summaryrefslogtreecommitdiffstats
path: root/debian/NEWS
diff options
context:
space:
mode:
Diffstat (limited to 'debian/NEWS')
-rw-r--r--debian/NEWS49
1 files changed, 49 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS
new file mode 100644
index 0000000..f062920
--- /dev/null
+++ b/debian/NEWS
@@ -0,0 +1,49 @@
+sudo (1.9.5p2-3) unstable; urgency=medium
+
+ We have added "Defaults use_pty" to the default configuration. This fixes
+ CVE-2005-4890 which has been lingering around for more then a decade.
+ If you would like the old behavior back, please remove the respective line
+ from /etc/sudoers.
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 24 Feb 2021 17:59:22 +0100
+
+sudo (1.8.2-1) unstable; urgency=low
+
+ The sudo package is no longer configured using --with-secure-path.
+ Instead, the provided sudoers file now contains a line declaring
+ 'Defaults secure_path=' with the same path content that was previously
+ hard-coded in the binary. A consequence of this change is that if you
+ do not have such a definition in sudoers, the PATH searched for commands
+ by sudo may be empty.
+
+ Using explicit paths for each command you want to run with sudo will work
+ well enough to allow the sudoers file to be updated with a suitable entry
+ if one is not already present and you choose to not accept the updated
+ version provided by the package.
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 24 Aug 2011 13:33:11 -0600
+
+sudo (1.7.4p4-2) unstable; urgency=low
+
+ The HOME and MAIL environment variables are now reset based on the
+ target user's password database entry when the env_reset sudoers option
+ is enabled (which is the case in the default configuration). Users
+ wishing to preserve the original values should use a sudoers entry like:
+ Defaults env_keep += HOME
+ to preserve the old value of HOME and
+ Defaults env_keep += MAIL
+ to preserve the old value of MAIL.
+
+ The change in handling of HOME is known to affect programs like pbuilder.
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 08 Sep 2010 14:29:16 -0600
+
+sudo (1.6.8p12-5) unstable; urgency=low
+
+ The sudo package is no longer configured --with-exempt=sudo. If you
+ depend on members of group sudo being able to run sudo without needing
+ a password, you will need to put "%sudo ALL=NOPASSWD: ALL" in
+ /etc/sudoers to preserve equivalent functionality.
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:13:39 -0600
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-05 08:26:12 +0000