git: 981ae9b6ddc1 - 2022Q2 - security/sudo: Update to 1.9.11

From: Renato Botelho <>
Date: Wed, 22 Jun 2022 14:04:05 UTC
The branch 2022Q2 has been updated by garga:


commit 981ae9b6ddc1d0484c9e5a72b28104e2e9f0e2fa
Author:     Cy Schubert <>
AuthorDate: 2022-06-07 03:56:57 +0000
Commit:     Renato Botelho <>
CommitDate: 2022-06-22 14:03:15 +0000

    security/sudo: Update to 1.9.11
    Major changes between sudo 1.9.11 and 1.9.10:
     * Fixed a crash in the Python module with Python 3.9.10 on some
       systems.  Additionally, "make check" now passes for Python 3.9.10.
     * Error messages sent via email now include more details, including
       the file name and the line number and column of the error.
       Multiple errors are sent in a single message.  Previously, only
       the first error was included.
     * Fixed logging of parse errors in JSON format.  Previously,
       the JSON logger would not write entries unless the command and
       runuser were set.  These may not be known at the time a parse
       error is encountered.
     * Fixed a potential crash parsing sudoers lines larger than twice
       the value of LINE_MAX on systems that lack the getdelim() function.
     * The tests run by "make check" now unset the LANGUAGE environment
       variable.  Otherwise, localization strings will not match if
       LANGUAGE is set to a non-English locale.  Bug #1025.
     * The "starttime" test now passed when run under Debian faketime.
       Bug #1026.
     * The Kerberos authentication module now honors the custom password
       prompt if one has been specified.
     * The embedded copy of zlib has been updated to version 1.2.12.
     * Updated the version of libtool used by sudo to version 2.4.7.
     * Sudo now defines _TIME_BITS to 64 on systems that define __TIMESIZE
       in the header files (currently only GNU libc).  This is required
       to allow the use of 64-bit time values on some 32-bit systems.
     * Sudo's "intercept" and "log_subcmds" options no longer force the
       command to run in its own pseudo-terminal.  It is now also
       possible to intercept the system(3) function.
     * Fixed a bug in sudo_logsrvd when run in store-first relay mode
       where the commit point messages sent by the server were incorrect
       if the command was suspended or received a window size change
     * Fixed a potential crash in sudo_logsrvd when the "tls_dhparams"
       configuration setting was used.
     * The "intercept" and "log_subcmds" functionality can now use
       ptrace(2) on Linux systems that support seccomp(2) filtering.
       This has the advantage of working for both static and dynamic
       binaries and can work with sudo's SELinux RBAC mode.  The following
       architectures are currently supported: i386, x86_64, aarch64,
       arm, mips (log_subcmds only), powerpc, riscv, and s390x.  The
       default is to use ptrace(2) where possible; the new "intercept_type"
       sudoers setting can be used to explicitly set the type.
     * New Georgian translation from
     * Fixed creating packages on CentOS Stream.
     * Fixed a bug in the intercept and log_subcmds support where
       the execve(2) wrapper was using the current environment instead
       of the passed environment pointer.  Bug #1030.
     * Added AppArmor integration for Linux.  A sudoers rule can now
       specify an APPARMOR_PROFILE option to run a command confined by
       the named AppArmor profile.
     * Fixed parsing of the "server_log" setting in sudo_logsrvd.conf.
       Non-paths were being treated as paths and an actual path was
       treated as an error.
    PR:             264515
    Approved by:    garga (maintainer)
    (cherry picked from commit 3ee710e0b22309a7e87c71b87bf5510aa8678ed8)
 security/sudo/Makefile  | 2 +-
 security/sudo/distinfo  | 6 +++---
 security/sudo/pkg-plist | 3 ++-
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/security/sudo/Makefile b/security/sudo/Makefile
index 8604dfd55a47..32b71421d363 100644
--- a/security/sudo/Makefile
+++ b/security/sudo/Makefile
@@ -1,7 +1,7 @@
 # Created by:
 CATEGORIES=	security
diff --git a/security/sudo/distinfo b/security/sudo/distinfo
index 9af39db8cfd6..f53f26673ed0 100644
--- a/security/sudo/distinfo
+++ b/security/sudo/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1646349086
-SHA256 (sudo-1.9.10.tar.gz) = 44a1461098e7c7b8e6ac597499c24fb2e43748c0c139a8b4944e57d1349a64f4
-SIZE (sudo-1.9.10.tar.gz) = 4516568
+TIMESTAMP = 1654573243
+SHA256 (sudo-1.9.11.tar.gz) = b5476e30d83ca14734da9370f2206beb21c8a33fc85a504fb8a61d18d8b351be
+SIZE (sudo-1.9.11.tar.gz) = 4822882
diff --git a/security/sudo/pkg-plist b/security/sudo/pkg-plist
index 8f30f2595165..6535e32b2fc3 100644
--- a/security/sudo/pkg-plist
+++ b/security/sudo/pkg-plist
@@ -22,12 +22,12 @@ man/man1/cvtsudoers.1.gz
@@ -97,6 +97,7 @@ sbin/sudo_sendlog