[gentoo-commits] repo/gentoo:master commit in: app-admin/sudo/, app-admin/sudo/files/

[gentoo-commits] repo/gentoo:master commit in: app-admin/sudo/, app-admin/sudo/files/

[Doug Goldstein]

commit:     21f8d167c044a4a6846b97ce78c7e52ce7497936
Author:     Doug Goldstein <cardoe <AT> gentoo <DOT> org>
AuthorDate: Tue Mar  8 15:03:42 2016 +0000
Commit:     Doug Goldstein <cardoe <AT> gentoo <DOT> org>
CommitDate: Tue Mar  8 15:04:11 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=21f8d167

app-admin/sudo: remove vulnerable versions

Clean up versions vulnerable to CVE-2015-5602

Gentoo-Bug: 564774

Package-Manager: portage-2.2.26
Signed-off-by: Doug Goldstein <cardoe <AT> gentoo.org>

 app-admin/sudo/Manifest                            |   2 -
 .../files/sudo-1.8.12-include-sys-types-h.patch    | 146 ---------------
 app-admin/sudo/sudo-1.8.12.ebuild                  | 197 ---------------------
 app-admin/sudo/sudo-1.8.14_p3.ebuild               | 196 --------------------
 4 files changed, 541 deletions(-)

diff --git a/app-admin/sudo/Manifest b/app-admin/sudo/Manifest
index 91f8db9..185cd43 100644
--- a/app-admin/sudo/Manifest
+++ b/app-admin/sudo/Manifest
@@ -1,3 +1 @@
-DIST sudo-1.8.12.tar.gz 2493373 SHA256 163b51841de8ad19276581a6782d61f5948f1f72a0a843371a1c167d3dc4f3b0 SHA512 1815343eceb7cfa6e37c961ce1c68cf96fc290356b92078d6d24a2c85d8b7a7236df78d3ff7f5e30eba492dc8407346d884e01c0b989eef4414156cfec80b67b WHIRLPOOL 0d9e618937a08b9bf74aaebf12f5b9f96afd827728f90fa95b6a2a4f932cc84240d56674aa903062247068ec5aa3369b14bad64130caeb313330286510c2d3f6
-DIST sudo-1.8.14p3.tar.gz 2570892 SHA256 a8a697cbb113859058944850d098464618254804cf97961dee926429f00a1237 SHA512 022e75a4171c0d9b87569adc5b08afc1b8f2adb7dbc6c80dfb737029dbca560a08e317ce37f117b614f36b54666ed01559a72d0c92523a5a2ee3531f520d7a2b WHIRLPOOL 143ff1c464b539e79172cd0340a089739207d2b99fc01d183a27b24b5172c834d6ed0f7258116542ffa559a3a4c3540924261170655dd7bedb449f8d93496bbd
 DIST sudo-1.8.15.tar.gz 2660128 SHA256 4316381708324da8b6cb151f655c1a11855207c7c02244d8ffdea5104d7cc308 SHA512 f2bff92104ddc4cbea8c788da446043cbfe02c977cedf18d46b1c82e98d7227432cb5a61233e7a06af84e3637f906edd5e02bb88c03a2ce4a16df410469a5dab WHIRLPOOL 3da64eda51f22d7fc0ea76f0693e9960d511b7c762b5d6237318d17436fd64b58ae90caa9bf4e125ebee70b83eac7cba2c7451fb62fafd8ee3d133c4ae2037b9

diff --git a/app-admin/sudo/files/sudo-1.8.12-include-sys-types-h.patch b/app-admin/sudo/files/sudo-1.8.12-include-sys-types-h.patch
deleted file mode 100644
index f337486..0000000
--- a/app-admin/sudo/files/sudo-1.8.12-include-sys-types-h.patch
+++ /dev/null
@@ -1,146 +0,0 @@
-This fixes builds on uClibc and musl.  See
-https://bugs.gentoo.org/show_bug.cgi?id=544756
-
-This patch is a slight modification of uptream commits:
-http://www.sudo.ws/repos/sudo/rev/86eb67f3c41a
-http://www.sudo.ws/repos/sudo/rev/e0794f05e95c
-
-diff -Naur sudo-1.8.12.orig/lib/util/getopt_long.c sudo-1.8.12/lib/util/getopt_long.c
---- sudo-1.8.12.orig/lib/util/getopt_long.c	2015-02-09 18:40:10.000000000 +0000
-+++ sudo-1.8.12/lib/util/getopt_long.c	2015-04-10 19:21:20.337032782 +0000
-@@ -52,6 +52,7 @@
- 
- #include <config.h>
- 
-+#include <sys/types.h>
- #include <stdio.h>
- #ifdef STDC_HEADERS
- # include <stdlib.h>
-diff -Naur sudo-1.8.12.orig/lib/util/mksiglist.c sudo-1.8.12/lib/util/mksiglist.c
---- sudo-1.8.12.orig/lib/util/mksiglist.c	2015-02-09 18:40:10.000000000 +0000
-+++ sudo-1.8.12/lib/util/mksiglist.c	2015-04-10 19:22:38.719856268 +0000
-@@ -43,6 +43,7 @@
- #include "mksiglist.h"
- 
-     printf("#include <config.h>\n");
-+    printf("#include <sys/types.h>\n");
-     printf("#include <signal.h>\n");
-     printf("#include \"sudo_compat.h\"\n\n");
-     printf("const char *const sudo_sys_siglist[NSIG] = {\n");
-diff -Naur sudo-1.8.12.orig/lib/util/mksigname.c sudo-1.8.12/lib/util/mksigname.c
---- sudo-1.8.12.orig/lib/util/mksigname.c	2015-02-09 18:40:10.000000000 +0000
-+++ sudo-1.8.12/lib/util/mksigname.c	2015-04-10 19:22:10.738491394 +0000
-@@ -43,6 +43,7 @@
- #include "mksigname.h"
- 
-     printf("#include <config.h>\n");
-+    printf("#include <sys/types.h>\n");
-     printf("#include <signal.h>\n");
-     printf("#include \"sudo_compat.h\"\n\n");
-     printf("const char *const sudo_sys_signame[NSIG] = {\n");
-diff -Naur sudo-1.8.12.orig/lib/util/regress/fnmatch/fnm_test.c sudo-1.8.12/lib/util/regress/fnmatch/fnm_test.c
---- sudo-1.8.12.orig/lib/util/regress/fnmatch/fnm_test.c	2015-02-09 18:40:10.000000000 +0000
-+++ sudo-1.8.12/lib/util/regress/fnmatch/fnm_test.c	2015-04-10 19:21:20.340032928 +0000
-@@ -6,6 +6,7 @@
- 
- #include <config.h>
- 
-+#include <sys/types.h>
- #include <stdio.h>
- #include <stdlib.h>
- #ifdef HAVE_STRING_H
-diff -Naur sudo-1.8.12.orig/lib/util/regress/glob/globtest.c sudo-1.8.12/lib/util/regress/glob/globtest.c
---- sudo-1.8.12.orig/lib/util/regress/glob/globtest.c	2015-02-09 18:40:10.000000000 +0000
-+++ sudo-1.8.12/lib/util/regress/glob/globtest.c	2015-04-10 19:21:20.341032977 +0000
-@@ -6,6 +6,7 @@
- 
- #include <config.h>
- 
-+#include <sys/types.h>
- #include <stdio.h>
- #include <stdlib.h>
- #ifdef HAVE_STRING_H
-diff -Naur sudo-1.8.12.orig/lib/util/sha2.c sudo-1.8.12/lib/util/sha2.c
---- sudo-1.8.12.orig/lib/util/sha2.c	2015-02-09 18:40:09.000000000 +0000
-+++ sudo-1.8.12/lib/util/sha2.c	2015-04-10 19:21:20.342033026 +0000
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2013 Todd C. Miller <Todd.Miller@courtesan.com>
-+ * Copyright (c) 2013-2015 Todd C. Miller <Todd.Miller@courtesan.com>
-  *
-  * Permission to use, copy, modify, and distribute this software for any
-  * purpose with or without fee is hereby granted, provided that the above
-@@ -25,6 +25,7 @@
- 
- #include <config.h>
- 
-+#include <sys/types.h>
- #include <stdio.h>
- #ifdef STDC_HEADERS
- # include <stdlib.h>
-diff -Naur sudo-1.8.12.orig/plugins/sudoers/regress/parser/check_base64.c sudo-1.8.12/plugins/sudoers/regress/parser/check_base64.c
---- sudo-1.8.12.orig/plugins/sudoers/regress/parser/check_base64.c	2015-02-09 18:40:10.000000000 +0000
-+++ sudo-1.8.12/plugins/sudoers/regress/parser/check_base64.c	2015-04-10 19:21:20.342033026 +0000
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2013 Todd C. Miller <Todd.Miller@courtesan.com>
-+ * Copyright (c) 2013-2015 Todd C. Miller <Todd.Miller@courtesan.com>
-  *
-  * Permission to use, copy, modify, and distribute this software for any
-  * purpose with or without fee is hereby granted, provided that the above
-@@ -16,6 +16,7 @@
- 
- #include <config.h>
- 
-+#include <sys/types.h>
- #include <stdio.h>
- #ifdef STDC_HEADERS
- # include <stdlib.h>
-diff -Naur sudo-1.8.12.orig/plugins/sudoers/regress/parser/check_digest.c sudo-1.8.12/plugins/sudoers/regress/parser/check_digest.c
---- sudo-1.8.12.orig/plugins/sudoers/regress/parser/check_digest.c	2015-02-09 18:40:10.000000000 +0000
-+++ sudo-1.8.12/plugins/sudoers/regress/parser/check_digest.c	2015-04-10 19:21:20.343033075 +0000
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2013 Todd C. Miller <Todd.Miller@courtesan.com>
-+ * Copyright (c) 2013-2015 Todd C. Miller <Todd.Miller@courtesan.com>
-  *
-  * Permission to use, copy, modify, and distribute this software for any
-  * purpose with or without fee is hereby granted, provided that the above
-@@ -16,6 +16,7 @@
- 
- #include <config.h>
- 
-+#include <sys/types.h>
- #include <stdio.h>
- #ifdef STDC_HEADERS
- # include <stdlib.h>
-diff -Naur sudo-1.8.12.orig/plugins/sudoers/regress/parser/check_hexchar.c sudo-1.8.12/plugins/sudoers/regress/parser/check_hexchar.c
---- sudo-1.8.12.orig/plugins/sudoers/regress/parser/check_hexchar.c	2015-02-09 18:40:10.000000000 +0000
-+++ sudo-1.8.12/plugins/sudoers/regress/parser/check_hexchar.c	2015-04-10 19:21:20.344033124 +0000
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2014 Todd C. Miller <Todd.Miller@courtesan.com>
-+ * Copyright (c) 2014-2015 Todd C. Miller <Todd.Miller@courtesan.com>
-  *
-  * Permission to use, copy, modify, and distribute this software for any
-  * purpose with or without fee is hereby granted, provided that the above
-@@ -16,6 +16,7 @@
- 
- #include <config.h>
- 
-+#include <sys/types.h>
- #include <stdio.h>
- #ifdef STDC_HEADERS
- # include <stdlib.h>
-diff -Naur sudo-1.8.12.orig/plugins/sudoers/solaris_audit.c sudo-1.8.12/plugins/sudoers/solaris_audit.c
---- sudo-1.8.12.orig/plugins/sudoers/solaris_audit.c	2015-02-09 18:53:54.000000000 +0000
-+++ sudo-1.8.12/plugins/sudoers/solaris_audit.c	2015-04-10 19:21:20.345033172 +0000
-@@ -15,6 +15,8 @@
-  */
- 
- #include <config.h>
-+
-+#include <sys/types.h>
- #include <stdarg.h>
- #include <stdio.h>
- #include <stdlib.h>

diff --git a/app-admin/sudo/sudo-1.8.12.ebuild b/app-admin/sudo/sudo-1.8.12.ebuild
deleted file mode 100644
index d1ed25e..0000000
--- a/app-admin/sudo/sudo-1.8.12.ebuild
+++ /dev/null
@@ -1,197 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-inherit eutils pam multilib libtool
-
-MY_P=${P/_/}
-MY_P=${MY_P/beta/b}
-
-uri_prefix=
-case ${P} in
-*_beta*|*_rc*) uri_prefix=beta/ ;;
-esac
-
-DESCRIPTION="Allows users or groups to run commands as other users"
-HOMEPAGE="http://www.sudo.ws/"
-SRC_URI="http://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
-	ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"
-
-# Basic license is ISC-style as-is, some files are released under
-# 3-clause BSD license
-LICENSE="ISC BSD"
-SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~sparc-solaris"
-IUSE="ldap nls pam offensive selinux skey +sendmail"
-
-DEPEND="pam? ( virtual/pam )
-	skey? ( >=sys-auth/skey-1.1.5-r1 )
-	ldap? (
-		>=net-nds/openldap-2.1.30-r1
-		dev-libs/cyrus-sasl
-	)
-	sys-libs/zlib"
-RDEPEND="${DEPEND}
-	selinux? ( sec-policy/selinux-sudo )
-	ldap? ( dev-lang/perl )
-	pam? ( sys-auth/pambase )
-	>=app-misc/editor-wrapper-3
-	virtual/editor
-	sendmail? ( virtual/mta )"
-DEPEND="${DEPEND}
-	sys-devel/bison"
-
-S=${WORKDIR}/${MY_P}
-
-REQUIRED_USE="pam? ( !skey ) skey? ( !pam )"
-
-MAKEOPTS+=" SAMPLES="
-
-src_prepare() {
-	epatch "${FILESDIR}"/${P}-include-sys-types-h.patch
-	elibtoolize
-}
-
-set_rootpath() {
-	# FIXME: secure_path is a compile time setting. using ROOTPATH
-	# is not perfect, env-update may invalidate this, but until it
-	# is available as a sudoers setting this will have to do.
-	einfo "Setting secure_path ..."
-
-	# first extract the default ROOTPATH from build env
-	ROOTPATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; echo "${ROOTPATH}")
-	if [[ -z ${ROOTPATH} ]] ; then
-		ewarn "	Failed to find ROOTPATH, please report this"
-	fi
-
-	# then remove duplicate path entries
-	cleanpath() {
-		local newpath thisp IFS=:
-		for thisp in $1 ; do
-			if [[ :${newpath}: != *:${thisp}:* ]] ; then
-				newpath+=:$thisp
-			else
-				einfo "   Duplicate entry ${thisp} removed..."
-			fi
-		done
-		ROOTPATH=${newpath#:}
-	}
-	cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}}
-
-	# finally, strip gcc paths #136027
-	rmpath() {
-		local e newpath thisp IFS=:
-		for thisp in ${ROOTPATH} ; do
-			for e ; do [[ $thisp == $e ]] && continue 2 ; done
-			newpath+=:$thisp
-		done
-		ROOTPATH=${newpath#:}
-	}
-	rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*'
-
-	einfo "... done"
-}
-
-src_configure() {
-	local ROOTPATH
-	set_rootpath
-
-	# audit: somebody got to explain me how I can test this before I
-	# enable it.. - Diego
-	# plugindir: autoconf code is crappy and does not delay evaluation
-	# until `make` time, so we have to use a full path here rather than
-	# basing off other values.
-	econf \
-		--enable-zlib=system \
-		--with-secure-path="${ROOTPATH}" \
-		--with-editor="${EPREFIX}"/usr/libexec/editor \
-		--with-env-editor \
-		$(use_with offensive insults) \
-		$(use_with offensive all-insults) \
-		$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) \
-		$(use_with ldap) \
-		$(use_enable nls) \
-		$(use_with pam) \
-		$(use_with skey) \
-		$(use_with selinux) \
-		$(use_with sendmail) \
-		--without-opie \
-		--without-linux-audit \
-		--with-rundir="${EPREFIX}"/var/run/sudo \
-		--with-vardir="${EPREFIX}"/var/db/sudo \
-		--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo \
-		--docdir="${EPREFIX}"/usr/share/doc/${PF}
-}
-
-src_install() {
-	default
-
-	if use ldap ; then
-		dodoc README.LDAP doc/schema.OpenLDAP
-		dosbin plugins/sudoers/sudoers2ldif
-
-		cat <<-EOF > "${T}"/ldap.conf.sudo
-		# See ldap.conf(5) and README.LDAP for details
-		# This file should only be readable by root
-
-		# supported directives: host, port, ssl, ldap_version
-		# uri, binddn, bindpw, sudoers_base, sudoers_debug
-		# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key
-		EOF
-
-		insinto /etc
-		doins "${T}"/ldap.conf.sudo
-		fperms 0440 /etc/ldap.conf.sudo
-	fi
-
-	pamd_mimic system-auth sudo auth account session
-
-	keepdir /var/db/sudo
-	fperms 0700 /var/db/sudo
-
-	# Don't install into /var/run as that is a tmpfs most of the time
-	# (bug #504854)
-	rm -rf "${D}"/var/run
-}
-
-pkg_postinst() {
-	if use ldap ; then
-		ewarn
-		ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."
-		ewarn
-		if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then
-			ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"
-			ewarn "configured in /etc/nsswitch.conf."
-			ewarn
-			ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:"
-			ewarn "  sudoers: ldap files"
-			ewarn
-		fi
-	fi
-	if use prefix ; then
-		ewarn
-		ewarn "To use sudo, you need to change file ownership and permissions"
-		ewarn "with root privileges, as follows:"
-		ewarn
-		ewarn "  # chown root:root ${EPREFIX}/usr/bin/sudo"
-		ewarn "  # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"
-		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers"
-		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers.d"
-		ewarn "  # chown root:root ${EPREFIX}/var/db/sudo"
-		ewarn "  # chmod 4111 ${EPREFIX}/usr/bin/sudo"
-		ewarn
-	fi
-
-	elog "To use the -A (askpass) option, you need to install a compatible"
-	elog "password program from the following list. Starred packages will"
-	elog "automatically register for the use with sudo (but will not force"
-	elog "the -A option):"
-	elog ""
-	elog " [*] net-misc/ssh-askpass-fullscreen"
-	elog "     net-misc/x11-ssh-askpass"
-	elog ""
-	elog "You can override the choice by setting the SUDO_ASKPASS environmnent"
-	elog "variable to the program you want to use."
-}

diff --git a/app-admin/sudo/sudo-1.8.14_p3.ebuild b/app-admin/sudo/sudo-1.8.14_p3.ebuild
deleted file mode 100644
index c4e80af..0000000
--- a/app-admin/sudo/sudo-1.8.14_p3.ebuild
+++ /dev/null
@@ -1,196 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-inherit eutils pam multilib libtool
-
-MY_P=${P/_/}
-MY_P=${MY_P/beta/b}
-
-uri_prefix=
-case ${P} in
-*_beta*|*_rc*) uri_prefix=beta/ ;;
-esac
-
-DESCRIPTION="Allows users or groups to run commands as other users"
-HOMEPAGE="http://www.sudo.ws/"
-SRC_URI="http://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
-	ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"
-
-# Basic license is ISC-style as-is, some files are released under
-# 3-clause BSD license
-LICENSE="ISC BSD"
-SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~sparc-solaris"
-IUSE="ldap nls pam offensive selinux skey +sendmail"
-
-DEPEND="pam? ( virtual/pam )
-	skey? ( >=sys-auth/skey-1.1.5-r1 )
-	ldap? (
-		>=net-nds/openldap-2.1.30-r1
-		dev-libs/cyrus-sasl
-	)
-	sys-libs/zlib"
-RDEPEND="${DEPEND}
-	selinux? ( sec-policy/selinux-sudo )
-	ldap? ( dev-lang/perl )
-	pam? ( sys-auth/pambase )
-	>=app-misc/editor-wrapper-3
-	virtual/editor
-	sendmail? ( virtual/mta )"
-DEPEND="${DEPEND}
-	sys-devel/bison"
-
-S=${WORKDIR}/${MY_P}
-
-REQUIRED_USE="pam? ( !skey ) skey? ( !pam )"
-
-MAKEOPTS+=" SAMPLES="
-
-src_prepare() {
-	elibtoolize
-}
-
-set_rootpath() {
-	# FIXME: secure_path is a compile time setting. using ROOTPATH
-	# is not perfect, env-update may invalidate this, but until it
-	# is available as a sudoers setting this will have to do.
-	einfo "Setting secure_path ..."
-
-	# first extract the default ROOTPATH from build env
-	ROOTPATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; echo "${ROOTPATH}")
-	if [[ -z ${ROOTPATH} ]] ; then
-		ewarn "	Failed to find ROOTPATH, please report this"
-	fi
-
-	# then remove duplicate path entries
-	cleanpath() {
-		local newpath thisp IFS=:
-		for thisp in $1 ; do
-			if [[ :${newpath}: != *:${thisp}:* ]] ; then
-				newpath+=:$thisp
-			else
-				einfo "   Duplicate entry ${thisp} removed..."
-			fi
-		done
-		ROOTPATH=${newpath#:}
-	}
-	cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}}
-
-	# finally, strip gcc paths #136027
-	rmpath() {
-		local e newpath thisp IFS=:
-		for thisp in ${ROOTPATH} ; do
-			for e ; do [[ $thisp == $e ]] && continue 2 ; done
-			newpath+=:$thisp
-		done
-		ROOTPATH=${newpath#:}
-	}
-	rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*'
-
-	einfo "... done"
-}
-
-src_configure() {
-	local ROOTPATH
-	set_rootpath
-
-	# audit: somebody got to explain me how I can test this before I
-	# enable it.. - Diego
-	# plugindir: autoconf code is crappy and does not delay evaluation
-	# until `make` time, so we have to use a full path here rather than
-	# basing off other values.
-	econf \
-		--enable-zlib=system \
-		--with-secure-path="${ROOTPATH}" \
-		--with-editor="${EPREFIX}"/usr/libexec/editor \
-		--with-env-editor \
-		$(use_with offensive insults) \
-		$(use_with offensive all-insults) \
-		$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) \
-		$(use_with ldap) \
-		$(use_enable nls) \
-		$(use_with pam) \
-		$(use_with skey) \
-		$(use_with selinux) \
-		$(use_with sendmail) \
-		--without-opie \
-		--without-linux-audit \
-		--with-rundir="${EPREFIX}"/var/run/sudo \
-		--with-vardir="${EPREFIX}"/var/db/sudo \
-		--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo \
-		--docdir="${EPREFIX}"/usr/share/doc/${PF}
-}
-
-src_install() {
-	default
-
-	if use ldap ; then
-		dodoc README.LDAP doc/schema.OpenLDAP
-		dosbin plugins/sudoers/sudoers2ldif
-
-		cat <<-EOF > "${T}"/ldap.conf.sudo
-		# See ldap.conf(5) and README.LDAP for details
-		# This file should only be readable by root
-
-		# supported directives: host, port, ssl, ldap_version
-		# uri, binddn, bindpw, sudoers_base, sudoers_debug
-		# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key
-		EOF
-
-		insinto /etc
-		doins "${T}"/ldap.conf.sudo
-		fperms 0440 /etc/ldap.conf.sudo
-	fi
-
-	pamd_mimic system-auth sudo auth account session
-
-	keepdir /var/db/sudo
-	fperms 0700 /var/db/sudo
-
-	# Don't install into /var/run as that is a tmpfs most of the time
-	# (bug #504854)
-	rm -rf "${D}"/var/run
-}
-
-pkg_postinst() {
-	if use ldap ; then
-		ewarn
-		ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."
-		ewarn
-		if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then
-			ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"
-			ewarn "configured in /etc/nsswitch.conf."
-			ewarn
-			ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:"
-			ewarn "  sudoers: ldap files"
-			ewarn
-		fi
-	fi
-	if use prefix ; then
-		ewarn
-		ewarn "To use sudo, you need to change file ownership and permissions"
-		ewarn "with root privileges, as follows:"
-		ewarn
-		ewarn "  # chown root:root ${EPREFIX}/usr/bin/sudo"
-		ewarn "  # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"
-		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers"
-		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers.d"
-		ewarn "  # chown root:root ${EPREFIX}/var/db/sudo"
-		ewarn "  # chmod 4111 ${EPREFIX}/usr/bin/sudo"
-		ewarn
-	fi
-
-	elog "To use the -A (askpass) option, you need to install a compatible"
-	elog "password program from the following list. Starred packages will"
-	elog "automatically register for the use with sudo (but will not force"
-	elog "the -A option):"
-	elog ""
-	elog " [*] net-misc/ssh-askpass-fullscreen"
-	elog "     net-misc/x11-ssh-askpass"
-	elog ""
-	elog "You can override the choice by setting the SUDO_ASKPASS environmnent"
-	elog "variable to the program you want to use."
-}

[gentoo-commits] repo/gentoo:master commit in: app-admin/sudo/, app-admin/sudo/files/

[Lars Wendler]

commit:     c11c2b56f0938b3f3c0d46c8b17af61bae075174
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Nov  7 09:52:58 2019 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Nov  7 09:54:22 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c11c2b56

app-admin/sudo: Revbumps to fix error message with USE="-pam"

Reported-by: Saul Peebsen <jaglover <AT> gmail.com>
Tested-by: Saul Peebsen <jaglover <AT> gmail.com>
Closes: https://bugs.gentoo.org/698946
Package-Manager: Portage-2.3.78, Repoman-2.3.17
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 .../sudo-1.8.28-no_pam_error_message_fix.patch     | 46 ++++++++++++++++++++++
 ....8.28_p1-r1.ebuild => sudo-1.8.28_p1-r2.ebuild} |  4 ++
 ...sudo-1.8.29-r1.ebuild => sudo-1.8.29-r2.ebuild} |  4 ++
 3 files changed, 54 insertions(+)

diff --git a/app-admin/sudo/files/sudo-1.8.28-no_pam_error_message_fix.patch b/app-admin/sudo/files/sudo-1.8.28-no_pam_error_message_fix.patch
new file mode 100644
index 00000000000..6931ea26c3b
--- /dev/null
+++ b/app-admin/sudo/files/sudo-1.8.28-no_pam_error_message_fix.patch
@@ -0,0 +1,46 @@
+
+# HG changeset patch
+# User Todd C. Miller <Todd.Miller@sudo.ws>
+# Date 1573059314 25200
+# Node ID f85ff5ee2caf19cefca67ae49c1d6048d61125cb
+# Parent  5cdcfd9a6c33a157a12f1b1893e397c3198b206b
+Do not warn about a missing /etc/environment file on Linux without PAM.
+Bug #907
+
+diff -r 5cdcfd9a6c33 -r f85ff5ee2caf plugins/sudoers/env.c
+--- a/plugins/sudoers/env.c	Tue Nov 05 15:18:34 2019 -0700
++++ b/plugins/sudoers/env.c	Wed Nov 06 09:55:14 2019 -0700
+@@ -940,7 +940,8 @@
+ #endif /* HAVE_LOGIN_CAP_H */
+ #if defined(_AIX) || (defined(__linux__) && !defined(HAVE_PAM))
+ 	    /* Insert system-wide environment variables. */
+-	    read_env_file(_PATH_ENVIRONMENT, true, false);
++	    if (!read_env_file(_PATH_ENVIRONMENT, true, false))
++		sudo_warn("%s", _PATH_ENVIRONMENT);
+ #endif
+ 	    for (ep = env.envp; *ep; ep++)
+ 		env_update_didvar(*ep, &didvar);
+@@ -1218,8 +1219,10 @@
+     efl = calloc(1, sizeof(*efl));
+     if (efl != NULL) {
+ 	if ((efl->fp = fopen(path, "r")) == NULL) {
+-	    free(efl);
+-	    efl = NULL;
++	    if (errno != ENOENT) {
++		free(efl);
++		efl = NULL;
++	    }
+ 	}
+     }
+     debug_return_ptr(efl);
+@@ -1259,6 +1262,9 @@
+     debug_decl(env_file_next_local, SUDOERS_DEBUG_ENV)
+ 
+     *errnum = 0;
++    if (efl->fp == NULL)
++	debug_return_ptr(NULL);
++
+     for (;;) {
+ 	if (sudo_parseln(&efl->line, &efl->linesize, NULL, efl->fp, PARSELN_CONT_IGN) == -1) {
+ 	    if (!feof(efl->fp))
+

diff --git a/app-admin/sudo/sudo-1.8.28_p1-r1.ebuild b/app-admin/sudo/sudo-1.8.28_p1-r2.ebuild
similarity index 98%
rename from app-admin/sudo/sudo-1.8.28_p1-r1.ebuild
rename to app-admin/sudo/sudo-1.8.28_p1-r2.ebuild
index 06397f8cdcb..4c371226f1d 100644
--- a/app-admin/sudo/sudo-1.8.28_p1-r1.ebuild
+++ b/app-admin/sudo/sudo-1.8.28_p1-r2.ebuild
@@ -75,6 +75,10 @@ REQUIRED_USE="
 
 MAKEOPTS+=" SAMPLES="
 
+PATCHES=(
+	"${FILESDIR}/${PN}-1.8.28-no_pam_error_message_fix.patch" #698946
+)
+
 src_prepare() {
 	default
 	elibtoolize

diff --git a/app-admin/sudo/sudo-1.8.29-r1.ebuild b/app-admin/sudo/sudo-1.8.29-r2.ebuild
similarity index 98%
rename from app-admin/sudo/sudo-1.8.29-r1.ebuild
rename to app-admin/sudo/sudo-1.8.29-r2.ebuild
index 4aba6ef09a1..3f019d90fd0 100644
--- a/app-admin/sudo/sudo-1.8.29-r1.ebuild
+++ b/app-admin/sudo/sudo-1.8.29-r2.ebuild
@@ -75,6 +75,10 @@ REQUIRED_USE="
 
 MAKEOPTS+=" SAMPLES="
 
+PATCHES=(
+	"${FILESDIR}/${PN}-1.8.28-no_pam_error_message_fix.patch" #698946
+)
+
 src_prepare() {
 	default
 	elibtoolize

[gentoo-commits] repo/gentoo:master commit in: app-admin/sudo/, app-admin/sudo/files/

[Thomas Deutschmann]

commit:     28909837d2ce52371aac93d39b0f79297aad09f3
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Mar 30 15:21:30 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Mar 30 15:21:49 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=28909837

app-admin/sudo: security cleanup

Bug: https://bugs.gentoo.org/707574
Package-Manager: Portage-2.3.96, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 app-admin/sudo/Manifest                            |   3 -
 .../sudo-1.8.28-no_pam_error_message_fix.patch     |  46 ----
 app-admin/sudo/sudo-1.8.28_p1-r2.ebuild            | 267 ---------------------
 app-admin/sudo/sudo-1.8.29-r2.ebuild               | 267 ---------------------
 app-admin/sudo/sudo-1.8.30.ebuild                  | 263 --------------------
 5 files changed, 846 deletions(-)

diff --git a/app-admin/sudo/Manifest b/app-admin/sudo/Manifest
index 5c165d2900f..223a348e808 100644
--- a/app-admin/sudo/Manifest
+++ b/app-admin/sudo/Manifest
@@ -1,5 +1,2 @@
-DIST sudo-1.8.28p1.tar.gz 3310254 BLAKE2B a1810af7a42d05cce49bb9d0acf6f3731a5193e9e9c3b458691379131eb86d36995854d11c09525e8d999ed1da7e99cf170634667c5a444aa522b8f23db7d1aa SHA512 bda3de34c15fbb68fc29759542295560ccc1562b419d03709cea51613937e9b92ba689c79c3ef4858aeea90d3d1a4dc0148225b11b22cf82395ae1bad8cb1734
-DIST sudo-1.8.29.tar.gz 3338260 BLAKE2B 7ba29d155bfb1d7ba20e32ade2e8ee3919e70400b6c235e313052b247b48406b9a051e71daa7e47fdb0a9fd0889f4c05b8a1a170c027503b90081e8cec81660e SHA512 ea780922b2afb47df4df4b533fb355fd916cb18a6bfd13c7ca36a25b03ef585d805648c6fa85692bea363b1f83664ac3bc622f99bcd149b3a86f70522eb4d340
-DIST sudo-1.8.30.tar.gz 3349455 BLAKE2B 5e0aaa41f42c18cd0de473add3665adf797cd37eacfb4abfc9472814ea679c1e88e28e95e13a73eb7d9648174609d80a2d4eccf3bdf87a44186df07aeba60eee SHA512 d44831feabd92d736614239e0e0f086829d84b213c98524fffb4b926a96715b1156538a7ab5e0b6e0db8be67a6e24a1642b3648105b076d23b58c39d0dd947af
 DIST sudo-1.8.31.tar.gz 3350674 BLAKE2B de5a968732fdd58933b4c513d13c43a08cb50075a00c3e0d338c9892570a416a2b3a8f19940c0893715f4eeab991e804831a87ef656ffd91e7f1ba047c119261 SHA512 b9e408a322938c7a712458e9012d8a5f648fba5b23a5057cf5d8372c7f931262595f1575c32c32b9cb1a04af670ff4611e7df48d197e5c4cc038d6b65439a28a
 DIST sudo-1.8.31p1.tar.gz 3351312 BLAKE2B 85775ef574a3a1a9cc749809fe81f8350f7a4e3f46a905bc3392790b20bb7bc8e3c99fb504e01776f3a92aa6afa7972d3ff1c071aadd3a08ee1d2281f8b9ba50 SHA512 9344fd1d8a8445e8afb9c5628cdc832fe32ea29199f071f35fb6ec694371801556df560f4382afec199f468b1f3264ad5e3a89e964612e571b8d911f823724cc

diff --git a/app-admin/sudo/files/sudo-1.8.28-no_pam_error_message_fix.patch b/app-admin/sudo/files/sudo-1.8.28-no_pam_error_message_fix.patch
deleted file mode 100644
index 6931ea26c3b..00000000000
--- a/app-admin/sudo/files/sudo-1.8.28-no_pam_error_message_fix.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-
-# HG changeset patch
-# User Todd C. Miller <Todd.Miller@sudo.ws>
-# Date 1573059314 25200
-# Node ID f85ff5ee2caf19cefca67ae49c1d6048d61125cb
-# Parent  5cdcfd9a6c33a157a12f1b1893e397c3198b206b
-Do not warn about a missing /etc/environment file on Linux without PAM.
-Bug #907
-
-diff -r 5cdcfd9a6c33 -r f85ff5ee2caf plugins/sudoers/env.c
---- a/plugins/sudoers/env.c	Tue Nov 05 15:18:34 2019 -0700
-+++ b/plugins/sudoers/env.c	Wed Nov 06 09:55:14 2019 -0700
-@@ -940,7 +940,8 @@
- #endif /* HAVE_LOGIN_CAP_H */
- #if defined(_AIX) || (defined(__linux__) && !defined(HAVE_PAM))
- 	    /* Insert system-wide environment variables. */
--	    read_env_file(_PATH_ENVIRONMENT, true, false);
-+	    if (!read_env_file(_PATH_ENVIRONMENT, true, false))
-+		sudo_warn("%s", _PATH_ENVIRONMENT);
- #endif
- 	    for (ep = env.envp; *ep; ep++)
- 		env_update_didvar(*ep, &didvar);
-@@ -1218,8 +1219,10 @@
-     efl = calloc(1, sizeof(*efl));
-     if (efl != NULL) {
- 	if ((efl->fp = fopen(path, "r")) == NULL) {
--	    free(efl);
--	    efl = NULL;
-+	    if (errno != ENOENT) {
-+		free(efl);
-+		efl = NULL;
-+	    }
- 	}
-     }
-     debug_return_ptr(efl);
-@@ -1259,6 +1262,9 @@
-     debug_decl(env_file_next_local, SUDOERS_DEBUG_ENV)
- 
-     *errnum = 0;
-+    if (efl->fp == NULL)
-+	debug_return_ptr(NULL);
-+
-     for (;;) {
- 	if (sudo_parseln(&efl->line, &efl->linesize, NULL, efl->fp, PARSELN_CONT_IGN) == -1) {
- 	    if (!feof(efl->fp))
-

diff --git a/app-admin/sudo/sudo-1.8.28_p1-r2.ebuild b/app-admin/sudo/sudo-1.8.28_p1-r2.ebuild
deleted file mode 100644
index 47224e32f95..00000000000
--- a/app-admin/sudo/sudo-1.8.28_p1-r2.ebuild
+++ /dev/null
@@ -1,267 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit pam multilib libtool tmpfiles
-
-MY_P="${P/_/}"
-MY_P="${MY_P/beta/b}"
-
-DESCRIPTION="Allows users or groups to run commands as other users"
-HOMEPAGE="https://www.sudo.ws/"
-if [[ ${PV} == "9999" ]] ; then
-	inherit mercurial
-	EHG_REPO_URI="https://www.sudo.ws/repos/sudo"
-else
-	uri_prefix=
-	case ${P} in
-		*_beta*|*_rc*) uri_prefix=beta/ ;;
-	esac
-
-	SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
-		ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"
-	if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then
-		KEYWORDS="~alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sparc x86 ~sparc-solaris"
-	fi
-fi
-
-# Basic license is ISC-style as-is, some files are released under
-# 3-clause BSD license
-LICENSE="ISC BSD"
-SLOT="0"
-IUSE="gcrypt ldap libressl nls offensive pam sasl +secure-path selinux +sendmail skey sssd system-digest"
-
-DEPEND="
-	sys-libs/zlib:=
-	ldap? (
-		>=net-nds/openldap-2.1.30-r1
-		sasl? (
-			dev-libs/cyrus-sasl
-			net-nds/openldap[sasl]
-		)
-	)
-	pam? ( sys-libs/pam )
-	sasl? ( dev-libs/cyrus-sasl )
-	skey? ( >=sys-auth/skey-1.1.5-r1 )
-	sssd? ( sys-auth/sssd[sudo] )
-	system-digest? (
-		gcrypt? ( dev-libs/libgcrypt:= )
-		!gcrypt? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:0= )
-		)
-	)
-"
-RDEPEND="
-	${DEPEND}
-	>=app-misc/editor-wrapper-3
-	virtual/editor
-	ldap? ( dev-lang/perl )
-	pam? ( sys-auth/pambase )
-	selinux? ( sec-policy/selinux-sudo )
-	sendmail? ( virtual/mta )
-"
-BDEPEND="
-	sys-devel/bison
-"
-
-S="${WORKDIR}/${MY_P}"
-
-REQUIRED_USE="
-	pam? ( !skey )
-	skey? ( !pam )
-"
-
-MAKEOPTS+=" SAMPLES="
-
-PATCHES=(
-	"${FILESDIR}/${PN}-1.8.28-no_pam_error_message_fix.patch" #698946
-)
-
-src_prepare() {
-	default
-	elibtoolize
-}
-
-set_secure_path() {
-	# FIXME: secure_path is a compile time setting. using PATH or
-	# ROOTPATH is not perfect, env-update may invalidate this, but until it
-	# is available as a sudoers setting this will have to do.
-	einfo "Setting secure_path ..."
-
-	# first extract the default ROOTPATH from build env
-	SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env;
-		echo "${ROOTPATH}")
-		case "${SECURE_PATH}" in
-			*/usr/sbin*) ;;
-			*) SECURE_PATH=$(unset PATH;
-				. "${EPREFIX}"/etc/profile.env; echo "${PATH}")
-				;;
-		esac
-	if [[ -z ${SECURE_PATH} ]] ; then
-		ewarn "	Failed to detect SECURE_PATH, please report this"
-	fi
-
-	# then remove duplicate path entries
-	cleanpath() {
-		local newpath thisp IFS=:
-		for thisp in $1 ; do
-			if [[ :${newpath}: != *:${thisp}:* ]] ; then
-				newpath+=:${thisp}
-			else
-				einfo "   Duplicate entry ${thisp} removed..."
-			fi
-		done
-		SECURE_PATH=${newpath#:}
-	}
-	cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}}
-
-	# finally, strip gcc paths #136027
-	rmpath() {
-		local e newpath thisp IFS=:
-		for thisp in ${SECURE_PATH} ; do
-			for e ; do [[ ${thisp} == ${e} ]] && continue 2 ; done
-			newpath+=:${thisp}
-		done
-		SECURE_PATH=${newpath#:}
-	}
-	rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*'
-
-	einfo "... done"
-}
-
-src_configure() {
-	local SECURE_PATH
-	set_secure_path
-
-	# audit: somebody got to explain me how I can test this before I
-	# enable it.. - Diego
-	# plugindir: autoconf code is crappy and does not delay evaluation
-	# until `make` time, so we have to use a full path here rather than
-	# basing off other values.
-	myeconfargs=(
-		--enable-zlib=system
-		--enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d
-		--with-editor="${EPREFIX}"/usr/libexec/editor
-		--with-env-editor
-		--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo
-		--with-rundir="${EPREFIX}"/run/sudo
-		$(use_with secure-path secure-path "${SECURE_PATH}")
-		--with-vardir="${EPREFIX}"/var/db/sudo
-		--without-linux-audit
-		--without-opie
-		$(use_enable gcrypt)
-		$(use_enable nls)
-		$(use_enable sasl)
-		$(use_with offensive insults)
-		$(use_with offensive all-insults)
-		$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)
-		$(use_with ldap)
-		$(use_with pam)
-		$(use_with skey)
-		$(use_with sssd)
-		$(use_with selinux)
-		$(use_with sendmail)
-	)
-
-	if use system-digest && ! use gcrypt; then
-		myeconfargs+=("--enable-openssl")
-	else
-		myeconfargs+=("--disable-openssl")
-	fi
-
-	econf "${myeconfargs[@]}"
-}
-
-src_install() {
-	default
-
-	if use ldap ; then
-		dodoc README.LDAP
-
-		cat <<-EOF > "${T}"/ldap.conf.sudo
-		# See ldap.conf(5) and README.LDAP for details
-		# This file should only be readable by root
-
-		# supported directives: host, port, ssl, ldap_version
-		# uri, binddn, bindpw, sudoers_base, sudoers_debug
-		# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}
-		EOF
-
-		if use sasl ; then
-			cat <<-EOF >> "${T}"/ldap.conf.sudo
-
-			# SASL directives: use_sasl, sasl_mech, sasl_auth_id
-			# sasl_secprops, rootuse_sasl, rootsasl_auth_id, krb5_ccname
-			EOF
-		fi
-
-		insinto /etc
-		doins "${T}"/ldap.conf.sudo
-		fperms 0440 /etc/ldap.conf.sudo
-
-		insinto /etc/openldap/schema
-		newins doc/schema.OpenLDAP sudo.schema
-	fi
-
-	pamd_mimic system-auth sudo auth account session
-
-	keepdir /var/db/sudo/lectured
-	fperms 0700 /var/db/sudo/lectured
-	fperms 0711 /var/db/sudo #652958
-
-	# Don't install into /run as that is a tmpfs most of the time
-	# (bug #504854)
-	rm -rf "${ED}"/run
-
-	find "${ED}" -type f -name "*.la" -delete || die #697812
-}
-
-pkg_postinst() {
-	tmpfiles_process sudo.conf
-
-	#652958
-	local sudo_db="${EROOT}/var/db/sudo"
-	if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then
-		chmod 711 "${sudo_db}" || die
-	fi
-
-	if use ldap ; then
-		ewarn
-		ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."
-		ewarn
-		if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then
-			ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"
-			ewarn "configured in /etc/nsswitch.conf."
-			ewarn
-			ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:"
-			ewarn "  sudoers: ldap files"
-			ewarn
-		fi
-	fi
-	if use prefix ; then
-		ewarn
-		ewarn "To use sudo, you need to change file ownership and permissions"
-		ewarn "with root privileges, as follows:"
-		ewarn
-		ewarn "  # chown root:root ${EPREFIX}/usr/bin/sudo"
-		ewarn "  # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"
-		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers"
-		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers.d"
-		ewarn "  # chown root:root ${EPREFIX}/var/db/sudo"
-		ewarn "  # chmod 4111 ${EPREFIX}/usr/bin/sudo"
-		ewarn
-	fi
-
-	elog "To use the -A (askpass) option, you need to install a compatible"
-	elog "password program from the following list. Starred packages will"
-	elog "automatically register for the use with sudo (but will not force"
-	elog "the -A option):"
-	elog ""
-	elog " [*] net-misc/ssh-askpass-fullscreen"
-	elog "     net-misc/x11-ssh-askpass"
-	elog ""
-	elog "You can override the choice by setting the SUDO_ASKPASS environmnent"
-	elog "variable to the program you want to use."
-}

diff --git a/app-admin/sudo/sudo-1.8.29-r2.ebuild b/app-admin/sudo/sudo-1.8.29-r2.ebuild
deleted file mode 100644
index da5146b1241..00000000000
--- a/app-admin/sudo/sudo-1.8.29-r2.ebuild
+++ /dev/null
@@ -1,267 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit pam multilib libtool tmpfiles
-
-MY_P="${P/_/}"
-MY_P="${MY_P/beta/b}"
-
-DESCRIPTION="Allows users or groups to run commands as other users"
-HOMEPAGE="https://www.sudo.ws/"
-if [[ ${PV} == "9999" ]] ; then
-	inherit mercurial
-	EHG_REPO_URI="https://www.sudo.ws/repos/sudo"
-else
-	uri_prefix=
-	case ${P} in
-		*_beta*|*_rc*) uri_prefix=beta/ ;;
-	esac
-
-	SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
-		ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"
-	if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then
-		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~sparc-solaris"
-	fi
-fi
-
-# Basic license is ISC-style as-is, some files are released under
-# 3-clause BSD license
-LICENSE="ISC BSD"
-SLOT="0"
-IUSE="gcrypt ldap libressl nls offensive pam sasl +secure-path selinux +sendmail skey sssd system-digest"
-
-DEPEND="
-	sys-libs/zlib:=
-	ldap? (
-		>=net-nds/openldap-2.1.30-r1
-		sasl? (
-			dev-libs/cyrus-sasl
-			net-nds/openldap[sasl]
-		)
-	)
-	pam? ( sys-libs/pam )
-	sasl? ( dev-libs/cyrus-sasl )
-	skey? ( >=sys-auth/skey-1.1.5-r1 )
-	sssd? ( sys-auth/sssd[sudo] )
-	system-digest? (
-		gcrypt? ( dev-libs/libgcrypt:= )
-		!gcrypt? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:0= )
-		)
-	)
-"
-RDEPEND="
-	${DEPEND}
-	>=app-misc/editor-wrapper-3
-	virtual/editor
-	ldap? ( dev-lang/perl )
-	pam? ( sys-auth/pambase )
-	selinux? ( sec-policy/selinux-sudo )
-	sendmail? ( virtual/mta )
-"
-BDEPEND="
-	sys-devel/bison
-"
-
-S="${WORKDIR}/${MY_P}"
-
-REQUIRED_USE="
-	pam? ( !skey )
-	skey? ( !pam )
-"
-
-MAKEOPTS+=" SAMPLES="
-
-PATCHES=(
-	"${FILESDIR}/${PN}-1.8.28-no_pam_error_message_fix.patch" #698946
-)
-
-src_prepare() {
-	default
-	elibtoolize
-}
-
-set_secure_path() {
-	# FIXME: secure_path is a compile time setting. using PATH or
-	# ROOTPATH is not perfect, env-update may invalidate this, but until it
-	# is available as a sudoers setting this will have to do.
-	einfo "Setting secure_path ..."
-
-	# first extract the default ROOTPATH from build env
-	SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env;
-		echo "${ROOTPATH}")
-		case "${SECURE_PATH}" in
-			*/usr/sbin*) ;;
-			*) SECURE_PATH=$(unset PATH;
-				. "${EPREFIX}"/etc/profile.env; echo "${PATH}")
-				;;
-		esac
-	if [[ -z ${SECURE_PATH} ]] ; then
-		ewarn "	Failed to detect SECURE_PATH, please report this"
-	fi
-
-	# then remove duplicate path entries
-	cleanpath() {
-		local newpath thisp IFS=:
-		for thisp in $1 ; do
-			if [[ :${newpath}: != *:${thisp}:* ]] ; then
-				newpath+=:${thisp}
-			else
-				einfo "   Duplicate entry ${thisp} removed..."
-			fi
-		done
-		SECURE_PATH=${newpath#:}
-	}
-	cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}}
-
-	# finally, strip gcc paths #136027
-	rmpath() {
-		local e newpath thisp IFS=:
-		for thisp in ${SECURE_PATH} ; do
-			for e ; do [[ ${thisp} == ${e} ]] && continue 2 ; done
-			newpath+=:${thisp}
-		done
-		SECURE_PATH=${newpath#:}
-	}
-	rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*'
-
-	einfo "... done"
-}
-
-src_configure() {
-	local SECURE_PATH
-	set_secure_path
-
-	# audit: somebody got to explain me how I can test this before I
-	# enable it.. - Diego
-	# plugindir: autoconf code is crappy and does not delay evaluation
-	# until `make` time, so we have to use a full path here rather than
-	# basing off other values.
-	myeconfargs=(
-		--enable-zlib=system
-		--enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d
-		--with-editor="${EPREFIX}"/usr/libexec/editor
-		--with-env-editor
-		--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo
-		--with-rundir="${EPREFIX}"/run/sudo
-		$(use_with secure-path secure-path "${SECURE_PATH}")
-		--with-vardir="${EPREFIX}"/var/db/sudo
-		--without-linux-audit
-		--without-opie
-		$(use_enable gcrypt)
-		$(use_enable nls)
-		$(use_enable sasl)
-		$(use_with offensive insults)
-		$(use_with offensive all-insults)
-		$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)
-		$(use_with ldap)
-		$(use_with pam)
-		$(use_with skey)
-		$(use_with sssd)
-		$(use_with selinux)
-		$(use_with sendmail)
-	)
-
-	if use system-digest && ! use gcrypt; then
-		myeconfargs+=("--enable-openssl")
-	else
-		myeconfargs+=("--disable-openssl")
-	fi
-
-	econf "${myeconfargs[@]}"
-}
-
-src_install() {
-	default
-
-	if use ldap ; then
-		dodoc README.LDAP
-
-		cat <<-EOF > "${T}"/ldap.conf.sudo
-		# See ldap.conf(5) and README.LDAP for details
-		# This file should only be readable by root
-
-		# supported directives: host, port, ssl, ldap_version
-		# uri, binddn, bindpw, sudoers_base, sudoers_debug
-		# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}
-		EOF
-
-		if use sasl ; then
-			cat <<-EOF >> "${T}"/ldap.conf.sudo
-
-			# SASL directives: use_sasl, sasl_mech, sasl_auth_id
-			# sasl_secprops, rootuse_sasl, rootsasl_auth_id, krb5_ccname
-			EOF
-		fi
-
-		insinto /etc
-		doins "${T}"/ldap.conf.sudo
-		fperms 0440 /etc/ldap.conf.sudo
-
-		insinto /etc/openldap/schema
-		newins doc/schema.OpenLDAP sudo.schema
-	fi
-
-	pamd_mimic system-auth sudo auth account session
-
-	keepdir /var/db/sudo/lectured
-	fperms 0700 /var/db/sudo/lectured
-	fperms 0711 /var/db/sudo #652958
-
-	# Don't install into /run as that is a tmpfs most of the time
-	# (bug #504854)
-	rm -rf "${ED}"/run
-
-	find "${ED}" -type f -name "*.la" -delete || die #697812
-}
-
-pkg_postinst() {
-	tmpfiles_process sudo.conf
-
-	#652958
-	local sudo_db="${EROOT}/var/db/sudo"
-	if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then
-		chmod 711 "${sudo_db}" || die
-	fi
-
-	if use ldap ; then
-		ewarn
-		ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."
-		ewarn
-		if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then
-			ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"
-			ewarn "configured in /etc/nsswitch.conf."
-			ewarn
-			ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:"
-			ewarn "  sudoers: ldap files"
-			ewarn
-		fi
-	fi
-	if use prefix ; then
-		ewarn
-		ewarn "To use sudo, you need to change file ownership and permissions"
-		ewarn "with root privileges, as follows:"
-		ewarn
-		ewarn "  # chown root:root ${EPREFIX}/usr/bin/sudo"
-		ewarn "  # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"
-		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers"
-		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers.d"
-		ewarn "  # chown root:root ${EPREFIX}/var/db/sudo"
-		ewarn "  # chmod 4111 ${EPREFIX}/usr/bin/sudo"
-		ewarn
-	fi
-
-	elog "To use the -A (askpass) option, you need to install a compatible"
-	elog "password program from the following list. Starred packages will"
-	elog "automatically register for the use with sudo (but will not force"
-	elog "the -A option):"
-	elog ""
-	elog " [*] net-misc/ssh-askpass-fullscreen"
-	elog "     net-misc/x11-ssh-askpass"
-	elog ""
-	elog "You can override the choice by setting the SUDO_ASKPASS environmnent"
-	elog "variable to the program you want to use."
-}

diff --git a/app-admin/sudo/sudo-1.8.30.ebuild b/app-admin/sudo/sudo-1.8.30.ebuild
deleted file mode 100644
index f0df8a6c9e2..00000000000
--- a/app-admin/sudo/sudo-1.8.30.ebuild
+++ /dev/null
@@ -1,263 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit pam multilib libtool tmpfiles
-
-MY_P="${P/_/}"
-MY_P="${MY_P/beta/b}"
-
-DESCRIPTION="Allows users or groups to run commands as other users"
-HOMEPAGE="https://www.sudo.ws/"
-if [[ ${PV} == "9999" ]] ; then
-	inherit mercurial
-	EHG_REPO_URI="https://www.sudo.ws/repos/sudo"
-else
-	uri_prefix=
-	case ${P} in
-		*_beta*|*_rc*) uri_prefix=beta/ ;;
-	esac
-
-	SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
-		ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"
-	if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then
-		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~sparc-solaris"
-	fi
-fi
-
-# Basic license is ISC-style as-is, some files are released under
-# 3-clause BSD license
-LICENSE="ISC BSD"
-SLOT="0"
-IUSE="gcrypt ldap libressl nls offensive pam sasl +secure-path selinux +sendmail skey sssd system-digest"
-
-DEPEND="
-	sys-libs/zlib:=
-	ldap? (
-		>=net-nds/openldap-2.1.30-r1
-		sasl? (
-			dev-libs/cyrus-sasl
-			net-nds/openldap[sasl]
-		)
-	)
-	pam? ( sys-libs/pam )
-	sasl? ( dev-libs/cyrus-sasl )
-	skey? ( >=sys-auth/skey-1.1.5-r1 )
-	sssd? ( sys-auth/sssd[sudo] )
-	system-digest? (
-		gcrypt? ( dev-libs/libgcrypt:= )
-		!gcrypt? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:0= )
-		)
-	)
-"
-RDEPEND="
-	${DEPEND}
-	>=app-misc/editor-wrapper-3
-	virtual/editor
-	ldap? ( dev-lang/perl )
-	pam? ( sys-auth/pambase )
-	selinux? ( sec-policy/selinux-sudo )
-	sendmail? ( virtual/mta )
-"
-BDEPEND="
-	sys-devel/bison
-"
-
-S="${WORKDIR}/${MY_P}"
-
-REQUIRED_USE="
-	pam? ( !skey )
-	skey? ( !pam )
-"
-
-MAKEOPTS+=" SAMPLES="
-
-src_prepare() {
-	default
-	elibtoolize
-}
-
-set_secure_path() {
-	# FIXME: secure_path is a compile time setting. using PATH or
-	# ROOTPATH is not perfect, env-update may invalidate this, but until it
-	# is available as a sudoers setting this will have to do.
-	einfo "Setting secure_path ..."
-
-	# first extract the default ROOTPATH from build env
-	SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env;
-		echo "${ROOTPATH}")
-		case "${SECURE_PATH}" in
-			*/usr/sbin*) ;;
-			*) SECURE_PATH=$(unset PATH;
-				. "${EPREFIX}"/etc/profile.env; echo "${PATH}")
-				;;
-		esac
-	if [[ -z ${SECURE_PATH} ]] ; then
-		ewarn "	Failed to detect SECURE_PATH, please report this"
-	fi
-
-	# then remove duplicate path entries
-	cleanpath() {
-		local newpath thisp IFS=:
-		for thisp in $1 ; do
-			if [[ :${newpath}: != *:${thisp}:* ]] ; then
-				newpath+=:${thisp}
-			else
-				einfo "   Duplicate entry ${thisp} removed..."
-			fi
-		done
-		SECURE_PATH=${newpath#:}
-	}
-	cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}}
-
-	# finally, strip gcc paths #136027
-	rmpath() {
-		local e newpath thisp IFS=:
-		for thisp in ${SECURE_PATH} ; do
-			for e ; do [[ ${thisp} == ${e} ]] && continue 2 ; done
-			newpath+=:${thisp}
-		done
-		SECURE_PATH=${newpath#:}
-	}
-	rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*'
-
-	einfo "... done"
-}
-
-src_configure() {
-	local SECURE_PATH
-	set_secure_path
-
-	# audit: somebody got to explain me how I can test this before I
-	# enable it.. - Diego
-	# plugindir: autoconf code is crappy and does not delay evaluation
-	# until `make` time, so we have to use a full path here rather than
-	# basing off other values.
-	myeconfargs=(
-		--enable-zlib=system
-		--enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d
-		--with-editor="${EPREFIX}"/usr/libexec/editor
-		--with-env-editor
-		--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo
-		--with-rundir="${EPREFIX}"/run/sudo
-		$(use_with secure-path secure-path "${SECURE_PATH}")
-		--with-vardir="${EPREFIX}"/var/db/sudo
-		--without-linux-audit
-		--without-opie
-		$(use_enable gcrypt)
-		$(use_enable nls)
-		$(use_enable sasl)
-		$(use_with offensive insults)
-		$(use_with offensive all-insults)
-		$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)
-		$(use_with ldap)
-		$(use_with pam)
-		$(use_with skey)
-		$(use_with sssd)
-		$(use_with selinux)
-		$(use_with sendmail)
-	)
-
-	if use system-digest && ! use gcrypt; then
-		myeconfargs+=("--enable-openssl")
-	else
-		myeconfargs+=("--disable-openssl")
-	fi
-
-	econf "${myeconfargs[@]}"
-}
-
-src_install() {
-	default
-
-	if use ldap ; then
-		dodoc README.LDAP
-
-		cat <<-EOF > "${T}"/ldap.conf.sudo
-		# See ldap.conf(5) and README.LDAP for details
-		# This file should only be readable by root
-
-		# supported directives: host, port, ssl, ldap_version
-		# uri, binddn, bindpw, sudoers_base, sudoers_debug
-		# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}
-		EOF
-
-		if use sasl ; then
-			cat <<-EOF >> "${T}"/ldap.conf.sudo
-
-			# SASL directives: use_sasl, sasl_mech, sasl_auth_id
-			# sasl_secprops, rootuse_sasl, rootsasl_auth_id, krb5_ccname
-			EOF
-		fi
-
-		insinto /etc
-		doins "${T}"/ldap.conf.sudo
-		fperms 0440 /etc/ldap.conf.sudo
-
-		insinto /etc/openldap/schema
-		newins doc/schema.OpenLDAP sudo.schema
-	fi
-
-	pamd_mimic system-auth sudo auth account session
-
-	keepdir /var/db/sudo/lectured
-	fperms 0700 /var/db/sudo/lectured
-	fperms 0711 /var/db/sudo #652958
-
-	# Don't install into /run as that is a tmpfs most of the time
-	# (bug #504854)
-	rm -rf "${ED}"/run
-
-	find "${ED}" -type f -name "*.la" -delete || die #697812
-}
-
-pkg_postinst() {
-	tmpfiles_process sudo.conf
-
-	#652958
-	local sudo_db="${EROOT}/var/db/sudo"
-	if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then
-		chmod 711 "${sudo_db}" || die
-	fi
-
-	if use ldap ; then
-		ewarn
-		ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."
-		ewarn
-		if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then
-			ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"
-			ewarn "configured in /etc/nsswitch.conf."
-			ewarn
-			ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:"
-			ewarn "  sudoers: ldap files"
-			ewarn
-		fi
-	fi
-	if use prefix ; then
-		ewarn
-		ewarn "To use sudo, you need to change file ownership and permissions"
-		ewarn "with root privileges, as follows:"
-		ewarn
-		ewarn "  # chown root:root ${EPREFIX}/usr/bin/sudo"
-		ewarn "  # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"
-		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers"
-		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers.d"
-		ewarn "  # chown root:root ${EPREFIX}/var/db/sudo"
-		ewarn "  # chmod 4111 ${EPREFIX}/usr/bin/sudo"
-		ewarn
-	fi
-
-	elog "To use the -A (askpass) option, you need to install a compatible"
-	elog "password program from the following list. Starred packages will"
-	elog "automatically register for the use with sudo (but will not force"
-	elog "the -A option):"
-	elog ""
-	elog " [*] net-misc/ssh-askpass-fullscreen"
-	elog "     net-misc/x11-ssh-askpass"
-	elog ""
-	elog "You can override the choice by setting the SUDO_ASKPASS environmnent"
-	elog "variable to the program you want to use."
-}

[gentoo-commits] repo/gentoo:master commit in: app-admin/sudo/, app-admin/sudo/files/

[Sam James]

commit:     d026e6e417699653eeb305f0af3257fd66e599d6
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Jun  7 22:18:00 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Jun  7 22:18:00 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d026e6e4

app-admin/sudo: backport arm64 build fix patch

Closes: https://bugs.gentoo.org/850454
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../sudo/files/sudo-1.9.11-fix-arm64-build.patch   | 23 ++++++++++++++++++++++
 app-admin/sudo/sudo-1.9.11.ebuild                  |  4 ++++
 2 files changed, 27 insertions(+)

diff --git a/app-admin/sudo/files/sudo-1.9.11-fix-arm64-build.patch b/app-admin/sudo/files/sudo-1.9.11-fix-arm64-build.patch
new file mode 100644
index 000000000000..baf960d49530
--- /dev/null
+++ b/app-admin/sudo/files/sudo-1.9.11-fix-arm64-build.patch
@@ -0,0 +1,23 @@
+https://github.com/sudo-project/sudo/commit/d549adf04bfde7936306203e2e8886ffd93d00ea
+https://bugs.gentoo.org/850454
+
+From: Pierre Bourdon <delroth@gmail.com>
+Date: Tue, 7 Jun 2022 17:14:39 +0200
+Subject: [PATCH] exec_ptrace: fix missing sudo_pt_regs on aarch64
+
+AArch64 already had an existing "user_pt_regs" struct and didn't need a
+struct alias before the renaming to "sudo_pt_regs". Make the code build
+again by adding the now missing alias.
+
+Fixes: 2eb8ff17
+--- a/src/exec_ptrace.h
++++ b/src/exec_ptrace.h
+@@ -76,6 +76,7 @@
+ # define reg_arg4(x)		(x).r10
+ #elif defined(__aarch64__)
+ # define SECCOMP_AUDIT_ARCH	AUDIT_ARCH_AARCH64
++# define sudo_pt_regs		struct user_pt_regs
+ # define reg_syscall(x)		(x).regs[8]	/* w8 */
+ # define reg_retval(x)		(x).regs[0]	/* x0 */
+ # define reg_sp(x)		(x).sp		/* sp */
+

diff --git a/app-admin/sudo/sudo-1.9.11.ebuild b/app-admin/sudo/sudo-1.9.11.ebuild
index dda0650bd5fc..7515b25714d3 100644
--- a/app-admin/sudo/sudo-1.9.11.ebuild
+++ b/app-admin/sudo/sudo-1.9.11.ebuild
@@ -80,6 +80,10 @@ REQUIRED_USE="
 
 MAKEOPTS+=" SAMPLES="
 
+PATCHES=(
+	"${FILESDIR}"/${P}-fix-arm64-build.patch
+)
+
 src_prepare() {
 	default
 	elibtoolize

[gentoo-commits] repo/gentoo:master commit in: app-admin/sudo/, app-admin/sudo/files/

[Sam James]

commit:     73fc86d879db42a9ce5a4ef9b73f088b02551169
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Oct 28 20:11:14 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Oct 28 20:11:14 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=73fc86d8

app-admin/sudo: backport MIPS patch

Closes: https://bugs.gentoo.org/878401
Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-admin/sudo/files/sudo-1.9.12-mips-build.patch | 33 +++++++++++++++++++++++
 app-admin/sudo/sudo-1.9.12.ebuild                 |  4 +++
 2 files changed, 37 insertions(+)

diff --git a/app-admin/sudo/files/sudo-1.9.12-mips-build.patch b/app-admin/sudo/files/sudo-1.9.12-mips-build.patch
new file mode 100644
index 000000000000..d45393dba443
--- /dev/null
+++ b/app-admin/sudo/files/sudo-1.9.12-mips-build.patch
@@ -0,0 +1,33 @@
+https://github.com/sudo-project/sudo/commit/7944494196d4a9b33e0ae64a7e20f86e19c336d3
+https://bugs.gentoo.org/878401
+
+From 7944494196d4a9b33e0ae64a7e20f86e19c336d3 Mon Sep 17 00:00:00 2001
+From: "Todd C. Miller" <Todd.Miller@sudo.ws>
+Date: Wed, 26 Oct 2022 16:35:30 -0600
+Subject: [PATCH] Fix compilation error on Linux/mips.
+
+--- a/src/exec_ptrace.c
++++ b/src/exec_ptrace.c
+@@ -282,16 +282,17 @@ set_sc_arg4(struct sudo_ptrace_regs *regs, unsigned long addr)
+ static bool
+ ptrace_getregs(int pid, struct sudo_ptrace_regs *regs, int compat)
+ {
++    struct iovec iov;
+     debug_decl(ptrace_getregs, SUDO_DEBUG_EXEC);
+ 
++    iov.iov_base = &regs->u;
++    iov.iov_len = sizeof(regs->u);
++
+ # ifdef __mips__
+     /* PTRACE_GETREGSET has bugs with the MIPS o32 ABI at least. */
+-    if (ptrace(PTRACE_GETREGS, pid, NULL, &regs->u) == -1)
++    if (ptrace(PTRACE_GETREGS, pid, NULL, iov.iov_base) == -1)
+ 	debug_return_bool(false);
+ # else
+-    struct iovec iov;
+-    iov.iov_base = &regs->u;
+-    iov.iov_len = sizeof(regs->u);
+     if (ptrace(PTRACE_GETREGSET, pid, (void *)NT_PRSTATUS, &iov) == -1)
+ 	debug_return_bool(false);
+ # endif /* __mips__ */
+

diff --git a/app-admin/sudo/sudo-1.9.12.ebuild b/app-admin/sudo/sudo-1.9.12.ebuild
index 046d001b4139..d3e78ea71235 100644
--- a/app-admin/sudo/sudo-1.9.12.ebuild
+++ b/app-admin/sudo/sudo-1.9.12.ebuild
@@ -82,6 +82,10 @@ REQUIRED_USE="
 
 MAKEOPTS+=" SAMPLES="
 
+PATCHES=(
+	"${FILESDIR}"/${P}-mips-build.patch
+)
+
 src_prepare() {
 	default
 

[gentoo-commits] repo/gentoo:master commit in: app-admin/sudo/, app-admin/sudo/files/

[Sam James]

commit:     6f0d46367c6c163fa0d560ef0aed8cb093c3f3f9
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Feb 15 03:40:29 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Feb 15 03:40:44 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6f0d4636

app-admin/sudo: fix build w/ gcc 13

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-admin/sudo/files/sudo-1.9.13-gcc-13.patch      | 53 ++++++++++++++++++++++
 .../files/sudo-1.9.13-missing-bracket-as-if.patch  | 40 ++++++++++++++++
 app-admin/sudo/sudo-1.9.13.ebuild                  |  5 ++
 3 files changed, 98 insertions(+)

diff --git a/app-admin/sudo/files/sudo-1.9.13-gcc-13.patch b/app-admin/sudo/files/sudo-1.9.13-gcc-13.patch
new file mode 100644
index 000000000000..4ebdce7e9f67
--- /dev/null
+++ b/app-admin/sudo/files/sudo-1.9.13-gcc-13.patch
@@ -0,0 +1,53 @@
+https://github.com/sudo-project/sudo/issues/239
+https://github.com/sudo-project/sudo/pull/240
+
+From 20d1348354ddbfb1b1f95522f81d73ec00988358 Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Wed, 15 Feb 2023 03:20:36 +0000
+Subject: [PATCH] sudo_fatal: Fix build where compiler recognises [[noreturn]]
+ attribute (C23)
+
+If the compiler supports [[noreturn]] as a attribute as in C23,
+then we define sudo_noreturn to be it. When that's the case, we must place
+it at the beginning of the declaration, before any other *extension*
+attributes (__attribute(...)).
+
+sudo_dso_public is always an extension attribute, while sudo_noreturn only
+might be, so put it first.
+
+This only shows up with GCC 13 so far (see the linked GCC bug (notabug)
+for a bit more exploration). Clang 16 does support the attribute but doesn't let
+you sue it for earlier language versions (need to pass explicit -std=c2x,
+unlike with GCC here).
+
+This is essentially a followup to e707ffe58b3ccfe5c72f54c38eac1d7069d5021e.
+
+Tested with GCC 13.0.1 20230212 (unreleased), GCC 12.2.1 20230211,
+Clang 16.0.0_rc2, and Clang 15.0.7.
+
+Bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108796
+Closes: https://github.com/sudo-project/sudo/issues/239
+Fixes: e707ffe58b3ccfe5c72f54c38eac1d7069d5021e
+Fixes: 16ae61dcd7d3cd8bf6eb10a22fa742d4505da4e9
+--- a/include/sudo_fatal.h
++++ b/include/sudo_fatal.h
+@@ -171,12 +171,12 @@ sudo_dso_public int  sudo_fatal_callback_deregister_v1(sudo_fatal_callback_t fun
+ sudo_dso_public int  sudo_fatal_callback_register_v1(sudo_fatal_callback_t func);
+ sudo_dso_public char *sudo_warn_gettext_v1(const char *domainname, const char *msgid) sudo_attr_fmt_arg(2);
+ sudo_dso_public void sudo_warn_set_locale_func_v1(sudo_warn_setlocale_t func);
+-sudo_dso_public sudo_noreturn void sudo_fatal_nodebug_v1(const char *fmt, ...) sudo_printf0like(1, 2);
+-sudo_dso_public sudo_noreturn void sudo_fatalx_nodebug_v1(const char *fmt, ...) sudo_printflike(1, 2);
+-sudo_dso_public sudo_noreturn void sudo_gai_fatal_nodebug_v1(int errnum, const char *fmt, ...) sudo_printflike(2, 3);
+-sudo_dso_public sudo_noreturn void sudo_vfatal_nodebug_v1(const char *fmt, va_list ap) sudo_printf0like(1, 0);
+-sudo_dso_public sudo_noreturn void sudo_vfatalx_nodebug_v1(const char *fmt, va_list ap) sudo_printflike(1, 0);
+-sudo_dso_public sudo_noreturn void sudo_gai_vfatal_nodebug_v1(int errnum, const char *fmt, va_list ap) sudo_printflike(2, 0);
++sudo_noreturn sudo_dso_public void sudo_fatal_nodebug_v1(const char *fmt, ...) sudo_printf0like(1, 2);
++sudo_noreturn sudo_dso_public void sudo_fatalx_nodebug_v1(const char *fmt, ...) sudo_printflike(1, 2);
++sudo_noreturn sudo_dso_public void sudo_gai_fatal_nodebug_v1(int errnum, const char *fmt, ...) sudo_printflike(2, 3);
++sudo_noreturn sudo_dso_public void sudo_vfatal_nodebug_v1(const char *fmt, va_list ap) sudo_printf0like(1, 0);
++sudo_noreturn sudo_dso_public void sudo_vfatalx_nodebug_v1(const char *fmt, va_list ap) sudo_printflike(1, 0);
++sudo_noreturn sudo_dso_public void sudo_gai_vfatal_nodebug_v1(int errnum, const char *fmt, va_list ap) sudo_printflike(2, 0);
+ sudo_dso_public void sudo_warn_nodebug_v1(const char *fmt, ...) sudo_printf0like(1, 2);
+ sudo_dso_public void sudo_warnx_nodebug_v1(const char *fmt, ...) sudo_printflike(1, 2);
+ sudo_dso_public void sudo_gai_warn_nodebug_v1(int errnum, const char *fmt, ...) sudo_printflike(2, 3);
+

diff --git a/app-admin/sudo/files/sudo-1.9.13-missing-bracket-as-if.patch b/app-admin/sudo/files/sudo-1.9.13-missing-bracket-as-if.patch
new file mode 100644
index 000000000000..e341e93a99bc
--- /dev/null
+++ b/app-admin/sudo/files/sudo-1.9.13-missing-bracket-as-if.patch
@@ -0,0 +1,40 @@
+https://github.com/sudo-project/sudo/commit/defec5d46eec7345b62060049f72215ffd7f3e7e
+
+From defec5d46eec7345b62060049f72215ffd7f3e7e Mon Sep 17 00:00:00 2001
+From: "Todd C. Miller" <Todd.Miller@sudo.ws>
+Date: Tue, 14 Feb 2023 14:24:28 -0700
+Subject: [PATCH] Add missing '[' to AS_IF() call. Fixes GitHub issue #238.
+
+--- a/configure
++++ b/configure
+@@ -24525,7 +24525,8 @@ fi
+ 
+ if test X"$with_noexec" != X"no"
+ then :
+-  # Check for non-standard exec functions
++
++    # Check for non-standard exec functions
+     ac_fn_c_check_func "$LINENO" "exect" "ac_cv_func_exect"
+ if test "x$ac_cv_func_exect" = xyes
+ then :
+@@ -24564,7 +24565,7 @@ fi
+ 
+ 
+ fi
+-]
++
+ fi
+ 
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+--- a/configure.ac
++++ b/configure.ac
+@@ -3022,7 +3022,7 @@ AC_CHECK_FUNCS([setpassent setgroupent])
+ dnl
+ dnl Function checks for sudo_noexec
+ dnl
+-AS_IF([test X"$with_noexec" != X"no"],
++AS_IF([test X"$with_noexec" != X"no"], [
+     # Check for non-standard exec functions
+     AC_CHECK_FUNCS([exect execvP execvpe])
+     # Check for posix_spawn, and posix_spawnp
+

diff --git a/app-admin/sudo/sudo-1.9.13.ebuild b/app-admin/sudo/sudo-1.9.13.ebuild
index 2d77e6863bd9..a4d75f41c04b 100644
--- a/app-admin/sudo/sudo-1.9.13.ebuild
+++ b/app-admin/sudo/sudo-1.9.13.ebuild
@@ -86,6 +86,11 @@ REQUIRED_USE="
 
 MAKEOPTS+=" SAMPLES="
 
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.9.13-missing-bracket-as-if.patch
+	"${FILESDIR}"/${PN}-1.9.13-gcc-13.patch
+)
+
 src_prepare() {
 	default
 

[gentoo-commits] repo/gentoo:master commit in: app-admin/sudo/, app-admin/sudo/files/

[Sam James]

commit:     e18037cbb2c011565992f5cc5affa0c931651a41
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Apr 28 05:42:07 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Apr 28 06:04:08 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e18037cb

app-admin/sudo: fix configure w/ clang 16

Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../files/sudo-1.9.13_p3-configure-clang16.patch   | 105 ++++++++
 app-admin/sudo/sudo-1.9.13_p3-r1.ebuild            | 290 +++++++++++++++++++++
 2 files changed, 395 insertions(+)

diff --git a/app-admin/sudo/files/sudo-1.9.13_p3-configure-clang16.patch b/app-admin/sudo/files/sudo-1.9.13_p3-configure-clang16.patch
new file mode 100644
index 000000000000..a9b9434c2b01
--- /dev/null
+++ b/app-admin/sudo/files/sudo-1.9.13_p3-configure-clang16.patch
@@ -0,0 +1,105 @@
+ttps://www.sudo.ws/pipermail/sudo-workers/2023-April/001387.html
+https://github.com/sudo-project/sudo/commit/b83140e0f18fb27d310a4839a14f5c3febd2770b
+https://github.com/sudo-project/sudo/commit/075ee0f9dc234f9a7e680b16304809e5546965d5
+
+From b83140e0f18fb27d310a4839a14f5c3febd2770b Mon Sep 17 00:00:00 2001
+From: "Todd C. Miller" <Todd.Miller@sudo.ws>
+Date: Wed, 26 Apr 2023 11:10:46 -0600
+Subject: [PATCH] Use ldap_msgfree() instead of ldap_init() for the lber.h
+ test. The ldap_init() function is marked as deprecated and not defined by
+ default on some systems.  This can cause an error for compilers that do not
+ support implicit function declarations. From Florian Weimer.
+
+--- a/configure
++++ b/configure
+@@ -31515,7 +31515,7 @@ else case e in #(
+ int
+ main (void)
+ {
+-(void)ldap_init(0, 0)
++return ldap_msgfree(NULL)
+   ;
+   return 0;
+ }
+--- a/m4/ldap.m4
++++ b/m4/ldap.m4
+@@ -52,7 +52,7 @@ AC_DEFUN([SUDO_CHECK_LDAP], [
+ #include <lber.h>])
+ 	AC_CACHE_CHECK([whether lber.h is needed when including ldap.h], [sudo_cv_header_lber_h], [
+ 	    AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
+-#include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [
++#include <ldap.h>]], [[return ldap_msgfree(NULL)]])], [
+ 		# No need to explicitly include lber.h when including ldap.h.
+ 		sudo_cv_header_lber_h=no
+ 	    ], [
+
+From 075ee0f9dc234f9a7e680b16304809e5546965d5 Mon Sep 17 00:00:00 2001
+From: "Todd C. Miller" <Todd.Miller@sudo.ws>
+Date: Wed, 26 Apr 2023 12:44:10 -0600
+Subject: [PATCH] Add missing stdio.h include for the _FORTIFY_SOURCE=2 check.
+ Implementations of _FORTIFY_SOURCE require the header file to be included. 
+ Also remove the useless test of an empty program with _FORTIFY_SOURCE
+ defined.  Pointed out by Florian Weimer.
+
+--- a/configure
++++ b/configure
+@@ -34207,33 +34207,11 @@ else case e in #(
+   e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+ 
+-
+-int
+-main (void)
+-{
+-char buf[4]; (void)sprintf(buf, "%s", "foo");
+-
+-  ;
+-  return 0;
+-}
+-_ACEOF
+-if ac_fn_c_try_link "$LINENO"
+-then :
+-  sudo_cv_use_fortify_source=yes
+-else case e in #(
+-  e) sudo_cv_use_fortify_source=no
+-		 ;;
+-esac
+-fi
+-rm -f core conftest.err conftest.$ac_objext conftest.beam \
+-    conftest$ac_exeext conftest.$ac_ext
+-
+-	    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h.  */
+-
++		    #include <stdio.h>
+ int
+ main (void)
+ {
++char buf[4]; sprintf(buf, "%s", "foo"); return buf[0];
+ 
+   ;
+   return 0;
+--- a/m4/hardening.m4
++++ b/m4/hardening.m4
+@@ -10,18 +10,13 @@ AC_DEFUN([SUDO_CHECK_HARDENING], [
+ 	    [sudo_cv_use_fortify_source],
+ 	    [AC_LINK_IFELSE([
+ 		    AC_LANG_PROGRAM(
+-			[[]], [[char buf[4]; (void)sprintf(buf, "%s", "foo");]]
++			[[#include <stdio.h>]],
++			[[char buf[4]; sprintf(buf, "%s", "foo"); return buf[0];]]
+ 		    )],
+ 		    [sudo_cv_use_fortify_source=yes],
+ 		    [sudo_cv_use_fortify_source=no]
+ 		)
+ 	    ]
+-	    [AC_LINK_IFELSE(
+-		[AC_LANG_PROGRAM([[]], [[]])],
+-		    [sudo_cv_use_fortify_source=yes],
+-		    [sudo_cv_use_fortify_source=no]
+-		)
+-	    ]
+ 	)
+ 	if test "$sudo_cv_use_fortify_source" != yes; then
+ 	    CPPFLAGS="$O_CPPFLAGS"
+

diff --git a/app-admin/sudo/sudo-1.9.13_p3-r1.ebuild b/app-admin/sudo/sudo-1.9.13_p3-r1.ebuild
new file mode 100644
index 000000000000..d0d8ed1de45f
--- /dev/null
+++ b/app-admin/sudo/sudo-1.9.13_p3-r1.ebuild
@@ -0,0 +1,290 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit pam libtool tmpfiles toolchain-funcs
+
+MY_P="${P/_/}"
+MY_P="${MY_P/beta/b}"
+
+DESCRIPTION="Allows users or groups to run commands as other users"
+HOMEPAGE="https://www.sudo.ws/"
+
+if [[ ${PV} == 9999 ]] ; then
+	inherit mercurial
+	EHG_REPO_URI="https://www.sudo.ws/repos/sudo"
+else
+	VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/sudo.ws.asc
+	inherit verify-sig
+
+	uri_prefix=
+	case ${P} in
+		*_beta*|*_rc*) uri_prefix=beta/ ;;
+	esac
+
+	SRC_URI="
+		https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
+		ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz
+		verify-sig? (
+			https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz.sig
+			ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz.sig
+		)
+	"
+
+	if [[ ${PV} != *_beta* && ${PV} != *_rc* ]] ; then
+		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~sparc-solaris"
+	fi
+
+	BDEPEND+="verify-sig? ( sec-keys/openpgp-keys-sudo )"
+fi
+
+S="${WORKDIR}/${MY_P}"
+
+# Basic license is ISC-style as-is, some files are released under
+# 3-clause BSD license
+LICENSE="ISC BSD"
+SLOT="0"
+IUSE="gcrypt ldap nls offensive pam sasl +secure-path selinux +sendmail skey ssl sssd"
+
+DEPEND="
+	sys-libs/zlib:=
+	virtual/libcrypt:=
+	gcrypt? ( dev-libs/libgcrypt:= )
+	ldap? (
+		>=net-nds/openldap-2.1.30-r1:=
+		sasl? (
+			dev-libs/cyrus-sasl
+			net-nds/openldap:=[sasl]
+		)
+	)
+	pam? ( sys-libs/pam )
+	sasl? ( dev-libs/cyrus-sasl )
+	selinux? ( sys-libs/libselinux )
+	skey? ( >=sys-auth/skey-1.1.5-r1 )
+	ssl? ( dev-libs/openssl:0= )
+	sssd? ( sys-auth/sssd[sudo] )
+"
+RDEPEND="
+	${DEPEND}
+	>=app-misc/editor-wrapper-3
+	virtual/editor
+	ldap? ( dev-lang/perl )
+	pam? ( sys-auth/pambase )
+	selinux? ( sec-policy/selinux-sudo )
+	sendmail? ( virtual/mta )
+"
+BDEPEND+="
+	sys-devel/bison
+	virtual/pkgconfig
+"
+
+REQUIRED_USE="
+	?? ( pam skey )
+	?? ( gcrypt ssl )
+"
+
+MAKEOPTS+=" SAMPLES="
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.9.13_p3-configure-clang16.patch
+)
+
+src_prepare() {
+	default
+
+	elibtoolize
+}
+
+set_secure_path() {
+	# First extract the default ROOTPATH from build env
+	SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; echo "${ROOTPATH}")
+
+	case "${SECURE_PATH}" in
+		*/usr/sbin*)
+			;;
+		*)
+			SECURE_PATH=$(unset PATH; . "${EPREFIX}"/etc/profile.env; echo "${PATH}")
+			;;
+	esac
+
+	if [[ -z ${SECURE_PATH} ]] ; then
+		ewarn "	Failed to detect SECURE_PATH, please report this"
+	fi
+
+	# Then remove duplicate path entries
+	cleanpath() {
+		local newpath thisp IFS=:
+		for thisp in $1 ; do
+			if [[ :${newpath}: != *:${thisp}:* ]] ; then
+				newpath+=:${thisp}
+			else
+				einfo "   Duplicate entry ${thisp} removed..."
+			fi
+		done
+		SECURE_PATH=${newpath#:}
+	}
+	cleanpath /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}}
+
+	# Finally, strip gcc paths, bug #136027
+	rmpath() {
+		local e newpath thisp IFS=:
+		for thisp in ${SECURE_PATH} ; do
+			for e ; do
+				[[ ${thisp} == ${e} ]] && continue 2 ;
+			done
+			newpath+=:${thisp}
+		done
+		SECURE_PATH=${newpath#:}
+	}
+	rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*'
+}
+
+src_configure() {
+	local SECURE_PATH
+
+	set_secure_path
+
+	# bug #767712
+	tc-export PKG_CONFIG
+
+	# - audit: somebody got to explain me how I can test this before I
+	# enable it.. - Diego
+	# - plugindir: autoconf code is crappy and does not delay evaluation
+	# until `make` time, so we have to use a full path here rather than
+	# basing off other values.
+	local myeconfargs=(
+		# We set all of the relevant options by ourselves (patched
+		# into the toolchain) and setting these in the build system
+		# actually causes a downgrade when using e.g. -D_FORTIFY_SOURCE=3
+		# (it'll downgrade to =2). So, this has no functional effect on
+		# the hardening for users. It's safe.
+		--disable-hardening
+
+		# requires some python eclass
+		--disable-python
+		--enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d
+		--enable-zlib=system
+		--with-editor="${EPREFIX}"/usr/libexec/editor
+		--with-env-editor
+		--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo
+		--with-rundir="${EPREFIX}"/run/sudo
+		--with-vardir="${EPREFIX}"/var/db/sudo
+		--without-linux-audit
+		--without-opie
+		$(use_enable gcrypt)
+		$(use_enable nls)
+		$(use_enable sasl)
+		$(use_enable ssl openssl)
+		$(use_with ldap)
+		$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)
+		$(use_with offensive insults)
+		$(use_with offensive all-insults)
+		$(use_with pam)
+		$(use_with pam pam-login)
+		$(use_with secure-path secure-path "${SECURE_PATH}")
+		$(use_with selinux)
+		$(use_with sendmail)
+		$(use_with skey)
+		$(use_with sssd)
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	default
+
+	if use ldap ; then
+		dodoc README.LDAP.md
+
+		cat <<-EOF > "${T}"/ldap.conf.sudo
+		# See ldap.conf(5) and README.LDAP.md for details
+		# This file should only be readable by root
+
+		# supported directives: host, port, ssl, ldap_version
+		# uri, binddn, bindpw, sudoers_base, sudoers_debug
+		# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}
+		EOF
+
+		if use sasl ; then
+			cat <<-EOF >> "${T}"/ldap.conf.sudo
+
+			# SASL directives: use_sasl, sasl_mech, sasl_auth_id
+			# sasl_secprops, rootuse_sasl, rootsasl_auth_id, krb5_ccname
+			EOF
+		fi
+
+		insinto /etc
+		doins "${T}"/ldap.conf.sudo
+		fperms 0440 /etc/ldap.conf.sudo
+
+		insinto /etc/openldap/schema
+		newins docs/schema.OpenLDAP sudo.schema
+	fi
+
+	if use pam ; then
+		pamd_mimic system-auth sudo auth account session
+		pamd_mimic system-auth sudo-i auth account session
+	fi
+
+	keepdir /var/db/sudo/lectured
+	fperms 0700 /var/db/sudo/lectured
+	# bug #652958
+	fperms 0711 /var/db/sudo
+
+	# Don't install into /run as that is a tmpfs most of the time
+	# (bug #504854)
+	rm -rf "${ED}"/run || die
+
+	# bug #697812
+	find "${ED}" -type f -name "*.la" -delete || die
+}
+
+pkg_postinst() {
+	tmpfiles_process sudo.conf
+
+	# bug #652958
+	local sudo_db="${EROOT}/var/db/sudo"
+	if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then
+		chmod 711 "${sudo_db}" || die
+	fi
+
+	if use ldap ; then
+		ewarn
+		ewarn "sudo uses the ${ROOT}/etc/ldap.conf.sudo file for ldap configuration."
+		ewarn
+		if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then
+			ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"
+			ewarn "configured in ${ROOT}/etc/nsswitch.conf."
+			ewarn
+			ewarn "To make use of LDAP, add this line to your ${ROOT}/etc/nsswitch.conf:"
+			ewarn "  sudoers: ldap files"
+			ewarn
+		fi
+	fi
+	if use prefix ; then
+		ewarn
+		ewarn "To use sudo on Prefix, you need to change file ownership and permissions"
+		ewarn "with root privileges, as follows:"
+		ewarn
+		ewarn "  # chown root:root ${EPREFIX}/usr/bin/sudo"
+		ewarn "  # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"
+		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers"
+		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers.d"
+		ewarn "  # chown root:root ${EPREFIX}/var/db/sudo"
+		ewarn "  # chmod 4111 ${EPREFIX}/usr/bin/sudo"
+		ewarn
+	fi
+
+	elog "To use the -A (askpass) option, you need to install a compatible"
+	elog "password program from the following list. Starred packages will"
+	elog "automatically register for the use with sudo (but will not force"
+	elog "the -A option):"
+	elog ""
+	elog " [*] net-misc/ssh-askpass-fullscreen"
+	elog "     net-misc/x11-ssh-askpass"
+	elog ""
+	elog "You can override the choice by setting the SUDO_ASKPASS environmnent"
+	elog "variable to the program you want to use."
+}