Change log for sudo package in Debian
| 76 → 132 of 132 results | First • Previous • Next • Last |
sudo (1.8.15-1.1) unstable; urgency=medium
* Non-maintainer upload
* Disable editing of files via user-controllable symlinks
(Closes: #804149) (CVE-2015-5602)
- Fix directory writability checks for sudoedit
- Enable sudoedit directory writability checks by default
-- Ben Hutchings <email address hidden> Mon, 04 Jan 2016 23:36:50 +0000
sudo (1.8.15-1) unstable; urgency=low * new upstream version, closes: #804149 * use --with-exampledir to deliver example files more cleanly -- Bdale Garbee <email address hidden> Wed, 23 Dec 2015 11:15:22 -0700
| Superseded in wheezy-release |
sudo (1.8.5p2-1+nmu3) wheezy; urgency=medium
* Non-maintainer upload with maintainer approval.
* Backport from 1.8.7-1: "recognize lenny and squeeze unmodified sudoers" to
avoid dpkg questions about modified conffiles on upgrades to wheezy.
(Closes: #660594)
* *.preinst: Recognize the unmodified /etc/sudoers from sudo-ldap/lenny.
-- Andreas Beckmann <email address hidden> Thu, 30 Apr 2015 21:22:34 +0200
| Superseded in jessie-release |
sudo (1.8.10p3-1+deb8u2) testing-proposed-updates; urgency=medium
* Non-maintainer upload.
[ Salvatore Bonaccorso ]
* Add CVE-2014-9680-1.patch patch.
CVE-2014-9680: unsafe handling of TZ environment variable. (Closes: #772707)
* Add CVE-2014-9680-2.patch patch.
Documents that a leading ':' is skipped when checking TZ for a
fully-qualified path name.
[ Christian Kastner ]
* In the *.preinst scripts, make sure that dpkg --compare-versions actually
has two versions to compare. Closes: #776137
* Also in the *.preinst scripts, make sure that /etc/sudoers exists before
attempting to chown/chmod it
* Include patch from Jakub Wilk to fix 'ignoring time stamp from the
future' messages. Closes: #764817
-- Christian Kastner <email address hidden> Sun, 01 Mar 2015 18:56:17 +0100
sudo (1.8.12-1) unstable; urgency=low
* new upstream version, closes: #772707, #773383
* patch from Christian Kastner to fix sudoers handling error when moving
between sudo and sudo-ldap packages, closes: #776137
-- Bdale Garbee <email address hidden> Mon, 23 Feb 2015 08:56:06 -0700
| Superseded in jessie-release |
sudo (1.8.10p3-1+deb8u1) testing-proposed-updates; urgency=medium
* Non-maintainer upload.
* Backport upstream's fix for host specifications using a FQDN. These were
no longer working since 1.8.8. Closes: #731583
-- Christian Kastner <email address hidden> Sat, 17 Jan 2015 15:39:31 +0100
| Superseded in sid-release |
sudo (1.8.11p2-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Backports upstream's fix for host specifications using a FQDN. These were
no longer working since 1.8.8. Closes: #731583
-- Christian Kastner <email address hidden> Fri, 05 Dec 2014 15:23:51 +0100
| Superseded in sid-release |
sudo (1.8.11p2-1) unstable; urgency=low * new upstream version -- Bdale Garbee <email address hidden> Thu, 30 Oct 2014 11:14:06 -0700
| Superseded in sid-release |
sudo (1.8.11p1-2) unstable; urgency=low
* patch from Jakub Wilk to fix 'ignoring time stamp from the future'
messages, closes: #762465
* upstream patch forwarded by Laurent Bigonville that fixes problem with
Linux kernel auditing code, closes: #764817
-- Bdale Garbee <email address hidden> Mon, 20 Oct 2014 11:06:44 -0600
| Superseded in sid-release |
sudo (1.8.11p1-1) unstable; urgency=low * new upstream version, closes: #764286 * fix typo in German translation, closes: #761601 -- Bdale Garbee <email address hidden> Fri, 10 Oct 2014 10:16:08 -0600
sudo (1.8.10p3-1) unstable; urgency=low
* new upstream release
* add hardening=+all to match login and su
* updated VCS URLs and crypto verified watch file, closes: #747473
* harmonize configure options for LDAP version to match non-LDAP version,
in particular stop using --with-secure-path and add configure_args
* enable audit support on Linux systems, closes: #745779
* follow upstream change from --with-timedir to --with-rundir
-- Bdale Garbee <email address hidden> Sun, 14 Sep 2014 10:20:15 -0600
sudo (1.8.9p5-1) unstable; urgency=low * new upstream release, closes: #735328 -- Bdale Garbee <email address hidden> Tue, 04 Feb 2014 11:46:19 -0700
sudo (1.8.9p4-1) unstable; urgency=low * new upstream release, closes: #732008 -- Bdale Garbee <email address hidden> Wed, 15 Jan 2014 14:55:25 -0700
sudo (1.8.9p3-1) unstable; urgency=low * new upstream release -- Bdale Garbee <email address hidden> Mon, 13 Jan 2014 14:49:42 -0700
| Deleted in experimental-release (Reason: None provided.) |
sudo (1.8.9~rc1-1) experimental; urgency=low * upstream release candidate -- Bdale Garbee <email address hidden> Sun, 29 Dec 2013 21:36:12 -0700
| Superseded in experimental-release |
sudo (1.8.9~b2-1) experimental; urgency=low
* upstream beta release
* update Debian standards version
* squelch lintian complaint about missing sudo-ldap systemd service, since
the service file is always called 'sudo.service'
-- Bdale Garbee <email address hidden> Wed, 25 Dec 2013 14:48:23 -0700
| Superseded in experimental-release |
sudo (1.8.9~b1-1) experimental; urgency=low * upstream beta release -- Bdale Garbee <email address hidden> Wed, 27 Nov 2013 09:37:00 -0700
| Published in squeeze-release |
sudo (1.7.4p4-2.squeeze.4) stable-security; urgency=high
* Fix cve-2013-1775: authentication bypass when the clock is set to the UNIX
epoch [00:00:00 UTC on 1 January 1970] (closes: #701838).
* Fix cve-2013-1776: session id hijacking from another authorized tty
(closes: #701839).
-- Michael Gilbert <email address hidden> Wed, 06 Mar 2013 18:41:15 +0000
sudo (1.8.8-2) unstable; urgency=low * fix touch errors on boot, closes: #725193 -- Bdale Garbee <email address hidden> Tue, 08 Oct 2013 20:11:38 -0600
sudo (1.8.8-1) unstable; urgency=low * new upstream release -- Bdale Garbee <email address hidden> Mon, 30 Sep 2013 23:08:49 -0600
sudo (1.8.7-4) unstable; urgency=low
* looks like we actually need both --with-sssd and --with-sssd-lib,
closes: #719987, #724763
-- Bdale Garbee <email address hidden> Fri, 27 Sep 2013 11:48:55 -0600
| Deleted in experimental-release (Reason: None provided.) |
sudo (1.8.8~rc1-1) experimental; urgency=low
* upstream release candidate with several of our patches folded in
* set filestamps to epoch instead of an arbitrary old date in the init
fragment, closes: #722335
-- Bdale Garbee <email address hidden> Thu, 12 Sep 2013 10:16:58 -0700
| Superseded in experimental-release |
sudo (1.8.8~b3-1) experimental; urgency=low * pre-release of new upstream version, put in experimental -- Bdale Garbee <email address hidden> Wed, 04 Sep 2013 07:53:08 -0600
sudo (1.8.7-3) unstable; urgency=low
* use --with-sssd-lib to help sudo find libsss-sudo in multiarch path,
closes: #719987
-- Bdale Garbee <email address hidden> Sat, 17 Aug 2013 15:38:53 +0200
sudo (1.8.7-2) unstable; urgency=low * let debhelper scripts manage the update-rc.d calls, closes: #719755 -- Bdale Garbee <email address hidden> Fri, 16 Aug 2013 01:48:23 +0200
sudo (1.8.7-1) unstable; urgency=low * new upstream version, closes: #715157, #655879 * make sudo-ldap package's init.d script be called sudo-ldap * add sssd support to sudo, closes: #719574 * recognize lenny, squeeze, and wheezy unmodified sudoers, closes: #660594 -- Bdale Garbee <email address hidden> Wed, 14 Aug 2013 00:01:14 +0200
sudo (1.8.5p2-1+nmu1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix cve-2013-1775: authentication bypass when the clock is set to the UNIX
epoch [00:00:00 UTC on 1 January 1970] (closes: #701838).
* Fix cve-2013-1776: session id hijacking from another authorized tty
(closes: #701839).
-- Michael Gilbert <email address hidden> Fri, 01 Mar 2013 03:26:37 +0000
| Superseded in squeeze-release |
sudo (1.7.4p4-2.squeeze.3) stable-security; urgency=high * CVE-2012-2337 -- Moritz Muehlenhoff <email address hidden> Wed, 23 May 2012 17:01:27 +0000
sudo (1.8.5p2-1) unstable; urgency=low * new upstream version * patch to use flock on hurd, run autoconf in rules, closes: #655883 * patch to avoid calling unlink with null pointer on hurd, closes: #655948 * patch to actually use hardening build flags, closes: #655417 * fix sudo-ldap.postinst syntax issue, closes: #669576 -- Bdale Garbee <email address hidden> Thu, 28 Jun 2012 12:01:37 -0600
sudo (1.8.3p2-1.1) unstable; urgency=high
* Non-maintainer upload.
* SECURITY UPDATE: Properly handle netmasks in sudoers Host and Host_List
values (LP: #1000276, Closes: #673766, CVE-2012-2337)
- debian/patches/CVE-2012-2337.patch: Don't perform IPv6 checks on IPv4
addresses. Based on upstream patch.
-- Dmitrijs Ledkovs <email address hidden> Tue, 22 May 2012 12:23:00 +0100
sudo (1.8.3p2-1) unstable; urgency=high * new upstream version, closes: #657985 (CVE-2012-0809) * patch from Pino Toscano to only use selinux on Linux, closes: #655894 -- Bdale Garbee <email address hidden> Mon, 30 Jan 2012 16:11:54 -0700
sudo (1.8.3p1-3) unstable; urgency=low
* patch from Moritz Muehlenhoff enables hardened build flags, closes: #655417
* replacement postinst script from Mike Beattie using shell instead of Perl
* include systemd service file from Michael Stapelberg, closes: #639633
* add init.d status support, closes: #641782
* make sudo-ldap package manage a sudoers entry in nsswitch.conf,
closes: #610600, #639530
* enable mail_badpass in the default sudoers file, closes: #641218
* enable selinux support, closes: #655510
-- Bdale Garbee <email address hidden> Wed, 11 Jan 2012 16:18:13 -0700
sudo (1.8.3p1-2) unstable; urgency=low
* if upgrading from squeeze, and the sudoers file is unmodified, avoid
the packaging system prompting the user about a change they didn't make
now that sudoers is a conffile, closes: #612532, #636049
* add a recommendation for the use of visudo to the sudoers.d/README file,
closes: #648104
-- Bdale Garbee <email address hidden> Sat, 12 Nov 2011 16:27:13 -0700
sudo (1.8.3p1-1) unstable; urgency=low * new upstream version, closes: #646478 -- Bdale Garbee <email address hidden> Thu, 27 Oct 2011 01:03:44 +0200
sudo (1.8.3-1) unstable; urgency=low * new upstream version, closes: #639391, #639568 -- Bdale Garbee <email address hidden> Sat, 22 Oct 2011 23:49:16 -0600
sudo (1.8.2-2) unstable; urgency=low
[ Luca Capello ]
* debian/rules improvements, closes: #642535
+ mv upstream sample.* files to the examples folder.
- do not call dh_installexamples.
[ Bdale Garbee ]
* patch from upstream for SIGBUS on sparc64, closes: #640304
* use common-session-noninteractive in the pam config to reduce log noise
when sudo is used in cron, etc, closes: #519700
* patch from Steven McDonald to fix segfault on startup under certain
conditions, closes: #639568
* add a NEWS entry regarding the secure_path change made in 1.8.2-1,
closes: #639336
-- Bdale Garbee <email address hidden> Mon, 26 Sep 2011 21:55:56 -0600
sudo (1.8.2-1) unstable; urgency=low
* new upstream version, closes: #637449, #621830
* include common-session in pam config, closes: #519700, #607199
* move secure_path from configure to default sudoers, closes: #85123, 85917
* improve sudoers self-documentation, closes: #613639
* drop --disable-setresuid since modern systems should not run 2.2 kernels
* lose the --with-devel configure option since it's breaking builds in
subdirectories for some reason
-- Bdale Garbee <email address hidden> Wed, 24 Aug 2011 13:33:11 -0600
| Superseded in squeeze-release |
sudo (1.7.4p4-2.squeeze.2) stable; urgency=low * patch from upstream to resolve interoperability problem between HOME in env_keep and the -H flag, originally closed #596493, applying this to to squeeze also closes: #614232 -- Bdale Garbee <email address hidden> Sun, 20 Feb 2011 09:35:07 -0700
sudo (1.7.4p6-1) unstable; urgency=low * new upstream version * touch the right stamp name after configuring, closes: #611287 * patch from Svante Signell to fix build problem on Hurd, closes: #611290 -- Bdale Garbee <email address hidden> Wed, 09 Feb 2011 11:32:58 -0700
| Superseded in squeeze-release |
sudo (1.7.4p4-2.squeeze.1) testing; urgency=low * patch from upstream to fix special case in password checking code when only the gid is changing, closes #609641 -- Bdale Garbee <email address hidden> Wed, 26 Jan 2011 09:08:12 +1000
sudo (1.7.4p4-6) unstable; urgency=low * update /etc/sudoers.d/README now that sudoers is a conffile * patch from upstream to fix special case in password checking code when only the gid is changing, closes: #609641 -- Bdale Garbee <email address hidden> Tue, 11 Jan 2011 10:22:39 -0700
sudo (1.7.4p4-5) unstable; urgency=low * patch from Jakub Wilk to add noopt and nostrip build option support, closes: #605580 * make sudoers a conffile, closes: #605130 * add descriptions to LSB init headers, closes: #604619 * change default sudoers %sudo entry to allow gid changes, closes: #602699 * add Vcs entries to the control file * use debhelper install files instead of explicit installs in rules -- Bdale Garbee <email address hidden> Wed, 01 Dec 2010 20:32:31 -0700
sudo (1.7.4p4-4) unstable; urgency=low
* patch from upstream to resolve problem always prompting for a password
when run without a tty, closes: #599376
* patch from upstream to resolve interoperability problem between HOME in
env_keep and the -H flag, closes: #596493
* change path syntax to avoid tar error when /var/run/sudo exists but is
empty, closes: #598877
-- Bdale Garbee <email address hidden> Thu, 07 Oct 2010 15:59:06 -0600
sudo (1.7.4p4-3) unstable; urgency=low
* make postinst clause for handling /var/run -> /var/lib transition less
fragile, closes: #585514
* cope with upstream's Makefile trying to install ChangeLog in our doc
directory, closes: #597389
* fix README.Debian to reflect that HOME is no longer preserved by default,
closes: #596847
-- Bdale Garbee <email address hidden> Tue, 21 Sep 2010 23:53:08 -0600
sudo (1.7.4p4-2) unstable; urgency=low
* add a NEWS item about change in $HOME handling that impacts programs
like pbuilder
-- Bdale Garbee <email address hidden> Wed, 08 Sep 2010 14:29:16 -0600
sudo (1.7.4p4-1) unstable; urgency=high
* new upstream version, urgency high due to fix for flaw in Runas group
matching (CVE-2010-2956), closes: #595935
* handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
re-lecturing existing users, and to clean up after ourselves on upgrade,
and remove the RAMRUN section from README.Debian since the new state dir
should fix the original problem, closes: #585514
* deliver README.Debian to both package flavors, closes: #593579
-- Bdale Garbee <email address hidden> Tue, 07 Sep 2010 12:22:42 -0600
| Published in lenny-release |
sudo (1.6.9p17-3) stable-security; urgency=high
* Patch from Moritz Muehlenhoff fixing CVE-2010-1646, in which secure path
could be circumvented, closes: #585394
-- Bdale Garbee <email address hidden> Thu, 10 Jun 2010 17:30:33 -0600
sudo (1.7.2p7-1) unstable; urgency=high
* new upstream release with security fix for secure path (CVE-2010-1646),
closes: #585394
* move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
about whether to give the lecture is preserved across reboots even when
RAMRUN is set, closes: #581393
* add a note to README.Debian about LDAP needing an entry in
/etc/nsswitch.conf, closes: #522065
* add a note to README.Debian about how to turn off lectures if using
RAMRUN in /etc/default/rcS, closes: #581393
-- Bdale Garbee <email address hidden> Thu, 10 Jun 2010 15:42:14 -0600
sudo (1.7.2p6-1) unstable; urgency=low * new upstream version fixing CVE-2010-1163, closes: #578275, #570737 -- Bdale Garbee <email address hidden> Mon, 19 Apr 2010 10:45:47 -0600
sudo (1.7.2p5-1) unstable; urgency=low
* new upstream release, closes a bug filed upstream regarding missing man
page processing scripts in the 1.7.2p1 tarball, also includes the fix
for CVE-2010-0426 previously the subject of a security team nmu
* move to source format 3.0 (quilt) and restructure changes as patches
* fix unprocessed substitution variables in man pages, closes: #557204
* apply patch from Neil Moore to fix Debian-specific content in the
visudo man page, closes: #555013
* update descriptions to better explain sudo-ldap, closes: #573108
* eliminate spurious 'and' in man page, closes: #571620
* fix confusing text in default sudoers, closes: #566607
-- Bdale Garbee <email address hidden> Thu, 11 Mar 2010 15:44:53 -0700
sudo (1.7.2p1-1.2) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fixed CVE-2010-0426: verify path for the 'sudoedit' pseudo-command
(Closes: #570737)
-- Giuseppe Iuculano <email address hidden> Tue, 02 Mar 2010 14:57:17 +0100
sudo (1.7.2p1-1) unstable; urgency=low
* new upstream version
* add support for /etc/sudoers.d using #includedir in default sudoers,
which I think is also a good solution to the request for a crontab-like
API requested in March of 2001, closes: #539994, #271813, #89743
* move init.d script from using rcS.d to rc[0-6].d, closes: #542924
-- Bdale Garbee <email address hidden> Mon, 31 Aug 2009 14:09:32 -0600
sudo (1.7.2-2) unstable; urgency=low
* further improve initial sudoers to not include the NOPASSWD option on
the group sudo exception, closes: #539136, #198991
-- Bdale Garbee <email address hidden> Wed, 29 Jul 2009 16:21:04 +0200
sudo (1.7.2-1) unstable; urgency=low
* new upstream version, closes: #537103
* improve initial sudoers by having the exemption for users in group
sudo on by default, and including the ability to run any command as
any user. This makes the default install roughly equivalent to our
old use of the --with-exempt=sudo build option, closes: #536220, #536222
-- Bdale Garbee <email address hidden> Wed, 15 Jul 2009 01:29:46 -0600
sudo (1.7.0-1) unstable; urgency=low
* new upstream version, closes: #510179, #128268, #520274, #508514
* fix ldap config file path for sudo-ldap package, including creating
a symlink in postinst and cleaning it up in postrm for the sudo-ldap
package, closes: #430826
* fix NOPASSWD entry location in default config file for the sudo-ldap
instance too, closes: #479616
-- Bdale Garbee <email address hidden> Sat, 28 Mar 2009 15:15:01 -0600
sudo (1.6.9p17-2) unstable; urgency=high * patch from upstream to fix privilege escalation with certain configurations * typo in sudoers man page, closes: #507163 -- Bdale Garbee <email address hidden> Tue, 27 Jan 2009 11:49:02 -0700
sudo (1.6.9p17-1) unstable; urgency=low
* new upstream version, closes: #481008
* deliver schemas to doc directory in sudo-ldap package, closes: #474331
* re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
in move from CVS to git for package management, closes: #475821
* re-instate the init.d for the sudo-ldap package too... /o\
-- Bdale Garbee <email address hidden> Sun, 06 Jul 2008 01:16:31 -0600
| 76 → 132 of 132 results | First • Previous • Next • Last |
