1 sudo (1.7.4p4-5) UNRELEASED; urgency=low
3 * patch from Jakub Wilk to add noopt and nostrip build option support,
5 * make sudoers a conffile, closes: #605130
6 * add Vcs entries to the control file
7 * use debhelper install files instead of explicit installs in rules
9 -- Bdale Garbee <bdale@gag.com> Wed, 01 Dec 2010 10:18:01 -0700
11 sudo (1.7.4p4-4) unstable; urgency=low
13 * patch from upstream to resolve problem always prompting for a password
14 when run without a tty, closes: #599376
15 * patch from upstream to resolve interoperability problem between HOME in
16 env_keep and the -H flag, closes: #596493
17 * change path syntax to avoid tar error when /var/run/sudo exists but is
18 empty, closes: #598877
20 -- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600
22 sudo (1.7.4p4-3) unstable; urgency=low
24 * make postinst clause for handling /var/run -> /var/lib transition less
25 fragile, closes: #585514
26 * cope with upstream's Makefile trying to install ChangeLog in our doc
27 directory, closes: #597389
28 * fix README.Debian to reflect that HOME is no longer preserved by default,
31 -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
33 sudo (1.7.4p4-2) unstable; urgency=low
35 * add a NEWS item about change in $HOME handling that impacts programs
38 -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
40 sudo (1.7.4p4-1) unstable; urgency=high
42 * new upstream version, urgency high due to fix for flaw in Runas group
43 matching (CVE-2010-2956), closes: #595935
44 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
45 re-lecturing existing users, and to clean up after ourselves on upgrade,
46 and remove the RAMRUN section from README.Debian since the new state dir
47 should fix the original problem, closes: #585514
48 * deliver README.Debian to both package flavors, closes: #593579
50 -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600
52 sudo (1.7.2p7-1) unstable; urgency=high
54 * new upstream release with security fix for secure path (CVE-2010-1646),
56 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
57 about whether to give the lecture is preserved across reboots even when
58 RAMRUN is set, closes: #581393
59 * add a note to README.Debian about LDAP needing an entry in
60 /etc/nsswitch.conf, closes: #522065
61 * add a note to README.Debian about how to turn off lectures if using
62 RAMRUN in /etc/default/rcS, closes: #581393
64 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
66 sudo (1.7.2p6-1) unstable; urgency=low
68 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
70 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
72 sudo (1.7.2p5-1) unstable; urgency=low
74 * new upstream release, closes a bug filed upstream regarding missing man
75 page processing scripts in the 1.7.2p1 tarball, also includes the fix
76 for CVE-2010-0426 previously the subject of a security team nmu
77 * move to source format 3.0 (quilt) and restructure changes as patches
78 * fix unprocessed substitution variables in man pages, closes: #557204
79 * apply patch from Neil Moore to fix Debian-specific content in the
80 visudo man page, closes: #555013
81 * update descriptions to better explain sudo-ldap, closes: #573108
82 * eliminate spurious 'and' in man page, closes: #571620
83 * fix confusing text in default sudoers, closes: #566607
85 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
87 sudo (1.7.2p1-1) unstable; urgency=low
89 * new upstream version
90 * add support for /etc/sudoers.d using #includedir in default sudoers,
91 which I think is also a good solution to the request for a crontab-like
92 API requested in March of 2001, closes: #539994, #271813, #89743
93 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
95 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
97 sudo (1.7.2-2) unstable; urgency=low
99 * further improve initial sudoers to not include the NOPASSWD option on
100 the group sudo exception, closes: #539136, #198991
102 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
104 sudo (1.7.2-1) unstable; urgency=low
106 * new upstream version, closes: #537103
107 * improve initial sudoers by having the exemption for users in group
108 sudo on by default, and including the ability to run any command as
109 any user. This makes the default install roughly equivalent to our
110 old use of the --with-exempt=sudo build option, closes: #536220, #536222
112 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
114 sudo (1.7.0-1) unstable; urgency=low
116 * new upstream version, closes: #510179, #128268, #520274, #508514
117 * fix ldap config file path for sudo-ldap package, including creating
118 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
119 package, closes: #430826
120 * fix NOPASSWD entry location in default config file for the sudo-ldap
121 instance too, closes: #479616
123 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
125 sudo (1.6.9p17-2) unstable; urgency=high
127 * patch from upstream to fix privilege escalation with certain
128 configurations, CVE-2009-0034
129 * typo in sudoers man page, closes: #507163
131 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
133 sudo (1.6.9p17-1) unstable; urgency=low
135 * new upstream version, closes: #481008
136 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
137 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
138 in move from CVS to git for package management, closes: #475821
139 * re-instate the init.d for the sudo-ldap package too... /o\
141 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
143 sudo (1.6.9p15-2) unstable; urgency=low
145 * revert the fix for 388659 such that visudo once again defaults to using
146 /usr/bin/editor. I was always ambivalent about this change, it has caused
147 more confusion and frustration than it cured, and I find Justin's line of
148 reasoning persuasive. Update the man page source to reflect this choice
149 and the related use of --with-env-editor. Closes: #474197.
150 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
152 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
154 sudo (1.6.9p15-1) unstable; urgency=low
156 * new upstream version, closes: #467126, #473337
157 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
158 thanks to Justin Pryzby for pointing this out
159 * reinstate the init.d, since bootclean doesn't quite do what we want. This
160 also means we don't need the preinst scripts any more. Update the lintian
161 overrides since postinst is a Perl script lintian apparently isn't parsing
162 well. closes: #330868
164 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
166 sudo (1.6.9p12-1) unstable; urgency=low
168 * new upstream version, closes: #464890
170 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
172 sudo (1.6.9p11-3) unstable; urgency=low
174 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
176 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
178 sudo (1.6.9p11-2) unstable; urgency=low
180 * update version compared in preinst when removing obsolete init.d,
182 * implement pam session config suggestions from Elizabeth Fong,
183 closes: #452457, #402329
185 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
187 sudo (1.6.9p11-1) unstable; urgency=low
189 * new upstream version
191 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
193 sudo (1.6.9p10-1) unstable; urgency=low
195 * new upstream version
196 * tweak default password prompt as %u doesn't make sense. Accept patch from
197 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
198 uses it by default, closes: #454409
199 * accept patch from Martin Pitt that adds a prerm making it difficult to
200 "accidentally" remove sudo when there is no root password set on the
201 system, closes: #451241
203 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
205 sudo (1.6.9p9-1) unstable; urgency=low
207 * new upstream version
208 * debian/rules: configure a more informative default password prompt to
209 reduce confusion when using sudo to invoke commands which also ask for
210 passwords, closes: #343268
211 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
212 a custom prompt, closes: #448628.
213 * fix configure's ability to discover that libc has dirfd, closes: #451324
214 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
215 the command 'visudo' invokes a vi variant by default as documented,
218 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
220 sudo (1.6.9p6-1) unstable; urgency=low
222 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
223 closes: #434832, #434608, #430382
224 * eliminate the now-redundant init.d scripts, closes: #397090
225 * fix typo in TROUBLESHOOTING file, closes: #439624
227 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
229 sudo (1.6.8p12-6) unstable; urgency=low
231 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
232 * have init.d touch directories in /var/run/sudo, not just files, as a
234 * fix various typos in sudoers.pod, closes: #419749
235 * don't let Makefile strip binaries, closes: #438073
237 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
239 sudo (1.6.8p12-5) unstable; urgency=low
241 * update debian/copyright to reflect new upstream URL, closes: #368746
242 * add sandwich cartoon URL to the README.Debian
243 * don't remove sudoers on purge. can cause problems when moving between
244 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
245 evil choice for now, closes: #401366
246 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
248 * accept patch that improves debian/rules from Ted Percival, closes: #382122
249 * no longer build with --with-exempt=sudo, provide an example entry in the
250 default sudoers file instead, closes: #296605
251 * add --with-devel to configure and augment build dependencies so that flex
252 and yacc files get re-generated on every build, closes: #316249
254 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
256 sudo (1.6.8p12-4) unstable; urgency=low
258 * patch from Petter Reinholdtsen for the LSB info block in the init.d
259 script, closes: #361055
260 * deliver sudoers sample again, closes: #361593
262 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
264 sudo (1.6.8p12-3) unstable; urgency=low
266 * force-feed configure knowledge of nroff's path so we get unformatted man
267 pages installed without build-depending on groff-base, closes: #360894
268 * add a reference to OPTIONS in the man page, closes: #186226
270 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
272 sudo (1.6.8p12-2) unstable; urgency=low
274 * fix typos in init scripts, closes: #346325
275 * update to debhelper compat level 5
276 * build depend on autotools-dev to ensure config.sub/guess are fresh
277 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
278 use it here as well. Thanks to Martin and the debian-security team.
279 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
280 closes: #315115, #315718, #203874
281 * Non-maintainer upload by the Security Team
282 * Reworked the former patch to limit environment variables from being
283 passed through, set env_reset as default instead [sudo.c, env.c,
284 sudoers.pod, Bug#342948, CVE-2005-4158]
285 * env_reset is now set by default
286 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
287 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
288 (in addition to the SUDO_* variables)
289 * Rebuild sudoers.man.in from the POD file
290 * Added README.Debian
291 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
292 * simplify rules file by using more of Makefile, despite having to override
293 default directories with more arguments to configure, closes: #292833
294 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
295 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
296 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
297 unresolveable (requires adding bison as build dep), closes: #314949
299 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
301 sudo (1.6.8p12-1) unstable; urgency=low
303 * new upstream version, closes: #342948 (CVE-2005-4158)
304 * add env_reset to the sudoers file we create if none already exists,
305 as a further precaution in response to discussion about CVS-2005-4158
306 * split ldap support into a new sudo-ldap package. I was trying to avoid
307 doing this, but the impact of going from 4 to 17 linked shlibs on the
308 autobuilder chroots is sufficient motivation for me.
311 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
313 sudo (1.6.8p9-4) unstable; urgency=low
315 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
316 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
317 timestamps in the init.d script, closes: #330868
318 * add dependency header to init.d script, closes: #332849
320 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
322 sudo (1.6.8p9-3) unstable; urgency=high
324 * update debhelper compatibility level from 2 to 4
325 * add man page symlink for sudoedit
326 * Clean SHELLOPTS and PS4 from the environment before executing programs
327 with sudo permissions [env.c, CAN-2005-2959]
328 * fix typo in manpage pointed out by Moray Allen, closes: #285995
329 * fix paths in sample complex sudoers file, closes: #303542
330 * fix type in sudoers man page, closes: #311244
332 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
334 sudo (1.6.8p9-2) unstable; urgency=high
336 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
339 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
341 sudo (1.6.8p9-1) unstable; urgency=high
343 * new upstream version, fixes a race condition in sudo's pathname
344 validation, which is a security issue (CAN-2005-1993),
345 closes: #315115, #315718
347 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
349 sudo (1.6.8p7-1) unstable; urgency=low
351 * new upstream version, closes: #299585
352 * update lintian overrides to squelch the postinst warning
353 * change sudoedit from a hard to a soft link, closes: #296896
354 * fix regex doc in sudoers man page, closes: #300361
356 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
358 sudo (1.6.8p5-1) unstable; urgency=high
360 * new upstream version
361 * restores ability to use config tuples without a value, which was causing
362 problems on upgrade closes: #283306
363 * deliver sudoedit, closes: #283078
364 * marking urgency high since 283306 is a serious upgrade incompatibility
366 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
368 sudo (1.6.8p3-2) unstable; urgency=high
370 * update pam.d deliverable so ldap works again, closes: #282191
372 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
374 sudo (1.6.8p3-1) unstable; urgency=high
376 * new upstream version, fixes a flaw in sudo's environment sanitizing that
377 could allow a malicious user with permission to run a shell script that
378 utilized the bash shell to run arbitrary commands, closes: #281665
379 * patch the sample sudoers to have the proper path for kill on Debian
380 systems, closes: #263486
381 * patch the sudo manpage to reflect Debian's choice of exempt_group
382 default setting, closes: #236465
383 * patch the sudo manpage to reflect Debian's choice of no timeout on the
384 password prompt, closes: #271194
386 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
388 sudo (1.6.7p5-2) unstable; urgency=low
390 * Jeff Bailey reports that seteuid works on current sparc systems, so we
391 no longer need the "grosshack" stuff in the sudo rules file
392 * add a postrm that removes /etc/sudoers on purge. don't do this with the
393 normal conffile mechanism since it would generate noise on every upgrade,
396 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
398 sudo (1.6.7p5-1) unstable; urgency=low
400 * new upstream version, closes: #190265, #193222, #197244
401 * change from '.' to ':' in postinst chown call, closes: #208369
403 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
405 sudo (1.6.7p3-2) unstable; urgency=low
407 * add --disable-setresuid to configure call since 2.2 kernels don't support
408 setresgid, closes: #189044
409 * cosmetic cleanups to debian/rules as long as I'm there
411 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
413 sudo (1.6.7p3-1) unstable; urgency=low
415 * new upstream version
416 * add overrides to quiet lintian about things it doesn't understand,
417 except the source one that can't be overridden until 129510 is fixed
419 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
421 sudo (1.6.6-3) unstable; urgency=low
423 * add code to rules file to update config.sub/guess, closes: #164501
425 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
427 sudo (1.6.6-2) unstable; urgency=low
429 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
430 configure, and lose the build dependency on mail-transport-agent
431 * incorporate changes from LaMont's NMU, closes: #144665, #144737
432 * update init.d to not try and set time on nonexistent timestamp files,
434 * build with --with-all-insults, admin must edit sudoers to turn insults
435 on at runtime if desired, closes: #135374
436 * stop setting /usr/doc symlink in postinst
438 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
440 sudo (1.6.6-1.1) unstable; urgency=high
442 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
443 * Revert patch to auth/pam.c that left pass uninitialized, causing a
444 segfault (Closes: #144665).
446 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
448 sudo (1.6.6-1) unstable; urgency=high
450 * new upstream version, fixes security problem with crafty prompts,
453 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
455 sudo (1.6.5p1-4) unstable; urgency=high
457 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
458 if ctrl/C'ed at password prompt, closes: #131235
460 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
462 sudo (1.6.5p1-3) unstable; urgency=high
464 * ugly hack to add --disable-saved-ids when building on sparc in response
465 to 131592, which will be reassigned to glibc for a real fix
466 * urgency high since the sudo currently in testing for sparc is worthless
468 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
470 sudo (1.6.5p1-2) unstable; urgency=high
472 * patch from upstream to fix seg faults caused by versions of pam that
473 follow a NULL pointer, closes: #129512
475 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
477 sudo (1.6.5p1-1) unstable; urgency=high
479 * new upstream version
480 * add --disable-root-mailer option supported by new version to configure
481 call in rules file, closes: #129648
483 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
485 sudo (1.6.4p1-1) unstable; urgency=high
487 * new upstream version, with fix for segfaulting problem in 1.6.4
489 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
491 sudo (1.6.4-1) unstable; urgency=high
493 * new upstream version, includes an important security fix, closes: #127576
495 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
497 sudo (1.6.3p7-5) unstable; urgency=low
499 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
500 * fix spelling error in init.d, closes: #126847
502 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
504 sudo (1.6.3p7-4) unstable; urgency=medium
506 * use touch to set status files to an ancient date instead of removing them
507 outright on reboot. this achieves the desired effect of keeping elevated
508 privs from living across reboots, without forcing everyone to see the
509 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
510 for systems with good clocks, and 'recent enough' that broken PC hardware
511 setting the clock to commonly-seen bogus dates trips over the "don't trust
512 future timestamps" rule. closes: #76529, #123559
513 * apply patch from Steve Langasek to fix seg faults due to interaction with
514 PAM code. upstream confirms the problem, and says they're fixing this
515 differently for their next release... but this should be useful in the
516 meantime, and would be good to get into woody. closes: #119147
517 * only run the init.d at boot, not on each runlevel change... and don't run
518 it during package configure. closes: #125935
519 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
521 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
523 sudo (1.6.3p7-3) unstable; urgency=low
525 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
526 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
527 * fix a typo in the manpage, closes: #97368
528 * apply patch to configure.in and run autoconf to fix problem building on
529 the hurd, closes: #96325
530 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
531 to not last across reboots, closes: #76529
532 * clean up lintian-noticed cosmetic packaging issues
534 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
536 sudo (1.6.3p7-2) unstable; urgency=low
538 * update config.sub/guess for hppa support
540 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
542 sudo (1.6.3p7-1) unstable; urgency=low
544 * new upstream version
545 * add build dependency on mail-transport-agent, closes: #90685
547 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
549 sudo (1.6.3p6-1) unstable; urgency=high
551 * new upstream version, fixes buffer overflow problem,
552 closes: #87259, #87278, #87263
553 * revert to using --with-secure-path option at build time, since the option
554 available in sudoers is parsed too late to be useful, and upstream says
555 it won't get fixed quickly. This reopens 85123, which I will mark as
556 forwarded. Closes: #86199, #86117, #85676
558 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
560 sudo (1.6.3p5-2) unstable; urgency=low
562 * lose the dh_suidregister call since it's obsolete
563 * stop using the --with-secure-path option at build time, and instead show
564 how to set it in sudoers. Closes: #85123
565 * freshen config.sub and config.guess for ia64 and hppa
566 * update sudoers man page to indicate exempt_group is on by default,
569 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
571 sudo (1.6.3p5-1) unstable; urgency=low
573 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
574 * this version restores core dumps before the exec, while leaving them
575 disabled during sudo's internal execution, closes: #58289
576 * update debhelper calls in rules file
578 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
580 sudo (1.6.2p2-1) frozen unstable; urgency=medium
582 * new upstream source resulting from direct collaboration with the upstream
583 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
584 Closes: #56129, #55978, #55979, #56550, #56772
585 * include more upstream documentation, closes: #55054
586 * pam.d fragment update, closes: #56129
588 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
590 sudo (1.6.1-1) unstable; urgency=low
592 * new upstream source, closes: #52750
594 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
596 sudo (1.6-2) unstable; urgency=low
598 * drop suidregister support for this package. The sudo executable is
599 essentially worthless unless it is setuid root, and making suidregister
600 work involves shipping a non-setuid executable in the .deb and setting the
601 perms in the postinst. On a long upgrade run, this can leave the sudo
602 executable 'broken' for a long time, which is unacceptable. With this
603 version, we ship the executable setuid root in the .deb. Closes: #51742
605 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
607 sudo (1.6-1) unstable; urgency=low
609 * new upstream version, many options previously set at compile-time are now
610 configurable at runtime.
611 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
614 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
616 sudo (1.5.9p4-1) unstable; urgency=low
618 * new upstream version, closes: #43464
619 * empty password handling was fixed in 1.5.8, closes: #31863
621 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
623 sudo (1.5.9p1-1) unstable; urgency=low
625 * new upstream version
627 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
629 sudo (1.5.8p1-1) unstable; urgency=medium
631 * new upstream version, closes 33690
632 * add dependency on libpam-modules, closes 34215, 33432
634 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
636 sudo (1.5.7p4-2) unstable; urgency=medium
638 * update the pam fragment provided so that sudo works with latest pam bits,
641 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
643 sudo (1.5.7p4-1) unstable; urgency=low
645 * new upstream release
647 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
649 sudo (1.5.6p5-1) unstable; urgency=low
651 * new upstream patch release
652 * add PAM support, closes 28594
654 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
656 sudo (1.5.6p2-2) unstable; urgency=low
658 * update copyright file, closes 24136
659 * review and close forwarded bugs believed fixed in this upstream version,
662 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
664 sudo (1.5.6p2-1) unstable; urgency=low
666 * new upstream release
668 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
670 sudo (1.5.4-4) frozen unstable; urgency=low
672 * update postinst to use groupadd, closes 21403
673 * move the suidregister stuff earlier in postinst to ensure it always runs
675 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
677 sudo (1.5.4-3) frozen unstable; urgency=low
679 * change /etc/sudoers from a conffile to being handled in postinst,
681 * add suidmanager support, closes 15711
682 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
683 unlikely to ever fix, and which just don't matter. closes 17146
684 * fix FSF address in copyright file, and submit exception for lintian
685 warning about sudo being setuid root
687 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
689 sudo (1.5.4-2) unstable; urgency=high
691 * patch from upstream author correcting/improving security fix
693 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
695 sudo (1.5.4-1) unstable; urgency=high
697 * new upstream version, includes a security fix
698 * change default editor from /bin/ae to /usr/bin/editor
700 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
702 sudo (1.5.3-1) unstable; urgency=medium
704 * new upstream version, closes bug 15911.
705 * rules file reworked to use debhelper
706 * implement a really gross hack to force use of the sudo-provided
707 lsearch(), since the one in libc6 is broken! This closes bugs
708 12552, 12557, 14881, 15259, 15916.
710 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
712 sudo (1.5.2-6) unstable; urgency=LOW
714 * don't install INSTALL in the doc directory, closes bug 13195.
716 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
718 sudo (1.5.2-5) unstable; urgency=LOW
722 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
724 sudo (1.5.2-4) unstable; urgency=LOW
726 * change TIMEOUT (how long before you have to type your password again)
727 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
728 packages on slower machines much more tolerable. Closes bug 9076.
729 * touch debian/suid before debstd. Closes bug 8709.
731 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
733 sudo (1.5.2-3) frozen unstable; urgency=LOW
735 * patch from upstream maintainer to close Bug 6828
736 * add a debian/suid file to get debstd to leave my perl postinst alone
738 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
740 sudo (1.5.2-2) frozen unstable; urgency=LOW
742 * change rules to use -O2 -Wall as per standards
744 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
746 sudo (1.5.2-1) unstable; urgency=LOW
748 * new upstream version
749 * cosmetic changes to debian package control files
751 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
753 sudo (1.5-2) unstable; urgency=LOW
755 * add /usr/X11R6/bin to the end of the secure path... this makes it
756 much easier to run xmkmf, etc., during package builds. To the extent
757 that /usr/local/sbin and /usr/local/bin were already included, I see
758 no security reasons not to add this.
760 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
762 sudo (1.5-1) unstable; urgency=LOW
764 * New upstream version
766 * New packaging format
768 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
770 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
774 * hard code SECURE_PATH to:
775 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
779 * enabled EXEMPTGROUP "sudo"
781 * moved timestamp dir to /var/log/sudo
783 * changed parser to check for long and short filenames (Bug#1162)
785 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
789 * New upstream source
791 * Fixed postinst script
792 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
794 * Removed special shadow binary. This version works with and without
795 shadow password file.
797 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
801 * Corrected editor path to /bin/ae (Bug#3062)
803 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
805 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
809 * New upstream version
811 * Changed sudoers permission to 440 (owner root, group root) to make
814 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
818 * Applied upstream patch 1
820 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
824 * Applied upstream patch 2
826 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
830 * Applied upstream patch 3 (fixes problems with an NFS-mounted
834 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
838 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
839 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
841 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
845 * Applied upstream patch 4 (fixes several bugs)
847 * Changed priority to optional
849 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
853 * Corrected postinst to create correct permission for /etc/sudoers
856 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
860 * New upstream version
863 sudo (1.4.4-2) admin; urgency=HIGH
865 * Fixed major security bug reported by Peter Tobias
866 <tobias@et-inf.fho-emden.de>
867 * Added dchanges support to debian.rules
869 sudo (1.4.5-1) admin; urgency=LOW
871 * New upstream version
872 * Minor changes to debian.rules