Acked-by: Peter Müller <peter.mueller(a)ipfire.org>

> - Update from 1.9.7p2 to 1.9.8p1
> - Update rootfile
> - Changelog
>     Major changes between version 1.9.8 and 1.9.8p1:
>       Fixed support for passing a prompt (sudo -p) or a login class (sudo -c) on the
>         command line. This is a regression introduced in sudo 1.9.8. Bug #993.
>       Fixed a crash with sudo ALL rules in the LDAP and SSSD back-ends. This is a
>         regression introduced in sudo 1.9.8. Bug #994.
>       Fixed a compilation error when the --enable-static-sudoers configure option was
>         specified. This is a regression introduced in sudo 1.9.8 caused by a symbol clash
>         with the intercept and log server protobuf functions.
>     Major changes between version 1.9.7p2 and 1.9.8:
>       It is now possible to transparently intercepting sub-commands executed by the
>         original command run via sudo. Intercept support is implemented using LD_PRELOAD
>         (or the equivalent supported by the system) and so has some limitations. The two
>         main limitations are that only dynamic executables are supported and only the
>         execl, execle, execlp, execv, execve, execvp, and execvpe library functions are
>         currently intercepted. Its main use case is to support restricting privileged
>         shells run via sudo.
>       To support this, there is a new intercept Defaults setting and an INTERCEPT command
>         tag that can be used in sudoers. For example:
>           Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh
>           Defaults!SHELLS intercept
>         would cause sudo to run the listed shells in intercept mode. This can also be set
>         on a per-rule basis. For example:
>           Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh
>           chuck ALL = INTERCEPT: SHELLS
>         would only apply intercept mode to user chuck when running one of the listed shells.
>       In intercept mode, sudo will not prompt for a password before running a sub-command
>         and will not allow a set-user-ID or set-group-ID program to be run by default. The
>         new intercept_authenticate and sudoers settings can be used to change this behavior.
>       The new log_subcmds sudoers setting can be used to log commands run in a privileged
>         shell. It uses the same mechanism as the intercept support described above and has
>         the same limitations.
>       Support for logging sudo_logsrvd errors via syslog or to a file. Previously, most
>         sudo_logsrvd errors were only visible in the debug log.
>       Better diagnostics when there is a TLS certificate validation error.
>       Using the += or -= operators in a Defaults setting that takes a string, not a list,
>         now produces a warning from sudo and a syntax error from inside visudo.
>       Fixed a bug where the iolog_mode setting in sudoers and sudo_logsrvd had no effect
>         when creating I/O log parent directories if the I/O log file name ended with the
>         string XXXXXX.
>       Fixed a bug in the sudoers custom prompt code where the size parameter that was
>         passed to the strlcpy() function was incorrect. No overflow was possible since the
>         correct amount of memory was already pre-allocated.
>       The mksigname and mksiglist helper programs are now built with the host compiler,
>         not the target compiler, when cross-compiling. Bug #989.
>       Fixed compilation error when the --enable-static-sudoers configure option was
>         specified. This was due to a typo introduced in sudo 1.9.7. GitHub PR #113
>     For more details of the changes then view the ChangeLog file in the source tarball
>       or at https://www.sudo.ws/changes.html
> 
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
>   config/rootfiles/common/sudo | 2 ++
>   lfs/sudo                     | 4 ++--
>   2 files changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/config/rootfiles/common/sudo b/config/rootfiles/common/sudo
> index babdcb484..80e83efa4 100644
> --- a/config/rootfiles/common/sudo
> +++ b/config/rootfiles/common/sudo
> @@ -18,6 +18,8 @@ usr/lib/sudo/group_file.so
>   usr/lib/sudo/libsudo_util.so.0.0.0
>   #usr/lib/sudo/sample_approval.la
>   usr/lib/sudo/sample_approval.so
> +#usr/lib/sudo/sudo_intercept.la
> +usr/lib/sudo/sudo_intercept.so
>   #usr/lib/sudo/sudo_noexec.la
>   usr/lib/sudo/sudo_noexec.so
>   #usr/lib/sudo/sudoers.la
> diff --git a/lfs/sudo b/lfs/sudo
> index a74c34e7e..9fabdfd52 100644
> --- a/lfs/sudo
> +++ b/lfs/sudo
> @@ -24,7 +24,7 @@
>   
>   include Config
>   
> -VER        = 1.9.7p2
> +VER        = 1.9.8p1
>   
>   THISAPP    = sudo-$(VER)
>   DL_FILE    = $(THISAPP).tar.gz
> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
>   
>   $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>   
> -$(DL_FILE)_MD5 = d6f8217bfd16649236e100c49e0a7cc4
> +$(DL_FILE)_MD5 = ae9c8b32268f27d05bcdcb8f0c04d461
>   
>   install : $(TARGET)
>   
>