1 sudo (1.8.5p2-2) UNRELEASED; urgency=low
3 * make sudo-ldap package's init.d script be called sudo-ldap
5 -- Bdale Garbee <bdale@gag.com> Mon, 09 Jul 2012 20:01:31 -0600
7 sudo (1.8.5p2-1) unstable; urgency=low
10 * patch to use flock on hurd, run autoconf in rules, closes: #655883
11 * patch to avoid calling unlink with null pointer on hurd, closes: #655948
12 * patch to actually use hardening build flags, closes: #655417
13 * fix sudo-ldap.postinst syntax issue, closes: #669576
15 -- Bdale Garbee <bdale@gag.com> Thu, 28 Jun 2012 12:01:37 -0600
17 sudo (1.8.3p2-1) unstable; urgency=high
19 * new upstream version, closes: #657985 (CVE-2012-0809)
20 * patch from Pino Toscano to only use selinux on Linux, closes: #655894
22 -- Bdale Garbee <bdale@gag.com> Mon, 30 Jan 2012 16:11:54 -0700
24 sudo (1.8.3p1-3) unstable; urgency=low
26 * patch from Moritz Muehlenhoff enables hardened build flags, closes: #655417
27 * replacement postinst script from Mike Beattie using shell instead of Perl
28 * include systemd service file from Michael Stapelberg, closes: #639633
29 * add init.d status support, closes: #641782
30 * make sudo-ldap package manage a sudoers entry in nsswitch.conf,
31 closes: #610600, #639530
32 * enable mail_badpass in the default sudoers file, closes: #641218
33 * enable selinux support, closes: #655510
35 -- Bdale Garbee <bdale@gag.com> Wed, 11 Jan 2012 16:18:13 -0700
37 sudo (1.8.3p1-2) unstable; urgency=low
39 * if upgrading from squeeze, and the sudoers file is unmodified, avoid
40 the packaging system prompting the user about a change they didn't make
41 now that sudoers is a conffile, closes: #612532, #636049
42 * add a recommendation for the use of visudo to the sudoers.d/README file,
45 -- Bdale Garbee <bdale@gag.com> Sat, 12 Nov 2011 16:27:13 -0700
47 sudo (1.8.3p1-1) unstable; urgency=low
49 * new upstream version, closes: #646478
51 -- Bdale Garbee <bdale@gag.com> Thu, 27 Oct 2011 01:03:44 +0200
53 sudo (1.8.3-1) unstable; urgency=low
55 * new upstream version, closes: #639391, #639568
57 -- Bdale Garbee <bdale@gag.com> Sat, 22 Oct 2011 23:49:16 -0600
59 sudo (1.8.2-2) unstable; urgency=low
62 * debian/rules improvements, closes: #642535
63 + mv upstream sample.* files to the examples folder.
64 - do not call dh_installexamples.
67 * patch from upstream for SIGBUS on sparc64, closes: #640304
68 * use common-session-noninteractive in the pam config to reduce log noise
69 when sudo is used in cron, etc, closes: #519700
70 * patch from Steven McDonald to fix segfault on startup under certain
71 conditions, closes: #639568
72 * add a NEWS entry regarding the secure_path change made in 1.8.2-1,
75 -- Bdale Garbee <bdale@gag.com> Mon, 26 Sep 2011 21:55:56 -0600
77 sudo (1.8.2-1) unstable; urgency=low
79 * new upstream version, closes: #637449, #621830
80 * include common-session in pam config, closes: #519700, #607199
81 * move secure_path from configure to default sudoers, closes: #85123, 85917
82 * improve sudoers self-documentation, closes: #613639
83 * drop --disable-setresuid since modern systems should not run 2.2 kernels
84 * lose the --with-devel configure option since it's breaking builds in
85 subdirectories for some reason
87 -- Bdale Garbee <bdale@gag.com> Wed, 24 Aug 2011 13:33:11 -0600
89 sudo (1.7.4p6-1) unstable; urgency=low
91 * new upstream version
92 * touch the right stamp name after configuring, closes: #611287
93 * patch from Svante Signell to fix build problem on Hurd, closes: #611290
95 -- Bdale Garbee <bdale@gag.com> Wed, 09 Feb 2011 11:32:58 -0700
97 sudo (1.7.4p4-6) unstable; urgency=low
99 * update /etc/sudoers.d/README now that sudoers is a conffile
100 * patch from upstream to fix special case in password checking code
101 when only the gid is changing, closes: #609641
103 -- Bdale Garbee <bdale@gag.com> Tue, 11 Jan 2011 10:22:39 -0700
105 sudo (1.7.4p4-5) unstable; urgency=low
107 * patch from Jakub Wilk to add noopt and nostrip build option support,
109 * make sudoers a conffile, closes: #605130
110 * add descriptions to LSB init headers, closes: #604619
111 * change default sudoers %sudo entry to allow gid changes, closes: #602699
112 * add Vcs entries to the control file
113 * use debhelper install files instead of explicit installs in rules
115 -- Bdale Garbee <bdale@gag.com> Wed, 01 Dec 2010 20:32:31 -0700
117 sudo (1.7.4p4-4) unstable; urgency=low
119 * patch from upstream to resolve problem always prompting for a password
120 when run without a tty, closes: #599376
121 * patch from upstream to resolve interoperability problem between HOME in
122 env_keep and the -H flag, closes: #596493
123 * change path syntax to avoid tar error when /var/run/sudo exists but is
124 empty, closes: #598877
126 -- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600
128 sudo (1.7.4p4-3) unstable; urgency=low
130 * make postinst clause for handling /var/run -> /var/lib transition less
131 fragile, closes: #585514
132 * cope with upstream's Makefile trying to install ChangeLog in our doc
133 directory, closes: #597389
134 * fix README.Debian to reflect that HOME is no longer preserved by default,
137 -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
139 sudo (1.7.4p4-2) unstable; urgency=low
141 * add a NEWS item about change in $HOME handling that impacts programs
144 -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
146 sudo (1.7.4p4-1) unstable; urgency=high
148 * new upstream version, urgency high due to fix for flaw in Runas group
149 matching (CVE-2010-2956), closes: #595935
150 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
151 re-lecturing existing users, and to clean up after ourselves on upgrade,
152 and remove the RAMRUN section from README.Debian since the new state dir
153 should fix the original problem, closes: #585514
154 * deliver README.Debian to both package flavors, closes: #593579
156 -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600
158 sudo (1.7.2p7-1) unstable; urgency=high
160 * new upstream release with security fix for secure path (CVE-2010-1646),
162 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
163 about whether to give the lecture is preserved across reboots even when
164 RAMRUN is set, closes: #581393
165 * add a note to README.Debian about LDAP needing an entry in
166 /etc/nsswitch.conf, closes: #522065
167 * add a note to README.Debian about how to turn off lectures if using
168 RAMRUN in /etc/default/rcS, closes: #581393
170 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
172 sudo (1.7.2p6-1) unstable; urgency=low
174 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
176 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
178 sudo (1.7.2p5-1) unstable; urgency=low
180 * new upstream release, closes a bug filed upstream regarding missing man
181 page processing scripts in the 1.7.2p1 tarball, also includes the fix
182 for CVE-2010-0426 previously the subject of a security team nmu
183 * move to source format 3.0 (quilt) and restructure changes as patches
184 * fix unprocessed substitution variables in man pages, closes: #557204
185 * apply patch from Neil Moore to fix Debian-specific content in the
186 visudo man page, closes: #555013
187 * update descriptions to better explain sudo-ldap, closes: #573108
188 * eliminate spurious 'and' in man page, closes: #571620
189 * fix confusing text in default sudoers, closes: #566607
191 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
193 sudo (1.7.2p1-1) unstable; urgency=low
195 * new upstream version
196 * add support for /etc/sudoers.d using #includedir in default sudoers,
197 which I think is also a good solution to the request for a crontab-like
198 API requested in March of 2001, closes: #539994, #271813, #89743
199 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
201 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
203 sudo (1.7.2-2) unstable; urgency=low
205 * further improve initial sudoers to not include the NOPASSWD option on
206 the group sudo exception, closes: #539136, #198991
208 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
210 sudo (1.7.2-1) unstable; urgency=low
212 * new upstream version, closes: #537103
213 * improve initial sudoers by having the exemption for users in group
214 sudo on by default, and including the ability to run any command as
215 any user. This makes the default install roughly equivalent to our
216 old use of the --with-exempt=sudo build option, closes: #536220, #536222
218 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
220 sudo (1.7.0-1) unstable; urgency=low
222 * new upstream version, closes: #510179, #128268, #520274, #508514
223 * fix ldap config file path for sudo-ldap package, including creating
224 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
225 package, closes: #430826
226 * fix NOPASSWD entry location in default config file for the sudo-ldap
227 instance too, closes: #479616
229 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
231 sudo (1.6.9p17-2) unstable; urgency=high
233 * patch from upstream to fix privilege escalation with certain
234 configurations, CVE-2009-0034
235 * typo in sudoers man page, closes: #507163
237 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
239 sudo (1.6.9p17-1) unstable; urgency=low
241 * new upstream version, closes: #481008
242 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
243 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
244 in move from CVS to git for package management, closes: #475821
245 * re-instate the init.d for the sudo-ldap package too... /o\
247 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
249 sudo (1.6.9p15-2) unstable; urgency=low
251 * revert the fix for 388659 such that visudo once again defaults to using
252 /usr/bin/editor. I was always ambivalent about this change, it has caused
253 more confusion and frustration than it cured, and I find Justin's line of
254 reasoning persuasive. Update the man page source to reflect this choice
255 and the related use of --with-env-editor. Closes: #474197.
256 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
258 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
260 sudo (1.6.9p15-1) unstable; urgency=low
262 * new upstream version, closes: #467126, #473337
263 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
264 thanks to Justin Pryzby for pointing this out
265 * reinstate the init.d, since bootclean doesn't quite do what we want. This
266 also means we don't need the preinst scripts any more. Update the lintian
267 overrides since postinst is a Perl script lintian apparently isn't parsing
268 well. closes: #330868
270 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
272 sudo (1.6.9p12-1) unstable; urgency=low
274 * new upstream version, closes: #464890
276 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
278 sudo (1.6.9p11-3) unstable; urgency=low
280 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
282 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
284 sudo (1.6.9p11-2) unstable; urgency=low
286 * update version compared in preinst when removing obsolete init.d,
288 * implement pam session config suggestions from Elizabeth Fong,
289 closes: #452457, #402329
291 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
293 sudo (1.6.9p11-1) unstable; urgency=low
295 * new upstream version
297 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
299 sudo (1.6.9p10-1) unstable; urgency=low
301 * new upstream version
302 * tweak default password prompt as %u doesn't make sense. Accept patch from
303 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
304 uses it by default, closes: #454409
305 * accept patch from Martin Pitt that adds a prerm making it difficult to
306 "accidentally" remove sudo when there is no root password set on the
307 system, closes: #451241
309 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
311 sudo (1.6.9p9-1) unstable; urgency=low
313 * new upstream version
314 * debian/rules: configure a more informative default password prompt to
315 reduce confusion when using sudo to invoke commands which also ask for
316 passwords, closes: #343268
317 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
318 a custom prompt, closes: #448628.
319 * fix configure's ability to discover that libc has dirfd, closes: #451324
320 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
321 the command 'visudo' invokes a vi variant by default as documented,
324 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
326 sudo (1.6.9p6-1) unstable; urgency=low
328 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
329 closes: #434832, #434608, #430382
330 * eliminate the now-redundant init.d scripts, closes: #397090
331 * fix typo in TROUBLESHOOTING file, closes: #439624
333 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
335 sudo (1.6.8p12-6) unstable; urgency=low
337 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
338 * have init.d touch directories in /var/run/sudo, not just files, as a
340 * fix various typos in sudoers.pod, closes: #419749
341 * don't let Makefile strip binaries, closes: #438073
343 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
345 sudo (1.6.8p12-5) unstable; urgency=low
347 * update debian/copyright to reflect new upstream URL, closes: #368746
348 * add sandwich cartoon URL to the README.Debian
349 * don't remove sudoers on purge. can cause problems when moving between
350 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
351 evil choice for now, closes: #401366
352 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
354 * accept patch that improves debian/rules from Ted Percival, closes: #382122
355 * no longer build with --with-exempt=sudo, provide an example entry in the
356 default sudoers file instead, closes: #296605
357 * add --with-devel to configure and augment build dependencies so that flex
358 and yacc files get re-generated on every build, closes: #316249
360 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
362 sudo (1.6.8p12-4) unstable; urgency=low
364 * patch from Petter Reinholdtsen for the LSB info block in the init.d
365 script, closes: #361055
366 * deliver sudoers sample again, closes: #361593
368 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
370 sudo (1.6.8p12-3) unstable; urgency=low
372 * force-feed configure knowledge of nroff's path so we get unformatted man
373 pages installed without build-depending on groff-base, closes: #360894
374 * add a reference to OPTIONS in the man page, closes: #186226
376 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
378 sudo (1.6.8p12-2) unstable; urgency=low
380 * fix typos in init scripts, closes: #346325
381 * update to debhelper compat level 5
382 * build depend on autotools-dev to ensure config.sub/guess are fresh
383 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
384 use it here as well. Thanks to Martin and the debian-security team.
385 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
386 closes: #315115, #315718, #203874
387 * Non-maintainer upload by the Security Team
388 * Reworked the former patch to limit environment variables from being
389 passed through, set env_reset as default instead [sudo.c, env.c,
390 sudoers.pod, Bug#342948, CVE-2005-4158]
391 * env_reset is now set by default
392 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
393 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
394 (in addition to the SUDO_* variables)
395 * Rebuild sudoers.man.in from the POD file
396 * Added README.Debian
397 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
398 * simplify rules file by using more of Makefile, despite having to override
399 default directories with more arguments to configure, closes: #292833
400 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
401 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
402 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
403 unresolveable (requires adding bison as build dep), closes: #314949
405 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
407 sudo (1.6.8p12-1) unstable; urgency=low
409 * new upstream version, closes: #342948 (CVE-2005-4158)
410 * add env_reset to the sudoers file we create if none already exists,
411 as a further precaution in response to discussion about CVS-2005-4158
412 * split ldap support into a new sudo-ldap package. I was trying to avoid
413 doing this, but the impact of going from 4 to 17 linked shlibs on the
414 autobuilder chroots is sufficient motivation for me.
417 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
419 sudo (1.6.8p9-4) unstable; urgency=low
421 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
422 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
423 timestamps in the init.d script, closes: #330868
424 * add dependency header to init.d script, closes: #332849
426 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
428 sudo (1.6.8p9-3) unstable; urgency=high
430 * update debhelper compatibility level from 2 to 4
431 * add man page symlink for sudoedit
432 * Clean SHELLOPTS and PS4 from the environment before executing programs
433 with sudo permissions [env.c, CAN-2005-2959]
434 * fix typo in manpage pointed out by Moray Allen, closes: #285995
435 * fix paths in sample complex sudoers file, closes: #303542
436 * fix type in sudoers man page, closes: #311244
438 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
440 sudo (1.6.8p9-2) unstable; urgency=high
442 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
445 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
447 sudo (1.6.8p9-1) unstable; urgency=high
449 * new upstream version, fixes a race condition in sudo's pathname
450 validation, which is a security issue (CAN-2005-1993),
451 closes: #315115, #315718
453 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
455 sudo (1.6.8p7-1) unstable; urgency=low
457 * new upstream version, closes: #299585
458 * update lintian overrides to squelch the postinst warning
459 * change sudoedit from a hard to a soft link, closes: #296896
460 * fix regex doc in sudoers man page, closes: #300361
462 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
464 sudo (1.6.8p5-1) unstable; urgency=high
466 * new upstream version
467 * restores ability to use config tuples without a value, which was causing
468 problems on upgrade closes: #283306
469 * deliver sudoedit, closes: #283078
470 * marking urgency high since 283306 is a serious upgrade incompatibility
472 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
474 sudo (1.6.8p3-2) unstable; urgency=high
476 * update pam.d deliverable so ldap works again, closes: #282191
478 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
480 sudo (1.6.8p3-1) unstable; urgency=high
482 * new upstream version, fixes a flaw in sudo's environment sanitizing that
483 could allow a malicious user with permission to run a shell script that
484 utilized the bash shell to run arbitrary commands, closes: #281665
485 * patch the sample sudoers to have the proper path for kill on Debian
486 systems, closes: #263486
487 * patch the sudo manpage to reflect Debian's choice of exempt_group
488 default setting, closes: #236465
489 * patch the sudo manpage to reflect Debian's choice of no timeout on the
490 password prompt, closes: #271194
492 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
494 sudo (1.6.7p5-2) unstable; urgency=low
496 * Jeff Bailey reports that seteuid works on current sparc systems, so we
497 no longer need the "grosshack" stuff in the sudo rules file
498 * add a postrm that removes /etc/sudoers on purge. don't do this with the
499 normal conffile mechanism since it would generate noise on every upgrade,
502 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
504 sudo (1.6.7p5-1) unstable; urgency=low
506 * new upstream version, closes: #190265, #193222, #197244
507 * change from '.' to ':' in postinst chown call, closes: #208369
509 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
511 sudo (1.6.7p3-2) unstable; urgency=low
513 * add --disable-setresuid to configure call since 2.2 kernels don't support
514 setresgid, closes: #189044
515 * cosmetic cleanups to debian/rules as long as I'm there
517 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
519 sudo (1.6.7p3-1) unstable; urgency=low
521 * new upstream version
522 * add overrides to quiet lintian about things it doesn't understand,
523 except the source one that can't be overridden until 129510 is fixed
525 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
527 sudo (1.6.6-3) unstable; urgency=low
529 * add code to rules file to update config.sub/guess, closes: #164501
531 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
533 sudo (1.6.6-2) unstable; urgency=low
535 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
536 configure, and lose the build dependency on mail-transport-agent
537 * incorporate changes from LaMont's NMU, closes: #144665, #144737
538 * update init.d to not try and set time on nonexistent timestamp files,
540 * build with --with-all-insults, admin must edit sudoers to turn insults
541 on at runtime if desired, closes: #135374
542 * stop setting /usr/doc symlink in postinst
544 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
546 sudo (1.6.6-1.1) unstable; urgency=high
548 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
549 * Revert patch to auth/pam.c that left pass uninitialized, causing a
550 segfault (Closes: #144665).
552 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
554 sudo (1.6.6-1) unstable; urgency=high
556 * new upstream version, fixes security problem with crafty prompts,
559 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
561 sudo (1.6.5p1-4) unstable; urgency=high
563 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
564 if ctrl/C'ed at password prompt, closes: #131235
566 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
568 sudo (1.6.5p1-3) unstable; urgency=high
570 * ugly hack to add --disable-saved-ids when building on sparc in response
571 to 131592, which will be reassigned to glibc for a real fix
572 * urgency high since the sudo currently in testing for sparc is worthless
574 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
576 sudo (1.6.5p1-2) unstable; urgency=high
578 * patch from upstream to fix seg faults caused by versions of pam that
579 follow a NULL pointer, closes: #129512
581 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
583 sudo (1.6.5p1-1) unstable; urgency=high
585 * new upstream version
586 * add --disable-root-mailer option supported by new version to configure
587 call in rules file, closes: #129648
589 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
591 sudo (1.6.4p1-1) unstable; urgency=high
593 * new upstream version, with fix for segfaulting problem in 1.6.4
595 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
597 sudo (1.6.4-1) unstable; urgency=high
599 * new upstream version, includes an important security fix, closes: #127576
601 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
603 sudo (1.6.3p7-5) unstable; urgency=low
605 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
606 * fix spelling error in init.d, closes: #126847
608 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
610 sudo (1.6.3p7-4) unstable; urgency=medium
612 * use touch to set status files to an ancient date instead of removing them
613 outright on reboot. this achieves the desired effect of keeping elevated
614 privs from living across reboots, without forcing everyone to see the
615 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
616 for systems with good clocks, and 'recent enough' that broken PC hardware
617 setting the clock to commonly-seen bogus dates trips over the "don't trust
618 future timestamps" rule. closes: #76529, #123559
619 * apply patch from Steve Langasek to fix seg faults due to interaction with
620 PAM code. upstream confirms the problem, and says they're fixing this
621 differently for their next release... but this should be useful in the
622 meantime, and would be good to get into woody. closes: #119147
623 * only run the init.d at boot, not on each runlevel change... and don't run
624 it during package configure. closes: #125935
625 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
627 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
629 sudo (1.6.3p7-3) unstable; urgency=low
631 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
632 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
633 * fix a typo in the manpage, closes: #97368
634 * apply patch to configure.in and run autoconf to fix problem building on
635 the hurd, closes: #96325
636 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
637 to not last across reboots, closes: #76529
638 * clean up lintian-noticed cosmetic packaging issues
640 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
642 sudo (1.6.3p7-2) unstable; urgency=low
644 * update config.sub/guess for hppa support
646 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
648 sudo (1.6.3p7-1) unstable; urgency=low
650 * new upstream version
651 * add build dependency on mail-transport-agent, closes: #90685
653 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
655 sudo (1.6.3p6-1) unstable; urgency=high
657 * new upstream version, fixes buffer overflow problem,
658 closes: #87259, #87278, #87263
659 * revert to using --with-secure-path option at build time, since the option
660 available in sudoers is parsed too late to be useful, and upstream says
661 it won't get fixed quickly. This reopens 85123, which I will mark as
662 forwarded. Closes: #86199, #86117, #85676
664 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
666 sudo (1.6.3p5-2) unstable; urgency=low
668 * lose the dh_suidregister call since it's obsolete
669 * stop using the --with-secure-path option at build time, and instead show
670 how to set it in sudoers. Closes: #85123
671 * freshen config.sub and config.guess for ia64 and hppa
672 * update sudoers man page to indicate exempt_group is on by default,
675 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
677 sudo (1.6.3p5-1) unstable; urgency=low
679 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
680 * this version restores core dumps before the exec, while leaving them
681 disabled during sudo's internal execution, closes: #58289
682 * update debhelper calls in rules file
684 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
686 sudo (1.6.2p2-1) frozen unstable; urgency=medium
688 * new upstream source resulting from direct collaboration with the upstream
689 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
690 Closes: #56129, #55978, #55979, #56550, #56772
691 * include more upstream documentation, closes: #55054
692 * pam.d fragment update, closes: #56129
694 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
696 sudo (1.6.1-1) unstable; urgency=low
698 * new upstream source, closes: #52750
700 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
702 sudo (1.6-2) unstable; urgency=low
704 * drop suidregister support for this package. The sudo executable is
705 essentially worthless unless it is setuid root, and making suidregister
706 work involves shipping a non-setuid executable in the .deb and setting the
707 perms in the postinst. On a long upgrade run, this can leave the sudo
708 executable 'broken' for a long time, which is unacceptable. With this
709 version, we ship the executable setuid root in the .deb. Closes: #51742
711 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
713 sudo (1.6-1) unstable; urgency=low
715 * new upstream version, many options previously set at compile-time are now
716 configurable at runtime.
717 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
720 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
722 sudo (1.5.9p4-1) unstable; urgency=low
724 * new upstream version, closes: #43464
725 * empty password handling was fixed in 1.5.8, closes: #31863
727 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
729 sudo (1.5.9p1-1) unstable; urgency=low
731 * new upstream version
733 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
735 sudo (1.5.8p1-1) unstable; urgency=medium
737 * new upstream version, closes 33690
738 * add dependency on libpam-modules, closes 34215, 33432
740 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
742 sudo (1.5.7p4-2) unstable; urgency=medium
744 * update the pam fragment provided so that sudo works with latest pam bits,
747 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
749 sudo (1.5.7p4-1) unstable; urgency=low
751 * new upstream release
753 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
755 sudo (1.5.6p5-1) unstable; urgency=low
757 * new upstream patch release
758 * add PAM support, closes 28594
760 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
762 sudo (1.5.6p2-2) unstable; urgency=low
764 * update copyright file, closes 24136
765 * review and close forwarded bugs believed fixed in this upstream version,
768 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
770 sudo (1.5.6p2-1) unstable; urgency=low
772 * new upstream release
774 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
776 sudo (1.5.4-4) frozen unstable; urgency=low
778 * update postinst to use groupadd, closes 21403
779 * move the suidregister stuff earlier in postinst to ensure it always runs
781 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
783 sudo (1.5.4-3) frozen unstable; urgency=low
785 * change /etc/sudoers from a conffile to being handled in postinst,
787 * add suidmanager support, closes 15711
788 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
789 unlikely to ever fix, and which just don't matter. closes 17146
790 * fix FSF address in copyright file, and submit exception for lintian
791 warning about sudo being setuid root
793 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
795 sudo (1.5.4-2) unstable; urgency=high
797 * patch from upstream author correcting/improving security fix
799 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
801 sudo (1.5.4-1) unstable; urgency=high
803 * new upstream version, includes a security fix
804 * change default editor from /bin/ae to /usr/bin/editor
806 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
808 sudo (1.5.3-1) unstable; urgency=medium
810 * new upstream version, closes bug 15911.
811 * rules file reworked to use debhelper
812 * implement a really gross hack to force use of the sudo-provided
813 lsearch(), since the one in libc6 is broken! This closes bugs
814 12552, 12557, 14881, 15259, 15916.
816 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
818 sudo (1.5.2-6) unstable; urgency=LOW
820 * don't install INSTALL in the doc directory, closes bug 13195.
822 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
824 sudo (1.5.2-5) unstable; urgency=LOW
828 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
830 sudo (1.5.2-4) unstable; urgency=LOW
832 * change TIMEOUT (how long before you have to type your password again)
833 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
834 packages on slower machines much more tolerable. Closes bug 9076.
835 * touch debian/suid before debstd. Closes bug 8709.
837 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
839 sudo (1.5.2-3) frozen unstable; urgency=LOW
841 * patch from upstream maintainer to close Bug 6828
842 * add a debian/suid file to get debstd to leave my perl postinst alone
844 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
846 sudo (1.5.2-2) frozen unstable; urgency=LOW
848 * change rules to use -O2 -Wall as per standards
850 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
852 sudo (1.5.2-1) unstable; urgency=LOW
854 * new upstream version
855 * cosmetic changes to debian package control files
857 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
859 sudo (1.5-2) unstable; urgency=LOW
861 * add /usr/X11R6/bin to the end of the secure path... this makes it
862 much easier to run xmkmf, etc., during package builds. To the extent
863 that /usr/local/sbin and /usr/local/bin were already included, I see
864 no security reasons not to add this.
866 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
868 sudo (1.5-1) unstable; urgency=LOW
870 * New upstream version
872 * New packaging format
874 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
876 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
880 * hard code SECURE_PATH to:
881 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
885 * enabled EXEMPTGROUP "sudo"
887 * moved timestamp dir to /var/log/sudo
889 * changed parser to check for long and short filenames (Bug#1162)
891 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
895 * New upstream source
897 * Fixed postinst script
898 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
900 * Removed special shadow binary. This version works with and without
901 shadow password file.
903 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
907 * Corrected editor path to /bin/ae (Bug#3062)
909 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
911 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
915 * New upstream version
917 * Changed sudoers permission to 440 (owner root, group root) to make
920 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
924 * Applied upstream patch 1
926 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
930 * Applied upstream patch 2
932 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
936 * Applied upstream patch 3 (fixes problems with an NFS-mounted
940 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
944 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
945 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
947 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
951 * Applied upstream patch 4 (fixes several bugs)
953 * Changed priority to optional
955 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
959 * Corrected postinst to create correct permission for /etc/sudoers
962 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
966 * New upstream version
969 sudo (1.4.4-2) admin; urgency=HIGH
971 * Fixed major security bug reported by Peter Tobias
972 <tobias@et-inf.fho-emden.de>
973 * Added dchanges support to debian.rules
975 sudo (1.4.5-1) admin; urgency=LOW
977 * New upstream version
978 * Minor changes to debian.rules