pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2012Q4] pkgsrc/security/sudo
Module Name: pkgsrc
Committed By: tron
Date: Tue Mar 5 10:30:39 UTC 2013
Modified Files:
pkgsrc/security/sudo [pkgsrc-2012Q4]: Makefile distinfo
pkgsrc/security/sudo/patches [pkgsrc-2012Q4]: patch-aa patch-af
patch-ag
Removed Files:
pkgsrc/security/sudo/patches [pkgsrc-2012Q4]: patch-pwutil.c
Log Message:
Pullup ticket #4086 - requested by kim
security/sudo: security update
Revisions pulled up:
- security/sudo/Makefile 1.140 via patch
- security/sudo/distinfo 1.79
- security/sudo/patches/patch-aa 1.30
- security/sudo/patches/patch-af 1.29
- security/sudo/patches/patch-ag 1.20
- security/sudo/patches/patch-pwutil.c deleted
---
Module Name: pkgsrc
Committed By: kim
Date: Fri Mar 1 14:24:59 UTC 2013
Modified Files:
pkgsrc/security/sudo: Makefile distinfo
pkgsrc/security/sudo/patches: patch-aa patch-af patch-ag
Removed Files:
pkgsrc/security/sudo/patches: patch-pwutil.c
Log Message:
Upgrade to address CVE-2013-1775
What's new in Sudo 1.7.10p7?
* A time stamp file with the date set to the epoch by "sudo -k"
is now completely ignored regardless of what the local clock is
set to. Previously, if the local clock was set to a value between
the epoch and the time stamp timeout value, a time stamp reset
by "sudo -k" would be considered current.
What's new in Sudo 1.7.10p6?
* The tty-specific time stamp file now includes the session ID
of the sudo process that created it. If a process with the same
tty but a different session ID runs sudo, the user will now be
prompted for a password (assuming authentication is required for
the command).
What's new in Sudo 1.7.10p5?
* On systems where the controlling tty can be determined via /proc
or sysctl(), sudo will no longer fall back to using ttyname()
if the process has no controlling tty. This prevents sudo from
using a non-controlling tty for logging and time stamp purposes.
What's new in Sudo 1.7.10?
* If the user is a member of the "exempt" group in sudoers, they
will no longer be prompted for a password even if the -k flag
is specified with the command. This makes "sudo -k command"
consistent with the behavior one would get if the user ran "sudo
-k" immediately before running the command.
* The sudoers file may now be a symbolic link. Previously, sudo
would refuse to read sudoers unless it was a regular file.
* The user/group/mode checks on sudoers files have been relaxed.
As long as the file is owned by the sudoers uid, not world-writable
and not writable by a group other than the sudoers gid, the file
is considered OK. Note that visudo will still set the mode to
the value specified at configure time.
* /etc/environment is no longer read directly on Linux systems
when PAM is used. Sudo now merges the PAM environment into the
user's environment which is typically set by the pam_env module.
* The initial evironment created when env_reset is in effect now
includes the contents of /etc/environment on AIX systems and the
"setenv" and "path" entries from /etc/login.conf on BSD systems.
* On systems with an SVR4-style /proc file system, the /proc/pid/psinfo
file is now uses to determine the controlling terminal, if possible.
This allows tty-based tickets to work properly even when, e.g.
standard input, output and error are redirected to /dev/null.
* The sudoreplay command can now properly replay sessions where
no tty was present.
* Fixed a race condition that could cause sudo to receive SIGTTOU
(and stop) when resuming a shell that was run via sudo when I/O
logging (and use_pty) is not enabled.
To generate a diff of this commit:
cvs rdiff -u -r1.138 -r1.138.2.1 pkgsrc/security/sudo/Makefile
cvs rdiff -u -r1.78 -r1.78.6.1 pkgsrc/security/sudo/distinfo
cvs rdiff -u -r1.29 -r1.29.6.1 pkgsrc/security/sudo/patches/patch-aa
cvs rdiff -u -r1.28 -r1.28.12.1 pkgsrc/security/sudo/patches/patch-af
cvs rdiff -u -r1.19 -r1.19.12.1 pkgsrc/security/sudo/patches/patch-ag
cvs rdiff -u -r1.2 -r0 pkgsrc/security/sudo/patches/patch-pwutil.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index