Merge branch 'sec/2020.06.02' into 'master'

Security updates for 2020.06.02

See merge request adelie/packages!464

2 files changed, 22 insertions, 10 deletions

diff --git a/system/ca-certificates/APKBUILD b/system/ca-certificates/APKBUILD
index 0785ec441..5e75d13d8 100644
--- a/system/ca-certificates/APKBUILD
+++ b/system/ca-certificates/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=ca-certificates
-pkgver=20190131
-pkgrel=1
+pkgver=20200603
+pkgrel=0
 pkgdesc="CA root certificates"
 url="https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/"
 arch="all"
@@ -13,12 +13,11 @@ makedepends_host="openssl-dev"
 subpackages="$pkgname-doc"
 triggers="ca-certificates.trigger=/usr/share/ca-certificates:/usr/local/share/ca-certificates:/etc/ssl/certs:/etc/ca-certificates/update.d"
 install="$pkgname.post-deinstall"
-source="https://distfiles.adelielinux.org/source/$pkgname-$pkgver.tar.xz
+source="https://dev.sick.bike/dist/$pkgname-$pkgver.tar.gz
 	certhash
 	"
 
 build() {
-	export CFLAGS="$CFLAGS -DSYMLINK_MAX=PATH_MAX"
 	make
 }
 
@@ -43,5 +42,5 @@ package() {
 	install -D -m755 "$srcdir"/certhash "$pkgdir"/etc/ca-certificates/update.d/certhash
 }
 
-sha512sums="aec43296636887a8ebefc08abe60c123b67002eb8cf450662b5ff8fcbd2ea10d3d24d17080b5924b13aed9a52b91ba55e93d306e27ed3196ca67cbbe30146328  ca-certificates-20190131.tar.xz
+sha512sums="0125600481666979e0b736572aca7d0e3c4bf01169bc67638ef7bdd4fc97a0ebbb70798df7275eac92dfc2d03b16de3f0adc8ad382fc9e2fb4d8223c923b2eef  ca-certificates-20200603.tar.gz
 1efe48235f150052da6b872d2ebff174359825ab3bd66086c9d7f4c18dcd8aa8953c634dbf1aa8416d30d5623babf589660a25cf6e3a4cdcce707c14cc2f348a  certhash"
diff --git a/system/sudo/APKBUILD b/system/sudo/APKBUILD
index 3bad54e5e..00acefd4f 100644
--- a/system/sudo/APKBUILD
+++ b/system/sudo/APKBUILD
@@ -3,13 +3,13 @@
 # Contributor: Natanael Copa <ncopa@alpinelinux.org>
 # Maintainer: Horst Burkhardt <horst@adelielinux.org>
 pkgname=sudo
-pkgver=1.8.28
+pkgver=1.9.0
 if [ "${pkgver%_*}" != "$pkgver" ]; then
 	_realver=${pkgver%_*}${pkgver#*_}
 else
 	_realver=$pkgver
 fi
-pkgrel=1
+pkgrel=0
 pkgdesc="Give certain users the ability to run some commands as root"
 url="https://www.sudo.ws/sudo/"
 arch="all"
@@ -26,12 +26,22 @@ source="https://www.sudo.ws/dist/sudo-${_realver}.tar.gz
 	SIGUNUSED.patch
 	"
 builddir="$srcdir"/$pkgname-$_realver
+somask="audit_json.so
+	group_file.so
+	libsudo_noexec.so
+	libsudo_util.so.0
+	sample_approval.so
+	sudoers.so
+	system_group.so
+	"
 
 # secfixes:
 #   1.8.20_p2-r0:
 #     - CVE-2017-1000368
-#   1.8.28:
+#   1.8.28-r0:
 #     - CVE-2019-14287
+#   1.9.0-r0:
+#     - CVE-2019-19232
 
 build() {
 	./configure \
@@ -46,7 +56,10 @@ build() {
 		--without-skey \
 		--with-passprompt="[sudo] Password for %p: " \
 		--with-insults=disabled \
-		--with-all-insults
+		--with-all-insults \
+		--enable-python=no \
+		--disable-log-server \
+		--disable-log-client
 
 	# Workaround until SIGUNUSED.patch is not needed anymore
 	rm lib/util/mksiglist.h lib/util/mksigname.h
@@ -67,7 +80,7 @@ package() {
 	rm -rf "$pkgdir"/var/run
 }
 
-sha512sums="09e589cdfd18d7c43b0859a0e11c008b3cb995ae4f8c89c717c5242db9e5696361eb574ebe74a0b5316afffb3a8037f7a7f3c249176e8ed9caffeb4cd860ddc7  sudo-1.8.28.tar.gz
+sha512sums="f2a191ea5fc65865718b110d4aca187cb5e2cd55c9c891fab32f21401e56f825f34c373e346c55c64fa49cec4d802efb63ccebf3d4a4e31d9a433077daf013b1  sudo-1.9.0.tar.gz
 f0f462f40502da2194310fe4a72ec1a16ba40f95a821ba9aa6aabaa423d28c4ab26b684afa7fb81c2407cf60de9327bdab01de51b878c5d4de49b0d62645f53c  fix-cross-compile.patch
 dcc03abdd672c934f90dfd3683b3f81a8d39cfff91307d2dbd20a31a852022ab605d034c4fe11860ba99b78d391a9812fca1d6e052620b8ff2c42e4f0c7a1a62  musl-fix-headers.patch
 2733c220ccbdaf61a32d8c72a5bc0209673733014f0d71b568f1523b71416e9d1754dd8c95bc6cd99aa7f935ed6e93c5f19b1a1dbb7dfc2daf9917fd37f96e78  SIGUNUSED.patch"