forked from mirrors/nixpkgs
sudo: Update to 1.8.7p7
Ouch, our sudo was criminally outdated. CVE-2013-1775, CVE-2013-1776, CVE-2012-2337, CVE-2011-0010.
This commit is contained in:
parent
8ad8eb6ee0
commit
91ff5e33cc
|
@ -1,37 +1,45 @@
|
|||
{stdenv, fetchurl, coreutils, pam, groff}:
|
||||
{ stdenv, fetchurl, coreutils, pam, groff }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "sudo-1.7.2";
|
||||
name = "sudo-1.8.6p7";
|
||||
|
||||
src = fetchurl {
|
||||
urls =
|
||||
urls =
|
||||
[ "ftp://ftp.sudo.ws/pub/sudo/${name}.tar.gz"
|
||||
"ftp://ftp.sudo.ws/pub/sudo/OLD/${name}.tar.gz"
|
||||
];
|
||||
sha256 = "02hhvwxj7gnsvmq3cjh592g2xdjpkfcp1jjvwb64nxsz2kbccwy1";
|
||||
sha256 = "0djh2b14d1b1knah46v971x940rz63hvnskz16fzami3nbnqj41h";
|
||||
};
|
||||
|
||||
# `--with-stow' allows /etc/sudoers to be a symlink. Only it
|
||||
# doesn't really help because the target still has to have mode 0440,
|
||||
# while files in the Nix store all have mode 0444.
|
||||
#configureFlags = "--with-stow";
|
||||
postConfigure = ''
|
||||
cat >> pathnames.h <<EOF
|
||||
#undef _PATH_SUDO_LOGFILE
|
||||
#define _PATH_SUDO_LOGFILE "/var/log/sudo.log"
|
||||
#undef _PATH_SUDO_TIMEDIR
|
||||
#define _PATH_SUDO_TIMEDIR "/run/sudo"
|
||||
#undef _PATH_VI
|
||||
#define _PATH_VI "/run/current-system/sw/bin/nano"
|
||||
#undef _PATH_MV
|
||||
#define _PATH_MV "${coreutils}/bin/mv"
|
||||
EOF
|
||||
|
||||
postConfigure = "
|
||||
sed -e '/_PATH_MV/d; /_PATH_VI/d' -i config.h
|
||||
echo '#define _PATH_SUDO_LOGFILE \"/var/log/sudo.log\"' >> config.h
|
||||
echo '#define _PATH_SUDO_TIMEDIR \"/var/run/sudo\"' >> config.h
|
||||
echo '#define _PATH_MV \"/var/run/current-system/sw/bin/mv\"' >> config.h
|
||||
echo '#define _PATH_VI \"/var/run/current-system/sw/bin/nano\"' >> config.h
|
||||
echo '#define EDITOR _PATH_VI' >>config.h
|
||||
makeFlags="install_uid=$(id -u) install_gid=$(id -g)"
|
||||
installFlags="sudoers_uid=$(id -u) sudoers_gid=$(id -g) sysconfdir=$out/etc"
|
||||
'';
|
||||
|
||||
makeFlags=\"install_uid=$(id -u) install_gid=$(id -g)\"
|
||||
installFlags=\"sudoers_uid=$(id -u) sudoers_gid=$(id -g) sysconfdir=$out/etc\"
|
||||
";
|
||||
buildInputs = [ coreutils pam groff ];
|
||||
|
||||
buildInputs = [coreutils pam groff];
|
||||
enableParallelBuilding = true;
|
||||
|
||||
postInstall = ''
|
||||
# ‘visudo’ does not make sense on NixOS.
|
||||
rm $out/sbin/visudo $out/share/man/man8/visudo.8
|
||||
|
||||
rm $out/share/doc/sudo/ChangeLog
|
||||
'';
|
||||
|
||||
meta = {
|
||||
description = "sudo, a command to run commands as root";
|
||||
description = "A command to run commands as root";
|
||||
|
||||
longDescription = ''
|
||||
Sudo (su "do") allows a system administrator to delegate
|
||||
|
@ -43,5 +51,7 @@ stdenv.mkDerivation rec {
|
|||
homepage = http://www.sudo.ws/;
|
||||
|
||||
license = http://www.sudo.ws/sudo/license.html;
|
||||
|
||||
maintainers = [ stdenv.lib.maintainers.eelco ];
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue