gnu: sudo: Upgrade to 1.8.15 [fixes CVE-2015-5602].
* gnu/packages/admin.scm (sudo)[arguments]: Add CPPFLAGS to #:configure-flags. In 'pre-configure' phase, modify 'sudo_usage.h.in'. Add pattern to remove '-o 0 -g 0' installation flag in 'Makefile.in', and remove pattern for '-O 0 -G 0'. Remove modifications of 'configure'.
This commit is contained in:
parent
bd7dfafaa3
commit
0086ec733c
|
@ -647,7 +647,7 @@ system administrator.")
|
||||||
(define-public sudo
|
(define-public sudo
|
||||||
(package
|
(package
|
||||||
(name "sudo")
|
(name "sudo")
|
||||||
(version "1.8.10p3")
|
(version "1.8.15")
|
||||||
(source (origin
|
(source (origin
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
(uri
|
(uri
|
||||||
|
@ -657,22 +657,31 @@ system administrator.")
|
||||||
version ".tar.gz")))
|
version ".tar.gz")))
|
||||||
(sha256
|
(sha256
|
||||||
(base32
|
(base32
|
||||||
"002l6h27pnhb77b65frhazbhknsxvrsnkpi43j7i0qw1lrgi7nkf"))))
|
"0263gi6i19fyzzc488n0qw3m518i39f6a7qmrfvahk9j10bkh5j3"))))
|
||||||
(build-system gnu-build-system)
|
(build-system gnu-build-system)
|
||||||
(arguments
|
(arguments
|
||||||
`(#:configure-flags '("--with-logpath=/var/log/sudo.log"
|
`(#:configure-flags
|
||||||
|
(list "--with-logpath=/var/log/sudo.log"
|
||||||
"--with-rundir=/run/sudo"
|
"--with-rundir=/run/sudo"
|
||||||
"--with-vardir=/var/db/sudo"
|
"--with-vardir=/var/db/sudo"
|
||||||
"--with-iologdir=/var/log/sudo-io")
|
"--with-iologdir=/var/log/sudo-io"
|
||||||
|
|
||||||
|
;; 'visudo.c' expects _PATH_MV to be defined, but glibc doesn't
|
||||||
|
;; provide it.
|
||||||
|
(string-append "CPPFLAGS=-D_PATH_MV='\""
|
||||||
|
(assoc-ref %build-inputs "coreutils")
|
||||||
|
"/bin/mv\"'"))
|
||||||
#:phases (alist-cons-before
|
#:phases (alist-cons-before
|
||||||
'configure 'pre-configure
|
'configure 'pre-configure
|
||||||
(lambda _
|
(lambda _
|
||||||
(substitute* "configure"
|
(substitute* "src/sudo_usage.h.in"
|
||||||
;; Refer to the right executables.
|
;; Do not capture 'configure' arguments since we would
|
||||||
(("/usr/bin/mv") (which "mv"))
|
;; unduly retain references, and also because the
|
||||||
(("/usr/bin/sh") (which "sh")))
|
;; CPPFLAGS above would close the string literal
|
||||||
|
;; prematurely.
|
||||||
|
(("@CONFIGURE_ARGS@") "\"\""))
|
||||||
(substitute* (find-files "." "Makefile\\.in")
|
(substitute* (find-files "." "Makefile\\.in")
|
||||||
(("-O [[:graph:]]+ -G [[:graph:]]+")
|
(("-o [[:graph:]]+ -g [[:graph:]]+")
|
||||||
;; Allow installation as non-root.
|
;; Allow installation as non-root.
|
||||||
"")
|
"")
|
||||||
(("^install: (.*)install-sudoers(.*)" _ before after)
|
(("^install: (.*)install-sudoers(.*)" _ before after)
|
||||||
|
|
Loading…
Reference in New Issue