1 sudo (1.8.3p1-1) unstable; urgency=low
3 * new upstream version, closes: #646478
5 -- Bdale Garbee <bdale@gag.com> Thu, 27 Oct 2011 01:03:44 +0200
7 sudo (1.8.3-1) unstable; urgency=low
9 * new upstream version, closes: #639391, #639568
11 -- Bdale Garbee <bdale@gag.com> Sat, 22 Oct 2011 23:49:16 -0600
13 sudo (1.8.2-2) unstable; urgency=low
16 * debian/rules improvements, closes: #642535
17 + mv upstream sample.* files to the examples folder.
18 - do not call dh_installexamples.
21 * patch from upstream for SIGBUS on sparc64, closes: #640304
22 * use common-session-noninteractive in the pam config to reduce log noise
23 when sudo is used in cron, etc, closes: #519700
24 * patch from Steven McDonald to fix segfault on startup under certain
25 conditions, closes: #639568
26 * add a NEWS entry regarding the secure_path change made in 1.8.2-1,
29 -- Bdale Garbee <bdale@gag.com> Mon, 26 Sep 2011 21:55:56 -0600
31 sudo (1.8.2-1) unstable; urgency=low
33 * new upstream version, closes: #637449, #621830
34 * include common-session in pam config, closes: #519700, #607199
35 * move secure_path from configure to default sudoers, closes: #85123, 85917
36 * improve sudoers self-documentation, closes: #613639
37 * drop --disable-setresuid since modern systems should not run 2.2 kernels
38 * lose the --with-devel configure option since it's breaking builds in
39 subdirectories for some reason
41 -- Bdale Garbee <bdale@gag.com> Wed, 24 Aug 2011 13:33:11 -0600
43 sudo (1.7.4p6-1) unstable; urgency=low
45 * new upstream version
46 * touch the right stamp name after configuring, closes: #611287
47 * patch from Svante Signell to fix build problem on Hurd, closes: #611290
49 -- Bdale Garbee <bdale@gag.com> Wed, 09 Feb 2011 11:32:58 -0700
51 sudo (1.7.4p4-6) unstable; urgency=low
53 * update /etc/sudoers.d/README now that sudoers is a conffile
54 * patch from upstream to fix special case in password checking code
55 when only the gid is changing, closes: #609641
57 -- Bdale Garbee <bdale@gag.com> Tue, 11 Jan 2011 10:22:39 -0700
59 sudo (1.7.4p4-5) unstable; urgency=low
61 * patch from Jakub Wilk to add noopt and nostrip build option support,
63 * make sudoers a conffile, closes: #605130
64 * add descriptions to LSB init headers, closes: #604619
65 * change default sudoers %sudo entry to allow gid changes, closes: #602699
66 * add Vcs entries to the control file
67 * use debhelper install files instead of explicit installs in rules
69 -- Bdale Garbee <bdale@gag.com> Wed, 01 Dec 2010 20:32:31 -0700
71 sudo (1.7.4p4-4) unstable; urgency=low
73 * patch from upstream to resolve problem always prompting for a password
74 when run without a tty, closes: #599376
75 * patch from upstream to resolve interoperability problem between HOME in
76 env_keep and the -H flag, closes: #596493
77 * change path syntax to avoid tar error when /var/run/sudo exists but is
78 empty, closes: #598877
80 -- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600
82 sudo (1.7.4p4-3) unstable; urgency=low
84 * make postinst clause for handling /var/run -> /var/lib transition less
85 fragile, closes: #585514
86 * cope with upstream's Makefile trying to install ChangeLog in our doc
87 directory, closes: #597389
88 * fix README.Debian to reflect that HOME is no longer preserved by default,
91 -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
93 sudo (1.7.4p4-2) unstable; urgency=low
95 * add a NEWS item about change in $HOME handling that impacts programs
98 -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
100 sudo (1.7.4p4-1) unstable; urgency=high
102 * new upstream version, urgency high due to fix for flaw in Runas group
103 matching (CVE-2010-2956), closes: #595935
104 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
105 re-lecturing existing users, and to clean up after ourselves on upgrade,
106 and remove the RAMRUN section from README.Debian since the new state dir
107 should fix the original problem, closes: #585514
108 * deliver README.Debian to both package flavors, closes: #593579
110 -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600
112 sudo (1.7.2p7-1) unstable; urgency=high
114 * new upstream release with security fix for secure path (CVE-2010-1646),
116 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
117 about whether to give the lecture is preserved across reboots even when
118 RAMRUN is set, closes: #581393
119 * add a note to README.Debian about LDAP needing an entry in
120 /etc/nsswitch.conf, closes: #522065
121 * add a note to README.Debian about how to turn off lectures if using
122 RAMRUN in /etc/default/rcS, closes: #581393
124 -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
126 sudo (1.7.2p6-1) unstable; urgency=low
128 * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
130 -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
132 sudo (1.7.2p5-1) unstable; urgency=low
134 * new upstream release, closes a bug filed upstream regarding missing man
135 page processing scripts in the 1.7.2p1 tarball, also includes the fix
136 for CVE-2010-0426 previously the subject of a security team nmu
137 * move to source format 3.0 (quilt) and restructure changes as patches
138 * fix unprocessed substitution variables in man pages, closes: #557204
139 * apply patch from Neil Moore to fix Debian-specific content in the
140 visudo man page, closes: #555013
141 * update descriptions to better explain sudo-ldap, closes: #573108
142 * eliminate spurious 'and' in man page, closes: #571620
143 * fix confusing text in default sudoers, closes: #566607
145 -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
147 sudo (1.7.2p1-1) unstable; urgency=low
149 * new upstream version
150 * add support for /etc/sudoers.d using #includedir in default sudoers,
151 which I think is also a good solution to the request for a crontab-like
152 API requested in March of 2001, closes: #539994, #271813, #89743
153 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
155 -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
157 sudo (1.7.2-2) unstable; urgency=low
159 * further improve initial sudoers to not include the NOPASSWD option on
160 the group sudo exception, closes: #539136, #198991
162 -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
164 sudo (1.7.2-1) unstable; urgency=low
166 * new upstream version, closes: #537103
167 * improve initial sudoers by having the exemption for users in group
168 sudo on by default, and including the ability to run any command as
169 any user. This makes the default install roughly equivalent to our
170 old use of the --with-exempt=sudo build option, closes: #536220, #536222
172 -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
174 sudo (1.7.0-1) unstable; urgency=low
176 * new upstream version, closes: #510179, #128268, #520274, #508514
177 * fix ldap config file path for sudo-ldap package, including creating
178 a symlink in postinst and cleaning it up in postrm for the sudo-ldap
179 package, closes: #430826
180 * fix NOPASSWD entry location in default config file for the sudo-ldap
181 instance too, closes: #479616
183 -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
185 sudo (1.6.9p17-2) unstable; urgency=high
187 * patch from upstream to fix privilege escalation with certain
188 configurations, CVE-2009-0034
189 * typo in sudoers man page, closes: #507163
191 -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
193 sudo (1.6.9p17-1) unstable; urgency=low
195 * new upstream version, closes: #481008
196 * deliver schemas to doc directory in sudo-ldap package, closes: #474331
197 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
198 in move from CVS to git for package management, closes: #475821
199 * re-instate the init.d for the sudo-ldap package too... /o\
201 -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
203 sudo (1.6.9p15-2) unstable; urgency=low
205 * revert the fix for 388659 such that visudo once again defaults to using
206 /usr/bin/editor. I was always ambivalent about this change, it has caused
207 more confusion and frustration than it cured, and I find Justin's line of
208 reasoning persuasive. Update the man page source to reflect this choice
209 and the related use of --with-env-editor. Closes: #474197.
210 * patch from Petter Reinholdtsen to improve init.d, closes: #475821
212 -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
214 sudo (1.6.9p15-1) unstable; urgency=low
216 * new upstream version, closes: #467126, #473337
217 * remove pointless postrm scripts, leaving debhelper do its thing if needed,
218 thanks to Justin Pryzby for pointing this out
219 * reinstate the init.d, since bootclean doesn't quite do what we want. This
220 also means we don't need the preinst scripts any more. Update the lintian
221 overrides since postinst is a Perl script lintian apparently isn't parsing
222 well. closes: #330868
224 -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
226 sudo (1.6.9p12-1) unstable; urgency=low
228 * new upstream version, closes: #464890
230 -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
232 sudo (1.6.9p11-3) unstable; urgency=low
234 * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
236 -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
238 sudo (1.6.9p11-2) unstable; urgency=low
240 * update version compared in preinst when removing obsolete init.d,
242 * implement pam session config suggestions from Elizabeth Fong,
243 closes: #452457, #402329
245 -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
247 sudo (1.6.9p11-1) unstable; urgency=low
249 * new upstream version
251 -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
253 sudo (1.6.9p10-1) unstable; urgency=low
255 * new upstream version
256 * tweak default password prompt as %u doesn't make sense. Accept patch from
257 Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
258 uses it by default, closes: #454409
259 * accept patch from Martin Pitt that adds a prerm making it difficult to
260 "accidentally" remove sudo when there is no root password set on the
261 system, closes: #451241
263 -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
265 sudo (1.6.9p9-1) unstable; urgency=low
267 * new upstream version
268 * debian/rules: configure a more informative default password prompt to
269 reduce confusion when using sudo to invoke commands which also ask for
270 passwords, closes: #343268
271 * auth/pam.c: don't use the PAM prompt if the user explicitly requested
272 a custom prompt, closes: #448628.
273 * fix configure's ability to discover that libc has dirfd, closes: #451324
274 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
275 the command 'visudo' invokes a vi variant by default as documented,
278 -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
280 sudo (1.6.9p6-1) unstable; urgency=low
282 * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
283 closes: #434832, #434608, #430382
284 * eliminate the now-redundant init.d scripts, closes: #397090
285 * fix typo in TROUBLESHOOTING file, closes: #439624
287 -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
289 sudo (1.6.8p12-6) unstable; urgency=low
291 * fix typos in visudo.pod relating to env_editor variable, closes: #418886
292 * have init.d touch directories in /var/run/sudo, not just files, as a
294 * fix various typos in sudoers.pod, closes: #419749
295 * don't let Makefile strip binaries, closes: #438073
297 -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
299 sudo (1.6.8p12-5) unstable; urgency=low
301 * update debian/copyright to reflect new upstream URL, closes: #368746
302 * add sandwich cartoon URL to the README.Debian
303 * don't remove sudoers on purge. can cause problems when moving between
304 sudo and sudo-ldap. leaving sudoers around on purge seems like the least
305 evil choice for now, closes: #401366
306 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
308 * accept patch that improves debian/rules from Ted Percival, closes: #382122
309 * no longer build with --with-exempt=sudo, provide an example entry in the
310 default sudoers file instead, closes: #296605
311 * add --with-devel to configure and augment build dependencies so that flex
312 and yacc files get re-generated on every build, closes: #316249
314 -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
316 sudo (1.6.8p12-4) unstable; urgency=low
318 * patch from Petter Reinholdtsen for the LSB info block in the init.d
319 script, closes: #361055
320 * deliver sudoers sample again, closes: #361593
322 -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
324 sudo (1.6.8p12-3) unstable; urgency=low
326 * force-feed configure knowledge of nroff's path so we get unformatted man
327 pages installed without build-depending on groff-base, closes: #360894
328 * add a reference to OPTIONS in the man page, closes: #186226
330 -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
332 sudo (1.6.8p12-2) unstable; urgency=low
334 * fix typos in init scripts, closes: #346325
335 * update to debhelper compat level 5
336 * build depend on autotools-dev to ensure config.sub/guess are fresh
337 * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
338 use it here as well. Thanks to Martin and the debian-security team.
339 closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
340 closes: #315115, #315718, #203874
341 * Non-maintainer upload by the Security Team
342 * Reworked the former patch to limit environment variables from being
343 passed through, set env_reset as default instead [sudo.c, env.c,
344 sudoers.pod, Bug#342948, CVE-2005-4158]
345 * env_reset is now set by default
346 * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
347 DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
348 (in addition to the SUDO_* variables)
349 * Rebuild sudoers.man.in from the POD file
350 * Added README.Debian
351 * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
352 * simplify rules file by using more of Makefile, despite having to override
353 default directories with more arguments to configure, closes: #292833
354 * update sudo man page to reflect use of SECURE_PATH, closes: #228551
355 * inconsistencies in sudoers man page resolved, closes: #220808, #161012
356 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
357 unresolveable (requires adding bison as build dep), closes: #314949
359 -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
361 sudo (1.6.8p12-1) unstable; urgency=low
363 * new upstream version, closes: #342948 (CVE-2005-4158)
364 * add env_reset to the sudoers file we create if none already exists,
365 as a further precaution in response to discussion about CVS-2005-4158
366 * split ldap support into a new sudo-ldap package. I was trying to avoid
367 doing this, but the impact of going from 4 to 17 linked shlibs on the
368 autobuilder chroots is sufficient motivation for me.
371 -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
373 sudo (1.6.8p9-4) unstable; urgency=low
375 * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
376 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
377 timestamps in the init.d script, closes: #330868
378 * add dependency header to init.d script, closes: #332849
380 -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
382 sudo (1.6.8p9-3) unstable; urgency=high
384 * update debhelper compatibility level from 2 to 4
385 * add man page symlink for sudoedit
386 * Clean SHELLOPTS and PS4 from the environment before executing programs
387 with sudo permissions [env.c, CAN-2005-2959]
388 * fix typo in manpage pointed out by Moray Allen, closes: #285995
389 * fix paths in sample complex sudoers file, closes: #303542
390 * fix type in sudoers man page, closes: #311244
392 -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
394 sudo (1.6.8p9-2) unstable; urgency=high
396 * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
399 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
401 sudo (1.6.8p9-1) unstable; urgency=high
403 * new upstream version, fixes a race condition in sudo's pathname
404 validation, which is a security issue (CAN-2005-1993),
405 closes: #315115, #315718
407 -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
409 sudo (1.6.8p7-1) unstable; urgency=low
411 * new upstream version, closes: #299585
412 * update lintian overrides to squelch the postinst warning
413 * change sudoedit from a hard to a soft link, closes: #296896
414 * fix regex doc in sudoers man page, closes: #300361
416 -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
418 sudo (1.6.8p5-1) unstable; urgency=high
420 * new upstream version
421 * restores ability to use config tuples without a value, which was causing
422 problems on upgrade closes: #283306
423 * deliver sudoedit, closes: #283078
424 * marking urgency high since 283306 is a serious upgrade incompatibility
426 -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
428 sudo (1.6.8p3-2) unstable; urgency=high
430 * update pam.d deliverable so ldap works again, closes: #282191
432 -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
434 sudo (1.6.8p3-1) unstable; urgency=high
436 * new upstream version, fixes a flaw in sudo's environment sanitizing that
437 could allow a malicious user with permission to run a shell script that
438 utilized the bash shell to run arbitrary commands, closes: #281665
439 * patch the sample sudoers to have the proper path for kill on Debian
440 systems, closes: #263486
441 * patch the sudo manpage to reflect Debian's choice of exempt_group
442 default setting, closes: #236465
443 * patch the sudo manpage to reflect Debian's choice of no timeout on the
444 password prompt, closes: #271194
446 -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
448 sudo (1.6.7p5-2) unstable; urgency=low
450 * Jeff Bailey reports that seteuid works on current sparc systems, so we
451 no longer need the "grosshack" stuff in the sudo rules file
452 * add a postrm that removes /etc/sudoers on purge. don't do this with the
453 normal conffile mechanism since it would generate noise on every upgrade,
456 -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
458 sudo (1.6.7p5-1) unstable; urgency=low
460 * new upstream version, closes: #190265, #193222, #197244
461 * change from '.' to ':' in postinst chown call, closes: #208369
463 -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
465 sudo (1.6.7p3-2) unstable; urgency=low
467 * add --disable-setresuid to configure call since 2.2 kernels don't support
468 setresgid, closes: #189044
469 * cosmetic cleanups to debian/rules as long as I'm there
471 -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
473 sudo (1.6.7p3-1) unstable; urgency=low
475 * new upstream version
476 * add overrides to quiet lintian about things it doesn't understand,
477 except the source one that can't be overridden until 129510 is fixed
479 -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
481 sudo (1.6.6-3) unstable; urgency=low
483 * add code to rules file to update config.sub/guess, closes: #164501
485 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
487 sudo (1.6.6-2) unstable; urgency=low
489 * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
490 configure, and lose the build dependency on mail-transport-agent
491 * incorporate changes from LaMont's NMU, closes: #144665, #144737
492 * update init.d to not try and set time on nonexistent timestamp files,
494 * build with --with-all-insults, admin must edit sudoers to turn insults
495 on at runtime if desired, closes: #135374
496 * stop setting /usr/doc symlink in postinst
498 -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
500 sudo (1.6.6-1.1) unstable; urgency=high
502 * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
503 * Revert patch to auth/pam.c that left pass uninitialized, causing a
504 segfault (Closes: #144665).
506 -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
508 sudo (1.6.6-1) unstable; urgency=high
510 * new upstream version, fixes security problem with crafty prompts,
513 -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
515 sudo (1.6.5p1-4) unstable; urgency=high
517 * apply patch for auth/pam.c to fix yet another way to make sudo segfault
518 if ctrl/C'ed at password prompt, closes: #131235
520 -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
522 sudo (1.6.5p1-3) unstable; urgency=high
524 * ugly hack to add --disable-saved-ids when building on sparc in response
525 to 131592, which will be reassigned to glibc for a real fix
526 * urgency high since the sudo currently in testing for sparc is worthless
528 -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
530 sudo (1.6.5p1-2) unstable; urgency=high
532 * patch from upstream to fix seg faults caused by versions of pam that
533 follow a NULL pointer, closes: #129512
535 -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
537 sudo (1.6.5p1-1) unstable; urgency=high
539 * new upstream version
540 * add --disable-root-mailer option supported by new version to configure
541 call in rules file, closes: #129648
543 -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
545 sudo (1.6.4p1-1) unstable; urgency=high
547 * new upstream version, with fix for segfaulting problem in 1.6.4
549 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
551 sudo (1.6.4-1) unstable; urgency=high
553 * new upstream version, includes an important security fix, closes: #127576
555 -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
557 sudo (1.6.3p7-5) unstable; urgency=low
559 * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
560 * fix spelling error in init.d, closes: #126847
562 -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
564 sudo (1.6.3p7-4) unstable; urgency=medium
566 * use touch to set status files to an ancient date instead of removing them
567 outright on reboot. this achieves the desired effect of keeping elevated
568 privs from living across reboots, without forcing everyone to see the
569 new-sudo-user lecture after every reboot. pick a time that's 'old enough'
570 for systems with good clocks, and 'recent enough' that broken PC hardware
571 setting the clock to commonly-seen bogus dates trips over the "don't trust
572 future timestamps" rule. closes: #76529, #123559
573 * apply patch from Steve Langasek to fix seg faults due to interaction with
574 PAM code. upstream confirms the problem, and says they're fixing this
575 differently for their next release... but this should be useful in the
576 meantime, and would be good to get into woody. closes: #119147
577 * only run the init.d at boot, not on each runlevel change... and don't run
578 it during package configure. closes: #125935
579 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
581 -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
583 sudo (1.6.3p7-3) unstable; urgency=low
585 * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
586 resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
587 * fix a typo in the manpage, closes: #97368
588 * apply patch to configure.in and run autoconf to fix problem building on
589 the hurd, closes: #96325
590 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
591 to not last across reboots, closes: #76529
592 * clean up lintian-noticed cosmetic packaging issues
594 -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
596 sudo (1.6.3p7-2) unstable; urgency=low
598 * update config.sub/guess for hppa support
600 -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
602 sudo (1.6.3p7-1) unstable; urgency=low
604 * new upstream version
605 * add build dependency on mail-transport-agent, closes: #90685
607 -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
609 sudo (1.6.3p6-1) unstable; urgency=high
611 * new upstream version, fixes buffer overflow problem,
612 closes: #87259, #87278, #87263
613 * revert to using --with-secure-path option at build time, since the option
614 available in sudoers is parsed too late to be useful, and upstream says
615 it won't get fixed quickly. This reopens 85123, which I will mark as
616 forwarded. Closes: #86199, #86117, #85676
618 -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
620 sudo (1.6.3p5-2) unstable; urgency=low
622 * lose the dh_suidregister call since it's obsolete
623 * stop using the --with-secure-path option at build time, and instead show
624 how to set it in sudoers. Closes: #85123
625 * freshen config.sub and config.guess for ia64 and hppa
626 * update sudoers man page to indicate exempt_group is on by default,
629 -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
631 sudo (1.6.3p5-1) unstable; urgency=low
633 * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
634 * this version restores core dumps before the exec, while leaving them
635 disabled during sudo's internal execution, closes: #58289
636 * update debhelper calls in rules file
638 -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
640 sudo (1.6.2p2-1) frozen unstable; urgency=medium
642 * new upstream source resulting from direct collaboration with the upstream
643 author to fix ugly pam-related problems on Debian in 1.6.1 and later.
644 Closes: #56129, #55978, #55979, #56550, #56772
645 * include more upstream documentation, closes: #55054
646 * pam.d fragment update, closes: #56129
648 -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
650 sudo (1.6.1-1) unstable; urgency=low
652 * new upstream source, closes: #52750
654 -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
656 sudo (1.6-2) unstable; urgency=low
658 * drop suidregister support for this package. The sudo executable is
659 essentially worthless unless it is setuid root, and making suidregister
660 work involves shipping a non-setuid executable in the .deb and setting the
661 perms in the postinst. On a long upgrade run, this can leave the sudo
662 executable 'broken' for a long time, which is unacceptable. With this
663 version, we ship the executable setuid root in the .deb. Closes: #51742
665 -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
667 sudo (1.6-1) unstable; urgency=low
669 * new upstream version, many options previously set at compile-time are now
670 configurable at runtime.
671 Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
674 -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
676 sudo (1.5.9p4-1) unstable; urgency=low
678 * new upstream version, closes: #43464
679 * empty password handling was fixed in 1.5.8, closes: #31863
681 -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
683 sudo (1.5.9p1-1) unstable; urgency=low
685 * new upstream version
687 -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
689 sudo (1.5.8p1-1) unstable; urgency=medium
691 * new upstream version, closes 33690
692 * add dependency on libpam-modules, closes 34215, 33432
694 -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
696 sudo (1.5.7p4-2) unstable; urgency=medium
698 * update the pam fragment provided so that sudo works with latest pam bits,
701 -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
703 sudo (1.5.7p4-1) unstable; urgency=low
705 * new upstream release
707 -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
709 sudo (1.5.6p5-1) unstable; urgency=low
711 * new upstream patch release
712 * add PAM support, closes 28594
714 -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
716 sudo (1.5.6p2-2) unstable; urgency=low
718 * update copyright file, closes 24136
719 * review and close forwarded bugs believed fixed in this upstream version,
722 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
724 sudo (1.5.6p2-1) unstable; urgency=low
726 * new upstream release
728 -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
730 sudo (1.5.4-4) frozen unstable; urgency=low
732 * update postinst to use groupadd, closes 21403
733 * move the suidregister stuff earlier in postinst to ensure it always runs
735 -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
737 sudo (1.5.4-3) frozen unstable; urgency=low
739 * change /etc/sudoers from a conffile to being handled in postinst,
741 * add suidmanager support, closes 15711
742 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
743 unlikely to ever fix, and which just don't matter. closes 17146
744 * fix FSF address in copyright file, and submit exception for lintian
745 warning about sudo being setuid root
747 -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
749 sudo (1.5.4-2) unstable; urgency=high
751 * patch from upstream author correcting/improving security fix
753 -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
755 sudo (1.5.4-1) unstable; urgency=high
757 * new upstream version, includes a security fix
758 * change default editor from /bin/ae to /usr/bin/editor
760 -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
762 sudo (1.5.3-1) unstable; urgency=medium
764 * new upstream version, closes bug 15911.
765 * rules file reworked to use debhelper
766 * implement a really gross hack to force use of the sudo-provided
767 lsearch(), since the one in libc6 is broken! This closes bugs
768 12552, 12557, 14881, 15259, 15916.
770 -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
772 sudo (1.5.2-6) unstable; urgency=LOW
774 * don't install INSTALL in the doc directory, closes bug 13195.
776 -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
778 sudo (1.5.2-5) unstable; urgency=LOW
782 -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
784 sudo (1.5.2-4) unstable; urgency=LOW
786 * change TIMEOUT (how long before you have to type your password again)
787 to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
788 packages on slower machines much more tolerable. Closes bug 9076.
789 * touch debian/suid before debstd. Closes bug 8709.
791 -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
793 sudo (1.5.2-3) frozen unstable; urgency=LOW
795 * patch from upstream maintainer to close Bug 6828
796 * add a debian/suid file to get debstd to leave my perl postinst alone
798 -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
800 sudo (1.5.2-2) frozen unstable; urgency=LOW
802 * change rules to use -O2 -Wall as per standards
804 -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
806 sudo (1.5.2-1) unstable; urgency=LOW
808 * new upstream version
809 * cosmetic changes to debian package control files
811 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
813 sudo (1.5-2) unstable; urgency=LOW
815 * add /usr/X11R6/bin to the end of the secure path... this makes it
816 much easier to run xmkmf, etc., during package builds. To the extent
817 that /usr/local/sbin and /usr/local/bin were already included, I see
818 no security reasons not to add this.
820 -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
822 sudo (1.5-1) unstable; urgency=LOW
824 * New upstream version
826 * New packaging format
828 -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
830 Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
834 * hard code SECURE_PATH to:
835 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
839 * enabled EXEMPTGROUP "sudo"
841 * moved timestamp dir to /var/log/sudo
843 * changed parser to check for long and short filenames (Bug#1162)
845 Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
849 * New upstream source
851 * Fixed postinst script
852 (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
854 * Removed special shadow binary. This version works with and without
855 shadow password file.
857 Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
861 * Corrected editor path to /bin/ae (Bug#3062)
863 * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
865 Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
869 * New upstream version
871 * Changed sudoers permission to 440 (owner root, group root) to make
874 Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
878 * Applied upstream patch 1
880 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
884 * Applied upstream patch 2
886 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
890 * Applied upstream patch 3 (fixes problems with an NFS-mounted
894 Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
898 * Corrected postinst to use /usr/bin/perl instead of /bin/perl
899 [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
901 Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
905 * Applied upstream patch 4 (fixes several bugs)
907 * Changed priority to optional
909 Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
913 * Corrected postinst to create correct permission for /etc/sudoers
916 Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
920 * New upstream version
923 sudo (1.4.4-2) admin; urgency=HIGH
925 * Fixed major security bug reported by Peter Tobias
926 <tobias@et-inf.fho-emden.de>
927 * Added dchanges support to debian.rules
929 sudo (1.4.5-1) admin; urgency=LOW
931 * New upstream version
932 * Minor changes to debian.rules