* Merge from Debian unstable. Remaining changes:
- debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
shipping init script and service file, as they are no longer
necessary.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due to
security reasons.
- debian/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/control, debian/rules:
+ use dh-autoreconf
* new upstream version
* Merge from Debian unstable.
Remaining changes:
- debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
shipping init script and service file, as they are no longer
necessary.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due to
security reasons.
- debian/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/control, debian/rules:
+ use dh-autoreconf
* Removed patches included in new version:
- debian/patches/CVE-2019-14287.patch
- debian/patches/CVE-2019-14287-2.patch
* new upstream version
* make --libexecdir use /usr/lib instead of /usr/lib/sudo, closes: #943313
* new upstream version
* Non-maintainer upload.
* Treat an ID of -1 as invalid since that means "no change" (CVE-2019-14287)
(Closes: #942322)
* Fix test failure in plugins/sudoers/regress/testsudoers/test5.sh
* SECURITY UPDATE: privilege escalation via UID -1
- debian/patches/CVE-2019-14287.patch: treat an ID of -1 as invalid
in lib/util/strtoid.c.
- debian/patches/CVE-2019-14287-2.patch: fix and add to tests in
lib/util/regress/atofoo/atofoo_test.c,
plugins/sudoers/regress/testsudoers/test5.out.ok,
plugins/sudoers/regress/testsudoers/test5.sh.
- CVE-2019-14287
* No-change upload with strops.h and sys/strops.h removed in glibc.
* Remove d/p/keep_home_by_default.patch (LP: #1556302)
- This restores sudo handling of $HOME to what everyone else does
* Merge from Debian unstable.
Remaining changes:
- debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
shipping init script and service file, as they are no longer
necessary.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due to
security reasons.
- debian/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/control, debian/rules:
+ use dh-autoreconf
- Remaining patches:
+ keep_home_by_default.patch: Keep HOME in the default environment
* new upstream version
* patch from upstream to fix man page truncation, closes: #914469
[Bdale Garbee]
* new upstream version
[Ondřej Nový]
* d/changelog: Remove trailing whitespaces
* d/control: Remove trailing whitespaces
* d/rules: Remove trailing whitespaces
* Merge from Debian unstable.
Remaining changes:
- debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
shipping init script and service file, as they are no longer
necessary.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due to
security reasons.
- debian/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/control, debian/rules:
+ use dh-autoreconf
- Remaining patches:
+ keep_home_by_default.patch: Keep HOME in the default environment
* fix FTBFS due to earlier sudoers2ldif removal, closes: #903415
* new upstream version
* Merge from Debian unstable.
Remaining changes:
- debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
shipping init script and service file, as they are no longer
necessary.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due to
security reasons.
- debian/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/control, debian/rules:
+ use dh-autoreconf
- Remaining patches:
+ keep_home_by_default.patch: Keep HOME in the default environment
* include sssd support in the sudo-ldap build too, closes: #884741
* Merge from Debian unstable. (LP: #1731981)
Remaining changes:
- debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
shipping init script and service file, as they are no longer
necessary.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due to
security reasons.
- debian/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/control, debian/rules:
+ use dh-autoreconf
- Remaining patches:
+ keep_home_by_default.patch: Keep HOME in the default environment
Dropped changes since they are integrated in Debian:
- Use tmpfs location to store timestamp files
+ debian/rules: change --with-rundir to /var/run/sudo
+ debian/*.preinst, debian/*.postinst, debian/*.postrm: remove old
init script with dpkg-maintscript-helper.
Dropped changes since the the transition took place already in every
release the package can be upgraded from:
+ debian/*.postinst: remove old /var/run/sudo to /var/lib/sudo
transition code, remove old /var/lib/sudo/ts timestamp directory.
* Refresh patches
* work harder to clean up mess left by sudo-ldap using /etc/init.d/sudo
prior to version 1.8.7-1, closes: #877516
* new upstream version, closes: #873623, #873600, #874000
* remove legacy /etc/sudoers.dist we no longer deliver, closes: #873561
[ Bdale Garbee ]
* new upstream version
* don't deliver /etc/sudoers.dist, closes: #862309
* whitelist DPKG_COLORS env var, closes: #823368
[ Laurent Bigonville ]
* debian/sudo*.postinst: Drop /var/run/sudo -> /var/lib/sudo migration code,
this migration happened in 2010 and that code is not necessary anymore
* Move timestamp files to /run/sudo, with systemd the directory is
created/cleaned by tmpfiles.d now, the sudo initscript/service is not
doing anything in that case anymore (Closes: #786555)
* debian/sudo*.postinst: Move the debhelper marker before the creation of
the sudo group, this way the snippets added by debhelper will be executed
even if the group already exists. (Closes: #870456)
* Merge from Debian unstable. (LP: #1697587)
Remaining changes:
- Use tmpfs location to store timestamp files
+ debian/rules: change --with-rundir to /var/run/sudo
+ debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
shipping init script and service file, as they are no longer
necessary.
+ debian/*.preinst, debian/*.postinst, debian/*.postrm: remove old
init script with dpkg-maintscript-helper.
+ debian/*.postinst: remove old /var/run/sudo to /var/lib/sudo
transition code, remove old /var/lib/sudo/ts timestamp directory.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due to
security reasons.
- debian/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/control, debian/rules:
+ use dh-autoreconf
- Remaining patches:
+ keep_home_by_default.patch: Keep HOME in the default environment
- Dropped patches no longer needed:
+ CVE-2017-1000367.patch
* new upstream version
* Non-maintainer upload.
* Use /proc/self consistently on Linux
* CVE-2017-1000368: Arbitrary terminal access (Closes: #863897)
* New upstream version with fix for CVE-2017-1000367, closes: #863731
* New upstream version
* patch from Helmut Grohne to fix cross-building issues, closes: #847131
+ Let dh_auto_configure pass --host to configure
+ Honour DEB_BUILD_OPTIONS=nocheck
* SECURITY UPDATE: /proc/self/stat parsing confusion
- debian/patches/CVE-2017-1000367.patch: adjust parsing to
find ttyname
- CVE-2017-1000367
* Merge from Debian unstable. (LP: #1607666)
Remaining changes:
- Use tmpfs location to store timestamp files
+ debian/rules: change --with-rundir to /var/run/sudo
+ debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
shipping init script and service file, as they are no longer
necessary.
+ debian/*.preinst, debian/*.postinst, debian/*.postrm: remove old
init script with dpkg-maintscript-helper.
+ debian/*.postinst: remove old /var/run/sudo to /var/lib/sudo
transition code, remove old /var/lib/sudo/ts timestamp directory.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due to
security reasons.
- debian/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/control, debian/rules:
+ use dh-autoreconf
- Remaining patches:
+ keep_home_by_default.patch: Keep HOME in the default environment
- Dropped patches no longer needed:
+ debian/patches/lp1565567.patch: upstream.
+ debian/patches/also_check_sudo_group.diff: upstream.
* new upstream version
* new upstream version
* merge work done by Balint Reczey in parallel / conflict with my offline work
* new upstream version
* explicitly depend on lsb-base since we use init-functions
* move to latest debhelper compat level
* merge 1.8.15-1.1 NMU changes
* new upstream version, closes: #805563
* build-depend on the new mandoc package so we can rebuild man pages
properly if needed, closes: #809984
* debian/sudoers:
- include /snap/bin in the secure_path (LP: #1595558)
* debian/patches/lp1565567.patch: fix crash when looking up a negative
cached entry which is stored as a NULL passwd or group struct pointer
in plugins/sudoers/pwutil.c. (LP: #1565567)
* Update to new upstream version 1.8.16. (LP: #1563825)
- Dropped patches no longer needed:
+ CVE-2015-5602-6.patch
+ CVE-2015-5602-7.patch
* Merge from Debian unstable. Remaining changes:
- Use tmpfs location to store timestamp files
+ debian/rules: change --with-rundir to /var/run/sudo
+ debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
shipping init script and service file, as they are no longer
necessary.
+ debian/*.preinst, debian/*.postinst, debian/*.postrm: remove old
init script with dpkg-maintscript-helper.
+ debian/*.postinst: remove old /var/run/sudo to /var/lib/sudo
transition code, remove old /var/lib/sudo/ts timestamp directory.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/sudoers:
+ also grant admin group sudo access
- debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due to
security reasons.
- debian/control:
+ dh-autoreconf dependency fixes missing-build-dependency-for-dh_-command
- Remaining patches:
+ keep_home_by_default.patch: Keep HOME in the default environment
+ debian/patches/also_check_sudo_group.diff: also check the sudo group
in plugins/sudoers/sudoers.c to create the admin flag file. Leave the
admin group check for backwards compatibility.
- Dropped patches no longer needed:
+ debian/patches/pam_check_untranslated_prompt.patch: upstream.
* Non-maintainer upload
* Disable editing of files via user-controllable symlinks
(Closes: #804149) (CVE-2015-5602)
- Fix directory writability checks for sudoedit
- Enable sudoedit directory writability checks by default
* new upstream version, closes: #804149
* use --with-exampledir to deliver example files more cleanly
* debian/patches/pam_check_untranslated_prompt.patch: also check the un-
translated version of the prompt when checking if the PAM prompt matches
"Password:". Patch from Joel Pelaez Jorge. (LP: #1414303)
* Use tmpfs location to store timestamp files (LP: #1458031)
- debian/rules: change --with-rundir to /var/run/sudo
- debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop
shipping init script and service file, as they are no longer
necessary.
- debian/*.preinst, debian/*.postinst, debian/*.postrm: remove old init
script with dpkg-maintscript-helper.
- debian/*.postinst: remove old /var/run/sudo to /var/lib/sudo
transition code, remove old /var/lib/sudo/ts timestamp directory.
* Merge from Debian unstable. (LP: #1451274, LP: #1219337)
Remaining changes:
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/sudoers:
+ also grant admin group sudo access
- debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due to
security reasons.
- debian/control:
+ dh-autoreconf dependency fixes missing-build-dependency-for-dh_-command
- Remaining patches:
+ keep_home_by_default.patch: Keep HOME in the default environment
+ debian/patches/also_check_sudo_group.diff: also check the sudo group
in plugins/sudoers/sudoers.c to create the admin flag file. Leave the
admin group check for backwards compatibility.
* Dropped patches no longer needed:
+ add_probe_interfaces_setting.diff
+ actually-use-buildflags.diff
+ CVE-2014-9680.patch
* new upstream version, closes: #772707, #773383
* patch from Christian Kastner to fix sudoers handling error when moving
between sudo and sudo-ldap packages, closes: #776137
* new upstream version
* patch from Jakub Wilk to fix 'ignoring time stamp from the future'
messages, closes: #762465
* upstream patch forwarded by Laurent Bigonville that fixes problem with
Linux kernel auditing code, closes: #764817
* new upstream version, closes: #764286
* fix typo in German translation, closes: #761601
* new upstream release
* add hardening=+all to match login and su
* updated VCS URLs and crypto verified watch file, closes: #747473
* harmonize configure options for LDAP version to match non-LDAP version,
in particular stop using --with-secure-path and add configure_args
* enable audit support on Linux systems, closes: #745779
* follow upstream change from --with-timedir to --with-rundir
* SECURITY UPDATE: arbitrary file access via TZ
- debian/patches/CVE-2014-9680.patch: sanity check TZ env variable in
configure, configure.ac, doc/sudoers.cat, doc/sudoers.man.in,
doc/sudoers.mdoc.in, m4/sudo.m4, pathnames.h.in,
plugins/sudoers/env.c.
- CVE-2014-9680
* Correct sudo.pam use "session" for pam_env.so, not "auth". (LP:
#155794, LP: #25700)
* debian/patches/also_check_sudo_group.diff: also check the sudo group
in plugins/sudoers/sudoers.c to create the admin flag file. Leave the
admin group check for backwards compatibility. (LP: #1387347)
* debian/sudo_root.8: mention sudo group instead of deprecated group
admin (LP: #1130643)
* Merge from Debian unstable. Remaining changes:
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/sudoers:
+ also grant admin group sudo access
- debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due to
security reasons.
- debian/control:
+ dh-autoreconf dependency fixes missing-build-dependency-for-dh_-command
- Remaining patches:
+ keep_home_by_default.patch: Keep HOME in the default environment
+ actually-use-buildflags: Pass LDFLAGS everywhere
+ add_probe_interfaces_setting.diff: option to disable network inf probe
* add_probe_interfaces_setting.diff: fix to not modify NEWS file.
* new upstream release, closes: #735328
* new upstream release, closes: #732008
* new upstream release
* upstream release candidate
* upstream beta release
* update Debian standards version
* squelch lintian complaint about missing sudo-ldap systemd service, since
the service file is always called 'sudo.service'
* upstream beta release
* document in README.Debian that the sssd support is enabled in the sudo
package, not in the sudo-ldap package, closes: #728289
* Build using dh-autoreconf.
* Merge from Debian unstable. Remaining changes:
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/sudoers:
+ also grant admin group sudo access
- debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due to
security reasons.
- Remaining patches:
+ keep_home_by_default.patch: Keep HOME in the default environment
+ actually-use-buildflags: Pass LDFLAGS everywhere
* fix touch errors on boot, closes: #725193
* new upstream release
* upstream release candidate with several of our patches folded in
* set filestamps to epoch instead of an arbitrary old date in the init
fragment, closes: #722335
* pre-release of new upstream version, put in experimental
* looks like we actually need both --with-sssd and --with-sssd-lib,
closes: #719987, #724763
* use --with-sssd-lib to help sudo find libsss-sudo in multiarch path,
closes: #719987
* let debhelper scripts manage the update-rc.d calls, closes: #719755
* new upstream version, closes: #715157, #655879
* make sudo-ldap package's init.d script be called sudo-ldap
* add sssd support to sudo, closes: #719574
* recognize lenny, squeeze, and wheezy unmodified sudoers, closes: #660594
* SECURITY UPDATE: authentication bypass via clock set to epoch
- debian/patches/CVE-2013-1775.patch: ignore time stamp file if it is
set to epoch in plugins/sudoers/check.c.
- CVE-2013-1775
* The latest sssd upload dropped the soname from libsss_sudo.so, so we
can now drop our sudo delta and just use libsss_sudo.so directly.
* New upstream release (1.8.6p3).
* Add patch to fix building with sssd when ldap is disabled.
* Drop sudo.manpages and sudo-ldap.manpages as the upstream build system
now does the right thing here.
* Build the main sudo package with support for sssd, this doesn't add any
additional build time or runtime dependency. sudo will dynamically load
the sssd library if 'sss' is listed for the 'sudoers' nss service.
* Merge from debian/testing (LP: #1024154), remaining changes:
- debian/patches/keep_home_by_default.patch:
+ Set HOME in initial_keepenv_table.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets (Ubuntu specific)
+ install man/man8/sudo_root.8 in both flavours (Ubuntu specific)
+ install apport hooks
+ The ubuntu-sudo-as-admin-successful.patch was taken upstream by
Debian however it requires a --enable-admin-flag configure flag to
actually enable it in both flavours.
- debian/control:
+ Mark Debian Vcs-* as XS-Debian-Vcs-*
+ update debian/control
- debian/sudoers:
+ grant admin group sudo access
- debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due to
security reasons.
* Dropped changes:
- debian/patches/lp927828-fix-abort-in-pam-modules-when-timestamp-valid.patch
+ Fixed upstream in 1.8.5
- debian/patches/CVE-2012-2337.patch:
+ Fixed upstream in 1.8.4p5
- debian/patches/pam_env_merge.patch:
+ Feature released upstream in 1.8.5
- debian/{sudo,sudo-ldap}.{preinst,postinst,postrm}:
+ Drop Ubuntu-specific sudoers file migration code because the only
upgrade path to quantal is from precise. All necessary sudoers file
migration will have already been done by the time this version of the
sudo package is installed.
* new upstream version
* patch to use flock on hurd, run autoconf in rules, closes: #655883
* patch to avoid calling unlink with null pointer on hurd, closes: #655948
* patch to actually use hardening build flags, closes: #655417
* fix sudo-ldap.postinst syntax issue, closes: #669576
* debian/patches/pam_env_merge.patch: Merge the PAM environment into the
user environment (LP: #982684)
* debian/sudo.pam: Use pam_env to read /etc/environment and
/etc/default/locale environment files. Reading ~/.pam_environment is not
permitted due to security reasons.
* Merge from debian/testing, remaining changes:
- debian/patches/keep_home_by_default.patch:
+ Set HOME in initial_keepenv_table. (rebased for 1.8.3p1)
- debian/patches/lp927828-fix-abort-in-pam-modules-when-timestamp-valid.patch
+ Fix Abort in some PAM modules when timestamp is valid. (LP: #927828)
- debian/patches/CVE-2012-2337.patch: Don't perform IPv6 checks on IPv4
addresses. Based on upstream patch.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets (Ubuntu specific)
+ install man/man8/sudo_root.8 in both flavours (Ubuntu specific)
+ install apport hooks
+ The ubuntu-sudo-as-admin-successful.patch was taken upstream by
Debian however it requires a --enable-admin-flag configure flag to
actually enable it in both flavours.
- debian/control:
+ Mark Debian Vcs-* as XS-Debian-Vcs-*
+ update debian/control
- debian/sudoers:
+ grant admin group sudo access
- debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.preinst:
+ avoid conffile prompt by checking for known default /etc/sudoers
and if found installing the correct default /etc/sudoers file.
Modified for updated default sudoers. Aproach taken is different
from Debian. Maybe this should now be dropped, since an LTS was
released.
* Dropped changes:
- debian/patches/CVE-2012-0809.patch:
+ dropped, included in this new upstream release.
- debian/patches/enable_badpass.patch:
+ dropped as Debian chose to set this by default in the sudoers.
* new upstream version, closes: #657985 (CVE-2012-0809)
* patch from Pino Toscano to only use selinux on Linux, closes: #655894
* patch from Moritz Muehlenhoff enables hardened build flags, closes: #655417
* replacement postinst script from Mike Beattie using shell instead of Perl
* include systemd service file from Michael Stapelberg, closes: #639633
* add init.d status support, closes: #641782
* make sudo-ldap package manage a sudoers entry in nsswitch.conf,
closes: #610600, #639530
* enable mail_badpass in the default sudoers file, closes: #641218
* enable selinux support, closes: #655510
* if upgrading from squeeze, and the sudoers file is unmodified, avoid
the packaging system prompting the user about a change they didn't make
now that sudoers is a conffile, closes: #612532, #636049
* add a recommendation for the use of visudo to the sudoers.d/README file,
closes: #648104
* SECURITY UPDATE: Properly handle netmasks in sudoers Host and Host_List
values (LP: #1000276)
- debian/patches/CVE-2012-2337.patch: Don't perform IPv6 checks on IPv4
addresses. Based on upstream patch.
- CVE-2012-2337
* Fix Abort in some PAM modules when timestamp is valid. (LP: #927828)
* SECURITY UPDATE: permissions bypass via format string
- debian/patches/CVE-2012-0809.patch: fix format string vulnerability
in src/sudo.c.
- CVE-2012-0809
* debian/sudo.preinst:
- updated to avoid conffile prompt by migrating to the new sudoers file
changes in Precise. (LP: #894410)
* Merge from debian/testing, remaining changes:
- debian/patches/keep_home_by_default.patch:
+ Set HOME in initial_keepenv_table. (rebased for 1.8.3p1)
- debian/patches/enable_badpass.patch: turn on "mail_badpass" by default:
+ attempting sudo without knowing a login password is as bad as not
being listed in the sudoers file, especially if getting the password
wrong means doing the access-check-email-notification never happens
(rebased for 1.8.3p1)
- debian/rules:
+ compile with --without-lecture --with-tty-tickets (Ubuntu specific)
+ install man/man8/sudo_root.8 (Ubuntu specific)
+ install apport hooks
+ The ubuntu-sudo-as-admin-successful.patch was taken upstream by
Debian however it requires a --enable-admin-flag configure flag to
actually enable it.
- debian/sudoers:
+ grant admin group sudo access
- debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.preinst:
+ avoid conffile prompt by checking for known default /etc/sudoers
and if found installing the correct default /etc/sudoers file
* new upstream version, closes: #646478
* new upstream version, closes: #639391, #639568
[ Luca Capello ]
* debian/rules improvements, closes: #642535
+ mv upstream sample.* files to the examples folder.
- do not call dh_installexamples.
[ Bdale Garbee ]
* patch from upstream for SIGBUS on sparc64, closes: #640304
* use common-session-noninteractive in the pam config to reduce log noise
when sudo is used in cron, etc, closes: #519700
* patch from Steven McDonald to fix segfault on startup under certain
conditions, closes: #639568
* add a NEWS entry regarding the secure_path change made in 1.8.2-1,
closes: #639336
* new upstream version, closes: #637449, #621830
* include common-session in pam config, closes: #519700, #607199
* move secure_path from configure to default sudoers, closes: #85123, 85917
* improve sudoers self-documentation, closes: #613639
* drop --disable-setresuid since modern systems should not run 2.2 kernels
* lose the --with-devel configure option since it's breaking builds in
subdirectories for some reason
* debian/patches/enable_badpass.patch: turn on "mail_badpass" by default:
- attempting sudo without knowing a login password is as bad as not
being listed in the sudoers file, especially if getting the password
wrong means doing the access-check-email-notification never happens
(Closes: 641218).
* Merge from debian/unstable, remaining changes:
- debian/patches/keep_home_by_default.patch:
+ Set HOME in initial_keepenv_table.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets (Ubuntu specific)
+ install man/man8/sudo_root.8 (Ubuntu specific)
+ install apport hooks
- debian/sudoers:
+ grant admin group sudo access
- debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
* drop debian/patches/CVE-2011-0010.patch, applied upstream now
* new upstream version
* touch the right stamp name after configuring, closes: #611287
* patch from Svante Signell to fix build problem on Hurd, closes: #611290
* update /etc/sudoers.d/README now that sudoers is a conffile
* patch from upstream to fix special case in password checking code
when only the gid is changing, closes: #609641
* debian/sudo.preinst:
- if well-known ec2 vmbuilder file is found, write a file in
sudoers.d for the 'ubuntu' user (LP: #768625)
* debian/sudo.preinst:
- do not consider the ec2 vmbuilder default sudoers file
verbatim as its actually customized (LP: #761689)
* debian/patches/keep_home_by_default.patch: Set HOME in
initial_keepenv_table. LP: #760140
* debian/sudo.preinst:
- avoid conffile prompt by checking for known default /etc/sudoers
and if found installing the correct default /etc/sudoers file
(LP: #690873)
* debian/rules: The ubuntu-sudo-as-admin-successful.patch was taken
upstream by Debian however it requires a --enable-admin-flag configure
flag to actually enable it.
(LP: #706045)
* SECURITY UPDATE: privilege escalation via -g when using group Runas_List
- debian/patches/CVE-2011-0010.patch: prompt for password when the user is
running sudo as himself but as a different group
- CVE-2011-0010
* debian/sudoers: temporarily workaround LP #690873 by adding %admin
into the default sudoers file in case people just say "yes" to the
dpkg conffile prompt.
* Merge from debian unstable (LP: #689025), remaining changes:
- debian/rules:
+ compile with --without-lecture --with-tty-tickets (Ubuntu specific)
+ install man/man8/sudo_root.8 (Ubuntu specific)
+ install apport hooks
- debian/sudo-ldap.dirs, debian/sudo.dirs: add
usr/share/apport/package-hooks
* This upload also fixes: LP: #609645
* patch from Jakub Wilk to add noopt and nostrip build option support,
closes: #605580
* make sudoers a conffile, closes: #605130
* add descriptions to LSB init headers, closes: #604619
* change default sudoers %sudo entry to allow gid changes, closes: #602699
* add Vcs entries to the control file
* use debhelper install files instead of explicit installs in rules
* patch from upstream to resolve problem always prompting for a password
when run without a tty, closes: #599376
* patch from upstream to resolve interoperability problem between HOME in
env_keep and the -H flag, closes: #596493
* change path syntax to avoid tar error when /var/run/sudo exists but is
empty, closes: #598877
* make postinst clause for handling /var/run -> /var/lib transition less
fragile, closes: #585514
* cope with upstream's Makefile trying to install ChangeLog in our doc
directory, closes: #597389
* fix README.Debian to reflect that HOME is no longer preserved by default,
closes: #596847
* add a NEWS item about change in $HOME handling that impacts programs
like pbuilder
* new upstream version, urgency high due to fix for flaw in Runas group
matching (CVE-2010-2956), closes: #595935
* handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
re-lecturing existing users, and to clean up after ourselves on upgrade,
and remove the RAMRUN section from README.Debian since the new state dir
should fix the original problem, closes: #585514
* deliver README.Debian to both package flavors, closes: #593579
* No-change upload to drop sizable upstream changelog.
* SECURITY UPDATE: privilege escalation via '-g' option when using
'user:group' in Runas_Spec
- debian/patches/CVE-2010-2956.patch: update match.c to verify both user
and group match sudoers when using '-g'
- CVE-2010-2956
* Merge from debian unstable. Remaining changes:
- debian/rules:
- compile with --without-lecture --with-tty-tickets (Ubuntu specific)
- install man/man8/sudo_root.8 (Ubuntu specific)
- install apport hooks
- debian/sudo-ldap.dirs, debian/sudo.dirs: add
usr/share/apport/package-hooks
- debian/patches/ubuntu-sudo-as-admin-successful.patch: adjust sudo.c so
that if the user successfully authenticated and he is in the 'admin'
group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
profile checks for this and displays a short intro about sudo if the flag
is not present
* Dropped the following, now included upstream:
- fix for CVE-2010-1163
- fix for CVE-2010-0426
- debian/sudo.postinst, debian/sudo-ldap.postinst: update description to
match behavior in sudoers file
- don't install init script. Debian moved to /var/lib/sudo from
/var/run/sudo, so Ubuntu's tmpfs usage won't clean those out
automatically any more, so we now need the initscript.
* new upstream release with security fix for secure path (CVE-2010-1646),
closes: #585394
* move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
about whether to give the lecture is preserved across reboots even when
RAMRUN is set, closes: #581393
* add a note to README.Debian about LDAP needing an entry in
/etc/nsswitch.conf, closes: #522065
* add a note to README.Debian about how to turn off lectures if using
RAMRUN in /etc/default/rcS, closes: #581393
* new upstream version fixing CVE-2010-1163, closes: #578275, #570737
* new upstream release, closes a bug filed upstream regarding missing man
page processing scripts in the 1.7.2p1 tarball, also includes the fix
for CVE-2010-0426 previously the subject of a security team nmu
* move to source format 3.0 (quilt) and restructure changes as patches
* fix unprocessed substitution variables in man pages, closes: #557204
* apply patch from Neil Moore to fix Debian-specific content in the
visudo man page, closes: #555013
* update descriptions to better explain sudo-ldap, closes: #573108
* eliminate spurious 'and' in man page, closes: #571620
* fix confusing text in default sudoers, closes: #566607
* SECURITY UPDATE: properly verify path in find_path.c for the 'sudoedit'
pseudo-command when running from the current working directory and
secure_path is disabled
- CVE-2010-XXXX
* env.c: Revert addition of "http_proxy" again. This was an Ubuntu specific
EBW hack, caused inconsistencies with other proxy variables (such as
https_proxy and ftp_proxy), made sudo incompatible to upstream
behaviour/documentation. This is solved in a much better way in apt itself
and gnome-network-properties now. (LP: #432631)
* debian/sudo.postinst, debian/sudo-ldap.postinst: update description to
match behaviour in sudoers file. (LP: #534090)
* SECURITY UPDATE: properly verify path for the 'sudoedit' pseudo-command
in match.c
- http://sudo.ws/repos/sudo/rev/88f3181692fe
- CVE-2010-0426
* Merge from debian testing. Remaining changes:
- debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu
specific)
- Add debian/sudo_root.8: Explanation of root handling through sudo.
Install it in debian/rules. (Ubuntu specific)
- sudo.c: If the user successfully authenticated and he is in the 'admin'
group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
profile checks for this and displays a short intro about sudo if the
flag is not present. (Ubuntu specific)
- env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept
for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at
some point)
- debian/{rules,postinst,sudo-ldap.postinst}: Disable init script
installation. Debian reintroduced it because /var/run tmpfs is not the
default there, but has been on Ubuntu for ages.
- debian/{source_sudo.py,rules,sudo-ldap.dirs,sudo.dirs}: Add apport hook
* new upstream version
* add support for /etc/sudoers.d using #includedir in default sudoers,
which I think is also a good solution to the request for a crontab-like
API requested in March of 2001, closes: #539994, #271813, #89743
* move init.d script from using rcS.d to rc[0-6].d, closes: #542924
* further improve initial sudoers to not include the NOPASSWD option on
the group sudo exception, closes: #539136, #198991
* new upstream version, closes: #537103
* improve initial sudoers by having the exemption for users in group
sudo on by default, and including the ability to run any command as
any user. This makes the default install roughly equivalent to our
old use of the --with-exempt=sudo build option, closes: #536220, #536222
* debian/{source_sudo.py,rules}: Add apport hook
* env.c: add logic similar to pam_env's stripping of single and double
quotes around /etc/environment env vars; fixes literal quotes in LANG when
using sudo -i; LP: #387262.
* Merge from debian unstable, remaining changes:
- debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu
specific)
- Add debian/sudo_root.8: Explanation of root handling through sudo.
Install it in debian/rules. (Ubuntu specific)
- sudo.c: If the user successfully authenticated and he is in the 'admin'
group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
profile checks for this and displays a short intro about sudo if the
flag is not present. (Ubuntu specific)
- env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept
for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at
some point)
- debian/{rules,postinst,sudo-ldap.postinst}: Disable init script
installation. Debian reintroduced it because /var/run tmpfs is not the
default there, but has been on Ubuntu for ages.
* new upstream version, closes: #510179, #128268, #520274, #508514
* fix ldap config file path for sudo-ldap package, including creating
a symlink in postinst and cleaning it up in postrm for the sudo-ldap
package, closes: #430826
* fix NOPASSWD entry location in default config file for the sudo-ldap
instance too, closes: #479616
* patch from upstream to fix privilege escalation with certain
configurations, CVE-2009-0034
* typo in sudoers man page, closes: #507163
* new upstream version, closes: #481008
* deliver schemas to doc directory in sudo-ldap package, closes: #474331
* re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
in move from CVS to git for package management, closes: #475821
* re-instate the init.d for the sudo-ldap package too... /o\
* revert the fix for 388659 such that visudo once again defaults to using
/usr/bin/editor. I was always ambivalent about this change, it has caused
more confusion and frustration than it cured, and I find Justin's line of
reasoning persuasive. Update the man page source to reflect this choice
and the related use of --with-env-editor. Closes: #474197.
* patch from Petter Reinholdtsen to improve init.d, closes: #475821
* new upstream version, closes: #467126, #473337
* remove pointless postrm scripts, leaving debhelper do its thing if needed,
thanks to Justin Pryzby for pointing this out
* reinstate the init.d, since bootclean doesn't quite do what we want. This
also means we don't need the preinst scripts any more. Update the lintian
overrides since postinst is a Perl script lintian apparently isn't parsing
well. closes: #330868
* new upstream version, closes: #464890
* patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
* update version compared in preinst when removing obsolete init.d,
closes: #459681
* implement pam session config suggestions from Elizabeth Fong,
closes: #452457, #402329
* new upstream version
* new upstream version
* tweak default password prompt as %u doesn't make sense. Accept patch from
Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
uses it by default, closes: #454409
* accept patch from Martin Pitt that adds a prerm making it difficult to
"accidentally" remove sudo when there is no root password set on the
system, closes: #451241
* new upstream version
* debian/rules: configure a more informative default password prompt to
reduce confusion when using sudo to invoke commands which also ask for
passwords, closes: #343268
* auth/pam.c: don't use the PAM prompt if the user explicitly requested
a custom prompt, closes: #448628.
* fix configure's ability to discover that libc has dirfd, closes: #451324
* make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
the command 'visudo' invokes a vi variant by default as documented,
closes: #388659
* new upstream version, closes: #442815, #446146, #438699, #435768, #435314
closes: #434832, #434608, #430382
* eliminate the now-redundant init.d scripts, closes: #397090
* fix typo in TROUBLESHOOTING file, closes: #439624
* fix typos in visudo.pod relating to env_editor variable, closes: #418886
* have init.d touch directories in /var/run/sudo, not just files, as a
followup to #330868.
* fix various typos in sudoers.pod, closes: #419749
* don't let Makefile strip binaries, closes: #438073
* update debian/copyright to reflect new upstream URL, closes: #368746
* add sandwich cartoon URL to the README.Debian
* don't remove sudoers on purge. can cause problems when moving between
sudo and sudo-ldap. leaving sudoers around on purge seems like the least
evil choice for now, closes: #401366
* also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
closes: #374509
* accept patch that improves debian/rules from Ted Percival, closes: #382122
* no longer build with --with-exempt=sudo, provide an example entry in the
default sudoers file instead, closes: #296605
* add --with-devel to configure and augment build dependencies so that flex
and yacc files get re-generated on every build, closes: #316249
* patch from Petter Reinholdtsen for the LSB info block in the init.d
script, closes: #361055
* deliver sudoers sample again, closes: #361593
* force-feed configure knowledge of nroff's path so we get unformatted man
pages installed without build-depending on groff-base, closes: #360894
* add a reference to OPTIONS in the man page, closes: #186226
* fix typos in init scripts, closes: #346325
* update to debhelper compat level 5
* build depend on autotools-dev to ensure config.sub/guess are fresh
* accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
use it here as well. Thanks to Martin and the debian-security team.
closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
closes: #315115, #315718, #203874
* Non-maintainer upload by the Security Team
* Reworked the former patch to limit environment variables from being
passed through, set env_reset as default instead [sudo.c, env.c,
sudoers.pod, Bug#342948, CVE-2005-4158]
* env_reset is now set by default
* env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
(in addition to the SUDO_* variables)
* Rebuild sudoers.man.in from the POD file
* Added README.Debian
* patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
* simplify rules file by using more of Makefile, despite having to override
default directories with more arguments to configure, closes: #292833
* update sudo man page to reflect use of SECURE_PATH, closes: #228551
* inconsistencies in sudoers man page resolved, closes: #220808, #161012
* patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
unresolveable (requires adding bison as build dep), closes: #314949
* new upstream version, closes: #342948 (CVE-2005-4158)
* add env_reset to the sudoers file we create if none already exists,
as a further precaution in response to discussion about CVS-2005-4158
* split ldap support into a new sudo-ldap package. I was trying to avoid
doing this, but the impact of going from 4 to 17 linked shlibs on the
autobuilder chroots is sufficient motivation for me.
closes: #344034
* enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
* merge patch from Martin Pitt / Ubuntu to be more robust about resetting
timestamps in the init.d script, closes: #330868
* add dependency header to init.d script, closes: #332849
* update debhelper compatibility level from 2 to 4
* add man page symlink for sudoedit
* Clean SHELLOPTS and PS4 from the environment before executing programs
with sudo permissions [env.c, CAN-2005-2959]
* fix typo in manpage pointed out by Moray Allen, closes: #285995
* fix paths in sample complex sudoers file, closes: #303542
* fix type in sudoers man page, closes: #311244
* merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
closes: #305735
* new upstream version, fixes a race condition in sudo's pathname
validation, which is a security issue (CAN-2005-1993),
closes: #315115, #315718
* new upstream version, closes: #299585
* update lintian overrides to squelch the postinst warning
* change sudoedit from a hard to a soft link, closes: #296896
* fix regex doc in sudoers man page, closes: #300361
* new upstream version
* restores ability to use config tuples without a value, which was causing
problems on upgrade closes: #283306
* deliver sudoedit, closes: #283078
* marking urgency high since 283306 is a serious upgrade incompatibility
* update pam.d deliverable so ldap works again, closes: #282191
* new upstream version, fixes a flaw in sudo's environment sanitizing that
could allow a malicious user with permission to run a shell script that
utilized the bash shell to run arbitrary commands, closes: #281665
* patch the sample sudoers to have the proper path for kill on Debian
systems, closes: #263486
* patch the sudo manpage to reflect Debian's choice of exempt_group
default setting, closes: #236465
* patch the sudo manpage to reflect Debian's choice of no timeout on the
password prompt, closes: #271194
* Jeff Bailey reports that seteuid works on current sparc systems, so we
no longer need the "grosshack" stuff in the sudo rules file
* add a postrm that removes /etc/sudoers on purge. don't do this with the
normal conffile mechanism since it would generate noise on every upgrade,
closes: #245405
* new upstream version, closes: #190265, #193222, #197244
* change from '.' to ':' in postinst chown call, closes: #208369
* add --disable-setresuid to configure call since 2.2 kernels don't support
setresgid, closes: #189044
* cosmetic cleanups to debian/rules as long as I'm there
* new upstream version
* add overrides to quiet lintian about things it doesn't understand,
except the source one that can't be overridden until 129510 is fixed
* add code to rules file to update config.sub/guess, closes: #164501
* adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
configure, and lose the build dependency on mail-transport-agent
* incorporate changes from LaMont's NMU, closes: #144665, #144737
* update init.d to not try and set time on nonexistent timestamp files,
closes: #132616
* build with --with-all-insults, admin must edit sudoers to turn insults
on at runtime if desired, closes: #135374
* stop setting /usr/doc symlink in postinst
* NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
* Revert patch to auth/pam.c that left pass uninitialized, causing a
segfault (Closes: #144665).
* new upstream version, fixes security problem with crafty prompts,
closes: #144540
* apply patch for auth/pam.c to fix yet another way to make sudo segfault
if ctrl/C'ed at password prompt, closes: #131235
* ugly hack to add --disable-saved-ids when building on sparc in response
to 131592, which will be reassigned to glibc for a real fix
* urgency high since the sudo currently in testing for sparc is worthless
* patch from upstream to fix seg faults caused by versions of pam that
follow a NULL pointer, closes: #129512
* new upstream version
* add --disable-root-mailer option supported by new version to configure
call in rules file, closes: #129648
* new upstream version, with fix for segfaulting problem in 1.6.4
* new upstream version, includes an important security fix, closes: #127576
* only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
* fix spelling error in init.d, closes: #126847
* use touch to set status files to an ancient date instead of removing them
outright on reboot. this achieves the desired effect of keeping elevated
privs from living across reboots, without forcing everyone to see the
new-sudo-user lecture after every reboot. pick a time that's 'old enough'
for systems with good clocks, and 'recent enough' that broken PC hardware
setting the clock to commonly-seen bogus dates trips over the "don't trust
future timestamps" rule. closes: #76529, #123559
* apply patch from Steve Langasek to fix seg faults due to interaction with
PAM code. upstream confirms the problem, and says they're fixing this
differently for their next release... but this should be useful in the
meantime, and would be good to get into woody. closes: #119147
* only run the init.d at boot, not on each runlevel change... and don't run
it during package configure. closes: #125935
* add DEB_BUILD_OPTIONS support to rules file, closes: #94952
* apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
* fix a typo in the manpage, closes: #97368
* apply patch to configure.in and run autoconf to fix problem building on
the hurd, closes: #96325
* add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
to not last across reboots, closes: #76529
* clean up lintian-noticed cosmetic packaging issues
* update config.sub/guess for hppa support
* new upstream version
* add build dependency on mail-transport-agent, closes: #90685
* new upstream version, fixes buffer overflow problem,
closes: #87259, #87278, #87263
* revert to using --with-secure-path option at build time, since the option
available in sudoers is parsed too late to be useful, and upstream says
it won't get fixed quickly. This reopens 85123, which I will mark as
forwarded. Closes: #86199, #86117, #85676
* lose the dh_suidregister call since it's obsolete
* stop using the --with-secure-path option at build time, and instead show
how to set it in sudoers. Closes: #85123
* freshen config.sub and config.guess for ia64 and hppa
* update sudoers man page to indicate exempt_group is on by default,
closes: #70847
* new upstream version, closes: #63940, #59175, #61817, #64652, #65743
* this version restores core dumps before the exec, while leaving them
disabled during sudo's internal execution, closes: #58289
* update debhelper calls in rules file
* new upstream source resulting from direct collaboration with the upstream
author to fix ugly pam-related problems on Debian in 1.6.1 and later.
Closes: #56129, #55978, #55979, #56550, #56772
* include more upstream documentation, closes: #55054
* pam.d fragment update, closes: #56129
* new upstream source, closes: #52750
* drop suidregister support for this package. The sudo executable is
essentially worthless unless it is setuid root, and making suidregister
work involves shipping a non-setuid executable in the .deb and setting the
perms in the postinst. On a long upgrade run, this can leave the sudo
executable 'broken' for a long time, which is unacceptable. With this
version, we ship the executable setuid root in the .deb. Closes: #51742
* new upstream version, many options previously set at compile-time are now
configurable at runtime.
Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
* FHS support
* new upstream version, closes: #43464
* empty password handling was fixed in 1.5.8, closes: #31863
* new upstream version
* new upstream version, closes 33690
* add dependency on libpam-modules, closes 34215, 33432
* update the pam fragment provided so that sudo works with latest pam bits,
closes 33432
* new upstream release
* new upstream patch release
* add PAM support, closes 28594
* update copyright file, closes 24136
* review and close forwarded bugs believed fixed in this upstream version,
closes 17606, 15786.
* new upstream release
* update postinst to use groupadd, closes 21403
* move the suidregister stuff earlier in postinst to ensure it always runs
* change /etc/sudoers from a conffile to being handled in postinst,
closes 18219
* add suidmanager support, closes 15711
* add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
unlikely to ever fix, and which just don't matter. closes 17146
* fix FSF address in copyright file, and submit exception for lintian
warning about sudo being setuid root
* patch from upstream author correcting/improving security fix
* new upstream version, includes a security fix
* change default editor from /bin/ae to /usr/bin/editor
* new upstream version, closes bug 15911.
* rules file reworked to use debhelper
* implement a really gross hack to force use of the sudo-provided
lsearch(), since the one in libc6 is broken! This closes bugs
12552, 12557, 14881, 15259, 15916.
* don't install INSTALL in the doc directory, closes bug 13195.
* libc6
* change TIMEOUT (how long before you have to type your password again)
to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
packages on slower machines much more tolerable. Closes bug 9076.
* touch debian/suid before debstd. Closes bug 8709.
* patch from upstream maintainer to close Bug 6828
* add a debian/suid file to get debstd to leave my perl postinst alone
* change rules to use -O2 -Wall as per standards
* new upstream version
* cosmetic changes to debian package control files
* add /usr/X11R6/bin to the end of the secure path... this makes it
much easier to run xmkmf, etc., during package builds. To the extent
that /usr/local/sbin and /usr/local/bin were already included, I see
no security reasons not to add this.
* New upstream version
* New maintainer
* New packaging format
Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
sudo (1.4.1-1):
* hard code SECURE_PATH to:
"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
* enable ENV_EDITOR
* enabled EXEMPTGROUP "sudo"
* moved timestamp dir to /var/log/sudo
* changed parser to check for long and short filenames (Bug#1162)
Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
sudo (1.4.2-1):
* New upstream source
* Fixed postinst script
(thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
* Removed special shadow binary. This version works with and without
shadow password file.
Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
sudo (1.4.2-2):
* Corrected editor path to /bin/ae (Bug#3062)
* Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
sudo (1.4.3-1):
* New upstream version
* Changed sudoers permission to 440 (owner root, group root) to make
sudo usable via NFS
Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
sudo (1.4.3-2):
* Applied upstream patch 1
Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
sudo (1.4.3-3):
* Applied upstream patch 2
Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
sudo (1.4.3-4):
* Applied upstream patch 3 (fixes problems with an NFS-mounted
sudoers file)
Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
sudo (1.4.3-5):
* Corrected postinst to use /usr/bin/perl instead of /bin/perl
[Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
sudo (1.4.3-6):
* Applied upstream patch 4 (fixes several bugs)
* Changed priority to optional
Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
sudo (1.4.3-7):
* Corrected postinst to create correct permission for /etc/sudoers
(Bug#3749)
Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
sudo (1.4.4-1):
* New upstream version
sudo (1.4.4-2) admin; urgency=HIGH
* Fixed major security bug reported by Peter Tobias
<tobias@et-inf.fho-emden.de>
* Added dchanges support to debian.rules
sudo (1.4.5-1) admin; urgency=LOW
* New upstream version
* Minor changes to debian.rules