--- - branch: pkgsrc-2010Q2 date: Sat Sep 11 17:24:16 UTC 2010 files: - new: 1.121.2.1 old: '1.121' path: pkgsrc/security/sudo/Makefile pathrev: pkgsrc/security/sudo/Makefile@1.121.2.1 type: modified - new: 1.4.10.1 old: '1.4' path: pkgsrc/security/sudo/PLIST pathrev: pkgsrc/security/sudo/PLIST@1.4.10.1 type: modified - new: 1.63.2.1 old: '1.63' path: pkgsrc/security/sudo/distinfo pathrev: pkgsrc/security/sudo/distinfo@1.63.2.1 type: modified - new: 1.23.2.1 old: '1.23' path: pkgsrc/security/sudo/patches/patch-aa pathrev: pkgsrc/security/sudo/patches/patch-aa@1.23.2.1 type: modified - new: 1.23.6.1 old: '1.23' path: pkgsrc/security/sudo/patches/patch-af pathrev: pkgsrc/security/sudo/patches/patch-af@1.23.6.1 type: modified - new: 1.14.6.1 old: '1.14' path: pkgsrc/security/sudo/patches/patch-ag pathrev: pkgsrc/security/sudo/patches/patch-ag@1.14.6.1 type: modified id: 20100911T172416Z.b12a4217911c7ff8222e1335bf84b7256dfa4081 log: "Pullup ticket #3220 - requested by spz\nsecurity/sudo: security update\n\nRevisions pulled up:\n- security/sudo/Makefile\t\t\t1.122-1.123\n- security/sudo/PLIST\t\t\t\t1.5\n- security/sudo/distinfo\t\t\t1.64-1.65\n- security/sudo/patches/patch-aa\t\t1.24\n- security/sudo/patches/patch-af\t\t1.24-1.25\n- security/sudo/patches/patch-ag\t\t1.15-1.16\n---\nModule Name:\tpkgsrc\nCommitted By:\ttaca\nDate:\t\tMon Jul\t 5 03:08:10 UTC 2010\n\nModified Files:\n\tpkgsrc/security/sudo: Makefile distinfo\n\tpkgsrc/security/sudo/patches: patch-af patch-ag\n\nLog Message:\nUpdate sudo package to 1.7.2p8.\n\nMajor changes between sudo 1.7.2p7 and 1.7.2p8:\n\n * Fixed a crash on AIX when LDAP support is in use.\n\n * Fixed problems with the QAS non-Unix group support\n---\nModule Name:\tpkgsrc\nCommitted By:\tspz\nDate:\t\tFri Sep 10 17:11:27 UTC 2010\n\nModified Files:\n\tpkgsrc/security/sudo: Makefile PLIST distinfo\n\tpkgsrc/security/sudo/patches: patch-aa patch-af patch-ag\n\nLog Message:\nupdating to the latest and greatest (and less a bunch of security\nrelevant bugs) version:\n\nMajor changes between version 1.7.4p3 and 1.7.4p4:\n\n * A potential security issue has been fixed with respect to the\n handling of sudo's -g command line option when -u is also\n specified. The flaw may allow an attacker to run commands as a\n user that is not authorized by the sudoers file.\n * A bug has been fixed where \"sudo -l\" output was incomplete if\n multiple sudoers sources were defined in nsswitch.conf and there\n was an error querying one of the sources.\n \ * The log_input, log_output, and use_pty sudoers options now work\n correctly on AIX. Previously, sudo would hang if they were\n enabled.\n * Fixed \"make install\" when sudo is built in a directory other\n than the directory that holds the sources.\n * The runas_default sudoers setting now works properly in a\n per-command Defaults line.\n * Suspending and resuming the bash shell when PAM is in use now\n works properly. The SIGCONT signal was not being propagated to\n the child process.\n\nMajor changes between version 1.7.4p2 and 1.7.4p3:\n\n * A bug has been fixed where duplicate HOME environment variables\n could be set when the env_reset setting was disabled and the\n \ always_set_home setting was enabled in sudoers.\n * The value of sysconfdir is now substituted into the path to the\n sudoers.d directory in the installed sudoers file.\n * Fixed compilation problems on Irix and other platforms.\n \ * If multiple PAM \"auth\" actions are specified and the user enters\n ^C at the password prompt, sudo will now abort any subsequent\n \"auth\" actions. Previously it was necessary to enter ^C once for\n each \"auth\" action.\n\nMajor changes between version 1.7.4p1 and 1.7.4p2:\n\n * Fixed a bug where sudo could spin in a cpu loop waiting for the\n child process.\n * Packaging fixes for sudo.pp to better handle patchlevels.\n\nMajor changes between version 1.7.4 and 1.7.4p1:\n\n * Fix a bug introduced in sudo 1.7.3 that prevented the -k and -K\n options from functioning when the tty_tickets sudoers option was\n \ enabled.\n * Sudo no longer prints a warning when the -k or -K options are\n specified and the ticket file does not exist.\n * Changes to the configure script to enable cross-compilation of\n Sudo.\n\nMajor changes between version 1.7.3 and 1.7.4:\n\n * Sudoedit will now preserve the file extension in the name of the\n temporary file being edited. The extension is used by some\n editors (such as emacs) to choose the editing mode.\n * Time stamp files have moved from /var/run/sudo to either\n /var/db/sudo, /var/lib/sudo or /var/adm/sudo. The directories\n are checked for existence in that order. This prevents users\n from receiving the sudo lecture every time the system reboots.\n Time stamp files older than the boot time are ignored on systems\n where it is possible to determine this.\n * Ancillary documentation (README files, LICENSE, etc) is now\n installed in a sudo documentation directory.\n * Sudo now recognizes \"tls_cacert\" as an alias for \"tls_cacertfile\"\n \ in ldap.conf.\n * Defaults settings that are tied to a user, host or command may\n now include the negation operator. For example:\n\t Defaults:!millert lecture\n will match any user but millert.\n * The default PATH environment variable, used when no PATH variable\n exists, now includes /usr/sbin and /sbin.\n * Sudo now uses polypkg for cross-platform packing.\n * On Linux, sudo will now restore the nproc resource limit before\n executing a command, unless the limit appears to have been\n modified by pam_limits. This avoids a problem with bash scripts\n that open more than 32 descriptors on SuSE Linux, where\n sysconf(_SC_CHILD_MAX) will return -1 when RLIMIT_NPROC is set\n to RLIMIT_UNLIMITED (-1).\n * Visudo will now treat an unrecognized Defaults entry as a parse\n error (sudo will warn but still run).\n * The HOME and MAIL environment variables are now reset based on\n the target user's password database entry when the env_reset\n sudoers option is enabled (which is the case in the default\n configuration). Users wishing to preserve the original values\n should use a sudoers entry like:\n\t Defaults env_keep += HOME\n to preserve the old value of HOME and\n\t Defaults env_keep += MAIL\n to preserve the old value of MAIL.\n * The tty_tickets option is now on by default.\n * Fixed a problem in the restoration of the AIX authdb registry\n setting.\n * If PAM is in use, wait until the process has finished before\n closing the PAM session.\n * Fixed \"sudo -i -u user\" where user has no shell listed in the\n password database.\n * When logging I/O, sudo now handles pty read/write returning ENXIO,\n as seen on FreeBSD when the login session has been killed.\n * Sudo now performs I/O logging in the C locale. This avoids\n locale-related issues when parsing floating point numbers in the\n timing file.\n * Added support for Ubuntu-style admin flag dot files.\n\nMajor changes between version 1.7.2p8 and 1.7.3:\n\n * Support for logging a command's input and output as well as the\n ability to replay sessions. For more information, see the\n documentation for the log_input and log_output Defaults options\n in the sudoers manual. Also see the sudoreplay manual for\n information on replaying I/O log sessions.\n * The use_pty sudoers option can be used to force a command to be\n run in a pseudo-pty, even when I/O logging is not enabled.\n * On some systems, sudo can now detect when a user has logged out\n and back in again when tty-based time stamps are in use.\n Supported systems include Solaris systems with the devices file\n system, Mac OS X, and Linux systems with the devpts filesystem\n (pseudo-ttys only).\n * On AIX systems, the registry setting in /etc/security/user is\n \ now taken into account when looking up users and groups.\n Sudo now applies the correct the user and group ids when running\n a command as a user whose account details come from a different\n source (e.g. LDAP or DCE vs. local files).\n * Support for multiple sudoers_base and uri entries in ldap.conf.\n When multiple entries are listed, sudo will try each one in the\n order in which they are specified.\n * Sudo's SELinux support should now function correctly when running\n commands as a non-root user and when one of stdin, stdout or stderr\n is not a terminal.\n * Sudo will now use the Linux audit system with configure with the\n --with-linux-audit flag.\n \ * Sudo now uses mbr_check_membership() on systems that support it\n to determine group membership. Currently, only Darwin (Mac OS X)\n supports this.\n * When the tty_tickets sudoers option is enabled but there is no\n \ terminal device, sudo will no longer use or create a tty-based\n ticket file. Previously, sudo would use a tty name of \"unknown\".\n As a consequence, if a user has no terminal device, sudo will now\n always prompt for a password.\n \ * The passwd_timeout and timestamp_timeout options may now be\n specified as floating point numbers for more granular timeout\n values.\n * Negating the fqdn option in sudoers now works correctly when sudo\n is configured with the --with-fqdn option. In previous versions\n of sudo the fqdn was set before sudoers was parsed.\n" module: pkgsrc subject: 'CVS commit: [pkgsrc-2010Q2] pkgsrc/security/sudo' unixtime: '1284225856' user: tron