Fix CVE-2013-4342: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4342 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678 Patch copied from upstream source repository: https://github.com/xinetd-org/xinetd/commit/91e2401a219121eae15244a6b25d2e79c1af5864 From 91e2401a219121eae15244a6b25d2e79c1af5864 Mon Sep 17 00:00:00 2001 From: Thomas Swan Date: Wed, 2 Oct 2013 23:17:17 -0500 Subject: [PATCH] CVE-2013-4342: xinetd: ignores user and group directives for TCPMUX services Originally reported to Debian in 2005 and rediscovered , xinetd would execute TCPMUX services without dropping privilege to match the service configuration allowing the service to run with same privilege as the xinetd process (root). --- xinetd/builtins.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xinetd/builtins.c b/xinetd/builtins.c index 3b85579..34a5bac 100644 --- a/xinetd/builtins.c +++ b/xinetd/builtins.c @@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp ) if( SC_IS_INTERNAL( scp ) ) { SC_INTERNAL(scp, nserp); } else { - exec_server(nserp); + child_process(nserp); } } -- 2.7.4 nt> Merge remote-tracking branch 'origin/master' into core-updates 2023-03-20T17:49:06Z Andreas Enge andreas@enge.fr 2023-03-20T17:21:47Z urn:sha1:ccb62d8feb50e2859d7c41429a9e3d9e0fe30bfe guix: Strip #:use-module lists. 2023-03-13T14:08:33Z Ludovic Courtès ludo@gnu.org 2023-03-08T21:51:17Z urn:sha1:ae587c2ef041413bc709a555261db752068ea360 This was obtained by setting up this environment: guix shell -D guix --with-input=guile@3.0.9=guile-next \ --with-commit=guile-next=e2ed33ef0445c867fe56c247054aa67e834861f2 -- make -j5 then adding 'unused-module' to (@@ (guix build compiler) %warnings), building, and checking all the "unused module" warnings and removing those that were definitely unused. build-system: Fix uses of #:strip-flags and #:strip-directories. 2022-10-09T16:53:32Z Maxime Devos maximedevos@telenet.be 2022-10-09T09:39:16Z urn:sha1:77759234a3c436816297dd1e989704e37489a129 This fixes a bug introduced in ccc2658e2a111590ec25e308946e47a24d357785, reported at <https://issues.guix.gnu.org/issue/58384>. Tested with "./pre-inst-env guix build openjpeg-data". Fixes: https://issues.guix.gnu.org/issue/58384 * guix/build-system/copy.scm (copy-build): 'strip-flags' and '#:strip-directories' are G-exps, not S-exps, so don't use sexp->gexp. * guix/build-system/cmake.scm (copy-build): Likewise. * guix/build-system/glib-or-gtk.scm (glib-or-gtk-build,glib-or-gtk-cross-build): Likewise. * guix/build-system/maven.scm (maven-build): Likewise. * guix/build-system/meson.scm (meson-build,meson-cross-build): Likewise. Signed-off-by: Ludovic Courtès <ludo@gnu.org> build-system: Factorize 'strip' flags and directories. 2022-10-08T12:49:56Z Ludovic Courtès ludo@gnu.org 2022-10-08T12:43:07Z urn:sha1:ccc2658e2a111590ec25e308946e47a24d357785 Previously only 'gnu-build-system' would default to "--strip-unneeded", since commit e0f31baacc6ad30096a332b69433c85f5830bb2c; most other build systems would default to "--strip-debug". This change brings consistency. * guix/build-system/gnu.scm (%strip-flags, %strip-directories): Export. * guix/build-system/cmake.scm (cmake-build, cmake-cross-build): Use them. * guix/build-system/copy.scm (copy-build): Likewise. * guix/build-system/dune.scm (dune-build): Likewise. * guix/build-system/glib-or-gtk.scm (glib-or-gtk-build) (glib-or-gtk-cross-build): Likewise. * guix/build-system/maven.scm (maven-build): Likewise. * guix/build-system/meson.scm (meson-build, meson-cross-build): Likewise. * guix/build-system/ocaml.scm (ocaml-build): Likewise. * guix/build-system/qt.scm (qt-build, qt-cross-build): Likewise.