1 sudo (1.6.8p7-1.2) stable-security; urgency=high
3 * Non-maintainer upload by the Security Team
4 * Clean SHELLOPTS and PS4 from the environment before executing programs
5 with sudo permissions [env.c, CAN-2005-2959]
7 -- Martin Schulze <joey@infodrom.org> Thu, 22 Sep 2005 23:32:53 +0200
9 sudo (1.6.8p7-1.1) unstable; urgency=high
11 * Non-maintainer upload.
12 * High-urgency upload for sarge-targetted RC bugfix.
13 * Fix up a broken symlink pointing to debian/sudo/usr/bin/sudo, so
14 that sudoedit is usable again. Closes: #305735.
16 -- Steve Langasek <vorlon@debian.org> Tue, 26 Apr 2005 22:59:06 -0700
18 sudo (1.6.8p7-1) unstable; urgency=low
20 * new upstream version, closes: #299585
21 * update lintian overrides to squelch the postinst warning
22 * change sudoedit from a hard to a soft link, closes: #296896
23 * fix regex doc in sudoers man page, closes: #300361
25 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
27 sudo (1.6.8p5-1) unstable; urgency=high
29 * new upstream version
30 * restores ability to use config tuples without a value, which was causing
31 problems on upgrade closes: #283306
32 * deliver sudoedit, closes: #283078
33 * marking urgency high since 283306 is a serious upgrade incompatibility
35 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
37 sudo (1.6.8p3-2) unstable; urgency=high
39 * update pam.d deliverable so ldap works again, closes: #282191
41 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
43 sudo (1.6.8p3-1) unstable; urgency=high
45 * new upstream version, fixes a flaw in sudo's environment sanitizing that
46 could allow a malicious user with permission to run a shell script that
47 utilized the bash shell to run arbitrary commands, closes: #281665
48 * patch the sample sudoers to have the proper path for kill on Debian
49 systems, closes: #263486
50 * patch the sudo manpage to reflect Debian's choice of exempt_group
51 default setting, closes: #236465
52 * patch the sudo manpage to reflect Debian's choice of no timeout on the
53 password prompt, closes: #271194
55 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
57 sudo (1.6.7p5-2) unstable; urgency=low
59 * Jeff Bailey reports that seteuid works on current sparc systems, so we
60 no longer need the "grosshack" stuff in the sudo rules file
61 * add a postrm that removes /etc/sudoers on purge. don't do this with the
62 normal conffile mechanism since it would generate noise on every upgrade,
65 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
67 sudo (1.6.7p5-1) unstable; urgency=low
69 * new upstream version, closes: #190265, #193222, #197244
70 * change from '.' to ':' in postinst chown call, closes: #208369
72 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
74 sudo (1.6.7p3-2) unstable; urgency=low
76 * add --disable-setresuid to configure call since 2.2 kernels don't support
77 setresgid, closes: #189044
78 * cosmetic cleanups to debian/rules as long as I'm there
80 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
82 sudo (1.6.7p3-1) unstable; urgency=low
84 * new upstream version
85 * add overrides to quiet lintian about things it doesn't understand,
86 except the source one that can't be overridden until 129510 is fixed
88 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
90 sudo (1.6.6-3) unstable; urgency=low
92 * add code to rules file to update config.sub/guess, closes: #164501
94 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
96 sudo (1.6.6-2) unstable; urgency=low
98 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
99 configure, and lose the build dependency on mail-transport-agent
100 * incorporate changes from LaMont's NMU, closes: #144665, #144737
101 * update init.d to not try and set time on nonexistent timestamp files,
103 * build with --with-all-insults, admin must edit sudoers to turn insults
104 on at runtime if desired, closes: #135374
105 * stop setting /usr/doc symlink in postinst
107 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
109 sudo (1.6.6-1.1) unstable; urgency=high
111 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
112 * Revert patch to auth/pam.c that left pass uninitialized, causing a
113 segfault (Closes: #144665).
115 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
117 sudo (1.6.6-1) unstable; urgency=high
119 * new upstream version, fixes security problem with crafty prompts,
122 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
124 sudo (1.6.5p1-4) unstable; urgency=high
126 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
127 if ctrl/C'ed at password prompt, closes: #131235
129 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
131 sudo (1.6.5p1-3) unstable; urgency=high
133 * ugly hack to add --disable-saved-ids when building on sparc in response
134 to 131592, which will be reassigned to glibc for a real fix
135 * urgency high since the sudo currently in testing for sparc is worthless
137 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
139 sudo (1.6.5p1-2) unstable; urgency=high
141 * patch from upstream to fix seg faults caused by versions of pam that
142 follow a NULL pointer, closes: #129512
144 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
146 sudo (1.6.5p1-1) unstable; urgency=high
148 * new upstream version
149 * add --disable-root-mailer option supported by new version to configure
150 call in rules file, closes: #129648
152 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
154 sudo (1.6.4p1-1) unstable; urgency=high
156 * new upstream version, with fix for segfaulting problem in 1.6.4
158 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
160 sudo (1.6.4-1) unstable; urgency=high
162 * new upstream version, includes an important security fix, closes: #127576
164 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
166 sudo (1.6.3p7-5) unstable; urgency=low
168 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
169 * fix spelling error in init.d, closes: #126847
171 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
173 sudo (1.6.3p7-4) unstable; urgency=medium
175 * use touch to set status files to an ancient date instead of removing them
176 outright on reboot. this achieves the desired effect of keeping elevated
177 privs from living across reboots, without forcing everyone to see the
178 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
179 for systems with good clocks, and 'recent enough' that broken PC hardware
180 setting the clock to commonly-seen bogus dates trips over the "don't trust
181 future timestamps" rule. closes: #76529, #123559
182 * apply patch from Steve Langasek to fix seg faults due to interaction with
183 PAM code. upstream confirms the problem, and says they're fixing this
184 differently for their next release... but this should be useful in the
185 meantime, and would be good to get into woody. closes: #119147
186 * only run the init.d at boot, not on each runlevel change... and don't run
187 it during package configure. closes: #125935
188 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
190 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
192 sudo (1.6.3p7-3) unstable; urgency=low
194 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
195 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
196 * fix a typo in the manpage, closes: #97368
197 * apply patch to configure.in and run autoconf to fix problem building on
198 the hurd, closes: #96325
199 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
200 to not last across reboots, closes: #76529
201 * clean up lintian-noticed cosmetic packaging issues
203 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
205 sudo (1.6.3p7-2) unstable; urgency=low
207 * update config.sub/guess for hppa support
209 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
211 sudo (1.6.3p7-1) unstable; urgency=low
213 * new upstream version
214 * add build dependency on mail-transport-agent, closes: #90685
216 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
218 sudo (1.6.3p6-1) unstable; urgency=high
220 * new upstream version, fixes buffer overflow problem,
221 closes: #87259, #87278, #87263
222 * revert to using --with-secure-path option at build time, since the option
223 available in sudoers is parsed too late to be useful, and upstream says
224 it won't get fixed quickly. This reopens 85123, which I will mark as
225 forwarded. Closes: #86199, #86117, #85676
227 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
229 sudo (1.6.3p5-2) unstable; urgency=low
231 * lose the dh_suidregister call since it's obsolete
232 * stop using the --with-secure-path option at build time, and instead show
233 how to set it in sudoers. Closes: #85123
234 * freshen config.sub and config.guess for ia64 and hppa
235 * update sudoers man page to indicate exempt_group is on by default,
238 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
240 sudo (1.6.3p5-1) unstable; urgency=low
242 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
243 * this version restores core dumps before the exec, while leaving them
244 disabled during sudo's internal execution, closes: #58289
245 * update debhelper calls in rules file
247 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
249 sudo (1.6.2p2-1) frozen unstable; urgency=medium
251 * new upstream source resulting from direct collaboration with the upstream
252 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
253 Closes: #56129, #55978, #55979, #56550, #56772
254 * include more upstream documentation, closes: #55054
255 * pam.d fragment update, closes: #56129
257 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
259 sudo (1.6.1-1) unstable; urgency=low
261 * new upstream source, closes: #52750
263 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
265 sudo (1.6-2) unstable; urgency=low
267 * drop suidregister support for this package. The sudo executable is
268 essentially worthless unless it is setuid root, and making suidregister
269 work involves shipping a non-setuid executable in the .deb and setting the
270 perms in the postinst. On a long upgrade run, this can leave the sudo
271 executable 'broken' for a long time, which is unacceptable. With this
272 version, we ship the executable setuid root in the .deb. Closes: #51742
274 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
276 sudo (1.6-1) unstable; urgency=low
278 * new upstream version, many options previously set at compile-time are now
279 configurable at runtime.
280 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
283 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
285 sudo (1.5.9p4-1) unstable; urgency=low
287 * new upstream version, closes: #43464
288 * empty password handling was fixed in 1.5.8, closes: #31863
290 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
292 sudo (1.5.9p1-1) unstable; urgency=low
294 * new upstream version
296 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
298 sudo (1.5.8p1-1) unstable; urgency=medium
300 * new upstream version, closes 33690
301 * add dependency on libpam-modules, closes 34215, 33432
303 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
305 sudo (1.5.7p4-2) unstable; urgency=medium
307 * update the pam fragment provided so that sudo works with latest pam bits,
310 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
312 sudo (1.5.7p4-1) unstable; urgency=low
314 * new upstream release
316 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
318 sudo (1.5.6p5-1) unstable; urgency=low
320 * new upstream patch release
321 * add PAM support, closes 28594
323 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
325 sudo (1.5.6p2-2) unstable; urgency=low
327 * update copyright file, closes 24136
328 * review and close forwarded bugs believed fixed in this upstream version,
331 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
333 sudo (1.5.6p2-1) unstable; urgency=low
335 * new upstream release
337 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
339 sudo (1.5.4-4) frozen unstable; urgency=low
341 * update postinst to use groupadd, closes 21403
342 * move the suidregister stuff earlier in postinst to ensure it always runs
344 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
346 sudo (1.5.4-3) frozen unstable; urgency=low
348 * change /etc/sudoers from a conffile to being handled in postinst,
350 * add suidmanager support, closes 15711
351 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
352 unlikely to ever fix, and which just don't matter. closes 17146
353 * fix FSF address in copyright file, and submit exception for lintian
354 warning about sudo being setuid root
356 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
358 sudo (1.5.4-2) unstable; urgency=high
360 * patch from upstream author correcting/improving security fix
362 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
364 sudo (1.5.4-1) unstable; urgency=high
366 * new upstream version, includes a security fix
367 * change default editor from /bin/ae to /usr/bin/editor
369 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
371 sudo (1.5.3-1) unstable; urgency=medium
373 * new upstream version, closes bug 15911.
374 * rules file reworked to use debhelper
375 * implement a really gross hack to force use of the sudo-provided
376 lsearch(), since the one in libc6 is broken! This closes bugs
377 12552, 12557, 14881, 15259, 15916.
379 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
381 sudo (1.5.2-6) unstable; urgency=LOW
383 * don't install INSTALL in the doc directory, closes bug 13195.
385 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
387 sudo (1.5.2-5) unstable; urgency=LOW
391 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
393 sudo (1.5.2-4) unstable; urgency=LOW
395 * change TIMEOUT (how long before you have to type your password again)
396 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
397 packages on slower machines much more tolerable. Closes bug 9076.
398 * touch debian/suid before debstd. Closes bug 8709.
400 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
402 sudo (1.5.2-3) frozen unstable; urgency=LOW
404 * patch from upstream maintainer to close Bug 6828
405 * add a debian/suid file to get debstd to leave my perl postinst alone
407 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
409 sudo (1.5.2-2) frozen unstable; urgency=LOW
411 * change rules to use -O2 -Wall as per standards
413 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
415 sudo (1.5.2-1) unstable; urgency=LOW
417 * new upstream version
418 * cosmetic changes to debian package control files
420 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
422 sudo (1.5-2) unstable; urgency=LOW
424 * add /usr/X11R6/bin to the end of the secure path... this makes it
425 much easier to run xmkmf, etc., during package builds. To the extent
426 that /usr/local/sbin and /usr/local/bin were already included, I see
427 no security reasons not to add this.
429 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
431 sudo (1.5-1) unstable; urgency=LOW
433 * New upstream version
435 * New packaging format
437 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
439 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
443 * hard code SECURE_PATH to:
444 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
448 * enabled EXEMPTGROUP "sudo"
450 * moved timestamp dir to /var/log/sudo
452 * changed parser to check for long and short filenames (Bug#1162)
454 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
458 * New upstream source
460 * Fixed postinst script
461 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
463 * Removed special shadow binary. This version works with and without
464 shadow password file.
466 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
470 * Corrected editor path to /bin/ae (Bug#3062)
472 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
474 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
478 * New upstream version
480 * Changed sudoers permission to 440 (owner root, group root) to make
483 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
487 * Applied upstream patch 1
489 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
493 * Applied upstream patch 2
495 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
499 * Applied upstream patch 3 (fixes problems with an NFS-mounted
503 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
507 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
508 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
510 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
514 * Applied upstream patch 4 (fixes several bugs)
516 * Changed priority to optional
518 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
522 * Corrected postinst to create correct permission for /etc/sudoers
525 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
529 * New upstream version
532 sudo (1.4.4-2) admin; urgency=HIGH
534 * Fixed major security bug reported by Peter Tobias
535 <tobias@et-inf.fho-emden.de>
536 * Added dchanges support to debian.rules
538 sudo (1.4.5-1) admin; urgency=LOW
540 * New upstream version
541 * Minor changes to debian.rules