1 sudo (1.8.2-2) UNRELEASED; urgency=low
4 * debian/rules improvements, closes: #642535
5 + mv upstream sample.* files to the examples folder.
6 - do not call dh_installexamples.
9 * patch from upstream for SIGBUS on sparc64, closes: #640304
11 -- Bdale Garbee <bdale@gag.com> Mon, 26 Sep 2011 19:14:59 -0600
13 sudo (1.8.2-1) unstable; urgency=low
15 * new upstream version, closes: #637449, #621830
16 * include common-session in pam config, closes: #519700, #607199
17 * move secure_path from configure to default sudoers, closes: #85123, 85917
18 * improve sudoers self-documentation, closes: #613639
19 * drop --disable-setresuid since modern systems should not run 2.2 kernels
20 * lose the --with-devel configure option since it's breaking builds in
21 subdirectories for some reason
23 -- Bdale Garbee <bdale@gag.com> Wed, 24 Aug 2011 13:33:11 -0600
25 sudo (1.7.4p6-1) unstable; urgency=low
27 * new upstream version
28 * touch the right stamp name after configuring, closes: #611287
29 * patch from Svante Signell to fix build problem on Hurd, closes: #611290
31 -- Bdale Garbee <bdale@gag.com> Wed, 09 Feb 2011 11:32:58 -0700
33 sudo (1.7.4p4-6) unstable; urgency=low
35 * update /etc/sudoers.d/README now that sudoers is a conffile
36 * patch from upstream to fix special case in password checking code
37 when only the gid is changing, closes: #609641
39 -- Bdale Garbee <bdale@gag.com> Tue, 11 Jan 2011 10:22:39 -0700
41 sudo (1.7.4p4-5) unstable; urgency=low
43 * patch from Jakub Wilk to add noopt and nostrip build option support,
45 * make sudoers a conffile, closes: #605130
46 * add descriptions to LSB init headers, closes: #604619
47 * change default sudoers %sudo entry to allow gid changes, closes: #602699
48 * add Vcs entries to the control file
49 * use debhelper install files instead of explicit installs in rules
51 -- Bdale Garbee <bdale@gag.com> Wed, 01 Dec 2010 20:32:31 -0700
53 sudo (1.7.4p4-4) unstable; urgency=low
55 * patch from upstream to resolve problem always prompting for a password
56 when run without a tty, closes: #599376
57 * patch from upstream to resolve interoperability problem between HOME in
58 env_keep and the -H flag, closes: #596493
59 * change path syntax to avoid tar error when /var/run/sudo exists but is
60 empty, closes: #598877
62 -- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600
64 sudo (1.7.4p4-3) unstable; urgency=low
66 * make postinst clause for handling /var/run -> /var/lib transition less
67 fragile, closes: #585514
68 * cope with upstream's Makefile trying to install ChangeLog in our doc
69 directory, closes: #597389
70 * fix README.Debian to reflect that HOME is no longer preserved by default,
73 -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
75 sudo (1.7.4p4-2) unstable; urgency=low
77 * add a NEWS item about change in $HOME handling that impacts programs
80 -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
82 sudo (1.7.4p4-1) unstable; urgency=high
84 * new upstream version, urgency high due to fix for flaw in Runas group
85 matching (CVE-2010-2956), closes: #595935
86 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
87 re-lecturing existing users, and to clean up after ourselves on upgrade,
88 and remove the RAMRUN section from README.Debian since the new state dir
89 should fix the original problem, closes: #585514
90 * deliver README.Debian to both package flavors, closes: #593579
92 -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600
94 sudo (1.7.2p7-1) unstable; urgency=high
96 * new upstream release with security fix for secure path (CVE-2010-1646),
98 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
99 about whether to give the lecture is preserved across reboots even when
100 RAMRUN is set, closes: #581393
101 * add a note to README.Debian about LDAP needing an entry in
102 /etc/nsswitch.conf, closes: #522065
103 * add a note to README.Debian about how to turn off lectures if using
104 RAMRUN in /etc/default/rcS, closes: #581393
106 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
108 sudo (1.7.2p6-1) unstable; urgency=low
110 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
112 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
114 sudo (1.7.2p5-1) unstable; urgency=low
116 * new upstream release, closes a bug filed upstream regarding missing man
117 page processing scripts in the 1.7.2p1 tarball, also includes the fix
118 for CVE-2010-0426 previously the subject of a security team nmu
119 * move to source format 3.0 (quilt) and restructure changes as patches
120 * fix unprocessed substitution variables in man pages, closes: #557204
121 * apply patch from Neil Moore to fix Debian-specific content in the
122 visudo man page, closes: #555013
123 * update descriptions to better explain sudo-ldap, closes: #573108
124 * eliminate spurious 'and' in man page, closes: #571620
125 * fix confusing text in default sudoers, closes: #566607
127 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
129 sudo (1.7.2p1-1) unstable; urgency=low
131 * new upstream version
132 * add support for /etc/sudoers.d using #includedir in default sudoers,
133 which I think is also a good solution to the request for a crontab-like
134 API requested in March of 2001, closes: #539994, #271813, #89743
135 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
137 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
139 sudo (1.7.2-2) unstable; urgency=low
141 * further improve initial sudoers to not include the NOPASSWD option on
142 the group sudo exception, closes: #539136, #198991
144 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
146 sudo (1.7.2-1) unstable; urgency=low
148 * new upstream version, closes: #537103
149 * improve initial sudoers by having the exemption for users in group
150 sudo on by default, and including the ability to run any command as
151 any user. This makes the default install roughly equivalent to our
152 old use of the --with-exempt=sudo build option, closes: #536220, #536222
154 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
156 sudo (1.7.0-1) unstable; urgency=low
158 * new upstream version, closes: #510179, #128268, #520274, #508514
159 * fix ldap config file path for sudo-ldap package, including creating
160 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
161 package, closes: #430826
162 * fix NOPASSWD entry location in default config file for the sudo-ldap
163 instance too, closes: #479616
165 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
167 sudo (1.6.9p17-2) unstable; urgency=high
169 * patch from upstream to fix privilege escalation with certain
170 configurations, CVE-2009-0034
171 * typo in sudoers man page, closes: #507163
173 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
175 sudo (1.6.9p17-1) unstable; urgency=low
177 * new upstream version, closes: #481008
178 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
179 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
180 in move from CVS to git for package management, closes: #475821
181 * re-instate the init.d for the sudo-ldap package too... /o\
183 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
185 sudo (1.6.9p15-2) unstable; urgency=low
187 * revert the fix for 388659 such that visudo once again defaults to using
188 /usr/bin/editor. I was always ambivalent about this change, it has caused
189 more confusion and frustration than it cured, and I find Justin's line of
190 reasoning persuasive. Update the man page source to reflect this choice
191 and the related use of --with-env-editor. Closes: #474197.
192 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
194 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
196 sudo (1.6.9p15-1) unstable; urgency=low
198 * new upstream version, closes: #467126, #473337
199 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
200 thanks to Justin Pryzby for pointing this out
201 * reinstate the init.d, since bootclean doesn't quite do what we want. This
202 also means we don't need the preinst scripts any more. Update the lintian
203 overrides since postinst is a Perl script lintian apparently isn't parsing
204 well. closes: #330868
206 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
208 sudo (1.6.9p12-1) unstable; urgency=low
210 * new upstream version, closes: #464890
212 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
214 sudo (1.6.9p11-3) unstable; urgency=low
216 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
218 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
220 sudo (1.6.9p11-2) unstable; urgency=low
222 * update version compared in preinst when removing obsolete init.d,
224 * implement pam session config suggestions from Elizabeth Fong,
225 closes: #452457, #402329
227 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
229 sudo (1.6.9p11-1) unstable; urgency=low
231 * new upstream version
233 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
235 sudo (1.6.9p10-1) unstable; urgency=low
237 * new upstream version
238 * tweak default password prompt as %u doesn't make sense. Accept patch from
239 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
240 uses it by default, closes: #454409
241 * accept patch from Martin Pitt that adds a prerm making it difficult to
242 "accidentally" remove sudo when there is no root password set on the
243 system, closes: #451241
245 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
247 sudo (1.6.9p9-1) unstable; urgency=low
249 * new upstream version
250 * debian/rules: configure a more informative default password prompt to
251 reduce confusion when using sudo to invoke commands which also ask for
252 passwords, closes: #343268
253 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
254 a custom prompt, closes: #448628.
255 * fix configure's ability to discover that libc has dirfd, closes: #451324
256 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
257 the command 'visudo' invokes a vi variant by default as documented,
260 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
262 sudo (1.6.9p6-1) unstable; urgency=low
264 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
265 closes: #434832, #434608, #430382
266 * eliminate the now-redundant init.d scripts, closes: #397090
267 * fix typo in TROUBLESHOOTING file, closes: #439624
269 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
271 sudo (1.6.8p12-6) unstable; urgency=low
273 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
274 * have init.d touch directories in /var/run/sudo, not just files, as a
276 * fix various typos in sudoers.pod, closes: #419749
277 * don't let Makefile strip binaries, closes: #438073
279 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
281 sudo (1.6.8p12-5) unstable; urgency=low
283 * update debian/copyright to reflect new upstream URL, closes: #368746
284 * add sandwich cartoon URL to the README.Debian
285 * don't remove sudoers on purge. can cause problems when moving between
286 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
287 evil choice for now, closes: #401366
288 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
290 * accept patch that improves debian/rules from Ted Percival, closes: #382122
291 * no longer build with --with-exempt=sudo, provide an example entry in the
292 default sudoers file instead, closes: #296605
293 * add --with-devel to configure and augment build dependencies so that flex
294 and yacc files get re-generated on every build, closes: #316249
296 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
298 sudo (1.6.8p12-4) unstable; urgency=low
300 * patch from Petter Reinholdtsen for the LSB info block in the init.d
301 script, closes: #361055
302 * deliver sudoers sample again, closes: #361593
304 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
306 sudo (1.6.8p12-3) unstable; urgency=low
308 * force-feed configure knowledge of nroff's path so we get unformatted man
309 pages installed without build-depending on groff-base, closes: #360894
310 * add a reference to OPTIONS in the man page, closes: #186226
312 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
314 sudo (1.6.8p12-2) unstable; urgency=low
316 * fix typos in init scripts, closes: #346325
317 * update to debhelper compat level 5
318 * build depend on autotools-dev to ensure config.sub/guess are fresh
319 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
320 use it here as well. Thanks to Martin and the debian-security team.
321 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
322 closes: #315115, #315718, #203874
323 * Non-maintainer upload by the Security Team
324 * Reworked the former patch to limit environment variables from being
325 passed through, set env_reset as default instead [sudo.c, env.c,
326 sudoers.pod, Bug#342948, CVE-2005-4158]
327 * env_reset is now set by default
328 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
329 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
330 (in addition to the SUDO_* variables)
331 * Rebuild sudoers.man.in from the POD file
332 * Added README.Debian
333 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
334 * simplify rules file by using more of Makefile, despite having to override
335 default directories with more arguments to configure, closes: #292833
336 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
337 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
338 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
339 unresolveable (requires adding bison as build dep), closes: #314949
341 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
343 sudo (1.6.8p12-1) unstable; urgency=low
345 * new upstream version, closes: #342948 (CVE-2005-4158)
346 * add env_reset to the sudoers file we create if none already exists,
347 as a further precaution in response to discussion about CVS-2005-4158
348 * split ldap support into a new sudo-ldap package. I was trying to avoid
349 doing this, but the impact of going from 4 to 17 linked shlibs on the
350 autobuilder chroots is sufficient motivation for me.
353 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
355 sudo (1.6.8p9-4) unstable; urgency=low
357 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
358 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
359 timestamps in the init.d script, closes: #330868
360 * add dependency header to init.d script, closes: #332849
362 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
364 sudo (1.6.8p9-3) unstable; urgency=high
366 * update debhelper compatibility level from 2 to 4
367 * add man page symlink for sudoedit
368 * Clean SHELLOPTS and PS4 from the environment before executing programs
369 with sudo permissions [env.c, CAN-2005-2959]
370 * fix typo in manpage pointed out by Moray Allen, closes: #285995
371 * fix paths in sample complex sudoers file, closes: #303542
372 * fix type in sudoers man page, closes: #311244
374 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
376 sudo (1.6.8p9-2) unstable; urgency=high
378 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
381 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
383 sudo (1.6.8p9-1) unstable; urgency=high
385 * new upstream version, fixes a race condition in sudo's pathname
386 validation, which is a security issue (CAN-2005-1993),
387 closes: #315115, #315718
389 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
391 sudo (1.6.8p7-1) unstable; urgency=low
393 * new upstream version, closes: #299585
394 * update lintian overrides to squelch the postinst warning
395 * change sudoedit from a hard to a soft link, closes: #296896
396 * fix regex doc in sudoers man page, closes: #300361
398 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
400 sudo (1.6.8p5-1) unstable; urgency=high
402 * new upstream version
403 * restores ability to use config tuples without a value, which was causing
404 problems on upgrade closes: #283306
405 * deliver sudoedit, closes: #283078
406 * marking urgency high since 283306 is a serious upgrade incompatibility
408 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
410 sudo (1.6.8p3-2) unstable; urgency=high
412 * update pam.d deliverable so ldap works again, closes: #282191
414 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
416 sudo (1.6.8p3-1) unstable; urgency=high
418 * new upstream version, fixes a flaw in sudo's environment sanitizing that
419 could allow a malicious user with permission to run a shell script that
420 utilized the bash shell to run arbitrary commands, closes: #281665
421 * patch the sample sudoers to have the proper path for kill on Debian
422 systems, closes: #263486
423 * patch the sudo manpage to reflect Debian's choice of exempt_group
424 default setting, closes: #236465
425 * patch the sudo manpage to reflect Debian's choice of no timeout on the
426 password prompt, closes: #271194
428 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
430 sudo (1.6.7p5-2) unstable; urgency=low
432 * Jeff Bailey reports that seteuid works on current sparc systems, so we
433 no longer need the "grosshack" stuff in the sudo rules file
434 * add a postrm that removes /etc/sudoers on purge. don't do this with the
435 normal conffile mechanism since it would generate noise on every upgrade,
438 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
440 sudo (1.6.7p5-1) unstable; urgency=low
442 * new upstream version, closes: #190265, #193222, #197244
443 * change from '.' to ':' in postinst chown call, closes: #208369
445 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
447 sudo (1.6.7p3-2) unstable; urgency=low
449 * add --disable-setresuid to configure call since 2.2 kernels don't support
450 setresgid, closes: #189044
451 * cosmetic cleanups to debian/rules as long as I'm there
453 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
455 sudo (1.6.7p3-1) unstable; urgency=low
457 * new upstream version
458 * add overrides to quiet lintian about things it doesn't understand,
459 except the source one that can't be overridden until 129510 is fixed
461 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
463 sudo (1.6.6-3) unstable; urgency=low
465 * add code to rules file to update config.sub/guess, closes: #164501
467 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
469 sudo (1.6.6-2) unstable; urgency=low
471 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
472 configure, and lose the build dependency on mail-transport-agent
473 * incorporate changes from LaMont's NMU, closes: #144665, #144737
474 * update init.d to not try and set time on nonexistent timestamp files,
476 * build with --with-all-insults, admin must edit sudoers to turn insults
477 on at runtime if desired, closes: #135374
478 * stop setting /usr/doc symlink in postinst
480 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
482 sudo (1.6.6-1.1) unstable; urgency=high
484 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
485 * Revert patch to auth/pam.c that left pass uninitialized, causing a
486 segfault (Closes: #144665).
488 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
490 sudo (1.6.6-1) unstable; urgency=high
492 * new upstream version, fixes security problem with crafty prompts,
495 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
497 sudo (1.6.5p1-4) unstable; urgency=high
499 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
500 if ctrl/C'ed at password prompt, closes: #131235
502 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
504 sudo (1.6.5p1-3) unstable; urgency=high
506 * ugly hack to add --disable-saved-ids when building on sparc in response
507 to 131592, which will be reassigned to glibc for a real fix
508 * urgency high since the sudo currently in testing for sparc is worthless
510 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
512 sudo (1.6.5p1-2) unstable; urgency=high
514 * patch from upstream to fix seg faults caused by versions of pam that
515 follow a NULL pointer, closes: #129512
517 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
519 sudo (1.6.5p1-1) unstable; urgency=high
521 * new upstream version
522 * add --disable-root-mailer option supported by new version to configure
523 call in rules file, closes: #129648
525 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
527 sudo (1.6.4p1-1) unstable; urgency=high
529 * new upstream version, with fix for segfaulting problem in 1.6.4
531 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
533 sudo (1.6.4-1) unstable; urgency=high
535 * new upstream version, includes an important security fix, closes: #127576
537 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
539 sudo (1.6.3p7-5) unstable; urgency=low
541 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
542 * fix spelling error in init.d, closes: #126847
544 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
546 sudo (1.6.3p7-4) unstable; urgency=medium
548 * use touch to set status files to an ancient date instead of removing them
549 outright on reboot. this achieves the desired effect of keeping elevated
550 privs from living across reboots, without forcing everyone to see the
551 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
552 for systems with good clocks, and 'recent enough' that broken PC hardware
553 setting the clock to commonly-seen bogus dates trips over the "don't trust
554 future timestamps" rule. closes: #76529, #123559
555 * apply patch from Steve Langasek to fix seg faults due to interaction with
556 PAM code. upstream confirms the problem, and says they're fixing this
557 differently for their next release... but this should be useful in the
558 meantime, and would be good to get into woody. closes: #119147
559 * only run the init.d at boot, not on each runlevel change... and don't run
560 it during package configure. closes: #125935
561 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
563 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
565 sudo (1.6.3p7-3) unstable; urgency=low
567 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
568 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
569 * fix a typo in the manpage, closes: #97368
570 * apply patch to configure.in and run autoconf to fix problem building on
571 the hurd, closes: #96325
572 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
573 to not last across reboots, closes: #76529
574 * clean up lintian-noticed cosmetic packaging issues
576 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
578 sudo (1.6.3p7-2) unstable; urgency=low
580 * update config.sub/guess for hppa support
582 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
584 sudo (1.6.3p7-1) unstable; urgency=low
586 * new upstream version
587 * add build dependency on mail-transport-agent, closes: #90685
589 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
591 sudo (1.6.3p6-1) unstable; urgency=high
593 * new upstream version, fixes buffer overflow problem,
594 closes: #87259, #87278, #87263
595 * revert to using --with-secure-path option at build time, since the option
596 available in sudoers is parsed too late to be useful, and upstream says
597 it won't get fixed quickly. This reopens 85123, which I will mark as
598 forwarded. Closes: #86199, #86117, #85676
600 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
602 sudo (1.6.3p5-2) unstable; urgency=low
604 * lose the dh_suidregister call since it's obsolete
605 * stop using the --with-secure-path option at build time, and instead show
606 how to set it in sudoers. Closes: #85123
607 * freshen config.sub and config.guess for ia64 and hppa
608 * update sudoers man page to indicate exempt_group is on by default,
611 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
613 sudo (1.6.3p5-1) unstable; urgency=low
615 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
616 * this version restores core dumps before the exec, while leaving them
617 disabled during sudo's internal execution, closes: #58289
618 * update debhelper calls in rules file
620 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
622 sudo (1.6.2p2-1) frozen unstable; urgency=medium
624 * new upstream source resulting from direct collaboration with the upstream
625 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
626 Closes: #56129, #55978, #55979, #56550, #56772
627 * include more upstream documentation, closes: #55054
628 * pam.d fragment update, closes: #56129
630 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
632 sudo (1.6.1-1) unstable; urgency=low
634 * new upstream source, closes: #52750
636 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
638 sudo (1.6-2) unstable; urgency=low
640 * drop suidregister support for this package. The sudo executable is
641 essentially worthless unless it is setuid root, and making suidregister
642 work involves shipping a non-setuid executable in the .deb and setting the
643 perms in the postinst. On a long upgrade run, this can leave the sudo
644 executable 'broken' for a long time, which is unacceptable. With this
645 version, we ship the executable setuid root in the .deb. Closes: #51742
647 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
649 sudo (1.6-1) unstable; urgency=low
651 * new upstream version, many options previously set at compile-time are now
652 configurable at runtime.
653 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
656 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
658 sudo (1.5.9p4-1) unstable; urgency=low
660 * new upstream version, closes: #43464
661 * empty password handling was fixed in 1.5.8, closes: #31863
663 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
665 sudo (1.5.9p1-1) unstable; urgency=low
667 * new upstream version
669 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
671 sudo (1.5.8p1-1) unstable; urgency=medium
673 * new upstream version, closes 33690
674 * add dependency on libpam-modules, closes 34215, 33432
676 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
678 sudo (1.5.7p4-2) unstable; urgency=medium
680 * update the pam fragment provided so that sudo works with latest pam bits,
683 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
685 sudo (1.5.7p4-1) unstable; urgency=low
687 * new upstream release
689 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
691 sudo (1.5.6p5-1) unstable; urgency=low
693 * new upstream patch release
694 * add PAM support, closes 28594
696 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
698 sudo (1.5.6p2-2) unstable; urgency=low
700 * update copyright file, closes 24136
701 * review and close forwarded bugs believed fixed in this upstream version,
704 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
706 sudo (1.5.6p2-1) unstable; urgency=low
708 * new upstream release
710 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
712 sudo (1.5.4-4) frozen unstable; urgency=low
714 * update postinst to use groupadd, closes 21403
715 * move the suidregister stuff earlier in postinst to ensure it always runs
717 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
719 sudo (1.5.4-3) frozen unstable; urgency=low
721 * change /etc/sudoers from a conffile to being handled in postinst,
723 * add suidmanager support, closes 15711
724 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
725 unlikely to ever fix, and which just don't matter. closes 17146
726 * fix FSF address in copyright file, and submit exception for lintian
727 warning about sudo being setuid root
729 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
731 sudo (1.5.4-2) unstable; urgency=high
733 * patch from upstream author correcting/improving security fix
735 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
737 sudo (1.5.4-1) unstable; urgency=high
739 * new upstream version, includes a security fix
740 * change default editor from /bin/ae to /usr/bin/editor
742 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
744 sudo (1.5.3-1) unstable; urgency=medium
746 * new upstream version, closes bug 15911.
747 * rules file reworked to use debhelper
748 * implement a really gross hack to force use of the sudo-provided
749 lsearch(), since the one in libc6 is broken! This closes bugs
750 12552, 12557, 14881, 15259, 15916.
752 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
754 sudo (1.5.2-6) unstable; urgency=LOW
756 * don't install INSTALL in the doc directory, closes bug 13195.
758 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
760 sudo (1.5.2-5) unstable; urgency=LOW
764 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
766 sudo (1.5.2-4) unstable; urgency=LOW
768 * change TIMEOUT (how long before you have to type your password again)
769 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
770 packages on slower machines much more tolerable. Closes bug 9076.
771 * touch debian/suid before debstd. Closes bug 8709.
773 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
775 sudo (1.5.2-3) frozen unstable; urgency=LOW
777 * patch from upstream maintainer to close Bug 6828
778 * add a debian/suid file to get debstd to leave my perl postinst alone
780 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
782 sudo (1.5.2-2) frozen unstable; urgency=LOW
784 * change rules to use -O2 -Wall as per standards
786 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
788 sudo (1.5.2-1) unstable; urgency=LOW
790 * new upstream version
791 * cosmetic changes to debian package control files
793 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
795 sudo (1.5-2) unstable; urgency=LOW
797 * add /usr/X11R6/bin to the end of the secure path... this makes it
798 much easier to run xmkmf, etc., during package builds. To the extent
799 that /usr/local/sbin and /usr/local/bin were already included, I see
800 no security reasons not to add this.
802 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
804 sudo (1.5-1) unstable; urgency=LOW
806 * New upstream version
808 * New packaging format
810 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
812 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
816 * hard code SECURE_PATH to:
817 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
821 * enabled EXEMPTGROUP "sudo"
823 * moved timestamp dir to /var/log/sudo
825 * changed parser to check for long and short filenames (Bug#1162)
827 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
831 * New upstream source
833 * Fixed postinst script
834 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
836 * Removed special shadow binary. This version works with and without
837 shadow password file.
839 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
843 * Corrected editor path to /bin/ae (Bug#3062)
845 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
847 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
851 * New upstream version
853 * Changed sudoers permission to 440 (owner root, group root) to make
856 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
860 * Applied upstream patch 1
862 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
866 * Applied upstream patch 2
868 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
872 * Applied upstream patch 3 (fixes problems with an NFS-mounted
876 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
880 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
881 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
883 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
887 * Applied upstream patch 4 (fixes several bugs)
889 * Changed priority to optional
891 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
895 * Corrected postinst to create correct permission for /etc/sudoers
898 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
902 * New upstream version
905 sudo (1.4.4-2) admin; urgency=HIGH
907 * Fixed major security bug reported by Peter Tobias
908 <tobias@et-inf.fho-emden.de>
909 * Added dchanges support to debian.rules
911 sudo (1.4.5-1) admin; urgency=LOW
913 * New upstream version
914 * Minor changes to debian.rules