[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/07: gnu: rush: Fix CVE-2013-6889.
From: |
Ludovic Courtès |
Subject: |
01/07: gnu: rush: Fix CVE-2013-6889. |
Date: |
Thu, 26 May 2016 21:59:02 +0000 (UTC) |
civodul pushed a commit to branch master
in repository guix.
commit 2ca55f939ca32f506a307a00f07eb2b027cfb812
Author: Ludovic Courtès <address@hidden>
Date: Thu May 26 22:51:12 2016 +0200
gnu: rush: Fix CVE-2013-6889.
* gnu/packages/patches/rush-CVE-2013-6889.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/rush.scm (rush): Use it.
---
gnu/local.mk | 1 +
gnu/packages/patches/rush-CVE-2013-6889.patch | 23 +++++++++++++++++++++++
gnu/packages/rush.scm | 5 +++--
3 files changed, 27 insertions(+), 2 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index 6f56039..f36389f 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -717,6 +717,7 @@ dist_patch_DATA =
\
%D%/packages/patches/ripperx-missing-file.patch \
%D%/packages/patches/rsem-makefile.patch \
%D%/packages/patches/ruby-symlinkfix.patch \
+ %D%/packages/patches/rush-CVE-2013-6889.patch \
%D%/packages/patches/sed-hurd-path-max.patch \
%D%/packages/patches/scheme48-tests.patch \
%D%/packages/patches/scotch-test-threading.patch \
diff --git a/gnu/packages/patches/rush-CVE-2013-6889.patch
b/gnu/packages/patches/rush-CVE-2013-6889.patch
new file mode 100644
index 0000000..862528a
--- /dev/null
+++ b/gnu/packages/patches/rush-CVE-2013-6889.patch
@@ -0,0 +1,23 @@
+commit 00bdccd429517f12dbf37ab4397ddec3e51a2738
+Author: Mats Erik Andersson <address@hidden>
+Date: Mon Jan 20 13:33:52 2014 +0200
+
+ Protect against CVE-2013-6889 (tiny change).
+
+ Reset the effective user identification in testing mode.
+
+diff --git a/src/rush.c b/src/rush.c
+index 45d737a..dc6518e 100644
+--- a/src/rush.c
++++ b/src/rush.c
+@@ -980,6 +980,10 @@ main(int argc, char **argv)
+ } else if (argc > optind)
+ die(usage_error, NULL, _("invalid command line"));
+
++ /* Relinquish root privileges in test mode */
++ if (lint_option)
++ setuid(getuid());
++
+ if (test_user_name) {
+ struct passwd *pw = getpwnam(test_user_name);
+ if (!pw)
diff --git a/gnu/packages/rush.scm b/gnu/packages/rush.scm
index 6926f68..cf9e49a 100644
--- a/gnu/packages/rush.scm
+++ b/gnu/packages/rush.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013 Ludovic Courtès <address@hidden>
+;;; Copyright © 2013, 2016 Ludovic Courtès <address@hidden>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -36,7 +36,8 @@
(sha256
(base32
"0fh0gbbp0iiq3wbkf503xb40r8ljk42vyj9bnlflbz82d6ipy1rm"))
- (patches (search-patches "cpio-gets-undeclared.patch"))))
+ (patches (search-patches "cpio-gets-undeclared.patch"
+ "rush-CVE-2013-6889.patch"))))
(build-system gnu-build-system)
(home-page "http://www.gnu.org/software/rush/")
(synopsis "Restricted user (login) shell")
- branch master updated (f01c461 -> de3bbf6), Ludovic Courtès, 2016/05/26
- 02/07: gnu: isc-dhcp: Specify CPE name., Ludovic Courtès, 2016/05/26
- 06/07: gnu: qemu: Use 'install-file' instead of 'copy-file'., Ludovic Courtès, 2016/05/26
- 07/07: gnu: qemu: Make tests more verbose., Ludovic Courtès, 2016/05/26
- 05/07: gnu: qemu: Use 'modify-phases'., Ludovic Courtès, 2016/05/26
- 03/07: cve: Include the 3 previous years of vulnerabilities., Ludovic Courtès, 2016/05/26
- 01/07: gnu: rush: Fix CVE-2013-6889.,
Ludovic Courtès <=
- 04/07: gnu: qemu: Disable parallel tests again., Ludovic Courtès, 2016/05/26