From b17b05cf07d02fd2d5e61ca8132bd1bd918a771d Mon Sep 17 00:00:00 2001
From: Dongsu Park <dpark@linux.microsoft.com>
Date: Tue, 13 Feb 2024 14:51:36 +0100
Subject: [PATCH] overlay app-admin/sudo: update to 1.9.15_p5

Update app-admin/sudo to 1.9.15_p5, mainly to address CVE-2023-42465.

Based on Gentoo commit ff039bd2d41b317c73278f8d30a1d3caec1b03df.
---
 .../coreos-overlay/app-admin/sudo/Manifest    |  4 ++--
 .../coreos-overlay/app-admin/sudo/README.md   |  8 -------
 ...1.9.13_p3.ebuild => sudo-1.9.15_p5.ebuild} | 21 +++++++------------
 3 files changed, 10 insertions(+), 23 deletions(-)
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-admin/sudo/README.md
 rename sdk_container/src/third_party/coreos-overlay/app-admin/sudo/{sudo-1.9.13_p3.ebuild => sudo-1.9.15_p5.ebuild} (94%)

diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/Manifest b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/Manifest
index ec47eaee5b..90f9f2b10c 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/Manifest
@@ -1,2 +1,2 @@
-DIST sudo-1.9.13p3.tar.gz 5100355 BLAKE2B 46218ecf4cf06d2280ccf4c257b12a6f697eda17b96a6b7aa56f6c7f22d847ec2a8036b9f615c3328d985656539c95f37a40c6c72dfa5f65786ab45a28cf353f SHA512 c0c5cd0c6308868afdad2ecf55b86fdcf1f49889b30831c9db3bc56a63dc3a07686c285c20b2500494b2a76653e2ec69196abdc583312609a5db1c81a6e4e737
-DIST sudo-1.9.13p3.tar.gz.sig 566 BLAKE2B 5b59c7178bf157b67500d972fe1b373bc86ab09345f59733cffa85700221ceec0d5be10bce4838f16e9238154c90a972570a7a933f48dbd56bc64b38dbc0043f SHA512 eebf36e86ebd03daca05838bc56d9b1fb7ea8584a83a9f0e03c5ff07e612d36472b23797c628eff1cf4301832d139de0de62ddc8b17e20f1498f769a4db1249a
+DIST sudo-1.9.15p5.tar.gz 5306611 BLAKE2B 73ee598c2a2848d5be24f97492b13eba2f326c514799220e43a1aeafc6692224a7555fb7cc0a96a2720751d3e4d98e752804db589ac3c1476f24e71f5b9bc720 SHA512 ebac69719de2fe7bd587924701bdd24149bf376a68b17ec02f69b2b96d4bb6fa5eb8260a073ec5ea046d3ac69bb5b1c0b9d61709fe6a56f1f66e40817a70b15a
+DIST sudo-1.9.15p5.tar.gz.sig 566 BLAKE2B ddd8fed1b3721aafdb32b762834168063c3f0f003ef5d83f1883615320da6fe89b08d72c8e893c8b2bf9fd892a40e47cc77d72672e43b5a24db50e7194d9bc4c SHA512 97480a3d27b546a93e997c3a1e8169904a7625ab8fa6198d0b7e1d2d040f55b2d58462cd08e5cc97c2f1c817b12343e35cdd7db207aee42785f2b95b17c600b0
diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/README.md b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/README.md
deleted file mode 100644
index c90febe8b2..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/README.md
+++ /dev/null
@@ -1,8 +0,0 @@
-## Flatcar changes
-- Remove Perl Runtime Dependency
-- Remove OpenLDAP schema files for sudo
-```
-insinto /etc/openldap/schema
-newins doc/schema.OpenLDAP sudo.schema
-```
-- Remove sudo.conf file as it is shipped via baselayout
diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.9.13_p3.ebuild b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.9.15_p5.ebuild
similarity index 94%
rename from sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.9.13_p3.ebuild
rename to sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.9.15_p5.ebuild
index 91bcd1a255..b130fe70e0 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.9.13_p3.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.9.15_p5.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2023 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
@@ -15,7 +15,7 @@ if [[ ${PV} == 9999 ]] ; then
 	inherit mercurial
 	EHG_REPO_URI="https://www.sudo.ws/repos/sudo"
 else
-	VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/sudo.ws.asc
+	VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/sudo.ws.asc
 	inherit verify-sig
 
 	uri_prefix=
@@ -36,7 +36,7 @@ else
 		KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
 	fi
 
-	BDEPEND+="verify-sig? ( sec-keys/openpgp-keys-sudo )"
+	BDEPEND="verify-sig? ( sec-keys/openpgp-keys-sudo )"
 fi
 
 S="${WORKDIR}/${MY_P}"
@@ -62,21 +62,20 @@ DEPEND="
 	sasl? ( dev-libs/cyrus-sasl )
 	selinux? ( sys-libs/libselinux )
 	skey? ( >=sys-auth/skey-1.1.5-r1 )
-	ssl? ( dev-libs/openssl:0= )
+	ssl? ( dev-libs/openssl:= )
 	sssd? ( sys-auth/sssd[sudo] )
 "
-#Flatcar: Remove Perl runtime dependency
-#  ldap? ( dev-lang/perl )
 RDEPEND="
 	${DEPEND}
 	>=app-misc/editor-wrapper-3
 	virtual/editor
+	ldap? ( dev-lang/perl )
 	pam? ( sys-auth/pambase )
 	selinux? ( sec-policy/selinux-sudo )
 	sendmail? ( virtual/mta )
 "
 BDEPEND+="
-	sys-devel/bison
+	app-alternatives/yacc
 	virtual/pkgconfig
 "
 
@@ -216,8 +215,8 @@ src_install() {
 		doins "${T}"/ldap.conf.sudo
 		fperms 0440 /etc/ldap.conf.sudo
 
-		#Flatcar: we don't ship OpenLDAP schemas
-
+		insinto /etc/openldap/schema
+		newins docs/schema.OpenLDAP sudo.schema
 	fi
 
 	if use pam ; then
@@ -236,10 +235,6 @@ src_install() {
 
 	# bug #697812
 	find "${ED}" -type f -name "*.la" -delete || die
-
-	# Flatcar: Remove sudo.conf as it is shipped via baselayout
-	rm "${ED}/etc/sudo.conf" || die
-
 }
 
 pkg_postinst() {