aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorThomas Danckaert <thomas.danckaert@gmail.com>2017-01-26 11:35:50 +0100
committerLeo Famulari <leo@famulari.name>2017-01-31 15:06:19 -0500
commit59ae241f7189252c72394fae2e2b85ca61b72755 (patch)
treea2eb3448c63639998c6fd9c8e6bd7b93bc7b7b6e /gnu/packages/patches
parent9b11eee955fe788af45c376fb595c259fc4f9c52 (diff)
downloadguix-59ae241f7189252c72394fae2e2b85ca61b72755.tar
guix-59ae241f7189252c72394fae2e2b85ca61b72755.tar.gz
gnu: Add xinetd.
* gnu/packages/web.scm (xinetd): New variable. * gnu/packages/patches/xinetd-CVE-2013-4342.patch, gnu/packages/patches/xinetd-fix-fd-leak.patch: New files. * gnu/local.mk (dist_patch_DATA): Add patches. Signed-off-by: Leo Famulari <leo@famulari.name>
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/xinetd-CVE-2013-4342.patch36
-rw-r--r--gnu/packages/patches/xinetd-fix-fd-leak.patch26
2 files changed, 62 insertions, 0 deletions
diff --git a/gnu/packages/patches/xinetd-CVE-2013-4342.patch b/gnu/packages/patches/xinetd-CVE-2013-4342.patch
new file mode 100644
index 0000000000..ad57bc7b0e
--- /dev/null
+++ b/gnu/packages/patches/xinetd-CVE-2013-4342.patch
@@ -0,0 +1,36 @@
+Fix CVE-2013-4342:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4342
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678
+
+Patch copied from upstream source repository:
+
+https://github.com/xinetd-org/xinetd/commit/91e2401a219121eae15244a6b25d2e79c1af5864
+
+From 91e2401a219121eae15244a6b25d2e79c1af5864 Mon Sep 17 00:00:00 2001
+From: Thomas Swan <thomas.swan@gmail.com>
+Date: Wed, 2 Oct 2013 23:17:17 -0500
+Subject: [PATCH] CVE-2013-4342: xinetd: ignores user and group directives for
+ TCPMUX services
+
+Originally reported to Debian in 2005 <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678> and rediscovered <https://bugzilla.redhat.com/show_bug.cgi?id=1006100>, xinetd would execute TCPMUX services without dropping privilege to match the service configuration allowing the service to run with same privilege as the xinetd process (root).
+---
+ xinetd/builtins.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/xinetd/builtins.c b/xinetd/builtins.c
+index 3b85579..34a5bac 100644
+--- a/xinetd/builtins.c
++++ b/xinetd/builtins.c
+@@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp )
+ if( SC_IS_INTERNAL( scp ) ) {
+ SC_INTERNAL(scp, nserp);
+ } else {
+- exec_server(nserp);
++ child_process(nserp);
+ }
+ }
+
+--
+2.7.4
+
diff --git a/gnu/packages/patches/xinetd-fix-fd-leak.patch b/gnu/packages/patches/xinetd-fix-fd-leak.patch
new file mode 100644
index 0000000000..77e4600185
--- /dev/null
+++ b/gnu/packages/patches/xinetd-fix-fd-leak.patch
@@ -0,0 +1,26 @@
+Fix a file descriptor leak:
+
+https://github.com/xinetd-org/xinetd/issues/23
+
+Patch copied from Debian:
+
+https://anonscm.debian.org/cgit/collab-maint/xinetd.git/tree/debian/patches/000012-fix_fd_leak
+
+Patch sent upstream at https://github.com/xinetd-org/xinetd/pull/26.
+
+diff --git a/xinetd/xgetloadavg.c b/xinetd/xgetloadavg.c
+index 5a26214..fe0f872 100644
+--- a/xinetd/xgetloadavg.c
++++ b/xinetd/xgetloadavg.c
+@@ -34,7 +34,7 @@ double xgetloadavg(void)
+
+ if( fscanf(fd, "%lf", &ret) != 1 ) {
+ perror("fscanf");
+- return -1;
++ ret = -1;
+ }
+
+ fclose(fd);
+--
+2.7.4
+