pkgsrc-changes: CVS commit: [pkgsrc-2004Q3] pkgsrc/security/sudo

Subject: CVS commit: [pkgsrc-2004Q3] pkgsrc/security/sudo
To: None <pkgsrc-changes@NetBSD.org>
From: Lubomir Sedlacik <salo@netbsd.org>
List: pkgsrc-changes
Date: 11/27/2004 16:43:19

Module Name:	pkgsrc
Committed By:	salo
Date:		Sat Nov 27 16:43:19 UTC 2004

Modified Files:
	pkgsrc/security/sudo [pkgsrc-2004Q3]: Makefile distinfo

Log Message:
Pullup ticket 158 - requested by Quentin Garnier
security fix for sudo

        Module Name:	pkgsrc
        Committed By:	cube
        Date:		Fri Nov 26 16:23:57 UTC 2004

        Modified Files:
        	pkgsrc/security/sudo: Makefile distinfo

        Log Message:
        sudo is nominated for crapware of the year.  Now at version 1.6.8pl4!

        Just as for pl2, changes are about environment sanitizing, meaning
        there are possible security issues with current versions.

        Changes:

        550) The CDPATH variable is now stripped from the environment passed
             to the program to be executed.
        551) Fix temp file generation on systems where the _PATH_VARTMP macro
             lacks a trailing slash.
        552) The KRB5CCNAME environment variable is preserved during sudo
             execution for password lookups that use GSSAPI.


To generate a diff of this commit:
cvs rdiff -r1.70.2.1 -r1.70.2.2 pkgsrc/security/sudo/Makefile
cvs rdiff -r1.23.2.1 -r1.23.2.2 pkgsrc/security/sudo/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.