1 sudo (1.8.5-1) UNRELEASED; urgency=low
4 * patch to actually use hardening build flags, closes: #655417
5 * fix sudo-ldap.postinst syntax issue, closes: #669576
7 -- Bdale Garbee <bdale@gag.com> Wed, 16 May 2012 09:28:00 -0600
9 sudo (1.8.3p2-1) unstable; urgency=high
11 * new upstream version, closes: #657985 (CVE-2012-0809)
12 * patch from Pino Toscano to only use selinux on Linux, closes: #655894
14 -- Bdale Garbee <bdale@gag.com> Mon, 30 Jan 2012 16:11:54 -0700
16 sudo (1.8.3p1-3) unstable; urgency=low
18 * patch from Moritz Muehlenhoff enables hardened build flags, closes: #655417
19 * replacement postinst script from Mike Beattie using shell instead of Perl
20 * include systemd service file from Michael Stapelberg, closes: #639633
21 * add init.d status support, closes: #641782
22 * make sudo-ldap package manage a sudoers entry in nsswitch.conf,
23 closes: #610600, #639530
24 * enable mail_badpass in the default sudoers file, closes: #641218
25 * enable selinux support, closes: #655510
27 -- Bdale Garbee <bdale@gag.com> Wed, 11 Jan 2012 16:18:13 -0700
29 sudo (1.8.3p1-2) unstable; urgency=low
31 * if upgrading from squeeze, and the sudoers file is unmodified, avoid
32 the packaging system prompting the user about a change they didn't make
33 now that sudoers is a conffile, closes: #612532, #636049
34 * add a recommendation for the use of visudo to the sudoers.d/README file,
37 -- Bdale Garbee <bdale@gag.com> Sat, 12 Nov 2011 16:27:13 -0700
39 sudo (1.8.3p1-1) unstable; urgency=low
41 * new upstream version, closes: #646478
43 -- Bdale Garbee <bdale@gag.com> Thu, 27 Oct 2011 01:03:44 +0200
45 sudo (1.8.3-1) unstable; urgency=low
47 * new upstream version, closes: #639391, #639568
49 -- Bdale Garbee <bdale@gag.com> Sat, 22 Oct 2011 23:49:16 -0600
51 sudo (1.8.2-2) unstable; urgency=low
54 * debian/rules improvements, closes: #642535
55 + mv upstream sample.* files to the examples folder.
56 - do not call dh_installexamples.
59 * patch from upstream for SIGBUS on sparc64, closes: #640304
60 * use common-session-noninteractive in the pam config to reduce log noise
61 when sudo is used in cron, etc, closes: #519700
62 * patch from Steven McDonald to fix segfault on startup under certain
63 conditions, closes: #639568
64 * add a NEWS entry regarding the secure_path change made in 1.8.2-1,
67 -- Bdale Garbee <bdale@gag.com> Mon, 26 Sep 2011 21:55:56 -0600
69 sudo (1.8.2-1) unstable; urgency=low
71 * new upstream version, closes: #637449, #621830
72 * include common-session in pam config, closes: #519700, #607199
73 * move secure_path from configure to default sudoers, closes: #85123, 85917
74 * improve sudoers self-documentation, closes: #613639
75 * drop --disable-setresuid since modern systems should not run 2.2 kernels
76 * lose the --with-devel configure option since it's breaking builds in
77 subdirectories for some reason
79 -- Bdale Garbee <bdale@gag.com> Wed, 24 Aug 2011 13:33:11 -0600
81 sudo (1.7.4p6-1) unstable; urgency=low
83 * new upstream version
84 * touch the right stamp name after configuring, closes: #611287
85 * patch from Svante Signell to fix build problem on Hurd, closes: #611290
87 -- Bdale Garbee <bdale@gag.com> Wed, 09 Feb 2011 11:32:58 -0700
89 sudo (1.7.4p4-6) unstable; urgency=low
91 * update /etc/sudoers.d/README now that sudoers is a conffile
92 * patch from upstream to fix special case in password checking code
93 when only the gid is changing, closes: #609641
95 -- Bdale Garbee <bdale@gag.com> Tue, 11 Jan 2011 10:22:39 -0700
97 sudo (1.7.4p4-5) unstable; urgency=low
99 * patch from Jakub Wilk to add noopt and nostrip build option support,
101 * make sudoers a conffile, closes: #605130
102 * add descriptions to LSB init headers, closes: #604619
103 * change default sudoers %sudo entry to allow gid changes, closes: #602699
104 * add Vcs entries to the control file
105 * use debhelper install files instead of explicit installs in rules
107 -- Bdale Garbee <bdale@gag.com> Wed, 01 Dec 2010 20:32:31 -0700
109 sudo (1.7.4p4-4) unstable; urgency=low
111 * patch from upstream to resolve problem always prompting for a password
112 when run without a tty, closes: #599376
113 * patch from upstream to resolve interoperability problem between HOME in
114 env_keep and the -H flag, closes: #596493
115 * change path syntax to avoid tar error when /var/run/sudo exists but is
116 empty, closes: #598877
118 -- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600
120 sudo (1.7.4p4-3) unstable; urgency=low
122 * make postinst clause for handling /var/run -> /var/lib transition less
123 fragile, closes: #585514
124 * cope with upstream's Makefile trying to install ChangeLog in our doc
125 directory, closes: #597389
126 * fix README.Debian to reflect that HOME is no longer preserved by default,
129 -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
131 sudo (1.7.4p4-2) unstable; urgency=low
133 * add a NEWS item about change in $HOME handling that impacts programs
136 -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
138 sudo (1.7.4p4-1) unstable; urgency=high
140 * new upstream version, urgency high due to fix for flaw in Runas group
141 matching (CVE-2010-2956), closes: #595935
142 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
143 re-lecturing existing users, and to clean up after ourselves on upgrade,
144 and remove the RAMRUN section from README.Debian since the new state dir
145 should fix the original problem, closes: #585514
146 * deliver README.Debian to both package flavors, closes: #593579
148 -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600
150 sudo (1.7.2p7-1) unstable; urgency=high
152 * new upstream release with security fix for secure path (CVE-2010-1646),
154 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
155 about whether to give the lecture is preserved across reboots even when
156 RAMRUN is set, closes: #581393
157 * add a note to README.Debian about LDAP needing an entry in
158 /etc/nsswitch.conf, closes: #522065
159 * add a note to README.Debian about how to turn off lectures if using
160 RAMRUN in /etc/default/rcS, closes: #581393
162 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
164 sudo (1.7.2p6-1) unstable; urgency=low
166 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
168 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
170 sudo (1.7.2p5-1) unstable; urgency=low
172 * new upstream release, closes a bug filed upstream regarding missing man
173 page processing scripts in the 1.7.2p1 tarball, also includes the fix
174 for CVE-2010-0426 previously the subject of a security team nmu
175 * move to source format 3.0 (quilt) and restructure changes as patches
176 * fix unprocessed substitution variables in man pages, closes: #557204
177 * apply patch from Neil Moore to fix Debian-specific content in the
178 visudo man page, closes: #555013
179 * update descriptions to better explain sudo-ldap, closes: #573108
180 * eliminate spurious 'and' in man page, closes: #571620
181 * fix confusing text in default sudoers, closes: #566607
183 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
185 sudo (1.7.2p1-1) unstable; urgency=low
187 * new upstream version
188 * add support for /etc/sudoers.d using #includedir in default sudoers,
189 which I think is also a good solution to the request for a crontab-like
190 API requested in March of 2001, closes: #539994, #271813, #89743
191 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
193 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
195 sudo (1.7.2-2) unstable; urgency=low
197 * further improve initial sudoers to not include the NOPASSWD option on
198 the group sudo exception, closes: #539136, #198991
200 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
202 sudo (1.7.2-1) unstable; urgency=low
204 * new upstream version, closes: #537103
205 * improve initial sudoers by having the exemption for users in group
206 sudo on by default, and including the ability to run any command as
207 any user. This makes the default install roughly equivalent to our
208 old use of the --with-exempt=sudo build option, closes: #536220, #536222
210 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
212 sudo (1.7.0-1) unstable; urgency=low
214 * new upstream version, closes: #510179, #128268, #520274, #508514
215 * fix ldap config file path for sudo-ldap package, including creating
216 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
217 package, closes: #430826
218 * fix NOPASSWD entry location in default config file for the sudo-ldap
219 instance too, closes: #479616
221 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
223 sudo (1.6.9p17-2) unstable; urgency=high
225 * patch from upstream to fix privilege escalation with certain
226 configurations, CVE-2009-0034
227 * typo in sudoers man page, closes: #507163
229 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
231 sudo (1.6.9p17-1) unstable; urgency=low
233 * new upstream version, closes: #481008
234 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
235 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
236 in move from CVS to git for package management, closes: #475821
237 * re-instate the init.d for the sudo-ldap package too... /o\
239 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
241 sudo (1.6.9p15-2) unstable; urgency=low
243 * revert the fix for 388659 such that visudo once again defaults to using
244 /usr/bin/editor. I was always ambivalent about this change, it has caused
245 more confusion and frustration than it cured, and I find Justin's line of
246 reasoning persuasive. Update the man page source to reflect this choice
247 and the related use of --with-env-editor. Closes: #474197.
248 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
250 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
252 sudo (1.6.9p15-1) unstable; urgency=low
254 * new upstream version, closes: #467126, #473337
255 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
256 thanks to Justin Pryzby for pointing this out
257 * reinstate the init.d, since bootclean doesn't quite do what we want. This
258 also means we don't need the preinst scripts any more. Update the lintian
259 overrides since postinst is a Perl script lintian apparently isn't parsing
260 well. closes: #330868
262 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
264 sudo (1.6.9p12-1) unstable; urgency=low
266 * new upstream version, closes: #464890
268 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
270 sudo (1.6.9p11-3) unstable; urgency=low
272 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
274 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
276 sudo (1.6.9p11-2) unstable; urgency=low
278 * update version compared in preinst when removing obsolete init.d,
280 * implement pam session config suggestions from Elizabeth Fong,
281 closes: #452457, #402329
283 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
285 sudo (1.6.9p11-1) unstable; urgency=low
287 * new upstream version
289 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
291 sudo (1.6.9p10-1) unstable; urgency=low
293 * new upstream version
294 * tweak default password prompt as %u doesn't make sense. Accept patch from
295 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
296 uses it by default, closes: #454409
297 * accept patch from Martin Pitt that adds a prerm making it difficult to
298 "accidentally" remove sudo when there is no root password set on the
299 system, closes: #451241
301 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
303 sudo (1.6.9p9-1) unstable; urgency=low
305 * new upstream version
306 * debian/rules: configure a more informative default password prompt to
307 reduce confusion when using sudo to invoke commands which also ask for
308 passwords, closes: #343268
309 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
310 a custom prompt, closes: #448628.
311 * fix configure's ability to discover that libc has dirfd, closes: #451324
312 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
313 the command 'visudo' invokes a vi variant by default as documented,
316 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
318 sudo (1.6.9p6-1) unstable; urgency=low
320 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
321 closes: #434832, #434608, #430382
322 * eliminate the now-redundant init.d scripts, closes: #397090
323 * fix typo in TROUBLESHOOTING file, closes: #439624
325 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
327 sudo (1.6.8p12-6) unstable; urgency=low
329 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
330 * have init.d touch directories in /var/run/sudo, not just files, as a
332 * fix various typos in sudoers.pod, closes: #419749
333 * don't let Makefile strip binaries, closes: #438073
335 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
337 sudo (1.6.8p12-5) unstable; urgency=low
339 * update debian/copyright to reflect new upstream URL, closes: #368746
340 * add sandwich cartoon URL to the README.Debian
341 * don't remove sudoers on purge. can cause problems when moving between
342 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
343 evil choice for now, closes: #401366
344 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
346 * accept patch that improves debian/rules from Ted Percival, closes: #382122
347 * no longer build with --with-exempt=sudo, provide an example entry in the
348 default sudoers file instead, closes: #296605
349 * add --with-devel to configure and augment build dependencies so that flex
350 and yacc files get re-generated on every build, closes: #316249
352 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
354 sudo (1.6.8p12-4) unstable; urgency=low
356 * patch from Petter Reinholdtsen for the LSB info block in the init.d
357 script, closes: #361055
358 * deliver sudoers sample again, closes: #361593
360 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
362 sudo (1.6.8p12-3) unstable; urgency=low
364 * force-feed configure knowledge of nroff's path so we get unformatted man
365 pages installed without build-depending on groff-base, closes: #360894
366 * add a reference to OPTIONS in the man page, closes: #186226
368 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
370 sudo (1.6.8p12-2) unstable; urgency=low
372 * fix typos in init scripts, closes: #346325
373 * update to debhelper compat level 5
374 * build depend on autotools-dev to ensure config.sub/guess are fresh
375 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
376 use it here as well. Thanks to Martin and the debian-security team.
377 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
378 closes: #315115, #315718, #203874
379 * Non-maintainer upload by the Security Team
380 * Reworked the former patch to limit environment variables from being
381 passed through, set env_reset as default instead [sudo.c, env.c,
382 sudoers.pod, Bug#342948, CVE-2005-4158]
383 * env_reset is now set by default
384 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
385 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
386 (in addition to the SUDO_* variables)
387 * Rebuild sudoers.man.in from the POD file
388 * Added README.Debian
389 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
390 * simplify rules file by using more of Makefile, despite having to override
391 default directories with more arguments to configure, closes: #292833
392 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
393 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
394 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
395 unresolveable (requires adding bison as build dep), closes: #314949
397 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
399 sudo (1.6.8p12-1) unstable; urgency=low
401 * new upstream version, closes: #342948 (CVE-2005-4158)
402 * add env_reset to the sudoers file we create if none already exists,
403 as a further precaution in response to discussion about CVS-2005-4158
404 * split ldap support into a new sudo-ldap package. I was trying to avoid
405 doing this, but the impact of going from 4 to 17 linked shlibs on the
406 autobuilder chroots is sufficient motivation for me.
409 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
411 sudo (1.6.8p9-4) unstable; urgency=low
413 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
414 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
415 timestamps in the init.d script, closes: #330868
416 * add dependency header to init.d script, closes: #332849
418 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
420 sudo (1.6.8p9-3) unstable; urgency=high
422 * update debhelper compatibility level from 2 to 4
423 * add man page symlink for sudoedit
424 * Clean SHELLOPTS and PS4 from the environment before executing programs
425 with sudo permissions [env.c, CAN-2005-2959]
426 * fix typo in manpage pointed out by Moray Allen, closes: #285995
427 * fix paths in sample complex sudoers file, closes: #303542
428 * fix type in sudoers man page, closes: #311244
430 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
432 sudo (1.6.8p9-2) unstable; urgency=high
434 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
437 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
439 sudo (1.6.8p9-1) unstable; urgency=high
441 * new upstream version, fixes a race condition in sudo's pathname
442 validation, which is a security issue (CAN-2005-1993),
443 closes: #315115, #315718
445 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
447 sudo (1.6.8p7-1) unstable; urgency=low
449 * new upstream version, closes: #299585
450 * update lintian overrides to squelch the postinst warning
451 * change sudoedit from a hard to a soft link, closes: #296896
452 * fix regex doc in sudoers man page, closes: #300361
454 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
456 sudo (1.6.8p5-1) unstable; urgency=high
458 * new upstream version
459 * restores ability to use config tuples without a value, which was causing
460 problems on upgrade closes: #283306
461 * deliver sudoedit, closes: #283078
462 * marking urgency high since 283306 is a serious upgrade incompatibility
464 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
466 sudo (1.6.8p3-2) unstable; urgency=high
468 * update pam.d deliverable so ldap works again, closes: #282191
470 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
472 sudo (1.6.8p3-1) unstable; urgency=high
474 * new upstream version, fixes a flaw in sudo's environment sanitizing that
475 could allow a malicious user with permission to run a shell script that
476 utilized the bash shell to run arbitrary commands, closes: #281665
477 * patch the sample sudoers to have the proper path for kill on Debian
478 systems, closes: #263486
479 * patch the sudo manpage to reflect Debian's choice of exempt_group
480 default setting, closes: #236465
481 * patch the sudo manpage to reflect Debian's choice of no timeout on the
482 password prompt, closes: #271194
484 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
486 sudo (1.6.7p5-2) unstable; urgency=low
488 * Jeff Bailey reports that seteuid works on current sparc systems, so we
489 no longer need the "grosshack" stuff in the sudo rules file
490 * add a postrm that removes /etc/sudoers on purge. don't do this with the
491 normal conffile mechanism since it would generate noise on every upgrade,
494 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
496 sudo (1.6.7p5-1) unstable; urgency=low
498 * new upstream version, closes: #190265, #193222, #197244
499 * change from '.' to ':' in postinst chown call, closes: #208369
501 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
503 sudo (1.6.7p3-2) unstable; urgency=low
505 * add --disable-setresuid to configure call since 2.2 kernels don't support
506 setresgid, closes: #189044
507 * cosmetic cleanups to debian/rules as long as I'm there
509 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
511 sudo (1.6.7p3-1) unstable; urgency=low
513 * new upstream version
514 * add overrides to quiet lintian about things it doesn't understand,
515 except the source one that can't be overridden until 129510 is fixed
517 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
519 sudo (1.6.6-3) unstable; urgency=low
521 * add code to rules file to update config.sub/guess, closes: #164501
523 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
525 sudo (1.6.6-2) unstable; urgency=low
527 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
528 configure, and lose the build dependency on mail-transport-agent
529 * incorporate changes from LaMont's NMU, closes: #144665, #144737
530 * update init.d to not try and set time on nonexistent timestamp files,
532 * build with --with-all-insults, admin must edit sudoers to turn insults
533 on at runtime if desired, closes: #135374
534 * stop setting /usr/doc symlink in postinst
536 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
538 sudo (1.6.6-1.1) unstable; urgency=high
540 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
541 * Revert patch to auth/pam.c that left pass uninitialized, causing a
542 segfault (Closes: #144665).
544 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
546 sudo (1.6.6-1) unstable; urgency=high
548 * new upstream version, fixes security problem with crafty prompts,
551 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
553 sudo (1.6.5p1-4) unstable; urgency=high
555 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
556 if ctrl/C'ed at password prompt, closes: #131235
558 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
560 sudo (1.6.5p1-3) unstable; urgency=high
562 * ugly hack to add --disable-saved-ids when building on sparc in response
563 to 131592, which will be reassigned to glibc for a real fix
564 * urgency high since the sudo currently in testing for sparc is worthless
566 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
568 sudo (1.6.5p1-2) unstable; urgency=high
570 * patch from upstream to fix seg faults caused by versions of pam that
571 follow a NULL pointer, closes: #129512
573 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
575 sudo (1.6.5p1-1) unstable; urgency=high
577 * new upstream version
578 * add --disable-root-mailer option supported by new version to configure
579 call in rules file, closes: #129648
581 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
583 sudo (1.6.4p1-1) unstable; urgency=high
585 * new upstream version, with fix for segfaulting problem in 1.6.4
587 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
589 sudo (1.6.4-1) unstable; urgency=high
591 * new upstream version, includes an important security fix, closes: #127576
593 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
595 sudo (1.6.3p7-5) unstable; urgency=low
597 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
598 * fix spelling error in init.d, closes: #126847
600 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
602 sudo (1.6.3p7-4) unstable; urgency=medium
604 * use touch to set status files to an ancient date instead of removing them
605 outright on reboot. this achieves the desired effect of keeping elevated
606 privs from living across reboots, without forcing everyone to see the
607 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
608 for systems with good clocks, and 'recent enough' that broken PC hardware
609 setting the clock to commonly-seen bogus dates trips over the "don't trust
610 future timestamps" rule. closes: #76529, #123559
611 * apply patch from Steve Langasek to fix seg faults due to interaction with
612 PAM code. upstream confirms the problem, and says they're fixing this
613 differently for their next release... but this should be useful in the
614 meantime, and would be good to get into woody. closes: #119147
615 * only run the init.d at boot, not on each runlevel change... and don't run
616 it during package configure. closes: #125935
617 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
619 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
621 sudo (1.6.3p7-3) unstable; urgency=low
623 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
624 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
625 * fix a typo in the manpage, closes: #97368
626 * apply patch to configure.in and run autoconf to fix problem building on
627 the hurd, closes: #96325
628 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
629 to not last across reboots, closes: #76529
630 * clean up lintian-noticed cosmetic packaging issues
632 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
634 sudo (1.6.3p7-2) unstable; urgency=low
636 * update config.sub/guess for hppa support
638 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
640 sudo (1.6.3p7-1) unstable; urgency=low
642 * new upstream version
643 * add build dependency on mail-transport-agent, closes: #90685
645 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
647 sudo (1.6.3p6-1) unstable; urgency=high
649 * new upstream version, fixes buffer overflow problem,
650 closes: #87259, #87278, #87263
651 * revert to using --with-secure-path option at build time, since the option
652 available in sudoers is parsed too late to be useful, and upstream says
653 it won't get fixed quickly. This reopens 85123, which I will mark as
654 forwarded. Closes: #86199, #86117, #85676
656 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
658 sudo (1.6.3p5-2) unstable; urgency=low
660 * lose the dh_suidregister call since it's obsolete
661 * stop using the --with-secure-path option at build time, and instead show
662 how to set it in sudoers. Closes: #85123
663 * freshen config.sub and config.guess for ia64 and hppa
664 * update sudoers man page to indicate exempt_group is on by default,
667 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
669 sudo (1.6.3p5-1) unstable; urgency=low
671 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
672 * this version restores core dumps before the exec, while leaving them
673 disabled during sudo's internal execution, closes: #58289
674 * update debhelper calls in rules file
676 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
678 sudo (1.6.2p2-1) frozen unstable; urgency=medium
680 * new upstream source resulting from direct collaboration with the upstream
681 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
682 Closes: #56129, #55978, #55979, #56550, #56772
683 * include more upstream documentation, closes: #55054
684 * pam.d fragment update, closes: #56129
686 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
688 sudo (1.6.1-1) unstable; urgency=low
690 * new upstream source, closes: #52750
692 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
694 sudo (1.6-2) unstable; urgency=low
696 * drop suidregister support for this package. The sudo executable is
697 essentially worthless unless it is setuid root, and making suidregister
698 work involves shipping a non-setuid executable in the .deb and setting the
699 perms in the postinst. On a long upgrade run, this can leave the sudo
700 executable 'broken' for a long time, which is unacceptable. With this
701 version, we ship the executable setuid root in the .deb. Closes: #51742
703 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
705 sudo (1.6-1) unstable; urgency=low
707 * new upstream version, many options previously set at compile-time are now
708 configurable at runtime.
709 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
712 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
714 sudo (1.5.9p4-1) unstable; urgency=low
716 * new upstream version, closes: #43464
717 * empty password handling was fixed in 1.5.8, closes: #31863
719 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
721 sudo (1.5.9p1-1) unstable; urgency=low
723 * new upstream version
725 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
727 sudo (1.5.8p1-1) unstable; urgency=medium
729 * new upstream version, closes 33690
730 * add dependency on libpam-modules, closes 34215, 33432
732 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
734 sudo (1.5.7p4-2) unstable; urgency=medium
736 * update the pam fragment provided so that sudo works with latest pam bits,
739 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
741 sudo (1.5.7p4-1) unstable; urgency=low
743 * new upstream release
745 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
747 sudo (1.5.6p5-1) unstable; urgency=low
749 * new upstream patch release
750 * add PAM support, closes 28594
752 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
754 sudo (1.5.6p2-2) unstable; urgency=low
756 * update copyright file, closes 24136
757 * review and close forwarded bugs believed fixed in this upstream version,
760 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
762 sudo (1.5.6p2-1) unstable; urgency=low
764 * new upstream release
766 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
768 sudo (1.5.4-4) frozen unstable; urgency=low
770 * update postinst to use groupadd, closes 21403
771 * move the suidregister stuff earlier in postinst to ensure it always runs
773 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
775 sudo (1.5.4-3) frozen unstable; urgency=low
777 * change /etc/sudoers from a conffile to being handled in postinst,
779 * add suidmanager support, closes 15711
780 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
781 unlikely to ever fix, and which just don't matter. closes 17146
782 * fix FSF address in copyright file, and submit exception for lintian
783 warning about sudo being setuid root
785 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
787 sudo (1.5.4-2) unstable; urgency=high
789 * patch from upstream author correcting/improving security fix
791 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
793 sudo (1.5.4-1) unstable; urgency=high
795 * new upstream version, includes a security fix
796 * change default editor from /bin/ae to /usr/bin/editor
798 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
800 sudo (1.5.3-1) unstable; urgency=medium
802 * new upstream version, closes bug 15911.
803 * rules file reworked to use debhelper
804 * implement a really gross hack to force use of the sudo-provided
805 lsearch(), since the one in libc6 is broken! This closes bugs
806 12552, 12557, 14881, 15259, 15916.
808 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
810 sudo (1.5.2-6) unstable; urgency=LOW
812 * don't install INSTALL in the doc directory, closes bug 13195.
814 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
816 sudo (1.5.2-5) unstable; urgency=LOW
820 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
822 sudo (1.5.2-4) unstable; urgency=LOW
824 * change TIMEOUT (how long before you have to type your password again)
825 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
826 packages on slower machines much more tolerable. Closes bug 9076.
827 * touch debian/suid before debstd. Closes bug 8709.
829 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
831 sudo (1.5.2-3) frozen unstable; urgency=LOW
833 * patch from upstream maintainer to close Bug 6828
834 * add a debian/suid file to get debstd to leave my perl postinst alone
836 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
838 sudo (1.5.2-2) frozen unstable; urgency=LOW
840 * change rules to use -O2 -Wall as per standards
842 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
844 sudo (1.5.2-1) unstable; urgency=LOW
846 * new upstream version
847 * cosmetic changes to debian package control files
849 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
851 sudo (1.5-2) unstable; urgency=LOW
853 * add /usr/X11R6/bin to the end of the secure path... this makes it
854 much easier to run xmkmf, etc., during package builds. To the extent
855 that /usr/local/sbin and /usr/local/bin were already included, I see
856 no security reasons not to add this.
858 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
860 sudo (1.5-1) unstable; urgency=LOW
862 * New upstream version
864 * New packaging format
866 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
868 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
872 * hard code SECURE_PATH to:
873 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
877 * enabled EXEMPTGROUP "sudo"
879 * moved timestamp dir to /var/log/sudo
881 * changed parser to check for long and short filenames (Bug#1162)
883 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
887 * New upstream source
889 * Fixed postinst script
890 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
892 * Removed special shadow binary. This version works with and without
893 shadow password file.
895 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
899 * Corrected editor path to /bin/ae (Bug#3062)
901 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
903 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
907 * New upstream version
909 * Changed sudoers permission to 440 (owner root, group root) to make
912 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
916 * Applied upstream patch 1
918 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
922 * Applied upstream patch 2
924 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
928 * Applied upstream patch 3 (fixes problems with an NFS-mounted
932 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
936 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
937 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
939 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
943 * Applied upstream patch 4 (fixes several bugs)
945 * Changed priority to optional
947 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
951 * Corrected postinst to create correct permission for /etc/sudoers
954 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
958 * New upstream version
961 sudo (1.4.4-2) admin; urgency=HIGH
963 * Fixed major security bug reported by Peter Tobias
964 <tobias@et-inf.fho-emden.de>
965 * Added dchanges support to debian.rules
967 sudo (1.4.5-1) admin; urgency=LOW
969 * New upstream version
970 * Minor changes to debian.rules