1 sudo (1.7.4p4-5) UNRELEASED; urgency=low
3 * patch from Jakub Wilk to add noopt and nostrip build option support,
5 * add Vcs entries to the control file
7 -- Bdale Garbee <bdale@gag.com> Wed, 01 Dec 2010 10:18:01 -0700
9 sudo (1.7.4p4-4) unstable; urgency=low
11 * patch from upstream to resolve problem always prompting for a password
12 when run without a tty, closes: #599376
13 * patch from upstream to resolve interoperability problem between HOME in
14 env_keep and the -H flag, closes: #596493
15 * change path syntax to avoid tar error when /var/run/sudo exists but is
16 empty, closes: #598877
18 -- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600
20 sudo (1.7.4p4-3) unstable; urgency=low
22 * make postinst clause for handling /var/run -> /var/lib transition less
23 fragile, closes: #585514
24 * cope with upstream's Makefile trying to install ChangeLog in our doc
25 directory, closes: #597389
26 * fix README.Debian to reflect that HOME is no longer preserved by default,
29 -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
31 sudo (1.7.4p4-2) unstable; urgency=low
33 * add a NEWS item about change in $HOME handling that impacts programs
36 -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
38 sudo (1.7.4p4-1) unstable; urgency=high
40 * new upstream version, urgency high due to fix for flaw in Runas group
41 matching (CVE-2010-2956), closes: #595935
42 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
43 re-lecturing existing users, and to clean up after ourselves on upgrade,
44 and remove the RAMRUN section from README.Debian since the new state dir
45 should fix the original problem, closes: #585514
46 * deliver README.Debian to both package flavors, closes: #593579
48 -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600
50 sudo (1.7.2p7-1) unstable; urgency=high
52 * new upstream release with security fix for secure path (CVE-2010-1646),
54 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
55 about whether to give the lecture is preserved across reboots even when
56 RAMRUN is set, closes: #581393
57 * add a note to README.Debian about LDAP needing an entry in
58 /etc/nsswitch.conf, closes: #522065
59 * add a note to README.Debian about how to turn off lectures if using
60 RAMRUN in /etc/default/rcS, closes: #581393
62 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
64 sudo (1.7.2p6-1) unstable; urgency=low
66 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
68 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
70 sudo (1.7.2p5-1) unstable; urgency=low
72 * new upstream release, closes a bug filed upstream regarding missing man
73 page processing scripts in the 1.7.2p1 tarball, also includes the fix
74 for CVE-2010-0426 previously the subject of a security team nmu
75 * move to source format 3.0 (quilt) and restructure changes as patches
76 * fix unprocessed substitution variables in man pages, closes: #557204
77 * apply patch from Neil Moore to fix Debian-specific content in the
78 visudo man page, closes: #555013
79 * update descriptions to better explain sudo-ldap, closes: #573108
80 * eliminate spurious 'and' in man page, closes: #571620
81 * fix confusing text in default sudoers, closes: #566607
83 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
85 sudo (1.7.2p1-1) unstable; urgency=low
87 * new upstream version
88 * add support for /etc/sudoers.d using #includedir in default sudoers,
89 which I think is also a good solution to the request for a crontab-like
90 API requested in March of 2001, closes: #539994, #271813, #89743
91 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
93 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
95 sudo (1.7.2-2) unstable; urgency=low
97 * further improve initial sudoers to not include the NOPASSWD option on
98 the group sudo exception, closes: #539136, #198991
100 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
102 sudo (1.7.2-1) unstable; urgency=low
104 * new upstream version, closes: #537103
105 * improve initial sudoers by having the exemption for users in group
106 sudo on by default, and including the ability to run any command as
107 any user. This makes the default install roughly equivalent to our
108 old use of the --with-exempt=sudo build option, closes: #536220, #536222
110 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
112 sudo (1.7.0-1) unstable; urgency=low
114 * new upstream version, closes: #510179, #128268, #520274, #508514
115 * fix ldap config file path for sudo-ldap package, including creating
116 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
117 package, closes: #430826
118 * fix NOPASSWD entry location in default config file for the sudo-ldap
119 instance too, closes: #479616
121 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
123 sudo (1.6.9p17-2) unstable; urgency=high
125 * patch from upstream to fix privilege escalation with certain
126 configurations, CVE-2009-0034
127 * typo in sudoers man page, closes: #507163
129 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
131 sudo (1.6.9p17-1) unstable; urgency=low
133 * new upstream version, closes: #481008
134 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
135 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
136 in move from CVS to git for package management, closes: #475821
137 * re-instate the init.d for the sudo-ldap package too... /o\
139 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
141 sudo (1.6.9p15-2) unstable; urgency=low
143 * revert the fix for 388659 such that visudo once again defaults to using
144 /usr/bin/editor. I was always ambivalent about this change, it has caused
145 more confusion and frustration than it cured, and I find Justin's line of
146 reasoning persuasive. Update the man page source to reflect this choice
147 and the related use of --with-env-editor. Closes: #474197.
148 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
150 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
152 sudo (1.6.9p15-1) unstable; urgency=low
154 * new upstream version, closes: #467126, #473337
155 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
156 thanks to Justin Pryzby for pointing this out
157 * reinstate the init.d, since bootclean doesn't quite do what we want. This
158 also means we don't need the preinst scripts any more. Update the lintian
159 overrides since postinst is a Perl script lintian apparently isn't parsing
160 well. closes: #330868
162 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
164 sudo (1.6.9p12-1) unstable; urgency=low
166 * new upstream version, closes: #464890
168 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
170 sudo (1.6.9p11-3) unstable; urgency=low
172 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
174 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
176 sudo (1.6.9p11-2) unstable; urgency=low
178 * update version compared in preinst when removing obsolete init.d,
180 * implement pam session config suggestions from Elizabeth Fong,
181 closes: #452457, #402329
183 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
185 sudo (1.6.9p11-1) unstable; urgency=low
187 * new upstream version
189 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
191 sudo (1.6.9p10-1) unstable; urgency=low
193 * new upstream version
194 * tweak default password prompt as %u doesn't make sense. Accept patch from
195 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
196 uses it by default, closes: #454409
197 * accept patch from Martin Pitt that adds a prerm making it difficult to
198 "accidentally" remove sudo when there is no root password set on the
199 system, closes: #451241
201 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
203 sudo (1.6.9p9-1) unstable; urgency=low
205 * new upstream version
206 * debian/rules: configure a more informative default password prompt to
207 reduce confusion when using sudo to invoke commands which also ask for
208 passwords, closes: #343268
209 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
210 a custom prompt, closes: #448628.
211 * fix configure's ability to discover that libc has dirfd, closes: #451324
212 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
213 the command 'visudo' invokes a vi variant by default as documented,
216 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
218 sudo (1.6.9p6-1) unstable; urgency=low
220 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
221 closes: #434832, #434608, #430382
222 * eliminate the now-redundant init.d scripts, closes: #397090
223 * fix typo in TROUBLESHOOTING file, closes: #439624
225 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
227 sudo (1.6.8p12-6) unstable; urgency=low
229 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
230 * have init.d touch directories in /var/run/sudo, not just files, as a
232 * fix various typos in sudoers.pod, closes: #419749
233 * don't let Makefile strip binaries, closes: #438073
235 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
237 sudo (1.6.8p12-5) unstable; urgency=low
239 * update debian/copyright to reflect new upstream URL, closes: #368746
240 * add sandwich cartoon URL to the README.Debian
241 * don't remove sudoers on purge. can cause problems when moving between
242 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
243 evil choice for now, closes: #401366
244 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
246 * accept patch that improves debian/rules from Ted Percival, closes: #382122
247 * no longer build with --with-exempt=sudo, provide an example entry in the
248 default sudoers file instead, closes: #296605
249 * add --with-devel to configure and augment build dependencies so that flex
250 and yacc files get re-generated on every build, closes: #316249
252 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
254 sudo (1.6.8p12-4) unstable; urgency=low
256 * patch from Petter Reinholdtsen for the LSB info block in the init.d
257 script, closes: #361055
258 * deliver sudoers sample again, closes: #361593
260 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
262 sudo (1.6.8p12-3) unstable; urgency=low
264 * force-feed configure knowledge of nroff's path so we get unformatted man
265 pages installed without build-depending on groff-base, closes: #360894
266 * add a reference to OPTIONS in the man page, closes: #186226
268 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
270 sudo (1.6.8p12-2) unstable; urgency=low
272 * fix typos in init scripts, closes: #346325
273 * update to debhelper compat level 5
274 * build depend on autotools-dev to ensure config.sub/guess are fresh
275 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
276 use it here as well. Thanks to Martin and the debian-security team.
277 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
278 closes: #315115, #315718, #203874
279 * Non-maintainer upload by the Security Team
280 * Reworked the former patch to limit environment variables from being
281 passed through, set env_reset as default instead [sudo.c, env.c,
282 sudoers.pod, Bug#342948, CVE-2005-4158]
283 * env_reset is now set by default
284 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
285 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
286 (in addition to the SUDO_* variables)
287 * Rebuild sudoers.man.in from the POD file
288 * Added README.Debian
289 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
290 * simplify rules file by using more of Makefile, despite having to override
291 default directories with more arguments to configure, closes: #292833
292 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
293 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
294 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
295 unresolveable (requires adding bison as build dep), closes: #314949
297 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
299 sudo (1.6.8p12-1) unstable; urgency=low
301 * new upstream version, closes: #342948 (CVE-2005-4158)
302 * add env_reset to the sudoers file we create if none already exists,
303 as a further precaution in response to discussion about CVS-2005-4158
304 * split ldap support into a new sudo-ldap package. I was trying to avoid
305 doing this, but the impact of going from 4 to 17 linked shlibs on the
306 autobuilder chroots is sufficient motivation for me.
309 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
311 sudo (1.6.8p9-4) unstable; urgency=low
313 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
314 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
315 timestamps in the init.d script, closes: #330868
316 * add dependency header to init.d script, closes: #332849
318 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
320 sudo (1.6.8p9-3) unstable; urgency=high
322 * update debhelper compatibility level from 2 to 4
323 * add man page symlink for sudoedit
324 * Clean SHELLOPTS and PS4 from the environment before executing programs
325 with sudo permissions [env.c, CAN-2005-2959]
326 * fix typo in manpage pointed out by Moray Allen, closes: #285995
327 * fix paths in sample complex sudoers file, closes: #303542
328 * fix type in sudoers man page, closes: #311244
330 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
332 sudo (1.6.8p9-2) unstable; urgency=high
334 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
337 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
339 sudo (1.6.8p9-1) unstable; urgency=high
341 * new upstream version, fixes a race condition in sudo's pathname
342 validation, which is a security issue (CAN-2005-1993),
343 closes: #315115, #315718
345 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
347 sudo (1.6.8p7-1) unstable; urgency=low
349 * new upstream version, closes: #299585
350 * update lintian overrides to squelch the postinst warning
351 * change sudoedit from a hard to a soft link, closes: #296896
352 * fix regex doc in sudoers man page, closes: #300361
354 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
356 sudo (1.6.8p5-1) unstable; urgency=high
358 * new upstream version
359 * restores ability to use config tuples without a value, which was causing
360 problems on upgrade closes: #283306
361 * deliver sudoedit, closes: #283078
362 * marking urgency high since 283306 is a serious upgrade incompatibility
364 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
366 sudo (1.6.8p3-2) unstable; urgency=high
368 * update pam.d deliverable so ldap works again, closes: #282191
370 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
372 sudo (1.6.8p3-1) unstable; urgency=high
374 * new upstream version, fixes a flaw in sudo's environment sanitizing that
375 could allow a malicious user with permission to run a shell script that
376 utilized the bash shell to run arbitrary commands, closes: #281665
377 * patch the sample sudoers to have the proper path for kill on Debian
378 systems, closes: #263486
379 * patch the sudo manpage to reflect Debian's choice of exempt_group
380 default setting, closes: #236465
381 * patch the sudo manpage to reflect Debian's choice of no timeout on the
382 password prompt, closes: #271194
384 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
386 sudo (1.6.7p5-2) unstable; urgency=low
388 * Jeff Bailey reports that seteuid works on current sparc systems, so we
389 no longer need the "grosshack" stuff in the sudo rules file
390 * add a postrm that removes /etc/sudoers on purge. don't do this with the
391 normal conffile mechanism since it would generate noise on every upgrade,
394 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
396 sudo (1.6.7p5-1) unstable; urgency=low
398 * new upstream version, closes: #190265, #193222, #197244
399 * change from '.' to ':' in postinst chown call, closes: #208369
401 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
403 sudo (1.6.7p3-2) unstable; urgency=low
405 * add --disable-setresuid to configure call since 2.2 kernels don't support
406 setresgid, closes: #189044
407 * cosmetic cleanups to debian/rules as long as I'm there
409 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
411 sudo (1.6.7p3-1) unstable; urgency=low
413 * new upstream version
414 * add overrides to quiet lintian about things it doesn't understand,
415 except the source one that can't be overridden until 129510 is fixed
417 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
419 sudo (1.6.6-3) unstable; urgency=low
421 * add code to rules file to update config.sub/guess, closes: #164501
423 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
425 sudo (1.6.6-2) unstable; urgency=low
427 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
428 configure, and lose the build dependency on mail-transport-agent
429 * incorporate changes from LaMont's NMU, closes: #144665, #144737
430 * update init.d to not try and set time on nonexistent timestamp files,
432 * build with --with-all-insults, admin must edit sudoers to turn insults
433 on at runtime if desired, closes: #135374
434 * stop setting /usr/doc symlink in postinst
436 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
438 sudo (1.6.6-1.1) unstable; urgency=high
440 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
441 * Revert patch to auth/pam.c that left pass uninitialized, causing a
442 segfault (Closes: #144665).
444 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
446 sudo (1.6.6-1) unstable; urgency=high
448 * new upstream version, fixes security problem with crafty prompts,
451 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
453 sudo (1.6.5p1-4) unstable; urgency=high
455 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
456 if ctrl/C'ed at password prompt, closes: #131235
458 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
460 sudo (1.6.5p1-3) unstable; urgency=high
462 * ugly hack to add --disable-saved-ids when building on sparc in response
463 to 131592, which will be reassigned to glibc for a real fix
464 * urgency high since the sudo currently in testing for sparc is worthless
466 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
468 sudo (1.6.5p1-2) unstable; urgency=high
470 * patch from upstream to fix seg faults caused by versions of pam that
471 follow a NULL pointer, closes: #129512
473 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
475 sudo (1.6.5p1-1) unstable; urgency=high
477 * new upstream version
478 * add --disable-root-mailer option supported by new version to configure
479 call in rules file, closes: #129648
481 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
483 sudo (1.6.4p1-1) unstable; urgency=high
485 * new upstream version, with fix for segfaulting problem in 1.6.4
487 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
489 sudo (1.6.4-1) unstable; urgency=high
491 * new upstream version, includes an important security fix, closes: #127576
493 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
495 sudo (1.6.3p7-5) unstable; urgency=low
497 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
498 * fix spelling error in init.d, closes: #126847
500 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
502 sudo (1.6.3p7-4) unstable; urgency=medium
504 * use touch to set status files to an ancient date instead of removing them
505 outright on reboot. this achieves the desired effect of keeping elevated
506 privs from living across reboots, without forcing everyone to see the
507 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
508 for systems with good clocks, and 'recent enough' that broken PC hardware
509 setting the clock to commonly-seen bogus dates trips over the "don't trust
510 future timestamps" rule. closes: #76529, #123559
511 * apply patch from Steve Langasek to fix seg faults due to interaction with
512 PAM code. upstream confirms the problem, and says they're fixing this
513 differently for their next release... but this should be useful in the
514 meantime, and would be good to get into woody. closes: #119147
515 * only run the init.d at boot, not on each runlevel change... and don't run
516 it during package configure. closes: #125935
517 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
519 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
521 sudo (1.6.3p7-3) unstable; urgency=low
523 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
524 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
525 * fix a typo in the manpage, closes: #97368
526 * apply patch to configure.in and run autoconf to fix problem building on
527 the hurd, closes: #96325
528 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
529 to not last across reboots, closes: #76529
530 * clean up lintian-noticed cosmetic packaging issues
532 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
534 sudo (1.6.3p7-2) unstable; urgency=low
536 * update config.sub/guess for hppa support
538 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
540 sudo (1.6.3p7-1) unstable; urgency=low
542 * new upstream version
543 * add build dependency on mail-transport-agent, closes: #90685
545 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
547 sudo (1.6.3p6-1) unstable; urgency=high
549 * new upstream version, fixes buffer overflow problem,
550 closes: #87259, #87278, #87263
551 * revert to using --with-secure-path option at build time, since the option
552 available in sudoers is parsed too late to be useful, and upstream says
553 it won't get fixed quickly. This reopens 85123, which I will mark as
554 forwarded. Closes: #86199, #86117, #85676
556 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
558 sudo (1.6.3p5-2) unstable; urgency=low
560 * lose the dh_suidregister call since it's obsolete
561 * stop using the --with-secure-path option at build time, and instead show
562 how to set it in sudoers. Closes: #85123
563 * freshen config.sub and config.guess for ia64 and hppa
564 * update sudoers man page to indicate exempt_group is on by default,
567 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
569 sudo (1.6.3p5-1) unstable; urgency=low
571 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
572 * this version restores core dumps before the exec, while leaving them
573 disabled during sudo's internal execution, closes: #58289
574 * update debhelper calls in rules file
576 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
578 sudo (1.6.2p2-1) frozen unstable; urgency=medium
580 * new upstream source resulting from direct collaboration with the upstream
581 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
582 Closes: #56129, #55978, #55979, #56550, #56772
583 * include more upstream documentation, closes: #55054
584 * pam.d fragment update, closes: #56129
586 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
588 sudo (1.6.1-1) unstable; urgency=low
590 * new upstream source, closes: #52750
592 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
594 sudo (1.6-2) unstable; urgency=low
596 * drop suidregister support for this package. The sudo executable is
597 essentially worthless unless it is setuid root, and making suidregister
598 work involves shipping a non-setuid executable in the .deb and setting the
599 perms in the postinst. On a long upgrade run, this can leave the sudo
600 executable 'broken' for a long time, which is unacceptable. With this
601 version, we ship the executable setuid root in the .deb. Closes: #51742
603 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
605 sudo (1.6-1) unstable; urgency=low
607 * new upstream version, many options previously set at compile-time are now
608 configurable at runtime.
609 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
612 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
614 sudo (1.5.9p4-1) unstable; urgency=low
616 * new upstream version, closes: #43464
617 * empty password handling was fixed in 1.5.8, closes: #31863
619 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
621 sudo (1.5.9p1-1) unstable; urgency=low
623 * new upstream version
625 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
627 sudo (1.5.8p1-1) unstable; urgency=medium
629 * new upstream version, closes 33690
630 * add dependency on libpam-modules, closes 34215, 33432
632 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
634 sudo (1.5.7p4-2) unstable; urgency=medium
636 * update the pam fragment provided so that sudo works with latest pam bits,
639 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
641 sudo (1.5.7p4-1) unstable; urgency=low
643 * new upstream release
645 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
647 sudo (1.5.6p5-1) unstable; urgency=low
649 * new upstream patch release
650 * add PAM support, closes 28594
652 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
654 sudo (1.5.6p2-2) unstable; urgency=low
656 * update copyright file, closes 24136
657 * review and close forwarded bugs believed fixed in this upstream version,
660 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
662 sudo (1.5.6p2-1) unstable; urgency=low
664 * new upstream release
666 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
668 sudo (1.5.4-4) frozen unstable; urgency=low
670 * update postinst to use groupadd, closes 21403
671 * move the suidregister stuff earlier in postinst to ensure it always runs
673 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
675 sudo (1.5.4-3) frozen unstable; urgency=low
677 * change /etc/sudoers from a conffile to being handled in postinst,
679 * add suidmanager support, closes 15711
680 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
681 unlikely to ever fix, and which just don't matter. closes 17146
682 * fix FSF address in copyright file, and submit exception for lintian
683 warning about sudo being setuid root
685 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
687 sudo (1.5.4-2) unstable; urgency=high
689 * patch from upstream author correcting/improving security fix
691 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
693 sudo (1.5.4-1) unstable; urgency=high
695 * new upstream version, includes a security fix
696 * change default editor from /bin/ae to /usr/bin/editor
698 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
700 sudo (1.5.3-1) unstable; urgency=medium
702 * new upstream version, closes bug 15911.
703 * rules file reworked to use debhelper
704 * implement a really gross hack to force use of the sudo-provided
705 lsearch(), since the one in libc6 is broken! This closes bugs
706 12552, 12557, 14881, 15259, 15916.
708 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
710 sudo (1.5.2-6) unstable; urgency=LOW
712 * don't install INSTALL in the doc directory, closes bug 13195.
714 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
716 sudo (1.5.2-5) unstable; urgency=LOW
720 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
722 sudo (1.5.2-4) unstable; urgency=LOW
724 * change TIMEOUT (how long before you have to type your password again)
725 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
726 packages on slower machines much more tolerable. Closes bug 9076.
727 * touch debian/suid before debstd. Closes bug 8709.
729 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
731 sudo (1.5.2-3) frozen unstable; urgency=LOW
733 * patch from upstream maintainer to close Bug 6828
734 * add a debian/suid file to get debstd to leave my perl postinst alone
736 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
738 sudo (1.5.2-2) frozen unstable; urgency=LOW
740 * change rules to use -O2 -Wall as per standards
742 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
744 sudo (1.5.2-1) unstable; urgency=LOW
746 * new upstream version
747 * cosmetic changes to debian package control files
749 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
751 sudo (1.5-2) unstable; urgency=LOW
753 * add /usr/X11R6/bin to the end of the secure path... this makes it
754 much easier to run xmkmf, etc., during package builds. To the extent
755 that /usr/local/sbin and /usr/local/bin were already included, I see
756 no security reasons not to add this.
758 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
760 sudo (1.5-1) unstable; urgency=LOW
762 * New upstream version
764 * New packaging format
766 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
768 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
772 * hard code SECURE_PATH to:
773 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
777 * enabled EXEMPTGROUP "sudo"
779 * moved timestamp dir to /var/log/sudo
781 * changed parser to check for long and short filenames (Bug#1162)
783 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
787 * New upstream source
789 * Fixed postinst script
790 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
792 * Removed special shadow binary. This version works with and without
793 shadow password file.
795 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
799 * Corrected editor path to /bin/ae (Bug#3062)
801 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
803 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
807 * New upstream version
809 * Changed sudoers permission to 440 (owner root, group root) to make
812 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
816 * Applied upstream patch 1
818 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
822 * Applied upstream patch 2
824 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
828 * Applied upstream patch 3 (fixes problems with an NFS-mounted
832 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
836 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
837 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
839 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
843 * Applied upstream patch 4 (fixes several bugs)
845 * Changed priority to optional
847 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
851 * Corrected postinst to create correct permission for /etc/sudoers
854 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
858 * New upstream version
861 sudo (1.4.4-2) admin; urgency=HIGH
863 * Fixed major security bug reported by Peter Tobias
864 <tobias@et-inf.fho-emden.de>
865 * Added dchanges support to debian.rules
867 sudo (1.4.5-1) admin; urgency=LOW
869 * New upstream version
870 * Minor changes to debian.rules