@@ -1,4 +1,4 @@
-From 6e835350b7413210c410d3578cfab804186b7a4f Mon Sep 17 00:00:00 2001
+From 8c69192754ba73dd6e3273728a21aa73988f4bfb Mon Sep 17 00:00:00 2001
From: Kai Kang <kai.kang@windriver.com>
Date: Tue, 17 Nov 2020 11:13:40 +0800
Subject: [PATCH] sudo.conf.in: fix conflict with multilib
@@ -15,13 +15,12 @@ Update the comments in sudo.conf.in to avoid the conflict.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Upstream-Status: Inappropriate [OE configuration specific]
-
---
examples/sudo.conf.in | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/examples/sudo.conf.in b/examples/sudo.conf.in
-index 2187457..0908d24 100644
+index bdd676c..094341c 100644
--- a/examples/sudo.conf.in
+++ b/examples/sudo.conf.in
@@ -4,7 +4,7 @@
@@ -53,7 +52,7 @@ index 2187457..0908d24 100644
# Sudo plugin directory:
@@ -74,7 +74,7 @@
# The default directory to use when searching for plugins that are
- # specified without a fully qualified path name.
+ # specified without a fully-qualified path name.
#
-#Path plugin_dir @plugindir@
+#Path plugin_dir $plugindir
@@ -4,7 +4,7 @@ HOMEPAGE = "http://www.sudo.ws"
BUGTRACKER = "http://www.sudo.ws/bugs/"
SECTION = "admin"
LICENSE = "ISC & BSD-3-Clause & BSD-2-Clause & Zlib"
-LIC_FILES_CHKSUM = "file://LICENSE.md;md5=5100e20d35f9015f9eef6bdb27ba194f \
+LIC_FILES_CHKSUM = "file://LICENSE.md;md5=2841c822e587db145364ca95e9be2ffa \
file://plugins/sudoers/redblack.c;beginline=1;endline=46;md5=03e35317699ba00b496251e0dfe9f109 \
file://lib/util/reallocarray.c;beginline=3;endline=15;md5=397dd45c7683e90b9f8bf24638cf03bf \
file://lib/util/fnmatch.c;beginline=3;endline=27;md5=004d7d2866ba1f5b41174906849d2e0f \
similarity index 52%
rename from meta/recipes-extended/sudo/sudo_1.9.15p5.bb
rename to meta/recipes-extended/sudo/sudo_1.9.17p1.bb
@@ -1,3 +1,55 @@
+# FIXME: the LIC_FILES_CHKSUM values have been updated by 'devtool upgrade'.
+# The following is the difference between the old and the new license text.
+# Please update the LICENSE value if needed, and summarize the changes in
+# the commit message via 'License-Update:' tag.
+# (example: 'License-Update: copyright years updated.')
+#
+# The changes:
+#
+# --- LICENSE.md
+# +++ LICENSE.md
+# @@ -1,6 +1,6 @@
+# Sudo is distributed under the following license:
+#
+# - Copyright (c) 1994-1996, 1998-2023
+# + Copyright (c) 1994-1996, 1998-2025
+# Todd C. Miller <Todd.Miller@sudo.ws>
+#
+# Permission to use, copy, modify, and distribute this software for any
+# @@ -247,9 +247,9 @@
+#
+# The file arc4random.c bears the following license:
+#
+# - Copyright (c) 1996, David Mazieres <dm@uun.org>
+# - Copyright (c) 2008, Damien Miller <djm@openbsd.org>
+# - Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
+# + Copyright (c) 1996, David Mazieres <dm@uun.org>
+# + Copyright (c) 2008, Damien Miller <djm@openbsd.org>
+# + Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
+# Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
+#
+# Permission to use, copy, modify, and distribute this software for any
+# @@ -282,7 +282,7 @@
+#
+# The file getentropy.c bears the following license:
+#
+# - Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
+# + Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
+# Copyright (c) 2014 Bob Beck <beck@obtuse.com>
+#
+# Permission to use, copy, modify, and distribute this software for any
+# @@ -299,7 +299,7 @@
+#
+# The embedded copy of zlib bears the following license:
+#
+# - Copyright (C) 1995-2022 Jean-loup Gailly and Mark Adler
+# + Copyright (C) 1995-2024 Jean-loup Gailly and Mark Adler
+#
+# This software is provided 'as-is', without any express or implied
+# warranty. In no event will the authors be held liable for any damages
+#
+#
+
require sudo.inc
SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \
@@ -7,7 +59,7 @@ SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \
PAM_SRC_URI = "file://sudo.pam"
-SRC_URI[sha256sum] = "558d10b9a1991fb3b9fa7fa7b07ec4405b7aefb5b3cb0b0871dbc81e3a88e558"
+SRC_URI[sha256sum] = "ff607ea717072197738a78f778692cd6df9a7e3e404565f51de063ca27455d32"
DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
RDEPENDS:${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}"
Changelog: =========== * Fixed CVE-2025-32462. Sudo's -h (--host) option could be specified when running a command or editing a file. This could enable a local privilege escalation attack if the sudoers file allows the user to run commands on a different host. * Fixed CVE-2025-32463. An attacker can leverage sudo's -R (--chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file. The chroot support has been deprecated an will be removed entirely in a future release. License-Update: Copyright updated to 2025 0001-sudo.conf.in-fix-conflict-with-multilib.patch refreshed for 1.9.17 Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com> --- ...o.conf.in-fix-conflict-with-multilib.patch | 7 ++- meta/recipes-extended/sudo/sudo.inc | 2 +- .../{sudo_1.9.15p5.bb => sudo_1.9.17p1.bb} | 54 ++++++++++++++++++- 3 files changed, 57 insertions(+), 6 deletions(-) rename meta/recipes-extended/sudo/{sudo_1.9.15p5.bb => sudo_1.9.17p1.bb} (52%)