3
0
Fork 0
forked from mirrors/nixpkgs

sudo: Update to 1.8.7p7

Ouch, our sudo was criminally outdated.

CVE-2013-1775, CVE-2013-1776, CVE-2012-2337, CVE-2011-0010.
This commit is contained in:
Eelco Dolstra 2013-04-03 13:10:53 +02:00
parent 8ad8eb6ee0
commit 91ff5e33cc

View file

@ -1,37 +1,45 @@
{stdenv, fetchurl, coreutils, pam, groff}:
{ stdenv, fetchurl, coreutils, pam, groff }:
stdenv.mkDerivation rec {
name = "sudo-1.7.2";
name = "sudo-1.8.6p7";
src = fetchurl {
urls =
urls =
[ "ftp://ftp.sudo.ws/pub/sudo/${name}.tar.gz"
"ftp://ftp.sudo.ws/pub/sudo/OLD/${name}.tar.gz"
];
sha256 = "02hhvwxj7gnsvmq3cjh592g2xdjpkfcp1jjvwb64nxsz2kbccwy1";
sha256 = "0djh2b14d1b1knah46v971x940rz63hvnskz16fzami3nbnqj41h";
};
# `--with-stow' allows /etc/sudoers to be a symlink. Only it
# doesn't really help because the target still has to have mode 0440,
# while files in the Nix store all have mode 0444.
#configureFlags = "--with-stow";
postConfigure = ''
cat >> pathnames.h <<EOF
#undef _PATH_SUDO_LOGFILE
#define _PATH_SUDO_LOGFILE "/var/log/sudo.log"
#undef _PATH_SUDO_TIMEDIR
#define _PATH_SUDO_TIMEDIR "/run/sudo"
#undef _PATH_VI
#define _PATH_VI "/run/current-system/sw/bin/nano"
#undef _PATH_MV
#define _PATH_MV "${coreutils}/bin/mv"
EOF
postConfigure = "
sed -e '/_PATH_MV/d; /_PATH_VI/d' -i config.h
echo '#define _PATH_SUDO_LOGFILE \"/var/log/sudo.log\"' >> config.h
echo '#define _PATH_SUDO_TIMEDIR \"/var/run/sudo\"' >> config.h
echo '#define _PATH_MV \"/var/run/current-system/sw/bin/mv\"' >> config.h
echo '#define _PATH_VI \"/var/run/current-system/sw/bin/nano\"' >> config.h
echo '#define EDITOR _PATH_VI' >>config.h
makeFlags="install_uid=$(id -u) install_gid=$(id -g)"
installFlags="sudoers_uid=$(id -u) sudoers_gid=$(id -g) sysconfdir=$out/etc"
'';
makeFlags=\"install_uid=$(id -u) install_gid=$(id -g)\"
installFlags=\"sudoers_uid=$(id -u) sudoers_gid=$(id -g) sysconfdir=$out/etc\"
";
buildInputs = [ coreutils pam groff ];
buildInputs = [coreutils pam groff];
enableParallelBuilding = true;
postInstall = ''
# visudo does not make sense on NixOS.
rm $out/sbin/visudo $out/share/man/man8/visudo.8
rm $out/share/doc/sudo/ChangeLog
'';
meta = {
description = "sudo, a command to run commands as root";
description = "A command to run commands as root";
longDescription = ''
Sudo (su "do") allows a system administrator to delegate
@ -43,5 +51,7 @@ stdenv.mkDerivation rec {
homepage = http://www.sudo.ws/;
license = http://www.sudo.ws/sudo/license.html;
maintainers = [ stdenv.lib.maintainers.eelco ];
};
}