CVS commit: [pkgsrc-2013Q4] pkgsrc/security/sudo

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2013Q4] pkgsrc/security/sudo
From: "S.P.Zeidler" <spz%netbsd.org@localhost>
Date: Sat, 8 Mar 2014 20:33:47 +0000

Module Name:    pkgsrc
Committed By:   spz
Date:           Sat Mar  8 20:33:47 UTC 2014

Modified Files:
        pkgsrc/security/sudo [pkgsrc-2013Q4]: Makefile distinfo
        pkgsrc/security/sudo/patches [pkgsrc-2013Q4]: patch-af patch-ag
            patch-logging.c

Log Message:
Pullup ticket #4337 - requested by kim
security/sudo: security update

Revisions pulled up:
- security/sudo/Makefile                                        1.142
- security/sudo/distinfo                                        1.81
- security/sudo/patches/patch-af                                1.31
- security/sudo/patches/patch-ag                                1.22
- security/sudo/patches/patch-logging.c                         1.4

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   kim
   Date:           Sat Mar  8 11:51:56 UTC 2014

   Modified Files:
           pkgsrc/security/sudo: Makefile distinfo
           pkgsrc/security/sudo/patches: patch-af patch-ag patch-logging.c

   Log Message:
   Upgrade to address CVE-2014-0106

   http://www.sudo.ws/sudo/alerts/env_add.html

   What's new in Sudo 1.7.10p8?

   * Sudo's exit code now indicates a failure if the user does not
     successfully authenticate.

   * On HP-UX systems, sudo will now use the pstat() function to
     determine the tty instead of ttyname().

   * Fixed compilation when --without-iologdir configure option is
     specified.

   * On systems with BSD login classes, if the user specified a group
     (not a user) to run the command as, it was possible to specify
     a different login class even when the command was not run as the
     super user.

   * The closefrom() emulation on Mac OS X now uses /dev/fd if possible.
     It also now sets the close on exec flag instead of actually
     closing the descriptors to avoid a crash in libdispatch.

   * The sudoers plugin will now ignore invalid domain names when
     checking netgroup membership.  Most Linux systems use the string
     "(none)" for the NIS-style domain name instead of an empty string.

   * Fixed the logic when checking environment variables on the
     command line against the env_check and env_delete blacklists.
     This is only a problem when env_reset is disabled in sudoers.

   To generate a diff of this commit:
   cvs rdiff -u -r1.141 -r1.142 pkgsrc/security/sudo/Makefile
   cvs rdiff -u -r1.80 -r1.81 pkgsrc/security/sudo/distinfo
   cvs rdiff -u -r1.30 -r1.31 pkgsrc/security/sudo/patches/patch-af
   cvs rdiff -u -r1.21 -r1.22 pkgsrc/security/sudo/patches/patch-ag
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/security/sudo/patches/patch-logging.c


To generate a diff of this commit:
cvs rdiff -u -r1.140 -r1.140.8.1 pkgsrc/security/sudo/Makefile
cvs rdiff -u -r1.80 -r1.80.4.1 pkgsrc/security/sudo/distinfo
cvs rdiff -u -r1.30 -r1.30.4.1 pkgsrc/security/sudo/patches/patch-af
cvs rdiff -u -r1.21 -r1.21.4.1 pkgsrc/security/sudo/patches/patch-ag
cvs rdiff -u -r1.3 -r1.3.20.1 pkgsrc/security/sudo/patches/patch-logging.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: [pkgsrc-2013Q4] pkgsrc/net/wireshark
Next by Date: CVS commit: [pkgsrc-2013Q4] pkgsrc/doc
Previous by Thread: CVS commit: [pkgsrc-2013Q4] pkgsrc/net/wireshark
Next by Thread: CVS commit: [pkgsrc-2013Q4] pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index