Created attachment 186103 [details] Patch to update doas port to upstream version 6.0p1 This update brings the security/doas port up to date with upstream. This gives us the added benefit of restricted path searching. Which means if the admin puts a relative path in the doas.conf file, doas will limit the number of places where the executable can be found. This prevents users from putting malicious executables with the same name in their custom path.
A commit references this bug: Author: tobik Date: Wed Sep 6 10:03:52 UTC 2017 New revision: 449334 URL: https://svnweb.freebsd.org/changeset/ports/449334 Log: security/doas: Update to 6.0p1 This update brings the security/doas port up to date with upstream. This gives us the added benefit of restricted path searching. Which means if the admin puts a relative path in the doas.conf file, doas will limit the number of places where the executable can be found. This prevents users from putting malicious executables with the same name in their custom path. PR: 222092 Submitted by: jsmith@resonatingmedia.com (maintainer) MFH: 2017Q3 Changes: head/security/doas/Makefile head/security/doas/distinfo
Closing because I've never gotten approval for MFH'ing the update and it seems pointless now... @jsmith, thank you for the quick port update though!