;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2014 Ludovic Courtès ;;; Copyright © 2015 Mark H Weaver ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see . (define-module (gnu packages libunwind) #:use-module (guix packages) #:use-module (gnu packages) #:use-module (guix download) #:use-module (guix build-system gnu) #:use-module (guix licenses)) (define-public libunwind (package (name "libunwind") (version "1.1") (source (origin (method url-fetch) (uri (string-append "mirror://savannah/libunwind/libunwind-" version ".tar.gz")) (sha256 (base32 "16nhx2pahh9d62mvszc88q226q5lwjankij276fxwrm8wb50zzlx")) (patches (list (search-patch "libunwind-CVE-2015-3239.patch"))))) (build-system gnu-build-system) (arguments ;; FIXME: As of glibc 2.17, we get 3 out of 34 test failures. ;; Report them upstream. '(#:tests? #f)) (home-page "http://www.nongnu.org/libunwind") (synopsis "Determining the call chain of a program") (description "The primary goal of this project is to define a portable and efficient C programming interface (API) to determine the call-chain of a program. The API additionally provides the means to manipulate the preserved (callee-saved) state of each call-frame and to resume execution at any point in the call-chain (non-local goto). The API supports both local (same-process) and remote (across-process) operation. As such, the API is useful in a number of applications.") (license x11))) 41c01bd90'>build/activation.scm
AgeCommit message (Expand)Author
2021-03-10services: Prevent following symlinks during activation....This addresses a potential security issue, where a compromised service could trick the activation code in changing the permissions, owner and group of arbitrary files. However, this patch is currently only a partial fix, due to a TOCTTOU (time-of-check to time-of-use) race, which can be fixed once guile has bindings to openat and friends. Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html> * gnu/build/activation.scm: new procedure 'mkdir-p/perms'. * gnu/services/authentication.scm (%nslcd-activation, nslcd-service-type): use new procedure. * gnu/services/cups.scm (%cups-activation): likewise. * gnu/services/dbus.scm (dbus-activation): likewise. * gnu/services/dns.scm (knot-activation): likewise. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Maxime Devos
2021-02-09activation: Do not make setuid programs setgid-root [security]....Fixes <https://bugs.gnu.org/46395>. Reported by Duncan Overbruck <mail@duncano.de>. * gnu/build/activation.scm (activate-setuid-programs): Change TARGET mode to not be setgid. Ludovic Courtès
2020-06-09activation: Fix function call for system activation...* gnu/build/activation.scm (boot-time-system): Evaluate the linux-command-line thunk for linux systems to boot Signed-off-by: Ludovic Courtès <ludo@gnu.org> Royce Strange
2020-06-08system: Support activation service for the Hurd....* gnu/build/activation.scm (boot-time-system): Use "command-line" for the Hurd. * gnu/system.scm (hurd-default-essential-services): Add %boot-service and %activation-service. Jan (janneke) Nieuwenhuizen