NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e0ff6ad7ff
kumquat-buildroot/package/sudo/0001-configure.ac-fix-openssl-static-build.patch
Fabrice Fontaine 556c32264c package/sudo: security bump to version 1.9.13p3 
- Fix CVE-2023-27320: Sudo before 1.9.13p3 has a double free in the
  per-command chroot feature.
- Update patch
- Update hash of LICENSE.md (year and indentation updated:
  dd934d6a21
  e5634ae991)

https://www.sudo.ws/security/advisories/double_free
https://www.sudo.ws/releases/stable/#1.9.13p3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-03-22 23:36:54 +01:00

48 lines
2.3 KiB
Diff
Raw Blame History

From 1fed5adc166d5f2190a6b6ad048ec2d803316327 Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Wed, 22 Feb 2023 10:13:30 +0100
Subject: [PATCH] configure.ac: fix openssl static build
Do not use AX_APPEND_FLAG as it will break static builds by removing
duplicates such as -lz or -latomic which are needed by -lssl and
-lcrypto. This will fix the following build failure with sparc which
needs -latomic:
Checking for X509_STORE_CTX_get0_cert
configure:21215: /home/thomas/autobuild/instance-3/output-1/host/bin/sparc-buildroot-linux-uclibc-gcc -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g0 -static -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -DZLIB_CONST -static conftest.c -L/home/thomas/autobuild/instance-3/output-1/host/bin/../sparc-buildroot-linux-uclibc/sysroot/usr/lib -lssl -lz -pthread -latomic -lcrypto >&5
/home/thomas/autobuild/instance-3/output-1/host/lib/gcc/sparc-buildroot-linux-uclibc/10.4.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: /home/thomas/autobuild/instance-3/output-1/host/bin/../sparc-buildroot-linux-uclibc/sysroot/usr/lib/libcrypto.a(x509cset.o): in function `X509_CRL_up_ref':
x509cset.c:(.text+0x108): undefined reference to `__atomic_fetch_add_4'
[...]
In file included from ./hostcheck.c:38:
../../include/sudo_compat.h:342:41: error: conflicting types for 'ASN1_STRING_data'
342 | # define ASN1_STRING_get0_data(x) ASN1_STRING_data(x)
| ^~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/8be59dd94e4916f9457cb435104e36e62a28373b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Retrieved from:
https://github.com/sudo-project/sudo/commit/1fed5adc166d5f2190a6b6ad048ec2d803316327]
---
m4/openssl.m4 | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/m4/openssl.m4 b/m4/openssl.m4
index a2e4941ae8..b4cbd821db 100644
--- a/m4/openssl.m4
+++ b/m4/openssl.m4
@@ -44,7 +44,9 @@ AC_DEFUN([SUDO_CHECK_OPENSSL], [
SUDO_APPEND_LIBPATH([LIBTLS], [$f])
;;
*)
- AX_APPEND_FLAG([$f], [LIBTLS])
+ # Do not use AX_APPEND_FLAG as it will break static builds by removing
+ # duplicates such as -lz or -latomic which are needed by -lssl and -lcrypto
+ LIBTLS="$LIBTLS $f"
;;
esac
done
Reference in New Issue View Git Blame Copy Permalink