4 files changed, 577 insertions, 2 deletions

diff --git a/app-admin/sudo/Manifest b/app-admin/sudo/Manifest
index 576b3898c3fe..3e1276d10824 100644
--- a/app-admin/sudo/Manifest
+++ b/app-admin/sudo/Manifest
@@ -1,3 +1,4 @@
+AUX sudo-1.9.2-glibc-2.32.patch 10057 BLAKE2B 2027bbef7db5f4a523959e9456ebe625028f55607a22869bcc7deb9ec3787d28d3955fc0a0670976c557f070fa31a56bb167d1c6618f955163a240f852c5a4f6 SHA512 de7147130e923ce083637231f5e5a6dcf41cdd1a2bf901754b573239898d144938ebaaa55a8b1cd44138f313bfa59de6b8eac5d18ecb7c61e501dc0213f144b6
 DIST sudo-1.8.31.tar.gz 3350674 BLAKE2B de5a968732fdd58933b4c513d13c43a08cb50075a00c3e0d338c9892570a416a2b3a8f19940c0893715f4eeab991e804831a87ef656ffd91e7f1ba047c119261 SHA512 b9e408a322938c7a712458e9012d8a5f648fba5b23a5057cf5d8372c7f931262595f1575c32c32b9cb1a04af670ff4611e7df48d197e5c4cc038d6b65439a28a
 DIST sudo-1.8.31p1.tar.gz 3351312 BLAKE2B 85775ef574a3a1a9cc749809fe81f8350f7a4e3f46a905bc3392790b20bb7bc8e3c99fb504e01776f3a92aa6afa7972d3ff1c071aadd3a08ee1d2281f8b9ba50 SHA512 9344fd1d8a8445e8afb9c5628cdc832fe32ea29199f071f35fb6ec694371801556df560f4382afec199f468b1f3264ad5e3a89e964612e571b8d911f823724cc
 DIST sudo-1.8.31p2.tar.gz 3353538 BLAKE2B 274c72232e18c8ff5006b61ad4d384582ec0296af6326377f08ff4e59c6a4a4fc5e2245874bf9a7c6b010addae600dd41f042660d5bf9c4bc8eb98983704a5da SHA512 ad1bbbde74d3ab6e947071c6f21e436ebabcf5af11ecc75cde8f0c01ca0b8c6ae1cce2ff42f21612816c636e96722a2a14daa57757644ceab6577091f82242be
@@ -5,6 +6,7 @@ DIST sudo-1.9.2.tar.gz 3890859 BLAKE2B 879917b8045c999a17ef36006732509aa546ee6bb
 EBUILD sudo-1.8.31.ebuild 6863 BLAKE2B 605dcb95b2668e74e9fbc915c98aad1c787919036b450476e9c9d50e2151489154d2232d0c1e445bfc6647cccecc240f508c2ef636e64331fcfbce385025ad72 SHA512 ccf9c659c89e469ad9cd0282ef2165a549344734dd3638226506944e39a39574af5f56d96ff0108880571a56a9eb457077fd2e73889fbb9c27a0e766b88f9abc
 EBUILD sudo-1.8.31_p1.ebuild 6872 BLAKE2B df4b0b8974bebc5683f9e1e1331c1e25f8c2dea63bd8162a3906dda75c92197a35007d3fb3fb257cee91643918be81222cf0141ab13f28a3a789c0c96053cc1b SHA512 688162c59941c57261c7a15726bb5a368bbc40a990c98d18d7d46f67fd0aef3f1a332703a79691f0c133af0202beeaf0af1e8249a8ab6fad0879899698f40f89
 EBUILD sudo-1.8.31_p2.ebuild 6872 BLAKE2B df4b0b8974bebc5683f9e1e1331c1e25f8c2dea63bd8162a3906dda75c92197a35007d3fb3fb257cee91643918be81222cf0141ab13f28a3a789c0c96053cc1b SHA512 688162c59941c57261c7a15726bb5a368bbc40a990c98d18d7d46f67fd0aef3f1a332703a79691f0c133af0202beeaf0af1e8249a8ab6fad0879899698f40f89
-EBUILD sudo-1.9.2.ebuild 6924 BLAKE2B c21aa2506c7d3b61d3b2038e246614aee7de87c3e914517e4c7cfbfe4222e5266b3804b034745ff30eec1d7ac6325f5a591011f59b32b961eedfd91176fd33ba SHA512 bdcc78f1d1be06e5cb503b8f3da6a5c674613ebce42f19a10bc2314d47405f5a34c9bac6582166ed77d95292d117ee6fb9a149eb70c1b84fbfeac3d7a32575f3
+EBUILD sudo-1.9.2-r1.ebuild 7013 BLAKE2B db8445fef0e42c472efeae9210c773b89145b2a578a6705ab77b8dcfe56ce976e5f0a747bb3884dbd8741facc6ba7051517315a644cfbfc01a90958b271e336e SHA512 e76ff722a7dea45b23f7144fce001c05ce1fa12348ca8ec0e586160b69dacc99e9bc8b877962b525b94255517f7d1d862590e1a73cd436791f7b8985dc17a7a8
+EBUILD sudo-1.9.2.ebuild 6923 BLAKE2B a01c1479303ff907e6e698f667ea6ead96b75db8c95fd1239b66a8e5b3b781bf5784c2abb439322b1145aadb010dedb2e6261820b21db78a6dfaf54684ea9f9e SHA512 f0b9c27e15e12f02d72426c515a10ce95abfeedae66ad5429536da0aa572c7bf4a758eadd2627b0bb8c8509637707c00211a1492a5bbc89303ee59d7e3a9dec5
 EBUILD sudo-9999.ebuild 6821 BLAKE2B 6ec4c8325e4275d902df02e971ca9b3e87a24b312cabcec7909c8ce94c4662aabada79fe550305603ad92151483bb3ba02a92b1ac49807ed0ba6fa7b14da0f12 SHA512 92536adcffa6e1c62e701d7a00a9032a60d559aa114d196e9851f198321ea8d027e9f7caf598f9d0eae2182362520a3c1ba62117d13b8e8b8ed6c5d9f212e7ac
 MISC metadata.xml 1379 BLAKE2B 3fb47838664544236c2c5ce55ba77cda8fdef3ff1bd050a775878444040c76ec1d18fecd7ecbcc11121c90e76e9634f4c01da676dc178dbc7787b9250774e28a SHA512 81def82cf20eb6a57d38a1cced2fef18f5f5b56b6bb92a036cf925dec1c1b77f18e3c7b5997f4055ce840873032df65edae08810e6838bb0ab6309020a4a30d6
diff --git a/app-admin/sudo/files/sudo-1.9.2-glibc-2.32.patch b/app-admin/sudo/files/sudo-1.9.2-glibc-2.32.patch
new file mode 100644
index 000000000000..6134fe736d00
--- /dev/null
+++ b/app-admin/sudo/files/sudo-1.9.2-glibc-2.32.patch
@@ -0,0 +1,308 @@
+
+# HG changeset patch
+# User Todd C. Miller <Todd.Miller@sudo.ws>
+# Date 1598395693 21600
+# Node ID e30482f26924b07775d87ae591e54ad72e794d5e
+# Parent  1ede927d99b3cb06ba514c9fd2fd7fa9a014a1b2
+Use sigabbrev_np(3) to access signal abbreviations if supported.
+glibc-2.32 has removed sys_sigabbrev[], we can use sigabbrev_np(3) instead.
+
+diff -r 1ede927d99b3 -r e30482f26924 config.h.in
+--- a/config.h.in	Mon Aug 17 19:37:09 2020 -0600
++++ b/config.h.in	Tue Aug 25 16:48:13 2020 -0600
+@@ -740,6 +740,9 @@
+ /* Define to 1 if you have the `sig2str' function. */
+ #undef HAVE_SIG2STR
+ 
++/* Define to 1 if you have the `sigabbrev_np' function. */
++#undef HAVE_SIGABBREV_NP
++
+ /* Define to 1 if you use S/Key. */
+ #undef HAVE_SKEY
+ 
+diff -r 1ede927d99b3 -r e30482f26924 configure
+--- a/configure	Mon Aug 17 19:37:09 2020 -0600
++++ b/configure	Tue Aug 25 16:48:13 2020 -0600
+@@ -23687,9 +23687,21 @@
+ 
+ 
+ if test x"${ac_cv_func_sig2str}${ac_cv_func_str2sig}" != x"yesyes"; then
+-    COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }strsig_test"
+-    HAVE_SIGNAME="false"
+-    ac_fn_c_check_decl "$LINENO" "sys_signame" "ac_cv_have_decl_sys_signame" "
++    for ac_func in sigabbrev_np
++do :
++  ac_fn_c_check_func "$LINENO" "sigabbrev_np" "ac_cv_func_sigabbrev_np"
++if test "x$ac_cv_func_sigabbrev_np" = xyes; then :
++  cat >>confdefs.h <<_ACEOF
++#define HAVE_SIGABBREV_NP 1
++_ACEOF
++
++fi
++done
++
++    if test x"${ac_cv_func_sigabbrev_np}" != x"yes"; then
++	COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }strsig_test"
++	HAVE_SIGNAME="false"
++	ac_fn_c_check_decl "$LINENO" "sys_signame" "ac_cv_have_decl_sys_signame" "
+ $ac_includes_default
+ #include <signal.h>
+ 
+@@ -23705,7 +23717,7 @@
+ _ACEOF
+ if test $ac_have_decl = 1; then :
+ 
+-	HAVE_SIGNAME="true"
++	    HAVE_SIGNAME="true"
+ 
+ fi
+ ac_fn_c_check_decl "$LINENO" "_sys_signame" "ac_cv_have_decl__sys_signame" "
+@@ -23724,7 +23736,7 @@
+ _ACEOF
+ if test $ac_have_decl = 1; then :
+ 
+-	HAVE_SIGNAME="true"
++	    HAVE_SIGNAME="true"
+ 
+ fi
+ ac_fn_c_check_decl "$LINENO" "sys_sigabbrev" "ac_cv_have_decl_sys_sigabbrev" "
+@@ -23743,12 +23755,12 @@
+ _ACEOF
+ if test $ac_have_decl = 1; then :
+ 
+-	HAVE_SIGNAME="true"
+-
+-fi
+-
+-    if test "$HAVE_SIGNAME" != "true"; then
+-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for undeclared sys_sigabbrev" >&5
++	    HAVE_SIGNAME="true"
++
++fi
++
++	if test "$HAVE_SIGNAME" != "true"; then
++	    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for undeclared sys_sigabbrev" >&5
+ $as_echo_n "checking for undeclared sys_sigabbrev... " >&6; }
+ if ${sudo_cv_var_sys_sigabbrev+:} false; then :
+   $as_echo_n "(cached) " >&6
+@@ -23777,17 +23789,18 @@
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_sys_sigabbrev" >&5
+ $as_echo "$sudo_cv_var_sys_sigabbrev" >&6; }
+-	if test "$sudo_cv_var_sys_sigabbrev" = yes; then
+-	    $as_echo "#define HAVE_SYS_SIGABBREV 1" >>confdefs.h
+-
+-	else
+-	    case " $LIBOBJS " in
++	    if test "$sudo_cv_var_sys_sigabbrev" = yes; then
++		$as_echo "#define HAVE_SYS_SIGABBREV 1" >>confdefs.h
++
++	    else
++		case " $LIBOBJS " in
+   *" signame.$ac_objext "* ) ;;
+   *) LIBOBJS="$LIBOBJS signame.$ac_objext"
+  ;;
+ esac
+ 
+-	    SIGNAME=signame.lo
++		SIGNAME=signame.lo
++	    fi
+ 	fi
+     fi
+ fi
+diff -r 1ede927d99b3 -r e30482f26924 configure.ac
+--- a/configure.ac	Mon Aug 17 19:37:09 2020 -0600
++++ b/configure.ac	Tue Aug 25 16:48:13 2020 -0600
+@@ -3498,29 +3498,32 @@
+ dnl Also enable unit tests for sig2str() and str2sig().
+ dnl
+ if test x"${ac_cv_func_sig2str}${ac_cv_func_str2sig}" != x"yesyes"; then
+-    COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }strsig_test"
+-    HAVE_SIGNAME="false"
+-    AC_CHECK_DECLS([sys_signame, _sys_signame, sys_sigabbrev], [
+-	HAVE_SIGNAME="true"
+-    ], [ ], [
++    AC_CHECK_FUNCS([sigabbrev_np])
++    if test x"${ac_cv_func_sigabbrev_np}" != x"yes"; then
++	COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }strsig_test"
++	HAVE_SIGNAME="false"
++	AC_CHECK_DECLS([sys_signame, _sys_signame, sys_sigabbrev], [
++	    HAVE_SIGNAME="true"
++	], [ ], [
+ AC_INCLUDES_DEFAULT
+ #include <signal.h>
+-    ])
+-    if test "$HAVE_SIGNAME" != "true"; then
+-	AC_CACHE_CHECK([for undeclared sys_sigabbrev],
+-	    [sudo_cv_var_sys_sigabbrev],
+-	    [AC_LINK_IFELSE(
+-		[AC_LANG_PROGRAM([[extern char **sys_sigabbrev;]], [[return sys_sigabbrev[1];]])],
+-		    [sudo_cv_var_sys_sigabbrev=yes],
+-		    [sudo_cv_var_sys_sigabbrev=no]
+-		)
+-	    ]
+-	)
+-	if test "$sudo_cv_var_sys_sigabbrev" = yes; then
+-	    AC_DEFINE(HAVE_SYS_SIGABBREV)
+-	else
+-	    AC_LIBOBJ(signame)
+-	    SIGNAME=signame.lo
++	])
++	if test "$HAVE_SIGNAME" != "true"; then
++	    AC_CACHE_CHECK([for undeclared sys_sigabbrev],
++		[sudo_cv_var_sys_sigabbrev],
++		[AC_LINK_IFELSE(
++		    [AC_LANG_PROGRAM([[extern char **sys_sigabbrev;]], [[return sys_sigabbrev[1];]])],
++			[sudo_cv_var_sys_sigabbrev=yes],
++			[sudo_cv_var_sys_sigabbrev=no]
++		    )
++		]
++	    )
++	    if test "$sudo_cv_var_sys_sigabbrev" = yes; then
++		AC_DEFINE(HAVE_SYS_SIGABBREV)
++	    else
++		AC_LIBOBJ(signame)
++		SIGNAME=signame.lo
++	    fi
+ 	fi
+     fi
+ fi
+diff -r 1ede927d99b3 -r e30482f26924 lib/util/sig2str.c
+--- a/lib/util/sig2str.c	Mon Aug 17 19:37:09 2020 -0600
++++ b/lib/util/sig2str.c	Tue Aug 25 16:48:13 2020 -0600
+@@ -1,7 +1,7 @@
+ /*
+  * SPDX-License-Identifier: ISC
+  *
+- * Copyright (c) 2012-2015, 2017-2019 Todd C. Miller <Todd.Miller@sudo.ws>
++ * Copyright (c) 2012-2015, 2017-2020 Todd C. Miller <Todd.Miller@sudo.ws>
+  *
+  * Permission to use, copy, modify, and distribute this software for any
+  * purpose with or without fee is hereby granted, provided that the above
+@@ -32,20 +32,24 @@
+ #include <unistd.h>
+ 
+ #include "sudo_compat.h"
++#include "sudo_util.h"
+ 
+-#if defined(HAVE_DECL_SYS_SIGNAME) && HAVE_DECL_SYS_SIGNAME == 1
+-#  define sudo_sys_signame	sys_signame
+-#elif defined(HAVE_DECL__SYS_SIGNAME) && HAVE_DECL__SYS_SIGNAME == 1
+-#  define sudo_sys_signame	_sys_signame
+-#elif defined(HAVE_DECL_SYS_SIGABBREV) && HAVE_DECL_SYS_SIGABBREV == 1
+-#  define sudo_sys_signame	sys_sigabbrev
+-#else
+-# ifdef HAVE_SYS_SIGABBREV
+-   /* sys_sigabbrev is not declared by glibc */
+-#  define sudo_sys_signame	sys_sigabbrev
++#if !defined(HAVE_SIGABBREV_NP)
++# if defined(HAVE_DECL_SYS_SIGNAME) && HAVE_DECL_SYS_SIGNAME == 1
++#   define sigabbrev_np(_x)	sys_signame[(_x)]
++# elif defined(HAVE_DECL__SYS_SIGNAME) && HAVE_DECL__SYS_SIGNAME == 1
++#   define sigabbrev_np(_x)	_sys_signame[(_x)]
++# elif defined(HAVE_SYS_SIGABBREV)
++#   define sigabbrev_np(_x)	sys_sigabbrev[(_x)]
++#  if defined(HAVE_DECL_SYS_SIGABBREV) && HAVE_DECL_SYS_SIGABBREV == 0
++    /* sys_sigabbrev is not declared by glibc */
++    extern const char *const sys_sigabbrev[NSIG];
++#  endif
++# else
++#   define sigabbrev_np(_x)	sudo_sys_signame[(_x)]
++    extern const char *const sudo_sys_signame[NSIG];
+ # endif
+-extern const char *const sudo_sys_signame[NSIG];
+-#endif
++#endif /* !HAVE_SIGABBREV_NP */
+ 
+ /*
+  * Translate signal number to name.
+@@ -77,15 +81,18 @@
+ 	return 0;
+     }
+ #endif
+-    if (signo > 0 && signo < NSIG && sudo_sys_signame[signo] != NULL) {
+-	strlcpy(signame, sudo_sys_signame[signo], SIG2STR_MAX);
+-	/* Make sure we always return an upper case signame. */
+-	if (islower((unsigned char)signame[0])) {
+-	    int i;
+-	    for (i = 0; signame[i] != '\0'; i++)
+-		signame[i] = toupper((unsigned char)signame[i]);
++    if (signo > 0 && signo < NSIG) {
++	const char *cp = sigabbrev_np(signo);
++	if (cp != NULL) {
++	    strlcpy(signame, cp, SIG2STR_MAX);
++	    /* Make sure we always return an upper case signame. */
++	    if (islower((unsigned char)signame[0])) {
++		int i;
++		for (i = 0; signame[i] != '\0'; i++)
++		    signame[i] = toupper((unsigned char)signame[i]);
++	    }
++	    return 0;
+ 	}
+-	return 0;
+     }
+     errno = EINVAL;
+     return -1;
+diff -r 1ede927d99b3 -r e30482f26924 lib/util/str2sig.c
+--- a/lib/util/str2sig.c	Mon Aug 17 19:37:09 2020 -0600
++++ b/lib/util/str2sig.c	Tue Aug 25 16:48:13 2020 -0600
+@@ -1,7 +1,7 @@
+ /*
+  * SPDX-License-Identifier: ISC
+  *
+- * Copyright (c) 2019 Todd C. Miller <Todd.Miller@sudo.ws>
++ * Copyright (c) 2019-2020 Todd C. Miller <Todd.Miller@sudo.ws>
+  *
+  * Permission to use, copy, modify, and distribute this software for any
+  * purpose with or without fee is hereby granted, provided that the above
+@@ -37,19 +37,22 @@
+ #include "sudo_compat.h"
+ #include "sudo_util.h"
+ 
+-#if defined(HAVE_DECL_SYS_SIGNAME) && HAVE_DECL_SYS_SIGNAME == 1
+-#  define sudo_sys_signame	sys_signame
+-#elif defined(HAVE_DECL__SYS_SIGNAME) && HAVE_DECL__SYS_SIGNAME == 1
+-#  define sudo_sys_signame	_sys_signame
+-#elif defined(HAVE_DECL_SYS_SIGABBREV) && HAVE_DECL_SYS_SIGABBREV == 1
+-#  define sudo_sys_signame	sys_sigabbrev
+-#else
+-# ifdef HAVE_SYS_SIGABBREV
+-   /* sys_sigabbrev is not declared by glibc */
+-#  define sudo_sys_signame	sys_sigabbrev
++#if !defined(HAVE_SIGABBREV_NP)
++# if defined(HAVE_DECL_SYS_SIGNAME) && HAVE_DECL_SYS_SIGNAME == 1
++#   define sigabbrev_np(_x)	sys_signame[(_x)]
++# elif defined(HAVE_DECL__SYS_SIGNAME) && HAVE_DECL__SYS_SIGNAME == 1
++#   define sigabbrev_np(_x)	_sys_signame[(_x)]
++# elif defined(HAVE_SYS_SIGABBREV)
++#   define sigabbrev_np(_x)	sys_sigabbrev[(_x)]
++#  if defined(HAVE_DECL_SYS_SIGABBREV) && HAVE_DECL_SYS_SIGABBREV == 0
++    /* sys_sigabbrev is not declared by glibc */
++    extern const char *const sys_sigabbrev[NSIG];
++#  endif
++# else
++#   define sigabbrev_np(_x)	sudo_sys_signame[(_x)]
++    extern const char *const sudo_sys_signame[NSIG];
+ # endif
+-extern const char *const sudo_sys_signame[NSIG];
+-#endif
++#endif /* !HAVE_SIGABBREV_NP */
+ 
+ /*
+  * Many systems use aliases for source backward compatibility.
+@@ -154,11 +157,11 @@
+ 	}
+     }
+ 
+-    /* Check sys_signame[]. */
+     for (signo = 1; signo < NSIG; signo++) {
+-	if (sudo_sys_signame[signo] != NULL) {
++	const char *cp = sigabbrev_np(signo);
++	if (cp != NULL) {
+ 	    /* On macOS sys_signame[] may contain lower-case names. */
+-	    if (strcasecmp(signame, sudo_sys_signame[signo]) == 0) {
++	    if (strcasecmp(signame, cp) == 0) {
+ 		*result = signo;
+ 		return 0;
+ 	    }
+
diff --git a/app-admin/sudo/sudo-1.9.2-r1.ebuild b/app-admin/sudo/sudo-1.9.2-r1.ebuild
new file mode 100644
index 000000000000..1f1f6e60dd34
--- /dev/null
+++ b/app-admin/sudo/sudo-1.9.2-r1.ebuild
@@ -0,0 +1,265 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit pam multilib libtool systemd tmpfiles
+
+MY_P="${P/_/}"
+MY_P="${MY_P/beta/b}"
+
+DESCRIPTION="Allows users or groups to run commands as other users"
+HOMEPAGE="https://www.sudo.ws/"
+if [[ ${PV} == "9999" ]] ; then
+	inherit mercurial
+	EHG_REPO_URI="https://www.sudo.ws/repos/sudo"
+else
+	uri_prefix=
+	case ${P} in
+		*_beta*|*_rc*) uri_prefix=beta/ ;;
+	esac
+
+	SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
+		ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"
+	if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then
+		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~sparc-solaris"
+	fi
+fi
+
+# Basic license is ISC-style as-is, some files are released under
+# 3-clause BSD license
+LICENSE="ISC BSD"
+SLOT="0"
+IUSE="gcrypt ldap libressl nls offensive pam sasl +secure-path selinux +sendmail skey ssl sssd"
+
+DEPEND="
+	sys-libs/zlib:=
+	gcrypt? ( dev-libs/libgcrypt:= )
+	ldap? (
+		>=net-nds/openldap-2.1.30-r1
+		sasl? (
+			dev-libs/cyrus-sasl
+			net-nds/openldap[sasl]
+		)
+	)
+	pam? ( sys-libs/pam )
+	sasl? ( dev-libs/cyrus-sasl )
+	skey? ( >=sys-auth/skey-1.1.5-r1 )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:0= )
+	)
+	sssd? ( sys-auth/sssd[sudo] )
+"
+RDEPEND="
+	${DEPEND}
+	>=app-misc/editor-wrapper-3
+	virtual/editor
+	ldap? ( dev-lang/perl )
+	pam? ( sys-auth/pambase )
+	selinux? ( sec-policy/selinux-sudo )
+	sendmail? ( virtual/mta )
+"
+BDEPEND="
+	sys-devel/bison
+	virtual/pkgconfig
+"
+
+S="${WORKDIR}/${MY_P}"
+
+REQUIRED_USE="
+	pam? ( !skey )
+	skey? ( !pam )
+"
+
+REQUIRED_USE="?? ( gcrypt ssl )"
+
+MAKEOPTS+=" SAMPLES="
+
+PATCHES=( "${FILESDIR}/${P}-glibc-2.32.patch" )  # drop for releases after 1.9.2
+
+src_prepare() {
+	default
+	elibtoolize
+}
+
+set_secure_path() {
+	# FIXME: secure_path is a compile time setting. using PATH or
+	# ROOTPATH is not perfect, env-update may invalidate this, but until it
+	# is available as a sudoers setting this will have to do.
+	einfo "Setting secure_path ..."
+
+	# first extract the default ROOTPATH from build env
+	SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env;
+		echo "${ROOTPATH}")
+		case "${SECURE_PATH}" in
+			*/usr/sbin*) ;;
+			*) SECURE_PATH=$(unset PATH;
+				. "${EPREFIX}"/etc/profile.env; echo "${PATH}")
+				;;
+		esac
+	if [[ -z ${SECURE_PATH} ]] ; then
+		ewarn "	Failed to detect SECURE_PATH, please report this"
+	fi
+
+	# then remove duplicate path entries
+	cleanpath() {
+		local newpath thisp IFS=:
+		for thisp in $1 ; do
+			if [[ :${newpath}: != *:${thisp}:* ]] ; then
+				newpath+=:${thisp}
+			else
+				einfo "   Duplicate entry ${thisp} removed..."
+			fi
+		done
+		SECURE_PATH=${newpath#:}
+	}
+	cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}}
+
+	# finally, strip gcc paths #136027
+	rmpath() {
+		local e newpath thisp IFS=:
+		for thisp in ${SECURE_PATH} ; do
+			for e ; do [[ ${thisp} == ${e} ]] && continue 2 ; done
+			newpath+=:${thisp}
+		done
+		SECURE_PATH=${newpath#:}
+	}
+	rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*'
+
+	einfo "... done"
+}
+
+src_configure() {
+	local SECURE_PATH
+	set_secure_path
+
+	# audit: somebody got to explain me how I can test this before I
+	# enable it.. - Diego
+	# plugindir: autoconf code is crappy and does not delay evaluation
+	# until `make` time, so we have to use a full path here rather than
+	# basing off other values.
+	myeconfargs=(
+		# requires some python eclass
+		--disable-python
+		--enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d
+		--enable-zlib=system
+		--with-editor="${EPREFIX}"/usr/libexec/editor
+		--with-env-editor
+		--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo
+		--with-rundir="${EPREFIX}"/run/sudo
+		--with-vardir="${EPREFIX}"/var/db/sudo
+		--without-linux-audit
+		--without-opie
+		$(use_enable gcrypt)
+		$(use_enable nls)
+		$(use_enable sasl)
+		$(use_enable ssl openssl)
+		$(use_with ldap)
+		$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)
+		$(use_with offensive insults)
+		$(use_with offensive all-insults)
+		$(use_with pam)
+		$(use_with pam pam-login)
+		$(use_with secure-path secure-path "${SECURE_PATH}")
+		$(use_with selinux)
+		$(use_with sendmail)
+		$(use_with skey)
+		$(use_with sssd)
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	default
+
+	if use ldap ; then
+		dodoc README.LDAP
+
+		cat <<-EOF > "${T}"/ldap.conf.sudo
+		# See ldap.conf(5) and README.LDAP for details
+		# This file should only be readable by root
+
+		# supported directives: host, port, ssl, ldap_version
+		# uri, binddn, bindpw, sudoers_base, sudoers_debug
+		# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}
+		EOF
+
+		if use sasl ; then
+			cat <<-EOF >> "${T}"/ldap.conf.sudo
+
+			# SASL directives: use_sasl, sasl_mech, sasl_auth_id
+			# sasl_secprops, rootuse_sasl, rootsasl_auth_id, krb5_ccname
+			EOF
+		fi
+
+		insinto /etc
+		doins "${T}"/ldap.conf.sudo
+		fperms 0440 /etc/ldap.conf.sudo
+
+		insinto /etc/openldap/schema
+		newins doc/schema.OpenLDAP sudo.schema
+	fi
+
+	pamd_mimic system-auth sudo auth account session
+	pamd_mimic system-auth sudo-i auth account session
+
+	keepdir /var/db/sudo/lectured
+	fperms 0700 /var/db/sudo/lectured
+	fperms 0711 /var/db/sudo #652958
+
+	# Don't install into /run as that is a tmpfs most of the time
+	# (bug #504854)
+	rm -rf "${ED}"/run || die
+
+	find "${ED}" -type f -name "*.la" -delete || die #697812
+}
+
+pkg_postinst() {
+	tmpfiles_process sudo.conf
+
+	#652958
+	local sudo_db="${EROOT}/var/db/sudo"
+	if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then
+		chmod 711 "${sudo_db}" || die
+	fi
+
+	if use ldap ; then
+		ewarn
+		ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."
+		ewarn
+		if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then
+			ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"
+			ewarn "configured in /etc/nsswitch.conf."
+			ewarn
+			ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:"
+			ewarn "  sudoers: ldap files"
+			ewarn
+		fi
+	fi
+	if use prefix ; then
+		ewarn
+		ewarn "To use sudo, you need to change file ownership and permissions"
+		ewarn "with root privileges, as follows:"
+		ewarn
+		ewarn "  # chown root:root ${EPREFIX}/usr/bin/sudo"
+		ewarn "  # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"
+		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers"
+		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers.d"
+		ewarn "  # chown root:root ${EPREFIX}/var/db/sudo"
+		ewarn "  # chmod 4111 ${EPREFIX}/usr/bin/sudo"
+		ewarn
+	fi
+
+	elog "To use the -A (askpass) option, you need to install a compatible"
+	elog "password program from the following list. Starred packages will"
+	elog "automatically register for the use with sudo (but will not force"
+	elog "the -A option):"
+	elog ""
+	elog " [*] net-misc/ssh-askpass-fullscreen"
+	elog "     net-misc/x11-ssh-askpass"
+	elog ""
+	elog "You can override the choice by setting the SUDO_ASKPASS environmnent"
+	elog "variable to the program you want to use."
+}
diff --git a/app-admin/sudo/sudo-1.9.2.ebuild b/app-admin/sudo/sudo-1.9.2.ebuild
index 6a957716959a..78ba5eaf6cbc 100644
--- a/app-admin/sudo/sudo-1.9.2.ebuild
+++ b/app-admin/sudo/sudo-1.9.2.ebuild
@@ -22,7 +22,7 @@ else
 	SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
 		ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"
 	if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then
-		KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~s390 sparc x86 ~sparc-solaris"
+		KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 sparc x86 ~sparc-solaris"
 	fi
 fi