security/sudo: Update to 1.9.16p1

Major changes between sudo 1.9.16p1 and 1.9.16:

 * Fixed the test for cross-compiling when checking for C99 snprintf().
   The changes made to the test in sudo 1.9.16 resulted in a different
   problem.  GitHub issue #386.

 * Fixed the date used by the exit record in sudo-format log files.
   This was a regression introduced in sudo 1.9.16 and only affected
   file-based logs, not syslog. GitHub issue #405.

 * Fixed the root cause of the "unable to find terminal name for
   device" message when running sudo on AIX when no terminal is
   present.  In sudo 1.9.16 this was turned from a debug message

security/sudo: hook up orphaned doc file with LDAP option enabled (+)

Reported-by:	poudriere bulk -t failure
Approved-by:	portmgr blanket (trivial fix)

security/sudo: Update to 1.9.16

ChangeLog:	https://www.sudo.ws/releases/stable/#1.9.16
PR:		281428
Approved by:	garga (maintainer)

security/sudo: Mark SSSD option as deprecated

security/sssd is marked as deprecated, add a note on option description

Sponsored by:	Rubicon Communications, LLC ("Netgate")

security/sudo: rename the SSSD_DEVEL option to SSSD2

security/sssd-devel was renamed to security/sssd2

PR:		277077

security/sudo: re-add sssd-devel option

sudo already allows for the use of security/sssd (SSSD)

This patch allows for selecting security/sssd-devel (SSSD_DEVEL)
instead.

Also updates security/sssd-devel, elminating a circular dependency.

PR:		276598 272571

*/*: Restore GNU_CONFIGURE on my ports

I made a mistake and changed these ports to HAS_CONFIGURE when working
on MANPREFIX sanitization.  Restore proper macro usage and set
GNU_CONFIGURE_MANPREFIX properly to keep manpages installed under
${PREFIX}/share.

Reported by:	danfe
Sponsored by:	Rubicon Communications, LLC ("Netgate")

security/sudo: Move manpages to ${PREFIX}/share

Sponsored by:	Rubicon Communications, LLC ("Netgate")

security/sudo: Update to 1.9.15p5

Major changes between sudo 1.9.15p5 and 1.9.15p4:

 * Fixed evaluation of the "lecture", "listpw", "verifypw", and
   "fdexec" sudoers Defaults settings when used without an explicit
   value.  Previously, if specified without a value they were
   evaluated as boolean "false", even when the negation operator
   ('!') was not present.

 * Fixed a bug introduced in sudo 1.9.14 that prevented LDAP
   netgroup queries using the NETGROUP_BASE setting from being
   performed.

 * Sudo will now transparently rename a user's lecture file from
   the older name-based path to the newer user-ID-based path.
   GitHub issue #342.

 * Fixed a bug introduced in sudo 1.9.15 that could cause a memory
   allocation failure if sysconf(_SC_LOGIN_NAME_MAX) fails.  Bug #1066.

PR:		276032
Approved by:	garga (maintainer)
MFH:		2024Q1

security/sudo: Update to 1.9.15p4

Major changes between sudo 1.9.15p4 and 1.9.15p3:

 * Fixed a bug introduced in sudo 1.9.15 that could prevent a user's
   privileges from being listed by "sudo -l" if the sudoers entry
   in /etc/nsswitch.conf contains "[SUCCESS=return]".  This did not
   affect the ability to run commands via sudo.  Bug #1063.

PR:		275788
Approved by:	garga (maintainer)
MFH:		2023Q4

security/sudo: Update to 1.9.15p3

Major changes between sudo 1.9.15p3 and 1.9.15p2:

 * Always disable core dumps when sudo sends itself a fatal signal.
   Fixes a problem where sudo could potentially dump core dump when
   it re-sends the fatal signal to itself.  This is only an issue
   if the command received a signal that would normally result in
   a core dump but the command did not actually dump core.

 * Fixed a bug matching a command with a relative path name when
   the sudoers rule uses shell globbing rules for the path name.
   Bug #1062.

 * Permit visudo to be run even if the local host name is not set.

security/sudo: Update to 1.9.15p2

* Fixed a bug on BSD systems where sudo would not restore the
  terminal settings on exit if the terminal had parity enabled.
  GitHub issue #326.

Sponsored by:	Rubicon Communications, LLC ("Netgate")

security/sudo: Update to 1.9.15p1

* Fixed a bug introduced in sudo 1.9.15 that prevented LDAP-based
  sudoers from being able to read the ldap.conf file.
  GitHub issue #325.

PR:		274960
Reported by:	Daniel Porsch <daniel.porsch@loopia.se>
Sponsored by:	Rubicon Communications, LLC ("Netgate")

security/sudo: Update to 1.9.15

While here:

- Prevent combination of SSSD and GSSAPI_HEIMDAL because sssd port
  requires MIT kerberos and it will conflict with heimdal
- Removed SSSD_DEVEL option because sssd-devel port requires sudo and it
  creates a circular dependency
- Fix OPIE on FreeBSD versions after it was removed from base

Sponsored by:	Rubicon Communications, LLC ("Netgate")

security/sudo: Fix build with openssl from ports

Since SSL support is being changed and sudo can be built without it, add
a new SSL option, on by default.

When option is enabled, use --enable-openssl=${OPENSSLBASE} to make sure
it consumes desired OpenSSL implementation.  Also add pkgconfig
dependency because configure script rely on it to detect openssl
details.

PR:		274753
Reported by:	tburns@hrsd.com
Sponsored by:	Rubicon Communications, LLC ("Netgate")

security/sudo: Update to 1.9.14p3

Major changes between sudo 1.9.14p3 and 1.9.14p2:

 * Fixed a crash with Python 3.12 when the sudo Python python is
   unloaded.  This only affects "make check" for the Python plugin.

 * Adapted the sudo Python plugin test output to match Python 3.12.

PR:		272707
Approved by:	garga (maintainer)
MFH:		2023Q3

security/sudo: Update to 1.9.14p2

Sponsored by:	Rubicon Communications, LLC ("Netgate")

security/sudo: add sssd-devel option

security/sudo already allows for the use of security/sssd (SSSD)

This patch allows for selecting security/sssd-devel (SSSD_DEVEL)
instead.

PR:		272488

security/sudo: Update to 1.9.14p1

Major changes between sudo 1.9.14p1 and 1.9.14:

 * Fixed an "invalid free" bug in sudo_logsrvd that was introduced
   in version 1.9.14 which could cause sudo_logsrvd to crash.

 * The sudoers plugin no longer tries to send the terminal name
   to the log server when no terminal is present.  This bug was
   introduced in version 1.9.14.

PR:             272456
Approved by:    garga (maintainer)
MFH:            2023Q3

Revert "security/sudo: Update to 1.9.14p1"

I forgot to put the PR number in its placeholder.

This reverts commit af3f8976df6f16a1a2554537e9c35188db653d0f.

security/sudo: Update to 1.9.14p1

Major changes between sudo 1.9.14p1 and 1.9.14:

 * Fixed an "invalid free" bug in sudo_logsrvd that was introduced
   in version 1.9.14 which could cause sudo_logsrvd to crash.

 * The sudoers plugin no longer tries to send the terminal name
   to the log server when no terminal is present.  This bug was
   introduced in version 1.9.14.

PR:             NNNNNN
Approved by:    garga (maintainer)
MFH:            2023Q3

security/sudo: Update to 1.9.14

PR:		272255
Approved by:	garga (maintainer)
MFH"		2023Q2

security/sudo: Ignore portscout

It doesn't understand sudo versioning scheme and keep giving false
alerts.

Sponsored by:	Rubicon Communications, LLC ("Netgate")

security/sudo: Pacify portclippy

No functional changes intended

Sponsored by:	Rubicon Communications, LLC ("Netgate")

security/sudo: Update to 1.9.13p3

PR		270002
Approved by:	garga (maintainer - private email to myself, implicit)
		message-id: 816dd4b5-0a0d-3dd2-4bcc-c9b3b1a4ddfd@FreeBSD.org
MFH:		2023Q1
ChangeLog:	https://www.sudo.ws/releases/stable/#1.9.13p3

security/sudo: Update to 1.9.13p2

Major changes between sudo 1.9.13p2 and 1.9.13p1:

 * Fixed the --enable-static-sudoers option, broken in sudo 1.9.13.
   GitHub issue #245.

 * Fixed a potential double-free bug when matching a sudoers rule
   that contains a per-command chroot directive (CHROOT=dir).  This
   bug was introduced in sudo 1.9.8.

PR:		269854
Approved by:	garga
MFH:		2023Q1

security/sudo: Upgrade to 1.9.13p1

Sponsored by:	Rubicon Communications, LLC ("Netgate")

security/sudo: Update to 1.9.13

Major changes between sudo 1.9.13 and 1.9.12p2:

 * Fixed a bug running relative commands via sudo when "log_subcmds"
   is enabled.  GitHub issue #194.

 * Fixed a signal handling bug when running sudo commands in a shell
   script.  Signals were not being forwarded to the command when
   the sudo process was not run in its own process group.

 * Fixed a bug in cvtsudoers' LDIF parsing when the file ends without
   a newline and a backslash is the last character of the file.

 * Fixed a potential use-after-free bug with cvtsudoers filtering.

Mk/**ldap.mk: Convert USE_LDAP to USES=ldap

Convert the USE_LDAP=yes to USES=ldap and adds the following features:

- Adds the argument USES=ldap:server to add openldap2{4|5|6}-server as
  RUN_DEPENDS
- Adds the argument USES=ldap<version> and replaces WANT_OPENLDAP_VER
- Adds OPENLDAP versions in bsd.default-versions.mk
- Adds USE_OPENLDAP/WANT_OPENLDAP_VER in Mk/bsd.sanity.mk
- Changes consumers to use the features

Reviewed by:	delphij
Approved by:	portmgr
Differential Revision: https://reviews.freebsd.org/D38233

security/sudo: Update to 1.9.12p2

Major changes between sudo 1.9.12p2 and 1.9.12p1:

 * Fixed a compilation error on Linux/aarch64.  GitHub issue #197.

 * Fixed a potential crash introduced in the fix for GitHub issue #134.
   If a user's sudoers entry did not have any RunAs user's set,
   running "sudo -U otheruser -l" would dereference a NULL pointer.

 * Fixed a bug introduced in sudo 1.9.12 that could prevent sudo
   from creating a I/O files when the "iolog_file" sudoers setting
   contains six or more Xs.

 * Fixed CVE-2023-22809, a flaw in sudo's -e option (aka sudoedit)
   that coud allow a malicious user with sudoedit privileges to
   edit arbitrary files.

PR:		269030
Submitted by:	cy
Reported by:	cy
Approved by:	garga
MFH:		2023Q1
Security:	CVE-2023-22809

security/sudo: Update to 1.9.12p1

This release includes fixes to minor bugs, including a fix for
CVE-2022-43995, a non-exploitable potential out-of-bounds write on
systems that do not use PAM, AIX authentication or BSD authentication.

PR:		267617
Approved by:	garga (Maintainer)
MFH:		2022Q4
Security:	CVE-2022-43995

security/sudo: Update to 1.9.12

Sponsored by:	Rubicon Communications, LLC ("Netgate")

Remove WWW entries moved into port Makefiles

Commit b7f05445c00f has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.

This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.

Approved by:		portmgr (tcberner)

Add WWW entries to port Makefiles

It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.

Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.

There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.

security: remove 'Created by' lines

A big Thank You to the original contributors of these ports:

  *  <ports@c0decafe.net>
  *  Aaron Dalton <aaron@FreeBSD.org>
  *  Adam Weinberger <adamw@FreeBSD.org>
  *  Ade Lovett <ade@FreeBSD.org>
  *  Aldis Berjoza <aldis@bsdroot.lv>
  *  Alex Dupre <ale@FreeBSD.org>
  *  Alex Kapranoff <kappa@rambler-co.ru>
  *  Alex Samorukov <samm@freebsd.org>
  *  Alexander Botero-Lowry <alex@foxybanana.com>
  *  Alexander Kriventsov <avk@vl.ru>
  *  Alexander Leidinger <netchild@FreeBSD.org>

security/sudo: Update to 1.9.11p3

Sponsored by:	Rubicon Communications, LLC ("Netgate")

security/sudo: Update to 1.9.11p2 -- Fix regressions

Major changes between sudo 1.9.11p2 and 1.9.11p1:

 * Fixed a compilation error on Linux/x86_64 with the x32 ABI.

 * Fixed a regression introduced in 1.9.11p1 that caused a warning
   when logging to sudo_logsrvd if the command returned no output.

PR:		264643
Approved by:	garga (maintainer)

security/sudo: Update to 1.9.11p1

Major changes between sudo 1.9.11p1 and 1.9.11:

 * Correctly handle EAGAIN in the I/O read/right events.  This fixes
   a hang seen on some systems when piping a large amount of data
   through sudo, such as via rsync.  Bug #963.

 * Changes to avoid implementation or unspecified behavior when
   bit shifting signed values in the protobuf library.

 * Fixed a compilation error on Linux/aarch64.

 * Fixed the configure check for seccomp(2) support on Linux.

security/sudo: fix packaging with PYTHON option enabled (+)

This a followup to commit 3ee710e0b22309a7e87c71b87bf5510aa8678ed8

sudo-1.9.11 have moved plugins manpages from section 8 to section 5

Pointy hat to:	cy
Approved by:	portmgr blanket

security/sudo: Update to 1.9.11

Major changes between sudo 1.9.11 and 1.9.10:

 * Fixed a crash in the Python module with Python 3.9.10 on some
   systems.  Additionally, "make check" now passes for Python 3.9.10.

 * Error messages sent via email now include more details, including
   the file name and the line number and column of the error.
   Multiple errors are sent in a single message.  Previously, only
   the first error was included.

 * Fixed logging of parse errors in JSON format.  Previously,
   the JSON logger would not write entries unless the command and
   runuser were set.  These may not be known at the time a parse

security/sudo: Update to 1.9.10

PR:		262331
Approved by:	garga (maintainer)

security/sudo: Update to 1.9.9

PR:		261529
Sponsored by:	Rubicon Communications, LLC ("Netgate")

security/sudo: Update to 1.9.8p2

Major changes between sudo 1.9.8p2 and 1.9.8p1:

 * Fixed a potential out-of-bounds read with "sudo -i" when the
   target user's shell is bash.  This is a regression introduced
   in sudo 1.9.8.  Bug #998.

 * sudo_logsrvd now only sends a log ID for first command of a session.
   There is no need to send the log ID for each sub-command.

 * Fixed a few minor memory leaks in intercept mode.

 * Fixed a problem with sudo_logsrvd in relay mode if "store_first"
   was enabled when handling sub-commands.  A new zero-length journal
   file was created for each sub-command instead of simply using
   the existing journal file.

PR:		258666
Submitted by:	cy
Reported by:	cy
Approved by:	garga (maintainer)
MFH:		2021Q3

security/sudo: Update to 1.9.8p1 to fix LDAP SEGFAULT

Sudo version 1.9.8 patchelevel 1 is now available which fixes a few
regressions introduced in sudo 1.9.8.

Source:
    https://www.sudo.ws/dist/sudo-1.9.8p1.tar.gz
    ftp://ftp.sudo.ws/pub/sudo/sudo-1.9.8p1.tar.gz

SHA256 checksum:
    0939ee24df7095a92e0ca4aa3bd53b2a10965a7b921d51a26ab70cdd24388d69
MD5 checksum:
    ae9c8b32268f27d05bcdcb8f0c04d461

Binary packages:

securty/sudo: Update to 1.9.8

Major changes between sudo 1.9.8 and 1.9.7p2:

 * It is now possible to transparently intercepting sub-commands
   executed by the original command run via sudo.  Intercept support
   is implemented using LD_PRELOAD (or the equivalent supported by
   the system) and so has some limitations.  The two main limitations
   are that only dynamic executables are supported and only the
   execl, execle, execlp, execv, execve, execvp, and execvpe library
   functions are currently intercepted. Its main use case is to
   support restricting privileged shells run via sudo.

   To support this, there is a new "intercept" Defaults setting and
   an INTERCEPT command tag that can be used in sudoers.  For example:

security/sudo: Update to 1.9.7p2

Sponsored by:	Rubicon Communications, LLC ("Netgate")

securty/sudo: Update to 1.9.7p1

Major changes between sudo 1.9.7p1 and 1.9.7

 * Fixed an SELinux sudoedit bug when the edited temporary file
   could not be opened.  The sesh helper would still be run even
   when there are no temporary files available to install.

 * Fixed a compilation problem on FreeBSD.

 * The sudo_noexec.so file is now built as a module on all systems
   other than macOS.  This makes it possible to use other libtool
   implementations such as slibtool.  On macOS shared libraries and
   modules are not interchangeable and the version of libtool shipped
   with sudo must be used.

security/sudo: update to 1.9.7

Among other changes this release fixes -fcommon errors. A complete list
of changes can be found at https://www.sudo.ws/stable.html/

PR:		255812
Submitted by:	Yasuhiro Kimura <yasu@utahime.org> (mostly)
Reported by:	Yasuhiro Kimura <yasu@utahime.org>
Tested by:	cy
Approved by:	garga (maintainer)
MFH:		2021Q2

all: Remove all other $FreeBSD keywords.

Remove # $FreeBSD$ from Makefiles.

security/sudo: Update to 1.9.6p1

PR:		254260
Submitted by:	Yasuhiro Kimura <yasu@utahime.org>
Sponsored by:	Rubicon Communications, LLC ("Netgate")

security/sudo - update 1.9.5p1 to 1.9.5p2

	(text/plain)
Sudo version 1.9.5p2 is now available which fixes CVE-2021-3156
(aka Baron Samedit), a severe security vulnerability in sudo versions
1.8.2 through 1.9.5p1.  For more details, see:
    https://www.sudo.ws/alerts/unescape_overflow.html
    https://www.openwall.com/lists/oss-security/2021/01/26/3

Source:
    https://www.sudo.ws/dist/sudo-1.9.5p2.tar.gz
    ftp://ftp.sudo.ws/pub/sudo/sudo-1.9.5p2.tar.gz
    SHA256 539e2ef43c8a55026697fb0474ab6a925a11206b5aa58710cb42a0e1c81f0978
    MD5 e6bc4c18c06346e6b3431637a2b5f3d5

security/sudo: Update to 1.9.5p1

This version fixes a regression introduced by 1.9.5

Changelog: https://www.sudo.ws/stable.html#1.9.5p1

PR:		252598
Submitted by:	cy
MFH:		2021Q1
Sponsored by:	Rubicon Communications, LLC (Netgate)

Update 1.9.4p2 --> 1.9.5

PR:		252583
Submitted by:	cy
Reported by:	cy
Approved by:	garga (maintainer)
MFH:		2021Q1
Security:	CVE-2021-23239

security/sudo: Fix version

Use PORTVERSION here to end up with 1.9.4p2, which is considered newer than
previous one (1.9.4_1)

Reported by:	ohauer <ohauer@gmx.de>

security/sudo: Update to 1.9.4p2

PR:		251930
Submitted by:	Yasuhiro Kimura <yasu@utahime.org>
Sponsored by:	Rubicon Communications, LLC (Netgate)

security/sudo: Fix build without sendmail

PR:		251582
Reported by:	Alexander Kuznetsov <alex@kuznetcoff.ru>
Obtained from:	https://www.sudo.ws/repos/sudo/raw-rev/41db1aad85bb
Sponsored by:	Rubicon Communications, LLC (Netgate)

security/sudo: Update to 1.9.4

PR:		251488
Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
Sponsored by:	Rubicon Communications, LLC (Netgate)

security/sudo: readd option for SSSD, reverting r553505

security/sudo: remove optional expired dependency on security/sssd

security/sudo: Update to 1.9.3p1

PR:		249566
Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
Sponsored by:	Rubicon Communications, LLC (Netgate)

security/sudo: Update to 1.9.3

PR:		249511
Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
Sponsored by:	Rubicon Communications, LLC (Netgate)

Update 1.9.1 --> 1.9.2

Major changes between sudo 1.9.2 and 1.9.1

 * The configure script now uses pkg-config to find the openssl
   cflags and libs where possible.

 * The contents of the log.json I/O log file is now documented in
   the sudoers manual.

 * The sudoers plugin now properly exports the sudoers_audit symbol
   on systems where the compiler lacks symbol visibility controls.
   This caused a regression in 1.9.1 where a successful sudo command
   was not logged due to the missing audit plugin.  Bug #931.

 * Fixed a regression introduced in 1.9.1 that can result in crash
   when there is a syntax error in the sudoers file.  Bug #934.

PR:		248179
Submitted by:	cy
Reported by:	cy
Approved by:	garga
Obtained from:	sudo-announce mailing list
MFH:		2020Q3 (because of regression fix)

security/sudo: Update to 1.9.1

* Add new option PYTHON that enables python plugin support

PR:		246472
Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
Sponsored by:	Rubicon Communications, LLC (Netgate)

- Update WWW

Approved by:	portmgr blanket

security/sudo: Update to 1.8.31p1

Sponsored by:	Rubicon Communications, LLC (Netgate)

security/sudo update 1.8.30 --> 1.8.31

PR:		243745
Submitted by:	cy@
Reported by:	cy@
Approved by:	garga@
MFH:		2020Q1
Security:	 CVE-2019-18634

Update 1.8.29 --> 1.8.30

PR:		243009
Submitted by:	cy
Approved by:	garga (maintainer)
MFH:		2020Q1

security/sudo: Update to 1.8.29

Sponsored by:	Rubicon Communications, LLC (Netgate)

security/sudo: Fix wrong version added in r514607 using PORTVERSION

Reported by:	Herbert J. Skuhra <herbert@gojira.at>
Sponsored by:	Rubicon Communications, LLC (Netgate)

security/sudo: Update to 1.8.28p1

MFH:		2019Q4
Sponsored by:	Rubicon Communications, LLC (Netgate)

security/sudo: Update to 1.8.28

Sponsored by:	Rubicon Communications, LLC (Netgate)

security/sudo: Fix listpw=never

When listpw=never is set, 'sudo -l' is expected to run without asking for a
password.

PR:		234756
Reported by:	vas@mpeks.tomsk.su
Obtained from:	https://bugzilla.sudo.ws/show_bug.cgi?id=869
Sponsored by:	Rubicon Communications, LLC (Netgate)

Update 1.8.26 --> 1.8.27

Notable changes:

 * Fixes and clarifications to the sudo plugin documentation.

 * The sudo manuals no longer require extensive post-processing to
   hide system-specific features.  Conditionals in the roff source
   are now used instead.  This fixes corruption of the sudo manual
   on systems without BSD login classes.  Bug #861.

 * If an I/O logging plugin is configured but the plugin does not
   actually log any I/O, sudo will no longer force the command to
   be run in a pseudo-tty.

security/sudo: Update to 1.8.26

PR:		233206 (based on)
Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
Sponsored by:	Rubicon Communications, LLC (Netgate)

Update security/sudo to 1.8.25p1

Sponsored by:	Rubicon Communications, LLC (Netgate)

security/sudo: Update to 1.8.25

Sponsored by:	Rubicon Communications, LLC (Netgate)

security/sudo: Update to 1.8.24

PR:		230739
Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
Sponsored by:	Rubicon Communications, LLC (Netgate)

Add --rundir definition to CONFIGURE_ARGS to make sure configure script uses
/var/run/sudo. Without it, on a system that has /run directory, configure
will by default define rundir to /run/sudo

Reported by:	Walter Schwarzenfeld <w.schwarzenfeld@utanet.at>
Sponsored by:	Rubicon Communications, LLC (Netgate)

Fix PLIST without LDAP

PR:		227926
Reported by:	O. Hartmann
Sponsored by:	Rubicon Communications, LLC (Netgate)

Update security/sudo to 1.8.23

PR:		227900
Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
Sponsored by:	Rubicon Communications, LLC (Netgate)

Add a new version of the patch committed in r468197 that fixes a regression
introduced by that version.

PR:		223587
Submitted by:	Todd C. Miller <Todd.Miller@sudo.ws>
Reported by:	vas@mpeks.tomsk.su
Obtained from:	https://bugzilla.sudo.ws/show_bug.cgi?id=831
MFH:		2018Q2
Sponsored by:	Rubicon Communications, LLC (Netgate)

Add a patch to fix cryptographic digest in command specification for shell
scripts and other interpreted files. Error happens because fexecve() requires
/dev/fd to be mounted. This patch detects if /dev/fd/N exists before attempt
to use fexecve and workaround the issue.

PR:		223587
Submitted by:	Todd C. Miller <Todd.Miller@sudo.ws>
Reported by:	vas@mpeks.tomsk.su
Obtained from:	https://bugzilla.sudo.ws/show_bug.cgi?id=831
MFH:		2018Q2
Sponsored by:	Rubicon Communications, LLC (Netgate)

Last commit was supposed to be a local change for testing. Patch was not yet
ready for production. Reverting it for now.

Add a patch to fix cryptographic digest in command specification for shell
scripts and other interpreted files. Error happens because fexecve() requires
/dev/fd to be mounted. This patch detects if /dev/fd/N exists before attempt
to use fexecve and workaround the issue.

PR:		223587
Submitted by:	Todd C. Miller <Todd.Miller@sudo.ws>
Reported by:	vas@mpeks.tomsk.su
Obtained from:	https://www.sudo.ws/repos/sudo/rev/30f7c5d64104
MFH:		2018Q2
Sponsored by:	Rubicon Communications, LLC (Netgate)

- Add new options to security/sudo to make it possible to build it with
  kerberos support.
- Bump PORTREVISION

PR:		225498
Submitted by:	Cullum Smith <cullum@c0ffee.net>
Sponsored by:	Rubicon Communications, LLC (Netgate)

Add an example of prompt that shows which user password is being expected.
It's useful when targetpw option is set to avoid confusion. PORTREVISION was
not bumped because a new commit is going to happen soon with one more change
and it will bump it.

PR:		221264
Submitted by:	Rebecca Cran <rebecca@bluestop.org>
Sponsored by:	Rubicon Communications, LLC (Netgate)

Update security/sudo to 1.8.22

Sponsored by:	Rubicon Communications, LLC (Netgate)

Pull in an upstream patch for security/sudo to not coredump if the hostname is
not set.

PR:		222510
Approved by:	garga

Update security/sudo to 1.8.21p2

PR:		222194
Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
Sponsored by:	Rubicon Communications, LLC (Netgate)

Update security/sudo to 1.8.21p1

- Update security/sudo to 1.8.21

PR:		221874
Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
		bdrewery (SIGINFO fix)
Sponsored by:	Rubicon Communications, LLC (Netgate)

- Fix sudo sending a 2nd SIGINFO on ^T to processes, which is already
  handled by the kernel sending it to the entire controlling terminal's
  process group.
  - This fixes ^T with 'sudo poudriere ...' showing a status log twice.
  - This is intended to be upstreamed.

Approved by:	garga (maintainer)
Tested by:	swills, bdrewery
Reviewed/Discussed with:	kib
Reported by:	kwm, swills, bapt, dim, kib, many others
MFH:		2017Q3

Fix the way ${PREFIX}/etc/sudoers.d is handled removing the workaround added in
r260609 and using @dir

PR:		220234
Submitted by:	Jose Luis Duran <jlduran@gmail.com>
Sponsored by:	Rubicon Communications (Netgate)

Starting in 1.8.20, the sample sudoers file has been installed twice,
once as sudoers.sample and once as sudoers.dist. Remove one of them.

PR:		219708
Submitted by:	mat
Approved by:	maintainer timeout
Sponsored by:	Absolight

Update security/sudo to 1.8.20p2

Sponsored by:	Rubicon Communications (Netgate)

Update 1.8.20 --> 1.8.20p1

This release fixes a potential security issue that may allow a user to
bypass the "tty_ticket" constraints or overwrite an arbitrary file.
The issue is reported to only be present on Linux systems but I don't
think it hurts to update the FreeBSD port at this time.

Approved by:		garga@ (maintainer)
MFH:			2017Q2
Differential Revision:	D10997

Update security/sudo to 1.8.20

Sponsored by:	Rubicon Communications (Netgate)

Update 1.8.19p1 --> 1.8.19p2.

Major changes between sudo 1.8.19p2 and 1.8.19p1:

 * Fixed a crash in visudo introduced in sudo 1.8.9 when an IP address
   or network is used in a host-based Defaults entry.  Bug #766

 * Added a missing check for the ignore_iolog_errors flag when
   the sudoers plugin generates the I/O log file path name.

 * Fixed a typo in sudo's vsyslog() replacement that resulted in
   garbage being logged to syslog.

Approved by:	garga (maintainer)
MFH:		2917Q1
Differential Revision:	D9181

Update 1.8.19 --> 1.8.19p1

As per sudo announcement:

 * Fixed a bug introduced in sudo 1.8.19 that resulted in the wrong
   syslog priority and facility being used.

PR:		215447
Submitted by:	myself (in pr 215447)
Approved by:	garga (maintainer)