mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-24 21:38:07 -05:00
gnu: Add xinetd.
* gnu/packages/web.scm (xinetd): New variable. * gnu/packages/patches/xinetd-CVE-2013-4342.patch, gnu/packages/patches/xinetd-fix-fd-leak.patch: New files. * gnu/local.mk (dist_patch_DATA): Add patches. Signed-off-by: Leo Famulari <leo@famulari.name>
This commit is contained in:
parent
9b11eee955
commit
59ae241f71
4 changed files with 89 additions and 0 deletions
|
@ -956,6 +956,8 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/xfce4-panel-plugins.patch \
|
%D%/packages/patches/xfce4-panel-plugins.patch \
|
||||||
%D%/packages/patches/xfce4-session-fix-xflock4.patch \
|
%D%/packages/patches/xfce4-session-fix-xflock4.patch \
|
||||||
%D%/packages/patches/xfce4-settings-defaults.patch \
|
%D%/packages/patches/xfce4-settings-defaults.patch \
|
||||||
|
%D%/packages/patches/xinetd-fix-fd-leak.patch \
|
||||||
|
%D%/packages/patches/xinetd-CVE-2013-4342.patch \
|
||||||
%D%/packages/patches/xmodmap-asprintf.patch \
|
%D%/packages/patches/xmodmap-asprintf.patch \
|
||||||
%D%/packages/patches/libyaml-CVE-2014-9130.patch \
|
%D%/packages/patches/libyaml-CVE-2014-9130.patch \
|
||||||
%D%/packages/patches/zathura-plugindir-environment-variable.patch
|
%D%/packages/patches/zathura-plugindir-environment-variable.patch
|
||||||
|
|
36
gnu/packages/patches/xinetd-CVE-2013-4342.patch
Normal file
36
gnu/packages/patches/xinetd-CVE-2013-4342.patch
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
Fix CVE-2013-4342:
|
||||||
|
|
||||||
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4342
|
||||||
|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678
|
||||||
|
|
||||||
|
Patch copied from upstream source repository:
|
||||||
|
|
||||||
|
https://github.com/xinetd-org/xinetd/commit/91e2401a219121eae15244a6b25d2e79c1af5864
|
||||||
|
|
||||||
|
From 91e2401a219121eae15244a6b25d2e79c1af5864 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Thomas Swan <thomas.swan@gmail.com>
|
||||||
|
Date: Wed, 2 Oct 2013 23:17:17 -0500
|
||||||
|
Subject: [PATCH] CVE-2013-4342: xinetd: ignores user and group directives for
|
||||||
|
TCPMUX services
|
||||||
|
|
||||||
|
Originally reported to Debian in 2005 <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678> and rediscovered <https://bugzilla.redhat.com/show_bug.cgi?id=1006100>, xinetd would execute TCPMUX services without dropping privilege to match the service configuration allowing the service to run with same privilege as the xinetd process (root).
|
||||||
|
---
|
||||||
|
xinetd/builtins.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/xinetd/builtins.c b/xinetd/builtins.c
|
||||||
|
index 3b85579..34a5bac 100644
|
||||||
|
--- a/xinetd/builtins.c
|
||||||
|
+++ b/xinetd/builtins.c
|
||||||
|
@@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp )
|
||||||
|
if( SC_IS_INTERNAL( scp ) ) {
|
||||||
|
SC_INTERNAL(scp, nserp);
|
||||||
|
} else {
|
||||||
|
- exec_server(nserp);
|
||||||
|
+ child_process(nserp);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.7.4
|
||||||
|
|
26
gnu/packages/patches/xinetd-fix-fd-leak.patch
Normal file
26
gnu/packages/patches/xinetd-fix-fd-leak.patch
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
Fix a file descriptor leak:
|
||||||
|
|
||||||
|
https://github.com/xinetd-org/xinetd/issues/23
|
||||||
|
|
||||||
|
Patch copied from Debian:
|
||||||
|
|
||||||
|
https://anonscm.debian.org/cgit/collab-maint/xinetd.git/tree/debian/patches/000012-fix_fd_leak
|
||||||
|
|
||||||
|
Patch sent upstream at https://github.com/xinetd-org/xinetd/pull/26.
|
||||||
|
|
||||||
|
diff --git a/xinetd/xgetloadavg.c b/xinetd/xgetloadavg.c
|
||||||
|
index 5a26214..fe0f872 100644
|
||||||
|
--- a/xinetd/xgetloadavg.c
|
||||||
|
+++ b/xinetd/xgetloadavg.c
|
||||||
|
@@ -34,7 +34,7 @@ double xgetloadavg(void)
|
||||||
|
|
||||||
|
if( fscanf(fd, "%lf", &ret) != 1 ) {
|
||||||
|
perror("fscanf");
|
||||||
|
- return -1;
|
||||||
|
+ ret = -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
fclose(fd);
|
||||||
|
--
|
||||||
|
2.7.4
|
||||||
|
|
|
@ -3995,3 +3995,28 @@ (define-public stunnel
|
||||||
scalability (including load-balancing), making it suitable for large
|
scalability (including load-balancing), making it suitable for large
|
||||||
deployments.")
|
deployments.")
|
||||||
(license l:gpl2+)))
|
(license l:gpl2+)))
|
||||||
|
|
||||||
|
(define-public xinetd
|
||||||
|
(package
|
||||||
|
(name "xinetd")
|
||||||
|
(version "2.3.15")
|
||||||
|
(source
|
||||||
|
(origin
|
||||||
|
(method url-fetch)
|
||||||
|
(uri "https://github.com/xinetd-org/xinetd/archive/xinetd-2-3-15.tar.gz")
|
||||||
|
(patches (search-patches "xinetd-CVE-2013-4342.patch" "xinetd-fix-fd-leak.patch"))
|
||||||
|
(sha256
|
||||||
|
(base32
|
||||||
|
"0k59x52cbzp5fw0n8zn0y54j1ps0x9b72y8k5grzswjdmgs2a2v2"))))
|
||||||
|
(build-system gnu-build-system)
|
||||||
|
(arguments
|
||||||
|
`(#:configure-flags '("--with-loadavg")
|
||||||
|
#:tests? #f )) ; no tests
|
||||||
|
(home-page "https://github.com/xinetd-org/xinetd")
|
||||||
|
(synopsis "Internet services daemon")
|
||||||
|
(description "@code{xinetd}, a more secure replacement for @code{inetd},
|
||||||
|
listens for incoming requests over a network and launches the appropriate
|
||||||
|
service for that request. Requests are made using port numbers as identifiers
|
||||||
|
and xinetd usually launches another daemon to handle the request. It can be
|
||||||
|
used to start services with both privileged and non-privileged port numbers.")
|
||||||
|
(license (l:fsf-free "file://COPYRIGHT"))))
|
||||||
|
|
Loading…
Reference in a new issue