From f797738dec2de8edda2b4b50b22264451f234e31 Mon Sep 17 00:00:00 2001
From: Raphaël Marichez <falco@gentoo.org>
Date: Tue, 15 Apr 2008 11:38:17 +0200
Subject: sudo: own patch for logging the SSH_CLIENT env variable
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Raphaël Marichez <falco@gentoo.org>
---
 app-admin/sudo/ChangeLog                           | 338 +++++++++++++++++++++
 app-admin/sudo/Manifest                            |  52 ++++
 app-admin/sudo/files/digest-sudo-1.6.8_p11         |   1 +
 app-admin/sudo/files/digest-sudo-1.6.8_p12         |   1 +
 app-admin/sudo/files/digest-sudo-1.6.8_p12-r1      |   3 +
 app-admin/sudo/files/digest-sudo-1.6.8_p9          |   1 +
 app-admin/sudo/files/digest-sudo-1.6.8_p9-r2       |   3 +
 .../sudo/files/patch.sudo-1.6.8p9.logging.c.diff   |  43 +++
 app-admin/sudo/files/sudo                          |   6 +
 .../sudo/files/sudo-1.6.8_p12-ssh_client.diff      |  46 +++
 .../sudo/files/sudo-1.6.8_p8-ldap-tls_cacert.diff  |  10 +
 app-admin/sudo/files/sudo-ldap_timelimit.diff      |  76 +++++
 app-admin/sudo/files/sudo-skeychallengeargs.diff   |  15 +
 app-admin/sudo/files/sudoers                       |  55 ++++
 app-admin/sudo/metadata.xml                        |  15 +
 app-admin/sudo/sudo-1.6.8_p12-r1.ebuild            | 202 ++++++++++++
 app-admin/sudo/sudo-1.6.8_p9-r2.ebuild             | 199 ++++++++++++
 17 files changed, 1066 insertions(+)
 create mode 100644 app-admin/sudo/ChangeLog
 create mode 100644 app-admin/sudo/Manifest
 create mode 100644 app-admin/sudo/files/digest-sudo-1.6.8_p11
 create mode 100644 app-admin/sudo/files/digest-sudo-1.6.8_p12
 create mode 100644 app-admin/sudo/files/digest-sudo-1.6.8_p12-r1
 create mode 100644 app-admin/sudo/files/digest-sudo-1.6.8_p9
 create mode 100644 app-admin/sudo/files/digest-sudo-1.6.8_p9-r2
 create mode 100644 app-admin/sudo/files/patch.sudo-1.6.8p9.logging.c.diff
 create mode 100644 app-admin/sudo/files/sudo
 create mode 100644 app-admin/sudo/files/sudo-1.6.8_p12-ssh_client.diff
 create mode 100644 app-admin/sudo/files/sudo-1.6.8_p8-ldap-tls_cacert.diff
 create mode 100644 app-admin/sudo/files/sudo-ldap_timelimit.diff
 create mode 100644 app-admin/sudo/files/sudo-skeychallengeargs.diff
 create mode 100644 app-admin/sudo/files/sudoers
 create mode 100644 app-admin/sudo/metadata.xml
 create mode 100644 app-admin/sudo/sudo-1.6.8_p12-r1.ebuild
 create mode 100644 app-admin/sudo/sudo-1.6.8_p9-r2.ebuild

diff --git a/app-admin/sudo/ChangeLog b/app-admin/sudo/ChangeLog
new file mode 100644
index 0000000..9b0ca37
--- /dev/null
+++ b/app-admin/sudo/ChangeLog
@@ -0,0 +1,338 @@
+# ChangeLog for app-admin/sudo
+# Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/ChangeLog,v 1.88 2005/12/25 14:18:27 flameeyes Exp $
+
+  25 Dec 2005; Diego PettenÃ² <flameeyes@gentoo.org> sudo-1.6.8_p12.ebuild:
+  Use bindnow-flags function instead of -Wl,-z,now.
+
+  24 Nov 2005; Markus Rothe <corsair@gentoo.org> sudo-1.6.8_p9-r2.ebuild:
+  Stable on ppc64
+
+*sudo-1.6.8_p12 (12 Nov 2005)
+
+  12 Nov 2005; Tavis Ormandy <taviso@gentoo.org> +sudo-1.6.8_p12.ebuild:
+  bump
+
+*sudo-1.6.8_p11 (29 Oct 2005)
+
+  29 Oct 2005; Tavis Ormandy <taviso@gentoo.org> +sudo-1.6.8_p11.ebuild:
+  bump
+
+  11 Oct 2005; <dang@gentoo.org> sudo-1.6.8_p9-r2.ebuild:
+  Marked stable on amd64
+
+  06 Oct 2005; Hardave Riar <hardave@gentoo.org> sudo-1.6.8_p9-r2.ebuild:
+  Stable on mips.
+
+  03 Oct 2005; Michael Hanselmann <hansmi@gentoo.org>
+  sudo-1.6.8_p9-r2.ebuild:
+  Stable on hppa, ppc, sparc.
+
+  02 Oct 2005; Aron Griffis <agriffis@gentoo.org> sudo-1.6.8_p9-r2.ebuild:
+  Mark 1.6.8_p9-r2 stable on alpha
+
+  02 Oct 2005; Aron Griffis <agriffis@gentoo.org> sudo-1.6.8_p9-r2.ebuild:
+  Mark 1.6.8_p9-r2 stable on ia64
+
+  02 Oct 2005; Andrea Barisani <lcars@gentoo.org> sudo-1.6.8_p9-r2.ebuild:
+  Stable on x86
+
+  25 Sep 2005; Tavis Ormandy <taviso@gentoo.org> files/sudo,
+  -files/sudo-1.6.7_p5-strip-bash-functions.diff, -files/sudo-1.6.8_p8,
+  -files/sudo-strip-bash-functions.diff, -files/sudo-strip-shellopts.diff,
+  -files/sudo_include, -sudo-1.6.7_p5-r2.ebuild, -sudo-1.6.7_p5-r5.ebuild,
+  -sudo-1.6.8_p9-r1.ebuild, sudo-1.6.8_p9-r2.ebuild, sudo-1.6.8_p9.ebuild:
+  remove stale patches, files, ebuilds, etc.
+
+  21 Sep 2005; Tavis Ormandy <taviso@gentoo.org> sudo-1.6.8_p9-r2.ebuild:
+  fix #106765, sudo requires owner does not have write permission.
+
+  18 Sep 2005; Tavis Ormandy <taviso@gentoo.org> sudo-1.6.8_p9-r2.ebuild:
+  add dependency required for selinux. #106350
+
+*sudo-1.6.8_p9-r2 (05 Jul 2005)
+
+  05 Jul 2005; Andrea Barisani <lcars@gentoo.org>
+  +files/sudo-ldap_timelimit.diff, +sudo-1.6.8_p9-r2.ebuild:
+  Added ldap failover patch, bug #96766. Minor change to ldap.conf.sudo.
+
+  02 Jul 2005; Hardave Riar <hardave@gentoo.org> sudo-1.6.8_p9.ebuild,
+  sudo-1.6.8_p9-r1.ebuild:
+  Stable on mips, bug #96618. Also adding dropped ~mips keyword.
+
+  29 Jun 2005; Tavis Ormandy <taviso@gentoo.org> metadata.xml:
+  added lcars as maintainer of ldap support.
+
+*sudo-1.6.8_p9-r1 (29 Jun 2005)
+
+  29 Jun 2005; Tavis Ormandy <taviso@gentoo.org> -sudo-1.6.7_p5-r4.ebuild,
+  -sudo-1.6.8_p8-r2.ebuild, -sudo-1.6.8_p8-r3.ebuild,
+  +sudo-1.6.8_p9-r1.ebuild:
+  use a secure copy of ldap.conf to prevent local information leak.
+
+  23 Jun 2005; Olivier CrÃªte <tester@gentoo.org> sudo-1.6.8_p9.ebuild:
+  Stable on x86
+
+  21 Jun 2005; Fernando J. Pereda <ferdy@gentoo.org> sudo-1.6.8_p9.ebuild:
+  stable on alpha, wrt bug #96618
+
+  21 Jun 2005; <plasmaroo@gentoo.org> sudo-1.6.8_p9.ebuild:
+  Stable on IA64: Bug #96618.
+
+  21 Jun 2005; Gustavo Zacarias <gustavoz@gentoo.org> sudo-1.6.8_p9.ebuild:
+  Stable on sparc wrt #96618
+
+  21 Jun 2005; Simon Stelling <blubb@gentoo.org> sudo-1.6.8_p9.ebuild:
+  stable on amd64 wrt bug 96618
+
+  21 Jun 2005; Rene Nussbaumer <killerfox@gentoo.org> sudo-1.6.8_p9.ebuild:
+  Stable on hppa. bug #96618
+
+  21 Jun 2005; Markus Rothe <corsair@gentoo.org> sudo-1.6.8_p9.ebuild:
+  Stable on ppc64; bug #96618
+
+  21 Jun 2005; Michael Hanselmann <hansmi@gentoo.org> sudo-1.6.8_p9.ebuild:
+  Stable on ppc (#96618).
+
+  20 Jun 2005; Tavis Ormandy <taviso@gentoo.org> sudo-1.6.8_p9.ebuild:
+  depend on virtual/mta
+
+*sudo-1.6.8_p9 (20 Jun 2005)
+
+  20 Jun 2005; Tavis Ormandy <taviso@gentoo.org> +sudo-1.6.8_p9.ebuild:
+  new version fixes security issue.
+
+  19 Jun 2005; Bryan Ã˜stergaard <kloeri@gentoo.org>
+  sudo-1.6.8_p8-r3.ebuild:
+  Add ~alpha keyword.
+
+  18 Jun 2005; Jason Wever <weeve@gentoo.org> sudo-1.6.8_p8-r3.ebuild:
+  Added ~sparc keyword since someone dropped all the keywords :(
+
+  18 Jun 2005; Markus Rothe <corsair@gentoo.org> sudo-1.6.8_p8-r3.ebuild:
+  added ~ppc64
+
+  17 Jun 2005; Tavis Ormandy <taviso@gentoo.org> sudo-1.6.8_p8-r3.ebuild:
+  tighten sed syntax
+
+  16 Jun 2005; Tavis Ormandy <taviso@gentoo.org> sudo-1.6.8_p8-r3.ebuild:
+  prevent binaries from being stripped if FEATURES=nostrip.
+  make tls_cacert synonymous with tls_cacertfile for consistency.
+
+  15 Jun 2005; Markus Rothe <corsair@gentoo.org> sudo-1.6.7_p5-r4.ebuild:
+  Stable on ppc64
+
+  14 Jun 2005; Tavis Ormandy <taviso@gentoo.org> sudo-1.6.8_p8-r3.ebuild:
+  include sudoers2ldif and README.LDAP
+
+  10 Jun 2005; Joseph Jezak <josejx@gentoo.org> sudo-1.6.7_p5-r4.ebuild:
+  Marked ppc stable.
+
+  09 Jun 2005; Tavis Ormandy <taviso@gentoo.org> files/sudoers,
+  sudo-1.6.8_p8-r3.ebuild:
+  add examples to sudoers
+
+  09 Jun 2005; Tavis Ormandy <taviso@gentoo.org> sudo-1.6.8_p8-r3.ebuild:
+  nano should be the default editor.
+
+  09 Jun 2005; Tavis Ormandy <taviso@gentoo.org> sudo-1.6.8_p8-r3.ebuild:
+  ROOTPATH does not contain /usr/local prefixed directories in recent
+  baselayout, add function to clean up duplicate entries and ensure /usr/local
+  is included.
+
+  08 Jun 2005; Rene Nussbaumer <killerfox@gentoo.org>
+  sudo-1.6.7_p5-r4.ebuild:
+  Stable on hppa.
+
+*sudo-1.6.8_p8-r3 (08 Jun 2005)
+
+  08 Jun 2005; <flame@gentoo.org> +sudo-1.6.8_p8-r3.ebuild:
+  Another new revision for this version which uses virtual/pam and
+  pamd_mimic_system to create the pamd file. Also marked ~amd64.
+
+*sudo-1.6.7_p5-r5 (08 Jun 2005)
+
+  08 Jun 2005; <flame@gentoo.org> +sudo-1.6.7_p5-r5.ebuild:
+  New revision bump to have it working on Gentoo/FreeBSD.
+
+  06 Jun 2005; Tavis Ormandy <taviso@gentoo.org>
+  -files/sudo-1.6.8_p1-suid_fix.patch, files/sudoers, sudo-1.6.8_p8-r2.ebuild:
+  remove stale patch.
+
+  06 Jun 2005; Gustavo Zacarias <gustavoz@gentoo.org>
+  sudo-1.6.7_p5-r4.ebuild:
+  Stable on sparc
+
+  06 Jun 2005; Tavis Ormandy <taviso@gentoo.org> sudo-1.6.8_p8-r2.ebuild:
+  add some additional variables to blacklist from common interpreters. 
+  please see coments in ebuild.
+
+*sudo-1.6.8_p8-r2 (06 Jun 2005)
+
+  06 Jun 2005; Tavis Ormandy <taviso@gentoo.org> +files/sudo-1.6.8_p8,
+  sudo-1.6.8_p8-r2.ebuild:
+  fix longstanding bug with insults and pam + timestamps.
+
+  06 Jun 2005; Tavis Ormandy <taviso@gentoo.org>
+  -files/sudo-strip-shellopts.diff, sudo-1.6.7_p5-r4.ebuild,
+  -sudo-1.6.8_p8-r1.ebuild:
+  add function to strip bad vars.
+  enable ldap support.
+
+*sudo-1.6.8_p8-r1 (05 Jun 2005)
+
+  05 Jun 2005; Tavis Ormandy <taviso@gentoo.org>
+  +files/sudo-strip-shellopts.diff, +sudo-1.6.7_p5-r4.ebuild,
+  +sudo-1.6.8_p8-r1.ebuild, -sudo-1.6.8_p8.ebuild:
+  start stripping shellopts as well.
+  also remove stale ebuilds.
+
+  05 Jun 2005; Tavis Ormandy <taviso@gentoo.org> sudo-1.6.8_p8.ebuild:
+  enabling secure_path, which currently extracts the value from profile.env,
+  awaiting inspiration for a more robust solution. 
+  This change is sure to generate some bug reports, but makes sense in the
+  long term if a nice solution can be found for determining the path.
+
+  20 May 2005; Diego PettenÃ² <flameeyes@gentoo.org> sudo-1.6.6.ebuild,
+  sudo-1.6.7_p5.ebuild, sudo-1.6.7_p5-r1.ebuild, sudo-1.6.7_p5-r2.ebuild,
+  sudo-1.6.7_p5-r3.ebuild, sudo-1.6.8_p1.ebuild, sudo-1.6.8_p1-r1.ebuild,
+  sudo-1.6.8_p1-r2.ebuild, sudo-1.6.8_p2.ebuild:
+  Using new pam eclass for newpamd/dopamd.
+
+*sudo-1.6.7_p5-r3 (28 Apr 2005)
+
+  28 Apr 2005; Diego PettenÃ² <flameeyes@gentoo.org> +files/sudo_include,
+  +sudo-1.6.7_p5-r3.ebuild:
+  Added new revision which depends on virtual/pam and uses the include
+  notation so that it works on non-linux-pam systems.
+
+  18 Dec 2004; Tavis Ormandy <taviso@gentoo.org> files/sudoers:
+  add suoders warnings
+
+  23 Nov 2004; Guy Martin <gmsoft@gentoo.org> sudo-1.6.7_p5-r2.ebuild:
+  Stable on hppa.
+
+  17 Nov 2004; Hardave Riar <hardave@gentoo.org> sudo-1.6.7_p5-r2.ebuild:
+  Stable on mips, bug #70838
+
+  17 Nov 2004; Markus Rothe <corsair@gentoo.org> sudo-1.6.7_p5-r2.ebuild:
+  Stable on ppc64; bug #70838
+
+  17 Nov 2004; Dylan Carlson <absinthe@gentoo.org> sudo-1.6.7_p5-r2.ebuild:
+  Stable on amd64.
+
+  17 Nov 2004; Gustavo Zacarias <gustavoz@gentoo.org> sudo-1.6.7_p5-r2.ebuild:
+  Stable on sparc wrt #70838
+
+  17 Nov 2004; <SeJo@gentoo.org> sudo-1.6.7_p5-r2.ebuild:
+  stable on ppc: 70838
+
+  17 Nov 2004; Bryan Ã˜stergaard <kloeri@gentoo.org>
+  sudo-1.6.7_p5-r2.ebuild:
+  Stable on alpha, bug 70838.
+
+  13 Nov 2004; Tavis Ormandy <taviso@gentoo.org> files/sudoers:
+  new release
+
+*sudo-1.6.8_p1-r2 (11 Nov 2004)
+
+  11 Nov 2004; Tavis Ormandy <taviso@gentoo.org> +files/sudoers,
+  +sudo-1.6.7_p5-r2.ebuild, +sudo-1.6.8_p1-r2.ebuild:
+  env_reset has been added to the Defaults in the default sudoers file.
+
+*sudo-1.6.8_p1-r1 (17 Sep 2004)
+
+  17 Sep 2004; Tavis Ormandy <taviso@gentoo.org>
+  +files/sudo-skeychallengeargs.diff, sudo-1.6.7_p5.ebuild,
+  +sudo-1.6.8_p1-r1.ebuild, sudo-1.6.8_p1.ebuild:
+  support for skey passwords #49040
+
+*sudo-1.6.8_p1 (17 Sep 2004)
+
+  17 Sep 2004; Daniel Ahlberg <aliz@gentoo.org> sudo-1.6.8_p1.ebuild:
+  Version bump.
+
+  31 Jul 2004; <solar@gentoo.org> sudo-1.6.7_p5.ebuild:
+  gnuconfig update needed for atleast uclibc
+
+  01 Jun 2004; Tom Gall <tgall@gentoo.org> sudo-1.6.7_p5.ebuild:
+  stable on ppc64, bug #52705
+
+  25 Apr 2004; Aron Griffis <agriffis@gentoo.org> sudo-1.6.6.ebuild,
+  sudo-1.6.7_p5.ebuild:
+  Add die following econf for bug 48950
+
+  01 Apr 2004; Brian Jackson <iggy@gentoo.org> sudo-1.6.7_p5.ebuild:
+  add s390 to keywords
+
+  21 Mar 2004; Joshua Kinard <kumba@gentoo.org> sudo-1.6.7_p5.ebuild:
+  Marked stable on mips.
+
+  04 Nov 2003; Christian Birchinger <joker@gentoo.org> sudo-1.6.7_p5.ebuild:
+  Added sparc stable keyword
+
+  01 Oct 2003; Tavis Ormandy <taviso@gentoo.org> sudo-1.6.7_p5.ebuild:
+  Stable on alpha
+
+*sudo-1.6.7_p5 (19 May 2003)
+
+  30 Sep 2003; Joshua Kinard <kumba@gentoo.org> sudo-1.6.7_p5.ebuild:
+  Added ~mips to KEYWORDS
+
+  02 Jul 2003; Guy Martin <gmsoft@gentoo.org> sudo-1.6.7_p5.ebuild :
+  Marked stable on hppa.
+
+  19 May 2003; Daniel Ahlberg <aliz@gentoo.org> sudo-1.6.7_p5.ebuild :
+  Version bump.
+
+  05 Feb 2003; Martin Schlemmer <azarah@gentoo.org> $FILESDIR/sudo :
+  Update pam.d file to use system-auth via pam_stack.so.  This
+  closes bug #15032.
+
+  01 Jan 2003; Aron Griffis <agriffis@gentoo.org> sudo-1.6.6.ebuild :
+  Added alpha to KEYWORDS
+
+  06 Dec 2002; Rodney Rees <manson@gentoo.org> : changed sparc ~sparc keywords
+ 
+  26 Apr 2002; Thilo Bangert <bangert@gentoo.org> : 
+  added --with-env-editor so that EDITOR is respected when using visudo
+
+*sudo-1.6.6 (26 Apr 2002)
+
+  23 May 2003; Seemant Kulleen <seemant@gentoo.org> sudo-1.6.6.ebuild:
+  download location fixed
+
+  21 Mar 2003; Guy Martin <gmsoft@gentoo.org> sudo-1.6.6.ebuild :
+  Added hppa to KEYWORDS.
+
+  13 Mar 2003; Zach Welch <zwelch@gentoo.org> sudo-1.6.6.ebuild:
+  add arm keyword
+
+  15 Jul 2002; Owen Stampflee <owen@gentoo.org> :
+
+  Added KEYWORDS.
+
+  26 Apr 2002; Thilo Bangert <bangert@gentoo.org> : 
+  new security release
+  see http://online.securityfocus.com/advisories/4061
+
+
+*sudo-1.6.5_p2 (6 Mar 2002)
+
+  6 Mar 2002; Daniel Robbins <drobbins@gentoo.org> : new release, fixing 
+  the "pam_setcred: permission denied" bug.  Which is apparently a bug in
+  PAM itself?
+
+  10 Mar 2002; Bruce A. Locke <blocke@shivan.org> sudo-1.6.5_p2.ebuild :
+
+  FAQ file is no longer in the upstream tarball
+
+*sudo-1.6.5_p1 (1 Feb 2002)
+
+  1 Feb 2002; G.Bevin <gbevin@gentoo.org> ChangeLog :
+  
+  Added initial ChangeLog which should be updated whenever the package is
+  updated in any way. This changelog is targetted to users. This means that the
+  comments should well explained and written in clean English. The details about
+  writing correct changelogs are explained in the skel.ChangeLog file which you
+  can find in the root directory of the portage repository.
diff --git a/app-admin/sudo/Manifest b/app-admin/sudo/Manifest
new file mode 100644
index 0000000..66bd287
--- /dev/null
+++ b/app-admin/sudo/Manifest
@@ -0,0 +1,52 @@
+AUX patch.sudo-1.6.8p9.logging.c.diff 1539 RMD160 0bdfff8770e4937692f8dda82c2d64d3c59f161f SHA1 54872fdb93de5a4c684a380f9a4a9525958526ec SHA256 1ac8e7886c75b4f54100035dd7cee2e031cda788ec746fcac30142a0cb0b9342
+MD5 bf5f954aab3b201f426037dbc4736932 files/patch.sudo-1.6.8p9.logging.c.diff 1539
+RMD160 0bdfff8770e4937692f8dda82c2d64d3c59f161f files/patch.sudo-1.6.8p9.logging.c.diff 1539
+SHA256 1ac8e7886c75b4f54100035dd7cee2e031cda788ec746fcac30142a0cb0b9342 files/patch.sudo-1.6.8p9.logging.c.diff 1539
+AUX sudo 223 RMD160 4bc9a3e5d2dfd73bb1f14e5bad3b644ba80758d3 SHA1 fa6377c699ff2061c77cb87737fa2b4aaa8e8b9f SHA256 3f8dae2c663ed62bbe19e9b3e24f0e206fd1a4929bbafdff2e577e1aed9f2b58
+MD5 6c08a6d5527a45278ebc165df7f0031d files/sudo 223
+RMD160 4bc9a3e5d2dfd73bb1f14e5bad3b644ba80758d3 files/sudo 223
+SHA256 3f8dae2c663ed62bbe19e9b3e24f0e206fd1a4929bbafdff2e577e1aed9f2b58 files/sudo 223
+AUX sudo-1.6.8_p12-ssh_client.diff 1815 RMD160 1ec5b9858bceee2292dd88167eb8e3760b46da2b SHA1 f54690102a0e669a34089acf2d0c37d4dd86ae67 SHA256 4d51ab9e7de3a6b5d222e4de2ec1eb3a17d35abbbf4182fc36d8b3d91c5b8bfc
+MD5 f36728e36becc85e414f0913c64c6332 files/sudo-1.6.8_p12-ssh_client.diff 1815
+RMD160 1ec5b9858bceee2292dd88167eb8e3760b46da2b files/sudo-1.6.8_p12-ssh_client.diff 1815
+SHA256 4d51ab9e7de3a6b5d222e4de2ec1eb3a17d35abbbf4182fc36d8b3d91c5b8bfc files/sudo-1.6.8_p12-ssh_client.diff 1815
+AUX sudo-1.6.8_p8-ldap-tls_cacert.diff 542 RMD160 cff54e31749796f732ce176b568797999325715e SHA1 3e7e493055998034d2b5a91160041e93d2246556 SHA256 2bc04b2b3ccd20f0ca545b74ca7ac68b708a1852af2fe2c620e78a92a45c2b23
+MD5 4a46750ff53c19dbfed39d894dd6ff4d files/sudo-1.6.8_p8-ldap-tls_cacert.diff 542
+RMD160 cff54e31749796f732ce176b568797999325715e files/sudo-1.6.8_p8-ldap-tls_cacert.diff 542
+SHA256 2bc04b2b3ccd20f0ca545b74ca7ac68b708a1852af2fe2c620e78a92a45c2b23 files/sudo-1.6.8_p8-ldap-tls_cacert.diff 542
+AUX sudo-ldap_timelimit.diff 2550 RMD160 b34a41e3fc4016ff182ed1800e0f1b0f82d3bfdf SHA1 c3c15eea9cf2e552010e27d0282246fa770d2fae SHA256 fc6eedb3435edbf5ccfcd5f62d8f31a78bf01afbb519c6b40bbe1329d82d6cea
+MD5 2a601951e4e5d6bdafc31b223737ddf5 files/sudo-ldap_timelimit.diff 2550
+RMD160 b34a41e3fc4016ff182ed1800e0f1b0f82d3bfdf files/sudo-ldap_timelimit.diff 2550
+SHA256 fc6eedb3435edbf5ccfcd5f62d8f31a78bf01afbb519c6b40bbe1329d82d6cea files/sudo-ldap_timelimit.diff 2550
+AUX sudo-skeychallengeargs.diff 567 RMD160 906ee43a7c2f21d1cf5130eac5c98ef0833154fd SHA1 b0efbedc72a1ed85c74ba10e343a68368e76c3e9 SHA256 dd2f4fdba26be6c3b4af15f3b6e18efa19375e1f9c579cdc2c76ee1adcce5e1d
+MD5 0b50aabedf9bb326893b5f1c333e46b2 files/sudo-skeychallengeargs.diff 567
+RMD160 906ee43a7c2f21d1cf5130eac5c98ef0833154fd files/sudo-skeychallengeargs.diff 567
+SHA256 dd2f4fdba26be6c3b4af15f3b6e18efa19375e1f9c579cdc2c76ee1adcce5e1d files/sudo-skeychallengeargs.diff 567
+AUX sudoers 1645 RMD160 f8bf0fe8bd5d1f02cf62438871a1662ad40c9f6f SHA1 73faccf4baf8c136809b3f5c749997e2a16d5e6c SHA256 dfee348e1c5fc745656a24cb6f5e813a08e69e30a8ebf9b9a74a59cc36e5b7ea
+MD5 59acf8b0292a8e60b5277b5dc952cfc4 files/sudoers 1645
+RMD160 f8bf0fe8bd5d1f02cf62438871a1662ad40c9f6f files/sudoers 1645
+SHA256 dfee348e1c5fc745656a24cb6f5e813a08e69e30a8ebf9b9a74a59cc36e5b7ea files/sudoers 1645
+DIST sudo-1.6.8p12.tar.gz 585643 RMD160 d7ff9f18ca0973615258c2e975300b94567451d5 SHA1 a79631e9e1c0d0d3f2aa88ae685628e5fde61982 SHA256 56f7d86032538a4a98d90af3742903a09ba16d6db82b593e4a47605f87fa581a
+DIST sudo-1.6.8p9.tar.gz 585509 RMD160 c1c719504476ab9ac11e0421716d149120463e33 SHA1 f264d1ad9f197920f2e69614db7935b35ca51672 SHA256 68f5b3e4f5572d816cf4d23616432286da7ba96ac58c17fef23046f12c88f440
+EBUILD sudo-1.6.8_p12-r1.ebuild 6677 RMD160 9698b52734c6072dd0e4730c23100a9afb9e337a SHA1 d495be52dc0a0de5507030bff24dbe7463983438 SHA256 e34c5a7313b4ee81f34b3439b612d8ae614ba22153d267785cc5e234376455ec
+MD5 77f8831c9b20feaa083913d6adbe450e sudo-1.6.8_p12-r1.ebuild 6677
+RMD160 9698b52734c6072dd0e4730c23100a9afb9e337a sudo-1.6.8_p12-r1.ebuild 6677
+SHA256 e34c5a7313b4ee81f34b3439b612d8ae614ba22153d267785cc5e234376455ec sudo-1.6.8_p12-r1.ebuild 6677
+EBUILD sudo-1.6.8_p9-r2.ebuild 6952 RMD160 aefe17dda3f4f8f7b422dd7296924b693329c057 SHA1 b8f2bf3c083bec019fe3fa78876c335b673fa56f SHA256 b092cf983a5460aafe51f5e630c7858568856ce4aeb2a8977c636ac7d1a639ed
+MD5 107f24d80634d477cab72f166f7bd098 sudo-1.6.8_p9-r2.ebuild 6952
+RMD160 aefe17dda3f4f8f7b422dd7296924b693329c057 sudo-1.6.8_p9-r2.ebuild 6952
+SHA256 b092cf983a5460aafe51f5e630c7858568856ce4aeb2a8977c636ac7d1a639ed sudo-1.6.8_p9-r2.ebuild 6952
+MISC ChangeLog 11792 RMD160 9f6c04c00a6a316a70fd4fad90f3f362cda33de2 SHA1 6acb35552cae34437433f9dc1ae21ba4c079a5dc SHA256 a4e4d2b9ac935f73fe0f67d9ed74d11d64176ee92b151ae6ad09e2a6f32b6738
+MD5 5e37a4454e2a52fcd347893baf9828fa ChangeLog 11792
+RMD160 9f6c04c00a6a316a70fd4fad90f3f362cda33de2 ChangeLog 11792
+SHA256 a4e4d2b9ac935f73fe0f67d9ed74d11d64176ee92b151ae6ad09e2a6f32b6738 ChangeLog 11792
+MISC metadata.xml 561 RMD160 04a154038f02ff778d7f668490c262b240187904 SHA1 b02c76e80af1c07aed2293c90f1285edbef7de0b SHA256 d28efd1ec2116064d019539bebd0d6f8efbe7ed04c2ae5ddc99cbc8b6bef2495
+MD5 4e3ab49065539b5aa4d3153261b5d687 metadata.xml 561
+RMD160 04a154038f02ff778d7f668490c262b240187904 metadata.xml 561
+SHA256 d28efd1ec2116064d019539bebd0d6f8efbe7ed04c2ae5ddc99cbc8b6bef2495 metadata.xml 561
+MD5 7b636eeeaa97990ecc5cd03fd171b207 files/digest-sudo-1.6.8_p12-r1 241
+RMD160 33be8312a07a9e926e1bc227c922d6078b18de47 files/digest-sudo-1.6.8_p12-r1 241
+SHA256 f3e327aa5ab8f92d8c3fd64df89d3d2cbde40e85e1d49873d03f105033755617 files/digest-sudo-1.6.8_p12-r1 241
+MD5 22f392e9685a8c5d5ef4667b7bb5d6ea files/digest-sudo-1.6.8_p9-r2 238
+RMD160 0ee0d452db676cc2e3e21c2b18d5f2bfd0bd012c files/digest-sudo-1.6.8_p9-r2 238
+SHA256 ffd8cbc37d836a37eb84dd49d7bc538df5a2a6b02972d5dd8f94d31496d109fa files/digest-sudo-1.6.8_p9-r2 238
diff --git a/app-admin/sudo/files/digest-sudo-1.6.8_p11 b/app-admin/sudo/files/digest-sudo-1.6.8_p11
new file mode 100644
index 0000000..a0e605f
--- /dev/null
+++ b/app-admin/sudo/files/digest-sudo-1.6.8_p11
@@ -0,0 +1 @@
+MD5 2b4dbbcec2865adbe12c5693097a6d2c sudo-1.6.8p11.tar.gz 585581
diff --git a/app-admin/sudo/files/digest-sudo-1.6.8_p12 b/app-admin/sudo/files/digest-sudo-1.6.8_p12
new file mode 100644
index 0000000..b0063e9
--- /dev/null
+++ b/app-admin/sudo/files/digest-sudo-1.6.8_p12
@@ -0,0 +1 @@
+MD5 b29893c06192df6230dd5f340f3badf5 sudo-1.6.8p12.tar.gz 585643
diff --git a/app-admin/sudo/files/digest-sudo-1.6.8_p12-r1 b/app-admin/sudo/files/digest-sudo-1.6.8_p12-r1
new file mode 100644
index 0000000..02e4692
--- /dev/null
+++ b/app-admin/sudo/files/digest-sudo-1.6.8_p12-r1
@@ -0,0 +1,3 @@
+MD5 b29893c06192df6230dd5f340f3badf5 sudo-1.6.8p12.tar.gz 585643
+RMD160 d7ff9f18ca0973615258c2e975300b94567451d5 sudo-1.6.8p12.tar.gz 585643
+SHA256 56f7d86032538a4a98d90af3742903a09ba16d6db82b593e4a47605f87fa581a sudo-1.6.8p12.tar.gz 585643
diff --git a/app-admin/sudo/files/digest-sudo-1.6.8_p9 b/app-admin/sudo/files/digest-sudo-1.6.8_p9
new file mode 100644
index 0000000..0629e17
--- /dev/null
+++ b/app-admin/sudo/files/digest-sudo-1.6.8_p9
@@ -0,0 +1 @@
+MD5 6d0346abd16914956bc7ea4f17fc85fb sudo-1.6.8p9.tar.gz 585509
diff --git a/app-admin/sudo/files/digest-sudo-1.6.8_p9-r2 b/app-admin/sudo/files/digest-sudo-1.6.8_p9-r2
new file mode 100644
index 0000000..89fdc9a
--- /dev/null
+++ b/app-admin/sudo/files/digest-sudo-1.6.8_p9-r2
@@ -0,0 +1,3 @@
+MD5 6d0346abd16914956bc7ea4f17fc85fb sudo-1.6.8p9.tar.gz 585509
+RMD160 c1c719504476ab9ac11e0421716d149120463e33 sudo-1.6.8p9.tar.gz 585509
+SHA256 68f5b3e4f5572d816cf4d23616432286da7ba96ac58c17fef23046f12c88f440 sudo-1.6.8p9.tar.gz 585509
diff --git a/app-admin/sudo/files/patch.sudo-1.6.8p9.logging.c.diff b/app-admin/sudo/files/patch.sudo-1.6.8p9.logging.c.diff
new file mode 100644
index 0000000..be6da5c
--- /dev/null
+++ b/app-admin/sudo/files/patch.sudo-1.6.8p9.logging.c.diff
@@ -0,0 +1,43 @@
+--- logging.b.c	2006-01-21 15:49:27.000000000 +0100
++++ logging.c	2006-01-21 18:47:05.000000000 +0100
+@@ -301,9 +301,9 @@
+     else
+ 	message = "unknown error ; ";
+ 
+-    easprintf(&logline, "%sTTY=%s ; PWD=%s ; USER=%s ; COMMAND=%s%s%s",
++    easprintf(&logline, "%sTTY=%s ; PWD=%s ; USER=%s ; COMMAND=%s%s%s ; SSH_CLIENT=%s",
+ 	message, user_tty, user_cwd, *user_runas, user_cmnd,
+-	user_args ? " " : "", user_args ? user_args : "");
++	user_args ? " " : "", user_args ? user_args : "", user_ssh_client ? user_ssh_client : "" );
+ 
+     mail_auth(status, logline);		/* send mail based on status */
+ 
+--- env.b.c	2005-02-06 16:37:01.000000000 +0100
++++ env.c	2006-01-21 18:42:41.000000000 +0100
+@@ -183,6 +183,8 @@
+ 		    user_prompt = *ep + 12;
+ 		else if (strncmp("SUDO_USER=", *ep, 10) == 0)
+ 		    prev_user = *ep + 10;
++		else if (strncmp("SSH_CLIENT=", *ep, 11) == 0)
++		    user_ssh_client = *ep + 11;
+ 		continue;
+ 	    case 'T':
+ 		if (strncmp("TZ=", *ep, 3) == 0)
+--- sudo.b.h	2005-03-24 00:44:46.000000000 +0100
++++ sudo.h	2006-01-21 18:51:34.000000000 +0100
+@@ -38,6 +38,7 @@
+     struct stat *cmnd_stat;
+     char *path;
+     char *shell;
++    char *user_ssh_client;
+     char *tty;
+     char  cwd[PATH_MAX];
+     char *host;
+@@ -127,6 +128,7 @@
+ #define user_shell		(sudo_user.shell)
+ #define user_tty		(sudo_user.tty)
+ #define user_cwd		(sudo_user.cwd)
++#define user_ssh_client		(sudo_user.user_ssh_client)
+ #define user_runas		(sudo_user.runas)
+ #define user_cmnd		(sudo_user.cmnd)
+ #define user_args		(sudo_user.cmnd_args)
diff --git a/app-admin/sudo/files/sudo b/app-admin/sudo/files/sudo
new file mode 100644
index 0000000..8fc562d
--- /dev/null
+++ b/app-admin/sudo/files/sudo
@@ -0,0 +1,6 @@
+#%PAM-1.0
+
+auth       required	pam_stack.so service=system-auth
+account    required	pam_stack.so service=system-auth
+password   required	pam_stack.so service=system-auth
+session	   required	pam_stack.so service=system-auth
diff --git a/app-admin/sudo/files/sudo-1.6.8_p12-ssh_client.diff b/app-admin/sudo/files/sudo-1.6.8_p12-ssh_client.diff
new file mode 100644
index 0000000..540ee74
--- /dev/null
+++ b/app-admin/sudo/files/sudo-1.6.8_p12-ssh_client.diff
@@ -0,0 +1,46 @@
+diff -uNr -r sudo-1.6.8p12-orig/env.c sudo-1.6.8p12/env.c
+--- sudo-1.6.8p12-orig/env.c	2007-03-04 18:32:36.000000000 +0100
++++ sudo-1.6.8p12/env.c	2007-03-04 18:32:06.000000000 +0100
+@@ -200,6 +200,8 @@
+ 		    user_prompt = *ep + 12;
+ 		else if (strncmp("SUDO_USER=", *ep, 10) == 0)
+ 		    prev_user = *ep + 10;
++		else if (strncmp("SSH_CLIENT=", *ep, 11) == 0)
++		    user_ssh_client = *ep + 11;
+ 		continue;
+ 	    case 'T':
+ 		if (strncmp("TZ=", *ep, 3) == 0)
+diff -uNr -r sudo-1.6.8p12-orig/logging.c sudo-1.6.8p12/logging.c
+--- sudo-1.6.8p12-orig/logging.c	2004-05-17 22:08:46.000000000 +0200
++++ sudo-1.6.8p12/logging.c	2007-03-04 18:32:06.000000000 +0100
+@@ -301,9 +301,9 @@
+     else
+ 	message = "unknown error ; ";
+ 
+-    easprintf(&logline, "%sTTY=%s ; PWD=%s ; USER=%s ; COMMAND=%s%s%s",
++    easprintf(&logline, "%sTTY=%s ; PWD=%s ; USER=%s ; COMMAND=%s%s%s ; SSH_CLIENT=%s",
+ 	message, user_tty, user_cwd, *user_runas, user_cmnd,
+-	user_args ? " " : "", user_args ? user_args : "");
++	user_args ? " " : "", user_args ? user_args : "", user_ssh_client ? user_ssh_client : "" );
+ 
+     mail_auth(status, logline);		/* send mail based on status */
+ 
+diff -uNr -r sudo-1.6.8p12-orig/sudo.h sudo-1.6.8p12/sudo.h
+--- sudo-1.6.8p12-orig/sudo.h	2005-03-24 00:44:46.000000000 +0100
++++ sudo-1.6.8p12/sudo.h	2007-03-04 18:32:06.000000000 +0100
+@@ -38,6 +38,7 @@
+     struct stat *cmnd_stat;
+     char *path;
+     char *shell;
++    char *user_ssh_client;
+     char *tty;
+     char  cwd[PATH_MAX];
+     char *host;
+@@ -127,6 +128,7 @@
+ #define user_shell		(sudo_user.shell)
+ #define user_tty		(sudo_user.tty)
+ #define user_cwd		(sudo_user.cwd)
++#define user_ssh_client	(sudo_user.user_ssh_client)
+ #define user_runas		(sudo_user.runas)
+ #define user_cmnd		(sudo_user.cmnd)
+ #define user_args		(sudo_user.cmnd_args)
diff --git a/app-admin/sudo/files/sudo-1.6.8_p8-ldap-tls_cacert.diff b/app-admin/sudo/files/sudo-1.6.8_p8-ldap-tls_cacert.diff
new file mode 100644
index 0000000..bb2570e
--- /dev/null
+++ b/app-admin/sudo/files/sudo-1.6.8_p8-ldap-tls_cacert.diff
@@ -0,0 +1,10 @@
+--- ldap.c.orig	2005-06-16 22:55:41.047152568 +0100
++++ ldap.c	2005-06-16 22:56:49.707714576 +0100
+@@ -539,6 +539,7 @@
+     else MATCH_S("ssl",     ldap_conf.ssl)
+     else MATCH_B("tls_checkpeer",   ldap_conf.tls_checkpeer)
+     else MATCH_S("tls_cacertfile",  ldap_conf.tls_cacertfile)
++    else MATCH_S("tls_cacert",      ldap_conf.tls_cacertfile)
+     else MATCH_S("tls_cacertdir",   ldap_conf.tls_cacertdir)
+     else MATCH_S("tls_randfile",    ldap_conf.tls_random_file)
+     else MATCH_S("tls_ciphers",     ldap_conf.tls_cipher_suite)
diff --git a/app-admin/sudo/files/sudo-ldap_timelimit.diff b/app-admin/sudo/files/sudo-ldap_timelimit.diff
new file mode 100644
index 0000000..2c13ba4
--- /dev/null
+++ b/app-admin/sudo/files/sudo-ldap_timelimit.diff
@@ -0,0 +1,76 @@
+diff -urN sudo-1.6.8p8/ldap.c sudo-1.6.8p8-patched/ldap.c
+--- sudo-1.6.8p8/ldap.c	2004-12-01 03:28:46.000000000 +0000
++++ sudo-1.6.8p8-patched/ldap.c	2005-06-22 08:14:59.000000000 +0000
+@@ -82,6 +82,8 @@
+   char *bindpw;
+   char *base;
+   char *ssl;
++  int  bind_timelimit;
++  int  timelimit;
+   int  tls_checkpeer;
+   char *tls_cacertfile;
+   char *tls_cacertdir;
+@@ -545,6 +547,8 @@
+     else MATCH_S("tls_cert",        ldap_conf.tls_certfile)
+     else MATCH_S("tls_key",         ldap_conf.tls_keyfile)
+     else MATCH_I("ldap_version", ldap_conf.version)
++    else MATCH_I("bind_timelimit",  ldap_conf.bind_timelimit)
++    else MATCH_I("timelimit",       ldap_conf.timelimit)
+     else MATCH_S("uri",     ldap_conf.uri)
+     else MATCH_S("binddn",  ldap_conf.binddn)
+     else MATCH_S("bindpw",  ldap_conf.bindpw)
+@@ -566,6 +570,8 @@
+   if (!ldap_conf.version) ldap_conf.version=3;
+   if (!ldap_conf.port) ldap_conf.port=389;
+   if (!ldap_conf.host) ldap_conf.host=estrdup("localhost");
++  if (!ldap_conf.bind_timelimit) ldap_conf.bind_timelimit=30;
++  if (!ldap_conf.timelimit) ldap_conf.timelimit=30;
+ 
+ 
+   if (ldap_conf.debug>1) {
+@@ -589,6 +595,10 @@
+                  ldap_conf.binddn : "(anonymous)");
+     printf("bindpw       %s\n", ldap_conf.bindpw ?
+                  ldap_conf.bindpw : "(anonymous)");
++    printf("bind_timelimit  %d\n", ldap_conf.bind_timelimit ?
++                 ldap_conf.bind_timelimit : 30);
++    printf("timelimit    %d\n", ldap_conf.timelimit ?
++                 ldap_conf.timelimit : 30);
+ #ifdef HAVE_LDAP_START_TLS_S
+     printf("ssl          %s\n", ldap_conf.ssl ?
+                  ldap_conf.ssl    : "(no)");
+@@ -772,6 +782,34 @@
+   }
+ #endif /* LDAP_OPT_X_TLS_REQUIRE_CERT */
+ 
++  /* setup timelimit options */
++
++SET_OPTI(LDAP_OPT_TIMELIMIT, "TIMELIMIT", timelimit);
++
++#ifdef LDAP_X_OPT_CONNECT_TIMEOUT
++  int timeout;
++  timeout = ldap_conf.bind_timelimit * 1000;
++
++  SET_OPTI(LDAP_X_OPT_CONNECT_TIMEOUT, "X_OPT_CONNECT_TIMEOUT", timeout);
++#endif  
++
++#ifdef LDAP_OPT_NETWORK_TIMEOUT
++  if (ldap_conf.debug>1) fprintf(stderr, "setting bind_timelimit to %d\n", \
++      ldap_conf.bind_timelimit);
++
++  struct timeval tv;
++
++  tv.tv_sec = ldap_conf.bind_timelimit;
++  tv.tv_usec = 0;
++
++  rc = ldap_set_option (ld, LDAP_OPT_NETWORK_TIMEOUT, &tv);
++    
++  if (rc != LDAP_OPT_SUCCESS) {
++    fprintf(stderr, "bind_timelimit ldap_set_option failed: %s\n", ldap_err2string(rc));
++    return VALIDATE_ERROR;
++  }
++#endif  
++
+   /* attempt connect */
+ #ifdef HAVE_LDAP_INITIALIZE
+   if (ldap_conf.uri) {
diff --git a/app-admin/sudo/files/sudo-skeychallengeargs.diff b/app-admin/sudo/files/sudo-skeychallengeargs.diff
new file mode 100644
index 0000000..3c90cfa
--- /dev/null
+++ b/app-admin/sudo/files/sudo-skeychallengeargs.diff
@@ -0,0 +1,15 @@
+--- sudo-1.6.7p5/auth/rfc1938.c	2003-04-16 01:39:15.000000000 +0100
++++ sudo-1.6.7p5/auth/rfc1938.c.new	2004-09-17 20:01:00.996902672 +0100
+@@ -64,11 +64,7 @@
+ #if defined(HAVE_SKEY)
+ # include <skey.h>
+ # define RFC1938				skey
+-#  ifdef __NetBSD__
+-#   define rfc1938challenge(a,b,c,d)	skeychallenge((a),(b),(c),(d))
+-#  else
+-#   define rfc1938challenge(a,b,c,d)	skeychallenge((a),(b),(c))
+-#  endif
++#  define rfc1938challenge(a,b,c,d)	skeychallenge((a),(b),(c),(d))
+ # define rfc1938verify(a,b)		skeyverify((a),(b))
+ #elif defined(HAVE_OPIE)
+ # include <opie.h>
diff --git a/app-admin/sudo/files/sudoers b/app-admin/sudo/files/sudoers
new file mode 100644
index 0000000..4642d50
--- /dev/null
+++ b/app-admin/sudo/files/sudoers
@@ -0,0 +1,55 @@
+# sudoers file.
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the sudoers man page for the details on how to write a sudoers file.
+#
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# Defaults specification
+
+# Reset environment by default
+Defaults	env_reset
+
+# Uncomment to allow users in group wheel to export variables
+# Defaults:%wheel	!env_reset
+
+# Allow users in group users to export specific variables
+# Defaults:%users	env_keep=TZ
+
+# Allow specific user to bypass env_delete for TERMCAP
+# Defaults:user     env_delete-=TERMCAP
+
+# Set default EDITOR to vi, and do not allow visudo to use EDITOR/VISUAL.
+# Defaults	editor=/usr/bin/vim, !env_editor
+
+# Runas alias specification
+
+# *** REMEMBER ***************************************************
+# * GIVING SUDO ACCESS TO USERS ALLOWS THEM TO RUN THE SPECIFIED *
+# * COMMANDS WITH ELEVATED PRIVILEGES.                           *
+# *                                                              *
+# * NEVER PERMIT UNTRUSTED USERS TO ACCESS SUDO.                 *
+# ****************************************************************
+
+# User privilege specification
+root	ALL=(ALL) ALL
+
+# Uncomment to allow people in group wheel to run all commands
+# %wheel	ALL=(ALL)	ALL
+
+# Same thing without a password
+# %wheel	ALL=(ALL)	NOPASSWD: ALL
+
+# Users in group www are allowed to  edit httpd.conf and ftpd.conf
+# using sudoedit, or sudo -e, without a password.
+# %www		ALL=(ALL)	NOPASSWD: sudoedit /etc/httpd.conf, /etc/ftpd.conf
+
+# Samples
+# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
+# %users  localhost=/sbin/shutdown -h now
diff --git a/app-admin/sudo/metadata.xml b/app-admin/sudo/metadata.xml
new file mode 100644
index 0000000..364628b
--- /dev/null
+++ b/app-admin/sudo/metadata.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>no-herd</herd>
+<maintainer>
+  <email>taviso@gentoo.org</email>
+</maintainer>
+<maintainer>
+	<email>lcars@gentoo.org</email>
+	<description>ldap support</description>
+</maintainer>
+<longdescription>
+Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while logging the commands and arguments.
+</longdescription>
+</pkgmetadata>
diff --git a/app-admin/sudo/sudo-1.6.8_p12-r1.ebuild b/app-admin/sudo/sudo-1.6.8_p12-r1.ebuild
new file mode 100644
index 0000000..10d0a73
--- /dev/null
+++ b/app-admin/sudo/sudo-1.6.8_p12-r1.ebuild
@@ -0,0 +1,202 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/sudo-1.6.8_p12-r1.ebuild,v 1.12 2007/03/04 13:00:59 ticho Exp $
+
+inherit eutils pam flag-o-matic
+
+# TODO: Fix support for krb4 and krb5
+
+DESCRIPTION="Allows users or groups to run commands as other users"
+HOMEPAGE="http://www.sudo.ws/"
+SRC_URI="ftp://ftp.sudo.ws/pub/sudo/${P/_/}.tar.gz"
+LICENSE="Sudo"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc ~sparc-fbsd x86 ~x86-fbsd"
+IUSE="pam skey offensive ldap selinux"
+
+DEPEND="pam? ( || ( virtual/pam sys-libs/pam ) )
+	ldap? ( >=net-nds/openldap-2.1.30-r1 )
+	skey? ( >=app-admin/skey-1.1.5-r1 )
+	virtual/editor
+	virtual/mta"
+RDEPEND="selinux? ( sec-policy/selinux-sudo )
+	ldap? ( dev-lang/perl )
+	${DEPEND}"
+DEPEND="${RDEPEND} sys-devel/bison"
+
+S=${WORKDIR}/${P/_/}
+
+src_unpack() {
+	unpack ${A}; cd ${S}
+
+	# patch falco pour les logs et pam
+	epatch ${FILESDIR}/${P}-ssh_client.diff
+
+	# ldap failover patch
+	epatch ${FILESDIR}/${PN}-ldap_timelimit.diff
+
+	# compatability fix.
+	epatch ${FILESDIR}/${PN}-skeychallengeargs.diff
+
+	# make tls_cacert synonymous with tls_cacertfile.
+	epatch ${FILESDIR}/${PN}-1.6.8_p8-ldap-tls_cacert.diff
+
+	# additional variables to disallow, should user disable env_reset.
+
+	# NOTE: this is not a supported mode of operation, these variables
+	#       are added to the blacklist as a convenience to administrators
+	#       who fail to heed the warnings of allowing untrusted users
+	#       to access sudo.
+	#
+	#       there is *no possible way* to foresee all attack vectors in
+	#       all possible applications that could potentially be used via
+	#       sudo, these settings will just delay the inevitable.
+	#
+	#       that said, I will accept suggestions for variables that can
+	#       be misused in _common_ interpreters or libraries, such as
+	#       perl, bash, python, ruby, etc., in the hope of dissuading
+	#       a casual attacker.
+
+	# XXX: perl should be using suid_perl.
+	# XXX: users can remove/add more via env_delete and env_check.
+	# XXX: <?> = probably safe enough for most circumstances.
+
+	einfo "Blacklisting common variables (env_delete)..."
+		sudo_bad_var 'PERLIO_DEBUG'   # perl, write debug to file.
+		sudo_bad_var 'FPATH'          # ksh, search path for functions.
+		sudo_bad_var 'NULLCMD'        # zsh, command on null-redir. <?>
+		sudo_bad_var 'READNULLCMD'    # zsh, command on null-redir. <?>
+#		sudo_bad_var 'TMPPREFIX'      # zsh, prefix for tmp files. <?>
+		sudo_bad_var 'GLOBIGNORE'     # bash, glob paterns to ignore. <?>
+		sudo_bad_var 'PYTHONHOME'     # python, module search path.
+		sudo_bad_var 'PYTHONPATH'     # python, search path.
+		sudo_bad_var 'PYTHONINSPECT'  # python, allow inspection.
+		sudo_bad_var 'RUBYLIB'        # ruby, lib load path.
+		sudo_bad_var 'RUBYOPT'        # ruby, cl options.
+#		sudo_bad_var 'RUBYPATH'       # ruby, script search path. <?>
+		sudo_bad_var 'ZDOTDIR'        # zsh, path to search for dotfiles.
+	einfo "...done."
+
+	# prevent binaries from being stripped.
+	sed -i 's/\($(INSTALL).*\) -s \(.*[(sudo|visudo)]\)/\1 \2/g' Makefile.in
+}
+
+src_compile() {
+	local line ROOTPATH
+
+	# FIXME: secure_path is a compile time setting. using ROOTPATH
+	# is not perfect, env-update may invalidate this, but until it
+	# is available as a sudoers setting this will have to do.
+	einfo "Setting secure_path..."
+
+		# why not use grep? variable might be expanded from other variables
+		# declared in that file. cannot just source the file, would override
+		# any variables already set.
+		eval `PS4= bash -x /etc/profile.env 2>&1 | \
+			while read line; do
+				case $line in
+					ROOTPATH=*) echo $line; break;;
+					*) continue;;
+				esac
+			done`  && einfo "	Found ROOTPATH..." || \
+				ewarn "	Failed to find ROOTPATH, please report this."
+
+		# remove any duplicate entries
+		ROOTPATH=$(cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}})
+
+		# strip gcc path (bug #136027)
+		rmpath ROOTPATH '*/gcc-bin/*'
+
+	einfo "...done."
+
+	# XXX: --disable-path-info closes an info leak, but may be confusing.
+	# XXX: /bin/vi may not be available, make nano visudo's default.
+	econf --with-secure-path="${ROOTPATH}" \
+		--with-editor=/bin/nano \
+		--with-env-editor \
+		$(use_with offensive insults) \
+		$(use_with offensive all-insults) \
+		$(use_with pam) \
+		$(use_with skey) \
+		$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) \
+		$(use_with ldap) || die
+
+	# disallow lazy bindings
+	emake SUDO_LDFLAGS="$(bindnow-flags)" || die
+}
+
+src_install() {
+	einstall || die
+	dodoc BUGS CHANGES HISTORY PORTING README RUNSON TODO \
+		TROUBLESHOOTING UPGRADE sample.*
+
+	if use ldap; then
+		dodoc README.LDAP
+		dosbin sudoers2ldif
+
+		printf "# See ldap.conf(5) and README.LDAP for details\n" 					> ${T}/ldap.conf.sudo
+		printf "# This file should only be readable by root\n\n" 					>> ${T}/ldap.conf.sudo
+		printf "# supported directives: host, port, ssl, ldap_version\n" 			>> ${T}/ldap.conf.sudo
+		printf "# uri, binddn, bindpw, sudoers_base, sudoers_debug\n" 				>> ${T}/ldap.conf.sudo
+		printf "# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}\n"	>> ${T}/ldap.conf.sudo
+
+		insinto /etc
+		doins ${T}/ldap.conf.sudo
+		fperms 0440 /etc/ldap.conf.sudo
+	fi
+
+	if has_version virtual/pam; then
+		pamd_mimic_system sudo auth account password session
+	else
+		dopamd ${FILESDIR}/sudo
+	fi
+
+	insinto /etc
+	doins ${FILESDIR}/sudoers
+	fperms 0440 /etc/sudoers
+}
+
+# remove duplicate path entries from $1
+cleanpath() {
+	local i=1 x n IFS=:
+	local -a paths;	paths=($1)
+
+	for ((n=${#paths[*]}-1;i<=n;i++)); do
+		for ((x=0;x<i;x++)); do
+			test "${paths[i]}" == "${paths[x]}" && {
+				einfo "	Duplicate entry ${paths[i]} removed..." 1>&2
+				unset paths[i]; continue 2; }
+		done; # einfo "	Adding ${paths[i]}..." 1>&2
+	done; echo "${paths[*]}"
+}
+
+# add $1 to default env_delete list.
+sudo_bad_var() {
+	local target='env.c' marker='\*initial_badenv_table\[\]'
+
+	ebegin "	$1"
+		sed -i 's#\(^.*'${marker}'.*$\)#\1\n\t"'${1}'",#' ${S}/${target}
+	eend $?
+}
+
+rmpath() {
+	declare e newpath oldpath=${!1} PATHvar=$1 thisp IFS=:
+	shift
+	for thisp in $oldpath; do
+		for e; do [[ $thisp == $e ]] && continue 2; done
+		newpath=$newpath:$thisp
+	done
+	eval $PATHvar='${newpath#:}'
+}
+
+pkg_postinst() {
+	use skey && use pam && {
+		ewarn "sudo will not use skey authentication when compiled with"
+		ewarn "pam support."
+		ewarn "To allow users to authenticate with one time passwords,"
+		ewarn "you should unset the pam USE flag for sudo."
+	}
+	use ldap && {
+		ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."
+	}
+}
diff --git a/app-admin/sudo/sudo-1.6.8_p9-r2.ebuild b/app-admin/sudo/sudo-1.6.8_p9-r2.ebuild
new file mode 100644
index 0000000..dded346
--- /dev/null
+++ b/app-admin/sudo/sudo-1.6.8_p9-r2.ebuild
@@ -0,0 +1,199 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/sudo-1.6.8_p9-r2.ebuild,v 1.14 2005/11/24 18:33:48 corsair Exp $
+
+inherit eutils pam
+
+# TODO: Fix support for krb4 and krb5
+
+DESCRIPTION="Allows users or groups to run commands as other users"
+HOMEPAGE="http://www.sudo.ws/"
+SRC_URI="ftp://ftp.sudo.ws/pub/sudo/${P/_/}.tar.gz"
+LICENSE="Sudo"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86"
+IUSE="pam skey offensive ldap selinux"
+
+DEPEND="pam? ( || ( virtual/pam sys-libs/pam ) )
+	ldap? ( >=net-nds/openldap-2.1.30-r1 )
+	skey? ( >=app-admin/skey-1.1.5-r1 )
+	sys-devel/bison
+	virtual/editor
+	virtual/mta"
+RDEPEND="selinux? ( sec-policy/selinux-sudo )
+	ldap? ( dev-lang/perl )
+	${DEPEND}"
+
+S=${WORKDIR}/${P/_/}
+
+src_unpack() {
+	unpack ${A}; cd ${S}
+
+	# patch falco
+	epatch ${FILESDIR}/patch.sudo-1.6.8p9.logging.c.diff
+
+	# ldap failover patch
+	epatch ${FILESDIR}/${PN}-ldap_timelimit.diff
+
+	# compatability fix.
+	epatch ${FILESDIR}/${PN}-skeychallengeargs.diff
+
+	# make tls_cacert synonymous with tls_cacertfile.
+	epatch ${FILESDIR}/${PN}-1.6.8_p8-ldap-tls_cacert.diff
+
+	# additional variables to disallow, should user disable env_reset.
+
+	# NOTE: this is not a supported mode of operation, these variables
+	#       are added to the blacklist as a convenience to administrators
+	#       who fail to heed the warnings of allowing untrusted users
+	#       to access sudo.
+	#
+	#       there is *no possible way* to foresee all attack vectors in
+	#       all possible applications that could potentially be used via
+	#       sudo, these settings will just delay the inevitable.
+	#
+	#       that said, I will accept suggestions for variables that can
+	#       be misused in _common_ interpreters or libraries, such as
+	#       perl, bash, python, ruby, etc., in the hope of dissuading
+	#       a casual attacker.
+
+	# XXX: perl should be using suid_perl.
+	# XXX: users can remove/add more via env_delete and env_check.
+	# XXX: <?> = probably safe enough for most circumstances.
+
+	einfo "Blacklisting common variables (env_delete)..."
+		sudo_bad_var 'SHELLOPTS'      # bash, change shoptions.
+		sudo_bad_var 'PERLIO_DEBUG'   # perl, write debug to file.
+		sudo_bad_var 'PERL5LIB'       # perl, change search path.
+		sudo_bad_var 'PERLLIB'        # perl, change search path.
+#		sudo_bad_var 'PERL_HASH_SEED' # perl, change seed. <?>
+#		sudo_bad_var 'PERL_HASH_SEED_DEBUG' # perl, disclose seed. <?>
+#		sudo_bad_var 'PERL_SIGNALS'   # perl, use deferred signals. <?>
+		sudo_bad_var 'FPATH'          # ksh, search path for functions.
+		sudo_bad_var 'PS4'            # sh, in case set -x is used. <?>
+		sudo_bad_var 'NULLCMD'        # zsh, command on null-redir. <?>
+		sudo_bad_var 'READNULLCMD'    # zsh, command on null-redir. <?>
+#		sudo_bad_var 'TMPPREFIX'      # zsh, prefix for tmp files. <?>
+		sudo_bad_var 'GLOBIGNORE'     # bash, glob paterns to ignore. <?>
+		sudo_bad_var 'PERL5OPT'       # perl, set options.
+		sudo_bad_var 'PYTHONHOME'     # python, module search path.
+		sudo_bad_var 'PYTHONPATH'     # python, search path.
+		sudo_bad_var 'PYTHONINSPECT'  # python, allow inspection.
+		sudo_bad_var 'RUBYLIB'        # ruby, lib load path.
+		sudo_bad_var 'RUBYOPT'        # ruby, cl options.
+#		sudo_bad_var 'RUBYPATH'       # ruby, script search path. <?>
+		sudo_bad_var 'ZDOTDIR'        # zsh, path to search for dotfiles.
+	einfo "...done."
+
+	# prevent binaries from being stripped.
+	sed -i 's/\($(INSTALL).*\) -s \(.*[(sudo|visudo)]\)/\1 \2/g' Makefile.in
+}
+
+src_compile() {
+	local line ROOTPATH
+
+	# FIXME: secure_path is a compile time setting. using ROOTPATH
+	# is not perfect, env-update may invalidate this, but until it
+	# is available as a sudoers setting this will have to do.
+	einfo "Setting secure_path..."
+
+		# why not use grep? variable might be expanded from other variables
+		# declared in that file. cannot just source the file, would override
+		# any variables already set.
+		eval `PS4= bash -x /etc/profile.env 2>&1 | \
+			while read line; do
+				case $line in
+					ROOTPATH=*) echo $line; break;;
+					*) continue;;
+				esac
+			done`  && einfo "	Found ROOTPATH..." || \
+				ewarn "	Failed to find ROOTPATH, please report this."
+
+		# remove any duplicate entries
+		ROOTPATH=$(cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}})
+
+	einfo "...done."
+
+	# XXX: --disable-path-info closes an info leak, but may be confusing.
+	# XXX: /bin/vi may not be available, make nano visudo's default.
+	econf --with-secure-path="/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin:/usr/local/bin:/usr/i686-pc-linux-gnu/gcc-bin/3.4.4/" \
+		--with-editor=/usr/bin/vim \
+		--with-env-editor \
+		--with-all-insults \
+		--disable-path-info \
+		$(use_with offensive insults) \
+		$(use_with offensive all-insults) \
+		$(use_with pam) \
+		$(use_with skey) \
+		$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) \
+		$(use_with ldap) || die
+
+	# disallow lazy bindings
+	emake SUDO_LDFLAGS="-Wl,-z,now" || die
+}
+
+src_install() {
+	einstall || die
+	dodoc BUGS CHANGES HISTORY PORTING README RUNSON TODO \
+		TROUBLESHOOTING UPGRADE sample.*
+
+	if use ldap; then
+		dodoc README.LDAP
+		dosbin sudoers2ldif
+
+		printf "# See ldap.conf(5) and README.LDAP for details\n" 					> ${T}/ldap.conf.sudo
+		printf "# This file should only be readable by root\n\n" 					>> ${T}/ldap.conf.sudo
+		printf "# supported directives: host, port, ssl, ldap_version\n" 			>> ${T}/ldap.conf.sudo
+		printf "# uri, binddn, bindpw, sudoers_base, sudoers_debug\n" 				>> ${T}/ldap.conf.sudo
+		printf "# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}\n"	>> ${T}/ldap.conf.sudo
+
+		insinto /etc
+		doins ${T}/ldap.conf.sudo
+		fperms 0440 /etc/ldap.conf.sudo
+	fi
+
+	if has_version virtual/pam; then
+		pamd_mimic_system sudo auth account password session
+	else
+		dopamd ${FILESDIR}/sudo
+	fi
+
+	insinto /etc
+	doins ${FILESDIR}/sudoers
+	fperms 0440 /etc/sudoers
+}
+
+# remove duplicate path entries from $1
+cleanpath() {
+	local i=1 x n IFS=:
+	local -a paths;	paths=($1)
+
+	for ((n=${#paths[*]}-1;i<=n;i++)); do
+		for ((x=0;x<i;x++)); do
+			test "${paths[i]}" == "${paths[x]}" && {
+				einfo "	Duplicate entry ${paths[i]} removed..." 1>&2
+				unset paths[i]; continue 2; }
+		done; # einfo "	Adding ${paths[i]}..." 1>&2
+	done; echo "${paths[*]}"
+}
+
+# add $1 to default env_delete list.
+sudo_bad_var() {
+	local target='env.c' marker='\*initial_badenv_table\[\]'
+
+	ebegin "	$1"
+		sed -i 's#\(^.*'${marker}'.*$\)#\1\n\t"'${1}'",#' ${S}/${target}
+	eend $?
+}
+
+pkg_postinst() {
+	use skey && use pam && {
+		ewarn "sudo will not use skey authentication when compiled with"
+		ewarn "pam support."
+		ewarn "To allow users to authenticate with one time passwords,"
+		ewarn "you should unset the pam USE flag for sudo."
+	}
+	use ldap && {
+		ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."
+	}
+}
-- 
cgit v1.2.3-65-gdbad