Add a patch for CVE-2005-2959: SHELLOPTS and PS4 have to be cleared from

the environment before letting the user execute bash scripts.

Bump PKGREVISION.

From Debian.

3 files changed, 17 insertions, 2 deletions

diff --git a/security/sudo/Makefile b/security/sudo/Makefile
index a664a62be16..170cfaddd8f 100644
--- a/security/sudo/Makefile
+++ b/security/sudo/Makefile
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.81 2005/10/07 12:53:02 rillig Exp $
+# $NetBSD: Makefile,v 1.82 2005/10/25 22:05:55 cube Exp $
 #
 
 DISTNAME=		sudo-1.6.8p9
 PKGNAME=		sudo-1.6.8pl9
+PKGREVISION=		1
 CATEGORIES=		security
 MASTER_SITES=		http://www.courtesan.com/sudo/dist/ \
 			ftp://ftp.courtesan.com/pub/sudo/ \
diff --git a/security/sudo/distinfo b/security/sudo/distinfo
index aeabb20e6b2..310d5da5aa5 100644
--- a/security/sudo/distinfo
+++ b/security/sudo/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.30 2005/10/11 01:53:16 riz Exp $
+$NetBSD: distinfo,v 1.31 2005/10/25 22:05:55 cube Exp $
 
 SHA1 (sudo-1.6.8p9.tar.gz) = f264d1ad9f197920f2e69614db7935b35ca51672
 RMD160 (sudo-1.6.8p9.tar.gz) = c1c719504476ab9ac11e0421716d149120463e33
@@ -6,3 +6,4 @@ Size (sudo-1.6.8p9.tar.gz) = 585509 bytes
 SHA1 (patch-aa) = a4f29f2c228eb3b4af0872cf04a00ffdf41c603c
 SHA1 (patch-af) = 245761812dc600b3d2752fa135ba367bb0223370
 SHA1 (patch-ag) = 87c3263674ec98ccc9cc33f2108a2456eddaecc5
+SHA1 (patch-ah) = a08e73c0a20d50a432e01740a9d27b330a1c1998
diff --git a/security/sudo/patches/patch-ah b/security/sudo/patches/patch-ah
new file mode 100644
index 00000000000..cb44d76c9a9
--- /dev/null
+++ b/security/sudo/patches/patch-ah
@@ -0,0 +1,13 @@
+$NetBSD: patch-ah,v 1.1 2005/10/25 22:05:55 cube Exp $
+
+--- env.c.orig	2005-02-06 16:37:01.000000000 +0100
++++ env.c
+@@ -89,6 +89,8 @@ static char *format_env		__P((char *, ..
+ static const char *initial_badenv_table[] = {
+     "IFS",
+     "CDPATH",
++    "SHELLOPTS",
++    "PS4",
+     "LOCALDOMAIN",
+     "RES_OPTIONS",
+     "HOSTALIASES",