1 sudo (1.6.8p5-1) unstable; urgency=high
4 * restores ability to use config tuples without a value, which was causing
5 problems on upgrade closes: #283306
6 * deliver sudoedit, closes: #283078
7 * marking urgency high since 283306 is a serious upgrade incompatibility
9 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
11 sudo (1.6.8p3-2) unstable; urgency=high
13 * update pam.d deliverable so ldap works again, closes: #282191
15 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
17 sudo (1.6.8p3-1) unstable; urgency=high
19 * new upstream version, fixes a flaw in sudo's environment sanitizing that
20 could allow a malicious user with permission to run a shell script that
21 utilized the bash shell to run arbitrary commands, closes: #281665
22 * patch the sample sudoers to have the proper path for kill on Debian
23 systems, closes: #263486
24 * patch the sudo manpage to reflect Debian's choice of exempt_group
25 default setting, closes: #236465
26 * patch the sudo manpage to reflect Debian's choice of no timeout on the
27 password prompt, closes: #271194
29 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
31 sudo (1.6.7p5-2) unstable; urgency=low
33 * Jeff Bailey reports that seteuid works on current sparc systems, so we
34 no longer need the "grosshack" stuff in the sudo rules file
35 * add a postrm that removes /etc/sudoers on purge. don't do this with the
36 normal conffile mechanism since it would generate noise on every upgrade,
39 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
41 sudo (1.6.7p5-1) unstable; urgency=low
43 * new upstream version, closes: #190265, #193222, #197244
44 * change from '.' to ':' in postinst chown call, closes: #208369
46 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
48 sudo (1.6.7p3-2) unstable; urgency=low
50 * add --disable-setresuid to configure call since 2.2 kernels don't support
51 setresgid, closes: #189044
52 * cosmetic cleanups to debian/rules as long as I'm there
54 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
56 sudo (1.6.7p3-1) unstable; urgency=low
58 * new upstream version
59 * add overrides to quiet lintian about things it doesn't understand,
60 except the source one that can't be overridden until 129510 is fixed
62 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
64 sudo (1.6.6-3) unstable; urgency=low
66 * add code to rules file to update config.sub/guess, closes: #164501
68 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
70 sudo (1.6.6-2) unstable; urgency=low
72 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
73 configure, and lose the build dependency on mail-transport-agent
74 * incorporate changes from LaMont's NMU, closes: #144665, #144737
75 * update init.d to not try and set time on nonexistent timestamp files,
77 * build with --with-all-insults, admin must edit sudoers to turn insults
78 on at runtime if desired, closes: #135374
79 * stop setting /usr/doc symlink in postinst
81 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
83 sudo (1.6.6-1.1) unstable; urgency=high
85 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
86 * Revert patch to auth/pam.c that left pass uninitialized, causing a
87 segfault (Closes: #144665).
89 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
91 sudo (1.6.6-1) unstable; urgency=high
93 * new upstream version, fixes security problem with crafty prompts,
96 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
98 sudo (1.6.5p1-4) unstable; urgency=high
100 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
101 if ctrl/C'ed at password prompt, closes: #131235
103 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
105 sudo (1.6.5p1-3) unstable; urgency=high
107 * ugly hack to add --disable-saved-ids when building on sparc in response
108 to 131592, which will be reassigned to glibc for a real fix
109 * urgency high since the sudo currently in testing for sparc is worthless
111 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
113 sudo (1.6.5p1-2) unstable; urgency=high
115 * patch from upstream to fix seg faults caused by versions of pam that
116 follow a NULL pointer, closes: #129512
118 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
120 sudo (1.6.5p1-1) unstable; urgency=high
122 * new upstream version
123 * add --disable-root-mailer option supported by new version to configure
124 call in rules file, closes: #129648
126 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
128 sudo (1.6.4p1-1) unstable; urgency=high
130 * new upstream version, with fix for segfaulting problem in 1.6.4
132 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
134 sudo (1.6.4-1) unstable; urgency=high
136 * new upstream version, includes an important security fix, closes: #127576
138 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
140 sudo (1.6.3p7-5) unstable; urgency=low
142 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
143 * fix spelling error in init.d, closes: #126847
145 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
147 sudo (1.6.3p7-4) unstable; urgency=medium
149 * use touch to set status files to an ancient date instead of removing them
150 outright on reboot. this achieves the desired effect of keeping elevated
151 privs from living across reboots, without forcing everyone to see the
152 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
153 for systems with good clocks, and 'recent enough' that broken PC hardware
154 setting the clock to commonly-seen bogus dates trips over the "don't trust
155 future timestamps" rule. closes: #76529, #123559
156 * apply patch from Steve Langasek to fix seg faults due to interaction with
157 PAM code. upstream confirms the problem, and says they're fixing this
158 differently for their next release... but this should be useful in the
159 meantime, and would be good to get into woody. closes: #119147
160 * only run the init.d at boot, not on each runlevel change... and don't run
161 it during package configure. closes: #125935
162 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
164 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
166 sudo (1.6.3p7-3) unstable; urgency=low
168 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
169 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
170 * fix a typo in the manpage, closes: #97368
171 * apply patch to configure.in and run autoconf to fix problem building on
172 the hurd, closes: #96325
173 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
174 to not last across reboots, closes: #76529
175 * clean up lintian-noticed cosmetic packaging issues
177 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
179 sudo (1.6.3p7-2) unstable; urgency=low
181 * update config.sub/guess for hppa support
183 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
185 sudo (1.6.3p7-1) unstable; urgency=low
187 * new upstream version
188 * add build dependency on mail-transport-agent, closes: #90685
190 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
192 sudo (1.6.3p6-1) unstable; urgency=high
194 * new upstream version, fixes buffer overflow problem,
195 closes: #87259, #87278, #87263
196 * revert to using --with-secure-path option at build time, since the option
197 available in sudoers is parsed too late to be useful, and upstream says
198 it won't get fixed quickly. This reopens 85123, which I will mark as
199 forwarded. Closes: #86199, #86117, #85676
201 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
203 sudo (1.6.3p5-2) unstable; urgency=low
205 * lose the dh_suidregister call since it's obsolete
206 * stop using the --with-secure-path option at build time, and instead show
207 how to set it in sudoers. Closes: #85123
208 * freshen config.sub and config.guess for ia64 and hppa
209 * update sudoers man page to indicate exempt_group is on by default,
212 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
214 sudo (1.6.3p5-1) unstable; urgency=low
216 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
217 * this version restores core dumps before the exec, while leaving them
218 disabled during sudo's internal execution, closes: #58289
219 * update debhelper calls in rules file
221 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
223 sudo (1.6.2p2-1) frozen unstable; urgency=medium
225 * new upstream source resulting from direct collaboration with the upstream
226 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
227 Closes: #56129, #55978, #55979, #56550, #56772
228 * include more upstream documentation, closes: #55054
229 * pam.d fragment update, closes: #56129
231 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
233 sudo (1.6.1-1) unstable; urgency=low
235 * new upstream source, closes: #52750
237 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
239 sudo (1.6-2) unstable; urgency=low
241 * drop suidregister support for this package. The sudo executable is
242 essentially worthless unless it is setuid root, and making suidregister
243 work involves shipping a non-setuid executable in the .deb and setting the
244 perms in the postinst. On a long upgrade run, this can leave the sudo
245 executable 'broken' for a long time, which is unacceptable. With this
246 version, we ship the executable setuid root in the .deb. Closes: #51742
248 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
250 sudo (1.6-1) unstable; urgency=low
252 * new upstream version, many options previously set at compile-time are now
253 configurable at runtime.
254 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
257 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
259 sudo (1.5.9p4-1) unstable; urgency=low
261 * new upstream version, closes: #43464
262 * empty password handling was fixed in 1.5.8, closes: #31863
264 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
266 sudo (1.5.9p1-1) unstable; urgency=low
268 * new upstream version
270 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
272 sudo (1.5.8p1-1) unstable; urgency=medium
274 * new upstream version, closes 33690
275 * add dependency on libpam-modules, closes 34215, 33432
277 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
279 sudo (1.5.7p4-2) unstable; urgency=medium
281 * update the pam fragment provided so that sudo works with latest pam bits,
284 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
286 sudo (1.5.7p4-1) unstable; urgency=low
288 * new upstream release
290 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
292 sudo (1.5.6p5-1) unstable; urgency=low
294 * new upstream patch release
295 * add PAM support, closes 28594
297 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
299 sudo (1.5.6p2-2) unstable; urgency=low
301 * update copyright file, closes 24136
302 * review and close forwarded bugs believed fixed in this upstream version,
305 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
307 sudo (1.5.6p2-1) unstable; urgency=low
309 * new upstream release
311 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
313 sudo (1.5.4-4) frozen unstable; urgency=low
315 * update postinst to use groupadd, closes 21403
316 * move the suidregister stuff earlier in postinst to ensure it always runs
318 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
320 sudo (1.5.4-3) frozen unstable; urgency=low
322 * change /etc/sudoers from a conffile to being handled in postinst,
324 * add suidmanager support, closes 15711
325 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
326 unlikely to ever fix, and which just don't matter. closes 17146
327 * fix FSF address in copyright file, and submit exception for lintian
328 warning about sudo being setuid root
330 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
332 sudo (1.5.4-2) unstable; urgency=high
334 * patch from upstream author correcting/improving security fix
336 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
338 sudo (1.5.4-1) unstable; urgency=high
340 * new upstream version, includes a security fix
341 * change default editor from /bin/ae to /usr/bin/editor
343 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
345 sudo (1.5.3-1) unstable; urgency=medium
347 * new upstream version, closes bug 15911.
348 * rules file reworked to use debhelper
349 * implement a really gross hack to force use of the sudo-provided
350 lsearch(), since the one in libc6 is broken! This closes bugs
351 12552, 12557, 14881, 15259, 15916.
353 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
355 sudo (1.5.2-6) unstable; urgency=LOW
357 * don't install INSTALL in the doc directory, closes bug 13195.
359 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
361 sudo (1.5.2-5) unstable; urgency=LOW
365 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
367 sudo (1.5.2-4) unstable; urgency=LOW
369 * change TIMEOUT (how long before you have to type your password again)
370 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
371 packages on slower machines much more tolerable. Closes bug 9076.
372 * touch debian/suid before debstd. Closes bug 8709.
374 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
376 sudo (1.5.2-3) frozen unstable; urgency=LOW
378 * patch from upstream maintainer to close Bug 6828
379 * add a debian/suid file to get debstd to leave my perl postinst alone
381 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
383 sudo (1.5.2-2) frozen unstable; urgency=LOW
385 * change rules to use -O2 -Wall as per standards
387 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
389 sudo (1.5.2-1) unstable; urgency=LOW
391 * new upstream version
392 * cosmetic changes to debian package control files
394 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
396 sudo (1.5-2) unstable; urgency=LOW
398 * add /usr/X11R6/bin to the end of the secure path... this makes it
399 much easier to run xmkmf, etc., during package builds. To the extent
400 that /usr/local/sbin and /usr/local/bin were already included, I see
401 no security reasons not to add this.
403 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
405 sudo (1.5-1) unstable; urgency=LOW
407 * New upstream version
409 * New packaging format
411 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
413 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
417 * hard code SECURE_PATH to:
418 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
422 * enabled EXEMPTGROUP "sudo"
424 * moved timestamp dir to /var/log/sudo
426 * changed parser to check for long and short filenames (Bug#1162)
428 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
432 * New upstream source
434 * Fixed postinst script
435 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
437 * Removed special shadow binary. This version works with and without
438 shadow password file.
440 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
444 * Corrected editor path to /bin/ae (Bug#3062)
446 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
448 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
452 * New upstream version
454 * Changed sudoers permission to 440 (owner root, group root) to make
457 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
461 * Applied upstream patch 1
463 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
467 * Applied upstream patch 2
469 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
473 * Applied upstream patch 3 (fixes problems with an NFS-mounted
477 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
481 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
482 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
484 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
488 * Applied upstream patch 4 (fixes several bugs)
490 * Changed priority to optional
492 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
496 * Corrected postinst to create correct permission for /etc/sudoers
499 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
503 * New upstream version
506 sudo (1.4.4-2) admin; urgency=HIGH
508 * Fixed major security bug reported by Peter Tobias
509 <tobias@et-inf.fho-emden.de>
510 * Added dchanges support to debian.rules
512 sudo (1.4.5-1) admin; urgency=LOW
514 * New upstream version
515 * Minor changes to debian.rules