summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--gnu/local.mk2
-rw-r--r--gnu/packages/patches/xinetd-CVE-2013-4342.patch36
-rw-r--r--gnu/packages/patches/xinetd-fix-fd-leak.patch26
-rw-r--r--gnu/packages/web.scm20
4 files changed, 11 insertions, 73 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index a49c9109ab..88b0f98aa0 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1466,8 +1466,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/xf86-video-voodoo-pcitag.patch		\
   %D%/packages/patches/xfce4-panel-plugins.patch		\
   %D%/packages/patches/xfce4-settings-defaults.patch		\
-  %D%/packages/patches/xinetd-fix-fd-leak.patch			\
-  %D%/packages/patches/xinetd-CVE-2013-4342.patch		\
   %D%/packages/patches/xsane-fix-memory-leak.patch		\
   %D%/packages/patches/xsane-fix-pdf-floats.patch		\
   %D%/packages/patches/xsane-fix-snprintf-buffer-length.patch	\
diff --git a/gnu/packages/patches/xinetd-CVE-2013-4342.patch b/gnu/packages/patches/xinetd-CVE-2013-4342.patch
deleted file mode 100644
index ad57bc7b0e..0000000000
--- a/gnu/packages/patches/xinetd-CVE-2013-4342.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Fix CVE-2013-4342:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4342
-https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678
-
-Patch copied from upstream source repository:
-
-https://github.com/xinetd-org/xinetd/commit/91e2401a219121eae15244a6b25d2e79c1af5864
-
-From 91e2401a219121eae15244a6b25d2e79c1af5864 Mon Sep 17 00:00:00 2001
-From: Thomas Swan <thomas.swan@gmail.com>
-Date: Wed, 2 Oct 2013 23:17:17 -0500
-Subject: [PATCH] CVE-2013-4342: xinetd: ignores user and group directives for
- TCPMUX services
-
-Originally reported to Debian in 2005 <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678> and rediscovered <https://bugzilla.redhat.com/show_bug.cgi?id=1006100>, xinetd would execute TCPMUX services without dropping privilege to match the service configuration allowing the service to run with same privilege as the xinetd process (root).
----
- xinetd/builtins.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/xinetd/builtins.c b/xinetd/builtins.c
-index 3b85579..34a5bac 100644
---- a/xinetd/builtins.c
-+++ b/xinetd/builtins.c
-@@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp )
-    if( SC_IS_INTERNAL( scp ) ) {
-       SC_INTERNAL(scp, nserp);
-    } else {
--      exec_server(nserp);
-+      child_process(nserp);
-    }
- }
- 
--- 
-2.7.4
-
diff --git a/gnu/packages/patches/xinetd-fix-fd-leak.patch b/gnu/packages/patches/xinetd-fix-fd-leak.patch
deleted file mode 100644
index 77e4600185..0000000000
--- a/gnu/packages/patches/xinetd-fix-fd-leak.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Fix a file descriptor leak:
-
-https://github.com/xinetd-org/xinetd/issues/23
-
-Patch copied from Debian:
-
-https://anonscm.debian.org/cgit/collab-maint/xinetd.git/tree/debian/patches/000012-fix_fd_leak
-
-Patch sent upstream at https://github.com/xinetd-org/xinetd/pull/26.
-
-diff --git a/xinetd/xgetloadavg.c b/xinetd/xgetloadavg.c
-index 5a26214..fe0f872 100644
---- a/xinetd/xgetloadavg.c
-+++ b/xinetd/xgetloadavg.c
-@@ -34,7 +34,7 @@ double xgetloadavg(void)
- 
-    if( fscanf(fd, "%lf", &ret) != 1 ) {
-       perror("fscanf");
--      return -1;
-+      ret = -1;
-    }
- 
-    fclose(fd);
--- 
-2.7.4
-
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index e2ca9de9e4..31eff55d39 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -5329,25 +5329,27 @@ additional capabilities.")
 (define-public xinetd
   (package
     (name "xinetd")
-    (version "2.3.15")
+    ;; This is the maintenance fork currently used by openSUSE and Debian.
+    (version "2.3.15.4")
     (source
      (origin
        (method git-fetch)
        (uri (git-reference
-             (url "https://github.com/xinetd-org/xinetd.git")
-             (commit (string-append "xinetd-"
-                                    (string-join (string-split version #\.)
-                                                 "-")))))
+             (url "https://github.com/openSUSE/xinetd.git")
+             (commit version)))
        (file-name (git-file-name name version))
-       (patches (search-patches "xinetd-CVE-2013-4342.patch"
-                                "xinetd-fix-fd-leak.patch"))
        (sha256
-        (base32 "0wjai6qagcgxpa1khh639ih7kswgkryc7ll1i4hxhs29sc7irdcn"))))
+        (base32 "0lrp3lcj6azhjplwxws2rx40bkyp6i6bp7n77ndcisb7ninad30q"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags '("--with-loadavg")
        #:tests? #f))                    ; no tests
-    (home-page "https://github.com/xinetd-org/xinetd")
+    (native-inputs
+     `(("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("libtool" ,libtool)
+       ("pkg-config" ,pkg-config)))
+    (home-page "https://github.com/openSUSE/xinetd")
     (synopsis "Internet services daemon")
     (description "@code{xinetd}, a more secure replacement for @code{inetd},
 listens for incoming requests over a network and launches the appropriate
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-20 13:59:27 +0000