sudo: Update to 1.8.7p7

Ouch, our sudo was criminally outdated. CVE-2013-1775, CVE-2013-1776, CVE-2012-2337, CVE-2011-0010.
2024-11-05 22:06:00 +03:00 · 2013-04-03 13:10:53 +02:00 · 2013-04-03 13:10:53 +02:00 · 91ff5e33cc
commit 91ff5e33cc
parent 8ad8eb6ee0
1 changed files with 30 additions and 20 deletions
--- a/pkgs/tools/security/sudo/default.nix
+++ b/pkgs/tools/security/sudo/default.nix
@ -1,37 +1,45 @@
-{stdenv, fetchurl, coreutils, pam, groff}:
+{ stdenv, fetchurl, coreutils, pam, groff }:

 stdenv.mkDerivation rec {
-  name = "sudo-1.7.2";
+  name = "sudo-1.8.6p7";

  src = fetchurl {
-    urls = 
+    urls =
      [ "ftp://ftp.sudo.ws/pub/sudo/${name}.tar.gz"
        "ftp://ftp.sudo.ws/pub/sudo/OLD/${name}.tar.gz"
      ];
-    sha256 = "02hhvwxj7gnsvmq3cjh592g2xdjpkfcp1jjvwb64nxsz2kbccwy1";
+    sha256 = "0djh2b14d1b1knah46v971x940rz63hvnskz16fzami3nbnqj41h";
  };

-  # `--with-stow' allows /etc/sudoers to be a symlink.  Only it
-  # doesn't really help because the target still has to have mode 0440,
-  # while files in the Nix store all have mode 0444.
-  #configureFlags = "--with-stow";
+  postConfigure = ''
+    cat >> pathnames.h <<EOF
+    #undef  _PATH_SUDO_LOGFILE
+    #define _PATH_SUDO_LOGFILE "/var/log/sudo.log"
+    #undef  _PATH_SUDO_TIMEDIR
+    #define _PATH_SUDO_TIMEDIR "/run/sudo"
+    #undef  _PATH_VI
+    #define _PATH_VI "/run/current-system/sw/bin/nano"
+    #undef  _PATH_MV
+    #define _PATH_MV "${coreutils}/bin/mv"
+    EOF

-  postConfigure = "
-    sed -e '/_PATH_MV/d; /_PATH_VI/d' -i config.h
-    echo '#define _PATH_SUDO_LOGFILE \"/var/log/sudo.log\"' >> config.h
-    echo '#define _PATH_SUDO_TIMEDIR \"/var/run/sudo\"' >> config.h
-    echo '#define _PATH_MV \"/var/run/current-system/sw/bin/mv\"' >> config.h
-    echo '#define _PATH_VI \"/var/run/current-system/sw/bin/nano\"' >> config.h
-    echo '#define EDITOR _PATH_VI' >>config.h
+    makeFlags="install_uid=$(id -u) install_gid=$(id -g)"
+    installFlags="sudoers_uid=$(id -u) sudoers_gid=$(id -g) sysconfdir=$out/etc"
+  '';

-    makeFlags=\"install_uid=$(id -u) install_gid=$(id -g)\"
-    installFlags=\"sudoers_uid=$(id -u) sudoers_gid=$(id -g) sysconfdir=$out/etc\"
-  ";
+  buildInputs = [ coreutils pam groff ];

-  buildInputs = [coreutils pam groff];
+  enableParallelBuilding = true;
+
+  postInstall = ''
+    # ‘visudo’ does not make sense on NixOS.
+    rm $out/sbin/visudo $out/share/man/man8/visudo.8
+
+    rm $out/share/doc/sudo/ChangeLog
+  '';

  meta = {
-    description = "sudo, a command to run commands as root";
+    description = "A command to run commands as root";

    longDescription = ''
      Sudo (su "do") allows a system administrator to delegate
@ -43,5 +51,7 @@ stdenv.mkDerivation rec {
    homepage = http://www.sudo.ws/;

    license = http://www.sudo.ws/sudo/license.html;
+
+    maintainers = [ stdenv.lib.maintainers.eelco ];
  };
 }