gnu: rush: Update to 1.8.
* gnu/packages/rush.scm (rush): Update to 1.8. [source]: Remove 'patches'. * gnu/packages/patches/cpio-gets-undeclared.patch, gnu/packages/patches/rush-CVE-2013-6889.patch: Remove. * gnu/local.mk (dist_patch_DATA): Adjust accordingly.
This commit is contained in:
parent
afb325d842
commit
a884fa2141
@ -476,7 +476,6 @@ dist_patch_DATA = \
|
||||
%D%/packages/patches/clang-3.8-libc-search-path.patch \
|
||||
%D%/packages/patches/clucene-pkgconfig.patch \
|
||||
%D%/packages/patches/cmake-fix-tests.patch \
|
||||
%D%/packages/patches/cpio-gets-undeclared.patch \
|
||||
%D%/packages/patches/cpio-CVE-2016-2037.patch \
|
||||
%D%/packages/patches/cpufrequtils-fix-aclocal.patch \
|
||||
%D%/packages/patches/cracklib-CVE-2016-6318.patch \
|
||||
@ -804,7 +803,6 @@ dist_patch_DATA = \
|
||||
%D%/packages/patches/ruby-rack-ignore-failing-test.patch \
|
||||
%D%/packages/patches/ruby-symlinkfix.patch \
|
||||
%D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\
|
||||
%D%/packages/patches/rush-CVE-2013-6889.patch \
|
||||
%D%/packages/patches/sed-hurd-path-max.patch \
|
||||
%D%/packages/patches/scheme48-tests.patch \
|
||||
%D%/packages/patches/scotch-test-threading.patch \
|
||||
|
@ -1,45 +0,0 @@
|
||||
This patch is needed to allow builds with newer versions of
|
||||
the GNU libc (2.16+).
|
||||
|
||||
The upstream fix was:
|
||||
|
||||
commit 66712c23388e93e5c518ebc8515140fa0c807348
|
||||
Author: Eric Blake <eblake@redhat.com>
|
||||
Date: Thu Mar 29 13:30:41 2012 -0600
|
||||
|
||||
stdio: don't assume gets any more
|
||||
|
||||
Gnulib intentionally does not have a gets module, and now that C11
|
||||
and glibc have dropped it, we should be more proactive about warning
|
||||
any user on a platform that still has a declaration of this dangerous
|
||||
interface.
|
||||
|
||||
* m4/stdio_h.m4 (gl_STDIO_H, gl_STDIO_H_DEFAULTS): Drop gets
|
||||
support.
|
||||
* modules/stdio (Makefile.am): Likewise.
|
||||
* lib/stdio-read.c (gets): Likewise.
|
||||
* tests/test-stdio-c++.cc: Likewise.
|
||||
* m4/warn-on-use.m4 (gl_WARN_ON_USE_PREPARE): Fix comment.
|
||||
* lib/stdio.in.h (gets): Make warning occur in more places.
|
||||
* doc/posix-functions/gets.texi (gets): Update documentation.
|
||||
Reported by Christer Solskogen.
|
||||
|
||||
Signed-off-by: Eric Blake <eblake@redhat.com>
|
||||
|
||||
This patch just gets rid of the offending part.
|
||||
|
||||
--- cpio-2.11/gnu/stdio.in.h-orig 2012-11-25 22:17:06.000000000 +0400
|
||||
+++ cpio-2.11/gnu/stdio.in.h 2012-11-25 22:18:36.000000000 +0400
|
||||
@@ -135,12 +135,6 @@
|
||||
"use gnulib module fflush for portable POSIX compliance");
|
||||
#endif
|
||||
|
||||
-/* It is very rare that the developer ever has full control of stdin,
|
||||
- so any use of gets warrants an unconditional warning. Assume it is
|
||||
- always declared, since it is required by C89. */
|
||||
-#undef gets
|
||||
-_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
|
||||
-
|
||||
#if @GNULIB_FOPEN@
|
||||
# if @REPLACE_FOPEN@
|
||||
# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
|
@ -1,23 +0,0 @@
|
||||
commit 00bdccd429517f12dbf37ab4397ddec3e51a2738
|
||||
Author: Mats Erik Andersson <gnu@gisladisker.se>
|
||||
Date: Mon Jan 20 13:33:52 2014 +0200
|
||||
|
||||
Protect against CVE-2013-6889 (tiny change).
|
||||
|
||||
Reset the effective user identification in testing mode.
|
||||
|
||||
diff --git a/src/rush.c b/src/rush.c
|
||||
index 45d737a..dc6518e 100644
|
||||
--- a/src/rush.c
|
||||
+++ b/src/rush.c
|
||||
@@ -980,6 +980,10 @@ main(int argc, char **argv)
|
||||
} else if (argc > optind)
|
||||
die(usage_error, NULL, _("invalid command line"));
|
||||
|
||||
+ /* Relinquish root privileges in test mode */
|
||||
+ if (lint_option)
|
||||
+ setuid(getuid());
|
||||
+
|
||||
if (test_user_name) {
|
||||
struct passwd *pw = getpwnam(test_user_name);
|
||||
if (!pw)
|
@ -26,18 +26,14 @@
|
||||
(define-public rush
|
||||
(package
|
||||
(name "rush")
|
||||
(version "1.7")
|
||||
(version "1.8")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append
|
||||
"mirror://gnu/rush/rush-"
|
||||
version
|
||||
".tar.gz"))
|
||||
(uri (string-append "mirror://gnu/rush/rush-"
|
||||
version ".tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"0fh0gbbp0iiq3wbkf503xb40r8ljk42vyj9bnlflbz82d6ipy1rm"))
|
||||
(patches (search-patches "cpio-gets-undeclared.patch"
|
||||
"rush-CVE-2013-6889.patch"))))
|
||||
"1vxdb81ify4xcyygh86250pi50krb16dkj42i5ii4ns3araiwckz"))))
|
||||
(build-system gnu-build-system)
|
||||
(home-page "http://www.gnu.org/software/rush/")
|
||||
(synopsis "Restricted user (login) shell")
|
||||
|
Loading…
Reference in New Issue
Block a user