Log message:
sudo: Fix installation with nls option enabled

Add cantonese locale.

Log message:
sudo: remove two dead master sites

Log message:
sudo: Upgrade to 1.9.17p1

What's new in Sudo 1.9.17p1

 * Fixed CVE-2025-32462.  Sudo's -h (--host) option could be specified
   when running a command or editing a file.  This could enable a
   local privilege escalation attack if the sudoers file allows the
   user to run commands on a different host.

 * Fixed CVE-2025-32463.  An attacker can leverage sudo's -R
   (--chroot) option to run arbitrary commands as root, even if
   they are not listed in the sudoers file.  The chroot support has
   been deprecated an will be removed entirely in a future release.

What's new in Sudo 1.9.17

 * Sudo now uses the NODEV macro consistently. Bug #1074.

 * Fixed a bug where the "ALL" command in a sudoers rule would
   override a previous NOSETENV tag.  Command tags are inherited
   from previous Cmnds in a Cmnd_Spec_List.  There is a special
   case for the SETENV tag with the "ALL" command, where SETENV is
   implied if no explicit SETENV or NOSETENV tag is specified.  This
   special case did not take into account that a NOSETENV tag that
   was inherited should override this behavior.

 * If sudo is run via ssh without a terminal and a password is
   required, it now suggest using ssh's "-t" option.

 * Fixed the display of timeout values in the "sudo -V" output
   on systems without a C99-compliant snprintf() function.

 * Quieted a number of minor Coverity warnings.

 * Fixed a problem running sudo from a serial console on Linux when
   the command is run in a pseudo-terminal (the default).

 * Fixed a crash in sudo which could occur if there was a fatal
   error after the user was validated but before the command was
   actually run.

 * Fixed a number of man page style warnings.  The "lint" make target
   in the docs directory will now run groff with warnings enabled
   if it is available.  Bug #1075.

 * The "ignore_dot" sudoers setting is now on by default.  There
   is now a "--disable-ignore-dot" configure option to disable it.
   The "--with-ignore-dot" configure option has been deprecated.

 * Fixed a problem with the "pwfeedback" option where an initial
   backspace would reduce the maximum length allowed for the password.
   GitHub issue #439.

 * Fixed minor grammar and spelling problems in the man pages.

 * Fixed a bug where a user could avoid entering a password for
   "sudo -l command" if they specified their own user or group name
   via the "-u" or "-g" options.

 * Avoid potential password guessing based on timing attacks on
   the strcmp() function on systems without PAM or a crypt() function
   where plaintext passwords are stored in the shadow password file.

 * Fixed a potential information leak where "sudo -l command" could
   be used to determine whether an executable exists in a directory
   that they do not have search access to.

 * Sudo uses TCSAFLUSH, not TCSADRAIN, when disabling echo once
   again.  A long time ago sudo changed from using TCSAFLUSH to
   TCSADRAIN due to some systems having bugs related to TCSAFLUSH.
   That should no longer be a concern.  Using TCSAFLUSH ensures
   that password input that has been received by the kernel, but
   not yet read by sudo, will be discarded and not echoed.

 * Added the SUDO_TTY environment variable if the user has a terminal.
   This can be used to find the user's original tty device when sudo
   runs the command in its own pseudo-terminal.  GitHub issue #447.

 * New Cantonese translation for sudo.

Log message:
*: recursive bump for default Kerberos implementation switch

Log message:
sudo: Enable PAM by default where available.

Verified to build successfully on SunOS, Linux, FreeBSD, NetBSD
via drecklypkg ci.

Log message:
sudo: Build fixes for SunOS and OpenBSD.

Found via drecklypkg CI.

Log message:
security/sudo: update to sudo-1.9.16

# noteworthy changes (since 1.9.16)

* Sudo 1.9.16p2
	Sudo now passes the terminal device number to the policy plugin even
	if it cannot resolve it to a path name. This allows sudo to run
	without warnings in a chroot jail when the terminal device files
	are not present. GitHub issue #421.

	On Linux systems, sudo will now attempt to use the symbolic links in
	/proc/self/fd/{0,1,2} when resolving the terminal device number.
	This can allow sudo to map a terminal device to its path name even
	when /dev/pts is not mounted in a chroot jail.

	Fixed compilation errors with gcc and clang in C23 mode. C23 no
	longer supports functions with unspecified arguments. GitHub issue
	#420.

* Sudo 1.9.16p1
	Fixed the test for cross-compiling when checking for C99 snprintf().
	The changes made to the test in sudo 1.9.16 resulted in a different
	problem. GitHub issue #386.

	Fixed the date used by the exit record in sudo-format log files.
	This was a regression introduced in sudo 1.9.16 and only affected
	file-based logs, not syslog. GitHub issue #405.

	Fixed the root cause of the “unable to find terminal name for
	device” message when running sudo on AIX when no terminal is
	present. In sudo 1.9.16 this was turned from a debug message into a
	warning. GitHub issue #408.

	When a duplicate alias is found in the sudoers file, the warning
	message now includes the file and line number of the previous
	definition.

	Added support for the --with-secure-path-value=no configure option
	to allow packagers to ship the default sudoers file with the secure
	path line commented out.

	Sudo no longer sends mail when a user runs sudo -nv or sudo -nl,
	even if mail_badpass or mail_always are set. Sudo already avoids
	logging to a file or syslog in this case

Log message:
sudo: Append ${PREFIX} directories to the default secure_path

Now that secure_path is enabled in the default sudoers file as of
sudo version 1.9.16, it seems important to me to include the pkgsrc
${PREFIX}/sbin and ${PREFIX}/bin in it.