Verified Commit 17f33fb0 authored by Max Rees's avatar Max Rees

system/sudo: [CVE] bump to 1.8.28

parent 004fc26d
......@@ -3,7 +3,7 @@
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Horst Burkhardt <horst@adelielinux.org>
pkgname=sudo
pkgver=1.8.27
pkgver=1.8.28
if [ "${pkgver%_*}" != "$pkgver" ]; then
_realver=${pkgver%_*}${pkgver#*_}
else
......@@ -23,13 +23,15 @@ subpackages="$pkgname-doc $pkgname-dev $pkgname-lang"
source="https://www.sudo.ws/dist/sudo-${_realver}.tar.gz
fix-cross-compile.patch
musl-fix-headers.patch
test-suite.patch
SIGUNUSED.patch
"
builddir="$srcdir"/$pkgname-$_realver
# secfixes:
# 1.8.20_p2-r0:
# - CVE-2017-1000368
# - CVE-2017-1000368
# 1.8.28:
# - CVE-2019-14287
build() {
./configure \
......@@ -43,6 +45,11 @@ build() {
--with-pam \
--without-skey \
--with-passprompt="[sudo] Password for %p: "
# Workaround until SIGUNUSED.patch is not needed anymore
rm lib/util/mksiglist.h lib/util/mksigname.h
make -C lib/util DEVEL=1 mksiglist.h mksigname.h
make
}
......@@ -58,7 +65,7 @@ package() {
rm -rf "$pkgdir"/var/run
}
sha512sums="0480def650ab880ab9e6c51c606a06897fd638f0381e99c038f5aa47d064aaa2fb35b73eee7f86e73185e18d5dbb8b6ba49c616b1785a1edb2dd6d7b2fa4fcac sudo-1.8.27.tar.gz
sha512sums="09e589cdfd18d7c43b0859a0e11c008b3cb995ae4f8c89c717c5242db9e5696361eb574ebe74a0b5316afffb3a8037f7a7f3c249176e8ed9caffeb4cd860ddc7 sudo-1.8.28.tar.gz
f0f462f40502da2194310fe4a72ec1a16ba40f95a821ba9aa6aabaa423d28c4ab26b684afa7fb81c2407cf60de9327bdab01de51b878c5d4de49b0d62645f53c fix-cross-compile.patch
dcc03abdd672c934f90dfd3683b3f81a8d39cfff91307d2dbd20a31a852022ab605d034c4fe11860ba99b78d391a9812fca1d6e052620b8ff2c42e4f0c7a1a62 musl-fix-headers.patch
3feb9f586fb36cdddaf61523926554533d73b4b03e7bfe5da40b754d68c4cc58c796310cc3a3419dd0d87d30d836d5f9921f5ea3c7c7a0099626f49c161279dc test-suite.patch"
2733c220ccbdaf61a32d8c72a5bc0209673733014f0d71b568f1523b71416e9d1754dd8c95bc6cd99aa7f935ed6e93c5f19b1a1dbb7dfc2daf9917fd37f96e78 SIGUNUSED.patch"
--- sudo-1.8.28/lib/util/siglist.in 2019-10-10 11:32:54.000000000 -0500
+++ sudo-1.8.28/lib/util/siglist.in 2019-10-14 16:42:46.259938722 -0500
@@ -17,11 +17,12 @@
EMT EMT trap
FPE Floating point exception
KILL Killed
+# before UNUSED (musl defines them as the same number)
+ SYS Bad system call
# before BUS (Older Linux doesn't really have a BUS, but defines it to UNUSED)
UNUSED Unused
BUS Bus error
SEGV Memory fault
- SYS Bad system call
PIPE Broken pipe
ALRM Alarm clock
TERM Terminated
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment