This patch will upgrade Sudo version 1.8.6 patchlevel 4 to Sudo
version 1.8.6 patchlevel 5.  To apply:

    $ cd sudo-1.8.6p4
    $ patch -p1 < sudo-1.8.6p5.patch

diff -urNa sudo-1.8.6p4/ChangeLog sudo-1.8.6p5/ChangeLog
--- sudo-1.8.6p4/ChangeLog	Sun Jan 13 15:31:32 2013
+++ sudo-1.8.6p5/ChangeLog	Thu Jan 24 10:05:07 2013
@@ -1,3 +1,33 @@
+2013-01-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* plugins/sudoers/iolog.c:
+	Add __dso_public to extern declaration of declaration to match
+	actual definition.
+	[e16ecb5c6677]
+
+	* configure, configure.in:
+	Sudo 1.8.6p5
+	[8d7c8bd159c5]
+
+	* NEWS:
+	Add 1.8.6p5
+	[1cb9b7c4f626]
+
+2013-01-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* plugins/sudoers/visudo.c:
+	Fix potential stack overflow due to infinite recursion in alias
+	cycle detection. From Daniel Kopecek.
+	[77f2228877bc]
+
+2013-01-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* compat/getgrouplist.c, config.h.in, configure, configure.in:
+	Use _getgroupsbymember() on Solaris to get the groups list. Fixes
+	performance problems with the getgroupslist() compat on Solaris
+	systems with network-based group databases.
+	[6ab76bea5ea4]
+
 2013-01-13  Todd C. Miller  <Todd.Miller@courtesan.com>
 
 	* src/sudo.c:
diff -urNa sudo-1.8.6p4/NEWS sudo-1.8.6p5/NEWS
--- sudo-1.8.6p4/NEWS	Thu Jan  3 14:53:11 2013
+++ sudo-1.8.6p5/NEWS	Thu Jan 24 07:44:55 2013
@@ -1,3 +1,12 @@
+What's new in Sudo 1.8.6p5?
+
+ * Fixed a potential crash in visudo's alias cycle detection.
+
+ * Improved performance on Solaris when retrieving the group list
+   for the target user.  On systems with a large number of groups
+   where the group database is not local (NIS, LDAP, AD), fetching
+   the group list could take a minute or more.
+
 What's new in Sudo 1.8.6p4?
 
  * The -fstack-protector is now used when linking visudo, sudoreplay
diff -urNa sudo-1.8.6p4/compat/getgrouplist.c sudo-1.8.6p5/compat/getgrouplist.c
--- sudo-1.8.6p4/compat/getgrouplist.c	Tue Sep 18 09:56:28 2012
+++ sudo-1.8.6p5/compat/getgrouplist.c	Wed Jan 23 17:40:04 2013
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2010, 2011, 2013 Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -36,7 +36,7 @@
 
 #include "missing.h"
 
-#ifdef HAVE_GETGRSET
+#if defined(HAVE_GETGRSET)
 /*
  * BSD-compatible getgrouplist(3) using getgrset(3)
  */
@@ -79,9 +79,34 @@
     return rval;
 }
 
-#else /* HAVE_GETGRSET */
+#elif defined(HAVE__GETGROUPSBYMEMBER)
 
 /*
+ * BSD-compatible getgrouplist(3) using _getgroupsbymember(3)
+ */
+int
+getgrouplist(const char *name, gid_t basegid, gid_t *groups, int *ngroupsp)
+{
+    int ngroups, grpsize = *ngroupsp;
+    int rval = -1;
+
+    if (grpsize > 0) {
+	/* We support BSD semantics where the first element is the base gid */
+	groups[0] = basegid;
+
+	/* The last arg is 1 because we already filled in the base gid. */
+	ngroups = _getgroupsbymember(name, groups, grpsize, 1);
+	if (ngroups != -1) {
+	    rval = 0;
+	    *ngroupsp = ngroups;
+	}
+    }
+    return rval;
+}
+
+#else /* !HAVE_GETGRSET && !HAVE__GETGROUPSBYMEMBER */
+
+/*
  * BSD-compatible getgrouplist(3) using getgrent(3)
  */
 int
@@ -128,4 +153,4 @@
 
     return rval;
 }
-#endif /* HAVE_GETGRSET */
+#endif /* !HAVE_GETGRSET && !HAVE__GETGROUPSBYMEMBER */
diff -urNa sudo-1.8.6p4/config.h.in sudo-1.8.6p5/config.h.in
--- sudo-1.8.6p4/config.h.in	Tue Sep 18 09:57:43 2012
+++ sudo-1.8.6p5/config.h.in	Wed Jan 23 17:40:04 2013
@@ -700,6 +700,9 @@
 /* Define to 1 if the system has the type `_Bool'. */
 #undef HAVE__BOOL
 
+/* Define to 1 if you have the `_getgroupsbymember' function. */
+#undef HAVE__GETGROUPSBYMEMBER
+
 /* Define to 1 if you have the `_getpty' function. */
 #undef HAVE__GETPTY
 
diff -urNa sudo-1.8.6p4/configure sudo-1.8.6p5/configure
--- sudo-1.8.6p4/configure	Fri Jan 11 09:55:10 2013
+++ sudo-1.8.6p5/configure	Thu Jan 24 07:45:21 2013
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.68 for sudo 1.8.6p4.
+# Generated by GNU Autoconf 2.68 for sudo 1.8.6p5.
 #
 # Report bugs to <http://www.sudo.ws/bugs/>.
 #
@@ -570,8 +570,8 @@
 # Identity of this package.
 PACKAGE_NAME='sudo'
 PACKAGE_TARNAME='sudo'
-PACKAGE_VERSION='1.8.6p4'
-PACKAGE_STRING='sudo 1.8.6p4'
+PACKAGE_VERSION='1.8.6p5'
+PACKAGE_STRING='sudo 1.8.6p5'
 PACKAGE_BUGREPORT='http://www.sudo.ws/bugs/'
 PACKAGE_URL=''
 
@@ -1470,7 +1470,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures sudo 1.8.6p4 to adapt to many kinds of systems.
+\`configure' configures sudo 1.8.6p5 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1535,7 +1535,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of sudo 1.8.6p4:";;
+     short | recursive ) echo "Configuration of sudo 1.8.6p5:";;
    esac
   cat <<\_ACEOF
 
@@ -1761,7 +1761,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-sudo configure 1.8.6p4
+sudo configure 1.8.6p5
 generated by GNU Autoconf 2.68
 
 Copyright (C) 2010 Free Software Foundation, Inc.
@@ -2465,7 +2465,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by sudo $as_me 1.8.6p4, which was
+It was created by sudo $as_me 1.8.6p5, which was
 generated by GNU Autoconf 2.68.  Invocation command line was
 
   $ $0 $@
@@ -13902,6 +13902,19 @@
 		# LD_PRELOAD is space-delimited
 		RTLD_PRELOAD_DELIM=" "
 
+		# For implementing getgrouplist()
+		for ac_func in _getgroupsbymember
+do :
+  ac_fn_c_check_func "$LINENO" "_getgroupsbymember" "ac_cv_func__getgroupsbymember"
+if test "x$ac_cv_func__getgroupsbymember" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE__GETGROUPSBYMEMBER 1
+_ACEOF
+
+fi
+done
+
+
 		# To get the crypt(3) prototype (so we pass -Wall)
 		OSDEFS="${OSDEFS} -D__EXTENSIONS__"
 		# AFS support needs -lucb
@@ -21583,7 +21596,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by sudo $as_me 1.8.6p4, which was
+This file was extended by sudo $as_me 1.8.6p5, which was
 generated by GNU Autoconf 2.68.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -21649,7 +21662,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-sudo config.status 1.8.6p4
+sudo config.status 1.8.6p5
 configured by $0, generated by GNU Autoconf 2.68,
   with options \\"\$ac_cs_config\\"
 
diff -urNa sudo-1.8.6p4/configure.in sudo-1.8.6p5/configure.in
--- sudo-1.8.6p4/configure.in	Fri Jan 11 09:55:10 2013
+++ sudo-1.8.6p5/configure.in	Thu Jan 24 07:45:14 2013
@@ -1,9 +1,9 @@
 dnl
 dnl Process this file with GNU autoconf to produce a configure script.
 dnl
-dnl Copyright (c) 1994-1996,1998-2012 Todd C. Miller <Todd.Miller@courtesan.com>
+dnl Copyright (c) 1994-1996,1998-2013 Todd C. Miller <Todd.Miller@courtesan.com>
 dnl
-AC_INIT([sudo], [1.8.6p4], [http://www.sudo.ws/bugs/], [sudo])
+AC_INIT([sudo], [1.8.6p5], [http://www.sudo.ws/bugs/], [sudo])
 AC_CONFIG_HEADER([config.h pathnames.h])
 dnl
 dnl Note: this must come after AC_INIT
@@ -1550,6 +1550,9 @@
     *-*-solaris2*)
 		# LD_PRELOAD is space-delimited
 		RTLD_PRELOAD_DELIM=" "
+
+		# For implementing getgrouplist()
+		AC_CHECK_FUNCS(_getgroupsbymember)
 
 		# To get the crypt(3) prototype (so we pass -Wall)
 		OSDEFS="${OSDEFS} -D__EXTENSIONS__"
diff -urNa sudo-1.8.6p4/plugins/sudoers/iolog.c sudo-1.8.6p5/plugins/sudoers/iolog.c
--- sudo-1.8.6p4/plugins/sudoers/iolog.c	Tue Sep 18 09:56:29 2012
+++ sudo-1.8.6p5/plugins/sudoers/iolog.c	Thu Jan 24 09:02:10 2013
@@ -102,7 +102,7 @@
 static int iolog_compress;
 static struct timeval last_time;
 static union io_fd io_fds[IOFD_MAX];
-extern struct io_plugin sudoers_io;
+extern __dso_public struct io_plugin sudoers_io;
 
 /*
  * Create parent directories for path as needed, but not path itself.
diff -urNa sudo-1.8.6p4/plugins/sudoers/visudo.c sudo-1.8.6p5/plugins/sudoers/visudo.c
--- sudo-1.8.6p4/plugins/sudoers/visudo.c	Thu Jan  3 14:04:52 2013
+++ sudo-1.8.6p5/plugins/sudoers/visudo.c	Wed Jan 23 17:39:49 2013
@@ -1075,18 +1075,16 @@
     bool rval = true;
     debug_decl(alias_remove_recursive, SUDO_DEBUG_ALIAS)
 
-    if ((a = alias_find(name, type)) != NULL) {
+    if ((a = alias_remove(name, type)) != NULL) {
 	tq_foreach_fwd(&a->members, m) {
 	    if (m->type == ALIAS) {
 		if (!alias_remove_recursive(m->name, type))
 		    rval = false;
 	    }
 	}
+	rbinsert(alias_freelist, a);
     }
     alias_seqno++;
-    a = alias_remove(name, type);
-    if (a)
-	rbinsert(alias_freelist, a);
     debug_return_bool(rval);
 }