ttps://www.sudo.ws/pipermail/sudo-workers/2023-April/001387.html https://github.com/sudo-project/sudo/commit/b83140e0f18fb27d310a4839a14f5c3febd2770b https://github.com/sudo-project/sudo/commit/075ee0f9dc234f9a7e680b16304809e5546965d5 From b83140e0f18fb27d310a4839a14f5c3febd2770b Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Wed, 26 Apr 2023 11:10:46 -0600 Subject: [PATCH] Use ldap_msgfree() instead of ldap_init() for the lber.h test. The ldap_init() function is marked as deprecated and not defined by default on some systems. This can cause an error for compilers that do not support implicit function declarations. From Florian Weimer. --- a/configure +++ b/configure @@ -31515,7 +31515,7 @@ else case e in #( int main (void) { -(void)ldap_init(0, 0) +return ldap_msgfree(NULL) ; return 0; } --- a/m4/ldap.m4 +++ b/m4/ldap.m4 @@ -52,7 +52,7 @@ AC_DEFUN([SUDO_CHECK_LDAP], [ #include ]) AC_CACHE_CHECK([whether lber.h is needed when including ldap.h], [sudo_cv_header_lber_h], [ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include -#include ]], [[(void)ldap_init(0, 0)]])], [ +#include ]], [[return ldap_msgfree(NULL)]])], [ # No need to explicitly include lber.h when including ldap.h. sudo_cv_header_lber_h=no ], [ From 075ee0f9dc234f9a7e680b16304809e5546965d5 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Wed, 26 Apr 2023 12:44:10 -0600 Subject: [PATCH] Add missing stdio.h include for the _FORTIFY_SOURCE=2 check. Implementations of _FORTIFY_SOURCE require the header file to be included. Also remove the useless test of an empty program with _FORTIFY_SOURCE defined. Pointed out by Florian Weimer. --- a/configure +++ b/configure @@ -34207,33 +34207,11 @@ else case e in #( e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - -int -main (void) -{ -char buf[4]; (void)sprintf(buf, "%s", "foo"); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO" -then : - sudo_cv_use_fortify_source=yes -else case e in #( - e) sudo_cv_use_fortify_source=no - ;; -esac -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam \ - conftest$ac_exeext conftest.$ac_ext - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - + #include int main (void) { +char buf[4]; sprintf(buf, "%s", "foo"); return buf[0]; ; return 0; --- a/m4/hardening.m4 +++ b/m4/hardening.m4 @@ -10,18 +10,13 @@ AC_DEFUN([SUDO_CHECK_HARDENING], [ [sudo_cv_use_fortify_source], [AC_LINK_IFELSE([ AC_LANG_PROGRAM( - [[]], [[char buf[4]; (void)sprintf(buf, "%s", "foo");]] + [[#include ]], + [[char buf[4]; sprintf(buf, "%s", "foo"); return buf[0];]] )], [sudo_cv_use_fortify_source=yes], [sudo_cv_use_fortify_source=no] ) ] - [AC_LINK_IFELSE( - [AC_LANG_PROGRAM([[]], [[]])], - [sudo_cv_use_fortify_source=yes], - [sudo_cv_use_fortify_source=no] - ) - ] ) if test "$sudo_cv_use_fortify_source" != yes; then CPPFLAGS="$O_CPPFLAGS"