1 sudo (1.8.2-2) UNRELEASED; urgency=low
4 * debian/rules improvements, closes: #642535
5 + mv upstream sample.* files to the examples folder.
6 - do not call dh_installexamples.
9 * patch from upstream for SIGBUS on sparc64, closes: #640304
10 * use common-session-noninteractive in the pam config to reduce log noise
11 when sudo is used in cron, etc, closes: #519700
12 * patch from Steven McDonald to fix segfault on startup under certain
13 conditions, closes: #639568
15 -- Bdale Garbee <bdale@gag.com> Mon, 26 Sep 2011 21:55:56 -0600
17 sudo (1.8.2-1) unstable; urgency=low
19 * new upstream version, closes: #637449, #621830
20 * include common-session in pam config, closes: #519700, #607199
21 * move secure_path from configure to default sudoers, closes: #85123, 85917
22 * improve sudoers self-documentation, closes: #613639
23 * drop --disable-setresuid since modern systems should not run 2.2 kernels
24 * lose the --with-devel configure option since it's breaking builds in
25 subdirectories for some reason
27 -- Bdale Garbee <bdale@gag.com> Wed, 24 Aug 2011 13:33:11 -0600
29 sudo (1.7.4p6-1) unstable; urgency=low
31 * new upstream version
32 * touch the right stamp name after configuring, closes: #611287
33 * patch from Svante Signell to fix build problem on Hurd, closes: #611290
35 -- Bdale Garbee <bdale@gag.com> Wed, 09 Feb 2011 11:32:58 -0700
37 sudo (1.7.4p4-6) unstable; urgency=low
39 * update /etc/sudoers.d/README now that sudoers is a conffile
40 * patch from upstream to fix special case in password checking code
41 when only the gid is changing, closes: #609641
43 -- Bdale Garbee <bdale@gag.com> Tue, 11 Jan 2011 10:22:39 -0700
45 sudo (1.7.4p4-5) unstable; urgency=low
47 * patch from Jakub Wilk to add noopt and nostrip build option support,
49 * make sudoers a conffile, closes: #605130
50 * add descriptions to LSB init headers, closes: #604619
51 * change default sudoers %sudo entry to allow gid changes, closes: #602699
52 * add Vcs entries to the control file
53 * use debhelper install files instead of explicit installs in rules
55 -- Bdale Garbee <bdale@gag.com> Wed, 01 Dec 2010 20:32:31 -0700
57 sudo (1.7.4p4-4) unstable; urgency=low
59 * patch from upstream to resolve problem always prompting for a password
60 when run without a tty, closes: #599376
61 * patch from upstream to resolve interoperability problem between HOME in
62 env_keep and the -H flag, closes: #596493
63 * change path syntax to avoid tar error when /var/run/sudo exists but is
64 empty, closes: #598877
66 -- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600
68 sudo (1.7.4p4-3) unstable; urgency=low
70 * make postinst clause for handling /var/run -> /var/lib transition less
71 fragile, closes: #585514
72 * cope with upstream's Makefile trying to install ChangeLog in our doc
73 directory, closes: #597389
74 * fix README.Debian to reflect that HOME is no longer preserved by default,
77 -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
79 sudo (1.7.4p4-2) unstable; urgency=low
81 * add a NEWS item about change in $HOME handling that impacts programs
84 -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
86 sudo (1.7.4p4-1) unstable; urgency=high
88 * new upstream version, urgency high due to fix for flaw in Runas group
89 matching (CVE-2010-2956), closes: #595935
90 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
91 re-lecturing existing users, and to clean up after ourselves on upgrade,
92 and remove the RAMRUN section from README.Debian since the new state dir
93 should fix the original problem, closes: #585514
94 * deliver README.Debian to both package flavors, closes: #593579
96 -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600
98 sudo (1.7.2p7-1) unstable; urgency=high
100 * new upstream release with security fix for secure path (CVE-2010-1646),
102 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
103 about whether to give the lecture is preserved across reboots even when
104 RAMRUN is set, closes: #581393
105 * add a note to README.Debian about LDAP needing an entry in
106 /etc/nsswitch.conf, closes: #522065
107 * add a note to README.Debian about how to turn off lectures if using
108 RAMRUN in /etc/default/rcS, closes: #581393
110 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
112 sudo (1.7.2p6-1) unstable; urgency=low
114 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
116 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
118 sudo (1.7.2p5-1) unstable; urgency=low
120 * new upstream release, closes a bug filed upstream regarding missing man
121 page processing scripts in the 1.7.2p1 tarball, also includes the fix
122 for CVE-2010-0426 previously the subject of a security team nmu
123 * move to source format 3.0 (quilt) and restructure changes as patches
124 * fix unprocessed substitution variables in man pages, closes: #557204
125 * apply patch from Neil Moore to fix Debian-specific content in the
126 visudo man page, closes: #555013
127 * update descriptions to better explain sudo-ldap, closes: #573108
128 * eliminate spurious 'and' in man page, closes: #571620
129 * fix confusing text in default sudoers, closes: #566607
131 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
133 sudo (1.7.2p1-1) unstable; urgency=low
135 * new upstream version
136 * add support for /etc/sudoers.d using #includedir in default sudoers,
137 which I think is also a good solution to the request for a crontab-like
138 API requested in March of 2001, closes: #539994, #271813, #89743
139 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
141 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
143 sudo (1.7.2-2) unstable; urgency=low
145 * further improve initial sudoers to not include the NOPASSWD option on
146 the group sudo exception, closes: #539136, #198991
148 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
150 sudo (1.7.2-1) unstable; urgency=low
152 * new upstream version, closes: #537103
153 * improve initial sudoers by having the exemption for users in group
154 sudo on by default, and including the ability to run any command as
155 any user. This makes the default install roughly equivalent to our
156 old use of the --with-exempt=sudo build option, closes: #536220, #536222
158 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
160 sudo (1.7.0-1) unstable; urgency=low
162 * new upstream version, closes: #510179, #128268, #520274, #508514
163 * fix ldap config file path for sudo-ldap package, including creating
164 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
165 package, closes: #430826
166 * fix NOPASSWD entry location in default config file for the sudo-ldap
167 instance too, closes: #479616
169 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
171 sudo (1.6.9p17-2) unstable; urgency=high
173 * patch from upstream to fix privilege escalation with certain
174 configurations, CVE-2009-0034
175 * typo in sudoers man page, closes: #507163
177 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
179 sudo (1.6.9p17-1) unstable; urgency=low
181 * new upstream version, closes: #481008
182 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
183 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
184 in move from CVS to git for package management, closes: #475821
185 * re-instate the init.d for the sudo-ldap package too... /o\
187 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
189 sudo (1.6.9p15-2) unstable; urgency=low
191 * revert the fix for 388659 such that visudo once again defaults to using
192 /usr/bin/editor. I was always ambivalent about this change, it has caused
193 more confusion and frustration than it cured, and I find Justin's line of
194 reasoning persuasive. Update the man page source to reflect this choice
195 and the related use of --with-env-editor. Closes: #474197.
196 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
198 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
200 sudo (1.6.9p15-1) unstable; urgency=low
202 * new upstream version, closes: #467126, #473337
203 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
204 thanks to Justin Pryzby for pointing this out
205 * reinstate the init.d, since bootclean doesn't quite do what we want. This
206 also means we don't need the preinst scripts any more. Update the lintian
207 overrides since postinst is a Perl script lintian apparently isn't parsing
208 well. closes: #330868
210 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
212 sudo (1.6.9p12-1) unstable; urgency=low
214 * new upstream version, closes: #464890
216 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
218 sudo (1.6.9p11-3) unstable; urgency=low
220 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
222 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
224 sudo (1.6.9p11-2) unstable; urgency=low
226 * update version compared in preinst when removing obsolete init.d,
228 * implement pam session config suggestions from Elizabeth Fong,
229 closes: #452457, #402329
231 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
233 sudo (1.6.9p11-1) unstable; urgency=low
235 * new upstream version
237 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
239 sudo (1.6.9p10-1) unstable; urgency=low
241 * new upstream version
242 * tweak default password prompt as %u doesn't make sense. Accept patch from
243 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
244 uses it by default, closes: #454409
245 * accept patch from Martin Pitt that adds a prerm making it difficult to
246 "accidentally" remove sudo when there is no root password set on the
247 system, closes: #451241
249 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
251 sudo (1.6.9p9-1) unstable; urgency=low
253 * new upstream version
254 * debian/rules: configure a more informative default password prompt to
255 reduce confusion when using sudo to invoke commands which also ask for
256 passwords, closes: #343268
257 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
258 a custom prompt, closes: #448628.
259 * fix configure's ability to discover that libc has dirfd, closes: #451324
260 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
261 the command 'visudo' invokes a vi variant by default as documented,
264 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
266 sudo (1.6.9p6-1) unstable; urgency=low
268 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
269 closes: #434832, #434608, #430382
270 * eliminate the now-redundant init.d scripts, closes: #397090
271 * fix typo in TROUBLESHOOTING file, closes: #439624
273 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
275 sudo (1.6.8p12-6) unstable; urgency=low
277 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
278 * have init.d touch directories in /var/run/sudo, not just files, as a
280 * fix various typos in sudoers.pod, closes: #419749
281 * don't let Makefile strip binaries, closes: #438073
283 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
285 sudo (1.6.8p12-5) unstable; urgency=low
287 * update debian/copyright to reflect new upstream URL, closes: #368746
288 * add sandwich cartoon URL to the README.Debian
289 * don't remove sudoers on purge. can cause problems when moving between
290 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
291 evil choice for now, closes: #401366
292 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
294 * accept patch that improves debian/rules from Ted Percival, closes: #382122
295 * no longer build with --with-exempt=sudo, provide an example entry in the
296 default sudoers file instead, closes: #296605
297 * add --with-devel to configure and augment build dependencies so that flex
298 and yacc files get re-generated on every build, closes: #316249
300 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
302 sudo (1.6.8p12-4) unstable; urgency=low
304 * patch from Petter Reinholdtsen for the LSB info block in the init.d
305 script, closes: #361055
306 * deliver sudoers sample again, closes: #361593
308 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
310 sudo (1.6.8p12-3) unstable; urgency=low
312 * force-feed configure knowledge of nroff's path so we get unformatted man
313 pages installed without build-depending on groff-base, closes: #360894
314 * add a reference to OPTIONS in the man page, closes: #186226
316 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
318 sudo (1.6.8p12-2) unstable; urgency=low
320 * fix typos in init scripts, closes: #346325
321 * update to debhelper compat level 5
322 * build depend on autotools-dev to ensure config.sub/guess are fresh
323 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
324 use it here as well. Thanks to Martin and the debian-security team.
325 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
326 closes: #315115, #315718, #203874
327 * Non-maintainer upload by the Security Team
328 * Reworked the former patch to limit environment variables from being
329 passed through, set env_reset as default instead [sudo.c, env.c,
330 sudoers.pod, Bug#342948, CVE-2005-4158]
331 * env_reset is now set by default
332 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
333 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
334 (in addition to the SUDO_* variables)
335 * Rebuild sudoers.man.in from the POD file
336 * Added README.Debian
337 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
338 * simplify rules file by using more of Makefile, despite having to override
339 default directories with more arguments to configure, closes: #292833
340 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
341 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
342 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
343 unresolveable (requires adding bison as build dep), closes: #314949
345 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
347 sudo (1.6.8p12-1) unstable; urgency=low
349 * new upstream version, closes: #342948 (CVE-2005-4158)
350 * add env_reset to the sudoers file we create if none already exists,
351 as a further precaution in response to discussion about CVS-2005-4158
352 * split ldap support into a new sudo-ldap package. I was trying to avoid
353 doing this, but the impact of going from 4 to 17 linked shlibs on the
354 autobuilder chroots is sufficient motivation for me.
357 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
359 sudo (1.6.8p9-4) unstable; urgency=low
361 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
362 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
363 timestamps in the init.d script, closes: #330868
364 * add dependency header to init.d script, closes: #332849
366 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
368 sudo (1.6.8p9-3) unstable; urgency=high
370 * update debhelper compatibility level from 2 to 4
371 * add man page symlink for sudoedit
372 * Clean SHELLOPTS and PS4 from the environment before executing programs
373 with sudo permissions [env.c, CAN-2005-2959]
374 * fix typo in manpage pointed out by Moray Allen, closes: #285995
375 * fix paths in sample complex sudoers file, closes: #303542
376 * fix type in sudoers man page, closes: #311244
378 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
380 sudo (1.6.8p9-2) unstable; urgency=high
382 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
385 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
387 sudo (1.6.8p9-1) unstable; urgency=high
389 * new upstream version, fixes a race condition in sudo's pathname
390 validation, which is a security issue (CAN-2005-1993),
391 closes: #315115, #315718
393 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
395 sudo (1.6.8p7-1) unstable; urgency=low
397 * new upstream version, closes: #299585
398 * update lintian overrides to squelch the postinst warning
399 * change sudoedit from a hard to a soft link, closes: #296896
400 * fix regex doc in sudoers man page, closes: #300361
402 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
404 sudo (1.6.8p5-1) unstable; urgency=high
406 * new upstream version
407 * restores ability to use config tuples without a value, which was causing
408 problems on upgrade closes: #283306
409 * deliver sudoedit, closes: #283078
410 * marking urgency high since 283306 is a serious upgrade incompatibility
412 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
414 sudo (1.6.8p3-2) unstable; urgency=high
416 * update pam.d deliverable so ldap works again, closes: #282191
418 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
420 sudo (1.6.8p3-1) unstable; urgency=high
422 * new upstream version, fixes a flaw in sudo's environment sanitizing that
423 could allow a malicious user with permission to run a shell script that
424 utilized the bash shell to run arbitrary commands, closes: #281665
425 * patch the sample sudoers to have the proper path for kill on Debian
426 systems, closes: #263486
427 * patch the sudo manpage to reflect Debian's choice of exempt_group
428 default setting, closes: #236465
429 * patch the sudo manpage to reflect Debian's choice of no timeout on the
430 password prompt, closes: #271194
432 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
434 sudo (1.6.7p5-2) unstable; urgency=low
436 * Jeff Bailey reports that seteuid works on current sparc systems, so we
437 no longer need the "grosshack" stuff in the sudo rules file
438 * add a postrm that removes /etc/sudoers on purge. don't do this with the
439 normal conffile mechanism since it would generate noise on every upgrade,
442 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
444 sudo (1.6.7p5-1) unstable; urgency=low
446 * new upstream version, closes: #190265, #193222, #197244
447 * change from '.' to ':' in postinst chown call, closes: #208369
449 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
451 sudo (1.6.7p3-2) unstable; urgency=low
453 * add --disable-setresuid to configure call since 2.2 kernels don't support
454 setresgid, closes: #189044
455 * cosmetic cleanups to debian/rules as long as I'm there
457 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
459 sudo (1.6.7p3-1) unstable; urgency=low
461 * new upstream version
462 * add overrides to quiet lintian about things it doesn't understand,
463 except the source one that can't be overridden until 129510 is fixed
465 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
467 sudo (1.6.6-3) unstable; urgency=low
469 * add code to rules file to update config.sub/guess, closes: #164501
471 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
473 sudo (1.6.6-2) unstable; urgency=low
475 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
476 configure, and lose the build dependency on mail-transport-agent
477 * incorporate changes from LaMont's NMU, closes: #144665, #144737
478 * update init.d to not try and set time on nonexistent timestamp files,
480 * build with --with-all-insults, admin must edit sudoers to turn insults
481 on at runtime if desired, closes: #135374
482 * stop setting /usr/doc symlink in postinst
484 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
486 sudo (1.6.6-1.1) unstable; urgency=high
488 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
489 * Revert patch to auth/pam.c that left pass uninitialized, causing a
490 segfault (Closes: #144665).
492 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
494 sudo (1.6.6-1) unstable; urgency=high
496 * new upstream version, fixes security problem with crafty prompts,
499 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
501 sudo (1.6.5p1-4) unstable; urgency=high
503 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
504 if ctrl/C'ed at password prompt, closes: #131235
506 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
508 sudo (1.6.5p1-3) unstable; urgency=high
510 * ugly hack to add --disable-saved-ids when building on sparc in response
511 to 131592, which will be reassigned to glibc for a real fix
512 * urgency high since the sudo currently in testing for sparc is worthless
514 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
516 sudo (1.6.5p1-2) unstable; urgency=high
518 * patch from upstream to fix seg faults caused by versions of pam that
519 follow a NULL pointer, closes: #129512
521 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
523 sudo (1.6.5p1-1) unstable; urgency=high
525 * new upstream version
526 * add --disable-root-mailer option supported by new version to configure
527 call in rules file, closes: #129648
529 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
531 sudo (1.6.4p1-1) unstable; urgency=high
533 * new upstream version, with fix for segfaulting problem in 1.6.4
535 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
537 sudo (1.6.4-1) unstable; urgency=high
539 * new upstream version, includes an important security fix, closes: #127576
541 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
543 sudo (1.6.3p7-5) unstable; urgency=low
545 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
546 * fix spelling error in init.d, closes: #126847
548 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
550 sudo (1.6.3p7-4) unstable; urgency=medium
552 * use touch to set status files to an ancient date instead of removing them
553 outright on reboot. this achieves the desired effect of keeping elevated
554 privs from living across reboots, without forcing everyone to see the
555 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
556 for systems with good clocks, and 'recent enough' that broken PC hardware
557 setting the clock to commonly-seen bogus dates trips over the "don't trust
558 future timestamps" rule. closes: #76529, #123559
559 * apply patch from Steve Langasek to fix seg faults due to interaction with
560 PAM code. upstream confirms the problem, and says they're fixing this
561 differently for their next release... but this should be useful in the
562 meantime, and would be good to get into woody. closes: #119147
563 * only run the init.d at boot, not on each runlevel change... and don't run
564 it during package configure. closes: #125935
565 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
567 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
569 sudo (1.6.3p7-3) unstable; urgency=low
571 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
572 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
573 * fix a typo in the manpage, closes: #97368
574 * apply patch to configure.in and run autoconf to fix problem building on
575 the hurd, closes: #96325
576 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
577 to not last across reboots, closes: #76529
578 * clean up lintian-noticed cosmetic packaging issues
580 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
582 sudo (1.6.3p7-2) unstable; urgency=low
584 * update config.sub/guess for hppa support
586 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
588 sudo (1.6.3p7-1) unstable; urgency=low
590 * new upstream version
591 * add build dependency on mail-transport-agent, closes: #90685
593 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
595 sudo (1.6.3p6-1) unstable; urgency=high
597 * new upstream version, fixes buffer overflow problem,
598 closes: #87259, #87278, #87263
599 * revert to using --with-secure-path option at build time, since the option
600 available in sudoers is parsed too late to be useful, and upstream says
601 it won't get fixed quickly. This reopens 85123, which I will mark as
602 forwarded. Closes: #86199, #86117, #85676
604 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
606 sudo (1.6.3p5-2) unstable; urgency=low
608 * lose the dh_suidregister call since it's obsolete
609 * stop using the --with-secure-path option at build time, and instead show
610 how to set it in sudoers. Closes: #85123
611 * freshen config.sub and config.guess for ia64 and hppa
612 * update sudoers man page to indicate exempt_group is on by default,
615 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
617 sudo (1.6.3p5-1) unstable; urgency=low
619 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
620 * this version restores core dumps before the exec, while leaving them
621 disabled during sudo's internal execution, closes: #58289
622 * update debhelper calls in rules file
624 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
626 sudo (1.6.2p2-1) frozen unstable; urgency=medium
628 * new upstream source resulting from direct collaboration with the upstream
629 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
630 Closes: #56129, #55978, #55979, #56550, #56772
631 * include more upstream documentation, closes: #55054
632 * pam.d fragment update, closes: #56129
634 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
636 sudo (1.6.1-1) unstable; urgency=low
638 * new upstream source, closes: #52750
640 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
642 sudo (1.6-2) unstable; urgency=low
644 * drop suidregister support for this package. The sudo executable is
645 essentially worthless unless it is setuid root, and making suidregister
646 work involves shipping a non-setuid executable in the .deb and setting the
647 perms in the postinst. On a long upgrade run, this can leave the sudo
648 executable 'broken' for a long time, which is unacceptable. With this
649 version, we ship the executable setuid root in the .deb. Closes: #51742
651 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
653 sudo (1.6-1) unstable; urgency=low
655 * new upstream version, many options previously set at compile-time are now
656 configurable at runtime.
657 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
660 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
662 sudo (1.5.9p4-1) unstable; urgency=low
664 * new upstream version, closes: #43464
665 * empty password handling was fixed in 1.5.8, closes: #31863
667 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
669 sudo (1.5.9p1-1) unstable; urgency=low
671 * new upstream version
673 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
675 sudo (1.5.8p1-1) unstable; urgency=medium
677 * new upstream version, closes 33690
678 * add dependency on libpam-modules, closes 34215, 33432
680 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
682 sudo (1.5.7p4-2) unstable; urgency=medium
684 * update the pam fragment provided so that sudo works with latest pam bits,
687 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
689 sudo (1.5.7p4-1) unstable; urgency=low
691 * new upstream release
693 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
695 sudo (1.5.6p5-1) unstable; urgency=low
697 * new upstream patch release
698 * add PAM support, closes 28594
700 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
702 sudo (1.5.6p2-2) unstable; urgency=low
704 * update copyright file, closes 24136
705 * review and close forwarded bugs believed fixed in this upstream version,
708 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
710 sudo (1.5.6p2-1) unstable; urgency=low
712 * new upstream release
714 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
716 sudo (1.5.4-4) frozen unstable; urgency=low
718 * update postinst to use groupadd, closes 21403
719 * move the suidregister stuff earlier in postinst to ensure it always runs
721 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
723 sudo (1.5.4-3) frozen unstable; urgency=low
725 * change /etc/sudoers from a conffile to being handled in postinst,
727 * add suidmanager support, closes 15711
728 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
729 unlikely to ever fix, and which just don't matter. closes 17146
730 * fix FSF address in copyright file, and submit exception for lintian
731 warning about sudo being setuid root
733 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
735 sudo (1.5.4-2) unstable; urgency=high
737 * patch from upstream author correcting/improving security fix
739 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
741 sudo (1.5.4-1) unstable; urgency=high
743 * new upstream version, includes a security fix
744 * change default editor from /bin/ae to /usr/bin/editor
746 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
748 sudo (1.5.3-1) unstable; urgency=medium
750 * new upstream version, closes bug 15911.
751 * rules file reworked to use debhelper
752 * implement a really gross hack to force use of the sudo-provided
753 lsearch(), since the one in libc6 is broken! This closes bugs
754 12552, 12557, 14881, 15259, 15916.
756 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
758 sudo (1.5.2-6) unstable; urgency=LOW
760 * don't install INSTALL in the doc directory, closes bug 13195.
762 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
764 sudo (1.5.2-5) unstable; urgency=LOW
768 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
770 sudo (1.5.2-4) unstable; urgency=LOW
772 * change TIMEOUT (how long before you have to type your password again)
773 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
774 packages on slower machines much more tolerable. Closes bug 9076.
775 * touch debian/suid before debstd. Closes bug 8709.
777 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
779 sudo (1.5.2-3) frozen unstable; urgency=LOW
781 * patch from upstream maintainer to close Bug 6828
782 * add a debian/suid file to get debstd to leave my perl postinst alone
784 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
786 sudo (1.5.2-2) frozen unstable; urgency=LOW
788 * change rules to use -O2 -Wall as per standards
790 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
792 sudo (1.5.2-1) unstable; urgency=LOW
794 * new upstream version
795 * cosmetic changes to debian package control files
797 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
799 sudo (1.5-2) unstable; urgency=LOW
801 * add /usr/X11R6/bin to the end of the secure path... this makes it
802 much easier to run xmkmf, etc., during package builds. To the extent
803 that /usr/local/sbin and /usr/local/bin were already included, I see
804 no security reasons not to add this.
806 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
808 sudo (1.5-1) unstable; urgency=LOW
810 * New upstream version
812 * New packaging format
814 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
816 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
820 * hard code SECURE_PATH to:
821 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
825 * enabled EXEMPTGROUP "sudo"
827 * moved timestamp dir to /var/log/sudo
829 * changed parser to check for long and short filenames (Bug#1162)
831 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
835 * New upstream source
837 * Fixed postinst script
838 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
840 * Removed special shadow binary. This version works with and without
841 shadow password file.
843 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
847 * Corrected editor path to /bin/ae (Bug#3062)
849 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
851 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
855 * New upstream version
857 * Changed sudoers permission to 440 (owner root, group root) to make
860 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
864 * Applied upstream patch 1
866 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
870 * Applied upstream patch 2
872 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
876 * Applied upstream patch 3 (fixes problems with an NFS-mounted
880 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
884 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
885 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
887 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
891 * Applied upstream patch 4 (fixes several bugs)
893 * Changed priority to optional
895 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
899 * Corrected postinst to create correct permission for /etc/sudoers
902 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
906 * New upstream version
909 sudo (1.4.4-2) admin; urgency=HIGH
911 * Fixed major security bug reported by Peter Tobias
912 <tobias@et-inf.fho-emden.de>
913 * Added dchanges support to debian.rules
915 sudo (1.4.5-1) admin; urgency=LOW
917 * New upstream version
918 * Minor changes to debian.rules