summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authortls <tls>2007-07-23 16:38:36 +0000
committertls <tls>2007-07-23 16:38:36 +0000
commitf0327aa83c5570278ac1c464b88339f04a4aeb4a (patch)
tree24bd4f4e4c192d30ae38500df8f930071c8935e1 /security
parentfd9d8a621e44fd588c497c1cb094cc6487198516 (diff)
downloadpkgsrc-f0327aa83c5570278ac1c464b88339f04a4aeb4a.tar.gz
Update sudo to 1.6.9. We don't take the new default of PAM and no other
authentication; that can be enabled by adding pam to the package options if users desire.
Diffstat (limited to 'security')
-rw-r--r--security/sudo/Makefile7
-rw-r--r--security/sudo/distinfo17
-rw-r--r--security/sudo/options.mk4
-rw-r--r--security/sudo/patches/patch-aa14
-rw-r--r--security/sudo/patches/patch-af64
-rw-r--r--security/sudo/patches/patch-ag506
-rw-r--r--security/sudo/patches/patch-ah31
-rw-r--r--security/sudo/patches/patch-ai27
8 files changed, 406 insertions, 264 deletions
diff --git a/security/sudo/Makefile b/security/sudo/Makefile
index 103134a8296..5edfde5df08 100644
--- a/security/sudo/Makefile
+++ b/security/sudo/Makefile
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.92 2007/07/04 20:37:50 jlam Exp $
+# $NetBSD: Makefile,v 1.93 2007/07/23 16:38:36 tls Exp $
#
-DISTNAME= sudo-1.6.8p12
-PKGNAME= sudo-1.6.8pl12
-PKGREVISION= 5
+DISTNAME= sudo-1.6.9
+PKGNAME= sudo-1.6.9
CATEGORIES= security
MASTER_SITES= http://www.courtesan.com/sudo/dist/ \
ftp://ftp.courtesan.com/pub/sudo/ \
diff --git a/security/sudo/distinfo b/security/sudo/distinfo
index a452351b3f5..619542dab40 100644
--- a/security/sudo/distinfo
+++ b/security/sudo/distinfo
@@ -1,10 +1,9 @@
-$NetBSD: distinfo,v 1.37 2007/07/02 06:04:02 tls Exp $
+$NetBSD: distinfo,v 1.38 2007/07/23 16:38:36 tls Exp $
-SHA1 (sudo-1.6.8p12.tar.gz) = a79631e9e1c0d0d3f2aa88ae685628e5fde61982
-RMD160 (sudo-1.6.8p12.tar.gz) = d7ff9f18ca0973615258c2e975300b94567451d5
-Size (sudo-1.6.8p12.tar.gz) = 585643 bytes
-SHA1 (patch-aa) = 02837d457786a4966c3a683918e0d592aaa32d2d
-SHA1 (patch-af) = 245761812dc600b3d2752fa135ba367bb0223370
-SHA1 (patch-ag) = 87c3263674ec98ccc9cc33f2108a2456eddaecc5
-SHA1 (patch-ah) = 142a8884aebdc1cffc256c3ca0ee9addc34f8054
-SHA1 (patch-ai) = 13ae982ea999a24b8ddc9d643cd788db84e2cfbd
+SHA1 (sudo-1.6.9.tar.gz) = 42fa0c9836bdaedeb1a7344f24f7822e598760b5
+RMD160 (sudo-1.6.9.tar.gz) = 141688a479f3dd915075eae98de8f7dc1a5c63f4
+Size (sudo-1.6.9.tar.gz) = 557692 bytes
+
+SHA1 (patch-aa) = 98ca6552bc305aeeb726d48f1d722480f792a0ba
+SHA1 (patch-af) = e411f12789f9d5b5fda8b88af3730c89859f5eda
+SHA1 (patch-ag) = fc3dc05e119ca53117266e4f083acff2b9d9aea5
diff --git a/security/sudo/options.mk b/security/sudo/options.mk
index 95ccc9373b9..6fda4b382e8 100644
--- a/security/sudo/options.mk
+++ b/security/sudo/options.mk
@@ -1,4 +1,4 @@
-# $NetBSD: options.mk,v 1.11 2006/05/31 18:22:26 ghen Exp $
+# $NetBSD: options.mk,v 1.12 2007/07/23 16:38:36 tls Exp $
#
PKG_OPTIONS_VAR= PKG_OPTIONS.sudo
@@ -14,6 +14,8 @@ PKG_SUGGESTED_OPTIONS= skey
. include "../../mk/pam.buildlink3.mk"
DL_AUTO_VARS= yes
CONFIGURE_ARGS+= --with-pam
+.else
+CONFIGURE_ARGS+= --without-pam
.endif
.if !empty(PKG_OPTIONS:Mkerberos)
diff --git a/security/sudo/patches/patch-aa b/security/sudo/patches/patch-aa
index 95456c9243d..f3ac7796084 100644
--- a/security/sudo/patches/patch-aa
+++ b/security/sudo/patches/patch-aa
@@ -1,9 +1,9 @@
-$NetBSD: patch-aa,v 1.13 2007/06/26 15:05:50 jlam Exp $
+/* $NetBSD: patch-aa,v 1.14 2007/07/23 16:38:36 tls Exp $ */
---- Makefile.in.orig 2005-11-08 13:21:58.000000000 -0500
-+++ Makefile.in
-@@ -181,7 +181,7 @@ testsudoers: $(TESTOBJS) $(LIBOBJS)
- $(CC) -o $@ $(TESTOBJS) $(LIBOBJS) $(LDFLAGS) $(LIBS) $(NET_LIBS)
+--- Makefile.in.orig 2007-07-16 22:53:18.000000000 -0400
++++ Makefile.in 2007-07-23 05:50:01.000000000 -0400
+@@ -185,7 +185,7 @@
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_noexec.c
sudo_noexec.la: sudo_noexec.lo
- $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o $@ sudo_noexec.lo -avoid-version -rpath $(noexecdir)
@@ -11,7 +11,7 @@ $NetBSD: patch-aa,v 1.13 2007/06/26 15:05:50 jlam Exp $
# Uncomment the following if you want "make distclean" to clean the parser
@DEV@PARSESRCS = sudo.tab.h sudo.tab.c lex.yy.c def_data.c def_data.h
-@@ -292,20 +292,20 @@ sudoers.man:: sudoers.man.in
+@@ -300,20 +300,20 @@
sudoers.cat: sudoers.man
@@ -36,7 +36,7 @@ $NetBSD: patch-aa,v 1.13 2007/06/26 15:05:50 jlam Exp $
install-noexec: sudo_noexec.la
$(LIBTOOL) --mode=install $(INSTALL) sudo_noexec.la $(DESTDIR)$(noexecdir)
-@@ -315,15 +315,15 @@ bininst-noexec: sudo_noexec.la
+@@ -323,15 +323,15 @@
install-sudoers:
test -f $(DESTDIR)$(sudoersdir)/sudoers || \
diff --git a/security/sudo/patches/patch-af b/security/sudo/patches/patch-af
index 84dd5107252..59da8978adb 100644
--- a/security/sudo/patches/patch-af
+++ b/security/sudo/patches/patch-af
@@ -1,8 +1,8 @@
-$NetBSD: patch-af,v 1.14 2005/10/10 17:48:09 joerg Exp $
+/* $NetBSD: patch-af,v 1.15 2007/07/23 16:38:36 tls Exp $ */
---- configure.in.orig 2004-11-25 18:31:20.000000000 +0100
-+++ configure.in 2005-05-11 14:23:01.000000000 +0200
-@@ -118,7 +118,6 @@
+--- configure.in.orig 2007-07-16 22:51:21.000000000 -0400
++++ configure.in 2007-07-23 11:15:42.000000000 -0400
+@@ -123,7 +123,6 @@
test "$mandir" = '${prefix}/man' && mandir='$(prefix)/man'
test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
@@ -10,7 +10,7 @@ $NetBSD: patch-af,v 1.14 2005/10/10 17:48:09 joerg Exp $
dnl
dnl Deprecated --with options (these all warn or generate an error)
-@@ -244,6 +243,19 @@
+@@ -246,6 +245,19 @@
;;
esac])
@@ -30,20 +30,52 @@ $NetBSD: patch-af,v 1.14 2005/10/10 17:48:09 joerg Exp $
AC_ARG_WITH(passwd, [ --without-passwd don't use passwd/shadow file for authentication],
[case $with_passwd in
yes) ;;
-@@ -1513,7 +1525,7 @@
- esac
+@@ -1466,7 +1478,7 @@
+ AC_CHECK_FUNCS(auth_challenge, [with_bsdauth=maybe])
fi
;;
- *-*-freebsd*)
+ *-*-freebsd*|*-*-dragonfly*)
# FreeBSD has a real setreuid(2) starting with 2.1 and
# backported to 2.0.5. We just take 2.1 and above...
- case "`echo $host_os | sed 's/^freebsd\([[0-9\.]]*\).*$/\1/'`" in
-@@ -1894,6 +1906,7 @@
- AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_HEIMDAL)
- SUDO_LIBS="${SUDO_LIBS} -lkrb5 -ldes -lcom_err -lasn1"
-+ AC_CHECK_LIB(crypto, main, [SUDO_LIBS="${SUDO_LIBS} -lcrypto"])
- AC_CHECK_LIB(roken, main, [SUDO_LIBS="${SUDO_LIBS} -lroken"])
- ], [
- AC_MSG_RESULT(no)
+ case "$OSREV" in
+@@ -1482,6 +1494,8 @@
+ fi
+ : ${with_pam='maybe'}
+ : ${with_logincap='maybe'}
++ # We really want libutil.
++ SUDO_LIBS="${SUDO_LIBS} -lutil"
+ ;;
+ *-*-*openbsd*)
+ # OpenBSD has a real setreuid(2) starting with 3.3 but
+@@ -1515,10 +1529,12 @@
+ : ${with_logincap='maybe'}
+ dnl future versions of NetBSD (> 2.0) may include pam
+ : ${with_pam='maybe'}
++ # We really want libutil.
++ SUDO_LIBS="${SUDO_LIBS} -lutil"
+ ;;
+ *-*-dragonfly*)
+ if test "$with_skey" = "yes"; then
+- SUDO_LIBS="${SUDO_LIBS} -lmd"
++ SUDO_LIBS="${SUDO_LIBS} -lutil -lmd"
+ fi
+ if test "$CHECKSHADOW" = "true"; then
+ CHECKSHADOW="false"
+@@ -1895,16 +1911,6 @@
+ fi
+
+ dnl
+-dnl Some systems put login_cap(3) in libutil
+-dnl
+-if test "$with_logincap" = "yes"; then
+- case "$OS" in
+- freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil"
+- ;;
+- esac
+-fi
+-
+-dnl
+ dnl PAM support. Systems that might support PAM set with_pam=maybe
+ dnl and we do that actual tests here.
+ dnl
diff --git a/security/sudo/patches/patch-ag b/security/sudo/patches/patch-ag
index 959891baf90..51c05291204 100644
--- a/security/sudo/patches/patch-ag
+++ b/security/sudo/patches/patch-ag
@@ -1,16 +1,52 @@
-$NetBSD: patch-ag,v 1.6 2005/10/10 17:48:10 joerg Exp $
+/* $NetBSD: patch-ag,v 1.7 2007/07/23 16:38:36 tls Exp $ */
---- configure.orig 2004-11-26 21:04:30.000000000 +0100
-+++ configure 2005-05-10 21:38:19.000000000 +0200
-@@ -1051,6 +1051,7 @@
+--- configure.orig 2007-07-16 22:47:55.000000000 -0400
++++ configure 2007-07-23 11:16:44.000000000 -0400
+@@ -561,7 +561,7 @@
+ *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;;
+ *) ac_optarg=yes ;;
+ esac
+- eval enable_$ac_feature='$ac_optarg' ;;
++ eval "enable_$ac_feature='$ac_optarg'" ;;
+
+ -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+@@ -743,7 +743,7 @@
+ *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;;
+ *) ac_optarg=yes ;;
+ esac
+- eval with_$ac_package='$ac_optarg' ;;
++ eval "with_$ac_package='$ac_optarg'" ;;
+
+ -without-* | --without-*)
+ ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+@@ -968,7 +968,7 @@
+ --sbindir=DIR system admin executables [EPREFIX/sbin]
+ --libexecdir=DIR program executables [EPREFIX/libexec]
+ --datadir=DIR read-only architecture-independent data [PREFIX/share]
+- --sysconfdir=DIR read-only single-machine data [/etc]
++ --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
+ --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
+ --localstatedir=DIR modifiable single-machine data [PREFIX/var]
+ --libdir=DIR object code libraries [EPREFIX/lib]
+@@ -1032,6 +1032,7 @@
--with-devel add development options
--with-efence link with -lefence for malloc() debugging
--with-csops add CSOps standard options
+ --with-nbsdops add NetBSD standard options
--without-passwd don't use passwd/shadow file for authentication
- --with-skey=DIR enable S/Key support
- --with-opie=DIR enable OPIE support
-@@ -1622,7 +1623,6 @@
+ --with-skey=DIR enable S/Key support
+ --with-opie=DIR enable OPIE support
+@@ -1310,7 +1311,7 @@
+ -* ) ac_must_keep_next=true ;;
+ esac
+ fi
+- ac_configure_args="$ac_configure_args$ac_sep\"$ac_arg\""
++ ac_configure_args="$ac_configure_args$ac_sep'$ac_arg'"
+ # Get rid of the leading space.
+ ac_sep=" "
+ ;;
+@@ -1634,7 +1635,6 @@
test "$mandir" = '${prefix}/man' && mandir='$(prefix)/man'
test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
@@ -18,7 +54,7 @@ $NetBSD: patch-ag,v 1.6 2005/10/10 17:48:10 joerg Exp $
-@@ -1820,6 +1820,22 @@
+@@ -1826,6 +1826,23 @@
fi;
@@ -38,183 +74,315 @@ $NetBSD: patch-ag,v 1.6 2005/10/10 17:48:10 joerg Exp $
+esac
+fi;
+
++
# Check whether --with-passwd or --without-passwd was given.
if test "${with_passwd+set}" = set; then
withval="$with_passwd"
-@@ -5228,7 +5244,7 @@
- lt_cv_deplibs_check_method=pass_all
- ;;
-
--freebsd*)
-+freebsd*|dragonfly*)
- if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
- case $host_cpu in
- i*86 )
-@@ -8440,7 +8456,7 @@
- ;;
-
- # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
-- freebsd*)
-+ dragonfly*|freebsd*)
- archive_cmds='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
- hardcode_libdir_flag_spec='-R$libdir'
- hardcode_direct=yes
-@@ -9071,11 +9087,11 @@
- dynamic_linker=no
- ;;
+@@ -7066,7 +7083,7 @@
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<_LT_EOF
+-#line 7069 "configure"
++#line 7086 "configure"
+ #include "confdefs.h"
--freebsd*)
-+dragonfly*|freebsd*)
- objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout`
- version_type=freebsd-$objformat
- case $version_type in
-- freebsd-elf*)
-+ dragonfly*|freebsd-elf*)
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
- ;;
- freebsd-*)
-@@ -11205,7 +11221,7 @@
- freebsd-elf*)
- archive_cmds_need_lc_CXX=no
- ;;
-- freebsd*)
-+ dragonfly*|freebsd*)
- # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
- # conventions
- ld_shlibs_CXX=yes
-@@ -12576,11 +12592,11 @@
- dynamic_linker=no
- ;;
-
--freebsd*)
-+dragonfly*|freebsd*)
- objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout`
- version_type=freebsd-$objformat
- case $version_type in
-- freebsd-elf*)
-+ dragonfly*|freebsd-elf*)
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
- ;;
- freebsd-*)
-@@ -14890,7 +14906,7 @@
- ;;
-
- # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
-- freebsd*)
-+ dragonfly*|freebsd*)
- archive_cmds_F77='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
- hardcode_libdir_flag_spec_F77='-R$libdir'
- hardcode_direct_F77=yes
-@@ -15521,11 +15537,11 @@
- dynamic_linker=no
- ;;
-
--freebsd*)
-+dragonfly*|freebsd*)
- objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout`
- version_type=freebsd-$objformat
- case $version_type in
-- freebsd-elf*)
-+ dragonfly*|freebsd-elf*)
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
- ;;
- freebsd-*)
-@@ -17123,7 +17139,7 @@
- ;;
+ #if HAVE_DLFCN_H
+@@ -7164,7 +7181,7 @@
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<_LT_EOF
+-#line 7167 "configure"
++#line 7184 "configure"
+ #include "confdefs.h"
- # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
-- freebsd*)
-+ dragonfly*|freebsd*)
- archive_cmds_GCJ='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
- hardcode_libdir_flag_spec_GCJ='-R$libdir'
- hardcode_direct_GCJ=yes
-@@ -17754,11 +17770,11 @@
- dynamic_linker=no
+ #if HAVE_DLFCN_H
+@@ -7313,7 +7330,7 @@
;;
+ *-*-irix6*)
+ # Find out which ABI we are using.
+- $ECHO '#line 7316 "configure"' > conftest.$ac_ext
++ $ECHO '#line 7333 "configure"' > conftest.$ac_ext
+ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+@@ -7964,11 +7981,11 @@
+ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+- (eval echo "\"\$as_me:7967: $lt_compile\"" >&5)
++ (eval echo "\"\$as_me:7984: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+- echo "$as_me:7971: \$? = $ac_status" >&5
++ echo "$as_me:7988: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+@@ -8239,11 +8256,11 @@
+ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+- (eval echo "\"\$as_me:8242: $lt_compile\"" >&5)
++ (eval echo "\"\$as_me:8259: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+- echo "$as_me:8246: \$? = $ac_status" >&5
++ echo "$as_me:8263: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+@@ -8336,11 +8353,11 @@
+ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+- (eval echo "\"\$as_me:8339: $lt_compile\"" >&5)
++ (eval echo "\"\$as_me:8356: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&5
+- echo "$as_me:8343: \$? = $ac_status" >&5
++ echo "$as_me:8360: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+@@ -8390,11 +8407,11 @@
+ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+- (eval echo "\"\$as_me:8393: $lt_compile\"" >&5)
++ (eval echo "\"\$as_me:8410: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&5
+- echo "$as_me:8397: \$? = $ac_status" >&5
++ echo "$as_me:8414: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+@@ -11372,7 +11389,7 @@
--freebsd*)
-+dragonfly*|freebsd*)
- objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout`
- version_type=freebsd-$objformat
- case $version_type in
-- freebsd-elf*)
-+ dragonfly*|freebsd-elf*)
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
- ;;
- freebsd-*)
-@@ -21737,7 +21753,7 @@
- esac
fi
;;
- *-*-freebsd*)
+ *-*-freebsd*|*-*-dragonfly*)
# FreeBSD has a real setreuid(2) starting with 2.1 and
# backported to 2.0.5. We just take 2.1 and above...
- case "`echo $host_os | sed 's/^freebsd\([0-9\.]*\).*$/\1/'`" in
-@@ -29049,6 +29065,58 @@
- _ACEOF
-
- SUDO_LIBS="${SUDO_LIBS} -lkrb5 -ldes -lcom_err -lasn1"
-+ echo "$as_me:$LINENO: checking for main in -lcrypto" >&5
-+echo $ECHO_N "checking for main in -lcrypto... $ECHO_C" >&6
-+if test "${ac_cv_lib_crypto_main+set}" = set; then
-+ echo $ECHO_N "(cached) $ECHO_C" >&6
-+else
-+ ac_check_lib_save_LIBS=$LIBS
-+LIBS="-lcrypto $LIBS"
-+cat >conftest.$ac_ext <<_ACEOF
-+#line $LINENO "configure"
-+/* confdefs.h. */
-+_ACEOF
-+cat confdefs.h >>conftest.$ac_ext
-+cat >>conftest.$ac_ext <<_ACEOF
-+/* end confdefs.h. */
-+
-+
-+int
-+main ()
-+{
-+main ();
-+ ;
-+ return 0;
-+}
-+_ACEOF
-+rm -f conftest.$ac_objext conftest$ac_exeext
-+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-+ (eval $ac_link) 2>&5
-+ ac_status=$?
-+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
-+ (exit $ac_status); } &&
-+ { ac_try='test -s conftest$ac_exeext'
-+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-+ (eval $ac_try) 2>&5
-+ ac_status=$?
-+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
-+ (exit $ac_status); }; }; then
-+ ac_cv_lib_crypto_main=yes
-+else
-+ echo "$as_me: failed program was:" >&5
-+sed 's/^/| /' conftest.$ac_ext >&5
-+
-+ac_cv_lib_crypto_main=no
-+fi
-+rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-+LIBS=$ac_check_lib_save_LIBS
-+fi
-+echo "$as_me:$LINENO: result: $ac_cv_lib_crypto_main" >&5
-+echo "${ECHO_T}$ac_cv_lib_crypto_main" >&6
-+if test $ac_cv_lib_crypto_main = yes; then
-+ SUDO_LIBS="${SUDO_LIBS} -lcrypto"
-+fi
-+
- echo "$as_me:$LINENO: checking for main in -lroken" >&5
- echo $ECHO_N "checking for main in -lroken... $ECHO_C" >&6
- if test "${ac_cv_lib_roken_main+set}" = set; then
-@@ -29101,7 +29169,6 @@
- SUDO_LIBS="${SUDO_LIBS} -lroken"
+ case "$OSREV" in
+@@ -11388,6 +11405,8 @@
+ fi
+ : ${with_pam='maybe'}
+ : ${with_logincap='maybe'}
++ # We really want libutil.
++ SUDO_LIBS="${SUDO_LIBS} -lutil"
+ ;;
+ *-*-*openbsd*)
+ # OpenBSD has a real setreuid(2) starting with 3.3 but
+@@ -11420,10 +11439,12 @@
+ fi
+ : ${with_logincap='maybe'}
+ : ${with_pam='maybe'}
++ # We really want libutil.
++ SUDO_LIBS="${SUDO_LIBS} -lutil"
+ ;;
+ *-*-dragonfly*)
+ if test "$with_skey" = "yes"; then
+- SUDO_LIBS="${SUDO_LIBS} -lmd"
++ SUDO_LIBS="${SUDO_LIBS} -lutil -lmd"
+ fi
+ if test "$CHECKSHADOW" = "true"; then
+ CHECKSHADOW="false"
+@@ -17731,7 +17752,7 @@
+ echo "$as_me: WARNING: unable to find socket() trying -lsocket -lnsl" >&2;}
+ echo "$as_me:$LINENO: checking for socket in -lsocket" >&5
+ echo $ECHO_N "checking for socket in -lsocket... $ECHO_C" >&6
+-if test "${ac_cv_lib_socket_socket_lnsl+set}" = set; then
++if test "${ac_cv_lib_socket_socket+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+ else
+ ac_check_lib_save_LIBS=$LIBS
+@@ -17780,20 +17801,20 @@
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+- ac_cv_lib_socket_socket_lnsl=yes
++ ac_cv_lib_socket_socket=yes
+ else
+ echo "$as_me: failed program was:" >&5
+ sed 's/^/| /' conftest.$ac_ext >&5
+
+-ac_cv_lib_socket_socket_lnsl=no
++ac_cv_lib_socket_socket=no
+ fi
+ rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS=$ac_check_lib_save_LIBS
+ fi
+-echo "$as_me:$LINENO: result: $ac_cv_lib_socket_socket_lnsl" >&5
+-echo "${ECHO_T}$ac_cv_lib_socket_socket_lnsl" >&6
+-if test $ac_cv_lib_socket_socket_lnsl = yes; then
++echo "$as_me:$LINENO: result: $ac_cv_lib_socket_socket" >&5
++echo "${ECHO_T}$ac_cv_lib_socket_socket" >&6
++if test $ac_cv_lib_socket_socket = yes; then
+ NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"
fi
+@@ -18127,7 +18148,7 @@
+ echo "$as_me: WARNING: unable to find inet_addr() trying -lsocket -lnsl" >&2;}
+ echo "$as_me:$LINENO: checking for inet_addr in -lsocket" >&5
+ echo $ECHO_N "checking for inet_addr in -lsocket... $ECHO_C" >&6
+-if test "${ac_cv_lib_socket_inet_addr_lnsl+set}" = set; then
++if test "${ac_cv_lib_socket_inet_addr+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+ else
+ ac_check_lib_save_LIBS=$LIBS
+@@ -18176,20 +18197,20 @@
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+- ac_cv_lib_socket_inet_addr_lnsl=yes
++ ac_cv_lib_socket_inet_addr=yes
+ else
+ echo "$as_me: failed program was:" >&5
+ sed 's/^/| /' conftest.$ac_ext >&5
+
+-ac_cv_lib_socket_inet_addr_lnsl=no
++ac_cv_lib_socket_inet_addr=no
+ fi
+ rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS=$ac_check_lib_save_LIBS
+ fi
+-echo "$as_me:$LINENO: result: $ac_cv_lib_socket_inet_addr_lnsl" >&5
+-echo "${ECHO_T}$ac_cv_lib_socket_inet_addr_lnsl" >&6
+-if test $ac_cv_lib_socket_inet_addr_lnsl = yes; then
++echo "$as_me:$LINENO: result: $ac_cv_lib_socket_inet_addr" >&5
++echo "${ECHO_T}$ac_cv_lib_socket_inet_addr" >&6
++if test $ac_cv_lib_socket_inet_addr = yes; then
+ NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"
+ fi
+
+@@ -19511,10 +19532,9 @@
+
+ fi
+ rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+- as_ac_Lib=`echo "ac_cv_lib_krb_main$K4LIBS" | $as_tr_sh`
+-echo "$as_me:$LINENO: checking for main in -lkrb" >&5
++ echo "$as_me:$LINENO: checking for main in -lkrb" >&5
+ echo $ECHO_N "checking for main in -lkrb... $ECHO_C" >&6
+-if eval "test \"\${$as_ac_Lib+set}\" = set"; then
++if test "${ac_cv_lib_krb_main+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+ else
+ ac_check_lib_save_LIBS=$LIBS
+@@ -19557,27 +19577,26 @@
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+- eval "$as_ac_Lib=yes"
++ ac_cv_lib_krb_main=yes
+ else
+ echo "$as_me: failed program was:" >&5
+ sed 's/^/| /' conftest.$ac_ext >&5
+
+-eval "$as_ac_Lib=no"
++ac_cv_lib_krb_main=no
+ fi
+ rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS=$ac_check_lib_save_LIBS
+ fi
+-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Lib'}'`" >&5
+-echo "${ECHO_T}`eval echo '${'$as_ac_Lib'}'`" >&6
+-if test `eval echo '${'$as_ac_Lib'}'` = yes; then
++echo "$as_me:$LINENO: result: $ac_cv_lib_krb_main" >&5
++echo "${ECHO_T}$ac_cv_lib_krb_main" >&6
++if test $ac_cv_lib_krb_main = yes; then
+ K4LIBS="-lkrb $K4LIBS"
+ else
+
+- as_ac_Lib=`echo "ac_cv_lib_krb4_main$K4LIBS" | $as_tr_sh`
+-echo "$as_me:$LINENO: checking for main in -lkrb4" >&5
++ echo "$as_me:$LINENO: checking for main in -lkrb4" >&5
+ echo $ECHO_N "checking for main in -lkrb4... $ECHO_C" >&6
+-if eval "test \"\${$as_ac_Lib+set}\" = set"; then
++if test "${ac_cv_lib_krb4_main+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+ else
+ ac_check_lib_save_LIBS=$LIBS
+@@ -19620,20 +19639,20 @@
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+- eval "$as_ac_Lib=yes"
++ ac_cv_lib_krb4_main=yes
+ else
+ echo "$as_me: failed program was:" >&5
+ sed 's/^/| /' conftest.$ac_ext >&5
+
+-eval "$as_ac_Lib=no"
++ac_cv_lib_krb4_main=no
+ fi
+ rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS=$ac_check_lib_save_LIBS
+ fi
+-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Lib'}'`" >&5
+-echo "${ECHO_T}`eval echo '${'$as_ac_Lib'}'`" >&6
+-if test `eval echo '${'$as_ac_Lib'}'` = yes; then
++echo "$as_me:$LINENO: result: $ac_cv_lib_krb4_main" >&5
++echo "${ECHO_T}$ac_cv_lib_krb4_main" >&6
++if test $ac_cv_lib_krb4_main = yes; then
+ K4LIBS="-lkrb4 $K4LIBS"
+ else
+ K4LIBS="-lkrb $K4LIBS"
+@@ -20102,13 +20121,6 @@
+ LIBS="$_LIBS"
+ fi
+
+-if test "$with_logincap" = "yes"; then
+- case "$OS" in
+- freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil"
+- ;;
+- esac
+-fi
-
+ if test ${with_pam-'no'} != "no"; then
+ echo "$as_me:$LINENO: checking for main in -ldl" >&5
+ echo $ECHO_N "checking for main in -ldl... $ECHO_C" >&6
+@@ -21724,7 +21736,7 @@
+ #
+ echo "$as_me:$LINENO: checking for SD_Init in -laceclnt" >&5
+ echo $ECHO_N "checking for SD_Init in -laceclnt... $ECHO_C" >&6
+-if test "${ac_cv_lib_aceclnt_SD_Init_______lpthread_______+set}" = set; then
++if test "${ac_cv_lib_aceclnt_SD_Init+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+ else
+ ac_check_lib_save_LIBS=$LIBS
+@@ -21776,20 +21788,20 @@
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+- ac_cv_lib_aceclnt_SD_Init_______lpthread_______=yes
++ ac_cv_lib_aceclnt_SD_Init=yes
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
+
+-ac_cv_lib_aceclnt_SD_Init_______lpthread_______=no
++ac_cv_lib_aceclnt_SD_Init=no
+ fi
+ rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS=$ac_check_lib_save_LIBS
+ fi
+-echo "$as_me:$LINENO: result: $ac_cv_lib_aceclnt_SD_Init_______lpthread_______" >&5
+-echo "${ECHO_T}$ac_cv_lib_aceclnt_SD_Init_______lpthread_______" >&6
+-if test $ac_cv_lib_aceclnt_SD_Init_______lpthread_______ = yes; then
++echo "$as_me:$LINENO: result: $ac_cv_lib_aceclnt_SD_Init" >&5
++echo "${ECHO_T}$ac_cv_lib_aceclnt_SD_Init" >&6
++if test $ac_cv_lib_aceclnt_SD_Init = yes; then
+
+
+ if test X"$AUTH_EXCL" != X""; then
diff --git a/security/sudo/patches/patch-ah b/security/sudo/patches/patch-ah
deleted file mode 100644
index 295715eb687..00000000000
--- a/security/sudo/patches/patch-ah
+++ /dev/null
@@ -1,31 +0,0 @@
-$NetBSD: patch-ah,v 1.5 2007/06/25 09:53:42 tls Exp $
-
---- env.c.orig 2005-11-08 13:21:33.000000000 -0500
-+++ env.c 2007-06-25 04:44:24.000000000 -0400
-@@ -105,14 +105,14 @@
- #ifdef __APPLE__
- "DYLD_*",
- #endif
--#ifdef HAVE_KERB4
-+#if defined(HAVE_KERB4) || defined(HAVE_KERB5)
- "KRB_CONF*",
- "KRBCONFDIR",
- "KRBTKFILE",
--#endif /* HAVE_KERB4 */
--#ifdef HAVE_KERB5
- "KRB5_CONFIG*",
--#endif /* HAVE_KERB5 */
-+ "KRB5_KTNAME",
-+ "KRB5CCNAME",
-+#endif /* HAVE_KERB4 || HAVE_KERB5 */
- #ifdef HAVE_SECURID
- "VAR_ACE",
- "USR_ACE",
-@@ -130,6 +130,7 @@
- "PERLLIB",
- "PERL5LIB",
- "PERL5OPT",
-+ "PYTHONINSPECT",
- NULL
- };
-
diff --git a/security/sudo/patches/patch-ai b/security/sudo/patches/patch-ai
deleted file mode 100644
index c46ba75e8af..00000000000
--- a/security/sudo/patches/patch-ai
+++ /dev/null
@@ -1,27 +0,0 @@
-$NetBSD: patch-ai,v 1.2 2007/07/02 06:04:03 tls Exp $
-
---- auth/kerb5.c.orig 2005-03-29 23:38:36.000000000 -0500
-+++ auth/kerb5.c 2007-07-02 01:44:01.000000000 -0400
-@@ -57,7 +57,7 @@
- #ifdef HAVE_HEIMDAL
- # define extract_name(c, p) krb5_principal_get_comp_string(c, p, 1)
- # define krb5_free_data_contents(c, d) krb5_data_free(d)
--# define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 /* XXX */
-+# define ENCTYPE_DES_CBC_MD5 0 /* 0 is wildcard */
- #else
- # define extract_name(c, p) (krb5_princ_component(c, p, 1)->data)
- #endif
-@@ -269,12 +269,11 @@
- * and enctype is currently ignored anyhow.)
- */
- if ((error = krb5_kt_read_service_key(sudo_context, NULL, princ, 0,
-- ENCTYPE_DES_CBC_MD5, &keyblock))) {
-+ 0, &keyblock))) {
- /* Keytab or service key does not exist. */
- log_error(NO_EXIT,
- "%s: host service key not found: %s", auth_name,
- error_message(error));
-- error = 0;
- goto cleanup;
- }
- if (keyblock)