From 0007a6ccd7d5975b19c9033eb7bc2ce3aa98f35b Mon Sep 17 00:00:00 2001
From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
Date: Tue, 20 Feb 2018 22:01:10 -0600
Subject: [PATCH] system/sudo: add PAM-enabled sudo
---
system/sudo/APKBUILD | 67 +++++++++++++++++++++++++++++
system/sudo/fix-cross-compile.patch | 15 +++++++
system/sudo/libcrypt.patch | 11 +++++
system/sudo/musl-fix-headers.patch | 10 +++++
4 files changed, 103 insertions(+)
create mode 100644 system/sudo/APKBUILD
create mode 100644 system/sudo/fix-cross-compile.patch
create mode 100644 system/sudo/libcrypt.patch
create mode 100644 system/sudo/musl-fix-headers.patch
diff --git a/system/sudo/APKBUILD b/system/sudo/APKBUILD
new file mode 100644
index 000000000..8a9bc25c1
--- /dev/null
+++ b/system/sudo/APKBUILD
@@ -0,0 +1,67 @@
+# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
+# Contributor: Åukasz Jendrysik <scadu@yandex.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=sudo
+pkgver=1.8.21_p2
+if [ "${pkgver%_*}" != "$pkgver" ]; then
+ _realver=${pkgver%_*}${pkgver#*_}
+else
+ _realver=$pkgver
+fi
+pkgrel=1
+pkgdesc="Give certain users the ability to run some commands as root"
+url="http://www.sudo.ws/sudo/"
+arch="all"
+license="custom ISC"
+makedepends_host="linux-pam-dev zlib-dev"
+makedepends_build="bash"
+makedepends="$makedepends_host $makedepends_build"
+depends=
+subpackages="$pkgname-doc $pkgname-dev"
+source="https://www.sudo.ws/dist/sudo-${_realver}.tar.gz
+ fix-cross-compile.patch
+ libcrypt.patch
+ musl-fix-headers.patch
+ "
+options="suid"
+
+# secfixes:
+# 1.8.20_p2-r0:
+# - CVE-2017-1000368
+
+builddir="$srcdir"/$pkgname-$_realver
+build() {
+ cd "$builddir"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --libexecdir=/usr/lib \
+ --mandir=/usr/share/man \
+ --disable-nls \
+ --enable-pie \
+ --with-env-editor \
+ --with-pam \
+ --without-skey \
+ --with-passprompt="[sudo] password for %p: "
+ make
+}
+
+check() {
+ cd "$builddir"
+ make check
+}
+
+package() {
+ cd "$builddir"
+ # the sudo's mkinstalldir script miscreates the leading
+ # path components with bad permissions. fix this.
+ install -d -m0755 "$pkgdir"/var "$pkgdir"/var/db
+ make -j1 DESTDIR="$pkgdir" install
+ rm -rf "$pkgdir"/var/run
+}
+
+sha512sums="f04bbff54ad74ba73c078e15c75d2f41332d4912078ed66157ba7346b7fff914bd0747460cb4cd0c472af2d3b344fa72f5c62c95169df68a9cac74d7245c720c sudo-1.8.21p2.tar.gz
+f0f462f40502da2194310fe4a72ec1a16ba40f95a821ba9aa6aabaa423d28c4ab26b684afa7fb81c2407cf60de9327bdab01de51b878c5d4de49b0d62645f53c fix-cross-compile.patch
+5ad20254aa587ef615f794081ecd55344eada5cf8c1a1d7956cc3f73375554716c483eeb74081da9a8501afce92cfbaf2abe59d1067aac67ce6e4874eb5a23e1 libcrypt.patch
+113416fed7532c6092687c8bdd9913d04888d2f0a32e4333dd27a6b3d39145717ad5c3b3f05ba11bd6462612a9a013d446d254d50b2b651c33eeebe670f41ab5 musl-fix-headers.patch"
diff --git a/system/sudo/fix-cross-compile.patch b/system/sudo/fix-cross-compile.patch
new file mode 100644
index 000000000..d2fc97cca
--- /dev/null
+++ b/system/sudo/fix-cross-compile.patch
@@ -0,0 +1,15 @@
+--- ./lib/util/Makefile.in.orig
++++ ./lib/util/Makefile.in
+@@ -160,10 +160,10 @@
+ ./mksigname > $@
+
+ mksiglist: $(srcdir)/mksiglist.c $(srcdir)/mksiglist.h $(incdir)/sudo_compat.h $(top_builddir)/config.h
+- $(CC) $(CPPFLAGS) $(CFLAGS) $(srcdir)/mksiglist.c -o $@
++ $${HOSTCC:-gcc} $(CPPFLAGS) $(CFLAGS) $(srcdir)/mksiglist.c -o $@
+
+ mksigname: $(srcdir)/mksigname.c $(srcdir)/mksigname.h $(incdir)/sudo_compat.h $(top_builddir)/config.h
+- $(CC) $(CPPFLAGS) $(CFLAGS) $(srcdir)/mksigname.c -o $@
++ $${HOSTCC:-gcc} $(CPPFLAGS) $(CFLAGS) $(srcdir)/mksigname.c -o $@
+
+ $(srcdir)/mksiglist.h: $(srcdir)/siglist.in
+ @if [ -n "$(DEVEL)" ]; then \
diff --git a/system/sudo/libcrypt.patch b/system/sudo/libcrypt.patch
new file mode 100644
index 000000000..e83b69113
--- /dev/null
+++ b/system/sudo/libcrypt.patch
@@ -0,0 +1,11 @@
+--- ./plugins/sudoers/Makefile.in.orig
++++ ./plugins/sudoers/Makefile.in
+@@ -52,7 +52,7 @@
+ LT_LIBS = $(top_builddir)/lib/util/libsudo_util.la
+ LIBS = $(LT_LIBS) @LIBINTL@
+ NET_LIBS = @NET_LIBS@
+-SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) @ZLIB@ @LIBMD@
++SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) @ZLIB@ @LIBMD@ -lcrypt
+ REPLAY_LIBS = @REPLAY_LIBS@ @ZLIB@
+ VISUDO_LIBS = $(NET_LIBS) @LIBMD@
+ TESTSUDOERS_LIBS = $(NET_LIBS) @LIBMD@
diff --git a/system/sudo/musl-fix-headers.patch b/system/sudo/musl-fix-headers.patch
new file mode 100644
index 000000000..18a19b75d
--- /dev/null
+++ b/system/sudo/musl-fix-headers.patch
@@ -0,0 +1,10 @@
+--- ./include/sudo_compat.h.orig
++++ ./include/sudo_compat.h
+@@ -25,6 +25,7 @@
+ #include <stdio.h>
+ #include <stdarg.h>
+ #include <stddef.h> /* for rsize_t */
++#include <sys/types.h> /* for id_t */
+
+ /*
+ * Macros and functions that may be missing on some operating systems.
--
GitLab