git: 7450af9c503c - main - security/sudo-rs: Update 0.2.12 => 0.2.13
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 22 Mar 2026 22:17:57 UTC
The branch main has been updated by nxjoseph:
URL: https://cgit.FreeBSD.org/ports/commit/?id=7450af9c503c053659c06f96a098dd7e156a2377
commit 7450af9c503c053659c06f96a098dd7e156a2377
Author: Valdemar Erk <valdemar@erk.dev>
AuthorDate: 2026-03-11 14:35:37 +0000
Commit: Yusuf Yaman <nxjoseph@FreeBSD.org>
CommitDate: 2026-03-22 22:17:04 +0000
security/sudo-rs: Update 0.2.12 => 0.2.13
Changelog:
- Password now gets echoed by default, see sudoers file to revert
https://github.com/trifectatechfoundation/sudo-rs/releases/tag/v0.2.13
Port changes:
- Replace hardcoded /usr/local with %%PREFIX%% in files/sudoers.
- Use absolute path for "@includedir ..." in files/sudoers.
PR: 293735
Reported by: Valdemar Erk <valdemar@erk.dev>
Approved by: Marc Schoolderman <marc@trifectatech.org> (maintainer)
Approved by: osa@ (mentor)
---
security/sudo-rs/Makefile | 6 ++++--
security/sudo-rs/Makefile.crates | 2 +-
security/sudo-rs/distinfo | 10 +++++-----
security/sudo-rs/files/patch-src_pam_rpassword.rs | 14 ++++++++++++++
security/sudo-rs/files/{sudoers => sudoers.in} | 11 +++++++----
5 files changed, 31 insertions(+), 12 deletions(-)
diff --git a/security/sudo-rs/Makefile b/security/sudo-rs/Makefile
index c85edcc53e91..e13cb04708df 100644
--- a/security/sudo-rs/Makefile
+++ b/security/sudo-rs/Makefile
@@ -1,6 +1,6 @@
PORTNAME= sudo-rs
DISTVERSIONPREFIX= v
-DISTVERSION= 0.2.12
+DISTVERSION= 0.2.13
CATEGORIES= security
MAINTAINER= marc@trifectatech.org
@@ -35,6 +35,8 @@ RS_SUFFIX= -rs
PLIST_SUB+= NO_COEXIST="@comment "
.endif
+SUB_FILES= sudoers
+
PLIST_SUB+= RS_SUFFIX=${RS_SUFFIX}
PORTDOCS= CHANGELOG.md CONTRIBUTING.md COPYRIGHT LICENSE-* README.md SECURITY.md
@@ -55,7 +57,7 @@ post-install:
${RM} ${STAGEDIR}${PREFIX}/bin/su
.if ${FLAVOR} == default
${INSTALL_DATA} ${FILESDIR}/pam.conf ${STAGEDIR}${PREFIX}/etc/pam.d/sudo.default
- ${INSTALL_DATA} ${FILESDIR}/sudoers ${STAGEDIR}${PREFIX}/etc/sudoers.dist
+ ${INSTALL_DATA} ${WRKDIR}/sudoers ${STAGEDIR}${PREFIX}/etc/sudoers.dist
.else
${MV} ${STAGEDIR}${PREFIX}/bin/sudo ${STAGEDIR}${PREFIX}/bin/sudo${RS_SUFFIX}
.endif
diff --git a/security/sudo-rs/Makefile.crates b/security/sudo-rs/Makefile.crates
index 525a8f99b8d7..c594955d597a 100644
--- a/security/sudo-rs/Makefile.crates
+++ b/security/sudo-rs/Makefile.crates
@@ -1,2 +1,2 @@
CARGO_CRATES= glob-0.3.3 \
- libc-0.2.180
+ libc-0.2.183
diff --git a/security/sudo-rs/distinfo b/security/sudo-rs/distinfo
index 191186d4cc72..ccaec81c37d2 100644
--- a/security/sudo-rs/distinfo
+++ b/security/sudo-rs/distinfo
@@ -1,7 +1,7 @@
-TIMESTAMP = 1771292939
+TIMESTAMP = 1773238460
SHA256 (rust/crates/glob-0.3.3.crate) = 0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280
SIZE (rust/crates/glob-0.3.3.crate) = 22861
-SHA256 (rust/crates/libc-0.2.180.crate) = bcc35a38544a891a5f7c865aca548a982ccb3b8650a5b06d0fd33a10283c56fc
-SIZE (rust/crates/libc-0.2.180.crate) = 812207
-SHA256 (trifectatechfoundation-sudo-rs-v0.2.12_GH0.tar.gz) = 1f4a0577df3ae64fd35d75d30ece458fa18d57bdc7bc777aea3bfdfcb841dbeb
-SIZE (trifectatechfoundation-sudo-rs-v0.2.12_GH0.tar.gz) = 1187822
+SHA256 (rust/crates/libc-0.2.183.crate) = b5b646652bf6661599e1da8901b3b9522896f01e736bad5f723fe7a3a27f899d
+SIZE (rust/crates/libc-0.2.183.crate) = 816918
+SHA256 (trifectatechfoundation-sudo-rs-v0.2.13_GH0.tar.gz) = 79becefc504d14ffccc7cab18d42f8d892e78b2d13d9c5bb887c5f02a2721eaf
+SIZE (trifectatechfoundation-sudo-rs-v0.2.13_GH0.tar.gz) = 1202390
diff --git a/security/sudo-rs/files/patch-src_pam_rpassword.rs b/security/sudo-rs/files/patch-src_pam_rpassword.rs
new file mode 100644
index 000000000000..fd5dd22cf132
--- /dev/null
+++ b/security/sudo-rs/files/patch-src_pam_rpassword.rs
@@ -0,0 +1,14 @@
+Based upon https://github.com/trifectatechfoundation/sudo-rs/commit/d43ff79df262568d8977771f03977d5965bf8474
+
+---
+
+--- src/pam/rpassword.rs.orig 2026-03-11 14:23:39 UTC
++++ src/pam/rpassword.rs
+@@ -263,6 +263,7 @@ fn read_unbuffered(
+ if read_byte == b'\t' && feedback.visible_len.take().is_some() {
+ feedback.clear();
+ let _ = feedback.sink.write(b"(no echo)");
++ continue;
+ }
+ }
+
diff --git a/security/sudo-rs/files/sudoers b/security/sudo-rs/files/sudoers.in
similarity index 89%
rename from security/sudo-rs/files/sudoers
rename to security/sudo-rs/files/sudoers.in
index 99ef7934c811..7c04747e20cf 100644
--- a/security/sudo-rs/files/sudoers
+++ b/security/sudo-rs/files/sudoers.in
@@ -10,12 +10,12 @@
##
## Preserve editor environment variables for visudo.
## To preserve these for all commands, remove the "!visudo" qualifier.
-Defaults!/usr/local/sbin/visudo env_keep += "SUDO_EDITOR EDITOR VISUAL"
+Defaults!%%PREFIX%%/sbin/visudo env_keep += "SUDO_EDITOR EDITOR VISUAL"
##
## Use a hard-coded PATH instead of the user's to find commands.
## This also helps prevent poorly written scripts from running
## arbitrary commands under sudo.
-Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+Defaults secure_path="%%PREFIX%%/sbin:%%PREFIX%%/bin:/usr/sbin:/usr/bin:/sbin:/bin"
##
## Uncomment if needed to preserve environmental variables related to the
## FreeBSD pkg utility and fetch.
@@ -49,6 +49,9 @@ Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/b
## not the user's own terminal, to prevent command injection.
# Defaults>root !use_pty
##
+## Uncomment if the historical silent password prompt is desired
+# Defaults !pwfeedback
+##
##
## User privilege specification
@@ -69,5 +72,5 @@ root ALL=(ALL:ALL) ALL
# Defaults targetpw # Ask for the password of the target user
# ALL ALL=(ALL:ALL) ALL # WARNING: only use this together with 'Defaults targetpw'
-## Read drop-in files from /usr/local/etc/sudoers.d
-@includedir sudoers.d
+## Read drop-in files from %%PREFIX%%/etc/sudoers.d
+@includedir %%PREFIX%%/etc/sudoers.d