summaryrefslogtreecommitdiffstats
path: root/debian/NEWS
diff options
context:
space:
mode:
Diffstat (limited to 'debian/NEWS')
-rw-r--r--debian/NEWS78
1 files changed, 78 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS
new file mode 100644
index 0000000..dda489a
--- /dev/null
+++ b/debian/NEWS
@@ -0,0 +1,78 @@
+sudo (1.9.15p2-1) unstable; urgency=medium
+
+ sudo-ldap has become a burden to maintain. This is mainly due to the fact
+ that the sudo team has neither the manpower nor the know-how to maintain
+ sudo-ldap adequately.
+
+ In practice, there are few installations that use sudo-ldap. Most
+ installations that use LDAP as a directory service and sudo have now opted
+ for sssd, sssd-ldap and libsss-sudo.
+
+ The Debian sudo team recommends the use of libsss-sudo for new
+ installations and the migration of existing installations from sudo-ldap
+ to libsss-sudo and sssd.
+
+ The combination of sudo and sssd is automatically tested in autopkgtest
+ of sudo.
+
+ This is also being discussed in #1033728 in the Debian BTS.
+
+ Debian 13, "trixie", will be the last version of Debian that supports
+ sudo-ldap. Please use the bookworm and trixie release cycles to migrate
+ your installation away from sudo-ldap.
+
+ Please make sure that you do not upgrade from Debian 13 to Debian 14
+ while you're still using sudo-ldap. This is not going to work and
+ will probably leave you without intended privilege escalation.
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Mon, 20 Nov 2023 10:07:57 +0100
+
+sudo (1.9.5p2-3) unstable; urgency=medium
+
+ We have added "Defaults use_pty" to the default configuration. This fixes
+ CVE-2005-4890 which has been lingering around for more then a decade.
+ If you would like the old behavior back, please remove the respective line
+ from /etc/sudoers.
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 24 Feb 2021 17:59:22 +0100
+
+sudo (1.8.2-1) unstable; urgency=low
+
+ The sudo package is no longer configured using --with-secure-path.
+ Instead, the provided sudoers file now contains a line declaring
+ 'Defaults secure_path=' with the same path content that was previously
+ hard-coded in the binary. A consequence of this change is that if you
+ do not have such a definition in sudoers, the PATH searched for commands
+ by sudo may be empty.
+
+ Using explicit paths for each command you want to run with sudo will work
+ well enough to allow the sudoers file to be updated with a suitable entry
+ if one is not already present and you choose to not accept the updated
+ version provided by the package.
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 24 Aug 2011 13:33:11 -0600
+
+sudo (1.7.4p4-2) unstable; urgency=low
+
+ The HOME and MAIL environment variables are now reset based on the
+ target user's password database entry when the env_reset sudoers option
+ is enabled (which is the case in the default configuration). Users
+ wishing to preserve the original values should use a sudoers entry like:
+ Defaults env_keep += HOME
+ to preserve the old value of HOME and
+ Defaults env_keep += MAIL
+ to preserve the old value of MAIL.
+
+ The change in handling of HOME is known to affect programs like pbuilder.
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
+
+sudo (1.6.8p12-5) unstable; urgency=low
+
+ The sudo package is no longer configured --with-exempt=sudo. If you
+ depend on members of group sudo being able to run sudo without needing
+ a password, you will need to put "%sudo ALL=NOPASSWD: ALL" in
+ /etc/sudoers to preserve equivalent functionality.
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:13:39 -0600
+