* Security fix for CVE-2007-5191.

svn path=/nixpkgs/trunk/; revision=12417
This commit is contained in:
Eelco Dolstra 2008-07-24 13:48:23 +00:00
parent c32f7569dc
commit 874804eb04

View file

@ -1,4 +1,4 @@
args: with args; {stdenv, fetchurl, ncurses ? null}:
stdenv.mkDerivation { stdenv.mkDerivation {
name = "util-linux-2.13-pre7"; name = "util-linux-2.13-pre7";
@ -7,16 +7,23 @@ stdenv.mkDerivation {
url = mirror://kernel/linux/utils/util-linux/testing/util-linux-2.13-pre7.tar.bz2; url = mirror://kernel/linux/utils/util-linux/testing/util-linux-2.13-pre7.tar.bz2;
md5 = "13cdf4b76533e8421dc49de188f85291"; md5 = "13cdf4b76533e8421dc49de188f85291";
}; };
patches = [
# Fix for a local root exploit via mount/umount
# (http://www.gentoo.org/security/en/glsa/glsa-200710-18.xml).
(fetchurl {
url = "http://sources.gentoo.org/viewcvs.py/*checkout*/gentoo-x86/sys-apps/util-linux/files/util-linux-2.13-setuid-checks.patch?rev=1.1";
sha256 = "02ky7ljzqpx8ii3dfmjydw8nnhshpw2inwh6w1vqllz8mhn81jdf";
})
];
configureFlags = "--disable-use-tty-group"; configureFlags = "--disable-use-tty-group";
buildInputs = [] buildInputs = stdenv.lib.optional (ncurses != null) ncurses;
++ (if args ? ncurses then [args.ncurses] else [])
;
preBuild = " preBuild = ''
makeFlagsArray=(usrbinexecdir=$out/bin usrsbinexecdir=$out/sbin datadir=$out/share exampledir=$out/share/getopt) makeFlagsArray=(usrbinexecdir=$out/bin usrsbinexecdir=$out/sbin datadir=$out/share exampledir=$out/share/getopt)
"; '';
# Hack to get static builds to work. # Hack to get static builds to work.
NIX_CFLAGS_COMPILE = "-DHAVE___PROGNAME=1"; NIX_CFLAGS_COMPILE = "-DHAVE___PROGNAME=1";