@@ -1,6 +1,6 @@
-From 5cfc7e277d0b262a1d12e867c47a36301fb7edb7 Mon Sep 17 00:00:00 2001
+From 1fed5adc166d5f2190a6b6ad048ec2d803316327 Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Wed, 22 Feb 2023 10:01:25 +0100
+Date: Wed, 22 Feb 2023 10:13:30 +0100
Subject: [PATCH] configure.ac: fix openssl static build
Do not use AX_APPEND_FLAG as it will break static builds by removing
@@ -24,26 +24,24 @@ Fixes:
- http://autobuild.buildroot.org/results/8be59dd94e4916f9457cb435104e36e62a28373b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Upstream status: https://github.com/sudo-project/sudo/pull/244]
+[Retrieved from:
+https://github.com/sudo-project/sudo/commit/1fed5adc166d5f2190a6b6ad048ec2d803316327]
---
- configure.ac | 4 +++-
+ m4/openssl.m4 | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
-diff --git a/configure.ac b/configure.ac
-index 8eccad7e4..523d8e56b 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -3082,7 +3082,9 @@ if test "${enable_openssl-no}" != no; then
- SUDO_APPEND_LIBPATH([LIBTLS], [$f])
- ;;
- *)
-- AX_APPEND_FLAG([$f], [LIBTLS])
-+ # Do not use AX_APPEND_FLAG as it will break static builds by removing
-+ # duplicates such as -lz or -latomic which are needed by -lssl and -lcrypto
-+ LIBTLS="$LIBTLS $f"
- ;;
- esac
- done
-2.39.0
-
+diff --git a/m4/openssl.m4 b/m4/openssl.m4
+index a2e4941ae8..b4cbd821db 100644
+--- a/m4/openssl.m4
++++ b/m4/openssl.m4
+@@ -44,7 +44,9 @@ AC_DEFUN([SUDO_CHECK_OPENSSL], [
+ SUDO_APPEND_LIBPATH([LIBTLS], [$f])
+ ;;
+ *)
+- AX_APPEND_FLAG([$f], [LIBTLS])
++ # Do not use AX_APPEND_FLAG as it will break static builds by removing
++ # duplicates such as -lz or -latomic which are needed by -lssl and -lcrypto
++ LIBTLS="$LIBTLS $f"
+ ;;
+ esac
+ done
@@ -1,4 +1,4 @@
# From: https://www.sudo.ws/getting/download/
-sha256 b9a0b1ae0f1ddd9be7f3eafe70be05ee81f572f6f536632c44cd4101bb2a8539 sudo-1.9.12p2.tar.gz
+sha256 92334a12bb93e0c056b09f53e255ccb7d6f67c6350e2813cd9593ceeca78560b sudo-1.9.13p3.tar.gz
# Locally calculated
-sha256 d2f93a3b17ed5586fddd07be33ad767146c1a81a22682baa68bb4360a31d020a LICENSE.md
+sha256 ea33b3971e8e4d9657cd6794a952aaa71b22bd16745f1645455b6ead010e0a28 LICENSE.md
@@ -4,8 +4,8 @@
#
################################################################################
-SUDO_VERSION_MAJOR = 1.9.12
-SUDO_VERSION_MINOR = p2
+SUDO_VERSION_MAJOR = 1.9.13
+SUDO_VERSION_MINOR = p3
SUDO_VERSION = $(SUDO_VERSION_MAJOR)$(SUDO_VERSION_MINOR)
SUDO_SITE = https://www.sudo.ws/sudo/dist
SUDO_LICENSE = ISC, BSD-3-Clause
@@ -13,7 +13,7 @@ SUDO_LICENSE_FILES = LICENSE.md
SUDO_CPE_ID_VERSION = $(SUDO_VERSION_MAJOR)
SUDO_CPE_ID_UPDATE = $(SUDO_VERSION_MINOR)
SUDO_SELINUX_MODULES = sudo
-# We're patching configure.ac
+# We're patching m4/openssl.m4
SUDO_AUTORECONF = YES
# This is to avoid sudo's make install from chown()ing files which fails
SUDO_INSTALL_TARGET_OPTS = INSTALL_OWNER="" DESTDIR="$(TARGET_DIR)" install
- Fix CVE-2023-27320: Sudo before 1.9.13p3 has a double free in the per-command chroot feature. - Update patch - Update hash of LICENSE.md (year and indentation updated: https://github.com/sudo-project/sudo/commit/dd934d6a218c05d2df61b5306e38c71edaa6ac59 https://github.com/sudo-project/sudo/commit/e5634ae99184d50afbdcb8a69dd4018b1a14871d) https://www.sudo.ws/security/advisories/double_free https://www.sudo.ws/releases/stable/#1.9.13p3 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> --- ...onfigure.ac-fix-openssl-static-build.patch | 42 +++++++++---------- package/sudo/sudo.hash | 4 +- package/sudo/sudo.mk | 6 +-- 3 files changed, 25 insertions(+), 27 deletions(-)