Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66]) by www.NetBSD.org (Postfix) with ESMTP id 5EFE263D3F2 for ; Wed, 16 May 2012 14:49:27 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 87FD014A28C; Wed, 16 May 2012 14:49:47 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id DA27A14A28B for ; Wed, 16 May 2012 14:49:40 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id al3-xNG-hY-e for ; Wed, 16 May 2012 14:49:40 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id 2AB6814A247 for ; Wed, 16 May 2012 14:49:40 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id 4A057175DD; Wed, 16 May 2012 14:49:56 +0000 (UTC) MIME-Version: 1.0 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Date: Wed, 16 May 2012 14:49:56 +0000 From: "Takahiro Kambe" Subject: CVS commit: pkgsrc/security/sudo To: pkgsrc-changes@NetBSD.org Reply-To: taca@netbsd.org X-Mailer: log_accum Message-Id: <20120516144956.4A057175DD@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: taca Date: Wed May 16 14:49:56 UTC 2012 Modified Files: pkgsrc/security/sudo: Makefile distinfo pkgsrc/security/sudo/patches: patch-aa Log Message: Update sudo package to 1.7.9p1. Fix seuciry problem of CVE-2012-2337. What's new in Sudo 1.7.9p1? * Fixed a bug when matching against an IP address with an associated netmask in the sudoers file. In certain circumstances, this could allow users to run commands on hosts they are not authorized for. What's new in Sudo 1.7.9? * Fixed a false positive in visudo strict mode when aliases are in use. * The line on which a syntax error is reported in the sudoers file is now more accurate. Previously it was often off by a line. * The #include and #includedir directives in sudoers now support relative paths. If the path is not fully qualified it is expected to be located in the same directory of the sudoers file that is including it. * visudo will now fix the mode on the sudoers file even if no changes are made unless the -f option is specified. * The "use_loginclass" sudoers option works properly again. * For LDAP-based sudoers, values in the search expression are now escaped as per RFC 4515. * Fixed a race condition when I/O logging is not enabled that could result in tty-generated signals (e.g. control-C) being received by the command twice. * If none of the standard input, output or error are connected to a tty device, sudo will now check its parent's standard input, output or error for the tty name on systems with /proc and BSD systems that support the KERN_PROC_PID sysctl. This allows tty-based tickets to work properly even when, e.g. standard input, output and error are redirected to /dev/null. * Fixed a bug where a pattern like "/usr/*" included /usr/bin/ in the results, which would be incorrectly be interpreted as if the sudoers file had specified a directory. * "visudo -c" will now list any include files that were checked in addition to the main sudoers file when everything parses OK. * Users that only have read-only access to the sudoers file may now run "visudo -c". Previously, write permissions were required even though no writing is down in check-only mode. What's new in Sudo 1.7.8p2? * Fixed a crash in the monitor process on Solaris when NOPASSWD was specified or when authentication was disabled. To generate a diff of this commit: cvs rdiff -u -r1.135 -r1.136 pkgsrc/security/sudo/Makefile cvs rdiff -u -r1.77 -r1.78 pkgsrc/security/sudo/distinfo cvs rdiff -u -r1.28 -r1.29 pkgsrc/security/sudo/patches/patch-aa Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.