01/01: gnu: sudo: Upgrade to 1.8.15 [fixes CVE-2015-5602].

[Ludovic Courtès]

civodul pushed a commit to branch master
in repository guix.

commit 0086ec733c9a968da1f817c3004b4e8742ab4f4d
Author: Ludovic Courtès <address@hidden>
Date:   Thu Nov 12 11:45:23 2015 +0100

    gnu: sudo: Upgrade to 1.8.15 [fixes CVE-2015-5602].
    
    * gnu/packages/admin.scm (sudo)[arguments]: Add CPPFLAGS to
      #:configure-flags.   In 'pre-configure' phase, modify
      'sudo_usage.h.in'.  Add pattern to remove '-o 0 -g 0' installation
      flag in 'Makefile.in', and remove pattern for '-O 0 -G 0'.  Remove
      modifications of 'configure'.
---
 gnu/packages/admin.scm |   31 ++++++++++++++++++++-----------
 1 files changed, 20 insertions(+), 11 deletions(-)

diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 6aca857..7fbc9fd 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -647,7 +647,7 @@ system administrator.")
 (define-public sudo
   (package
     (name "sudo")
-    (version "1.8.10p3")
+    (version "1.8.15")
     (source (origin
               (method url-fetch)
               (uri
@@ -657,22 +657,31 @@ system administrator.")
                                     version ".tar.gz")))
               (sha256
                (base32
-                "002l6h27pnhb77b65frhazbhknsxvrsnkpi43j7i0qw1lrgi7nkf"))))
+                "0263gi6i19fyzzc488n0qw3m518i39f6a7qmrfvahk9j10bkh5j3"))))
     (build-system gnu-build-system)
     (arguments
-     `(#:configure-flags '("--with-logpath=/var/log/sudo.log"
-                           "--with-rundir=/run/sudo"
-                           "--with-vardir=/var/db/sudo"
-                           "--with-iologdir=/var/log/sudo-io")
+     `(#:configure-flags
+       (list "--with-logpath=/var/log/sudo.log"
+             "--with-rundir=/run/sudo"
+             "--with-vardir=/var/db/sudo"
+             "--with-iologdir=/var/log/sudo-io"
+
+             ;; 'visudo.c' expects _PATH_MV to be defined, but glibc doesn't
+             ;; provide it.
+             (string-append "CPPFLAGS=-D_PATH_MV='\""
+                            (assoc-ref %build-inputs "coreutils")
+                            "/bin/mv\"'"))
        #:phases (alist-cons-before
                  'configure 'pre-configure
                  (lambda _
-                   (substitute* "configure"
-                     ;; Refer to the right executables.
-                     (("/usr/bin/mv") (which "mv"))
-                     (("/usr/bin/sh") (which "sh")))
+                   (substitute* "src/sudo_usage.h.in"
+                     ;; Do not capture 'configure' arguments since we would
+                     ;; unduly retain references, and also because the
+                     ;; CPPFLAGS above would close the string literal
+                     ;; prematurely.
+                     (("@CONFIGURE_ARGS@") "\"\""))
                    (substitute* (find-files "." "Makefile\\.in")
-                     (("-O [[:graph:]]+ -G [[:graph:]]+")
+                     (("-o [[:graph:]]+ -g [[:graph:]]+")
                       ;; Allow installation as non-root.
                       "")
                      (("^install: (.*)install-sudoers(.*)" _ before after)