| ttps://www.sudo.ws/pipermail/sudo-workers/2023-April/001387.html |
| https://github.com/sudo-project/sudo/commit/b83140e0f18fb27d310a4839a14f5c3febd2770b |
| https://github.com/sudo-project/sudo/commit/075ee0f9dc234f9a7e680b16304809e5546965d5 |
| |
| From b83140e0f18fb27d310a4839a14f5c3febd2770b Mon Sep 17 00:00:00 2001 |
| From: "Todd C. Miller" <Todd.Miller@sudo.ws> |
| Date: Wed, 26 Apr 2023 11:10:46 -0600 |
| Subject: [PATCH] Use ldap_msgfree() instead of ldap_init() for the lber.h |
| test. The ldap_init() function is marked as deprecated and not defined by |
| default on some systems. This can cause an error for compilers that do not |
| support implicit function declarations. From Florian Weimer. |
| |
| --- a/configure |
| +++ b/configure |
| @@ -31515,7 +31515,7 @@ else case e in #( |
| int |
| main (void) |
| { |
| -(void)ldap_init(0, 0) |
| +return ldap_msgfree(NULL) |
| ; |
| return 0; |
| } |
| --- a/m4/ldap.m4 |
| +++ b/m4/ldap.m4 |
| @@ -52,7 +52,7 @@ AC_DEFUN([SUDO_CHECK_LDAP], [ |
| #include <lber.h>]) |
| AC_CACHE_CHECK([whether lber.h is needed when including ldap.h], [sudo_cv_header_lber_h], [ |
| AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h> |
| -#include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [ |
| +#include <ldap.h>]], [[return ldap_msgfree(NULL)]])], [ |
| # No need to explicitly include lber.h when including ldap.h. |
| sudo_cv_header_lber_h=no |
| ], [ |
| |
| From 075ee0f9dc234f9a7e680b16304809e5546965d5 Mon Sep 17 00:00:00 2001 |
| From: "Todd C. Miller" <Todd.Miller@sudo.ws> |
| Date: Wed, 26 Apr 2023 12:44:10 -0600 |
| Subject: [PATCH] Add missing stdio.h include for the _FORTIFY_SOURCE=2 check. |
| Implementations of _FORTIFY_SOURCE require the header file to be included. |
| Also remove the useless test of an empty program with _FORTIFY_SOURCE |
| defined. Pointed out by Florian Weimer. |
| |
| --- a/configure |
| +++ b/configure |
| @@ -34207,33 +34207,11 @@ else case e in #( |
| e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext |
| /* end confdefs.h. */ |
| |
| - |
| -int |
| -main (void) |
| -{ |
| -char buf[4]; (void)sprintf(buf, "%s", "foo"); |
| - |
| - ; |
| - return 0; |
| -} |
| -_ACEOF |
| -if ac_fn_c_try_link "$LINENO" |
| -then : |
| - sudo_cv_use_fortify_source=yes |
| -else case e in #( |
| - e) sudo_cv_use_fortify_source=no |
| - ;; |
| -esac |
| -fi |
| -rm -f core conftest.err conftest.$ac_objext conftest.beam \ |
| - conftest$ac_exeext conftest.$ac_ext |
| - |
| - cat confdefs.h - <<_ACEOF >conftest.$ac_ext |
| -/* end confdefs.h. */ |
| - |
| + #include <stdio.h> |
| int |
| main (void) |
| { |
| +char buf[4]; sprintf(buf, "%s", "foo"); return buf[0]; |
| |
| ; |
| return 0; |
| --- a/m4/hardening.m4 |
| +++ b/m4/hardening.m4 |
| @@ -10,18 +10,13 @@ AC_DEFUN([SUDO_CHECK_HARDENING], [ |
| [sudo_cv_use_fortify_source], |
| [AC_LINK_IFELSE([ |
| AC_LANG_PROGRAM( |
| - [[]], [[char buf[4]; (void)sprintf(buf, "%s", "foo");]] |
| + [[#include <stdio.h>]], |
| + [[char buf[4]; sprintf(buf, "%s", "foo"); return buf[0];]] |
| )], |
| [sudo_cv_use_fortify_source=yes], |
| [sudo_cv_use_fortify_source=no] |
| ) |
| ] |
| - [AC_LINK_IFELSE( |
| - [AC_LANG_PROGRAM([[]], [[]])], |
| - [sudo_cv_use_fortify_source=yes], |
| - [sudo_cv_use_fortify_source=no] |
| - ) |
| - ] |
| ) |
| if test "$sudo_cv_use_fortify_source" != yes; then |
| CPPFLAGS="$O_CPPFLAGS" |
| |