1 sudo (1.8.5-1) UNRELEASED; urgency=low
4 * patch to use flock on hurd, run autoconf in rules, closes: #655883
5 * patch to avoid calling unlink with null pointer on hurd, closes: #655948
6 * patch to actually use hardening build flags, closes: #655417
7 * fix sudo-ldap.postinst syntax issue, closes: #669576
9 -- Bdale Garbee <bdale@gag.com> Wed, 16 May 2012 09:28:00 -0600
11 sudo (1.8.3p2-1) unstable; urgency=high
13 * new upstream version, closes: #657985 (CVE-2012-0809)
14 * patch from Pino Toscano to only use selinux on Linux, closes: #655894
16 -- Bdale Garbee <bdale@gag.com> Mon, 30 Jan 2012 16:11:54 -0700
18 sudo (1.8.3p1-3) unstable; urgency=low
20 * patch from Moritz Muehlenhoff enables hardened build flags, closes: #655417
21 * replacement postinst script from Mike Beattie using shell instead of Perl
22 * include systemd service file from Michael Stapelberg, closes: #639633
23 * add init.d status support, closes: #641782
24 * make sudo-ldap package manage a sudoers entry in nsswitch.conf,
25 closes: #610600, #639530
26 * enable mail_badpass in the default sudoers file, closes: #641218
27 * enable selinux support, closes: #655510
29 -- Bdale Garbee <bdale@gag.com> Wed, 11 Jan 2012 16:18:13 -0700
31 sudo (1.8.3p1-2) unstable; urgency=low
33 * if upgrading from squeeze, and the sudoers file is unmodified, avoid
34 the packaging system prompting the user about a change they didn't make
35 now that sudoers is a conffile, closes: #612532, #636049
36 * add a recommendation for the use of visudo to the sudoers.d/README file,
39 -- Bdale Garbee <bdale@gag.com> Sat, 12 Nov 2011 16:27:13 -0700
41 sudo (1.8.3p1-1) unstable; urgency=low
43 * new upstream version, closes: #646478
45 -- Bdale Garbee <bdale@gag.com> Thu, 27 Oct 2011 01:03:44 +0200
47 sudo (1.8.3-1) unstable; urgency=low
49 * new upstream version, closes: #639391, #639568
51 -- Bdale Garbee <bdale@gag.com> Sat, 22 Oct 2011 23:49:16 -0600
53 sudo (1.8.2-2) unstable; urgency=low
56 * debian/rules improvements, closes: #642535
57 + mv upstream sample.* files to the examples folder.
58 - do not call dh_installexamples.
61 * patch from upstream for SIGBUS on sparc64, closes: #640304
62 * use common-session-noninteractive in the pam config to reduce log noise
63 when sudo is used in cron, etc, closes: #519700
64 * patch from Steven McDonald to fix segfault on startup under certain
65 conditions, closes: #639568
66 * add a NEWS entry regarding the secure_path change made in 1.8.2-1,
69 -- Bdale Garbee <bdale@gag.com> Mon, 26 Sep 2011 21:55:56 -0600
71 sudo (1.8.2-1) unstable; urgency=low
73 * new upstream version, closes: #637449, #621830
74 * include common-session in pam config, closes: #519700, #607199
75 * move secure_path from configure to default sudoers, closes: #85123, 85917
76 * improve sudoers self-documentation, closes: #613639
77 * drop --disable-setresuid since modern systems should not run 2.2 kernels
78 * lose the --with-devel configure option since it's breaking builds in
79 subdirectories for some reason
81 -- Bdale Garbee <bdale@gag.com> Wed, 24 Aug 2011 13:33:11 -0600
83 sudo (1.7.4p6-1) unstable; urgency=low
85 * new upstream version
86 * touch the right stamp name after configuring, closes: #611287
87 * patch from Svante Signell to fix build problem on Hurd, closes: #611290
89 -- Bdale Garbee <bdale@gag.com> Wed, 09 Feb 2011 11:32:58 -0700
91 sudo (1.7.4p4-6) unstable; urgency=low
93 * update /etc/sudoers.d/README now that sudoers is a conffile
94 * patch from upstream to fix special case in password checking code
95 when only the gid is changing, closes: #609641
97 -- Bdale Garbee <bdale@gag.com> Tue, 11 Jan 2011 10:22:39 -0700
99 sudo (1.7.4p4-5) unstable; urgency=low
101 * patch from Jakub Wilk to add noopt and nostrip build option support,
103 * make sudoers a conffile, closes: #605130
104 * add descriptions to LSB init headers, closes: #604619
105 * change default sudoers %sudo entry to allow gid changes, closes: #602699
106 * add Vcs entries to the control file
107 * use debhelper install files instead of explicit installs in rules
109 -- Bdale Garbee <bdale@gag.com> Wed, 01 Dec 2010 20:32:31 -0700
111 sudo (1.7.4p4-4) unstable; urgency=low
113 * patch from upstream to resolve problem always prompting for a password
114 when run without a tty, closes: #599376
115 * patch from upstream to resolve interoperability problem between HOME in
116 env_keep and the -H flag, closes: #596493
117 * change path syntax to avoid tar error when /var/run/sudo exists but is
118 empty, closes: #598877
120 -- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600
122 sudo (1.7.4p4-3) unstable; urgency=low
124 * make postinst clause for handling /var/run -> /var/lib transition less
125 fragile, closes: #585514
126 * cope with upstream's Makefile trying to install ChangeLog in our doc
127 directory, closes: #597389
128 * fix README.Debian to reflect that HOME is no longer preserved by default,
131 -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
133 sudo (1.7.4p4-2) unstable; urgency=low
135 * add a NEWS item about change in $HOME handling that impacts programs
138 -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
140 sudo (1.7.4p4-1) unstable; urgency=high
142 * new upstream version, urgency high due to fix for flaw in Runas group
143 matching (CVE-2010-2956), closes: #595935
144 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
145 re-lecturing existing users, and to clean up after ourselves on upgrade,
146 and remove the RAMRUN section from README.Debian since the new state dir
147 should fix the original problem, closes: #585514
148 * deliver README.Debian to both package flavors, closes: #593579
150 -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600
152 sudo (1.7.2p7-1) unstable; urgency=high
154 * new upstream release with security fix for secure path (CVE-2010-1646),
156 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
157 about whether to give the lecture is preserved across reboots even when
158 RAMRUN is set, closes: #581393
159 * add a note to README.Debian about LDAP needing an entry in
160 /etc/nsswitch.conf, closes: #522065
161 * add a note to README.Debian about how to turn off lectures if using
162 RAMRUN in /etc/default/rcS, closes: #581393
164 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
166 sudo (1.7.2p6-1) unstable; urgency=low
168 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
170 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
172 sudo (1.7.2p5-1) unstable; urgency=low
174 * new upstream release, closes a bug filed upstream regarding missing man
175 page processing scripts in the 1.7.2p1 tarball, also includes the fix
176 for CVE-2010-0426 previously the subject of a security team nmu
177 * move to source format 3.0 (quilt) and restructure changes as patches
178 * fix unprocessed substitution variables in man pages, closes: #557204
179 * apply patch from Neil Moore to fix Debian-specific content in the
180 visudo man page, closes: #555013
181 * update descriptions to better explain sudo-ldap, closes: #573108
182 * eliminate spurious 'and' in man page, closes: #571620
183 * fix confusing text in default sudoers, closes: #566607
185 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
187 sudo (1.7.2p1-1) unstable; urgency=low
189 * new upstream version
190 * add support for /etc/sudoers.d using #includedir in default sudoers,
191 which I think is also a good solution to the request for a crontab-like
192 API requested in March of 2001, closes: #539994, #271813, #89743
193 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
195 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
197 sudo (1.7.2-2) unstable; urgency=low
199 * further improve initial sudoers to not include the NOPASSWD option on
200 the group sudo exception, closes: #539136, #198991
202 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
204 sudo (1.7.2-1) unstable; urgency=low
206 * new upstream version, closes: #537103
207 * improve initial sudoers by having the exemption for users in group
208 sudo on by default, and including the ability to run any command as
209 any user. This makes the default install roughly equivalent to our
210 old use of the --with-exempt=sudo build option, closes: #536220, #536222
212 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
214 sudo (1.7.0-1) unstable; urgency=low
216 * new upstream version, closes: #510179, #128268, #520274, #508514
217 * fix ldap config file path for sudo-ldap package, including creating
218 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
219 package, closes: #430826
220 * fix NOPASSWD entry location in default config file for the sudo-ldap
221 instance too, closes: #479616
223 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
225 sudo (1.6.9p17-2) unstable; urgency=high
227 * patch from upstream to fix privilege escalation with certain
228 configurations, CVE-2009-0034
229 * typo in sudoers man page, closes: #507163
231 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
233 sudo (1.6.9p17-1) unstable; urgency=low
235 * new upstream version, closes: #481008
236 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
237 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
238 in move from CVS to git for package management, closes: #475821
239 * re-instate the init.d for the sudo-ldap package too... /o\
241 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
243 sudo (1.6.9p15-2) unstable; urgency=low
245 * revert the fix for 388659 such that visudo once again defaults to using
246 /usr/bin/editor. I was always ambivalent about this change, it has caused
247 more confusion and frustration than it cured, and I find Justin's line of
248 reasoning persuasive. Update the man page source to reflect this choice
249 and the related use of --with-env-editor. Closes: #474197.
250 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
252 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
254 sudo (1.6.9p15-1) unstable; urgency=low
256 * new upstream version, closes: #467126, #473337
257 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
258 thanks to Justin Pryzby for pointing this out
259 * reinstate the init.d, since bootclean doesn't quite do what we want. This
260 also means we don't need the preinst scripts any more. Update the lintian
261 overrides since postinst is a Perl script lintian apparently isn't parsing
262 well. closes: #330868
264 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
266 sudo (1.6.9p12-1) unstable; urgency=low
268 * new upstream version, closes: #464890
270 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
272 sudo (1.6.9p11-3) unstable; urgency=low
274 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
276 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
278 sudo (1.6.9p11-2) unstable; urgency=low
280 * update version compared in preinst when removing obsolete init.d,
282 * implement pam session config suggestions from Elizabeth Fong,
283 closes: #452457, #402329
285 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
287 sudo (1.6.9p11-1) unstable; urgency=low
289 * new upstream version
291 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
293 sudo (1.6.9p10-1) unstable; urgency=low
295 * new upstream version
296 * tweak default password prompt as %u doesn't make sense. Accept patch from
297 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
298 uses it by default, closes: #454409
299 * accept patch from Martin Pitt that adds a prerm making it difficult to
300 "accidentally" remove sudo when there is no root password set on the
301 system, closes: #451241
303 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
305 sudo (1.6.9p9-1) unstable; urgency=low
307 * new upstream version
308 * debian/rules: configure a more informative default password prompt to
309 reduce confusion when using sudo to invoke commands which also ask for
310 passwords, closes: #343268
311 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
312 a custom prompt, closes: #448628.
313 * fix configure's ability to discover that libc has dirfd, closes: #451324
314 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
315 the command 'visudo' invokes a vi variant by default as documented,
318 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
320 sudo (1.6.9p6-1) unstable; urgency=low
322 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
323 closes: #434832, #434608, #430382
324 * eliminate the now-redundant init.d scripts, closes: #397090
325 * fix typo in TROUBLESHOOTING file, closes: #439624
327 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
329 sudo (1.6.8p12-6) unstable; urgency=low
331 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
332 * have init.d touch directories in /var/run/sudo, not just files, as a
334 * fix various typos in sudoers.pod, closes: #419749
335 * don't let Makefile strip binaries, closes: #438073
337 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
339 sudo (1.6.8p12-5) unstable; urgency=low
341 * update debian/copyright to reflect new upstream URL, closes: #368746
342 * add sandwich cartoon URL to the README.Debian
343 * don't remove sudoers on purge. can cause problems when moving between
344 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
345 evil choice for now, closes: #401366
346 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
348 * accept patch that improves debian/rules from Ted Percival, closes: #382122
349 * no longer build with --with-exempt=sudo, provide an example entry in the
350 default sudoers file instead, closes: #296605
351 * add --with-devel to configure and augment build dependencies so that flex
352 and yacc files get re-generated on every build, closes: #316249
354 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
356 sudo (1.6.8p12-4) unstable; urgency=low
358 * patch from Petter Reinholdtsen for the LSB info block in the init.d
359 script, closes: #361055
360 * deliver sudoers sample again, closes: #361593
362 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
364 sudo (1.6.8p12-3) unstable; urgency=low
366 * force-feed configure knowledge of nroff's path so we get unformatted man
367 pages installed without build-depending on groff-base, closes: #360894
368 * add a reference to OPTIONS in the man page, closes: #186226
370 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
372 sudo (1.6.8p12-2) unstable; urgency=low
374 * fix typos in init scripts, closes: #346325
375 * update to debhelper compat level 5
376 * build depend on autotools-dev to ensure config.sub/guess are fresh
377 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
378 use it here as well. Thanks to Martin and the debian-security team.
379 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
380 closes: #315115, #315718, #203874
381 * Non-maintainer upload by the Security Team
382 * Reworked the former patch to limit environment variables from being
383 passed through, set env_reset as default instead [sudo.c, env.c,
384 sudoers.pod, Bug#342948, CVE-2005-4158]
385 * env_reset is now set by default
386 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
387 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
388 (in addition to the SUDO_* variables)
389 * Rebuild sudoers.man.in from the POD file
390 * Added README.Debian
391 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
392 * simplify rules file by using more of Makefile, despite having to override
393 default directories with more arguments to configure, closes: #292833
394 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
395 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
396 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
397 unresolveable (requires adding bison as build dep), closes: #314949
399 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
401 sudo (1.6.8p12-1) unstable; urgency=low
403 * new upstream version, closes: #342948 (CVE-2005-4158)
404 * add env_reset to the sudoers file we create if none already exists,
405 as a further precaution in response to discussion about CVS-2005-4158
406 * split ldap support into a new sudo-ldap package. I was trying to avoid
407 doing this, but the impact of going from 4 to 17 linked shlibs on the
408 autobuilder chroots is sufficient motivation for me.
411 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
413 sudo (1.6.8p9-4) unstable; urgency=low
415 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
416 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
417 timestamps in the init.d script, closes: #330868
418 * add dependency header to init.d script, closes: #332849
420 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
422 sudo (1.6.8p9-3) unstable; urgency=high
424 * update debhelper compatibility level from 2 to 4
425 * add man page symlink for sudoedit
426 * Clean SHELLOPTS and PS4 from the environment before executing programs
427 with sudo permissions [env.c, CAN-2005-2959]
428 * fix typo in manpage pointed out by Moray Allen, closes: #285995
429 * fix paths in sample complex sudoers file, closes: #303542
430 * fix type in sudoers man page, closes: #311244
432 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
434 sudo (1.6.8p9-2) unstable; urgency=high
436 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
439 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
441 sudo (1.6.8p9-1) unstable; urgency=high
443 * new upstream version, fixes a race condition in sudo's pathname
444 validation, which is a security issue (CAN-2005-1993),
445 closes: #315115, #315718
447 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
449 sudo (1.6.8p7-1) unstable; urgency=low
451 * new upstream version, closes: #299585
452 * update lintian overrides to squelch the postinst warning
453 * change sudoedit from a hard to a soft link, closes: #296896
454 * fix regex doc in sudoers man page, closes: #300361
456 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
458 sudo (1.6.8p5-1) unstable; urgency=high
460 * new upstream version
461 * restores ability to use config tuples without a value, which was causing
462 problems on upgrade closes: #283306
463 * deliver sudoedit, closes: #283078
464 * marking urgency high since 283306 is a serious upgrade incompatibility
466 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
468 sudo (1.6.8p3-2) unstable; urgency=high
470 * update pam.d deliverable so ldap works again, closes: #282191
472 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
474 sudo (1.6.8p3-1) unstable; urgency=high
476 * new upstream version, fixes a flaw in sudo's environment sanitizing that
477 could allow a malicious user with permission to run a shell script that
478 utilized the bash shell to run arbitrary commands, closes: #281665
479 * patch the sample sudoers to have the proper path for kill on Debian
480 systems, closes: #263486
481 * patch the sudo manpage to reflect Debian's choice of exempt_group
482 default setting, closes: #236465
483 * patch the sudo manpage to reflect Debian's choice of no timeout on the
484 password prompt, closes: #271194
486 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
488 sudo (1.6.7p5-2) unstable; urgency=low
490 * Jeff Bailey reports that seteuid works on current sparc systems, so we
491 no longer need the "grosshack" stuff in the sudo rules file
492 * add a postrm that removes /etc/sudoers on purge. don't do this with the
493 normal conffile mechanism since it would generate noise on every upgrade,
496 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
498 sudo (1.6.7p5-1) unstable; urgency=low
500 * new upstream version, closes: #190265, #193222, #197244
501 * change from '.' to ':' in postinst chown call, closes: #208369
503 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
505 sudo (1.6.7p3-2) unstable; urgency=low
507 * add --disable-setresuid to configure call since 2.2 kernels don't support
508 setresgid, closes: #189044
509 * cosmetic cleanups to debian/rules as long as I'm there
511 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
513 sudo (1.6.7p3-1) unstable; urgency=low
515 * new upstream version
516 * add overrides to quiet lintian about things it doesn't understand,
517 except the source one that can't be overridden until 129510 is fixed
519 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
521 sudo (1.6.6-3) unstable; urgency=low
523 * add code to rules file to update config.sub/guess, closes: #164501
525 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
527 sudo (1.6.6-2) unstable; urgency=low
529 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
530 configure, and lose the build dependency on mail-transport-agent
531 * incorporate changes from LaMont's NMU, closes: #144665, #144737
532 * update init.d to not try and set time on nonexistent timestamp files,
534 * build with --with-all-insults, admin must edit sudoers to turn insults
535 on at runtime if desired, closes: #135374
536 * stop setting /usr/doc symlink in postinst
538 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
540 sudo (1.6.6-1.1) unstable; urgency=high
542 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
543 * Revert patch to auth/pam.c that left pass uninitialized, causing a
544 segfault (Closes: #144665).
546 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
548 sudo (1.6.6-1) unstable; urgency=high
550 * new upstream version, fixes security problem with crafty prompts,
553 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
555 sudo (1.6.5p1-4) unstable; urgency=high
557 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
558 if ctrl/C'ed at password prompt, closes: #131235
560 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
562 sudo (1.6.5p1-3) unstable; urgency=high
564 * ugly hack to add --disable-saved-ids when building on sparc in response
565 to 131592, which will be reassigned to glibc for a real fix
566 * urgency high since the sudo currently in testing for sparc is worthless
568 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
570 sudo (1.6.5p1-2) unstable; urgency=high
572 * patch from upstream to fix seg faults caused by versions of pam that
573 follow a NULL pointer, closes: #129512
575 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
577 sudo (1.6.5p1-1) unstable; urgency=high
579 * new upstream version
580 * add --disable-root-mailer option supported by new version to configure
581 call in rules file, closes: #129648
583 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
585 sudo (1.6.4p1-1) unstable; urgency=high
587 * new upstream version, with fix for segfaulting problem in 1.6.4
589 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
591 sudo (1.6.4-1) unstable; urgency=high
593 * new upstream version, includes an important security fix, closes: #127576
595 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
597 sudo (1.6.3p7-5) unstable; urgency=low
599 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
600 * fix spelling error in init.d, closes: #126847
602 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
604 sudo (1.6.3p7-4) unstable; urgency=medium
606 * use touch to set status files to an ancient date instead of removing them
607 outright on reboot. this achieves the desired effect of keeping elevated
608 privs from living across reboots, without forcing everyone to see the
609 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
610 for systems with good clocks, and 'recent enough' that broken PC hardware
611 setting the clock to commonly-seen bogus dates trips over the "don't trust
612 future timestamps" rule. closes: #76529, #123559
613 * apply patch from Steve Langasek to fix seg faults due to interaction with
614 PAM code. upstream confirms the problem, and says they're fixing this
615 differently for their next release... but this should be useful in the
616 meantime, and would be good to get into woody. closes: #119147
617 * only run the init.d at boot, not on each runlevel change... and don't run
618 it during package configure. closes: #125935
619 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
621 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
623 sudo (1.6.3p7-3) unstable; urgency=low
625 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
626 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
627 * fix a typo in the manpage, closes: #97368
628 * apply patch to configure.in and run autoconf to fix problem building on
629 the hurd, closes: #96325
630 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
631 to not last across reboots, closes: #76529
632 * clean up lintian-noticed cosmetic packaging issues
634 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
636 sudo (1.6.3p7-2) unstable; urgency=low
638 * update config.sub/guess for hppa support
640 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
642 sudo (1.6.3p7-1) unstable; urgency=low
644 * new upstream version
645 * add build dependency on mail-transport-agent, closes: #90685
647 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
649 sudo (1.6.3p6-1) unstable; urgency=high
651 * new upstream version, fixes buffer overflow problem,
652 closes: #87259, #87278, #87263
653 * revert to using --with-secure-path option at build time, since the option
654 available in sudoers is parsed too late to be useful, and upstream says
655 it won't get fixed quickly. This reopens 85123, which I will mark as
656 forwarded. Closes: #86199, #86117, #85676
658 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
660 sudo (1.6.3p5-2) unstable; urgency=low
662 * lose the dh_suidregister call since it's obsolete
663 * stop using the --with-secure-path option at build time, and instead show
664 how to set it in sudoers. Closes: #85123
665 * freshen config.sub and config.guess for ia64 and hppa
666 * update sudoers man page to indicate exempt_group is on by default,
669 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
671 sudo (1.6.3p5-1) unstable; urgency=low
673 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
674 * this version restores core dumps before the exec, while leaving them
675 disabled during sudo's internal execution, closes: #58289
676 * update debhelper calls in rules file
678 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
680 sudo (1.6.2p2-1) frozen unstable; urgency=medium
682 * new upstream source resulting from direct collaboration with the upstream
683 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
684 Closes: #56129, #55978, #55979, #56550, #56772
685 * include more upstream documentation, closes: #55054
686 * pam.d fragment update, closes: #56129
688 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
690 sudo (1.6.1-1) unstable; urgency=low
692 * new upstream source, closes: #52750
694 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
696 sudo (1.6-2) unstable; urgency=low
698 * drop suidregister support for this package. The sudo executable is
699 essentially worthless unless it is setuid root, and making suidregister
700 work involves shipping a non-setuid executable in the .deb and setting the
701 perms in the postinst. On a long upgrade run, this can leave the sudo
702 executable 'broken' for a long time, which is unacceptable. With this
703 version, we ship the executable setuid root in the .deb. Closes: #51742
705 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
707 sudo (1.6-1) unstable; urgency=low
709 * new upstream version, many options previously set at compile-time are now
710 configurable at runtime.
711 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
714 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
716 sudo (1.5.9p4-1) unstable; urgency=low
718 * new upstream version, closes: #43464
719 * empty password handling was fixed in 1.5.8, closes: #31863
721 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
723 sudo (1.5.9p1-1) unstable; urgency=low
725 * new upstream version
727 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
729 sudo (1.5.8p1-1) unstable; urgency=medium
731 * new upstream version, closes 33690
732 * add dependency on libpam-modules, closes 34215, 33432
734 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
736 sudo (1.5.7p4-2) unstable; urgency=medium
738 * update the pam fragment provided so that sudo works with latest pam bits,
741 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
743 sudo (1.5.7p4-1) unstable; urgency=low
745 * new upstream release
747 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
749 sudo (1.5.6p5-1) unstable; urgency=low
751 * new upstream patch release
752 * add PAM support, closes 28594
754 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
756 sudo (1.5.6p2-2) unstable; urgency=low
758 * update copyright file, closes 24136
759 * review and close forwarded bugs believed fixed in this upstream version,
762 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
764 sudo (1.5.6p2-1) unstable; urgency=low
766 * new upstream release
768 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
770 sudo (1.5.4-4) frozen unstable; urgency=low
772 * update postinst to use groupadd, closes 21403
773 * move the suidregister stuff earlier in postinst to ensure it always runs
775 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
777 sudo (1.5.4-3) frozen unstable; urgency=low
779 * change /etc/sudoers from a conffile to being handled in postinst,
781 * add suidmanager support, closes 15711
782 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
783 unlikely to ever fix, and which just don't matter. closes 17146
784 * fix FSF address in copyright file, and submit exception for lintian
785 warning about sudo being setuid root
787 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
789 sudo (1.5.4-2) unstable; urgency=high
791 * patch from upstream author correcting/improving security fix
793 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
795 sudo (1.5.4-1) unstable; urgency=high
797 * new upstream version, includes a security fix
798 * change default editor from /bin/ae to /usr/bin/editor
800 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
802 sudo (1.5.3-1) unstable; urgency=medium
804 * new upstream version, closes bug 15911.
805 * rules file reworked to use debhelper
806 * implement a really gross hack to force use of the sudo-provided
807 lsearch(), since the one in libc6 is broken! This closes bugs
808 12552, 12557, 14881, 15259, 15916.
810 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
812 sudo (1.5.2-6) unstable; urgency=LOW
814 * don't install INSTALL in the doc directory, closes bug 13195.
816 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
818 sudo (1.5.2-5) unstable; urgency=LOW
822 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
824 sudo (1.5.2-4) unstable; urgency=LOW
826 * change TIMEOUT (how long before you have to type your password again)
827 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
828 packages on slower machines much more tolerable. Closes bug 9076.
829 * touch debian/suid before debstd. Closes bug 8709.
831 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
833 sudo (1.5.2-3) frozen unstable; urgency=LOW
835 * patch from upstream maintainer to close Bug 6828
836 * add a debian/suid file to get debstd to leave my perl postinst alone
838 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
840 sudo (1.5.2-2) frozen unstable; urgency=LOW
842 * change rules to use -O2 -Wall as per standards
844 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
846 sudo (1.5.2-1) unstable; urgency=LOW
848 * new upstream version
849 * cosmetic changes to debian package control files
851 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
853 sudo (1.5-2) unstable; urgency=LOW
855 * add /usr/X11R6/bin to the end of the secure path... this makes it
856 much easier to run xmkmf, etc., during package builds. To the extent
857 that /usr/local/sbin and /usr/local/bin were already included, I see
858 no security reasons not to add this.
860 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
862 sudo (1.5-1) unstable; urgency=LOW
864 * New upstream version
866 * New packaging format
868 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
870 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
874 * hard code SECURE_PATH to:
875 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
879 * enabled EXEMPTGROUP "sudo"
881 * moved timestamp dir to /var/log/sudo
883 * changed parser to check for long and short filenames (Bug#1162)
885 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
889 * New upstream source
891 * Fixed postinst script
892 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
894 * Removed special shadow binary. This version works with and without
895 shadow password file.
897 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
901 * Corrected editor path to /bin/ae (Bug#3062)
903 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
905 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
909 * New upstream version
911 * Changed sudoers permission to 440 (owner root, group root) to make
914 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
918 * Applied upstream patch 1
920 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
924 * Applied upstream patch 2
926 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
930 * Applied upstream patch 3 (fixes problems with an NFS-mounted
934 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
938 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
939 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
941 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
945 * Applied upstream patch 4 (fixes several bugs)
947 * Changed priority to optional
949 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
953 * Corrected postinst to create correct permission for /etc/sudoers
956 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
960 * New upstream version
963 sudo (1.4.4-2) admin; urgency=HIGH
965 * Fixed major security bug reported by Peter Tobias
966 <tobias@et-inf.fho-emden.de>
967 * Added dchanges support to debian.rules
969 sudo (1.4.5-1) admin; urgency=LOW
971 * New upstream version
972 * Minor changes to debian.rules