From 1c1b67a3c91cd46241dee9c556d326e11b1d9ce2 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Mon, 19 Dec 2016 01:05:52 +0100 Subject: gnu: thefuck: Correct inputs and disable tests. * gnu/packages/admin.scm (thefuck)[arguments]: Set #:tests? #f. [inputs]: Move everything to ... [propagated-inputs]: ... here. Remove duplicate [inputs] and python-setuptools. [native-inputs]: Add python-pytest, python-pytest-mock and python-mock. --- gnu/packages/admin.scm | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) (limited to 'gnu/packages/admin.scm') diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 69c04dc139..6e913d2cd0 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -1697,15 +1697,26 @@ throughput (in the same interval).") (base32 "04q2cn8c83f6z6wn1scla1ilrpi5ssjc64987hvmwfvwvb82bvkp")))) (build-system python-build-system) - (inputs + (arguments + '(#:tests? #f)) + ;; FIXME: 10 test failures. Some require newer pytest (> 2.9.2). + ;; Others need more work. Un-comment the below to run the tests. + ;; #:phases + ;; (modify-phases %standard-phases + ;; (replace 'check + ;; (lambda _ + ;; ;; Some tests need write access to $HOME. + ;; (setenv "HOME" "/tmp") + ;; (zero? (system* "py.test" "-v"))))))) + (propagated-inputs `(("python-colorama" ,python-colorama) ("python-decorator" ,python-decorator) ("python-psutil" ,python-psutil) ("python-six" ,python-six))) - (inputs - ;; Requires setuptools >= 17.1 due to some features used, while our - ;; python currently only includes 12.0. TODO: Remove this input. - `(("python-setuptools" ,python-setuptools))) + (native-inputs + `(("python-mock" ,python-mock) + ("python-pytest" ,python-pytest) + ("python-pytest-mock" ,python-pytest-mock))) (home-page "https://github.com/nvbn/thefuck") (synopsis "Correct mistyped console command") (description -- cgit v1.2.3 From 1c851cbe0c562894bd38c0f9f39d12be306b3e59 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Thu, 23 Feb 2017 14:35:00 -0500 Subject: gnu: shadow: Fix CVE-2017-2616. * gnu/packages/patches/shadow-CVE-2017-2616.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/admin.scm (shadow): Use it. --- gnu/local.mk | 1 + gnu/packages/admin.scm | 3 +- gnu/packages/patches/shadow-CVE-2017-2616.patch | 72 +++++++++++++++++++++++++ 3 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/shadow-CVE-2017-2616.patch (limited to 'gnu/packages/admin.scm') diff --git a/gnu/local.mk b/gnu/local.mk index ca415ec48f..2954549759 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -901,6 +901,7 @@ dist_patch_DATA = \ %D%/packages/patches/serf-comment-style-fix.patch \ %D%/packages/patches/serf-deflate-buckets-test-fix.patch \ %D%/packages/patches/shadow-4.4-su-snprintf-fix.patch \ + %D%/packages/patches/shadow-CVE-2017-2616.patch \ %D%/packages/patches/slim-session.patch \ %D%/packages/patches/slim-config.patch \ %D%/packages/patches/slim-sigusr1.patch \ diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index b2207a1205..d9c7ba3b73 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -276,7 +276,8 @@ client and server, a telnet client and server, and an rsh client and server.") (uri (string-append "https://github.com/shadow-maint/shadow/releases/" "download/" version "/shadow-" version ".tar.xz")) - (patches (search-patches "shadow-4.4-su-snprintf-fix.patch")) + (patches (search-patches "shadow-4.4-su-snprintf-fix.patch" + "shadow-CVE-2017-2616.patch")) (sha256 (base32 "0g7hf55ar2pafg5g3ldx0fwzjk36wf4xb21p4ndanbjm3c2a9ab1")))) diff --git a/gnu/packages/patches/shadow-CVE-2017-2616.patch b/gnu/packages/patches/shadow-CVE-2017-2616.patch new file mode 100644 index 0000000000..f88aac40bc --- /dev/null +++ b/gnu/packages/patches/shadow-CVE-2017-2616.patch @@ -0,0 +1,72 @@ +Fix CVE-2017-2616: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616 +http://seclists.org/oss-sec/2017/q1/490 +http://seclists.org/oss-sec/2017/q1/474 + +Patch copied from upstream source repository: + +https://github.com/shadow-maint/shadow/commit/08fd4b69e84364677a10e519ccb25b71710ee686 + +From 08fd4b69e84364677a10e519ccb25b71710ee686 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann +Date: Thu, 23 Feb 2017 09:47:29 -0600 +Subject: [PATCH] su: properly clear child PID + +If su is compiled with PAM support, it is possible for any local user +to send SIGKILL to other processes with root privileges. There are +only two conditions. First, the user must be able to perform su with +a successful login. This does NOT have to be the root user, even using +su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL +can only be sent to processes which were executed after the su process. +It is not possible to send SIGKILL to processes which were already +running. I consider this as a security vulnerability, because I was +able to write a proof of concept which unlocked a screen saver of +another user this way. +--- + src/su.c | 19 +++++++++++++++++-- + 1 file changed, 17 insertions(+), 2 deletions(-) + +diff --git a/src/su.c b/src/su.c +index f20d230..d86aa86 100644 +--- a/src/su.c ++++ b/src/su.c +@@ -379,11 +379,13 @@ static void prepare_pam_close_session (void) + /* wake child when resumed */ + kill (pid, SIGCONT); + stop = false; ++ } else { ++ pid_child = 0; + } + } while (!stop); + } + +- if (0 != caught) { ++ if (0 != caught && 0 != pid_child) { + (void) fputs ("\n", stderr); + (void) fputs (_("Session terminated, terminating shell..."), + stderr); +@@ -393,9 +395,22 @@ static void prepare_pam_close_session (void) + snprintf (wait_msg, sizeof wait_msg, _(" ...waiting for child to terminate.\n")); + + (void) signal (SIGALRM, kill_child); ++ (void) signal (SIGCHLD, catch_signals); + (void) alarm (2); + +- (void) wait (&status); ++ sigemptyset (&ourset); ++ if ((sigaddset (&ourset, SIGALRM) != 0) ++ || (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) { ++ fprintf (stderr, _("%s: signal masking malfunction\n"), Prog); ++ kill_child (0); ++ } else { ++ while (0 == waitpid (pid_child, &status, WNOHANG)) { ++ sigsuspend (&ourset); ++ } ++ pid_child = 0; ++ (void) sigprocmask (SIG_UNBLOCK, &ourset, NULL); ++ } ++ + (void) fputs (_(" ...terminated.\n"), stderr); + } + -- cgit v1.2.3 From 63f5d53cf148b1d506fb55d64d69059ddd307c71 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Thu, 2 Mar 2017 00:30:00 +0100 Subject: gnu: di: Update to 4.43. * gnu/packages/admin.scm (di): Update to 4.43. --- gnu/packages/admin.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/admin.scm') diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index d9c7ba3b73..6bded60c11 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -1718,13 +1718,13 @@ a new command using the matched rule, and runs it.") (define-public di (package (name "di") - (version "4.42") + (version "4.43") (source (origin (method url-fetch) (uri (string-append "https://gentoo.com/di/di-" version ".tar.gz")) (sha256 - (base32 "1i6m9zdnidn8268q1lz9fd8payk7s4pgwh5zlam9rr4dy6h6a67n")))) + (base32 "1q25jy51qfzsym9b2w0cqzscq2j492gn60dy6gbp88m8nwm4sdy8")))) (build-system gnu-build-system) (arguments `(#:tests? #f ; Obscure test failures. -- cgit v1.2.3 From 1a01551a9b35830a9980abec76ca7cd0c5663aa4 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Thu, 2 Mar 2017 05:46:42 +0100 Subject: gnu: cbatticon: Update to 1.6.5. * gnu/packages/admin.scm (cbatticon): Update to 1.6.5. --- gnu/packages/admin.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/admin.scm') diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 6bded60c11..17d726b7ac 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -1749,14 +1749,14 @@ highly portable. Great for heterogenous networks.") (define-public cbatticon (package (name "cbatticon") - (version "1.6.4") + (version "1.6.5") (source (origin (method url-fetch) (uri (string-append "https://github.com/valr/" name "/archive/" version ".tar.gz")) (sha256 (base32 - "023fvsa4q7rl98rqgwrb1shyzaybdkkbyz5sywd0s5p7ixkksxqx")) + "0xzz1faqgm57bwlkw6sjdfbckf5hck81879zbfk18p7xn9vhvixv")) (file-name (string-append name "-" version ".tar.gz")))) (build-system gnu-build-system) (arguments -- cgit v1.2.3 From 6f5d28f9d05aaa9743b3aac6bceb2c6323122d2d Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Wed, 22 Feb 2017 09:03:25 -0800 Subject: gnu: inetutils: Enable tests. * gnu/packages/admin.scm (inetutils)[arguments]: Remove '#:tests? #f' and #:configure-flags. [native-inputs]: Add net-tools. Signed-off-by: Leo Famulari --- gnu/packages/admin.scm | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) (limited to 'gnu/packages/admin.scm') diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index d2001d4e2c..a7f97f6893 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -253,13 +253,9 @@ re-executing them as necessary.") (base32 "05n65k4ixl85dc6rxc51b1b732gnmm8xnqi424dy9f1nz7ppb3xy")))) (build-system gnu-build-system) - (arguments `(#:configure-flags '("--localstatedir=/var") - - ;; FIXME: `tftp.sh' relies on `netstat' from utils-linux, - ;; which is currently missing. - #:tests? #f)) (inputs `(("ncurses" ,ncurses) - ("readline" ,readline))) ; for 'ftp' + ("readline" ,readline))) ;for 'ftp' + (native-inputs `(("netstat" ,net-tools))) ;for tests (home-page "http://www.gnu.org/software/inetutils/") (synopsis "Basic networking utilities") (description -- cgit v1.2.3 From 483188b76efcda27865a9d5082c99d91b9bde35b Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Thu, 9 Mar 2017 02:05:07 -0500 Subject: gnu: inetutils: Set the $localstatedir. This is a followup to commit 6f5d28f9d05aaa9743b3aac6bceb2c6323122d2d. * gnu/packages/admin.scm (inetutils)[arguments]: Pass '--localstatedir=/var' to #:configure-flags. --- gnu/packages/admin.scm | 2 ++ 1 file changed, 2 insertions(+) (limited to 'gnu/packages/admin.scm') diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index a7f97f6893..e7364f6e53 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -253,6 +253,8 @@ re-executing them as necessary.") (base32 "05n65k4ixl85dc6rxc51b1b732gnmm8xnqi424dy9f1nz7ppb3xy")))) (build-system gnu-build-system) + (arguments + '(#:configure-flags '("--localstatedir=/var"))) (inputs `(("ncurses" ,ncurses) ("readline" ,readline))) ;for 'ftp' (native-inputs `(("netstat" ,net-tools))) ;for tests -- cgit v1.2.3