---
- branch: pkgsrc-2012Q1
  date: Sat May 19 10:42:03 UTC 2012
  files:
  - new: 1.134.2.1
    old: '1.134'
    path: pkgsrc/security/sudo/Makefile
    pathrev: pkgsrc/security/sudo/Makefile@1.134.2.1
    type: modified
  - new: 1.75.4.1
    old: '1.75'
    path: pkgsrc/security/sudo/distinfo
    pathrev: pkgsrc/security/sudo/distinfo@1.75.4.1
    type: modified
  - new: 1.28.6.1
    old: '1.28'
    path: pkgsrc/security/sudo/patches/patch-aa
    pathrev: pkgsrc/security/sudo/patches/patch-aa@1.28.6.1
    type: modified
  id: 20120519T104203Z.2b940dcaabd043a9ed2d67ad105879d09eecf878
  log: "Pullup ticket #3790 - requested by taca\nsecurity/sudo: security update\n\nRevisions
    pulled up:\n- security/sudo/Makefile                                        1.136
    via patch\n- security/sudo/distinfo                                        1.78\n-
    security/sudo/patches/patch-aa                                1.29\n\n---\n   Module
    Name:\tpkgsrc\n   Committed By:\ttaca\n   Date:\t\tWed May 16 14:49:56 UTC 2012\n\n
    \  Modified Files:\n   \tpkgsrc/security/sudo: Makefile distinfo\n   \tpkgsrc/security/sudo/patches:
    patch-aa\n\n   Log Message:\n   Update sudo package to 1.7.9p1.\n\n   Fix seuciry
    problem of CVE-2012-2337.\n\n   What's new in Sudo 1.7.9p1?\n\n    * Fixed a bug
    when matching against an IP address with an associated\n      netmask in the sudoers
    file.  In certain circumstances, this\n      could allow users to run commands
    on hosts they are not authorized\n      for.\n\n   What's new in Sudo 1.7.9?\n\n
    \   * Fixed a false positive in visudo strict mode when aliases are\n      in
    use.\n\n    * The line on which a syntax error is reported in the sudoers file\n
    \     is now more accurate.  Previously it was often off by a line.\n\n    * The
    #include and #includedir directives in sudoers now support\n      relative paths.
    \ If the path is not fully qualified it is expected\n      to be located in the
    same directory of the sudoers file that is\n      including it.\n\n    * visudo
    will now fix the mode on the sudoers file even if no changes\n      are made unless
    the -f option is specified.\n\n    * The \"use_loginclass\" sudoers option works
    properly again.\n\n    * For LDAP-based sudoers, values in the search expression
    are now\n      escaped as per RFC 4515.\n\n    * Fixed a race condition when I/O
    logging is not enabled that could\n      result in tty-generated signals (e.g.
    control-C) being received\n      by the command twice.\n\n    * If none of the
    standard input, output or error are connected to\n      a tty device, sudo will
    now check its parent's standard input,\n      output or error for the tty name
    on systems with /proc and BSD\n      systems that support the KERN_PROC_PID sysctl.
    \ This allows\n      tty-based tickets to work properly even when, e.g. standard\n
    \     input, output and error are redirected to /dev/null.\n\n    * Fixed a bug
    where a pattern like \"/usr/*\" included /usr/bin/ in\n      the results, which
    would be incorrectly be interpreted as if the\n      sudoers file had specified
    a directory.\n\n    * \"visudo -c\" will now list any include files that were
    checked\n      in addition to the main sudoers file when everything parses OK.\n\n
    \   * Users that only have read-only access to the sudoers file may\n      now
    run \"visudo -c\".  Previously, write permissions were required\n      even though
    no writing is down in check-only mode.\n\n   What's new in Sudo 1.7.8p2?\n\n    *
    Fixed a crash in the monitor process on Solaris when NOPASSWD\n      was specified
    or when authentication was disabled.\n"
  module: pkgsrc
  subject: 'CVS commit: [pkgsrc-2012Q1] pkgsrc/security/sudo'
  unixtime: '1337424123'
  user: tron