diff options
author | Ludovic Courtès <ludo@gnu.org> | 2015-11-12 11:45:23 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2015-11-12 11:49:18 +0100 |
commit | 0086ec733c9a968da1f817c3004b4e8742ab4f4d (patch) | |
tree | c8d11491e4926bae01d3bf19faeb00324e194012 | |
parent | bd7dfafaa37fa26d47ac2d681b3b1a278663e9e2 (diff) | |
download | guix-0086ec733c9a968da1f817c3004b4e8742ab4f4d.tar.gz |
gnu: sudo: Upgrade to 1.8.15 [fixes CVE-2015-5602].
* gnu/packages/admin.scm (sudo)[arguments]: Add CPPFLAGS to #:configure-flags. In 'pre-configure' phase, modify 'sudo_usage.h.in'. Add pattern to remove '-o 0 -g 0' installation flag in 'Makefile.in', and remove pattern for '-O 0 -G 0'. Remove modifications of 'configure'.
-rw-r--r-- | gnu/packages/admin.scm | 31 |
1 files changed, 20 insertions, 11 deletions
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 6aca8570c0..7fbc9fdc30 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -647,7 +647,7 @@ system administrator.") (define-public sudo (package (name "sudo") - (version "1.8.10p3") + (version "1.8.15") (source (origin (method url-fetch) (uri @@ -657,22 +657,31 @@ system administrator.") version ".tar.gz"))) (sha256 (base32 - "002l6h27pnhb77b65frhazbhknsxvrsnkpi43j7i0qw1lrgi7nkf")))) + "0263gi6i19fyzzc488n0qw3m518i39f6a7qmrfvahk9j10bkh5j3")))) (build-system gnu-build-system) (arguments - `(#:configure-flags '("--with-logpath=/var/log/sudo.log" - "--with-rundir=/run/sudo" - "--with-vardir=/var/db/sudo" - "--with-iologdir=/var/log/sudo-io") + `(#:configure-flags + (list "--with-logpath=/var/log/sudo.log" + "--with-rundir=/run/sudo" + "--with-vardir=/var/db/sudo" + "--with-iologdir=/var/log/sudo-io" + + ;; 'visudo.c' expects _PATH_MV to be defined, but glibc doesn't + ;; provide it. + (string-append "CPPFLAGS=-D_PATH_MV='\"" + (assoc-ref %build-inputs "coreutils") + "/bin/mv\"'")) #:phases (alist-cons-before 'configure 'pre-configure (lambda _ - (substitute* "configure" - ;; Refer to the right executables. - (("/usr/bin/mv") (which "mv")) - (("/usr/bin/sh") (which "sh"))) + (substitute* "src/sudo_usage.h.in" + ;; Do not capture 'configure' arguments since we would + ;; unduly retain references, and also because the + ;; CPPFLAGS above would close the string literal + ;; prematurely. + (("@CONFIGURE_ARGS@") "\"\"")) (substitute* (find-files "." "Makefile\\.in") - (("-O [[:graph:]]+ -G [[:graph:]]+") + (("-o [[:graph:]]+ -g [[:graph:]]+") ;; Allow installation as non-root. "") (("^install: (.*)install-sudoers(.*)" _ before after) |