From owner-freebsd-ports@FreeBSD.ORG Tue Jun 21 08:32:37 2005 Return-Path: X-Original-To: ports@FreeBSD.org Delivered-To: freebsd-ports@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C05216A41C; Tue, 21 Jun 2005 08:32:37 +0000 (GMT) (envelope-from anders@FreeBSD.org) Received: from totem.fix.no (totem.fix.no [80.91.36.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1556543D1F; Tue, 21 Jun 2005 08:32:37 +0000 (GMT) (envelope-from anders@FreeBSD.org) Received: from localhost (totem.fix.no [80.91.36.20]) by totem.fix.no (Postfix) with ESMTP id 6C4505F3823; Tue, 21 Jun 2005 10:32:35 +0200 (CEST) Received: from totem.fix.no ([80.91.36.20]) by localhost (totem.fix.no [80.91.36.20]) (amavisd-new, port 10024) with LMTP id 96582-01-3; Tue, 21 Jun 2005 10:32:31 +0200 (CEST) Received: by totem.fix.no (Postfix, from userid 1000) id E8AAD5F380D; Tue, 21 Jun 2005 10:32:31 +0200 (CEST) Date: Tue, 21 Jun 2005 10:32:31 +0200 From: Anders Nordby To: mharo@FreeBSD.org Message-ID: <20050621083231.GA95554@totem.fix.no> Mail-Followup-To: Anders Nordby , mharo@FreeBSD.org, ports@FreeBSD.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="ZPt4rx8FFjLCG7dd" Content-Disposition: inline X-PGP-Key: http://anders.fix.no/pgp/ X-PGP-Key-FingerPrint: 1E0F C53C D8DF 6A8F EAAD 19C5 D12A BC9F 0083 5956 User-Agent: Mutt/1.5.6i Cc: ports@FreeBSD.org Subject: Sudo update X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Jun 2005 08:32:37 -0000 --ZPt4rx8FFjLCG7dd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi, There's a security issue in the sudo version that is in ports, check http://www.sudo.ws/sudo/alerts/path_race.html. Will you update the port soon? Attached is a diff to update the port. Cheers, -- Anders. --ZPt4rx8FFjLCG7dd Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="sudo.diff" diff -Nur sudo.old/Makefile sudo/Makefile --- sudo.old/Makefile Fri Apr 15 15:06:08 2005 +++ sudo/Makefile Tue Jun 21 08:29:38 2005 @@ -6,7 +6,7 @@ # PORTNAME= sudo -PORTVERSION= 1.6.8.8 +PORTVERSION= 1.6.8.9 PORTREVISION= 0 CATEGORIES= security MASTER_SITES= http://www.sudo.ws/sudo/dist/ \ @@ -19,7 +19,7 @@ http://pluto.cdpa.nsysu.edu.tw/sudo/ \ ftp://ftp.cs.colorado.edu/pub/sysadmin/sudo/ \ ftp://ftp.stikman.com/pub/sudo/ -DISTNAME= ${PORTNAME}-1.6.8p8 +DISTNAME= ${PORTNAME}-1.6.8p9 MAINTAINER= mharo@FreeBSD.org COMMENT= Allow others to run commands as root diff -Nur sudo.old/distinfo sudo/distinfo --- sudo.old/distinfo Fri Apr 15 15:06:08 2005 +++ sudo/distinfo Tue Jun 21 08:29:53 2005 @@ -1,2 +1,2 @@ -MD5 (sudo-1.6.8p8.tar.gz) = 7a60e95d0931dcf3caff7929e974d5cc -SIZE (sudo-1.6.8p8.tar.gz) = 585608 +MD5 (sudo-1.6.8p9.tar.gz) = 6d0346abd16914956bc7ea4f17fc85fb +SIZE (sudo-1.6.8p9.tar.gz) = 585509 --ZPt4rx8FFjLCG7dd--