Update security/sudo to 1.8.17p1

MFH:		2016Q2
Sponsored by:	Rubicon Communications (Netgate)

Update 1.8.16 --> 1.8.17

PR:		210407
Submitted by:	cy@
Approved by:	garga@
MFH:		2016Q2

Add a patch to fix sudo bug #743 that causes a bug where it dereference
a NULL pointer when it looks up a negative cached entry which is stored
as a NULL passwd or group struct pointer

PR:		208198
Submitted by:	Fredrik Eriksson <fredrik.eriksson@loopia.se>
Obtained from:	https://www.sudo.ws/repos/sudo/rev/1d13341d53ec
Sponsored by:	Rubicon Communications (Netgate)

- Stop forcing -lssp_nonshared since libc already include it in every link.
  It should fix build when world is built with WITHOUT_SSP
- Bump PORTREVISION

PR:		203380
Submitted by:	Kenneth Salerno <kennethsalerno@yahoo.com>
Sponsored by:	Rubicon Communications (Netgate)

Remove ${PORTSDIR}/ from dependencies, categories r, s, t, and u.

With hat:	portmgr
Sponsored by:	Absolight

- Update security/sudo to 1.8.16 [1]
- Pet portlint using (pre|post)[un]exec items in plist

PR:		208111 [1]
Submitted by:	cy [1]
Sponsored by:	Rubicon Communications (Netgate)

- Update security/sudo to 1.8.15
- Remove patch-plugins__sudoers__Makefile.in, unnecessary on stagedir days
- Remove patch-plugins__sudoers__audit.c, sudo_gettext.h is already included
  by sudoers.h
- Rework patch-plugins__sudoers__sudoers.in to replace pkg_* utilities by
  pkg on message

Update to 1.8.14p3

Update to 1.8.14p2

- Fix installation with DOCS broken by my last commit
- Bump PORTREVISION

Pointyhat to:	garga

- Replace DISTVERSION by PORTVERSION otherwise it ends up as 1.8.14.p1,
  what is < 1.8.14. [1]
- While I'm here silence portlint warnings re-generating patches with
  make makepatch and removing unnecessary DOCS check

Reported by:	Robert Burmeister [1]

Update to 1.8.14p1

Update to 1.8.14

MASTER_SITES cleanup.

- Replace ${MASTER_SITE_FOO} with FOO.
- Merge MASTER_SITE_SUBDIR into MASTER_SITES when possible. (This means 99.9%
  of the time.)
- Remove occurrences of MASTER_SITE_LOCAL when no subdirectory was present and
  no hint of what it should be was present.
- Fix some logic.
- And generally, make things more simple and easy to understand.

While there, add magic values to the FESTIVAL, GENTOO, GIMP, GNUPG, QT and
SAMBA macros.

Also, replace some EXTRACT_SUFX occurences with USES=tar:*.

Checked by:	make fetch-urlall-list
With hat:	portmgr
Sponsored by:	Absolight

security/sudo: add CPE info

PR:		199367
Submitted by:	Shun <shun.fbsd.pr@dropcut.net>
Approved by:	portmgr blanket

Update to 1.8.13

Update to 1.8.12

Over to garga@.

I don't have the cycles to handle these higher profile ports anymore.

Update to 1.8.11p1

PR:		194259
Submitted by:	cy@ and Yasuhiro KIMURA <yasu@utahime.org>

Simplify plist

Use @sample for sudoers

net/openldap24-*:
- Convert to USES=libtool and bump dependent ports
- Avoid USE_AUTOTOOLS
- Don't use PTHREAD_LIBS
- Use MAKE_CMD

databases/glom:
- Drop :keepla
- Add INSTALL_TARGET=install-strip

databases/libgda4* databases/libgda5*:
- Convert to USES=libtool and bump dependent ports
- USES=tar:xz
- Use INSTALL_TARGET=install-strip
- Use @sample

Add DOCS to OPTIONS_DEFINE to ports that check for PORT_OPTIONS:MDOCS.

Update to 1.8.10p3.

Add option for sssd.

Submitted by:	petef@

Update to 1.8.10p2.

PR:		ports/187567
Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>

Use OPTIONS helpers.

Update to 1.8.9p5.

PR:		ports/185581
Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>

[1]: Update to 1.8.8.
[2]: Switch logging to authpriv.

PR:		[1] ports/182618
Submitted by:	[1] Yasuhiro KIMURA <yasu@utahime.org>
		[2] des@

Add NO_STAGE all over the place in preparation for the staging support (cat:
security)

- Remove MAKE_JOBS_SAFE variable

Approved by:	portmgr (bdrewery)

Cleanup /var/db/sudo if it is empty. This eliminates leftovers when building
the package.

Fix missing include.

This was causing the "Undefined symbol '_'" message when hitting ^C or
entering an incorect command.

PR:		ports/180262
Submitted by:	Christophe Juniet <c.juniet@gmail.com>

Update to 1.8.7.

Disable PIE on ARM. This was causing a crash at runtime.

Submitted by:	Lukasz Siemiradzki

- Convert USE_GETTEXT to USES (part 3)

Approved by:	portmgr (bapt)

Update to 1.8.6p8.

Feature safe:	yes

Update to 1.8.6p7.

VuXML entry coming in the next day or two tops.

Update to 1.8.6p5.

Update to 1.8.6.p4.
Trim header.
Remove ia64 fix, included upstream.

Disable PIE on ia64. This was causing a run-time failure.

Submitted by:	Anton Shterenlikht, Todd Miller

If OPIE option is on we can not pass --with-pam in CONFIGURE_ARGS. Make it
so that OPIE will pass --with-opie and if it is off we pass --with-pam. [1]

No functional changes with this, just a build fix.

While here use tabs where appropriate and cleanup pkg-descr. [2]

Feature safe:	yes

Fix the temporary workaround by passing the appropriate flag in
LDFLAGS. Since I want to ensure those who built it on i386 with this
workaround will rebuild it now that it is fixed bump PORTREVISION.

Fix build on i386 by disabling hardening measures. This is a temporary
fix until I can figure out what is really going on.

Update to 1.8.6p3

PR:		ports/171837
Submitted by:	cy@

Update to 1.8.5p3

Fix typo.

PR:             ports/169284
Submitted by:   From: Bryan Drewery <bryan@shatow.net>

Add option to enable OPIE support (off by default). [1]
While here, convert to new-style options.

PR:             ports/168812 [1]
Submitted by:   Zak Blacher <zblacher@sandvine.com> [1]

Update to 1.8.5p2.

Update to 1.8.5p1.

Changes: http://www.sudo.ws/sudo/stable.html#1.8.5p1

Update to 1.8.4p5

Security:       b3435b68-9ee8-11e1-997c-002354ed89bc

Update to 1.8.4p4

Changes from 1.8.4p2 through 1.8.4p4 are here:
http://www.sudo.ws/sudo/stable.html#1.8.4p4

Feature safe:   yes

Update to 1.8.4p2

PR:             ports/165528
Submitted by:   rea@

If you used LDAP and NOPORTDOCS then the documentation directory would be
left behind on install. The upstream Makefile would create the directory
and put sudoers2ldif there, but pkg-plist would not register it properly.

This fix moves sudoers2ldif to 'bin' since it isn't really documentation.
It's installation is still controlled by the LDAP knob though.

Spotted by:     scheidell@

Update to 1.8.3p2

Security:       7c920bb7-4b5f-11e1-9f47-00e0815b8da8

Switch to using MASTER_SITE_SUDO.

- Remove WITH_FBSD10_FIX, is no longer needed

- Use DISTNAME instead of DISTFILES and remove WRKSRC.

Submitted by:   sunpoet@

Fix version number going backwards.

Noticed by:     erwin@

- Update to 1.8.3p1

Fix build on FreeBSD 10

Approved by:    portmgr (miwi)

- Update to 1.8.3.

- Add LDFLAGS to CONFIGURE_ENV and MAKE_ENV (as it was done with LDFLAGS)
- Fix all ports that add {CPP,LD}FLAGS to *_ENV to modify flags instead

PR:             157936
Submitted by:   myself
Exp-runs by:    pav
Approved by:    pav

- Switch to using bsd.port.options.mk.

- Update to 1.8.2
- Now depend on gettext
- While here, use DISTVERSION.

- Remove dead MASTER_SITES.

Noticed by:     The Distilator

Update to 1.8.1p2

Add an AUDIT option, which is off by default for now. I will turn it on
with the next significant bump.

Submitted by:   Mike Kelly (private mail)

Update to 1.8.1p1.
No longer need to worry about etc/sudoers.d problem, as it is no longer
a fatal error.

Fix a typo in pkg-install. Should use -m and not -M for install(1).

Noticed by:     sunpoet@

The install process checks the validity of sudoers before installing
etc/sudoers.d. If you have an sudoers with the includedir directive the
install will fail. Fix this by creating the directory in a pre-install
target.

This should fix "The Great sudo Debacle of 2011" once and for all.

Tested by:      dougb@

Revert the removal of sudoers.d. It is a POLA violation. While here remove
the UPDATING entry as it no longer applies.

We don't install a sudoers.d, remove that from the default sudoers file.

PR:             ports/156305
Submitted by:   Helmut Schneider <jumper99@gmx.de>
                Anatoly Borodin <anatoly.borodin@gmail.com>

Update to 1.8.1. There are a lot of behind-the-scenes changes in this port,
including a plugin system now.

While here, do some whitespace fixes.

Update to 1.7.4p6.

"This release fixes a bug in the I/O logging support that could cause visual
artifacts in full-screen programs such as text editors.  This bug was listed as
fixed in sudo 1.7.4p5 but the fix was merged incorrectly."

Feature safe:   yes

Update to 1.7.4p5.

Special thanks to rea@ for commiting the appropriate VuXML for me. :)

PR:             ports/153939
Submitted by:   rea@
Security:       908f4cf2-1e8b-11e0-a587-001b77d09812
Feature safe:   yes

Work around annoying, but harmless, bug with install(1) using "-b~" by changing
it to use "-b ~".
While here also strip libsudo_noexec.so.

Submitted by:   John Hein (private mail)

Add a bunch of new mirrors and remove dead ones. The mirror list now matches
http://www.sudo.ws/sudo/download_mirrors.html.

Noticed by:     The Distilator

Add two missing files when LDAP knob is on. No need to bump PORTREVISION as it
defaults to off.

Remove SHELL_SETS_HOME knob since as far as I can tell it doesn't do anything
anymore. The configure script still supports it but the behavior is now
controlled by a setting in the configuration file "Defaults env_keep += HOME".

Fix packaging.

PR:             ports/150371
Submitted by:   Sunpoet Po-Chuan Hsieh <sunpoet@sunpoet.net>, dim@

Update to 1.7.4p4 to address a couple of minor bugs and Runas group
vulnerability.
While I'm here also cleanup files/patch-Makefile.in.

Security:       67b514c3-ba8f-11df-8f6e-000c29a67389

Fix package installation by correcting usage of %B and installing a file
to make sure the empty directory is created.

PR:             ports/149912
Submitted by:   Alexey V.Degtyarev <alexey@renatasystems.org>

Strip the binaries by default. No need to bump PORTREVISION for such a
minor change.

PR:             ports/149135
Submitted by:   Anonymous <swell.k@gmail.com>

Update to 1.7.4p3
Install etc/pam.d/sudo and etc/pam.d/sudo.default

Fix problems when upgrading using packages:
 - Always install sudoers.sample.
 - There is no need for pkg-install anymore.
 - Bump PORTREVISION.

Update to 1.7.4p2.

Remove unsupported argument to configure.

PR:             ports/148378
Submitted by:   Jeremy Chadwick <freebsd@jdc.parodius.com>
Feature safe:   yes

Update to 1.7.3

Feature safe:   yes

Update to 1.7.2p7.

Security:       d42e5b66-6ea0-11df-9c8d-00e0815b8da8

- Update to 1.7.2p6 (security fix).

Security:       1a9f678d-48ca-11df-85f8-000c29a67389

- Update to 1.7.2p5. Security fix (1.7.2p4) and general bug fixes beyond that.

Security:       018a84d0-2548-11df-b4a3-00e0815b8da8
Feature safe:   yes

- Fix options screen to have a shorter description.

Noticed by:     garga@

- Update to 1.7.2.2
- Mark jobs safe
- Cleanup whitespace in OPTIONS
- [1] Add ability to specify syslog facility at build time (defaults to local2,
  no functional change)
- [2] Add ability to specify ldap configuration file (defaults to
  ${PREFIX}/etc/ldap.conf, no functional change)

PR:             [2]: ports/127822
Submitted by:   [1]: skreuzer@ (private mail)
                [2]: Sergey Skvortsov <skv@freebsd.org>

- Take maintainer. Thanks Tom for all your hard work on this.

Approved by:    tmclaugh

Add OPTIONS for WITH_DISABLE_ROOT_SUDO, WITH_DISABLE_AUTH, and
WITH_NOARGS_SHELL

Submitted by:   Scott Fultz

Security update for sudo to 1.6.9p20 for CVE 2009-0034

Changes:
- Only use the cached supplementory group vector when matching groups
  for the invoking user. (security)
- When setting the umask, use the union of the user's umask and the
  default value set in sudoers so that we never lower the user's umask
  when running a command.
- Sudo now operates in the C locale again when doing a match against
  sudoers.

PR:             131446
Submitted by:   Eygene Ryabinkin
Security:       vid:13d6d997-f455-11dd-8516-001b77d09812

- Add FTP_PASSIVE_MODE to example env_keep line for pkg utilities and fetch.

Suggested by:   koitsu

Update CONFIGURE_ARGS for how we pass CONFIGURE_TARGET to configure script.
Specifically, newer autoconf (> 2.13) has different semantic of the
configure target. In short, one should use --build=CONFIGURE_TARGET
instead of CONFIGURE_TARGET directly. Otherwise, you will get a warning
and the old semantic may be removed in later autoconf releases.

To workaround this issue, many ports hack the CONFIGURE_TARGET variable
so that it contains the ``--build='' prefix.

To solve this issue, under the fact that some ports still have
configure script generated by the old autoconf, we use runtime detection
in the do-configure target so that the proper argument can be used.

Changes to Mk/*:
 - Add runtime detection magic in bsd.port.mk

- Update to 1.6.9p17
* the -i flag implies resetting the environment as it did prior to
  1.6.9.  The -i and -E flags are now mutually-exclusive.