diff options
-rw-r--r-- | gnu/local.mk | 2 | ||||
-rw-r--r-- | gnu/packages/patches/cpio-gets-undeclared.patch | 45 | ||||
-rw-r--r-- | gnu/packages/patches/rush-CVE-2013-6889.patch | 23 | ||||
-rw-r--r-- | gnu/packages/rush.scm | 12 |
4 files changed, 4 insertions, 78 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 42b95a881e..66d6bcb21c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -476,7 +476,6 @@ dist_patch_DATA = \ %D%/packages/patches/clang-3.8-libc-search-path.patch \ %D%/packages/patches/clucene-pkgconfig.patch \ %D%/packages/patches/cmake-fix-tests.patch \ - %D%/packages/patches/cpio-gets-undeclared.patch \ %D%/packages/patches/cpio-CVE-2016-2037.patch \ %D%/packages/patches/cpufrequtils-fix-aclocal.patch \ %D%/packages/patches/cracklib-CVE-2016-6318.patch \ @@ -804,7 +803,6 @@ dist_patch_DATA = \ %D%/packages/patches/ruby-rack-ignore-failing-test.patch \ %D%/packages/patches/ruby-symlinkfix.patch \ %D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\ - %D%/packages/patches/rush-CVE-2013-6889.patch \ %D%/packages/patches/sed-hurd-path-max.patch \ %D%/packages/patches/scheme48-tests.patch \ %D%/packages/patches/scotch-test-threading.patch \ diff --git a/gnu/packages/patches/cpio-gets-undeclared.patch b/gnu/packages/patches/cpio-gets-undeclared.patch deleted file mode 100644 index bc34de6455..0000000000 --- a/gnu/packages/patches/cpio-gets-undeclared.patch +++ /dev/null @@ -1,45 +0,0 @@ -This patch is needed to allow builds with newer versions of -the GNU libc (2.16+). - -The upstream fix was: - - commit 66712c23388e93e5c518ebc8515140fa0c807348 - Author: Eric Blake <eblake@redhat.com> - Date: Thu Mar 29 13:30:41 2012 -0600 - - stdio: don't assume gets any more - - Gnulib intentionally does not have a gets module, and now that C11 - and glibc have dropped it, we should be more proactive about warning - any user on a platform that still has a declaration of this dangerous - interface. - - * m4/stdio_h.m4 (gl_STDIO_H, gl_STDIO_H_DEFAULTS): Drop gets - support. - * modules/stdio (Makefile.am): Likewise. - * lib/stdio-read.c (gets): Likewise. - * tests/test-stdio-c++.cc: Likewise. - * m4/warn-on-use.m4 (gl_WARN_ON_USE_PREPARE): Fix comment. - * lib/stdio.in.h (gets): Make warning occur in more places. - * doc/posix-functions/gets.texi (gets): Update documentation. - Reported by Christer Solskogen. - - Signed-off-by: Eric Blake <eblake@redhat.com> - -This patch just gets rid of the offending part. - ---- cpio-2.11/gnu/stdio.in.h-orig 2012-11-25 22:17:06.000000000 +0400 -+++ cpio-2.11/gnu/stdio.in.h 2012-11-25 22:18:36.000000000 +0400 -@@ -135,12 +135,6 @@ - "use gnulib module fflush for portable POSIX compliance"); - #endif - --/* It is very rare that the developer ever has full control of stdin, -- so any use of gets warrants an unconditional warning. Assume it is -- always declared, since it is required by C89. */ --#undef gets --_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead"); -- - #if @GNULIB_FOPEN@ - # if @REPLACE_FOPEN@ - # if !(defined __cplusplus && defined GNULIB_NAMESPACE) diff --git a/gnu/packages/patches/rush-CVE-2013-6889.patch b/gnu/packages/patches/rush-CVE-2013-6889.patch deleted file mode 100644 index 862528a12c..0000000000 --- a/gnu/packages/patches/rush-CVE-2013-6889.patch +++ /dev/null @@ -1,23 +0,0 @@ -commit 00bdccd429517f12dbf37ab4397ddec3e51a2738 -Author: Mats Erik Andersson <gnu@gisladisker.se> -Date: Mon Jan 20 13:33:52 2014 +0200 - - Protect against CVE-2013-6889 (tiny change). - - Reset the effective user identification in testing mode. - -diff --git a/src/rush.c b/src/rush.c -index 45d737a..dc6518e 100644 ---- a/src/rush.c -+++ b/src/rush.c -@@ -980,6 +980,10 @@ main(int argc, char **argv) - } else if (argc > optind) - die(usage_error, NULL, _("invalid command line")); - -+ /* Relinquish root privileges in test mode */ -+ if (lint_option) -+ setuid(getuid()); -+ - if (test_user_name) { - struct passwd *pw = getpwnam(test_user_name); - if (!pw) diff --git a/gnu/packages/rush.scm b/gnu/packages/rush.scm index cf9e49a7e3..36a8f2069b 100644 --- a/gnu/packages/rush.scm +++ b/gnu/packages/rush.scm @@ -26,18 +26,14 @@ (define-public rush (package (name "rush") - (version "1.7") + (version "1.8") (source (origin (method url-fetch) - (uri (string-append - "mirror://gnu/rush/rush-" - version - ".tar.gz")) + (uri (string-append "mirror://gnu/rush/rush-" + version ".tar.gz")) (sha256 (base32 - "0fh0gbbp0iiq3wbkf503xb40r8ljk42vyj9bnlflbz82d6ipy1rm")) - (patches (search-patches "cpio-gets-undeclared.patch" - "rush-CVE-2013-6889.patch")))) + "1vxdb81ify4xcyygh86250pi50krb16dkj42i5ii4ns3araiwckz")))) (build-system gnu-build-system) (home-page "http://www.gnu.org/software/rush/") (synopsis "Restricted user (login) shell") |