--- a/components/sudo/Makefile	Wed Feb 24 22:20:45 2016 -0800
+++ b/components/sudo/Makefile	Mon Feb 15 08:11:32 2016 -0800
@@ -19,29 +19,38 @@
 # CDDL HEADER END
 
 #
-# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved.
 #
 
 include ../../make-rules/shared-macros.mk
 
 COMPONENT_NAME=		sudo
-SRC_VERSION=	1.8.9
-SRC_PATCH_VERSION=	5
+SRC_VERSION=	1.8.15
+SRC_PATCH_VERSION=
+ifdef SRC_PATCH_VERSION
 COMPONENT_VERSION=	$(SRC_VERSION).$(SRC_PATCH_VERSION)
 COMPONENT_SRC=		$(COMPONENT_NAME)-$(SRC_VERSION)p$(SRC_PATCH_VERSION)
+else
+COMPONENT_VERSION=	$(SRC_VERSION)
+COMPONENT_SRC=		$(COMPONENT_NAME)-$(SRC_VERSION)
+endif
 COMPONENT_ARCHIVE=	$(COMPONENT_SRC).tar.gz
 COMPONENT_ARCHIVE_HASH=	\
-    sha256:bc9d5c96de5f8b4d2b014f87a37870aef60d2891c869202454069150a21a5c21
+    sha256:4316381708324da8b6cb151f655c1a11855207c7c02244d8ffdea5104d7cc308
 COMPONENT_ARCHIVE_URL=	http://www.sudo.ws/sudo/dist/$(COMPONENT_ARCHIVE)
 COMPONENT_PROJECT_URL=  http://www.sudo.ws/
 COMPONENT_BUGDB=	utility/sudo
 
-TPNO=			16733
+TPNO=			26593
 
 include $(WS_MAKE_RULES)/prep.mk
 include $(WS_MAKE_RULES)/configure.mk
 include $(WS_MAKE_RULES)/ips.mk
 
+# Allows zero-sized struct/union declarations and void functions with return
+# statements returning a value to work.
+CFLAGS += -features=extensions
+
 COMPONENT_PREP_ACTION = ( cd $(@D) ; $(AUTORECONF) -f -I m4 )
 
 CONFIGURE_ENV +=	"CFLAGS=$(CFLAGS)"
@@ -51,7 +60,7 @@
 
 CONFIGURE_OPTIONS +=	--with-ldap
 CONFIGURE_OPTIONS +=	--with-project
-CONFIGURE_OPTIONS +=	--with-timedir=/system/volatile/sudo
+CONFIGURE_OPTIONS +=	--with-rundir=/system/volatile/sudo
 CONFIGURE_OPTIONS +=	--with-pam
 CONFIGURE_OPTIONS +=	--with-pam-login
 CONFIGURE_OPTIONS +=	--disable-pam-session
@@ -60,7 +69,7 @@
 CONFIGURE_OPTIONS +=	--without-lecture
 CONFIGURE_OPTIONS +=	--with-ignore-dot
 CONFIGURE_OPTIONS +=	--with-solaris-audit
-CONFIGURE_OPTIONS +=	--libexecdir=/usr/lib/sudo
+CONFIGURE_OPTIONS +=	--libexecdir=/usr/lib/$(MACH64)/sudo
 CONFIGURE_OPTIONS +=	"sudo_cv_var_nroff_opt_Tascii=no"
 
 COMPONENT_BUILD_ENV +=	CC=$(CC) CXX=$(CXX)
@@ -70,6 +79,9 @@
 COMPONENT_INSTALL_ARGS += bindir=$(USRBINDIR)
 COMPONENT_INSTALL_ARGS += sbindir=$(USRSBINDIR)
 
+# Avoid calling "chown 0" on installed files
+COMPONENT_INSTALL_ARGS += INSTALL_OWNER=
+
 # Make sure that sudo is NOT built with its internal sha2 implementation
 # http://www.sudo.ws/bugs/show_bug.cgi?id=641
 COMPONENT_TEST_ENV_CMD =
@@ -82,7 +94,7 @@
 
 # Tests may output some compilation lines, so just pull out the relevant test
 # output lines for the test results comparison
-COMPONENT_TEST_TRANSFORMS += '-e "/^sudo_conf\|^sudo_parseln\|^check_addr\|^check_base64\|^check_fill\|^iolog_path\|^check_symbols\|^sudoers\|^testsudoers\|^visudo\|^check_ttyname/!d"'
+COMPONENT_TEST_TRANSFORMS += '-e "/^parse_gids_test\|^strsplit_test\|^atofoo_test\|^hltq_test\|^sudo_conf\|^sudo_parseln\|^check_addr\|^check_base64\|^check_fill\|^iolog_path\|^check_symbols\|^sudoers\|^testsudoers\|^visudo\|^check_ttyname/!d"'
 COMPONENT_TEST_TRANSFORMS += '-e "s/\(\/dev\/pts\/\)[0-9][0-9]*/\1\#/"'
 
 # Enable aslr for this component

--- a/components/sudo/TESTING	Wed Feb 24 22:20:45 2016 -0800
+++ b/components/sudo/TESTING	Mon Feb 15 08:11:32 2016 -0800
@@ -12,6 +12,9 @@
 
 # Test digest feature
 
+# Make sure that the following line is commented out in /etc/sudoers:
+# ALL    ALL=(ALL) NOPASSWD: ALL
+
 openssl dgst -sha224 /usr/bin/ls # make note of the hash
 
 # Add this line to sudoers (replace UID by your user ID and HASH by the ls
@@ -118,3 +121,31 @@
 > 11282    syscall                                                 brk entry
 > 11550    syscall                                            brandsys entry
 > 11642    syscall                                                bind entry
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+# Test noexec
+
+# Verify the following works
+
+$ sudo /usr/perl5/5.12/bin/perl -e 'print "before\n"; system("id -a"); print "after\n"'
+before
+uid=0(root) gid=0(root) groups=0(root),1(other),2(bin),3(sys),4(adm),6(mail),7(tty),8(lp),12(daemon)
+after
+
+# Add the following to sudoers
+
+ALL     ALL = NOPASSWD: NOEXEC: /usr/perl5/5.12/bin/perl
+
+# Now Perl should be prevent to run further commands, so the output is
+
+$ sudo /usr/perl5/5.12/bin/perl -e 'print "before\n"; system("id -a"); print "after\n"'
+before
+after
+
+# Perl itself works as expected
+
+$ /usr/perl5/5.12/bin/perl -e 'print "before\n"; system("id -a"); print "after\n"'
+before
+uid=101(rimmer) gid=10(staff) groups=10(staff)
+after

--- a/components/sudo/patches/01-sudo_debug.patch	Wed Feb 24 22:20:45 2016 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,13 +0,0 @@
-Solaris needs missing definition for __printflike
-Solaris-specific; not suitable for upstream.
-
---- sudo-1.8.4p5.orig/include/sudo_debug.h	2012-03-29 10:37:01.000000000 -0700
-+++ sudo-1.8.4p5/include/sudo_debug.h	2012-05-18 11:18:27.886010000 -0700
[email protected]@ -17,6 +17,7 @@
- #ifndef _SUDO_DEBUG_H
- #define _SUDO_DEBUG_H
- 
-+#include "missing.h"
- #include <stdarg.h>
- 
- /*

--- a/components/sudo/patches/02-pam_setcred.patch	Wed Feb 24 22:20:45 2016 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,35 +0,0 @@
-Fix for
-17617070 sudo does not use pam_setcred correctly to set the audit context
-
-This fix is submitted as http://www.sudo.ws/bugs/show_bug.cgi?id=642
-
-Sudo 1.8.9p5 has another problem, pam_setcred configuration option is not
-enabled by default despite what is said in sudoers(4). Fix for that is
-accumulated in this patch as it will be submitted together with the
-PAM_REINITIALIZE_CRED fix.
-
---- sudo-1.8.9p5/plugins/sudoers/auth/pam.c	2014-02-07 10:25:08.979359126 +0100
-+++ sudo-1.8.9p5/plugins/sudoers/auth/pam.c	2014-02-07 10:24:43.823180676 +0100
[email protected]@ -236,9 +236,11 @@
-      * PAM_SUCCESS from another.  For example, given a non-local user,
-      * pam_unix will fail but pam_ldap or pam_sss may succeed, but if
-      * pam_unix is first in the stack, pam_setcred() will fail.
-+     *
-+     * Reinitialize credentials when changing a user.
-      */
-     if (def_pam_setcred)
--	(void) pam_setcred(pamh, PAM_ESTABLISH_CRED);
-+	(void) pam_setcred(pamh, PAM_REINITIALIZE_CRED);
- 
-     if (def_pam_session) {
- 	*pam_status = pam_open_session(pamh, 0);
---- sudo-1.8.9p5/plugins/sudoers/defaults.c	2014-03-28 15:33:41.941482037 -0700
-+++ sudo-1.8.9p5/plugins/sudoers/defaults.c	2014-03-28 15:22:36.457133334 -0700
[email protected]@ -485,6 +485,7 @@ init_defaults(void)
- #endif
-     def_editor = estrdup(EDITOR);
-     def_set_utmp = true;
-+    def_pam_setcred = true;
- 
-     /* Finally do the lists (currently just environment tables). */
-     init_envtables();

--- a/components/sudo/patches/03-solaris_audit.patch	Wed Feb 24 22:20:45 2016 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,266 +0,0 @@
-Add Solaris auditing to sudo.
-Code was developed in-house.
-Plan is to contribute these changes upstream to
-the latest sudo release, currently 1.8.10p2.
-
---- sudo-1.8.9p5/config.h.in	2014-03-26 22:54:30.317626194 +0100
-+++ sudo-1.8.9p5/config.h.in	2014-03-26 22:54:07.840975014 +0100
[email protected]@ -542,6 +542,9 @@
- /* Define to 1 if you have the `snprintf' function. */
- #undef HAVE_SNPRINTF
- 
-+/* Define to 1 to enable Solaris audit support. */
-+#undef HAVE_SOLARIS_AUDIT
-+
- /* Define to 1 if you have the <spawn.h> header file. */
- #undef HAVE_SPAWN_H
- 
---- sudo-1.8.9p5/configure.ac	2014-04-02 15:08:32.733744734 -0700
-+++ sudo-1.8.9p5/configure.ac	2014-04-02 15:01:57.931070340 -0700
[email protected]@ -15,6 +15,7 @@ dnl
- dnl Variables that get substituted in the Makefile and man pages
- dnl
- AC_SUBST([HAVE_BSM_AUDIT])
-+AC_SUBST([HAVE_SOLARIS_AUDIT])
- AC_SUBST([SHELL])
- AC_SUBST([LIBTOOL])
- AC_SUBST([CFLAGS])
[email protected]@ -322,6 +323,28 @@ AC_ARG_WITH(linux-audit, [AS_HELP_STRING
- esac])
- 
- dnl
-+dnl Handle Solaris auditing support.
-+dnl
-+AC_ARG_WITH(solaris-audit, [AS_HELP_STRING([--with-solaris-audit], [enable Solaris audit support])],
-+[case $with_solaris_audit in
-+    yes)	AC_DEFINE(HAVE_SOLARIS_AUDIT)
-+		SUDOERS_LIBS="${SUDOERS_LIBS} -lbsm"
-+		SUDOERS_OBJS="${SUDOERS_OBJS} solaris_audit.lo"
-+		;;
-+    no)		;;
-+    *)		AC_MSG_ERROR(["--with-solaris-audit does not take an argument."])
-+		;;
-+esac])
-+
-+dnl
-+dnl Check for use of Solaris audit with BSM or Linux audit
-+dnl
-+if test -n "$with_solaris_audit" && (test -n "$with_bsm_audit" || test -n "$with_linux_audit"); then
-+	AC_MSG_ERROR([BSM/Linux and Solaris auditing options are mutually exclusive.])
-+fi
-+
-+
-+dnl
- dnl Handle SSSD support.
- dnl
- AC_ARG_WITH(sssd, [AS_HELP_STRING([--with-sssd], [enable SSSD support])],
[email protected]@ -3820,6 +3843,7 @@ AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1
- AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
- AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
- AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments.])
-+AH_TEMPLATE(HAVE_SOLARIS_AUDIT, [Define to 1 to enable Solaris audit support.])
- AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union.])
- AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member.])
- AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member.])
---- sudo-1.8.9p5/INSTALL	2014-03-26 22:55:50.218196304 +0100
-+++ sudo-1.8.9p5/INSTALL	2014-03-26 22:55:37.278167183 +0100
[email protected]@ -386,6 +386,9 @@
-         the user name (separated by a slash) when creating the
-         principal name.
- 
-+  --with-solaris-audit
-+	Enable audit support for Solaris systems.
-+
-   --with-opie[=DIR]
- 	Enable NRL OPIE OTP (One Time Password) support.  If specified,
- 	DIR should contain include and lib directories with opie.h
---- sudo-1.8.9p5/MANIFEST	2014-03-26 22:57:04.778504180 +0100
-+++ sudo-1.8.9p5/MANIFEST	2014-03-26 22:56:53.268979852 +0100
[email protected]@ -369,6 +369,8 @@
- plugins/sudoers/set_perms.c
- plugins/sudoers/sha2.c
- plugins/sudoers/sha2.h
-+plugins/sudoers/solaris_audit.c
-+plugins/sudoers/solaris_audit.h
- plugins/sudoers/sssd.c
- plugins/sudoers/sudo_nss.c
- plugins/sudoers/sudo_nss.h
---- sudo-1.8.9p5/mkdep.pl	2014-03-26 22:58:36.454013953 +0100
-+++ sudo-1.8.9p5/mkdep.pl	2014-03-26 22:58:24.406067303 +0100
[email protected]@ -67,7 +67,7 @@
-     $makefile =~ s:\@DEV\@::g;
-     $makefile =~ s:\@COMMON_OBJS\@:aix.lo event_poll.lo event_select.lo:;
-     $makefile =~ s:\@SUDO_OBJS\@:openbsd.o preload.o selinux.o sesh.o solaris.o sudo_noexec.lo:;
--    $makefile =~ s:\@SUDOERS_OBJS\@:bsm_audit.lo linux_audit.lo ldap.lo sssd.lo:;
-+    $makefile =~ s:\@SUDOERS_OBJS\@:bsm_audit.lo linux_audit.lo ldap.lo solaris_audit.lo sssd.lo:;
-     # XXX - fill in AUTH_OBJS from contents of the auth dir instead
-     $makefile =~ s:\@AUTH_OBJS\@:afs.lo aix_auth.lo bsdauth.lo dce.lo fwtk.lo getspwuid.lo kerb5.lo pam.lo passwd.lo rfc1938.lo secureware.lo securid5.lo sia.lo:;
-     $makefile =~ s:\@LTLIBOBJS\@:closefrom.lo fnmatch.lo getaddrinfo.lo getcwd.lo getgrouplist.lo getline.lo getopt_long.lo glob.lo isblank.lo memrchr.lo memset_s.lo mksiglist.lo mksigname.lo mktemp.lo pw_dup.lo sig2str.lo siglist.lo signame.lo snprintf.lo strlcat.lo strlcpy.lo strsignal.lo strtonum.lo utimes.lo globtest.o fnm_test.o:;
---- sudo-1.8.9p5/plugins/sudoers/audit.c	2014-03-26 22:59:28.211242562 +0100
-+++ sudo-1.8.9p5/plugins/sudoers/audit.c	2014-03-26 22:59:08.314263649 +0100
[email protected]@ -43,6 +43,9 @@
- #ifdef HAVE_LINUX_AUDIT
- # include "linux_audit.h"
- #endif
-+#ifdef HAVE_SOLARIS_AUDIT
-+# include "solaris_audit.h"
-+#endif
- 
- #define DEFAULT_TEXT_DOMAIN	"sudoers"
- #include "gettext.h"
[email protected]@ -59,6 +62,9 @@
- #ifdef HAVE_LINUX_AUDIT
- 	linux_audit_command(exec_args, 1);
- #endif
-+#ifdef HAVE_SOLARIS_AUDIT
-+	solaris_audit_success(exec_args);
-+#endif
-     }
- 
-     debug_return;
[email protected]@ -82,6 +88,9 @@
- #ifdef HAVE_LINUX_AUDIT
- 	linux_audit_command(exec_args, 0);
- #endif
-+#ifdef HAVE_SOLARIS_AUDIT
-+	solaris_audit_failure(exec_args, fmt, ap);
-+#endif
- 	va_end(ap);
-     }
- 
---- sudo-1.8.9p5/plugins/sudoers/Makefile.in	2014-03-26 23:02:57.999081022 +0100
-+++ sudo-1.8.9p5/plugins/sudoers/Makefile.in	2014-03-26 23:02:48.982043568 +0100
[email protected]@ -457,7 +457,7 @@
- 	$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/alias.c
- audit.lo: $(srcdir)/audit.c $(incdir)/gettext.h $(incdir)/missing.h \
-           $(incdir)/sudo_debug.h $(srcdir)/bsm_audit.h $(srcdir)/linux_audit.h \
--          $(srcdir)/logging.h $(top_builddir)/config.h \
-+          $(srcdir)/solaris_audit.h $(srcdir)/logging.h $(top_builddir)/config.h \
-           $(top_srcdir)/compat/stdbool.h
- 	$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/audit.c
- base64.lo: $(srcdir)/base64.c $(incdir)/missing.h $(incdir)/sudo_debug.h \
[email protected]@ -659,6 +659,9 @@
-                 $(incdir)/gettext.h $(incdir)/missing.h $(incdir)/sudo_debug.h \
-                 $(srcdir)/linux_audit.h $(top_builddir)/config.h
- 	$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/linux_audit.c
-+solaris_audit.lo: $(srcdir)/solaris_audit.c $(top_builddir)/config.h \
-+              $(srcdir)/sudoers.h $(incdir)/sudo_debug.h $(srcdir)/solaris_audit.h
-+	$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/solaris_audit.c
- locale.lo: $(srcdir)/locale.c $(incdir)/alloc.h $(incdir)/fatal.h \
-            $(incdir)/gettext.h $(incdir)/missing.h $(srcdir)/logging.h \
-            $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h
-diff -rupN sudo-1.8.6p7-orig/plugins/sudoers/solaris_audit.c sudo-1.8.6p7/plugins/sudoers/solaris_audit.c
---- sudo-1.8.6p7-orig/plugins/sudoers/solaris_audit.c	1969-12-31 16:00:00.000000000 -0800
-+++ sudo-1.8.6p7/plugins/sudoers/solaris_audit.c	2014-03-18 12:09:27.850924000 -0700
[email protected]@ -0,0 +1,95 @@
-+/*
-+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
-+ */
-+
-+#include <config.h>
-+#include <stdarg.h>
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+
-+#include <bsm/adt.h>
-+#include <bsm/adt_event.h>
-+
-+#include "sudoers.h"
-+#include "sudo_debug.h"
-+#include "solaris_audit.h"
-+
-+adt_session_data_t	*ah;		/* audit session handle */
-+adt_event_data_t	*event;		/* event to be generated */
-+char			cwd[MAXPATHLEN];
-+char			cmdpath[PATH_MAX];
-+
-+static void
-+adt_sudo_common(char *exec_args[])
-+{
-+	int	argc;
-+
-+	if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0) {
-+		log_warning(USE_ERRNO | NO_STDERR, _("sudo: adt_start_session"));
-+	}
-+	if ((event = adt_alloc_event(ah, ADT_sudo)) == NULL) {
-+		log_warning(USE_ERRNO | NO_STDERR, _("sudo: alloc_event"));
-+	}
-+	if ((event->adt_sudo.cwdpath = getcwd(cwd, sizeof (cwd))) == NULL) {
-+		log_warning(USE_ERRNO | NO_STDERR, _("sudo: can't add cwd path"));
-+	}
-+	for (argc = 0; exec_args[argc] != NULL; argc++) {
-+		continue;
-+	}
-+
-+	/* get the real executable name */
-+	if (user_cmnd != NULL) {
-+		if (strlcpy(cmdpath, (const char *)user_cmnd,
-+		    sizeof (cmdpath)) >= sizeof (cmdpath)) {
-+			log_warning(NO_STDERR,
-+			    _("sudo: truncated audit path " "user_cmnd: %s"),
-+			    user_cmnd);
-+		}
-+	} else {
-+		if (strlcpy(cmdpath, (const char *)exec_args[0],
-+		    sizeof (cmdpath)) >= sizeof (cmdpath)) {
-+			log_warning(NO_STDERR,
-+			    _("sudo: truncated audit path " "argv[0]: %s"),
-+			    exec_args[0]);
-+		}
-+	}
-+
-+	event->adt_sudo.cmdpath = cmdpath;
-+
-+	event->adt_sudo.argc = argc - 1;
-+	event->adt_sudo.argv = &exec_args[1];
-+	event->adt_sudo.envp = env_get();
-+}
-+
-+
-+void
-+solaris_audit_success(char *exec_args[])
-+{
-+	adt_sudo_common(exec_args);
-+
-+	if (adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS) != 0) {
-+		log_warning(USE_ERRNO | NO_STDERR,
-+		    _("sudo: adt_put_event(success)"));
-+	}
-+	adt_free_event(event);
-+	(void) adt_end_session(ah);
-+}
-+
-+void
-+solaris_audit_failure(char *exec_args[], char const *const fmt, va_list ap)
-+{
-+	adt_sudo_common(exec_args);
-+
-+	if (vasprintf(&event->adt_sudo.errmsg, fmt, ap) == -1) {
-+		log_warning(USE_ERRNO | NO_STDERR,
-+		    _("sudo: audit_failure message too long"));
-+	}
-+	if (adt_put_event(event, ADT_FAILURE, ADT_FAIL_VALUE_PROGRAM) != 0) {
-+		log_warning(USE_ERRNO | NO_STDERR,
-+		    _("sudo: adt_put_event(failure)"));
-+	}
-+	free(event->adt_sudo.errmsg);
-+	adt_free_event(event);
-+	(void) adt_end_session(ah);
-+}
-diff -rupN sudo-1.8.6p7-orig/plugins/sudoers/solaris_audit.h sudo-1.8.6p7/plugins/sudoers/solaris_audit.h
---- sudo-1.8.6p7-orig/plugins/sudoers/solaris_audit.h	1969-12-31 16:00:00.000000000 -0800
-+++ sudo-1.8.6p7/plugins/sudoers/solaris_audit.h	2014-03-18 14:20:22.069087000 -0700
[email protected]@ -0,0 +1,11 @@
-+/*
-+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
-+ */
-+
-+#ifndef _SUDO_SOLARIS_AUDIT_H
-+#define	_SUDO_SOLARIS_AUDIT_H
-+
-+void	solaris_audit_success(char **);
-+void	solaris_audit_failure(char **, char const * const, va_list);
-+
-+#endif /* _SUDO_SOLARIS_AUDIT_H */
-

--- a/components/sudo/patches/04-use_libmd.patch	Wed Feb 24 22:20:45 2016 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,2430 +0,0 @@
-Taken from http://www.sudo.ws/repos/sudo/rev/cd02732f0704 and backported to
-sudo 1.9.5p5. The fix will be available in sudo 1.8.10p3.
-
-Patching of configure script was removed as we regenerate it by autotools
-anyway.
-
-diff -urN sudo-1.8.9p5.old/common/Makefile.in sudo-1.8.9p5/common/Makefile.in
---- sudo-1.8.9p5.old/common/Makefile.in	2014-01-07 19:09:02.000000000 +0100
-+++ sudo-1.8.9p5/common/Makefile.in	2014-04-10 15:20:34.447046660 +0200
[email protected]@ -186,8 +186,8 @@
-             $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h
- 	$(LIBTOOL) --mode=compile $(CC) -c -o [email protected] $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/atomode.c
- conf_test.lo: $(srcdir)/regress/sudo_conf/conf_test.c $(incdir)/missing.h \
--              $(incdir)/queue.h $(incdir)/sudo_conf.h $(top_builddir)/config.h \
--              $(top_srcdir)/compat/stdbool.h
-+              $(incdir)/queue.h $(incdir)/sudo_conf.h $(incdir)/sudo_util.h \
-+              $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h
- 	$(LIBTOOL) --mode=compile $(CC) -c -o [email protected] $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/sudo_conf/conf_test.c
- event.lo: $(srcdir)/event.c $(incdir)/alloc.h $(incdir)/fatal.h \
-           $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \
[email protected]@ -223,8 +223,8 @@
-             $(top_srcdir)/compat/stdbool.h
- 	$(LIBTOOL) --mode=compile $(CC) -c -o [email protected] $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/gidlist.c
- hltq_test.lo: $(srcdir)/regress/tailq/hltq_test.c $(incdir)/fatal.h \
--              $(incdir)/missing.h $(incdir)/queue.h $(top_builddir)/config.h \
--              $(top_srcdir)/compat/stdbool.h
-+              $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_util.h \
-+              $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h
- 	$(LIBTOOL) --mode=compile $(CC) -c -o [email protected] $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/tailq/hltq_test.c
- lbuf.lo: $(srcdir)/lbuf.c $(incdir)/alloc.h $(incdir)/fatal.h $(incdir)/lbuf.h \
-          $(incdir)/missing.h $(incdir)/sudo_debug.h $(top_builddir)/config.h
[email protected]@ -233,7 +233,7 @@
-                 $(incdir)/gettext.h $(incdir)/missing.h $(top_builddir)/config.h
- 	$(LIBTOOL) --mode=compile $(CC) -c -o [email protected] $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(top_srcdir)/src/locale_stub.c
- parseln_test.lo: $(srcdir)/regress/sudo_parseln/parseln_test.c \
--                 $(incdir)/fileops.h $(incdir)/missing.h \
-+                 $(incdir)/fileops.h $(incdir)/missing.h $(incdir)/sudo_util.h \
-                  $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h
- 	$(LIBTOOL) --mode=compile $(CC) -c -o [email protected] $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/sudo_parseln/parseln_test.c
- progname.lo: $(srcdir)/progname.c $(incdir)/missing.h $(incdir)/sudo_util.h \
-diff -urN sudo-1.8.9p5.old/compat/Makefile.in sudo-1.8.9p5/compat/Makefile.in
---- sudo-1.8.9p5.old/compat/Makefile.in	2014-01-07 19:08:52.000000000 +0100
-+++ sudo-1.8.9p5/compat/Makefile.in	2014-04-10 15:20:34.447431545 +0200
[email protected]@ -178,7 +178,9 @@
- getcwd.lo: $(srcdir)/getcwd.c $(incdir)/missing.h $(top_builddir)/config.h
- 	$(LIBTOOL) --mode=compile $(CC) -c -o [email protected] $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/getcwd.c
- getgrouplist.lo: $(srcdir)/getgrouplist.c $(incdir)/missing.h \
--                 $(top_builddir)/config.h $(top_srcdir)/compat/nss_dbdefs.h
-+                 $(incdir)/sudo_util.h $(top_builddir)/config.h \
-+                 $(top_srcdir)/compat/nss_dbdefs.h \
-+                 $(top_srcdir)/compat/stdbool.h
- 	$(LIBTOOL) --mode=compile $(CC) -c -o [email protected] $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/getgrouplist.c
- getline.lo: $(srcdir)/getline.c $(incdir)/missing.h $(top_builddir)/config.h
- 	$(LIBTOOL) --mode=compile $(CC) -c -o [email protected] $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/getline.c
-diff -urN sudo-1.8.9p5.old/compat/sha2.c sudo-1.8.9p5/compat/sha2.c
---- sudo-1.8.9p5.old/compat/sha2.c	1970-01-01 01:00:00.000000000 +0100
-+++ sudo-1.8.9p5/compat/sha2.c	2014-04-10 15:20:34.448122160 +0200
[email protected]@ -0,0 +1,526 @@
-+/*
-+ * Copyright (c) 2013 Todd C. Miller <[email protected]>
-+ *
-+ * Permission to use, copy, modify, and distribute this software for any
-+ * purpose with or without fee is hereby granted, provided that the above
-+ * copyright notice and this permission notice appear in all copies.
-+ *
-+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-+ */
-+
-+/*
-+ * Implementation of SHA-224, SHA-256, SHA-384 and SHA-512
-+ * as per FIPS 180-4: Secure Hash Standard (SHS)
-+ * http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
-+ *
-+ * Derived from the public domain SHA-1 and SHA-2 implementations
-+ * by Steve Reid and Wei Dai respectively.
-+ */
-+
-+#include <config.h>
-+
-+#include <stdio.h>
-+#ifdef STDC_HEADERS
-+# include <stdlib.h>
-+# include <stddef.h>
-+#else
-+# ifdef HAVE_STDLIB_H
-+#  include <stdlib.h>
-+# endif
-+#endif /* STDC_HEADERS */
-+#ifdef HAVE_STRING_H
-+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
-+#  include <memory.h>
-+# endif
-+# include <string.h>
-+#endif /* HAVE_STRING_H */
-+#ifdef HAVE_STRINGS_H
-+# include <strings.h>
-+#endif /* HAVE_STRINGS_H */
-+#if defined(HAVE_STDINT_H)
-+# include <stdint.h>
-+#elif defined(HAVE_INTTYPES_H)
-+# include <inttypes.h>
-+#endif
-+#if defined(HAVE_ENDIAN_H)
-+# include <endian.h>
-+#elif defined(HAVE_SYS_ENDIAN_H)
-+# include <sys/endian.h>
-+#elif defined(HAVE_MACHINE_ENDIAN_H)
-+# include <machine/endian.h>
-+#else
-+# include "compat/endian.h"
-+#endif
-+
-+#include "missing.h"
-+#include "sha2.h"
-+
-+/*
-+ * SHA-2 operates on 32-bit and 64-bit words in big endian byte order.
-+ * The following macros convert between character arrays and big endian words.
-+ */
-+#define BE8TO32(x, y) do {				\
-+	(x) = (((uint32_t)((y)[0] & 255) << 24) |	\
-+	       ((uint32_t)((y)[1] & 255) << 16) |	\
-+	       ((uint32_t)((y)[2] & 255) << 8)  |	\
-+	       ((uint32_t)((y)[3] & 255)));		\
-+} while (0)
-+
-+#define BE8TO64(x, y) do {				\
-+	(x) = (((uint64_t)((y)[0] & 255) << 56) |	\
-+	       ((uint64_t)((y)[1] & 255) << 48) |	\
-+	       ((uint64_t)((y)[2] & 255) << 40) |	\
-+	       ((uint64_t)((y)[3] & 255) << 32) |	\
-+	       ((uint64_t)((y)[4] & 255) << 24) |	\
-+	       ((uint64_t)((y)[5] & 255) << 16) |	\
-+	       ((uint64_t)((y)[6] & 255) << 8)  |	\
-+	       ((uint64_t)((y)[7] & 255)));		\
-+} while (0)
-+
-+#define BE32TO8(x, y) do {			\
-+	(x)[0] = (uint8_t)(((y) >> 24) & 255);	\
-+	(x)[1] = (uint8_t)(((y) >> 16) & 255);	\
-+	(x)[2] = (uint8_t)(((y) >> 8) & 255);	\
-+	(x)[3] = (uint8_t)((y) & 255);		\
-+} while (0)
-+
-+#define BE64TO8(x, y) do {			\
-+	(x)[0] = (uint8_t)(((y) >> 56) & 255);	\
-+	(x)[1] = (uint8_t)(((y) >> 48) & 255);	\
-+	(x)[2] = (uint8_t)(((y) >> 40) & 255);	\
-+	(x)[3] = (uint8_t)(((y) >> 32) & 255);	\
-+	(x)[4] = (uint8_t)(((y) >> 24) & 255);	\
-+	(x)[5] = (uint8_t)(((y) >> 16) & 255);	\
-+	(x)[6] = (uint8_t)(((y) >> 8) & 255);	\
-+	(x)[7] = (uint8_t)((y) & 255);		\
-+} while (0)
-+
-+#define rotrFixed(x,y) (y ? ((x>>y) | (x<<(sizeof(x)*8-y))) : x)
-+
-+#define blk0(i) (W[i])
-+#define blk2(i) (W[i&15]+=s1(W[(i-2)&15])+W[(i-7)&15]+s0(W[(i-15)&15]))
-+
-+#define Ch(x,y,z) (z^(x&(y^z)))
-+#define Maj(x,y,z) (y^((x^y)&(y^z)))
-+
-+#define a(i) T[(0-i)&7]
-+#define b(i) T[(1-i)&7]
-+#define c(i) T[(2-i)&7]
-+#define d(i) T[(3-i)&7]
-+#define e(i) T[(4-i)&7]
-+#define f(i) T[(5-i)&7]
-+#define g(i) T[(6-i)&7]
-+#define h(i) T[(7-i)&7]
-+
-+void
-+SHA224Init(SHA2_CTX *ctx)
-+{
-+	memset(ctx, 0, sizeof(*ctx));
-+	ctx->state.st32[0] = 0xc1059ed8UL;
-+	ctx->state.st32[1] = 0x367cd507UL;
-+	ctx->state.st32[2] = 0x3070dd17UL;
-+	ctx->state.st32[3] = 0xf70e5939UL;
-+	ctx->state.st32[4] = 0xffc00b31UL;
-+	ctx->state.st32[5] = 0x68581511UL;
-+	ctx->state.st32[6] = 0x64f98fa7UL;
-+	ctx->state.st32[7] = 0xbefa4fa4UL;
-+}
-+
-+void
-+SHA224Transform(uint32_t state[8], const uint8_t buffer[SHA224_BLOCK_LENGTH])
-+{
-+	SHA256Transform(state, buffer);
-+}
-+
-+void
-+SHA224Update(SHA2_CTX *ctx, const uint8_t *data, size_t len)
-+{
-+	SHA256Update(ctx, data, len);
-+}
-+
-+void
-+SHA224Pad(SHA2_CTX *ctx)
-+{
-+	SHA256Pad(ctx);
-+}
-+
-+void
-+SHA224Final(uint8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *ctx)
-+{
-+	SHA256Pad(ctx);
-+	if (digest != NULL) {
-+#if BYTE_ORDER == BIG_ENDIAN
-+		memcpy(digest, ctx->state.st32, SHA224_DIGEST_LENGTH);
-+#else
-+		unsigned int i;
-+
-+		for (i = 0; i < 7; i++)
-+			BE32TO8(digest + (i * 4), ctx->state.st32[i]);
-+#endif
-+		memset(ctx, 0, sizeof(*ctx));
-+	}
-+}
-+
-+static const uint32_t SHA256_K[64] = {
-+	0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
-+	0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
-+	0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
-+	0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
-+	0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
-+	0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
-+	0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
-+	0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
-+	0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
-+	0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
-+	0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
-+	0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
-+	0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
-+	0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
-+	0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
-+	0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
-+};
-+
-+void
-+SHA256Init(SHA2_CTX *ctx)
-+{
-+	memset(ctx, 0, sizeof(*ctx));
-+	ctx->state.st32[0] = 0x6a09e667UL;
-+	ctx->state.st32[1] = 0xbb67ae85UL;
-+	ctx->state.st32[2] = 0x3c6ef372UL;
-+	ctx->state.st32[3] = 0xa54ff53aUL;
-+	ctx->state.st32[4] = 0x510e527fUL;
-+	ctx->state.st32[5] = 0x9b05688cUL;
-+	ctx->state.st32[6] = 0x1f83d9abUL;
-+	ctx->state.st32[7] = 0x5be0cd19UL;
-+}
-+
-+/* Round macros for SHA256 */
-+#define R(i) do {							     \
-+	h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA256_K[i+j]+(j?blk2(i):blk0(i)); \
-+	d(i)+=h(i);							     \
-+	h(i)+=S0(a(i))+Maj(a(i),b(i),c(i));				     \
-+} while (0)
-+
-+#define S0(x) (rotrFixed(x,2)^rotrFixed(x,13)^rotrFixed(x,22))
-+#define S1(x) (rotrFixed(x,6)^rotrFixed(x,11)^rotrFixed(x,25))
-+#define s0(x) (rotrFixed(x,7)^rotrFixed(x,18)^(x>>3))
-+#define s1(x) (rotrFixed(x,17)^rotrFixed(x,19)^(x>>10))
-+
-+void
-+SHA256Transform(uint32_t state[8], const uint8_t data[SHA256_BLOCK_LENGTH])
-+{
-+	uint32_t W[16];
-+	uint32_t T[8];
-+	unsigned int j;
-+
-+	/* Copy context state to working vars. */
-+	memcpy(T, state, sizeof(T));
-+	/* Copy data to W in big endian format. */
-+#if BYTE_ORDER == BIG_ENDIAN
-+	memcpy(W, data, sizeof(W));
-+#else
-+	for (j = 0; j < 16; j++) {
-+	    BE8TO32(W[j], data);
-+	    data += 4;
-+	}
-+#endif
-+	/* 64 operations, partially loop unrolled. */
-+	for (j = 0; j < 64; j += 16)
-+	{
-+		R( 0); R( 1); R( 2); R( 3);
-+		R( 4); R( 5); R( 6); R( 7);
-+		R( 8); R( 9); R(10); R(11);
-+		R(12); R(13); R(14); R(15);
-+	}
-+	/* Add the working vars back into context state. */
-+	state[0] += a(0);
-+	state[1] += b(0);
-+	state[2] += c(0);
-+	state[3] += d(0);
-+	state[4] += e(0);
-+	state[5] += f(0);
-+	state[6] += g(0);
-+	state[7] += h(0);
-+	/* Cleanup */
-+	memset_s(T, sizeof(T), 0, sizeof(T));
-+	memset_s(W, sizeof(W), 0, sizeof(W));
-+}
-+
-+#undef S0
-+#undef S1
-+#undef s0
-+#undef s1
-+#undef R
-+
-+void
-+SHA256Update(SHA2_CTX *ctx, const uint8_t *data, size_t len)
-+{
-+	size_t i = 0, j;
-+
-+	j = (size_t)((ctx->count[0] >> 3) & (SHA256_BLOCK_LENGTH - 1));
-+	ctx->count[0] += (len << 3);
-+	if ((j + len) > SHA256_BLOCK_LENGTH - 1) {
-+		memcpy(&ctx->buffer[j], data, (i = SHA256_BLOCK_LENGTH - j));
-+		SHA256Transform(ctx->state.st32, ctx->buffer);
-+		for ( ; i + SHA256_BLOCK_LENGTH - 1 < len; i += SHA256_BLOCK_LENGTH)
-+			SHA256Transform(ctx->state.st32, (uint8_t *)&data[i]);
-+		j = 0;
-+	}
-+	memcpy(&ctx->buffer[j], &data[i], len - i);
-+}
-+
-+void
-+SHA256Pad(SHA2_CTX *ctx)
-+{
-+	uint8_t finalcount[8];
-+
-+	/* Store unpadded message length in bits in big endian format. */
-+	BE64TO8(finalcount, ctx->count[0]);
-+
-+	/* Append a '1' bit (0x80) to the message. */
-+	SHA256Update(ctx, (uint8_t *)"\200", 1);
-+
-+	/* Pad message such that the resulting length modulo 512 is 448. */
-+	while ((ctx->count[0] & 504) != 448)
-+		SHA256Update(ctx, (uint8_t *)"\0", 1);
-+
-+	/* Append length of message in bits and do final SHA256Transform(). */
-+	SHA256Update(ctx, finalcount, sizeof(finalcount));
-+}
-+
-+void
-+SHA256Final(uint8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *ctx)
-+{
-+	SHA256Pad(ctx);
-+	if (digest != NULL) {
-+#if BYTE_ORDER == BIG_ENDIAN
-+		memcpy(digest, ctx->state.st32, SHA256_DIGEST_LENGTH);
-+#else
-+		unsigned int i;
-+
-+		for (i = 0; i < 8; i++)
-+			BE32TO8(digest + (i * 4), ctx->state.st32[i]);
-+#endif
-+		memset(ctx, 0, sizeof(*ctx));
-+	}
-+}
-+
-+void
-+SHA384Init(SHA2_CTX *ctx)
-+{
-+	memset(ctx, 0, sizeof(*ctx));
-+	ctx->state.st64[0] = 0xcbbb9d5dc1059ed8ULL;
-+	ctx->state.st64[1] = 0x629a292a367cd507ULL;
-+	ctx->state.st64[2] = 0x9159015a3070dd17ULL;
-+	ctx->state.st64[3] = 0x152fecd8f70e5939ULL;
-+	ctx->state.st64[4] = 0x67332667ffc00b31ULL;
-+	ctx->state.st64[5] = 0x8eb44a8768581511ULL;
-+	ctx->state.st64[6] = 0xdb0c2e0d64f98fa7ULL;
-+	ctx->state.st64[7] = 0x47b5481dbefa4fa4ULL;
-+}
-+
-+void
-+SHA384Transform(uint64_t state[8], const uint8_t data[SHA384_BLOCK_LENGTH])
-+{
-+	SHA512Transform(state, data);
-+}
-+
-+void
-+SHA384Update(SHA2_CTX *ctx, const uint8_t *data, size_t len)
-+{
-+	SHA512Update(ctx, data, len);
-+}
-+
-+void
-+SHA384Pad(SHA2_CTX *ctx)
-+{
-+	SHA512Pad(ctx);
-+}
-+
-+void
-+SHA384Final(uint8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *ctx)
-+{
-+	SHA384Pad(ctx);
-+	if (digest != NULL) {
-+#if BYTE_ORDER == BIG_ENDIAN
-+		memcpy(digest, ctx->state.st64, SHA384_DIGEST_LENGTH);
-+#else
-+		unsigned int i;
-+
-+		for (i = 0; i < 6; i++)
-+			BE64TO8(digest + (i * 8), ctx->state.st64[i]);
-+#endif
-+		memset(ctx, 0, sizeof(*ctx));
-+	}
-+}
-+
-+static const uint64_t SHA512_K[80] = {
-+	0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
-+	0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
-+	0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
-+	0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
-+	0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
-+	0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
-+	0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
-+	0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
-+	0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
-+	0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
-+	0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
-+	0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
-+	0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
-+	0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
-+	0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
-+	0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
-+	0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
-+	0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
-+	0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
-+	0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
-+	0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
-+	0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
-+	0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
-+	0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
-+	0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
-+	0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
-+	0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
-+	0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
-+	0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
-+	0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
-+	0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
-+	0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
-+	0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
-+	0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
-+	0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
-+	0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
-+	0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
-+	0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
-+	0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
-+	0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
-+};
-+
-+void
-+SHA512Init(SHA2_CTX *ctx)
-+{
-+	memset(ctx, 0, sizeof(*ctx));
-+	ctx->state.st64[0] = 0x6a09e667f3bcc908ULL;
-+	ctx->state.st64[1] = 0xbb67ae8584caa73bULL;
-+	ctx->state.st64[2] = 0x3c6ef372fe94f82bULL;
-+	ctx->state.st64[3] = 0xa54ff53a5f1d36f1ULL;
-+	ctx->state.st64[4] = 0x510e527fade682d1ULL;
-+	ctx->state.st64[5] = 0x9b05688c2b3e6c1fULL;
-+	ctx->state.st64[6] = 0x1f83d9abfb41bd6bULL;
-+	ctx->state.st64[7] = 0x5be0cd19137e2179ULL;
-+}
-+
-+/* Round macros for SHA512 */
-+#define R(i) do {							     \
-+	h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA512_K[i+j]+(j?blk2(i):blk0(i)); \
-+	d(i)+=h(i);							     \
-+	h(i)+=S0(a(i))+Maj(a(i),b(i),c(i));				     \
-+} while (0)
-+
-+#define S0(x) (rotrFixed(x,28)^rotrFixed(x,34)^rotrFixed(x,39))
-+#define S1(x) (rotrFixed(x,14)^rotrFixed(x,18)^rotrFixed(x,41))
-+#define s0(x) (rotrFixed(x,1)^rotrFixed(x,8)^(x>>7))
-+#define s1(x) (rotrFixed(x,19)^rotrFixed(x,61)^(x>>6))
-+
-+void
-+SHA512Transform(uint64_t state[8], const uint8_t data[SHA512_BLOCK_LENGTH])
-+{
-+	uint64_t W[16];
-+	uint64_t T[8];
-+	unsigned int j;
-+
-+	/* Copy context state to working vars. */
-+	memcpy(T, state, sizeof(T));
-+	/* Copy data to W in big endian format. */
-+#if BYTE_ORDER == BIG_ENDIAN
-+	memcpy(W, data, sizeof(W));
-+#else
-+	for (j = 0; j < 16; j++) {
-+	    BE8TO64(W[j], data);
-+	    data += 8;
-+	}
-+#endif
-+	/* 80 operations, partially loop unrolled. */
-+	for (j = 0; j < 80; j += 16)
-+	{
-+		R( 0); R( 1); R( 2); R( 3);
-+		R( 4); R( 5); R( 6); R( 7);
-+		R( 8); R( 9); R(10); R(11);
-+		R(12); R(13); R(14); R(15);
-+	}
-+	/* Add the working vars back into context state. */
-+	state[0] += a(0);
-+	state[1] += b(0);
-+	state[2] += c(0);
-+	state[3] += d(0);
-+	state[4] += e(0);
-+	state[5] += f(0);
-+	state[6] += g(0);
-+	state[7] += h(0);
-+	/* Cleanup. */
-+	memset_s(T, sizeof(T), 0, sizeof(T));
-+	memset_s(W, sizeof(W), 0, sizeof(W));
-+}
-+
-+void
-+SHA512Update(SHA2_CTX *ctx, const uint8_t *data, size_t len)
-+{
-+	size_t i = 0, j;
-+
-+	j = (size_t)((ctx->count[0] >> 3) & (SHA512_BLOCK_LENGTH - 1));
-+	ctx->count[0] += (len << 3);
-+	if (ctx->count[0] < (len << 3))
-+		ctx->count[1]++;
-+	if ((j + len) > SHA512_BLOCK_LENGTH - 1) {
-+		memcpy(&ctx->buffer[j], data, (i = SHA512_BLOCK_LENGTH - j));
-+		SHA512Transform(ctx->state.st64, ctx->buffer);
-+		for ( ; i + SHA512_BLOCK_LENGTH - 1 < len; i += SHA512_BLOCK_LENGTH)
-+			SHA512Transform(ctx->state.st64, (uint8_t *)&data[i]);
-+		j = 0;
-+	}
-+	memcpy(&ctx->buffer[j], &data[i], len - i);
-+}
-+
-+void
-+SHA512Pad(SHA2_CTX *ctx)
-+{
-+	uint8_t finalcount[16];
-+
-+	/* Store unpadded message length in bits in big endian format. */
-+	BE64TO8(finalcount, ctx->count[1]);
-+	BE64TO8(finalcount + 8, ctx->count[0]);
-+
-+	/* Append a '1' bit (0x80) to the message. */
-+	SHA512Update(ctx, (uint8_t *)"\200", 1);
-+
-+	/* Pad message such that the resulting length modulo 1024 is 896. */
-+	while ((ctx->count[0] & 1008) != 896)
-+		SHA512Update(ctx, (uint8_t *)"\0", 1);
-+
-+	/* Append length of message in bits and do final SHA512Transform(). */
-+	SHA512Update(ctx, finalcount, sizeof(finalcount));
-+}
-+
-+void
-+SHA512Final(uint8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *ctx)
-+{
-+	SHA512Pad(ctx);
-+	if (digest != NULL) {
-+#if BYTE_ORDER == BIG_ENDIAN
-+		memcpy(digest, ctx->state.st64, SHA512_DIGEST_LENGTH);
-+#else
-+		unsigned int i;
-+
-+		for (i = 0; i < 8; i++)
-+			BE64TO8(digest + (i * 8), ctx->state.st64[i]);
-+#endif
-+		memset(ctx, 0, sizeof(*ctx));
-+	}
-+}
-diff -urN sudo-1.8.9p5.old/compat/sha2.h sudo-1.8.9p5/compat/sha2.h
---- sudo-1.8.9p5.old/compat/sha2.h	1970-01-01 01:00:00.000000000 +0100
-+++ sudo-1.8.9p5/compat/sha2.h	2014-04-10 15:20:34.448517327 +0200
[email protected]@ -0,0 +1,74 @@
-+/*
-+ * Copyright (c) 2013 Todd C. Miller <[email protected]>
-+ *
-+ * Permission to use, copy, modify, and distribute this software for any
-+ * purpose with or without fee is hereby granted, provided that the above
-+ * copyright notice and this permission notice appear in all copies.
-+ *
-+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-+ */
-+
-+/*
-+ * Derived from the public domain SHA-1 and SHA-2 implementations
-+ * by Steve Reid and Wei Dai respectively.
-+ */
-+
-+#ifndef _SUDOERS_SHA2_H
-+#define _SUDOERS_SHA2_H
-+
-+#define	SHA224_BLOCK_LENGTH		64
-+#define	SHA224_DIGEST_LENGTH		28
-+#define	SHA224_DIGEST_STRING_LENGTH	(SHA224_DIGEST_LENGTH * 2 + 1)
-+
-+#define	SHA256_BLOCK_LENGTH		64
-+#define	SHA256_DIGEST_LENGTH		32
-+#define	SHA256_DIGEST_STRING_LENGTH	(SHA256_DIGEST_LENGTH * 2 + 1)
-+
-+#define	SHA384_BLOCK_LENGTH		128
-+#define	SHA384_DIGEST_LENGTH		48
-+#define	SHA384_DIGEST_STRING_LENGTH	(SHA384_DIGEST_LENGTH * 2 + 1)
-+
-+#define	SHA512_BLOCK_LENGTH		128
-+#define	SHA512_DIGEST_LENGTH		64
-+#define	SHA512_DIGEST_STRING_LENGTH	(SHA512_DIGEST_LENGTH * 2 + 1)
-+
-+typedef struct {
-+    union {
-+	uint32_t st32[8];	/* sha224 and sha256 */
-+	uint64_t st64[8];	/* sha384 and sha512 */
-+    } state;
-+    uint64_t count[2];
-+    uint8_t buffer[SHA512_BLOCK_LENGTH];
-+} SHA2_CTX;
-+
-+void SHA224Init(SHA2_CTX *ctx);
-+void SHA224Pad(SHA2_CTX *ctx);
-+void SHA224Transform(uint32_t state[8], const uint8_t buffer[SHA224_BLOCK_LENGTH]);
-+void SHA224Update(SHA2_CTX *ctx, const uint8_t *data, size_t len);
-+void SHA224Final(uint8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *ctx);
-+
-+void SHA256Init(SHA2_CTX *ctx);
-+void SHA256Pad(SHA2_CTX *ctx);
-+void SHA256Transform(uint32_t state[8], const uint8_t buffer[SHA256_BLOCK_LENGTH]);
-+void SHA256Update(SHA2_CTX *ctx, const uint8_t *data, size_t len);
-+void SHA256Final(uint8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *ctx);
-+
-+void SHA384Init(SHA2_CTX *ctx);
-+void SHA384Pad(SHA2_CTX *ctx);
-+void SHA384Transform(uint64_t state[8], const uint8_t buffer[SHA384_BLOCK_LENGTH]);
-+void SHA384Update(SHA2_CTX *ctx, const uint8_t *data, size_t len);
-+void SHA384Final(uint8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *ctx);
-+
-+void SHA512Init(SHA2_CTX *ctx);
-+void SHA512Pad(SHA2_CTX *ctx);
-+void SHA512Transform(uint64_t state[8], const uint8_t buffer[SHA512_BLOCK_LENGTH]);
-+void SHA512Update(SHA2_CTX *ctx, const uint8_t *data, size_t len);
-+void SHA512Final(uint8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *ctx);
-+
-+#endif /* _SUDOERS_SHA2_H */
-diff -urN sudo-1.8.9p5.old/config.h.in sudo-1.8.9p5/config.h.in
---- sudo-1.8.9p5.old/config.h.in	2014-04-10 15:19:56.000000000 +0200
-+++ sudo-1.8.9p5/config.h.in	2014-04-10 15:20:34.449144378 +0200
[email protected]@ -521,6 +521,9 @@
- /* Define to 1 if you have the `set_auth_parameters' function. */
- #undef HAVE_SET_AUTH_PARAMETERS
- 
-+/* Define to 1 if you have the `SHA224Update' function. */
-+#undef HAVE_SHA224UPDATE
-+
- /* Define to 1 if you have the `shl_load' function. */
- #undef HAVE_SHL_LOAD
- 
[email protected]@ -983,6 +989,10 @@
- /* Define to 1 to send mail when the user is not in the sudoers file. */
- #undef SEND_MAIL_WHEN_NO_USER
- 
-+/* Define to 1 if the sha2 functions use `const void *' instead of `const
-+   unsigned char'. */
-+#undef SHA2_VOID_PTR
-+
- /* Define to 1 if you want sudo to start a shell if given no arguments. */
- #undef SHELL_IF_NO_ARGS
- 
-diff -urN sudo-1.8.9p5.old/configure.ac sudo-1.8.9p5/configure.ac
---- sudo-1.8.9p5.old/configure.ac	2014-04-10 15:19:47.156138496 +0200
-+++ sudo-1.8.9p5/configure.ac	2014-04-10 15:20:34.458422206 +0200
[email protected]@ -77,6 +77,7 @@
- AC_SUBST([LIBDL])
- AC_SUBST([LT_STATIC])
- AC_SUBST([LIBINTL])
-+AC_SUBST([LIBMD])
- AC_SUBST([SUDO_NLS])
- AC_SUBST([LOCALEDIR_SUFFIX])
- AC_SUBST([COMPAT_TEST_PROGS])
[email protected]@ -194,6 +195,7 @@
- PSMAN=0
- SEMAN=0
- LIBINTL=
-+LIBMD=
- ZLIB=
- ZLIB_SRC=
- AUTH_OBJS=
[email protected]@ -2445,6 +2447,16 @@
- 	[AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))],
- 	[AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))])
- fi
-+AC_CHECK_HEADER([sha2.h], [
-+    AC_CHECK_FUNCS(SHA224Update, [SUDO_FUNC_SHA2_VOID_PTR], [
-+	# On some systems, SHA224Update is in libmd
-+	AC_CHECK_LIB(md, SHA224Update, [
-+	    AC_DEFINE(HAVE_SHA224UPDATE)
-+	    SUDO_FUNC_SHA2_VOID_PTR
-+	    LIBMD="-lmd"
-+	], [AC_LIBOBJ(sha2)])
-+    ])
-+], [AC_LIBOBJ(sha2)])
- dnl
- dnl Function checks for sudo_noexec
- dnl
-diff -urN sudo-1.8.9p5.old/MANIFEST sudo-1.8.9p5/MANIFEST
---- sudo-1.8.9p5.old/MANIFEST	2014-04-10 15:19:47.157886371 +0200
-+++ sudo-1.8.9p5/MANIFEST	2014-04-10 15:20:58.300108720 +0200
[email protected]@ -88,6 +88,8 @@
- compat/regress/glob/files
- compat/regress/glob/globtest.c
- compat/regress/glob/globtest.in
-+compat/sha2.c
-+compat/sha2.h
- compat/sig2str.c
- compat/siglist.in
- compat/snprintf.c
[email protected]@ -367,8 +369,6 @@
- plugins/sudoers/regress/visudo/test5.out.ok
- plugins/sudoers/regress/visudo/test5.sh
- plugins/sudoers/set_perms.c
--plugins/sudoers/sha2.c
--plugins/sudoers/sha2.h
- plugins/sudoers/solaris_audit.c
- plugins/sudoers/solaris_audit.h
- plugins/sudoers/sssd.c
-diff -urN sudo-1.8.9p5.old/m4/sudo.m4 sudo-1.8.9p5/m4/sudo.m4
---- sudo-1.8.9p5.old/m4/sudo.m4	2014-01-07 19:08:52.000000000 +0100
-+++ sudo-1.8.9p5/m4/sudo.m4	2014-04-10 15:20:34.458820769 +0200
[email protected]@ -264,6 +264,24 @@
- ])
- 
- dnl
-+dnl Check if the data argument for the sha2 functions is void * or u_char *
-+dnl
-+AC_DEFUN([SUDO_FUNC_SHA2_VOID_PTR],
-+[AC_CACHE_CHECK([whether the data argument of SHA224Update() is void *],
-+sudo_cv_func_sha2_void_ptr,
-+[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT
-+#include <sha2.h>
-+void SHA224Update(SHA2_CTX *context, const void *data, size_t len) {return;}], [])],
-+    [sudo_cv_func_sha2_void_ptr=yes],
-+    [sudo_cv_func_sha2_void_ptr=no])
-+  ])
-+  if test $sudo_cv_func_sha2_void_ptr = yes; then
-+    AC_DEFINE(SHA2_VOID_PTR, 1,
-+      [Define to 1 if the sha2 functions use `const void *' instead of `const unsigned char'.])
-+  fi
-+])
-+
-+dnl
- dnl check for sa_len field in struct sockaddr
- dnl
- AC_DEFUN([SUDO_SOCK_SA_LEN], [
-diff -urN sudo-1.8.9p5.old/plugins/sudoers/gram.c sudo-1.8.9p5/plugins/sudoers/gram.c
---- sudo-1.8.9p5.old/plugins/sudoers/gram.c	2014-01-07 19:08:53.000000000 +0100
-+++ sudo-1.8.9p5/plugins/sudoers/gram.c	2014-04-10 15:20:34.460695182 +0200
[email protected]@ -179,10 +179,10 @@
- #define PRIVS 289
- #define LIMITPRIVS 290
- #define MYSELF 291
--#define SHA224 292
--#define SHA256 293
--#define SHA384 294
--#define SHA512 295
-+#define SHA224_TOK 292
-+#define SHA256_TOK 293
-+#define SHA384_TOK 294
-+#define SHA512_TOK 295
- #define YYERRCODE 256
- #if defined(__cplusplus) || defined(__STDC__)
- const short sudoerslhs[] =
[email protected]@ -550,7 +550,7 @@
- "NOPASSWD","PASSWD","NOEXEC","EXEC","SETENV","NOSETENV","LOG_INPUT",
- "NOLOG_INPUT","LOG_OUTPUT","NOLOG_OUTPUT","ALL","COMMENT","HOSTALIAS",
- "CMNDALIAS","USERALIAS","RUNASALIAS","ERROR","TYPE","ROLE","PRIVS","LIMITPRIVS",
--"MYSELF","SHA224","SHA256","SHA384","SHA512",
-+"MYSELF","SHA224_TOK","SHA256_TOK","SHA384_TOK","SHA512_TOK",
- };
- #if defined(__cplusplus) || defined(__STDC__)
- const char * const sudoersrule[] =
[email protected]@ -594,10 +594,10 @@
- "cmndspeclist : cmndspec",
- "cmndspeclist : cmndspeclist ',' cmndspec",
- "cmndspec : runasspec selinux solarisprivs cmndtag digcmnd",
--"digest : SHA224 ':' DIGEST",
--"digest : SHA256 ':' DIGEST",
--"digest : SHA384 ':' DIGEST",
--"digest : SHA512 ':' DIGEST",
-+"digest : SHA224_TOK ':' DIGEST",
-+"digest : SHA256_TOK ':' DIGEST",
-+"digest : SHA384_TOK ':' DIGEST",
-+"digest : SHA512_TOK ':' DIGEST",
- "digcmnd : opcmnd",
- "digcmnd : digest opcmnd",
- "opcmnd : cmnd",
[email protected]@ -1089,12 +1089,12 @@
-         goto yyreduce;
-     }
-     if (yyerrflag) goto yyinrecovery;
--#if defined(lint) || defined(__GNUC__)
-+#if defined(__GNUC__)
-     goto yynewerror;
- #endif
- yynewerror:
-     yyerror("syntax error");
--#if defined(lint) || defined(__GNUC__)
-+#if defined(__GNUC__)
-     goto yyerrlab;
- #endif
- yyerrlab:
-diff -urN sudo-1.8.9p5.old/plugins/sudoers/gram.h sudo-1.8.9p5/plugins/sudoers/gram.h
---- sudo-1.8.9p5.old/plugins/sudoers/gram.h	2014-01-07 19:08:53.000000000 +0100
-+++ sudo-1.8.9p5/plugins/sudoers/gram.h	2014-04-10 15:20:34.461102773 +0200
[email protected]@ -33,10 +33,10 @@
- #define PRIVS 289
- #define LIMITPRIVS 290
- #define MYSELF 291
--#define SHA224 292
--#define SHA256 293
--#define SHA384 294
--#define SHA512 295
-+#define SHA224_TOK 292
-+#define SHA256_TOK 293
-+#define SHA384_TOK 294
-+#define SHA512_TOK 295
- #ifndef YYSTYPE_DEFINED
- #define YYSTYPE_DEFINED
- typedef union {
-diff -urN sudo-1.8.9p5.old/plugins/sudoers/gram.y sudo-1.8.9p5/plugins/sudoers/gram.y
---- sudo-1.8.9p5.old/plugins/sudoers/gram.y	2014-01-07 19:08:53.000000000 +0100
-+++ sudo-1.8.9p5/plugins/sudoers/gram.y	2014-04-10 15:20:34.461582432 +0200
[email protected]@ -142,10 +142,10 @@
- %token <tok>	 PRIVS			/* Solaris privileges */
- %token <tok>	 LIMITPRIVS		/* Solaris limit privileges */
- %token <tok>	 MYSELF			/* run as myself, not another user */
--%token <tok>	 SHA224			/* sha224 digest */
--%token <tok>	 SHA256			/* sha256 digest */
--%token <tok>	 SHA384			/* sha384 digest */
--%token <tok>	 SHA512			/* sha512 digest */
-+%token <tok>	 SHA224_TOK		/* sha224 token */
-+%token <tok>	 SHA256_TOK		/* sha256 token */
-+%token <tok>	 SHA384_TOK		/* sha384 token */
-+%token <tok>	 SHA512_TOK		/* sha512 token */
- 
- %type <cmndspec>  cmndspec
- %type <cmndspec>  cmndspeclist
[email protected]@ -370,16 +370,16 @@
- 			}
- 		;
- 
--digest		:	SHA224 ':' DIGEST {
-+digest		:	SHA224_TOK ':' DIGEST {
- 			    $$ = new_digest(SUDO_DIGEST_SHA224, $3);
- 			}
--		|	SHA256 ':' DIGEST {
-+		|	SHA256_TOK ':' DIGEST {
- 			    $$ = new_digest(SUDO_DIGEST_SHA256, $3);
- 			}
--		|	SHA384 ':' DIGEST {
-+		|	SHA384_TOK ':' DIGEST {
- 			    $$ = new_digest(SUDO_DIGEST_SHA384, $3);
- 			}
--		|	SHA512 ':' DIGEST {
-+		|	SHA512_TOK ':' DIGEST {
- 			    $$ = new_digest(SUDO_DIGEST_SHA512, $3);
- 			}
- 		;
-diff -urN sudo-1.8.9p5.old/plugins/sudoers/Makefile.in sudo-1.8.9p5/plugins/sudoers/Makefile.in
---- sudo-1.8.9p5.old/plugins/sudoers/Makefile.in	2014-04-10 15:19:47.160183439 +0200
-+++ sudo-1.8.9p5/plugins/sudoers/Makefile.in	2014-04-10 15:20:34.459914018 +0200
[email protected]@ -49,8 +49,10 @@
- LT_LIBS = $(top_builddir)/common/libsudo_util.la $(LIBOBJDIR)libreplace.la
- LIBS = $(LT_LIBS) @[email protected]
- NET_LIBS = @[email protected]
--SUDOERS_LIBS = @[email protected] @[email protected] @[email protected] $(LIBS) $(NET_LIBS) @[email protected] @[email protected]
-+SUDOERS_LIBS = @[email protected] @[email protected] @[email protected] $(LIBS) $(NET_LIBS) @[email protected] @[email protected] @[email protected]
- REPLAY_LIBS = @[email protected] @[email protected]
-+VISUDO_LIBS = $(NET_LIBS) @[email protected]
-+TESTSUDOERS_LIBS = $(NET_LIBS) @[email protected] @[email protected]
- 
- # C preprocessor flags
- CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(devdir) -I$(srcdir) -I$(top_srcdir) -DLIBDIR=\"$(libdir)\" @[email protected]
[email protected]@ -130,7 +132,7 @@
- 
- LIBPARSESUDOERS_OBJS = alias.lo audit.lo base64.lo defaults.lo hexchar.lo \
- 		       gram.lo match.lo match_addr.lo pwutil.lo pwutil_impl.lo \
--		       timestr.lo toke.lo toke_util.lo redblack.lo sha2.lo
-+		       timestr.lo toke.lo toke_util.lo redblack.lo
- 
- SUDOERS_OBJS = $(AUTH_OBJS) boottime.lo check.lo env.lo find_path.lo \
- 	       goodpath.lo group_plugin.lo interfaces.lo iolog.lo \
[email protected]@ -149,7 +151,7 @@
- 
- CHECK_BASE64_OBJS = check_base64.o base64.o locale.o
- 
--CHECK_DIGEST_OBJS = check_digest.o sha2.o
-+CHECK_DIGEST_OBJS = check_digest.o
- 
- CHECK_FILL_OBJS = check_fill.o hexchar.o locale.o toke_util.o
- 
[email protected]@ -196,13 +198,13 @@
- 	$(LIBTOOL) @[email protected] --mode=link $(CC) $(LDFLAGS) $(LT_LDFLAGS) -o [email protected] $(SUDOERS_OBJS) libparsesudoers.la $(SUDOERS_LIBS) -module -avoid-version -rpath $(plugindir)
- 
- visudo: libparsesudoers.la $(VISUDO_OBJS) $(LT_LIBS)
--	$(LIBTOOL) --mode=link $(CC) -o [email protected] $(VISUDO_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) libparsesudoers.la $(LIBS) $(NET_LIBS)
-+	$(LIBTOOL) --mode=link $(CC) -o [email protected] $(VISUDO_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) libparsesudoers.la $(VISUDO_LIBS) $(LIBS)
- 
- sudoreplay: timestr.lo $(REPLAY_OBJS) $(LT_LIBS)
- 	$(LIBTOOL) --mode=link $(CC) -o [email protected] $(REPLAY_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) timestr.lo $(REPLAY_LIBS) $(LIBS)
- 
- testsudoers: libparsesudoers.la $(TEST_OBJS) $(LT_LIBS)
--	$(LIBTOOL) --mode=link $(CC) -o [email protected] $(TEST_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) libparsesudoers.la $(LIBS) $(NET_LIBS) @[email protected]
-+	$(LIBTOOL) --mode=link $(CC) -o [email protected] $(TEST_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) libparsesudoers.la $(TESTSUDOERS_LIBS) $(LIBS)
- 
- check_addr: $(CHECK_ADDR_OBJS) $(LT_LIBS)
- 	$(LIBTOOL) --mode=link $(CC) -o [email protected] $(CHECK_ADDR_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) $(NET_LIBS)
[email protected]@ -211,7 +213,7 @@
- 	$(LIBTOOL) --mode=link $(CC) -o [email protected] $(CHECK_BASE64_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS)
- 
- check_digest: $(CHECK_DIGEST_OBJS) $(LT_LIBS)
--	$(LIBTOOL) --mode=link $(CC) -o [email protected] $(CHECK_DIGEST_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS)
-+	$(LIBTOOL) --mode=link $(CC) -o [email protected] $(CHECK_DIGEST_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) @[email protected]
- 
- check_fill: $(CHECK_FILL_OBJS) $(LT_LIBS)
- 	$(LIBTOOL) --mode=link $(CC) -o [email protected] $(CHECK_FILL_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS)
[email protected]@ -501,12 +503,12 @@
-                 $(top_builddir)/config.h
- 	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/parser/check_base64.c
- check_digest.o: $(srcdir)/regress/parser/check_digest.c $(incdir)/missing.h \
--                $(srcdir)/sha2.h $(top_builddir)/config.h
-+                $(top_builddir)/config.h
- 	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/parser/check_digest.c
- check_fill.o: $(srcdir)/regress/parser/check_fill.c $(devdir)/gram.h \
-               $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_plugin.h \
--              $(srcdir)/parse.h $(srcdir)/toke.h $(top_builddir)/config.h \
--              $(top_srcdir)/compat/stdbool.h
-+              $(incdir)/sudo_util.h $(srcdir)/parse.h $(srcdir)/toke.h \
-+              $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h
- 	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/parser/check_fill.c
- check_iolog_path.o: $(srcdir)/regress/iolog_path/check_iolog_path.c \
-                     $(devdir)/def_data.c $(devdir)/def_data.h \
[email protected]@ -607,8 +609,8 @@
-                  $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h
- 	$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/group_plugin.c
- group_plugin.o: group_plugin.lo
--hexchar.lo: $(srcdir)/hexchar.c $(incdir)/fatal.h $(incdir)/missing.h \
--            $(incdir)/sudo_debug.h $(top_builddir)/config.h
-+hexchar.lo: $(srcdir)/hexchar.c $(incdir)/missing.h $(incdir)/sudo_debug.h \
-+            $(top_builddir)/config.h
- 	$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/hexchar.c
- hexchar.o: hexchar.lo
- interfaces.lo: $(srcdir)/interfaces.c $(devdir)/def_data.h $(incdir)/alloc.h \
[email protected]@ -689,9 +691,9 @@
-           $(incdir)/gettext.h $(incdir)/missing.h $(incdir)/queue.h \
-           $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \
-           $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \
--          $(srcdir)/sha2.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
--          $(top_builddir)/config.h $(top_builddir)/pathnames.h \
--          $(top_srcdir)/compat/fnmatch.h $(top_srcdir)/compat/glob.h \
-+          $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(top_builddir)/config.h \
-+          $(top_builddir)/pathnames.h $(top_srcdir)/compat/fnmatch.h \
-+          $(top_srcdir)/compat/glob.h $(top_srcdir)/compat/sha2.h \
-           $(top_srcdir)/compat/stdbool.h
- 	$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/match.c
- match_addr.lo: $(srcdir)/match_addr.c $(devdir)/def_data.h $(incdir)/alloc.h \
[email protected]@ -806,10 +808,6 @@
-               $(srcdir)/sudoers.h $(top_builddir)/config.h \
-               $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h
- 	$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/set_perms.c
--sha2.lo: $(srcdir)/sha2.c $(incdir)/missing.h $(srcdir)/sha2.h \
--         $(top_builddir)/config.h $(top_srcdir)/compat/endian.h
--	$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sha2.c
--sha2.o: sha2.lo
- sia.lo: $(authdir)/sia.c $(devdir)/def_data.h $(incdir)/alloc.h \
-         $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \
-         $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \
[email protected]@ -891,9 +889,9 @@
-          $(incdir)/gettext.h $(incdir)/lbuf.h $(incdir)/missing.h \
-          $(incdir)/queue.h $(incdir)/secure_path.h $(incdir)/sudo_debug.h \
-          $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \
--         $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sha2.h \
--         $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/toke.h \
--         $(top_builddir)/config.h $(top_builddir)/pathnames.h \
-+         $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \
-+         $(srcdir)/sudoers.h $(srcdir)/toke.h $(top_builddir)/config.h \
-+         $(top_builddir)/pathnames.h $(top_srcdir)/compat/sha2.h \
-          $(top_srcdir)/compat/stdbool.h
- 	$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(devdir)/toke.c
- toke_util.lo: $(srcdir)/toke_util.c $(devdir)/def_data.h $(devdir)/gram.h \
-diff -urN sudo-1.8.9p5.old/plugins/sudoers/match.c sudo-1.8.9p5/plugins/sudoers/match.c
---- sudo-1.8.9p5.old/plugins/sudoers/match.c	2014-01-07 19:08:54.000000000 +0100
-+++ sudo-1.8.9p5/plugins/sudoers/match.c	2014-04-10 15:21:59.050793404 +0200
[email protected]@ -88,7 +88,11 @@
- 
- #include "sudoers.h"
- #include "parse.h"
--#include "sha2.h"
-+#ifdef HAVE_SHA224UPDATE
-+# include <sha2.h>
-+#else
-+# include "compat/sha2.h"
-+#endif
- #include <gram.h>
- 
- static struct member_list empty = TAILQ_HEAD_INITIALIZER(empty);
[email protected]@ -562,8 +566,13 @@
-     const char *digest_name;
-     const unsigned int digest_len;
-     void (*init)(SHA2_CTX *);
-+#ifdef SHA2_VOID_PTR
-+    void (*update)(SHA2_CTX *, const void *, size_t);
-+    void (*final)(void *, SHA2_CTX *);
-+#else
-     void (*update)(SHA2_CTX *, const unsigned char *, size_t);
-     void (*final)(unsigned char *, SHA2_CTX *);
-+#endif
- } digest_functions[] = {
-     {
- 	"SHA224",
-diff -urN sudo-1.8.9p5.old/plugins/sudoers/regress/parser/check_digest.c sudo-1.8.9p5/plugins/sudoers/regress/parser/check_digest.c
---- sudo-1.8.9p5.old/plugins/sudoers/regress/parser/check_digest.c	2014-01-07 19:08:52.000000000 +0100
-+++ sudo-1.8.9p5/plugins/sudoers/regress/parser/check_digest.c	2014-04-10 15:20:34.462897872 +0200
[email protected]@ -39,9 +39,13 @@
- #elif defined(HAVE_INTTYPES_H)
- # include <inttypes.h>
- #endif
-+#ifdef HAVE_SHA224UPDATE
-+# include <sha2.h>
-+#else
-+# include "compat/sha2.h"
-+#endif
- 
- #include "missing.h"
--#include "sha2.h"
- 
- __dso_public int main(int argc, char *argv[]);
- 
[email protected]@ -49,8 +53,13 @@
-     const char *digest_name;
-     const int digest_len;
-     void (*init)(SHA2_CTX *);
-+#ifdef SHA2_VOID_PTR
-+    void (*update)(SHA2_CTX *, const void *, size_t);
-+    void (*final)(void *, SHA2_CTX *);
-+#else
-     void (*update)(SHA2_CTX *, const unsigned char *, size_t);
-     void (*final)(unsigned char *, SHA2_CTX *);
-+#endif
- } digest_functions[] = {
-     {
- 	"SHA224",
-diff -urN sudo-1.8.9p5.old/plugins/sudoers/regress/sudoers/test14.toke.ok sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test14.toke.ok
---- sudo-1.8.9p5.old/plugins/sudoers/regress/sudoers/test14.toke.ok	2014-01-07 19:08:52.000000000 +0100
-+++ sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test14.toke.ok	2014-04-10 15:20:34.463272107 +0200
[email protected]@ -1,4 +1,4 @@
--CMNDALIAS ALIAS = SHA224 : DIGEST COMMAND 
--CMNDALIAS ALIAS = SHA256 : DIGEST COMMAND 
-+CMNDALIAS ALIAS = SHA224_TOK : DIGEST COMMAND 
-+CMNDALIAS ALIAS = SHA256_TOK : DIGEST COMMAND 
- 
--WORD(5) ALL = ALIAS , ALIAS , SHA512 : DIGEST COMMAND 
-+WORD(5) ALL = ALIAS , ALIAS , SHA512_TOK : DIGEST COMMAND 
-diff -urN sudo-1.8.9p5.old/plugins/sudoers/sha2.c sudo-1.8.9p5/plugins/sudoers/sha2.c
---- sudo-1.8.9p5.old/plugins/sudoers/sha2.c	2014-01-07 19:08:54.000000000 +0100
-+++ sudo-1.8.9p5/plugins/sudoers/sha2.c	1970-01-01 01:00:00.000000000 +0100
[email protected]@ -1,526 +0,0 @@
--/*
-- * Copyright (c) 2013 Todd C. Miller <[email protected]>
-- *
-- * Permission to use, copy, modify, and distribute this software for any
-- * purpose with or without fee is hereby granted, provided that the above
-- * copyright notice and this permission notice appear in all copies.
-- *
-- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-- */
--
--/*
-- * Implementation of SHA-224, SHA-256, SHA-384 and SHA-512
-- * as per FIPS 180-4: Secure Hash Standard (SHS)
-- * http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
-- *
-- * Derived from the public domain SHA-1 and SHA-2 implementations
-- * by Steve Reid and Wei Dai respectively.
-- */
--
--#include <config.h>
--
--#include <stdio.h>
--#ifdef STDC_HEADERS
--# include <stdlib.h>
--# include <stddef.h>
--#else
--# ifdef HAVE_STDLIB_H
--#  include <stdlib.h>
--# endif
--#endif /* STDC_HEADERS */
--#ifdef HAVE_STRING_H
--# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
--#  include <memory.h>
--# endif
--# include <string.h>
--#endif /* HAVE_STRING_H */
--#ifdef HAVE_STRINGS_H
--# include <strings.h>
--#endif /* HAVE_STRINGS_H */
--#if defined(HAVE_STDINT_H)
--# include <stdint.h>
--#elif defined(HAVE_INTTYPES_H)
--# include <inttypes.h>
--#endif
--#if defined(HAVE_ENDIAN_H)
--# include <endian.h>
--#elif defined(HAVE_SYS_ENDIAN_H)
--# include <sys/endian.h>
--#elif defined(HAVE_MACHINE_ENDIAN_H)
--# include <machine/endian.h>
--#else
--# include "compat/endian.h"
--#endif
--
--#include "missing.h"
--#include "sha2.h"
--
--/*
-- * SHA-2 operates on 32-bit and 64-bit words in big endian byte order.
-- * The following macros convert between character arrays and big endian words.
-- */
--#define BE8TO32(x, y) do {				\
--	(x) = (((uint32_t)((y)[0] & 255) << 24) |	\
--	       ((uint32_t)((y)[1] & 255) << 16) |	\
--	       ((uint32_t)((y)[2] & 255) << 8)  |	\
--	       ((uint32_t)((y)[3] & 255)));		\
--} while (0)
--
--#define BE8TO64(x, y) do {				\
--	(x) = (((uint64_t)((y)[0] & 255) << 56) |	\
--	       ((uint64_t)((y)[1] & 255) << 48) |	\
--	       ((uint64_t)((y)[2] & 255) << 40) |	\
--	       ((uint64_t)((y)[3] & 255) << 32) |	\
--	       ((uint64_t)((y)[4] & 255) << 24) |	\
--	       ((uint64_t)((y)[5] & 255) << 16) |	\
--	       ((uint64_t)((y)[6] & 255) << 8)  |	\
--	       ((uint64_t)((y)[7] & 255)));		\
--} while (0)
--
--#define BE32TO8(x, y) do {			\
--	(x)[0] = (uint8_t)(((y) >> 24) & 255);	\
--	(x)[1] = (uint8_t)(((y) >> 16) & 255);	\
--	(x)[2] = (uint8_t)(((y) >> 8) & 255);	\
--	(x)[3] = (uint8_t)((y) & 255);		\
--} while (0)
--
--#define BE64TO8(x, y) do {			\
--	(x)[0] = (uint8_t)(((y) >> 56) & 255);	\
--	(x)[1] = (uint8_t)(((y) >> 48) & 255);	\
--	(x)[2] = (uint8_t)(((y) >> 40) & 255);	\
--	(x)[3] = (uint8_t)(((y) >> 32) & 255);	\
--	(x)[4] = (uint8_t)(((y) >> 24) & 255);	\
--	(x)[5] = (uint8_t)(((y) >> 16) & 255);	\
--	(x)[6] = (uint8_t)(((y) >> 8) & 255);	\
--	(x)[7] = (uint8_t)((y) & 255);		\
--} while (0)
--
--#define rotrFixed(x,y) (y ? ((x>>y) | (x<<(sizeof(x)*8-y))) : x)
--
--#define blk0(i) (W[i])
--#define blk2(i) (W[i&15]+=s1(W[(i-2)&15])+W[(i-7)&15]+s0(W[(i-15)&15]))
--
--#define Ch(x,y,z) (z^(x&(y^z)))
--#define Maj(x,y,z) (y^((x^y)&(y^z)))
--
--#define a(i) T[(0-i)&7]
--#define b(i) T[(1-i)&7]
--#define c(i) T[(2-i)&7]
--#define d(i) T[(3-i)&7]
--#define e(i) T[(4-i)&7]
--#define f(i) T[(5-i)&7]
--#define g(i) T[(6-i)&7]
--#define h(i) T[(7-i)&7]
--
--void
--SHA224Init(SHA2_CTX *ctx)
--{
--	memset(ctx, 0, sizeof(*ctx));
--	ctx->state.st32[0] = 0xc1059ed8UL;
--	ctx->state.st32[1] = 0x367cd507UL;
--	ctx->state.st32[2] = 0x3070dd17UL;
--	ctx->state.st32[3] = 0xf70e5939UL;
--	ctx->state.st32[4] = 0xffc00b31UL;
--	ctx->state.st32[5] = 0x68581511UL;
--	ctx->state.st32[6] = 0x64f98fa7UL;
--	ctx->state.st32[7] = 0xbefa4fa4UL;
--}
--
--void
--SHA224Transform(uint32_t state[8], const uint8_t buffer[SHA224_BLOCK_LENGTH])
--{
--	SHA256Transform(state, buffer);
--}
--
--void
--SHA224Update(SHA2_CTX *ctx, const uint8_t *data, size_t len)
--{
--	SHA256Update(ctx, data, len);
--}
--
--void
--SHA224Pad(SHA2_CTX *ctx)
--{
--	SHA256Pad(ctx);
--}
--
--void
--SHA224Final(uint8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *ctx)
--{
--	SHA256Pad(ctx);
--	if (digest != NULL) {
--#if BYTE_ORDER == BIG_ENDIAN
--		memcpy(digest, ctx->state.st32, SHA224_DIGEST_LENGTH);
--#else
--		unsigned int i;
--
--		for (i = 0; i < 7; i++)
--			BE32TO8(digest + (i * 4), ctx->state.st32[i]);
--#endif
--		memset(ctx, 0, sizeof(*ctx));
--	}
--}
--
--static const uint32_t SHA256_K[64] = {
--	0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
--	0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
--	0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
--	0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
--	0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
--	0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
--	0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
--	0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
--	0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
--	0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
--	0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
--	0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
--	0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
--	0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
--	0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
--	0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
--};
--
--void
--SHA256Init(SHA2_CTX *ctx)
--{
--	memset(ctx, 0, sizeof(*ctx));
--	ctx->state.st32[0] = 0x6a09e667UL;
--	ctx->state.st32[1] = 0xbb67ae85UL;
--	ctx->state.st32[2] = 0x3c6ef372UL;
--	ctx->state.st32[3] = 0xa54ff53aUL;
--	ctx->state.st32[4] = 0x510e527fUL;
--	ctx->state.st32[5] = 0x9b05688cUL;
--	ctx->state.st32[6] = 0x1f83d9abUL;
--	ctx->state.st32[7] = 0x5be0cd19UL;
--}
--
--/* Round macros for SHA256 */
--#define R(i) do {							     \
--	h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA256_K[i+j]+(j?blk2(i):blk0(i)); \
--	d(i)+=h(i);							     \
--	h(i)+=S0(a(i))+Maj(a(i),b(i),c(i));				     \
--} while (0)
--
--#define S0(x) (rotrFixed(x,2)^rotrFixed(x,13)^rotrFixed(x,22))
--#define S1(x) (rotrFixed(x,6)^rotrFixed(x,11)^rotrFixed(x,25))
--#define s0(x) (rotrFixed(x,7)^rotrFixed(x,18)^(x>>3))
--#define s1(x) (rotrFixed(x,17)^rotrFixed(x,19)^(x>>10))
--
--void
--SHA256Transform(uint32_t state[8], const uint8_t data[SHA256_BLOCK_LENGTH])
--{
--	uint32_t W[16];
--	uint32_t T[8];
--	unsigned int j;
--
--	/* Copy context state to working vars. */
--	memcpy(T, state, sizeof(T));
--	/* Copy data to W in big endian format. */
--#if BYTE_ORDER == BIG_ENDIAN
--	memcpy(W, data, sizeof(W));
--#else
--	for (j = 0; j < 16; j++) {
--	    BE8TO32(W[j], data);
--	    data += 4;
--	}
--#endif
--	/* 64 operations, partially loop unrolled. */
--	for (j = 0; j < 64; j += 16)
--	{
--		R( 0); R( 1); R( 2); R( 3);
--		R( 4); R( 5); R( 6); R( 7);
--		R( 8); R( 9); R(10); R(11);
--		R(12); R(13); R(14); R(15);
--	}
--	/* Add the working vars back into context state. */
--	state[0] += a(0);
--	state[1] += b(0);
--	state[2] += c(0);
--	state[3] += d(0);
--	state[4] += e(0);
--	state[5] += f(0);
--	state[6] += g(0);
--	state[7] += h(0);
--	/* Cleanup */
--	memset_s(T, sizeof(T), 0, sizeof(T));
--	memset_s(W, sizeof(W), 0, sizeof(W));
--}
--
--#undef S0
--#undef S1
--#undef s0
--#undef s1
--#undef R
--
--void
--SHA256Update(SHA2_CTX *ctx, const uint8_t *data, size_t len)
--{
--	size_t i = 0, j;
--
--	j = (size_t)((ctx->count[0] >> 3) & (SHA256_BLOCK_LENGTH - 1));
--	ctx->count[0] += (len << 3);
--	if ((j + len) > SHA256_BLOCK_LENGTH - 1) {
--		memcpy(&ctx->buffer[j], data, (i = SHA256_BLOCK_LENGTH - j));
--		SHA256Transform(ctx->state.st32, ctx->buffer);
--		for ( ; i + SHA256_BLOCK_LENGTH - 1 < len; i += SHA256_BLOCK_LENGTH)
--			SHA256Transform(ctx->state.st32, (uint8_t *)&data[i]);
--		j = 0;
--	}
--	memcpy(&ctx->buffer[j], &data[i], len - i);
--}
--
--void
--SHA256Pad(SHA2_CTX *ctx)
--{
--	uint8_t finalcount[8];
--
--	/* Store unpadded message length in bits in big endian format. */
--	BE64TO8(finalcount, ctx->count[0]);
--
--	/* Append a '1' bit (0x80) to the message. */
--	SHA256Update(ctx, (uint8_t *)"\200", 1);
--
--	/* Pad message such that the resulting length modulo 512 is 448. */
--	while ((ctx->count[0] & 504) != 448)
--		SHA256Update(ctx, (uint8_t *)"\0", 1);
--
--	/* Append length of message in bits and do final SHA256Transform(). */
--	SHA256Update(ctx, finalcount, sizeof(finalcount));
--}
--
--void
--SHA256Final(uint8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *ctx)
--{
--	SHA256Pad(ctx);
--	if (digest != NULL) {
--#if BYTE_ORDER == BIG_ENDIAN
--		memcpy(digest, ctx->state.st32, SHA256_DIGEST_LENGTH);
--#else
--		unsigned int i;
--
--		for (i = 0; i < 8; i++)
--			BE32TO8(digest + (i * 4), ctx->state.st32[i]);
--#endif
--		memset(ctx, 0, sizeof(*ctx));
--	}
--}
--
--void
--SHA384Init(SHA2_CTX *ctx)
--{
--	memset(ctx, 0, sizeof(*ctx));
--	ctx->state.st64[0] = 0xcbbb9d5dc1059ed8ULL;
--	ctx->state.st64[1] = 0x629a292a367cd507ULL;
--	ctx->state.st64[2] = 0x9159015a3070dd17ULL;
--	ctx->state.st64[3] = 0x152fecd8f70e5939ULL;
--	ctx->state.st64[4] = 0x67332667ffc00b31ULL;
--	ctx->state.st64[5] = 0x8eb44a8768581511ULL;
--	ctx->state.st64[6] = 0xdb0c2e0d64f98fa7ULL;
--	ctx->state.st64[7] = 0x47b5481dbefa4fa4ULL;
--}
--
--void
--SHA384Transform(uint64_t state[8], const uint8_t data[SHA384_BLOCK_LENGTH])
--{
--	SHA512Transform(state, data);
--}
--
--void
--SHA384Update(SHA2_CTX *ctx, const uint8_t *data, size_t len)
--{
--	SHA512Update(ctx, data, len);
--}
--
--void
--SHA384Pad(SHA2_CTX *ctx)
--{
--	SHA512Pad(ctx);
--}
--
--void
--SHA384Final(uint8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *ctx)
--{
--	SHA384Pad(ctx);
--	if (digest != NULL) {
--#if BYTE_ORDER == BIG_ENDIAN
--		memcpy(digest, ctx->state.st64, SHA384_DIGEST_LENGTH);
--#else
--		unsigned int i;
--
--		for (i = 0; i < 6; i++)
--			BE64TO8(digest + (i * 8), ctx->state.st64[i]);
--#endif
--		memset(ctx, 0, sizeof(*ctx));
--	}
--}
--
--static const uint64_t SHA512_K[80] = {
--	0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
--	0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
--	0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
--	0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
--	0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
--	0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
--	0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
--	0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
--	0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
--	0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
--	0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
--	0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
--	0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
--	0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
--	0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
--	0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
--	0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
--	0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
--	0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
--	0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
--	0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
--	0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
--	0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
--	0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
--	0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
--	0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
--	0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
--	0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
--	0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
--	0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
--	0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
--	0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
--	0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
--	0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
--	0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
--	0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
--	0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
--	0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
--	0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
--	0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
--};
--
--void
--SHA512Init(SHA2_CTX *ctx)
--{
--	memset(ctx, 0, sizeof(*ctx));
--	ctx->state.st64[0] = 0x6a09e667f3bcc908ULL;
--	ctx->state.st64[1] = 0xbb67ae8584caa73bULL;
--	ctx->state.st64[2] = 0x3c6ef372fe94f82bULL;
--	ctx->state.st64[3] = 0xa54ff53a5f1d36f1ULL;
--	ctx->state.st64[4] = 0x510e527fade682d1ULL;
--	ctx->state.st64[5] = 0x9b05688c2b3e6c1fULL;
--	ctx->state.st64[6] = 0x1f83d9abfb41bd6bULL;
--	ctx->state.st64[7] = 0x5be0cd19137e2179ULL;
--}
--
--/* Round macros for SHA512 */
--#define R(i) do {							     \
--	h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA512_K[i+j]+(j?blk2(i):blk0(i)); \
--	d(i)+=h(i);							     \
--	h(i)+=S0(a(i))+Maj(a(i),b(i),c(i));				     \
--} while (0)
--
--#define S0(x) (rotrFixed(x,28)^rotrFixed(x,34)^rotrFixed(x,39))
--#define S1(x) (rotrFixed(x,14)^rotrFixed(x,18)^rotrFixed(x,41))
--#define s0(x) (rotrFixed(x,1)^rotrFixed(x,8)^(x>>7))
--#define s1(x) (rotrFixed(x,19)^rotrFixed(x,61)^(x>>6))
--
--void
--SHA512Transform(uint64_t state[8], const uint8_t data[SHA512_BLOCK_LENGTH])
--{
--	uint64_t W[16];
--	uint64_t T[8];
--	unsigned int j;
--
--	/* Copy context state to working vars. */
--	memcpy(T, state, sizeof(T));
--	/* Copy data to W in big endian format. */
--#if BYTE_ORDER == BIG_ENDIAN
--	memcpy(W, data, sizeof(W));
--#else
--	for (j = 0; j < 16; j++) {
--	    BE8TO64(W[j], data);
--	    data += 8;
--	}
--#endif
--	/* 80 operations, partially loop unrolled. */
--	for (j = 0; j < 80; j += 16)
--	{
--		R( 0); R( 1); R( 2); R( 3);
--		R( 4); R( 5); R( 6); R( 7);
--		R( 8); R( 9); R(10); R(11);
--		R(12); R(13); R(14); R(15);
--	}
--	/* Add the working vars back into context state. */
--	state[0] += a(0);
--	state[1] += b(0);
--	state[2] += c(0);
--	state[3] += d(0);
--	state[4] += e(0);
--	state[5] += f(0);
--	state[6] += g(0);
--	state[7] += h(0);
--	/* Cleanup. */
--	memset_s(T, sizeof(T), 0, sizeof(T));
--	memset_s(W, sizeof(W), 0, sizeof(W));
--}
--
--void
--SHA512Update(SHA2_CTX *ctx, const uint8_t *data, size_t len)
--{
--	size_t i = 0, j;
--
--	j = (size_t)((ctx->count[0] >> 3) & (SHA512_BLOCK_LENGTH - 1));
--	ctx->count[0] += (len << 3);
--	if (ctx->count[0] < (len << 3))
--		ctx->count[1]++;
--	if ((j + len) > SHA512_BLOCK_LENGTH - 1) {
--		memcpy(&ctx->buffer[j], data, (i = SHA512_BLOCK_LENGTH - j));
--		SHA512Transform(ctx->state.st64, ctx->buffer);
--		for ( ; i + SHA512_BLOCK_LENGTH - 1 < len; i += SHA512_BLOCK_LENGTH)
--			SHA512Transform(ctx->state.st64, (uint8_t *)&data[i]);
--		j = 0;
--	}
--	memcpy(&ctx->buffer[j], &data[i], len - i);
--}
--
--void
--SHA512Pad(SHA2_CTX *ctx)
--{
--	uint8_t finalcount[16];
--
--	/* Store unpadded message length in bits in big endian format. */
--	BE64TO8(finalcount, ctx->count[1]);
--	BE64TO8(finalcount + 8, ctx->count[0]);
--
--	/* Append a '1' bit (0x80) to the message. */
--	SHA512Update(ctx, (uint8_t *)"\200", 1);
--
--	/* Pad message such that the resulting length modulo 1024 is 896. */
--	while ((ctx->count[0] & 1008) != 896)
--		SHA512Update(ctx, (uint8_t *)"\0", 1);
--
--	/* Append length of message in bits and do final SHA512Transform(). */
--	SHA512Update(ctx, finalcount, sizeof(finalcount));
--}
--
--void
--SHA512Final(uint8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *ctx)
--{
--	SHA512Pad(ctx);
--	if (digest != NULL) {
--#if BYTE_ORDER == BIG_ENDIAN
--		memcpy(digest, ctx->state.st64, SHA512_DIGEST_LENGTH);
--#else
--		unsigned int i;
--
--		for (i = 0; i < 8; i++)
--			BE64TO8(digest + (i * 8), ctx->state.st64[i]);
--#endif
--		memset(ctx, 0, sizeof(*ctx));
--	}
--}
-diff -urN sudo-1.8.9p5.old/plugins/sudoers/sha2.h sudo-1.8.9p5/plugins/sudoers/sha2.h
---- sudo-1.8.9p5.old/plugins/sudoers/sha2.h	2014-01-07 19:08:54.000000000 +0100
-+++ sudo-1.8.9p5/plugins/sudoers/sha2.h	1970-01-01 01:00:00.000000000 +0100
[email protected]@ -1,74 +0,0 @@
--/*
-- * Copyright (c) 2013 Todd C. Miller <[email protected]>
-- *
-- * Permission to use, copy, modify, and distribute this software for any
-- * purpose with or without fee is hereby granted, provided that the above
-- * copyright notice and this permission notice appear in all copies.
-- *
-- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-- */
--
--/*
-- * Derived from the public domain SHA-1 and SHA-2 implementations
-- * by Steve Reid and Wei Dai respectively.
-- */
--
--#ifndef _SUDOERS_SHA2_H
--#define _SUDOERS_SHA2_H
--
--#define	SHA224_BLOCK_LENGTH		64
--#define	SHA224_DIGEST_LENGTH		28
--#define	SHA224_DIGEST_STRING_LENGTH	(SHA224_DIGEST_LENGTH * 2 + 1)
--
--#define	SHA256_BLOCK_LENGTH		64
--#define	SHA256_DIGEST_LENGTH		32
--#define	SHA256_DIGEST_STRING_LENGTH	(SHA256_DIGEST_LENGTH * 2 + 1)
--
--#define	SHA384_BLOCK_LENGTH		128
--#define	SHA384_DIGEST_LENGTH		48
--#define	SHA384_DIGEST_STRING_LENGTH	(SHA384_DIGEST_LENGTH * 2 + 1)
--
--#define	SHA512_BLOCK_LENGTH		128
--#define	SHA512_DIGEST_LENGTH		64
--#define	SHA512_DIGEST_STRING_LENGTH	(SHA512_DIGEST_LENGTH * 2 + 1)
--
--typedef struct {
--    union {
--	uint32_t st32[8];	/* sha224 and sha256 */
--	uint64_t st64[8];	/* sha384 and sha512 */
--    } state;
--    uint64_t count[2];
--    uint8_t buffer[SHA512_BLOCK_LENGTH];
--} SHA2_CTX;
--
--void SHA224Init(SHA2_CTX *ctx);
--void SHA224Pad(SHA2_CTX *ctx);
--void SHA224Transform(uint32_t state[8], const uint8_t buffer[SHA224_BLOCK_LENGTH]);
--void SHA224Update(SHA2_CTX *ctx, const uint8_t *data, size_t len);
--void SHA224Final(uint8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *ctx);
--
--void SHA256Init(SHA2_CTX *ctx);
--void SHA256Pad(SHA2_CTX *ctx);
--void SHA256Transform(uint32_t state[8], const uint8_t buffer[SHA256_BLOCK_LENGTH]);
--void SHA256Update(SHA2_CTX *ctx, const uint8_t *data, size_t len);
--void SHA256Final(uint8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *ctx);
--
--void SHA384Init(SHA2_CTX *ctx);
--void SHA384Pad(SHA2_CTX *ctx);
--void SHA384Transform(uint64_t state[8], const uint8_t buffer[SHA384_BLOCK_LENGTH]);
--void SHA384Update(SHA2_CTX *ctx, const uint8_t *data, size_t len);
--void SHA384Final(uint8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *ctx);
--
--void SHA512Init(SHA2_CTX *ctx);
--void SHA512Pad(SHA2_CTX *ctx);
--void SHA512Transform(uint64_t state[8], const uint8_t buffer[SHA512_BLOCK_LENGTH]);
--void SHA512Update(SHA2_CTX *ctx, const uint8_t *data, size_t len);
--void SHA512Final(uint8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *ctx);
--
--#endif /* _SUDOERS_SHA2_H */
-diff -urN sudo-1.8.9p5.old/plugins/sudoers/toke.c sudo-1.8.9p5/plugins/sudoers/toke.c
---- sudo-1.8.9p5.old/plugins/sudoers/toke.c	2014-01-07 19:08:50.000000000 +0100
-+++ sudo-1.8.9p5/plugins/sudoers/toke.c	2014-04-10 15:20:34.466936711 +0200
[email protected]@ -1997,6 +1997,11 @@
- #  include <ndir.h>
- # endif
- #endif
-+#ifdef HAVE_SHA224UPDATE
-+# include <sha2.h>
-+#else
-+# include "compat/sha2.h"
-+#endif
- #include <errno.h>
- #include <ctype.h>
- #include "sudoers.h"
[email protected]@ -2004,7 +2009,6 @@
- #include "toke.h"
- #include <gram.h>
- #include "lbuf.h"
--#include "sha2.h"
- #include "secure_path.h"
- 
- int sudolineno;			/* current sudoers line number. */
[email protected]@ -2050,7 +2054,7 @@
- 
- #define WANTDIGEST 6
- 
--#line 2053 "lex.sudoers.c"
-+#line 2057 "lex.sudoers.c"
- 
- /* Macros after this point can all be overridden by user definitions in
-  * section 1.
[email protected]@ -2204,9 +2208,9 @@
- 	register char *yy_cp, *yy_bp;
- 	register int yy_act;
- 
--#line 137 "toke.l"
-+#line 141 "toke.l"
- 
--#line 2209 "lex.sudoers.c"
-+#line 2213 "lex.sudoers.c"
- 
- 	if ( yy_init )
- 		{
[email protected]@ -2292,7 +2296,7 @@
- 
- case 1:
- YY_RULE_SETUP
--#line 138 "toke.l"
-+#line 142 "toke.l"
- {
- 			    LEXTRACE(", ");
- 			    LEXRETURN(',');
[email protected]@ -2300,12 +2304,12 @@
- 	YY_BREAK
- case 2:
- YY_RULE_SETUP
--#line 143 "toke.l"
-+#line 147 "toke.l"
- BEGIN STARTDEFS;
- 	YY_BREAK
- case 3:
- YY_RULE_SETUP
--#line 145 "toke.l"
-+#line 149 "toke.l"
- {
- 			    BEGIN INDEFS;
- 			    LEXTRACE("DEFVAR ");
[email protected]@ -2317,7 +2321,7 @@
- 
- case 4:
- YY_RULE_SETUP
--#line 154 "toke.l"
-+#line 158 "toke.l"
- {
- 			    BEGIN STARTDEFS;
- 			    LEXTRACE(", ");
[email protected]@ -2326,7 +2330,7 @@
- 	YY_BREAK
- case 5:
- YY_RULE_SETUP
--#line 160 "toke.l"
-+#line 164 "toke.l"
- {
- 			    LEXTRACE("= ");
- 			    LEXRETURN('=');
[email protected]@ -2334,7 +2338,7 @@
- 	YY_BREAK
- case 6:
- YY_RULE_SETUP
--#line 165 "toke.l"
-+#line 169 "toke.l"
- {
- 			    LEXTRACE("+= ");
- 			    LEXRETURN('+');
[email protected]@ -2342,7 +2346,7 @@
- 	YY_BREAK
- case 7:
- YY_RULE_SETUP
--#line 170 "toke.l"
-+#line 174 "toke.l"
- {
- 			    LEXTRACE("-= ");
- 			    LEXRETURN('-');
[email protected]@ -2350,7 +2354,7 @@
- 	YY_BREAK
- case 8:
- YY_RULE_SETUP
--#line 175 "toke.l"
-+#line 179 "toke.l"
- {
- 			    LEXTRACE("BEGINSTR ");
- 			    sudoerslval.string = NULL;
[email protected]@ -2360,7 +2364,7 @@
- 	YY_BREAK
- case 9:
- YY_RULE_SETUP
--#line 182 "toke.l"
-+#line 186 "toke.l"
- {
- 			    LEXTRACE("WORD(2) ");
- 			    if (!fill(sudoerstext, sudoersleng))
[email protected]@ -2372,7 +2376,7 @@
- 
- case 10:
- YY_RULE_SETUP
--#line 191 "toke.l"
-+#line 195 "toke.l"
- {
- 			    /* Line continuation char followed by newline. */
- 			    sudolineno++;
[email protected]@ -2381,7 +2385,7 @@
- 	YY_BREAK
- case 11:
- YY_RULE_SETUP
--#line 197 "toke.l"
-+#line 201 "toke.l"
- {
- 			    LEXTRACE("ENDSTR ");
- 			    BEGIN prev_state;
[email protected]@ -2416,7 +2420,7 @@
- 	YY_BREAK
- case 12:
- YY_RULE_SETUP
--#line 229 "toke.l"
-+#line 233 "toke.l"
- {
- 			    LEXTRACE("BACKSLASH ");
- 			    if (!append(sudoerstext, sudoersleng))
[email protected]@ -2425,7 +2429,7 @@
- 	YY_BREAK
- case 13:
- YY_RULE_SETUP
--#line 235 "toke.l"
-+#line 239 "toke.l"
- {
- 			    LEXTRACE("STRBODY ");
- 			    if (!append(sudoerstext, sudoersleng))
[email protected]@ -2436,7 +2440,7 @@
- 
- case 14:
- YY_RULE_SETUP
--#line 243 "toke.l"
-+#line 247 "toke.l"
- {
- 			    /* quoted fnmatch glob char, pass verbatim */
- 			    LEXTRACE("QUOTEDCHAR ");
[email protected]@ -2447,7 +2451,7 @@
- 	YY_BREAK
- case 15:
- YY_RULE_SETUP
--#line 251 "toke.l"
-+#line 255 "toke.l"
- {
- 			    /* quoted sudoers special char, strip backslash */
- 			    LEXTRACE("QUOTEDCHAR ");
[email protected]@ -2458,7 +2462,7 @@
- 	YY_BREAK
- case 16:
- YY_RULE_SETUP
--#line 259 "toke.l"
-+#line 263 "toke.l"
- {
- 			    BEGIN INITIAL;
- 			    yyless(0);
[email protected]@ -2467,7 +2471,7 @@
- 	YY_BREAK
- case 17:
- YY_RULE_SETUP
--#line 265 "toke.l"
-+#line 269 "toke.l"
- {
- 			    LEXTRACE("ARG ");
- 			    if (!fill_args(sudoerstext, sudoersleng, sawspace))
[email protected]@ -2478,7 +2482,7 @@
- 
- case 18:
- YY_RULE_SETUP
--#line 273 "toke.l"
-+#line 277 "toke.l"
- {
- 			    /* Only return DIGEST if the length is correct. */
- 			    if (sudoersleng == digest_len * 2) {
[email protected]@ -2494,7 +2498,7 @@
- 	YY_BREAK
- case 19:
- YY_RULE_SETUP
--#line 286 "toke.l"
-+#line 290 "toke.l"
- {
- 			    /* Only return DIGEST if the length is correct. */
- 			    int len;
[email protected]@ -2518,7 +2522,7 @@
- 	YY_BREAK
- case 20:
- YY_RULE_SETUP
--#line 307 "toke.l"
-+#line 311 "toke.l"
- {
- 			    char *path;
- 
[email protected]@ -2539,7 +2543,7 @@
- 	YY_BREAK
- case 21:
- YY_RULE_SETUP
--#line 325 "toke.l"
-+#line 329 "toke.l"
- {
- 			    char *path;
- 
[email protected]@ -2563,7 +2567,7 @@
- 	YY_BREAK
- case 22:
- YY_RULE_SETUP
--#line 346 "toke.l"
-+#line 350 "toke.l"
- {
- 			    char deftype;
- 			    int n;
[email protected]@ -2606,7 +2610,7 @@
- 	YY_BREAK
- case 23:
- YY_RULE_SETUP
--#line 386 "toke.l"
-+#line 390 "toke.l"
- {
- 			    int n;
- 
[email protected]@ -2635,7 +2639,7 @@
- 	YY_BREAK
- case 24:
- YY_RULE_SETUP
--#line 412 "toke.l"
-+#line 416 "toke.l"
- {
- 				/* cmnd does not require passwd for this user */
- 			    	LEXTRACE("NOPASSWD ");
[email protected]@ -2644,7 +2648,7 @@
- 	YY_BREAK
- case 25:
- YY_RULE_SETUP
--#line 418 "toke.l"
-+#line 422 "toke.l"
- {
- 				/* cmnd requires passwd for this user */
- 			    	LEXTRACE("PASSWD ");
[email protected]@ -2653,7 +2657,7 @@
- 	YY_BREAK
- case 26:
- YY_RULE_SETUP
--#line 424 "toke.l"
-+#line 428 "toke.l"
- {
- 			    	LEXTRACE("NOEXEC ");
- 			    	LEXRETURN(NOEXEC);
[email protected]@ -2661,7 +2665,7 @@
- 	YY_BREAK
- case 27:
- YY_RULE_SETUP
--#line 429 "toke.l"
-+#line 433 "toke.l"
- {
- 			    	LEXTRACE("EXEC ");
- 			    	LEXRETURN(EXEC);
[email protected]@ -2669,7 +2673,7 @@
- 	YY_BREAK
- case 28:
- YY_RULE_SETUP
--#line 434 "toke.l"
-+#line 438 "toke.l"
- {
- 			    	LEXTRACE("SETENV ");
- 			    	LEXRETURN(SETENV);
[email protected]@ -2677,7 +2681,7 @@
- 	YY_BREAK
- case 29:
- YY_RULE_SETUP
--#line 439 "toke.l"
-+#line 443 "toke.l"
- {
- 			    	LEXTRACE("NOSETENV ");
- 			    	LEXRETURN(NOSETENV);
[email protected]@ -2685,7 +2689,7 @@
- 	YY_BREAK
- case 30:
- YY_RULE_SETUP
--#line 444 "toke.l"
-+#line 448 "toke.l"
- {
- 			    	LEXTRACE("LOG_OUTPUT ");
- 			    	LEXRETURN(LOG_OUTPUT);
[email protected]@ -2693,7 +2697,7 @@
- 	YY_BREAK
- case 31:
- YY_RULE_SETUP
--#line 449 "toke.l"
-+#line 453 "toke.l"
- {
- 			    	LEXTRACE("NOLOG_OUTPUT ");
- 			    	LEXRETURN(NOLOG_OUTPUT);
[email protected]@ -2701,7 +2705,7 @@
- 	YY_BREAK
- case 32:
- YY_RULE_SETUP
--#line 454 "toke.l"
-+#line 458 "toke.l"
- {
- 			    	LEXTRACE("LOG_INPUT ");
- 			    	LEXRETURN(LOG_INPUT);
[email protected]@ -2709,7 +2713,7 @@
- 	YY_BREAK
- case 33:
- YY_RULE_SETUP
--#line 459 "toke.l"
-+#line 463 "toke.l"
- {
- 			    	LEXTRACE("NOLOG_INPUT ");
- 			    	LEXRETURN(NOLOG_INPUT);
[email protected]@ -2717,7 +2721,7 @@
- 	YY_BREAK
- case 34:
- YY_RULE_SETUP
--#line 464 "toke.l"
-+#line 468 "toke.l"
- {
- 			    /* empty group or netgroup */
- 			    LEXTRACE("ERROR ");
[email protected]@ -2726,7 +2730,7 @@
- 	YY_BREAK
- case 35:
- YY_RULE_SETUP
--#line 470 "toke.l"
-+#line 474 "toke.l"
- {
- 			    /* netgroup */
- 			    if (!fill(sudoerstext, sudoersleng))
[email protected]@ -2737,7 +2741,7 @@
- 	YY_BREAK
- case 36:
- YY_RULE_SETUP
--#line 478 "toke.l"
-+#line 482 "toke.l"
- {
- 			    /* group */
- 			    if (!fill(sudoerstext, sudoersleng))
[email protected]@ -2748,7 +2752,7 @@
- 	YY_BREAK
- case 37:
- YY_RULE_SETUP
--#line 486 "toke.l"
-+#line 490 "toke.l"
- {
- 			    if (!fill(sudoerstext, sudoersleng))
- 				yyterminate();
[email protected]@ -2758,7 +2762,7 @@
- 	YY_BREAK
- case 38:
- YY_RULE_SETUP
--#line 493 "toke.l"
-+#line 497 "toke.l"
- {
- 			    if (!fill(sudoerstext, sudoersleng))
- 				yyterminate();
[email protected]@ -2768,7 +2772,7 @@
- 	YY_BREAK
- case 39:
- YY_RULE_SETUP
--#line 500 "toke.l"
-+#line 504 "toke.l"
- {
- 			    if (!ipv6_valid(sudoerstext)) {
- 				LEXTRACE("ERROR ");
[email protected]@ -2782,7 +2786,7 @@
- 	YY_BREAK
- case 40:
- YY_RULE_SETUP
--#line 511 "toke.l"
-+#line 515 "toke.l"
- {
- 			    if (!ipv6_valid(sudoerstext)) {
- 				LEXTRACE("ERROR ");
[email protected]@ -2796,7 +2800,7 @@
- 	YY_BREAK
- case 41:
- YY_RULE_SETUP
--#line 522 "toke.l"
-+#line 526 "toke.l"
- {
- 			    LEXTRACE("ALL ");
- 			    LEXRETURN(ALL);
[email protected]@ -2805,7 +2809,7 @@
- 	YY_BREAK
- case 42:
- YY_RULE_SETUP
--#line 528 "toke.l"
-+#line 532 "toke.l"
- {
- #ifdef HAVE_SELINUX
- 			    LEXTRACE("ROLE ");
[email protected]@ -2817,7 +2821,7 @@
- 	YY_BREAK
- case 43:
- YY_RULE_SETUP
--#line 537 "toke.l"
-+#line 541 "toke.l"
- {
- #ifdef HAVE_SELINUX
- 			    LEXTRACE("TYPE ");
[email protected]@ -2829,7 +2833,7 @@
- 	YY_BREAK
- case 44:
- YY_RULE_SETUP
--#line 545 "toke.l"
-+#line 549 "toke.l"
- {
- #ifdef HAVE_PRIV_SET
- 			    LEXTRACE("PRIVS ");
[email protected]@ -2841,7 +2845,7 @@
- 	YY_BREAK
- case 45:
- YY_RULE_SETUP
--#line 554 "toke.l"
-+#line 558 "toke.l"
- {
- #ifdef HAVE_PRIV_SET
- 			    LEXTRACE("LIMITPRIVS ");
[email protected]@ -2853,7 +2857,7 @@
- 	YY_BREAK
- case 46:
- YY_RULE_SETUP
--#line 563 "toke.l"
-+#line 567 "toke.l"
- {
- 			got_alias:
- 			    if (!fill(sudoerstext, sudoersleng))
[email protected]@ -2864,7 +2868,7 @@
- 	YY_BREAK
- case 47:
- YY_RULE_SETUP
--#line 571 "toke.l"
-+#line 575 "toke.l"
- {
- 			    /* XXX - no way to specify digest for command */
- 			    /* no command args allowed for Defaults!/path */
[email protected]@ -2876,47 +2880,47 @@
- 	YY_BREAK
- case 48:
- YY_RULE_SETUP
--#line 580 "toke.l"
-+#line 584 "toke.l"
- {
- 			    digest_len = SHA224_DIGEST_LENGTH;
- 			    BEGIN WANTDIGEST;
--			    LEXTRACE("SHA224 ");
--			    LEXRETURN(SHA224);
-+			    LEXTRACE("SHA224_TOK ");
-+			    LEXRETURN(SHA224_TOK);
- 			}
- 	YY_BREAK
- case 49:
- YY_RULE_SETUP
--#line 587 "toke.l"
-+#line 591 "toke.l"
- {
- 			    digest_len = SHA256_DIGEST_LENGTH;
- 			    BEGIN WANTDIGEST;
--			    LEXTRACE("SHA256 ");
--			    LEXRETURN(SHA256);
-+			    LEXTRACE("SHA256_TOK ");
-+			    LEXRETURN(SHA256_TOK);
- 			}
- 	YY_BREAK
- case 50:
- YY_RULE_SETUP
--#line 594 "toke.l"
-+#line 598 "toke.l"
- {
- 			    digest_len = SHA384_DIGEST_LENGTH;
- 			    BEGIN WANTDIGEST;
--			    LEXTRACE("SHA384 ");
--			    LEXRETURN(SHA384);
-+			    LEXTRACE("SHA384_TOK ");
-+			    LEXRETURN(SHA384_TOK);
- 			}
- 	YY_BREAK
- case 51:
- YY_RULE_SETUP
--#line 601 "toke.l"
-+#line 605 "toke.l"
- {
- 			    digest_len = SHA512_DIGEST_LENGTH;
- 			    BEGIN WANTDIGEST;
--			    LEXTRACE("SHA512 ");
--			    LEXRETURN(SHA512);
-+			    LEXTRACE("SHA512_TOK ");
-+			    LEXRETURN(SHA512_TOK);
- 			}
- 	YY_BREAK
- case 52:
- YY_RULE_SETUP
--#line 608 "toke.l"
-+#line 612 "toke.l"
- {
- 			    BEGIN GOTCMND;
- 			    LEXTRACE("COMMAND ");
[email protected]@ -2926,7 +2930,7 @@
- 	YY_BREAK
- case 53:
- YY_RULE_SETUP
--#line 615 "toke.l"
-+#line 619 "toke.l"
- {
- 			    /* directories can't have args... */
- 			    if (sudoerstext[sudoersleng - 1] == '/') {
[email protected]@ -2944,7 +2948,7 @@
- 	YY_BREAK
- case 54:
- YY_RULE_SETUP
--#line 630 "toke.l"
-+#line 634 "toke.l"
- {
- 			    LEXTRACE("BEGINSTR ");
- 			    sudoerslval.string = NULL;
[email protected]@ -2954,7 +2958,7 @@
- 	YY_BREAK
- case 55:
- YY_RULE_SETUP
--#line 637 "toke.l"
-+#line 641 "toke.l"
- {
- 			    /* a word */
- 			    if (!fill(sudoerstext, sudoersleng))
[email protected]@ -2965,7 +2969,7 @@
- 	YY_BREAK
- case 56:
- YY_RULE_SETUP
--#line 645 "toke.l"
-+#line 649 "toke.l"
- {
- 			    LEXTRACE("( ");
- 			    LEXRETURN('(');
[email protected]@ -2973,7 +2977,7 @@
- 	YY_BREAK
- case 57:
- YY_RULE_SETUP
--#line 650 "toke.l"
-+#line 654 "toke.l"
- {
- 			    LEXTRACE(") ");
- 			    LEXRETURN(')');
[email protected]@ -2981,7 +2985,7 @@
- 	YY_BREAK
- case 58:
- YY_RULE_SETUP
--#line 655 "toke.l"
-+#line 659 "toke.l"
- {
- 			    LEXTRACE(", ");
- 			    LEXRETURN(',');
[email protected]@ -2989,7 +2993,7 @@
- 	YY_BREAK
- case 59:
- YY_RULE_SETUP
--#line 660 "toke.l"
-+#line 664 "toke.l"
- {
- 			    LEXTRACE("= ");
- 			    LEXRETURN('=');
[email protected]@ -2997,7 +3001,7 @@
- 	YY_BREAK
- case 60:
- YY_RULE_SETUP
--#line 665 "toke.l"
-+#line 669 "toke.l"
- {
- 			    LEXTRACE(": ");
- 			    LEXRETURN(':');
[email protected]@ -3005,7 +3009,7 @@
- 	YY_BREAK
- case 61:
- YY_RULE_SETUP
--#line 670 "toke.l"
-+#line 674 "toke.l"
- {
- 			    if (sudoersleng & 1) {
- 				LEXTRACE("!");
[email protected]@ -3015,7 +3019,7 @@
- 	YY_BREAK
- case 62:
- YY_RULE_SETUP
--#line 677 "toke.l"
-+#line 681 "toke.l"
- {
- 			    if (YY_START == INSTR) {
- 				LEXTRACE("ERROR ");
[email protected]@ -3030,14 +3034,14 @@
- 	YY_BREAK
- case 63:
- YY_RULE_SETUP
--#line 689 "toke.l"
-+#line 693 "toke.l"
- {			/* throw away space/tabs */
- 			    sawspace = true;	/* but remember for fill_args */
- 			}
- 	YY_BREAK
- case 64:
- YY_RULE_SETUP
--#line 693 "toke.l"
-+#line 697 "toke.l"
- {
- 			    sawspace = true;	/* remember for fill_args */
- 			    sudolineno++;
[email protected]@ -3046,7 +3050,7 @@
- 	YY_BREAK
- case 65:
- YY_RULE_SETUP
--#line 699 "toke.l"
-+#line 703 "toke.l"
- {
- 			    if (sudoerstext[sudoersleng - 1] == '\n') {
- 				/* comment ending in a newline */
[email protected]@ -3063,7 +3067,7 @@
- 	YY_BREAK
- case 66:
- YY_RULE_SETUP
--#line 713 "toke.l"
-+#line 717 "toke.l"
- {
- 			    LEXTRACE("ERROR ");
- 			    LEXRETURN(ERROR);
[email protected]@ -3076,7 +3080,7 @@
- case YY_STATE_EOF(INDEFS):
- case YY_STATE_EOF(INSTR):
- case YY_STATE_EOF(WANTDIGEST):
--#line 718 "toke.l"
-+#line 722 "toke.l"
- {
- 			    if (YY_START != INITIAL) {
- 			    	BEGIN INITIAL;
[email protected]@ -3089,10 +3093,10 @@
- 	YY_BREAK
- case 67:
- YY_RULE_SETUP
--#line 728 "toke.l"
-+#line 732 "toke.l"
- ECHO;
- 	YY_BREAK
--#line 3095 "lex.sudoers.c"
-+#line 3099 "lex.sudoers.c"
- 
- 	case YY_END_OF_BUFFER:
- 		{
[email protected]@ -3983,7 +3987,7 @@
- 	return 0;
- 	}
- #endif
--#line 728 "toke.l"
-+#line 732 "toke.l"
- 
- struct path_list {
-     SLIST_ENTRY(path_list) entries;
-diff -urN sudo-1.8.9p5.old/plugins/sudoers/toke.l sudo-1.8.9p5/plugins/sudoers/toke.l
---- sudo-1.8.9p5.old/plugins/sudoers/toke.l	2014-01-07 19:08:50.000000000 +0100
-+++ sudo-1.8.9p5/plugins/sudoers/toke.l	2014-04-10 15:20:34.467610395 +0200
[email protected]@ -69,6 +69,11 @@
- #  include <ndir.h>
- # endif
- #endif
-+#ifdef HAVE_SHA224UPDATE
-+# include <sha2.h>
-+#else
-+# include "compat/sha2.h"
-+#endif
- #include <errno.h>
- #include <ctype.h>
- #include "sudoers.h"
[email protected]@ -76,7 +81,6 @@
- #include "toke.h"
- #include <gram.h>
- #include "lbuf.h"
--#include "sha2.h"
- #include "secure_path.h"
- 
- int sudolineno;			/* current sudoers line number. */
[email protected]@ -580,29 +584,29 @@
- sha224			{
- 			    digest_len = SHA224_DIGEST_LENGTH;
- 			    BEGIN WANTDIGEST;
--			    LEXTRACE("SHA224 ");
--			    LEXRETURN(SHA224);
-+			    LEXTRACE("SHA224_TOK ");
-+			    LEXRETURN(SHA224_TOK);
- 			}
- 
- sha256			{
- 			    digest_len = SHA256_DIGEST_LENGTH;
- 			    BEGIN WANTDIGEST;
--			    LEXTRACE("SHA256 ");
--			    LEXRETURN(SHA256);
-+			    LEXTRACE("SHA256_TOK ");
-+			    LEXRETURN(SHA256_TOK);
- 			}
- 
- sha384			{
- 			    digest_len = SHA384_DIGEST_LENGTH;
- 			    BEGIN WANTDIGEST;
--			    LEXTRACE("SHA384 ");
--			    LEXRETURN(SHA384);
-+			    LEXTRACE("SHA384_TOK ");
-+			    LEXRETURN(SHA384_TOK);
- 			}
- 
- sha512			{
- 			    digest_len = SHA512_DIGEST_LENGTH;
- 			    BEGIN WANTDIGEST;
--			    LEXTRACE("SHA512 ");
--			    LEXRETURN(SHA512);
-+			    LEXTRACE("SHA512_TOK ");
-+			    LEXRETURN(SHA512_TOK);
- 			}
- 
- sudoedit		{

--- a/components/sudo/patches/05-normalize-man-pages.patch	Wed Feb 24 22:20:45 2016 -0800
+++ b/components/sudo/patches/05-normalize-man-pages.patch	Mon Feb 15 08:11:32 2016 -0800
@@ -7,9 +7,9 @@
 all versions of Solaris. Until then, we are just using this Solaris 12
 specific patch.
 
---- sudo-1.8.9p5/configure.ac.orig	2015-10-20 07:25:44.363830767 -0700
-+++ sudo-1.8.9p5/configure.ac	2015-10-20 07:26:11.354071075 -0700
[email protected]@ -1640,8 +1640,8 @@
+--- sudo-1.8.15/configure.ac.orig	Wed Feb 17 02:36:28 2016
++++ sudo-1.8.15/configure.ac	Wed Feb 17 02:36:50 2016
[email protected]@ -1699,8 +1699,8 @@
  		if test "$with_AFS" = "yes"; then
  		    AFS_LIBS="-lc -lucb"
  		fi
@@ -18,5 +18,5 @@
 +		: ${mansectsu='8'}
 +		: ${mansectform='5'}
  		test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
- 		AC_CHECK_FUNCS(priv_set, [PSMAN=1])
+ 		AC_CHECK_FUNCS([priv_set], [PSMAN=1])
  		;;

--- a/components/sudo/sudo.license	Wed Feb 24 22:20:45 2016 -0800
+++ b/components/sudo/sudo.license	Mon Feb 15 08:11:32 2016 -0800
@@ -1,10 +1,6 @@
-
-Copyright (c) 2009 Christian S.J. Peron
-Copyright (C) 1995-2012 Jean-loup Gailly and Mark Adler
-
 Sudo is distributed under the following license:
 
-   Copyright (c) 1994-1996, 1998-2014
+   Copyright (c) 1994-1996, 1998-2015
         Todd C. Miller <[email protected]>
 
    Permission to use, copy, modify, and distribute this software for any
@@ -23,9 +19,6 @@
    Agency (DARPA) and Air Force Research Laboratory, Air Force
    Materiel Command, USAF, under agreement number F39502-99-1-0512.
 
-
-
-
 The file redblack.c bears the following license:
 
    Copyright (c) 2001 Emin Martinian
@@ -48,10 +41,24 @@
    (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
    OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-
+The file reallocarray.c bears the following license:
 
+   Copyright (c) 2008 Otto Moerbeek <[email protected]>
+  
+   Permission to use, copy, modify, and distribute this software for any
+   purpose with or without fee is hereby granted, provided that the above
+   copyright notice and this permission notice appear in all copies.
+  
+   THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+   WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+   MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+   ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-The files include/queue.h, getcwd.c, glob.c, glob.h and snprintf.c bear the following license:
+The files getcwd.c, glob.c, glob.h, snprintf.c and sudo_queue.h bear the
+following license:
 
    Copyright (c) 1989, 1990, 1991, 1993
         The Regents of the University of California.  All rights reserved.
@@ -80,9 +87,6 @@
    OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
    SUCH DAMAGE.
 
-
-
-
 The file fnmatch.c bears the following license:
 
    Copyright (c) 2011, VMware, Inc.
@@ -110,12 +114,58 @@
    (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
    THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+The file getopt_long.c bears the following license:
 
+/*-
+ * Copyright (c) 2000 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Dieter Baron and Thomas Klausner.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
 
+The file inet_pton.c bears the following license:
+
+/* Copyright (c) 1996 by Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
 
 The embedded copy of zlib bears the following license:
 
-  Copyright (C) 1995-2010 Jean-loup Gailly and Mark Adler
+  Copyright (C) 1995-2013 Jean-loup Gailly and Mark Adler
 
   This software is provided 'as-is', without any express or implied
   warranty.  In no event will the authors be held liable for any damages
@@ -137,46 +187,10 @@
   [email protected]          [email protected]
 
 
-
-
-The files compat/getopt.h, compat/getopt_long.c have the following license:
-
-Copyright (c) 2000 The NetBSD Foundation, Inc.
-All rights reserved.
-
-This code is derived from software contributed to The NetBSD Foundation
-by Dieter Baron and Thomas Klausner.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
-``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
-BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGE.
-
-
-
-
-The file m4/ax_func_getaddrinfo.m4:
+The file m4/ax_func_getaddrinfo.m4
 Placed in the public domain by Todd C. Miller on November 20, 2013.
 
 
-
-
 The file m4/ax_func_snprintf.m4:
 Copyright (c) 2008 Ruediger Kuhlmann <[email protected]>
 
@@ -184,3 +198,35 @@
 permitted in any medium without royalty provided the copyright notice
 and this notice are preserved. This file is offered as-is, without any
 warranty.
+
+
+The files m4/ax_check_compile_flag.m4, m4/ax_check_link_flag.m4
+
+Copyright (c) 2008 Guido U. Draheim <[email protected]>
+Copyright (c) 2011 Maarten Bosmans <[email protected]>
+
+This program is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by the
+Free Software Foundation, either version 3 of the License, or (at your
+option) any later version.
+
+This program is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+Public License for more details.
+
+You should have received a copy of the GNU General Public License along
+with this program. If not, see <http://www.gnu.org/licenses/>.
+
+As a special exception, the respective Autoconf Macro's copyright owner
+gives unlimited permission to copy, distribute and modify the configure
+scripts that are the output of Autoconf when processing the Macro. You
+need not follow the terms of the GNU General Public License when using
+or distributing such scripts, even though portions of the text of the
+Macro appear in them. The GNU General Public License (GPL) does govern
+all other use of the material that constitutes the Autoconf Macro.
+
+This special exception to the GPL applies to versions of the Autoconf
+Macro released by the Autoconf Archive. When you make and distribute a
+modified version of the Autoconf Macro, you may extend this special
+exception to the GPL to apply to your modified version as well.

--- a/components/sudo/sudo.p5m	Wed Feb 24 22:20:45 2016 -0800
+++ b/components/sudo/sudo.p5m	Mon Feb 15 08:11:32 2016 -0800
@@ -18,7 +18,7 @@
 #
 # CDDL HEADER END
 #
-# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved.
 #
 
 <transform file path=usr.*/man/.+ -> default mangler.man.stability uncommitted>
@@ -41,11 +41,15 @@
 link path=usr/bin/sudoedit target=sudo
 file path=usr/bin/sudoreplay mode=0511
 file path=usr/include/sudo_plugin.h
-# pkglint complains about sudoers.so since it thinks that it is 64bit library
-# in 32bit path. But since this is sudo module rather than generic *.so library
-# we are free to have it there. We just need to silence the warning.
-file path=usr/lib/sudo/sudoers.so pkg.linted.userland.action001.2=true
+file path=usr/lib/$(MACH64)/sudo/group_file.so
+link path=usr/lib/$(MACH64)/sudo/libsudo_util.so target=libsudo_util.so.0.0.0
+link path=usr/lib/$(MACH64)/sudo/libsudo_util.so.0 target=libsudo_util.so.0.0.0
+file path=usr/lib/$(MACH64)/sudo/libsudo_util.so.0.0.0
+file path=usr/lib/$(MACH64)/sudo/sudo_noexec.so
+file path=usr/lib/$(MACH64)/sudo/sudoers.so
+file path=usr/lib/$(MACH64)/sudo/system_group.so
 file path=usr/sbin/visudo mode=0511
+file path=usr/share/doc/sudo/CONTRIBUTORS
 file path=usr/share/doc/sudo/ChangeLog
 file path=usr/share/doc/sudo/HISTORY
 file path=usr/share/doc/sudo/LICENSE
@@ -54,45 +58,97 @@
 file path=usr/share/doc/sudo/README.LDAP
 file path=usr/share/doc/sudo/TROUBLESHOOTING
 file path=usr/share/doc/sudo/UPGRADE
-file path=usr/share/doc/sudo/sample.sudo.conf
-file path=usr/share/doc/sudo/sample.sudoers
-file path=usr/share/doc/sudo/sample.syslog.conf
+file path=usr/share/doc/sudo/examples/pam.conf
+file path=usr/share/doc/sudo/examples/sudo.conf
+file path=usr/share/doc/sudo/examples/sudoers
+file path=usr/share/doc/sudo/examples/syslog.conf
 file path=usr/share/doc/sudo/schema.ActiveDirectory
 file path=usr/share/doc/sudo/schema.OpenLDAP
 file path=usr/share/doc/sudo/schema.iPlanet
 file path=usr/share/doc/sudo/sudoers2ldif
+link path=usr/share/locale/ca.UTF-8 target=ca
+file path=usr/share/locale/ca/LC_MESSAGES/sudo.mo
+file path=usr/share/locale/ca/LC_MESSAGES/sudoers.mo
+link path=usr/share/locale/cs.UTF-8 target=cs
+file path=usr/share/locale/cs/LC_MESSAGES/sudo.mo
+file path=usr/share/locale/cs/LC_MESSAGES/sudoers.mo
+link path=usr/share/locale/da.UTF-8 target=da
 file path=usr/share/locale/da/LC_MESSAGES/sudo.mo
 file path=usr/share/locale/da/LC_MESSAGES/sudoers.mo
+link path=usr/share/locale/de.UTF-8 target=de
 file path=usr/share/locale/de/LC_MESSAGES/sudo.mo
+file path=usr/share/locale/de/LC_MESSAGES/sudoers.mo
+link path=usr/share/locale/el.UTF-8 target=el
+file path=usr/share/locale/el/LC_MESSAGES/sudoers.mo
+link path=usr/share/locale/eo.UTF-8 target=eo
 file path=usr/share/locale/eo/LC_MESSAGES/sudo.mo
 file path=usr/share/locale/eo/LC_MESSAGES/sudoers.mo
+link path=usr/share/locale/es.UTF-8 target=es
 file path=usr/share/locale/es/LC_MESSAGES/sudo.mo
+link path=usr/share/locale/eu.UTF-8 target=eu
 file path=usr/share/locale/eu/LC_MESSAGES/sudo.mo
 file path=usr/share/locale/eu/LC_MESSAGES/sudoers.mo
+link path=usr/share/locale/fi.UTF-8 target=fi
 file path=usr/share/locale/fi/LC_MESSAGES/sudo.mo
 file path=usr/share/locale/fi/LC_MESSAGES/sudoers.mo
+link path=usr/share/locale/fr.UTF-8 target=fr
+file path=usr/share/locale/fr/LC_MESSAGES/sudo.mo
+file path=usr/share/locale/fr/LC_MESSAGES/sudoers.mo
+link path=usr/share/locale/gl.UTF-8 target=gl
 file path=usr/share/locale/gl/LC_MESSAGES/sudo.mo
+link path=usr/share/locale/hr.UTF-8 target=hr
 file path=usr/share/locale/hr/LC_MESSAGES/sudo.mo
 file path=usr/share/locale/hr/LC_MESSAGES/sudoers.mo
+link path=usr/share/locale/hu.UTF-8 target=hu
+file path=usr/share/locale/hu/LC_MESSAGES/sudoers.mo
+link path=usr/share/locale/it.UTF-8 target=it
 file path=usr/share/locale/it/LC_MESSAGES/sudo.mo
 file path=usr/share/locale/it/LC_MESSAGES/sudoers.mo
+link path=usr/share/locale/ja.UTF-8 target=ja
 file path=usr/share/locale/ja/LC_MESSAGES/sudo.mo
 file path=usr/share/locale/ja/LC_MESSAGES/sudoers.mo
+link path=usr/share/locale/lt.UTF-8 target=lt
 file path=usr/share/locale/lt/LC_MESSAGES/sudoers.mo
+link path=usr/share/locale/nb.UTF-8 target=nb
+file path=usr/share/locale/nb/LC_MESSAGES/sudo.mo
+file path=usr/share/locale/nb/LC_MESSAGES/sudoers.mo
+link path=usr/share/locale/nl.UTF-8 target=nl
+file path=usr/share/locale/nl/LC_MESSAGES/sudo.mo
+file path=usr/share/locale/nl/LC_MESSAGES/sudoers.mo
+link path=usr/share/locale/pl.UTF-8 target=pl
 file path=usr/share/locale/pl/LC_MESSAGES/sudo.mo
 file path=usr/share/locale/pl/LC_MESSAGES/sudoers.mo
+link path=usr/share/locale/pt_BR.UTF-8 target=pt_BR
+file path=usr/share/locale/pt_BR/LC_MESSAGES/sudo.mo
+file path=usr/share/locale/pt_BR/LC_MESSAGES/sudoers.mo
+link path=usr/share/locale/ru.UTF-8 target=ru
 file path=usr/share/locale/ru/LC_MESSAGES/sudo.mo
+file path=usr/share/locale/ru/LC_MESSAGES/sudoers.mo
+link path=usr/share/locale/sk.UTF-8 target=sk
+file path=usr/share/locale/sk/LC_MESSAGES/sudo.mo
+file path=usr/share/locale/sk/LC_MESSAGES/sudoers.mo
+link path=usr/share/locale/sl.UTF-8 target=sl
 file path=usr/share/locale/sl/LC_MESSAGES/sudo.mo
 file path=usr/share/locale/sl/LC_MESSAGES/sudoers.mo
+link path=usr/share/locale/sr.UTF-8 target=sr
 file path=usr/share/locale/sr/LC_MESSAGES/sudo.mo
+file path=usr/share/locale/sr/LC_MESSAGES/sudoers.mo
+link path=usr/share/locale/sv.UTF-8 target=sv
 file path=usr/share/locale/sv/LC_MESSAGES/sudo.mo
 file path=usr/share/locale/sv/LC_MESSAGES/sudoers.mo
+link path=usr/share/locale/tr.UTF-8 target=tr
+file path=usr/share/locale/tr/LC_MESSAGES/sudo.mo
+file path=usr/share/locale/tr/LC_MESSAGES/sudoers.mo
+link path=usr/share/locale/uk.UTF-8 target=uk
 file path=usr/share/locale/uk/LC_MESSAGES/sudo.mo
 file path=usr/share/locale/uk/LC_MESSAGES/sudoers.mo
+link path=usr/share/locale/vi.UTF-8 target=vi
 file path=usr/share/locale/vi/LC_MESSAGES/sudo.mo
 file path=usr/share/locale/vi/LC_MESSAGES/sudoers.mo
+link path=usr/share/locale/zh_CN.UTF-8 target=zh_CN
 file path=usr/share/locale/zh_CN/LC_MESSAGES/sudo.mo
 file path=usr/share/locale/zh_CN/LC_MESSAGES/sudoers.mo
+file path=usr/share/man/man5/sudo.conf.5
 file path=usr/share/man/man5/sudoers.5
 file path=usr/share/man/man5/sudoers.ldap.5
 file path=usr/share/man/man8/sudo.8

--- a/components/sudo/test/results-64.master	Wed Feb 24 22:20:45 2016 -0800
+++ b/components/sudo/test/results-64.master	Mon Feb 15 08:11:32 2016 -0800
@@ -1,56 +1,86 @@
+parse_gids_test: 6 tests run, 0 errors, 100% success rate
+strsplit_test: 29 tests run, 0 errors, 100% success rate
+atofoo_test: 23 tests run, 0 errors, 100% success rate
+hltq_test: 19 tests run, 0 errors, 100% success rate
 sudo_conf/test1: OK
 sudo_conf/test2: OK
 sudo_conf/test3: OK
 sudo_conf/test4: OK
+sudo_conf/test4 (stderr): OK
 sudo_conf/test5: OK
+sudo_conf/test5 (stderr): OK
 sudo_conf/test6: OK
+sudo_conf/test7: OK
+sudo_conf: 9/9 tests passed; 0/9 tests failed
 sudo_parseln/test1: OK
 sudo_parseln/test2: OK
 sudo_parseln/test3: OK
 sudo_parseln/test4: OK
 sudo_parseln/test5: OK
 sudo_parseln/test6: OK
-sudo_parseln: 13/13 tests passed; 0/13 tests failed
+sudo_parseln: 6/6 tests passed; 0/6 tests failed
 check_addr: 9 tests run, 0 errors, 100% success rate
-check_base64: 5 tests run, 0 errors, 100% success rate
+check_base64: 6 tests run, 0 errors, 100% success rate
 check_fill: 18 tests run, 0 errors, 100% success rate
 iolog_path: 8 tests run, 0 errors, 100% success rate
 check_symbols: 7 tests run, 0 errors, 100% success rate
 sudoers/test1 (parse): OK
 sudoers/test1 (toke):  OK
+sudoers/test1 (parse): OK
 sudoers/test10 (parse): OK
 sudoers/test10 (toke):  OK
+sudoers/test10 (parse): OK
 sudoers/test11 (parse): OK
 sudoers/test11 (toke):  OK
+sudoers/test11 (parse): OK
 sudoers/test12 (parse): OK
 sudoers/test12 (toke):  OK
+sudoers/test12 (parse): OK
 sudoers/test13 (parse): OK
 sudoers/test13 (toke):  OK
+sudoers/test13 (parse): OK
 sudoers/test14 (parse): OK
 sudoers/test14 (toke):  OK
+sudoers/test14 (parse): OK
+sudoers/test15 (parse): OK
+sudoers/test15 (toke):  OK
+sudoers/test15 (parse): OK
+sudoers/test16 (parse): OK
+sudoers/test16 (toke):  OK
+sudoers/test16 (parse): OK
 sudoers/test2 (parse): OK
 sudoers/test2 (toke):  OK
+sudoers/test2 (parse): OK
 sudoers/test3 (parse): OK
 sudoers/test3 (toke):  OK
+sudoers/test3 (parse): OK
 sudoers/test4 (parse): OK
 sudoers/test4 (toke):  OK
+sudoers/test4 (parse): OK
 sudoers/test5 (parse): OK
 sudoers/test5 (toke):  OK
+sudoers/test5 (parse): OK
 sudoers/test6 (parse): OK
 sudoers/test6 (toke):  OK
+sudoers/test6 (parse): OK
 sudoers/test7 (parse): OK
 sudoers/test7 (toke):  OK
+sudoers/test7 (parse): OK
 sudoers/test8 (parse): OK
 sudoers/test8 (toke):  OK
+sudoers/test8 (parse): OK
 sudoers/test9 (parse): OK
 sudoers/test9 (toke):  OK
-sudoers: 28/28 tests passed; 0/28 tests failed
+sudoers/test9 (parse): OK
+sudoers: 48/48 tests passed; 0/48 tests failed
 testsudoers/test1: OK
 testsudoers/test2: OK
 testsudoers/test3: OK
 testsudoers/test4: OK
 testsudoers/test5: OK
-testsudoers: 5/5 tests passed; 0/5 tests failed
+testsudoers/test6: OK
+testsudoers/test7: OK
+testsudoers: 7/7 tests passed; 0/7 tests failed
 visudo/test1: OK
 visudo/test2: OK
 visudo/test2 (stderr): OK