diff options
author | Domen Kožar <domen@dev.si> | 2015-05-11 10:05:23 +0200 |
---|---|---|
committer | Domen Kožar <domen@dev.si> | 2015-05-11 10:05:23 +0200 |
commit | bb4d658f646df61285d5b05ce0b407b7795f9045 (patch) | |
tree | db55b600f0bbb1136f22dad0a34041a49fdd37ca /pkgs/os-specific | |
parent | b7f15c43da7822f0def11b0cf1afbf4f45707204 (diff) | |
parent | c3bdabca737c50b13b9db71476fdf1dc7e853b5b (diff) | |
download | nixpkgs-bb4d658f646df61285d5b05ce0b407b7795f9045.tar nixpkgs-bb4d658f646df61285d5b05ce0b407b7795f9045.tar.gz nixpkgs-bb4d658f646df61285d5b05ce0b407b7795f9045.tar.bz2 nixpkgs-bb4d658f646df61285d5b05ce0b407b7795f9045.tar.lz nixpkgs-bb4d658f646df61285d5b05ce0b407b7795f9045.tar.xz nixpkgs-bb4d658f646df61285d5b05ce0b407b7795f9045.tar.zst nixpkgs-bb4d658f646df61285d5b05ce0b407b7795f9045.zip |
Merge branch 'master' into staging
Conflicts: nixos/doc/manual/release-notes/rl-unstable.xml nixos/modules/services/printing/cupsd.nix pkgs/applications/misc/calibre/default.nix pkgs/development/haskell-modules/hackage-packages.nix pkgs/development/libraries/libsodium/default.nix pkgs/misc/emulators/wine/unstable.nix pkgs/top-level/all-packages.nix
Diffstat (limited to 'pkgs/os-specific')
-rw-r--r-- | pkgs/os-specific/linux/edac-utils/default.nix | 40 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/patches.nix | 8 | ||||
-rw-r--r-- | pkgs/os-specific/linux/pam/CVE-2014-2583.patch | 49 | ||||
-rw-r--r-- | pkgs/os-specific/linux/pam/default.nix | 9 |
4 files changed, 48 insertions, 58 deletions
diff --git a/pkgs/os-specific/linux/edac-utils/default.nix b/pkgs/os-specific/linux/edac-utils/default.nix new file mode 100644 index 00000000000..0a2f38ffd8a --- /dev/null +++ b/pkgs/os-specific/linux/edac-utils/default.nix @@ -0,0 +1,40 @@ +{ stdenv, fetchFromGitHub, perl, makeWrapper +, sysfsutils, dmidecode, kmod }: + +stdenv.mkDerivation { + name = "edac-utils-2015-01-07"; + + src = fetchFromGitHub { + owner = "grondo"; + repo = "edac-utils"; + rev = "f9aa96205f610de39a79ff43c7478b7ef02e3138"; + sha256 = "1dmfqb15ffldl5zirbmwiqzpxbcc2ny9rpfvxcfvpmh5b69knvdg"; + }; + + nativeBuildInputs = [ perl makeWrapper ]; + buildInputs = [ sysfsutils ]; + + configureFlags = [ + "--sysconfdir=/etc" + "--localstatedir=/var" + ]; + + installFlags = [ + "sysconfdir=\${out}/etc" + ]; + + postInstall = '' + wrapProgram "$out/sbin/edac-ctl" \ + --set PATH : "" \ + --prefix PATH : "${dmidecode}/bin" \ + --prefix PATH : "${kmod}/bin" + ''; + + meta = with stdenv.lib; { + homepage = http://github.com/grondo/edac-utils; + description = "handles the reporting of hardware-related memory errors."; + license = licenses.gpl2; + platforms = platforms.linux; + maintainers = with maintainers; [ wkennington ]; + }; +} diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index 628dda0ac4b..4e5facc4483 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -66,16 +66,16 @@ rec { grsecurity_stable = grsecPatch { kversion = "3.14.41"; - revision = "201505072056"; + revision = "201505101121"; branch = "stable"; - sha256 = "1fgi63y61mjmxj0mq2a24lwq0i0186kyvcdsjflw48adwjm6v0kg"; + sha256 = "1jiwc6qvimccmlm62sfp2ch173h7ki1h11facywpnb4wms7izk6g"; }; grsecurity_unstable = grsecPatch { kversion = "4.0.2"; - revision = "201505072057"; + revision = "201505101122"; branch = "test"; - sha256 = "0njvgd6n9z35hyxnligb8aq9shxzbwrkrdvpbxc0qxmwya0midv2"; + sha256 = "14fi31xwlgirbwk7f1xh8vanjxk8b473rz7z38savl4nx2wr5r24"; }; grsec_fix_path = diff --git a/pkgs/os-specific/linux/pam/CVE-2014-2583.patch b/pkgs/os-specific/linux/pam/CVE-2014-2583.patch deleted file mode 100644 index 25b1f7549fa..00000000000 --- a/pkgs/os-specific/linux/pam/CVE-2014-2583.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 9dcead87e6d7f66d34e7a56d11a30daca367dffb Mon Sep 17 00:00:00 2001 -From: "Dmitry V. Levin" <ldv@altlinux.org> -Date: Wed, 26 Mar 2014 22:17:23 +0000 -Subject: pam_timestamp: fix potential directory traversal issue (ticket #27) - -pam_timestamp uses values of PAM_RUSER and PAM_TTY as components of -the timestamp pathname it creates, so extra care should be taken to -avoid potential directory traversal issues. - -* modules/pam_timestamp/pam_timestamp.c (check_tty): Treat -"." and ".." tty values as invalid. -(get_ruser): Treat "." and ".." ruser values, as well as any ruser -value containing '/', as invalid. - -Fixes CVE-2014-2583. - -Reported-by: Sebastian Krahmer <krahmer@suse.de> - -diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c -index 5193733..b3f08b1 100644 ---- a/modules/pam_timestamp/pam_timestamp.c -+++ b/modules/pam_timestamp/pam_timestamp.c -@@ -158,7 +158,7 @@ check_tty(const char *tty) - tty = strrchr(tty, '/') + 1; - } - /* Make sure the tty wasn't actually a directory (no basename). */ -- if (strlen(tty) == 0) { -+ if (!strlen(tty) || !strcmp(tty, ".") || !strcmp(tty, "..")) { - return NULL; - } - return tty; -@@ -243,6 +243,17 @@ get_ruser(pam_handle_t *pamh, char *ruserbuf, size_t ruserbuflen) - if (pwd != NULL) { - ruser = pwd->pw_name; - } -+ } else { -+ /* -+ * This ruser is used by format_timestamp_name as a component -+ * of constructed timestamp pathname, so ".", "..", and '/' -+ * are disallowed to avoid potential path traversal issues. -+ */ -+ if (!strcmp(ruser, ".") || -+ !strcmp(ruser, "..") || -+ strchr(ruser, '/')) { -+ ruser = NULL; -+ } - } - if (ruser == NULL || strlen(ruser) >= ruserbuflen) { - *ruserbuf = '\0'; diff --git a/pkgs/os-specific/linux/pam/default.nix b/pkgs/os-specific/linux/pam/default.nix index 43b8204f50c..29cfa64b22d 100644 --- a/pkgs/os-specific/linux/pam/default.nix +++ b/pkgs/os-specific/linux/pam/default.nix @@ -1,15 +1,14 @@ { stdenv, fetchurl, flex, cracklib }: stdenv.mkDerivation rec { - name = "linux-pam-1.1.8"; + name = "linux-pam-${version}"; + version = "1.2.0"; src = fetchurl { - url = http://www.linux-pam.org/library/Linux-PAM-1.1.8.tar.bz2; - sha256 = "0m8ygb40l1c13nsd4hkj1yh4p1ldawhhg8pyjqj9w5kd4cxg5cf4"; + url = "http://www.linux-pam.org/library/Linux-PAM-${version}.tar.bz2"; + sha256 = "192y2fgf24a5qsg7rl1mzgw5axs5lg8kqamkfff2x50yjv2ym2yd"; }; - patches = [ ./CVE-2014-2583.patch ]; - nativeBuildInputs = [ flex ]; buildInputs = [ cracklib ]; |