Created attachment 148125 [details] Diff against current port in the tree. The announcement from the mailing list: Sudo version 1.8.11p1 is now available. This is a bug fix release. See below for a list of changes and bugs closed. Source: http://www.sudo.ws/dist/sudo-1.8.11p1.tar.gz ftp://ftp.sudo.ws/pub/sudo/sudo-1.8.11p1.tar.gz SHA256 checksum: 44c275772595a119185336164bb76b6e08f23d38aa0fe0d6bab48812e75d6a43 MD5 checksum: 5065deec62e8cd514fb04d1d1253db03 Binary packages: http://www.sudo.ws/download.html#binary For a list of download mirror sites, see: http://www.sudo.ws/download_mirrors.html Sudo web site: http://www.sudo.ws/ Sudo web site mirrors: http://www.sudo.ws/mirrors.html Major changes between sudo 1.8.11p1 and 1.8.11: * Fixed a compilation problem on some systems when the --disable-shared-libutil configure option was specified. * The user can no longer interrupt the sleep after an incorrect password on PAM systems using pam_unix. Bug #666 * Fixed a compilation problem on Linux systems that do not use PAM. Bug #667 * "make install" will now work with the stock GNU autotools install-sh script. Bug #669 * Fixed a crash with "sudo -i" when the current working directory does not exist. Bug #670 * Fixed a potential crash in the debug subsystem when logging a message larger that 1024 bytes. * Fixed a "make check" failure for ttyname when stdin is closed and stdout and stderr are redirected to a different tty. Bug #643 * Added BASH_FUNC_* to environment blacklist to match newer-style bash functions. Major changes between sudo 1.8.11 and 1.8.10p3: * The sudoers plugin no longer uses setjmp/longjmp to recover from fatal errors. All errors are now propagated to the caller via return codes. * When running a command in the background, sudo will now forward SIGINFO to the command (if supported). * Sudo will now use the system versions of the sha2 functions from libc or libmd if available. * Visudo now works correctly on GNU Hurd. Bug #647 * Fixed suspend and resume of curses programs on some system when the command is not being run in a pseudo-terminal. Bug #649 * Fixed a crash with LDAP-based sudoers on some systems when Kerberos was enabled. * Sudo now includes optional Solaris audit support. * Catalan translation for sudoers from translationproject.org. * Norwegian Bokmaal translation for sudo from translationproject.org. * Greek translation for sudoers from translationproject.org * The sudo source tree has been reorganized to more closely resemble that of other gettext-enabled packages. * Sudo and its associated programs now link against a shared version of libsudo_util. The --disable-shared-libutil configure option may be used to force static linking if the --enable-static-sudoers option is also specified. * The passwords in ldap.conf and ldap.secret may now be encoded in base64. * Audit updates. SELinux role changes are now audited. For sudoedit, we now audit the actual editor being run, instead of just the sudoedit command. * Fixed bugs in the man page post-processing that could cause portions of the manuals to be removed. * Fixed a crash in the system_group plugin. Bug #653. * Fixed sudoedit on platforms without a native version of the getprogname() function. Bug #654. * Fixed compilation problems with some pre-C99 compilers. * Fixed sudo's -C option which was broken in version 1.8.9. * It is now possible to match an environment variable's value as well as its name using env_keep and env_check. This can be used to preserve bash functions which would otherwise be removed from the environment. * New files created via sudoedit as a non-root user now have the proper group id. Bug #656 * Sudoedit now works correctly in conjunction with sudo's SELinux RBAC support. Temporary files are now created with the proper security context. * The sudo I/O logging plugin API has been updated. If a logging function returns an error, the command will be terminated and all of the plugin's logging functions will be disabled. If a logging function rejects the command's output it will no longer be displayed to the user's terminal. * Fixed a compilation error on systems that lack openpty(), _getpty() and grantpt(). Bug #660 * Fixed a hang when a sudoers source is listed more than once in a single sudoers nsswitch.conf entry. * On AIX, shell scripts without a #! magic number are now passed to /usr/bin/sh, not /usr/bin/bsh. This is consistent with what the execvp() function on AIX does and matches historic sudo behavior. Bug #661 * Fixed a cross-compilation problem building mksiglist and mksigname. Bug #662
Created attachment 148150 [details] Modified patch With Cy's patch, build failes with patching error. Attached patch is modified one so build succeeds.
Created attachment 148151 [details] This is the real patch. Sorry about that. I should have used the diff from my custom "prod" tree. Here's the diff with all the missing pieces.
Hi. I compared Cy's new patch with mine and found 2 difference: 1. I have patched ${WRKSRC}/install-sh to enable non-root staging. 2. I have modified security/sudo/files/patch-plugins__sudoers__audit.c to include sudo_gettext.h rather than adding "-I${LOCALBASE}/share/gettext" to CFLAGS. It is because include/gettext.h in 1.8.10p3 source archive seems to renamed to include/sudo_gettext.h in 1.8.11p1.
Sounds good to me.
A commit references this bug: Author: wxs Date: Thu Oct 16 02:05:20 UTC 2014 New revision: 370967 URL: https://svnweb.freebsd.org/changeset/ports/370967 Log: Update to 1.8.11p1 PR: 194259 Submitted by: cy@ and Yasuhiro KIMURA <yasu@utahime.org> Changes: head/security/sudo/Makefile head/security/sudo/distinfo head/security/sudo/files/patch-install-sh head/security/sudo/files/patch-plugins__sudoers__Makefile.in head/security/sudo/files/patch-plugins__sudoers__audit.c head/security/sudo/pkg-plist
A commit references this bug: Author: bapt Date: Thu Oct 16 05:28:50 UTC 2014 New revision: 370968 URL: https://svnweb.freebsd.org/changeset/ports/370968 Log: MFH: r370967 Update to 1.8.11p1 PR: 194259 Submitted by: cy@ and Yasuhiro KIMURA <yasu@utahime.org> Changes: _U branches/2014Q4/ branches/2014Q4/security/sudo/Makefile branches/2014Q4/security/sudo/distinfo branches/2014Q4/security/sudo/files/patch-install-sh branches/2014Q4/security/sudo/files/patch-plugins__sudoers__Makefile.in branches/2014Q4/security/sudo/files/patch-plugins__sudoers__audit.c branches/2014Q4/security/sudo/pkg-plist