1 sudo (1.8.3p2-1) unstable; urgency=high
3 * new upstream version, closes: #657985 (CVE-2012-0809)
4 * patch from Pino Toscano to only use selinux on Linux, closes: #655894
6 -- Bdale Garbee <bdale@gag.com> Mon, 30 Jan 2012 16:11:54 -0700
8 sudo (1.8.3p1-3) unstable; urgency=low
10 * patch from Moritz Muehlenhoff enables hardened build flags, closes: #655417
11 * replacement postinst script from Mike Beattie using shell instead of Perl
12 * include systemd service file from Michael Stapelberg, closes: #639633
13 * add init.d status support, closes: #641782
14 * make sudo-ldap package manage a sudoers entry in nsswitch.conf,
15 closes: #610600, #639530
16 * enable mail_badpass in the default sudoers file, closes: #641218
17 * enable selinux support, closes: #655510
19 -- Bdale Garbee <bdale@gag.com> Wed, 11 Jan 2012 16:18:13 -0700
21 sudo (1.8.3p1-2) unstable; urgency=low
23 * if upgrading from squeeze, and the sudoers file is unmodified, avoid
24 the packaging system prompting the user about a change they didn't make
25 now that sudoers is a conffile, closes: #612532, #636049
26 * add a recommendation for the use of visudo to the sudoers.d/README file,
29 -- Bdale Garbee <bdale@gag.com> Sat, 12 Nov 2011 16:27:13 -0700
31 sudo (1.8.3p1-1) unstable; urgency=low
33 * new upstream version, closes: #646478
35 -- Bdale Garbee <bdale@gag.com> Thu, 27 Oct 2011 01:03:44 +0200
37 sudo (1.8.3-1) unstable; urgency=low
39 * new upstream version, closes: #639391, #639568
41 -- Bdale Garbee <bdale@gag.com> Sat, 22 Oct 2011 23:49:16 -0600
43 sudo (1.8.2-2) unstable; urgency=low
46 * debian/rules improvements, closes: #642535
47 + mv upstream sample.* files to the examples folder.
48 - do not call dh_installexamples.
51 * patch from upstream for SIGBUS on sparc64, closes: #640304
52 * use common-session-noninteractive in the pam config to reduce log noise
53 when sudo is used in cron, etc, closes: #519700
54 * patch from Steven McDonald to fix segfault on startup under certain
55 conditions, closes: #639568
56 * add a NEWS entry regarding the secure_path change made in 1.8.2-1,
59 -- Bdale Garbee <bdale@gag.com> Mon, 26 Sep 2011 21:55:56 -0600
61 sudo (1.8.2-1) unstable; urgency=low
63 * new upstream version, closes: #637449, #621830
64 * include common-session in pam config, closes: #519700, #607199
65 * move secure_path from configure to default sudoers, closes: #85123, 85917
66 * improve sudoers self-documentation, closes: #613639
67 * drop --disable-setresuid since modern systems should not run 2.2 kernels
68 * lose the --with-devel configure option since it's breaking builds in
69 subdirectories for some reason
71 -- Bdale Garbee <bdale@gag.com> Wed, 24 Aug 2011 13:33:11 -0600
73 sudo (1.7.4p6-1) unstable; urgency=low
75 * new upstream version
76 * touch the right stamp name after configuring, closes: #611287
77 * patch from Svante Signell to fix build problem on Hurd, closes: #611290
79 -- Bdale Garbee <bdale@gag.com> Wed, 09 Feb 2011 11:32:58 -0700
81 sudo (1.7.4p4-6) unstable; urgency=low
83 * update /etc/sudoers.d/README now that sudoers is a conffile
84 * patch from upstream to fix special case in password checking code
85 when only the gid is changing, closes: #609641
87 -- Bdale Garbee <bdale@gag.com> Tue, 11 Jan 2011 10:22:39 -0700
89 sudo (1.7.4p4-5) unstable; urgency=low
91 * patch from Jakub Wilk to add noopt and nostrip build option support,
93 * make sudoers a conffile, closes: #605130
94 * add descriptions to LSB init headers, closes: #604619
95 * change default sudoers %sudo entry to allow gid changes, closes: #602699
96 * add Vcs entries to the control file
97 * use debhelper install files instead of explicit installs in rules
99 -- Bdale Garbee <bdale@gag.com> Wed, 01 Dec 2010 20:32:31 -0700
101 sudo (1.7.4p4-4) unstable; urgency=low
103 * patch from upstream to resolve problem always prompting for a password
104 when run without a tty, closes: #599376
105 * patch from upstream to resolve interoperability problem between HOME in
106 env_keep and the -H flag, closes: #596493
107 * change path syntax to avoid tar error when /var/run/sudo exists but is
108 empty, closes: #598877
110 -- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600
112 sudo (1.7.4p4-3) unstable; urgency=low
114 * make postinst clause for handling /var/run -> /var/lib transition less
115 fragile, closes: #585514
116 * cope with upstream's Makefile trying to install ChangeLog in our doc
117 directory, closes: #597389
118 * fix README.Debian to reflect that HOME is no longer preserved by default,
121 -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
123 sudo (1.7.4p4-2) unstable; urgency=low
125 * add a NEWS item about change in $HOME handling that impacts programs
128 -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
130 sudo (1.7.4p4-1) unstable; urgency=high
132 * new upstream version, urgency high due to fix for flaw in Runas group
133 matching (CVE-2010-2956), closes: #595935
134 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
135 re-lecturing existing users, and to clean up after ourselves on upgrade,
136 and remove the RAMRUN section from README.Debian since the new state dir
137 should fix the original problem, closes: #585514
138 * deliver README.Debian to both package flavors, closes: #593579
140 -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600
142 sudo (1.7.2p7-1) unstable; urgency=high
144 * new upstream release with security fix for secure path (CVE-2010-1646),
146 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
147 about whether to give the lecture is preserved across reboots even when
148 RAMRUN is set, closes: #581393
149 * add a note to README.Debian about LDAP needing an entry in
150 /etc/nsswitch.conf, closes: #522065
151 * add a note to README.Debian about how to turn off lectures if using
152 RAMRUN in /etc/default/rcS, closes: #581393
154 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
156 sudo (1.7.2p6-1) unstable; urgency=low
158 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
160 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
162 sudo (1.7.2p5-1) unstable; urgency=low
164 * new upstream release, closes a bug filed upstream regarding missing man
165 page processing scripts in the 1.7.2p1 tarball, also includes the fix
166 for CVE-2010-0426 previously the subject of a security team nmu
167 * move to source format 3.0 (quilt) and restructure changes as patches
168 * fix unprocessed substitution variables in man pages, closes: #557204
169 * apply patch from Neil Moore to fix Debian-specific content in the
170 visudo man page, closes: #555013
171 * update descriptions to better explain sudo-ldap, closes: #573108
172 * eliminate spurious 'and' in man page, closes: #571620
173 * fix confusing text in default sudoers, closes: #566607
175 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
177 sudo (1.7.2p1-1) unstable; urgency=low
179 * new upstream version
180 * add support for /etc/sudoers.d using #includedir in default sudoers,
181 which I think is also a good solution to the request for a crontab-like
182 API requested in March of 2001, closes: #539994, #271813, #89743
183 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
185 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
187 sudo (1.7.2-2) unstable; urgency=low
189 * further improve initial sudoers to not include the NOPASSWD option on
190 the group sudo exception, closes: #539136, #198991
192 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
194 sudo (1.7.2-1) unstable; urgency=low
196 * new upstream version, closes: #537103
197 * improve initial sudoers by having the exemption for users in group
198 sudo on by default, and including the ability to run any command as
199 any user. This makes the default install roughly equivalent to our
200 old use of the --with-exempt=sudo build option, closes: #536220, #536222
202 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
204 sudo (1.7.0-1) unstable; urgency=low
206 * new upstream version, closes: #510179, #128268, #520274, #508514
207 * fix ldap config file path for sudo-ldap package, including creating
208 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
209 package, closes: #430826
210 * fix NOPASSWD entry location in default config file for the sudo-ldap
211 instance too, closes: #479616
213 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
215 sudo (1.6.9p17-2) unstable; urgency=high
217 * patch from upstream to fix privilege escalation with certain
218 configurations, CVE-2009-0034
219 * typo in sudoers man page, closes: #507163
221 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
223 sudo (1.6.9p17-1) unstable; urgency=low
225 * new upstream version, closes: #481008
226 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
227 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
228 in move from CVS to git for package management, closes: #475821
229 * re-instate the init.d for the sudo-ldap package too... /o\
231 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
233 sudo (1.6.9p15-2) unstable; urgency=low
235 * revert the fix for 388659 such that visudo once again defaults to using
236 /usr/bin/editor. I was always ambivalent about this change, it has caused
237 more confusion and frustration than it cured, and I find Justin's line of
238 reasoning persuasive. Update the man page source to reflect this choice
239 and the related use of --with-env-editor. Closes: #474197.
240 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
242 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
244 sudo (1.6.9p15-1) unstable; urgency=low
246 * new upstream version, closes: #467126, #473337
247 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
248 thanks to Justin Pryzby for pointing this out
249 * reinstate the init.d, since bootclean doesn't quite do what we want. This
250 also means we don't need the preinst scripts any more. Update the lintian
251 overrides since postinst is a Perl script lintian apparently isn't parsing
252 well. closes: #330868
254 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
256 sudo (1.6.9p12-1) unstable; urgency=low
258 * new upstream version, closes: #464890
260 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
262 sudo (1.6.9p11-3) unstable; urgency=low
264 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
266 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
268 sudo (1.6.9p11-2) unstable; urgency=low
270 * update version compared in preinst when removing obsolete init.d,
272 * implement pam session config suggestions from Elizabeth Fong,
273 closes: #452457, #402329
275 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
277 sudo (1.6.9p11-1) unstable; urgency=low
279 * new upstream version
281 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
283 sudo (1.6.9p10-1) unstable; urgency=low
285 * new upstream version
286 * tweak default password prompt as %u doesn't make sense. Accept patch from
287 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
288 uses it by default, closes: #454409
289 * accept patch from Martin Pitt that adds a prerm making it difficult to
290 "accidentally" remove sudo when there is no root password set on the
291 system, closes: #451241
293 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
295 sudo (1.6.9p9-1) unstable; urgency=low
297 * new upstream version
298 * debian/rules: configure a more informative default password prompt to
299 reduce confusion when using sudo to invoke commands which also ask for
300 passwords, closes: #343268
301 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
302 a custom prompt, closes: #448628.
303 * fix configure's ability to discover that libc has dirfd, closes: #451324
304 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
305 the command 'visudo' invokes a vi variant by default as documented,
308 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
310 sudo (1.6.9p6-1) unstable; urgency=low
312 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
313 closes: #434832, #434608, #430382
314 * eliminate the now-redundant init.d scripts, closes: #397090
315 * fix typo in TROUBLESHOOTING file, closes: #439624
317 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
319 sudo (1.6.8p12-6) unstable; urgency=low
321 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
322 * have init.d touch directories in /var/run/sudo, not just files, as a
324 * fix various typos in sudoers.pod, closes: #419749
325 * don't let Makefile strip binaries, closes: #438073
327 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
329 sudo (1.6.8p12-5) unstable; urgency=low
331 * update debian/copyright to reflect new upstream URL, closes: #368746
332 * add sandwich cartoon URL to the README.Debian
333 * don't remove sudoers on purge. can cause problems when moving between
334 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
335 evil choice for now, closes: #401366
336 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
338 * accept patch that improves debian/rules from Ted Percival, closes: #382122
339 * no longer build with --with-exempt=sudo, provide an example entry in the
340 default sudoers file instead, closes: #296605
341 * add --with-devel to configure and augment build dependencies so that flex
342 and yacc files get re-generated on every build, closes: #316249
344 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
346 sudo (1.6.8p12-4) unstable; urgency=low
348 * patch from Petter Reinholdtsen for the LSB info block in the init.d
349 script, closes: #361055
350 * deliver sudoers sample again, closes: #361593
352 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
354 sudo (1.6.8p12-3) unstable; urgency=low
356 * force-feed configure knowledge of nroff's path so we get unformatted man
357 pages installed without build-depending on groff-base, closes: #360894
358 * add a reference to OPTIONS in the man page, closes: #186226
360 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
362 sudo (1.6.8p12-2) unstable; urgency=low
364 * fix typos in init scripts, closes: #346325
365 * update to debhelper compat level 5
366 * build depend on autotools-dev to ensure config.sub/guess are fresh
367 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
368 use it here as well. Thanks to Martin and the debian-security team.
369 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
370 closes: #315115, #315718, #203874
371 * Non-maintainer upload by the Security Team
372 * Reworked the former patch to limit environment variables from being
373 passed through, set env_reset as default instead [sudo.c, env.c,
374 sudoers.pod, Bug#342948, CVE-2005-4158]
375 * env_reset is now set by default
376 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
377 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
378 (in addition to the SUDO_* variables)
379 * Rebuild sudoers.man.in from the POD file
380 * Added README.Debian
381 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
382 * simplify rules file by using more of Makefile, despite having to override
383 default directories with more arguments to configure, closes: #292833
384 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
385 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
386 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
387 unresolveable (requires adding bison as build dep), closes: #314949
389 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
391 sudo (1.6.8p12-1) unstable; urgency=low
393 * new upstream version, closes: #342948 (CVE-2005-4158)
394 * add env_reset to the sudoers file we create if none already exists,
395 as a further precaution in response to discussion about CVS-2005-4158
396 * split ldap support into a new sudo-ldap package. I was trying to avoid
397 doing this, but the impact of going from 4 to 17 linked shlibs on the
398 autobuilder chroots is sufficient motivation for me.
401 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
403 sudo (1.6.8p9-4) unstable; urgency=low
405 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
406 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
407 timestamps in the init.d script, closes: #330868
408 * add dependency header to init.d script, closes: #332849
410 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
412 sudo (1.6.8p9-3) unstable; urgency=high
414 * update debhelper compatibility level from 2 to 4
415 * add man page symlink for sudoedit
416 * Clean SHELLOPTS and PS4 from the environment before executing programs
417 with sudo permissions [env.c, CAN-2005-2959]
418 * fix typo in manpage pointed out by Moray Allen, closes: #285995
419 * fix paths in sample complex sudoers file, closes: #303542
420 * fix type in sudoers man page, closes: #311244
422 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
424 sudo (1.6.8p9-2) unstable; urgency=high
426 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
429 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
431 sudo (1.6.8p9-1) unstable; urgency=high
433 * new upstream version, fixes a race condition in sudo's pathname
434 validation, which is a security issue (CAN-2005-1993),
435 closes: #315115, #315718
437 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
439 sudo (1.6.8p7-1) unstable; urgency=low
441 * new upstream version, closes: #299585
442 * update lintian overrides to squelch the postinst warning
443 * change sudoedit from a hard to a soft link, closes: #296896
444 * fix regex doc in sudoers man page, closes: #300361
446 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
448 sudo (1.6.8p5-1) unstable; urgency=high
450 * new upstream version
451 * restores ability to use config tuples without a value, which was causing
452 problems on upgrade closes: #283306
453 * deliver sudoedit, closes: #283078
454 * marking urgency high since 283306 is a serious upgrade incompatibility
456 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
458 sudo (1.6.8p3-2) unstable; urgency=high
460 * update pam.d deliverable so ldap works again, closes: #282191
462 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
464 sudo (1.6.8p3-1) unstable; urgency=high
466 * new upstream version, fixes a flaw in sudo's environment sanitizing that
467 could allow a malicious user with permission to run a shell script that
468 utilized the bash shell to run arbitrary commands, closes: #281665
469 * patch the sample sudoers to have the proper path for kill on Debian
470 systems, closes: #263486
471 * patch the sudo manpage to reflect Debian's choice of exempt_group
472 default setting, closes: #236465
473 * patch the sudo manpage to reflect Debian's choice of no timeout on the
474 password prompt, closes: #271194
476 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
478 sudo (1.6.7p5-2) unstable; urgency=low
480 * Jeff Bailey reports that seteuid works on current sparc systems, so we
481 no longer need the "grosshack" stuff in the sudo rules file
482 * add a postrm that removes /etc/sudoers on purge. don't do this with the
483 normal conffile mechanism since it would generate noise on every upgrade,
486 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
488 sudo (1.6.7p5-1) unstable; urgency=low
490 * new upstream version, closes: #190265, #193222, #197244
491 * change from '.' to ':' in postinst chown call, closes: #208369
493 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
495 sudo (1.6.7p3-2) unstable; urgency=low
497 * add --disable-setresuid to configure call since 2.2 kernels don't support
498 setresgid, closes: #189044
499 * cosmetic cleanups to debian/rules as long as I'm there
501 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
503 sudo (1.6.7p3-1) unstable; urgency=low
505 * new upstream version
506 * add overrides to quiet lintian about things it doesn't understand,
507 except the source one that can't be overridden until 129510 is fixed
509 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
511 sudo (1.6.6-3) unstable; urgency=low
513 * add code to rules file to update config.sub/guess, closes: #164501
515 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
517 sudo (1.6.6-2) unstable; urgency=low
519 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
520 configure, and lose the build dependency on mail-transport-agent
521 * incorporate changes from LaMont's NMU, closes: #144665, #144737
522 * update init.d to not try and set time on nonexistent timestamp files,
524 * build with --with-all-insults, admin must edit sudoers to turn insults
525 on at runtime if desired, closes: #135374
526 * stop setting /usr/doc symlink in postinst
528 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
530 sudo (1.6.6-1.1) unstable; urgency=high
532 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
533 * Revert patch to auth/pam.c that left pass uninitialized, causing a
534 segfault (Closes: #144665).
536 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
538 sudo (1.6.6-1) unstable; urgency=high
540 * new upstream version, fixes security problem with crafty prompts,
543 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
545 sudo (1.6.5p1-4) unstable; urgency=high
547 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
548 if ctrl/C'ed at password prompt, closes: #131235
550 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
552 sudo (1.6.5p1-3) unstable; urgency=high
554 * ugly hack to add --disable-saved-ids when building on sparc in response
555 to 131592, which will be reassigned to glibc for a real fix
556 * urgency high since the sudo currently in testing for sparc is worthless
558 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
560 sudo (1.6.5p1-2) unstable; urgency=high
562 * patch from upstream to fix seg faults caused by versions of pam that
563 follow a NULL pointer, closes: #129512
565 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
567 sudo (1.6.5p1-1) unstable; urgency=high
569 * new upstream version
570 * add --disable-root-mailer option supported by new version to configure
571 call in rules file, closes: #129648
573 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
575 sudo (1.6.4p1-1) unstable; urgency=high
577 * new upstream version, with fix for segfaulting problem in 1.6.4
579 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
581 sudo (1.6.4-1) unstable; urgency=high
583 * new upstream version, includes an important security fix, closes: #127576
585 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
587 sudo (1.6.3p7-5) unstable; urgency=low
589 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
590 * fix spelling error in init.d, closes: #126847
592 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
594 sudo (1.6.3p7-4) unstable; urgency=medium
596 * use touch to set status files to an ancient date instead of removing them
597 outright on reboot. this achieves the desired effect of keeping elevated
598 privs from living across reboots, without forcing everyone to see the
599 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
600 for systems with good clocks, and 'recent enough' that broken PC hardware
601 setting the clock to commonly-seen bogus dates trips over the "don't trust
602 future timestamps" rule. closes: #76529, #123559
603 * apply patch from Steve Langasek to fix seg faults due to interaction with
604 PAM code. upstream confirms the problem, and says they're fixing this
605 differently for their next release... but this should be useful in the
606 meantime, and would be good to get into woody. closes: #119147
607 * only run the init.d at boot, not on each runlevel change... and don't run
608 it during package configure. closes: #125935
609 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
611 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
613 sudo (1.6.3p7-3) unstable; urgency=low
615 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
616 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
617 * fix a typo in the manpage, closes: #97368
618 * apply patch to configure.in and run autoconf to fix problem building on
619 the hurd, closes: #96325
620 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
621 to not last across reboots, closes: #76529
622 * clean up lintian-noticed cosmetic packaging issues
624 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
626 sudo (1.6.3p7-2) unstable; urgency=low
628 * update config.sub/guess for hppa support
630 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
632 sudo (1.6.3p7-1) unstable; urgency=low
634 * new upstream version
635 * add build dependency on mail-transport-agent, closes: #90685
637 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
639 sudo (1.6.3p6-1) unstable; urgency=high
641 * new upstream version, fixes buffer overflow problem,
642 closes: #87259, #87278, #87263
643 * revert to using --with-secure-path option at build time, since the option
644 available in sudoers is parsed too late to be useful, and upstream says
645 it won't get fixed quickly. This reopens 85123, which I will mark as
646 forwarded. Closes: #86199, #86117, #85676
648 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
650 sudo (1.6.3p5-2) unstable; urgency=low
652 * lose the dh_suidregister call since it's obsolete
653 * stop using the --with-secure-path option at build time, and instead show
654 how to set it in sudoers. Closes: #85123
655 * freshen config.sub and config.guess for ia64 and hppa
656 * update sudoers man page to indicate exempt_group is on by default,
659 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
661 sudo (1.6.3p5-1) unstable; urgency=low
663 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
664 * this version restores core dumps before the exec, while leaving them
665 disabled during sudo's internal execution, closes: #58289
666 * update debhelper calls in rules file
668 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
670 sudo (1.6.2p2-1) frozen unstable; urgency=medium
672 * new upstream source resulting from direct collaboration with the upstream
673 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
674 Closes: #56129, #55978, #55979, #56550, #56772
675 * include more upstream documentation, closes: #55054
676 * pam.d fragment update, closes: #56129
678 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
680 sudo (1.6.1-1) unstable; urgency=low
682 * new upstream source, closes: #52750
684 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
686 sudo (1.6-2) unstable; urgency=low
688 * drop suidregister support for this package. The sudo executable is
689 essentially worthless unless it is setuid root, and making suidregister
690 work involves shipping a non-setuid executable in the .deb and setting the
691 perms in the postinst. On a long upgrade run, this can leave the sudo
692 executable 'broken' for a long time, which is unacceptable. With this
693 version, we ship the executable setuid root in the .deb. Closes: #51742
695 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
697 sudo (1.6-1) unstable; urgency=low
699 * new upstream version, many options previously set at compile-time are now
700 configurable at runtime.
701 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
704 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
706 sudo (1.5.9p4-1) unstable; urgency=low
708 * new upstream version, closes: #43464
709 * empty password handling was fixed in 1.5.8, closes: #31863
711 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
713 sudo (1.5.9p1-1) unstable; urgency=low
715 * new upstream version
717 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
719 sudo (1.5.8p1-1) unstable; urgency=medium
721 * new upstream version, closes 33690
722 * add dependency on libpam-modules, closes 34215, 33432
724 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
726 sudo (1.5.7p4-2) unstable; urgency=medium
728 * update the pam fragment provided so that sudo works with latest pam bits,
731 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
733 sudo (1.5.7p4-1) unstable; urgency=low
735 * new upstream release
737 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
739 sudo (1.5.6p5-1) unstable; urgency=low
741 * new upstream patch release
742 * add PAM support, closes 28594
744 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
746 sudo (1.5.6p2-2) unstable; urgency=low
748 * update copyright file, closes 24136
749 * review and close forwarded bugs believed fixed in this upstream version,
752 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
754 sudo (1.5.6p2-1) unstable; urgency=low
756 * new upstream release
758 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
760 sudo (1.5.4-4) frozen unstable; urgency=low
762 * update postinst to use groupadd, closes 21403
763 * move the suidregister stuff earlier in postinst to ensure it always runs
765 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
767 sudo (1.5.4-3) frozen unstable; urgency=low
769 * change /etc/sudoers from a conffile to being handled in postinst,
771 * add suidmanager support, closes 15711
772 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
773 unlikely to ever fix, and which just don't matter. closes 17146
774 * fix FSF address in copyright file, and submit exception for lintian
775 warning about sudo being setuid root
777 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
779 sudo (1.5.4-2) unstable; urgency=high
781 * patch from upstream author correcting/improving security fix
783 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
785 sudo (1.5.4-1) unstable; urgency=high
787 * new upstream version, includes a security fix
788 * change default editor from /bin/ae to /usr/bin/editor
790 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
792 sudo (1.5.3-1) unstable; urgency=medium
794 * new upstream version, closes bug 15911.
795 * rules file reworked to use debhelper
796 * implement a really gross hack to force use of the sudo-provided
797 lsearch(), since the one in libc6 is broken! This closes bugs
798 12552, 12557, 14881, 15259, 15916.
800 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
802 sudo (1.5.2-6) unstable; urgency=LOW
804 * don't install INSTALL in the doc directory, closes bug 13195.
806 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
808 sudo (1.5.2-5) unstable; urgency=LOW
812 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
814 sudo (1.5.2-4) unstable; urgency=LOW
816 * change TIMEOUT (how long before you have to type your password again)
817 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
818 packages on slower machines much more tolerable. Closes bug 9076.
819 * touch debian/suid before debstd. Closes bug 8709.
821 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
823 sudo (1.5.2-3) frozen unstable; urgency=LOW
825 * patch from upstream maintainer to close Bug 6828
826 * add a debian/suid file to get debstd to leave my perl postinst alone
828 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
830 sudo (1.5.2-2) frozen unstable; urgency=LOW
832 * change rules to use -O2 -Wall as per standards
834 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
836 sudo (1.5.2-1) unstable; urgency=LOW
838 * new upstream version
839 * cosmetic changes to debian package control files
841 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
843 sudo (1.5-2) unstable; urgency=LOW
845 * add /usr/X11R6/bin to the end of the secure path... this makes it
846 much easier to run xmkmf, etc., during package builds. To the extent
847 that /usr/local/sbin and /usr/local/bin were already included, I see
848 no security reasons not to add this.
850 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
852 sudo (1.5-1) unstable; urgency=LOW
854 * New upstream version
856 * New packaging format
858 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
860 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
864 * hard code SECURE_PATH to:
865 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
869 * enabled EXEMPTGROUP "sudo"
871 * moved timestamp dir to /var/log/sudo
873 * changed parser to check for long and short filenames (Bug#1162)
875 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
879 * New upstream source
881 * Fixed postinst script
882 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
884 * Removed special shadow binary. This version works with and without
885 shadow password file.
887 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
891 * Corrected editor path to /bin/ae (Bug#3062)
893 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
895 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
899 * New upstream version
901 * Changed sudoers permission to 440 (owner root, group root) to make
904 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
908 * Applied upstream patch 1
910 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
914 * Applied upstream patch 2
916 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
920 * Applied upstream patch 3 (fixes problems with an NFS-mounted
924 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
928 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
929 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
931 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
935 * Applied upstream patch 4 (fixes several bugs)
937 * Changed priority to optional
939 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
943 * Corrected postinst to create correct permission for /etc/sudoers
946 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
950 * New upstream version
953 sudo (1.4.4-2) admin; urgency=HIGH
955 * Fixed major security bug reported by Peter Tobias
956 <tobias@et-inf.fho-emden.de>
957 * Added dchanges support to debian.rules
959 sudo (1.4.5-1) admin; urgency=LOW
961 * New upstream version
962 * Minor changes to debian.rules