1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
|
sudo (1.9.13p3-1+deb12u1) bookworm; urgency=medium
* add upstream patch to fix event log format.
Thanks to Kimmo Suominen (Closes: #1039557)
-- Marc Haber <mh+debian-packages@zugschlus.de> Tue, 27 Jun 2023 13:45:00 +0200
sudo (1.9.13p3-1) unstable; urgency=medium
* new upstream version:
* Fix potential double free for CHROOT= rules
CVE-2023-27320. (Closes: #1032163)
* Fix --enable-static-sudoers regression
* check for overflow as result of fuzzing efforts
* Fix parser regression disallowing rules for user "list"
* Fix eventloop hang if there is /dev/tty data
* Fix sudo -l command args regression
* Fix sudo -l -U someuser regression
* Fix list privs regression
-- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 08 Mar 2023 21:17:05 +0100
sudo (1.9.13p1-1) unstable; urgency=medium
* new upstream version 1.9.13p1
* remove unnecessary changelog creation patch
* remove lsb-base from dependencies
-- Marc Haber <mh+debian-packages@zugschlus.de> Sat, 18 Feb 2023 13:03:19 +0100
sudo (1.9.12p2-1) unstable; urgency=high
* new upstream version 1.9.12p2
* this fixes CVE-2023-22809:
Sudoedit can edit arbitrary files
-- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 18 Jan 2023 16:19:23 +0100
sudo (1.9.12p1-1) unstable; urgency=low
* new upstream version 1.9.12p1
* update patches
* update debian/copyright
* Add upstream patch to silence libgcrypt error message.
Thanks to Francesco P. Lovergine (Closes: #1019428)
* Standards-Version: 4.6.2 (no changes necessary)
* clean out obsolete lintian overrides
* Add patch to disable regeneration of upstream ChangeLog from git.
Thanks to Gioele Barabucci (Closes: #1025740)
* remove extra whitespace from debconf-get-selections output.
* add autopkgtest for sudo with sssd (Closes: #1004910)
[ Niels Thykier ]
* Support building sudo without (fake)root.
[ Gioele Barabucci ]
* Use dh_installnss to add ldap to sudoers NSS database
* Add libnss-sudo package. (Closes: #1023524)
-- Marc Haber <mh+debian-packages@zugschlus.de> Sun, 15 Jan 2023 13:58:48 +0100
sudo (1.9.11p3-1) unstable; urgency=low
* new upstream version 1.9.11p3
-- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 23 Mar 2022 10:50:16 +0100
sudo (1.9.10-3) unstable; urgency=medium
* some changes to 03-getroot-ldap autopkgtest to find out
about ppc64el failure
-- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 23 Mar 2022 10:38:39 +0100
sudo (1.9.10-2) unstable; urgency=medium
* upload to unstable (fixed autopkgtest is needed to allow
adduser to migrate)
-- Marc Haber <mh+debian-packages@zugschlus.de> Mon, 21 Mar 2022 11:49:06 +0100
sudo (1.9.10-1) experimental; urgency=medium
* new upstream version
* unverified upstream changelog
* implement workaround if /proc/self/stat is invalid.
(Closes: #940533)
* Fix compilation problem on kFreeBSD. (Closes: #1004909)
(different fix than the Debian patch, disable Debian patch)
* get rid of e-mails "problem with defaults entries" in sss
configurations. (Closes: #793660)
* regular expression support for sudoers. (Closes: #945366)
* handle /proc/self/fd in qemu.
* Apply Upstream Patch to allow test suite with non-english LANG
https://bugzilla.sudo.ws/show_bug.cgi?id=1025
* Apply Upstream Patch to allow test suite with faketime
* re-introduce MVPROG patch that got lost in dh migration.
Thanks to Vagrant Cascadian (Closes: #976307)
* revert back to directly shipping the mask symlink in the package.
Thanks to Michael Biebl (Closes: #1004730)
* adopt configure changes from Ubuntu
--without-lecture --with-tty-tickets --enable-admin-flag (Closes: #1006273)
* fix wrong handling of --with-systemd-tmpfiles.d
* bring OPTIONS up to date.
* have upstream install docs directly to correct directory
* let debhelper handle the upstream changelog
* remove LICENSE.md in both packages
* autopkgtest: send deluser stderr to null in cleanup
* Add cron to autopkgtest 03-getroot-ldap dependencies
* improve lintian overrides
-- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 18 Mar 2022 14:31:30 +0100
sudo (1.9.9-1) unstable; urgency=medium
* new upstream version
* audit plugin now handles unresolvable hostname better
Thanks to Sven Mueller (Closes: #1003969)
* better document environment handling.
Thanks to Arnout Engelen (Closes: #659101)
* README files now come as markdown
* schemas are now in docs subdirectory
* LICENSE is now LICENSE.md
[ Marc Haber ]
* refresh patches
* mark paths-in-samples.diff expicitly as not forwarded
* have systemd-tmpfiles clean up /run/sudo on boot
* lintian overrides:
* improve 'em in various places
* give better explanations
* override long line warnings
* override typo warning for a literal film quote
* use correct lintian tag for override init script without unit
* init script / systemd units
* guarantee init script no-op on systemd systems
* mask sysv init script on systemd systems in postinst
instead of debian/rules
* actually remove masking of service in postrm
* maintainer scripts
* document when .dist file removal was added to that
it can be eventually removed
* document when alternative removal was added to that
it can be eventually removed
* add a test to check for presence of #1003969
* Standards-Version: 4.6.0 (no changes)
* use uscan version 4
* honor nocheck DEB_BUILD_OPTION
[ Hilko Bengen ]
* More improvement for Lintian overrides
* Convert debian/copyright to machine-readable format, using
information from upstream-provided LICENSE.md file
-- Marc Haber <mh+debian-packages@zugschlus.de> Mon, 31 Jan 2022 20:19:55 +0100
sudo (1.9.8p2-1) unstable; urgency=medium
* add more autopkgtests (especially for LDAP)
* improve existing autopkgtests
* debian/patches:
* Remove typo-in-classic-insults.diff, reflectinc upstream's decision
to not fix the typo as a way of remembering Evi Nemeth.
* remove unneeded sudo-success_return. patch
* mark debian/patches/sudo-ldap-docs as Forwarded: not-needed
* add DEP3 headers
* mention #1001858 in sudo.prerm
* comment some lintian-overrides with unclear results
-- Marc Haber <mh+debian-packages@zugschlus.de> Sat, 18 Dec 2021 14:55:08 +0100
sudo (1.9.8p2-1~exp1) experimental; urgency=medium
[ Marc Haber ]
* new upstream version 1.9.8p2-1
* this correctly handles double defined alases (Closes: #985412)
* improve sudoers.ldap.manpage. Thanks to Dennis Filder and
Eric Brun (Closes: #981190)
* refresh patches
* remove prompting for wrong sudo group id (Closes: #605576)
* give better docs for LDAP success behavior.
Thanks to Dennis Filder (Closes: 981190)
* remove unneeded mandoc from Build-Depends.
Thanks to Ingo Schwarze
* Restore inclusion of pam_limits.so PAM module.
Thanks to Salvatore Bonaccorso (Closes: 518464)
* Use @includedir in sudoers.d/README (Closes: #993815)
* Other improvements for sudoers.d/README.
Thanks to Josh Triplett (Closes: #994962)
* add some (simple) autopkgtests
* better short description for sudo-ldap
* use https in debian/watch
* some changes to patch headers for Lintian
* manually remove executable bit from shared libs
* explicitly write set -e in maintainer scripts
* debian/control: set Rules-Requires-Root: binary-targets
* add first/trivial autopkgtests
[ Hilko Bengen ]
* Update lintian-overrides files
* Remove group sudo / gid=27 check from postinst scripts
[ Otto Kekäläinen ]
* Add basic Salsa-CI for project quality assurance
-- Marc Haber <mh+debian-packages@zugschlus.de> Sun, 12 Dec 2021 22:45:15 +0100
sudo (1.9.6-1~exp2) experimental; urgency=low
[ Marc Haber ]
* add use_pty to default configuration, fixing CVE-2005-4890.
Thanks to Daniel Kahn Gillmor (Closes: #657784)
* Add group specific defaults for environment variables (commented out)
Thanks to Josh Triplett
* remove --disable-setresuid from sudo-ldap as well.
Thanks to Dennis Filder (Closes: #985307)
[ Hilko Bengen ]
* Add PAM config for interactive login use (Closes: #690044)
* Actually configure sudo to use pam / sudo-i
-- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 02 Apr 2021 18:15:21 +0200
sudo (1.9.6-1~exp1) experimental; urgency=medium
* new upstream version
* add upstream signature
* refresh patches
* remove NO_ROOT_MAILER patch (incorporated upstream)
-- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 12 Mar 2021 22:06:59 +0100
sudo (1.9.5p2-3+exp1) experimental; urgency=medium
[ Marc Haber ]
* convert package to dh
* rename init scripts to be picked up by new debhelper
* rename and update lintian overrides
* let /run directory be created by systemd
* remove documentation files that are installed by upstream scripts
* clear dependency path in .la files
* add Pre-Depends: ${misc:Pre-Depends}
* override package-has-unnecessary-activation-of-ldconfig-trigger
[ Bastian Blank ]
* Move stuff to /usr/libexec.
* Use dpkg provided make snippets
* Provide build-flags via environment
* Use easier to read multi-line variables
* Remove not require prefix override
* Move stuff to /usr/libexec
[ Hilko Bengen ]
* Remove unneeded Built-Using
* Simplify dh_auto_* overrides
* Further simplification
* debian/rules: Remove another unneeded variable
* Don't ship *.la files
* Add Apport script
-- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 12 Mar 2021 20:48:13 +0100
sudo (1.9.5p2-3) unstable; urgency=medium
* new maintainer team and uploaders (Closes: #976244)
* sudo is now team maintained
* add Uploaders field
* move salsa repo to team-sudo group
* refresh patches
* Adapt README.LDAP to the actual state of sudo-ldap (Closes: #442871)
* add Apport hook.
Thanks to Balint Reczey (Closes: 881671)
-- Marc Haber <mh+debian-packages@zugschlus.de> Sat, 27 Feb 2021 09:28:03 +0100
sudo (1.9.5p2-2) unstable; urgency=medium
* patch from upstream repo to fix NO_ROOT_MAILER
-- Bdale Garbee <bdale@gag.com> Fri, 29 Jan 2021 18:12:32 -0700
sudo (1.9.5p2-1) unstable; urgency=high
* new upstream version, addresses CVE-2021-3156
-- Bdale Garbee <bdale@gag.com> Tue, 26 Jan 2021 21:20:05 -0700
sudo (1.9.5p1-1.1) unstable; urgency=high
* Non-maintainer upload.
* Heap-based buffer overflow (CVE-2021-3156)
- Reset valid_flags to MODE_NONINTERACTIVE for sudoedit
- Add sudoedit flag checks in plugin that are consistent with front-end
- Fix potential buffer overflow when unescaping backslashes in user_args
- Fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL
- Don't assume that argv is allocated as a single flat buffer
-- Salvatore Bonaccorso <carnil@debian.org> Wed, 20 Jan 2021 10:11:47 +0100
sudo (1.9.5p1-1) unstable; urgency=medium
* new upstream version, closes: #980028
-- Bdale Garbee <bdale@gag.com> Wed, 13 Jan 2021 01:09:19 -0700
sudo (1.9.5-1) unstable; urgency=medium
* new upstream version
-- Bdale Garbee <bdale@gag.com> Mon, 11 Jan 2021 15:15:48 -0700
sudo (1.9.4p2-2) unstable; urgency=medium
* always use /bin/mv to ensure reproducible builds whether built on a
usrmerge or non-usrmerge system, closes: #976307
-- Bdale Garbee <bdale@gag.com> Sun, 03 Jan 2021 09:11:13 -0700
sudo (1.9.4p2-1) unstable; urgency=medium
* new upstream version
-- Bdale Garbee <bdale@gag.com> Sun, 20 Dec 2020 17:43:54 -0700
sudo (1.9.4p1-1) unstable; urgency=medium
* new upstream version
-- Bdale Garbee <bdale@gag.com> Thu, 17 Dec 2020 17:35:55 -0700
sudo (1.9.4-1) unstable; urgency=medium
* new upstream version
-- Bdale Garbee <bdale@gag.com> Tue, 01 Dec 2020 22:10:03 -0500
sudo (1.9.3p1-1) unstable; urgency=medium
* new upstream version
-- Bdale Garbee <bdale@gag.com> Thu, 24 Sep 2020 11:10:02 -0600
sudo (1.9.3-1) unstable; urgency=medium
* new upstream version
* make the comment match the text in default sudoers, closes: #964922
* enable zlib, closes: #846077
-- Bdale Garbee <bdale@gag.com> Mon, 21 Sep 2020 17:11:30 -0600
sudo (1.9.1-2) unstable; urgency=medium
* change # to @ on includedir in default sudoers to reduce confusion with
a comment, such as in 964922
-- Bdale Garbee <bdale@gag.com> Sun, 12 Jul 2020 09:52:08 -0600
sudo (1.9.1-1) unstable; urgency=medium
* new upstream version
-- Bdale Garbee <bdale@gag.com> Fri, 19 Jun 2020 15:44:09 -0600
sudo (1.9.0-1) unstable; urgency=medium
* new upstream version, closes: #669687, #571621, #734752
-- Bdale Garbee <bdale@gag.com> Wed, 13 May 2020 18:34:59 -0600
sudo (1.8.31p1-1) unstable; urgency=medium
* new upstream version
-- Bdale Garbee <bdale@gag.com> Thu, 19 Mar 2020 15:47:17 -0600
sudo (1.8.31-1) unstable; urgency=medium
* new upstream version
-- Bdale Garbee <bdale@gag.com> Sat, 01 Feb 2020 23:07:09 -0800
sudo (1.8.29-1) unstable; urgency=medium
* new upstream version
* make --libexecdir use /usr/lib instead of /usr/lib/sudo, closes: #943313
-- Bdale Garbee <bdale@gag.com> Mon, 28 Oct 2019 19:27:42 -0600
sudo (1.8.28p1-1) unstable; urgency=medium
* new upstream version
-- Bdale Garbee <bdale@gag.com> Tue, 22 Oct 2019 16:13:34 -0600
sudo (1.8.27-1.1) unstable; urgency=high
* Non-maintainer upload.
* Treat an ID of -1 as invalid since that means "no change" (CVE-2019-14287)
(Closes: #942322)
* Fix test failure in plugins/sudoers/regress/testsudoers/test5.sh
-- Salvatore Bonaccorso <carnil@debian.org> Mon, 14 Oct 2019 21:10:58 +0200
sudo (1.8.27-1) unstable; urgency=medium
* new upstream version
-- Bdale Garbee <bdale@gag.com> Sat, 12 Jan 2019 11:10:05 -0700
sudo (1.8.26-2) unstable; urgency=medium
* patch from upstream to fix man page truncation, closes: #914469
-- Bdale Garbee <bdale@gag.com> Fri, 23 Nov 2018 14:59:17 -0700
sudo (1.8.26-1) unstable; urgency=medium
[Bdale Garbee]
* new upstream version
[Ondřej Nový]
* d/changelog: Remove trailing whitespaces
* d/control: Remove trailing whitespaces
* d/rules: Remove trailing whitespaces
-- Bdale Garbee <bdale@gag.com> Mon, 19 Nov 2018 00:32:06 -1000
sudo (1.8.23-2) unstable; urgency=high
* fix FTBFS due to earlier sudoers2ldif removal, closes: #903415
-- Bdale Garbee <bdale@gag.com> Sat, 21 Jul 2018 11:22:37 -0600
sudo (1.8.23-1) unstable; urgency=medium
* new upstream version
-- Bdale Garbee <bdale@gag.com> Mon, 30 Apr 2018 20:55:10 -0600
sudo (1.8.21p2-3) unstable; urgency=medium
* include sssd support in the sudo-ldap build too, closes: #884741
-- Bdale Garbee <bdale@gag.com> Mon, 18 Dec 2017 21:55:18 -0700
sudo (1.8.21p2-2) unstable; urgency=medium
* work harder to clean up mess left by sudo-ldap using /etc/init.d/sudo
prior to version 1.8.7-1, closes: #877516
-- Bdale Garbee <bdale@gag.com> Mon, 02 Oct 2017 13:02:27 -0600
sudo (1.8.21p2-1) unstable; urgency=medium
* new upstream version, closes: #873623, #873600, #874000
* remove legacy /etc/sudoers.dist we no longer deliver, closes: #873561
-- Bdale Garbee <bdale@gag.com> Thu, 07 Sep 2017 10:42:19 -0600
sudo (1.8.21-1) unstable; urgency=medium
[ Bdale Garbee ]
* new upstream version
* don't deliver /etc/sudoers.dist, closes: #862309
* whitelist DPKG_COLORS env var, closes: #823368
[ Laurent Bigonville ]
* debian/sudo*.postinst: Drop /var/run/sudo -> /var/lib/sudo migration code,
this migration happened in 2010 and that code is not necessary anymore
* Move timestamp files to /run/sudo, with systemd the directory is
created/cleaned by tmpfiles.d now, the sudo initscript/service is not
doing anything in that case anymore (Closes: #786555)
* debian/sudo*.postinst: Move the debhelper marker before the creation of
the sudo group, this way the snippets added by debhelper will be executed
even if the group already exists. (Closes: #870456)
-- Bdale Garbee <bdale@gag.com> Mon, 28 Aug 2017 09:44:06 -0600
sudo (1.8.20p2-1) unstable; urgency=medium
* new upstream version
-- Bdale Garbee <bdale@gag.com> Thu, 08 Jun 2017 11:57:02 -0600
sudo (1.8.20p1-1.1) unstable; urgency=high
* Non-maintainer upload.
* Use /proc/self consistently on Linux
* CVE-2017-1000368: Arbitrary terminal access (Closes: #863897)
-- Salvatore Bonaccorso <carnil@debian.org> Mon, 05 Jun 2017 14:19:33 +0200
sudo (1.8.20p1-1) unstable; urgency=high
* New upstream version with fix for CVE-2017-1000367, closes: #863731
-- Bdale Garbee <bdale@gag.com> Tue, 30 May 2017 14:41:58 -0600
sudo (1.8.20-1) unstable; urgency=medium
* New upstream version
* patch from Helmut Grohne to fix cross-building issues, closes: #847131
+ Let dh_auto_configure pass --host to configure
+ Honour DEB_BUILD_OPTIONS=nocheck
-- Bdale Garbee <bdale@gag.com> Wed, 10 May 2017 10:25:46 -0600
sudo (1.8.19p1-1) unstable; urgency=medium
* new upstream version
-- Bdale Garbee <bdale@gag.com> Fri, 13 Jan 2017 11:12:49 -0700
sudo (1.8.19-1) unstable; urgency=medium
* new upstream version
-- Bdale Garbee <bdale@gag.com> Mon, 19 Dec 2016 13:00:21 -0700
sudo (1.8.18p1-2) unstable; urgency=medium
* merge work done by Balint Reczey in parallel / conflict with my offline work
-- Bdale Garbee <bdale@gag.com> Thu, 15 Dec 2016 19:08:46 -0700
sudo (1.8.18p1-1) unstable; urgency=medium
* new upstream version
* explicitly depend on lsb-base since we use init-functions
* move to latest debhelper compat level
-- Bdale Garbee <bdale@gag.com> Thu, 15 Dec 2016 18:10:29 -0700
sudo (1.8.17p1-2) unstable; urgency=medium
* merge 1.8.15-1.1 NMU changes
-- Bdale Garbee <bdale@gag.com> Tue, 05 Jul 2016 16:01:55 +0200
sudo (1.8.17p1-1) unstable; urgency=low
* new upstream version, closes: #805563
* build-depend on the new mandoc package so we can rebuild man pages
properly if needed, closes: #809984
-- Bdale Garbee <bdale@gag.com> Tue, 05 Jul 2016 16:01:55 +0200
sudo (1.8.15-1.1) unstable; urgency=medium
* Non-maintainer upload
* Disable editing of files via user-controllable symlinks
(Closes: #804149) (CVE-2015-5602)
- Fix directory writability checks for sudoedit
- Enable sudoedit directory writability checks by default
-- Ben Hutchings <ben@decadent.org.uk> Mon, 04 Jan 2016 23:36:50 +0000
sudo (1.8.15-1) unstable; urgency=low
* new upstream version, closes: #804149
* use --with-exampledir to deliver example files more cleanly
-- Bdale Garbee <bdale@gag.com> Wed, 23 Dec 2015 11:15:22 -0700
sudo (1.8.12-1) unstable; urgency=low
* new upstream version, closes: #772707, #773383
* patch from Christian Kastner to fix sudoers handling error when moving
between sudo and sudo-ldap packages, closes: #776137
-- Bdale Garbee <bdale@gag.com> Mon, 23 Feb 2015 08:56:06 -0700
sudo (1.8.11p2-1) unstable; urgency=low
* new upstream version
-- Bdale Garbee <bdale@gag.com> Thu, 30 Oct 2014 11:14:06 -0700
sudo (1.8.11p1-2) unstable; urgency=low
* patch from Jakub Wilk to fix 'ignoring time stamp from the future'
messages, closes: #762465
* upstream patch forwarded by Laurent Bigonville that fixes problem with
Linux kernel auditing code, closes: #764817
-- Bdale Garbee <bdale@gag.com> Mon, 20 Oct 2014 11:06:44 -0600
sudo (1.8.11p1-1) unstable; urgency=low
* new upstream version, closes: #764286
* fix typo in German translation, closes: #761601
-- Bdale Garbee <bdale@gag.com> Fri, 10 Oct 2014 10:16:08 -0600
sudo (1.8.10p3-1) unstable; urgency=low
* new upstream release
* add hardening=+all to match login and su
* updated VCS URLs and crypto verified watch file, closes: #747473
* harmonize configure options for LDAP version to match non-LDAP version,
in particular stop using --with-secure-path and add configure_args
* enable audit support on Linux systems, closes: #745779
* follow upstream change from --with-timedir to --with-rundir
-- Bdale Garbee <bdale@gag.com> Sun, 14 Sep 2014 10:20:15 -0600
sudo (1.8.9p5-1) unstable; urgency=low
* new upstream release, closes: #735328
-- Bdale Garbee <bdale@gag.com> Tue, 04 Feb 2014 11:46:19 -0700
sudo (1.8.9p4-1) unstable; urgency=low
* new upstream release, closes: #732008
-- Bdale Garbee <bdale@gag.com> Wed, 15 Jan 2014 14:55:25 -0700
sudo (1.8.9p3-1) unstable; urgency=low
* new upstream release
-- Bdale Garbee <bdale@gag.com> Mon, 13 Jan 2014 14:49:42 -0700
sudo (1.8.9~rc1-1) experimental; urgency=low
* upstream release candidate
-- Bdale Garbee <bdale@gag.com> Sun, 29 Dec 2013 21:36:12 -0700
sudo (1.8.9~b2-1) experimental; urgency=low
* upstream beta release
* update Debian standards version
* squelch lintian complaint about missing sudo-ldap systemd service, since
the service file is always called 'sudo.service'
-- Bdale Garbee <bdale@gag.com> Wed, 25 Dec 2013 14:48:23 -0700
sudo (1.8.9~b1-1) experimental; urgency=low
* upstream beta release
-- Bdale Garbee <bdale@gag.com> Wed, 27 Nov 2013 09:37:00 -0700
sudo (1.8.8-3) unstable; urgency=low
* document in README.Debian that the sssd support is enabled in the sudo
package, not in the sudo-ldap package, closes: #728289
-- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 2013 10:33:44 -0600
sudo (1.8.8-2) unstable; urgency=low
* fix touch errors on boot, closes: #725193
-- Bdale Garbee <bdale@gag.com> Tue, 08 Oct 2013 20:11:38 -0600
sudo (1.8.8-1) unstable; urgency=low
* new upstream release
-- Bdale Garbee <bdale@gag.com> Mon, 30 Sep 2013 23:08:49 -0600
sudo (1.8.8~rc1-1) experimental; urgency=low
* upstream release candidate with several of our patches folded in
* set filestamps to epoch instead of an arbitrary old date in the init
fragment, closes: #722335
-- Bdale Garbee <bdale@gag.com> Thu, 12 Sep 2013 10:16:58 -0700
sudo (1.8.8~b3-1) experimental; urgency=low
* pre-release of new upstream version, put in experimental
-- Bdale Garbee <bdale@gag.com> Wed, 04 Sep 2013 07:53:08 -0600
sudo (1.8.7-4) unstable; urgency=low
* looks like we actually need both --with-sssd and --with-sssd-lib,
closes: #719987, #724763
-- Bdale Garbee <bdale@gag.com> Fri, 27 Sep 2013 11:48:55 -0600
sudo (1.8.7-3) unstable; urgency=low
* use --with-sssd-lib to help sudo find libsss-sudo in multiarch path,
closes: #719987
-- Bdale Garbee <bdale@gag.com> Sat, 17 Aug 2013 15:38:53 +0200
sudo (1.8.7-2) unstable; urgency=low
* let debhelper scripts manage the update-rc.d calls, closes: #719755
-- Bdale Garbee <bdale@gag.com> Fri, 16 Aug 2013 01:48:23 +0200
sudo (1.8.7-1) unstable; urgency=low
* new upstream version, closes: #715157, #655879
* make sudo-ldap package's init.d script be called sudo-ldap
* add sssd support to sudo, closes: #719574
* recognize lenny, squeeze, and wheezy unmodified sudoers, closes: #660594
-- Bdale Garbee <bdale@gag.com> Wed, 14 Aug 2013 00:01:14 +0200
sudo (1.8.5p2-1) unstable; urgency=low
* new upstream version
* patch to use flock on hurd, run autoconf in rules, closes: #655883
* patch to avoid calling unlink with null pointer on hurd, closes: #655948
* patch to actually use hardening build flags, closes: #655417
* fix sudo-ldap.postinst syntax issue, closes: #669576
-- Bdale Garbee <bdale@gag.com> Thu, 28 Jun 2012 12:01:37 -0600
sudo (1.8.3p2-1) unstable; urgency=high
* new upstream version, closes: #657985 (CVE-2012-0809)
* patch from Pino Toscano to only use selinux on Linux, closes: #655894
-- Bdale Garbee <bdale@gag.com> Mon, 30 Jan 2012 16:11:54 -0700
sudo (1.8.3p1-3) unstable; urgency=low
* patch from Moritz Muehlenhoff enables hardened build flags, closes: #655417
* replacement postinst script from Mike Beattie using shell instead of Perl
* include systemd service file from Michael Stapelberg, closes: #639633
* add init.d status support, closes: #641782
* make sudo-ldap package manage a sudoers entry in nsswitch.conf,
closes: #610600, #639530
* enable mail_badpass in the default sudoers file, closes: #641218
* enable selinux support, closes: #655510
-- Bdale Garbee <bdale@gag.com> Wed, 11 Jan 2012 16:18:13 -0700
sudo (1.8.3p1-2) unstable; urgency=low
* if upgrading from squeeze, and the sudoers file is unmodified, avoid
the packaging system prompting the user about a change they didn't make
now that sudoers is a conffile, closes: #612532, #636049
* add a recommendation for the use of visudo to the sudoers.d/README file,
closes: #648104
-- Bdale Garbee <bdale@gag.com> Sat, 12 Nov 2011 16:27:13 -0700
sudo (1.8.3p1-1) unstable; urgency=low
* new upstream version, closes: #646478
-- Bdale Garbee <bdale@gag.com> Thu, 27 Oct 2011 01:03:44 +0200
sudo (1.8.3-1) unstable; urgency=low
* new upstream version, closes: #639391, #639568
-- Bdale Garbee <bdale@gag.com> Sat, 22 Oct 2011 23:49:16 -0600
sudo (1.8.2-2) unstable; urgency=low
[ Luca Capello ]
* debian/rules improvements, closes: #642535
+ mv upstream sample.* files to the examples folder.
- do not call dh_installexamples.
[ Bdale Garbee ]
* patch from upstream for SIGBUS on sparc64, closes: #640304
* use common-session-noninteractive in the pam config to reduce log noise
when sudo is used in cron, etc, closes: #519700
* patch from Steven McDonald to fix segfault on startup under certain
conditions, closes: #639568
* add a NEWS entry regarding the secure_path change made in 1.8.2-1,
closes: #639336
-- Bdale Garbee <bdale@gag.com> Mon, 26 Sep 2011 21:55:56 -0600
sudo (1.8.2-1) unstable; urgency=low
* new upstream version, closes: #637449, #621830
* include common-session in pam config, closes: #519700, #607199
* move secure_path from configure to default sudoers, closes: #85123, 85917
* improve sudoers self-documentation, closes: #613639
* drop --disable-setresuid since modern systems should not run 2.2 kernels
* lose the --with-devel configure option since it's breaking builds in
subdirectories for some reason
-- Bdale Garbee <bdale@gag.com> Wed, 24 Aug 2011 13:33:11 -0600
sudo (1.7.4p6-1) unstable; urgency=low
* new upstream version
* touch the right stamp name after configuring, closes: #611287
* patch from Svante Signell to fix build problem on Hurd, closes: #611290
-- Bdale Garbee <bdale@gag.com> Wed, 09 Feb 2011 11:32:58 -0700
sudo (1.7.4p4-6) unstable; urgency=low
* update /etc/sudoers.d/README now that sudoers is a conffile
* patch from upstream to fix special case in password checking code
when only the gid is changing, closes: #609641
-- Bdale Garbee <bdale@gag.com> Tue, 11 Jan 2011 10:22:39 -0700
sudo (1.7.4p4-5) unstable; urgency=low
* patch from Jakub Wilk to add noopt and nostrip build option support,
closes: #605580
* make sudoers a conffile, closes: #605130
* add descriptions to LSB init headers, closes: #604619
* change default sudoers %sudo entry to allow gid changes, closes: #602699
* add Vcs entries to the control file
* use debhelper install files instead of explicit installs in rules
-- Bdale Garbee <bdale@gag.com> Wed, 01 Dec 2010 20:32:31 -0700
sudo (1.7.4p4-4) unstable; urgency=low
* patch from upstream to resolve problem always prompting for a password
when run without a tty, closes: #599376
* patch from upstream to resolve interoperability problem between HOME in
env_keep and the -H flag, closes: #596493
* change path syntax to avoid tar error when /var/run/sudo exists but is
empty, closes: #598877
-- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600
sudo (1.7.4p4-3) unstable; urgency=low
* make postinst clause for handling /var/run -> /var/lib transition less
fragile, closes: #585514
* cope with upstream's Makefile trying to install ChangeLog in our doc
directory, closes: #597389
* fix README.Debian to reflect that HOME is no longer preserved by default,
closes: #596847
-- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600
sudo (1.7.4p4-2) unstable; urgency=low
* add a NEWS item about change in $HOME handling that impacts programs
like pbuilder
-- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
sudo (1.7.4p4-1) unstable; urgency=high
* new upstream version, urgency high due to fix for flaw in Runas group
matching (CVE-2010-2956), closes: #595935
* handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
re-lecturing existing users, and to clean up after ourselves on upgrade,
and remove the RAMRUN section from README.Debian since the new state dir
should fix the original problem, closes: #585514
* deliver README.Debian to both package flavors, closes: #593579
-- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600
sudo (1.7.2p7-1) unstable; urgency=high
* new upstream release with security fix for secure path (CVE-2010-1646),
closes: #585394
* move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
about whether to give the lecture is preserved across reboots even when
RAMRUN is set, closes: #581393
* add a note to README.Debian about LDAP needing an entry in
/etc/nsswitch.conf, closes: #522065
* add a note to README.Debian about how to turn off lectures if using
RAMRUN in /etc/default/rcS, closes: #581393
-- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
sudo (1.7.2p6-1) unstable; urgency=low
* new upstream version fixing CVE-2010-1163, closes: #578275, #570737
-- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
sudo (1.7.2p5-1) unstable; urgency=low
* new upstream release, closes a bug filed upstream regarding missing man
page processing scripts in the 1.7.2p1 tarball, also includes the fix
for CVE-2010-0426 previously the subject of a security team nmu
* move to source format 3.0 (quilt) and restructure changes as patches
* fix unprocessed substitution variables in man pages, closes: #557204
* apply patch from Neil Moore to fix Debian-specific content in the
visudo man page, closes: #555013
* update descriptions to better explain sudo-ldap, closes: #573108
* eliminate spurious 'and' in man page, closes: #571620
* fix confusing text in default sudoers, closes: #566607
-- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
sudo (1.7.2p1-1) unstable; urgency=low
* new upstream version
* add support for /etc/sudoers.d using #includedir in default sudoers,
which I think is also a good solution to the request for a crontab-like
API requested in March of 2001, closes: #539994, #271813, #89743
* move init.d script from using rcS.d to rc[0-6].d, closes: #542924
-- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
sudo (1.7.2-2) unstable; urgency=low
* further improve initial sudoers to not include the NOPASSWD option on
the group sudo exception, closes: #539136, #198991
-- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
sudo (1.7.2-1) unstable; urgency=low
* new upstream version, closes: #537103
* improve initial sudoers by having the exemption for users in group
sudo on by default, and including the ability to run any command as
any user. This makes the default install roughly equivalent to our
old use of the --with-exempt=sudo build option, closes: #536220, #536222
-- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
sudo (1.7.0-1) unstable; urgency=low
* new upstream version, closes: #510179, #128268, #520274, #508514
* fix ldap config file path for sudo-ldap package, including creating
a symlink in postinst and cleaning it up in postrm for the sudo-ldap
package, closes: #430826
* fix NOPASSWD entry location in default config file for the sudo-ldap
instance too, closes: #479616
-- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
sudo (1.6.9p17-2) unstable; urgency=high
* patch from upstream to fix privilege escalation with certain
configurations, CVE-2009-0034
* typo in sudoers man page, closes: #507163
-- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
sudo (1.6.9p17-1) unstable; urgency=low
* new upstream version, closes: #481008
* deliver schemas to doc directory in sudo-ldap package, closes: #474331
* re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
in move from CVS to git for package management, closes: #475821
* re-instate the init.d for the sudo-ldap package too... /o\
-- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
sudo (1.6.9p15-2) unstable; urgency=low
* revert the fix for 388659 such that visudo once again defaults to using
/usr/bin/editor. I was always ambivalent about this change, it has caused
more confusion and frustration than it cured, and I find Justin's line of
reasoning persuasive. Update the man page source to reflect this choice
and the related use of --with-env-editor. Closes: #474197.
* patch from Petter Reinholdtsen to improve init.d, closes: #475821
-- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
sudo (1.6.9p15-1) unstable; urgency=low
* new upstream version, closes: #467126, #473337
* remove pointless postrm scripts, leaving debhelper do its thing if needed,
thanks to Justin Pryzby for pointing this out
* reinstate the init.d, since bootclean doesn't quite do what we want. This
also means we don't need the preinst scripts any more. Update the lintian
overrides since postinst is a Perl script lintian apparently isn't parsing
well. closes: #330868
-- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
sudo (1.6.9p12-1) unstable; urgency=low
* new upstream version, closes: #464890
-- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
sudo (1.6.9p11-3) unstable; urgency=low
* patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
-- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
sudo (1.6.9p11-2) unstable; urgency=low
* update version compared in preinst when removing obsolete init.d,
closes: #459681
* implement pam session config suggestions from Elizabeth Fong,
closes: #452457, #402329
-- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
sudo (1.6.9p11-1) unstable; urgency=low
* new upstream version
-- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
sudo (1.6.9p10-1) unstable; urgency=low
* new upstream version
* tweak default password prompt as %u doesn't make sense. Accept patch from
Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
uses it by default, closes: #454409
* accept patch from Martin Pitt that adds a prerm making it difficult to
"accidentally" remove sudo when there is no root password set on the
system, closes: #451241
-- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
sudo (1.6.9p9-1) unstable; urgency=low
* new upstream version
* debian/rules: configure a more informative default password prompt to
reduce confusion when using sudo to invoke commands which also ask for
passwords, closes: #343268
* auth/pam.c: don't use the PAM prompt if the user explicitly requested
a custom prompt, closes: #448628.
* fix configure's ability to discover that libc has dirfd, closes: #451324
* make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
the command 'visudo' invokes a vi variant by default as documented,
closes: #388659
-- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
sudo (1.6.9p6-1) unstable; urgency=low
* new upstream version, closes: #442815, #446146, #438699, #435768, #435314
closes: #434832, #434608, #430382
* eliminate the now-redundant init.d scripts, closes: #397090
* fix typo in TROUBLESHOOTING file, closes: #439624
-- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
sudo (1.6.8p12-6) unstable; urgency=low
* fix typos in visudo.pod relating to env_editor variable, closes: #418886
* have init.d touch directories in /var/run/sudo, not just files, as a
followup to #330868.
* fix various typos in sudoers.pod, closes: #419749
* don't let Makefile strip binaries, closes: #438073
-- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
sudo (1.6.8p12-5) unstable; urgency=low
* update debian/copyright to reflect new upstream URL, closes: #368746
* add sandwich cartoon URL to the README.Debian
* don't remove sudoers on purge. can cause problems when moving between
sudo and sudo-ldap. leaving sudoers around on purge seems like the least
evil choice for now, closes: #401366
* also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
closes: #374509
* accept patch that improves debian/rules from Ted Percival, closes: #382122
* no longer build with --with-exempt=sudo, provide an example entry in the
default sudoers file instead, closes: #296605
* add --with-devel to configure and augment build dependencies so that flex
and yacc files get re-generated on every build, closes: #316249
-- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
sudo (1.6.8p12-4) unstable; urgency=low
* patch from Petter Reinholdtsen for the LSB info block in the init.d
script, closes: #361055
* deliver sudoers sample again, closes: #361593
-- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
sudo (1.6.8p12-3) unstable; urgency=low
* force-feed configure knowledge of nroff's path so we get unformatted man
pages installed without build-depending on groff-base, closes: #360894
* add a reference to OPTIONS in the man page, closes: #186226
-- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
sudo (1.6.8p12-2) unstable; urgency=low
* fix typos in init scripts, closes: #346325
* update to debhelper compat level 5
* build depend on autotools-dev to ensure config.sub/guess are fresh
* accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
use it here as well. Thanks to Martin and the debian-security team.
closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
closes: #315115, #315718, #203874
* Non-maintainer upload by the Security Team
* Reworked the former patch to limit environment variables from being
passed through, set env_reset as default instead [sudo.c, env.c,
sudoers.pod, Bug#342948, CVE-2005-4158]
* env_reset is now set by default
* env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
(in addition to the SUDO_* variables)
* Rebuild sudoers.man.in from the POD file
* Added README.Debian
* patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
* simplify rules file by using more of Makefile, despite having to override
default directories with more arguments to configure, closes: #292833
* update sudo man page to reflect use of SECURE_PATH, closes: #228551
* inconsistencies in sudoers man page resolved, closes: #220808, #161012
* patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
unresolveable (requires adding bison as build dep), closes: #314949
-- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
sudo (1.6.8p12-1) unstable; urgency=low
* new upstream version, closes: #342948 (CVE-2005-4158)
* add env_reset to the sudoers file we create if none already exists,
as a further precaution in response to discussion about CVS-2005-4158
* split ldap support into a new sudo-ldap package. I was trying to avoid
doing this, but the impact of going from 4 to 17 linked shlibs on the
autobuilder chroots is sufficient motivation for me.
closes: #344034
-- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
sudo (1.6.8p9-4) unstable; urgency=low
* enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
* merge patch from Martin Pitt / Ubuntu to be more robust about resetting
timestamps in the init.d script, closes: #330868
* add dependency header to init.d script, closes: #332849
-- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
sudo (1.6.8p9-3) unstable; urgency=high
* update debhelper compatibility level from 2 to 4
* add man page symlink for sudoedit
* Clean SHELLOPTS and PS4 from the environment before executing programs
with sudo permissions [env.c, CAN-2005-2959]
* fix typo in manpage pointed out by Moray Allen, closes: #285995
* fix paths in sample complex sudoers file, closes: #303542
* fix type in sudoers man page, closes: #311244
-- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
sudo (1.6.8p9-2) unstable; urgency=high
* merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
closes: #305735
-- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
sudo (1.6.8p9-1) unstable; urgency=high
* new upstream version, fixes a race condition in sudo's pathname
validation, which is a security issue (CAN-2005-1993),
closes: #315115, #315718
-- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
sudo (1.6.8p7-1) unstable; urgency=low
* new upstream version, closes: #299585
* update lintian overrides to squelch the postinst warning
* change sudoedit from a hard to a soft link, closes: #296896
* fix regex doc in sudoers man page, closes: #300361
-- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
sudo (1.6.8p5-1) unstable; urgency=high
* new upstream version
* restores ability to use config tuples without a value, which was causing
problems on upgrade closes: #283306
* deliver sudoedit, closes: #283078
* marking urgency high since 283306 is a serious upgrade incompatibility
-- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
sudo (1.6.8p3-2) unstable; urgency=high
* update pam.d deliverable so ldap works again, closes: #282191
-- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
sudo (1.6.8p3-1) unstable; urgency=high
* new upstream version, fixes a flaw in sudo's environment sanitizing that
could allow a malicious user with permission to run a shell script that
utilized the bash shell to run arbitrary commands, closes: #281665
* patch the sample sudoers to have the proper path for kill on Debian
systems, closes: #263486
* patch the sudo manpage to reflect Debian's choice of exempt_group
default setting, closes: #236465
* patch the sudo manpage to reflect Debian's choice of no timeout on the
password prompt, closes: #271194
-- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
sudo (1.6.7p5-2) unstable; urgency=low
* Jeff Bailey reports that seteuid works on current sparc systems, so we
no longer need the "grosshack" stuff in the sudo rules file
* add a postrm that removes /etc/sudoers on purge. don't do this with the
normal conffile mechanism since it would generate noise on every upgrade,
closes: #245405
-- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
sudo (1.6.7p5-1) unstable; urgency=low
* new upstream version, closes: #190265, #193222, #197244
* change from '.' to ':' in postinst chown call, closes: #208369
-- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
sudo (1.6.7p3-2) unstable; urgency=low
* add --disable-setresuid to configure call since 2.2 kernels don't support
setresgid, closes: #189044
* cosmetic cleanups to debian/rules as long as I'm there
-- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
sudo (1.6.7p3-1) unstable; urgency=low
* new upstream version
* add overrides to quiet lintian about things it doesn't understand,
except the source one that can't be overridden until 129510 is fixed
-- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
sudo (1.6.6-3) unstable; urgency=low
* add code to rules file to update config.sub/guess, closes: #164501
-- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
sudo (1.6.6-2) unstable; urgency=low
* adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
configure, and lose the build dependency on mail-transport-agent
* incorporate changes from LaMont's NMU, closes: #144665, #144737
* update init.d to not try and set time on nonexistent timestamp files,
closes: #132616
* build with --with-all-insults, admin must edit sudoers to turn insults
on at runtime if desired, closes: #135374
* stop setting /usr/doc symlink in postinst
-- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
sudo (1.6.6-1.1) unstable; urgency=high
* NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
* Revert patch to auth/pam.c that left pass uninitialized, causing a
segfault (Closes: #144665).
-- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
sudo (1.6.6-1) unstable; urgency=high
* new upstream version, fixes security problem with crafty prompts,
closes: #144540
-- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
sudo (1.6.5p1-4) unstable; urgency=high
* apply patch for auth/pam.c to fix yet another way to make sudo segfault
if ctrl/C'ed at password prompt, closes: #131235
-- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
sudo (1.6.5p1-3) unstable; urgency=high
* ugly hack to add --disable-saved-ids when building on sparc in response
to 131592, which will be reassigned to glibc for a real fix
* urgency high since the sudo currently in testing for sparc is worthless
-- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
sudo (1.6.5p1-2) unstable; urgency=high
* patch from upstream to fix seg faults caused by versions of pam that
follow a NULL pointer, closes: #129512
-- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
sudo (1.6.5p1-1) unstable; urgency=high
* new upstream version
* add --disable-root-mailer option supported by new version to configure
call in rules file, closes: #129648
-- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
sudo (1.6.4p1-1) unstable; urgency=high
* new upstream version, with fix for segfaulting problem in 1.6.4
-- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
sudo (1.6.4-1) unstable; urgency=high
* new upstream version, includes an important security fix, closes: #127576
-- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
sudo (1.6.3p7-5) unstable; urgency=low
* only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
* fix spelling error in init.d, closes: #126847
-- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
sudo (1.6.3p7-4) unstable; urgency=medium
* use touch to set status files to an ancient date instead of removing them
outright on reboot. this achieves the desired effect of keeping elevated
privs from living across reboots, without forcing everyone to see the
new-sudo-user lecture after every reboot. pick a time that's 'old enough'
for systems with good clocks, and 'recent enough' that broken PC hardware
setting the clock to commonly-seen bogus dates trips over the "don't trust
future timestamps" rule. closes: #76529, #123559
* apply patch from Steve Langasek to fix seg faults due to interaction with
PAM code. upstream confirms the problem, and says they're fixing this
differently for their next release... but this should be useful in the
meantime, and would be good to get into woody. closes: #119147
* only run the init.d at boot, not on each runlevel change... and don't run
it during package configure. closes: #125935
* add DEB_BUILD_OPTIONS support to rules file, closes: #94952
-- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
sudo (1.6.3p7-3) unstable; urgency=low
* apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
* fix a typo in the manpage, closes: #97368
* apply patch to configure.in and run autoconf to fix problem building on
the hurd, closes: #96325
* add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
to not last across reboots, closes: #76529
* clean up lintian-noticed cosmetic packaging issues
-- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
sudo (1.6.3p7-2) unstable; urgency=low
* update config.sub/guess for hppa support
-- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
sudo (1.6.3p7-1) unstable; urgency=low
* new upstream version
* add build dependency on mail-transport-agent, closes: #90685
-- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
sudo (1.6.3p6-1) unstable; urgency=high
* new upstream version, fixes buffer overflow problem,
closes: #87259, #87278, #87263
* revert to using --with-secure-path option at build time, since the option
available in sudoers is parsed too late to be useful, and upstream says
it won't get fixed quickly. This reopens 85123, which I will mark as
forwarded. Closes: #86199, #86117, #85676
-- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
sudo (1.6.3p5-2) unstable; urgency=low
* lose the dh_suidregister call since it's obsolete
* stop using the --with-secure-path option at build time, and instead show
how to set it in sudoers. Closes: #85123
* freshen config.sub and config.guess for ia64 and hppa
* update sudoers man page to indicate exempt_group is on by default,
closes: #70847
-- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
sudo (1.6.3p5-1) unstable; urgency=low
* new upstream version, closes: #63940, #59175, #61817, #64652, #65743
* this version restores core dumps before the exec, while leaving them
disabled during sudo's internal execution, closes: #58289
* update debhelper calls in rules file
-- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
sudo (1.6.2p2-1) frozen unstable; urgency=medium
* new upstream source resulting from direct collaboration with the upstream
author to fix ugly pam-related problems on Debian in 1.6.1 and later.
Closes: #56129, #55978, #55979, #56550, #56772
* include more upstream documentation, closes: #55054
* pam.d fragment update, closes: #56129
-- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
sudo (1.6.1-1) unstable; urgency=low
* new upstream source, closes: #52750
-- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
sudo (1.6-2) unstable; urgency=low
* drop suidregister support for this package. The sudo executable is
essentially worthless unless it is setuid root, and making suidregister
work involves shipping a non-setuid executable in the .deb and setting the
perms in the postinst. On a long upgrade run, this can leave the sudo
executable 'broken' for a long time, which is unacceptable. With this
version, we ship the executable setuid root in the .deb. Closes: #51742
-- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
sudo (1.6-1) unstable; urgency=low
* new upstream version, many options previously set at compile-time are now
configurable at runtime.
Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
* FHS support
-- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
sudo (1.5.9p4-1) unstable; urgency=low
* new upstream version, closes: #43464
* empty password handling was fixed in 1.5.8, closes: #31863
-- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
sudo (1.5.9p1-1) unstable; urgency=low
* new upstream version
-- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
sudo (1.5.8p1-1) unstable; urgency=medium
* new upstream version, closes 33690
* add dependency on libpam-modules, closes 34215, 33432
-- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
sudo (1.5.7p4-2) unstable; urgency=medium
* update the pam fragment provided so that sudo works with latest pam bits,
closes 33432
-- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
sudo (1.5.7p4-1) unstable; urgency=low
* new upstream release
-- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
sudo (1.5.6p5-1) unstable; urgency=low
* new upstream patch release
* add PAM support, closes 28594
-- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
sudo (1.5.6p2-2) unstable; urgency=low
* update copyright file, closes 24136
* review and close forwarded bugs believed fixed in this upstream version,
closes 17606, 15786.
-- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
sudo (1.5.6p2-1) unstable; urgency=low
* new upstream release
-- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
sudo (1.5.4-4) frozen unstable; urgency=low
* update postinst to use groupadd, closes 21403
* move the suidregister stuff earlier in postinst to ensure it always runs
-- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
sudo (1.5.4-3) frozen unstable; urgency=low
* change /etc/sudoers from a conffile to being handled in postinst,
closes 18219
* add suidmanager support, closes 15711
* add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
unlikely to ever fix, and which just don't matter. closes 17146
* fix FSF address in copyright file, and submit exception for lintian
warning about sudo being setuid root
-- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
sudo (1.5.4-2) unstable; urgency=high
* patch from upstream author correcting/improving security fix
-- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
sudo (1.5.4-1) unstable; urgency=high
* new upstream version, includes a security fix
* change default editor from /bin/ae to /usr/bin/editor
-- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
sudo (1.5.3-1) unstable; urgency=medium
* new upstream version, closes bug 15911.
* rules file reworked to use debhelper
* implement a really gross hack to force use of the sudo-provided
lsearch(), since the one in libc6 is broken! This closes bugs
12552, 12557, 14881, 15259, 15916.
-- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
sudo (1.5.2-6) unstable; urgency=LOW
* don't install INSTALL in the doc directory, closes bug 13195.
-- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
sudo (1.5.2-5) unstable; urgency=LOW
* libc6
-- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
sudo (1.5.2-4) unstable; urgency=LOW
* change TIMEOUT (how long before you have to type your password again)
to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
packages on slower machines much more tolerable. Closes bug 9076.
* touch debian/suid before debstd. Closes bug 8709.
-- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
sudo (1.5.2-3) frozen unstable; urgency=LOW
* patch from upstream maintainer to close Bug 6828
* add a debian/suid file to get debstd to leave my perl postinst alone
-- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
sudo (1.5.2-2) frozen unstable; urgency=LOW
* change rules to use -O2 -Wall as per standards
-- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
sudo (1.5.2-1) unstable; urgency=LOW
* new upstream version
* cosmetic changes to debian package control files
-- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
sudo (1.5-2) unstable; urgency=LOW
* add /usr/X11R6/bin to the end of the secure path... this makes it
much easier to run xmkmf, etc., during package builds. To the extent
that /usr/local/sbin and /usr/local/bin were already included, I see
no security reasons not to add this.
-- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
sudo (1.5-1) unstable; urgency=LOW
* New upstream version
* New maintainer
* New packaging format
-- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
sudo (1.4.1-1):
* hard code SECURE_PATH to:
"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
* enable ENV_EDITOR
* enabled EXEMPTGROUP "sudo"
* moved timestamp dir to /var/log/sudo
* changed parser to check for long and short filenames (Bug#1162)
Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
sudo (1.4.2-1):
* New upstream source
* Fixed postinst script
(thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
* Removed special shadow binary. This version works with and without
shadow password file.
Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
sudo (1.4.2-2):
* Corrected editor path to /bin/ae (Bug#3062)
* Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
sudo (1.4.3-1):
* New upstream version
* Changed sudoers permission to 440 (owner root, group root) to make
sudo usable via NFS
Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
sudo (1.4.3-2):
* Applied upstream patch 1
Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
sudo (1.4.3-3):
* Applied upstream patch 2
Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
sudo (1.4.3-4):
* Applied upstream patch 3 (fixes problems with an NFS-mounted
sudoers file)
Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
sudo (1.4.3-5):
* Corrected postinst to use /usr/bin/perl instead of /bin/perl
[Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
sudo (1.4.3-6):
* Applied upstream patch 4 (fixes several bugs)
* Changed priority to optional
Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
sudo (1.4.3-7):
* Corrected postinst to create correct permission for /etc/sudoers
(Bug#3749)
Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
sudo (1.4.4-1):
* New upstream version
sudo (1.4.4-2) admin; urgency=HIGH
* Fixed major security bug reported by Peter Tobias
<tobias@et-inf.fho-emden.de>
* Added dchanges support to debian.rules
sudo (1.4.5-1) admin; urgency=LOW
* New upstream version
* Minor changes to debian.rules
|