Bug 194259 - [PATCH] Update sudo from 1.8.10p3 to 1.8.11p1
Summary: [PATCH] Update sudo from 1.8.10p3 to 1.8.11p1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Wesley Shields
Depends on:
Reported: 2014-10-09 00:50 UTC by Cy Schubert
Modified: 2014-10-16 05:29 UTC (History)
1 user (show)

See Also:

Diff against current port in the tree. (745 bytes, patch)
2014-10-09 00:50 UTC, Cy Schubert
no flags Details | Diff
Modified patch (6.55 KB, patch)
2014-10-09 23:09 UTC, Yasuhiro KIMURA
no flags Details | Diff
This is the real patch. (4.00 KB, patch)
2014-10-10 01:44 UTC, Cy Schubert
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Cy Schubert freebsd_committer 2014-10-09 00:50:05 UTC
Created attachment 148125 [details]
Diff against current port in the tree.

The announcement from the mailing list:

Sudo version 1.8.11p1 is now available.  This is a bug fix release.
See below for a list of changes and bugs closed.


SHA256 checksum:
MD5 checksum:

Binary packages:

For a list of download mirror sites, see:

Sudo web site:

Sudo web site mirrors:

Major changes between sudo 1.8.11p1 and 1.8.11:

 * Fixed a compilation problem on some systems when the
   --disable-shared-libutil configure option was specified.

 * The user can no longer interrupt the sleep after an incorrect
   password on PAM systems using pam_unix.
   Bug #666

 * Fixed a compilation problem on Linux systems that do not use PAM.
   Bug #667

 * "make install" will now work with the stock GNU autotools
   install-sh script.  Bug #669

 * Fixed a crash with "sudo -i" when the current working directory
   does not exist.  Bug #670

 * Fixed a potential crash in the debug subsystem when logging a message
   larger that 1024 bytes.

 * Fixed a "make check" failure for ttyname when stdin is closed and
   stdout and stderr are redirected to a different tty.  Bug #643

 * Added BASH_FUNC_* to environment blacklist to match newer-style
   bash functions.

Major changes between sudo 1.8.11 and 1.8.10p3:

 * The sudoers plugin no longer uses setjmp/longjmp to recover
   from fatal errors.  All errors are now propagated to the caller
   via return codes.

 * When running a command in the background, sudo will now forward
   SIGINFO to the command (if supported).

 * Sudo will now use the system versions of the sha2 functions from
   libc or libmd if available.

 * Visudo now works correctly on GNU Hurd.  Bug #647

 * Fixed suspend and resume of curses programs on some system when
   the command is not being run in a pseudo-terminal.  Bug #649

 * Fixed a crash with LDAP-based sudoers on some systems when
   Kerberos was enabled.

 * Sudo now includes optional Solaris audit support.

 * Catalan translation for sudoers from translationproject.org.

 * Norwegian Bokmaal translation for sudo from translationproject.org.

 * Greek translation for sudoers from translationproject.org

 * The sudo source tree has been reorganized to more closely resemble
   that of other gettext-enabled packages.

 * Sudo and its associated programs now link against a shared version
   of libsudo_util.  The --disable-shared-libutil configure option
   may be used to force static linking if the --enable-static-sudoers
   option is also specified.

 * The passwords in ldap.conf and ldap.secret may now be encoded
   in base64.

 * Audit updates.  SELinux role changes are now audited.  For
   sudoedit, we now audit the actual editor being run, instead of
   just the sudoedit command.

 * Fixed bugs in the man page post-processing that could cause
   portions of the manuals to be removed.

 * Fixed a crash in the system_group plugin.  Bug #653.

 * Fixed sudoedit on platforms without a native version of the
   getprogname() function.  Bug #654.

 * Fixed compilation problems with some pre-C99 compilers.

 * Fixed sudo's -C option which was broken in version 1.8.9.

 * It is now possible to match an environment variable's value as
   well as its name using env_keep and env_check.  This can be used
   to preserve bash functions which would otherwise be removed from
   the environment.

 * New files created via sudoedit as a non-root user now have the
   proper group id.  Bug #656

 * Sudoedit now works correctly in conjunction with sudo's SELinux
   RBAC support.  Temporary files are now created with the proper
   security context.

 * The sudo I/O logging plugin API has been updated.  If a logging
   function returns an error, the command will be terminated and
   all of the plugin's logging functions will be disabled.  If a
   logging function rejects the command's output it will no longer
   be displayed to the user's terminal.

 * Fixed a compilation error on systems that lack openpty(), _getpty()
   and grantpt(). Bug #660

 * Fixed a hang when a sudoers source is listed more than once in
   a single sudoers nsswitch.conf entry.

 * On AIX, shell scripts without a #! magic number are now passed to
   /usr/bin/sh, not /usr/bin/bsh.  This is consistent with what the
   execvp() function on AIX does and matches historic sudo behavior.
   Bug #661

 * Fixed a cross-compilation problem building mksiglist and mksigname.
   Bug #662
Comment 1 Yasuhiro KIMURA 2014-10-09 23:09:12 UTC
Created attachment 148150 [details]
Modified patch

With Cy's patch, build failes with patching error.

Attached patch is modified one so build succeeds.
Comment 2 Cy Schubert freebsd_committer 2014-10-10 01:44:51 UTC
Created attachment 148151 [details]
This is the real patch.

Sorry about that. I should have used the diff from my custom "prod" tree. Here's the diff with all the missing pieces.
Comment 3 Yasuhiro KIMURA 2014-10-11 09:06:52 UTC

I compared Cy's new patch with mine and found 2 difference:

1. I have patched ${WRKSRC}/install-sh to enable non-root staging.

2. I have modified security/sudo/files/patch-plugins__sudoers__audit.c to include sudo_gettext.h rather than adding "-I${LOCALBASE}/share/gettext" to CFLAGS. It is because include/gettext.h in 1.8.10p3 source archive seems to renamed to include/sudo_gettext.h in 1.8.11p1.
Comment 4 Cy Schubert freebsd_committer 2014-10-11 15:53:15 UTC
Sounds good to me.
Comment 5 commit-hook freebsd_committer 2014-10-16 02:05:38 UTC
A commit references this bug:

Author: wxs
Date: Thu Oct 16 02:05:20 UTC 2014
New revision: 370967
URL: https://svnweb.freebsd.org/changeset/ports/370967

  Update to 1.8.11p1

  PR:		194259
  Submitted by:	cy@ and Yasuhiro KIMURA <yasu@utahime.org>

Comment 6 commit-hook freebsd_committer 2014-10-16 05:29:51 UTC
A commit references this bug:

Author: bapt
Date: Thu Oct 16 05:28:50 UTC 2014
New revision: 370968
URL: https://svnweb.freebsd.org/changeset/ports/370968

  MFH: r370967

  Update to 1.8.11p1

  PR:		194259
  Submitted by:	cy@ and Yasuhiro KIMURA <yasu@utahime.org>

_U  branches/2014Q4/