- Tue Mar 4 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p1-29
- added patch for CVE-2014-0106: certain environment variables not
sanitized when env_reset is disabled
Resolves: rhbz#1072210 - Thu Jun 6 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p1-28
- backported fixes for CVE-2013-1775 CVE-2013-1776 CVE-2013-2776 CVE-2013-2777
Resolves: rhbz#968221 - Thu May 23 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p1-27
- visudo: fixed incorrect warning and parse error regarding
undefined aliases which were in fact defined
Resolves: rhbz#849679
Resolves: rhbz#905624 - Tue May 21 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p1-26
- updated sudoers man-page to clarify the behavior of the user
negation operator and the behavior of wildcard matching in command
specifications
Resolves: rhbz#846118
Resolves: rhbz#856902 - Mon May 20 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p1-25
- fixed regression in escaping of sudo -i arguments
Resolves: rhbz#853203 - Wed Feb 27 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p1-24
- bump release number
- Wed Feb 27 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p1-23
- Fixed caching of user and group names
- Backported RFC 4515 escaping of LDAP queries
Resolves: rhbz#855836
Resolves: rhbz#869287 - Thu Sep 20 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p1-22
- Add the -c option to sed commands in post/postun scripts
Resolves: rhbz#818585 - Tue Sep 4 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p1-21
- Implement a new sudoers Defaults option to restore old command exec behavior
Resolves: rhbz#840971 - Thu Aug 30 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p1-20
- Add ability to treat files authoritatively in sudoers.ldap
Resolves: rhbz#840097 - Thu Aug 23 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p1-19
- Changed policycoreutils dependency to a context specific dependency
(post & postun)
Resolves: rhbz#846694 - Thu Aug 9 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p1-18
- don't use a temporary file when modifying nsswitch.conf
- fix permissions on nsswitch.conf, if needed
Resolves: rhbz#846631 - Wed Aug 1 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p1-17
- added a workaround for a race condition in handling child processes
Resolves: rhbz#829263 - Thu Jul 19 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p1-16
- use safe temporary files in post/postun scripts
- corrected postun script
Resolves: rhbz#841070 - Mon Jul 2 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p1-15
- corrected release number
- Fri May 4 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p1-14.2
- call restorecon after modifying nsswitch.conf in the postun scriplet
- added policycoreutils dependency
Resolves: rhbz#818585 - Thu May 3 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p1-14.1
- fixed `sudo -i' command escaping (#806073)
- fixed multiple sudoHost LDAP attr. handlng (#740884)
Resolves: rhbz#740884
Resolves: rhbz#806073 - Wed Apr 25 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p1-14
- patch: Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK
Resolves: rhbz#814508 - Tue Nov 29 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p1-13
- patch: parse ldap.conf more closely to nss_ldap
Resolves: rhbz#750318 - Mon Nov 28 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p1-12
- added patch for CVE-2011-0010
Resolves: rhbz#757157 - Thu Oct 27 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p1-11
- backported selinux support from 1.7.4p5 (#477185, #673157)
- fixed bug in Runas_Spec group matching (#627543)
- disable `sudo -l' output word wrapping if the output
is piped (#697111)
- fixed overwriting of errno after execve failure (#673157)
- fixed segmentation fault (#673072)
- add a sudoers entry to the nsswitch.conf file
on install (and delete it on uninstall) (#617061)
Resolves: rhbz#697111
Resolves: rhbz#673157
Resolves: rhbz#673072
Resolves: rhbz#627543
Resolves: rhbz#617061
Resolves: rhbz#477185 - Tue Sep 14 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p1-10
- fixed regression in the sudoers parser (#580438)
- merged .loopsegv3 and .includedir patches into .580438 patch
- generated new toke.c from toke.l using flex (needed by #580438)
- added !visiblepw with comment to sudoers
- added ChangeLog, WHATSNEW and sudoers.ldap.5*
- removed *.pod files
- fixed printing of entries with multiple host entries on a single line (#603819)
- fixed audit related code in configure.in (#583683)
- removed unused patches
- fixed a typo in the sudoers man-page (#602022)
Resolves: rhbz#580438
Resolves: rhbz#583911
Resolves: rhbz#583644
Resolves: rhbz#603819
Resolves: rhbz#583683
Resolves: rhbz#602022 - Wed Sep 1 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p1-9
- added patch for CVE-2010-2956 (#628628)
Resolves: rhbz#629053 - Thu Jul 22 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p1-8
- added patch that fixes problem with caching user/group names
Resolves: rhbz#615179 - Tue Jun 1 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p1-7
- added patch that fixes insufficient environment sanitization issue (#598154)
Resolves: rhbz#598382 - Tue Apr 13 2010 Daniel Kopecek <dkopecek@redhat.com> 1.7.2p1-6
- added second patch for CVE-2010-0426 (#580441)
Resolves: #580526 - Tue Feb 23 2010 Daniel Kopecek <dkopecek@redhat.com> 1.7.2p1-5
- added patch for CVE-2010-0426 (#567337)
Resolves: #567691 - Thu Feb 18 2010 Daniel Kopecek <dkopecek@redhat.com> 1.7.2p1-4
- fixed shipped /etc/sudoers has "unused Cmnd_Alias DELEGATING"
Resolves: #550326 - Thu Feb 11 2010 Daniel Kopecek <dkopecek@redhat.com> 1.7.2p1-3
- fixed segfault when #include directive is used in cycles
Resolves: #561336 - Thu Jan 14 2010 Daniel Kopecek <dkopecek@redhat.com> 1.7.2p1-2
- fixed a problem with includedir (see Patch8)
Resolves: #538700 - Tue Dec 1 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.2p1-1
- rebase to 1.7.2p1
Resolves: #469653
Resolves: #497873
Resolves: #500942
Resolves: #512191
Resolves: #519017
Resolves: #521778
Resolves: #521903
- sudo-1.7.2p1-negation.patch, don't apply negation to an already
negated Cmnd_Alias member. Backported from upstream development
version of sudo.
Resolves: #453045 - Mon Feb 16 2009 Daniel Kopecek <dkopecek@redhat.com> 1.6.9p17-5
- added sendmail to BuildRequires
Resolves: #485514 - Thu Jan 29 2009 Daniel Kopecek <dkopecek@redhat.com> 1.6.9p17-4
- audit patch rediff (one chunk failed to apply due to fuzz=0)
- Fix for incorrect handling of groups in Runas_User (#481720)
Resolves: #481821 - Tue Jan 6 2009 Peter Vrabec <pvrabec@redhat.com> 1.6.9p17-3
- regression was found, PATH variable can not be changed, reverting #80215
Resolves: #479029 - Mon Sep 15 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p17-2
- fixing sudoers file, regression was found
Resolves: #447408 - Wed Aug 27 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p17-1
- rebase 1.6.8 -> 1.6.9
- patches from F10
- compiled with secure path(80215)
- patches for sudoers file provided by sudo are removed,
because we deliver our own sudoers in sources1
- compiled without selinux support since there was no
selinux support in previous release
Resolves: #447408 - Thu Mar 6 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-12
- adjust audit patch,
Resolves: #320671 - Fri Jan 4 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-11
- fix segfaults when using ldap on s390,
Resolves: #305331
- add audit support,
Resolves: #320671 - Sun Oct 1 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-10
- rebuilt for unwind info generation, broken in gcc-4.1.1-21
- Thu Sep 21 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-9
- fix sudoers file, X apps didn't work (#206320)
- Tue Aug 8 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-8
- use Red Hat specific default sudoers file
- Sun Jul 16 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-7
- fix #198755 - make login processes (sudo -i) initialise session keyring
(thanks for PAM config files to David Howells)
- add IPv6 support (patch by Milan Zazrivec) - Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-6.1
- rebuild
- Mon May 29 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-6
- fix #190062 - "ssh localhost sudo su" will show the password in clear
- Tue May 23 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-5
- add LDAP support (#170848)
- Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-4.1
- bump again for double-long bug on ppc(64)
- Wed Feb 8 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-4
- reset env. by default
- Tue Feb 7 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-3.1
- rebuilt for new gcc4.1 snapshot and glibc changes
- Mon Jan 23 2006 Dan Walsh <dwalsh@redhat.com> 1.6.8p12-3
- Remove selinux patch. It has been decided that the SELinux patch for sudo is
- no longer necessary. In tageted policy it had no effect. In strict/MLS policy
- We require the person using sudo to execute newrole before using sudo. - Fri Dec 9 2005 Jesse Keating <jkeating@redhat.com>
- rebuilt
- Fri Nov 25 2005 Karel Zak <kzak@redhat.com> 1.6.8p12-1
- new upstream version 1.6.8p12
- Tue Nov 8 2005 Karel Zak <kzak@redhat.com> 1.6.8p11-1
- new upstream version 1.6.8p11
- Thu Oct 13 2005 Tomas Mraz <tmraz@redhat.com> 1.6.8p9-6
- use include instead of pam_stack in pam config
- Tue Oct 11 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-5
- enable interfaces in selinux patch
- merge sudo-1.6.8p8-sesh-stopsig.patch to selinux patch - Mon Sep 19 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-4
- fix debuginfo
- Mon Sep 19 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-3
- fix #162623 - sesh hangs when child suspends
- Mon Aug 1 2005 Dan Walsh <dwalsh@redhat.com> 1.6.8p9-2
- Add back in interfaces call, SELinux has been fixed to work around
- Tue Jun 21 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-1
- new version 1.6.8p9 (resolve #161116 - CAN-2005-1993 sudo trusted user arbitrary command execution)
- Tue May 24 2005 Karel Zak <kzak@redhat.com> 1.6.8p8-2
- fix #154511 - sudo does not use limits.conf
- Mon Apr 4 2005 Thomas Woerner <twoerner@redhat.com> 1.6.8p8-1
- new version 1.6.8p8: new sudoedit and sudo_noexec
- Wed Feb 9 2005 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-31
- rebuild
- Mon Oct 4 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-30.1
- added missing BuildRequires for libselinux-devel (#132883)
- Wed Sep 29 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-30
- Fix missing param error in sesh
- Mon Sep 27 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-29
- Remove full patch check from sesh
- Thu Jul 8 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-28
- Fix selinux patch to switch to root user
- Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
- Tue Apr 13 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-26
- Eliminate tty handling from selinux
- Thu Apr 1 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-25
- fixed spec file: sesh in file section with selinux flag (#119682)
- Tue Mar 30 2004 Colin Walters <walters@redhat.com> 1.6.7p5-24
- Enhance sesh.c to fork/exec children itself, to avoid
having sudo reap all domains.
- Only reinstall default signal handlers immediately before
exec of child with SELinux patch - Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-23
- change to default to sysadm_r
- Fix tty handling - Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-22
- Add /bin/sesh to run selinux code.
- replace /bin/bash -c with /bin/sesh - Tue Mar 16 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-21
- Hard code to use "/bin/bash -c" for selinux
- Tue Mar 16 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-20
- Eliminate closing and reopening of terminals, to match su.
- Mon Mar 15 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-19
- SELinux fixes to make transitions work properly
- Fri Mar 5 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-18
- pied sudo
- Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
- Tue Jan 27 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-16
- Eliminate interfaces call, since this requires big SELinux privs
- and it seems to be useless. - Tue Jan 27 2004 Karsten Hopp <karsten@redhat.de> 1.6.7p5-15
- visudo requires vim-minimal or setting EDITOR to something useful (#68605)
- Mon Jan 26 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-14
- Fix is_selinux_enabled call
- Tue Jan 13 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-13
- Clean up patch on failure
- Tue Jan 6 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-12
- Remove sudo.te for now.
- Fri Jan 2 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-11
- Fix usage message
- Mon Dec 22 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-10
- Clean up sudo.te to not blow up if pam.te not present
- Thu Dec 18 2003 Thomas Woerner <twoerner@redhat.com>
- added missing BuildRequires for groff
- Tue Dec 16 2003 Jeremy Katz <katzj@redhat.com> 1.6.7p5-9
- remove left-over debugging code
- Tue Dec 16 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-8
- Fix terminal handling that caused Sudo to exit on non selinux machines.
- Mon Dec 15 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-7
- Remove sudo_var_run_t which is now pam_var_run_t
- Fri Dec 12 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-6
- Fix terminal handling and policy
- Thu Dec 11 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-5
- Fix policy
- Thu Nov 13 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-4.sel
- Turn on SELinux support
- Tue Jul 29 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-3
- Add support for SELinux
- Wed Jun 4 2003 Elliot Lee <sopwith@redhat.com>
- rebuilt
- Mon May 19 2003 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-1
* Wed Jan 22 2003 Tim Powers
- rebuilt - Tue Nov 12 2002 Nalin Dahyabhai <nalin@redhat.com> 1.6.6-2
- remove absolute path names from the PAM configuration, ensuring that the
right modules get used for whichever arch we're built for
- don't try to install the FAQ, which isn't there any more - Thu Jun 27 2002 Bill Nottingham <notting@redhat.com> 1.6.6-1
- update to 1.6.6
- Fri Jun 21 2002 Tim Powers <timp@redhat.com>
- automated rebuild
- Thu May 23 2002 Tim Powers <timp@redhat.com>
- automated rebuild
- Thu Apr 18 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p2-2
- Fix bug #63768
- Thu Mar 14 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p2-1
- 1.6.5p2
- Fri Jan 18 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p1-1
- 1.6.5p1
- Hope this "a new release per day" madness stops ;) - Thu Jan 17 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5-1
- 1.6.5
- Tue Jan 15 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.4p1-1
- 1.6.4p1
- Mon Jan 14 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.4-1
- Update to 1.6.4
- Mon Jul 23 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.3p7-2
- Add build requirements (#49706)
- s/Copyright/License/
- bzip2 source - Sat Jun 16 2001 Than Ngo <than@redhat.com>
- update to 1.6.3p7
- use %{_tmppath} - Fri Feb 23 2001 Bernhard Rosenkraenzer <bero@redhat.com>
- 1.6.3p6, fixes buffer overrun
- Tue Oct 10 2000 Bernhard Rosenkraenzer <bero@redhat.com>
- 1.6.3p5
- Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
- automatic rebuild
- Tue Jun 6 2000 Karsten Hopp <karsten@redhat.de>
- fixed owner of sudo and visudo
- Thu Jun 1 2000 Nalin Dahyabhai <nalin@redhat.com>
- modify PAM setup to use system-auth
- clean up buildrooting by using the makeinstall macro - Tue Apr 11 2000 Bernhard Rosenkraenzer <bero@redhat.com>
- initial build in main distrib
- update to 1.6.3
- deal with compressed man pages - Tue Dec 14 1999 Preston Brown <pbrown@redhat.com>
- updated to 1.6.1 for Powertools 6.2
- config files are now noreplace. - Thu Jul 22 1999 Tim Powers <timp@redhat.com>
- updated to 1.5.9p2 for Powertools 6.1
- Wed May 12 1999 Bill Nottingham <notting@redhat.com>
- sudo is configured with pam. There's no pam.d file. Oops.
- Mon Apr 26 1999 Preston Brown <pbrown@redhat.com>
- upgraded to 1.59p1 for powertools 6.0
- Tue Oct 27 1998 Preston Brown <pbrown@redhat.com>
- fixed so it doesn't find /usr/bin/vi first, but instead /bin/vi (always installed)
- Thu Oct 8 1998 Michael Maher <mike@redhat.com>
- built package for 5.2
- Mon May 18 1998 Michael Maher <mike@redhat.com>
- updated SPEC file.
- Thu Jan 29 1998 Otto Hammersmith <otto@redhat.com>
- updated to 1.5.4
- Tue Nov 18 1997 Otto Hammersmith <otto@redhat.com>
- built for glibc, no problems
- Fri Apr 25 1997 Michael Fulbright <msf@redhat.com>
- Fixed for 4.2 PowerTools
- Still need to be pamified
- Still need to move stmp file to /var/log - Mon Feb 17 1997 Michael Fulbright <msf@redhat.com>
- First version for PowerCD.