unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* [PATCH] gnu: linux-pam: Update to 1.3.0.
@ 2016-08-26 19:59 David Craven
  2016-08-26 20:04 ` David Craven
  2016-08-28 20:14 ` Ludovic Courtès
  0 siblings, 2 replies; 4+ messages in thread
From: David Craven @ 2016-08-26 19:59 UTC (permalink / raw)
  To: guix-devel

* gnu/packages/linux.scm (linux-pam): Update it.
---
 gnu/packages/linux.scm | 22 +++++++++-------------
 1 file changed, 9 insertions(+), 13 deletions(-)

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 81a792f..8b9689e 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -55,6 +55,7 @@
   #:use-module (gnu packages libusb)
   #:use-module (gnu packages maths)
   #:use-module (gnu packages ncurses)
+  #:use-module (gnu packages password-utils)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pciutils)
   #:use-module (gnu packages pkg-config)
@@ -380,25 +381,20 @@ It has been modified to remove all non-free binary blobs.")
 (define-public linux-pam
   (package
     (name "linux-pam")
-    (version "1.2.1")
+    (version "1.3.0")
     (source
      (origin
       (method url-fetch)
-      (uri (list (string-append "http://www.linux-pam.org/library/Linux-PAM-"
-                                version ".tar.bz2")
-                 (string-append "mirror://kernel.org/linux/libs/pam/library/Linux-PAM-"
-                                version ".tar.bz2")))
+      (uri (string-append
+            "http://www.linux-pam.org/library/"
+            "Linux-PAM-" version ".tar.bz2"))
       (sha256
        (base32
-        "1n9lnf9gjs72kbj1g354v1xhi2j27aqaah15vykh7cnkq08i4arl"))))
+        "1fyi04d5nsh8ivd0rn2y0z83ylgc0licz7kifbb6xxi2ylgfs6i4"))))
     (build-system gnu-build-system)
     (native-inputs
-     `(("flex" ,flex)
-
-       ;; TODO: optional dependencies
-       ;; ("libxcrypt" ,libxcrypt)
-       ;; ("cracklib" ,cracklib)
-       ))
+     `(("cracklib" ,cracklib)
+       ("flex" ,flex)))
     (arguments
      '(;; Most users, such as `shadow', expect the headers to be under
        ;; `security'.
@@ -406,7 +402,7 @@ It has been modified to remove all non-free binary blobs.")
                                               (assoc-ref %outputs "out")
                                               "/include/security"))
 
-       ;; XXX: Tests won't run in chroot, presumably because /etc/pam.d
+       ;; FIXME: Tests won't run in chroot, presumably because /etc/pam.d
        ;; isn't available.
        #:tests? #f))
     (home-page "http://www.linux-pam.org/")
-- 
2.9.0

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] gnu: linux-pam: Update to 1.3.0.
  2016-08-26 19:59 [PATCH] gnu: linux-pam: Update to 1.3.0 David Craven
@ 2016-08-26 20:04 ` David Craven
  2016-08-28 20:14 ` Ludovic Courtès
  1 sibling, 0 replies; 4+ messages in thread
From: David Craven @ 2016-08-26 20:04 UTC (permalink / raw)
  To: guix-devel

I removed the kernel mirror, because the folder is empty.

> -                 (string-append "mirror://kernel.org/linux/libs/pam/library/Linux-PAM-"
> -                                version ".tar.bz2")))
> +      (uri (string-append
> +            "http://www.linux-pam.org/library/"
> +            "Linux-PAM-" version ".tar.bz2"))

Added cracklib to remove the TODO, does it have to be a separate
commit? I'll mention it in the commit message in any case, no need to
comment on that... ;-)

> -       ;; TODO: optional dependencies
> -       ;; ("libxcrypt" ,libxcrypt)
> -       ;; ("cracklib" ,cracklib)
> -       ))
> +     `(("cracklib" ,cracklib)
> +       ("flex" ,flex)))

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] gnu: linux-pam: Update to 1.3.0.
  2016-08-26 19:59 [PATCH] gnu: linux-pam: Update to 1.3.0 David Craven
  2016-08-26 20:04 ` David Craven
@ 2016-08-28 20:14 ` Ludovic Courtès
  2016-08-28 20:21   ` David Craven
  1 sibling, 1 reply; 4+ messages in thread
From: Ludovic Courtès @ 2016-08-28 20:14 UTC (permalink / raw)
  To: David Craven; +Cc: guix-devel

David Craven <david@craven.ch> skribis:

> * gnu/packages/linux.scm (linux-pam): Update it.

Cool!  This would be for core-updates.

[...]

> -     `(("flex" ,flex)
> -
> -       ;; TODO: optional dependencies
> -       ;; ("libxcrypt" ,libxcrypt)
> -       ;; ("cracklib" ,cracklib)
> -       ))
> +     `(("cracklib" ,cracklib)
> +       ("flex" ,flex)))

I think this part should indeed be a separate patch.  Also, Flex should
be ‘native-inputs’ presumably, whereas Cracklib should be in ‘inputs’.

> @@ -406,7 +402,7 @@ It has been modified to remove all non-free binary blobs.")
>                                                (assoc-ref %outputs "out")
>                                                "/include/security"))
>  
> -       ;; XXX: Tests won't run in chroot, presumably because /etc/pam.d
> +       ;; FIXME: Tests won't run in chroot, presumably because /etc/pam.d
>         ;; isn't available.
>         #:tests? #f))

“XXX” is fine here, because it may be impossible for us to fix it.

Thanks!

Ludo’.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] gnu: linux-pam: Update to 1.3.0.
  2016-08-28 20:14 ` Ludovic Courtès
@ 2016-08-28 20:21   ` David Craven
  0 siblings, 0 replies; 4+ messages in thread
From: David Craven @ 2016-08-28 20:21 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: guix-devel

> “XXX” is fine here, because it may be impossible for us to fix it.

Ah ok.

> I think this part should indeed be a separate patch.  Also, Flex should
> be ‘native-inputs’ presumably, whereas Cracklib should be in ‘inputs’.

Already realized it, and pushed to core-updates as
7483230f17880c1cd50d1de53496dc1ececebbb8
25d1b3107fc7ebdc155649722fc257f4dbc4b04a

and Leo already commented on a related security issue and is reverting
the second commit:

> For CVE-2016-6318, the disclosure message pointed out that if
> cracklib is compiled without the FORTIFY_SOURCE compiler flag, the bug
> can result in code execution and privilege escalation.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2016-08-28 20:21 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-08-26 19:59 [PATCH] gnu: linux-pam: Update to 1.3.0 David Craven
2016-08-26 20:04 ` David Craven
2016-08-28 20:14 ` Ludovic Courtès
2016-08-28 20:21   ` David Craven

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).