gnu: sudo: Upgrade to 1.8.15 [fixes CVE-2015-5602].

* gnu/packages/admin.scm (sudo)[arguments]: Add CPPFLAGS to
  #:configure-flags.   In 'pre-configure' phase, modify
  'sudo_usage.h.in'.  Add pattern to remove '-o 0 -g 0' installation
  flag in 'Makefile.in', and remove pattern for '-O 0 -G 0'.  Remove
  modifications of 'configure'.
This commit is contained in:
Ludovic Courtès 2015-11-12 11:45:23 +01:00
parent bd7dfafaa3
commit 0086ec733c
1 changed files with 20 additions and 11 deletions

View File

@ -647,7 +647,7 @@ system administrator.")
(define-public sudo (define-public sudo
(package (package
(name "sudo") (name "sudo")
(version "1.8.10p3") (version "1.8.15")
(source (origin (source (origin
(method url-fetch) (method url-fetch)
(uri (uri
@ -657,22 +657,31 @@ system administrator.")
version ".tar.gz"))) version ".tar.gz")))
(sha256 (sha256
(base32 (base32
"002l6h27pnhb77b65frhazbhknsxvrsnkpi43j7i0qw1lrgi7nkf")))) "0263gi6i19fyzzc488n0qw3m518i39f6a7qmrfvahk9j10bkh5j3"))))
(build-system gnu-build-system) (build-system gnu-build-system)
(arguments (arguments
`(#:configure-flags '("--with-logpath=/var/log/sudo.log" `(#:configure-flags
"--with-rundir=/run/sudo" (list "--with-logpath=/var/log/sudo.log"
"--with-vardir=/var/db/sudo" "--with-rundir=/run/sudo"
"--with-iologdir=/var/log/sudo-io") "--with-vardir=/var/db/sudo"
"--with-iologdir=/var/log/sudo-io"
;; 'visudo.c' expects _PATH_MV to be defined, but glibc doesn't
;; provide it.
(string-append "CPPFLAGS=-D_PATH_MV='\""
(assoc-ref %build-inputs "coreutils")
"/bin/mv\"'"))
#:phases (alist-cons-before #:phases (alist-cons-before
'configure 'pre-configure 'configure 'pre-configure
(lambda _ (lambda _
(substitute* "configure" (substitute* "src/sudo_usage.h.in"
;; Refer to the right executables. ;; Do not capture 'configure' arguments since we would
(("/usr/bin/mv") (which "mv")) ;; unduly retain references, and also because the
(("/usr/bin/sh") (which "sh"))) ;; CPPFLAGS above would close the string literal
;; prematurely.
(("@CONFIGURE_ARGS@") "\"\""))
(substitute* (find-files "." "Makefile\\.in") (substitute* (find-files "." "Makefile\\.in")
(("-O [[:graph:]]+ -G [[:graph:]]+") (("-o [[:graph:]]+ -g [[:graph:]]+")
;; Allow installation as non-root. ;; Allow installation as non-root.
"") "")
(("^install: (.*)install-sudoers(.*)" _ before after) (("^install: (.*)install-sudoers(.*)" _ before after)