PSARC/2011/252 sudo 1.8.1
authorDarren J Moffat <Darren.Moffat@Oracle.COM>
Mon, 01 Aug 2011 12:41:59 -0700
changeset 447 7ca7b95abd2f
parent 446 ba4f3a6be7f7
child 448 e07a264a6e3d
PSARC/2011/252 sudo 1.8.1 7056913 sudo 1.8.1
components/sudo/Makefile
components/sudo/patches/Makefile.in.patch
components/sudo/patches/audit-event.patch
components/sudo/patches/compat-build.patch
components/sudo/patches/solaris.patch
components/sudo/patches/sudo_man_in.patch
components/sudo/patches/sudoers_man_in.patch
components/sudo/patches/visudo_man_in.patch
components/sudo/sudo.license
components/sudo/sudo.p5m
--- a/components/sudo/Makefile	Mon Aug 01 12:07:26 2011 -0700
+++ b/components/sudo/Makefile	Mon Aug 01 12:41:59 2011 -0700
@@ -25,12 +25,12 @@
 include ../../make-rules/shared-macros.mk
 
 COMPONENT_NAME=		sudo
-SRC_VERSION=	1.7.4
-SRC_PATCH_VERSION=	4
+SRC_VERSION=	1.8.1
+SRC_PATCH_VERSION=	2
 COMPONENT_VERSION=	$(SRC_VERSION).$(SRC_PATCH_VERSION)
 COMPONENT_SRC=		$(COMPONENT_NAME)-$(SRC_VERSION)p$(SRC_PATCH_VERSION)
 COMPONENT_ARCHIVE=	$(COMPONENT_SRC).tar.gz
-COMPONENT_ARCHIVE_HASH=	sha1:c873f509f80d5722989a912a42a61ad27b71453f
+COMPONENT_ARCHIVE_HASH=	sha1:b743b3d7bdb06de68ea24eedfe13530e8fbcae09
 COMPONENT_ARCHIVE_URL=	http://www.sudo.ws/sudo/dist/$(COMPONENT_ARCHIVE)
 COMPONENT_PROJECT_URL=  http://www.sudo.ws/
 
@@ -43,34 +43,28 @@
 CONFIGURE_ENV +=	"CXX=$(CXX)"
 CONFIGURE_ENV +=	"MAKE=$(GMAKE)"
 
-CONFIGURE_OPTIONS +=	--with-noexec=/usr/lib/sudo_noexec.so
 CONFIGURE_OPTIONS +=	--with-CC=$(CC)
 CONFIGURE_OPTIONS +=	--with-ldap
 CONFIGURE_OPTIONS +=	--with-project
 CONFIGURE_OPTIONS +=	--with-timedir=/var/run/sudo
+CONFIGURE_OPTIONS +=	--with-pam --with-pam-login
+CONFIGURE_OPTIONS +=	--with-tty-tickets
+CONFIGURE_OPTIONS +=	--without-insults
+CONFIGURE_OPTIONS +=	--without-lecture
+CONFIGURE_OPTIONS +=	--with-ignore-dot
+CONFIGURE_OPTIONS +=	--with-bsm-audit
+CONFIGURE_OPTIONS +=	--libexecdir=/usr/lib/sudo
 
 COMPONENT_BUILD_ENV +=	CC=$(CC) CXX=$(CXX)
 COMPONENT_BUILD_ENV +=	"CFLAGS=$(CFLAGS)"
 
-# For the 64-bit build, only need the 64-bit shared libraries 
-COMPONENT_BUILD_TARGETS.64 = libsudo_noexec
-COMPONENT_BUILD_TARGETS += $(COMPONENT_BUILD_TARGETS.$(BITS))
-
-# This value is used in the configured Makefile for sudo,
-# via the patch to Makefile.in, to install into the $(MACH64) directory
-COMPONENT_INSTALL_ENV.64 +=	MACH64=$(MACH64)
-
-# 32-bit install uses the usual target
-COMPONENT_INSTALL_TARGETS.32 = install
-# For 64-bit install, only install the 64-bit shared library
-COMPONENT_INSTALL_TARGETS.64 = install-noexec
-COMPONENT_INSTALL_TARGETS = $(COMPONENT_INSTALL_TARGETS.$(BITS))
+COMPONENT_INSTALL_TARGETS = install
 
 # common targets
 
-build:		$(BUILD_32_and_64)
+build:		$(BUILD_32)
 
-install:	$(INSTALL_32_and_64)
+install:	$(INSTALL_32)
 
 test:		$(NO_TESTS)
 
--- a/components/sudo/patches/Makefile.in.patch	Mon Aug 01 12:07:26 2011 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,95 +0,0 @@
---- sudo-1.7.4p4/Makefile.in.orig	Fri Sep  3 14:43:57 2010
-+++ sudo-1.7.4p4/Makefile.in	Wed May 25 14:19:46 2011
[email protected]@ -86,6 +86,9 @@
- mandirsu = $(mandir)/$(mantype)$(mansectsu)
- mandirform = $(mandir)/$(mantype)$(mansectform)
- 
-+datadir = @[email protected]
-+ldifdir = $(datadir)/lib/ldif
-+
- # User and group ids the installed files should be "owned" by
- install_uid = 0
- install_gid = 0
[email protected]@ -205,8 +208,10 @@
- 	$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_noexec.c
- 
- libsudo_noexec.la: sudo_noexec.lo
--	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o [email protected] sudo_noexec.lo -avoid-version -rpath $(noexecdir)
-+	$(LIBTOOL) --mode=link $(CC) $(CFLAGS) $(LDFLAGS) -o [email protected] sudo_noexec.lo -avoid-version -rpath $(noexecdir)
- 
-+libsudo_noexec: libsudo_noexec.la
-+
- # Uncomment the following if you want "make distclean" to clean the parser
- @[email protected] = gram.h gram.c toke.c def_data.c def_data.h getdate
- 
[email protected]@ -475,45 +480,52 @@
- 	    hg log --style=changelog -b default --date '<2010-01-18 00:00:00' >> [email protected]; \
- 	fi
- 
--install: install-dirs install-binaries @[email protected] install-sudoers install-doc
-+install: install-dirs install-binaries @[email protected] install-sudoers install-doc install-ldif
- 
-+# only create $(MACH64) directory if $(MACH64) is set to a non-empty string
- install-dirs:
- 	$(SHELL) $(srcdir)/mkinstalldirs $(DESTDIR)$(sudodir) \
--	    $(DESTDIR)$(visudodir) $(DESTDIR)$(noexecdir) \
-+	    $(DESTDIR)$(visudodir) $(DESTDIR)$(noexecdir)/$(MACH64) \
- 	    $(DESTDIR)$(sudoersdir) $(DESTDIR)$(docdir) \
--	    $(DESTDIR)$(mandirsu) $(DESTDIR)$(mandirform)
--	$(SHELL) $(srcdir)/mkinstalldirs -m 0700 $(DESTDIR)$(timedir)
-+	    $(DESTDIR)$(mandirsu) $(DESTDIR)$(mandirform) \
-+	    $(DESTDIR)$(ldifdir)
- 
- install-binaries: install-dirs $(PROGS)
--	$(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 04111 sudo $(DESTDIR)$(sudodir)/sudo
-+	$(INSTALL) -O $(install_uid) -G $(install_gid) -m 04511 sudo $(DESTDIR)$(sudodir)/sudo
- 	rm -f $(DESTDIR)$(sudodir)/sudoedit
- 	ln $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit
--	if [ -f sudoreplay ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0111 sudoreplay $(DESTDIR)$(sudodir)/sudoreplay; fi
--	$(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0111 visudo $(DESTDIR)$(visudodir)/visudo
--	if [ -f sesh ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0111 sesh $(DESTDIR)$(libexecdir)/sesh; fi
-+	if [ -f sudoreplay ]; then $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0111 sudoreplay $(DESTDIR)$(sudodir)/sudoreplay; fi
-+	$(INSTALL) -O $(install_uid) -G $(install_gid) -m 0511 visudo $(DESTDIR)$(visudodir)/visudo
-+	if [ -f sesh ]; then $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0511 sesh $(DESTDIR)$(libexecdir)/sesh; fi
- 
-+	# XXX only installs into $(MACH64) directory if $(MACH64) is non-empty
- install-noexec: install-dirs libsudo_noexec.la
--	if [ -f .libs/lib$(noexecfile) ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0755 .libs/lib$(noexecfile) $(DESTDIR)$(noexecdir)/$(noexecfile); fi
-+	if [ -f .libs/lib$(noexecfile) ]; then $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0755 .libs/lib$(noexecfile) $(DESTDIR)$(noexecdir)/$(MACH64)/$(noexecfile); fi
- 
- install-sudoers: install-dirs
--	$(INSTALL) -d -O $(sudoers_uid) -G $(sudoers_gid) -M 0750 \
-+	$(INSTALL) -d -O $(sudoers_uid) -G $(sudoers_gid) -m 0750 \
- 	    $(DESTDIR)$(sudoersdir)/sudoers.d
- 	test -f $(DESTDIR)$(sudoersdir)/sudoers || \
--	    $(INSTALL) -O $(sudoers_uid) -G $(sudoers_gid) -M $(sudoers_mode) \
-+	    $(INSTALL) -O $(sudoers_uid) -G $(sudoers_gid) -m $(sudoers_mode) \
- 		sudoers $(DESTDIR)$(sudoersdir)/sudoers
- 
- install-doc: install-dirs ChangeLog
--	(cd $(srcdir) && for f in ChangeLog HISTORY LICENSE NEWS README TROUBLESHOOTING UPGRADE sample.*; do $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 $$f $(DESTDIR)$(docdir); done)
--	@[email protected](cd $(srcdir) && for f in README.LDAP schema.* sudoers2ldif; do $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 $$f $(DESTDIR)$(docdir); done)
--	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @[email protected]/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu)
-+	(cd $(srcdir) && for f in ChangeLog HISTORY LICENSE NEWS README TROUBLESHOOTING UPGRADE sample.*; do $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0444 $$f $(DESTDIR)$(docdir); done)
-+	@[email protected](cd $(srcdir) && for f in README.LDAP schema.* sudoers2ldif; do $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0444 $$f $(DESTDIR)$(docdir); done)
-+	$(INSTALL) -O $(install_uid) -G $(install_gid) -m 0444 @[email protected]/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu)
- 	@rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)
- 	ln $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)
--	@[email protected]$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @[email protected]/sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu)
--	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @[email protected]/visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu)
--	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @[email protected]/sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform)
--	@[email protected]$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @[email protected]/sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform)
-+	@[email protected]$(INSTALL) -O $(install_uid) -G $(install_gid) -m 0444 @[email protected]/sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu)
-+	$(INSTALL) -O $(install_uid) -G $(install_gid) -m 0444 @[email protected]/visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu)
-+	$(INSTALL) -O $(install_uid) -G $(install_gid) -m 0444 @[email protected]/sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform)
-+	@[email protected]$(INSTALL) -O $(install_uid) -G $(install_gid) -m 0444 @[email protected]/sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform)
- @[email protected]
- 
-+install-ldif:
-+	$(INSTALL) -O $(install_uid) -G $(install_gid) -m 0444 $(srcdir)/schema.OpenLDAP $(DESTDIR)$(ldifdir)/sudo-schema.OpenLDAP
-+	$(INSTALL) -O $(install_uid) -G $(install_gid) -m 0444 $(srcdir)/schema.iPlanet $(DESTDIR)$(ldifdir)/sudo-schema.iPlanet
-+	$(INSTALL) -O $(install_uid) -G $(install_gid) -m 0444 $(srcdir)/sudoers2ldif $(DESTDIR)$(ldifdir)/sudoers2ldif
-+
- check:
- 	@echo nothing to check
- 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/sudo/patches/audit-event.patch	Mon Aug 01 12:41:59 2011 -0700
@@ -0,0 +1,60 @@
+--- sudo-1.8.1p2/plugins/sudoers/bsm_audit.c	Wed Mar 16 10:40:56 2011
++++ sudo-1.8.1p2-fixes/plugins/sudoers/bsm_audit.c	Mon Aug  1 03:40:43 2011
[email protected]@ -31,6 +31,7 @@
+ #include <unistd.h>
+ 
+ #include "bsm_audit.h"
++#define	AUE_sudo 6650
+ 
+ /*
+  * Solaris auditon() returns EINVAL if BSM audit not configured.
[email protected]@ -100,7 +101,7 @@
+ 		log_error(0, "au_open: failed");
+ 	if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) {
+ 		tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(),
+-		    getuid(), pid, pid, &ainfo_addr.ai_termid);
++		    getuid(), pid, &ainfo_addr.ai_asid, &ainfo_addr.ai_termid);
+ 	} else if (errno == ENOSYS) {
+ 		/*
+ 		 * NB: We should probably watch out for ERANGE here.
[email protected]@ -108,7 +109,7 @@
+ 		if (getaudit(&ainfo) < 0)
+ 			log_error(0, "getaudit: failed");
+ 		tok = au_to_subject(auid, geteuid(), getegid(), getuid(),
+-		    getuid(), pid, pid, &ainfo.ai_termid);
++		    getuid(), pid, &ainfo.ai_asid, &ainfo.ai_termid);
+ 	} else
+ 		log_error(0, "getaudit: failed");
+ 	if (tok == NULL)
[email protected]@ -122,7 +123,7 @@
+ 	if (tok == NULL)
+ 		log_error(0, "au_to_return32: failed");
+ 	au_write(aufd, tok);
+-	if (au_close(aufd, 1, AUE_sudo) == -1)
++	if (au_close(aufd, 1, AUE_sudo, 0) == -1)
+ 		log_error(0, "unable to commit audit record");
+ }
+ 
[email protected]@ -157,12 +158,12 @@
+ 		log_error(0, "au_open: failed");
+ 	if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) { 
+ 		tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(),
+-		    getuid(), pid, pid, &ainfo_addr.ai_termid);
++		    getuid(), pid, &ainfo_addr.ai_asid, &ainfo_addr.ai_termid);
+ 	} else if (errno == ENOSYS) {
+ 		if (getaudit(&ainfo) < 0) 
+ 			log_error(0, "getaudit: failed");
+ 		tok = au_to_subject(auid, geteuid(), getegid(), getuid(),
+-		    getuid(), pid, pid, &ainfo.ai_termid);
++		    getuid(), pid, &ainfo.ai_asid, &ainfo.ai_termid);
+ 	} else
+ 		log_error(0, "getaudit: failed");
+ 	if (tok == NULL)
[email protected]@ -181,6 +182,6 @@
+ 	if (tok == NULL)
+ 		log_error(0, "au_to_return32: failed");
+ 	au_write(aufd, tok);
+-	if (au_close(aufd, 1, AUE_sudo) == -1)
++	if (au_close(aufd, 1, AUE_sudo, PAD_FAILURE) == -1)
+ 		log_error(0, "unable to commit audit record");
+ }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/sudo/patches/compat-build.patch	Mon Aug 01 12:41:59 2011 -0700
@@ -0,0 +1,11 @@
+--- sudo-1.8.1p2/compat/Makefile.in	Mon Jun 20 05:26:16 2011
++++ sudo-1.8.1p2.fixes/compat/Makefile.in	Wed Apr  6 12:14:00 2011
[email protected]@ -30,7 +30,7 @@
+ LIBTOOL = @[email protected]
+ 
+ # C preprocessor flags
+-CPPFLAGS = -I$(top_builddir) -I$(incdir) @[email protected]
++CPPFLAGS = -I$(top_builddir) -I$(incdir) -I$(top_srcdir) @[email protected]
+ 
+ # Usually -O and/or -g
+ CFLAGS = @[email protected]
--- a/components/sudo/patches/solaris.patch	Mon Aug 01 12:07:26 2011 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,56 +0,0 @@
-diff -c -r sudo-1.7.4p4/configure sudo-1.7.4p4.sun/configure
-*** sudo-1.7.4p4/configure	Mon Sep  6 14:03:39 2010
---- sudo-1.7.4p4.sun/configure	Fri Sep 17 14:22:18 2010
-***************
-*** 18438,18444 ****
-  	fi
-      fi
-      if test X"$with_noexec" != X"no"; then
-! 	PROGS="${PROGS} libsudo_noexec.la"
-  	INSTALL_NOEXEC="install-noexec"
-  
-  	eval noexec_file="$with_noexec"
---- 18438,18444 ----
-  	fi
-      fi
-      if test X"$with_noexec" != X"no"; then
-! 	PROGS="${PROGS} libsudo_noexec"
-  	INSTALL_NOEXEC="install-noexec"
-  
-  	eval noexec_file="$with_noexec"
-Common subdirectories: sudo-1.7.4p4/emul and sudo-1.7.4p4.sun/emul
-diff -c -r sudo-1.7.4p4/env.c sudo-1.7.4p4.sun/env.c
-*** sudo-1.7.4p4/env.c	Wed Aug 18 21:27:03 2010
---- sudo-1.7.4p4.sun/env.c	Fri Sep 17 14:32:17 2010
-***************
-*** 792,798 ****
---- 792,819 ----
-  #  ifdef _AIX
-  	sudo_setenv("LDR_PRELOAD", def_noexec_file, TRUE);
-  #  else
-+ #    ifdef __sun
-+ 	{
-+ 	    char *p = NULL;
-+ 	    char path[MAXPATHLEN], path64[MAXPATHLEN];
-+ 
-+ 	    if (strlcpy(path, def_noexec_file, sizeof (path)) < sizeof (path))
-+ 	        p = strrchr(path, '/');
-+ 	    if (p != NULL) {
-+ 	        /* full pathname specified; set both 32/64 LD_PRELOAD vars */
-+ 		*p = '\0';
-+ 		if (snprintf(path64, sizeof (path64), "%s/64/%s",
-+ 			path, p+1) < sizeof (path64))
-+ 		    sudo_setenv("LD_PRELOAD_64", path64, TRUE);
-+ 		sudo_setenv("LD_PRELOAD_32", def_noexec_file, TRUE);
-+ 	    } else {
-+ 	        /* relative pathname specified, ld.so.1 will search */
-+ 		sudo_setenv("LD_PRELOAD", def_noexec_file,  TRUE);
-+ 	    }
-+ 	}
-+ #    else
-  	sudo_setenv("LD_PRELOAD", def_noexec_file, TRUE);
-+ #    endif /* __sun */
-  #  endif /* _AIX */
-  # endif /* __osf__ || __sgi */
-  #endif /* __darwin__ || __APPLE__ */
-Common subdirectories: sudo-1.7.4p4/m4 and sudo-1.7.4p4.sun/m4
--- a/components/sudo/patches/sudo_man_in.patch	Mon Aug 01 12:07:26 2011 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,19 +0,0 @@
---- sudo-1.7.4p4.orig/sudo.man.in	Wed Jun  1 16:45:17 2011
-+++ sudo-1.7.4p4/sudo.man.in	Wed Jun  1 16:49:12 2011
[email protected]@ -1,3 +1,7 @@
-+'\" t
-+.\" Modified for Solaris to to add 
-+.\" a note about auditing and source availability
-+.\" 
- .\" Copyright (c) 1994-1996, 1998-2005, 2007-2010
- .\" 	Todd C. Miller <[email protected]>
- .\" 
[email protected]@ -800,3 +804,8 @@
- and fitness for a particular purpose are disclaimed.  See the \s-1LICENSE\s0
- file distributed with \fBsudo\fR or http://www.sudo.ws/sudo/license.html
- for complete details.
-+.\" Begin Solaris update
-+.SH NOTES
-+\fBsudo\fR does not create \fBaudit\fR(2) records; for a Role Based administration
-+solution that performs auditing of all actions, please refer to \fBrbac\fR(5).
-+.\" End Solaris update
--- a/components/sudo/patches/sudoers_man_in.patch	Mon Aug 01 12:07:26 2011 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,19 +0,0 @@
---- sudo-1.7.4p4.orig/sudoers.man.in	Fri Jul 30 08:58:55 2010
-+++ sudo-1.7.4p4/sudoers.man.in	Wed Jun  1 16:49:52 2011
[email protected]@ -1,3 +1,7 @@
-+'\" t
-+.\" Modified for Solaris to to add 
-+.\" a note about auditing and source availability
-+.\" 
- .\" Copyright (c) 1994-1996, 1998-2005, 2007-2010
- .\" 	Todd C. Miller <[email protected]>
- .\" 
[email protected]@ -1756,3 +1760,8 @@
- and fitness for a particular purpose are disclaimed.  See the \s-1LICENSE\s0
- file distributed with \fBsudo\fR or http://www.sudo.ws/sudo/license.html
- for complete details.
-+.\" Begin Solaris update
-+.SH NOTES
-+\fBsudo\fR does not create \fBaudit\fR(2) records; for a Role Based administration
-+solution that performs auditing of all actions, please refer to \fBrbac\fR(5).
-+.\" End Solaris update
--- a/components/sudo/patches/visudo_man_in.patch	Mon Aug 01 12:07:26 2011 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,19 +0,0 @@
---- sudo-1.7.4p4.orig/visudo.man.in	Fri Jul 30 08:58:55 2010
-+++ sudo-1.7.4p4/visudo.man.in	Wed Jun  1 16:49:43 2011
[email protected]@ -1,3 +1,7 @@
-+'\" t
-+.\" Modified for Solaris to to add 
-+.\" a note about auditing and source availability
-+.\" 
- .\" Copyright (c) 1996,1998-2005, 2007-2010
- .\" 	Todd C. Miller <[email protected]>
- .\" 
[email protected]@ -299,3 +303,8 @@
- and fitness for a particular purpose are disclaimed.  See the \s-1LICENSE\s0
- file distributed with \fBsudo\fR or http://www.sudo.ws/sudo/license.html
- for complete details.
-+.\" Begin Solaris update
-+.SH NOTES
-+\fBsudo\fR does not create \fBaudit\fR(2) records; for a Role Based administration
-+solution that performs auditing of all actions, please refer to \fBrbac\fR(5).
-+.\" End Solaris update
--- a/components/sudo/sudo.license	Mon Aug 01 12:07:26 2011 -0700
+++ b/components/sudo/sudo.license	Mon Aug 01 12:41:59 2011 -0700
@@ -1,6 +1,6 @@
 Sudo is distributed under the following ISC-style license:
 
-   Copyright (c) 1994-1996, 1998-2010
+   Copyright (c) 1994-1996, 1998-2011
         Todd C. Miller <[email protected]>
 
    Permission to use, copy, modify, and distribute this software for any
@@ -19,7 +19,7 @@
    Agency (DARPA) and Air Force Research Laboratory, Air Force
    Materiel Command, USAF, under agreement number F39502-99-1-0512.
 
-Additionally, fnmatch.c, fnmatch.h, getcwd.c, glob.c, glob.h and snprintf.c
+The files fnmatch.c, fnmatch.h, getcwd.c, glob.c, glob.h and snprintf.c
 bear the following UCB license:
 
    Copyright (c) 1987, 1989, 1990, 1991, 1992, 1993, 1994
@@ -49,30 +49,25 @@
    OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
    SUCH DAMAGE.
 
-nonunix.h and vasgroups.c bear the following license:
+The embedded copy of zlib bears the following license:
+
+  Copyright (C) 1995-2010 Jean-loup Gailly and Mark Adler
 
-   Copyright (c) 2006 Quest Software, Inc.  All rights reserved.
-
-   Redistribution and use in source and binary forms, with or without
-   modification, are permitted provided that the following conditions are met:
+  This software is provided 'as-is', without any express or implied
+  warranty.  In no event will the authors be held liable for any damages
+  arising from the use of this software.
 
-   1. Redistributions of source code must retain the above copyright notice,
-      this list of conditions and the following disclaimer.
-   2. Redistributions in binary form must reproduce the above copyright
-      notice, this list of conditions and the following disclaimer in the
-      documentation and/or other materials provided with the distribution.
-   3. Neither the name of Quest Software, Inc. nor the names of its
-      contributors may be used to endorse or promote products derived from
-      this software without specific prior written permission.
+  Permission is granted to anyone to use this software for any purpose,
+  including commercial applications, and to alter it and redistribute it
+  freely, subject to the following restrictions:
 
-   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-   AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-   IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-   ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
-   LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-   CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-   SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-   INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-   CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-   ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-   POSSIBILITY OF SUCH DAMAGE.
+  1. The origin of this software must not be misrepresented; you must not
+     claim that you wrote the original software. If you use this software
+     in a product, an acknowledgment in the product documentation would be
+     appreciated but is not required.
+  2. Altered source versions must be plainly marked as such, and must not be
+     misrepresented as being the original software.
+  3. This notice may not be removed or altered from any source distribution.
+
+  Jean-loup Gailly        Mark Adler
+  [email protected]          [email protected]
--- a/components/sudo/sudo.p5m	Mon Aug 01 12:07:26 2011 -0700
+++ b/components/sudo/sudo.p5m	Mon Aug 01 12:41:59 2011 -0700
@@ -27,8 +27,8 @@
 set name=pkg.summary value="sudo - tool to allow certain tasks to be run as root by ordinary users"
 set name=info.classification \
 	value="org.opensolaris.category.2008:Applications/System Utilities"
-set name=info.upstream_url value=$(COMPONENT_PROJECT_URL)
-set name=info.source_url value=$(COMPONENT_ARCHIVE_URL)
+set name=info.upstream-url value=$(COMPONENT_PROJECT_URL)
+set name=info.source-url value=$(COMPONENT_ARCHIVE_URL)
 set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
 set name=opensolaris.arc_url \
     value=http://arc.opensolaris.org/caselog/PSARC/2009/205
@@ -37,10 +37,13 @@
 dir path=etc/sudoers.d mode=0750 group=root
 dir path=usr
 dir path=usr/bin
+dir path=usr/include
 dir path=usr/lib
-dir path=usr/lib/$(MACH64)
+dir path=usr/lib/sudo
 dir path=usr/sbin
 dir path=usr/share
+dir path=usr/share/doc
+dir path=usr/share/doc/sudo
 dir path=usr/share/lib
 dir path=usr/share/lib/ldif group=sys
 dir path=usr/share/man
@@ -50,13 +53,31 @@
 file path=etc/sudoers original_name=SUNWsudo:etc/sudoers preserve=true \
 	mode=0440 group=root
 file path=usr/bin/sudo mode=4511
-file path=usr/lib/sudo_noexec.so
-file path=usr/lib/$(MACH64)/sudo_noexec.so
+file path=usr/bin/sudoreplay mode=0511
 file path=usr/sbin/visudo mode=0511
-file path=usr/share/lib/ldif/sudo-schema.OpenLDAP
-file path=usr/share/lib/ldif/sudo-schema.iPlanet
-file path=usr/share/lib/ldif/sudoers2ldif
+file path=usr/lib/sudo/sudoers.so
+
+file path=usr/include/sudo_plugin.h
+
+file path=usr/share/doc/sudo/ChangeLog
+file path=usr/share/doc/sudo/HISTORY
+file path=usr/share/doc/sudo/LICENSE
+file path=usr/share/doc/sudo/NEWS
+file path=usr/share/doc/sudo/README
+file path=usr/share/doc/sudo/README.LDAP
+file path=usr/share/doc/sudo/TROUBLESHOOTING
+file path=usr/share/doc/sudo/UPGRADE
+file path=usr/share/doc/sudo/sample.sudo.conf
+file path=usr/share/doc/sudo/sample.sudoers
+file path=usr/share/doc/sudo/sample.syslog.conf
+file path=usr/share/doc/sudo/schema.ActiveDirectory
+file path=usr/share/doc/sudo/schema.OpenLDAP
+file path=usr/share/doc/sudo/schema.iPlanet
+file path=usr/share/doc/sudo/sudoers2ldif
+
 file path=usr/share/man/man1m/sudo.1m
+file path=usr/share/man/man1m/sudoreplay.1m
+file path=usr/share/man/man1m/sudo_plugin.1m
 file path=usr/share/man/man1m/visudo.1m
 file path=usr/share/man/man4/sudoers.4
 
@@ -66,13 +87,5 @@
 license sudo.license license="ISC-like, BSD"
 
 legacy pkg=SUNWsudo \
-    desc="sudo - Tool to allow certain tasks to be run as root by ordinary users. 1.7.4p4" \
+    desc="sudo - Tool to allow certain tasks to be run as root by ordinary users." \
     name="sudo - Tool to allow certain tasks to be run as root by ordinary users."
-
-# pkgdepend should have picked up the dependency on perl;
-# this explicit depend action can be removed if pkgdepend is fixed later
-depend fmri=__TBD \
-    pkg.debug.depend.file=usr/perl5/$(PERL_VERSION)/bin/perl \
-    pkg.debug.reason=usr/share/lib/ldif/sudoers2ldif \
-    type=require
-