1 sudo (1.8.3p2-2) unstable; urgency=low
3 * patch to actually use hardening build flags, closes: #655417
5 -- Bdale Garbee <bdale@gag.com> Mon, 19 Mar 2012 14:58:39 +0100
7 sudo (1.8.3p2-1) unstable; urgency=high
9 * new upstream version, closes: #657985 (CVE-2012-0809)
10 * patch from Pino Toscano to only use selinux on Linux, closes: #655894
12 -- Bdale Garbee <bdale@gag.com> Mon, 30 Jan 2012 16:11:54 -0700
14 sudo (1.8.3p1-3) unstable; urgency=low
16 * patch from Moritz Muehlenhoff enables hardened build flags, closes: #655417
17 * replacement postinst script from Mike Beattie using shell instead of Perl
18 * include systemd service file from Michael Stapelberg, closes: #639633
19 * add init.d status support, closes: #641782
20 * make sudo-ldap package manage a sudoers entry in nsswitch.conf,
21 closes: #610600, #639530
22 * enable mail_badpass in the default sudoers file, closes: #641218
23 * enable selinux support, closes: #655510
25 -- Bdale Garbee <bdale@gag.com> Wed, 11 Jan 2012 16:18:13 -0700
27 sudo (1.8.3p1-2) unstable; urgency=low
29 * if upgrading from squeeze, and the sudoers file is unmodified, avoid
30 the packaging system prompting the user about a change they didn't make
31 now that sudoers is a conffile, closes: #612532, #636049
32 * add a recommendation for the use of visudo to the sudoers.d/README file,
35 -- Bdale Garbee <bdale@gag.com> Sat, 12 Nov 2011 16:27:13 -0700
37 sudo (1.8.3p1-1) unstable; urgency=low
39 * new upstream version, closes: #646478
41 -- Bdale Garbee <bdale@gag.com> Thu, 27 Oct 2011 01:03:44 +0200
43 sudo (1.8.3-1) unstable; urgency=low
45 * new upstream version, closes: #639391, #639568
47 -- Bdale Garbee <bdale@gag.com> Sat, 22 Oct 2011 23:49:16 -0600
49 sudo (1.8.2-2) unstable; urgency=low
52 * debian/rules improvements, closes: #642535
53 + mv upstream sample.* files to the examples folder.
54 - do not call dh_installexamples.
57 * patch from upstream for SIGBUS on sparc64, closes: #640304
58 * use common-session-noninteractive in the pam config to reduce log noise
59 when sudo is used in cron, etc, closes: #519700
60 * patch from Steven McDonald to fix segfault on startup under certain
61 conditions, closes: #639568
62 * add a NEWS entry regarding the secure_path change made in 1.8.2-1,
65 -- Bdale Garbee <bdale@gag.com> Mon, 26 Sep 2011 21:55:56 -0600
67 sudo (1.8.2-1) unstable; urgency=low
69 * new upstream version, closes: #637449, #621830
70 * include common-session in pam config, closes: #519700, #607199
71 * move secure_path from configure to default sudoers, closes: #85123, 85917
72 * improve sudoers self-documentation, closes: #613639
73 * drop --disable-setresuid since modern systems should not run 2.2 kernels
74 * lose the --with-devel configure option since it's breaking builds in
75 subdirectories for some reason
77 -- Bdale Garbee <bdale@gag.com> Wed, 24 Aug 2011 13:33:11 -0600
79 sudo (1.7.4p6-1) unstable; urgency=low
81 * new upstream version
82 * touch the right stamp name after configuring, closes: #611287
83 * patch from Svante Signell to fix build problem on Hurd, closes: #611290
85 -- Bdale Garbee <bdale@gag.com> Wed, 09 Feb 2011 11:32:58 -0700
87 sudo (1.7.4p4-6) unstable; urgency=low
89 * update /etc/sudoers.d/README now that sudoers is a conffile
90 * patch from upstream to fix special case in password checking code
91 when only the gid is changing, closes: #609641
93 -- Bdale Garbee <bdale@gag.com> Tue, 11 Jan 2011 10:22:39 -0700
95 sudo (1.7.4p4-5) unstable; urgency=low
97 * patch from Jakub Wilk to add noopt and nostrip build option support,
99 * make sudoers a conffile, closes: #605130
100 * add descriptions to LSB init headers, closes: #604619
101 * change default sudoers %sudo entry to allow gid changes, closes: #602699
102 * add Vcs entries to the control file
103 * use debhelper install files instead of explicit installs in rules
105 -- Bdale Garbee <bdale@gag.com> Wed, 01 Dec 2010 20:32:31 -0700
107 sudo (1.7.4p4-4) unstable; urgency=low
109 * patch from upstream to resolve problem always prompting for a password
110 when run without a tty, closes: #599376
111 * patch from upstream to resolve interoperability problem between HOME in
112 env_keep and the -H flag, closes: #596493
113 * change path syntax to avoid tar error when /var/run/sudo exists but is
114 empty, closes: #598877
116 -- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600
118 sudo (1.7.4p4-3) unstable; urgency=low
120 * make postinst clause for handling /var/run -> /var/lib transition less
121 fragile, closes: #585514
122 * cope with upstream's Makefile trying to install ChangeLog in our doc
123 directory, closes: #597389
124 * fix README.Debian to reflect that HOME is no longer preserved by default,
127 -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
129 sudo (1.7.4p4-2) unstable; urgency=low
131 * add a NEWS item about change in $HOME handling that impacts programs
134 -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
136 sudo (1.7.4p4-1) unstable; urgency=high
138 * new upstream version, urgency high due to fix for flaw in Runas group
139 matching (CVE-2010-2956), closes: #595935
140 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
141 re-lecturing existing users, and to clean up after ourselves on upgrade,
142 and remove the RAMRUN section from README.Debian since the new state dir
143 should fix the original problem, closes: #585514
144 * deliver README.Debian to both package flavors, closes: #593579
146 -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600
148 sudo (1.7.2p7-1) unstable; urgency=high
150 * new upstream release with security fix for secure path (CVE-2010-1646),
152 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
153 about whether to give the lecture is preserved across reboots even when
154 RAMRUN is set, closes: #581393
155 * add a note to README.Debian about LDAP needing an entry in
156 /etc/nsswitch.conf, closes: #522065
157 * add a note to README.Debian about how to turn off lectures if using
158 RAMRUN in /etc/default/rcS, closes: #581393
160 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
162 sudo (1.7.2p6-1) unstable; urgency=low
164 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
166 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
168 sudo (1.7.2p5-1) unstable; urgency=low
170 * new upstream release, closes a bug filed upstream regarding missing man
171 page processing scripts in the 1.7.2p1 tarball, also includes the fix
172 for CVE-2010-0426 previously the subject of a security team nmu
173 * move to source format 3.0 (quilt) and restructure changes as patches
174 * fix unprocessed substitution variables in man pages, closes: #557204
175 * apply patch from Neil Moore to fix Debian-specific content in the
176 visudo man page, closes: #555013
177 * update descriptions to better explain sudo-ldap, closes: #573108
178 * eliminate spurious 'and' in man page, closes: #571620
179 * fix confusing text in default sudoers, closes: #566607
181 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
183 sudo (1.7.2p1-1) unstable; urgency=low
185 * new upstream version
186 * add support for /etc/sudoers.d using #includedir in default sudoers,
187 which I think is also a good solution to the request for a crontab-like
188 API requested in March of 2001, closes: #539994, #271813, #89743
189 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
191 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
193 sudo (1.7.2-2) unstable; urgency=low
195 * further improve initial sudoers to not include the NOPASSWD option on
196 the group sudo exception, closes: #539136, #198991
198 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
200 sudo (1.7.2-1) unstable; urgency=low
202 * new upstream version, closes: #537103
203 * improve initial sudoers by having the exemption for users in group
204 sudo on by default, and including the ability to run any command as
205 any user. This makes the default install roughly equivalent to our
206 old use of the --with-exempt=sudo build option, closes: #536220, #536222
208 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
210 sudo (1.7.0-1) unstable; urgency=low
212 * new upstream version, closes: #510179, #128268, #520274, #508514
213 * fix ldap config file path for sudo-ldap package, including creating
214 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
215 package, closes: #430826
216 * fix NOPASSWD entry location in default config file for the sudo-ldap
217 instance too, closes: #479616
219 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
221 sudo (1.6.9p17-2) unstable; urgency=high
223 * patch from upstream to fix privilege escalation with certain
224 configurations, CVE-2009-0034
225 * typo in sudoers man page, closes: #507163
227 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
229 sudo (1.6.9p17-1) unstable; urgency=low
231 * new upstream version, closes: #481008
232 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
233 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
234 in move from CVS to git for package management, closes: #475821
235 * re-instate the init.d for the sudo-ldap package too... /o\
237 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
239 sudo (1.6.9p15-2) unstable; urgency=low
241 * revert the fix for 388659 such that visudo once again defaults to using
242 /usr/bin/editor. I was always ambivalent about this change, it has caused
243 more confusion and frustration than it cured, and I find Justin's line of
244 reasoning persuasive. Update the man page source to reflect this choice
245 and the related use of --with-env-editor. Closes: #474197.
246 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
248 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
250 sudo (1.6.9p15-1) unstable; urgency=low
252 * new upstream version, closes: #467126, #473337
253 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
254 thanks to Justin Pryzby for pointing this out
255 * reinstate the init.d, since bootclean doesn't quite do what we want. This
256 also means we don't need the preinst scripts any more. Update the lintian
257 overrides since postinst is a Perl script lintian apparently isn't parsing
258 well. closes: #330868
260 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
262 sudo (1.6.9p12-1) unstable; urgency=low
264 * new upstream version, closes: #464890
266 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
268 sudo (1.6.9p11-3) unstable; urgency=low
270 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
272 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
274 sudo (1.6.9p11-2) unstable; urgency=low
276 * update version compared in preinst when removing obsolete init.d,
278 * implement pam session config suggestions from Elizabeth Fong,
279 closes: #452457, #402329
281 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
283 sudo (1.6.9p11-1) unstable; urgency=low
285 * new upstream version
287 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
289 sudo (1.6.9p10-1) unstable; urgency=low
291 * new upstream version
292 * tweak default password prompt as %u doesn't make sense. Accept patch from
293 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
294 uses it by default, closes: #454409
295 * accept patch from Martin Pitt that adds a prerm making it difficult to
296 "accidentally" remove sudo when there is no root password set on the
297 system, closes: #451241
299 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
301 sudo (1.6.9p9-1) unstable; urgency=low
303 * new upstream version
304 * debian/rules: configure a more informative default password prompt to
305 reduce confusion when using sudo to invoke commands which also ask for
306 passwords, closes: #343268
307 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
308 a custom prompt, closes: #448628.
309 * fix configure's ability to discover that libc has dirfd, closes: #451324
310 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
311 the command 'visudo' invokes a vi variant by default as documented,
314 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
316 sudo (1.6.9p6-1) unstable; urgency=low
318 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
319 closes: #434832, #434608, #430382
320 * eliminate the now-redundant init.d scripts, closes: #397090
321 * fix typo in TROUBLESHOOTING file, closes: #439624
323 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
325 sudo (1.6.8p12-6) unstable; urgency=low
327 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
328 * have init.d touch directories in /var/run/sudo, not just files, as a
330 * fix various typos in sudoers.pod, closes: #419749
331 * don't let Makefile strip binaries, closes: #438073
333 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
335 sudo (1.6.8p12-5) unstable; urgency=low
337 * update debian/copyright to reflect new upstream URL, closes: #368746
338 * add sandwich cartoon URL to the README.Debian
339 * don't remove sudoers on purge. can cause problems when moving between
340 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
341 evil choice for now, closes: #401366
342 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
344 * accept patch that improves debian/rules from Ted Percival, closes: #382122
345 * no longer build with --with-exempt=sudo, provide an example entry in the
346 default sudoers file instead, closes: #296605
347 * add --with-devel to configure and augment build dependencies so that flex
348 and yacc files get re-generated on every build, closes: #316249
350 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
352 sudo (1.6.8p12-4) unstable; urgency=low
354 * patch from Petter Reinholdtsen for the LSB info block in the init.d
355 script, closes: #361055
356 * deliver sudoers sample again, closes: #361593
358 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
360 sudo (1.6.8p12-3) unstable; urgency=low
362 * force-feed configure knowledge of nroff's path so we get unformatted man
363 pages installed without build-depending on groff-base, closes: #360894
364 * add a reference to OPTIONS in the man page, closes: #186226
366 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
368 sudo (1.6.8p12-2) unstable; urgency=low
370 * fix typos in init scripts, closes: #346325
371 * update to debhelper compat level 5
372 * build depend on autotools-dev to ensure config.sub/guess are fresh
373 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
374 use it here as well. Thanks to Martin and the debian-security team.
375 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
376 closes: #315115, #315718, #203874
377 * Non-maintainer upload by the Security Team
378 * Reworked the former patch to limit environment variables from being
379 passed through, set env_reset as default instead [sudo.c, env.c,
380 sudoers.pod, Bug#342948, CVE-2005-4158]
381 * env_reset is now set by default
382 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
383 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
384 (in addition to the SUDO_* variables)
385 * Rebuild sudoers.man.in from the POD file
386 * Added README.Debian
387 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
388 * simplify rules file by using more of Makefile, despite having to override
389 default directories with more arguments to configure, closes: #292833
390 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
391 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
392 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
393 unresolveable (requires adding bison as build dep), closes: #314949
395 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
397 sudo (1.6.8p12-1) unstable; urgency=low
399 * new upstream version, closes: #342948 (CVE-2005-4158)
400 * add env_reset to the sudoers file we create if none already exists,
401 as a further precaution in response to discussion about CVS-2005-4158
402 * split ldap support into a new sudo-ldap package. I was trying to avoid
403 doing this, but the impact of going from 4 to 17 linked shlibs on the
404 autobuilder chroots is sufficient motivation for me.
407 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
409 sudo (1.6.8p9-4) unstable; urgency=low
411 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
412 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
413 timestamps in the init.d script, closes: #330868
414 * add dependency header to init.d script, closes: #332849
416 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
418 sudo (1.6.8p9-3) unstable; urgency=high
420 * update debhelper compatibility level from 2 to 4
421 * add man page symlink for sudoedit
422 * Clean SHELLOPTS and PS4 from the environment before executing programs
423 with sudo permissions [env.c, CAN-2005-2959]
424 * fix typo in manpage pointed out by Moray Allen, closes: #285995
425 * fix paths in sample complex sudoers file, closes: #303542
426 * fix type in sudoers man page, closes: #311244
428 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
430 sudo (1.6.8p9-2) unstable; urgency=high
432 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
435 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
437 sudo (1.6.8p9-1) unstable; urgency=high
439 * new upstream version, fixes a race condition in sudo's pathname
440 validation, which is a security issue (CAN-2005-1993),
441 closes: #315115, #315718
443 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
445 sudo (1.6.8p7-1) unstable; urgency=low
447 * new upstream version, closes: #299585
448 * update lintian overrides to squelch the postinst warning
449 * change sudoedit from a hard to a soft link, closes: #296896
450 * fix regex doc in sudoers man page, closes: #300361
452 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
454 sudo (1.6.8p5-1) unstable; urgency=high
456 * new upstream version
457 * restores ability to use config tuples without a value, which was causing
458 problems on upgrade closes: #283306
459 * deliver sudoedit, closes: #283078
460 * marking urgency high since 283306 is a serious upgrade incompatibility
462 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
464 sudo (1.6.8p3-2) unstable; urgency=high
466 * update pam.d deliverable so ldap works again, closes: #282191
468 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
470 sudo (1.6.8p3-1) unstable; urgency=high
472 * new upstream version, fixes a flaw in sudo's environment sanitizing that
473 could allow a malicious user with permission to run a shell script that
474 utilized the bash shell to run arbitrary commands, closes: #281665
475 * patch the sample sudoers to have the proper path for kill on Debian
476 systems, closes: #263486
477 * patch the sudo manpage to reflect Debian's choice of exempt_group
478 default setting, closes: #236465
479 * patch the sudo manpage to reflect Debian's choice of no timeout on the
480 password prompt, closes: #271194
482 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
484 sudo (1.6.7p5-2) unstable; urgency=low
486 * Jeff Bailey reports that seteuid works on current sparc systems, so we
487 no longer need the "grosshack" stuff in the sudo rules file
488 * add a postrm that removes /etc/sudoers on purge. don't do this with the
489 normal conffile mechanism since it would generate noise on every upgrade,
492 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
494 sudo (1.6.7p5-1) unstable; urgency=low
496 * new upstream version, closes: #190265, #193222, #197244
497 * change from '.' to ':' in postinst chown call, closes: #208369
499 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
501 sudo (1.6.7p3-2) unstable; urgency=low
503 * add --disable-setresuid to configure call since 2.2 kernels don't support
504 setresgid, closes: #189044
505 * cosmetic cleanups to debian/rules as long as I'm there
507 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
509 sudo (1.6.7p3-1) unstable; urgency=low
511 * new upstream version
512 * add overrides to quiet lintian about things it doesn't understand,
513 except the source one that can't be overridden until 129510 is fixed
515 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
517 sudo (1.6.6-3) unstable; urgency=low
519 * add code to rules file to update config.sub/guess, closes: #164501
521 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
523 sudo (1.6.6-2) unstable; urgency=low
525 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
526 configure, and lose the build dependency on mail-transport-agent
527 * incorporate changes from LaMont's NMU, closes: #144665, #144737
528 * update init.d to not try and set time on nonexistent timestamp files,
530 * build with --with-all-insults, admin must edit sudoers to turn insults
531 on at runtime if desired, closes: #135374
532 * stop setting /usr/doc symlink in postinst
534 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
536 sudo (1.6.6-1.1) unstable; urgency=high
538 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
539 * Revert patch to auth/pam.c that left pass uninitialized, causing a
540 segfault (Closes: #144665).
542 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
544 sudo (1.6.6-1) unstable; urgency=high
546 * new upstream version, fixes security problem with crafty prompts,
549 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
551 sudo (1.6.5p1-4) unstable; urgency=high
553 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
554 if ctrl/C'ed at password prompt, closes: #131235
556 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
558 sudo (1.6.5p1-3) unstable; urgency=high
560 * ugly hack to add --disable-saved-ids when building on sparc in response
561 to 131592, which will be reassigned to glibc for a real fix
562 * urgency high since the sudo currently in testing for sparc is worthless
564 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
566 sudo (1.6.5p1-2) unstable; urgency=high
568 * patch from upstream to fix seg faults caused by versions of pam that
569 follow a NULL pointer, closes: #129512
571 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
573 sudo (1.6.5p1-1) unstable; urgency=high
575 * new upstream version
576 * add --disable-root-mailer option supported by new version to configure
577 call in rules file, closes: #129648
579 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
581 sudo (1.6.4p1-1) unstable; urgency=high
583 * new upstream version, with fix for segfaulting problem in 1.6.4
585 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
587 sudo (1.6.4-1) unstable; urgency=high
589 * new upstream version, includes an important security fix, closes: #127576
591 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
593 sudo (1.6.3p7-5) unstable; urgency=low
595 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
596 * fix spelling error in init.d, closes: #126847
598 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
600 sudo (1.6.3p7-4) unstable; urgency=medium
602 * use touch to set status files to an ancient date instead of removing them
603 outright on reboot. this achieves the desired effect of keeping elevated
604 privs from living across reboots, without forcing everyone to see the
605 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
606 for systems with good clocks, and 'recent enough' that broken PC hardware
607 setting the clock to commonly-seen bogus dates trips over the "don't trust
608 future timestamps" rule. closes: #76529, #123559
609 * apply patch from Steve Langasek to fix seg faults due to interaction with
610 PAM code. upstream confirms the problem, and says they're fixing this
611 differently for their next release... but this should be useful in the
612 meantime, and would be good to get into woody. closes: #119147
613 * only run the init.d at boot, not on each runlevel change... and don't run
614 it during package configure. closes: #125935
615 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
617 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
619 sudo (1.6.3p7-3) unstable; urgency=low
621 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
622 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
623 * fix a typo in the manpage, closes: #97368
624 * apply patch to configure.in and run autoconf to fix problem building on
625 the hurd, closes: #96325
626 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
627 to not last across reboots, closes: #76529
628 * clean up lintian-noticed cosmetic packaging issues
630 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
632 sudo (1.6.3p7-2) unstable; urgency=low
634 * update config.sub/guess for hppa support
636 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
638 sudo (1.6.3p7-1) unstable; urgency=low
640 * new upstream version
641 * add build dependency on mail-transport-agent, closes: #90685
643 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
645 sudo (1.6.3p6-1) unstable; urgency=high
647 * new upstream version, fixes buffer overflow problem,
648 closes: #87259, #87278, #87263
649 * revert to using --with-secure-path option at build time, since the option
650 available in sudoers is parsed too late to be useful, and upstream says
651 it won't get fixed quickly. This reopens 85123, which I will mark as
652 forwarded. Closes: #86199, #86117, #85676
654 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
656 sudo (1.6.3p5-2) unstable; urgency=low
658 * lose the dh_suidregister call since it's obsolete
659 * stop using the --with-secure-path option at build time, and instead show
660 how to set it in sudoers. Closes: #85123
661 * freshen config.sub and config.guess for ia64 and hppa
662 * update sudoers man page to indicate exempt_group is on by default,
665 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
667 sudo (1.6.3p5-1) unstable; urgency=low
669 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
670 * this version restores core dumps before the exec, while leaving them
671 disabled during sudo's internal execution, closes: #58289
672 * update debhelper calls in rules file
674 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
676 sudo (1.6.2p2-1) frozen unstable; urgency=medium
678 * new upstream source resulting from direct collaboration with the upstream
679 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
680 Closes: #56129, #55978, #55979, #56550, #56772
681 * include more upstream documentation, closes: #55054
682 * pam.d fragment update, closes: #56129
684 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
686 sudo (1.6.1-1) unstable; urgency=low
688 * new upstream source, closes: #52750
690 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
692 sudo (1.6-2) unstable; urgency=low
694 * drop suidregister support for this package. The sudo executable is
695 essentially worthless unless it is setuid root, and making suidregister
696 work involves shipping a non-setuid executable in the .deb and setting the
697 perms in the postinst. On a long upgrade run, this can leave the sudo
698 executable 'broken' for a long time, which is unacceptable. With this
699 version, we ship the executable setuid root in the .deb. Closes: #51742
701 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
703 sudo (1.6-1) unstable; urgency=low
705 * new upstream version, many options previously set at compile-time are now
706 configurable at runtime.
707 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
710 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
712 sudo (1.5.9p4-1) unstable; urgency=low
714 * new upstream version, closes: #43464
715 * empty password handling was fixed in 1.5.8, closes: #31863
717 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
719 sudo (1.5.9p1-1) unstable; urgency=low
721 * new upstream version
723 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
725 sudo (1.5.8p1-1) unstable; urgency=medium
727 * new upstream version, closes 33690
728 * add dependency on libpam-modules, closes 34215, 33432
730 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
732 sudo (1.5.7p4-2) unstable; urgency=medium
734 * update the pam fragment provided so that sudo works with latest pam bits,
737 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
739 sudo (1.5.7p4-1) unstable; urgency=low
741 * new upstream release
743 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
745 sudo (1.5.6p5-1) unstable; urgency=low
747 * new upstream patch release
748 * add PAM support, closes 28594
750 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
752 sudo (1.5.6p2-2) unstable; urgency=low
754 * update copyright file, closes 24136
755 * review and close forwarded bugs believed fixed in this upstream version,
758 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
760 sudo (1.5.6p2-1) unstable; urgency=low
762 * new upstream release
764 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
766 sudo (1.5.4-4) frozen unstable; urgency=low
768 * update postinst to use groupadd, closes 21403
769 * move the suidregister stuff earlier in postinst to ensure it always runs
771 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
773 sudo (1.5.4-3) frozen unstable; urgency=low
775 * change /etc/sudoers from a conffile to being handled in postinst,
777 * add suidmanager support, closes 15711
778 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
779 unlikely to ever fix, and which just don't matter. closes 17146
780 * fix FSF address in copyright file, and submit exception for lintian
781 warning about sudo being setuid root
783 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
785 sudo (1.5.4-2) unstable; urgency=high
787 * patch from upstream author correcting/improving security fix
789 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
791 sudo (1.5.4-1) unstable; urgency=high
793 * new upstream version, includes a security fix
794 * change default editor from /bin/ae to /usr/bin/editor
796 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
798 sudo (1.5.3-1) unstable; urgency=medium
800 * new upstream version, closes bug 15911.
801 * rules file reworked to use debhelper
802 * implement a really gross hack to force use of the sudo-provided
803 lsearch(), since the one in libc6 is broken! This closes bugs
804 12552, 12557, 14881, 15259, 15916.
806 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
808 sudo (1.5.2-6) unstable; urgency=LOW
810 * don't install INSTALL in the doc directory, closes bug 13195.
812 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
814 sudo (1.5.2-5) unstable; urgency=LOW
818 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
820 sudo (1.5.2-4) unstable; urgency=LOW
822 * change TIMEOUT (how long before you have to type your password again)
823 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
824 packages on slower machines much more tolerable. Closes bug 9076.
825 * touch debian/suid before debstd. Closes bug 8709.
827 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
829 sudo (1.5.2-3) frozen unstable; urgency=LOW
831 * patch from upstream maintainer to close Bug 6828
832 * add a debian/suid file to get debstd to leave my perl postinst alone
834 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
836 sudo (1.5.2-2) frozen unstable; urgency=LOW
838 * change rules to use -O2 -Wall as per standards
840 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
842 sudo (1.5.2-1) unstable; urgency=LOW
844 * new upstream version
845 * cosmetic changes to debian package control files
847 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
849 sudo (1.5-2) unstable; urgency=LOW
851 * add /usr/X11R6/bin to the end of the secure path... this makes it
852 much easier to run xmkmf, etc., during package builds. To the extent
853 that /usr/local/sbin and /usr/local/bin were already included, I see
854 no security reasons not to add this.
856 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
858 sudo (1.5-1) unstable; urgency=LOW
860 * New upstream version
862 * New packaging format
864 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
866 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
870 * hard code SECURE_PATH to:
871 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
875 * enabled EXEMPTGROUP "sudo"
877 * moved timestamp dir to /var/log/sudo
879 * changed parser to check for long and short filenames (Bug#1162)
881 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
885 * New upstream source
887 * Fixed postinst script
888 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
890 * Removed special shadow binary. This version works with and without
891 shadow password file.
893 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
897 * Corrected editor path to /bin/ae (Bug#3062)
899 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
901 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
905 * New upstream version
907 * Changed sudoers permission to 440 (owner root, group root) to make
910 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
914 * Applied upstream patch 1
916 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
920 * Applied upstream patch 2
922 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
926 * Applied upstream patch 3 (fixes problems with an NFS-mounted
930 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
934 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
935 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
937 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
941 * Applied upstream patch 4 (fixes several bugs)
943 * Changed priority to optional
945 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
949 * Corrected postinst to create correct permission for /etc/sudoers
952 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
956 * New upstream version
959 sudo (1.4.4-2) admin; urgency=HIGH
961 * Fixed major security bug reported by Peter Tobias
962 <tobias@et-inf.fho-emden.de>
963 * Added dchanges support to debian.rules
965 sudo (1.4.5-1) admin; urgency=LOW
967 * New upstream version
968 * Minor changes to debian.rules