diff options
author | tls <tls> | 2007-07-23 16:38:36 +0000 |
---|---|---|
committer | tls <tls> | 2007-07-23 16:38:36 +0000 |
commit | f0327aa83c5570278ac1c464b88339f04a4aeb4a (patch) | |
tree | 24bd4f4e4c192d30ae38500df8f930071c8935e1 /security | |
parent | fd9d8a621e44fd588c497c1cb094cc6487198516 (diff) | |
download | pkgsrc-f0327aa83c5570278ac1c464b88339f04a4aeb4a.tar.gz |
Update sudo to 1.6.9. We don't take the new default of PAM and no other
authentication; that can be enabled by adding pam to the package options
if users desire.
Diffstat (limited to 'security')
-rw-r--r-- | security/sudo/Makefile | 7 | ||||
-rw-r--r-- | security/sudo/distinfo | 17 | ||||
-rw-r--r-- | security/sudo/options.mk | 4 | ||||
-rw-r--r-- | security/sudo/patches/patch-aa | 14 | ||||
-rw-r--r-- | security/sudo/patches/patch-af | 64 | ||||
-rw-r--r-- | security/sudo/patches/patch-ag | 506 | ||||
-rw-r--r-- | security/sudo/patches/patch-ah | 31 | ||||
-rw-r--r-- | security/sudo/patches/patch-ai | 27 |
8 files changed, 406 insertions, 264 deletions
diff --git a/security/sudo/Makefile b/security/sudo/Makefile index 103134a8296..5edfde5df08 100644 --- a/security/sudo/Makefile +++ b/security/sudo/Makefile @@ -1,9 +1,8 @@ -# $NetBSD: Makefile,v 1.92 2007/07/04 20:37:50 jlam Exp $ +# $NetBSD: Makefile,v 1.93 2007/07/23 16:38:36 tls Exp $ # -DISTNAME= sudo-1.6.8p12 -PKGNAME= sudo-1.6.8pl12 -PKGREVISION= 5 +DISTNAME= sudo-1.6.9 +PKGNAME= sudo-1.6.9 CATEGORIES= security MASTER_SITES= http://www.courtesan.com/sudo/dist/ \ ftp://ftp.courtesan.com/pub/sudo/ \ diff --git a/security/sudo/distinfo b/security/sudo/distinfo index a452351b3f5..619542dab40 100644 --- a/security/sudo/distinfo +++ b/security/sudo/distinfo @@ -1,10 +1,9 @@ -$NetBSD: distinfo,v 1.37 2007/07/02 06:04:02 tls Exp $ +$NetBSD: distinfo,v 1.38 2007/07/23 16:38:36 tls Exp $ -SHA1 (sudo-1.6.8p12.tar.gz) = a79631e9e1c0d0d3f2aa88ae685628e5fde61982 -RMD160 (sudo-1.6.8p12.tar.gz) = d7ff9f18ca0973615258c2e975300b94567451d5 -Size (sudo-1.6.8p12.tar.gz) = 585643 bytes -SHA1 (patch-aa) = 02837d457786a4966c3a683918e0d592aaa32d2d -SHA1 (patch-af) = 245761812dc600b3d2752fa135ba367bb0223370 -SHA1 (patch-ag) = 87c3263674ec98ccc9cc33f2108a2456eddaecc5 -SHA1 (patch-ah) = 142a8884aebdc1cffc256c3ca0ee9addc34f8054 -SHA1 (patch-ai) = 13ae982ea999a24b8ddc9d643cd788db84e2cfbd +SHA1 (sudo-1.6.9.tar.gz) = 42fa0c9836bdaedeb1a7344f24f7822e598760b5 +RMD160 (sudo-1.6.9.tar.gz) = 141688a479f3dd915075eae98de8f7dc1a5c63f4 +Size (sudo-1.6.9.tar.gz) = 557692 bytes + +SHA1 (patch-aa) = 98ca6552bc305aeeb726d48f1d722480f792a0ba +SHA1 (patch-af) = e411f12789f9d5b5fda8b88af3730c89859f5eda +SHA1 (patch-ag) = fc3dc05e119ca53117266e4f083acff2b9d9aea5 diff --git a/security/sudo/options.mk b/security/sudo/options.mk index 95ccc9373b9..6fda4b382e8 100644 --- a/security/sudo/options.mk +++ b/security/sudo/options.mk @@ -1,4 +1,4 @@ -# $NetBSD: options.mk,v 1.11 2006/05/31 18:22:26 ghen Exp $ +# $NetBSD: options.mk,v 1.12 2007/07/23 16:38:36 tls Exp $ # PKG_OPTIONS_VAR= PKG_OPTIONS.sudo @@ -14,6 +14,8 @@ PKG_SUGGESTED_OPTIONS= skey . include "../../mk/pam.buildlink3.mk" DL_AUTO_VARS= yes CONFIGURE_ARGS+= --with-pam +.else +CONFIGURE_ARGS+= --without-pam .endif .if !empty(PKG_OPTIONS:Mkerberos) diff --git a/security/sudo/patches/patch-aa b/security/sudo/patches/patch-aa index 95456c9243d..f3ac7796084 100644 --- a/security/sudo/patches/patch-aa +++ b/security/sudo/patches/patch-aa @@ -1,9 +1,9 @@ -$NetBSD: patch-aa,v 1.13 2007/06/26 15:05:50 jlam Exp $ +/* $NetBSD: patch-aa,v 1.14 2007/07/23 16:38:36 tls Exp $ */ ---- Makefile.in.orig 2005-11-08 13:21:58.000000000 -0500 -+++ Makefile.in -@@ -181,7 +181,7 @@ testsudoers: $(TESTOBJS) $(LIBOBJS) - $(CC) -o $@ $(TESTOBJS) $(LIBOBJS) $(LDFLAGS) $(LIBS) $(NET_LIBS) +--- Makefile.in.orig 2007-07-16 22:53:18.000000000 -0400 ++++ Makefile.in 2007-07-23 05:50:01.000000000 -0400 +@@ -185,7 +185,7 @@ + $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_noexec.c sudo_noexec.la: sudo_noexec.lo - $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o $@ sudo_noexec.lo -avoid-version -rpath $(noexecdir) @@ -11,7 +11,7 @@ $NetBSD: patch-aa,v 1.13 2007/06/26 15:05:50 jlam Exp $ # Uncomment the following if you want "make distclean" to clean the parser @DEV@PARSESRCS = sudo.tab.h sudo.tab.c lex.yy.c def_data.c def_data.h -@@ -292,20 +292,20 @@ sudoers.man:: sudoers.man.in +@@ -300,20 +300,20 @@ sudoers.cat: sudoers.man @@ -36,7 +36,7 @@ $NetBSD: patch-aa,v 1.13 2007/06/26 15:05:50 jlam Exp $ install-noexec: sudo_noexec.la $(LIBTOOL) --mode=install $(INSTALL) sudo_noexec.la $(DESTDIR)$(noexecdir) -@@ -315,15 +315,15 @@ bininst-noexec: sudo_noexec.la +@@ -323,15 +323,15 @@ install-sudoers: test -f $(DESTDIR)$(sudoersdir)/sudoers || \ diff --git a/security/sudo/patches/patch-af b/security/sudo/patches/patch-af index 84dd5107252..59da8978adb 100644 --- a/security/sudo/patches/patch-af +++ b/security/sudo/patches/patch-af @@ -1,8 +1,8 @@ -$NetBSD: patch-af,v 1.14 2005/10/10 17:48:09 joerg Exp $ +/* $NetBSD: patch-af,v 1.15 2007/07/23 16:38:36 tls Exp $ */ ---- configure.in.orig 2004-11-25 18:31:20.000000000 +0100 -+++ configure.in 2005-05-11 14:23:01.000000000 +0200 -@@ -118,7 +118,6 @@ +--- configure.in.orig 2007-07-16 22:51:21.000000000 -0400 ++++ configure.in 2007-07-23 11:15:42.000000000 -0400 +@@ -123,7 +123,6 @@ test "$mandir" = '${prefix}/man' && mandir='$(prefix)/man' test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin' test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin' @@ -10,7 +10,7 @@ $NetBSD: patch-af,v 1.14 2005/10/10 17:48:09 joerg Exp $ dnl dnl Deprecated --with options (these all warn or generate an error) -@@ -244,6 +243,19 @@ +@@ -246,6 +245,19 @@ ;; esac]) @@ -30,20 +30,52 @@ $NetBSD: patch-af,v 1.14 2005/10/10 17:48:09 joerg Exp $ AC_ARG_WITH(passwd, [ --without-passwd don't use passwd/shadow file for authentication], [case $with_passwd in yes) ;; -@@ -1513,7 +1525,7 @@ - esac +@@ -1466,7 +1478,7 @@ + AC_CHECK_FUNCS(auth_challenge, [with_bsdauth=maybe]) fi ;; - *-*-freebsd*) + *-*-freebsd*|*-*-dragonfly*) # FreeBSD has a real setreuid(2) starting with 2.1 and # backported to 2.0.5. We just take 2.1 and above... - case "`echo $host_os | sed 's/^freebsd\([[0-9\.]]*\).*$/\1/'`" in -@@ -1894,6 +1906,7 @@ - AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_HEIMDAL) - SUDO_LIBS="${SUDO_LIBS} -lkrb5 -ldes -lcom_err -lasn1" -+ AC_CHECK_LIB(crypto, main, [SUDO_LIBS="${SUDO_LIBS} -lcrypto"]) - AC_CHECK_LIB(roken, main, [SUDO_LIBS="${SUDO_LIBS} -lroken"]) - ], [ - AC_MSG_RESULT(no) + case "$OSREV" in +@@ -1482,6 +1494,8 @@ + fi + : ${with_pam='maybe'} + : ${with_logincap='maybe'} ++ # We really want libutil. ++ SUDO_LIBS="${SUDO_LIBS} -lutil" + ;; + *-*-*openbsd*) + # OpenBSD has a real setreuid(2) starting with 3.3 but +@@ -1515,10 +1529,12 @@ + : ${with_logincap='maybe'} + dnl future versions of NetBSD (> 2.0) may include pam + : ${with_pam='maybe'} ++ # We really want libutil. ++ SUDO_LIBS="${SUDO_LIBS} -lutil" + ;; + *-*-dragonfly*) + if test "$with_skey" = "yes"; then +- SUDO_LIBS="${SUDO_LIBS} -lmd" ++ SUDO_LIBS="${SUDO_LIBS} -lutil -lmd" + fi + if test "$CHECKSHADOW" = "true"; then + CHECKSHADOW="false" +@@ -1895,16 +1911,6 @@ + fi + + dnl +-dnl Some systems put login_cap(3) in libutil +-dnl +-if test "$with_logincap" = "yes"; then +- case "$OS" in +- freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil" +- ;; +- esac +-fi +- +-dnl + dnl PAM support. Systems that might support PAM set with_pam=maybe + dnl and we do that actual tests here. + dnl diff --git a/security/sudo/patches/patch-ag b/security/sudo/patches/patch-ag index 959891baf90..51c05291204 100644 --- a/security/sudo/patches/patch-ag +++ b/security/sudo/patches/patch-ag @@ -1,16 +1,52 @@ -$NetBSD: patch-ag,v 1.6 2005/10/10 17:48:10 joerg Exp $ +/* $NetBSD: patch-ag,v 1.7 2007/07/23 16:38:36 tls Exp $ */ ---- configure.orig 2004-11-26 21:04:30.000000000 +0100 -+++ configure 2005-05-10 21:38:19.000000000 +0200 -@@ -1051,6 +1051,7 @@ +--- configure.orig 2007-07-16 22:47:55.000000000 -0400 ++++ configure 2007-07-23 11:16:44.000000000 -0400 +@@ -561,7 +561,7 @@ + *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;; + *) ac_optarg=yes ;; + esac +- eval enable_$ac_feature='$ac_optarg' ;; ++ eval "enable_$ac_feature='$ac_optarg'" ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ +@@ -743,7 +743,7 @@ + *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;; + *) ac_optarg=yes ;; + esac +- eval with_$ac_package='$ac_optarg' ;; ++ eval "with_$ac_package='$ac_optarg'" ;; + + -without-* | --without-*) + ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'` +@@ -968,7 +968,7 @@ + --sbindir=DIR system admin executables [EPREFIX/sbin] + --libexecdir=DIR program executables [EPREFIX/libexec] + --datadir=DIR read-only architecture-independent data [PREFIX/share] +- --sysconfdir=DIR read-only single-machine data [/etc] ++ --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --libdir=DIR object code libraries [EPREFIX/lib] +@@ -1032,6 +1032,7 @@ --with-devel add development options --with-efence link with -lefence for malloc() debugging --with-csops add CSOps standard options + --with-nbsdops add NetBSD standard options --without-passwd don't use passwd/shadow file for authentication - --with-skey=DIR enable S/Key support - --with-opie=DIR enable OPIE support -@@ -1622,7 +1623,6 @@ + --with-skey=DIR enable S/Key support + --with-opie=DIR enable OPIE support +@@ -1310,7 +1311,7 @@ + -* ) ac_must_keep_next=true ;; + esac + fi +- ac_configure_args="$ac_configure_args$ac_sep\"$ac_arg\"" ++ ac_configure_args="$ac_configure_args$ac_sep'$ac_arg'" + # Get rid of the leading space. + ac_sep=" " + ;; +@@ -1634,7 +1635,6 @@ test "$mandir" = '${prefix}/man' && mandir='$(prefix)/man' test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin' test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin' @@ -18,7 +54,7 @@ $NetBSD: patch-ag,v 1.6 2005/10/10 17:48:10 joerg Exp $ -@@ -1820,6 +1820,22 @@ +@@ -1826,6 +1826,23 @@ fi; @@ -38,183 +74,315 @@ $NetBSD: patch-ag,v 1.6 2005/10/10 17:48:10 joerg Exp $ +esac +fi; + ++ # Check whether --with-passwd or --without-passwd was given. if test "${with_passwd+set}" = set; then withval="$with_passwd" -@@ -5228,7 +5244,7 @@ - lt_cv_deplibs_check_method=pass_all - ;; - --freebsd*) -+freebsd*|dragonfly*) - if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then - case $host_cpu in - i*86 ) -@@ -8440,7 +8456,7 @@ - ;; - - # FreeBSD 3 and greater uses gcc -shared to do shared libraries. -- freebsd*) -+ dragonfly*|freebsd*) - archive_cmds='$CC -shared -o $lib $libobjs $deplibs $compiler_flags' - hardcode_libdir_flag_spec='-R$libdir' - hardcode_direct=yes -@@ -9071,11 +9087,11 @@ - dynamic_linker=no - ;; +@@ -7066,7 +7083,7 @@ + lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 + lt_status=$lt_dlunknown + cat > conftest.$ac_ext <<_LT_EOF +-#line 7069 "configure" ++#line 7086 "configure" + #include "confdefs.h" --freebsd*) -+dragonfly*|freebsd*) - objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout` - version_type=freebsd-$objformat - case $version_type in -- freebsd-elf*) -+ dragonfly*|freebsd-elf*) - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' - ;; - freebsd-*) -@@ -11205,7 +11221,7 @@ - freebsd-elf*) - archive_cmds_need_lc_CXX=no - ;; -- freebsd*) -+ dragonfly*|freebsd*) - # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF - # conventions - ld_shlibs_CXX=yes -@@ -12576,11 +12592,11 @@ - dynamic_linker=no - ;; - --freebsd*) -+dragonfly*|freebsd*) - objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout` - version_type=freebsd-$objformat - case $version_type in -- freebsd-elf*) -+ dragonfly*|freebsd-elf*) - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' - ;; - freebsd-*) -@@ -14890,7 +14906,7 @@ - ;; - - # FreeBSD 3 and greater uses gcc -shared to do shared libraries. -- freebsd*) -+ dragonfly*|freebsd*) - archive_cmds_F77='$CC -shared -o $lib $libobjs $deplibs $compiler_flags' - hardcode_libdir_flag_spec_F77='-R$libdir' - hardcode_direct_F77=yes -@@ -15521,11 +15537,11 @@ - dynamic_linker=no - ;; - --freebsd*) -+dragonfly*|freebsd*) - objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout` - version_type=freebsd-$objformat - case $version_type in -- freebsd-elf*) -+ dragonfly*|freebsd-elf*) - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' - ;; - freebsd-*) -@@ -17123,7 +17139,7 @@ - ;; + #if HAVE_DLFCN_H +@@ -7164,7 +7181,7 @@ + lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 + lt_status=$lt_dlunknown + cat > conftest.$ac_ext <<_LT_EOF +-#line 7167 "configure" ++#line 7184 "configure" + #include "confdefs.h" - # FreeBSD 3 and greater uses gcc -shared to do shared libraries. -- freebsd*) -+ dragonfly*|freebsd*) - archive_cmds_GCJ='$CC -shared -o $lib $libobjs $deplibs $compiler_flags' - hardcode_libdir_flag_spec_GCJ='-R$libdir' - hardcode_direct_GCJ=yes -@@ -17754,11 +17770,11 @@ - dynamic_linker=no + #if HAVE_DLFCN_H +@@ -7313,7 +7330,7 @@ ;; + *-*-irix6*) + # Find out which ABI we are using. +- $ECHO '#line 7316 "configure"' > conftest.$ac_ext ++ $ECHO '#line 7333 "configure"' > conftest.$ac_ext + if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? +@@ -7964,11 +7981,11 @@ + -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` +- (eval echo "\"\$as_me:7967: $lt_compile\"" >&5) ++ (eval echo "\"\$as_me:7984: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 +- echo "$as_me:7971: \$? = $ac_status" >&5 ++ echo "$as_me:7988: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings +@@ -8239,11 +8256,11 @@ + -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` +- (eval echo "\"\$as_me:8242: $lt_compile\"" >&5) ++ (eval echo "\"\$as_me:8259: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 +- echo "$as_me:8246: \$? = $ac_status" >&5 ++ echo "$as_me:8263: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings +@@ -8336,11 +8353,11 @@ + -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` +- (eval echo "\"\$as_me:8339: $lt_compile\"" >&5) ++ (eval echo "\"\$as_me:8356: $lt_compile\"" >&5) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&5 +- echo "$as_me:8343: \$? = $ac_status" >&5 ++ echo "$as_me:8360: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized +@@ -8390,11 +8407,11 @@ + -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` +- (eval echo "\"\$as_me:8393: $lt_compile\"" >&5) ++ (eval echo "\"\$as_me:8410: $lt_compile\"" >&5) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&5 +- echo "$as_me:8397: \$? = $ac_status" >&5 ++ echo "$as_me:8414: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized +@@ -11372,7 +11389,7 @@ --freebsd*) -+dragonfly*|freebsd*) - objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout` - version_type=freebsd-$objformat - case $version_type in -- freebsd-elf*) -+ dragonfly*|freebsd-elf*) - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' - ;; - freebsd-*) -@@ -21737,7 +21753,7 @@ - esac fi ;; - *-*-freebsd*) + *-*-freebsd*|*-*-dragonfly*) # FreeBSD has a real setreuid(2) starting with 2.1 and # backported to 2.0.5. We just take 2.1 and above... - case "`echo $host_os | sed 's/^freebsd\([0-9\.]*\).*$/\1/'`" in -@@ -29049,6 +29065,58 @@ - _ACEOF - - SUDO_LIBS="${SUDO_LIBS} -lkrb5 -ldes -lcom_err -lasn1" -+ echo "$as_me:$LINENO: checking for main in -lcrypto" >&5 -+echo $ECHO_N "checking for main in -lcrypto... $ECHO_C" >&6 -+if test "${ac_cv_lib_crypto_main+set}" = set; then -+ echo $ECHO_N "(cached) $ECHO_C" >&6 -+else -+ ac_check_lib_save_LIBS=$LIBS -+LIBS="-lcrypto $LIBS" -+cat >conftest.$ac_ext <<_ACEOF -+#line $LINENO "configure" -+/* confdefs.h. */ -+_ACEOF -+cat confdefs.h >>conftest.$ac_ext -+cat >>conftest.$ac_ext <<_ACEOF -+/* end confdefs.h. */ -+ -+ -+int -+main () -+{ -+main (); -+ ; -+ return 0; -+} -+_ACEOF -+rm -f conftest.$ac_objext conftest$ac_exeext -+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 -+ (eval $ac_link) 2>&5 -+ ac_status=$? -+ echo "$as_me:$LINENO: \$? = $ac_status" >&5 -+ (exit $ac_status); } && -+ { ac_try='test -s conftest$ac_exeext' -+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 -+ (eval $ac_try) 2>&5 -+ ac_status=$? -+ echo "$as_me:$LINENO: \$? = $ac_status" >&5 -+ (exit $ac_status); }; }; then -+ ac_cv_lib_crypto_main=yes -+else -+ echo "$as_me: failed program was:" >&5 -+sed 's/^/| /' conftest.$ac_ext >&5 -+ -+ac_cv_lib_crypto_main=no -+fi -+rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext -+LIBS=$ac_check_lib_save_LIBS -+fi -+echo "$as_me:$LINENO: result: $ac_cv_lib_crypto_main" >&5 -+echo "${ECHO_T}$ac_cv_lib_crypto_main" >&6 -+if test $ac_cv_lib_crypto_main = yes; then -+ SUDO_LIBS="${SUDO_LIBS} -lcrypto" -+fi -+ - echo "$as_me:$LINENO: checking for main in -lroken" >&5 - echo $ECHO_N "checking for main in -lroken... $ECHO_C" >&6 - if test "${ac_cv_lib_roken_main+set}" = set; then -@@ -29101,7 +29169,6 @@ - SUDO_LIBS="${SUDO_LIBS} -lroken" + case "$OSREV" in +@@ -11388,6 +11405,8 @@ + fi + : ${with_pam='maybe'} + : ${with_logincap='maybe'} ++ # We really want libutil. ++ SUDO_LIBS="${SUDO_LIBS} -lutil" + ;; + *-*-*openbsd*) + # OpenBSD has a real setreuid(2) starting with 3.3 but +@@ -11420,10 +11439,12 @@ + fi + : ${with_logincap='maybe'} + : ${with_pam='maybe'} ++ # We really want libutil. ++ SUDO_LIBS="${SUDO_LIBS} -lutil" + ;; + *-*-dragonfly*) + if test "$with_skey" = "yes"; then +- SUDO_LIBS="${SUDO_LIBS} -lmd" ++ SUDO_LIBS="${SUDO_LIBS} -lutil -lmd" + fi + if test "$CHECKSHADOW" = "true"; then + CHECKSHADOW="false" +@@ -17731,7 +17752,7 @@ + echo "$as_me: WARNING: unable to find socket() trying -lsocket -lnsl" >&2;} + echo "$as_me:$LINENO: checking for socket in -lsocket" >&5 + echo $ECHO_N "checking for socket in -lsocket... $ECHO_C" >&6 +-if test "${ac_cv_lib_socket_socket_lnsl+set}" = set; then ++if test "${ac_cv_lib_socket_socket+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 + else + ac_check_lib_save_LIBS=$LIBS +@@ -17780,20 +17801,20 @@ + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then +- ac_cv_lib_socket_socket_lnsl=yes ++ ac_cv_lib_socket_socket=yes + else + echo "$as_me: failed program was:" >&5 + sed 's/^/| /' conftest.$ac_ext >&5 + +-ac_cv_lib_socket_socket_lnsl=no ++ac_cv_lib_socket_socket=no + fi + rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS=$ac_check_lib_save_LIBS + fi +-echo "$as_me:$LINENO: result: $ac_cv_lib_socket_socket_lnsl" >&5 +-echo "${ECHO_T}$ac_cv_lib_socket_socket_lnsl" >&6 +-if test $ac_cv_lib_socket_socket_lnsl = yes; then ++echo "$as_me:$LINENO: result: $ac_cv_lib_socket_socket" >&5 ++echo "${ECHO_T}$ac_cv_lib_socket_socket" >&6 ++if test $ac_cv_lib_socket_socket = yes; then + NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl" fi +@@ -18127,7 +18148,7 @@ + echo "$as_me: WARNING: unable to find inet_addr() trying -lsocket -lnsl" >&2;} + echo "$as_me:$LINENO: checking for inet_addr in -lsocket" >&5 + echo $ECHO_N "checking for inet_addr in -lsocket... $ECHO_C" >&6 +-if test "${ac_cv_lib_socket_inet_addr_lnsl+set}" = set; then ++if test "${ac_cv_lib_socket_inet_addr+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 + else + ac_check_lib_save_LIBS=$LIBS +@@ -18176,20 +18197,20 @@ + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then +- ac_cv_lib_socket_inet_addr_lnsl=yes ++ ac_cv_lib_socket_inet_addr=yes + else + echo "$as_me: failed program was:" >&5 + sed 's/^/| /' conftest.$ac_ext >&5 + +-ac_cv_lib_socket_inet_addr_lnsl=no ++ac_cv_lib_socket_inet_addr=no + fi + rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS=$ac_check_lib_save_LIBS + fi +-echo "$as_me:$LINENO: result: $ac_cv_lib_socket_inet_addr_lnsl" >&5 +-echo "${ECHO_T}$ac_cv_lib_socket_inet_addr_lnsl" >&6 +-if test $ac_cv_lib_socket_inet_addr_lnsl = yes; then ++echo "$as_me:$LINENO: result: $ac_cv_lib_socket_inet_addr" >&5 ++echo "${ECHO_T}$ac_cv_lib_socket_inet_addr" >&6 ++if test $ac_cv_lib_socket_inet_addr = yes; then + NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl" + fi + +@@ -19511,10 +19532,9 @@ + + fi + rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +- as_ac_Lib=`echo "ac_cv_lib_krb_main$K4LIBS" | $as_tr_sh` +-echo "$as_me:$LINENO: checking for main in -lkrb" >&5 ++ echo "$as_me:$LINENO: checking for main in -lkrb" >&5 + echo $ECHO_N "checking for main in -lkrb... $ECHO_C" >&6 +-if eval "test \"\${$as_ac_Lib+set}\" = set"; then ++if test "${ac_cv_lib_krb_main+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 + else + ac_check_lib_save_LIBS=$LIBS +@@ -19557,27 +19577,26 @@ + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then +- eval "$as_ac_Lib=yes" ++ ac_cv_lib_krb_main=yes + else + echo "$as_me: failed program was:" >&5 + sed 's/^/| /' conftest.$ac_ext >&5 + +-eval "$as_ac_Lib=no" ++ac_cv_lib_krb_main=no + fi + rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS=$ac_check_lib_save_LIBS + fi +-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Lib'}'`" >&5 +-echo "${ECHO_T}`eval echo '${'$as_ac_Lib'}'`" >&6 +-if test `eval echo '${'$as_ac_Lib'}'` = yes; then ++echo "$as_me:$LINENO: result: $ac_cv_lib_krb_main" >&5 ++echo "${ECHO_T}$ac_cv_lib_krb_main" >&6 ++if test $ac_cv_lib_krb_main = yes; then + K4LIBS="-lkrb $K4LIBS" + else + +- as_ac_Lib=`echo "ac_cv_lib_krb4_main$K4LIBS" | $as_tr_sh` +-echo "$as_me:$LINENO: checking for main in -lkrb4" >&5 ++ echo "$as_me:$LINENO: checking for main in -lkrb4" >&5 + echo $ECHO_N "checking for main in -lkrb4... $ECHO_C" >&6 +-if eval "test \"\${$as_ac_Lib+set}\" = set"; then ++if test "${ac_cv_lib_krb4_main+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 + else + ac_check_lib_save_LIBS=$LIBS +@@ -19620,20 +19639,20 @@ + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then +- eval "$as_ac_Lib=yes" ++ ac_cv_lib_krb4_main=yes + else + echo "$as_me: failed program was:" >&5 + sed 's/^/| /' conftest.$ac_ext >&5 + +-eval "$as_ac_Lib=no" ++ac_cv_lib_krb4_main=no + fi + rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS=$ac_check_lib_save_LIBS + fi +-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Lib'}'`" >&5 +-echo "${ECHO_T}`eval echo '${'$as_ac_Lib'}'`" >&6 +-if test `eval echo '${'$as_ac_Lib'}'` = yes; then ++echo "$as_me:$LINENO: result: $ac_cv_lib_krb4_main" >&5 ++echo "${ECHO_T}$ac_cv_lib_krb4_main" >&6 ++if test $ac_cv_lib_krb4_main = yes; then + K4LIBS="-lkrb4 $K4LIBS" + else + K4LIBS="-lkrb $K4LIBS" +@@ -20102,13 +20121,6 @@ + LIBS="$_LIBS" + fi + +-if test "$with_logincap" = "yes"; then +- case "$OS" in +- freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil" +- ;; +- esac +-fi - + if test ${with_pam-'no'} != "no"; then + echo "$as_me:$LINENO: checking for main in -ldl" >&5 + echo $ECHO_N "checking for main in -ldl... $ECHO_C" >&6 +@@ -21724,7 +21736,7 @@ + # + echo "$as_me:$LINENO: checking for SD_Init in -laceclnt" >&5 + echo $ECHO_N "checking for SD_Init in -laceclnt... $ECHO_C" >&6 +-if test "${ac_cv_lib_aceclnt_SD_Init_______lpthread_______+set}" = set; then ++if test "${ac_cv_lib_aceclnt_SD_Init+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 + else + ac_check_lib_save_LIBS=$LIBS +@@ -21776,20 +21788,20 @@ + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then +- ac_cv_lib_aceclnt_SD_Init_______lpthread_______=yes ++ ac_cv_lib_aceclnt_SD_Init=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 + +-ac_cv_lib_aceclnt_SD_Init_______lpthread_______=no ++ac_cv_lib_aceclnt_SD_Init=no + fi + rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS=$ac_check_lib_save_LIBS + fi +-echo "$as_me:$LINENO: result: $ac_cv_lib_aceclnt_SD_Init_______lpthread_______" >&5 +-echo "${ECHO_T}$ac_cv_lib_aceclnt_SD_Init_______lpthread_______" >&6 +-if test $ac_cv_lib_aceclnt_SD_Init_______lpthread_______ = yes; then ++echo "$as_me:$LINENO: result: $ac_cv_lib_aceclnt_SD_Init" >&5 ++echo "${ECHO_T}$ac_cv_lib_aceclnt_SD_Init" >&6 ++if test $ac_cv_lib_aceclnt_SD_Init = yes; then + + + if test X"$AUTH_EXCL" != X""; then diff --git a/security/sudo/patches/patch-ah b/security/sudo/patches/patch-ah deleted file mode 100644 index 295715eb687..00000000000 --- a/security/sudo/patches/patch-ah +++ /dev/null @@ -1,31 +0,0 @@ -$NetBSD: patch-ah,v 1.5 2007/06/25 09:53:42 tls Exp $ - ---- env.c.orig 2005-11-08 13:21:33.000000000 -0500 -+++ env.c 2007-06-25 04:44:24.000000000 -0400 -@@ -105,14 +105,14 @@ - #ifdef __APPLE__ - "DYLD_*", - #endif --#ifdef HAVE_KERB4 -+#if defined(HAVE_KERB4) || defined(HAVE_KERB5) - "KRB_CONF*", - "KRBCONFDIR", - "KRBTKFILE", --#endif /* HAVE_KERB4 */ --#ifdef HAVE_KERB5 - "KRB5_CONFIG*", --#endif /* HAVE_KERB5 */ -+ "KRB5_KTNAME", -+ "KRB5CCNAME", -+#endif /* HAVE_KERB4 || HAVE_KERB5 */ - #ifdef HAVE_SECURID - "VAR_ACE", - "USR_ACE", -@@ -130,6 +130,7 @@ - "PERLLIB", - "PERL5LIB", - "PERL5OPT", -+ "PYTHONINSPECT", - NULL - }; - diff --git a/security/sudo/patches/patch-ai b/security/sudo/patches/patch-ai deleted file mode 100644 index c46ba75e8af..00000000000 --- a/security/sudo/patches/patch-ai +++ /dev/null @@ -1,27 +0,0 @@ -$NetBSD: patch-ai,v 1.2 2007/07/02 06:04:03 tls Exp $ - ---- auth/kerb5.c.orig 2005-03-29 23:38:36.000000000 -0500 -+++ auth/kerb5.c 2007-07-02 01:44:01.000000000 -0400 -@@ -57,7 +57,7 @@ - #ifdef HAVE_HEIMDAL - # define extract_name(c, p) krb5_principal_get_comp_string(c, p, 1) - # define krb5_free_data_contents(c, d) krb5_data_free(d) --# define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 /* XXX */ -+# define ENCTYPE_DES_CBC_MD5 0 /* 0 is wildcard */ - #else - # define extract_name(c, p) (krb5_princ_component(c, p, 1)->data) - #endif -@@ -269,12 +269,11 @@ - * and enctype is currently ignored anyhow.) - */ - if ((error = krb5_kt_read_service_key(sudo_context, NULL, princ, 0, -- ENCTYPE_DES_CBC_MD5, &keyblock))) { -+ 0, &keyblock))) { - /* Keytab or service key does not exist. */ - log_error(NO_EXIT, - "%s: host service key not found: %s", auth_name, - error_message(error)); -- error = 0; - goto cleanup; - } - if (keyblock) |