Debian
sudo package

Change logs for sudo source package in Sid

Sid (98)
Change log

sudo (1.9.15p5-3) unstable; urgency=medium

  * add --with-devel configure option.
    Thanks to Bastien Roucariès (Closes: #1061272)

 -- Marc Haber <email address hidden>  Fri, 26 Jan 2024 21:10:13 +0100

sudo (1.9.15p5-2) unstable; urgency=medium

  * switch Build-Depends from systemd to systemd-dev
    Thanks to Michael Biebl (Closes: #1060511)
  * set Multi-Arch: foreign on sudo and sudo-ldap.
    Thanks to Andreas Rottmann (Closes: #1060445)
  * add debian/copyright clause for source_sudo.py.
    Oops.

 -- Marc Haber <email address hidden>  Sat, 13 Jan 2024 21:59:56 +0100

sudo (1.9.15p5-1) unstable; urgency=medium

  * new upstream version 1.9.15p5
    * This is supposed to properly malloc on hurd.
      Thanks to Martin-Éric Racine (Closes: #1057833)
  * add durch debconf translation.
    Thanks to Frans Spiesschaert (Closes: #1059567)

 -- Marc Haber <email address hidden>  Wed, 03 Jan 2024 21:40:38 +0100

sudo (1.9.15p4-2) unstable; urgency=medium

  * upload to unstable
  * use pkg-config to place systemd units.
    Thanks to Chris Hofstaedtler (Closes: #1059063)
  * Add french debconf translation.
    Thanks to bubu (Closes: #1058939)
  * fix typo in NEWS.Debian.
    Thanks to Vincent Danjean (Closes: #1058925)
  * add persian debconf translation.
    Thanks to Danial Behzadi
  * add spanish debconf translation.
    Thanks to Camaleón (Closes: #1059460)

 -- Marc Haber <email address hidden>  Wed, 27 Dec 2023 17:53:13 +0100

sudo (1.9.15p3-1) unstable; urgency=medium

  * new upstream version 1.9.15p3

 -- Marc Haber <email address hidden>  Thu, 14 Dec 2023 20:22:51 +0100

sudo (1.9.15p2-2) unstable; urgency=medium

  * upload to unstable

 -- Marc Haber <email address hidden>  Fri, 08 Dec 2023 18:31:14 +0100

sudo (1.9.14p2-1) unstable; urgency=medium

  * new upstream version

 -- Marc Haber <email address hidden>  Thu, 20 Jul 2023 00:31:52 +0200

sudo (1.9.13p3-3) unstable; urgency=medium

  * fix wrong patch to fix event log format
    (added wrongly in 1.9.13p3-2)

 -- Marc Haber <email address hidden>  Tue, 27 Jun 2023 11:43:07 +0200

sudo (1.9.13p3-1) unstable; urgency=medium

  * new upstream version:
    * Fix potential double free for CHROOT= rules
      CVE-2023-27320. (Closes: #1032163)
    * Fix --enable-static-sudoers regression
    * check for overflow as result of fuzzing efforts
    * Fix parser regression disallowing rules for user "list"
    * Fix eventloop hang if there is /dev/tty data
    * Fix sudo -l command args regression
    * Fix sudo -l -U someuser regression
    * Fix list privs regression

 -- Marc Haber <email address hidden>  Wed, 08 Mar 2023 21:17:05 +0100

sudo (1.9.13p1-1) unstable; urgency=medium

  * new upstream version 1.9.13p1
    * remove unnecessary changelog creation patch
  * remove lsb-base from dependencies

 -- Marc Haber <email address hidden>  Sat, 18 Feb 2023 13:03:19 +0100

sudo (1.9.12p2-1) unstable; urgency=high

  * new upstream version 1.9.12p2
  * this fixes CVE-2023-22809:
    Sudoedit can edit arbitrary files

 -- Marc Haber <email address hidden>  Wed, 18 Jan 2023 16:19:23 +0100

sudo (1.9.12p1-1) unstable; urgency=low

  * new upstream version 1.9.12p1
  * update patches
  * update debian/copyright
  * Add upstream patch to silence libgcrypt error message.
    Thanks to Francesco P. Lovergine (Closes: #1019428)
  * Standards-Version: 4.6.2 (no changes necessary)
  * clean out obsolete lintian overrides
  * Add patch to disable regeneration of upstream ChangeLog from git.
    Thanks to Gioele Barabucci (Closes: #1025740)
  * remove extra whitespace from debconf-get-selections output.
  * add autopkgtest for sudo with sssd (Closes: #1004910)

  [ Niels Thykier ]
  * Support building sudo without (fake)root.

  [ Gioele Barabucci ]
  * Use dh_installnss to add ldap to sudoers NSS database
  * Add libnss-sudo package. (Closes: #1023524)

 -- Marc Haber <email address hidden>  Sun, 15 Jan 2023 13:58:48 +0100

sudo (1.9.11p3-2) unstable; urgency=medium

  * Add upstream patch to silence libgcrypt error message.
    Thanks to Francesco P. Lovergine (Closes: #1019428)
  * Standards-Version: 4.6.1 (no changes necessary)
  * clean out obsolete lintian overrides

 -- Marc Haber <email address hidden>  Mon, 10 Oct 2022 13:25:05 +0200

sudo (1.9.11p3-1) unstable; urgency=low

  * new upstream version 1.9.11p3

 -- Marc Haber <email address hidden>  Wed, 23 Mar 2022 10:50:16 +0100

sudo (1.9.10-3) unstable; urgency=medium

  * some changes to 03-getroot-ldap autopkgtest to find out
    about ppc64el failure

 -- Marc Haber <email address hidden>  Wed, 23 Mar 2022 10:38:39 +0100

sudo (1.9.10-2) unstable; urgency=medium

  * upload to unstable (fixed autopkgtest is needed to allow
    adduser to migrate)

 -- Marc Haber <email address hidden>  Mon, 21 Mar 2022 11:49:06 +0100

sudo (1.9.9-1) unstable; urgency=medium

  * new upstream version
    * audit plugin now handles unresolvable hostname better
      Thanks to Sven Mueller (Closes: #1001969)
    * better document environment handling.
      Thanks to Arnout Engelen (Closes: #659101)
    * README files now come as markdown
    * schemas are now in docs subdirectory
    * LICENSE is now LICENSE.md

  [ Marc Haber ]
  * refresh patches
    * mark paths-in-samples.diff expicitly as not forwarded
  * have systemd-tmpfiles clean up /run/sudo on boot
  * lintian overrides:
    * improve 'em in various places
    * give better explanations
    * override long line warnings
    * override typo warning for a literal film quote
    * use correct lintian tag for override init script without unit
  * init script / systemd units
    * guarantee init script no-op on systemd systems
    * mask sysv init script on systemd systems in postinst
      instead of debian/rules
    * actually remove masking of service in postrm
  * maintainer scripts
    * document when .dist file removal was added to that
      it can be eventually removed
    * document when alternative removal was added to that
      it can be eventually removed
  * add a test to check for presence of #1003969
  * Standards-Version: 4.6.0 (no changes)
  * use uscan version 4
  * honor nocheck DEB_BUILD_OPTION

  [ Hilko Bengen ]
  * More improvement for Lintian overrides
  * Convert debian/copyright to machine-readable format, using
    information from upstream-provided LICENSE.md file

 -- Marc Haber <email address hidden>  Mon, 31 Jan 2022 20:19:55 +0100

sudo (1.9.8p2-1) unstable; urgency=medium

  * add more autopkgtests (especially for LDAP)
  * improve existing autopkgtests
  * debian/patches:
    * Remove typo-in-classic-insults.diff, reflectinc upstream's decision
      to not fix the typo as a way of remembering Evi Nemeth.
    * remove unneeded sudo-success_return. patch
    * mark debian/patches/sudo-ldap-docs as Forwarded: not-needed
    * add DEP3 headers
  * mention #1001858 in sudo.prerm
  * comment some lintian-overrides with unclear results

 -- Marc Haber <email address hidden>  Sat, 18 Dec 2021 14:55:08 +0100

sudo (1.9.5p2-3) unstable; urgency=medium

  * new maintainer team and uploaders (Closes: #976244)
    * sudo is now team maintained
    * add Uploaders field
    * move salsa repo to team-sudo group
  * refresh patches
  * Adapt README.LDAP to the actual state of sudo-ldap (Closes: #442871)
  * add Apport hook.
    Thanks to Balint Reczey (Closes: 881671)

 -- Marc Haber <email address hidden>  Sat, 27 Feb 2021 09:28:03 +0100

sudo (1.9.5p2-2) unstable; urgency=medium

  * patch from upstream repo to fix NO_ROOT_MAILER

 -- Bdale Garbee <email address hidden>  Fri, 29 Jan 2021 18:12:32 -0700

sudo (1.9.5p2-1) unstable; urgency=high

  * new upstream version, addresses CVE-2021-3156

 -- Bdale Garbee <email address hidden>  Tue, 26 Jan 2021 21:20:05 -0700

sudo (1.9.5p1-1.1) unstable; urgency=high

  * Non-maintainer upload.
  * Heap-based buffer overflow (CVE-2021-3156)
    - Reset valid_flags to MODE_NONINTERACTIVE for sudoedit
    - Add sudoedit flag checks in plugin that are consistent with front-end
    - Fix potential buffer overflow when unescaping backslashes in user_args
    - Fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL
    - Don't assume that argv is allocated as a single flat buffer

 -- Salvatore Bonaccorso <email address hidden>  Wed, 20 Jan 2021 10:11:47 +0100

sudo (1.9.5p1-1) unstable; urgency=medium

  * new upstream version, closes: #980028

 -- Bdale Garbee <email address hidden>  Wed, 13 Jan 2021 01:09:19 -0700

sudo (1.9.5-1) unstable; urgency=medium

  * new upstream version

 -- Bdale Garbee <email address hidden>  Mon, 11 Jan 2021 15:15:48 -0700

sudo (1.9.4p2-2) unstable; urgency=medium

  * always use /bin/mv to ensure reproducible builds whether built on a
    usrmerge or non-usrmerge system, closes: #976307

 -- Bdale Garbee <email address hidden>  Sun, 03 Jan 2021 09:11:13 -0700

sudo (1.9.4p2-1) unstable; urgency=medium

  * new upstream version

 -- Bdale Garbee <email address hidden>  Sun, 20 Dec 2020 17:43:54 -0700

sudo (1.9.4p1-1) unstable; urgency=medium

  * new upstream version

 -- Bdale Garbee <email address hidden>  Thu, 17 Dec 2020 17:35:55 -0700

sudo (1.9.4-1) unstable; urgency=medium

  * new upstream version

 -- Bdale Garbee <email address hidden>  Tue, 01 Dec 2020 22:10:03 -0500

sudo (1.9.3p1-1) unstable; urgency=medium

  * new upstream version

 -- Bdale Garbee <email address hidden>  Thu, 24 Sep 2020 11:10:02 -0600

sudo (1.9.3-1) unstable; urgency=medium

  * new upstream version
  * make the comment match the text in default sudoers, closes: #964922
  * enable zlib, closes: #846077

 -- Bdale Garbee <email address hidden>  Mon, 21 Sep 2020 17:11:30 -0600

sudo (1.9.1-2) unstable; urgency=medium

  * change # to @ on includedir in default sudoers to reduce confusion with
    a comment, such as in 964922

 -- Bdale Garbee <email address hidden>  Sun, 12 Jul 2020 09:52:08 -0600

sudo (1.9.1-1) unstable; urgency=medium

  * new upstream version

 -- Bdale Garbee <email address hidden>  Fri, 19 Jun 2020 15:44:09 -0600

sudo (1.9.0-1) unstable; urgency=medium

  * new upstream version, closes: #669687, #571621, #734752

 -- Bdale Garbee <email address hidden>  Wed, 13 May 2020 18:34:59 -0600

sudo (1.8.31p1-1) unstable; urgency=medium

  * new upstream version

 -- Bdale Garbee <email address hidden>  Thu, 19 Mar 2020 15:47:17 -0600

sudo (1.8.31-1) unstable; urgency=medium

  * new upstream version

 -- Bdale Garbee <email address hidden>  Sat, 01 Feb 2020 23:07:09 -0800

sudo (1.8.29-1) unstable; urgency=medium

  * new upstream version
  * make --libexecdir use /usr/lib instead of /usr/lib/sudo, closes: #943313

 -- Bdale Garbee <email address hidden>  Mon, 28 Oct 2019 19:27:42 -0600

sudo (1.8.28p1-1) unstable; urgency=medium

  * new upstream version

 -- Bdale Garbee <email address hidden>  Tue, 22 Oct 2019 16:13:34 -0600

sudo (1.8.27-1.1) unstable; urgency=high

  * Non-maintainer upload.
  * Treat an ID of -1 as invalid since that means "no change" (CVE-2019-14287)
    (Closes: #942322)
  * Fix test failure in plugins/sudoers/regress/testsudoers/test5.sh

 -- Salvatore Bonaccorso <email address hidden>  Mon, 14 Oct 2019 21:10:58 +0200

sudo (1.8.27-1) unstable; urgency=medium

  * new upstream version

 -- Bdale Garbee <email address hidden>  Sat, 12 Jan 2019 11:10:05 -0700

sudo (1.8.26-2) unstable; urgency=medium

  * patch from upstream to fix man page truncation, closes: #914469

 -- Bdale Garbee <email address hidden>  Fri, 23 Nov 2018 14:59:17 -0700

sudo (1.8.26-1) unstable; urgency=medium

  [Bdale Garbee]
  * new upstream version

  [Ondřej Nový]
  * d/changelog: Remove trailing whitespaces
  * d/control: Remove trailing whitespaces
  * d/rules: Remove trailing whitespaces

 -- Bdale Garbee <email address hidden>  Mon, 19 Nov 2018 00:32:06 -1000

sudo (1.8.23-2) unstable; urgency=high

  * fix FTBFS due to earlier sudoers2ldif removal, closes: #903415

 -- Bdale Garbee <email address hidden>  Sat, 21 Jul 2018 11:22:37 -0600

sudo (1.8.23-1) unstable; urgency=medium

  * new upstream version

 -- Bdale Garbee <email address hidden>  Mon, 30 Apr 2018 20:55:10 -0600

sudo (1.8.21p2-3) unstable; urgency=medium

  * include sssd support in the sudo-ldap build too, closes: #884741

 -- Bdale Garbee <email address hidden>  Mon, 18 Dec 2017 21:55:18 -0700

sudo (1.8.21p2-2) unstable; urgency=medium

  * work harder to clean up mess left by sudo-ldap using /etc/init.d/sudo 
    prior to version 1.8.7-1, closes: #877516

 -- Bdale Garbee <email address hidden>  Mon, 02 Oct 2017 13:02:27 -0600

sudo (1.8.21p2-1) unstable; urgency=medium

  * new upstream version, closes: #873623, #873600, #874000
  * remove legacy /etc/sudoers.dist we no longer deliver, closes: #873561

 -- Bdale Garbee <email address hidden>  Thu, 07 Sep 2017 10:42:19 -0600

sudo (1.8.21-1) unstable; urgency=medium

  [ Bdale Garbee ]
  * new upstream version
  * don't deliver /etc/sudoers.dist, closes: #862309
  * whitelist DPKG_COLORS env var, closes: #823368

  [ Laurent Bigonville ]
  * debian/sudo*.postinst: Drop /var/run/sudo -> /var/lib/sudo migration code,
    this migration happened in 2010 and that code is not necessary anymore
  * Move timestamp files to /run/sudo, with systemd the directory is
    created/cleaned by tmpfiles.d now, the sudo initscript/service is not
    doing anything in that case anymore (Closes: #786555)
  * debian/sudo*.postinst: Move the debhelper marker before the creation of
    the sudo group, this way the snippets added by debhelper will be executed
    even if the group already exists. (Closes: #870456)

 -- Bdale Garbee <email address hidden>  Mon, 28 Aug 2017 09:44:06 -0600

sudo (1.8.20p2-1) unstable; urgency=medium

  * new upstream version

 -- Bdale Garbee <email address hidden>  Thu, 08 Jun 2017 11:57:02 -0600

sudo (1.8.20p1-1.1) unstable; urgency=high

  * Non-maintainer upload.
  * Use /proc/self consistently on Linux
  * CVE-2017-1000368: Arbitrary terminal access (Closes: #863897)

 -- Salvatore Bonaccorso <email address hidden>  Mon, 05 Jun 2017 14:19:33 +0200

sudo (1.8.20p1-1) unstable; urgency=high

  * New upstream version with fix for CVE-2017-1000367, closes: #863731

 -- Bdale Garbee <email address hidden>  Tue, 30 May 2017 14:41:58 -0600

sudo (1.8.20-1) unstable; urgency=medium

  * New upstream version

 -- Bdale Garbee <email address hidden>  Wed, 10 May 2017 10:25:46 -0600

sudo (1.8.19p1-1) unstable; urgency=medium

  * new upstream version

 -- Bdale Garbee <email address hidden>  Fri, 13 Jan 2017 11:12:49 -0700

sudo (1.8.19-1) unstable; urgency=medium

  * new upstream version

 -- Bdale Garbee <email address hidden>  Mon, 19 Dec 2016 13:00:21 -0700

sudo (1.8.18p1-2) unstable; urgency=medium

  * merge work done by Balint Reczey in parallel / conflict with my offline work

 -- Bdale Garbee <email address hidden>  Thu, 15 Dec 2016 19:08:46 -0700

sudo (1.8.17p1-2) unstable; urgency=medium

  * merge 1.8.15-1.1 NMU changes 

 -- Bdale Garbee <email address hidden>  Tue, 05 Jul 2016 16:01:55 +0200

sudo (1.8.17p1-1) unstable; urgency=low

  * new upstream version, closes: #805563
  * build-depend on the new mandoc package so we can rebuild man pages 
    properly if needed, closes: #809984

 -- Bdale Garbee <email address hidden>  Tue, 05 Jul 2016 16:01:55 +0200

sudo (1.8.15-1.1) unstable; urgency=medium

  * Non-maintainer upload
  * Disable editing of files via user-controllable symlinks
    (Closes: #804149) (CVE-2015-5602)
    - Fix directory writability checks for sudoedit
    - Enable sudoedit directory writability checks by default

 -- Ben Hutchings <email address hidden>  Mon, 04 Jan 2016 23:36:50 +0000

sudo (1.8.15-1) unstable; urgency=low

  * new upstream version, closes: #804149
  * use --with-exampledir to deliver example files more cleanly

 -- Bdale Garbee <email address hidden>  Wed, 23 Dec 2015 11:15:22 -0700

sudo (1.8.12-1) unstable; urgency=low


  * new upstream version, closes: #772707, #773383
  * patch from Christian Kastner to fix sudoers handling error when moving
    between sudo and sudo-ldap packages, closes: #776137

 -- Bdale Garbee <email address hidden>  Mon, 23 Feb 2015 08:56:06 -0700

sudo (1.8.11p2-1.1) unstable; urgency=medium


  * Non-maintainer upload.
  * Backports upstream's fix for host specifications using a FQDN. These were
    no longer working since 1.8.8. Closes: #731583

 -- Christian Kastner <email address hidden>  Fri, 05 Dec 2014 15:23:51 +0100

sudo (1.8.11p2-1) unstable; urgency=low


  * new upstream version

 -- Bdale Garbee <email address hidden>  Thu, 30 Oct 2014 11:14:06 -0700

sudo (1.8.11p1-2) unstable; urgency=low


  * patch from Jakub Wilk to fix 'ignoring time stamp from the future'
    messages, closes: #762465
  * upstream patch forwarded by Laurent Bigonville that fixes problem with
    Linux kernel auditing code, closes: #764817

 -- Bdale Garbee <email address hidden>  Mon, 20 Oct 2014 11:06:44 -0600

sudo (1.8.11p1-1) unstable; urgency=low


  * new upstream version, closes: #764286
  * fix typo in German translation, closes: #761601

 -- Bdale Garbee <email address hidden>  Fri, 10 Oct 2014 10:16:08 -0600

sudo (1.8.10p3-1) unstable; urgency=low


  * new upstream release
  * add hardening=+all to match login and su
  * updated VCS URLs and crypto verified watch file, closes: #747473
  * harmonize configure options for LDAP version to match non-LDAP version,
    in particular stop using --with-secure-path and add configure_args
  * enable audit support on Linux systems, closes: #745779
  * follow upstream change from --with-timedir to --with-rundir

 -- Bdale Garbee <email address hidden>  Sun, 14 Sep 2014 10:20:15 -0600

sudo (1.8.9p5-1) unstable; urgency=low


  * new upstream release, closes: #735328

 -- Bdale Garbee <email address hidden>  Tue, 04 Feb 2014 11:46:19 -0700

sudo (1.8.9p4-1) unstable; urgency=low


  * new upstream release, closes: #732008

 -- Bdale Garbee <email address hidden>  Wed, 15 Jan 2014 14:55:25 -0700

sudo (1.8.9p3-1) unstable; urgency=low


  * new upstream release

 -- Bdale Garbee <email address hidden>  Mon, 13 Jan 2014 14:49:42 -0700

sudo (1.8.8-2) unstable; urgency=low


  * fix touch errors on boot, closes: #725193

 -- Bdale Garbee <email address hidden>  Tue, 08 Oct 2013 20:11:38 -0600

sudo (1.8.8-1) unstable; urgency=low


  * new upstream release

 -- Bdale Garbee <email address hidden>  Mon, 30 Sep 2013 23:08:49 -0600

sudo (1.8.7-4) unstable; urgency=low


  * looks like we actually need both --with-sssd and --with-sssd-lib,
    closes: #719987, #724763

 -- Bdale Garbee <email address hidden>  Fri, 27 Sep 2013 11:48:55 -0600

sudo (1.8.7-3) unstable; urgency=low


  * use --with-sssd-lib to help sudo find libsss-sudo in multiarch path,
    closes: #719987

 -- Bdale Garbee <email address hidden>  Sat, 17 Aug 2013 15:38:53 +0200

sudo (1.8.7-2) unstable; urgency=low


  * let debhelper scripts manage the update-rc.d calls, closes: #719755

 -- Bdale Garbee <email address hidden>  Fri, 16 Aug 2013 01:48:23 +0200

sudo (1.8.7-1) unstable; urgency=low


  * new upstream version, closes: #715157, #655879
  * make sudo-ldap package's init.d script be called sudo-ldap
  * add sssd support to sudo, closes: #719574
  * recognize lenny, squeeze, and wheezy unmodified sudoers, closes: #660594

 -- Bdale Garbee <email address hidden>  Wed, 14 Aug 2013 00:01:14 +0200

sudo (1.8.5p2-1+nmu1) unstable; urgency=high


  * Non-maintainer upload by the Security Team.
  * Fix cve-2013-1775: authentication bypass when the clock is set to the UNIX
    epoch [00:00:00 UTC on 1 January 1970] (closes: #701838).
  * Fix cve-2013-1776: session id hijacking from another authorized tty
    (closes: #701839).

 -- Michael Gilbert <email address hidden>  Fri, 01 Mar 2013 03:26:37 +0000

sudo (1.8.5p2-1) unstable; urgency=low


  * new upstream version
  * patch to use flock on hurd, run autoconf in rules, closes: #655883
  * patch to avoid calling unlink with null pointer on hurd, closes: #655948
  * patch to actually use hardening build flags, closes: #655417
  * fix sudo-ldap.postinst syntax issue, closes: #669576

 -- Bdale Garbee <email address hidden>  Thu, 28 Jun 2012 12:01:37 -0600

sudo (1.8.3p2-1.1) unstable; urgency=high


  * Non-maintainer upload.
  * SECURITY UPDATE: Properly handle netmasks in sudoers Host and Host_List
    values (LP: #1000276, Closes: #673766, CVE-2012-2337)
    - debian/patches/CVE-2012-2337.patch: Don't perform IPv6 checks on IPv4
      addresses. Based on upstream patch.

 -- Dmitrijs Ledkovs <email address hidden>  Tue, 22 May 2012 12:23:00 +0100

sudo (1.8.3p2-1) unstable; urgency=high


  * new upstream version, closes: #657985 (CVE-2012-0809)
  * patch from Pino Toscano to only use selinux on Linux, closes: #655894

 -- Bdale Garbee <email address hidden>  Mon, 30 Jan 2012 16:11:54 -0700

sudo (1.8.3p1-3) unstable; urgency=low


  * patch from Moritz Muehlenhoff enables hardened build flags, closes: #655417
  * replacement postinst script from Mike Beattie using shell instead of Perl
  * include systemd service file from Michael Stapelberg, closes: #639633
  * add init.d status support, closes: #641782
  * make sudo-ldap package manage a sudoers entry in nsswitch.conf,
    closes: #610600, #639530
  * enable mail_badpass in the default sudoers file, closes: #641218
  * enable selinux support, closes: #655510

 -- Bdale Garbee <email address hidden>  Wed, 11 Jan 2012 16:18:13 -0700

sudo (1.8.3p1-2) unstable; urgency=low


  * if upgrading from squeeze, and the sudoers file is unmodified, avoid
    the packaging system prompting the user about a change they didn't make
    now that sudoers is a conffile, closes: #612532, #636049
  * add a recommendation for the use of visudo to the sudoers.d/README file,
    closes: #648104

 -- Bdale Garbee <email address hidden>  Sat, 12 Nov 2011 16:27:13 -0700

sudo (1.8.3p1-1) unstable; urgency=low


  * new upstream version, closes: #646478

 -- Bdale Garbee <email address hidden>  Thu, 27 Oct 2011 01:03:44 +0200

sudo (1.8.3-1) unstable; urgency=low


  * new upstream version, closes: #639391, #639568

 -- Bdale Garbee <email address hidden>  Sat, 22 Oct 2011 23:49:16 -0600

sudo (1.8.2-2) unstable; urgency=low


  [ Luca Capello ]
  * debian/rules improvements, closes: #642535
    + mv upstream sample.* files to the examples folder.
    - do not call dh_installexamples.

  [ Bdale Garbee ]
  * patch from upstream for SIGBUS on sparc64, closes: #640304
  * use common-session-noninteractive in the pam config to reduce log noise
    when sudo is used in cron, etc, closes: #519700
  * patch from Steven McDonald to fix segfault on startup under certain
    conditions, closes: #639568
  * add a NEWS entry regarding the secure_path change made in 1.8.2-1, 
    closes: #639336

 -- Bdale Garbee <email address hidden>  Mon, 26 Sep 2011 21:55:56 -0600

sudo (1.8.2-1) unstable; urgency=low


  * new upstream version, closes: #637449, #621830
  * include common-session in pam config, closes: #519700, #607199
  * move secure_path from configure to default sudoers, closes: #85123, 85917
  * improve sudoers self-documentation, closes: #613639
  * drop --disable-setresuid since modern systems should not run 2.2 kernels
  * lose the --with-devel configure option since it's breaking builds in
    subdirectories for some reason

 -- Bdale Garbee <email address hidden>  Wed, 24 Aug 2011 13:33:11 -0600

sudo (1.7.4p6-1) unstable; urgency=low
  * new upstream version  * touch the right stamp name after configuring, closes: #611287  * patch from Svante Signell to fix build problem on Hurd, closes: #611290 -- Bdale Garbee <email address hidden>  Wed, 09 Feb 2011 11:32:58 -0700

sudo (1.7.4p4-6) unstable; urgency=low
  * update /etc/sudoers.d/README now that sudoers is a conffile  * patch from upstream to fix special case in password checking code    when only the gid is changing, closes: #609641 -- Bdale Garbee <email address hidden>  Tue, 11 Jan 2011 10:22:39 -0700

sudo (1.7.4p4-5) unstable; urgency=low
  * patch from Jakub Wilk to add noopt and nostrip build option support,    closes: #605580  * make sudoers a conffile, closes: #605130  * add descriptions to LSB init headers, closes: #604619  * change default sudoers %sudo entry to allow gid changes, closes: #602699  * add Vcs entries to the control file  * use debhelper install files instead of explicit installs in rules -- Bdale Garbee <email address hidden>  Wed, 01 Dec 2010 20:32:31 -0700

sudo (1.7.4p4-4) unstable; urgency=low


  * patch from upstream to resolve problem always prompting for a password
    when run without a tty, closes: #599376
  * patch from upstream to resolve interoperability problem between HOME in
    env_keep and the -H flag, closes: #596493
  * change path syntax to avoid tar error when /var/run/sudo exists but is
    empty, closes: #598877

 -- Bdale Garbee <email address hidden>  Thu, 07 Oct 2010 15:59:06 -0600

sudo (1.7.4p4-3) unstable; urgency=low


  * make postinst clause for handling /var/run -> /var/lib transition less
    fragile, closes: #585514
  * cope with upstream's Makefile trying to install ChangeLog in our doc
    directory, closes: #597389
  * fix README.Debian to reflect that HOME is no longer preserved by default,
    closes: #596847

 -- Bdale Garbee <email address hidden>  Tue, 21 Sep 2010 23:53:08 -0600

sudo (1.7.4p4-2) unstable; urgency=low


  * add a NEWS item about change in $HOME handling that impacts programs
    like pbuilder

 -- Bdale Garbee <email address hidden>  Wed, 08 Sep 2010 14:29:16 -0600

sudo (1.7.4p4-1) unstable; urgency=high


  * new upstream version, urgency high due to fix for flaw in Runas group 
    matching (CVE-2010-2956), closes: #595935
  * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
    re-lecturing existing users, and to clean up after ourselves on upgrade,
    and remove the RAMRUN section from README.Debian since the new state dir
    should fix the original problem, closes: #585514
  * deliver README.Debian to both package flavors, closes: #593579

 -- Bdale Garbee <email address hidden>  Tue, 07 Sep 2010 12:22:42 -0600

sudo (1.7.2p7-1) unstable; urgency=high


  * new upstream release with security fix for secure path (CVE-2010-1646),
    closes: #585394
  * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
    about whether to give the lecture is preserved across reboots even when
    RAMRUN is set, closes: #581393
  * add a note to README.Debian about LDAP needing an entry in 
    /etc/nsswitch.conf, closes: #522065
  * add a note to README.Debian about how to turn off lectures if using
    RAMRUN in /etc/default/rcS, closes: #581393

 -- Bdale Garbee <email address hidden>  Thu, 10 Jun 2010 15:42:14 -0600

sudo (1.7.2p6-1) unstable; urgency=low


  * new upstream version fixing CVE-2010-1163, closes: #578275, #570737

 -- Bdale Garbee <email address hidden>  Mon, 19 Apr 2010 10:45:47 -0600

sudo (1.7.2p5-1) unstable; urgency=low


  * new upstream release, closes a bug filed upstream regarding missing man 
    page processing scripts in the 1.7.2p1 tarball, also includes the fix
    for CVE-2010-0426 previously the subject of a security team nmu
  * move to source format 3.0 (quilt) and restructure changes as patches
  * fix unprocessed substitution variables in man pages, closes: #557204
  * apply patch from Neil Moore to fix Debian-specific content in the
    visudo man page, closes: #555013
  * update descriptions to better explain sudo-ldap, closes: #573108
  * eliminate spurious 'and' in man page, closes: #571620
  * fix confusing text in default sudoers, closes: #566607

 -- Bdale Garbee <email address hidden>  Thu, 11 Mar 2010 15:44:53 -0700

sudo (1.7.2p1-1.2) unstable; urgency=high


  * Non-maintainer upload by the Security Team.
  * Fixed CVE-2010-0426: verify path for the 'sudoedit' pseudo-command
    (Closes: #570737)

 -- Giuseppe Iuculano <email address hidden>  Tue, 02 Mar 2010 14:57:17 +0100

sudo (1.7.2p1-1) unstable; urgency=low


  * new upstream version
  * add support for /etc/sudoers.d using #includedir in default sudoers, 
    which I think is also a good solution to the request for a crontab-like
    API requested in March of 2001, closes: #539994, #271813, #89743
  * move init.d script from using rcS.d to rc[0-6].d, closes: #542924

 -- Bdale Garbee <email address hidden>  Mon, 31 Aug 2009 14:09:32 -0600

sudo (1.7.2-2) unstable; urgency=low


  * further improve initial sudoers to not include the NOPASSWD option on 
    the group sudo exception, closes: #539136, #198991

 -- Bdale Garbee <email address hidden>  Wed, 29 Jul 2009 16:21:04 +0200

sudo (1.7.2-1) unstable; urgency=low


  * new upstream version, closes: #537103
  * improve initial sudoers by having the exemption for users in group
    sudo on by default, and including the ability to run any command as
    any user.  This makes the default install roughly equivalent to our 
    old use of the --with-exempt=sudo build option, closes: #536220, #536222

 -- Bdale Garbee <email address hidden>  Wed, 15 Jul 2009 01:29:46 -0600

sudo (1.7.0-1) unstable; urgency=low


  * new upstream version, closes: #510179, #128268, #520274, #508514
  * fix ldap config file path for sudo-ldap package, including creating
    a symlink in postinst and cleaning it up in postrm for the sudo-ldap
    package, closes: #430826
  * fix NOPASSWD entry location in default config file for the sudo-ldap
    instance too, closes: #479616

 -- Bdale Garbee <email address hidden>  Sat, 28 Mar 2009 15:15:01 -0600

sudo (1.6.9p17-2) unstable; urgency=high


  * patch from upstream to fix privilege escalation with certain configurations
  * typo in sudoers man page, closes: #507163

 -- Bdale Garbee <email address hidden>  Tue, 27 Jan 2009 11:49:02 -0700

sudo (1.6.9p17-1) unstable; urgency=low


  * new upstream version, closes: #481008
  * deliver schemas to doc directory in sudo-ldap package, closes: #474331
  * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
    in move from CVS to git for package management, closes: #475821
  * re-instate the init.d for the sudo-ldap package too... /o\

 -- Bdale Garbee <email address hidden>  Sun, 06 Jul 2008 01:16:31 -0600

Debiansudo package

Change logs for sudo source package in Sid

Debian
sudo package