Module Name:	pkgsrc
Committed By:	ghen
Date:		Tue Jun 26 11:59:29 UTC 2007

Modified Files:
	pkgsrc/security/sudo [pkgsrc-2007Q1]: Makefile distinfo
	pkgsrc/security/sudo/patches [pkgsrc-2007Q1]: patch-ah
Added Files:
	pkgsrc/security/sudo/patches [pkgsrc-2007Q1]: patch-ai

Log Message:
Pullup ticket 2121, 2122 - requested by tls
security fix for sudo

- pkgsrc/security/sudo/Makefile				1.90
- pkgsrc/security/sudo/distinfo				1.35
- pkgsrc/security/sudo/patches/patch-ah			1.5
- pkgsrc/security/sudo/patches/patch-ai			1.1

   Module Name:	pkgsrc
   Committed By:	tls
   Date:		Mon Jun 25 09:53:42 UTC 2007

   Modified Files:
	   pkgsrc/security/sudo: Makefile distinfo
	   pkgsrc/security/sudo/patches: patch-ah

   Log Message:
   Fix privilege-escalation vulnerability with PKG_OPTIONS.sudo=kerberos:
   cleanse environment of variables that alter behavior of Kerberos library
   so the user can't override the default keytab location, and do *not*
   ignore missing keytab errors.  Prevents root compromise via spoofed KDC
   on systems with Kerberos libraries but no host key in keytab, no keytab,
   or keytab overidden via environment.

   Don't insist that the keytab key be DES -- some Kerberos sites are 3DES/AES
   only.

   Somewhat less invasive than the fix Todd incorporated into the 1.6.9 branch
   of sudo (presently beta) but equivalent (though not as clean).
---
   Module Name:	pkgsrc
   Committed By:	tls
   Date:		Mon Jun 25 23:53:28 UTC 2007

   Added Files:
	   pkgsrc/security/sudo/patches: patch-ai

   Log Message:
   Add file omitted from previous commit.


To generate a diff of this commit:
cvs rdiff -r1.89 -r1.89.2.1 pkgsrc/security/sudo/Makefile
cvs rdiff -r1.34 -r1.34.10.1 pkgsrc/security/sudo/distinfo
cvs rdiff -r1.4 -r1.4.10.1 pkgsrc/security/sudo/patches/patch-ah
cvs rdiff -r0 -r1.1.2.2 pkgsrc/security/sudo/patches/patch-ai

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.