pkgsrc-changes: CVS commit: [pkgsrc-2004Q3] pkgsrc/security/sudo

Subject: CVS commit: [pkgsrc-2004Q3] pkgsrc/security/sudo
To: None <pkgsrc-changes@NetBSD.org>
From: Lubomir Sedlacik <salo@netbsd.org>
List: pkgsrc-changes
Date: 11/15/2004 08:02:54

Module Name:	pkgsrc
Committed By:	salo
Date:		Mon Nov 15 08:02:54 UTC 2004

Modified Files:
	pkgsrc/security/sudo [pkgsrc-2004Q3]: Makefile PLIST.NetBSD PLIST.SunOS
	    distinfo

Log Message:
Pullup ticket 140 - requested by Quentin Garnier
security fix for sudo

        Module Name:	pkgsrc
        Committed By:	cube
        Date:		Fri Nov 12 16:47:31 UTC 2004

        Modified Files:
        	pkgsrc/security/sudo: Makefile PLIST.NetBSD PLIST.SunOS distinfo

        Log Message:
        Update to version 1.6.8pl2.  Fixes a security flaw for the sad people using
        bash-as-sh (and people allowing bash scripts to be run through sudo).  The
        user could override commands by functions of her own.

        ChangeLog:

        549) Bash exported functions and the CDPATH variable are now stripped from
             the environment passed to the program to be executed.


To generate a diff of this commit:
cvs rdiff -r1.70 -r1.70.2.1 pkgsrc/security/sudo/Makefile
cvs rdiff -r1.1 -r1.1.10.1 pkgsrc/security/sudo/PLIST.NetBSD \
    pkgsrc/security/sudo/PLIST.SunOS
cvs rdiff -r1.23 -r1.23.2.1 pkgsrc/security/sudo/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.