From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <ptxdist-bounces@pengutronix.de>
From: Roland Hieber <rhi@pengutronix.de>
Date: Tue, 15 Oct 2019 13:58:24 +0200
Message-Id: <20191015115823.3946-1-rhi@pengutronix.de>
MIME-Version: 1.0
Subject: [ptxdist] [PATCH] sudo: version bump 1.8.22 -> 1.8.28
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/cgi-bin/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ptxdist-bounces@pengutronix.de
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
To: ptxdist@pengutronix.de
Cc: Roland Hieber <rhi@pengutronix.de>

This update fixes CVE-2019-14287, see also
https://www.sudo.ws/alerts/minus_1_uid.html

Pin down more configure options, and update the license MD5, which added
some more file headers of files under ISC license, reformatted the
existing license file headers, and bumped the copyright date to 2019.

Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
 rules/sudo.make | 27 ++++++++++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

diff --git a/rules/sudo.make b/rules/sudo.make
index 96349406f67b..a7fa0ad4a2db 100644
--- a/rules/sudo.make
+++ b/rules/sudo.make
@@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_SUDO) += sudo
 #
 # Paths and names
 #
-SUDO_VERSION	:= 1.8.22
-SUDO_MD5	:= 24abdea48db4c5abcd410167c801cc8c
+SUDO_VERSION	:= 1.8.28
+SUDO_MD5	:= 5afa5acd0c55b40916e4ad864607edfe
 SUDO		:= sudo-$(SUDO_VERSION)
 SUDO_SUFFIX	:= tar.gz
 SUDO_URL	:= \
@@ -25,7 +25,7 @@ SUDO_URL	:= \
 SUDO_SOURCE	:= $(SRCDIR)/$(SUDO).$(SUDO_SUFFIX)
 SUDO_DIR	:= $(BUILDDIR)/$(SUDO)
 SUDO_LICENSE	:= ISC AND BSD-3-Clause AND BSD-2-Clause-NetBSD AND Zlib
-SUDO_LICENSE_FILES := file://doc/LICENSE;md5=7765a3d787cb4fed3ccc3c9cee030af9
+SUDO_LICENSE_FILES := file://doc/LICENSE;md5=6c76b73603ac7763ab0516ebfbe67b42
 
 # ----------------------------------------------------------------------------
 # Prepare
@@ -44,22 +44,43 @@ SUDO_ENV 	:= \
 #
 SUDO_AUTOCONF = \
 	$(CROSS_AUTOCONF_USR) \
+	--enable-authentication \
+	--disable-root-mailer \
+	--enable-setreuid \
+	--enable-setresuid \
 	--enable-shadow \
 	--enable-root-sudo \
 	--disable-log-host \
 	--enable-noargs-shell \
+	--disable-shell-sets-home \
 	--disable-path-info \
+	--disable-env-debug \
+	--enable-zlib \
+	--disable-env-reset \
 	--enable-warnings \
 	--disable-werror \
+	--disable-openssl \
+	--disable-gcrypt \
 	--enable-hardening \
 	--enable-pie \
+	--enable-asan \
+	--enable-poll \
+	--disable-admin-flag \
 	--disable-nls \
 	--disable-rpath \
 	--enable-static-sudoers \
 	--disable-shared-libutil \
+	--disable-tmpfiles.d \
+	--disable-devsearch \
+	--disable-sasl \
+	--disable-offensive-insults \
+	--disable-package-build \
+	--disable-gss-krb5-ccache-name \
+	--disable-pvs-studio \
 	--disable-sia \
 	$(GLOBAL_LARGE_FILE_OPTION) \
 	--disable-pam-session \
+	--disable-kerb5-instance \
 	--without-AFS \
 	--without-DCE \
 	--without-logincap \
-- 
2.23.0


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de