summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--gnu/local.mk2
-rw-r--r--gnu/packages/patches/xinetd-CVE-2013-4342.patch36
-rw-r--r--gnu/packages/patches/xinetd-fix-fd-leak.patch26
-rw-r--r--gnu/packages/web.scm20
4 files changed, 11 insertions, 73 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index a49c9109ab..88b0f98aa0 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1466,8 +1466,6 @@ dist_patch_DATA = \
%D%/packages/patches/xf86-video-voodoo-pcitag.patch \
%D%/packages/patches/xfce4-panel-plugins.patch \
%D%/packages/patches/xfce4-settings-defaults.patch \
- %D%/packages/patches/xinetd-fix-fd-leak.patch \
- %D%/packages/patches/xinetd-CVE-2013-4342.patch \
%D%/packages/patches/xsane-fix-memory-leak.patch \
%D%/packages/patches/xsane-fix-pdf-floats.patch \
%D%/packages/patches/xsane-fix-snprintf-buffer-length.patch \
diff --git a/gnu/packages/patches/xinetd-CVE-2013-4342.patch b/gnu/packages/patches/xinetd-CVE-2013-4342.patch
deleted file mode 100644
index ad57bc7b0e..0000000000
--- a/gnu/packages/patches/xinetd-CVE-2013-4342.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Fix CVE-2013-4342:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4342
-https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678
-
-Patch copied from upstream source repository:
-
-https://github.com/xinetd-org/xinetd/commit/91e2401a219121eae15244a6b25d2e79c1af5864
-
-From 91e2401a219121eae15244a6b25d2e79c1af5864 Mon Sep 17 00:00:00 2001
-From: Thomas Swan <thomas.swan@gmail.com>
-Date: Wed, 2 Oct 2013 23:17:17 -0500
-Subject: [PATCH] CVE-2013-4342: xinetd: ignores user and group directives for
- TCPMUX services
-
-Originally reported to Debian in 2005 <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678> and rediscovered <https://bugzilla.redhat.com/show_bug.cgi?id=1006100>, xinetd would execute TCPMUX services without dropping privilege to match the service configuration allowing the service to run with same privilege as the xinetd process (root).
----
- xinetd/builtins.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/xinetd/builtins.c b/xinetd/builtins.c
-index 3b85579..34a5bac 100644
---- a/xinetd/builtins.c
-+++ b/xinetd/builtins.c
-@@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp )
- if( SC_IS_INTERNAL( scp ) ) {
- SC_INTERNAL(scp, nserp);
- } else {
-- exec_server(nserp);
-+ child_process(nserp);
- }
- }
-
---
-2.7.4
-
diff --git a/gnu/packages/patches/xinetd-fix-fd-leak.patch b/gnu/packages/patches/xinetd-fix-fd-leak.patch
deleted file mode 100644
index 77e4600185..0000000000
--- a/gnu/packages/patches/xinetd-fix-fd-leak.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Fix a file descriptor leak:
-
-https://github.com/xinetd-org/xinetd/issues/23
-
-Patch copied from Debian:
-
-https://anonscm.debian.org/cgit/collab-maint/xinetd.git/tree/debian/patches/000012-fix_fd_leak
-
-Patch sent upstream at https://github.com/xinetd-org/xinetd/pull/26.
-
-diff --git a/xinetd/xgetloadavg.c b/xinetd/xgetloadavg.c
-index 5a26214..fe0f872 100644
---- a/xinetd/xgetloadavg.c
-+++ b/xinetd/xgetloadavg.c
-@@ -34,7 +34,7 @@ double xgetloadavg(void)
-
- if( fscanf(fd, "%lf", &ret) != 1 ) {
- perror("fscanf");
-- return -1;
-+ ret = -1;
- }
-
- fclose(fd);
---
-2.7.4
-
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index e2ca9de9e4..31eff55d39 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -5329,25 +5329,27 @@ additional capabilities.")
(define-public xinetd
(package
(name "xinetd")
- (version "2.3.15")
+ ;; This is the maintenance fork currently used by openSUSE and Debian.
+ (version "2.3.15.4")
(source
(origin
(method git-fetch)
(uri (git-reference
- (url "https://github.com/xinetd-org/xinetd.git")
- (commit (string-append "xinetd-"
- (string-join (string-split version #\.)
- "-")))))
+ (url "https://github.com/openSUSE/xinetd.git")
+ (commit version)))
(file-name (git-file-name name version))
- (patches (search-patches "xinetd-CVE-2013-4342.patch"
- "xinetd-fix-fd-leak.patch"))
(sha256
- (base32 "0wjai6qagcgxpa1khh639ih7kswgkryc7ll1i4hxhs29sc7irdcn"))))
+ (base32 "0lrp3lcj6azhjplwxws2rx40bkyp6i6bp7n77ndcisb7ninad30q"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags '("--with-loadavg")
#:tests? #f)) ; no tests
- (home-page "https://github.com/xinetd-org/xinetd")
+ (native-inputs
+ `(("autoconf" ,autoconf)
+ ("automake" ,automake)
+ ("libtool" ,libtool)
+ ("pkg-config" ,pkg-config)))
+ (home-page "https://github.com/openSUSE/xinetd")
(synopsis "Internet services daemon")
(description "@code{xinetd}, a more secure replacement for @code{inetd},
listens for incoming requests over a network and launches the appropriate