1 sudo (1.8.2-2) UNRELEASED; urgency=low
4 * debian/rules improvements, closes: #642535
5 + mv upstream sample.* files to the examples folder.
6 - do not call dh_installexamples.
9 * patch from upstream for SIGBUS on sparc64, closes: #640304
10 * use common-session-noninteractive in the pam config to reduce log noise
11 when sudo is used in cron, etc, closes: #519700
13 -- Bdale Garbee <bdale@gag.com> Mon, 26 Sep 2011 20:33:40 -0600
15 sudo (1.8.2-1) unstable; urgency=low
17 * new upstream version, closes: #637449, #621830
18 * include common-session in pam config, closes: #519700, #607199
19 * move secure_path from configure to default sudoers, closes: #85123, 85917
20 * improve sudoers self-documentation, closes: #613639
21 * drop --disable-setresuid since modern systems should not run 2.2 kernels
22 * lose the --with-devel configure option since it's breaking builds in
23 subdirectories for some reason
25 -- Bdale Garbee <bdale@gag.com> Wed, 24 Aug 2011 13:33:11 -0600
27 sudo (1.7.4p6-1) unstable; urgency=low
29 * new upstream version
30 * touch the right stamp name after configuring, closes: #611287
31 * patch from Svante Signell to fix build problem on Hurd, closes: #611290
33 -- Bdale Garbee <bdale@gag.com> Wed, 09 Feb 2011 11:32:58 -0700
35 sudo (1.7.4p4-6) unstable; urgency=low
37 * update /etc/sudoers.d/README now that sudoers is a conffile
38 * patch from upstream to fix special case in password checking code
39 when only the gid is changing, closes: #609641
41 -- Bdale Garbee <bdale@gag.com> Tue, 11 Jan 2011 10:22:39 -0700
43 sudo (1.7.4p4-5) unstable; urgency=low
45 * patch from Jakub Wilk to add noopt and nostrip build option support,
47 * make sudoers a conffile, closes: #605130
48 * add descriptions to LSB init headers, closes: #604619
49 * change default sudoers %sudo entry to allow gid changes, closes: #602699
50 * add Vcs entries to the control file
51 * use debhelper install files instead of explicit installs in rules
53 -- Bdale Garbee <bdale@gag.com> Wed, 01 Dec 2010 20:32:31 -0700
55 sudo (1.7.4p4-4) unstable; urgency=low
57 * patch from upstream to resolve problem always prompting for a password
58 when run without a tty, closes: #599376
59 * patch from upstream to resolve interoperability problem between HOME in
60 env_keep and the -H flag, closes: #596493
61 * change path syntax to avoid tar error when /var/run/sudo exists but is
62 empty, closes: #598877
64 -- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600
66 sudo (1.7.4p4-3) unstable; urgency=low
68 * make postinst clause for handling /var/run -> /var/lib transition less
69 fragile, closes: #585514
70 * cope with upstream's Makefile trying to install ChangeLog in our doc
71 directory, closes: #597389
72 * fix README.Debian to reflect that HOME is no longer preserved by default,
75 -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
77 sudo (1.7.4p4-2) unstable; urgency=low
79 * add a NEWS item about change in $HOME handling that impacts programs
82 -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
84 sudo (1.7.4p4-1) unstable; urgency=high
86 * new upstream version, urgency high due to fix for flaw in Runas group
87 matching (CVE-2010-2956), closes: #595935
88 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
89 re-lecturing existing users, and to clean up after ourselves on upgrade,
90 and remove the RAMRUN section from README.Debian since the new state dir
91 should fix the original problem, closes: #585514
92 * deliver README.Debian to both package flavors, closes: #593579
94 -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600
96 sudo (1.7.2p7-1) unstable; urgency=high
98 * new upstream release with security fix for secure path (CVE-2010-1646),
100 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
101 about whether to give the lecture is preserved across reboots even when
102 RAMRUN is set, closes: #581393
103 * add a note to README.Debian about LDAP needing an entry in
104 /etc/nsswitch.conf, closes: #522065
105 * add a note to README.Debian about how to turn off lectures if using
106 RAMRUN in /etc/default/rcS, closes: #581393
108 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
110 sudo (1.7.2p6-1) unstable; urgency=low
112 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
114 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
116 sudo (1.7.2p5-1) unstable; urgency=low
118 * new upstream release, closes a bug filed upstream regarding missing man
119 page processing scripts in the 1.7.2p1 tarball, also includes the fix
120 for CVE-2010-0426 previously the subject of a security team nmu
121 * move to source format 3.0 (quilt) and restructure changes as patches
122 * fix unprocessed substitution variables in man pages, closes: #557204
123 * apply patch from Neil Moore to fix Debian-specific content in the
124 visudo man page, closes: #555013
125 * update descriptions to better explain sudo-ldap, closes: #573108
126 * eliminate spurious 'and' in man page, closes: #571620
127 * fix confusing text in default sudoers, closes: #566607
129 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
131 sudo (1.7.2p1-1) unstable; urgency=low
133 * new upstream version
134 * add support for /etc/sudoers.d using #includedir in default sudoers,
135 which I think is also a good solution to the request for a crontab-like
136 API requested in March of 2001, closes: #539994, #271813, #89743
137 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
139 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
141 sudo (1.7.2-2) unstable; urgency=low
143 * further improve initial sudoers to not include the NOPASSWD option on
144 the group sudo exception, closes: #539136, #198991
146 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
148 sudo (1.7.2-1) unstable; urgency=low
150 * new upstream version, closes: #537103
151 * improve initial sudoers by having the exemption for users in group
152 sudo on by default, and including the ability to run any command as
153 any user. This makes the default install roughly equivalent to our
154 old use of the --with-exempt=sudo build option, closes: #536220, #536222
156 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
158 sudo (1.7.0-1) unstable; urgency=low
160 * new upstream version, closes: #510179, #128268, #520274, #508514
161 * fix ldap config file path for sudo-ldap package, including creating
162 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
163 package, closes: #430826
164 * fix NOPASSWD entry location in default config file for the sudo-ldap
165 instance too, closes: #479616
167 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
169 sudo (1.6.9p17-2) unstable; urgency=high
171 * patch from upstream to fix privilege escalation with certain
172 configurations, CVE-2009-0034
173 * typo in sudoers man page, closes: #507163
175 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
177 sudo (1.6.9p17-1) unstable; urgency=low
179 * new upstream version, closes: #481008
180 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
181 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
182 in move from CVS to git for package management, closes: #475821
183 * re-instate the init.d for the sudo-ldap package too... /o\
185 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
187 sudo (1.6.9p15-2) unstable; urgency=low
189 * revert the fix for 388659 such that visudo once again defaults to using
190 /usr/bin/editor. I was always ambivalent about this change, it has caused
191 more confusion and frustration than it cured, and I find Justin's line of
192 reasoning persuasive. Update the man page source to reflect this choice
193 and the related use of --with-env-editor. Closes: #474197.
194 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
196 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
198 sudo (1.6.9p15-1) unstable; urgency=low
200 * new upstream version, closes: #467126, #473337
201 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
202 thanks to Justin Pryzby for pointing this out
203 * reinstate the init.d, since bootclean doesn't quite do what we want. This
204 also means we don't need the preinst scripts any more. Update the lintian
205 overrides since postinst is a Perl script lintian apparently isn't parsing
206 well. closes: #330868
208 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
210 sudo (1.6.9p12-1) unstable; urgency=low
212 * new upstream version, closes: #464890
214 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
216 sudo (1.6.9p11-3) unstable; urgency=low
218 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
220 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
222 sudo (1.6.9p11-2) unstable; urgency=low
224 * update version compared in preinst when removing obsolete init.d,
226 * implement pam session config suggestions from Elizabeth Fong,
227 closes: #452457, #402329
229 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
231 sudo (1.6.9p11-1) unstable; urgency=low
233 * new upstream version
235 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
237 sudo (1.6.9p10-1) unstable; urgency=low
239 * new upstream version
240 * tweak default password prompt as %u doesn't make sense. Accept patch from
241 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
242 uses it by default, closes: #454409
243 * accept patch from Martin Pitt that adds a prerm making it difficult to
244 "accidentally" remove sudo when there is no root password set on the
245 system, closes: #451241
247 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
249 sudo (1.6.9p9-1) unstable; urgency=low
251 * new upstream version
252 * debian/rules: configure a more informative default password prompt to
253 reduce confusion when using sudo to invoke commands which also ask for
254 passwords, closes: #343268
255 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
256 a custom prompt, closes: #448628.
257 * fix configure's ability to discover that libc has dirfd, closes: #451324
258 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
259 the command 'visudo' invokes a vi variant by default as documented,
262 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
264 sudo (1.6.9p6-1) unstable; urgency=low
266 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
267 closes: #434832, #434608, #430382
268 * eliminate the now-redundant init.d scripts, closes: #397090
269 * fix typo in TROUBLESHOOTING file, closes: #439624
271 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
273 sudo (1.6.8p12-6) unstable; urgency=low
275 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
276 * have init.d touch directories in /var/run/sudo, not just files, as a
278 * fix various typos in sudoers.pod, closes: #419749
279 * don't let Makefile strip binaries, closes: #438073
281 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
283 sudo (1.6.8p12-5) unstable; urgency=low
285 * update debian/copyright to reflect new upstream URL, closes: #368746
286 * add sandwich cartoon URL to the README.Debian
287 * don't remove sudoers on purge. can cause problems when moving between
288 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
289 evil choice for now, closes: #401366
290 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
292 * accept patch that improves debian/rules from Ted Percival, closes: #382122
293 * no longer build with --with-exempt=sudo, provide an example entry in the
294 default sudoers file instead, closes: #296605
295 * add --with-devel to configure and augment build dependencies so that flex
296 and yacc files get re-generated on every build, closes: #316249
298 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
300 sudo (1.6.8p12-4) unstable; urgency=low
302 * patch from Petter Reinholdtsen for the LSB info block in the init.d
303 script, closes: #361055
304 * deliver sudoers sample again, closes: #361593
306 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
308 sudo (1.6.8p12-3) unstable; urgency=low
310 * force-feed configure knowledge of nroff's path so we get unformatted man
311 pages installed without build-depending on groff-base, closes: #360894
312 * add a reference to OPTIONS in the man page, closes: #186226
314 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
316 sudo (1.6.8p12-2) unstable; urgency=low
318 * fix typos in init scripts, closes: #346325
319 * update to debhelper compat level 5
320 * build depend on autotools-dev to ensure config.sub/guess are fresh
321 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
322 use it here as well. Thanks to Martin and the debian-security team.
323 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
324 closes: #315115, #315718, #203874
325 * Non-maintainer upload by the Security Team
326 * Reworked the former patch to limit environment variables from being
327 passed through, set env_reset as default instead [sudo.c, env.c,
328 sudoers.pod, Bug#342948, CVE-2005-4158]
329 * env_reset is now set by default
330 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
331 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
332 (in addition to the SUDO_* variables)
333 * Rebuild sudoers.man.in from the POD file
334 * Added README.Debian
335 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
336 * simplify rules file by using more of Makefile, despite having to override
337 default directories with more arguments to configure, closes: #292833
338 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
339 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
340 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
341 unresolveable (requires adding bison as build dep), closes: #314949
343 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
345 sudo (1.6.8p12-1) unstable; urgency=low
347 * new upstream version, closes: #342948 (CVE-2005-4158)
348 * add env_reset to the sudoers file we create if none already exists,
349 as a further precaution in response to discussion about CVS-2005-4158
350 * split ldap support into a new sudo-ldap package. I was trying to avoid
351 doing this, but the impact of going from 4 to 17 linked shlibs on the
352 autobuilder chroots is sufficient motivation for me.
355 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
357 sudo (1.6.8p9-4) unstable; urgency=low
359 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
360 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
361 timestamps in the init.d script, closes: #330868
362 * add dependency header to init.d script, closes: #332849
364 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
366 sudo (1.6.8p9-3) unstable; urgency=high
368 * update debhelper compatibility level from 2 to 4
369 * add man page symlink for sudoedit
370 * Clean SHELLOPTS and PS4 from the environment before executing programs
371 with sudo permissions [env.c, CAN-2005-2959]
372 * fix typo in manpage pointed out by Moray Allen, closes: #285995
373 * fix paths in sample complex sudoers file, closes: #303542
374 * fix type in sudoers man page, closes: #311244
376 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
378 sudo (1.6.8p9-2) unstable; urgency=high
380 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
383 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
385 sudo (1.6.8p9-1) unstable; urgency=high
387 * new upstream version, fixes a race condition in sudo's pathname
388 validation, which is a security issue (CAN-2005-1993),
389 closes: #315115, #315718
391 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
393 sudo (1.6.8p7-1) unstable; urgency=low
395 * new upstream version, closes: #299585
396 * update lintian overrides to squelch the postinst warning
397 * change sudoedit from a hard to a soft link, closes: #296896
398 * fix regex doc in sudoers man page, closes: #300361
400 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
402 sudo (1.6.8p5-1) unstable; urgency=high
404 * new upstream version
405 * restores ability to use config tuples without a value, which was causing
406 problems on upgrade closes: #283306
407 * deliver sudoedit, closes: #283078
408 * marking urgency high since 283306 is a serious upgrade incompatibility
410 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
412 sudo (1.6.8p3-2) unstable; urgency=high
414 * update pam.d deliverable so ldap works again, closes: #282191
416 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
418 sudo (1.6.8p3-1) unstable; urgency=high
420 * new upstream version, fixes a flaw in sudo's environment sanitizing that
421 could allow a malicious user with permission to run a shell script that
422 utilized the bash shell to run arbitrary commands, closes: #281665
423 * patch the sample sudoers to have the proper path for kill on Debian
424 systems, closes: #263486
425 * patch the sudo manpage to reflect Debian's choice of exempt_group
426 default setting, closes: #236465
427 * patch the sudo manpage to reflect Debian's choice of no timeout on the
428 password prompt, closes: #271194
430 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
432 sudo (1.6.7p5-2) unstable; urgency=low
434 * Jeff Bailey reports that seteuid works on current sparc systems, so we
435 no longer need the "grosshack" stuff in the sudo rules file
436 * add a postrm that removes /etc/sudoers on purge. don't do this with the
437 normal conffile mechanism since it would generate noise on every upgrade,
440 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
442 sudo (1.6.7p5-1) unstable; urgency=low
444 * new upstream version, closes: #190265, #193222, #197244
445 * change from '.' to ':' in postinst chown call, closes: #208369
447 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
449 sudo (1.6.7p3-2) unstable; urgency=low
451 * add --disable-setresuid to configure call since 2.2 kernels don't support
452 setresgid, closes: #189044
453 * cosmetic cleanups to debian/rules as long as I'm there
455 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
457 sudo (1.6.7p3-1) unstable; urgency=low
459 * new upstream version
460 * add overrides to quiet lintian about things it doesn't understand,
461 except the source one that can't be overridden until 129510 is fixed
463 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
465 sudo (1.6.6-3) unstable; urgency=low
467 * add code to rules file to update config.sub/guess, closes: #164501
469 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
471 sudo (1.6.6-2) unstable; urgency=low
473 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
474 configure, and lose the build dependency on mail-transport-agent
475 * incorporate changes from LaMont's NMU, closes: #144665, #144737
476 * update init.d to not try and set time on nonexistent timestamp files,
478 * build with --with-all-insults, admin must edit sudoers to turn insults
479 on at runtime if desired, closes: #135374
480 * stop setting /usr/doc symlink in postinst
482 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
484 sudo (1.6.6-1.1) unstable; urgency=high
486 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
487 * Revert patch to auth/pam.c that left pass uninitialized, causing a
488 segfault (Closes: #144665).
490 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
492 sudo (1.6.6-1) unstable; urgency=high
494 * new upstream version, fixes security problem with crafty prompts,
497 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
499 sudo (1.6.5p1-4) unstable; urgency=high
501 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
502 if ctrl/C'ed at password prompt, closes: #131235
504 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
506 sudo (1.6.5p1-3) unstable; urgency=high
508 * ugly hack to add --disable-saved-ids when building on sparc in response
509 to 131592, which will be reassigned to glibc for a real fix
510 * urgency high since the sudo currently in testing for sparc is worthless
512 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
514 sudo (1.6.5p1-2) unstable; urgency=high
516 * patch from upstream to fix seg faults caused by versions of pam that
517 follow a NULL pointer, closes: #129512
519 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
521 sudo (1.6.5p1-1) unstable; urgency=high
523 * new upstream version
524 * add --disable-root-mailer option supported by new version to configure
525 call in rules file, closes: #129648
527 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
529 sudo (1.6.4p1-1) unstable; urgency=high
531 * new upstream version, with fix for segfaulting problem in 1.6.4
533 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
535 sudo (1.6.4-1) unstable; urgency=high
537 * new upstream version, includes an important security fix, closes: #127576
539 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
541 sudo (1.6.3p7-5) unstable; urgency=low
543 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
544 * fix spelling error in init.d, closes: #126847
546 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
548 sudo (1.6.3p7-4) unstable; urgency=medium
550 * use touch to set status files to an ancient date instead of removing them
551 outright on reboot. this achieves the desired effect of keeping elevated
552 privs from living across reboots, without forcing everyone to see the
553 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
554 for systems with good clocks, and 'recent enough' that broken PC hardware
555 setting the clock to commonly-seen bogus dates trips over the "don't trust
556 future timestamps" rule. closes: #76529, #123559
557 * apply patch from Steve Langasek to fix seg faults due to interaction with
558 PAM code. upstream confirms the problem, and says they're fixing this
559 differently for their next release... but this should be useful in the
560 meantime, and would be good to get into woody. closes: #119147
561 * only run the init.d at boot, not on each runlevel change... and don't run
562 it during package configure. closes: #125935
563 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
565 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
567 sudo (1.6.3p7-3) unstable; urgency=low
569 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
570 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
571 * fix a typo in the manpage, closes: #97368
572 * apply patch to configure.in and run autoconf to fix problem building on
573 the hurd, closes: #96325
574 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
575 to not last across reboots, closes: #76529
576 * clean up lintian-noticed cosmetic packaging issues
578 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
580 sudo (1.6.3p7-2) unstable; urgency=low
582 * update config.sub/guess for hppa support
584 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
586 sudo (1.6.3p7-1) unstable; urgency=low
588 * new upstream version
589 * add build dependency on mail-transport-agent, closes: #90685
591 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
593 sudo (1.6.3p6-1) unstable; urgency=high
595 * new upstream version, fixes buffer overflow problem,
596 closes: #87259, #87278, #87263
597 * revert to using --with-secure-path option at build time, since the option
598 available in sudoers is parsed too late to be useful, and upstream says
599 it won't get fixed quickly. This reopens 85123, which I will mark as
600 forwarded. Closes: #86199, #86117, #85676
602 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
604 sudo (1.6.3p5-2) unstable; urgency=low
606 * lose the dh_suidregister call since it's obsolete
607 * stop using the --with-secure-path option at build time, and instead show
608 how to set it in sudoers. Closes: #85123
609 * freshen config.sub and config.guess for ia64 and hppa
610 * update sudoers man page to indicate exempt_group is on by default,
613 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
615 sudo (1.6.3p5-1) unstable; urgency=low
617 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
618 * this version restores core dumps before the exec, while leaving them
619 disabled during sudo's internal execution, closes: #58289
620 * update debhelper calls in rules file
622 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
624 sudo (1.6.2p2-1) frozen unstable; urgency=medium
626 * new upstream source resulting from direct collaboration with the upstream
627 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
628 Closes: #56129, #55978, #55979, #56550, #56772
629 * include more upstream documentation, closes: #55054
630 * pam.d fragment update, closes: #56129
632 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
634 sudo (1.6.1-1) unstable; urgency=low
636 * new upstream source, closes: #52750
638 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
640 sudo (1.6-2) unstable; urgency=low
642 * drop suidregister support for this package. The sudo executable is
643 essentially worthless unless it is setuid root, and making suidregister
644 work involves shipping a non-setuid executable in the .deb and setting the
645 perms in the postinst. On a long upgrade run, this can leave the sudo
646 executable 'broken' for a long time, which is unacceptable. With this
647 version, we ship the executable setuid root in the .deb. Closes: #51742
649 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
651 sudo (1.6-1) unstable; urgency=low
653 * new upstream version, many options previously set at compile-time are now
654 configurable at runtime.
655 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
658 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
660 sudo (1.5.9p4-1) unstable; urgency=low
662 * new upstream version, closes: #43464
663 * empty password handling was fixed in 1.5.8, closes: #31863
665 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
667 sudo (1.5.9p1-1) unstable; urgency=low
669 * new upstream version
671 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
673 sudo (1.5.8p1-1) unstable; urgency=medium
675 * new upstream version, closes 33690
676 * add dependency on libpam-modules, closes 34215, 33432
678 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
680 sudo (1.5.7p4-2) unstable; urgency=medium
682 * update the pam fragment provided so that sudo works with latest pam bits,
685 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
687 sudo (1.5.7p4-1) unstable; urgency=low
689 * new upstream release
691 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
693 sudo (1.5.6p5-1) unstable; urgency=low
695 * new upstream patch release
696 * add PAM support, closes 28594
698 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
700 sudo (1.5.6p2-2) unstable; urgency=low
702 * update copyright file, closes 24136
703 * review and close forwarded bugs believed fixed in this upstream version,
706 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
708 sudo (1.5.6p2-1) unstable; urgency=low
710 * new upstream release
712 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
714 sudo (1.5.4-4) frozen unstable; urgency=low
716 * update postinst to use groupadd, closes 21403
717 * move the suidregister stuff earlier in postinst to ensure it always runs
719 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
721 sudo (1.5.4-3) frozen unstable; urgency=low
723 * change /etc/sudoers from a conffile to being handled in postinst,
725 * add suidmanager support, closes 15711
726 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
727 unlikely to ever fix, and which just don't matter. closes 17146
728 * fix FSF address in copyright file, and submit exception for lintian
729 warning about sudo being setuid root
731 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
733 sudo (1.5.4-2) unstable; urgency=high
735 * patch from upstream author correcting/improving security fix
737 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
739 sudo (1.5.4-1) unstable; urgency=high
741 * new upstream version, includes a security fix
742 * change default editor from /bin/ae to /usr/bin/editor
744 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
746 sudo (1.5.3-1) unstable; urgency=medium
748 * new upstream version, closes bug 15911.
749 * rules file reworked to use debhelper
750 * implement a really gross hack to force use of the sudo-provided
751 lsearch(), since the one in libc6 is broken! This closes bugs
752 12552, 12557, 14881, 15259, 15916.
754 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
756 sudo (1.5.2-6) unstable; urgency=LOW
758 * don't install INSTALL in the doc directory, closes bug 13195.
760 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
762 sudo (1.5.2-5) unstable; urgency=LOW
766 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
768 sudo (1.5.2-4) unstable; urgency=LOW
770 * change TIMEOUT (how long before you have to type your password again)
771 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
772 packages on slower machines much more tolerable. Closes bug 9076.
773 * touch debian/suid before debstd. Closes bug 8709.
775 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
777 sudo (1.5.2-3) frozen unstable; urgency=LOW
779 * patch from upstream maintainer to close Bug 6828
780 * add a debian/suid file to get debstd to leave my perl postinst alone
782 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
784 sudo (1.5.2-2) frozen unstable; urgency=LOW
786 * change rules to use -O2 -Wall as per standards
788 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
790 sudo (1.5.2-1) unstable; urgency=LOW
792 * new upstream version
793 * cosmetic changes to debian package control files
795 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
797 sudo (1.5-2) unstable; urgency=LOW
799 * add /usr/X11R6/bin to the end of the secure path... this makes it
800 much easier to run xmkmf, etc., during package builds. To the extent
801 that /usr/local/sbin and /usr/local/bin were already included, I see
802 no security reasons not to add this.
804 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
806 sudo (1.5-1) unstable; urgency=LOW
808 * New upstream version
810 * New packaging format
812 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
814 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
818 * hard code SECURE_PATH to:
819 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
823 * enabled EXEMPTGROUP "sudo"
825 * moved timestamp dir to /var/log/sudo
827 * changed parser to check for long and short filenames (Bug#1162)
829 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
833 * New upstream source
835 * Fixed postinst script
836 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
838 * Removed special shadow binary. This version works with and without
839 shadow password file.
841 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
845 * Corrected editor path to /bin/ae (Bug#3062)
847 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
849 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
853 * New upstream version
855 * Changed sudoers permission to 440 (owner root, group root) to make
858 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
862 * Applied upstream patch 1
864 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
868 * Applied upstream patch 2
870 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
874 * Applied upstream patch 3 (fixes problems with an NFS-mounted
878 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
882 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
883 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
885 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
889 * Applied upstream patch 4 (fixes several bugs)
891 * Changed priority to optional
893 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
897 * Corrected postinst to create correct permission for /etc/sudoers
900 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
904 * New upstream version
907 sudo (1.4.4-2) admin; urgency=HIGH
909 * Fixed major security bug reported by Peter Tobias
910 <tobias@et-inf.fho-emden.de>
911 * Added dchanges support to debian.rules
913 sudo (1.4.5-1) admin; urgency=LOW
915 * New upstream version
916 * Minor changes to debian.rules