main/sudo: security upgrade to 1.8.12 (CVE-2014-9680)

fixes #3987

3 files changed, 32 insertions, 16 deletions

diff --git a/main/sudo/APKBUILD b/main/sudo/APKBUILD
index b1dda153a0..f24bafbc5a 100644
--- a/main/sudo/APKBUILD
+++ b/main/sudo/APKBUILD
@@ -1,6 +1,6 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=sudo
-pkgver=1.8.7
+pkgver=1.8.12
 if [ "${pkgver%_*}" != "$pkgver" ]; then
 	_realver=${pkgver%_*}${pkgver#*_}
 else
@@ -11,11 +11,13 @@ pkgdesc="Give certain users the ability to run some commands as root"
 url="http://www.sudo.ws/sudo/"
 arch="all"
 license='custom ISC'
-makedepends="zlib-dev"
+makedepends="zlib-dev bash"
 depends=
 subpackages="$pkgname-doc $pkgname-dev"
 source="ftp://ftp.sudo.ws/pub/sudo/$pkgname-$_realver.tar.gz
-	libcrypt.patch"
+	libcrypt.patch
+	musl-fix-headers.patch
+	"
 
 _builddir="$srcdir"/$pkgname-$_realver
 prepare() {
@@ -44,11 +46,15 @@ package() {
 	# path components with bad permissions. fix this.
 	install -d -m0755 "$pkgdir"/var "$pkgdir"/var/db || return 1
 	make -j1 DESTDIR="$pkgdir" install || return 1
+	rm "$pkgdir"/usr/libexec/sudo/*.la
 }
 
-md5sums="a02367090e1dac8d0c1747de1127b6bf  sudo-1.8.7.tar.gz
-429d9613091f1f3f19ce8def5b3032b3  libcrypt.patch"
-sha256sums="39626cf3d48c4fd5a9139a2627d42bfefac7ce47f470bdba3aeb4e3d7c49566a  sudo-1.8.7.tar.gz
-80d16a0b4ee7b97eed6806c4cf2c1b04c9d2ae3ec550bc97ed44ff6db8c8d556  libcrypt.patch"
-sha512sums="c8058794d0f0e6390de69cb8e84dede0971ce9c05114e22bdbd79ebc1b47cd563b5081a275e4abf2a2cca8d8db5bfe2c47ad384734849c92e515eefff67c7ec8  sudo-1.8.7.tar.gz
-e4b236c2ee47e01222eed98c401861336d49a0c74a28219972c68763a4c9233a010b315850f9f2f4396205dc21c4ce4eeb5c95101464f4f3040b70d25bd2116c  libcrypt.patch"
+md5sums="87558f3a55c62bc9244b19594f103ffa  sudo-1.8.12.tar.gz
+048e1cc360537bcea5b74a874fd41674  libcrypt.patch
+5d43f046681bd7655cddc868c4e96cdb  musl-fix-headers.patch"
+sha256sums="163b51841de8ad19276581a6782d61f5948f1f72a0a843371a1c167d3dc4f3b0  sudo-1.8.12.tar.gz
+d26dc7aaa958d988bbb7efaa0118d23e06375cc90868d14d4b2620f55589cb41  libcrypt.patch
+49d1d94a64d1487c22d32b016d2bf5bb48d23013f0f206f690ad7474cab65ca6  musl-fix-headers.patch"
+sha512sums="1815343eceb7cfa6e37c961ce1c68cf96fc290356b92078d6d24a2c85d8b7a7236df78d3ff7f5e30eba492dc8407346d884e01c0b989eef4414156cfec80b67b  sudo-1.8.12.tar.gz
+5ad20254aa587ef615f794081ecd55344eada5cf8c1a1d7956cc3f73375554716c483eeb74081da9a8501afce92cfbaf2abe59d1067aac67ce6e4874eb5a23e1  libcrypt.patch
+0b585305c904ed8651999dcac8096a47c6af3edfb0b4857dc1b242efbed1393119d6e5ffb276751a53b6c2d55dc31eb77dcefe1864617f8e7d4ee9ba7b5cd186  musl-fix-headers.patch"
diff --git a/main/sudo/libcrypt.patch b/main/sudo/libcrypt.patch
index 0bab038632..e83b691134 100644
--- a/main/sudo/libcrypt.patch
+++ b/main/sudo/libcrypt.patch
@@ -1,11 +1,11 @@
 --- ./plugins/sudoers/Makefile.in.orig
 +++ ./plugins/sudoers/Makefile.in
-@@ -45,7 +45,7 @@
- # Libraries
- LIBS = $(top_builddir)/common/libcommon.la $(top_builddir)/@ac_config_libobj_dir@/libreplace.la
+@@ -52,7 +52,7 @@
+ LT_LIBS = $(top_builddir)/lib/util/libsudo_util.la
+ LIBS = $(LT_LIBS) @LIBINTL@
  NET_LIBS = @NET_LIBS@
--SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) @ZLIB@
-+SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) @ZLIB@ -lcrypt
+-SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) @ZLIB@ @LIBMD@
++SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) @ZLIB@ @LIBMD@ -lcrypt
  REPLAY_LIBS = @REPLAY_LIBS@ @ZLIB@
- 
- # C preprocessor flags
+ VISUDO_LIBS = $(NET_LIBS) @LIBMD@
+ TESTSUDOERS_LIBS = $(NET_LIBS) @LIBMD@
diff --git a/main/sudo/musl-fix-headers.patch b/main/sudo/musl-fix-headers.patch
new file mode 100644
index 0000000000..8ab84ad8ff
--- /dev/null
+++ b/main/sudo/musl-fix-headers.patch
@@ -0,0 +1,10 @@
+--- ./include/sudo_compat.h.orig
++++ ./include/sudo_compat.h
+@@ -27,6 +27,7 @@
+ # include <stddef.h>
+ #endif
+ #include <stdarg.h>
++#include <sys/types.h>
+ 
+ /*
+  * Macros and functions that may be missing on some operating systems.