1 sudo (1.7.2p7-2) UNRELEASED; urgency=low
3 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
4 re-lecturing existing users, and to clean up after ourselves on upgrade,
5 and remove the RAMRUN section from README.Debian since the new state dir
6 should fix the original problem, closes: #585514
8 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
10 sudo (1.7.2p7-1) unstable; urgency=high
12 * new upstream release with security fix for secure path (CVE-2010-1646),
14 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
15 about whether to give the lecture is preserved across reboots even when
16 RAMRUN is set, closes: #581393
17 * add a note to README.Debian about LDAP needing an entry in
18 /etc/nsswitch.conf, closes: #522065
19 * add a note to README.Debian about how to turn off lectures if using
20 RAMRUN in /etc/default/rcS, closes: #581393
22 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
24 sudo (1.7.2p6-1) unstable; urgency=low
26 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
28 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
30 sudo (1.7.2p5-1) unstable; urgency=low
32 * new upstream release, closes a bug filed upstream regarding missing man
33 page processing scripts in the 1.7.2p1 tarball, also includes the fix
34 for CVE-2010-0426 previously the subject of a security team nmu
35 * move to source format 3.0 (quilt) and restructure changes as patches
36 * fix unprocessed substitution variables in man pages, closes: #557204
37 * apply patch from Neil Moore to fix Debian-specific content in the
38 visudo man page, closes: #555013
39 * update descriptions to better explain sudo-ldap, closes: #573108
40 * eliminate spurious 'and' in man page, closes: #571620
41 * fix confusing text in default sudoers, closes: #566607
43 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
45 sudo (1.7.2p1-1) unstable; urgency=low
47 * new upstream version
48 * add support for /etc/sudoers.d using #includedir in default sudoers,
49 which I think is also a good solution to the request for a crontab-like
50 API requested in March of 2001, closes: #539994, #271813, #89743
51 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
53 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
55 sudo (1.7.2-2) unstable; urgency=low
57 * further improve initial sudoers to not include the NOPASSWD option on
58 the group sudo exception, closes: #539136, #198991
60 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
62 sudo (1.7.2-1) unstable; urgency=low
64 * new upstream version, closes: #537103
65 * improve initial sudoers by having the exemption for users in group
66 sudo on by default, and including the ability to run any command as
67 any user. This makes the default install roughly equivalent to our
68 old use of the --with-exempt=sudo build option, closes: #536220, #536222
70 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
72 sudo (1.7.0-1) unstable; urgency=low
74 * new upstream version, closes: #510179, #128268, #520274, #508514
75 * fix ldap config file path for sudo-ldap package, including creating
76 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
77 package, closes: #430826
78 * fix NOPASSWD entry location in default config file for the sudo-ldap
79 instance too, closes: #479616
81 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
83 sudo (1.6.9p17-2) unstable; urgency=high
85 * patch from upstream to fix privilege escalation with certain
86 configurations, CVE-2009-0034
87 * typo in sudoers man page, closes: #507163
89 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
91 sudo (1.6.9p17-1) unstable; urgency=low
93 * new upstream version, closes: #481008
94 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
95 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
96 in move from CVS to git for package management, closes: #475821
97 * re-instate the init.d for the sudo-ldap package too... /o\
99 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
101 sudo (1.6.9p15-2) unstable; urgency=low
103 * revert the fix for 388659 such that visudo once again defaults to using
104 /usr/bin/editor. I was always ambivalent about this change, it has caused
105 more confusion and frustration than it cured, and I find Justin's line of
106 reasoning persuasive. Update the man page source to reflect this choice
107 and the related use of --with-env-editor. Closes: #474197.
108 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
110 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
112 sudo (1.6.9p15-1) unstable; urgency=low
114 * new upstream version, closes: #467126, #473337
115 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
116 thanks to Justin Pryzby for pointing this out
117 * reinstate the init.d, since bootclean doesn't quite do what we want. This
118 also means we don't need the preinst scripts any more. Update the lintian
119 overrides since postinst is a Perl script lintian apparently isn't parsing
120 well. closes: #330868
122 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
124 sudo (1.6.9p12-1) unstable; urgency=low
126 * new upstream version, closes: #464890
128 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
130 sudo (1.6.9p11-3) unstable; urgency=low
132 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
134 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
136 sudo (1.6.9p11-2) unstable; urgency=low
138 * update version compared in preinst when removing obsolete init.d,
140 * implement pam session config suggestions from Elizabeth Fong,
141 closes: #452457, #402329
143 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
145 sudo (1.6.9p11-1) unstable; urgency=low
147 * new upstream version
149 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
151 sudo (1.6.9p10-1) unstable; urgency=low
153 * new upstream version
154 * tweak default password prompt as %u doesn't make sense. Accept patch from
155 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
156 uses it by default, closes: #454409
157 * accept patch from Martin Pitt that adds a prerm making it difficult to
158 "accidentally" remove sudo when there is no root password set on the
159 system, closes: #451241
161 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
163 sudo (1.6.9p9-1) unstable; urgency=low
165 * new upstream version
166 * debian/rules: configure a more informative default password prompt to
167 reduce confusion when using sudo to invoke commands which also ask for
168 passwords, closes: #343268
169 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
170 a custom prompt, closes: #448628.
171 * fix configure's ability to discover that libc has dirfd, closes: #451324
172 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
173 the command 'visudo' invokes a vi variant by default as documented,
176 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
178 sudo (1.6.9p6-1) unstable; urgency=low
180 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
181 closes: #434832, #434608, #430382
182 * eliminate the now-redundant init.d scripts, closes: #397090
183 * fix typo in TROUBLESHOOTING file, closes: #439624
185 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
187 sudo (1.6.8p12-6) unstable; urgency=low
189 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
190 * have init.d touch directories in /var/run/sudo, not just files, as a
192 * fix various typos in sudoers.pod, closes: #419749
193 * don't let Makefile strip binaries, closes: #438073
195 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
197 sudo (1.6.8p12-5) unstable; urgency=low
199 * update debian/copyright to reflect new upstream URL, closes: #368746
200 * add sandwich cartoon URL to the README.Debian
201 * don't remove sudoers on purge. can cause problems when moving between
202 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
203 evil choice for now, closes: #401366
204 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
206 * accept patch that improves debian/rules from Ted Percival, closes: #382122
207 * no longer build with --with-exempt=sudo, provide an example entry in the
208 default sudoers file instead, closes: #296605
209 * add --with-devel to configure and augment build dependencies so that flex
210 and yacc files get re-generated on every build, closes: #316249
212 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
214 sudo (1.6.8p12-4) unstable; urgency=low
216 * patch from Petter Reinholdtsen for the LSB info block in the init.d
217 script, closes: #361055
218 * deliver sudoers sample again, closes: #361593
220 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
222 sudo (1.6.8p12-3) unstable; urgency=low
224 * force-feed configure knowledge of nroff's path so we get unformatted man
225 pages installed without build-depending on groff-base, closes: #360894
226 * add a reference to OPTIONS in the man page, closes: #186226
228 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
230 sudo (1.6.8p12-2) unstable; urgency=low
232 * fix typos in init scripts, closes: #346325
233 * update to debhelper compat level 5
234 * build depend on autotools-dev to ensure config.sub/guess are fresh
235 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
236 use it here as well. Thanks to Martin and the debian-security team.
237 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
238 closes: #315115, #315718, #203874
239 * Non-maintainer upload by the Security Team
240 * Reworked the former patch to limit environment variables from being
241 passed through, set env_reset as default instead [sudo.c, env.c,
242 sudoers.pod, Bug#342948, CVE-2005-4158]
243 * env_reset is now set by default
244 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
245 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
246 (in addition to the SUDO_* variables)
247 * Rebuild sudoers.man.in from the POD file
248 * Added README.Debian
249 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
250 * simplify rules file by using more of Makefile, despite having to override
251 default directories with more arguments to configure, closes: #292833
252 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
253 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
254 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
255 unresolveable (requires adding bison as build dep), closes: #314949
257 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
259 sudo (1.6.8p12-1) unstable; urgency=low
261 * new upstream version, closes: #342948 (CVE-2005-4158)
262 * add env_reset to the sudoers file we create if none already exists,
263 as a further precaution in response to discussion about CVS-2005-4158
264 * split ldap support into a new sudo-ldap package. I was trying to avoid
265 doing this, but the impact of going from 4 to 17 linked shlibs on the
266 autobuilder chroots is sufficient motivation for me.
269 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
271 sudo (1.6.8p9-4) unstable; urgency=low
273 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
274 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
275 timestamps in the init.d script, closes: #330868
276 * add dependency header to init.d script, closes: #332849
278 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
280 sudo (1.6.8p9-3) unstable; urgency=high
282 * update debhelper compatibility level from 2 to 4
283 * add man page symlink for sudoedit
284 * Clean SHELLOPTS and PS4 from the environment before executing programs
285 with sudo permissions [env.c, CAN-2005-2959]
286 * fix typo in manpage pointed out by Moray Allen, closes: #285995
287 * fix paths in sample complex sudoers file, closes: #303542
288 * fix type in sudoers man page, closes: #311244
290 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
292 sudo (1.6.8p9-2) unstable; urgency=high
294 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
297 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
299 sudo (1.6.8p9-1) unstable; urgency=high
301 * new upstream version, fixes a race condition in sudo's pathname
302 validation, which is a security issue (CAN-2005-1993),
303 closes: #315115, #315718
305 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
307 sudo (1.6.8p7-1) unstable; urgency=low
309 * new upstream version, closes: #299585
310 * update lintian overrides to squelch the postinst warning
311 * change sudoedit from a hard to a soft link, closes: #296896
312 * fix regex doc in sudoers man page, closes: #300361
314 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
316 sudo (1.6.8p5-1) unstable; urgency=high
318 * new upstream version
319 * restores ability to use config tuples without a value, which was causing
320 problems on upgrade closes: #283306
321 * deliver sudoedit, closes: #283078
322 * marking urgency high since 283306 is a serious upgrade incompatibility
324 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
326 sudo (1.6.8p3-2) unstable; urgency=high
328 * update pam.d deliverable so ldap works again, closes: #282191
330 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
332 sudo (1.6.8p3-1) unstable; urgency=high
334 * new upstream version, fixes a flaw in sudo's environment sanitizing that
335 could allow a malicious user with permission to run a shell script that
336 utilized the bash shell to run arbitrary commands, closes: #281665
337 * patch the sample sudoers to have the proper path for kill on Debian
338 systems, closes: #263486
339 * patch the sudo manpage to reflect Debian's choice of exempt_group
340 default setting, closes: #236465
341 * patch the sudo manpage to reflect Debian's choice of no timeout on the
342 password prompt, closes: #271194
344 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
346 sudo (1.6.7p5-2) unstable; urgency=low
348 * Jeff Bailey reports that seteuid works on current sparc systems, so we
349 no longer need the "grosshack" stuff in the sudo rules file
350 * add a postrm that removes /etc/sudoers on purge. don't do this with the
351 normal conffile mechanism since it would generate noise on every upgrade,
354 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
356 sudo (1.6.7p5-1) unstable; urgency=low
358 * new upstream version, closes: #190265, #193222, #197244
359 * change from '.' to ':' in postinst chown call, closes: #208369
361 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
363 sudo (1.6.7p3-2) unstable; urgency=low
365 * add --disable-setresuid to configure call since 2.2 kernels don't support
366 setresgid, closes: #189044
367 * cosmetic cleanups to debian/rules as long as I'm there
369 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
371 sudo (1.6.7p3-1) unstable; urgency=low
373 * new upstream version
374 * add overrides to quiet lintian about things it doesn't understand,
375 except the source one that can't be overridden until 129510 is fixed
377 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
379 sudo (1.6.6-3) unstable; urgency=low
381 * add code to rules file to update config.sub/guess, closes: #164501
383 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
385 sudo (1.6.6-2) unstable; urgency=low
387 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
388 configure, and lose the build dependency on mail-transport-agent
389 * incorporate changes from LaMont's NMU, closes: #144665, #144737
390 * update init.d to not try and set time on nonexistent timestamp files,
392 * build with --with-all-insults, admin must edit sudoers to turn insults
393 on at runtime if desired, closes: #135374
394 * stop setting /usr/doc symlink in postinst
396 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
398 sudo (1.6.6-1.1) unstable; urgency=high
400 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
401 * Revert patch to auth/pam.c that left pass uninitialized, causing a
402 segfault (Closes: #144665).
404 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
406 sudo (1.6.6-1) unstable; urgency=high
408 * new upstream version, fixes security problem with crafty prompts,
411 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
413 sudo (1.6.5p1-4) unstable; urgency=high
415 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
416 if ctrl/C'ed at password prompt, closes: #131235
418 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
420 sudo (1.6.5p1-3) unstable; urgency=high
422 * ugly hack to add --disable-saved-ids when building on sparc in response
423 to 131592, which will be reassigned to glibc for a real fix
424 * urgency high since the sudo currently in testing for sparc is worthless
426 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
428 sudo (1.6.5p1-2) unstable; urgency=high
430 * patch from upstream to fix seg faults caused by versions of pam that
431 follow a NULL pointer, closes: #129512
433 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
435 sudo (1.6.5p1-1) unstable; urgency=high
437 * new upstream version
438 * add --disable-root-mailer option supported by new version to configure
439 call in rules file, closes: #129648
441 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
443 sudo (1.6.4p1-1) unstable; urgency=high
445 * new upstream version, with fix for segfaulting problem in 1.6.4
447 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
449 sudo (1.6.4-1) unstable; urgency=high
451 * new upstream version, includes an important security fix, closes: #127576
453 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
455 sudo (1.6.3p7-5) unstable; urgency=low
457 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
458 * fix spelling error in init.d, closes: #126847
460 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
462 sudo (1.6.3p7-4) unstable; urgency=medium
464 * use touch to set status files to an ancient date instead of removing them
465 outright on reboot. this achieves the desired effect of keeping elevated
466 privs from living across reboots, without forcing everyone to see the
467 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
468 for systems with good clocks, and 'recent enough' that broken PC hardware
469 setting the clock to commonly-seen bogus dates trips over the "don't trust
470 future timestamps" rule. closes: #76529, #123559
471 * apply patch from Steve Langasek to fix seg faults due to interaction with
472 PAM code. upstream confirms the problem, and says they're fixing this
473 differently for their next release... but this should be useful in the
474 meantime, and would be good to get into woody. closes: #119147
475 * only run the init.d at boot, not on each runlevel change... and don't run
476 it during package configure. closes: #125935
477 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
479 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
481 sudo (1.6.3p7-3) unstable; urgency=low
483 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
484 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
485 * fix a typo in the manpage, closes: #97368
486 * apply patch to configure.in and run autoconf to fix problem building on
487 the hurd, closes: #96325
488 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
489 to not last across reboots, closes: #76529
490 * clean up lintian-noticed cosmetic packaging issues
492 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
494 sudo (1.6.3p7-2) unstable; urgency=low
496 * update config.sub/guess for hppa support
498 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
500 sudo (1.6.3p7-1) unstable; urgency=low
502 * new upstream version
503 * add build dependency on mail-transport-agent, closes: #90685
505 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
507 sudo (1.6.3p6-1) unstable; urgency=high
509 * new upstream version, fixes buffer overflow problem,
510 closes: #87259, #87278, #87263
511 * revert to using --with-secure-path option at build time, since the option
512 available in sudoers is parsed too late to be useful, and upstream says
513 it won't get fixed quickly. This reopens 85123, which I will mark as
514 forwarded. Closes: #86199, #86117, #85676
516 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
518 sudo (1.6.3p5-2) unstable; urgency=low
520 * lose the dh_suidregister call since it's obsolete
521 * stop using the --with-secure-path option at build time, and instead show
522 how to set it in sudoers. Closes: #85123
523 * freshen config.sub and config.guess for ia64 and hppa
524 * update sudoers man page to indicate exempt_group is on by default,
527 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
529 sudo (1.6.3p5-1) unstable; urgency=low
531 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
532 * this version restores core dumps before the exec, while leaving them
533 disabled during sudo's internal execution, closes: #58289
534 * update debhelper calls in rules file
536 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
538 sudo (1.6.2p2-1) frozen unstable; urgency=medium
540 * new upstream source resulting from direct collaboration with the upstream
541 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
542 Closes: #56129, #55978, #55979, #56550, #56772
543 * include more upstream documentation, closes: #55054
544 * pam.d fragment update, closes: #56129
546 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
548 sudo (1.6.1-1) unstable; urgency=low
550 * new upstream source, closes: #52750
552 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
554 sudo (1.6-2) unstable; urgency=low
556 * drop suidregister support for this package. The sudo executable is
557 essentially worthless unless it is setuid root, and making suidregister
558 work involves shipping a non-setuid executable in the .deb and setting the
559 perms in the postinst. On a long upgrade run, this can leave the sudo
560 executable 'broken' for a long time, which is unacceptable. With this
561 version, we ship the executable setuid root in the .deb. Closes: #51742
563 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
565 sudo (1.6-1) unstable; urgency=low
567 * new upstream version, many options previously set at compile-time are now
568 configurable at runtime.
569 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
572 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
574 sudo (1.5.9p4-1) unstable; urgency=low
576 * new upstream version, closes: #43464
577 * empty password handling was fixed in 1.5.8, closes: #31863
579 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
581 sudo (1.5.9p1-1) unstable; urgency=low
583 * new upstream version
585 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
587 sudo (1.5.8p1-1) unstable; urgency=medium
589 * new upstream version, closes 33690
590 * add dependency on libpam-modules, closes 34215, 33432
592 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
594 sudo (1.5.7p4-2) unstable; urgency=medium
596 * update the pam fragment provided so that sudo works with latest pam bits,
599 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
601 sudo (1.5.7p4-1) unstable; urgency=low
603 * new upstream release
605 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
607 sudo (1.5.6p5-1) unstable; urgency=low
609 * new upstream patch release
610 * add PAM support, closes 28594
612 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
614 sudo (1.5.6p2-2) unstable; urgency=low
616 * update copyright file, closes 24136
617 * review and close forwarded bugs believed fixed in this upstream version,
620 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
622 sudo (1.5.6p2-1) unstable; urgency=low
624 * new upstream release
626 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
628 sudo (1.5.4-4) frozen unstable; urgency=low
630 * update postinst to use groupadd, closes 21403
631 * move the suidregister stuff earlier in postinst to ensure it always runs
633 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
635 sudo (1.5.4-3) frozen unstable; urgency=low
637 * change /etc/sudoers from a conffile to being handled in postinst,
639 * add suidmanager support, closes 15711
640 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
641 unlikely to ever fix, and which just don't matter. closes 17146
642 * fix FSF address in copyright file, and submit exception for lintian
643 warning about sudo being setuid root
645 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
647 sudo (1.5.4-2) unstable; urgency=high
649 * patch from upstream author correcting/improving security fix
651 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
653 sudo (1.5.4-1) unstable; urgency=high
655 * new upstream version, includes a security fix
656 * change default editor from /bin/ae to /usr/bin/editor
658 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
660 sudo (1.5.3-1) unstable; urgency=medium
662 * new upstream version, closes bug 15911.
663 * rules file reworked to use debhelper
664 * implement a really gross hack to force use of the sudo-provided
665 lsearch(), since the one in libc6 is broken! This closes bugs
666 12552, 12557, 14881, 15259, 15916.
668 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
670 sudo (1.5.2-6) unstable; urgency=LOW
672 * don't install INSTALL in the doc directory, closes bug 13195.
674 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
676 sudo (1.5.2-5) unstable; urgency=LOW
680 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
682 sudo (1.5.2-4) unstable; urgency=LOW
684 * change TIMEOUT (how long before you have to type your password again)
685 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
686 packages on slower machines much more tolerable. Closes bug 9076.
687 * touch debian/suid before debstd. Closes bug 8709.
689 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
691 sudo (1.5.2-3) frozen unstable; urgency=LOW
693 * patch from upstream maintainer to close Bug 6828
694 * add a debian/suid file to get debstd to leave my perl postinst alone
696 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
698 sudo (1.5.2-2) frozen unstable; urgency=LOW
700 * change rules to use -O2 -Wall as per standards
702 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
704 sudo (1.5.2-1) unstable; urgency=LOW
706 * new upstream version
707 * cosmetic changes to debian package control files
709 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
711 sudo (1.5-2) unstable; urgency=LOW
713 * add /usr/X11R6/bin to the end of the secure path... this makes it
714 much easier to run xmkmf, etc., during package builds. To the extent
715 that /usr/local/sbin and /usr/local/bin were already included, I see
716 no security reasons not to add this.
718 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
720 sudo (1.5-1) unstable; urgency=LOW
722 * New upstream version
724 * New packaging format
726 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
728 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
732 * hard code SECURE_PATH to:
733 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
737 * enabled EXEMPTGROUP "sudo"
739 * moved timestamp dir to /var/log/sudo
741 * changed parser to check for long and short filenames (Bug#1162)
743 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
747 * New upstream source
749 * Fixed postinst script
750 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
752 * Removed special shadow binary. This version works with and without
753 shadow password file.
755 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
759 * Corrected editor path to /bin/ae (Bug#3062)
761 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
763 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
767 * New upstream version
769 * Changed sudoers permission to 440 (owner root, group root) to make
772 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
776 * Applied upstream patch 1
778 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
782 * Applied upstream patch 2
784 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
788 * Applied upstream patch 3 (fixes problems with an NFS-mounted
792 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
796 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
797 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
799 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
803 * Applied upstream patch 4 (fixes several bugs)
805 * Changed priority to optional
807 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
811 * Corrected postinst to create correct permission for /etc/sudoers
814 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
818 * New upstream version
821 sudo (1.4.4-2) admin; urgency=HIGH
823 * Fixed major security bug reported by Peter Tobias
824 <tobias@et-inf.fho-emden.de>
825 * Added dchanges support to debian.rules
827 sudo (1.4.5-1) admin; urgency=LOW
829 * New upstream version
830 * Minor changes to debian.rules