diff options
Diffstat (limited to 'gnu')
-rw-r--r-- | gnu/local.mk | 2 | ||||
-rw-r--r-- | gnu/packages/patches/xinetd-CVE-2013-4342.patch | 36 | ||||
-rw-r--r-- | gnu/packages/patches/xinetd-fix-fd-leak.patch | 26 | ||||
-rw-r--r-- | gnu/packages/web.scm | 20 |
4 files changed, 11 insertions, 73 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index a49c9109ab..88b0f98aa0 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1466,8 +1466,6 @@ dist_patch_DATA = \ %D%/packages/patches/xf86-video-voodoo-pcitag.patch \ %D%/packages/patches/xfce4-panel-plugins.patch \ %D%/packages/patches/xfce4-settings-defaults.patch \ - %D%/packages/patches/xinetd-fix-fd-leak.patch \ - %D%/packages/patches/xinetd-CVE-2013-4342.patch \ %D%/packages/patches/xsane-fix-memory-leak.patch \ %D%/packages/patches/xsane-fix-pdf-floats.patch \ %D%/packages/patches/xsane-fix-snprintf-buffer-length.patch \ diff --git a/gnu/packages/patches/xinetd-CVE-2013-4342.patch b/gnu/packages/patches/xinetd-CVE-2013-4342.patch deleted file mode 100644 index ad57bc7b0e..0000000000 --- a/gnu/packages/patches/xinetd-CVE-2013-4342.patch +++ /dev/null @@ -1,36 +0,0 @@ -Fix CVE-2013-4342: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4342 -https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678 - -Patch copied from upstream source repository: - -https://github.com/xinetd-org/xinetd/commit/91e2401a219121eae15244a6b25d2e79c1af5864 - -From 91e2401a219121eae15244a6b25d2e79c1af5864 Mon Sep 17 00:00:00 2001 -From: Thomas Swan <thomas.swan@gmail.com> -Date: Wed, 2 Oct 2013 23:17:17 -0500 -Subject: [PATCH] CVE-2013-4342: xinetd: ignores user and group directives for - TCPMUX services - -Originally reported to Debian in 2005 <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678> and rediscovered <https://bugzilla.redhat.com/show_bug.cgi?id=1006100>, xinetd would execute TCPMUX services without dropping privilege to match the service configuration allowing the service to run with same privilege as the xinetd process (root). ---- - xinetd/builtins.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/xinetd/builtins.c b/xinetd/builtins.c -index 3b85579..34a5bac 100644 ---- a/xinetd/builtins.c -+++ b/xinetd/builtins.c -@@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp ) - if( SC_IS_INTERNAL( scp ) ) { - SC_INTERNAL(scp, nserp); - } else { -- exec_server(nserp); -+ child_process(nserp); - } - } - --- -2.7.4 - diff --git a/gnu/packages/patches/xinetd-fix-fd-leak.patch b/gnu/packages/patches/xinetd-fix-fd-leak.patch deleted file mode 100644 index 77e4600185..0000000000 --- a/gnu/packages/patches/xinetd-fix-fd-leak.patch +++ /dev/null @@ -1,26 +0,0 @@ -Fix a file descriptor leak: - -https://github.com/xinetd-org/xinetd/issues/23 - -Patch copied from Debian: - -https://anonscm.debian.org/cgit/collab-maint/xinetd.git/tree/debian/patches/000012-fix_fd_leak - -Patch sent upstream at https://github.com/xinetd-org/xinetd/pull/26. - -diff --git a/xinetd/xgetloadavg.c b/xinetd/xgetloadavg.c -index 5a26214..fe0f872 100644 ---- a/xinetd/xgetloadavg.c -+++ b/xinetd/xgetloadavg.c -@@ -34,7 +34,7 @@ double xgetloadavg(void) - - if( fscanf(fd, "%lf", &ret) != 1 ) { - perror("fscanf"); -- return -1; -+ ret = -1; - } - - fclose(fd); --- -2.7.4 - diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index e2ca9de9e4..31eff55d39 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -5329,25 +5329,27 @@ additional capabilities.") (define-public xinetd (package (name "xinetd") - (version "2.3.15") + ;; This is the maintenance fork currently used by openSUSE and Debian. + (version "2.3.15.4") (source (origin (method git-fetch) (uri (git-reference - (url "https://github.com/xinetd-org/xinetd.git") - (commit (string-append "xinetd-" - (string-join (string-split version #\.) - "-"))))) + (url "https://github.com/openSUSE/xinetd.git") + (commit version))) (file-name (git-file-name name version)) - (patches (search-patches "xinetd-CVE-2013-4342.patch" - "xinetd-fix-fd-leak.patch")) (sha256 - (base32 "0wjai6qagcgxpa1khh639ih7kswgkryc7ll1i4hxhs29sc7irdcn")))) + (base32 "0lrp3lcj6azhjplwxws2rx40bkyp6i6bp7n77ndcisb7ninad30q")))) (build-system gnu-build-system) (arguments `(#:configure-flags '("--with-loadavg") #:tests? #f)) ; no tests - (home-page "https://github.com/xinetd-org/xinetd") + (native-inputs + `(("autoconf" ,autoconf) + ("automake" ,automake) + ("libtool" ,libtool) + ("pkg-config" ,pkg-config))) + (home-page "https://github.com/openSUSE/xinetd") (synopsis "Internet services daemon") (description "@code{xinetd}, a more secure replacement for @code{inetd}, listens for incoming requests over a network and launches the appropriate |