1 sudo (1.7.4-1) UNRELEASED; urgency=low
4 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
5 re-lecturing existing users, and to clean up after ourselves on upgrade,
6 and remove the RAMRUN section from README.Debian since the new state dir
7 should fix the original problem, closes: #585514
9 -- Bdale Garbee <bdale@gag.com> Mon, 02 Aug 2010 23:26:50 -0400
11 sudo (1.7.2p7-1) unstable; urgency=high
13 * new upstream release with security fix for secure path (CVE-2010-1646),
15 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
16 about whether to give the lecture is preserved across reboots even when
17 RAMRUN is set, closes: #581393
18 * add a note to README.Debian about LDAP needing an entry in
19 /etc/nsswitch.conf, closes: #522065
20 * add a note to README.Debian about how to turn off lectures if using
21 RAMRUN in /etc/default/rcS, closes: #581393
23 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
25 sudo (1.7.2p6-1) unstable; urgency=low
27 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
29 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
31 sudo (1.7.2p5-1) unstable; urgency=low
33 * new upstream release, closes a bug filed upstream regarding missing man
34 page processing scripts in the 1.7.2p1 tarball, also includes the fix
35 for CVE-2010-0426 previously the subject of a security team nmu
36 * move to source format 3.0 (quilt) and restructure changes as patches
37 * fix unprocessed substitution variables in man pages, closes: #557204
38 * apply patch from Neil Moore to fix Debian-specific content in the
39 visudo man page, closes: #555013
40 * update descriptions to better explain sudo-ldap, closes: #573108
41 * eliminate spurious 'and' in man page, closes: #571620
42 * fix confusing text in default sudoers, closes: #566607
44 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
46 sudo (1.7.2p1-1) unstable; urgency=low
48 * new upstream version
49 * add support for /etc/sudoers.d using #includedir in default sudoers,
50 which I think is also a good solution to the request for a crontab-like
51 API requested in March of 2001, closes: #539994, #271813, #89743
52 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
54 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
56 sudo (1.7.2-2) unstable; urgency=low
58 * further improve initial sudoers to not include the NOPASSWD option on
59 the group sudo exception, closes: #539136, #198991
61 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
63 sudo (1.7.2-1) unstable; urgency=low
65 * new upstream version, closes: #537103
66 * improve initial sudoers by having the exemption for users in group
67 sudo on by default, and including the ability to run any command as
68 any user. This makes the default install roughly equivalent to our
69 old use of the --with-exempt=sudo build option, closes: #536220, #536222
71 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
73 sudo (1.7.0-1) unstable; urgency=low
75 * new upstream version, closes: #510179, #128268, #520274, #508514
76 * fix ldap config file path for sudo-ldap package, including creating
77 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
78 package, closes: #430826
79 * fix NOPASSWD entry location in default config file for the sudo-ldap
80 instance too, closes: #479616
82 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
84 sudo (1.6.9p17-2) unstable; urgency=high
86 * patch from upstream to fix privilege escalation with certain
87 configurations, CVE-2009-0034
88 * typo in sudoers man page, closes: #507163
90 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
92 sudo (1.6.9p17-1) unstable; urgency=low
94 * new upstream version, closes: #481008
95 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
96 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
97 in move from CVS to git for package management, closes: #475821
98 * re-instate the init.d for the sudo-ldap package too... /o\
100 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
102 sudo (1.6.9p15-2) unstable; urgency=low
104 * revert the fix for 388659 such that visudo once again defaults to using
105 /usr/bin/editor. I was always ambivalent about this change, it has caused
106 more confusion and frustration than it cured, and I find Justin's line of
107 reasoning persuasive. Update the man page source to reflect this choice
108 and the related use of --with-env-editor. Closes: #474197.
109 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
111 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
113 sudo (1.6.9p15-1) unstable; urgency=low
115 * new upstream version, closes: #467126, #473337
116 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
117 thanks to Justin Pryzby for pointing this out
118 * reinstate the init.d, since bootclean doesn't quite do what we want. This
119 also means we don't need the preinst scripts any more. Update the lintian
120 overrides since postinst is a Perl script lintian apparently isn't parsing
121 well. closes: #330868
123 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
125 sudo (1.6.9p12-1) unstable; urgency=low
127 * new upstream version, closes: #464890
129 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
131 sudo (1.6.9p11-3) unstable; urgency=low
133 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
135 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
137 sudo (1.6.9p11-2) unstable; urgency=low
139 * update version compared in preinst when removing obsolete init.d,
141 * implement pam session config suggestions from Elizabeth Fong,
142 closes: #452457, #402329
144 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
146 sudo (1.6.9p11-1) unstable; urgency=low
148 * new upstream version
150 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
152 sudo (1.6.9p10-1) unstable; urgency=low
154 * new upstream version
155 * tweak default password prompt as %u doesn't make sense. Accept patch from
156 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
157 uses it by default, closes: #454409
158 * accept patch from Martin Pitt that adds a prerm making it difficult to
159 "accidentally" remove sudo when there is no root password set on the
160 system, closes: #451241
162 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
164 sudo (1.6.9p9-1) unstable; urgency=low
166 * new upstream version
167 * debian/rules: configure a more informative default password prompt to
168 reduce confusion when using sudo to invoke commands which also ask for
169 passwords, closes: #343268
170 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
171 a custom prompt, closes: #448628.
172 * fix configure's ability to discover that libc has dirfd, closes: #451324
173 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
174 the command 'visudo' invokes a vi variant by default as documented,
177 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
179 sudo (1.6.9p6-1) unstable; urgency=low
181 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
182 closes: #434832, #434608, #430382
183 * eliminate the now-redundant init.d scripts, closes: #397090
184 * fix typo in TROUBLESHOOTING file, closes: #439624
186 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
188 sudo (1.6.8p12-6) unstable; urgency=low
190 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
191 * have init.d touch directories in /var/run/sudo, not just files, as a
193 * fix various typos in sudoers.pod, closes: #419749
194 * don't let Makefile strip binaries, closes: #438073
196 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
198 sudo (1.6.8p12-5) unstable; urgency=low
200 * update debian/copyright to reflect new upstream URL, closes: #368746
201 * add sandwich cartoon URL to the README.Debian
202 * don't remove sudoers on purge. can cause problems when moving between
203 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
204 evil choice for now, closes: #401366
205 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
207 * accept patch that improves debian/rules from Ted Percival, closes: #382122
208 * no longer build with --with-exempt=sudo, provide an example entry in the
209 default sudoers file instead, closes: #296605
210 * add --with-devel to configure and augment build dependencies so that flex
211 and yacc files get re-generated on every build, closes: #316249
213 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
215 sudo (1.6.8p12-4) unstable; urgency=low
217 * patch from Petter Reinholdtsen for the LSB info block in the init.d
218 script, closes: #361055
219 * deliver sudoers sample again, closes: #361593
221 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
223 sudo (1.6.8p12-3) unstable; urgency=low
225 * force-feed configure knowledge of nroff's path so we get unformatted man
226 pages installed without build-depending on groff-base, closes: #360894
227 * add a reference to OPTIONS in the man page, closes: #186226
229 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
231 sudo (1.6.8p12-2) unstable; urgency=low
233 * fix typos in init scripts, closes: #346325
234 * update to debhelper compat level 5
235 * build depend on autotools-dev to ensure config.sub/guess are fresh
236 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
237 use it here as well. Thanks to Martin and the debian-security team.
238 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
239 closes: #315115, #315718, #203874
240 * Non-maintainer upload by the Security Team
241 * Reworked the former patch to limit environment variables from being
242 passed through, set env_reset as default instead [sudo.c, env.c,
243 sudoers.pod, Bug#342948, CVE-2005-4158]
244 * env_reset is now set by default
245 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
246 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
247 (in addition to the SUDO_* variables)
248 * Rebuild sudoers.man.in from the POD file
249 * Added README.Debian
250 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
251 * simplify rules file by using more of Makefile, despite having to override
252 default directories with more arguments to configure, closes: #292833
253 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
254 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
255 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
256 unresolveable (requires adding bison as build dep), closes: #314949
258 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
260 sudo (1.6.8p12-1) unstable; urgency=low
262 * new upstream version, closes: #342948 (CVE-2005-4158)
263 * add env_reset to the sudoers file we create if none already exists,
264 as a further precaution in response to discussion about CVS-2005-4158
265 * split ldap support into a new sudo-ldap package. I was trying to avoid
266 doing this, but the impact of going from 4 to 17 linked shlibs on the
267 autobuilder chroots is sufficient motivation for me.
270 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
272 sudo (1.6.8p9-4) unstable; urgency=low
274 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
275 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
276 timestamps in the init.d script, closes: #330868
277 * add dependency header to init.d script, closes: #332849
279 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
281 sudo (1.6.8p9-3) unstable; urgency=high
283 * update debhelper compatibility level from 2 to 4
284 * add man page symlink for sudoedit
285 * Clean SHELLOPTS and PS4 from the environment before executing programs
286 with sudo permissions [env.c, CAN-2005-2959]
287 * fix typo in manpage pointed out by Moray Allen, closes: #285995
288 * fix paths in sample complex sudoers file, closes: #303542
289 * fix type in sudoers man page, closes: #311244
291 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
293 sudo (1.6.8p9-2) unstable; urgency=high
295 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
298 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
300 sudo (1.6.8p9-1) unstable; urgency=high
302 * new upstream version, fixes a race condition in sudo's pathname
303 validation, which is a security issue (CAN-2005-1993),
304 closes: #315115, #315718
306 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
308 sudo (1.6.8p7-1) unstable; urgency=low
310 * new upstream version, closes: #299585
311 * update lintian overrides to squelch the postinst warning
312 * change sudoedit from a hard to a soft link, closes: #296896
313 * fix regex doc in sudoers man page, closes: #300361
315 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
317 sudo (1.6.8p5-1) unstable; urgency=high
319 * new upstream version
320 * restores ability to use config tuples without a value, which was causing
321 problems on upgrade closes: #283306
322 * deliver sudoedit, closes: #283078
323 * marking urgency high since 283306 is a serious upgrade incompatibility
325 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
327 sudo (1.6.8p3-2) unstable; urgency=high
329 * update pam.d deliverable so ldap works again, closes: #282191
331 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
333 sudo (1.6.8p3-1) unstable; urgency=high
335 * new upstream version, fixes a flaw in sudo's environment sanitizing that
336 could allow a malicious user with permission to run a shell script that
337 utilized the bash shell to run arbitrary commands, closes: #281665
338 * patch the sample sudoers to have the proper path for kill on Debian
339 systems, closes: #263486
340 * patch the sudo manpage to reflect Debian's choice of exempt_group
341 default setting, closes: #236465
342 * patch the sudo manpage to reflect Debian's choice of no timeout on the
343 password prompt, closes: #271194
345 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
347 sudo (1.6.7p5-2) unstable; urgency=low
349 * Jeff Bailey reports that seteuid works on current sparc systems, so we
350 no longer need the "grosshack" stuff in the sudo rules file
351 * add a postrm that removes /etc/sudoers on purge. don't do this with the
352 normal conffile mechanism since it would generate noise on every upgrade,
355 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
357 sudo (1.6.7p5-1) unstable; urgency=low
359 * new upstream version, closes: #190265, #193222, #197244
360 * change from '.' to ':' in postinst chown call, closes: #208369
362 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
364 sudo (1.6.7p3-2) unstable; urgency=low
366 * add --disable-setresuid to configure call since 2.2 kernels don't support
367 setresgid, closes: #189044
368 * cosmetic cleanups to debian/rules as long as I'm there
370 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
372 sudo (1.6.7p3-1) unstable; urgency=low
374 * new upstream version
375 * add overrides to quiet lintian about things it doesn't understand,
376 except the source one that can't be overridden until 129510 is fixed
378 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
380 sudo (1.6.6-3) unstable; urgency=low
382 * add code to rules file to update config.sub/guess, closes: #164501
384 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
386 sudo (1.6.6-2) unstable; urgency=low
388 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
389 configure, and lose the build dependency on mail-transport-agent
390 * incorporate changes from LaMont's NMU, closes: #144665, #144737
391 * update init.d to not try and set time on nonexistent timestamp files,
393 * build with --with-all-insults, admin must edit sudoers to turn insults
394 on at runtime if desired, closes: #135374
395 * stop setting /usr/doc symlink in postinst
397 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
399 sudo (1.6.6-1.1) unstable; urgency=high
401 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
402 * Revert patch to auth/pam.c that left pass uninitialized, causing a
403 segfault (Closes: #144665).
405 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
407 sudo (1.6.6-1) unstable; urgency=high
409 * new upstream version, fixes security problem with crafty prompts,
412 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
414 sudo (1.6.5p1-4) unstable; urgency=high
416 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
417 if ctrl/C'ed at password prompt, closes: #131235
419 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
421 sudo (1.6.5p1-3) unstable; urgency=high
423 * ugly hack to add --disable-saved-ids when building on sparc in response
424 to 131592, which will be reassigned to glibc for a real fix
425 * urgency high since the sudo currently in testing for sparc is worthless
427 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
429 sudo (1.6.5p1-2) unstable; urgency=high
431 * patch from upstream to fix seg faults caused by versions of pam that
432 follow a NULL pointer, closes: #129512
434 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
436 sudo (1.6.5p1-1) unstable; urgency=high
438 * new upstream version
439 * add --disable-root-mailer option supported by new version to configure
440 call in rules file, closes: #129648
442 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
444 sudo (1.6.4p1-1) unstable; urgency=high
446 * new upstream version, with fix for segfaulting problem in 1.6.4
448 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
450 sudo (1.6.4-1) unstable; urgency=high
452 * new upstream version, includes an important security fix, closes: #127576
454 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
456 sudo (1.6.3p7-5) unstable; urgency=low
458 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
459 * fix spelling error in init.d, closes: #126847
461 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
463 sudo (1.6.3p7-4) unstable; urgency=medium
465 * use touch to set status files to an ancient date instead of removing them
466 outright on reboot. this achieves the desired effect of keeping elevated
467 privs from living across reboots, without forcing everyone to see the
468 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
469 for systems with good clocks, and 'recent enough' that broken PC hardware
470 setting the clock to commonly-seen bogus dates trips over the "don't trust
471 future timestamps" rule. closes: #76529, #123559
472 * apply patch from Steve Langasek to fix seg faults due to interaction with
473 PAM code. upstream confirms the problem, and says they're fixing this
474 differently for their next release... but this should be useful in the
475 meantime, and would be good to get into woody. closes: #119147
476 * only run the init.d at boot, not on each runlevel change... and don't run
477 it during package configure. closes: #125935
478 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
480 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
482 sudo (1.6.3p7-3) unstable; urgency=low
484 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
485 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
486 * fix a typo in the manpage, closes: #97368
487 * apply patch to configure.in and run autoconf to fix problem building on
488 the hurd, closes: #96325
489 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
490 to not last across reboots, closes: #76529
491 * clean up lintian-noticed cosmetic packaging issues
493 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
495 sudo (1.6.3p7-2) unstable; urgency=low
497 * update config.sub/guess for hppa support
499 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
501 sudo (1.6.3p7-1) unstable; urgency=low
503 * new upstream version
504 * add build dependency on mail-transport-agent, closes: #90685
506 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
508 sudo (1.6.3p6-1) unstable; urgency=high
510 * new upstream version, fixes buffer overflow problem,
511 closes: #87259, #87278, #87263
512 * revert to using --with-secure-path option at build time, since the option
513 available in sudoers is parsed too late to be useful, and upstream says
514 it won't get fixed quickly. This reopens 85123, which I will mark as
515 forwarded. Closes: #86199, #86117, #85676
517 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
519 sudo (1.6.3p5-2) unstable; urgency=low
521 * lose the dh_suidregister call since it's obsolete
522 * stop using the --with-secure-path option at build time, and instead show
523 how to set it in sudoers. Closes: #85123
524 * freshen config.sub and config.guess for ia64 and hppa
525 * update sudoers man page to indicate exempt_group is on by default,
528 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
530 sudo (1.6.3p5-1) unstable; urgency=low
532 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
533 * this version restores core dumps before the exec, while leaving them
534 disabled during sudo's internal execution, closes: #58289
535 * update debhelper calls in rules file
537 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
539 sudo (1.6.2p2-1) frozen unstable; urgency=medium
541 * new upstream source resulting from direct collaboration with the upstream
542 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
543 Closes: #56129, #55978, #55979, #56550, #56772
544 * include more upstream documentation, closes: #55054
545 * pam.d fragment update, closes: #56129
547 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
549 sudo (1.6.1-1) unstable; urgency=low
551 * new upstream source, closes: #52750
553 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
555 sudo (1.6-2) unstable; urgency=low
557 * drop suidregister support for this package. The sudo executable is
558 essentially worthless unless it is setuid root, and making suidregister
559 work involves shipping a non-setuid executable in the .deb and setting the
560 perms in the postinst. On a long upgrade run, this can leave the sudo
561 executable 'broken' for a long time, which is unacceptable. With this
562 version, we ship the executable setuid root in the .deb. Closes: #51742
564 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
566 sudo (1.6-1) unstable; urgency=low
568 * new upstream version, many options previously set at compile-time are now
569 configurable at runtime.
570 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
573 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
575 sudo (1.5.9p4-1) unstable; urgency=low
577 * new upstream version, closes: #43464
578 * empty password handling was fixed in 1.5.8, closes: #31863
580 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
582 sudo (1.5.9p1-1) unstable; urgency=low
584 * new upstream version
586 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
588 sudo (1.5.8p1-1) unstable; urgency=medium
590 * new upstream version, closes 33690
591 * add dependency on libpam-modules, closes 34215, 33432
593 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
595 sudo (1.5.7p4-2) unstable; urgency=medium
597 * update the pam fragment provided so that sudo works with latest pam bits,
600 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
602 sudo (1.5.7p4-1) unstable; urgency=low
604 * new upstream release
606 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
608 sudo (1.5.6p5-1) unstable; urgency=low
610 * new upstream patch release
611 * add PAM support, closes 28594
613 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
615 sudo (1.5.6p2-2) unstable; urgency=low
617 * update copyright file, closes 24136
618 * review and close forwarded bugs believed fixed in this upstream version,
621 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
623 sudo (1.5.6p2-1) unstable; urgency=low
625 * new upstream release
627 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
629 sudo (1.5.4-4) frozen unstable; urgency=low
631 * update postinst to use groupadd, closes 21403
632 * move the suidregister stuff earlier in postinst to ensure it always runs
634 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
636 sudo (1.5.4-3) frozen unstable; urgency=low
638 * change /etc/sudoers from a conffile to being handled in postinst,
640 * add suidmanager support, closes 15711
641 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
642 unlikely to ever fix, and which just don't matter. closes 17146
643 * fix FSF address in copyright file, and submit exception for lintian
644 warning about sudo being setuid root
646 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
648 sudo (1.5.4-2) unstable; urgency=high
650 * patch from upstream author correcting/improving security fix
652 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
654 sudo (1.5.4-1) unstable; urgency=high
656 * new upstream version, includes a security fix
657 * change default editor from /bin/ae to /usr/bin/editor
659 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
661 sudo (1.5.3-1) unstable; urgency=medium
663 * new upstream version, closes bug 15911.
664 * rules file reworked to use debhelper
665 * implement a really gross hack to force use of the sudo-provided
666 lsearch(), since the one in libc6 is broken! This closes bugs
667 12552, 12557, 14881, 15259, 15916.
669 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
671 sudo (1.5.2-6) unstable; urgency=LOW
673 * don't install INSTALL in the doc directory, closes bug 13195.
675 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
677 sudo (1.5.2-5) unstable; urgency=LOW
681 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
683 sudo (1.5.2-4) unstable; urgency=LOW
685 * change TIMEOUT (how long before you have to type your password again)
686 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
687 packages on slower machines much more tolerable. Closes bug 9076.
688 * touch debian/suid before debstd. Closes bug 8709.
690 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
692 sudo (1.5.2-3) frozen unstable; urgency=LOW
694 * patch from upstream maintainer to close Bug 6828
695 * add a debian/suid file to get debstd to leave my perl postinst alone
697 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
699 sudo (1.5.2-2) frozen unstable; urgency=LOW
701 * change rules to use -O2 -Wall as per standards
703 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
705 sudo (1.5.2-1) unstable; urgency=LOW
707 * new upstream version
708 * cosmetic changes to debian package control files
710 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
712 sudo (1.5-2) unstable; urgency=LOW
714 * add /usr/X11R6/bin to the end of the secure path... this makes it
715 much easier to run xmkmf, etc., during package builds. To the extent
716 that /usr/local/sbin and /usr/local/bin were already included, I see
717 no security reasons not to add this.
719 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
721 sudo (1.5-1) unstable; urgency=LOW
723 * New upstream version
725 * New packaging format
727 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
729 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
733 * hard code SECURE_PATH to:
734 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
738 * enabled EXEMPTGROUP "sudo"
740 * moved timestamp dir to /var/log/sudo
742 * changed parser to check for long and short filenames (Bug#1162)
744 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
748 * New upstream source
750 * Fixed postinst script
751 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
753 * Removed special shadow binary. This version works with and without
754 shadow password file.
756 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
760 * Corrected editor path to /bin/ae (Bug#3062)
762 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
764 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
768 * New upstream version
770 * Changed sudoers permission to 440 (owner root, group root) to make
773 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
777 * Applied upstream patch 1
779 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
783 * Applied upstream patch 2
785 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
789 * Applied upstream patch 3 (fixes problems with an NFS-mounted
793 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
797 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
798 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
800 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
804 * Applied upstream patch 4 (fixes several bugs)
806 * Changed priority to optional
808 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
812 * Corrected postinst to create correct permission for /etc/sudoers
815 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
819 * New upstream version
822 sudo (1.4.4-2) admin; urgency=HIGH
824 * Fixed major security bug reported by Peter Tobias
825 <tobias@et-inf.fho-emden.de>
826 * Added dchanges support to debian.rules
828 sudo (1.4.5-1) admin; urgency=LOW
830 * New upstream version
831 * Minor changes to debian.rules