diff options
Diffstat (limited to 'debian/changelog')
-rw-r--r-- | debian/changelog | 1768 |
1 files changed, 1768 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..6a0b3f1 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,1768 @@ +sudo (1.9.15p5-3) unstable; urgency=medium + + * add --with-devel configure option. + Thanks to Bastien Roucariès (Closes: #1061272) + + -- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 26 Jan 2024 21:10:13 +0100 + +sudo (1.9.15p5-2) unstable; urgency=medium + + * switch Build-Depends from systemd to systemd-dev + Thanks to Michael Biebl (Closes: #1060511) + * set Multi-Arch: foreign on sudo and sudo-ldap. + Thanks to Andreas Rottmann (Closes: #1060445) + * add debian/copyright clause for source_sudo.py. + Oops. + + -- Marc Haber <mh+debian-packages@zugschlus.de> Sat, 13 Jan 2024 21:59:56 +0100 + +sudo (1.9.15p5-1) unstable; urgency=medium + + * new upstream version 1.9.15p5 + * This is supposed to properly malloc on hurd. + Thanks to Martin-Éric Racine (Closes: #1057833) + * add durch debconf translation. + Thanks to Frans Spiesschaert (Closes: #1059567) + + -- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 03 Jan 2024 21:40:38 +0100 + +sudo (1.9.15p4-2) unstable; urgency=medium + + * upload to unstable + * use pkg-config to place systemd units. + Thanks to Chris Hofstaedtler (Closes: #1059063) + * Add french debconf translation. + Thanks to bubu (Closes: #1058939) + * fix typo in NEWS.Debian. + Thanks to Vincent Danjean (Closes: #1058925) + * add persian debconf translation. + Thanks to Danial Behzadi + * add spanish debconf translation. + Thanks to Camaleón (Closes: #1059460) + + -- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 27 Dec 2023 17:53:13 +0100 + +sudo (1.9.15p4-1) experimental; urgency=medium + + * new upstream version 1.9.15p4 + * add de.po template translation. + Thanks to Christoph Brinkhaus (Closes: #1058762) + * Enable AppArmor (MR 15, manually apṕlied) + Thanks to Will Shand + * remove legacy debian/rules.predh7 + + -- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 15 Dec 2023 22:57:27 +0100 + +sudo (1.9.15p3-1) unstable; urgency=medium + + * new upstream version 1.9.15p3 + + -- Marc Haber <mh+debian-packages@zugschlus.de> Thu, 14 Dec 2023 20:22:51 +0100 + +sudo (1.9.15p2-2) unstable; urgency=medium + + * upload to unstable + + -- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 08 Dec 2023 18:31:14 +0100 + +sudo (1.9.15p2-1) experimental; urgency=medium + + * the #DENOG15 release + * New upstream version 1.9.15p2 + * mark sudo-ldap as deprecated. + + -- Marc Haber <mh+debian-packages@zugschlus.de> Mon, 20 Nov 2023 14:15:22 +0100 + +sudo (1.9.14p2-1) unstable; urgency=medium + + * new upstream version + + -- Marc Haber <mh+debian-packages@zugschlus.de> Thu, 20 Jul 2023 00:31:52 +0200 + +sudo (1.9.13p3-3) unstable; urgency=medium + + * fix wrong patch to fix event log format + (added wrongly in 1.9.13p3-2) + + -- Marc Haber <mh+debian-packages@zugschlus.de> Tue, 27 Jun 2023 11:43:07 +0200 + +sudo (1.9.13p3-2) unstable; urgency=medium + + * add upstream patch to fix event log format. + Thanks to Kimmo Suominen (Closes: #1039557) + * add patch to improve upstream spanish translation + + -- Marc Haber <mh+debian-packages@zugschlus.de> Tue, 27 Jun 2023 11:09:16 +0200 + +sudo (1.9.13p3-1) unstable; urgency=medium + + * new upstream version: + * Fix potential double free for CHROOT= rules + CVE-2023-27320. (Closes: #1032163) + * Fix --enable-static-sudoers regression + * check for overflow as result of fuzzing efforts + * Fix parser regression disallowing rules for user "list" + * Fix eventloop hang if there is /dev/tty data + * Fix sudo -l command args regression + * Fix sudo -l -U someuser regression + * Fix list privs regression + + -- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 08 Mar 2023 21:17:05 +0100 + +sudo (1.9.13p1-1) unstable; urgency=medium + + * new upstream version 1.9.13p1 + * remove unnecessary changelog creation patch + * remove lsb-base from dependencies + + -- Marc Haber <mh+debian-packages@zugschlus.de> Sat, 18 Feb 2023 13:03:19 +0100 + +sudo (1.9.12p2-1) unstable; urgency=high + + * new upstream version 1.9.12p2 + * this fixes CVE-2023-22809: + Sudoedit can edit arbitrary files + + -- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 18 Jan 2023 16:19:23 +0100 + +sudo (1.9.12p1-1) unstable; urgency=low + + * new upstream version 1.9.12p1 + * update patches + * update debian/copyright + * Add upstream patch to silence libgcrypt error message. + Thanks to Francesco P. Lovergine (Closes: #1019428) + * Standards-Version: 4.6.2 (no changes necessary) + * clean out obsolete lintian overrides + * Add patch to disable regeneration of upstream ChangeLog from git. + Thanks to Gioele Barabucci (Closes: #1025740) + * remove extra whitespace from debconf-get-selections output. + * add autopkgtest for sudo with sssd (Closes: #1004910) + + [ Niels Thykier ] + * Support building sudo without (fake)root. + + [ Gioele Barabucci ] + * Use dh_installnss to add ldap to sudoers NSS database + * Add libnss-sudo package. (Closes: #1023524) + + -- Marc Haber <mh+debian-packages@zugschlus.de> Sun, 15 Jan 2023 13:58:48 +0100 + +sudo (1.9.11p3-1) unstable; urgency=low + + * new upstream version 1.9.11p3 + + -- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 23 Mar 2022 10:50:16 +0100 + +sudo (1.9.10-3) unstable; urgency=medium + + * some changes to 03-getroot-ldap autopkgtest to find out + about ppc64el failure + + -- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 23 Mar 2022 10:38:39 +0100 + +sudo (1.9.10-2) unstable; urgency=medium + + * upload to unstable (fixed autopkgtest is needed to allow + adduser to migrate) + + -- Marc Haber <mh+debian-packages@zugschlus.de> Mon, 21 Mar 2022 11:49:06 +0100 + +sudo (1.9.10-1) experimental; urgency=medium + + * new upstream version + * unverified upstream changelog + * implement workaround if /proc/self/stat is invalid. + (Closes: #940533) + * Fix compilation problem on kFreeBSD. (Closes: #1004909) + (different fix than the Debian patch, disable Debian patch) + * get rid of e-mails "problem with defaults entries" in sss + configurations. (Closes: #793660) + * regular expression support for sudoers. (Closes: #945366) + * handle /proc/self/fd in qemu. + * Apply Upstream Patch to allow test suite with non-english LANG + https://bugzilla.sudo.ws/show_bug.cgi?id=1025 + * Apply Upstream Patch to allow test suite with faketime + * re-introduce MVPROG patch that got lost in dh migration. + Thanks to Vagrant Cascadian (Closes: #976307) + * revert back to directly shipping the mask symlink in the package. + Thanks to Michael Biebl (Closes: #1004730) + * adopt configure changes from Ubuntu + --without-lecture --with-tty-tickets --enable-admin-flag (Closes: #1006273) + * fix wrong handling of --with-systemd-tmpfiles.d + * bring OPTIONS up to date. + * have upstream install docs directly to correct directory + * let debhelper handle the upstream changelog + * remove LICENSE.md in both packages + * autopkgtest: send deluser stderr to null in cleanup + * Add cron to autopkgtest 03-getroot-ldap dependencies + * improve lintian overrides + + -- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 18 Mar 2022 14:31:30 +0100 + +sudo (1.9.9-1) unstable; urgency=medium + + * new upstream version + * audit plugin now handles unresolvable hostname better + Thanks to Sven Mueller (Closes: #1003969) + * better document environment handling. + Thanks to Arnout Engelen (Closes: #659101) + * README files now come as markdown + * schemas are now in docs subdirectory + * LICENSE is now LICENSE.md + + [ Marc Haber ] + * refresh patches + * mark paths-in-samples.diff expicitly as not forwarded + * have systemd-tmpfiles clean up /run/sudo on boot + * lintian overrides: + * improve 'em in various places + * give better explanations + * override long line warnings + * override typo warning for a literal film quote + * use correct lintian tag for override init script without unit + * init script / systemd units + * guarantee init script no-op on systemd systems + * mask sysv init script on systemd systems in postinst + instead of debian/rules + * actually remove masking of service in postrm + * maintainer scripts + * document when .dist file removal was added to that + it can be eventually removed + * document when alternative removal was added to that + it can be eventually removed + * add a test to check for presence of #1003969 + * Standards-Version: 4.6.0 (no changes) + * use uscan version 4 + * honor nocheck DEB_BUILD_OPTION + + [ Hilko Bengen ] + * More improvement for Lintian overrides + * Convert debian/copyright to machine-readable format, using + information from upstream-provided LICENSE.md file + + -- Marc Haber <mh+debian-packages@zugschlus.de> Mon, 31 Jan 2022 20:19:55 +0100 + +sudo (1.9.8p2-1) unstable; urgency=medium + + * add more autopkgtests (especially for LDAP) + * improve existing autopkgtests + * debian/patches: + * Remove typo-in-classic-insults.diff, reflectinc upstream's decision + to not fix the typo as a way of remembering Evi Nemeth. + * remove unneeded sudo-success_return. patch + * mark debian/patches/sudo-ldap-docs as Forwarded: not-needed + * add DEP3 headers + * mention #1001858 in sudo.prerm + * comment some lintian-overrides with unclear results + + -- Marc Haber <mh+debian-packages@zugschlus.de> Sat, 18 Dec 2021 14:55:08 +0100 + +sudo (1.9.8p2-1~exp1) experimental; urgency=medium + + [ Marc Haber ] + * new upstream version 1.9.8p2-1 + * this correctly handles double defined alases (Closes: #985412) + * improve sudoers.ldap.manpage. Thanks to Dennis Filder and + Eric Brun (Closes: #981190) + * refresh patches + * remove prompting for wrong sudo group id (Closes: #605576) + * give better docs for LDAP success behavior. + Thanks to Dennis Filder (Closes: 981190) + * remove unneeded mandoc from Build-Depends. + Thanks to Ingo Schwarze + * Restore inclusion of pam_limits.so PAM module. + Thanks to Salvatore Bonaccorso (Closes: 518464) + * Use @includedir in sudoers.d/README (Closes: #993815) + * Other improvements for sudoers.d/README. + Thanks to Josh Triplett (Closes: #994962) + * add some (simple) autopkgtests + * better short description for sudo-ldap + * use https in debian/watch + * some changes to patch headers for Lintian + * manually remove executable bit from shared libs + * explicitly write set -e in maintainer scripts + * debian/control: set Rules-Requires-Root: binary-targets + * add first/trivial autopkgtests + + [ Hilko Bengen ] + * Update lintian-overrides files + * Remove group sudo / gid=27 check from postinst scripts + + [ Otto Kekäläinen ] + * Add basic Salsa-CI for project quality assurance + + -- Marc Haber <mh+debian-packages@zugschlus.de> Sun, 12 Dec 2021 22:45:15 +0100 + +sudo (1.9.6-1~exp2) experimental; urgency=low + + [ Marc Haber ] + * add use_pty to default configuration, fixing CVE-2005-4890. + Thanks to Daniel Kahn Gillmor (Closes: #657784) + * Add group specific defaults for environment variables (commented out) + Thanks to Josh Triplett + * remove --disable-setresuid from sudo-ldap as well. + Thanks to Dennis Filder (Closes: #985307) + + [ Hilko Bengen ] + * Add PAM config for interactive login use (Closes: #690044) + * Actually configure sudo to use pam / sudo-i + + -- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 02 Apr 2021 18:15:21 +0200 + +sudo (1.9.6-1~exp1) experimental; urgency=medium + + * new upstream version + * add upstream signature + * refresh patches + * remove NO_ROOT_MAILER patch (incorporated upstream) + + -- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 12 Mar 2021 22:06:59 +0100 + +sudo (1.9.5p2-3+exp1) experimental; urgency=medium + + [ Marc Haber ] + * convert package to dh + * rename init scripts to be picked up by new debhelper + * rename and update lintian overrides + * let /run directory be created by systemd + * remove documentation files that are installed by upstream scripts + * clear dependency path in .la files + * add Pre-Depends: ${misc:Pre-Depends} + * override package-has-unnecessary-activation-of-ldconfig-trigger + + [ Bastian Blank ] + * Move stuff to /usr/libexec. + * Use dpkg provided make snippets + * Provide build-flags via environment + * Use easier to read multi-line variables + * Remove not require prefix override + * Move stuff to /usr/libexec + + [ Hilko Bengen ] + * Remove unneeded Built-Using + * Simplify dh_auto_* overrides + * Further simplification + * debian/rules: Remove another unneeded variable + * Don't ship *.la files + * Add Apport script + + -- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 12 Mar 2021 20:48:13 +0100 + +sudo (1.9.5p2-3) unstable; urgency=medium + + * new maintainer team and uploaders (Closes: #976244) + * sudo is now team maintained + * add Uploaders field + * move salsa repo to team-sudo group + * refresh patches + * Adapt README.LDAP to the actual state of sudo-ldap (Closes: #442871) + * add Apport hook. + Thanks to Balint Reczey (Closes: 881671) + + -- Marc Haber <mh+debian-packages@zugschlus.de> Sat, 27 Feb 2021 09:28:03 +0100 + +sudo (1.9.5p2-2) unstable; urgency=medium + + * patch from upstream repo to fix NO_ROOT_MAILER + + -- Bdale Garbee <bdale@gag.com> Fri, 29 Jan 2021 18:12:32 -0700 + +sudo (1.9.5p2-1) unstable; urgency=high + + * new upstream version, addresses CVE-2021-3156 + + -- Bdale Garbee <bdale@gag.com> Tue, 26 Jan 2021 21:20:05 -0700 + +sudo (1.9.5p1-1.1) unstable; urgency=high + + * Non-maintainer upload. + * Heap-based buffer overflow (CVE-2021-3156) + - Reset valid_flags to MODE_NONINTERACTIVE for sudoedit + - Add sudoedit flag checks in plugin that are consistent with front-end + - Fix potential buffer overflow when unescaping backslashes in user_args + - Fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL + - Don't assume that argv is allocated as a single flat buffer + + -- Salvatore Bonaccorso <carnil@debian.org> Wed, 20 Jan 2021 10:11:47 +0100 + +sudo (1.9.5p1-1) unstable; urgency=medium + + * new upstream version, closes: #980028 + + -- Bdale Garbee <bdale@gag.com> Wed, 13 Jan 2021 01:09:19 -0700 + +sudo (1.9.5-1) unstable; urgency=medium + + * new upstream version + + -- Bdale Garbee <bdale@gag.com> Mon, 11 Jan 2021 15:15:48 -0700 + +sudo (1.9.4p2-2) unstable; urgency=medium + + * always use /bin/mv to ensure reproducible builds whether built on a + usrmerge or non-usrmerge system, closes: #976307 + + -- Bdale Garbee <bdale@gag.com> Sun, 03 Jan 2021 09:11:13 -0700 + +sudo (1.9.4p2-1) unstable; urgency=medium + + * new upstream version + + -- Bdale Garbee <bdale@gag.com> Sun, 20 Dec 2020 17:43:54 -0700 + +sudo (1.9.4p1-1) unstable; urgency=medium + + * new upstream version + + -- Bdale Garbee <bdale@gag.com> Thu, 17 Dec 2020 17:35:55 -0700 + +sudo (1.9.4-1) unstable; urgency=medium + + * new upstream version + + -- Bdale Garbee <bdale@gag.com> Tue, 01 Dec 2020 22:10:03 -0500 + +sudo (1.9.3p1-1) unstable; urgency=medium + + * new upstream version + + -- Bdale Garbee <bdale@gag.com> Thu, 24 Sep 2020 11:10:02 -0600 + +sudo (1.9.3-1) unstable; urgency=medium + + * new upstream version + * make the comment match the text in default sudoers, closes: #964922 + * enable zlib, closes: #846077 + + -- Bdale Garbee <bdale@gag.com> Mon, 21 Sep 2020 17:11:30 -0600 + +sudo (1.9.1-2) unstable; urgency=medium + + * change # to @ on includedir in default sudoers to reduce confusion with + a comment, such as in 964922 + + -- Bdale Garbee <bdale@gag.com> Sun, 12 Jul 2020 09:52:08 -0600 + +sudo (1.9.1-1) unstable; urgency=medium + + * new upstream version + + -- Bdale Garbee <bdale@gag.com> Fri, 19 Jun 2020 15:44:09 -0600 + +sudo (1.9.0-1) unstable; urgency=medium + + * new upstream version, closes: #669687, #571621, #734752 + + -- Bdale Garbee <bdale@gag.com> Wed, 13 May 2020 18:34:59 -0600 + +sudo (1.8.31p1-1) unstable; urgency=medium + + * new upstream version + + -- Bdale Garbee <bdale@gag.com> Thu, 19 Mar 2020 15:47:17 -0600 + +sudo (1.8.31-1) unstable; urgency=medium + + * new upstream version + + -- Bdale Garbee <bdale@gag.com> Sat, 01 Feb 2020 23:07:09 -0800 + +sudo (1.8.29-1) unstable; urgency=medium + + * new upstream version + * make --libexecdir use /usr/lib instead of /usr/lib/sudo, closes: #943313 + + -- Bdale Garbee <bdale@gag.com> Mon, 28 Oct 2019 19:27:42 -0600 + +sudo (1.8.28p1-1) unstable; urgency=medium + + * new upstream version + + -- Bdale Garbee <bdale@gag.com> Tue, 22 Oct 2019 16:13:34 -0600 + +sudo (1.8.27-1.1) unstable; urgency=high + + * Non-maintainer upload. + * Treat an ID of -1 as invalid since that means "no change" (CVE-2019-14287) + (Closes: #942322) + * Fix test failure in plugins/sudoers/regress/testsudoers/test5.sh + + -- Salvatore Bonaccorso <carnil@debian.org> Mon, 14 Oct 2019 21:10:58 +0200 + +sudo (1.8.27-1) unstable; urgency=medium + + * new upstream version + + -- Bdale Garbee <bdale@gag.com> Sat, 12 Jan 2019 11:10:05 -0700 + +sudo (1.8.26-2) unstable; urgency=medium + + * patch from upstream to fix man page truncation, closes: #914469 + + -- Bdale Garbee <bdale@gag.com> Fri, 23 Nov 2018 14:59:17 -0700 + +sudo (1.8.26-1) unstable; urgency=medium + + [Bdale Garbee] + * new upstream version + + [Ondřej Nový] + * d/changelog: Remove trailing whitespaces + * d/control: Remove trailing whitespaces + * d/rules: Remove trailing whitespaces + + -- Bdale Garbee <bdale@gag.com> Mon, 19 Nov 2018 00:32:06 -1000 + +sudo (1.8.23-2) unstable; urgency=high + + * fix FTBFS due to earlier sudoers2ldif removal, closes: #903415 + + -- Bdale Garbee <bdale@gag.com> Sat, 21 Jul 2018 11:22:37 -0600 + +sudo (1.8.23-1) unstable; urgency=medium + + * new upstream version + + -- Bdale Garbee <bdale@gag.com> Mon, 30 Apr 2018 20:55:10 -0600 + +sudo (1.8.21p2-3) unstable; urgency=medium + + * include sssd support in the sudo-ldap build too, closes: #884741 + + -- Bdale Garbee <bdale@gag.com> Mon, 18 Dec 2017 21:55:18 -0700 + +sudo (1.8.21p2-2) unstable; urgency=medium + + * work harder to clean up mess left by sudo-ldap using /etc/init.d/sudo + prior to version 1.8.7-1, closes: #877516 + + -- Bdale Garbee <bdale@gag.com> Mon, 02 Oct 2017 13:02:27 -0600 + +sudo (1.8.21p2-1) unstable; urgency=medium + + * new upstream version, closes: #873623, #873600, #874000 + * remove legacy /etc/sudoers.dist we no longer deliver, closes: #873561 + + -- Bdale Garbee <bdale@gag.com> Thu, 07 Sep 2017 10:42:19 -0600 + +sudo (1.8.21-1) unstable; urgency=medium + + [ Bdale Garbee ] + * new upstream version + * don't deliver /etc/sudoers.dist, closes: #862309 + * whitelist DPKG_COLORS env var, closes: #823368 + + [ Laurent Bigonville ] + * debian/sudo*.postinst: Drop /var/run/sudo -> /var/lib/sudo migration code, + this migration happened in 2010 and that code is not necessary anymore + * Move timestamp files to /run/sudo, with systemd the directory is + created/cleaned by tmpfiles.d now, the sudo initscript/service is not + doing anything in that case anymore (Closes: #786555) + * debian/sudo*.postinst: Move the debhelper marker before the creation of + the sudo group, this way the snippets added by debhelper will be executed + even if the group already exists. (Closes: #870456) + + -- Bdale Garbee <bdale@gag.com> Mon, 28 Aug 2017 09:44:06 -0600 + +sudo (1.8.20p2-1) unstable; urgency=medium + + * new upstream version + + -- Bdale Garbee <bdale@gag.com> Thu, 08 Jun 2017 11:57:02 -0600 + +sudo (1.8.20p1-1.1) unstable; urgency=high + + * Non-maintainer upload. + * Use /proc/self consistently on Linux + * CVE-2017-1000368: Arbitrary terminal access (Closes: #863897) + + -- Salvatore Bonaccorso <carnil@debian.org> Mon, 05 Jun 2017 14:19:33 +0200 + +sudo (1.8.20p1-1) unstable; urgency=high + + * New upstream version with fix for CVE-2017-1000367, closes: #863731 + + -- Bdale Garbee <bdale@gag.com> Tue, 30 May 2017 14:41:58 -0600 + +sudo (1.8.20-1) unstable; urgency=medium + + * New upstream version + * patch from Helmut Grohne to fix cross-building issues, closes: #847131 + + Let dh_auto_configure pass --host to configure + + Honour DEB_BUILD_OPTIONS=nocheck + + -- Bdale Garbee <bdale@gag.com> Wed, 10 May 2017 10:25:46 -0600 + +sudo (1.8.19p1-1) unstable; urgency=medium + + * new upstream version + + -- Bdale Garbee <bdale@gag.com> Fri, 13 Jan 2017 11:12:49 -0700 + +sudo (1.8.19-1) unstable; urgency=medium + + * new upstream version + + -- Bdale Garbee <bdale@gag.com> Mon, 19 Dec 2016 13:00:21 -0700 + +sudo (1.8.18p1-2) unstable; urgency=medium + + * merge work done by Balint Reczey in parallel / conflict with my offline work + + -- Bdale Garbee <bdale@gag.com> Thu, 15 Dec 2016 19:08:46 -0700 + +sudo (1.8.18p1-1) unstable; urgency=medium + + * new upstream version + * explicitly depend on lsb-base since we use init-functions + * move to latest debhelper compat level + + -- Bdale Garbee <bdale@gag.com> Thu, 15 Dec 2016 18:10:29 -0700 + +sudo (1.8.17p1-2) unstable; urgency=medium + + * merge 1.8.15-1.1 NMU changes + + -- Bdale Garbee <bdale@gag.com> Tue, 05 Jul 2016 16:01:55 +0200 + +sudo (1.8.17p1-1) unstable; urgency=low + + * new upstream version, closes: #805563 + * build-depend on the new mandoc package so we can rebuild man pages + properly if needed, closes: #809984 + + -- Bdale Garbee <bdale@gag.com> Tue, 05 Jul 2016 16:01:55 +0200 + +sudo (1.8.15-1.1) unstable; urgency=medium + + * Non-maintainer upload + * Disable editing of files via user-controllable symlinks + (Closes: #804149) (CVE-2015-5602) + - Fix directory writability checks for sudoedit + - Enable sudoedit directory writability checks by default + + -- Ben Hutchings <ben@decadent.org.uk> Mon, 04 Jan 2016 23:36:50 +0000 + +sudo (1.8.15-1) unstable; urgency=low + + * new upstream version, closes: #804149 + * use --with-exampledir to deliver example files more cleanly + + -- Bdale Garbee <bdale@gag.com> Wed, 23 Dec 2015 11:15:22 -0700 + +sudo (1.8.12-1) unstable; urgency=low + + * new upstream version, closes: #772707, #773383 + * patch from Christian Kastner to fix sudoers handling error when moving + between sudo and sudo-ldap packages, closes: #776137 + + -- Bdale Garbee <bdale@gag.com> Mon, 23 Feb 2015 08:56:06 -0700 + +sudo (1.8.11p2-1) unstable; urgency=low + + * new upstream version + + -- Bdale Garbee <bdale@gag.com> Thu, 30 Oct 2014 11:14:06 -0700 + +sudo (1.8.11p1-2) unstable; urgency=low + + * patch from Jakub Wilk to fix 'ignoring time stamp from the future' + messages, closes: #762465 + * upstream patch forwarded by Laurent Bigonville that fixes problem with + Linux kernel auditing code, closes: #764817 + + -- Bdale Garbee <bdale@gag.com> Mon, 20 Oct 2014 11:06:44 -0600 + +sudo (1.8.11p1-1) unstable; urgency=low + + * new upstream version, closes: #764286 + * fix typo in German translation, closes: #761601 + + -- Bdale Garbee <bdale@gag.com> Fri, 10 Oct 2014 10:16:08 -0600 + +sudo (1.8.10p3-1) unstable; urgency=low + + * new upstream release + * add hardening=+all to match login and su + * updated VCS URLs and crypto verified watch file, closes: #747473 + * harmonize configure options for LDAP version to match non-LDAP version, + in particular stop using --with-secure-path and add configure_args + * enable audit support on Linux systems, closes: #745779 + * follow upstream change from --with-timedir to --with-rundir + + -- Bdale Garbee <bdale@gag.com> Sun, 14 Sep 2014 10:20:15 -0600 + +sudo (1.8.9p5-1) unstable; urgency=low + + * new upstream release, closes: #735328 + + -- Bdale Garbee <bdale@gag.com> Tue, 04 Feb 2014 11:46:19 -0700 + +sudo (1.8.9p4-1) unstable; urgency=low + + * new upstream release, closes: #732008 + + -- Bdale Garbee <bdale@gag.com> Wed, 15 Jan 2014 14:55:25 -0700 + +sudo (1.8.9p3-1) unstable; urgency=low + + * new upstream release + + -- Bdale Garbee <bdale@gag.com> Mon, 13 Jan 2014 14:49:42 -0700 + +sudo (1.8.9~rc1-1) experimental; urgency=low + + * upstream release candidate + + -- Bdale Garbee <bdale@gag.com> Sun, 29 Dec 2013 21:36:12 -0700 + +sudo (1.8.9~b2-1) experimental; urgency=low + + * upstream beta release + * update Debian standards version + * squelch lintian complaint about missing sudo-ldap systemd service, since + the service file is always called 'sudo.service' + + -- Bdale Garbee <bdale@gag.com> Wed, 25 Dec 2013 14:48:23 -0700 + +sudo (1.8.9~b1-1) experimental; urgency=low + + * upstream beta release + + -- Bdale Garbee <bdale@gag.com> Wed, 27 Nov 2013 09:37:00 -0700 + +sudo (1.8.8-3) unstable; urgency=low + + * document in README.Debian that the sssd support is enabled in the sudo + package, not in the sudo-ldap package, closes: #728289 + + -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 2013 10:33:44 -0600 + +sudo (1.8.8-2) unstable; urgency=low + + * fix touch errors on boot, closes: #725193 + + -- Bdale Garbee <bdale@gag.com> Tue, 08 Oct 2013 20:11:38 -0600 + +sudo (1.8.8-1) unstable; urgency=low + + * new upstream release + + -- Bdale Garbee <bdale@gag.com> Mon, 30 Sep 2013 23:08:49 -0600 + +sudo (1.8.8~rc1-1) experimental; urgency=low + + * upstream release candidate with several of our patches folded in + * set filestamps to epoch instead of an arbitrary old date in the init + fragment, closes: #722335 + + -- Bdale Garbee <bdale@gag.com> Thu, 12 Sep 2013 10:16:58 -0700 + +sudo (1.8.8~b3-1) experimental; urgency=low + + * pre-release of new upstream version, put in experimental + + -- Bdale Garbee <bdale@gag.com> Wed, 04 Sep 2013 07:53:08 -0600 + +sudo (1.8.7-4) unstable; urgency=low + + * looks like we actually need both --with-sssd and --with-sssd-lib, + closes: #719987, #724763 + + -- Bdale Garbee <bdale@gag.com> Fri, 27 Sep 2013 11:48:55 -0600 + +sudo (1.8.7-3) unstable; urgency=low + + * use --with-sssd-lib to help sudo find libsss-sudo in multiarch path, + closes: #719987 + + -- Bdale Garbee <bdale@gag.com> Sat, 17 Aug 2013 15:38:53 +0200 + +sudo (1.8.7-2) unstable; urgency=low + + * let debhelper scripts manage the update-rc.d calls, closes: #719755 + + -- Bdale Garbee <bdale@gag.com> Fri, 16 Aug 2013 01:48:23 +0200 + +sudo (1.8.7-1) unstable; urgency=low + + * new upstream version, closes: #715157, #655879 + * make sudo-ldap package's init.d script be called sudo-ldap + * add sssd support to sudo, closes: #719574 + * recognize lenny, squeeze, and wheezy unmodified sudoers, closes: #660594 + + -- Bdale Garbee <bdale@gag.com> Wed, 14 Aug 2013 00:01:14 +0200 + +sudo (1.8.5p2-1) unstable; urgency=low + + * new upstream version + * patch to use flock on hurd, run autoconf in rules, closes: #655883 + * patch to avoid calling unlink with null pointer on hurd, closes: #655948 + * patch to actually use hardening build flags, closes: #655417 + * fix sudo-ldap.postinst syntax issue, closes: #669576 + + -- Bdale Garbee <bdale@gag.com> Thu, 28 Jun 2012 12:01:37 -0600 + +sudo (1.8.3p2-1) unstable; urgency=high + + * new upstream version, closes: #657985 (CVE-2012-0809) + * patch from Pino Toscano to only use selinux on Linux, closes: #655894 + + -- Bdale Garbee <bdale@gag.com> Mon, 30 Jan 2012 16:11:54 -0700 + +sudo (1.8.3p1-3) unstable; urgency=low + + * patch from Moritz Muehlenhoff enables hardened build flags, closes: #655417 + * replacement postinst script from Mike Beattie using shell instead of Perl + * include systemd service file from Michael Stapelberg, closes: #639633 + * add init.d status support, closes: #641782 + * make sudo-ldap package manage a sudoers entry in nsswitch.conf, + closes: #610600, #639530 + * enable mail_badpass in the default sudoers file, closes: #641218 + * enable selinux support, closes: #655510 + + -- Bdale Garbee <bdale@gag.com> Wed, 11 Jan 2012 16:18:13 -0700 + +sudo (1.8.3p1-2) unstable; urgency=low + + * if upgrading from squeeze, and the sudoers file is unmodified, avoid + the packaging system prompting the user about a change they didn't make + now that sudoers is a conffile, closes: #612532, #636049 + * add a recommendation for the use of visudo to the sudoers.d/README file, + closes: #648104 + + -- Bdale Garbee <bdale@gag.com> Sat, 12 Nov 2011 16:27:13 -0700 + +sudo (1.8.3p1-1) unstable; urgency=low + + * new upstream version, closes: #646478 + + -- Bdale Garbee <bdale@gag.com> Thu, 27 Oct 2011 01:03:44 +0200 + +sudo (1.8.3-1) unstable; urgency=low + + * new upstream version, closes: #639391, #639568 + + -- Bdale Garbee <bdale@gag.com> Sat, 22 Oct 2011 23:49:16 -0600 + +sudo (1.8.2-2) unstable; urgency=low + + [ Luca Capello ] + * debian/rules improvements, closes: #642535 + + mv upstream sample.* files to the examples folder. + - do not call dh_installexamples. + + [ Bdale Garbee ] + * patch from upstream for SIGBUS on sparc64, closes: #640304 + * use common-session-noninteractive in the pam config to reduce log noise + when sudo is used in cron, etc, closes: #519700 + * patch from Steven McDonald to fix segfault on startup under certain + conditions, closes: #639568 + * add a NEWS entry regarding the secure_path change made in 1.8.2-1, + closes: #639336 + + -- Bdale Garbee <bdale@gag.com> Mon, 26 Sep 2011 21:55:56 -0600 + +sudo (1.8.2-1) unstable; urgency=low + + * new upstream version, closes: #637449, #621830 + * include common-session in pam config, closes: #519700, #607199 + * move secure_path from configure to default sudoers, closes: #85123, 85917 + * improve sudoers self-documentation, closes: #613639 + * drop --disable-setresuid since modern systems should not run 2.2 kernels + * lose the --with-devel configure option since it's breaking builds in + subdirectories for some reason + + -- Bdale Garbee <bdale@gag.com> Wed, 24 Aug 2011 13:33:11 -0600 + +sudo (1.7.4p6-1) unstable; urgency=low + + * new upstream version + * touch the right stamp name after configuring, closes: #611287 + * patch from Svante Signell to fix build problem on Hurd, closes: #611290 + + -- Bdale Garbee <bdale@gag.com> Wed, 09 Feb 2011 11:32:58 -0700 + +sudo (1.7.4p4-6) unstable; urgency=low + + * update /etc/sudoers.d/README now that sudoers is a conffile + * patch from upstream to fix special case in password checking code + when only the gid is changing, closes: #609641 + + -- Bdale Garbee <bdale@gag.com> Tue, 11 Jan 2011 10:22:39 -0700 + +sudo (1.7.4p4-5) unstable; urgency=low + + * patch from Jakub Wilk to add noopt and nostrip build option support, + closes: #605580 + * make sudoers a conffile, closes: #605130 + * add descriptions to LSB init headers, closes: #604619 + * change default sudoers %sudo entry to allow gid changes, closes: #602699 + * add Vcs entries to the control file + * use debhelper install files instead of explicit installs in rules + + -- Bdale Garbee <bdale@gag.com> Wed, 01 Dec 2010 20:32:31 -0700 + +sudo (1.7.4p4-4) unstable; urgency=low + + * patch from upstream to resolve problem always prompting for a password + when run without a tty, closes: #599376 + * patch from upstream to resolve interoperability problem between HOME in + env_keep and the -H flag, closes: #596493 + * change path syntax to avoid tar error when /var/run/sudo exists but is + empty, closes: #598877 + + -- Bdale Garbee <bdale@gag.com> Thu, 07 Oct 2010 15:59:06 -0600 + +sudo (1.7.4p4-3) unstable; urgency=low + + * make postinst clause for handling /var/run -> /var/lib transition less + fragile, closes: #585514 + * cope with upstream's Makefile trying to install ChangeLog in our doc + directory, closes: #597389 + * fix README.Debian to reflect that HOME is no longer preserved by default, + closes: #596847 + + -- Bdale Garbee <bdale@gag.com> Tue, 21 Sep 2010 23:53:08 -0600 + +sudo (1.7.4p4-2) unstable; urgency=low + + * add a NEWS item about change in $HOME handling that impacts programs + like pbuilder + + -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600 + +sudo (1.7.4p4-1) unstable; urgency=high + + * new upstream version, urgency high due to fix for flaw in Runas group + matching (CVE-2010-2956), closes: #595935 + * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid + re-lecturing existing users, and to clean up after ourselves on upgrade, + and remove the RAMRUN section from README.Debian since the new state dir + should fix the original problem, closes: #585514 + * deliver README.Debian to both package flavors, closes: #593579 + + -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 12:22:42 -0600 + +sudo (1.7.2p7-1) unstable; urgency=high + + * new upstream release with security fix for secure path (CVE-2010-1646), + closes: #585394 + * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state + about whether to give the lecture is preserved across reboots even when + RAMRUN is set, closes: #581393 + * add a note to README.Debian about LDAP needing an entry in + /etc/nsswitch.conf, closes: #522065 + * add a note to README.Debian about how to turn off lectures if using + RAMRUN in /etc/default/rcS, closes: #581393 + + -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600 + +sudo (1.7.2p6-1) unstable; urgency=low + + * new upstream version fixing CVE-2010-1163, closes: #578275, #570737 + + -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600 + +sudo (1.7.2p5-1) unstable; urgency=low + + * new upstream release, closes a bug filed upstream regarding missing man + page processing scripts in the 1.7.2p1 tarball, also includes the fix + for CVE-2010-0426 previously the subject of a security team nmu + * move to source format 3.0 (quilt) and restructure changes as patches + * fix unprocessed substitution variables in man pages, closes: #557204 + * apply patch from Neil Moore to fix Debian-specific content in the + visudo man page, closes: #555013 + * update descriptions to better explain sudo-ldap, closes: #573108 + * eliminate spurious 'and' in man page, closes: #571620 + * fix confusing text in default sudoers, closes: #566607 + + -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700 + +sudo (1.7.2p1-1) unstable; urgency=low + + * new upstream version + * add support for /etc/sudoers.d using #includedir in default sudoers, + which I think is also a good solution to the request for a crontab-like + API requested in March of 2001, closes: #539994, #271813, #89743 + * move init.d script from using rcS.d to rc[0-6].d, closes: #542924 + + -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600 + +sudo (1.7.2-2) unstable; urgency=low + + * further improve initial sudoers to not include the NOPASSWD option on + the group sudo exception, closes: #539136, #198991 + + -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200 + +sudo (1.7.2-1) unstable; urgency=low + + * new upstream version, closes: #537103 + * improve initial sudoers by having the exemption for users in group + sudo on by default, and including the ability to run any command as + any user. This makes the default install roughly equivalent to our + old use of the --with-exempt=sudo build option, closes: #536220, #536222 + + -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600 + +sudo (1.7.0-1) unstable; urgency=low + + * new upstream version, closes: #510179, #128268, #520274, #508514 + * fix ldap config file path for sudo-ldap package, including creating + a symlink in postinst and cleaning it up in postrm for the sudo-ldap + package, closes: #430826 + * fix NOPASSWD entry location in default config file for the sudo-ldap + instance too, closes: #479616 + + -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600 + +sudo (1.6.9p17-2) unstable; urgency=high + + * patch from upstream to fix privilege escalation with certain + configurations, CVE-2009-0034 + * typo in sudoers man page, closes: #507163 + + -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700 + +sudo (1.6.9p17-1) unstable; urgency=low + + * new upstream version, closes: #481008 + * deliver schemas to doc directory in sudo-ldap package, closes: #474331 + * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost + in move from CVS to git for package management, closes: #475821 + * re-instate the init.d for the sudo-ldap package too... /o\ + + -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600 + +sudo (1.6.9p15-2) unstable; urgency=low + + * revert the fix for 388659 such that visudo once again defaults to using + /usr/bin/editor. I was always ambivalent about this change, it has caused + more confusion and frustration than it cured, and I find Justin's line of + reasoning persuasive. Update the man page source to reflect this choice + and the related use of --with-env-editor. Closes: #474197. + * patch from Petter Reinholdtsen to improve init.d, closes: #475821 + + -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600 + +sudo (1.6.9p15-1) unstable; urgency=low + + * new upstream version, closes: #467126, #473337 + * remove pointless postrm scripts, leaving debhelper do its thing if needed, + thanks to Justin Pryzby for pointing this out + * reinstate the init.d, since bootclean doesn't quite do what we want. This + also means we don't need the preinst scripts any more. Update the lintian + overrides since postinst is a Perl script lintian apparently isn't parsing + well. closes: #330868 + + -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600 + +sudo (1.6.9p12-1) unstable; urgency=low + + * new upstream version, closes: #464890 + + -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900 + +sudo (1.6.9p11-3) unstable; urgency=low + + * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956 + + -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700 + +sudo (1.6.9p11-2) unstable; urgency=low + + * update version compared in preinst when removing obsolete init.d, + closes: #459681 + * implement pam session config suggestions from Elizabeth Fong, + closes: #452457, #402329 + + -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700 + +sudo (1.6.9p11-1) unstable; urgency=low + + * new upstream version + + -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700 + +sudo (1.6.9p10-1) unstable; urgency=low + + * new upstream version + * tweak default password prompt as %u doesn't make sense. Accept patch from + Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and + uses it by default, closes: #454409 + * accept patch from Martin Pitt that adds a prerm making it difficult to + "accidentally" remove sudo when there is no root password set on the + system, closes: #451241 + + -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700 + +sudo (1.6.9p9-1) unstable; urgency=low + + * new upstream version + * debian/rules: configure a more informative default password prompt to + reduce confusion when using sudo to invoke commands which also ask for + passwords, closes: #343268 + * auth/pam.c: don't use the PAM prompt if the user explicitly requested + a custom prompt, closes: #448628. + * fix configure's ability to discover that libc has dirfd, closes: #451324 + * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that + the command 'visudo' invokes a vi variant by default as documented, + closes: #388659 + + -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700 + +sudo (1.6.9p6-1) unstable; urgency=low + + * new upstream version, closes: #442815, #446146, #438699, #435768, #435314 + closes: #434832, #434608, #430382 + * eliminate the now-redundant init.d scripts, closes: #397090 + * fix typo in TROUBLESHOOTING file, closes: #439624 + + -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600 + +sudo (1.6.8p12-6) unstable; urgency=low + + * fix typos in visudo.pod relating to env_editor variable, closes: #418886 + * have init.d touch directories in /var/run/sudo, not just files, as a + followup to #330868. + * fix various typos in sudoers.pod, closes: #419749 + * don't let Makefile strip binaries, closes: #438073 + + -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100 + +sudo (1.6.8p12-5) unstable; urgency=low + + * update debian/copyright to reflect new upstream URL, closes: #368746 + * add sandwich cartoon URL to the README.Debian + * don't remove sudoers on purge. can cause problems when moving between + sudo and sudo-ldap. leaving sudoers around on purge seems like the least + evil choice for now, closes: #401366 + * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH, + closes: #374509 + * accept patch that improves debian/rules from Ted Percival, closes: #382122 + * no longer build with --with-exempt=sudo, provide an example entry in the + default sudoers file instead, closes: #296605 + * add --with-devel to configure and augment build dependencies so that flex + and yacc files get re-generated on every build, closes: #316249 + + -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600 + +sudo (1.6.8p12-4) unstable; urgency=low + + * patch from Petter Reinholdtsen for the LSB info block in the init.d + script, closes: #361055 + * deliver sudoers sample again, closes: #361593 + + -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600 + +sudo (1.6.8p12-3) unstable; urgency=low + + * force-feed configure knowledge of nroff's path so we get unformatted man + pages installed without build-depending on groff-base, closes: #360894 + * add a reference to OPTIONS in the man page, closes: #186226 + + -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700 + +sudo (1.6.8p12-2) unstable; urgency=low + + * fix typos in init scripts, closes: #346325 + * update to debhelper compat level 5 + * build depend on autotools-dev to ensure config.sub/guess are fresh + * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and + use it here as well. Thanks to Martin and the debian-security team. + closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085 + closes: #315115, #315718, #203874 + * Non-maintainer upload by the Security Team + * Reworked the former patch to limit environment variables from being + passed through, set env_reset as default instead [sudo.c, env.c, + sudoers.pod, Bug#342948, CVE-2005-4158] + * env_reset is now set by default + * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM, + DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER + (in addition to the SUDO_* variables) + * Rebuild sudoers.man.in from the POD file + * Added README.Debian + * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431 + * simplify rules file by using more of Makefile, despite having to override + default directories with more arguments to configure, closes: #292833 + * update sudo man page to reflect use of SECURE_PATH, closes: #228551 + * inconsistencies in sudoers man page resolved, closes: #220808, #161012 + * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are + unresolveable (requires adding bison as build dep), closes: #314949 + + -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700 + +sudo (1.6.8p12-1) unstable; urgency=low + + * new upstream version, closes: #342948 (CVE-2005-4158) + * add env_reset to the sudoers file we create if none already exists, + as a further precaution in response to discussion about CVS-2005-4158 + * split ldap support into a new sudo-ldap package. I was trying to avoid + doing this, but the impact of going from 4 to 17 linked shlibs on the + autobuilder chroots is sufficient motivation for me. + closes: #344034 + + -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700 + +sudo (1.6.8p9-4) unstable; urgency=low + + * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231 + * merge patch from Martin Pitt / Ubuntu to be more robust about resetting + timestamps in the init.d script, closes: #330868 + * add dependency header to init.d script, closes: #332849 + + -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800 + +sudo (1.6.8p9-3) unstable; urgency=high + + * update debhelper compatibility level from 2 to 4 + * add man page symlink for sudoedit + * Clean SHELLOPTS and PS4 from the environment before executing programs + with sudo permissions [env.c, CAN-2005-2959] + * fix typo in manpage pointed out by Moray Allen, closes: #285995 + * fix paths in sample complex sudoers file, closes: #303542 + * fix type in sudoers man page, closes: #311244 + + -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600 + +sudo (1.6.8p9-2) unstable; urgency=high + + * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1, + closes: #305735 + + -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400 + +sudo (1.6.8p9-1) unstable; urgency=high + + * new upstream version, fixes a race condition in sudo's pathname + validation, which is a security issue (CAN-2005-1993), + closes: #315115, #315718 + + -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400 + +sudo (1.6.8p7-1) unstable; urgency=low + + * new upstream version, closes: #299585 + * update lintian overrides to squelch the postinst warning + * change sudoedit from a hard to a soft link, closes: #296896 + * fix regex doc in sudoers man page, closes: #300361 + + -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700 + +sudo (1.6.8p5-1) unstable; urgency=high + + * new upstream version + * restores ability to use config tuples without a value, which was causing + problems on upgrade closes: #283306 + * deliver sudoedit, closes: #283078 + * marking urgency high since 283306 is a serious upgrade incompatibility + + -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700 + +sudo (1.6.8p3-2) unstable; urgency=high + + * update pam.d deliverable so ldap works again, closes: #282191 + + -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700 + +sudo (1.6.8p3-1) unstable; urgency=high + + * new upstream version, fixes a flaw in sudo's environment sanitizing that + could allow a malicious user with permission to run a shell script that + utilized the bash shell to run arbitrary commands, closes: #281665 + * patch the sample sudoers to have the proper path for kill on Debian + systems, closes: #263486 + * patch the sudo manpage to reflect Debian's choice of exempt_group + default setting, closes: #236465 + * patch the sudo manpage to reflect Debian's choice of no timeout on the + password prompt, closes: #271194 + + -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700 + +sudo (1.6.7p5-2) unstable; urgency=low + + * Jeff Bailey reports that seteuid works on current sparc systems, so we + no longer need the "grosshack" stuff in the sudo rules file + * add a postrm that removes /etc/sudoers on purge. don't do this with the + normal conffile mechanism since it would generate noise on every upgrade, + closes: #245405 + + -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400 + +sudo (1.6.7p5-1) unstable; urgency=low + + * new upstream version, closes: #190265, #193222, #197244 + * change from '.' to ':' in postinst chown call, closes: #208369 + + -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600 + +sudo (1.6.7p3-2) unstable; urgency=low + + * add --disable-setresuid to configure call since 2.2 kernels don't support + setresgid, closes: #189044 + * cosmetic cleanups to debian/rules as long as I'm there + + -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600 + +sudo (1.6.7p3-1) unstable; urgency=low + + * new upstream version + * add overrides to quiet lintian about things it doesn't understand, + except the source one that can't be overridden until 129510 is fixed + + -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600 + +sudo (1.6.6-3) unstable; urgency=low + + * add code to rules file to update config.sub/guess, closes: #164501 + + -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600 + +sudo (1.6.6-2) unstable; urgency=low + + * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to + configure, and lose the build dependency on mail-transport-agent + * incorporate changes from LaMont's NMU, closes: #144665, #144737 + * update init.d to not try and set time on nonexistent timestamp files, + closes: #132616 + * build with --with-all-insults, admin must edit sudoers to turn insults + on at runtime if desired, closes: #135374 + * stop setting /usr/doc symlink in postinst + + -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600 + +sudo (1.6.6-1.1) unstable; urgency=high + + * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts. + * Revert patch to auth/pam.c that left pass uninitialized, causing a + segfault (Closes: #144665). + + -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600 + +sudo (1.6.6-1) unstable; urgency=high + + * new upstream version, fixes security problem with crafty prompts, + closes: #144540 + + -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600 + +sudo (1.6.5p1-4) unstable; urgency=high + + * apply patch for auth/pam.c to fix yet another way to make sudo segfault + if ctrl/C'ed at password prompt, closes: #131235 + + -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700 + +sudo (1.6.5p1-3) unstable; urgency=high + + * ugly hack to add --disable-saved-ids when building on sparc in response + to 131592, which will be reassigned to glibc for a real fix + * urgency high since the sudo currently in testing for sparc is worthless + + -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700 + +sudo (1.6.5p1-2) unstable; urgency=high + + * patch from upstream to fix seg faults caused by versions of pam that + follow a NULL pointer, closes: #129512 + + -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700 + +sudo (1.6.5p1-1) unstable; urgency=high + + * new upstream version + * add --disable-root-mailer option supported by new version to configure + call in rules file, closes: #129648 + + -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700 + +sudo (1.6.4p1-1) unstable; urgency=high + + * new upstream version, with fix for segfaulting problem in 1.6.4 + + -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700 + +sudo (1.6.4-1) unstable; urgency=high + + * new upstream version, includes an important security fix, closes: #127576 + + -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700 + +sudo (1.6.3p7-5) unstable; urgency=low + + * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872 + * fix spelling error in init.d, closes: #126847 + + -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700 + +sudo (1.6.3p7-4) unstable; urgency=medium + + * use touch to set status files to an ancient date instead of removing them + outright on reboot. this achieves the desired effect of keeping elevated + privs from living across reboots, without forcing everyone to see the + new-sudo-user lecture after every reboot. pick a time that's 'old enough' + for systems with good clocks, and 'recent enough' that broken PC hardware + setting the clock to commonly-seen bogus dates trips over the "don't trust + future timestamps" rule. closes: #76529, #123559 + * apply patch from Steve Langasek to fix seg faults due to interaction with + PAM code. upstream confirms the problem, and says they're fixing this + differently for their next release... but this should be useful in the + meantime, and would be good to get into woody. closes: #119147 + * only run the init.d at boot, not on each runlevel change... and don't run + it during package configure. closes: #125935 + * add DEB_BUILD_OPTIONS support to rules file, closes: #94952 + + -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700 + +sudo (1.6.3p7-3) unstable; urgency=low + + * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not + resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718, + * fix a typo in the manpage, closes: #97368 + * apply patch to configure.in and run autoconf to fix problem building on + the hurd, closes: #96325 + * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed + to not last across reboots, closes: #76529 + * clean up lintian-noticed cosmetic packaging issues + + -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700 + +sudo (1.6.3p7-2) unstable; urgency=low + + * update config.sub/guess for hppa support + + -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600 + +sudo (1.6.3p7-1) unstable; urgency=low + + * new upstream version + * add build dependency on mail-transport-agent, closes: #90685 + + -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600 + +sudo (1.6.3p6-1) unstable; urgency=high + + * new upstream version, fixes buffer overflow problem, + closes: #87259, #87278, #87263 + * revert to using --with-secure-path option at build time, since the option + available in sudoers is parsed too late to be useful, and upstream says + it won't get fixed quickly. This reopens 85123, which I will mark as + forwarded. Closes: #86199, #86117, #85676 + + -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700 + +sudo (1.6.3p5-2) unstable; urgency=low + + * lose the dh_suidregister call since it's obsolete + * stop using the --with-secure-path option at build time, and instead show + how to set it in sudoers. Closes: #85123 + * freshen config.sub and config.guess for ia64 and hppa + * update sudoers man page to indicate exempt_group is on by default, + closes: #70847 + + -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700 + +sudo (1.6.3p5-1) unstable; urgency=low + + * new upstream version, closes: #63940, #59175, #61817, #64652, #65743 + * this version restores core dumps before the exec, while leaving them + disabled during sudo's internal execution, closes: #58289 + * update debhelper calls in rules file + + -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600 + +sudo (1.6.2p2-1) frozen unstable; urgency=medium + + * new upstream source resulting from direct collaboration with the upstream + author to fix ugly pam-related problems on Debian in 1.6.1 and later. + Closes: #56129, #55978, #55979, #56550, #56772 + * include more upstream documentation, closes: #55054 + * pam.d fragment update, closes: #56129 + + -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700 + +sudo (1.6.1-1) unstable; urgency=low + + * new upstream source, closes: #52750 + + -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700 + +sudo (1.6-2) unstable; urgency=low + + * drop suidregister support for this package. The sudo executable is + essentially worthless unless it is setuid root, and making suidregister + work involves shipping a non-setuid executable in the .deb and setting the + perms in the postinst. On a long upgrade run, this can leave the sudo + executable 'broken' for a long time, which is unacceptable. With this + version, we ship the executable setuid root in the .deb. Closes: #51742 + + -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700 + +sudo (1.6-1) unstable; urgency=low + + * new upstream version, many options previously set at compile-time are now + configurable at runtime. + Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639 + * FHS support + + -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700 + +sudo (1.5.9p4-1) unstable; urgency=low + + * new upstream version, closes: #43464 + * empty password handling was fixed in 1.5.8, closes: #31863 + + -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600 + +sudo (1.5.9p1-1) unstable; urgency=low + + * new upstream version + + -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600 + +sudo (1.5.8p1-1) unstable; urgency=medium + + * new upstream version, closes 33690 + * add dependency on libpam-modules, closes 34215, 33432 + + -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700 + +sudo (1.5.7p4-2) unstable; urgency=medium + + * update the pam fragment provided so that sudo works with latest pam bits, + closes 33432 + + -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700 + +sudo (1.5.7p4-1) unstable; urgency=low + + * new upstream release + + -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700 + +sudo (1.5.6p5-1) unstable; urgency=low + + * new upstream patch release + * add PAM support, closes 28594 + + -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700 + +sudo (1.5.6p2-2) unstable; urgency=low + + * update copyright file, closes 24136 + * review and close forwarded bugs believed fixed in this upstream version, + closes 17606, 15786. + + -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600 + +sudo (1.5.6p2-1) unstable; urgency=low + + * new upstream release + + -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600 + +sudo (1.5.4-4) frozen unstable; urgency=low + + * update postinst to use groupadd, closes 21403 + * move the suidregister stuff earlier in postinst to ensure it always runs + + -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600 + +sudo (1.5.4-3) frozen unstable; urgency=low + + * change /etc/sudoers from a conffile to being handled in postinst, + closes 18219 + * add suidmanager support, closes 15711 + * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is + unlikely to ever fix, and which just don't matter. closes 17146 + * fix FSF address in copyright file, and submit exception for lintian + warning about sudo being setuid root + + -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600 + +sudo (1.5.4-2) unstable; urgency=high + + * patch from upstream author correcting/improving security fix + + -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700 + +sudo (1.5.4-1) unstable; urgency=high + + * new upstream version, includes a security fix + * change default editor from /bin/ae to /usr/bin/editor + + -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700 + +sudo (1.5.3-1) unstable; urgency=medium + + * new upstream version, closes bug 15911. + * rules file reworked to use debhelper + * implement a really gross hack to force use of the sudo-provided + lsearch(), since the one in libc6 is broken! This closes bugs + 12552, 12557, 14881, 15259, 15916. + + -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700 + +sudo (1.5.2-6) unstable; urgency=LOW + + * don't install INSTALL in the doc directory, closes bug 13195. + + -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600 + +sudo (1.5.2-5) unstable; urgency=LOW + + * libc6 + + -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600 + +sudo (1.5.2-4) unstable; urgency=LOW + + * change TIMEOUT (how long before you have to type your password again) + to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian + packages on slower machines much more tolerable. Closes bug 9076. + * touch debian/suid before debstd. Closes bug 8709. + + -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600 + +sudo (1.5.2-3) frozen unstable; urgency=LOW + + * patch from upstream maintainer to close Bug 6828 + * add a debian/suid file to get debstd to leave my perl postinst alone + + -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600 + +sudo (1.5.2-2) frozen unstable; urgency=LOW + + * change rules to use -O2 -Wall as per standards + + -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600 + +sudo (1.5.2-1) unstable; urgency=LOW + + * new upstream version + * cosmetic changes to debian package control files + + -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700 + +sudo (1.5-2) unstable; urgency=LOW + + * add /usr/X11R6/bin to the end of the secure path... this makes it + much easier to run xmkmf, etc., during package builds. To the extent + that /usr/local/sbin and /usr/local/bin were already included, I see + no security reasons not to add this. + + -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700 + +sudo (1.5-1) unstable; urgency=LOW + + * New upstream version + * New maintainer + * New packaging format + + -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200 + +Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de> + + sudo (1.4.1-1): + + * hard code SECURE_PATH to: + "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + + * enable ENV_EDITOR + + * enabled EXEMPTGROUP "sudo" + + * moved timestamp dir to /var/log/sudo + + * changed parser to check for long and short filenames (Bug#1162) + +Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de> + + sudo (1.4.2-1): + + * New upstream source + + * Fixed postinst script + (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>) + + * Removed special shadow binary. This version works with and without + shadow password file. + +Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org> + + sudo (1.4.2-2): + + * Corrected editor path to /bin/ae (Bug#3062) + + * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063) + +Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org> + + sudo (1.4.3-1): + + * New upstream version + + * Changed sudoers permission to 440 (owner root, group root) to make + sudo usable via NFS + +Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org> + + sudo (1.4.3-2): + + * Applied upstream patch 1 + +Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org> + + sudo (1.4.3-3): + + * Applied upstream patch 2 + +Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org> + + sudo (1.4.3-4): + + * Applied upstream patch 3 (fixes problems with an NFS-mounted + sudoers file) + + +Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org> + + sudo (1.4.3-5): + + * Corrected postinst to use /usr/bin/perl instead of /bin/perl + [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)] + +Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org> + + sudo (1.4.3-6): + + * Applied upstream patch 4 (fixes several bugs) + + * Changed priority to optional + +Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org> + + sudo (1.4.3-7): + + * Corrected postinst to create correct permission for /etc/sudoers + (Bug#3749) + +Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org> + + sudo (1.4.4-1): + + * New upstream version + + +sudo (1.4.4-2) admin; urgency=HIGH + + * Fixed major security bug reported by Peter Tobias + <tobias@et-inf.fho-emden.de> + * Added dchanges support to debian.rules + +sudo (1.4.5-1) admin; urgency=LOW + + * New upstream version + * Minor changes to debian.rules |