main/sudo: security upgrade to 1.9.5p2 (CVE-2021-3156)

No patches are available for 1.8.27 See #12356

main/sudo: security upgrade to 1.9.5p2 (CVE-2021-3156)
No patches are available for 1.8.27 See #12356
7889ff1c · Kevin Daudt · e8d9a025 · 7889ff1c · 7889ff1c
Commit 7889ff1c authored Apr 19, 2021 by Kevin Daudt 💻
--- a/main/sudo/APKBUILD
+++ b/main/sudo/APKBUILD
@@ -2,13 +2,13 @@
 # Contributor: Łukasz Jendrysik <scadu@yandex.com>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=sudo
-pkgver=1.8.27
+pkgver=1.9.5p2
 if [ "${pkgver%_*}" != "$pkgver" ]; then
 	_realver=${pkgver%_*}${pkgver#*_}
 else
 	_realver=$pkgver
 fi
-pkgrel=2
+pkgrel=0
 pkgdesc="Give certain users the ability to run some commands as root"
 url="https://www.sudo.ws/sudo/"
 arch="all"
@@ -18,21 +18,21 @@ depends=
 subpackages="$pkgname-doc $pkgname-dev"
 source="https://www.sudo.ws/dist/sudo-${_realver}.tar.gz
 	fix-cross-compile.patch
-	fix-tests.patch
-	libcrypt.patch
-	sudo-cvtsudoers.patch
-	CVE-2019-14287.patch
-	CVE-2019-18634.patch
+	SIGUNUSED.patch
 	"
 options="suid"

 # secfixes:
+#   1.9.5p2-r0:
+#     - CVE-2021-3156
+#     - CVE-2021-23239
+#     - CVE-2021-23240
 #   1.8.27-r2:
-#   - CVE-2019-18634
+#     - CVE-2019-18634
 #   1.8.27-r1:
-#   - CVE-2019-14287
+#     - CVE-2019-14287
 #   1.8.20_p2-r0:
-#   - CVE-2017-1000368
+#     - CVE-2017-1000368

 builddir="$srcdir"/$pkgname-$_realver
 build() {
@@ -68,10 +68,6 @@ package() {
 	rm -rf "$pkgdir"/var/run
 }

-sha512sums="0480def650ab880ab9e6c51c606a06897fd638f0381e99c038f5aa47d064aaa2fb35b73eee7f86e73185e18d5dbb8b6ba49c616b1785a1edb2dd6d7b2fa4fcac  sudo-1.8.27.tar.gz
+sha512sums="f0fe914963c31a6f8ab6c86847ff6cdd125bd5a839b27f46dcae03963f4fc413b3d4cca54c1979feb825c8479b44c7df0642c07345c941eecf6f9f1e03ea0e27  sudo-1.9.5p2.tar.gz
 f0f462f40502da2194310fe4a72ec1a16ba40f95a821ba9aa6aabaa423d28c4ab26b684afa7fb81c2407cf60de9327bdab01de51b878c5d4de49b0d62645f53c  fix-cross-compile.patch
-b2d7816d334826545420c578114e5af361ced65c00e5bfc2e0b16f3c9325aa9d2b902defeebb181da3cf7bc6aba3a59a496293d2f11d83c9793f11138ba50343  fix-tests.patch
-0fa06d13d202ee5ab58596413a7498b3e9b6925e87385bb876f5e0b29b22010a84918686a5974de87392ab18158e883da343fe6a14448a4e273eaa1bb81f5995  libcrypt.patch
-a4a219c16cd353b54f69b74ce7383b90f89745351776bd91bfccb63a2211fa84177719634d4e7e753cf22a8b175d797a474416ffac66d4aee31d3b8e28bfabd1  sudo-cvtsudoers.patch
-bad0eda3a7473e4b13d2d9744c41d37bd1c2f4a50491e7e6c6e2cdb67f98eea5d595ead70ab7ac93444d41d1c9f65d83e67f905614869b9df0bd59365fefae1f  CVE-2019-14287.patch
-2e701aecd05f2a9b77e77f43e91d748794661dabfc7a0826bea41a9668220a1889f273568b67632829df7dba66ad3d2e0e73513ca59753c1c8e64967f0e705f8  CVE-2019-18634.patch"
+03a2cef9fcc26cc2711edb5928c945fcf214b22139bb88d77538d25f3bfd144d17b6c9dabb1e01960ac1697d83b3452397a5ef4c7d0e68ea72548a631b212e6d  SIGUNUSED.patch"
--- a/main/sudo/SIGUNUSED.patch
+++ b/main/sudo/SIGUNUSED.patch
+Upstream: No
+Reason: Musl compatibility
+
+--- a/lib/util/siglist.in	2019-10-10 11:32:54.000000000 -0500
+++ b/lib/util/siglist.in	2019-10-14 16:42:46.259938722 -0500
+@@ -17,11 +17,12 @@
+     EMT     EMT trap
+     FPE     Floating point exception
+     KILL    Killed
+# before UNUSED (musl defines them as the same number)
+    SYS     Bad system call
+ # before BUS (Older Linux doesn't really have a BUS, but defines it to UNUSED)
+     UNUSED  Unused
+     BUS     Bus error
+     SEGV    Memory fault
+-    SYS     Bad system call
+     PIPE    Broken pipe
+     ALRM    Alarm clock
+     TERM    Terminated