mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-12-29 14:57:28 +03:00
Merge #26628: treewide: setuid/setgid fallout
This commit is contained in:
commit
d88c0cf867
@ -7,8 +7,9 @@ stdenv.mkDerivation {
|
||||
};
|
||||
buildInputs = [ intltool glib pkgconfig udev ];
|
||||
configurePhase = ''
|
||||
substituteInPlace src/Makefile.am --replace "-o root -g root" ""
|
||||
substituteInPlace src/Makefile.in --replace "-o root -g root" ""
|
||||
# do not set setuid bit in nix store
|
||||
substituteInPlace src/Makefile.in --replace 4755 0755
|
||||
./configure \
|
||||
--prefix=$out \
|
||||
--with-mount-prog=${utillinux}/bin/mount \
|
||||
@ -17,10 +18,6 @@ stdenv.mkDerivation {
|
||||
--with-setfacl-prog=${acl.bin}/bin/setfacl \
|
||||
--sysconfdir=$prefix/etc
|
||||
'';
|
||||
preConfigure = ''
|
||||
cat src/Makefile.am
|
||||
exit 2
|
||||
'';
|
||||
patches = [ ./device-info-sys-stat.patch ];
|
||||
meta = {
|
||||
description = "A command line Linux program which mounts and unmounts removable devices without a password, shows device info, and monitors device changes";
|
||||
|
@ -20,6 +20,8 @@ stdenv.mkDerivation rec {
|
||||
"--with-gamesdir=/tmp/unnethack"
|
||||
];
|
||||
|
||||
makeFlags = [ "GAMEPERM=744" ];
|
||||
|
||||
postInstall = ''
|
||||
cp -r /tmp/unnethack $out/share/unnethack/profile
|
||||
mv $out/bin/unnethack $out/bin/.wrapped_unnethack
|
||||
|
@ -26,6 +26,8 @@ stdenv.mkDerivation rec {
|
||||
# Fix Makefiles
|
||||
find . -name 'Makefile.in' -exec sed -re 's@^ ( *)(cd|[&][&])@ \1\2@' -i '{}' ';'
|
||||
find . -name 'Makefile.in' -exec sed -e '/chown/d; /chgrp/d' -i '{}' ';'
|
||||
# do not set sticky bit in nix store
|
||||
find . -name 'Makefile.in' -exec sed -e 's/04755/755/g' -i '{}' ';'
|
||||
sed -e '/^ * *[$][(]tcltkdir[)]\/[*][.][*]/d' -i tcltk/Makefile.in
|
||||
|
||||
# Fix C files
|
||||
|
@ -15,6 +15,10 @@ stdenv.mkDerivation rec {
|
||||
|
||||
hardeningDisable = [ "format" ];
|
||||
|
||||
prePatch = ''
|
||||
substituteInPlace Makefile.in --replace 4755 0755
|
||||
'';
|
||||
|
||||
preConfigure = ''
|
||||
sed -e 's/getline/my_getline/' -i score.c
|
||||
|
||||
@ -22,7 +26,7 @@ stdenv.mkDerivation rec {
|
||||
cat >>config.h <<EOF
|
||||
#define HERE "@nixos-packaged"
|
||||
#define WWW 0
|
||||
#define OWNER "'$(whoami)'"
|
||||
#define OWNER "$(whoami)"
|
||||
#define ROOTDIR "$out/lib/xsokoban"
|
||||
#define ANYLEVEL 1
|
||||
#define SCOREFILE ".xsokoban-score"
|
||||
|
@ -13,6 +13,11 @@ stdenv.mkDerivation rec {
|
||||
|
||||
buildInputs = [ pkgconfig fuse pcre ];
|
||||
|
||||
prePatch = ''
|
||||
# do not set sticky bit in nix store
|
||||
substituteInPlace Makefile --replace 6755 0755
|
||||
'';
|
||||
|
||||
preConfigure = "substituteInPlace Makefile --replace /usr/local $out";
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
|
@ -29,8 +29,9 @@ stdenv.mkDerivation rec {
|
||||
|
||||
for f in $(find ./ -name Makefile.in); do
|
||||
echo patching $f...
|
||||
sed -i $f -e '/PBS_MKDIRS/d'
|
||||
sed -i $f -e '/PBS_MKDIRS/d' -e '/chmod u+s/d'
|
||||
done
|
||||
|
||||
'';
|
||||
|
||||
postInstall = ''
|
||||
|
@ -21,6 +21,10 @@ stdenv.mkDerivation rec {
|
||||
|
||||
buildInputs = [ cmake libxslt zlib libxml2 ] ++ stdenv.lib.optional enableSSL openssl ;
|
||||
|
||||
prePatch = ''
|
||||
substituteInPlace CMakeLists.txt --replace SETUID ""
|
||||
'';
|
||||
|
||||
cmakeFlags = [
|
||||
( if enableSSL then "-DENABLE_TLS=on" else "-DENABLE_TLS=off" )
|
||||
( if enableMonitor then "-DENABLE_MONITOR=on" else "-DENABLE_MONITOR=off" )
|
||||
|
@ -59,6 +59,12 @@ stdenv.mkDerivation rec {
|
||||
})
|
||||
];
|
||||
|
||||
# Run this after to avoid conflict with patches above
|
||||
postPatch = ''
|
||||
sed -i '/chmod u+s/d' Makefile.in
|
||||
'';
|
||||
|
||||
|
||||
buildInputs = [ openssh rsync cvs ];
|
||||
|
||||
configureFlags = [
|
||||
|
@ -10,6 +10,13 @@ stdenv.mkDerivation rec {
|
||||
|
||||
hardeningDisable = [ "format" ];
|
||||
|
||||
prePatch = ''
|
||||
# do not set sticky bit in nix store
|
||||
substituteInPlace Makefile.in \
|
||||
--replace 4555 0555
|
||||
sed -i '/chown $(OWNER)/d' Makefile.in
|
||||
'';
|
||||
|
||||
meta = {
|
||||
description = "Unix-unix cp over serial line, also includes cu program";
|
||||
|
||||
|
@ -15,6 +15,7 @@ stdenv.mkDerivation rec {
|
||||
postPatch = ''
|
||||
substituteInPlace src/Makefile.in --replace 'root' '$(id -u)'
|
||||
substituteInPlace configure --replace '/dev/input' '/tmp'
|
||||
sed -i '/chmod u+s/d' src/Makefile.in
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
|
@ -14,6 +14,11 @@ stdenv.mkDerivation rec {
|
||||
sha256 = "07fvh8qy0l1h93lccc625f48d8yp0pkp5rjjykq13pb07ar0x64y";
|
||||
};
|
||||
|
||||
prePatch = ''
|
||||
# do not set sticky bit in nix store
|
||||
substituteInPlace src/Makefile.in --replace 04755 0755
|
||||
'';
|
||||
|
||||
configureFlags = [
|
||||
"--with-env-editor"
|
||||
"--with-editor=/run/current-system/sw/bin/nano"
|
||||
|
@ -9,6 +9,13 @@ stdenv.mkDerivation rec {
|
||||
sha256 = "0k476f83w7f45y9jpyxwr00ikv1vhjiq0c26fgjch9hnv18icvwy";
|
||||
};
|
||||
|
||||
prePatch = ''
|
||||
# do not set sticky bit in nix store
|
||||
substituteInPlace Makefile.in \
|
||||
--replace "-o root" "" \
|
||||
--replace 04755 755
|
||||
'';
|
||||
|
||||
patches = [
|
||||
(fetchpatch { url = http://anonscm.debian.org/cgit/users/robert/super.git/plain/debian/patches/14-Fix-unchecked-setuid-call.patch;
|
||||
sha256 = "08m9hw4kyfjv0kqns1cqha4v5hkgp4s4z0q1rgif1fnk14xh7wqh";
|
||||
|
@ -20,7 +20,7 @@
|
||||
+ $(INSTALL) -m 755 -d $(IROOT)$(sbindir)
|
||||
+ $(INSTALL) -m 755 -d $(IROOT)$(docdir)
|
||||
+ $(INSTALL) -m 755 -d $(IROOT)$(atdocdir)
|
||||
+ $(INSTALL) -m 6755 -s at $(IROOT)$(bindir)
|
||||
+ $(INSTALL) -m 0755 -s at $(IROOT)$(bindir)
|
||||
$(LN_S) -f at $(IROOT)$(bindir)/atq
|
||||
$(LN_S) -f at $(IROOT)$(bindir)/atrm
|
||||
- $(INSTALL) -g root -o root -m 755 batch $(IROOT)$(bindir)
|
||||
|
@ -12,7 +12,8 @@ stdenv.mkDerivation {
|
||||
hardeningEnable = [ "pie" ];
|
||||
|
||||
preBuild = ''
|
||||
substituteInPlace Makefile --replace ' -o root' ' ' --replace 111 755
|
||||
# do not set sticky bit in /nix/store
|
||||
substituteInPlace Makefile --replace ' -o root' ' ' --replace 111 755 --replace 4755 0755
|
||||
makeFlags="DESTROOT=$out CC=cc"
|
||||
|
||||
# We want to ignore the $glibc/include/paths.h definition of
|
||||
|
@ -10,6 +10,11 @@ stdenv.mkDerivation rec {
|
||||
sha256 = "1x4skb5nmv2xj8cygj8pq1rd1ws4m2fsibw54yslgdyjri4r2yq7";
|
||||
};
|
||||
|
||||
prePatch = ''
|
||||
# do not set sticky bit in nix store.
|
||||
substituteInPlace Makefile --replace 2750 0750
|
||||
'';
|
||||
|
||||
preConfigure = ''
|
||||
substituteInPlace src/logtail --replace "/usr/bin/perl" "${perl}/bin/perl"
|
||||
substituteInPlace src/logtail2 --replace "/usr/bin/perl" "${perl}/bin/perl"
|
||||
|
Loading…
Reference in New Issue
Block a user