1 sudo (1.8.7-1) UNRELEASED; urgency=low
3 * new upstream version, closes: #715157
4 * make sudo-ldap package's init.d script be called sudo-ldap
5 * add sssd support to sudo, closes: #719574
7 -- Bdale Garbee <bdale@gag.com> Tue, 13 Aug 2013 23:05:31 +0200
9 sudo (1.8.5p2-1) unstable; urgency=low
11 * new upstream version
12 * patch to use flock on hurd, run autoconf in rules, closes: #655883
13 * patch to avoid calling unlink with null pointer on hurd, closes: #655948
14 * patch to actually use hardening build flags, closes: #655417
15 * fix sudo-ldap.postinst syntax issue, closes: #669576
17 -- Bdale Garbee <bdale@gag.com> Thu, 28 Jun 2012 12:01:37 -0600
19 sudo (1.8.3p2-1) unstable; urgency=high
21 * new upstream version, closes: #657985 (CVE-2012-0809)
22 * patch from Pino Toscano to only use selinux on Linux, closes: #655894
24 -- Bdale Garbee <bdale@gag.com> Mon, 30 Jan 2012 16:11:54 -0700
26 sudo (1.8.3p1-3) unstable; urgency=low
28 * patch from Moritz Muehlenhoff enables hardened build flags, closes: #655417
29 * replacement postinst script from Mike Beattie using shell instead of Perl
30 * include systemd service file from Michael Stapelberg, closes: #639633
31 * add init.d status support, closes: #641782
32 * make sudo-ldap package manage a sudoers entry in nsswitch.conf,
33 closes: #610600, #639530
34 * enable mail_badpass in the default sudoers file, closes: #641218
35 * enable selinux support, closes: #655510
37 -- Bdale Garbee <bdale@gag.com> Wed, 11 Jan 2012 16:18:13 -0700
39 sudo (1.8.3p1-2) unstable; urgency=low
41 * if upgrading from squeeze, and the sudoers file is unmodified, avoid
42 the packaging system prompting the user about a change they didn't make
43 now that sudoers is a conffile, closes: #612532, #636049
44 * add a recommendation for the use of visudo to the sudoers.d/README file,
47 -- Bdale Garbee <bdale@gag.com> Sat, 12 Nov 2011 16:27:13 -0700
49 sudo (1.8.3p1-1) unstable; urgency=low
51 * new upstream version, closes: #646478
53 -- Bdale Garbee <bdale@gag.com> Thu, 27 Oct 2011 01:03:44 +0200
55 sudo (1.8.3-1) unstable; urgency=low
57 * new upstream version, closes: #639391, #639568
59 -- Bdale Garbee <bdale@gag.com> Sat, 22 Oct 2011 23:49:16 -0600
61 sudo (1.8.2-2) unstable; urgency=low
64 * debian/rules improvements, closes: #642535
65 + mv upstream sample.* files to the examples folder.
66 - do not call dh_installexamples.
69 * patch from upstream for SIGBUS on sparc64, closes: #640304
70 * use common-session-noninteractive in the pam config to reduce log noise
71 when sudo is used in cron, etc, closes: #519700
72 * patch from Steven McDonald to fix segfault on startup under certain
73 conditions, closes: #639568
74 * add a NEWS entry regarding the secure_path change made in 1.8.2-1,
77 -- Bdale Garbee <bdale@gag.com> Mon, 26 Sep 2011 21:55:56 -0600
79 sudo (1.8.2-1) unstable; urgency=low
81 * new upstream version, closes: #637449, #621830
82 * include common-session in pam config, closes: #519700, #607199
83 * move secure_path from configure to default sudoers, closes: #85123, 85917
84 * improve sudoers self-documentation, closes: #613639
85 * drop --disable-setresuid since modern systems should not run 2.2 kernels
86 * lose the --with-devel configure option since it's breaking builds in
87 subdirectories for some reason
89 -- Bdale Garbee <bdale@gag.com> Wed, 24 Aug 2011 13:33:11 -0600
91 sudo (1.7.4p6-1) unstable; urgency=low
93 * new upstream version
94 * touch the right stamp name after configuring, closes: #611287
95 * patch from Svante Signell to fix build problem on Hurd, closes: #611290
97 -- Bdale Garbee <bdale@gag.com> Wed, 09 Feb 2011 11:32:58 -0700
99 sudo (1.7.4p4-6) unstable; urgency=low
101 * update /etc/sudoers.d/README now that sudoers is a conffile
102 * patch from upstream to fix special case in password checking code
103 when only the gid is changing, closes: #609641
105 -- Bdale Garbee <bdale@gag.com> Tue, 11 Jan 2011 10:22:39 -0700
107 sudo (1.7.4p4-5) unstable; urgency=low
109 * patch from Jakub Wilk to add noopt and nostrip build option support,
111 * make sudoers a conffile, closes: #605130
112 * add descriptions to LSB init headers, closes: #604619
113 * change default sudoers %sudo entry to allow gid changes, closes: #602699
114 * add Vcs entries to the control file
115 * use debhelper install files instead of explicit installs in rules
117 -- Bdale Garbee <bdale@gag.com> Wed, 01 Dec 2010 20:32:31 -0700
119 sudo (1.7.4p4-4) unstable; urgency=low
121 * patch from upstream to resolve problem always prompting for a password
122 when run without a tty, closes: #599376
123 * patch from upstream to resolve interoperability problem between HOME in
124 env_keep and the -H flag, closes: #596493
125 * change path syntax to avoid tar error when /var/run/sudo exists but is
126 empty, closes: #598877
128 -- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600
130 sudo (1.7.4p4-3) unstable; urgency=low
132 * make postinst clause for handling /var/run -> /var/lib transition less
133 fragile, closes: #585514
134 * cope with upstream's Makefile trying to install ChangeLog in our doc
135 directory, closes: #597389
136 * fix README.Debian to reflect that HOME is no longer preserved by default,
139 -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
141 sudo (1.7.4p4-2) unstable; urgency=low
143 * add a NEWS item about change in $HOME handling that impacts programs
146 -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
148 sudo (1.7.4p4-1) unstable; urgency=high
150 * new upstream version, urgency high due to fix for flaw in Runas group
151 matching (CVE-2010-2956), closes: #595935
152 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
153 re-lecturing existing users, and to clean up after ourselves on upgrade,
154 and remove the RAMRUN section from README.Debian since the new state dir
155 should fix the original problem, closes: #585514
156 * deliver README.Debian to both package flavors, closes: #593579
158 -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600
160 sudo (1.7.2p7-1) unstable; urgency=high
162 * new upstream release with security fix for secure path (CVE-2010-1646),
164 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
165 about whether to give the lecture is preserved across reboots even when
166 RAMRUN is set, closes: #581393
167 * add a note to README.Debian about LDAP needing an entry in
168 /etc/nsswitch.conf, closes: #522065
169 * add a note to README.Debian about how to turn off lectures if using
170 RAMRUN in /etc/default/rcS, closes: #581393
172 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
174 sudo (1.7.2p6-1) unstable; urgency=low
176 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
178 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
180 sudo (1.7.2p5-1) unstable; urgency=low
182 * new upstream release, closes a bug filed upstream regarding missing man
183 page processing scripts in the 1.7.2p1 tarball, also includes the fix
184 for CVE-2010-0426 previously the subject of a security team nmu
185 * move to source format 3.0 (quilt) and restructure changes as patches
186 * fix unprocessed substitution variables in man pages, closes: #557204
187 * apply patch from Neil Moore to fix Debian-specific content in the
188 visudo man page, closes: #555013
189 * update descriptions to better explain sudo-ldap, closes: #573108
190 * eliminate spurious 'and' in man page, closes: #571620
191 * fix confusing text in default sudoers, closes: #566607
193 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
195 sudo (1.7.2p1-1) unstable; urgency=low
197 * new upstream version
198 * add support for /etc/sudoers.d using #includedir in default sudoers,
199 which I think is also a good solution to the request for a crontab-like
200 API requested in March of 2001, closes: #539994, #271813, #89743
201 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
203 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
205 sudo (1.7.2-2) unstable; urgency=low
207 * further improve initial sudoers to not include the NOPASSWD option on
208 the group sudo exception, closes: #539136, #198991
210 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
212 sudo (1.7.2-1) unstable; urgency=low
214 * new upstream version, closes: #537103
215 * improve initial sudoers by having the exemption for users in group
216 sudo on by default, and including the ability to run any command as
217 any user. This makes the default install roughly equivalent to our
218 old use of the --with-exempt=sudo build option, closes: #536220, #536222
220 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
222 sudo (1.7.0-1) unstable; urgency=low
224 * new upstream version, closes: #510179, #128268, #520274, #508514
225 * fix ldap config file path for sudo-ldap package, including creating
226 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
227 package, closes: #430826
228 * fix NOPASSWD entry location in default config file for the sudo-ldap
229 instance too, closes: #479616
231 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
233 sudo (1.6.9p17-2) unstable; urgency=high
235 * patch from upstream to fix privilege escalation with certain
236 configurations, CVE-2009-0034
237 * typo in sudoers man page, closes: #507163
239 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
241 sudo (1.6.9p17-1) unstable; urgency=low
243 * new upstream version, closes: #481008
244 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
245 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
246 in move from CVS to git for package management, closes: #475821
247 * re-instate the init.d for the sudo-ldap package too... /o\
249 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
251 sudo (1.6.9p15-2) unstable; urgency=low
253 * revert the fix for 388659 such that visudo once again defaults to using
254 /usr/bin/editor. I was always ambivalent about this change, it has caused
255 more confusion and frustration than it cured, and I find Justin's line of
256 reasoning persuasive. Update the man page source to reflect this choice
257 and the related use of --with-env-editor. Closes: #474197.
258 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
260 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
262 sudo (1.6.9p15-1) unstable; urgency=low
264 * new upstream version, closes: #467126, #473337
265 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
266 thanks to Justin Pryzby for pointing this out
267 * reinstate the init.d, since bootclean doesn't quite do what we want. This
268 also means we don't need the preinst scripts any more. Update the lintian
269 overrides since postinst is a Perl script lintian apparently isn't parsing
270 well. closes: #330868
272 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
274 sudo (1.6.9p12-1) unstable; urgency=low
276 * new upstream version, closes: #464890
278 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
280 sudo (1.6.9p11-3) unstable; urgency=low
282 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
284 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
286 sudo (1.6.9p11-2) unstable; urgency=low
288 * update version compared in preinst when removing obsolete init.d,
290 * implement pam session config suggestions from Elizabeth Fong,
291 closes: #452457, #402329
293 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
295 sudo (1.6.9p11-1) unstable; urgency=low
297 * new upstream version
299 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
301 sudo (1.6.9p10-1) unstable; urgency=low
303 * new upstream version
304 * tweak default password prompt as %u doesn't make sense. Accept patch from
305 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
306 uses it by default, closes: #454409
307 * accept patch from Martin Pitt that adds a prerm making it difficult to
308 "accidentally" remove sudo when there is no root password set on the
309 system, closes: #451241
311 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
313 sudo (1.6.9p9-1) unstable; urgency=low
315 * new upstream version
316 * debian/rules: configure a more informative default password prompt to
317 reduce confusion when using sudo to invoke commands which also ask for
318 passwords, closes: #343268
319 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
320 a custom prompt, closes: #448628.
321 * fix configure's ability to discover that libc has dirfd, closes: #451324
322 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
323 the command 'visudo' invokes a vi variant by default as documented,
326 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
328 sudo (1.6.9p6-1) unstable; urgency=low
330 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
331 closes: #434832, #434608, #430382
332 * eliminate the now-redundant init.d scripts, closes: #397090
333 * fix typo in TROUBLESHOOTING file, closes: #439624
335 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
337 sudo (1.6.8p12-6) unstable; urgency=low
339 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
340 * have init.d touch directories in /var/run/sudo, not just files, as a
342 * fix various typos in sudoers.pod, closes: #419749
343 * don't let Makefile strip binaries, closes: #438073
345 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
347 sudo (1.6.8p12-5) unstable; urgency=low
349 * update debian/copyright to reflect new upstream URL, closes: #368746
350 * add sandwich cartoon URL to the README.Debian
351 * don't remove sudoers on purge. can cause problems when moving between
352 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
353 evil choice for now, closes: #401366
354 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
356 * accept patch that improves debian/rules from Ted Percival, closes: #382122
357 * no longer build with --with-exempt=sudo, provide an example entry in the
358 default sudoers file instead, closes: #296605
359 * add --with-devel to configure and augment build dependencies so that flex
360 and yacc files get re-generated on every build, closes: #316249
362 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
364 sudo (1.6.8p12-4) unstable; urgency=low
366 * patch from Petter Reinholdtsen for the LSB info block in the init.d
367 script, closes: #361055
368 * deliver sudoers sample again, closes: #361593
370 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
372 sudo (1.6.8p12-3) unstable; urgency=low
374 * force-feed configure knowledge of nroff's path so we get unformatted man
375 pages installed without build-depending on groff-base, closes: #360894
376 * add a reference to OPTIONS in the man page, closes: #186226
378 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
380 sudo (1.6.8p12-2) unstable; urgency=low
382 * fix typos in init scripts, closes: #346325
383 * update to debhelper compat level 5
384 * build depend on autotools-dev to ensure config.sub/guess are fresh
385 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
386 use it here as well. Thanks to Martin and the debian-security team.
387 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
388 closes: #315115, #315718, #203874
389 * Non-maintainer upload by the Security Team
390 * Reworked the former patch to limit environment variables from being
391 passed through, set env_reset as default instead [sudo.c, env.c,
392 sudoers.pod, Bug#342948, CVE-2005-4158]
393 * env_reset is now set by default
394 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
395 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
396 (in addition to the SUDO_* variables)
397 * Rebuild sudoers.man.in from the POD file
398 * Added README.Debian
399 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
400 * simplify rules file by using more of Makefile, despite having to override
401 default directories with more arguments to configure, closes: #292833
402 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
403 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
404 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
405 unresolveable (requires adding bison as build dep), closes: #314949
407 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
409 sudo (1.6.8p12-1) unstable; urgency=low
411 * new upstream version, closes: #342948 (CVE-2005-4158)
412 * add env_reset to the sudoers file we create if none already exists,
413 as a further precaution in response to discussion about CVS-2005-4158
414 * split ldap support into a new sudo-ldap package. I was trying to avoid
415 doing this, but the impact of going from 4 to 17 linked shlibs on the
416 autobuilder chroots is sufficient motivation for me.
419 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
421 sudo (1.6.8p9-4) unstable; urgency=low
423 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
424 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
425 timestamps in the init.d script, closes: #330868
426 * add dependency header to init.d script, closes: #332849
428 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
430 sudo (1.6.8p9-3) unstable; urgency=high
432 * update debhelper compatibility level from 2 to 4
433 * add man page symlink for sudoedit
434 * Clean SHELLOPTS and PS4 from the environment before executing programs
435 with sudo permissions [env.c, CAN-2005-2959]
436 * fix typo in manpage pointed out by Moray Allen, closes: #285995
437 * fix paths in sample complex sudoers file, closes: #303542
438 * fix type in sudoers man page, closes: #311244
440 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
442 sudo (1.6.8p9-2) unstable; urgency=high
444 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
447 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
449 sudo (1.6.8p9-1) unstable; urgency=high
451 * new upstream version, fixes a race condition in sudo's pathname
452 validation, which is a security issue (CAN-2005-1993),
453 closes: #315115, #315718
455 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
457 sudo (1.6.8p7-1) unstable; urgency=low
459 * new upstream version, closes: #299585
460 * update lintian overrides to squelch the postinst warning
461 * change sudoedit from a hard to a soft link, closes: #296896
462 * fix regex doc in sudoers man page, closes: #300361
464 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
466 sudo (1.6.8p5-1) unstable; urgency=high
468 * new upstream version
469 * restores ability to use config tuples without a value, which was causing
470 problems on upgrade closes: #283306
471 * deliver sudoedit, closes: #283078
472 * marking urgency high since 283306 is a serious upgrade incompatibility
474 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
476 sudo (1.6.8p3-2) unstable; urgency=high
478 * update pam.d deliverable so ldap works again, closes: #282191
480 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
482 sudo (1.6.8p3-1) unstable; urgency=high
484 * new upstream version, fixes a flaw in sudo's environment sanitizing that
485 could allow a malicious user with permission to run a shell script that
486 utilized the bash shell to run arbitrary commands, closes: #281665
487 * patch the sample sudoers to have the proper path for kill on Debian
488 systems, closes: #263486
489 * patch the sudo manpage to reflect Debian's choice of exempt_group
490 default setting, closes: #236465
491 * patch the sudo manpage to reflect Debian's choice of no timeout on the
492 password prompt, closes: #271194
494 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
496 sudo (1.6.7p5-2) unstable; urgency=low
498 * Jeff Bailey reports that seteuid works on current sparc systems, so we
499 no longer need the "grosshack" stuff in the sudo rules file
500 * add a postrm that removes /etc/sudoers on purge. don't do this with the
501 normal conffile mechanism since it would generate noise on every upgrade,
504 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
506 sudo (1.6.7p5-1) unstable; urgency=low
508 * new upstream version, closes: #190265, #193222, #197244
509 * change from '.' to ':' in postinst chown call, closes: #208369
511 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
513 sudo (1.6.7p3-2) unstable; urgency=low
515 * add --disable-setresuid to configure call since 2.2 kernels don't support
516 setresgid, closes: #189044
517 * cosmetic cleanups to debian/rules as long as I'm there
519 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
521 sudo (1.6.7p3-1) unstable; urgency=low
523 * new upstream version
524 * add overrides to quiet lintian about things it doesn't understand,
525 except the source one that can't be overridden until 129510 is fixed
527 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
529 sudo (1.6.6-3) unstable; urgency=low
531 * add code to rules file to update config.sub/guess, closes: #164501
533 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
535 sudo (1.6.6-2) unstable; urgency=low
537 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
538 configure, and lose the build dependency on mail-transport-agent
539 * incorporate changes from LaMont's NMU, closes: #144665, #144737
540 * update init.d to not try and set time on nonexistent timestamp files,
542 * build with --with-all-insults, admin must edit sudoers to turn insults
543 on at runtime if desired, closes: #135374
544 * stop setting /usr/doc symlink in postinst
546 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
548 sudo (1.6.6-1.1) unstable; urgency=high
550 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
551 * Revert patch to auth/pam.c that left pass uninitialized, causing a
552 segfault (Closes: #144665).
554 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
556 sudo (1.6.6-1) unstable; urgency=high
558 * new upstream version, fixes security problem with crafty prompts,
561 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
563 sudo (1.6.5p1-4) unstable; urgency=high
565 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
566 if ctrl/C'ed at password prompt, closes: #131235
568 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
570 sudo (1.6.5p1-3) unstable; urgency=high
572 * ugly hack to add --disable-saved-ids when building on sparc in response
573 to 131592, which will be reassigned to glibc for a real fix
574 * urgency high since the sudo currently in testing for sparc is worthless
576 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
578 sudo (1.6.5p1-2) unstable; urgency=high
580 * patch from upstream to fix seg faults caused by versions of pam that
581 follow a NULL pointer, closes: #129512
583 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
585 sudo (1.6.5p1-1) unstable; urgency=high
587 * new upstream version
588 * add --disable-root-mailer option supported by new version to configure
589 call in rules file, closes: #129648
591 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
593 sudo (1.6.4p1-1) unstable; urgency=high
595 * new upstream version, with fix for segfaulting problem in 1.6.4
597 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
599 sudo (1.6.4-1) unstable; urgency=high
601 * new upstream version, includes an important security fix, closes: #127576
603 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
605 sudo (1.6.3p7-5) unstable; urgency=low
607 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
608 * fix spelling error in init.d, closes: #126847
610 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
612 sudo (1.6.3p7-4) unstable; urgency=medium
614 * use touch to set status files to an ancient date instead of removing them
615 outright on reboot. this achieves the desired effect of keeping elevated
616 privs from living across reboots, without forcing everyone to see the
617 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
618 for systems with good clocks, and 'recent enough' that broken PC hardware
619 setting the clock to commonly-seen bogus dates trips over the "don't trust
620 future timestamps" rule. closes: #76529, #123559
621 * apply patch from Steve Langasek to fix seg faults due to interaction with
622 PAM code. upstream confirms the problem, and says they're fixing this
623 differently for their next release... but this should be useful in the
624 meantime, and would be good to get into woody. closes: #119147
625 * only run the init.d at boot, not on each runlevel change... and don't run
626 it during package configure. closes: #125935
627 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
629 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
631 sudo (1.6.3p7-3) unstable; urgency=low
633 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
634 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
635 * fix a typo in the manpage, closes: #97368
636 * apply patch to configure.in and run autoconf to fix problem building on
637 the hurd, closes: #96325
638 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
639 to not last across reboots, closes: #76529
640 * clean up lintian-noticed cosmetic packaging issues
642 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
644 sudo (1.6.3p7-2) unstable; urgency=low
646 * update config.sub/guess for hppa support
648 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
650 sudo (1.6.3p7-1) unstable; urgency=low
652 * new upstream version
653 * add build dependency on mail-transport-agent, closes: #90685
655 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
657 sudo (1.6.3p6-1) unstable; urgency=high
659 * new upstream version, fixes buffer overflow problem,
660 closes: #87259, #87278, #87263
661 * revert to using --with-secure-path option at build time, since the option
662 available in sudoers is parsed too late to be useful, and upstream says
663 it won't get fixed quickly. This reopens 85123, which I will mark as
664 forwarded. Closes: #86199, #86117, #85676
666 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
668 sudo (1.6.3p5-2) unstable; urgency=low
670 * lose the dh_suidregister call since it's obsolete
671 * stop using the --with-secure-path option at build time, and instead show
672 how to set it in sudoers. Closes: #85123
673 * freshen config.sub and config.guess for ia64 and hppa
674 * update sudoers man page to indicate exempt_group is on by default,
677 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
679 sudo (1.6.3p5-1) unstable; urgency=low
681 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
682 * this version restores core dumps before the exec, while leaving them
683 disabled during sudo's internal execution, closes: #58289
684 * update debhelper calls in rules file
686 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
688 sudo (1.6.2p2-1) frozen unstable; urgency=medium
690 * new upstream source resulting from direct collaboration with the upstream
691 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
692 Closes: #56129, #55978, #55979, #56550, #56772
693 * include more upstream documentation, closes: #55054
694 * pam.d fragment update, closes: #56129
696 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
698 sudo (1.6.1-1) unstable; urgency=low
700 * new upstream source, closes: #52750
702 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
704 sudo (1.6-2) unstable; urgency=low
706 * drop suidregister support for this package. The sudo executable is
707 essentially worthless unless it is setuid root, and making suidregister
708 work involves shipping a non-setuid executable in the .deb and setting the
709 perms in the postinst. On a long upgrade run, this can leave the sudo
710 executable 'broken' for a long time, which is unacceptable. With this
711 version, we ship the executable setuid root in the .deb. Closes: #51742
713 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
715 sudo (1.6-1) unstable; urgency=low
717 * new upstream version, many options previously set at compile-time are now
718 configurable at runtime.
719 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
722 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
724 sudo (1.5.9p4-1) unstable; urgency=low
726 * new upstream version, closes: #43464
727 * empty password handling was fixed in 1.5.8, closes: #31863
729 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
731 sudo (1.5.9p1-1) unstable; urgency=low
733 * new upstream version
735 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
737 sudo (1.5.8p1-1) unstable; urgency=medium
739 * new upstream version, closes 33690
740 * add dependency on libpam-modules, closes 34215, 33432
742 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
744 sudo (1.5.7p4-2) unstable; urgency=medium
746 * update the pam fragment provided so that sudo works with latest pam bits,
749 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
751 sudo (1.5.7p4-1) unstable; urgency=low
753 * new upstream release
755 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
757 sudo (1.5.6p5-1) unstable; urgency=low
759 * new upstream patch release
760 * add PAM support, closes 28594
762 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
764 sudo (1.5.6p2-2) unstable; urgency=low
766 * update copyright file, closes 24136
767 * review and close forwarded bugs believed fixed in this upstream version,
770 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
772 sudo (1.5.6p2-1) unstable; urgency=low
774 * new upstream release
776 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
778 sudo (1.5.4-4) frozen unstable; urgency=low
780 * update postinst to use groupadd, closes 21403
781 * move the suidregister stuff earlier in postinst to ensure it always runs
783 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
785 sudo (1.5.4-3) frozen unstable; urgency=low
787 * change /etc/sudoers from a conffile to being handled in postinst,
789 * add suidmanager support, closes 15711
790 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
791 unlikely to ever fix, and which just don't matter. closes 17146
792 * fix FSF address in copyright file, and submit exception for lintian
793 warning about sudo being setuid root
795 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
797 sudo (1.5.4-2) unstable; urgency=high
799 * patch from upstream author correcting/improving security fix
801 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
803 sudo (1.5.4-1) unstable; urgency=high
805 * new upstream version, includes a security fix
806 * change default editor from /bin/ae to /usr/bin/editor
808 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
810 sudo (1.5.3-1) unstable; urgency=medium
812 * new upstream version, closes bug 15911.
813 * rules file reworked to use debhelper
814 * implement a really gross hack to force use of the sudo-provided
815 lsearch(), since the one in libc6 is broken! This closes bugs
816 12552, 12557, 14881, 15259, 15916.
818 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
820 sudo (1.5.2-6) unstable; urgency=LOW
822 * don't install INSTALL in the doc directory, closes bug 13195.
824 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
826 sudo (1.5.2-5) unstable; urgency=LOW
830 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
832 sudo (1.5.2-4) unstable; urgency=LOW
834 * change TIMEOUT (how long before you have to type your password again)
835 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
836 packages on slower machines much more tolerable. Closes bug 9076.
837 * touch debian/suid before debstd. Closes bug 8709.
839 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
841 sudo (1.5.2-3) frozen unstable; urgency=LOW
843 * patch from upstream maintainer to close Bug 6828
844 * add a debian/suid file to get debstd to leave my perl postinst alone
846 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
848 sudo (1.5.2-2) frozen unstable; urgency=LOW
850 * change rules to use -O2 -Wall as per standards
852 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
854 sudo (1.5.2-1) unstable; urgency=LOW
856 * new upstream version
857 * cosmetic changes to debian package control files
859 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
861 sudo (1.5-2) unstable; urgency=LOW
863 * add /usr/X11R6/bin to the end of the secure path... this makes it
864 much easier to run xmkmf, etc., during package builds. To the extent
865 that /usr/local/sbin and /usr/local/bin were already included, I see
866 no security reasons not to add this.
868 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
870 sudo (1.5-1) unstable; urgency=LOW
872 * New upstream version
874 * New packaging format
876 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
878 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
882 * hard code SECURE_PATH to:
883 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
887 * enabled EXEMPTGROUP "sudo"
889 * moved timestamp dir to /var/log/sudo
891 * changed parser to check for long and short filenames (Bug#1162)
893 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
897 * New upstream source
899 * Fixed postinst script
900 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
902 * Removed special shadow binary. This version works with and without
903 shadow password file.
905 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
909 * Corrected editor path to /bin/ae (Bug#3062)
911 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
913 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
917 * New upstream version
919 * Changed sudoers permission to 440 (owner root, group root) to make
922 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
926 * Applied upstream patch 1
928 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
932 * Applied upstream patch 2
934 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
938 * Applied upstream patch 3 (fixes problems with an NFS-mounted
942 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
946 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
947 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
949 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
953 * Applied upstream patch 4 (fixes several bugs)
955 * Changed priority to optional
957 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
961 * Corrected postinst to create correct permission for /etc/sudoers
964 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
968 * New upstream version
971 sudo (1.4.4-2) admin; urgency=HIGH
973 * Fixed major security bug reported by Peter Tobias
974 <tobias@et-inf.fho-emden.de>
975 * Added dchanges support to debian.rules
977 sudo (1.4.5-1) admin; urgency=LOW
979 * New upstream version
980 * Minor changes to debian.rules