1 sudo (1.8.3p2-2) UNSTABLE; urgency=low
3 * fix sudo-ldap.postinst syntax issue, closes: #669576
5 -- Bdale Garbee <bdale@gag.com> Thu, 19 Apr 2012 23:42:16 -0600
7 sudo (1.8.3p2-2) unstable; urgency=low
9 * patch to actually use hardening build flags, closes: #655417
11 -- Bdale Garbee <bdale@gag.com> Mon, 19 Mar 2012 14:58:39 +0100
13 sudo (1.8.3p2-1) unstable; urgency=high
15 * new upstream version, closes: #657985 (CVE-2012-0809)
16 * patch from Pino Toscano to only use selinux on Linux, closes: #655894
18 -- Bdale Garbee <bdale@gag.com> Mon, 30 Jan 2012 16:11:54 -0700
20 sudo (1.8.3p1-3) unstable; urgency=low
22 * patch from Moritz Muehlenhoff enables hardened build flags, closes: #655417
23 * replacement postinst script from Mike Beattie using shell instead of Perl
24 * include systemd service file from Michael Stapelberg, closes: #639633
25 * add init.d status support, closes: #641782
26 * make sudo-ldap package manage a sudoers entry in nsswitch.conf,
27 closes: #610600, #639530
28 * enable mail_badpass in the default sudoers file, closes: #641218
29 * enable selinux support, closes: #655510
31 -- Bdale Garbee <bdale@gag.com> Wed, 11 Jan 2012 16:18:13 -0700
33 sudo (1.8.3p1-2) unstable; urgency=low
35 * if upgrading from squeeze, and the sudoers file is unmodified, avoid
36 the packaging system prompting the user about a change they didn't make
37 now that sudoers is a conffile, closes: #612532, #636049
38 * add a recommendation for the use of visudo to the sudoers.d/README file,
41 -- Bdale Garbee <bdale@gag.com> Sat, 12 Nov 2011 16:27:13 -0700
43 sudo (1.8.3p1-1) unstable; urgency=low
45 * new upstream version, closes: #646478
47 -- Bdale Garbee <bdale@gag.com> Thu, 27 Oct 2011 01:03:44 +0200
49 sudo (1.8.3-1) unstable; urgency=low
51 * new upstream version, closes: #639391, #639568
53 -- Bdale Garbee <bdale@gag.com> Sat, 22 Oct 2011 23:49:16 -0600
55 sudo (1.8.2-2) unstable; urgency=low
58 * debian/rules improvements, closes: #642535
59 + mv upstream sample.* files to the examples folder.
60 - do not call dh_installexamples.
63 * patch from upstream for SIGBUS on sparc64, closes: #640304
64 * use common-session-noninteractive in the pam config to reduce log noise
65 when sudo is used in cron, etc, closes: #519700
66 * patch from Steven McDonald to fix segfault on startup under certain
67 conditions, closes: #639568
68 * add a NEWS entry regarding the secure_path change made in 1.8.2-1,
71 -- Bdale Garbee <bdale@gag.com> Mon, 26 Sep 2011 21:55:56 -0600
73 sudo (1.8.2-1) unstable; urgency=low
75 * new upstream version, closes: #637449, #621830
76 * include common-session in pam config, closes: #519700, #607199
77 * move secure_path from configure to default sudoers, closes: #85123, 85917
78 * improve sudoers self-documentation, closes: #613639
79 * drop --disable-setresuid since modern systems should not run 2.2 kernels
80 * lose the --with-devel configure option since it's breaking builds in
81 subdirectories for some reason
83 -- Bdale Garbee <bdale@gag.com> Wed, 24 Aug 2011 13:33:11 -0600
85 sudo (1.7.4p6-1) unstable; urgency=low
87 * new upstream version
88 * touch the right stamp name after configuring, closes: #611287
89 * patch from Svante Signell to fix build problem on Hurd, closes: #611290
91 -- Bdale Garbee <bdale@gag.com> Wed, 09 Feb 2011 11:32:58 -0700
93 sudo (1.7.4p4-6) unstable; urgency=low
95 * update /etc/sudoers.d/README now that sudoers is a conffile
96 * patch from upstream to fix special case in password checking code
97 when only the gid is changing, closes: #609641
99 -- Bdale Garbee <bdale@gag.com> Tue, 11 Jan 2011 10:22:39 -0700
101 sudo (1.7.4p4-5) unstable; urgency=low
103 * patch from Jakub Wilk to add noopt and nostrip build option support,
105 * make sudoers a conffile, closes: #605130
106 * add descriptions to LSB init headers, closes: #604619
107 * change default sudoers %sudo entry to allow gid changes, closes: #602699
108 * add Vcs entries to the control file
109 * use debhelper install files instead of explicit installs in rules
111 -- Bdale Garbee <bdale@gag.com> Wed, 01 Dec 2010 20:32:31 -0700
113 sudo (1.7.4p4-4) unstable; urgency=low
115 * patch from upstream to resolve problem always prompting for a password
116 when run without a tty, closes: #599376
117 * patch from upstream to resolve interoperability problem between HOME in
118 env_keep and the -H flag, closes: #596493
119 * change path syntax to avoid tar error when /var/run/sudo exists but is
120 empty, closes: #598877
122 -- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600
124 sudo (1.7.4p4-3) unstable; urgency=low
126 * make postinst clause for handling /var/run -> /var/lib transition less
127 fragile, closes: #585514
128 * cope with upstream's Makefile trying to install ChangeLog in our doc
129 directory, closes: #597389
130 * fix README.Debian to reflect that HOME is no longer preserved by default,
133 -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
135 sudo (1.7.4p4-2) unstable; urgency=low
137 * add a NEWS item about change in $HOME handling that impacts programs
140 -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
142 sudo (1.7.4p4-1) unstable; urgency=high
144 * new upstream version, urgency high due to fix for flaw in Runas group
145 matching (CVE-2010-2956), closes: #595935
146 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
147 re-lecturing existing users, and to clean up after ourselves on upgrade,
148 and remove the RAMRUN section from README.Debian since the new state dir
149 should fix the original problem, closes: #585514
150 * deliver README.Debian to both package flavors, closes: #593579
152 -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600
154 sudo (1.7.2p7-1) unstable; urgency=high
156 * new upstream release with security fix for secure path (CVE-2010-1646),
158 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
159 about whether to give the lecture is preserved across reboots even when
160 RAMRUN is set, closes: #581393
161 * add a note to README.Debian about LDAP needing an entry in
162 /etc/nsswitch.conf, closes: #522065
163 * add a note to README.Debian about how to turn off lectures if using
164 RAMRUN in /etc/default/rcS, closes: #581393
166 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
168 sudo (1.7.2p6-1) unstable; urgency=low
170 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
172 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
174 sudo (1.7.2p5-1) unstable; urgency=low
176 * new upstream release, closes a bug filed upstream regarding missing man
177 page processing scripts in the 1.7.2p1 tarball, also includes the fix
178 for CVE-2010-0426 previously the subject of a security team nmu
179 * move to source format 3.0 (quilt) and restructure changes as patches
180 * fix unprocessed substitution variables in man pages, closes: #557204
181 * apply patch from Neil Moore to fix Debian-specific content in the
182 visudo man page, closes: #555013
183 * update descriptions to better explain sudo-ldap, closes: #573108
184 * eliminate spurious 'and' in man page, closes: #571620
185 * fix confusing text in default sudoers, closes: #566607
187 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
189 sudo (1.7.2p1-1) unstable; urgency=low
191 * new upstream version
192 * add support for /etc/sudoers.d using #includedir in default sudoers,
193 which I think is also a good solution to the request for a crontab-like
194 API requested in March of 2001, closes: #539994, #271813, #89743
195 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
197 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
199 sudo (1.7.2-2) unstable; urgency=low
201 * further improve initial sudoers to not include the NOPASSWD option on
202 the group sudo exception, closes: #539136, #198991
204 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
206 sudo (1.7.2-1) unstable; urgency=low
208 * new upstream version, closes: #537103
209 * improve initial sudoers by having the exemption for users in group
210 sudo on by default, and including the ability to run any command as
211 any user. This makes the default install roughly equivalent to our
212 old use of the --with-exempt=sudo build option, closes: #536220, #536222
214 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
216 sudo (1.7.0-1) unstable; urgency=low
218 * new upstream version, closes: #510179, #128268, #520274, #508514
219 * fix ldap config file path for sudo-ldap package, including creating
220 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
221 package, closes: #430826
222 * fix NOPASSWD entry location in default config file for the sudo-ldap
223 instance too, closes: #479616
225 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
227 sudo (1.6.9p17-2) unstable; urgency=high
229 * patch from upstream to fix privilege escalation with certain
230 configurations, CVE-2009-0034
231 * typo in sudoers man page, closes: #507163
233 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
235 sudo (1.6.9p17-1) unstable; urgency=low
237 * new upstream version, closes: #481008
238 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
239 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
240 in move from CVS to git for package management, closes: #475821
241 * re-instate the init.d for the sudo-ldap package too... /o\
243 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
245 sudo (1.6.9p15-2) unstable; urgency=low
247 * revert the fix for 388659 such that visudo once again defaults to using
248 /usr/bin/editor. I was always ambivalent about this change, it has caused
249 more confusion and frustration than it cured, and I find Justin's line of
250 reasoning persuasive. Update the man page source to reflect this choice
251 and the related use of --with-env-editor. Closes: #474197.
252 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
254 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
256 sudo (1.6.9p15-1) unstable; urgency=low
258 * new upstream version, closes: #467126, #473337
259 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
260 thanks to Justin Pryzby for pointing this out
261 * reinstate the init.d, since bootclean doesn't quite do what we want. This
262 also means we don't need the preinst scripts any more. Update the lintian
263 overrides since postinst is a Perl script lintian apparently isn't parsing
264 well. closes: #330868
266 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
268 sudo (1.6.9p12-1) unstable; urgency=low
270 * new upstream version, closes: #464890
272 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
274 sudo (1.6.9p11-3) unstable; urgency=low
276 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
278 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
280 sudo (1.6.9p11-2) unstable; urgency=low
282 * update version compared in preinst when removing obsolete init.d,
284 * implement pam session config suggestions from Elizabeth Fong,
285 closes: #452457, #402329
287 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
289 sudo (1.6.9p11-1) unstable; urgency=low
291 * new upstream version
293 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
295 sudo (1.6.9p10-1) unstable; urgency=low
297 * new upstream version
298 * tweak default password prompt as %u doesn't make sense. Accept patch from
299 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
300 uses it by default, closes: #454409
301 * accept patch from Martin Pitt that adds a prerm making it difficult to
302 "accidentally" remove sudo when there is no root password set on the
303 system, closes: #451241
305 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
307 sudo (1.6.9p9-1) unstable; urgency=low
309 * new upstream version
310 * debian/rules: configure a more informative default password prompt to
311 reduce confusion when using sudo to invoke commands which also ask for
312 passwords, closes: #343268
313 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
314 a custom prompt, closes: #448628.
315 * fix configure's ability to discover that libc has dirfd, closes: #451324
316 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
317 the command 'visudo' invokes a vi variant by default as documented,
320 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
322 sudo (1.6.9p6-1) unstable; urgency=low
324 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
325 closes: #434832, #434608, #430382
326 * eliminate the now-redundant init.d scripts, closes: #397090
327 * fix typo in TROUBLESHOOTING file, closes: #439624
329 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
331 sudo (1.6.8p12-6) unstable; urgency=low
333 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
334 * have init.d touch directories in /var/run/sudo, not just files, as a
336 * fix various typos in sudoers.pod, closes: #419749
337 * don't let Makefile strip binaries, closes: #438073
339 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
341 sudo (1.6.8p12-5) unstable; urgency=low
343 * update debian/copyright to reflect new upstream URL, closes: #368746
344 * add sandwich cartoon URL to the README.Debian
345 * don't remove sudoers on purge. can cause problems when moving between
346 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
347 evil choice for now, closes: #401366
348 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
350 * accept patch that improves debian/rules from Ted Percival, closes: #382122
351 * no longer build with --with-exempt=sudo, provide an example entry in the
352 default sudoers file instead, closes: #296605
353 * add --with-devel to configure and augment build dependencies so that flex
354 and yacc files get re-generated on every build, closes: #316249
356 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
358 sudo (1.6.8p12-4) unstable; urgency=low
360 * patch from Petter Reinholdtsen for the LSB info block in the init.d
361 script, closes: #361055
362 * deliver sudoers sample again, closes: #361593
364 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
366 sudo (1.6.8p12-3) unstable; urgency=low
368 * force-feed configure knowledge of nroff's path so we get unformatted man
369 pages installed without build-depending on groff-base, closes: #360894
370 * add a reference to OPTIONS in the man page, closes: #186226
372 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
374 sudo (1.6.8p12-2) unstable; urgency=low
376 * fix typos in init scripts, closes: #346325
377 * update to debhelper compat level 5
378 * build depend on autotools-dev to ensure config.sub/guess are fresh
379 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
380 use it here as well. Thanks to Martin and the debian-security team.
381 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
382 closes: #315115, #315718, #203874
383 * Non-maintainer upload by the Security Team
384 * Reworked the former patch to limit environment variables from being
385 passed through, set env_reset as default instead [sudo.c, env.c,
386 sudoers.pod, Bug#342948, CVE-2005-4158]
387 * env_reset is now set by default
388 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
389 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
390 (in addition to the SUDO_* variables)
391 * Rebuild sudoers.man.in from the POD file
392 * Added README.Debian
393 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
394 * simplify rules file by using more of Makefile, despite having to override
395 default directories with more arguments to configure, closes: #292833
396 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
397 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
398 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
399 unresolveable (requires adding bison as build dep), closes: #314949
401 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
403 sudo (1.6.8p12-1) unstable; urgency=low
405 * new upstream version, closes: #342948 (CVE-2005-4158)
406 * add env_reset to the sudoers file we create if none already exists,
407 as a further precaution in response to discussion about CVS-2005-4158
408 * split ldap support into a new sudo-ldap package. I was trying to avoid
409 doing this, but the impact of going from 4 to 17 linked shlibs on the
410 autobuilder chroots is sufficient motivation for me.
413 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
415 sudo (1.6.8p9-4) unstable; urgency=low
417 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
418 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
419 timestamps in the init.d script, closes: #330868
420 * add dependency header to init.d script, closes: #332849
422 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
424 sudo (1.6.8p9-3) unstable; urgency=high
426 * update debhelper compatibility level from 2 to 4
427 * add man page symlink for sudoedit
428 * Clean SHELLOPTS and PS4 from the environment before executing programs
429 with sudo permissions [env.c, CAN-2005-2959]
430 * fix typo in manpage pointed out by Moray Allen, closes: #285995
431 * fix paths in sample complex sudoers file, closes: #303542
432 * fix type in sudoers man page, closes: #311244
434 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
436 sudo (1.6.8p9-2) unstable; urgency=high
438 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
441 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
443 sudo (1.6.8p9-1) unstable; urgency=high
445 * new upstream version, fixes a race condition in sudo's pathname
446 validation, which is a security issue (CAN-2005-1993),
447 closes: #315115, #315718
449 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
451 sudo (1.6.8p7-1) unstable; urgency=low
453 * new upstream version, closes: #299585
454 * update lintian overrides to squelch the postinst warning
455 * change sudoedit from a hard to a soft link, closes: #296896
456 * fix regex doc in sudoers man page, closes: #300361
458 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
460 sudo (1.6.8p5-1) unstable; urgency=high
462 * new upstream version
463 * restores ability to use config tuples without a value, which was causing
464 problems on upgrade closes: #283306
465 * deliver sudoedit, closes: #283078
466 * marking urgency high since 283306 is a serious upgrade incompatibility
468 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
470 sudo (1.6.8p3-2) unstable; urgency=high
472 * update pam.d deliverable so ldap works again, closes: #282191
474 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
476 sudo (1.6.8p3-1) unstable; urgency=high
478 * new upstream version, fixes a flaw in sudo's environment sanitizing that
479 could allow a malicious user with permission to run a shell script that
480 utilized the bash shell to run arbitrary commands, closes: #281665
481 * patch the sample sudoers to have the proper path for kill on Debian
482 systems, closes: #263486
483 * patch the sudo manpage to reflect Debian's choice of exempt_group
484 default setting, closes: #236465
485 * patch the sudo manpage to reflect Debian's choice of no timeout on the
486 password prompt, closes: #271194
488 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
490 sudo (1.6.7p5-2) unstable; urgency=low
492 * Jeff Bailey reports that seteuid works on current sparc systems, so we
493 no longer need the "grosshack" stuff in the sudo rules file
494 * add a postrm that removes /etc/sudoers on purge. don't do this with the
495 normal conffile mechanism since it would generate noise on every upgrade,
498 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
500 sudo (1.6.7p5-1) unstable; urgency=low
502 * new upstream version, closes: #190265, #193222, #197244
503 * change from '.' to ':' in postinst chown call, closes: #208369
505 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
507 sudo (1.6.7p3-2) unstable; urgency=low
509 * add --disable-setresuid to configure call since 2.2 kernels don't support
510 setresgid, closes: #189044
511 * cosmetic cleanups to debian/rules as long as I'm there
513 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
515 sudo (1.6.7p3-1) unstable; urgency=low
517 * new upstream version
518 * add overrides to quiet lintian about things it doesn't understand,
519 except the source one that can't be overridden until 129510 is fixed
521 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
523 sudo (1.6.6-3) unstable; urgency=low
525 * add code to rules file to update config.sub/guess, closes: #164501
527 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
529 sudo (1.6.6-2) unstable; urgency=low
531 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
532 configure, and lose the build dependency on mail-transport-agent
533 * incorporate changes from LaMont's NMU, closes: #144665, #144737
534 * update init.d to not try and set time on nonexistent timestamp files,
536 * build with --with-all-insults, admin must edit sudoers to turn insults
537 on at runtime if desired, closes: #135374
538 * stop setting /usr/doc symlink in postinst
540 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
542 sudo (1.6.6-1.1) unstable; urgency=high
544 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
545 * Revert patch to auth/pam.c that left pass uninitialized, causing a
546 segfault (Closes: #144665).
548 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
550 sudo (1.6.6-1) unstable; urgency=high
552 * new upstream version, fixes security problem with crafty prompts,
555 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
557 sudo (1.6.5p1-4) unstable; urgency=high
559 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
560 if ctrl/C'ed at password prompt, closes: #131235
562 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
564 sudo (1.6.5p1-3) unstable; urgency=high
566 * ugly hack to add --disable-saved-ids when building on sparc in response
567 to 131592, which will be reassigned to glibc for a real fix
568 * urgency high since the sudo currently in testing for sparc is worthless
570 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
572 sudo (1.6.5p1-2) unstable; urgency=high
574 * patch from upstream to fix seg faults caused by versions of pam that
575 follow a NULL pointer, closes: #129512
577 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
579 sudo (1.6.5p1-1) unstable; urgency=high
581 * new upstream version
582 * add --disable-root-mailer option supported by new version to configure
583 call in rules file, closes: #129648
585 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
587 sudo (1.6.4p1-1) unstable; urgency=high
589 * new upstream version, with fix for segfaulting problem in 1.6.4
591 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
593 sudo (1.6.4-1) unstable; urgency=high
595 * new upstream version, includes an important security fix, closes: #127576
597 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
599 sudo (1.6.3p7-5) unstable; urgency=low
601 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
602 * fix spelling error in init.d, closes: #126847
604 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
606 sudo (1.6.3p7-4) unstable; urgency=medium
608 * use touch to set status files to an ancient date instead of removing them
609 outright on reboot. this achieves the desired effect of keeping elevated
610 privs from living across reboots, without forcing everyone to see the
611 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
612 for systems with good clocks, and 'recent enough' that broken PC hardware
613 setting the clock to commonly-seen bogus dates trips over the "don't trust
614 future timestamps" rule. closes: #76529, #123559
615 * apply patch from Steve Langasek to fix seg faults due to interaction with
616 PAM code. upstream confirms the problem, and says they're fixing this
617 differently for their next release... but this should be useful in the
618 meantime, and would be good to get into woody. closes: #119147
619 * only run the init.d at boot, not on each runlevel change... and don't run
620 it during package configure. closes: #125935
621 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
623 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
625 sudo (1.6.3p7-3) unstable; urgency=low
627 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
628 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
629 * fix a typo in the manpage, closes: #97368
630 * apply patch to configure.in and run autoconf to fix problem building on
631 the hurd, closes: #96325
632 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
633 to not last across reboots, closes: #76529
634 * clean up lintian-noticed cosmetic packaging issues
636 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
638 sudo (1.6.3p7-2) unstable; urgency=low
640 * update config.sub/guess for hppa support
642 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
644 sudo (1.6.3p7-1) unstable; urgency=low
646 * new upstream version
647 * add build dependency on mail-transport-agent, closes: #90685
649 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
651 sudo (1.6.3p6-1) unstable; urgency=high
653 * new upstream version, fixes buffer overflow problem,
654 closes: #87259, #87278, #87263
655 * revert to using --with-secure-path option at build time, since the option
656 available in sudoers is parsed too late to be useful, and upstream says
657 it won't get fixed quickly. This reopens 85123, which I will mark as
658 forwarded. Closes: #86199, #86117, #85676
660 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
662 sudo (1.6.3p5-2) unstable; urgency=low
664 * lose the dh_suidregister call since it's obsolete
665 * stop using the --with-secure-path option at build time, and instead show
666 how to set it in sudoers. Closes: #85123
667 * freshen config.sub and config.guess for ia64 and hppa
668 * update sudoers man page to indicate exempt_group is on by default,
671 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
673 sudo (1.6.3p5-1) unstable; urgency=low
675 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
676 * this version restores core dumps before the exec, while leaving them
677 disabled during sudo's internal execution, closes: #58289
678 * update debhelper calls in rules file
680 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
682 sudo (1.6.2p2-1) frozen unstable; urgency=medium
684 * new upstream source resulting from direct collaboration with the upstream
685 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
686 Closes: #56129, #55978, #55979, #56550, #56772
687 * include more upstream documentation, closes: #55054
688 * pam.d fragment update, closes: #56129
690 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
692 sudo (1.6.1-1) unstable; urgency=low
694 * new upstream source, closes: #52750
696 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
698 sudo (1.6-2) unstable; urgency=low
700 * drop suidregister support for this package. The sudo executable is
701 essentially worthless unless it is setuid root, and making suidregister
702 work involves shipping a non-setuid executable in the .deb and setting the
703 perms in the postinst. On a long upgrade run, this can leave the sudo
704 executable 'broken' for a long time, which is unacceptable. With this
705 version, we ship the executable setuid root in the .deb. Closes: #51742
707 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
709 sudo (1.6-1) unstable; urgency=low
711 * new upstream version, many options previously set at compile-time are now
712 configurable at runtime.
713 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
716 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
718 sudo (1.5.9p4-1) unstable; urgency=low
720 * new upstream version, closes: #43464
721 * empty password handling was fixed in 1.5.8, closes: #31863
723 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
725 sudo (1.5.9p1-1) unstable; urgency=low
727 * new upstream version
729 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
731 sudo (1.5.8p1-1) unstable; urgency=medium
733 * new upstream version, closes 33690
734 * add dependency on libpam-modules, closes 34215, 33432
736 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
738 sudo (1.5.7p4-2) unstable; urgency=medium
740 * update the pam fragment provided so that sudo works with latest pam bits,
743 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
745 sudo (1.5.7p4-1) unstable; urgency=low
747 * new upstream release
749 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
751 sudo (1.5.6p5-1) unstable; urgency=low
753 * new upstream patch release
754 * add PAM support, closes 28594
756 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
758 sudo (1.5.6p2-2) unstable; urgency=low
760 * update copyright file, closes 24136
761 * review and close forwarded bugs believed fixed in this upstream version,
764 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
766 sudo (1.5.6p2-1) unstable; urgency=low
768 * new upstream release
770 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
772 sudo (1.5.4-4) frozen unstable; urgency=low
774 * update postinst to use groupadd, closes 21403
775 * move the suidregister stuff earlier in postinst to ensure it always runs
777 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
779 sudo (1.5.4-3) frozen unstable; urgency=low
781 * change /etc/sudoers from a conffile to being handled in postinst,
783 * add suidmanager support, closes 15711
784 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
785 unlikely to ever fix, and which just don't matter. closes 17146
786 * fix FSF address in copyright file, and submit exception for lintian
787 warning about sudo being setuid root
789 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
791 sudo (1.5.4-2) unstable; urgency=high
793 * patch from upstream author correcting/improving security fix
795 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
797 sudo (1.5.4-1) unstable; urgency=high
799 * new upstream version, includes a security fix
800 * change default editor from /bin/ae to /usr/bin/editor
802 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
804 sudo (1.5.3-1) unstable; urgency=medium
806 * new upstream version, closes bug 15911.
807 * rules file reworked to use debhelper
808 * implement a really gross hack to force use of the sudo-provided
809 lsearch(), since the one in libc6 is broken! This closes bugs
810 12552, 12557, 14881, 15259, 15916.
812 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
814 sudo (1.5.2-6) unstable; urgency=LOW
816 * don't install INSTALL in the doc directory, closes bug 13195.
818 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
820 sudo (1.5.2-5) unstable; urgency=LOW
824 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
826 sudo (1.5.2-4) unstable; urgency=LOW
828 * change TIMEOUT (how long before you have to type your password again)
829 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
830 packages on slower machines much more tolerable. Closes bug 9076.
831 * touch debian/suid before debstd. Closes bug 8709.
833 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
835 sudo (1.5.2-3) frozen unstable; urgency=LOW
837 * patch from upstream maintainer to close Bug 6828
838 * add a debian/suid file to get debstd to leave my perl postinst alone
840 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
842 sudo (1.5.2-2) frozen unstable; urgency=LOW
844 * change rules to use -O2 -Wall as per standards
846 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
848 sudo (1.5.2-1) unstable; urgency=LOW
850 * new upstream version
851 * cosmetic changes to debian package control files
853 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
855 sudo (1.5-2) unstable; urgency=LOW
857 * add /usr/X11R6/bin to the end of the secure path... this makes it
858 much easier to run xmkmf, etc., during package builds. To the extent
859 that /usr/local/sbin and /usr/local/bin were already included, I see
860 no security reasons not to add this.
862 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
864 sudo (1.5-1) unstable; urgency=LOW
866 * New upstream version
868 * New packaging format
870 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
872 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
876 * hard code SECURE_PATH to:
877 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
881 * enabled EXEMPTGROUP "sudo"
883 * moved timestamp dir to /var/log/sudo
885 * changed parser to check for long and short filenames (Bug#1162)
887 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
891 * New upstream source
893 * Fixed postinst script
894 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
896 * Removed special shadow binary. This version works with and without
897 shadow password file.
899 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
903 * Corrected editor path to /bin/ae (Bug#3062)
905 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
907 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
911 * New upstream version
913 * Changed sudoers permission to 440 (owner root, group root) to make
916 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
920 * Applied upstream patch 1
922 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
926 * Applied upstream patch 2
928 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
932 * Applied upstream patch 3 (fixes problems with an NFS-mounted
936 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
940 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
941 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
943 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
947 * Applied upstream patch 4 (fixes several bugs)
949 * Changed priority to optional
951 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
955 * Corrected postinst to create correct permission for /etc/sudoers
958 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
962 * New upstream version
965 sudo (1.4.4-2) admin; urgency=HIGH
967 * Fixed major security bug reported by Peter Tobias
968 <tobias@et-inf.fho-emden.de>
969 * Added dchanges support to debian.rules
971 sudo (1.4.5-1) admin; urgency=LOW
973 * New upstream version
974 * Minor changes to debian.rules