diff options
author | bsiegert <bsiegert@pkgsrc.org> | 2017-06-13 18:46:57 +0000 |
---|---|---|
committer | bsiegert <bsiegert@pkgsrc.org> | 2017-06-13 18:46:57 +0000 |
commit | 663839b13772ab085b40f7d8b27280fa562b4469 (patch) | |
tree | 0eaef09c5fc4708d2d1dd36c54a0dff7512a37e3 /security | |
parent | 21a4f6d441df95553baec99100cf42ad70329976 (diff) | |
download | pkgsrc-663839b13772ab085b40f7d8b27280fa562b4469.tar.gz |
Pullup ticket #5477 - requested by sevan
security/sudo: security fix
Revisions pulled up:
- security/sudo/Makefile 1.155
- security/sudo/distinfo 1.92
---
Module Name: pkgsrc
Committed By: spz
Date: Wed Jun 7 05:41:53 UTC 2017
Modified Files:
pkgsrc/security/sudo: Makefile distinfo
Log Message:
update to version 1.8.20p2
upstream changelog:
2017-05-31 Todd C. Miller <Todd.Miller%courtesan.com@localhost>
* NEWS, configure, configure.ac:
Sudo 1.8.20p2
[47836f4c9834]
* src/ttyname.c:
A command name may also contain newline characters so read
/proc/self/stat until EOF. It is not legal for /proc/self/stat to
contain embedded NUL bytes so treat the file as corrupt if we see
any. With help from Qualys.
This is not exploitable due to the /dev traversal changes in sudo
1.8.20p1 (thanks Solar!).
[15a46f4007dd]
2017-05-30 Todd C. Miller <Todd.Miller%courtesan.com@localhost>
* src/ttyname.c:
Use /proc/self consistently on Linux. As far as I know, only AIX
doesn't support /proc/self.
[6f3d9816541b]
Diffstat (limited to 'security')
-rw-r--r-- | security/sudo/Makefile | 4 | ||||
-rw-r--r-- | security/sudo/distinfo | 10 |
2 files changed, 7 insertions, 7 deletions
diff --git a/security/sudo/Makefile b/security/sudo/Makefile index efdce7549a5..0a9d24fc5ef 100644 --- a/security/sudo/Makefile +++ b/security/sudo/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.153.2.1 2017/05/31 06:22:52 spz Exp $ +# $NetBSD: Makefile,v 1.153.2.2 2017/06/13 18:46:57 bsiegert Exp $ -DISTNAME= sudo-1.8.20p1 +DISTNAME= sudo-1.8.20p2 CATEGORIES= security MASTER_SITES= http://www.sudo.ws/dist/ MASTER_SITES+= ftp://ftp.sudo.ws/pub/sudo/ diff --git a/security/sudo/distinfo b/security/sudo/distinfo index 6a085d693fd..00c27aba0b0 100644 --- a/security/sudo/distinfo +++ b/security/sudo/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.88.6.1 2017/05/31 06:22:52 spz Exp $ +$NetBSD: distinfo,v 1.88.6.2 2017/06/13 18:46:57 bsiegert Exp $ -SHA1 (sudo-1.8.20p1.tar.gz) = 2138fca8c91c0504579aaf57fc39cee95486efd1 -RMD160 (sudo-1.8.20p1.tar.gz) = 1dbf71b6d22e9c75f57942c026be40dc02774859 -SHA512 (sudo-1.8.20p1.tar.gz) = b7d4c07a550da917029e31d15e734d9462f3565ee43eb5f6fd19463b54a2fa3f444381f0999d6d1ba643b65832056dd9177dad4452fa9f87f2542c223b13f258 -Size (sudo-1.8.20p1.tar.gz) = 2930394 bytes +SHA1 (sudo-1.8.20p2.tar.gz) = 7aa187518735312a82c5fcb3d253ed700cb8c68e +RMD160 (sudo-1.8.20p2.tar.gz) = 168f05dd033b14b62c508c85696b89965a15e539 +SHA512 (sudo-1.8.20p2.tar.gz) = 8bf67e687f7a84605fdef8d547b5cd661141b6c8fd25820c33c7e37e97ca7f21f564c3bae691f8a8cd08df7d80338e36a8f06bb5086cc104509d71d6ab1bceda +Size (sudo-1.8.20p2.tar.gz) = 2930769 bytes SHA1 (patch-aa) = 63c89e6d4e530ab92b7452f4025fbbf2a45dad65 SHA1 (patch-af) = db54ce780c174129e2a25a87f3e3a926596c68b2 SHA1 (patch-ag) = 460b9575346c263b944535aa8e2408e959840c77 |