-sudo (1.6.6-1.5) oldstable-security; urgency=high
+sudo (1.6.9p9-1) unstable; urgency=low
- * Non-maintainer upload by the Security Team
- * Reverse the environment semantic by forcing users to maintain a
- whitelist [env.c, Bug#342948, CVE-2005-4158]
-
- -- Martin Schulze <joey@infodrom.org> Wed, 21 Dec 2005 10:05:52 +0100
-
-sudo (1.6.6-1.4) oldstable-security; urgency=high
+ * new upstream version
+ * debian/rules: configure a more informative default password prompt to
+ reduce confusion when using sudo to invoke commands which also ask for
+ passwords, closes: #343268
+ * auth/pam.c: don't use the PAM prompt if the user explicitly requested
+ a custom prompt, closes: #448628.
+ * fix configure's ability to discover that libc has dirfd, closes: #451324
+ * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
+ the command 'visudo' invokes a vi variant by default as documented,
+ closes: #388659
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
+
+sudo (1.6.9p6-1) unstable; urgency=low
+
+ * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
+ closes: #434832, #434608, #430382
+ * eliminate the now-redundant init.d scripts, closes: #397090
+ * fix typo in TROUBLESHOOTING file, closes: #439624
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
+
+sudo (1.6.8p12-6) unstable; urgency=low
+
+ * fix typos in visudo.pod relating to env_editor variable, closes: #418886
+ * have init.d touch directories in /var/run/sudo, not just files, as a
+ followup to #330868.
+ * fix various typos in sudoers.pod, closes: #419749
+ * don't let Makefile strip binaries, closes: #438073
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
+
+sudo (1.6.8p12-5) unstable; urgency=low
+
+ * update debian/copyright to reflect new upstream URL, closes: #368746
+ * add sandwich cartoon URL to the README.Debian
+ * don't remove sudoers on purge. can cause problems when moving between
+ sudo and sudo-ldap. leaving sudoers around on purge seems like the least
+ evil choice for now, closes: #401366
+ * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
+ closes: #374509
+ * accept patch that improves debian/rules from Ted Percival, closes: #382122
+ * no longer build with --with-exempt=sudo, provide an example entry in the
+ default sudoers file instead, closes: #296605
+ * add --with-devel to configure and augment build dependencies so that flex
+ and yacc files get re-generated on every build, closes: #316249
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
+
+sudo (1.6.8p12-4) unstable; urgency=low
+
+ * patch from Petter Reinholdtsen for the LSB info block in the init.d
+ script, closes: #361055
+ * deliver sudoers sample again, closes: #361593
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
+
+sudo (1.6.8p12-3) unstable; urgency=low
+
+ * force-feed configure knowledge of nroff's path so we get unformatted man
+ pages installed without build-depending on groff-base, closes: #360894
+ * add a reference to OPTIONS in the man page, closes: #186226
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
+
+sudo (1.6.8p12-2) unstable; urgency=low
+
+ * fix typos in init scripts, closes: #346325
+ * update to debhelper compat level 5
+ * build depend on autotools-dev to ensure config.sub/guess are fresh
+ * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
+ use it here as well. Thanks to Martin and the debian-security team.
+ closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
+ closes: #315115, #315718, #203874
+ * Non-maintainer upload by the Security Team
+ * Reworked the former patch to limit environment variables from being
+ passed through, set env_reset as default instead [sudo.c, env.c,
+ sudoers.pod, Bug#342948, CVE-2005-4158]
+ * env_reset is now set by default
+ * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
+ DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
+ (in addition to the SUDO_* variables)
+ * Rebuild sudoers.man.in from the POD file
+ * Added README.Debian
+ * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
+ * simplify rules file by using more of Makefile, despite having to override
+ default directories with more arguments to configure, closes: #292833
+ * update sudo man page to reflect use of SECURE_PATH, closes: #228551
+ * inconsistencies in sudoers man page resolved, closes: #220808, #161012
+ * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
+ unresolveable (requires adding bison as build dep), closes: #314949
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
+
+sudo (1.6.8p12-1) unstable; urgency=low
+
+ * new upstream version, closes: #342948 (CVE-2005-4158)
+ * add env_reset to the sudoers file we create if none already exists,
+ as a further precaution in response to discussion about CVS-2005-4158
+ * split ldap support into a new sudo-ldap package. I was trying to avoid
+ doing this, but the impact of going from 4 to 17 linked shlibs on the
+ autobuilder chroots is sufficient motivation for me.
+ closes: #344034
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
+
+sudo (1.6.8p9-4) unstable; urgency=low
+
+ * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
+ * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
+ timestamps in the init.d script, closes: #330868
+ * add dependency header to init.d script, closes: #332849
- * Non-maintainer upload by the Security Team
+ -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
+
+sudo (1.6.8p9-3) unstable; urgency=high
+
+ * update debhelper compatibility level from 2 to 4
+ * add man page symlink for sudoedit
* Clean SHELLOPTS and PS4 from the environment before executing programs
with sudo permissions [env.c, CAN-2005-2959]
+ * fix typo in manpage pointed out by Moray Allen, closes: #285995
+ * fix paths in sample complex sudoers file, closes: #303542
+ * fix type in sudoers man page, closes: #311244
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
+
+sudo (1.6.8p9-2) unstable; urgency=high
+
+ * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
+ closes: #305735
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
+
+sudo (1.6.8p9-1) unstable; urgency=high
+
+ * new upstream version, fixes a race condition in sudo's pathname
+ validation, which is a security issue (CAN-2005-1993),
+ closes: #315115, #315718
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
+
+sudo (1.6.8p7-1) unstable; urgency=low
+
+ * new upstream version, closes: #299585
+ * update lintian overrides to squelch the postinst warning
+ * change sudoedit from a hard to a soft link, closes: #296896
+ * fix regex doc in sudoers man page, closes: #300361
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
+
+sudo (1.6.8p5-1) unstable; urgency=high
+
+ * new upstream version
+ * restores ability to use config tuples without a value, which was causing
+ problems on upgrade closes: #283306
+ * deliver sudoedit, closes: #283078
+ * marking urgency high since 283306 is a serious upgrade incompatibility
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
+
+sudo (1.6.8p3-2) unstable; urgency=high
+
+ * update pam.d deliverable so ldap works again, closes: #282191
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
+
+sudo (1.6.8p3-1) unstable; urgency=high
+
+ * new upstream version, fixes a flaw in sudo's environment sanitizing that
+ could allow a malicious user with permission to run a shell script that
+ utilized the bash shell to run arbitrary commands, closes: #281665
+ * patch the sample sudoers to have the proper path for kill on Debian
+ systems, closes: #263486
+ * patch the sudo manpage to reflect Debian's choice of exempt_group
+ default setting, closes: #236465
+ * patch the sudo manpage to reflect Debian's choice of no timeout on the
+ password prompt, closes: #271194
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
+
+sudo (1.6.7p5-2) unstable; urgency=low
+
+ * Jeff Bailey reports that seteuid works on current sparc systems, so we
+ no longer need the "grosshack" stuff in the sudo rules file
+ * add a postrm that removes /etc/sudoers on purge. don't do this with the
+ normal conffile mechanism since it would generate noise on every upgrade,
+ closes: #245405
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
+
+sudo (1.6.7p5-1) unstable; urgency=low
+
+ * new upstream version, closes: #190265, #193222, #197244
+ * change from '.' to ':' in postinst chown call, closes: #208369
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
+
+sudo (1.6.7p3-2) unstable; urgency=low
+
+ * add --disable-setresuid to configure call since 2.2 kernels don't support
+ setresgid, closes: #189044
+ * cosmetic cleanups to debian/rules as long as I'm there
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
+
+sudo (1.6.7p3-1) unstable; urgency=low
+
+ * new upstream version
+ * add overrides to quiet lintian about things it doesn't understand,
+ except the source one that can't be overridden until 129510 is fixed
- -- Martin Schulze <joey@infodrom.org> Thu, 22 Sep 2005 23:32:16 +0200
+ -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
-sudo (1.6.6-1.3) stable-security; urgency=high
+sudo (1.6.6-3) unstable; urgency=low
- * Non-maintainer upload by the Security Team
- * Removed debugging code again. Sorry.
+ * add code to rules file to update config.sub/guess, closes: #164501
- -- Martin Schulze <joey@infodrom.org> Wed, 24 Nov 2004 15:51:06 +0100
+ -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
-sudo (1.6.6-1.2) stable-security; urgency=high
+sudo (1.6.6-2) unstable; urgency=low
- * Non-maintainer upload by the Security Team
- * Applied upstream patch to prevent bash functions and the CDPATH
- environment variable from being exported into the sudo environment
- [env.c, CAN-2004-1051]
- * Added special detection routine for big/little endianess on MIPS since
- the line "byteorder : {big|little} endian" from /proc/cpuinfo was
- removed as of Linux 2.4.20, resulting in the mipsel buildd being
- unable to build this package.
+ * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
+ configure, and lose the build dependency on mail-transport-agent
+ * incorporate changes from LaMont's NMU, closes: #144665, #144737
+ * update init.d to not try and set time on nonexistent timestamp files,
+ closes: #132616
+ * build with --with-all-insults, admin must edit sudoers to turn insults
+ on at runtime if desired, closes: #135374
+ * stop setting /usr/doc symlink in postinst
- -- Martin Schulze <joey@infodrom.org> Thu, 18 Nov 2004 08:53:05 +0100
+ -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
sudo (1.6.6-1.1) unstable; urgency=high
projects / debian / sudo / blobdiff