diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/security/super')
-rw-r--r-- | nixpkgs/pkgs/tools/security/super/0001-Remove-references-to-dropped-sys_nerr-sys_errlist-fo.patch | 51 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/security/super/default.nix | 50 |
2 files changed, 101 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/tools/security/super/0001-Remove-references-to-dropped-sys_nerr-sys_errlist-fo.patch b/nixpkgs/pkgs/tools/security/super/0001-Remove-references-to-dropped-sys_nerr-sys_errlist-fo.patch new file mode 100644 index 000000000000..048486caafd7 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/super/0001-Remove-references-to-dropped-sys_nerr-sys_errlist-fo.patch @@ -0,0 +1,51 @@ +From 86e37c1c09c23924c4e055a3d4b8c79f19cd0599 Mon Sep 17 00:00:00 2001 +From: Maximilian Bosch <maximilian@mbosch.me> +Date: Mon, 10 Aug 2020 21:33:39 +0200 +Subject: [PATCH] Remove references to dropped `sys_nerr` & `sys_errlist` for + `glibc-2.32` compat + +According to the release-notes[1], `strerror(3)` should be used. This is +already the case, however the source tries to be backwards-compatible by +supporting `sys_nerr` & `sys_errlist` which breaks compilation +unfortunately. + +Simply using `strerror` fixes the problems. + +[1] https://sourceware.org/pipermail/libc-announce/2020/000029.html +--- + utils.c | 12 +----------- + 1 file changed, 1 insertion(+), 11 deletions(-) + +diff --git a/utils.c b/utils.c +index 3ec70b6..430f027 100644 +--- a/utils.c ++++ b/utils.c +@@ -2003,7 +2003,6 @@ int n; + + #ifdef HAVE_SYS_ERRLIST + extern char *sys_errlist[]; +- extern int sys_nerr; + #endif + + /* +@@ -2019,16 +2018,7 @@ int errnum; + sprintf(buf, "Error %d", errnum); + return buf; + #else +- if (errnum < 0 || errnum > sys_nerr) { +- sprintf(buf, "Error %d (!)", errnum); +- return buf; +- } else { +-#ifdef HAVE_STRERROR +- return strerror(errnum); +-#else +- return sys_errlist[errnum]; +-#endif +- } ++ return strerror(errnum); + #endif + } + +-- +2.25.4 + diff --git a/nixpkgs/pkgs/tools/security/super/default.nix b/nixpkgs/pkgs/tools/security/super/default.nix new file mode 100644 index 000000000000..d87580975f19 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/super/default.nix @@ -0,0 +1,50 @@ +{ lib, stdenv, fetchurl, fetchpatch }: + +stdenv.mkDerivation rec { + pname = "super"; + version = "3.30.0"; + + src = fetchurl { + name = "super-${version}.tar.gz"; + url = "https://www.ucolick.org/~will/RUE/super/super-${version}-tar.gz"; + sha256 = "0k476f83w7f45y9jpyxwr00ikv1vhjiq0c26fgjch9hnv18icvwy"; + }; + + prePatch = '' + # do not set sticky bit in nix store + substituteInPlace Makefile.in \ + --replace "-o root" "" \ + --replace 04755 755 + ''; + + patches = [ + ./0001-Remove-references-to-dropped-sys_nerr-sys_errlist-fo.patch + (fetchpatch { + name = "CVE-2014-0470.patch"; + url = "https://salsa.debian.org/debian/super/raw/debian/3.30.0-7/debian/patches/14-Fix-unchecked-setuid-call.patch"; + sha256 = "08m9hw4kyfjv0kqns1cqha4v5hkgp4s4z0q1rgif1fnk14xh7wqh"; + }) + ]; + + NIX_CFLAGS_COMPILE = "-D_GNU_SOURCE"; + + configureFlags = [ + "--sysconfdir=/etc" + "--localstatedir=/var" + ]; + + installFlags = [ "sysconfdir=$(out)/etc" "localstatedir=$(TMPDIR)" ]; + + meta = { + homepage = "https://www.ucolick.org/~will/#super"; + description = "Allows users to execute scripts as if they were root"; + longDescription = + '' + This package provides two commands: 1) “super”, which allows + users to execute commands under a different uid/gid (specified + in /etc/super.tab); and 2) “setuid”, which allows root to + execute a command under a different uid. + ''; + platforms = lib.platforms.linux; + }; +} |