5 files changed, 123 insertions, 42 deletions
diff --git a/security/sudo/patches/patch-af b/security/sudo/patches/patch-af
index b3652283925..ff83fce5b7f 100644
--- a/security/sudo/patches/patch-af
+++ b/security/sudo/patches/patch-af
@@ -1,4 +1,4 @@
-$NetBSD: patch-af,v 1.33 2016/09/12 17:12:24 taca Exp $
+$NetBSD: patch-af,v 1.33.6.1 2017/05/31 06:22:52 spz Exp $
 
 * Add "--with-nbsdops" option, NetBSD standard options.
 * Link with util(3) in the case of DragonFly, too.
@@ -9,11 +9,11 @@ $NetBSD: patch-af,v 1.33 2016/09/12 17:12:24 taca Exp $
 
 --- configure.ac.orig	2016-06-22 16:36:23.000000000 +0000
 +++ configure.ac
-@@ -439,6 +439,20 @@ AC_ARG_WITH(csops, [AS_HELP_STRING([--wi
+@@ -447,6 +447,20 @@ AC_ARG_WITH(csops, [AS_HELP_STRING([--wi
  		;;
  esac])
  
-++AC_ARG_WITH(nbsdops, [AS_HELP_STRING([--with-nbsdops], [add NetBSD standard opt
++AC_ARG_WITH(nbsdops, [AS_HELP_STRING([--with-nbsdops], [add NetBSD standard opt
 +ions])],
 +[case $with_nbsdops in
 +    yes)       echo 'Adding NetBSD standard options'
@@ -30,7 +30,7 @@ $NetBSD: patch-af,v 1.33 2016/09/12 17:12:24 taca Exp $
  AC_ARG_WITH(passwd, [AS_HELP_STRING([--without-passwd], [don't use passwd/shadow file for authentication])],
  [case $with_passwd in
      yes|no)	AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
-@@ -1951,7 +1965,7 @@ case "$host" in
+@@ -1971,7 +1985,7 @@ case "$host" in
  		: ${mansectsu='1m'}
  		: ${mansectform='4'}
  		;;
@@ -38,8 +38,8 @@ $NetBSD: patch-af,v 1.33 2016/09/12 17:12:24 taca Exp $
 +    *-*-linux*|*-*-k*bsd*-gnu|*-*-gnukfreebsd)
  		shadow_funcs="getspnam"
  		test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
- 		;;
-@@ -2299,7 +2313,7 @@ SUDO_MAILDIR
+ 		# Check for SECCOMP_SET_MODE_FILTER in linux/seccomp.h
+@@ -2329,7 +2343,7 @@ SUDO_MAILDIR
  if test ${with_logincap-'no'} != "no"; then
      AC_CHECK_HEADERS([login_cap.h], [LOGINCAP_USAGE='[[-c class]] '; LCMAN=1
  	case "$OS" in
@@ -48,7 +48,7 @@ $NetBSD: patch-af,v 1.33 2016/09/12 17:12:24 taca Exp $
  		SUDO_LIBS="${SUDO_LIBS} -lutil"
  		SUDOERS_LIBS="${SUDOERS_LIBS} -lutil"
  		;;
-@@ -3381,6 +3395,8 @@ if test ${with_kerb5-'no'} != "no"; then
+@@ -3441,6 +3455,8 @@ if test ${with_kerb5-'no'} != "no"; then
  	])
  	AUTH_OBJS="$AUTH_OBJS kerb5.lo"
      fi
@@ -57,7 +57,7 @@ $NetBSD: patch-af,v 1.33 2016/09/12 17:12:24 taca Exp $
      _LIBS="$LIBS"
      LIBS="${LIBS} ${SUDOERS_LIBS}"
      AC_CHECK_FUNCS([krb5_verify_user krb5_init_secure_context])
-@@ -4220,7 +4236,7 @@ test "$datarootdir" = '${prefix}/share' 
+@@ -4292,7 +4308,7 @@ test "$datarootdir" = '${prefix}/share' 
  test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
  test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale'
  test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var'
diff --git a/security/sudo/patches/patch-ag b/security/sudo/patches/patch-ag
index 7cbdebdc964..cc57f8ae2b6 100644
--- a/security/sudo/patches/patch-ag
+++ b/security/sudo/patches/patch-ag
@@ -1,4 +1,4 @@
-$NetBSD: patch-ag,v 1.24 2016/09/12 17:12:24 taca Exp $
+$NetBSD: patch-ag,v 1.24.6.1 2017/05/31 06:22:52 spz Exp $
 
 * Add "--with-nbsdops" option, NetBSD standard options.
 * Link with util(3) in the case of DragonFly, too.
@@ -7,9 +7,17 @@ $NetBSD: patch-ag,v 1.24 2016/09/12 17:12:24 taca Exp $
   functions (HAVE_KRB5_*).
 * Remove setting sysconfdir to "/etc".
 
---- configure.orig	2016-06-22 16:36:22.000000000 +0000
+--- configure.orig	2017-05-29 20:33:06.000000000 +0000
 +++ configure
-@@ -1562,7 +1562,7 @@ Fine tuning of the installation director
+@@ -865,6 +865,7 @@ with_libpath
+ with_libraries
+ with_efence
+ with_csops
++with_nbsdops
+ with_passwd
+ with_skey
+ with_opie
+@@ -1571,7 +1572,7 @@ Fine tuning of the installation director
    --bindir=DIR            user executables [EPREFIX/bin]
    --sbindir=DIR           system admin executables [EPREFIX/sbin]
    --libexecdir=DIR        program executables [EPREFIX/libexec]
@@ -18,38 +26,39 @@ $NetBSD: patch-ag,v 1.24 2016/09/12 17:12:24 taca Exp $
    --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
    --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
    --libdir=DIR            object code libraries [EPREFIX/lib]
-@@ -1661,6 +1661,7 @@ Optional Packages:
+@@ -1674,6 +1675,7 @@ Optional Packages:
    --with-libraries        additional libraries to link with
    --with-efence           link with -lefence for malloc() debugging
    --with-csops            add CSOps standard options
-+  --with-nbsdops          add NetBSD standard options
++  --with-nbsdops          add NetBSD standard opt ions
    --without-passwd        don't use passwd/shadow file for authentication
    --with-skey[=DIR]       enable S/Key support
    --with-opie[=DIR]       enable OPIE support
-@@ -4499,6 +4500,22 @@ $as_echo "$as_me: WARNING: Ignoring unkn
- esac
- fi
+@@ -4746,6 +4748,23 @@ fi
  
-+# Check whether --with-nbsdops or --without-nbsdops was given.
-+if test "${with_nbsdops+set}" = set; then
-+  withval="$with_nbsdops"
-+  case $with_nbsdops in
-+    yes)	echo 'Adding NetBSD standard options'
-+		CHECKSIA=false
-+		with_ignore_dot=yes
-+		with_env_editor=yes
-+		with_tty_tickets=yes
-+		;;
-+    no)		;;
-+    *)		echo "Ignoring unknown argument to --with-nbsdops: $with_nbsdops"
-+		;;
-+esac
-+fi;
-+
  
  
++# Check whether --with-nbsdops was given.
++if test "${with_nbsdops+set}" = set; then :
++  withval=$with_nbsdops; case $with_nbsdops in
++    yes)       echo 'Adding NetBSD standard options'
++               CHECKSIA=false
++               with_ignore_dot=yes
++               with_env_editor=yes
++               with_tty_tickets=yes
++               ;;
++    no)                ;;
++    *)         echo "Ignoring unknown argument to --with-nbsdops: $with_nbsdops"
++               ;;
++esac
++fi
++
++
++
  # Check whether --with-passwd was given.
-@@ -15209,7 +15226,7 @@ fi
+ if test "${with_passwd+set}" = set; then :
+   withval=$with_passwd; case $with_passwd in
+@@ -15770,7 +15789,7 @@ fi
  		: ${mansectsu='1m'}
  		: ${mansectform='4'}
  		;;
@@ -57,8 +66,8 @@ $NetBSD: patch-ag,v 1.24 2016/09/12 17:12:24 taca Exp $
 +    *-*-linux*|*-*-k*bsd*-gnu|*-*-gnukfreebsd)
  		shadow_funcs="getspnam"
  		test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
- 		;;
-@@ -17228,7 +17245,7 @@ if test "x$ac_cv_header_login_cap_h" = x
+ 		# Check for SECCOMP_SET_MODE_FILTER in linux/seccomp.h
+@@ -17995,7 +18014,7 @@ if test "x$ac_cv_header_login_cap_h" = x
  _ACEOF
   LOGINCAP_USAGE='[-c class] '; LCMAN=1
  	case "$OS" in
@@ -67,7 +76,44 @@ $NetBSD: patch-ag,v 1.24 2016/09/12 17:12:24 taca Exp $
  		SUDO_LIBS="${SUDO_LIBS} -lutil"
  		SUDOERS_LIBS="${SUDOERS_LIBS} -lutil"
  		;;
-@@ -21839,6 +21856,8 @@ fi
+@@ -22483,10 +22502,9 @@ if test ${with_pam-"no"} != "no"; then
+     # Check for pam_start() in libpam first, then for pam_appl.h.
+     #
+     found_pam_lib=no
+-    as_ac_Lib=`$as_echo "ac_cv_lib_pam_pam_start$lt_cv_dlopen_libs" | $as_tr_sh`
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_start in -lpam" >&5
++    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_start in -lpam" >&5
+ $as_echo_n "checking for pam_start in -lpam... " >&6; }
+-if eval \${$as_ac_Lib+:} false; then :
++if ${ac_cv_lib_pam_pam_start+:} false; then :
+   $as_echo_n "(cached) " >&6
+ else
+   ac_check_lib_save_LIBS=$LIBS
+@@ -22510,18 +22528,17 @@ return pam_start ();
+ }
+ _ACEOF
+ if ac_fn_c_try_link "$LINENO"; then :
+-  eval "$as_ac_Lib=yes"
++  ac_cv_lib_pam_pam_start=yes
+ else
+-  eval "$as_ac_Lib=no"
++  ac_cv_lib_pam_pam_start=no
+ fi
+ rm -f core conftest.err conftest.$ac_objext \
+     conftest$ac_exeext conftest.$ac_ext
+ LIBS=$ac_check_lib_save_LIBS
+ fi
+-eval ac_res=\$$as_ac_Lib
+-	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+-$as_echo "$ac_res" >&6; }
+-if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then :
++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pam_pam_start" >&5
++$as_echo "$ac_cv_lib_pam_pam_start" >&6; }
++if test "x$ac_cv_lib_pam_pam_start" = xyes; then :
+   found_pam_lib=yes
+ fi
+ 
+@@ -23256,6 +23273,8 @@ fi
  rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
  	AUTH_OBJS="$AUTH_OBJS kerb5.lo"
      fi
@@ -76,12 +122,11 @@ $NetBSD: patch-ag,v 1.24 2016/09/12 17:12:24 taca Exp $
      _LIBS="$LIBS"
      LIBS="${LIBS} ${SUDOERS_LIBS}"
      for ac_func in krb5_verify_user krb5_init_secure_context
-@@ -24341,7 +24360,7 @@ test "$datarootdir" = '${prefix}/share' 
+@@ -26426,7 +26445,6 @@ test "$datarootdir" = '${prefix}/share' 
  test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
  test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale'
  test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var'
 -test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
-+# test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
  
  if test X"$INIT_SCRIPT" != X""; then
      ac_config_files="$ac_config_files init.d/$INIT_SCRIPT"
diff --git a/security/sudo/patches/patch-include_sudo__compat.h b/security/sudo/patches/patch-include_sudo__compat.h
new file mode 100644
index 00000000000..e40b3b55199
--- /dev/null
+++ b/security/sudo/patches/patch-include_sudo__compat.h
@@ -0,0 +1,20 @@
+$NetBSD: patch-include_sudo__compat.h,v 1.1.2.2 2017/05/31 06:22:52 spz Exp $
+
+Work around missing WCONTINUED/WIFCONTINUED support in
+NetBSD<8
+
+--- include/sudo_compat.h.orig	2017-05-10 15:38:43.000000000 +0000
++++ include/sudo_compat.h
+@@ -304,6 +304,12 @@ extern int errno;
+ # define SIG2STR_MAX 32
+ #endif
+ 
++/* Deficiencies in NetBSD<8 */
++#ifndef WCONTINUED
++# define WCONTINUED 0
++# define WIFCONTINUED(a) 0
++#endif
++
+ /* WCOREDUMP is not POSIX, this usually works (verified on AIX). */
+ #ifndef WCOREDUMP
+ # define WCOREDUMP(x)	((x) & 0x80)
diff --git a/security/sudo/patches/patch-include_sudo__event.h b/security/sudo/patches/patch-include_sudo__event.h
new file mode 100644
index 00000000000..6719dfa5cb2
--- /dev/null
+++ b/security/sudo/patches/patch-include_sudo__event.h
@@ -0,0 +1,16 @@
+$NetBSD: patch-include_sudo__event.h,v 1.1.2.2 2017/05/31 06:22:52 spz Exp $
+
+Missing include, fixes build error:
+error: field 'timeout' has incomplete type
+struct timeval timeout; /* for SUDO_EV_TIMEOUT */
+
+--- include/sudo_event.h.orig	2017-01-14 04:30:15.000000000 +0000
++++ include/sudo_event.h
+@@ -18,6 +18,7 @@
+ #define SUDO_EVENT_H
+ 
+ #include "sudo_queue.h"
++#include <sys/time.h> /* timeval */
+ 
+ /* Event types */
+ #define SUDO_EV_TIMEOUT		0x01	/* fire after timeout */
diff --git a/security/sudo/patches/patch-src_Makefile.in b/security/sudo/patches/patch-src_Makefile.in
index 84cd2af0904..07f87007731 100644
--- a/security/sudo/patches/patch-src_Makefile.in
+++ b/security/sudo/patches/patch-src_Makefile.in
@@ -1,15 +1,15 @@
-$NetBSD: patch-src_Makefile.in,v 1.1 2016/01/01 17:00:49 spz Exp $
+$NetBSD: patch-src_Makefile.in,v 1.1.12.1 2017/05/31 06:22:52 spz Exp $
 
 * install the suid sudo without write-bits
 
 --- ./src/Makefile.in.orig	2015-10-31 23:35:25.000000000 +0000
 +++ ./src/Makefile.in
-@@ -173,7 +174,7 @@ install-rc: install-dirs
+@@ -198,7 +198,7 @@ install-rc: install-dirs
  	fi
  
  install-binaries: install-dirs $(PROGS)
--	INSTALL_BACKUP='~' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m 04755 sudo $(DESTDIR)$(bindir)/sudo
-+	INSTALL_BACKUP='~' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m 04555 sudo $(DESTDIR)$(bindir)/sudo
+-	INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m 04755 sudo $(DESTDIR)$(bindir)/sudo
++	INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m 04555 sudo $(DESTDIR)$(bindir)/sudo
  	rm -f $(DESTDIR)$(bindir)/sudoedit
  	ln -s sudo $(DESTDIR)$(bindir)/sudoedit
  	if [ -f sesh ]; then \