1 sudo (1.6.8p9-1) unstable; urgency=high
3 * new upstream version, fixes a race condition in sudo's pathname
4 validation, which is a security issue (CAN-2005-1993),
5 closes: #315115, #315718
7 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
9 sudo (1.6.8p7-1) unstable; urgency=low
11 * new upstream version, closes: #299585
12 * update lintian overrides to squelch the postinst warning
13 * change sudoedit from a hard to a soft link, closes: #296896
14 * fix regex doc in sudoers man page, closes: #300361
16 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
18 sudo (1.6.8p5-1) unstable; urgency=high
20 * new upstream version
21 * restores ability to use config tuples without a value, which was causing
22 problems on upgrade closes: #283306
23 * deliver sudoedit, closes: #283078
24 * marking urgency high since 283306 is a serious upgrade incompatibility
26 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
28 sudo (1.6.8p3-2) unstable; urgency=high
30 * update pam.d deliverable so ldap works again, closes: #282191
32 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
34 sudo (1.6.8p3-1) unstable; urgency=high
36 * new upstream version, fixes a flaw in sudo's environment sanitizing that
37 could allow a malicious user with permission to run a shell script that
38 utilized the bash shell to run arbitrary commands, closes: #281665
39 * patch the sample sudoers to have the proper path for kill on Debian
40 systems, closes: #263486
41 * patch the sudo manpage to reflect Debian's choice of exempt_group
42 default setting, closes: #236465
43 * patch the sudo manpage to reflect Debian's choice of no timeout on the
44 password prompt, closes: #271194
46 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
48 sudo (1.6.7p5-2) unstable; urgency=low
50 * Jeff Bailey reports that seteuid works on current sparc systems, so we
51 no longer need the "grosshack" stuff in the sudo rules file
52 * add a postrm that removes /etc/sudoers on purge. don't do this with the
53 normal conffile mechanism since it would generate noise on every upgrade,
56 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
58 sudo (1.6.7p5-1) unstable; urgency=low
60 * new upstream version, closes: #190265, #193222, #197244
61 * change from '.' to ':' in postinst chown call, closes: #208369
63 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
65 sudo (1.6.7p3-2) unstable; urgency=low
67 * add --disable-setresuid to configure call since 2.2 kernels don't support
68 setresgid, closes: #189044
69 * cosmetic cleanups to debian/rules as long as I'm there
71 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
73 sudo (1.6.7p3-1) unstable; urgency=low
75 * new upstream version
76 * add overrides to quiet lintian about things it doesn't understand,
77 except the source one that can't be overridden until 129510 is fixed
79 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
81 sudo (1.6.6-3) unstable; urgency=low
83 * add code to rules file to update config.sub/guess, closes: #164501
85 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
87 sudo (1.6.6-2) unstable; urgency=low
89 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
90 configure, and lose the build dependency on mail-transport-agent
91 * incorporate changes from LaMont's NMU, closes: #144665, #144737
92 * update init.d to not try and set time on nonexistent timestamp files,
94 * build with --with-all-insults, admin must edit sudoers to turn insults
95 on at runtime if desired, closes: #135374
96 * stop setting /usr/doc symlink in postinst
98 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
100 sudo (1.6.6-1.1) unstable; urgency=high
102 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
103 * Revert patch to auth/pam.c that left pass uninitialized, causing a
104 segfault (Closes: #144665).
106 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
108 sudo (1.6.6-1) unstable; urgency=high
110 * new upstream version, fixes security problem with crafty prompts,
113 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
115 sudo (1.6.5p1-4) unstable; urgency=high
117 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
118 if ctrl/C'ed at password prompt, closes: #131235
120 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
122 sudo (1.6.5p1-3) unstable; urgency=high
124 * ugly hack to add --disable-saved-ids when building on sparc in response
125 to 131592, which will be reassigned to glibc for a real fix
126 * urgency high since the sudo currently in testing for sparc is worthless
128 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
130 sudo (1.6.5p1-2) unstable; urgency=high
132 * patch from upstream to fix seg faults caused by versions of pam that
133 follow a NULL pointer, closes: #129512
135 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
137 sudo (1.6.5p1-1) unstable; urgency=high
139 * new upstream version
140 * add --disable-root-mailer option supported by new version to configure
141 call in rules file, closes: #129648
143 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
145 sudo (1.6.4p1-1) unstable; urgency=high
147 * new upstream version, with fix for segfaulting problem in 1.6.4
149 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
151 sudo (1.6.4-1) unstable; urgency=high
153 * new upstream version, includes an important security fix, closes: #127576
155 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
157 sudo (1.6.3p7-5) unstable; urgency=low
159 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
160 * fix spelling error in init.d, closes: #126847
162 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
164 sudo (1.6.3p7-4) unstable; urgency=medium
166 * use touch to set status files to an ancient date instead of removing them
167 outright on reboot. this achieves the desired effect of keeping elevated
168 privs from living across reboots, without forcing everyone to see the
169 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
170 for systems with good clocks, and 'recent enough' that broken PC hardware
171 setting the clock to commonly-seen bogus dates trips over the "don't trust
172 future timestamps" rule. closes: #76529, #123559
173 * apply patch from Steve Langasek to fix seg faults due to interaction with
174 PAM code. upstream confirms the problem, and says they're fixing this
175 differently for their next release... but this should be useful in the
176 meantime, and would be good to get into woody. closes: #119147
177 * only run the init.d at boot, not on each runlevel change... and don't run
178 it during package configure. closes: #125935
179 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
181 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
183 sudo (1.6.3p7-3) unstable; urgency=low
185 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
186 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
187 * fix a typo in the manpage, closes: #97368
188 * apply patch to configure.in and run autoconf to fix problem building on
189 the hurd, closes: #96325
190 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
191 to not last across reboots, closes: #76529
192 * clean up lintian-noticed cosmetic packaging issues
194 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
196 sudo (1.6.3p7-2) unstable; urgency=low
198 * update config.sub/guess for hppa support
200 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
202 sudo (1.6.3p7-1) unstable; urgency=low
204 * new upstream version
205 * add build dependency on mail-transport-agent, closes: #90685
207 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
209 sudo (1.6.3p6-1) unstable; urgency=high
211 * new upstream version, fixes buffer overflow problem,
212 closes: #87259, #87278, #87263
213 * revert to using --with-secure-path option at build time, since the option
214 available in sudoers is parsed too late to be useful, and upstream says
215 it won't get fixed quickly. This reopens 85123, which I will mark as
216 forwarded. Closes: #86199, #86117, #85676
218 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
220 sudo (1.6.3p5-2) unstable; urgency=low
222 * lose the dh_suidregister call since it's obsolete
223 * stop using the --with-secure-path option at build time, and instead show
224 how to set it in sudoers. Closes: #85123
225 * freshen config.sub and config.guess for ia64 and hppa
226 * update sudoers man page to indicate exempt_group is on by default,
229 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
231 sudo (1.6.3p5-1) unstable; urgency=low
233 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
234 * this version restores core dumps before the exec, while leaving them
235 disabled during sudo's internal execution, closes: #58289
236 * update debhelper calls in rules file
238 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
240 sudo (1.6.2p2-1) frozen unstable; urgency=medium
242 * new upstream source resulting from direct collaboration with the upstream
243 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
244 Closes: #56129, #55978, #55979, #56550, #56772
245 * include more upstream documentation, closes: #55054
246 * pam.d fragment update, closes: #56129
248 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
250 sudo (1.6.1-1) unstable; urgency=low
252 * new upstream source, closes: #52750
254 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
256 sudo (1.6-2) unstable; urgency=low
258 * drop suidregister support for this package. The sudo executable is
259 essentially worthless unless it is setuid root, and making suidregister
260 work involves shipping a non-setuid executable in the .deb and setting the
261 perms in the postinst. On a long upgrade run, this can leave the sudo
262 executable 'broken' for a long time, which is unacceptable. With this
263 version, we ship the executable setuid root in the .deb. Closes: #51742
265 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
267 sudo (1.6-1) unstable; urgency=low
269 * new upstream version, many options previously set at compile-time are now
270 configurable at runtime.
271 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
274 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
276 sudo (1.5.9p4-1) unstable; urgency=low
278 * new upstream version, closes: #43464
279 * empty password handling was fixed in 1.5.8, closes: #31863
281 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
283 sudo (1.5.9p1-1) unstable; urgency=low
285 * new upstream version
287 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
289 sudo (1.5.8p1-1) unstable; urgency=medium
291 * new upstream version, closes 33690
292 * add dependency on libpam-modules, closes 34215, 33432
294 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
296 sudo (1.5.7p4-2) unstable; urgency=medium
298 * update the pam fragment provided so that sudo works with latest pam bits,
301 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
303 sudo (1.5.7p4-1) unstable; urgency=low
305 * new upstream release
307 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
309 sudo (1.5.6p5-1) unstable; urgency=low
311 * new upstream patch release
312 * add PAM support, closes 28594
314 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
316 sudo (1.5.6p2-2) unstable; urgency=low
318 * update copyright file, closes 24136
319 * review and close forwarded bugs believed fixed in this upstream version,
322 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
324 sudo (1.5.6p2-1) unstable; urgency=low
326 * new upstream release
328 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
330 sudo (1.5.4-4) frozen unstable; urgency=low
332 * update postinst to use groupadd, closes 21403
333 * move the suidregister stuff earlier in postinst to ensure it always runs
335 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
337 sudo (1.5.4-3) frozen unstable; urgency=low
339 * change /etc/sudoers from a conffile to being handled in postinst,
341 * add suidmanager support, closes 15711
342 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
343 unlikely to ever fix, and which just don't matter. closes 17146
344 * fix FSF address in copyright file, and submit exception for lintian
345 warning about sudo being setuid root
347 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
349 sudo (1.5.4-2) unstable; urgency=high
351 * patch from upstream author correcting/improving security fix
353 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
355 sudo (1.5.4-1) unstable; urgency=high
357 * new upstream version, includes a security fix
358 * change default editor from /bin/ae to /usr/bin/editor
360 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
362 sudo (1.5.3-1) unstable; urgency=medium
364 * new upstream version, closes bug 15911.
365 * rules file reworked to use debhelper
366 * implement a really gross hack to force use of the sudo-provided
367 lsearch(), since the one in libc6 is broken! This closes bugs
368 12552, 12557, 14881, 15259, 15916.
370 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
372 sudo (1.5.2-6) unstable; urgency=LOW
374 * don't install INSTALL in the doc directory, closes bug 13195.
376 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
378 sudo (1.5.2-5) unstable; urgency=LOW
382 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
384 sudo (1.5.2-4) unstable; urgency=LOW
386 * change TIMEOUT (how long before you have to type your password again)
387 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
388 packages on slower machines much more tolerable. Closes bug 9076.
389 * touch debian/suid before debstd. Closes bug 8709.
391 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
393 sudo (1.5.2-3) frozen unstable; urgency=LOW
395 * patch from upstream maintainer to close Bug 6828
396 * add a debian/suid file to get debstd to leave my perl postinst alone
398 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
400 sudo (1.5.2-2) frozen unstable; urgency=LOW
402 * change rules to use -O2 -Wall as per standards
404 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
406 sudo (1.5.2-1) unstable; urgency=LOW
408 * new upstream version
409 * cosmetic changes to debian package control files
411 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
413 sudo (1.5-2) unstable; urgency=LOW
415 * add /usr/X11R6/bin to the end of the secure path... this makes it
416 much easier to run xmkmf, etc., during package builds. To the extent
417 that /usr/local/sbin and /usr/local/bin were already included, I see
418 no security reasons not to add this.
420 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
422 sudo (1.5-1) unstable; urgency=LOW
424 * New upstream version
426 * New packaging format
428 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
430 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
434 * hard code SECURE_PATH to:
435 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
439 * enabled EXEMPTGROUP "sudo"
441 * moved timestamp dir to /var/log/sudo
443 * changed parser to check for long and short filenames (Bug#1162)
445 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
449 * New upstream source
451 * Fixed postinst script
452 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
454 * Removed special shadow binary. This version works with and without
455 shadow password file.
457 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
461 * Corrected editor path to /bin/ae (Bug#3062)
463 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
465 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
469 * New upstream version
471 * Changed sudoers permission to 440 (owner root, group root) to make
474 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
478 * Applied upstream patch 1
480 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
484 * Applied upstream patch 2
486 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
490 * Applied upstream patch 3 (fixes problems with an NFS-mounted
494 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
498 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
499 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
501 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
505 * Applied upstream patch 4 (fixes several bugs)
507 * Changed priority to optional
509 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
513 * Corrected postinst to create correct permission for /etc/sudoers
516 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
520 * New upstream version
523 sudo (1.4.4-2) admin; urgency=HIGH
525 * Fixed major security bug reported by Peter Tobias
526 <tobias@et-inf.fho-emden.de>
527 * Added dchanges support to debian.rules
529 sudo (1.4.5-1) admin; urgency=LOW
531 * New upstream version
532 * Minor changes to debian.rules