* [PATCH][dunfell v2] sudo: 1.8.31 -> 1.8.32
@ 2021-02-16 15:01 Lee Chee Yang
2021-02-16 16:43 ` [OE-core] " Scott Murray
0 siblings, 1 reply; 2+ messages in thread
From: Lee Chee Yang @ 2021-02-16 15:01 UTC (permalink / raw)
To: openembedded-core
From: Lee Chee Yang <chee.yang.lee@intel.com>
release notes:
https://www.sudo.ws/legacy.html#1.8.32
updates include fixes for
CVE-2021-23239
CVE-2021-23240
Also backport patch to fix build error with musl
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
---
meta/recipes-extended/sudo/sudo.inc | 2 +-
...Fix-includes-when-building-with-musl.patch | 29 +++++++++++++++++++
.../sudo/{sudo_1.8.31.bb => sudo_1.8.32.bb} | 5 ++--
3 files changed, 33 insertions(+), 3 deletions(-)
create mode 100644 meta/recipes-extended/sudo/sudo/0001-Fix-includes-when-building-with-musl.patch
rename meta/recipes-extended/sudo/{sudo_1.8.31.bb => sudo_1.8.32.bb} (89%)
diff --git a/meta/recipes-extended/sudo/sudo.inc b/meta/recipes-extended/sudo/sudo.inc
index 5d27d46928..aeedfc1a23 100644
--- a/meta/recipes-extended/sudo/sudo.inc
+++ b/meta/recipes-extended/sudo/sudo.inc
@@ -4,7 +4,7 @@ HOMEPAGE = "http://www.sudo.ws"
BUGTRACKER = "http://www.sudo.ws/bugs/"
SECTION = "admin"
LICENSE = "ISC & BSD & Zlib"
-LIC_FILES_CHKSUM = "file://doc/LICENSE;md5=4d1b44b1576eea036d78b8cc961aa93d \
+LIC_FILES_CHKSUM = "file://doc/LICENSE;md5=07966675feaddba70cc812895b248230 \
file://plugins/sudoers/redblack.c;beginline=1;endline=46;md5=03e35317699ba00b496251e0dfe9f109 \
file://lib/util/reallocarray.c;beginline=3;endline=15;md5=397dd45c7683e90b9f8bf24638cf03bf \
file://lib/util/fnmatch.c;beginline=3;endline=27;md5=004d7d2866ba1f5b41174906849d2e0f \
diff --git a/meta/recipes-extended/sudo/sudo/0001-Fix-includes-when-building-with-musl.patch b/meta/recipes-extended/sudo/sudo/0001-Fix-includes-when-building-with-musl.patch
new file mode 100644
index 0000000000..6ee2d5c11e
--- /dev/null
+++ b/meta/recipes-extended/sudo/sudo/0001-Fix-includes-when-building-with-musl.patch
@@ -0,0 +1,29 @@
+From f4e9e4337f8844d199515ff2b762c914dd254cbd Mon Sep 17 00:00:00 2001
+From: Dan Robertson <dan@dlrobertson.com>
+Date: Sat, 16 May 2020 00:12:44 +0000
+Subject: [PATCH] Fix includes when building with musl
+
+Include sys/types.h for mode_t and id_t in sudo_debug.h
+
+Upstream-Status: Backport [https://github.com/sudo-project/sudo/commit/f4e9e4337f8844d199515ff2b762c914dd254cbd]
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+
+---
+ include/sudo_debug.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/include/sudo_debug.h b/include/sudo_debug.h
+index 180f2096f..0124b0b19 100644
+--- a/include/sudo_debug.h
++++ b/include/sudo_debug.h
+@@ -25,6 +25,7 @@
+ #else
+ # include "compat/stdbool.h"
+ #endif
++#include <sys/types.h>
+ #include "sudo_queue.h"
+
+ /*
+--
+2.25.1
+
diff --git a/meta/recipes-extended/sudo/sudo_1.8.31.bb b/meta/recipes-extended/sudo/sudo_1.8.32.bb
similarity index 89%
rename from meta/recipes-extended/sudo/sudo_1.8.31.bb
rename to meta/recipes-extended/sudo/sudo_1.8.32.bb
index 39d8817c32..8d16ec2538 100644
--- a/meta/recipes-extended/sudo/sudo_1.8.31.bb
+++ b/meta/recipes-extended/sudo/sudo_1.8.32.bb
@@ -3,12 +3,13 @@ require sudo.inc
SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \
${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
file://0001-Include-sys-types.h-for-id_t-definition.patch \
+ file://0001-Fix-includes-when-building-with-musl.patch \
"
PAM_SRC_URI = "file://sudo.pam"
-SRC_URI[md5sum] = "ce17ff6e72a70f8d5dabba8abf3cd2de"
-SRC_URI[sha256sum] = "7ea8d97a3cee4c844e0887ea7a1bd80eb54cc98fd77966776cb1a80653ad454f"
+SRC_URI[md5sum] = "a7318202ba391079a0e32933f0fb8bd6"
+SRC_URI[sha256sum] = "5ce3c18c5efbecd5437a0945f314f1822423eaf9a2d7eb7ecf80857bc32246c5"
DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
RDEPENDS_${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}"
--
2.17.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [OE-core] [PATCH][dunfell v2] sudo: 1.8.31 -> 1.8.32
2021-02-16 15:01 [PATCH][dunfell v2] sudo: 1.8.31 -> 1.8.32 Lee Chee Yang
@ 2021-02-16 16:43 ` Scott Murray
0 siblings, 0 replies; 2+ messages in thread
From: Scott Murray @ 2021-02-16 16:43 UTC (permalink / raw)
To: Lee Chee Yang; +Cc: openembedded-core
On Tue, 16 Feb 2021, Lee Chee Yang wrote:
> From: Lee Chee Yang <chee.yang.lee@intel.com>
>
> release notes:
> https://www.sudo.ws/legacy.html#1.8.32
>
> updates include fixes for
> CVE-2021-23239
> CVE-2021-23240
>
> Also backport patch to fix build error with musl
>
> Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Please also mention CVE-2021-3156 in the commit message, the release notes
for 1.8.32 indicate the fix for that is included as well as 23239 and 23240.
Scott
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-02-16 16:43 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-16 15:01 [PATCH][dunfell v2] sudo: 1.8.31 -> 1.8.32 Lee Chee Yang
2021-02-16 16:43 ` [OE-core] " Scott Murray
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.