security/doas: Update to 6.1

* Update the pkg-message to give users that install/upgrade the port some
  info about the changed behavior regarding the environment variables. [1]

* Make the configuration of target user's sanitized $PATH that is set at
  compile time more flexible by enabling users to configure it via
  _GLOBAL_PATH. [2]

* Also pet portlint/portclippy by placing USES to the top of the USES block
  and remove the superfluous occurence of GH_PROJECT while I'm here.

Changelog:

* Most environment variables are no longer copied to the target user's
  environment. This avoids corrupting files through use of $HOME, for
  example.

  When environment variables are required, keepenv can be set in the
  doas.conf file.

* The target user's sanitized $PATH can be set at compile time to avoid
  passing malicious executables to the target user's path.

https://github.com/slicer69/doas/releases/tag/6.1

PR:		239629
Submitted by:	jsmith@resonatingmedia.com (maintainer)
Approved by:	jsmith@resonatingmedia.com (maintainer) [1] [2]
MFH:		2019Q3

3 files changed, 35 insertions, 8 deletions

diff --git a/security/doas/Makefile b/security/doas/Makefile
index b906add081ad..9b7d9306afb4 100644
--- a/security/doas/Makefile
+++ b/security/doas/Makefile
@@ -1,7 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	doas
-PORTVERSION=	6.0p3
+PORTVERSION=	6.1
 CATEGORIES=	security
 
 MAINTAINER=	jsmith@resonatingmedia.com
@@ -12,11 +12,11 @@ LICENSE_COMB=	multi
 LICENSE_FILE_BSD2CLAUSE=	${WRKSRC}/LICENSE
 LICENSE_FILE_ISCL=		${WRKSRC}/LICENSE
 
+USES=	gmake
 USE_GITHUB=	yes
 GH_ACCOUNT=	slicer69
-GH_PROJECT=	doas
 
-USES=	gmake
+MAKE_ENV+=	TARGETPATH=-DGLOBAL_PATH='\"${_GLOBAL_PATH}\"'
 
 BINMODE=	4755
 
@@ -25,6 +25,15 @@ PLIST_FILES=	bin/doas \
 		man/man5/doas.conf.5.gz \
 		man/man1/doas.1.gz
 
+# These are upstream's default paths that are set for the GLOBAL_PATH variable
+# in doas.h since the 6.1 release. Those paths are then used for target user's
+# PATH variable instead of those of the original user.
+#
+# See also:
+#  * https://github.com/slicer69/doas/blob/6.1/doas.h#L36
+#  * https://github.com/slicer69/doas/releases/tag/6.1
+_GLOBAL_PATH?=	${LOCALBASE}/sbin:${LOCALBASE}/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
 do-install:
 	${INSTALL_PROGRAM} ${WRKSRC}/${PORTNAME} ${STAGEDIR}${PREFIX}/bin
 	${INSTALL_MAN} ${WRKSRC}/doas.1 ${STAGEDIR}${MAN1PREFIX}/man/man1
diff --git a/security/doas/distinfo b/security/doas/distinfo
index 1e00fd7b167a..5fa1c0b0f1fc 100644
--- a/security/doas/distinfo
+++ b/security/doas/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1552317435
-SHA256 (slicer69-doas-6.0p3_GH0.tar.gz) = abf7911df661fd82acc3ff71724b73cf0f2102f8a5379153a1c031b285ed8c97
-SIZE (slicer69-doas-6.0p3_GH0.tar.gz) = 18470
+TIMESTAMP = 1564865652
+SHA256 (slicer69-doas-6.1_GH0.tar.gz) = f6ae5243a711774cd46d5087c544e7feead7e138c6053c030c47489a722033f2
+SIZE (slicer69-doas-6.1_GH0.tar.gz) = 19965
diff --git a/security/doas/files/pkg-message.in b/security/doas/files/pkg-message.in
index cb6c3f4e13c3..9febb5615a54 100644
--- a/security/doas/files/pkg-message.in
+++ b/security/doas/files/pkg-message.in
@@ -5,9 +5,27 @@ To use doas,
 
 %%PREFIX%%/etc/doas.conf
 
-must be created.
+must be created. Refer to doas.conf(5) for further details.
 
-Refer to doas.conf(5).
+Note: In order to be able to run most desktop (GUI) applications, the user
+needs to have the keepenv keyword specified. If keepenv is not specified then
+key elements, like the user's $HOME variable, will be reset and cause the GUI
+application to crash.
+
+Users who only need to run command line applications can usually get away
+without keepenv.
+
+When in doubt, try to avoid using keepenv as it is less secure to have
+environment variables passed to privileged users.
+EOD
+}
+{ type: upgrade
+  maximum_version: "6.1"
+  message: <<EOD
+With the 6.1 release the transfer of most environment variables (e.g. USER,
+HOME and PATH) from the original user to the target user has changed.
+
+Please refer to doas.conf(5) for further details.
 EOD
 }
 ]