From 65b8cbe9e44a4d56785040c43fd493cc8cf8ba6d Mon Sep 17 00:00:00 2001
From: Lee Chee Yang <chee.yang.lee@intel.com>
Date: Tue, 16 Feb 2021 23:01:39 +0800
Subject: sudo: 1.8.31 -> 1.8.32

release notes:
https://www.sudo.ws/legacy.html#1.8.32

updates include fixes for
CVE-2021-23239
CVE-2021-23240
CVE-2021-3156

Also backport patch to fix build error with musl

(From OE-Core rev: 896e7d02e3626b42cd08b19bb303a0c6189e17de)

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-extended/sudo/sudo.inc                |  2 +-
 ...0001-Fix-includes-when-building-with-musl.patch | 29 +++++++++++++
 meta/recipes-extended/sudo/sudo_1.8.31.bb          | 48 ---------------------
 meta/recipes-extended/sudo/sudo_1.8.32.bb          | 49 ++++++++++++++++++++++
 4 files changed, 79 insertions(+), 49 deletions(-)
 create mode 100644 meta/recipes-extended/sudo/sudo/0001-Fix-includes-when-building-with-musl.patch
 delete mode 100644 meta/recipes-extended/sudo/sudo_1.8.31.bb
 create mode 100644 meta/recipes-extended/sudo/sudo_1.8.32.bb

(limited to 'meta')

diff --git a/meta/recipes-extended/sudo/sudo.inc b/meta/recipes-extended/sudo/sudo.inc
index 5d27d46928..aeedfc1a23 100644
--- a/meta/recipes-extended/sudo/sudo.inc
+++ b/meta/recipes-extended/sudo/sudo.inc
@@ -4,7 +4,7 @@ HOMEPAGE = "http://www.sudo.ws"
 BUGTRACKER = "http://www.sudo.ws/bugs/"
 SECTION = "admin"
 LICENSE = "ISC & BSD & Zlib"
-LIC_FILES_CHKSUM = "file://doc/LICENSE;md5=4d1b44b1576eea036d78b8cc961aa93d \
+LIC_FILES_CHKSUM = "file://doc/LICENSE;md5=07966675feaddba70cc812895b248230 \
                     file://plugins/sudoers/redblack.c;beginline=1;endline=46;md5=03e35317699ba00b496251e0dfe9f109 \
                     file://lib/util/reallocarray.c;beginline=3;endline=15;md5=397dd45c7683e90b9f8bf24638cf03bf \
                     file://lib/util/fnmatch.c;beginline=3;endline=27;md5=004d7d2866ba1f5b41174906849d2e0f \
diff --git a/meta/recipes-extended/sudo/sudo/0001-Fix-includes-when-building-with-musl.patch b/meta/recipes-extended/sudo/sudo/0001-Fix-includes-when-building-with-musl.patch
new file mode 100644
index 0000000000..6ee2d5c11e
--- /dev/null
+++ b/meta/recipes-extended/sudo/sudo/0001-Fix-includes-when-building-with-musl.patch
@@ -0,0 +1,29 @@
+From f4e9e4337f8844d199515ff2b762c914dd254cbd Mon Sep 17 00:00:00 2001
+From: Dan Robertson <dan@dlrobertson.com>
+Date: Sat, 16 May 2020 00:12:44 +0000
+Subject: [PATCH] Fix includes when building with musl
+
+Include sys/types.h for mode_t and id_t in sudo_debug.h
+
+Upstream-Status: Backport [https://github.com/sudo-project/sudo/commit/f4e9e4337f8844d199515ff2b762c914dd254cbd]
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+
+---
+ include/sudo_debug.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/include/sudo_debug.h b/include/sudo_debug.h
+index 180f2096f..0124b0b19 100644
+--- a/include/sudo_debug.h
++++ b/include/sudo_debug.h
+@@ -25,6 +25,7 @@
+ #else
+ # include "compat/stdbool.h"
+ #endif
++#include <sys/types.h>
+ #include "sudo_queue.h"
+ 
+ /*
+-- 
+2.25.1
+
diff --git a/meta/recipes-extended/sudo/sudo_1.8.31.bb b/meta/recipes-extended/sudo/sudo_1.8.31.bb
deleted file mode 100644
index 39d8817c32..0000000000
--- a/meta/recipes-extended/sudo/sudo_1.8.31.bb
+++ /dev/null
@@ -1,48 +0,0 @@
-require sudo.inc
-
-SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \
-           ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
-           file://0001-Include-sys-types.h-for-id_t-definition.patch \
-           "
-
-PAM_SRC_URI = "file://sudo.pam"
-
-SRC_URI[md5sum] = "ce17ff6e72a70f8d5dabba8abf3cd2de"
-SRC_URI[sha256sum] = "7ea8d97a3cee4c844e0887ea7a1bd80eb54cc98fd77966776cb1a80653ad454f"
-
-DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
-RDEPENDS_${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}"
-
-CACHED_CONFIGUREVARS = " \
-        ac_cv_type_rsize_t=no \
-        ac_cv_path_MVPROG=${base_bindir}/mv \
-        ac_cv_path_BSHELLPROG=${base_bindir}/sh \
-        ac_cv_path_SENDMAILPROG=${sbindir}/sendmail \
-        ac_cv_path_VIPROG=${base_bindir}/vi \
-        "
-
-EXTRA_OECONF += " \
-             ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \
-             ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--enable-tmpfiles.d=${nonarch_libdir}/tmpfiles.d', '--disable-tmpfiles.d', d)} \
-             --with-vardir=/var/lib/sudo \
-             "
-
-do_install_append () {
-	if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then
-		install -D -m 644 ${WORKDIR}/sudo.pam ${D}/${sysconfdir}/pam.d/sudo
-		if ${@bb.utils.contains('PACKAGECONFIG', 'pam-wheel', 'true', 'false', d)} ; then
-			echo 'auth       required     pam_wheel.so use_uid' >>${D}${sysconfdir}/pam.d/sudo
-			sed -i 's/# \(%wheel ALL=(ALL) ALL\)/\1/' ${D}${sysconfdir}/sudoers
-		fi
-	fi
-
-	chmod 4111 ${D}${bindir}/sudo
-	chmod 0440 ${D}${sysconfdir}/sudoers
-
-	# Explicitly remove the /run directory to avoid QA error
-	rmdir -p --ignore-fail-on-non-empty ${D}/run/sudo
-}
-
-FILES_${PN} += "${nonarch_libdir}/tmpfiles.d"
-FILES_${PN}-dev += "${libexecdir}/${BPN}/lib*${SOLIBSDEV} ${libexecdir}/${BPN}/*.la \
-                    ${libexecdir}/lib*${SOLIBSDEV} ${libexecdir}/*.la"
diff --git a/meta/recipes-extended/sudo/sudo_1.8.32.bb b/meta/recipes-extended/sudo/sudo_1.8.32.bb
new file mode 100644
index 0000000000..8d16ec2538
--- /dev/null
+++ b/meta/recipes-extended/sudo/sudo_1.8.32.bb
@@ -0,0 +1,49 @@
+require sudo.inc
+
+SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \
+           ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
+           file://0001-Include-sys-types.h-for-id_t-definition.patch \
+           file://0001-Fix-includes-when-building-with-musl.patch \
+           "
+
+PAM_SRC_URI = "file://sudo.pam"
+
+SRC_URI[md5sum] = "a7318202ba391079a0e32933f0fb8bd6"
+SRC_URI[sha256sum] = "5ce3c18c5efbecd5437a0945f314f1822423eaf9a2d7eb7ecf80857bc32246c5"
+
+DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
+RDEPENDS_${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}"
+
+CACHED_CONFIGUREVARS = " \
+        ac_cv_type_rsize_t=no \
+        ac_cv_path_MVPROG=${base_bindir}/mv \
+        ac_cv_path_BSHELLPROG=${base_bindir}/sh \
+        ac_cv_path_SENDMAILPROG=${sbindir}/sendmail \
+        ac_cv_path_VIPROG=${base_bindir}/vi \
+        "
+
+EXTRA_OECONF += " \
+             ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \
+             ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--enable-tmpfiles.d=${nonarch_libdir}/tmpfiles.d', '--disable-tmpfiles.d', d)} \
+             --with-vardir=/var/lib/sudo \
+             "
+
+do_install_append () {
+	if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then
+		install -D -m 644 ${WORKDIR}/sudo.pam ${D}/${sysconfdir}/pam.d/sudo
+		if ${@bb.utils.contains('PACKAGECONFIG', 'pam-wheel', 'true', 'false', d)} ; then
+			echo 'auth       required     pam_wheel.so use_uid' >>${D}${sysconfdir}/pam.d/sudo
+			sed -i 's/# \(%wheel ALL=(ALL) ALL\)/\1/' ${D}${sysconfdir}/sudoers
+		fi
+	fi
+
+	chmod 4111 ${D}${bindir}/sudo
+	chmod 0440 ${D}${sysconfdir}/sudoers
+
+	# Explicitly remove the /run directory to avoid QA error
+	rmdir -p --ignore-fail-on-non-empty ${D}/run/sudo
+}
+
+FILES_${PN} += "${nonarch_libdir}/tmpfiles.d"
+FILES_${PN}-dev += "${libexecdir}/${BPN}/lib*${SOLIBSDEV} ${libexecdir}/${BPN}/*.la \
+                    ${libexecdir}/lib*${SOLIBSDEV} ${libexecdir}/*.la"
-- 
cgit v1.2.3-54-g00ecf