1 sudo (1.8.1p2-1) UNRELEASED; urgency=low
4 * include common-session in pam config, closes: #519700, #607199
6 -- Bdale Garbee <bdale@gag.com> Fri, 22 Jul 2011 14:51:28 +0200
8 sudo (1.7.4p6-1) unstable; urgency=low
10 * new upstream version
11 * touch the right stamp name after configuring, closes: #611287
12 * patch from Svante Signell to fix build problem on Hurd, closes: #611290
14 -- Bdale Garbee <bdale@gag.com> Wed, 09 Feb 2011 11:32:58 -0700
16 sudo (1.7.4p4-6) unstable; urgency=low
18 * update /etc/sudoers.d/README now that sudoers is a conffile
19 * patch from upstream to fix special case in password checking code
20 when only the gid is changing, closes: #609641
22 -- Bdale Garbee <bdale@gag.com> Tue, 11 Jan 2011 10:22:39 -0700
24 sudo (1.7.4p4-5) unstable; urgency=low
26 * patch from Jakub Wilk to add noopt and nostrip build option support,
28 * make sudoers a conffile, closes: #605130
29 * add descriptions to LSB init headers, closes: #604619
30 * change default sudoers %sudo entry to allow gid changes, closes: #602699
31 * add Vcs entries to the control file
32 * use debhelper install files instead of explicit installs in rules
34 -- Bdale Garbee <bdale@gag.com> Wed, 01 Dec 2010 20:32:31 -0700
36 sudo (1.7.4p4-4) unstable; urgency=low
38 * patch from upstream to resolve problem always prompting for a password
39 when run without a tty, closes: #599376
40 * patch from upstream to resolve interoperability problem between HOME in
41 env_keep and the -H flag, closes: #596493
42 * change path syntax to avoid tar error when /var/run/sudo exists but is
43 empty, closes: #598877
45 -- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600
47 sudo (1.7.4p4-3) unstable; urgency=low
49 * make postinst clause for handling /var/run -> /var/lib transition less
50 fragile, closes: #585514
51 * cope with upstream's Makefile trying to install ChangeLog in our doc
52 directory, closes: #597389
53 * fix README.Debian to reflect that HOME is no longer preserved by default,
56 -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
58 sudo (1.7.4p4-2) unstable; urgency=low
60 * add a NEWS item about change in $HOME handling that impacts programs
63 -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
65 sudo (1.7.4p4-1) unstable; urgency=high
67 * new upstream version, urgency high due to fix for flaw in Runas group
68 matching (CVE-2010-2956), closes: #595935
69 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
70 re-lecturing existing users, and to clean up after ourselves on upgrade,
71 and remove the RAMRUN section from README.Debian since the new state dir
72 should fix the original problem, closes: #585514
73 * deliver README.Debian to both package flavors, closes: #593579
75 -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600
77 sudo (1.7.2p7-1) unstable; urgency=high
79 * new upstream release with security fix for secure path (CVE-2010-1646),
81 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
82 about whether to give the lecture is preserved across reboots even when
83 RAMRUN is set, closes: #581393
84 * add a note to README.Debian about LDAP needing an entry in
85 /etc/nsswitch.conf, closes: #522065
86 * add a note to README.Debian about how to turn off lectures if using
87 RAMRUN in /etc/default/rcS, closes: #581393
89 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
91 sudo (1.7.2p6-1) unstable; urgency=low
93 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
95 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
97 sudo (1.7.2p5-1) unstable; urgency=low
99 * new upstream release, closes a bug filed upstream regarding missing man
100 page processing scripts in the 1.7.2p1 tarball, also includes the fix
101 for CVE-2010-0426 previously the subject of a security team nmu
102 * move to source format 3.0 (quilt) and restructure changes as patches
103 * fix unprocessed substitution variables in man pages, closes: #557204
104 * apply patch from Neil Moore to fix Debian-specific content in the
105 visudo man page, closes: #555013
106 * update descriptions to better explain sudo-ldap, closes: #573108
107 * eliminate spurious 'and' in man page, closes: #571620
108 * fix confusing text in default sudoers, closes: #566607
110 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
112 sudo (1.7.2p1-1) unstable; urgency=low
114 * new upstream version
115 * add support for /etc/sudoers.d using #includedir in default sudoers,
116 which I think is also a good solution to the request for a crontab-like
117 API requested in March of 2001, closes: #539994, #271813, #89743
118 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
120 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
122 sudo (1.7.2-2) unstable; urgency=low
124 * further improve initial sudoers to not include the NOPASSWD option on
125 the group sudo exception, closes: #539136, #198991
127 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
129 sudo (1.7.2-1) unstable; urgency=low
131 * new upstream version, closes: #537103
132 * improve initial sudoers by having the exemption for users in group
133 sudo on by default, and including the ability to run any command as
134 any user. This makes the default install roughly equivalent to our
135 old use of the --with-exempt=sudo build option, closes: #536220, #536222
137 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
139 sudo (1.7.0-1) unstable; urgency=low
141 * new upstream version, closes: #510179, #128268, #520274, #508514
142 * fix ldap config file path for sudo-ldap package, including creating
143 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
144 package, closes: #430826
145 * fix NOPASSWD entry location in default config file for the sudo-ldap
146 instance too, closes: #479616
148 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
150 sudo (1.6.9p17-2) unstable; urgency=high
152 * patch from upstream to fix privilege escalation with certain
153 configurations, CVE-2009-0034
154 * typo in sudoers man page, closes: #507163
156 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
158 sudo (1.6.9p17-1) unstable; urgency=low
160 * new upstream version, closes: #481008
161 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
162 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
163 in move from CVS to git for package management, closes: #475821
164 * re-instate the init.d for the sudo-ldap package too... /o\
166 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
168 sudo (1.6.9p15-2) unstable; urgency=low
170 * revert the fix for 388659 such that visudo once again defaults to using
171 /usr/bin/editor. I was always ambivalent about this change, it has caused
172 more confusion and frustration than it cured, and I find Justin's line of
173 reasoning persuasive. Update the man page source to reflect this choice
174 and the related use of --with-env-editor. Closes: #474197.
175 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
177 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
179 sudo (1.6.9p15-1) unstable; urgency=low
181 * new upstream version, closes: #467126, #473337
182 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
183 thanks to Justin Pryzby for pointing this out
184 * reinstate the init.d, since bootclean doesn't quite do what we want. This
185 also means we don't need the preinst scripts any more. Update the lintian
186 overrides since postinst is a Perl script lintian apparently isn't parsing
187 well. closes: #330868
189 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
191 sudo (1.6.9p12-1) unstable; urgency=low
193 * new upstream version, closes: #464890
195 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
197 sudo (1.6.9p11-3) unstable; urgency=low
199 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
201 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
203 sudo (1.6.9p11-2) unstable; urgency=low
205 * update version compared in preinst when removing obsolete init.d,
207 * implement pam session config suggestions from Elizabeth Fong,
208 closes: #452457, #402329
210 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
212 sudo (1.6.9p11-1) unstable; urgency=low
214 * new upstream version
216 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
218 sudo (1.6.9p10-1) unstable; urgency=low
220 * new upstream version
221 * tweak default password prompt as %u doesn't make sense. Accept patch from
222 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
223 uses it by default, closes: #454409
224 * accept patch from Martin Pitt that adds a prerm making it difficult to
225 "accidentally" remove sudo when there is no root password set on the
226 system, closes: #451241
228 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
230 sudo (1.6.9p9-1) unstable; urgency=low
232 * new upstream version
233 * debian/rules: configure a more informative default password prompt to
234 reduce confusion when using sudo to invoke commands which also ask for
235 passwords, closes: #343268
236 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
237 a custom prompt, closes: #448628.
238 * fix configure's ability to discover that libc has dirfd, closes: #451324
239 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
240 the command 'visudo' invokes a vi variant by default as documented,
243 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
245 sudo (1.6.9p6-1) unstable; urgency=low
247 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
248 closes: #434832, #434608, #430382
249 * eliminate the now-redundant init.d scripts, closes: #397090
250 * fix typo in TROUBLESHOOTING file, closes: #439624
252 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
254 sudo (1.6.8p12-6) unstable; urgency=low
256 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
257 * have init.d touch directories in /var/run/sudo, not just files, as a
259 * fix various typos in sudoers.pod, closes: #419749
260 * don't let Makefile strip binaries, closes: #438073
262 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
264 sudo (1.6.8p12-5) unstable; urgency=low
266 * update debian/copyright to reflect new upstream URL, closes: #368746
267 * add sandwich cartoon URL to the README.Debian
268 * don't remove sudoers on purge. can cause problems when moving between
269 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
270 evil choice for now, closes: #401366
271 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
273 * accept patch that improves debian/rules from Ted Percival, closes: #382122
274 * no longer build with --with-exempt=sudo, provide an example entry in the
275 default sudoers file instead, closes: #296605
276 * add --with-devel to configure and augment build dependencies so that flex
277 and yacc files get re-generated on every build, closes: #316249
279 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
281 sudo (1.6.8p12-4) unstable; urgency=low
283 * patch from Petter Reinholdtsen for the LSB info block in the init.d
284 script, closes: #361055
285 * deliver sudoers sample again, closes: #361593
287 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
289 sudo (1.6.8p12-3) unstable; urgency=low
291 * force-feed configure knowledge of nroff's path so we get unformatted man
292 pages installed without build-depending on groff-base, closes: #360894
293 * add a reference to OPTIONS in the man page, closes: #186226
295 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
297 sudo (1.6.8p12-2) unstable; urgency=low
299 * fix typos in init scripts, closes: #346325
300 * update to debhelper compat level 5
301 * build depend on autotools-dev to ensure config.sub/guess are fresh
302 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
303 use it here as well. Thanks to Martin and the debian-security team.
304 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
305 closes: #315115, #315718, #203874
306 * Non-maintainer upload by the Security Team
307 * Reworked the former patch to limit environment variables from being
308 passed through, set env_reset as default instead [sudo.c, env.c,
309 sudoers.pod, Bug#342948, CVE-2005-4158]
310 * env_reset is now set by default
311 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
312 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
313 (in addition to the SUDO_* variables)
314 * Rebuild sudoers.man.in from the POD file
315 * Added README.Debian
316 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
317 * simplify rules file by using more of Makefile, despite having to override
318 default directories with more arguments to configure, closes: #292833
319 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
320 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
321 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
322 unresolveable (requires adding bison as build dep), closes: #314949
324 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
326 sudo (1.6.8p12-1) unstable; urgency=low
328 * new upstream version, closes: #342948 (CVE-2005-4158)
329 * add env_reset to the sudoers file we create if none already exists,
330 as a further precaution in response to discussion about CVS-2005-4158
331 * split ldap support into a new sudo-ldap package. I was trying to avoid
332 doing this, but the impact of going from 4 to 17 linked shlibs on the
333 autobuilder chroots is sufficient motivation for me.
336 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
338 sudo (1.6.8p9-4) unstable; urgency=low
340 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
341 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
342 timestamps in the init.d script, closes: #330868
343 * add dependency header to init.d script, closes: #332849
345 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
347 sudo (1.6.8p9-3) unstable; urgency=high
349 * update debhelper compatibility level from 2 to 4
350 * add man page symlink for sudoedit
351 * Clean SHELLOPTS and PS4 from the environment before executing programs
352 with sudo permissions [env.c, CAN-2005-2959]
353 * fix typo in manpage pointed out by Moray Allen, closes: #285995
354 * fix paths in sample complex sudoers file, closes: #303542
355 * fix type in sudoers man page, closes: #311244
357 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
359 sudo (1.6.8p9-2) unstable; urgency=high
361 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
364 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
366 sudo (1.6.8p9-1) unstable; urgency=high
368 * new upstream version, fixes a race condition in sudo's pathname
369 validation, which is a security issue (CAN-2005-1993),
370 closes: #315115, #315718
372 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
374 sudo (1.6.8p7-1) unstable; urgency=low
376 * new upstream version, closes: #299585
377 * update lintian overrides to squelch the postinst warning
378 * change sudoedit from a hard to a soft link, closes: #296896
379 * fix regex doc in sudoers man page, closes: #300361
381 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
383 sudo (1.6.8p5-1) unstable; urgency=high
385 * new upstream version
386 * restores ability to use config tuples without a value, which was causing
387 problems on upgrade closes: #283306
388 * deliver sudoedit, closes: #283078
389 * marking urgency high since 283306 is a serious upgrade incompatibility
391 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
393 sudo (1.6.8p3-2) unstable; urgency=high
395 * update pam.d deliverable so ldap works again, closes: #282191
397 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
399 sudo (1.6.8p3-1) unstable; urgency=high
401 * new upstream version, fixes a flaw in sudo's environment sanitizing that
402 could allow a malicious user with permission to run a shell script that
403 utilized the bash shell to run arbitrary commands, closes: #281665
404 * patch the sample sudoers to have the proper path for kill on Debian
405 systems, closes: #263486
406 * patch the sudo manpage to reflect Debian's choice of exempt_group
407 default setting, closes: #236465
408 * patch the sudo manpage to reflect Debian's choice of no timeout on the
409 password prompt, closes: #271194
411 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
413 sudo (1.6.7p5-2) unstable; urgency=low
415 * Jeff Bailey reports that seteuid works on current sparc systems, so we
416 no longer need the "grosshack" stuff in the sudo rules file
417 * add a postrm that removes /etc/sudoers on purge. don't do this with the
418 normal conffile mechanism since it would generate noise on every upgrade,
421 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
423 sudo (1.6.7p5-1) unstable; urgency=low
425 * new upstream version, closes: #190265, #193222, #197244
426 * change from '.' to ':' in postinst chown call, closes: #208369
428 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
430 sudo (1.6.7p3-2) unstable; urgency=low
432 * add --disable-setresuid to configure call since 2.2 kernels don't support
433 setresgid, closes: #189044
434 * cosmetic cleanups to debian/rules as long as I'm there
436 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
438 sudo (1.6.7p3-1) unstable; urgency=low
440 * new upstream version
441 * add overrides to quiet lintian about things it doesn't understand,
442 except the source one that can't be overridden until 129510 is fixed
444 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
446 sudo (1.6.6-3) unstable; urgency=low
448 * add code to rules file to update config.sub/guess, closes: #164501
450 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
452 sudo (1.6.6-2) unstable; urgency=low
454 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
455 configure, and lose the build dependency on mail-transport-agent
456 * incorporate changes from LaMont's NMU, closes: #144665, #144737
457 * update init.d to not try and set time on nonexistent timestamp files,
459 * build with --with-all-insults, admin must edit sudoers to turn insults
460 on at runtime if desired, closes: #135374
461 * stop setting /usr/doc symlink in postinst
463 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
465 sudo (1.6.6-1.1) unstable; urgency=high
467 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
468 * Revert patch to auth/pam.c that left pass uninitialized, causing a
469 segfault (Closes: #144665).
471 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
473 sudo (1.6.6-1) unstable; urgency=high
475 * new upstream version, fixes security problem with crafty prompts,
478 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
480 sudo (1.6.5p1-4) unstable; urgency=high
482 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
483 if ctrl/C'ed at password prompt, closes: #131235
485 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
487 sudo (1.6.5p1-3) unstable; urgency=high
489 * ugly hack to add --disable-saved-ids when building on sparc in response
490 to 131592, which will be reassigned to glibc for a real fix
491 * urgency high since the sudo currently in testing for sparc is worthless
493 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
495 sudo (1.6.5p1-2) unstable; urgency=high
497 * patch from upstream to fix seg faults caused by versions of pam that
498 follow a NULL pointer, closes: #129512
500 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
502 sudo (1.6.5p1-1) unstable; urgency=high
504 * new upstream version
505 * add --disable-root-mailer option supported by new version to configure
506 call in rules file, closes: #129648
508 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
510 sudo (1.6.4p1-1) unstable; urgency=high
512 * new upstream version, with fix for segfaulting problem in 1.6.4
514 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
516 sudo (1.6.4-1) unstable; urgency=high
518 * new upstream version, includes an important security fix, closes: #127576
520 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
522 sudo (1.6.3p7-5) unstable; urgency=low
524 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
525 * fix spelling error in init.d, closes: #126847
527 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
529 sudo (1.6.3p7-4) unstable; urgency=medium
531 * use touch to set status files to an ancient date instead of removing them
532 outright on reboot. this achieves the desired effect of keeping elevated
533 privs from living across reboots, without forcing everyone to see the
534 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
535 for systems with good clocks, and 'recent enough' that broken PC hardware
536 setting the clock to commonly-seen bogus dates trips over the "don't trust
537 future timestamps" rule. closes: #76529, #123559
538 * apply patch from Steve Langasek to fix seg faults due to interaction with
539 PAM code. upstream confirms the problem, and says they're fixing this
540 differently for their next release... but this should be useful in the
541 meantime, and would be good to get into woody. closes: #119147
542 * only run the init.d at boot, not on each runlevel change... and don't run
543 it during package configure. closes: #125935
544 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
546 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
548 sudo (1.6.3p7-3) unstable; urgency=low
550 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
551 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
552 * fix a typo in the manpage, closes: #97368
553 * apply patch to configure.in and run autoconf to fix problem building on
554 the hurd, closes: #96325
555 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
556 to not last across reboots, closes: #76529
557 * clean up lintian-noticed cosmetic packaging issues
559 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
561 sudo (1.6.3p7-2) unstable; urgency=low
563 * update config.sub/guess for hppa support
565 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
567 sudo (1.6.3p7-1) unstable; urgency=low
569 * new upstream version
570 * add build dependency on mail-transport-agent, closes: #90685
572 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
574 sudo (1.6.3p6-1) unstable; urgency=high
576 * new upstream version, fixes buffer overflow problem,
577 closes: #87259, #87278, #87263
578 * revert to using --with-secure-path option at build time, since the option
579 available in sudoers is parsed too late to be useful, and upstream says
580 it won't get fixed quickly. This reopens 85123, which I will mark as
581 forwarded. Closes: #86199, #86117, #85676
583 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
585 sudo (1.6.3p5-2) unstable; urgency=low
587 * lose the dh_suidregister call since it's obsolete
588 * stop using the --with-secure-path option at build time, and instead show
589 how to set it in sudoers. Closes: #85123
590 * freshen config.sub and config.guess for ia64 and hppa
591 * update sudoers man page to indicate exempt_group is on by default,
594 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
596 sudo (1.6.3p5-1) unstable; urgency=low
598 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
599 * this version restores core dumps before the exec, while leaving them
600 disabled during sudo's internal execution, closes: #58289
601 * update debhelper calls in rules file
603 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
605 sudo (1.6.2p2-1) frozen unstable; urgency=medium
607 * new upstream source resulting from direct collaboration with the upstream
608 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
609 Closes: #56129, #55978, #55979, #56550, #56772
610 * include more upstream documentation, closes: #55054
611 * pam.d fragment update, closes: #56129
613 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
615 sudo (1.6.1-1) unstable; urgency=low
617 * new upstream source, closes: #52750
619 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
621 sudo (1.6-2) unstable; urgency=low
623 * drop suidregister support for this package. The sudo executable is
624 essentially worthless unless it is setuid root, and making suidregister
625 work involves shipping a non-setuid executable in the .deb and setting the
626 perms in the postinst. On a long upgrade run, this can leave the sudo
627 executable 'broken' for a long time, which is unacceptable. With this
628 version, we ship the executable setuid root in the .deb. Closes: #51742
630 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
632 sudo (1.6-1) unstable; urgency=low
634 * new upstream version, many options previously set at compile-time are now
635 configurable at runtime.
636 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
639 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
641 sudo (1.5.9p4-1) unstable; urgency=low
643 * new upstream version, closes: #43464
644 * empty password handling was fixed in 1.5.8, closes: #31863
646 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
648 sudo (1.5.9p1-1) unstable; urgency=low
650 * new upstream version
652 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
654 sudo (1.5.8p1-1) unstable; urgency=medium
656 * new upstream version, closes 33690
657 * add dependency on libpam-modules, closes 34215, 33432
659 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
661 sudo (1.5.7p4-2) unstable; urgency=medium
663 * update the pam fragment provided so that sudo works with latest pam bits,
666 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
668 sudo (1.5.7p4-1) unstable; urgency=low
670 * new upstream release
672 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
674 sudo (1.5.6p5-1) unstable; urgency=low
676 * new upstream patch release
677 * add PAM support, closes 28594
679 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
681 sudo (1.5.6p2-2) unstable; urgency=low
683 * update copyright file, closes 24136
684 * review and close forwarded bugs believed fixed in this upstream version,
687 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
689 sudo (1.5.6p2-1) unstable; urgency=low
691 * new upstream release
693 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
695 sudo (1.5.4-4) frozen unstable; urgency=low
697 * update postinst to use groupadd, closes 21403
698 * move the suidregister stuff earlier in postinst to ensure it always runs
700 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
702 sudo (1.5.4-3) frozen unstable; urgency=low
704 * change /etc/sudoers from a conffile to being handled in postinst,
706 * add suidmanager support, closes 15711
707 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
708 unlikely to ever fix, and which just don't matter. closes 17146
709 * fix FSF address in copyright file, and submit exception for lintian
710 warning about sudo being setuid root
712 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
714 sudo (1.5.4-2) unstable; urgency=high
716 * patch from upstream author correcting/improving security fix
718 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
720 sudo (1.5.4-1) unstable; urgency=high
722 * new upstream version, includes a security fix
723 * change default editor from /bin/ae to /usr/bin/editor
725 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
727 sudo (1.5.3-1) unstable; urgency=medium
729 * new upstream version, closes bug 15911.
730 * rules file reworked to use debhelper
731 * implement a really gross hack to force use of the sudo-provided
732 lsearch(), since the one in libc6 is broken! This closes bugs
733 12552, 12557, 14881, 15259, 15916.
735 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
737 sudo (1.5.2-6) unstable; urgency=LOW
739 * don't install INSTALL in the doc directory, closes bug 13195.
741 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
743 sudo (1.5.2-5) unstable; urgency=LOW
747 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
749 sudo (1.5.2-4) unstable; urgency=LOW
751 * change TIMEOUT (how long before you have to type your password again)
752 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
753 packages on slower machines much more tolerable. Closes bug 9076.
754 * touch debian/suid before debstd. Closes bug 8709.
756 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
758 sudo (1.5.2-3) frozen unstable; urgency=LOW
760 * patch from upstream maintainer to close Bug 6828
761 * add a debian/suid file to get debstd to leave my perl postinst alone
763 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
765 sudo (1.5.2-2) frozen unstable; urgency=LOW
767 * change rules to use -O2 -Wall as per standards
769 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
771 sudo (1.5.2-1) unstable; urgency=LOW
773 * new upstream version
774 * cosmetic changes to debian package control files
776 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
778 sudo (1.5-2) unstable; urgency=LOW
780 * add /usr/X11R6/bin to the end of the secure path... this makes it
781 much easier to run xmkmf, etc., during package builds. To the extent
782 that /usr/local/sbin and /usr/local/bin were already included, I see
783 no security reasons not to add this.
785 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
787 sudo (1.5-1) unstable; urgency=LOW
789 * New upstream version
791 * New packaging format
793 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
795 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
799 * hard code SECURE_PATH to:
800 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
804 * enabled EXEMPTGROUP "sudo"
806 * moved timestamp dir to /var/log/sudo
808 * changed parser to check for long and short filenames (Bug#1162)
810 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
814 * New upstream source
816 * Fixed postinst script
817 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
819 * Removed special shadow binary. This version works with and without
820 shadow password file.
822 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
826 * Corrected editor path to /bin/ae (Bug#3062)
828 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
830 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
834 * New upstream version
836 * Changed sudoers permission to 440 (owner root, group root) to make
839 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
843 * Applied upstream patch 1
845 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
849 * Applied upstream patch 2
851 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
855 * Applied upstream patch 3 (fixes problems with an NFS-mounted
859 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
863 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
864 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
866 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
870 * Applied upstream patch 4 (fixes several bugs)
872 * Changed priority to optional
874 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
878 * Corrected postinst to create correct permission for /etc/sudoers
881 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
885 * New upstream version
888 sudo (1.4.4-2) admin; urgency=HIGH
890 * Fixed major security bug reported by Peter Tobias
891 <tobias@et-inf.fho-emden.de>
892 * Added dchanges support to debian.rules
894 sudo (1.4.5-1) admin; urgency=LOW
896 * New upstream version
897 * Minor changes to debian.rules