[pkgsrc/pkgsrc-2005Q3]: pkgsrc/security/sudo Pullup ticket 909 - requested by...

[salo <salo%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/7775b94cc6ea
branches:  pkgsrc-2005Q3
changeset: 499686:7775b94cc6ea
user:      salo <salo%pkgsrc.org@localhost>
date:      Tue Nov 15 12:15:16 2005 +0000

description:
Pullup ticket 909 - requested by Adrian Portelli
security fix for sudo

Revisions pulled up:
- pkgsrc/security/sudo/Makefile                 1.83
- pkgsrc/security/sudo/distinfo                 1.32
- pkgsrc/security/sudo/patches/patch-ah         1.2

   Module Name:         pkgsrc
   Committed By:        adrianp
   Date:                Sat Nov 12 14:17:46 UTC 2005

   Modified Files:
        pkgsrc/security/sudo: Makefile distinfo
        pkgsrc/security/sudo/patches: patch-ah

   Log Message:
   Update sudo to nb2 to address the recent secuity issue:
   - http://www.sudo.ws/sudo/alerts/perl_env.html

   - Add "PERLLIB", "PERL5LIB" and the "PERL5OPT" to the list of
     environment variables to be cleaned.

diffstat:

 security/sudo/Makefile         |   4 ++--
 security/sudo/distinfo         |   4 ++--
 security/sudo/patches/patch-ah |  14 ++++++++++++--
 3 files changed, 16 insertions(+), 6 deletions(-)

diffs (56 lines):

diff -r 8d5fba662493 -r 7775b94cc6ea security/sudo/Makefile
--- a/security/sudo/Makefile    Tue Nov 15 12:05:39 2005 +0000
+++ b/security/sudo/Makefile    Tue Nov 15 12:15:16 2005 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.80.4.1 2005/10/26 04:37:23 snj Exp $
+# $NetBSD: Makefile,v 1.80.4.2 2005/11/15 12:15:16 salo Exp $
 #
 
 DISTNAME=              sudo-1.6.8p9
 PKGNAME=               sudo-1.6.8pl9
-PKGREVISION=           1
+PKGREVISION=           2
 CATEGORIES=            security
 MASTER_SITES=          http://www.courtesan.com/sudo/dist/ \
                        ftp://ftp.courtesan.com/pub/sudo/ \
diff -r 8d5fba662493 -r 7775b94cc6ea security/sudo/distinfo
--- a/security/sudo/distinfo    Tue Nov 15 12:05:39 2005 +0000
+++ b/security/sudo/distinfo    Tue Nov 15 12:15:16 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.29.4.1 2005/10/26 04:37:23 snj Exp $
+$NetBSD: distinfo,v 1.29.4.2 2005/11/15 12:15:16 salo Exp $
 
 SHA1 (sudo-1.6.8p9.tar.gz) = f264d1ad9f197920f2e69614db7935b35ca51672
 RMD160 (sudo-1.6.8p9.tar.gz) = c1c719504476ab9ac11e0421716d149120463e33
@@ -6,4 +6,4 @@
 SHA1 (patch-aa) = a4f29f2c228eb3b4af0872cf04a00ffdf41c603c
 SHA1 (patch-af) = 870a0f0504449dbb839c8b8c2dfe6505a9c9ec68
 SHA1 (patch-ag) = 3703932e134ae90281179d0a4ae4760fa420264b
-SHA1 (patch-ah) = a08e73c0a20d50a432e01740a9d27b330a1c1998
+SHA1 (patch-ah) = 6210bca36fa7fc87ef179b7bf92109828390bea0
diff -r 8d5fba662493 -r 7775b94cc6ea security/sudo/patches/patch-ah
--- a/security/sudo/patches/patch-ah    Tue Nov 15 12:05:39 2005 +0000
+++ b/security/sudo/patches/patch-ah    Tue Nov 15 12:15:16 2005 +0000
@@ -1,6 +1,6 @@
-$NetBSD: patch-ah,v 1.1.2.2 2005/10/26 04:37:23 snj Exp $
+$NetBSD: patch-ah,v 1.1.2.3 2005/11/15 12:15:16 salo Exp $
 
---- env.c.orig 2005-02-06 16:37:01.000000000 +0100
+--- env.c.orig 2005-02-06 15:37:01.000000000 +0000
 +++ env.c
 @@ -89,6 +89,8 @@ static char *format_env              __P((char *, ..
  static const char *initial_badenv_table[] = {
@@ -11,3 +11,13 @@
      "LOCALDOMAIN",
      "RES_OPTIONS",
      "HOSTALIASES",
+@@ -124,6 +126,9 @@ static const char *initial_badenv_table[
+     "TERMCAP",                        /* XXX - only if it starts with '/' */
+     "ENV",
+     "BASH_ENV",
++    "PERLLIB",
++    "PERL5LIB",
++    "PERL5OPT",
+     NULL
+ };
+