diff options
author | kim <kim@pkgsrc.org> | 2013-03-01 14:24:57 +0000 |
---|---|---|
committer | kim <kim@pkgsrc.org> | 2013-03-01 14:24:57 +0000 |
commit | 5c0d3a0916e8d6faab533e6af0020efa4d10e1bf (patch) | |
tree | d797e44359a2f08649236ec67dcb4d37301c0aa3 /security/sudo/distinfo | |
parent | 058b80c42c5e680c2d2d922fa133c19ccd0c4878 (diff) | |
download | pkgsrc-5c0d3a0916e8d6faab533e6af0020efa4d10e1bf.tar.gz |
Upgrade to address CVE-2013-1775
What's new in Sudo 1.7.10p7?
* A time stamp file with the date set to the epoch by "sudo -k"
is now completely ignored regardless of what the local clock is
set to. Previously, if the local clock was set to a value between
the epoch and the time stamp timeout value, a time stamp reset
by "sudo -k" would be considered current.
What's new in Sudo 1.7.10p6?
* The tty-specific time stamp file now includes the session ID
of the sudo process that created it. If a process with the same
tty but a different session ID runs sudo, the user will now be
prompted for a password (assuming authentication is required for
the command).
What's new in Sudo 1.7.10p5?
* On systems where the controlling tty can be determined via /proc
or sysctl(), sudo will no longer fall back to using ttyname()
if the process has no controlling tty. This prevents sudo from
using a non-controlling tty for logging and time stamp purposes.
What's new in Sudo 1.7.10?
* If the user is a member of the "exempt" group in sudoers, they
will no longer be prompted for a password even if the -k flag
is specified with the command. This makes "sudo -k command"
consistent with the behavior one would get if the user ran "sudo
-k" immediately before running the command.
* The sudoers file may now be a symbolic link. Previously, sudo
would refuse to read sudoers unless it was a regular file.
* The user/group/mode checks on sudoers files have been relaxed.
As long as the file is owned by the sudoers uid, not world-writable
and not writable by a group other than the sudoers gid, the file
is considered OK. Note that visudo will still set the mode to
the value specified at configure time.
* /etc/environment is no longer read directly on Linux systems
when PAM is used. Sudo now merges the PAM environment into the
user's environment which is typically set by the pam_env module.
* The initial evironment created when env_reset is in effect now
includes the contents of /etc/environment on AIX systems and the
"setenv" and "path" entries from /etc/login.conf on BSD systems.
* On systems with an SVR4-style /proc file system, the /proc/pid/psinfo
file is now uses to determine the controlling terminal, if possible.
This allows tty-based tickets to work properly even when, e.g.
standard input, output and error are redirected to /dev/null.
* The sudoreplay command can now properly replay sessions where
no tty was present.
* Fixed a race condition that could cause sudo to receive SIGTTOU
(and stop) when resuming a shell that was run via sudo when I/O
logging (and use_pty) is not enabled.
Diffstat (limited to 'security/sudo/distinfo')
-rw-r--r-- | security/sudo/distinfo | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/security/sudo/distinfo b/security/sudo/distinfo index b1c61b54933..247c61f5f37 100644 --- a/security/sudo/distinfo +++ b/security/sudo/distinfo @@ -1,10 +1,9 @@ -$NetBSD: distinfo,v 1.78 2012/05/16 14:49:55 taca Exp $ +$NetBSD: distinfo,v 1.79 2013/03/01 14:24:57 kim Exp $ -SHA1 (sudo-1.7.9p1.tar.gz) = cbca68bae8b85e8518690d78685ca67d0696ce15 -RMD160 (sudo-1.7.9p1.tar.gz) = 1ec37d34bad3ab3a27ec123da81d33e2ac3deb72 -Size (sudo-1.7.9p1.tar.gz) = 1173934 bytes -SHA1 (patch-aa) = 014a8a634abb3c61f63e3e127a4ebf20f5a0e4bf -SHA1 (patch-af) = 0dce4ebbc82ab644565f71e8f472c407ddbaabf5 -SHA1 (patch-ag) = fe8409164b61bdb229ca81d391de96898436ea0b +SHA1 (sudo-1.7.10p7.tar.gz) = b5beb1a470d1f03b3940aff612f5089244dd773a +RMD160 (sudo-1.7.10p7.tar.gz) = 171e54506c30a85fa642070332db012aba4a6203 +Size (sudo-1.7.10p7.tar.gz) = 1217508 bytes +SHA1 (patch-aa) = 0c9c173a26ea72dd06a7d3947a0b3ba6dc00cf40 +SHA1 (patch-af) = 045e6daceea982a161272af822e3554138ac7dbf +SHA1 (patch-ag) = abd8b76259e0eae75fe4ef8c2fb63f090fe14999 SHA1 (patch-logging.c) = 26608d7423b77f71f17b37cc87f4b2e75978d7cb -SHA1 (patch-pwutil.c) = 9f157c50ea44d5b421001ae8dad985e9c01a8211 |