public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sudo: Update to 1.8.7p7

Browse Source 
Ouch, our sudo was criminally outdated.

CVE-2013-1775, CVE-2013-1776, CVE-2012-2337, CVE-2011-0010.
This commit is contained in:
Eelco Dolstra 2013-04-03 13:10:53 +02:00
parent 8ad8eb6ee0
commit 91ff5e33cc
1 changed files with 30 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
pkgs/tools/security/sudo/default.nix
View File

@ -1,37 +1,45 @@
{stdenv, fetchurl, coreutils, pam, groff}: { stdenv, fetchurl, coreutils, pam, groff }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "sudo-1.7.2"; name = "sudo-1.8.6p7";
src = fetchurl { src = fetchurl {
urls = urls =
[ "ftp://ftp.sudo.ws/pub/sudo/${name}.tar.gz" [ "ftp://ftp.sudo.ws/pub/sudo/${name}.tar.gz"
"ftp://ftp.sudo.ws/pub/sudo/OLD/${name}.tar.gz" "ftp://ftp.sudo.ws/pub/sudo/OLD/${name}.tar.gz"
]; ];
sha256 = "02hhvwxj7gnsvmq3cjh592g2xdjpkfcp1jjvwb64nxsz2kbccwy1"; sha256 = "0djh2b14d1b1knah46v971x940rz63hvnskz16fzami3nbnqj41h";
}; };
# `--with-stow' allows /etc/sudoers to be a symlink. Only it postConfigure = ''
# doesn't really help because the target still has to have mode 0440, cat >> pathnames.h <<EOF
# while files in the Nix store all have mode 0444. #undef _PATH_SUDO_LOGFILE
#configureFlags = "--with-stow"; #define _PATH_SUDO_LOGFILE "/var/log/sudo.log"
#undef _PATH_SUDO_TIMEDIR
#define _PATH_SUDO_TIMEDIR "/run/sudo"
#undef _PATH_VI
#define _PATH_VI "/run/current-system/sw/bin/nano"
#undef _PATH_MV
#define _PATH_MV "${coreutils}/bin/mv"
EOF
postConfigure = " makeFlags="install_uid=$(id -u) install_gid=$(id -g)"
sed -e '/_PATH_MV/d; /_PATH_VI/d' -i config.h installFlags="sudoers_uid=$(id -u) sudoers_gid=$(id -g) sysconfdir=$out/etc"
echo '#define _PATH_SUDO_LOGFILE \"/var/log/sudo.log\"' >> config.h '';
echo '#define _PATH_SUDO_TIMEDIR \"/var/run/sudo\"' >> config.h
echo '#define _PATH_MV \"/var/run/current-system/sw/bin/mv\"' >> config.h
echo '#define _PATH_VI \"/var/run/current-system/sw/bin/nano\"' >> config.h
echo '#define EDITOR _PATH_VI' >>config.h
makeFlags=\"install_uid=$(id -u) install_gid=$(id -g)\" buildInputs = [ coreutils pam groff ];
installFlags=\"sudoers_uid=$(id -u) sudoers_gid=$(id -g) sysconfdir=$out/etc\"
";
buildInputs = [coreutils pam groff]; enableParallelBuilding = true;
postInstall = ''
# visudo does not make sense on NixOS.
rm $out/sbin/visudo $out/share/man/man8/visudo.8
rm $out/share/doc/sudo/ChangeLog
'';
meta = { meta = {
description = "sudo, a command to run commands as root"; description = "A command to run commands as root";
longDescription = '' longDescription = ''
Sudo (su "do") allows a system administrator to delegate Sudo (su "do") allows a system administrator to delegate
@ -43,5 +51,7 @@ stdenv.mkDerivation rec {
homepage = http://www.sudo.ws/; homepage = http://www.sudo.ws/;
license = http://www.sudo.ws/sudo/license.html; license = http://www.sudo.ws/sudo/license.html;
maintainers = [ stdenv.lib.maintainers.eelco ];
}; };
} }