1. 12 Feb, 2020 1 commit
  2. 02 Feb, 2020 1 commit
  3. 22 Oct, 2019 1 commit
    • Salvatore Bonaccorso's avatar
      Import Debian changes 1.8.27-1+deb10u1 · 03567225
      Salvatore Bonaccorso authored
      sudo (1.8.27-1+deb10u1) buster-security; urgency=high
      
        * Non-maintainer upload by the Security Team.
        * Treat an ID of -1 as invalid since that means "no change" (CVE-2019-14287)
        * Fix test failure in plugins/sudoers/regress/testsudoers/test5.sh
      03567225
  4. 12 Oct, 2019 1 commit
    • Salvatore Bonaccorso's avatar
      Import Debian changes 1.8.27-1+deb10u1 · f2b97f20
      Salvatore Bonaccorso authored
      sudo (1.8.27-1+deb10u1) buster-security; urgency=high
      
        * Non-maintainer upload by the Security Team.
        * Treat an ID of -1 as invalid since that means "no change" (CVE-2019-14287)
        * Fix test failure in plugins/sudoers/regress/testsudoers/test5.sh
      f2b97f20
  5. 17 Aug, 2019 1 commit
  6. 01 Jun, 2019 1 commit
  7. 12 Jan, 2019 1 commit
  8. 02 Aug, 2019 1 commit
  9. 31 May, 2019 1 commit
  10. 23 Nov, 2018 1 commit
    • Bdale Garbee's avatar
      Import Debian changes 1.8.26-2 · 70aac007
      Bdale Garbee authored
      sudo (1.8.26-2) unstable; urgency=medium
      
        * patch from upstream to fix man page truncation, closes: #914469
      
      sudo (1.8.26-1) unstable; urgency=medium
      
        [Bdale Garbee]
        * new upstream version
      
        [Ondřej Nový]
        * d/changelog: Remove trailing whitespaces
        * d/control: Remove trailing whitespaces
        * d/rules: Remove trailing whitespaces
      
      sudo (1.8.23-2) unstable; urgency=high
      
        * fix FTBFS due to earlier sudoers2ldif removal, closes: #903415
      
      sudo (1.8.23-1) unstable; urgency=medium
      
        * new upstream version
      
      sudo (1.8.21p2-3) unstable; urgency=medium
      
        * include sssd support in the sudo-ldap build too, closes: #884741
      
      sudo (1.8.21p2-2) unstable; urgency=medium
      
        * work harder to clean up mess left by sudo-ldap using /etc/init.d/sudo
          prior to version 1.8.7-1, closes: #877516
      
      sudo (1.8.21p2-1) unstable; urgency=medium
      
        * new upstream version, closes: #873623, #873600, #874000
        * remove legacy /etc/sudoers.dist we no longer deliver, closes: #873561
      
      sudo (1.8.21-1) unstable; urgency=medium
      
        [ Bdale Garbee ]
        * new upstream version
        * don't deliver /etc/sudoers.dist, closes: #862309
        * whitelist DPKG_COLORS env var, closes: #823368
      
        [ Laurent Bigonville ]
        * debian/sudo*.postinst: Drop /var/run/sudo -> /var/lib/sudo migration code,
          this migration happened in 2010 and that code is not necessary anymore
        * Move timestamp files to /run/sudo, with systemd the directory is
          created/cleaned by tmpfiles.d now, the sudo initscript/service is not
          doing anything in that case anymore (Closes: #786555)
        * debian/sudo*.postinst: Move the debhelper marker before the creation of
          the sudo group, this way the snippets added by debhelper will be executed
          even if the group already exists. (Closes: #870456)
      
      sudo (1.8.20p2-1) unstable; urgency=medium
      
        * new upstream version
      
      sudo (1.8.20p1-1.1) unstable; urgency=high
      
        * Non-maintainer upload.
        * Use /proc/self consistently on Linux
        * CVE-2017-1000368: Arbitrary terminal access (Closes: #863897)
      
      sudo (1.8.20p1-1) unstable; urgency=high
      
        * New upstream version with fix for CVE-2017-1000367, closes: #863731
      
      sudo (1.8.20-1) unstable; urgency=medium
      
        * New upstream version
        * patch from Helmut Grohne to fix cross-building issues, closes: #847131
          + Let dh_auto_configure pass --host to configure
          + Honour DEB_BUILD_OPTIONS=nocheck
      
      sudo (1.8.19p1-1) unstable; urgency=medium
      
        * new upstream version
      
      sudo (1.8.19-1) unstable; urgency=medium
      
        * new upstream version
      
      sudo (1.8.18p1-2) unstable; urgency=medium
      
        * merge work done by Balint Reczey in parallel / conflict with my offline work
      
      sudo (1.8.18p1-1) unstable; urgency=medium
      
        * new upstream version
        * explicitly depend on lsb-base since we use init-functions
        * move to latest debhelper compat level
      
      sudo (1.8.17p1-2) unstable; urgency=medium
      
        * merge 1.8.15-1.1 NMU changes
      
      sudo (1.8.17p1-1) unstable; urgency=low
      
        * new upstream version, closes: #805563
        * build-depend on the new mandoc package so we can rebuild man pages
          properly if needed, closes: #809984
      
      sudo (1.8.15-1.1) unstable; urgency=medium
      
        * Non-maintainer upload
        * Disable editing of files via user-controllable symlinks
          (Closes: #804149) (CVE-2015-5602)
          - Fix directory writability checks for sudoedit
          - Enable sudoedit directory writability checks by default
      
      sudo (1.8.15-1) unstable; urgency=low
      
        * new upstream version, closes: #804149
        * use --with-exampledir to deliver example files more cleanly
      
      sudo (1.8.12-1) unstable; urgency=low
      
        * new upstream version, closes: #772707, #773383
        * patch from Christian Kastner to fix sudoers handling error when moving
          between sudo and sudo-ldap packages, closes: #776137
      
      sudo (1.8.11p2-1) unstable; urgency=low
      
        * new upstream version
      
      sudo (1.8.11p1-2) unstable; urgency=low
      
        * patch from Jakub Wilk to fix 'ignoring time stamp from the future'
          messages, closes: #762465
        * upstream patch forwarded by Laurent Bigonville that fixes problem with
          Linux kernel auditing code, closes: #764817
      
      sudo (1.8.11p1-1) unstable; urgency=low
      
        * new upstream version, closes: #764286
        * fix typo in German translation, closes: #761601
      
      sudo (1.8.10p3-1) unstable; urgency=low
      
        * new upstream release
        * add hardening=+all to match login and su
        * updated VCS URLs and crypto verified watch file, closes: #747473
        * harmonize configure options for LDAP version to match non-LDAP version,
          in particular stop using --with-secure-path and add configure_args
        * enable audit support on Linux systems, closes: #745779
        * follow upstream change from --with-timedir to --with-rundir
      
      sudo (1.8.9p5-1) unstable; urgency=low
      
        * new upstream release, closes: #735328
      
      sudo (1.8.9p4-1) unstable; urgency=low
      
        * new upstream release, closes: #732008
      
      sudo (1.8.9p3-1) unstable; urgency=low
      
        * new upstream release
      
      sudo (1.8.9~rc1-1) experimental; urgency=low
      
        * upstream release candidate
      
      sudo (1.8.9~b2-1) experimental; urgency=low
      
        * upstream beta release
        * update Debian standards version
        * squelch lintian complaint about missing sudo-ldap systemd service, since
          the service file is always called 'sudo.service'
      
      sudo (1.8.9~b1-1) experimental; urgency=low
      
        * upstream beta release
      
      sudo (1.8.8-3) unstable; urgency=low
      
        * document in README.Debian that the sssd support is enabled in the sudo
          package, not in the sudo-ldap package, closes: #728289
      
      sudo (1.8.8-2) unstable; urgency=low
      
        * fix touch errors on boot, closes: #725193
      
      sudo (1.8.8-1) unstable; urgency=low
      
        * new upstream release
      
      sudo (1.8.8~rc1-1) experimental; urgency=low
      
        * upstream release candidate with several of our patches folded in
        * set filestamps to epoch instead of an arbitrary old date in the init
          fragment, closes: #722335
      
      sudo (1.8.8~b3-1) experimental; urgency=low
      
        * pre-release of new upstream version, put in experimental
      
      sudo (1.8.7-4) unstable; urgency=low
      
        * looks like we actually need both --with-sssd and --with-sssd-lib,
          closes: #719987, #724763
      
      sudo (1.8.7-3) unstable; urgency=low
      
        * use --with-sssd-lib to help sudo find libsss-sudo in multiarch path,
          closes: #719987
      
      sudo (1.8.7-2) unstable; urgency=low
      
        * let debhelper scripts manage the update-rc.d calls, closes: #719755
      
      sudo (1.8.7-1) unstable; urgency=low
      
        * new upstream version, closes: #715157, #655879
        * make sudo-ldap package's init.d script be called sudo-ldap
        * add sssd support to sudo, closes: #719574
        * recognize lenny, squeeze, and wheezy unmodified sudoers, closes: #660594
      
      sudo (1.8.5p2-1) unstable; urgency=low
      
        * new upstream version
        * patch to use flock on hurd, run autoconf in rules, closes: #655883
        * patch to avoid calling unlink with null pointer on hurd, closes: #655948
        * patch to actually use hardening build flags, closes: #655417
        * fix sudo-ldap.postinst syntax issue, closes: #669576
      
      sudo (1.8.3p2-1) unstable; urgency=high
      
        * new upstream version, closes: #657985 (CVE-2012-0809)
        * patch from Pino Toscano to only use selinux on Linux, closes: #655894
      
      sudo (1.8.3p1-3) unstable; urgency=low
      
        * patch from Moritz Muehlenhoff enables hardened build flags, closes: #655417
        * replacement postinst script from Mike Beattie using shell instead of Perl
        * include systemd service file from Michael Stapelberg, closes: #639633
        * add init.d status support, closes: #641782
        * make sudo-ldap package manage a sudoers entry in nsswitch.conf,
          closes: #610600, #639530
        * enable mail_badpass in the default sudoers file, closes: #641218
        * enable selinux support, closes: #655510
      
      sudo (1.8.3p1-2) unstable; urgency=low
      
        * if upgrading from squeeze, and the sudoers file is unmodified, avoid
          the packaging system prompting the user about a change they didn't make
          now that sudoers is a conffile, closes: #612532, #636049
        * add a recommendation for the use of visudo to the sudoers.d/README file,
          closes: #648104
      
      sudo (1.8.3p1-1) unstable; urgency=low
      
        * new upstream version, closes: #646478
      
      sudo (1.8.3-1) unstable; urgency=low
      
        * new upstream version, closes: #639391, #639568
      
      sudo (1.8.2-2) unstable; urgency=low
      
        [ Luca Capello ]
        * debian/rules improvements, closes: #642535
          + mv upstream sample.* files to the examples folder.
          - do not call dh_installexamples.
      
        [ Bdale Garbee ]
        * patch from upstream for SIGBUS on sparc64, closes: #640304
        * use common-session-noninteractive in the pam config to reduce log noise
          when sudo is used in cron, etc, closes: #519700
        * patch from Steven McDonald to fix segfault on startup under certain
          conditions, closes: #639568
        * add a NEWS entry regarding the secure_path change made in 1.8.2-1,
          closes: #639336
      
      sudo (1.8.2-1) unstable; urgency=low
      
        * new upstream version, closes: #637449, #621830
        * include common-session in pam config, closes: #519700, #607199
        * move secure_path from configure to default sudoers, closes: #85123, 85917
        * improve sudoers self-documentation, closes: #613639
        * drop --disable-setresuid since modern systems should not run 2.2 kernels
        * lose the --with-devel configure option since it's breaking builds in
          subdirectories for some reason
      
      sudo (1.7.4p6-1) unstable; urgency=low
      
        * new upstream version
        * touch the right stamp name after configuring, closes: #611287
        * patch from Svante Signell to fix build problem on Hurd, closes: #611290
      
      sudo (1.7.4p4-6) unstable; urgency=low
      
        * update /etc/sudoers.d/README now that sudoers is a conffile
        * patch from upstream to fix special case in password checking code
          when only the gid is changing, closes: #609641
      
      sudo (1.7.4p4-5) unstable; urgency=low
      
        * patch from Jakub Wilk to add noopt and nostrip build option support,
          closes: #605580
        * make sudoers a conffile, closes: #605130
        * add descriptions to LSB init headers, closes: #604619
        * change default sudoers %sudo entry to allow gid changes, closes: #602699
        * add Vcs entries to the control file
        * use debhelper install files instead of explicit installs in rules
      
      sudo (1.7.4p4-4) unstable; urgency=low
      
        * patch from upstream to resolve problem always prompting for a password
          when run without a tty, closes: #599376
        * patch from upstream to resolve interoperability problem between HOME in
          env_keep and the -H flag, closes: #596493
        * change path syntax to avoid tar error when /var/run/sudo exists but is
          empty, closes: #598877
      
      sudo (1.7.4p4-3) unstable; urgency=low
      
        * make postinst clause for handling /var/run -> /var/lib transition less
          fragile, closes: #585514
        * cope with upstream's Makefile trying to install ChangeLog in our doc
          directory, closes: #597389
        * fix README.Debian to reflect that HOME is no longer preserved by default,
          closes: #596847
      
      sudo (1.7.4p4-2) unstable; urgency=low
      
        * add a NEWS item about change in $HOME handling that impacts programs
          like pbuilder
      
      sudo (1.7.4p4-1) unstable; urgency=high
      
        * new upstream version, urgency high due to fix for flaw in Runas group
          matching (CVE-2010-2956), closes: #595935
        * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
          re-lecturing existing users, and to clean up after ourselves on upgrade,
          and remove the RAMRUN section from README.Debian since the new state dir
          should fix the original problem, closes: #585514
        * deliver README.Debian to both package flavors, closes: #593579
      
      sudo (1.7.2p7-1) unstable; urgency=high
      
        * new upstream release with security fix for secure path (CVE-2010-1646),
          closes: #585394
        * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
          about whether to give the lecture is preserved across reboots even when
          RAMRUN is set, closes: #581393
        * add a note to README.Debian about LDAP needing an entry in
          /etc/nsswitch.conf, closes: #522065
        * add a note to README.Debian about how to turn off lectures if using
          RAMRUN in /etc/default/rcS, closes: #581393
      
      sudo (1.7.2p6-1) unstable; urgency=low
      
        * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
      
      sudo (1.7.2p5-1) unstable; urgency=low
      
        * new upstream release, closes a bug filed upstream regarding missing man
          page processing scripts in the 1.7.2p1 tarball, also includes the fix
          for CVE-2010-0426 previously the subject of a security team nmu
        * move to source format 3.0 (quilt) and restructure changes as patches
        * fix unprocessed substitution variables in man pages, closes: #557204
        * apply patch from Neil Moore to fix Debian-specific content in the
          visudo man page, closes: #555013
        * update descriptions to better explain sudo-ldap, closes: #573108
        * eliminate spurious 'and' in man page, closes: #571620
        * fix confusing text in default sudoers, closes: #566607
      
      sudo (1.7.2p1-1) unstable; urgency=low
      
        * new upstream version
        * add support for /etc/sudoers.d using #includedir in default sudoers,
          which I think is also a good solution to the request for a crontab-like
          API requested in March of 2001, closes: #539994, #271813, #89743
        * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
      
      sudo (1.7.2-2) unstable; urgency=low
      
        * further improve initial sudoers to not include the NOPASSWD option on
          the group sudo exception, closes: #539136, #198991
      
      sudo (1.7.2-1) unstable; urgency=low
      
        * new upstream version, closes: #537103
        * improve initial sudoers by having the exemption for users in group
          sudo on by default, and including the ability to run any command as
          any user.  This makes the default install roughly equivalent to our
          old use of the --with-exempt=sudo build option, closes: #536220, #536222
      
      sudo (1.7.0-1) unstable; urgency=low
      
        * new upstream version, closes: #510179, #128268, #520274, #508514
        * fix ldap config file path for sudo-ldap package, including creating
          a symlink in postinst and cleaning it up in postrm for the sudo-ldap
          package, closes: #430826
        * fix NOPASSWD entry location in default config file for the sudo-ldap
          instance too, closes: #479616
      
      sudo (1.6.9p17-2) unstable; urgency=high
      
        * patch from upstream to fix privilege escalation with certain
          configurations, CVE-2009-0034
        * typo in sudoers man page, closes: #507163
      
      sudo (1.6.9p17-1) unstable; urgency=low
      
        * new upstream version, closes: #481008
        * deliver schemas to doc directory in sudo-ldap package, closes: #474331
        * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
          in move from CVS to git for package management, closes: #475821
        * re-instate the init.d for the sudo-ldap package too... /o\
      
      sudo (1.6.9p15-2) unstable; urgency=low
      
        * revert the fix for 388659 such that visudo once again defaults to using
          /usr/bin/editor.  I was always ambivalent about this change, it has caused
          more confusion and frustration than it cured, and I find Justin's line of
          reasoning persuasive.  Update the man page source to reflect this choice
          and the related use of --with-env-editor.  Closes: #474197.
        * patch from Petter Reinholdtsen to improve init.d, closes: #475821
      
      sudo (1.6.9p15-1) unstable; urgency=low
      
        * new upstream version, closes: #467126, #473337
        * remove pointless postrm scripts, leaving debhelper do its thing if needed,
          thanks to Justin Pryzby for pointing this out
        * reinstate the init.d, since bootclean doesn't quite do what we want.  This
          also means we don't need the preinst scripts any more.  Update the lintian
          overrides since postinst is a Perl script lintian apparently isn't parsing
          well.  closes: #330868
      
      sudo (1.6.9p12-1) unstable; urgency=low
      
        * new upstream version, closes: #464890
      
      sudo (1.6.9p11-3) unstable; urgency=low
      
        * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
      
      sudo (1.6.9p11-2) unstable; urgency=low
      
        * update version compared in preinst when removing obsolete init.d,
          closes: #459681
        * implement pam session config suggestions from Elizabeth Fong,
          closes: #452457, #402329
      
      sudo (1.6.9p11-1) unstable; urgency=low
      
        * new upstream version
      
      sudo (1.6.9p10-1) unstable; urgency=low
      
        * new upstream version
        * tweak default password prompt as %u doesn't make sense.  Accept patch from
          Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
          uses it by default, closes: #454409
        * accept patch from Martin Pitt that adds a prerm making it difficult to
          "accidentally" remove sudo when there is no root password set on the
          system, closes: #451241
      
      sudo (1.6.9p9-1) unstable; urgency=low
      
        * new upstream version
        * debian/rules: configure a more informative default password prompt to
          reduce confusion when using sudo to invoke commands which also ask for
          passwords, closes: #343268
        * auth/pam.c: don't use the PAM prompt if the user explicitly requested
          a custom prompt, closes: #448628.
        * fix configure's ability to discover that libc has dirfd, closes: #451324
        * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
          the command 'visudo' invokes a vi variant by default as documented,
          closes: #388659
      
      sudo (1.6.9p6-1) unstable; urgency=low
      
        * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
          closes: #434832, #434608, #430382
        * eliminate the now-redundant init.d scripts, closes: #397090
        * fix typo in TROUBLESHOOTING file, closes: #439624
      
      sudo (1.6.8p12-6) unstable; urgency=low
      
        * fix typos in visudo.pod relating to env_editor variable, closes: #418886
        * have init.d touch directories in /var/run/sudo, not just files, as a
          followup to #330868.
        * fix various typos in sudoers.pod, closes: #419749
        * don't let Makefile strip binaries, closes: #438073
      
      sudo (1.6.8p12-5) unstable; urgency=low
      
        * update debian/copyright to reflect new upstream URL, closes: #368746
        * add sandwich cartoon URL to the README.Debian
        * don't remove sudoers on purge.  can cause problems when moving between
          sudo and sudo-ldap.  leaving sudoers around on purge seems like the least
          evil choice for now, closes: #401366
        * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
          closes: #374509
        * accept patch that improves debian/rules from Ted Percival, closes: #382122
        * no longer build with --with-exempt=sudo, provide an example entry in the
          default sudoers file instead, closes: #296605
        * add --with-devel to configure and augment build dependencies so that flex
          and yacc files get re-generated on every build, closes: #316249
      
      sudo (1.6.8p12-4) unstable; urgency=low
      
        * patch from Petter Reinholdtsen for the LSB info block in the init.d
          script, closes: #361055
        * deliver sudoers sample again, closes: #361593
      
      sudo (1.6.8p12-3) unstable; urgency=low
      
        * force-feed configure knowledge of nroff's path so we get unformatted man
          pages installed without build-depending on groff-base, closes: #360894
        * add a reference to OPTIONS in the man page, closes: #186226
      
      sudo (1.6.8p12-2) unstable; urgency=low
      
        * fix typos in init scripts, closes: #346325
        * update to debhelper compat level 5
        * build depend on autotools-dev to ensure config.sub/guess are fresh
        * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
          use it here as well.  Thanks to Martin and the debian-security team.
          closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
          closes: #315115, #315718, #203874
          * Non-maintainer upload by the Security Team
          * Reworked the former patch to limit environment variables from being
            passed through, set env_reset as default instead [sudo.c, env.c,
            sudoers.pod, Bug#342948, CVE-2005-4158]
          * env_reset is now set by default
          * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
            DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
            (in addition to the SUDO_* variables)
          * Rebuild sudoers.man.in from the POD file
          * Added README.Debian
        * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
        * simplify rules file by using more of Makefile, despite having to override
          default directories with more arguments to configure, closes: #292833
        * update sudo man page to reflect use of SECURE_PATH, closes: #228551
        * inconsistencies in sudoers man page resolved, closes: #220808, #161012
        * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
          unresolveable (requires adding bison as build dep), closes: #314949
      
      sudo (1.6.8p12-1) unstable; urgency=low
      
        * new upstream version, closes: #342948 (CVE-2005-4158)
        * add env_reset to the sudoers file we create if none already exists,
          as a further precaution in response to discussion about CVS-2005-4158
        * split ldap support into a new sudo-ldap package.  I was trying to avoid
          doing this, but the impact of going from 4 to 17 linked shlibs on the
          autobuilder chroots is sufficient motivation for me.
          closes: #344034
      
      sudo (1.6.8p9-4) unstable; urgency=low
      
        * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
        * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
          timestamps in the init.d script, closes: #330868
        * add dependency header to init.d script, closes: #332849
      
      sudo (1.6.8p9-3) unstable; urgency=high
      
        * update debhelper compatibility level from 2 to 4
        * add man page symlink for sudoedit
        * Clean SHELLOPTS and PS4 from the environment before executing programs
          with sudo permissions [env.c, CAN-2005-2959]
        * fix typo in manpage pointed out by Moray Allen, closes: #285995
        * fix paths in sample complex sudoers file, closes: #303542
        * fix type in sudoers man page, closes: #311244
      
      sudo (1.6.8p9-2) unstable; urgency=high
      
        * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
          closes: #305735
      
      sudo (1.6.8p9-1) unstable; urgency=high
      
        * new upstream version, fixes a race condition in sudo's pathname
          validation, which is a security issue (CAN-2005-1993),
          closes: #315115, #315718
      
      sudo (1.6.8p7-1) unstable; urgency=low
      
        * new upstream version, closes: #299585
        * update lintian overrides to squelch the postinst warning
        * change sudoedit from a hard to a soft link, closes: #296896
        * fix regex doc in sudoers man page, closes: #300361
      
      sudo (1.6.8p5-1) unstable; urgency=high
      
        * new upstream version
        * restores ability to use config tuples without a value, which was causing
          problems on upgrade closes: #283306
        * deliver sudoedit, closes: #283078
        * marking urgency high since 283306 is a serious upgrade incompatibility
      
      sudo (1.6.8p3-2) unstable; urgency=high
      
        * update pam.d deliverable so ldap works again, closes: #282191
      
      sudo (1.6.8p3-1) unstable; urgency=high
      
        * new upstream version, fixes a flaw in sudo's environment sanitizing that
          could allow a malicious user with permission to run a shell script that
          utilized the bash shell to run arbitrary commands, closes: #281665
        * patch the sample sudoers to have the proper path for kill on Debian
          systems, closes: #263486
        * patch the sudo manpage to reflect Debian's choice of exempt_group
          default setting, closes: #236465
        * patch the sudo manpage to reflect Debian's choice of no timeout on the
          password prompt, closes: #271194
      
      sudo (1.6.7p5-2) unstable; urgency=low
      
        * Jeff Bailey reports that seteuid works on current sparc systems, so we
          no longer need the "grosshack" stuff in the sudo rules file
        * add a postrm that removes /etc/sudoers on purge.  don't do this with the
          normal conffile mechanism since it would generate noise on every upgrade,
          closes: #245405
      
      sudo (1.6.7p5-1) unstable; urgency=low
      
        * new upstream version, closes: #190265, #193222, #197244
        * change from '.' to ':' in postinst chown call, closes: #208369
      
      sudo (1.6.7p3-2) unstable; urgency=low
      
        * add --disable-setresuid to configure call since 2.2 kernels don't support
          setresgid, closes: #189044
        * cosmetic cleanups to debian/rules as long as I'm there
      
      sudo (1.6.7p3-1) unstable; urgency=low
      
        * new upstream version
        * add overrides to quiet lintian about things it doesn't understand,
          except the source one that can't be overridden until 129510 is fixed
      
      sudo (1.6.6-3) unstable; urgency=low
      
        * add code to rules file to update config.sub/guess, closes: #164501
      
      sudo (1.6.6-2) unstable; urgency=low
      
        * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
          configure, and lose the build dependency on mail-transport-agent
        * incorporate changes from LaMont's NMU, closes: #144665, #144737
        * update init.d to not try and set time on nonexistent timestamp files,
          closes: #132616
        * build with --with-all-insults, admin must edit sudoers to turn insults
          on at runtime if desired, closes: #135374
        * stop setting /usr/doc symlink in postinst
      
      sudo (1.6.6-1.1) unstable; urgency=high
      
        * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
        * Revert patch to auth/pam.c that left pass uninitialized, causing a
          segfault (Closes: #144665).
      
      sudo (1.6.6-1) unstable; urgency=high
      
        * new upstream version, fixes security problem with crafty prompts,
          closes: #144540
      
      sudo (1.6.5p1-4) unstable; urgency=high
      
        * apply patch for auth/pam.c to fix yet another way to make sudo segfault
          if ctrl/C'ed at password prompt, closes: #131235
      
      sudo (1.6.5p1-3) unstable; urgency=high
      
        * ugly hack to add --disable-saved-ids when building on sparc in response
          to 131592, which will be reassigned to glibc for a real fix
        * urgency high since the sudo currently in testing for sparc is worthless
      
      sudo (1.6.5p1-2) unstable; urgency=high
      
        * patch from upstream to fix seg faults caused by versions of pam that
          follow a NULL pointer, closes: #129512
      
      sudo (1.6.5p1-1) unstable; urgency=high
      
        * new upstream version
        * add --disable-root-mailer option supported by new version to configure
          call in rules file, closes: #129648
      
      sudo (1.6.4p1-1) unstable; urgency=high
      
        * new upstream version, with fix for segfaulting problem in 1.6.4
      
      sudo (1.6.4-1) unstable; urgency=high
      
        * new upstream version, includes an important security fix, closes: #127576
      
      sudo (1.6.3p7-5) unstable; urgency=low
      
        * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
        * fix spelling error in init.d, closes: #126847
      
      sudo (1.6.3p7-4) unstable; urgency=medium
      
        * use touch to set status files to an ancient date instead of removing them
          outright on reboot.  this achieves the desired effect of keeping elevated
          privs from living across reboots, without forcing everyone to see the
          new-sudo-user lecture after every reboot.  pick a time that's 'old enough'
          for systems with good clocks, and 'recent enough' that broken PC hardware
          setting the clock to commonly-seen bogus dates trips over the "don't trust
          future timestamps" rule.  closes: #76529, #123559
        * apply patch from Steve Langasek to fix seg faults due to interaction with
          PAM code.  upstream confirms the problem, and says they're fixing this
          differently for their next release... but this should be useful in the
          meantime, and would be good to get into woody.  closes: #119147
        * only run the init.d at boot, not on each runlevel change... and don't run
          it during package configure.  closes: #125935
        * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
      
      sudo (1.6.3p7-3) unstable; urgency=low
      
        * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
          resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
        * fix a typo in the manpage, closes: #97368
        * apply patch to configure.in and run autoconf to fix problem building on
          the hurd, closes: #96325
        * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
          to not last across reboots, closes: #76529
        * clean up lintian-noticed cosmetic packaging issues
      
      sudo (1.6.3p7-2) unstable; urgency=low
      
        * update config.sub/guess for hppa support
      
      sudo (1.6.3p7-1) unstable; urgency=low
      
        * new upstream version
        * add build dependency on mail-transport-agent, closes: #90685
      
      sudo (1.6.3p6-1) unstable; urgency=high
      
        * new upstream version, fixes buffer overflow problem,
          closes: #87259, #87278, #87263
        * revert to using --with-secure-path option at build time, since the option
          available in sudoers is parsed too late to be useful, and upstream says
          it won't get fixed quickly.  This reopens 85123, which I will mark as
          forwarded.  Closes: #86199, #86117, #85676
      
      sudo (1.6.3p5-2) unstable; urgency=low
      
        * lose the dh_suidregister call since it's obsolete
        * stop using the --with-secure-path option at build time, and instead show
          how to set it in sudoers.  Closes: #85123
        * freshen config.sub and config.guess for ia64 and hppa
        * update sudoers man page to indicate exempt_group is on by default,
          closes: #70847
      
      sudo (1.6.3p5-1) unstable; urgency=low
      
        * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
        * this version restores core dumps before the exec, while leaving them
          disabled during sudo's internal execution, closes: #58289
        * update debhelper calls in rules file
      
      sudo (1.6.2p2-1) frozen unstable; urgency=medium
      
        * new upstream source resulting from direct collaboration with the upstream
          author to fix ugly pam-related problems on Debian in 1.6.1 and later.
          Closes: #56129, #55978, #55979, #56550, #56772
        * include more upstream documentation, closes: #55054
        * pam.d fragment update, closes: #56129
      
      sudo (1.6.1-1) unstable; urgency=low
      
        * new upstream source, closes: #52750
      
      sudo (1.6-2) unstable; urgency=low
      
        * drop suidregister support for this package.  The sudo executable is
          essentially worthless unless it is setuid root, and making suidregister
          work involves shipping a non-setuid executable in the .deb and setting the
          perms in the postinst.  On a long upgrade run, this can leave the sudo
          executable 'broken' for a long time, which is unacceptable.  With this
          version, we ship the executable setuid root in the .deb.  Closes: #51742
      
      sudo (1.6-1) unstable; urgency=low
      
        * new upstream version, many options previously set at compile-time are now
          configurable at runtime.
          Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
        * FHS support
      
      sudo (1.5.9p4-1) unstable; urgency=low
      
        * new upstream version, closes: #43464
        * empty password handling was fixed in 1.5.8, closes: #31863
      
      sudo (1.5.9p1-1) unstable; urgency=low
      
        * new upstream version
      
      sudo (1.5.8p1-1) unstable; urgency=medium
      
        * new upstream version, closes 33690
        * add dependency on libpam-modules, closes 34215, 33432
      
      sudo (1.5.7p4-2) unstable; urgency=medium
      
        * update the pam fragment provided so that sudo works with latest pam bits,
          closes 33432
      
      sudo (1.5.7p4-1) unstable; urgency=low
      
        * new upstream release
      
      sudo (1.5.6p5-1) unstable; urgency=low
      
        * new upstream patch release
        * add PAM support, closes 28594
      
      sudo (1.5.6p2-2) unstable; urgency=low
      
        * update copyright file, closes 24136
        * review and close forwarded bugs believed fixed in this upstream version,
          closes 17606, 15786.
      
      sudo (1.5.6p2-1) unstable; urgency=low
      
        * new upstream release
      
      sudo (1.5.4-4) frozen unstable; urgency=low
      
        * update postinst to use groupadd, closes 21403
        * move the suidregister stuff earlier in postinst to ensure it always runs
      
      sudo (1.5.4-3) frozen unstable; urgency=low
      
        * change /etc/sudoers from a conffile to being handled in postinst,
          closes 18219
        * add suidmanager support, closes 15711
        * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
          unlikely to ever fix, and which just don't matter.  closes 17146
        * fix FSF address in copyright file, and submit exception for lintian
          warning about sudo being setuid root
      
      sudo (1.5.4-2) unstable; urgency=high
      
        * patch from upstream author correcting/improving security fix
      
      sudo (1.5.4-1) unstable; urgency=high
      
        * new upstream version, includes a security fix
        * change default editor from /bin/ae to /usr/bin/editor
      
      sudo (1.5.3-1) unstable; urgency=medium
      
        * new upstream version, closes bug 15911.
        * rules file reworked to use debhelper
        * implement a really gross hack to force use of the sudo-provided
          lsearch(), since the one in libc6 is broken!  This closes bugs
          12552, 12557, 14881, 15259, 15916.
      
      sudo (1.5.2-6) unstable; urgency=LOW
      
        * don't install INSTALL in the doc directory, closes bug 13195.
      
      sudo (1.5.2-5) unstable; urgency=LOW
      
        * libc6
      
      sudo (1.5.2-4) unstable; urgency=LOW
      
        * change TIMEOUT (how long before you have to type your password again)
          to 15 mins, disable PASSWORD_TIMEOUT.  This makes building large Debian
          packages on slower machines much more tolerable.  Closes bug 9076.
        * touch debian/suid before debstd.  Closes bug 8709.
      
      sudo (1.5.2-3) frozen unstable; urgency=LOW
      
        * patch from upstream maintainer to close Bug 6828
        * add a debian/suid file to get debstd to leave my perl postinst alone
      
      sudo (1.5.2-2) frozen unstable; urgency=LOW
      
        * change rules to use -O2 -Wall as per standards
      
      sudo (1.5.2-1) unstable; urgency=LOW
      
        * new upstream version
        * cosmetic changes to debian package control files
      
      sudo (1.5-2) unstable; urgency=LOW
      
        * add /usr/X11R6/bin to the end of the secure path... this makes it
          much easier to run xmkmf, etc., during package builds.  To the extent
          that /usr/local/sbin and /usr/local/bin were already included, I see
          no security reasons not to add this.
      
      sudo (1.5-1) unstable; urgency=LOW
      
        * New upstream version
        * New maintainer
        * New packaging format
      70aac007