Pullup ticket #4086 - requested by kim
security/sudo: security update

Revisions pulled up:
- security/sudo/Makefile                                        1.140 via patch
- security/sudo/distinfo                                        1.79
- security/sudo/patches/patch-aa                                1.30
- security/sudo/patches/patch-af                                1.29
- security/sudo/patches/patch-ag                                1.20
- security/sudo/patches/patch-pwutil.c                          deleted

---
  Module Name:    pkgsrc
  Committed By:  kim
  Date:          Fri Mar  1 14:24:59 UTC 2013

  Modified Files:
          pkgsrc/security/sudo: Makefile distinfo
          pkgsrc/security/sudo/patches: patch-aa patch-af patch-ag
  Removed Files:
          pkgsrc/security/sudo/patches: patch-pwutil.c

  Log Message:
  Upgrade to address CVE-2013-1775

  What's new in Sudo 1.7.10p7?

    * A time stamp file with the date set to the epoch by "sudo -k"
      is now completely ignored regardless of what the local clock is
      set to.  Previously, if the local clock was set to a value between
      the epoch and the time stamp timeout value, a time stamp reset
      by "sudo -k" would be considered current.

  What's new in Sudo 1.7.10p6?

    * The tty-specific time stamp file now includes the session ID
      of the sudo process that created it.  If a process with the same
      tty but a different session ID runs sudo, the user will now be
      prompted for a password (assuming authentication is required for
      the command).

  What's new in Sudo 1.7.10p5?

    * On systems where the controlling tty can be determined via /proc
      or sysctl(), sudo will no longer fall back to using ttyname()
      if the process has no controlling tty.  This prevents sudo from
      using a non-controlling tty for logging and time stamp purposes.

  What's new in Sudo 1.7.10?

    * If the user is a member of the "exempt" group in sudoers, they
      will no longer be prompted for a password even if the -k flag
      is specified with the command.  This makes "sudo -k command"
      consistent with the behavior one would get if the user ran "sudo
      -k" immediately before running the command.

    * The sudoers file may now be a symbolic link.  Previously, sudo
      would refuse to read sudoers unless it was a regular file.

    * The user/group/mode checks on sudoers files have been relaxed.
      As long as the file is owned by the sudoers uid, not world-writable
      and not writable by a group other than the sudoers gid, the file
      is considered OK.  Note that visudo will still set the mode to
      the value specified at configure time.

    * /etc/environment is no longer read directly on Linux systems
      when PAM is used.  Sudo now merges the PAM environment into the
      user's environment which is typically set by the pam_env module.

    * The initial evironment created when env_reset is in effect now
      includes the contents of /etc/environment on AIX systems and the
      "setenv" and "path" entries from /etc/login.conf on BSD systems.

    * On systems with an SVR4-style /proc file system, the /proc/pid/psinfo
      file is now uses to determine the controlling terminal, if possible.
      This allows tty-based tickets to work properly even when, e.g.
      standard input, output and error are redirected to /dev/null.

    * The sudoreplay command can now properly replay sessions where
      no tty was present.

    * Fixed a race condition that could cause sudo to receive SIGTTOU
      (and stop) when resuming a shell that was run via sudo when I/O
      logging (and use_pty) is not enabled.

(tron)