pkgsrc.se | The NetBSD package collection

./security/sudo, Allow others to run commands as root

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2012Q1, Version: 1.7.9p1, Package name: sudo-1.7.9p1, Maintainer: kim

Sudo is a program designed to allow a sysadmin to give limited root
privileges to users and log root activity. The basic philosophy is to
give as few privileges as possible but still allow people to get their
work done.

Required to build:
[devel/libtool-base]

Package options: skey

Master sites: (Expand)

SHA1: cbca68bae8b85e8518690d78685ca67d0696ce15
RMD160: 1ec37d34bad3ab3a27ec123da81d33e2ac3deb72
Filesize: 1146.42 KB

Version history: (Expand)

(2012-05-19) Updated to version: sudo-1.7.9p1
(2012-04-10) Package added to pkgsrc.se, version sudo-1.7.8p1nb1 (created)

CVS history: (Expand)

2012-05-19 12:42:03 by Matthias Scheler | Files touched by this commit (3) | Package updated

Log message:
Pullup ticket #3790 - requested by taca
security/sudo: security update

Revisions pulled up:
- security/sudo/Makefile                                        1.136 via patch
- security/sudo/distinfo                                        1.78
- security/sudo/patches/patch-aa                                1.29

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed May 16 14:49:56 UTC 2012

   Modified Files:
   	pkgsrc/security/sudo: Makefile distinfo
   	pkgsrc/security/sudo/patches: patch-aa

   Log message:
   Update sudo package to 1.7.9p1.

   Fix seuciry problem of CVE-2012-2337.

   What's new in Sudo 1.7.9p1?

    * Fixed a bug when matching against an IP address with an associated
      netmask in the sudoers file.  In certain circumstances, this
      could allow users to run commands on hosts they are not authorized
      for.

   What's new in Sudo 1.7.9?

    * Fixed a false positive in visudo strict mode when aliases are
      in use.

    * The line on which a syntax error is reported in the sudoers file
      is now more accurate.  Previously it was often off by a line.

    * The #include and #includedir directives in sudoers now support
      relative paths.  If the path is not fully qualified it is expected
      to be located in the same directory of the sudoers file that is
      including it.

    * visudo will now fix the mode on the sudoers file even if no changes
      are made unless the -f option is specified.

    * The "use_loginclass" sudoers option works properly again.

    * For LDAP-based sudoers, values in the search expression are now
      escaped as per RFC 4515.

    * Fixed a race condition when I/O logging is not enabled that could
      result in tty-generated signals (e.g. control-C) being received
      by the command twice.

    * If none of the standard input, output or error are connected to
      a tty device, sudo will now check its parent's standard input,
      output or error for the tty name on systems with /proc and BSD
      systems that support the KERN_PROC_PID sysctl.  This allows
      tty-based tickets to work properly even when, e.g. standard
      input, output and error are redirected to /dev/null.

    * Fixed a bug where a pattern like "/usr/*" included /usr/bin/ in
      the results, which would be incorrectly be interpreted as if the
      sudoers file had specified a directory.

    * "visudo -c" will now list any include files that were checked
      in addition to the main sudoers file when everything parses OK.

    * Users that only have read-only access to the sudoers file may
      now run "visudo -c".  Previously, write permissions were required
      even though no writing is down in check-only mode.

   What's new in Sudo 1.7.8p2?

    * Fixed a crash in the monitor process on Solaris when NOPASSWD
      was specified or when authentication was disabled.