From 1ec00fcfcd952a3a1fa138cfbf2ecfe603702b81 Mon Sep 17 00:00:00 2001
From: Dongsu Park <dpark@linux.microsoft.com>
Date: Thu, 2 Feb 2023 14:07:42 +0100
Subject: [PATCH 1/3] app-admin/sudo: update to 1.9.12_p2

Update app-admin/sudo to 1.9.12_p2 mainly to address CVE-2023-22809.

Gentoo ref: ad2ac1d9c75f49275d32b857fefd43a5358192eb
---
 .../coreos-overlay/app-admin/sudo/Manifest        |  4 ++--
 .../coreos-overlay/app-admin/sudo/README.md       |  8 --------
 ...udo-1.9.12_p1.ebuild => sudo-1.9.12_p2.ebuild} | 15 +++++----------
 3 files changed, 7 insertions(+), 20 deletions(-)
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-admin/sudo/README.md
 rename sdk_container/src/third_party/coreos-overlay/app-admin/sudo/{sudo-1.9.12_p1.ebuild => sudo-1.9.12_p2.ebuild} (95%)

diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/Manifest b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/Manifest
index 93ce11858b..b9cba5d253 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/Manifest
@@ -1,2 +1,2 @@
-DIST sudo-1.9.12p1.tar.gz 4908060 BLAKE2B 976d00fb16b0d26b2714a188e379ccba102e0fa67b8ec6278e5435728af0cc9ba23d63db64a87d4e14d59cd52d3f62401943eb7c0f9c33317179ff764a9f950c SHA512 6f564112aa1e0e9cd223adb280bd430d513109c031e52deca308501234dedc0d7418f13cbb9b4249ac58d997cfdae1908c280c26733acbc55dbf9db45dff239a
-DIST sudo-1.9.12p1.tar.gz.sig 566 BLAKE2B 09f51a9f8eddaafc83bc5faac84ef0c0c37148beec025c777c1a19fd6ca88ecf354390f3557c31c74d13944093eb0ad921a2b7bdff04415f901fee549617e5f8 SHA512 6ec0596ad69fd6afc95d15a6e0ff871449e4534a651311371a4a604c258a34af6b41202cd2c636213d3128a811c5824338454cad764e1c05413ef02b551b7ae2
+DIST sudo-1.9.12p2.tar.gz 4909431 BLAKE2B 79eac710b757acae7aa98e6e6f495a475e5236be456e4687fb1441345ee296672ff80a5a60902cffcd257aa81a01fbc3857f3c52e51bb46f56c060fd299e0c05 SHA512 5e035246137d5820691f7ddfc13faec3886e3cf1563ed56633667d86ab4f1306f34cc0e27808f56790b6c6a4614826e54c5b7e47b31eb009b96dde3e52170c45
+DIST sudo-1.9.12p2.tar.gz.sig 566 BLAKE2B fa679038c33d2bf1476b56944872d3a18b66bf5c5fb2e660d1f8777cdb209928912ddd8d89d878bd2218df3acd1e7fee5aa850e8d01a1cfac6ab310c788149fa SHA512 0b2f10488c44bfcd94eed97002865d89f4a03a92ef3b890fac3121ef0f9e6c55387771ddead1a94dc92d85c35e3d28b4730f35cdc2aafb51128594555ea29876
diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/README.md b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/README.md
deleted file mode 100644
index c90febe8b2..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/README.md
+++ /dev/null
@@ -1,8 +0,0 @@
-## Flatcar changes
-- Remove Perl Runtime Dependency
-- Remove OpenLDAP schema files for sudo
-```
-insinto /etc/openldap/schema
-newins doc/schema.OpenLDAP sudo.schema
-```
-- Remove sudo.conf file as it is shipped via baselayout
diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.9.12_p1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.9.12_p2.ebuild
similarity index 95%
rename from sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.9.12_p1.ebuild
rename to sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.9.12_p2.ebuild
index a54b4252c1..a609ac9408 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.9.12_p1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.9.12_p2.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
@@ -33,7 +33,7 @@ else
 	"
 
 	if [[ ${PV} != *_beta* && ${PV} != *_rc* ]] ; then
-		KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~sparc-solaris"
+		KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~sparc-solaris"
 	fi
 
 	BDEPEND+="verify-sig? ( sec-keys/openpgp-keys-sudo )"
@@ -65,12 +65,11 @@ DEPEND="
 	ssl? ( dev-libs/openssl:0= )
 	sssd? ( sys-auth/sssd[sudo] )
 "
-#Flatcar: Remove Perl runtime dependency
-#  ldap? ( dev-lang/perl )
 RDEPEND="
 	${DEPEND}
 	>=app-misc/editor-wrapper-3
 	virtual/editor
+	ldap? ( dev-lang/perl )
 	pam? ( sys-auth/pambase )
 	selinux? ( sec-policy/selinux-sudo )
 	sendmail? ( virtual/mta )
@@ -216,8 +215,8 @@ src_install() {
 		doins "${T}"/ldap.conf.sudo
 		fperms 0440 /etc/ldap.conf.sudo
 
-		#Flatcar: we don't ship OpenLDAP schemas
-
+		insinto /etc/openldap/schema
+		newins docs/schema.OpenLDAP sudo.schema
 	fi
 
 	if use pam ; then
@@ -236,10 +235,6 @@ src_install() {
 
 	# bug #697812
 	find "${ED}" -type f -name "*.la" -delete || die
-
-	# Flatcar: Remove sudo.conf as it is shipped via baselayout
-	rm "${ED}/etc/sudo.conf" || die
-
 }
 
 pkg_postinst() {

From 1ae0c615286608a2eb0538807d8fde2b87ea9838 Mon Sep 17 00:00:00 2001
From: Sayan Chowdhury <schowdhury@microsoft.com>
Date: Mon, 20 Jun 2022 21:01:24 +0530
Subject: [PATCH 2/3] app-admin/sudo: Apply Flatcar patches

- Remove Perl Runtime Dependency
- Remove OpenLDAP schema files for sudo
- Remove sudo.conf file as it is shipped via baselayout

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
---
 .../coreos-overlay/app-admin/sudo/README.md           |  8 ++++++++
 .../app-admin/sudo/sudo-1.9.12_p2.ebuild              | 11 ++++++++---
 2 files changed, 16 insertions(+), 3 deletions(-)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/app-admin/sudo/README.md

diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/README.md b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/README.md
new file mode 100644
index 0000000000..c90febe8b2
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/README.md
@@ -0,0 +1,8 @@
+## Flatcar changes
+- Remove Perl Runtime Dependency
+- Remove OpenLDAP schema files for sudo
+```
+insinto /etc/openldap/schema
+newins doc/schema.OpenLDAP sudo.schema
+```
+- Remove sudo.conf file as it is shipped via baselayout
diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.9.12_p2.ebuild b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.9.12_p2.ebuild
index a609ac9408..ea00511120 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.9.12_p2.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.9.12_p2.ebuild
@@ -65,11 +65,12 @@ DEPEND="
 	ssl? ( dev-libs/openssl:0= )
 	sssd? ( sys-auth/sssd[sudo] )
 "
+#Flatcar: Remove Perl runtime dependency
+#  ldap? ( dev-lang/perl )
 RDEPEND="
 	${DEPEND}
 	>=app-misc/editor-wrapper-3
 	virtual/editor
-	ldap? ( dev-lang/perl )
 	pam? ( sys-auth/pambase )
 	selinux? ( sec-policy/selinux-sudo )
 	sendmail? ( virtual/mta )
@@ -215,8 +216,8 @@ src_install() {
 		doins "${T}"/ldap.conf.sudo
 		fperms 0440 /etc/ldap.conf.sudo
 
-		insinto /etc/openldap/schema
-		newins docs/schema.OpenLDAP sudo.schema
+		#Flatcar: we don't ship OpenLDAP schemas
+
 	fi
 
 	if use pam ; then
@@ -235,6 +236,10 @@ src_install() {
 
 	# bug #697812
 	find "${ED}" -type f -name "*.la" -delete || die
+
+	# Flatcar: Remove sudo.conf as it is shipped via baselayout
+	rm "${ED}/etc/sudo.conf" || die
+
 }
 
 pkg_postinst() {

From 382efa98fdb4ff799646481ffb28b781bb6e36af Mon Sep 17 00:00:00 2001
From: Dongsu Park <dpark@linux.microsoft.com>
Date: Thu, 2 Feb 2023 14:16:04 +0100
Subject: [PATCH 3/3] changelog: add changelog for sudo 1.9.12_p2

---
 .../changelog/security/2023-02-02-sudo-1.9.12_p2.md              | 1 +
 .../changelog/updates/2023-02-02-sudo-1.9.12_p2.md               | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/changelog/security/2023-02-02-sudo-1.9.12_p2.md
 create mode 100644 sdk_container/src/third_party/coreos-overlay/changelog/updates/2023-02-02-sudo-1.9.12_p2.md

diff --git a/sdk_container/src/third_party/coreos-overlay/changelog/security/2023-02-02-sudo-1.9.12_p2.md b/sdk_container/src/third_party/coreos-overlay/changelog/security/2023-02-02-sudo-1.9.12_p2.md
new file mode 100644
index 0000000000..49ade26cc7
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/changelog/security/2023-02-02-sudo-1.9.12_p2.md
@@ -0,0 +1 @@
+- sudo ([CVE-2023-22809](https://nvd.nist.gov/vuln/detail/CVE-2023-22809))
diff --git a/sdk_container/src/third_party/coreos-overlay/changelog/updates/2023-02-02-sudo-1.9.12_p2.md b/sdk_container/src/third_party/coreos-overlay/changelog/updates/2023-02-02-sudo-1.9.12_p2.md
new file mode 100644
index 0000000000..e966f0ea8a
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/changelog/updates/2023-02-02-sudo-1.9.12_p2.md
@@ -0,0 +1 @@
+- sudo ([1.9.12_p2](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_12p2))