[pkgsrc/pkgsrc-2004Q3]: pkgsrc/security/sudo Pullup ticket 158 - requested by...

[salo <salo%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/bace1f21f6e9
branches:  pkgsrc-2004Q3
changeset: 480757:bace1f21f6e9
user:      salo <salo%pkgsrc.org@localhost>
date:      Sat Nov 27 16:43:19 2004 +0000

description:
Pullup ticket 158 - requested by Quentin Garnier
security fix for sudo

        Module Name:    pkgsrc
        Committed By:   cube
        Date:           Fri Nov 26 16:23:57 UTC 2004

        Modified Files:
                pkgsrc/security/sudo: Makefile distinfo

        Log Message:
        sudo is nominated for crapware of the year.  Now at version 1.6.8pl4!

        Just as for pl2, changes are about environment sanitizing, meaning
        there are possible security issues with current versions.

        Changes:

        550) The CDPATH variable is now stripped from the environment passed
             to the program to be executed.
        551) Fix temp file generation on systems where the _PATH_VARTMP macro
             lacks a trailing slash.
        552) The KRB5CCNAME environment variable is preserved during sudo
             execution for password lookups that use GSSAPI.

diffstat:

 security/sudo/Makefile |  6 +++---
 security/sudo/distinfo |  6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diffs (29 lines):

diff -r 104e48949b80 -r bace1f21f6e9 security/sudo/Makefile
--- a/security/sudo/Makefile    Sat Nov 27 16:32:00 2004 +0000
+++ b/security/sudo/Makefile    Sat Nov 27 16:43:19 2004 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.70.2.1 2004/11/15 08:02:54 salo Exp $
+# $NetBSD: Makefile,v 1.70.2.2 2004/11/27 16:43:19 salo Exp $
 #
 
-DISTNAME=              sudo-1.6.8p2
-PKGNAME=               sudo-1.6.8pl2
+DISTNAME=              sudo-1.6.8p4
+PKGNAME=               sudo-1.6.8pl4
 PKGREVISION=           #
 CATEGORIES=            security
 MASTER_SITES=          http://www.courtesan.com/sudo/dist/ \
diff -r 104e48949b80 -r bace1f21f6e9 security/sudo/distinfo
--- a/security/sudo/distinfo    Sat Nov 27 16:32:00 2004 +0000
+++ b/security/sudo/distinfo    Sat Nov 27 16:43:19 2004 +0000
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.23.2.1 2004/11/15 08:02:54 salo Exp $
+$NetBSD: distinfo,v 1.23.2.2 2004/11/27 16:43:19 salo Exp $
 
-SHA1 (sudo-1.6.8p2.tar.gz) = eb4d49207036109080f41edff941c069da2566dd
-Size (sudo-1.6.8p2.tar.gz) = 583690 bytes
+SHA1 (sudo-1.6.8p4.tar.gz) = 7bc4935a4d5d1100938774eeb7927f8643730ff2
+Size (sudo-1.6.8p4.tar.gz) = 583961 bytes
 SHA1 (patch-aa) = a4f29f2c228eb3b4af0872cf04a00ffdf41c603c
 SHA1 (patch-af) = 870a0f0504449dbb839c8b8c2dfe6505a9c9ec68
 SHA1 (patch-ag) = 3703932e134ae90281179d0a4ae4760fa420264b