main/sudo: security upgrade to 1.8.12 (CVE-2014-9680)

fixes #3988
author: Natanael Copa <ncopa@alpinelinux.org> 2015-03-17 08:22:46 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2015-03-17 08:22:46 +0000
commit: b1df3371d233b3c91a9e14e1ff2650f07e2d38d3 (patch)
tree: e5be86e101fd947c5a5ff6999130defd72813024
parent: 59bdfedfe50d0ec2ca461d76faaf6b5aae104fa4 (diff)
4 files changed, 44 insertions, 29 deletions
diff --git a/main/sudo/APKBUILD b/main/sudo/APKBUILD
index c79cdda9ffc..cb54a95883d 100644
--- a/main/sudo/APKBUILD
+++ b/main/sudo/APKBUILD
@@ -1,6 +1,6 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=sudo
-pkgver=1.8.8
+pkgver=1.8.12
 if [ "${pkgver%_*}" != "$pkgver" ]; then
 	_realver=${pkgver%_*}${pkgver#*_}
 else
@@ -11,17 +11,18 @@ pkgdesc="Give certain users the ability to run some commands as root"
 url="http://www.sudo.ws/sudo/"
 arch="all"
 license='custom ISC'
-makedepends="zlib-dev"
+makedepends="zlib-dev bash"
 depends=
 subpackages="$pkgname-doc $pkgname-dev"
 source="ftp://ftp.sudo.ws/pub/sudo/$pkgname-$_realver.tar.gz
 	fix-cross-compile.patch
-	libcrypt.patch"
+	libcrypt.patch
+	musl-fix-headers.patch
+	"
 
 _builddir="$srcdir"/$pkgname-$_realver
 prepare() {
 	cd "$_builddir"
-	update_config_sub || return 1
 	for i in $source; do
 		case $i in
 		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
@@ -49,14 +50,18 @@ package() {
 	# path components with bad permissions. fix this.
 	install -d -m0755 "$pkgdir"/var "$pkgdir"/var/db || return 1
 	make -j1 DESTDIR="$pkgdir" install || return 1
+	rm "$pkgdir"/usr/libexec/sudo/*.la
 }
 
-md5sums="fc4f074090afd56d9ff4ff4e97321971  sudo-1.8.8.tar.gz
-44a4afb9ac22947ad6a05777ce66c5fc  fix-cross-compile.patch
-429d9613091f1f3f19ce8def5b3032b3  libcrypt.patch"
-sha256sums="9f911c1e9297fb8006deb52fa81197a8d06b9d54e70672f723c467ecae992fc9  sudo-1.8.8.tar.gz
-d40eaf27f9bcc4d2151c3133fe12efcf29fe496a4d72dabe22661cf311943f59  fix-cross-compile.patch
-80d16a0b4ee7b97eed6806c4cf2c1b04c9d2ae3ec550bc97ed44ff6db8c8d556  libcrypt.patch"
-sha512sums="e56ea849c2e6470a3d97fc76bde6af145938cf2df4d17f3faef00368262d8e2dd5bcc7e3adf490e853e23466b15638000a527156bd694ce4980003d751c896d5  sudo-1.8.8.tar.gz
-f9257262b32365f1ee8914781f917fc425229f88d3d8df0f33ebb2cfbf0ad8d41a6ea83b15b2c74b1f5728b380bcd1e92ca58e138717e5104a35c2fc8a376ea1  fix-cross-compile.patch
-e4b236c2ee47e01222eed98c401861336d49a0c74a28219972c68763a4c9233a010b315850f9f2f4396205dc21c4ce4eeb5c95101464f4f3040b70d25bd2116c  libcrypt.patch"
+md5sums="87558f3a55c62bc9244b19594f103ffa  sudo-1.8.12.tar.gz
+91e1a494af992cc9e598f8bb715a13c9  fix-cross-compile.patch
+048e1cc360537bcea5b74a874fd41674  libcrypt.patch
+5d43f046681bd7655cddc868c4e96cdb  musl-fix-headers.patch"
+sha256sums="163b51841de8ad19276581a6782d61f5948f1f72a0a843371a1c167d3dc4f3b0  sudo-1.8.12.tar.gz
+7683c69c977b276882922b826b9166bc0ec8c82e1ca8c97d6d93f4738c0c6a5e  fix-cross-compile.patch
+d26dc7aaa958d988bbb7efaa0118d23e06375cc90868d14d4b2620f55589cb41  libcrypt.patch
+49d1d94a64d1487c22d32b016d2bf5bb48d23013f0f206f690ad7474cab65ca6  musl-fix-headers.patch"
+sha512sums="1815343eceb7cfa6e37c961ce1c68cf96fc290356b92078d6d24a2c85d8b7a7236df78d3ff7f5e30eba492dc8407346d884e01c0b989eef4414156cfec80b67b  sudo-1.8.12.tar.gz
+4da8baf526dc7b7dac5cc067e52d5ae464b82337ac5d520641b3d93af2cfa4f2d3897f4e6602f988a194b7260e3edea9c57ccfc07a3eed7e9967956851997950  fix-cross-compile.patch
+5ad20254aa587ef615f794081ecd55344eada5cf8c1a1d7956cc3f73375554716c483eeb74081da9a8501afce92cfbaf2abe59d1067aac67ce6e4874eb5a23e1  libcrypt.patch
+0b585305c904ed8651999dcac8096a47c6af3edfb0b4857dc1b242efbed1393119d6e5ffb276751a53b6c2d55dc31eb77dcefe1864617f8e7d4ee9ba7b5cd186  musl-fix-headers.patch"
diff --git a/main/sudo/fix-cross-compile.patch b/main/sudo/fix-cross-compile.patch
index 89fcd043f1e..f9993fa8800 100644
--- a/main/sudo/fix-cross-compile.patch
+++ b/main/sudo/fix-cross-compile.patch
@@ -1,15 +1,15 @@
---- sudo-1.8.7/compat/Makefile.in.orig
-+++ sudo-1.8.7/compat/Makefile.in
-@@ -93,10 +93,10 @@
+--- ./lib/util/Makefile.in.orig
++++ ./lib/util/Makefile.in
+@@ -148,10 +148,10 @@
  	./mksigname > $@
  
- mksiglist: $(srcdir)/mksiglist.c $(srcdir)/mksiglist.h $(incdir)/missing.h $(top_builddir)/config.h
--	$(CC) $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/mksiglist.c -o $@
+ mksiglist: $(srcdir)/mksiglist.c $(srcdir)/mksiglist.h $(incdir)/sudo_compat.h $(top_builddir)/config.h
+-	$(CC) $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/mksiglist.c -o $@
 +	$${HOSTCC:-gcc} -I$(incdir) -I$(top_builddir) -I$(top_srcdir) $(DEFS) $(srcdir)/mksiglist.c -o $@
  
- mksigname: $(srcdir)/mksigname.c $(srcdir)/mksigname.h $(incdir)/missing.h $(top_builddir)/config.h
--	$(CC) $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/mksigname.c -o $@
+ mksigname: $(srcdir)/mksigname.c $(srcdir)/mksigname.h $(incdir)/sudo_compat.h $(top_builddir)/config.h
+-	$(CC) $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/mksigname.c -o $@
 +	$${HOSTCC:-gcc} -I$(incdir) -I$(top_builddir) -I$(top_srcdir) $(DEFS) $(srcdir)/mksigname.c -o $@
  
- fnm_test: fnm_test.o libreplace.la
- 	$(LIBTOOL) --mode=link $(CC) -o $@ fnm_test.o libreplace.la $(PIE_LDFLAGS) $(SSP_LDFLAGS)
+ $(srcdir)/mksiglist.h: $(srcdir)/siglist.in
+ 	@if [ -n "$(DEVEL)" ]; then \
diff --git a/main/sudo/libcrypt.patch b/main/sudo/libcrypt.patch
index 0bab0386320..e83b691134d 100644
--- a/main/sudo/libcrypt.patch
+++ b/main/sudo/libcrypt.patch
@@ -1,11 +1,11 @@
 --- ./plugins/sudoers/Makefile.in.orig
 +++ ./plugins/sudoers/Makefile.in
-@@ -45,7 +45,7 @@
- # Libraries
- LIBS = $(top_builddir)/common/libcommon.la $(top_builddir)/@ac_config_libobj_dir@/libreplace.la
+@@ -52,7 +52,7 @@
+ LT_LIBS = $(top_builddir)/lib/util/libsudo_util.la
+ LIBS = $(LT_LIBS) @LIBINTL@
  NET_LIBS = @NET_LIBS@
--SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) @ZLIB@
-+SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) @ZLIB@ -lcrypt
+-SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) @ZLIB@ @LIBMD@
++SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) @ZLIB@ @LIBMD@ -lcrypt
  REPLAY_LIBS = @REPLAY_LIBS@ @ZLIB@
- 
- # C preprocessor flags
+ VISUDO_LIBS = $(NET_LIBS) @LIBMD@
+ TESTSUDOERS_LIBS = $(NET_LIBS) @LIBMD@
diff --git a/main/sudo/musl-fix-headers.patch b/main/sudo/musl-fix-headers.patch
new file mode 100644
index 00000000000..8ab84ad8ff2
--- /dev/null
+++ b/main/sudo/musl-fix-headers.patch
@@ -0,0 +1,10 @@
+--- ./include/sudo_compat.h.orig
++++ ./include/sudo_compat.h
+@@ -27,6 +27,7 @@
+ # include <stddef.h>
+ #endif
+ #include <stdarg.h>
++#include <sys/types.h>
+ 
+ /*
+  * Macros and functions that may be missing on some operating systems.
author	Natanael Copa <ncopa@alpinelinux.org>	2015-03-17 08:22:46 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2015-03-17 08:22:46 +0000
commit	b1df3371d233b3c91a9e14e1ff2650f07e2d38d3 (patch)
tree	e5be86e101fd947c5a5ff6999130defd72813024
parent	59bdfedfe50d0ec2ca461d76faaf6b5aae104fa4 (diff)