pkgsrc.se | The NetBSD package collection

./security/sudo, Allow others to run commands as root

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2010Q1, Version: 1.7.2p7, Package name: sudo-1.7.2p7, Maintainer: kim

Sudo is a program designed to allow a sysadmin to give limited root
privileges to users and log root activity. The basic philosophy is to
give as few privileges as possible but still allow people to get their
work done.

Required to build:
[devel/libtool-base]

Package options: skey

Master sites: (Expand)

Version history: (Expand)

(2010-06-05) Updated to version: sudo-1.7.2p7
(2010-04-17) Updated to version: sudo-1.7.2p6
(2010-04-09) Package added to pkgsrc.se, version sudo-1.7.2p4 (created)

CVS history: (Expand)

2010-06-05 08:16:43 by S.P.Zeidler | Files touched by this commit (2) | Package updated

Log message:
Pullup ticket 3137 - requested by kefren
security update

Revisions pulled up:
- pkgsrc/security/sudo/Makefile	1.121
- pkgsrc/security/sudo/distinfo	1.63

   -------------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Thu Jun  3 14:53:14 UTC 2010

   Modified Files:
           pkgsrc/security/sudo: Makefile distinfo

   Log message:
   Update security/sudo package to 1.7.2p7.

   For more detail: http://www.sudo.ws/sudo/alerts/secure_path.html

   Summary:
       Sudo "secure path" feature works by replacing the PATH environment
       variable with a value specified in the sudoers file, or at
       compile time if the --with-secure-path configure option is used.
       The flaw is that sudo only replaces the first instance of PATH
       in the environment.  If the program being run through sudo uses
       the last instance of PATH in the environment, an attacker may
       be able to avoid the "secure path" restrictions.

   Sudo versions affected:
       Sudo 1.3.1 through 1.6.9p22 and Sudo 1.7.0 through 1.7.2p6.

   To generate a diff of this commit:
   cvs rdiff -u -r1.120 -r1.121 pkgsrc/security/sudo/Makefile
   cvs rdiff -u -r1.62 -r1.63 pkgsrc/security/sudo/distinfo

2010-04-17 10:34:13 by S.P.Zeidler | Files touched by this commit (3) | Package updated

Log message:
Pullup ticket 3079 - requested by taca
security update

Revisions pulled up:
- pkgsrc/security/sudo/Makefile		1.120
- pkgsrc/security/sudo/distinfo		1.62
- pkgsrc/security/sudo/patches/patch-aa	1.23

   --------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Fri Apr 16 15:33:52 UTC 2010

   Modified Files:
           pkgsrc/security/sudo: Makefile distinfo
           pkgsrc/security/sudo/patches: patch-aa

   Log message:
   Update sudo package from sudo-1.7.2p4 to sudo-1.7.2p6.

   Sudo versions 1.7.2p6 and 1.6.9p22 are now available.  These releases
   fix a privilege escalation bug in the sudoedit functionality.

   Summary:
       A flaw exists in sudo's -e option (aka sudoedit) in sudo versions
       1.6.8 through 1.7.2p5 that may give a user with permission to
       run sudoedit the ability to run arbitrary commands.  This bug
       is related to, but distinct from, CVE 2010-0426.

   Sudo versions affected:
       1.6.8 through 1.7.2p5 inclusive.

   To generate a diff of this commit:
   cvs rdiff -u -r1.119 -r1.120 pkgsrc/security/sudo/Makefile
   cvs rdiff -u -r1.61 -r1.62 pkgsrc/security/sudo/distinfo
   cvs rdiff -u -r1.22 -r1.23 pkgsrc/security/sudo/patches/patch-aa