From 65c06a2ea863445219d7103a7d347df36ccbd53a Mon Sep 17 00:00:00 2001
From: Xiangyu Chen <xiangyu.chen@windriver.com>
Date: Fri, 10 Nov 2023 13:07:21 +0800
Subject: sudo: upgrade 1.9.13p3 -> 1.9.15p2

Upgrade 1.9.13p3 to 1.9.15p2 to fix bugs and CVEs

License-update: file removed upstream
Drop patch as issue fixed upstream.

Changelogs:
1.9.15p2: https://www.sudo.ws/releases/stable/#1.9.15p2
1.9.15p1: https://www.sudo.ws/releases/stable/#1.9.15p1
1.9.15:   https://www.sudo.ws/releases/stable/#1.9.15
1.9.14p3: https://www.sudo.ws/releases/stable/#1.9.14p3
1.9.14p2: https://www.sudo.ws/releases/stable/#1.9.14p2
1.9.14p1: https://www.sudo.ws/releases/stable/#1.9.14p1
1.9.14:   https://www.sudo.ws/releases/stable/#1.9.14

(From OE-Core rev: 1681813ef11c813d8b7433790dfc60425e31bc63)

Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...signame.c-correctly-include-header-for-ou.patch | 25 ---------
 meta/recipes-extended/sudo/sudo.inc                |  5 +-
 meta/recipes-extended/sudo/sudo_1.9.13p3.bb        | 62 ----------------------
 meta/recipes-extended/sudo/sudo_1.9.15p2.bb        | 61 +++++++++++++++++++++
 4 files changed, 63 insertions(+), 90 deletions(-)
 delete mode 100644 meta/recipes-extended/sudo/files/0001-lib-util-mksigname.c-correctly-include-header-for-ou.patch
 delete mode 100644 meta/recipes-extended/sudo/sudo_1.9.13p3.bb
 create mode 100644 meta/recipes-extended/sudo/sudo_1.9.15p2.bb

diff --git a/meta/recipes-extended/sudo/files/0001-lib-util-mksigname.c-correctly-include-header-for-ou.patch b/meta/recipes-extended/sudo/files/0001-lib-util-mksigname.c-correctly-include-header-for-ou.patch
deleted file mode 100644
index f63ed553be..0000000000
--- a/meta/recipes-extended/sudo/files/0001-lib-util-mksigname.c-correctly-include-header-for-ou.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From f993c5c88faacc43971899aae2168ffb3e34dc80 Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex@linutronix.de>
-Date: Fri, 24 Sep 2021 13:36:24 +0200
-Subject: [PATCH] lib/util/mksigname.c: correctly include header for out of
- tree builds
-
-Upstream-Status: Submitted [https://github.com/sudo-project/sudo/pull/123]
-Signed-off-by: Alexander Kanavin <alex@linutronix.de>
----
- lib/util/mksigname.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/util/mksigname.c b/lib/util/mksigname.c
-index de8b1ad..0a69e7e 100644
---- a/lib/util/mksigname.c
-+++ b/lib/util/mksigname.c
-@@ -36,7 +36,7 @@ main(int argc, char *argv[])
- {
-     unsigned int i;
- 
--#include "mksigname.h"
-+#include "lib/util/mksigname.h"
- 
-     printf("const char *const sudo_sys_signame[] = {\n");
-     for (i = 0; i < nitems(sudo_sys_signame); i++) {
diff --git a/meta/recipes-extended/sudo/sudo.inc b/meta/recipes-extended/sudo/sudo.inc
index bedf713d2c..feb1cf35a7 100644
--- a/meta/recipes-extended/sudo/sudo.inc
+++ b/meta/recipes-extended/sudo/sudo.inc
@@ -8,7 +8,6 @@ LIC_FILES_CHKSUM = "file://LICENSE.md;md5=5100e20d35f9015f9eef6bdb27ba194f \
                     file://plugins/sudoers/redblack.c;beginline=1;endline=46;md5=03e35317699ba00b496251e0dfe9f109 \
                     file://lib/util/reallocarray.c;beginline=3;endline=15;md5=397dd45c7683e90b9f8bf24638cf03bf \
                     file://lib/util/fnmatch.c;beginline=3;endline=27;md5=004d7d2866ba1f5b41174906849d2e0f \
-                    file://lib/util/getcwd.c;beginline=2;endline=27;md5=50f8d9667750e18dea4e84a935c12009 \
                     file://lib/util/glob.c;beginline=2;endline=31;md5=2852f68687544e3eb8a0a61665506f0e \
                     file://lib/util/snprintf.c;beginline=3;endline=33;md5=b70df6179969e38fcf68da91b53b8029 \
                     file://include/sudo_queue.h;beginline=2;endline=27;md5=ad578e9664d17a010b63e4bc0576ee8d \
@@ -31,12 +30,12 @@ EXTRA_OECONF = "--with-editor=${base_bindir}/vi --with-env-editor"
 EXTRA_OECONF:append:libc-musl = " --disable-hardening "
 
 do_compile:prepend () {
-       # Remove build host references from sudo_usage.h
+       # Remove build host references from config.h
        sed -i  \
            -e 's,--with-libtool-sysroot=${STAGING_DIR_TARGET},,g' \
            -e 's,--build=${BUILD_SYS},,g' \
            -e 's,--host=${HOST_SYS},,g' \
-           ${B}/src/sudo_usage.h
+           ${B}/config.h
 }
 
 # Explicitly create ${localstatedir}/lib before do_install to ensure
diff --git a/meta/recipes-extended/sudo/sudo_1.9.13p3.bb b/meta/recipes-extended/sudo/sudo_1.9.13p3.bb
deleted file mode 100644
index 2e11739470..0000000000
--- a/meta/recipes-extended/sudo/sudo_1.9.13p3.bb
+++ /dev/null
@@ -1,62 +0,0 @@
-require sudo.inc
-
-SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \
-           ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
-           file://0001-sudo.conf.in-fix-conflict-with-multilib.patch \
-           file://0001-lib-util-mksigname.c-correctly-include-header-for-ou.patch \
-           "
-
-PAM_SRC_URI = "file://sudo.pam"
-
-SRC_URI[sha256sum] = "92334a12bb93e0c056b09f53e255ccb7d6f67c6350e2813cd9593ceeca78560b"
-
-DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
-RDEPENDS:${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}"
-
-CACHED_CONFIGUREVARS = " \
-        ac_cv_type_rsize_t=no \
-        ac_cv_path_MVPROG=${base_bindir}/mv \
-        ac_cv_path_BSHELLPROG=${base_bindir}/sh \
-        ac_cv_path_SENDMAILPROG=${sbindir}/sendmail \
-        ac_cv_path_VIPROG=${base_bindir}/vi \
-        "
-
-EXTRA_OECONF += " \
-             ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \
-             ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--enable-tmpfiles.d=${nonarch_libdir}/tmpfiles.d', '--disable-tmpfiles.d', d)} \
-             --with-rundir=/run/sudo \
-             --with-vardir=/var/lib/sudo \
-             --libexecdir=${libdir} \
-             "
-
-do_install:append () {
-	if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then
-		install -D -m 644 ${WORKDIR}/sudo.pam ${D}/${sysconfdir}/pam.d/sudo
-		if ${@bb.utils.contains('PACKAGECONFIG', 'pam-wheel', 'true', 'false', d)} ; then
-			echo 'auth       required     pam_wheel.so use_uid' >>${D}${sysconfdir}/pam.d/sudo
-			sed -i 's/# \(%wheel ALL=(ALL) ALL\)/\1/' ${D}${sysconfdir}/sudoers
-		fi
-	fi
-
-	chmod 4111 ${D}${bindir}/sudo
-	chmod 0440 ${D}${sysconfdir}/sudoers
-
-	# Explicitly remove the /sudo directory to avoid QA error
-	rmdir -p --ignore-fail-on-non-empty ${D}/run/sudo
-}
-
-FILES:${PN}-dev += "${libdir}/${BPN}/lib*${SOLIBSDEV} ${libdir}/${BPN}/*.la \
-                    ${libdir}/lib*${SOLIBSDEV} ${libdir}/*.la"
-
-CONFFILES:${PN}-lib = "${sysconfdir}/sudoers"
-
-SUDO_PACKAGES = "${PN}-sudo\
-                 ${PN}-lib"
-
-PACKAGE_BEFORE_PN = "${SUDO_PACKAGES}"
-
-RDEPENDS:${PN}-sudo = "${PN}-lib"
-RDEPENDS:${PN} += "${SUDO_PACKAGES}"
-
-FILES:${PN}-sudo = "${bindir}/sudo ${bindir}/sudoedit"
-FILES:${PN}-lib = "${localstatedir} ${libexecdir} ${sysconfdir} ${libdir} ${nonarch_libdir}"
diff --git a/meta/recipes-extended/sudo/sudo_1.9.15p2.bb b/meta/recipes-extended/sudo/sudo_1.9.15p2.bb
new file mode 100644
index 0000000000..431dfba3c2
--- /dev/null
+++ b/meta/recipes-extended/sudo/sudo_1.9.15p2.bb
@@ -0,0 +1,61 @@
+require sudo.inc
+
+SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \
+           ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
+           file://0001-sudo.conf.in-fix-conflict-with-multilib.patch \
+           "
+
+PAM_SRC_URI = "file://sudo.pam"
+
+SRC_URI[sha256sum] = "199c0cdbfa7efcfffa9c88684a8e2fb206a62b70a316507e4a91c89c873bbcc8"
+
+DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
+RDEPENDS:${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}"
+
+CACHED_CONFIGUREVARS = " \
+        ac_cv_type_rsize_t=no \
+        ac_cv_path_MVPROG=${base_bindir}/mv \
+        ac_cv_path_BSHELLPROG=${base_bindir}/sh \
+        ac_cv_path_SENDMAILPROG=${sbindir}/sendmail \
+        ac_cv_path_VIPROG=${base_bindir}/vi \
+        "
+
+EXTRA_OECONF += " \
+             ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \
+             ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--enable-tmpfiles.d=${nonarch_libdir}/tmpfiles.d', '--disable-tmpfiles.d', d)} \
+             --with-rundir=/run/sudo \
+             --with-vardir=/var/lib/sudo \
+             --libexecdir=${libdir} \
+             "
+
+do_install:append () {
+	if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then
+		install -D -m 644 ${WORKDIR}/sudo.pam ${D}/${sysconfdir}/pam.d/sudo
+		if ${@bb.utils.contains('PACKAGECONFIG', 'pam-wheel', 'true', 'false', d)} ; then
+			echo 'auth       required     pam_wheel.so use_uid' >>${D}${sysconfdir}/pam.d/sudo
+			sed -i 's/# \(%wheel ALL=(ALL) ALL\)/\1/' ${D}${sysconfdir}/sudoers
+		fi
+	fi
+
+	chmod 4111 ${D}${bindir}/sudo
+	chmod 0440 ${D}${sysconfdir}/sudoers
+
+	# Explicitly remove the /sudo directory to avoid QA error
+	rmdir -p --ignore-fail-on-non-empty ${D}/run/sudo
+}
+
+FILES:${PN}-dev += "${libdir}/${BPN}/lib*${SOLIBSDEV} ${libdir}/${BPN}/*.la \
+                    ${libdir}/lib*${SOLIBSDEV} ${libdir}/*.la"
+
+CONFFILES:${PN}-lib = "${sysconfdir}/sudoers"
+
+SUDO_PACKAGES = "${PN}-sudo\
+                 ${PN}-lib"
+
+PACKAGE_BEFORE_PN = "${SUDO_PACKAGES}"
+
+RDEPENDS:${PN}-sudo = "${PN}-lib"
+RDEPENDS:${PN} += "${SUDO_PACKAGES}"
+
+FILES:${PN}-sudo = "${bindir}/sudo ${bindir}/sudoedit"
+FILES:${PN}-lib = "${localstatedir} ${libexecdir} ${sysconfdir} ${libdir} ${nonarch_libdir}"
-- 
cgit v1.2.3-54-g00ecf