From 86f0501813651c8bec9f5d7d26663e250656ed9d Mon Sep 17 00:00:00 2001
From: PktSurf <smlinux@pktsurf.in>
Date: Sun, 4 Dec 2022 14:54:15 +0530
Subject: [PATCH] Security upgrades for base/{expat,git,sudo} Added doinst.sh
 in base/sudo to preserve its config file between upgrades

---
 base/expat/expat.SMBuild | 11 +++++------
 base/git/git.SMBuild     |  6 +++---
 base/sudo/doinst.sh      | 14 ++++++++++++++
 base/sudo/sudo.SMBuild   |  8 +++-----
 4 files changed, 25 insertions(+), 14 deletions(-)
 create mode 100644 base/sudo/doinst.sh

diff --git a/base/expat/expat.SMBuild b/base/expat/expat.SMBuild
index 7b4b4d5..dba3fc0 100755
--- a/base/expat/expat.SMBuild
+++ b/base/expat/expat.SMBuild
@@ -1,9 +1,8 @@
 app=expat
-version=2.4.5
-mversion="$(echo $version | sed 's@.@_@')"
+version=2.5.0
+homepage="https://downloads.sourceforge.net/project/expat/"
+download="https://downloads.sourceforge.net/project/expat/expat/$version/expat-$version.tar.bz2"
 build=1sml
-homepage="https://libexpat.github.io/"
-download="https://github.com/libexpat/libexpat/archive/refs/tags/R_$mversion.tar.gz"
 desc="C library for parsing XML"
 requires="musl"
 
@@ -28,5 +27,5 @@ build() {
 }
 
 sha512sums="
-17480d0634b66bc2873897353d94b0c623e2a9a362cabe50f66adb62d5541b0f7bc4e2d3110124c4a1e14498e4db2c582a600e12234ebf91eeffe222f5dee44a  expat-2.4.5.tar.lz
-"
+0fbd6e39cd318ed77363be0321e3f40002ac1c2e3f3f69c41de45afd94887d9ff6b0685f374649a50acd78eda8bfa8c52a98349f9845941790319d9fa5734088  expat-2.5.0.tar.lz
+"
\ No newline at end of file
diff --git a/base/git/git.SMBuild b/base/git/git.SMBuild
index 73feeb3..77ca519 100755
--- a/base/git/git.SMBuild
+++ b/base/git/git.SMBuild
@@ -1,5 +1,5 @@
 app=git
-version=2.28.1
+version=2.30.6
 build=1sml
 homepage="https://git-scm.com/"
 download="https://mirrors.edge.kernel.org/pub/software/scm/git/git-$version.tar.xz"
@@ -30,5 +30,5 @@ build() {
 }
 
 sha512sums="
-c7f768c987185b7af9f971577d2ce335962c8c60b50c167d8a19f937e40279eaa669a0265d5f7369041ab491dbafc62231041e362df6ce5866d7d4cd6ba66021  git-2.28.1.tar.lz
-"
+c6f964688c39c4534d4e564c685fda93ddd586282d5de2adee345c83dd192d708ee18b827fbbc3d00ffb2e6faf4e31792df0d2d0cfafeae4dc29cc44fcbcbc5c  git-2.30.6.tar.lz
+"
\ No newline at end of file
diff --git a/base/sudo/doinst.sh b/base/sudo/doinst.sh
new file mode 100644
index 0000000..01e3d17
--- /dev/null
+++ b/base/sudo/doinst.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+config() {
+  NEW="$1"
+  OLD="`dirname $NEW`/`basename $NEW .new`"
+  # If there's no config file by that name, mv it over:
+  if [ ! -r $OLD ]; then
+    mv $NEW $OLD
+  elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then # toss the redundant copy
+    rm $NEW
+  fi
+  # Otherwise, we leave the .new copy for the admin to consider...
+}
+config etc/sudoers.new
+rm -f etc/sudoers.new
diff --git a/base/sudo/sudo.SMBuild b/base/sudo/sudo.SMBuild
index 47db5bc..e079fe6 100755
--- a/base/sudo/sudo.SMBuild
+++ b/base/sudo/sudo.SMBuild
@@ -1,5 +1,5 @@
 app=sudo
-version=1.9.0
+version=1.9.12p1
 build=1sml
 homepage="https://www.sudo.ws/"
 download="https://www.sudo.ws/dist/sudo-$version.tar.gz"
@@ -7,7 +7,6 @@ desc="give limited root privileges to certain users"
 requires="zlib"
 noautoconfsite=1
 
-
 build() {
   mkandenterbuilddir
   rm -rf $app-$version
@@ -20,7 +19,6 @@ build() {
     --prefix="" \
     --sysconfdir=/etc \
     --sbindir=/bin \
-    --libexecdir=/lib \
     --with-env-editor \
     --disable-pam-session \
     --without-pam \
@@ -29,11 +27,11 @@ build() {
   make
   make install DESTDIR=$pkg
 
-  cp doc/LICENSE $pkgdocs/
+  mv $pkg/etc/sudoers $pkg/etc/sudoers.new
 
   mkfinalpkg
 }
 
 sha512sums="
-9142a86662151b9b598dfe7379990226f8b735343ac93341f6c152eb210dbc82d744041b86f231618cb2166924d4aace76391a186ad632041093b3809651e4dc  sudo-1.9.0.tar.lz
+737c088f0269c4f4dc998c4bfb84db778b77ed0517d6712ad131ec9005c64a6f55532469ad3f6e36dce410a5dd15343af56e98d0db5b929363ee6ad83157ef7c  sudo-1.9.12p1.tar.lz
 "