upgrade,
124 and remove the RAMRUN section from README.Debian since the new state dir
125 should fix the original problem, closes: #585514
126 * deliver README.Debian to both package flavors, closes: #593579
128 -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600
130 sudo (1.7.2p7-1) unstable; urgency=high
132 * new upstream release with security fix for secure path (CVE-2010-1646),
134 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
135 about whether to give the lecture is preserved across reboots even when
136 RAMRUN is set, closes: #581393
137 * add a note to README.Debian about LDAP needing an entry in
138 /etc/nsswitch.conf, closes: #522065
139 * add a note to README.Debian about how to turn off lectures if using
140 RAMRUN in /etc/default/rcS, closes: #581393
142 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
144 sudo (1.7.2p6-1) unstable; urgency=low
146 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
148 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
150 sudo (1.7.2p5-1) unstable; urgency=low
152 * new upstream release, closes a bug filed upstream regarding missing man
153 page processing scripts in the 1.7.2p1 tarball, also includes the fix
154 for CVE-2010-0426 previously the subject of a security team nmu
155 * move to source format 3.0 (quilt) and restructure changes as patches
156 * fix unprocessed substitution variables in man pages, closes: #557204
157 * apply patch from Neil Moore to fix Debian-specific content in the
158 visudo man page, closes: #555013
159 * update descriptions to better explain sudo-ldap, closes: #573108
160 * eliminate spurious 'and' in man page, closes: #571620
161 * fix confusing text in default sudoers, closes: #566607
163 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
165 sudo (1.7.2p1-1) unstable; urgency=low
167 * new upstream version
168 * add support for /etc/sudoers.d using #includedir in default sudoers,
169 which I think is also a good solution to the request for a crontab-like
170 API requested in March of 2001, closes: #539994, #271813, #89743
171 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
173 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
175 sudo (1.7.2-2) unstable; urgency=low
177 * further improve initial sudoers to not include the NOPASSWD option on
178 the group sudo exception, closes: #539136, #198991
180 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
182 sudo (1.7.2-1) unstable; urgency=low
184 * new upstream version, closes: #537103
185 * improve initial sudoers by having the exemption for users in group
186 sudo on by default, and including the ability to run any command as
187 any user. This makes the default install roughly equivalent to our
188 old use of the --with-exempt=sudo build option, closes: #536220, #536222
190 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
192 sudo (1.7.0-1) unstable; urgency=low
194 * new upstream version, closes: #510179, #128268, #520274, #508514
195 * fix ldap config file path for sudo-ldap package, including creating
196 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
197 package, closes: #430826
198 * fix NOPASSWD entry location in default config file for the sudo-ldap
199 instance too, closes: #479616
201 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
203 sudo (1.6.9p17-2) unstable; urgency=high
205 * patch from upstream to fix privilege escalation with certain
206 configurations, CVE-2009-0034
207 * typo in sudoers man page, closes: #507163
209 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
211 sudo (1.6.9p17-1) unstable; urgency=low
213 * new upstream version, closes: #481008
214 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
215 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
216 in move from CVS to git for package management, closes: #475821
217 * re-instate the init.d for the sudo-ldap package too... /o\
219 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
221 sudo (1.6.9p15-2) unstable; urgency=low
223 * revert the fix for 388659 such that visudo once again defaults to using
224 /usr/bin/editor. I was always ambivalent about this change, it has caused
225 more confusion and frustration than it cured, and I find Justin's line of
226 reasoning persuasive. Update the man page source to reflect this choice
227 and the related use of --with-env-editor. Closes: #474197.
228 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
230 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
232 sudo (1.6.9p15-1) unstable; urgency=low
234 * new upstream version, closes: #467126, #473337
235 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
236 thanks to Justin Pryzby for pointing this out
237 * reinstate the init.d, since bootclean doesn't quite do what we want. This
238 also means we don't need the preinst scripts any more. Update the lintian
239 overrides since postinst is a Perl script lintian apparently isn't parsing
240 well. closes: #330868
242 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
244 sudo (1.6.9p12-1) unstable; urgency=low
246 * new upstream version, closes: #464890
248 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
250 sudo (1.6.9p11-3) unstable; urgency=low
252 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
254 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
256 sudo (1.6.9p11-2) unstable; urgency=low
258 * update version compared in preinst when removing obsolete init.d,
260 * implement pam session config suggestions from Elizabeth Fong,
261 closes: #452457, #402329
263 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
265 sudo (1.6.9p11-1) unstable; urgency=low
267 * new upstream version
269 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
271 sudo (1.6.9p10-1) unstable; urgency=low
273 * new upstream version
274 * tweak default password prompt as %u doesn't make sense. Accept patch from
275 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
276 uses it by default, closes: #454409
277 * accept patch from Martin Pitt that adds a prerm making it difficult to
278 "accidentally" remove sudo when there is no root password set on the
279 system, closes: #451241
281 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
283 sudo (1.6.9p9-1) unstable; urgency=low
285 * new upstream version
286 * debian/rules: configure a more informative default password prompt to
287 reduce confusion when using sudo to invoke commands which also ask for
288 passwords, closes: #343268
289 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
290 a custom prompt, closes: #448628.
291 * fix configure's ability to discover that libc has dirfd, closes: #451324
292 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
293 the command 'visudo' invokes a vi variant by default as documented,
296 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
298 sudo (1.6.9p6-1) unstable; urgency=low
300 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
301 closes: #434832, #434608, #430382
302 * eliminate the now-redundant init.d scripts, closes: #397090
303 * fix typo in TROUBLESHOOTING file, closes: #439624
305 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
307 sudo (1.6.8p12-6) unstable; urgency=low
309 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
310 * have init.d touch directories in /var/run/sudo, not just files, as a
312 * fix various typos in sudoers.pod, closes: #419749
313 * don't let Makefile strip binaries, closes: #438073
315 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
317 sudo (1.6.8p12-5) unstable; urgency=low
319 * update debian/copyright to reflect new upstream URL, closes: #368746
320 * add sandwich cartoon URL to the README.Debian
321 * don't remove sudoers on purge. can cause problems when moving between
322 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
323 evil choice for now, closes: #401366
324 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
326 * accept patch that improves debian/rules from Ted Percival, closes: #382122
327 * no longer build with --with-exempt=sudo, provide an example entry in the
328 default sudoers file instead, closes: #296605
329 * add --with-devel to configure and augment build dependencies so that flex
330 and yacc files get re-generated on every build, closes: #316249
332 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
334 sudo (1.6.8p12-4) unstable; urgency=low
336 * patch from Petter Reinholdtsen for the LSB info block in the init.d
337 script, closes: #361055
338 * deliver sudoers sample again, closes: #361593
340 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
342 sudo (1.6.8p12-3) unstable; urgency=low
344 * force-feed configure knowledge of nroff's path so we get unformatted man
345 pages installed without build-depending on groff-base, closes: #360894
346 * add a reference to OPTIONS in the man page, closes: #186226
348 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
350 sudo (1.6.8p12-2) unstable; urgency=low
352 * fix typos in init scripts, closes: #346325
353 * update to debhelper compat level 5
354 * build depend on autotools-dev to ensure config.sub/guess are fresh
355 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
356 use it here as well. Thanks to Martin and the debian-security team.
357 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
358 closes: #315115, #315718, #203874
359 * Non-maintainer upload by the Security Team
360 * Reworked the former patch to limit environment variables from being
361 passed through, set env_reset as default instead [sudo.c, env.c,
362 sudoers.pod, Bug#342948, CVE-2005-4158]
363 * env_reset is now set by default
364 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
365 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
366 (in addition to the SUDO_* variables)
367 * Rebuild sudoers.man.in from the POD file
368 * Added README.Debian
369 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
370 * simplify rules file by using more of Makefile, despite having to override
371 default directories with more arguments to configure, closes: #292833
372 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
373 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
374 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
375 unresolveable (requires adding bison as build dep), closes: #314949
377 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
379 sudo (1.6.8p12-1) unstable; urgency=low
381 * new upstream version, closes: #342948 (CVE-2005-4158)
382 * add env_reset to the sudoers file we create if none already exists,
383 as a further precaution in response to discussion about CVS-2005-4158
384 * split ldap support into a new sudo-ldap package. I was trying to avoid
385 doing this, but the impact of going from 4 to 17 linked shlibs on the
386 autobuilder chroots is sufficient motivation for me.
389 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
391 sudo (1.6.8p9-4) unstable; urgency=low
393 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
394 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
395 timestamps in the init.d script, closes: #330868
396 * add dependency header to init.d script, closes: #332849
398 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
400 sudo (1.6.8p9-3) unstable; urgency=high
402 * update debhelper compatibility level from 2 to 4
403 * add man page symlink for sudoedit
404 * Clean SHELLOPTS and PS4 from the environment before executing programs
405 with sudo permissions [env.c, CAN-2005-2959]
406 * fix typo in manpage pointed out by Moray Allen, closes: #285995
407 * fix paths in sample complex sudoers file, closes: #303542
408 * fix type in sudoers man page, closes: #311244
410 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
412 sudo (1.6.8p9-2) unstable; urgency=high
414 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
417 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
419 sudo (1.6.8p9-1) unstable; urgency=high
421 * new upstream version, fixes a race condition in sudo's pathname
422 validation, which is a security issue (CAN-2005-1993),
423 closes: #315115, #315718
425 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
427 sudo (1.6.8p7-1) unstable; urgency=low
429 * new upstream version, closes: #299585
430 * update lintian overrides to squelch the postinst warning
431 * change sudoedit from a hard to a soft link, closes: #296896
432 * fix regex doc in sudoers man page, closes: #300361
434 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
436 sudo (1.6.8p5-1) unstable; urgency=high
438 * new upstream version
439 * restores ability to use config tuples without a value, which was causing
440 problems on upgrade closes: #283306
441 * deliver sudoedit, closes: #283078
442 * marking urgency high since 283306 is a serious upgrade incompatibility
444 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
446 sudo (1.6.8p3-2) unstable; urgency=high
448 * update pam.d deliverable so ldap works again, closes: #282191
450 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
452 sudo (1.6.8p3-1) unstable; urgency=high
454 * new upstream version, fixes a flaw in sudo's environment sanitizing that
455 could allow a malicious user with permission to run a shell script that
456 utilized the bash shell to run arbitrary commands, closes: #281665
457 * patch the sample sudoers to have the proper path for kill on Debian
458 systems, closes: #263486
459 * patch the sudo manpage to reflect Debian's choice of exempt_group
460 default setting, closes: #236465
461 * patch the sudo manpage to reflect Debian's choice of no timeout on the
462 password prompt, closes: #271194
464 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
466 sudo (1.6.7p5-2) unstable; urgency=low
468 * Jeff Bailey reports that seteuid works on current sparc systems, so we
469 no longer need the "grosshack" stuff in the sudo rules file
470 * add a postrm that removes /etc/sudoers on purge. don't do this with the
471 normal conffile mechanism since it would generate noise on every upgrade,
474 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
476 sudo (1.6.7p5-1) unstable; urgency=low
478 * new upstream version, closes: #190265, #193222, #197244
479 * change from '.' to ':' in postinst chown call, closes: #208369
481 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
483 sudo (1.6.7p3-2) unstable; urgency=low
485 * add --disable-setresuid to configure call since 2.2 kernels don't support
486 setresgid, closes: #189044
487 * cosmetic cleanups to debian/rules as long as I'm there
489 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
491 sudo (1.6.7p3-1) unstable; urgency=low
493 * new upstream version
494 * add overrides to quiet lintian about things it doesn't understand,
495 except the source one that can't be overridden until 129510 is fixed
497 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
499 sudo (1.6.6-3) unstable; urgency=low
501 * add code to rules file to update config.sub/guess, closes: #164501
503 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
505 sudo (1.6.6-2) unstable; urgency=low
507 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
508 configure, and lose the build dependency on mail-transport-agent
509 * incorporate changes from LaMont's NMU, closes: #144665, #144737
510 * update init.d to not try and set time on nonexistent timestamp files,
512 * build with --with-all-insults, admin must edit sudoers to turn insults
513 on at runtime if desired, closes: #135374
514 * stop setting /usr/doc symlink in postinst
516 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
518 sudo (1.6.6-1.1) unstable; urgency=high
520 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
521 * Revert patch to auth/pam.c that left pass uninitialized, causing a
522 segfault (Closes: #144665).
524 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
526 sudo (1.6.6-1) unstable; urgency=high
528 * new upstream version, fixes security problem with crafty prompts,
531 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
533 sudo (1.6.5p1-4) unstable; urgency=high
535 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
536 if ctrl/C'ed at password prompt, closes: #131235
538 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
540 sudo (1.6.5p1-3) unstable; urgency=high
542 * ugly hack to add --disable-saved-ids when building on sparc in response
543 to 131592, which will be reassigned to glibc for a real fix
544 * urgency high since the sudo currently in testing for sparc is worthless
546 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
548 sudo (1.6.5p1-2) unstable; urgency=high
550 * patch from upstream to fix seg faults caused by versions of pam that
551 follow a NULL pointer, closes: #129512
553 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
555 sudo (1.6.5p1-1) unstable; urgency=high
557 * new upstream version
558 * add --disable-root-mailer option supported by new version to configure
559 call in rules file, closes: #129648
561 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
563 sudo (1.6.4p1-1) unstable; urgency=high
565 * new upstream version, with fix for segfaulting problem in 1.6.4
567 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
569 sudo (1.6.4-1) unstable; urgency=high
571 * new upstream version, includes an important security fix, closes: #127576
573 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
575 sudo (1.6.3p7-5) unstable; urgency=low
577 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
578 * fix spelling error in init.d, closes: #126847
580 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
582 sudo (1.6.3p7-4) unstable; urgency=medium
584 * use touch to set status files to an ancient date instead of removing them
585 outright on reboot. this achieves the desired effect of keeping elevated
586 privs from living across reboots, without forcing everyone to see the
587 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
588 for systems with good clocks, and 'recent enough' that broken PC hardware
589 setting the clock to commonly-seen bogus dates trips over the "don't trust
590 future timestamps" rule. closes: #76529, #123559
591 * apply patch from Steve Langasek to fix seg faults due to interaction with
592 PAM code. upstream confirms the problem, and says they're fixing this
593 differently for their next release... but this should be useful in the
594 meantime, and would be good to get into woody. closes: #119147
595 * only run the init.d at boot, not on each runlevel change... and don't run
596 it during package configure. closes: #125935
597 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
599 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
601 sudo (1.6.3p7-3) unstable; urgency=low
603 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
604 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
605 * fix a typo in the manpage, closes: #97368
606 * apply patch to configure.in and run autoconf to fix problem building on
607 the hurd, closes: #96325
608 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
609 to not last across reboots, closes: #76529
610 * clean up lintian-noticed cosmetic packaging issues
612 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
614 sudo (1.6.3p7-2) unstable; urgency=low
616 * update config.sub/guess for hppa support
618 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
620 sudo (1.6.3p7-1) unstable; urgency=low
622 * new upstream version
623 * add build dependency on mail-transport-agent, closes: #90685
625 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
627 sudo (1.6.3p6-1) unstable; urgency=high
629 * new upstream version, fixes buffer overflow problem,
630 closes: #87259, #87278, #87263
631 * revert to using --with-secure-path option at build time, since the option
632 available in sudoers is parsed too late to be useful, and upstream says
633 it won't get fixed quickly. This reopens 85123, which I will mark as
634 forwarded. Closes: #86199, #86117, #85676
636 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
638 sudo (1.6.3p5-2) unstable; urgency=low
640 * lose the dh_suidregister call since it's obsolete
641 * stop using the --with-secure-path option at build time, and instead show
642 how to set it in sudoers. Closes: #85123
643 * freshen config.sub and config.guess for ia64 and hppa
644 * update sudoers man page to indicate exempt_group is on by default,
647 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
649 sudo (1.6.3p5-1) unstable; urgency=low
651 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
652 * this version restores core dumps before the exec, while leaving them
653 disabled during sudo's internal execution, closes: #58289
654 * update debhelper calls in rules file
656 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
658 sudo (1.6.2p2-1) frozen unstable; urgency=medium
660 * new upstream source resulting from direct collaboration with the upstream
661 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
662 Closes: #56129, #55978, #55979, #56550, #56772
663 * include more upstream documentation, closes: #55054
664 * pam.d fragment update, closes: #56129
666 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
668 sudo (1.6.1-1) unstable; urgency=low
670 * new upstream source, closes: #52750
672 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
674 sudo (1.6-2) unstable; urgency=low
676 * drop suidregister support for this package. The sudo executable is
677 essentially worthless unless it is setuid root, and making suidregister
678 work involves shipping a non-setuid executable in the .deb and setting the
679 perms in the postinst. On a long upgrade run, this can leave the sudo
680 executable 'broken' for a long time, which is unacceptable. With this
681 version, we ship the executable setuid root in the .deb. Closes: #51742
683 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
685 sudo (1.6-1) unstable; urgency=low
687 * new upstream version, many options previously set at compile-time are now
688 configurable at runtime.
689 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
692 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
694 sudo (1.5.9p4-1) unstable; urgency=low
696 * new upstream version, closes: #43464
697 * empty password handling was fixed in 1.5.8, closes: #31863
699 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
701 sudo (1.5.9p1-1) unstable; urgency=low
703 * new upstream version
705 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
707 sudo (1.5.8p1-1) unstable; urgency=medium
709 * new upstream version, closes 33690
710 * add dependency on libpam-modules, closes 34215, 33432
712 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
714 sudo (1.5.7p4-2) unstable; urgency=medium
716 * update the pam fragment provided so that sudo works with latest pam bits,
719 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
721 sudo (1.5.7p4-1) unstable; urgency=low
723 * new upstream release
725 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
727 sudo (1.5.6p5-1) unstable; urgency=low
729 * new upstream patch release
730 * add PAM support, closes 28594
732 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
734 sudo (1.5.6p2-2) unstable; urgency=low
736 * update copyright file, closes 24136
737 * review and close forwarded bugs believed fixed in this upstream version,
740 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
742 sudo (1.5.6p2-1) unstable; urgency=low
744 * new upstream release
746 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
748 sudo (1.5.4-4) frozen unstable; urgency=low
750 * update postinst to use groupadd, closes 21403
751 * move the suidregister stuff earlier in postinst to ensure it always runs
753 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
755 sudo (1.5.4-3) frozen unstable; urgency=low
757 * change /etc/sudoers from a conffile to being handled in postinst,
759 * add suidmanager support, closes 15711
760 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
761 unlikely to ever fix, and which just don't matter. closes 17146
762 * fix FSF address in copyright file, and submit exception for lintian
763 warning about sudo being setuid root
765 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
767 sudo (1.5.4-2) unstable; urgency=high
769 * patch from upstream author correcting/improving security fix
771 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
773 sudo (1.5.4-1) unstable; urgency=high
775 * new upstream version, includes a security fix
776 * change default editor from /bin/ae to /usr/bin/editor
778 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
780 sudo (1.5.3-1) unstable; urgency=medium
782 * new upstream version, closes bug 15911.
783 * rules file reworked to use debhelper
784 * implement a really gross hack to force use of the sudo-provided
785 lsearch(), since the one in libc6 is broken! This closes bugs
786 12552, 12557, 14881, 15259, 15916.
788 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
790 sudo (1.5.2-6) unstable; urgency=LOW
792 * don't install INSTALL in the doc directory, closes bug 13195.
794 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
796 sudo (1.5.2-5) unstable; urgency=LOW
800 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
802 sudo (1.5.2-4) unstable; urgency=LOW
804 * change TIMEOUT (how long before you have to type your password again)
805 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
806 packages on slower machines much more tolerable. Closes bug 9076.
807 * touch debian/suid before debstd. Closes bug 8709.
809 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
811 sudo (1.5.2-3) frozen unstable; urgency=LOW
813 * patch from upstream maintainer to close Bug 6828
814 * add a debian/suid file to get debstd to leave my perl postinst alone
816 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
818 sudo (1.5.2-2) frozen unstable; urgency=LOW
820 * change rules to use -O2 -Wall as per standards
822 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
824 sudo (1.5.2-1) unstable; urgency=LOW
826 * new upstream version
827 * cosmetic changes to debian package control files
829 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
831 sudo (1.5-2) unstable; urgency=LOW
833 * add /usr/X11R6/bin to the end of the secure path... this makes it
834 much easier to run xmkmf, etc., during package builds. To the extent
835 that /usr/local/sbin and /usr/local/bin were already included, I see
836 no security reasons not to add this.
838 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
840 sudo (1.5-1) unstable; urgency=LOW
842 * New upstream version
844 * New packaging format
846 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
848 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
852 * hard code SECURE_PATH to:
853 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
857 * enabled EXEMPTGROUP "sudo"
859 * moved timestamp dir to /var/log/sudo
861 * changed parser to check for long and short filenames (Bug#1162)
863 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
867 * New upstream source
869 * Fixed postinst script
870 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
872 * Removed special shadow binary. This version works with and without
873 shadow password file.
875 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
879 * Corrected editor path to /bin/ae (Bug#3062)
881 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
883 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
887 * New upstream version
889 * Changed sudoers permission to 440 (owner root, group root) to make
892 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
896 * Applied upstream patch 1
898 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
902 * Applied upstream patch 2
904 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
908 * Applied upstream patch 3 (fixes problems with an NFS-mounted
912 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
916 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
917 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
919 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
923 * Applied upstream patch 4 (fixes several bugs)
925 * Changed priority to optional
927 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
931 * Corrected postinst to create correct permission for /etc/sudoers
934 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
938 * New upstream version
941 sudo (1.4.4-2) admin; urgency=HIGH
943 * Fixed major security bug reported by Peter Tobias
944 <tobias@et-inf.fho-emden.de>
945 * Added dchanges support to debian.rules
947 sudo (1.4.5-1) admin; urgency=LOW
949 * New upstream version
950 * Minor changes to debian.rules