Subject: CVS commit: [pkgsrc-2013Q4] pkgsrc/security/sudo
From: S.P.Zeidler
Date: 2014-03-08 21:33:47
Message id: 20140308203347.A75FF96@cvs.netbsd.org

Log Message:
Pullup ticket #4337 - requested by kim
security/sudo: security update

Revisions pulled up:
- security/sudo/Makefile                                        1.142
- security/sudo/distinfo                                        1.81
- security/sudo/patches/patch-af                                1.31
- security/sudo/patches/patch-ag                                1.22
- security/sudo/patches/patch-logging.c                         1.4

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   kim
   Date:           Sat Mar  8 11:51:56 UTC 2014

   Modified Files:
           pkgsrc/security/sudo: Makefile distinfo
           pkgsrc/security/sudo/patches: patch-af patch-ag patch-logging.c

   Log Message:
   Upgrade to address CVE-2014-0106

   http://www.sudo.ws/sudo/alerts/env_add.html

   What's new in Sudo 1.7.10p8?

   * Sudo's exit code now indicates a failure if the user does not
     successfully authenticate.

   * On HP-UX systems, sudo will now use the pstat() function to
     determine the tty instead of ttyname().

   * Fixed compilation when --without-iologdir configure option is
     specified.

   * On systems with BSD login classes, if the user specified a group
     (not a user) to run the command as, it was possible to specify
     a different login class even when the command was not run as the
     super user.

   * The closefrom() emulation on Mac OS X now uses /dev/fd if possible.
     It also now sets the close on exec flag instead of actually
     closing the descriptors to avoid a crash in libdispatch.

   * The sudoers plugin will now ignore invalid domain names when
     checking netgroup membership.  Most Linux systems use the string
     "(none)" for the NIS-style domain name instead of an empty string.

   * Fixed the logic when checking environment variables on the
     command line against the env_check and env_delete blacklists.
     This is only a problem when env_reset is disabled in sudoers.

   To generate a diff of this commit:
   cvs rdiff -u -r1.141 -r1.142 pkgsrc/security/sudo/Makefile
   cvs rdiff -u -r1.80 -r1.81 pkgsrc/security/sudo/distinfo
   cvs rdiff -u -r1.30 -r1.31 pkgsrc/security/sudo/patches/patch-af
   cvs rdiff -u -r1.21 -r1.22 pkgsrc/security/sudo/patches/patch-ag
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/security/sudo/patches/patch-logging.c

Files:
RevisionActionfile
1.140.8.1modifypkgsrc/security/sudo/Makefile
1.80.4.1modifypkgsrc/security/sudo/distinfo
1.30.4.1modifypkgsrc/security/sudo/patches/patch-af
1.21.4.1modifypkgsrc/security/sudo/patches/patch-ag
1.3.20.1modifypkgsrc/security/sudo/patches/patch-logging.c