summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authortaca <taca@pkgsrc.org>2010-04-16 15:33:52 +0000
committertaca <taca@pkgsrc.org>2010-04-16 15:33:52 +0000
commitf104d35411d258e75f821c005898f9a14672b08b (patch)
treed8ce30990f80f4b5aeb74ccd75ab7f902235d2fc /security
parentfcb438480f4b9b4237e6d473679c42ec9a325bb9 (diff)
downloadpkgsrc-f104d35411d258e75f821c005898f9a14672b08b.tar.gz
Update sudo package from sudo-1.7.2p4 to sudo-1.7.2p6.
Sudo versions 1.7.2p6 and 1.6.9p22 are now available. These releases fix a privilege escalation bug in the sudoedit functionality. Summary: A flaw exists in sudo's -e option (aka sudoedit) in sudo versions 1.6.8 through 1.7.2p5 that may give a user with permission to run sudoedit the ability to run arbitrary commands. This bug is related to, but distinct from, CVE 2010-0426. Sudo versions affected: 1.6.8 through 1.7.2p5 inclusive.
Diffstat (limited to 'security')
-rw-r--r--security/sudo/Makefile4
-rw-r--r--security/sudo/distinfo10
-rw-r--r--security/sudo/patches/patch-aa12
3 files changed, 13 insertions, 13 deletions
diff --git a/security/sudo/Makefile b/security/sudo/Makefile
index d64deed5b54..d81a5038373 100644
--- a/security/sudo/Makefile
+++ b/security/sudo/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.119 2010/02/26 01:08:38 taca Exp $
+# $NetBSD: Makefile,v 1.120 2010/04/16 15:33:52 taca Exp $
#
-DISTNAME= sudo-1.7.2p4
+DISTNAME= sudo-1.7.2p6
CATEGORIES= security
MASTER_SITES= http://www.courtesan.com/sudo/dist/ \
ftp://ftp.courtesan.com/pub/sudo/ \
diff --git a/security/sudo/distinfo b/security/sudo/distinfo
index 13e925aa80a..b5a28383c8e 100644
--- a/security/sudo/distinfo
+++ b/security/sudo/distinfo
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.61 2010/02/26 01:08:38 taca Exp $
+$NetBSD: distinfo,v 1.62 2010/04/16 15:33:52 taca Exp $
-SHA1 (sudo-1.7.2p4-200805130/sudo-1.7.2p4.tar.gz) = 3a17105e77b35f49b0c9e14628f263a33469afe9
-RMD160 (sudo-1.7.2p4-200805130/sudo-1.7.2p4.tar.gz) = a6cc3b1436f9f4b7ac0017cd4b6bd61ee480808e
-Size (sudo-1.7.2p4-200805130/sudo-1.7.2p4.tar.gz) = 772821 bytes
-SHA1 (patch-aa) = f80a9c0f8a7f4a1072b19c6d02d05c5ffc5d825a
+SHA1 (sudo-1.7.2p6-200805130/sudo-1.7.2p6.tar.gz) = 45976e82cc2ca9f34cad574629ddd998c377734e
+RMD160 (sudo-1.7.2p6-200805130/sudo-1.7.2p6.tar.gz) = 9122ee0da71fa8fe84f71e13d1a02173ef317937
+Size (sudo-1.7.2p6-200805130/sudo-1.7.2p6.tar.gz) = 771148 bytes
+SHA1 (patch-aa) = bd35d9a9168a70c53b8908570cd86483b117a084
SHA1 (patch-af) = 50e6ecf889c460669a4b632c0fd3b15fc45b1214
SHA1 (patch-ag) = b6153d89cfe634c79f1c5b44d4f0df0089353528
diff --git a/security/sudo/patches/patch-aa b/security/sudo/patches/patch-aa
index 3fa4f82ac39..2dad72d425e 100644
--- a/security/sudo/patches/patch-aa
+++ b/security/sudo/patches/patch-aa
@@ -1,8 +1,8 @@
-$NetBSD: patch-aa,v 1.22 2009/12/20 07:46:32 taca Exp $
+$NetBSD: patch-aa,v 1.23 2010/04/16 15:33:52 taca Exp $
---- Makefile.in.orig 2009-11-25 10:42:00.000000000 +0900
+--- Makefile.in.orig 2010-04-09 21:13:21.000000000 +0000
+++ Makefile.in
-@@ -198,7 +198,7 @@ sudo_noexec.lo: $(srcdir)/sudo_noexec.c
+@@ -196,7 +196,7 @@ sudo_noexec.lo: $(srcdir)/sudo_noexec.c
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_noexec.c
sudo_noexec.la: sudo_noexec.lo
@@ -11,9 +11,9 @@ $NetBSD: patch-aa,v 1.22 2009/12/20 07:46:32 taca Exp $
# Uncomment the following if you want "make distclean" to clean the parser
@DEV@GENERATED = gram.h gram.c toke.c def_data.c def_data.h
-@@ -408,36 +408,36 @@ sudoers.ldap.cat: sudoers.ldap.man
- ChangeLog:
- cvs2cl --follow-only trunk
+@@ -403,36 +403,36 @@ sudoers.ldap.cat: sudoers.ldap.man
+ @DEV@LICENSE: license.pod
+ @DEV@ pod2text -l -i0 $> | sed '1,2d' > $@
-install: install-dirs install-binaries @INSTALL_NOEXEC@ install-sudoers install-man
+install: install-dirs install-binaries @INSTALL_NOEXEC@ install-man