1 sudo (1.8.1p2-1) UNRELEASED; urgency=low
4 * include common-session in pam config, closes: #519700, #607199
5 * move secure_path from configure to default sudoers, closes: #85123, 85917
7 -- Bdale Garbee <bdale@gag.com> Fri, 22 Jul 2011 15:22:40 +0200
9 sudo (1.7.4p6-1) unstable; urgency=low
11 * new upstream version
12 * touch the right stamp name after configuring, closes: #611287
13 * patch from Svante Signell to fix build problem on Hurd, closes: #611290
15 -- Bdale Garbee <bdale@gag.com> Wed, 09 Feb 2011 11:32:58 -0700
17 sudo (1.7.4p4-6) unstable; urgency=low
19 * update /etc/sudoers.d/README now that sudoers is a conffile
20 * patch from upstream to fix special case in password checking code
21 when only the gid is changing, closes: #609641
23 -- Bdale Garbee <bdale@gag.com> Tue, 11 Jan 2011 10:22:39 -0700
25 sudo (1.7.4p4-5) unstable; urgency=low
27 * patch from Jakub Wilk to add noopt and nostrip build option support,
29 * make sudoers a conffile, closes: #605130
30 * add descriptions to LSB init headers, closes: #604619
31 * change default sudoers %sudo entry to allow gid changes, closes: #602699
32 * add Vcs entries to the control file
33 * use debhelper install files instead of explicit installs in rules
35 -- Bdale Garbee <bdale@gag.com> Wed, 01 Dec 2010 20:32:31 -0700
37 sudo (1.7.4p4-4) unstable; urgency=low
39 * patch from upstream to resolve problem always prompting for a password
40 when run without a tty, closes: #599376
41 * patch from upstream to resolve interoperability problem between HOME in
42 env_keep and the -H flag, closes: #596493
43 * change path syntax to avoid tar error when /var/run/sudo exists but is
44 empty, closes: #598877
46 -- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600
48 sudo (1.7.4p4-3) unstable; urgency=low
50 * make postinst clause for handling /var/run -> /var/lib transition less
51 fragile, closes: #585514
52 * cope with upstream's Makefile trying to install ChangeLog in our doc
53 directory, closes: #597389
54 * fix README.Debian to reflect that HOME is no longer preserved by default,
57 -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
59 sudo (1.7.4p4-2) unstable; urgency=low
61 * add a NEWS item about change in $HOME handling that impacts programs
64 -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
66 sudo (1.7.4p4-1) unstable; urgency=high
68 * new upstream version, urgency high due to fix for flaw in Runas group
69 matching (CVE-2010-2956), closes: #595935
70 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
71 re-lecturing existing users, and to clean up after ourselves on upgrade,
72 and remove the RAMRUN section from README.Debian since the new state dir
73 should fix the original problem, closes: #585514
74 * deliver README.Debian to both package flavors, closes: #593579
76 -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600
78 sudo (1.7.2p7-1) unstable; urgency=high
80 * new upstream release with security fix for secure path (CVE-2010-1646),
82 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
83 about whether to give the lecture is preserved across reboots even when
84 RAMRUN is set, closes: #581393
85 * add a note to README.Debian about LDAP needing an entry in
86 /etc/nsswitch.conf, closes: #522065
87 * add a note to README.Debian about how to turn off lectures if using
88 RAMRUN in /etc/default/rcS, closes: #581393
90 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
92 sudo (1.7.2p6-1) unstable; urgency=low
94 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
96 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
98 sudo (1.7.2p5-1) unstable; urgency=low
100 * new upstream release, closes a bug filed upstream regarding missing man
101 page processing scripts in the 1.7.2p1 tarball, also includes the fix
102 for CVE-2010-0426 previously the subject of a security team nmu
103 * move to source format 3.0 (quilt) and restructure changes as patches
104 * fix unprocessed substitution variables in man pages, closes: #557204
105 * apply patch from Neil Moore to fix Debian-specific content in the
106 visudo man page, closes: #555013
107 * update descriptions to better explain sudo-ldap, closes: #573108
108 * eliminate spurious 'and' in man page, closes: #571620
109 * fix confusing text in default sudoers, closes: #566607
111 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
113 sudo (1.7.2p1-1) unstable; urgency=low
115 * new upstream version
116 * add support for /etc/sudoers.d using #includedir in default sudoers,
117 which I think is also a good solution to the request for a crontab-like
118 API requested in March of 2001, closes: #539994, #271813, #89743
119 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
121 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
123 sudo (1.7.2-2) unstable; urgency=low
125 * further improve initial sudoers to not include the NOPASSWD option on
126 the group sudo exception, closes: #539136, #198991
128 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
130 sudo (1.7.2-1) unstable; urgency=low
132 * new upstream version, closes: #537103
133 * improve initial sudoers by having the exemption for users in group
134 sudo on by default, and including the ability to run any command as
135 any user. This makes the default install roughly equivalent to our
136 old use of the --with-exempt=sudo build option, closes: #536220, #536222
138 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
140 sudo (1.7.0-1) unstable; urgency=low
142 * new upstream version, closes: #510179, #128268, #520274, #508514
143 * fix ldap config file path for sudo-ldap package, including creating
144 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
145 package, closes: #430826
146 * fix NOPASSWD entry location in default config file for the sudo-ldap
147 instance too, closes: #479616
149 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
151 sudo (1.6.9p17-2) unstable; urgency=high
153 * patch from upstream to fix privilege escalation with certain
154 configurations, CVE-2009-0034
155 * typo in sudoers man page, closes: #507163
157 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
159 sudo (1.6.9p17-1) unstable; urgency=low
161 * new upstream version, closes: #481008
162 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
163 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
164 in move from CVS to git for package management, closes: #475821
165 * re-instate the init.d for the sudo-ldap package too... /o\
167 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
169 sudo (1.6.9p15-2) unstable; urgency=low
171 * revert the fix for 388659 such that visudo once again defaults to using
172 /usr/bin/editor. I was always ambivalent about this change, it has caused
173 more confusion and frustration than it cured, and I find Justin's line of
174 reasoning persuasive. Update the man page source to reflect this choice
175 and the related use of --with-env-editor. Closes: #474197.
176 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
178 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
180 sudo (1.6.9p15-1) unstable; urgency=low
182 * new upstream version, closes: #467126, #473337
183 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
184 thanks to Justin Pryzby for pointing this out
185 * reinstate the init.d, since bootclean doesn't quite do what we want. This
186 also means we don't need the preinst scripts any more. Update the lintian
187 overrides since postinst is a Perl script lintian apparently isn't parsing
188 well. closes: #330868
190 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
192 sudo (1.6.9p12-1) unstable; urgency=low
194 * new upstream version, closes: #464890
196 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
198 sudo (1.6.9p11-3) unstable; urgency=low
200 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
202 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
204 sudo (1.6.9p11-2) unstable; urgency=low
206 * update version compared in preinst when removing obsolete init.d,
208 * implement pam session config suggestions from Elizabeth Fong,
209 closes: #452457, #402329
211 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
213 sudo (1.6.9p11-1) unstable; urgency=low
215 * new upstream version
217 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
219 sudo (1.6.9p10-1) unstable; urgency=low
221 * new upstream version
222 * tweak default password prompt as %u doesn't make sense. Accept patch from
223 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
224 uses it by default, closes: #454409
225 * accept patch from Martin Pitt that adds a prerm making it difficult to
226 "accidentally" remove sudo when there is no root password set on the
227 system, closes: #451241
229 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
231 sudo (1.6.9p9-1) unstable; urgency=low
233 * new upstream version
234 * debian/rules: configure a more informative default password prompt to
235 reduce confusion when using sudo to invoke commands which also ask for
236 passwords, closes: #343268
237 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
238 a custom prompt, closes: #448628.
239 * fix configure's ability to discover that libc has dirfd, closes: #451324
240 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
241 the command 'visudo' invokes a vi variant by default as documented,
244 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
246 sudo (1.6.9p6-1) unstable; urgency=low
248 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
249 closes: #434832, #434608, #430382
250 * eliminate the now-redundant init.d scripts, closes: #397090
251 * fix typo in TROUBLESHOOTING file, closes: #439624
253 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
255 sudo (1.6.8p12-6) unstable; urgency=low
257 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
258 * have init.d touch directories in /var/run/sudo, not just files, as a
260 * fix various typos in sudoers.pod, closes: #419749
261 * don't let Makefile strip binaries, closes: #438073
263 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
265 sudo (1.6.8p12-5) unstable; urgency=low
267 * update debian/copyright to reflect new upstream URL, closes: #368746
268 * add sandwich cartoon URL to the README.Debian
269 * don't remove sudoers on purge. can cause problems when moving between
270 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
271 evil choice for now, closes: #401366
272 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
274 * accept patch that improves debian/rules from Ted Percival, closes: #382122
275 * no longer build with --with-exempt=sudo, provide an example entry in the
276 default sudoers file instead, closes: #296605
277 * add --with-devel to configure and augment build dependencies so that flex
278 and yacc files get re-generated on every build, closes: #316249
280 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
282 sudo (1.6.8p12-4) unstable; urgency=low
284 * patch from Petter Reinholdtsen for the LSB info block in the init.d
285 script, closes: #361055
286 * deliver sudoers sample again, closes: #361593
288 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
290 sudo (1.6.8p12-3) unstable; urgency=low
292 * force-feed configure knowledge of nroff's path so we get unformatted man
293 pages installed without build-depending on groff-base, closes: #360894
294 * add a reference to OPTIONS in the man page, closes: #186226
296 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
298 sudo (1.6.8p12-2) unstable; urgency=low
300 * fix typos in init scripts, closes: #346325
301 * update to debhelper compat level 5
302 * build depend on autotools-dev to ensure config.sub/guess are fresh
303 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
304 use it here as well. Thanks to Martin and the debian-security team.
305 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
306 closes: #315115, #315718, #203874
307 * Non-maintainer upload by the Security Team
308 * Reworked the former patch to limit environment variables from being
309 passed through, set env_reset as default instead [sudo.c, env.c,
310 sudoers.pod, Bug#342948, CVE-2005-4158]
311 * env_reset is now set by default
312 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
313 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
314 (in addition to the SUDO_* variables)
315 * Rebuild sudoers.man.in from the POD file
316 * Added README.Debian
317 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
318 * simplify rules file by using more of Makefile, despite having to override
319 default directories with more arguments to configure, closes: #292833
320 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
321 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
322 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
323 unresolveable (requires adding bison as build dep), closes: #314949
325 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
327 sudo (1.6.8p12-1) unstable; urgency=low
329 * new upstream version, closes: #342948 (CVE-2005-4158)
330 * add env_reset to the sudoers file we create if none already exists,
331 as a further precaution in response to discussion about CVS-2005-4158
332 * split ldap support into a new sudo-ldap package. I was trying to avoid
333 doing this, but the impact of going from 4 to 17 linked shlibs on the
334 autobuilder chroots is sufficient motivation for me.
337 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
339 sudo (1.6.8p9-4) unstable; urgency=low
341 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
342 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
343 timestamps in the init.d script, closes: #330868
344 * add dependency header to init.d script, closes: #332849
346 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
348 sudo (1.6.8p9-3) unstable; urgency=high
350 * update debhelper compatibility level from 2 to 4
351 * add man page symlink for sudoedit
352 * Clean SHELLOPTS and PS4 from the environment before executing programs
353 with sudo permissions [env.c, CAN-2005-2959]
354 * fix typo in manpage pointed out by Moray Allen, closes: #285995
355 * fix paths in sample complex sudoers file, closes: #303542
356 * fix type in sudoers man page, closes: #311244
358 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
360 sudo (1.6.8p9-2) unstable; urgency=high
362 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
365 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
367 sudo (1.6.8p9-1) unstable; urgency=high
369 * new upstream version, fixes a race condition in sudo's pathname
370 validation, which is a security issue (CAN-2005-1993),
371 closes: #315115, #315718
373 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
375 sudo (1.6.8p7-1) unstable; urgency=low
377 * new upstream version, closes: #299585
378 * update lintian overrides to squelch the postinst warning
379 * change sudoedit from a hard to a soft link, closes: #296896
380 * fix regex doc in sudoers man page, closes: #300361
382 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
384 sudo (1.6.8p5-1) unstable; urgency=high
386 * new upstream version
387 * restores ability to use config tuples without a value, which was causing
388 problems on upgrade closes: #283306
389 * deliver sudoedit, closes: #283078
390 * marking urgency high since 283306 is a serious upgrade incompatibility
392 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
394 sudo (1.6.8p3-2) unstable; urgency=high
396 * update pam.d deliverable so ldap works again, closes: #282191
398 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
400 sudo (1.6.8p3-1) unstable; urgency=high
402 * new upstream version, fixes a flaw in sudo's environment sanitizing that
403 could allow a malicious user with permission to run a shell script that
404 utilized the bash shell to run arbitrary commands, closes: #281665
405 * patch the sample sudoers to have the proper path for kill on Debian
406 systems, closes: #263486
407 * patch the sudo manpage to reflect Debian's choice of exempt_group
408 default setting, closes: #236465
409 * patch the sudo manpage to reflect Debian's choice of no timeout on the
410 password prompt, closes: #271194
412 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
414 sudo (1.6.7p5-2) unstable; urgency=low
416 * Jeff Bailey reports that seteuid works on current sparc systems, so we
417 no longer need the "grosshack" stuff in the sudo rules file
418 * add a postrm that removes /etc/sudoers on purge. don't do this with the
419 normal conffile mechanism since it would generate noise on every upgrade,
422 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
424 sudo (1.6.7p5-1) unstable; urgency=low
426 * new upstream version, closes: #190265, #193222, #197244
427 * change from '.' to ':' in postinst chown call, closes: #208369
429 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
431 sudo (1.6.7p3-2) unstable; urgency=low
433 * add --disable-setresuid to configure call since 2.2 kernels don't support
434 setresgid, closes: #189044
435 * cosmetic cleanups to debian/rules as long as I'm there
437 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
439 sudo (1.6.7p3-1) unstable; urgency=low
441 * new upstream version
442 * add overrides to quiet lintian about things it doesn't understand,
443 except the source one that can't be overridden until 129510 is fixed
445 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
447 sudo (1.6.6-3) unstable; urgency=low
449 * add code to rules file to update config.sub/guess, closes: #164501
451 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
453 sudo (1.6.6-2) unstable; urgency=low
455 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
456 configure, and lose the build dependency on mail-transport-agent
457 * incorporate changes from LaMont's NMU, closes: #144665, #144737
458 * update init.d to not try and set time on nonexistent timestamp files,
460 * build with --with-all-insults, admin must edit sudoers to turn insults
461 on at runtime if desired, closes: #135374
462 * stop setting /usr/doc symlink in postinst
464 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
466 sudo (1.6.6-1.1) unstable; urgency=high
468 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
469 * Revert patch to auth/pam.c that left pass uninitialized, causing a
470 segfault (Closes: #144665).
472 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
474 sudo (1.6.6-1) unstable; urgency=high
476 * new upstream version, fixes security problem with crafty prompts,
479 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
481 sudo (1.6.5p1-4) unstable; urgency=high
483 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
484 if ctrl/C'ed at password prompt, closes: #131235
486 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
488 sudo (1.6.5p1-3) unstable; urgency=high
490 * ugly hack to add --disable-saved-ids when building on sparc in response
491 to 131592, which will be reassigned to glibc for a real fix
492 * urgency high since the sudo currently in testing for sparc is worthless
494 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
496 sudo (1.6.5p1-2) unstable; urgency=high
498 * patch from upstream to fix seg faults caused by versions of pam that
499 follow a NULL pointer, closes: #129512
501 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
503 sudo (1.6.5p1-1) unstable; urgency=high
505 * new upstream version
506 * add --disable-root-mailer option supported by new version to configure
507 call in rules file, closes: #129648
509 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
511 sudo (1.6.4p1-1) unstable; urgency=high
513 * new upstream version, with fix for segfaulting problem in 1.6.4
515 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
517 sudo (1.6.4-1) unstable; urgency=high
519 * new upstream version, includes an important security fix, closes: #127576
521 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
523 sudo (1.6.3p7-5) unstable; urgency=low
525 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
526 * fix spelling error in init.d, closes: #126847
528 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
530 sudo (1.6.3p7-4) unstable; urgency=medium
532 * use touch to set status files to an ancient date instead of removing them
533 outright on reboot. this achieves the desired effect of keeping elevated
534 privs from living across reboots, without forcing everyone to see the
535 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
536 for systems with good clocks, and 'recent enough' that broken PC hardware
537 setting the clock to commonly-seen bogus dates trips over the "don't trust
538 future timestamps" rule. closes: #76529, #123559
539 * apply patch from Steve Langasek to fix seg faults due to interaction with
540 PAM code. upstream confirms the problem, and says they're fixing this
541 differently for their next release... but this should be useful in the
542 meantime, and would be good to get into woody. closes: #119147
543 * only run the init.d at boot, not on each runlevel change... and don't run
544 it during package configure. closes: #125935
545 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
547 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
549 sudo (1.6.3p7-3) unstable; urgency=low
551 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
552 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
553 * fix a typo in the manpage, closes: #97368
554 * apply patch to configure.in and run autoconf to fix problem building on
555 the hurd, closes: #96325
556 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
557 to not last across reboots, closes: #76529
558 * clean up lintian-noticed cosmetic packaging issues
560 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
562 sudo (1.6.3p7-2) unstable; urgency=low
564 * update config.sub/guess for hppa support
566 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
568 sudo (1.6.3p7-1) unstable; urgency=low
570 * new upstream version
571 * add build dependency on mail-transport-agent, closes: #90685
573 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
575 sudo (1.6.3p6-1) unstable; urgency=high
577 * new upstream version, fixes buffer overflow problem,
578 closes: #87259, #87278, #87263
579 * revert to using --with-secure-path option at build time, since the option
580 available in sudoers is parsed too late to be useful, and upstream says
581 it won't get fixed quickly. This reopens 85123, which I will mark as
582 forwarded. Closes: #86199, #86117, #85676
584 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
586 sudo (1.6.3p5-2) unstable; urgency=low
588 * lose the dh_suidregister call since it's obsolete
589 * stop using the --with-secure-path option at build time, and instead show
590 how to set it in sudoers. Closes: #85123
591 * freshen config.sub and config.guess for ia64 and hppa
592 * update sudoers man page to indicate exempt_group is on by default,
595 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
597 sudo (1.6.3p5-1) unstable; urgency=low
599 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
600 * this version restores core dumps before the exec, while leaving them
601 disabled during sudo's internal execution, closes: #58289
602 * update debhelper calls in rules file
604 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
606 sudo (1.6.2p2-1) frozen unstable; urgency=medium
608 * new upstream source resulting from direct collaboration with the upstream
609 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
610 Closes: #56129, #55978, #55979, #56550, #56772
611 * include more upstream documentation, closes: #55054
612 * pam.d fragment update, closes: #56129
614 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
616 sudo (1.6.1-1) unstable; urgency=low
618 * new upstream source, closes: #52750
620 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
622 sudo (1.6-2) unstable; urgency=low
624 * drop suidregister support for this package. The sudo executable is
625 essentially worthless unless it is setuid root, and making suidregister
626 work involves shipping a non-setuid executable in the .deb and setting the
627 perms in the postinst. On a long upgrade run, this can leave the sudo
628 executable 'broken' for a long time, which is unacceptable. With this
629 version, we ship the executable setuid root in the .deb. Closes: #51742
631 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
633 sudo (1.6-1) unstable; urgency=low
635 * new upstream version, many options previously set at compile-time are now
636 configurable at runtime.
637 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
640 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
642 sudo (1.5.9p4-1) unstable; urgency=low
644 * new upstream version, closes: #43464
645 * empty password handling was fixed in 1.5.8, closes: #31863
647 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
649 sudo (1.5.9p1-1) unstable; urgency=low
651 * new upstream version
653 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
655 sudo (1.5.8p1-1) unstable; urgency=medium
657 * new upstream version, closes 33690
658 * add dependency on libpam-modules, closes 34215, 33432
660 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
662 sudo (1.5.7p4-2) unstable; urgency=medium
664 * update the pam fragment provided so that sudo works with latest pam bits,
667 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
669 sudo (1.5.7p4-1) unstable; urgency=low
671 * new upstream release
673 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
675 sudo (1.5.6p5-1) unstable; urgency=low
677 * new upstream patch release
678 * add PAM support, closes 28594
680 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
682 sudo (1.5.6p2-2) unstable; urgency=low
684 * update copyright file, closes 24136
685 * review and close forwarded bugs believed fixed in this upstream version,
688 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
690 sudo (1.5.6p2-1) unstable; urgency=low
692 * new upstream release
694 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
696 sudo (1.5.4-4) frozen unstable; urgency=low
698 * update postinst to use groupadd, closes 21403
699 * move the suidregister stuff earlier in postinst to ensure it always runs
701 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
703 sudo (1.5.4-3) frozen unstable; urgency=low
705 * change /etc/sudoers from a conffile to being handled in postinst,
707 * add suidmanager support, closes 15711
708 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
709 unlikely to ever fix, and which just don't matter. closes 17146
710 * fix FSF address in copyright file, and submit exception for lintian
711 warning about sudo being setuid root
713 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
715 sudo (1.5.4-2) unstable; urgency=high
717 * patch from upstream author correcting/improving security fix
719 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
721 sudo (1.5.4-1) unstable; urgency=high
723 * new upstream version, includes a security fix
724 * change default editor from /bin/ae to /usr/bin/editor
726 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
728 sudo (1.5.3-1) unstable; urgency=medium
730 * new upstream version, closes bug 15911.
731 * rules file reworked to use debhelper
732 * implement a really gross hack to force use of the sudo-provided
733 lsearch(), since the one in libc6 is broken! This closes bugs
734 12552, 12557, 14881, 15259, 15916.
736 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
738 sudo (1.5.2-6) unstable; urgency=LOW
740 * don't install INSTALL in the doc directory, closes bug 13195.
742 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
744 sudo (1.5.2-5) unstable; urgency=LOW
748 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
750 sudo (1.5.2-4) unstable; urgency=LOW
752 * change TIMEOUT (how long before you have to type your password again)
753 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
754 packages on slower machines much more tolerable. Closes bug 9076.
755 * touch debian/suid before debstd. Closes bug 8709.
757 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
759 sudo (1.5.2-3) frozen unstable; urgency=LOW
761 * patch from upstream maintainer to close Bug 6828
762 * add a debian/suid file to get debstd to leave my perl postinst alone
764 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
766 sudo (1.5.2-2) frozen unstable; urgency=LOW
768 * change rules to use -O2 -Wall as per standards
770 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
772 sudo (1.5.2-1) unstable; urgency=LOW
774 * new upstream version
775 * cosmetic changes to debian package control files
777 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
779 sudo (1.5-2) unstable; urgency=LOW
781 * add /usr/X11R6/bin to the end of the secure path... this makes it
782 much easier to run xmkmf, etc., during package builds. To the extent
783 that /usr/local/sbin and /usr/local/bin were already included, I see
784 no security reasons not to add this.
786 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
788 sudo (1.5-1) unstable; urgency=LOW
790 * New upstream version
792 * New packaging format
794 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
796 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
800 * hard code SECURE_PATH to:
801 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
805 * enabled EXEMPTGROUP "sudo"
807 * moved timestamp dir to /var/log/sudo
809 * changed parser to check for long and short filenames (Bug#1162)
811 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
815 * New upstream source
817 * Fixed postinst script
818 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
820 * Removed special shadow binary. This version works with and without
821 shadow password file.
823 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
827 * Corrected editor path to /bin/ae (Bug#3062)
829 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
831 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
835 * New upstream version
837 * Changed sudoers permission to 440 (owner root, group root) to make
840 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
844 * Applied upstream patch 1
846 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
850 * Applied upstream patch 2
852 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
856 * Applied upstream patch 3 (fixes problems with an NFS-mounted
860 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
864 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
865 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
867 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
871 * Applied upstream patch 4 (fixes several bugs)
873 * Changed priority to optional
875 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
879 * Corrected postinst to create correct permission for /etc/sudoers
882 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
886 * New upstream version
889 sudo (1.4.4-2) admin; urgency=HIGH
891 * Fixed major security bug reported by Peter Tobias
892 <tobias@et-inf.fho-emden.de>
893 * Added dchanges support to debian.rules
895 sudo (1.4.5-1) admin; urgency=LOW
897 * New upstream version
898 * Minor changes to debian.rules