* [PATCH] gnu: linux-pam: Update to 1.3.0.
@ 2016-08-26 19:59 David Craven
2016-08-26 20:04 ` David Craven
2016-08-28 20:14 ` Ludovic Courtès
0 siblings, 2 replies; 4+ messages in thread
From: David Craven @ 2016-08-26 19:59 UTC (permalink / raw)
To: guix-devel
* gnu/packages/linux.scm (linux-pam): Update it.
---
gnu/packages/linux.scm | 22 +++++++++-------------
1 file changed, 9 insertions(+), 13 deletions(-)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 81a792f..8b9689e 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -55,6 +55,7 @@
#:use-module (gnu packages libusb)
#:use-module (gnu packages maths)
#:use-module (gnu packages ncurses)
+ #:use-module (gnu packages password-utils)
#:use-module (gnu packages perl)
#:use-module (gnu packages pciutils)
#:use-module (gnu packages pkg-config)
@@ -380,25 +381,20 @@ It has been modified to remove all non-free binary blobs.")
(define-public linux-pam
(package
(name "linux-pam")
- (version "1.2.1")
+ (version "1.3.0")
(source
(origin
(method url-fetch)
- (uri (list (string-append "http://www.linux-pam.org/library/Linux-PAM-"
- version ".tar.bz2")
- (string-append "mirror://kernel.org/linux/libs/pam/library/Linux-PAM-"
- version ".tar.bz2")))
+ (uri (string-append
+ "http://www.linux-pam.org/library/"
+ "Linux-PAM-" version ".tar.bz2"))
(sha256
(base32
- "1n9lnf9gjs72kbj1g354v1xhi2j27aqaah15vykh7cnkq08i4arl"))))
+ "1fyi04d5nsh8ivd0rn2y0z83ylgc0licz7kifbb6xxi2ylgfs6i4"))))
(build-system gnu-build-system)
(native-inputs
- `(("flex" ,flex)
-
- ;; TODO: optional dependencies
- ;; ("libxcrypt" ,libxcrypt)
- ;; ("cracklib" ,cracklib)
- ))
+ `(("cracklib" ,cracklib)
+ ("flex" ,flex)))
(arguments
'(;; Most users, such as `shadow', expect the headers to be under
;; `security'.
@@ -406,7 +402,7 @@ It has been modified to remove all non-free binary blobs.")
(assoc-ref %outputs "out")
"/include/security"))
- ;; XXX: Tests won't run in chroot, presumably because /etc/pam.d
+ ;; FIXME: Tests won't run in chroot, presumably because /etc/pam.d
;; isn't available.
#:tests? #f))
(home-page "http://www.linux-pam.org/")
--
2.9.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] gnu: linux-pam: Update to 1.3.0.
2016-08-26 19:59 [PATCH] gnu: linux-pam: Update to 1.3.0 David Craven
@ 2016-08-26 20:04 ` David Craven
2016-08-28 20:14 ` Ludovic Courtès
1 sibling, 0 replies; 4+ messages in thread
From: David Craven @ 2016-08-26 20:04 UTC (permalink / raw)
To: guix-devel
I removed the kernel mirror, because the folder is empty.
> - (string-append "mirror://kernel.org/linux/libs/pam/library/Linux-PAM-"
> - version ".tar.bz2")))
> + (uri (string-append
> + "http://www.linux-pam.org/library/"
> + "Linux-PAM-" version ".tar.bz2"))
Added cracklib to remove the TODO, does it have to be a separate
commit? I'll mention it in the commit message in any case, no need to
comment on that... ;-)
> - ;; TODO: optional dependencies
> - ;; ("libxcrypt" ,libxcrypt)
> - ;; ("cracklib" ,cracklib)
> - ))
> + `(("cracklib" ,cracklib)
> + ("flex" ,flex)))
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] gnu: linux-pam: Update to 1.3.0.
2016-08-26 19:59 [PATCH] gnu: linux-pam: Update to 1.3.0 David Craven
2016-08-26 20:04 ` David Craven
@ 2016-08-28 20:14 ` Ludovic Courtès
2016-08-28 20:21 ` David Craven
1 sibling, 1 reply; 4+ messages in thread
From: Ludovic Courtès @ 2016-08-28 20:14 UTC (permalink / raw)
To: David Craven; +Cc: guix-devel
David Craven <david@craven.ch> skribis:
> * gnu/packages/linux.scm (linux-pam): Update it.
Cool! This would be for core-updates.
[...]
> - `(("flex" ,flex)
> -
> - ;; TODO: optional dependencies
> - ;; ("libxcrypt" ,libxcrypt)
> - ;; ("cracklib" ,cracklib)
> - ))
> + `(("cracklib" ,cracklib)
> + ("flex" ,flex)))
I think this part should indeed be a separate patch. Also, Flex should
be ‘native-inputs’ presumably, whereas Cracklib should be in ‘inputs’.
> @@ -406,7 +402,7 @@ It has been modified to remove all non-free binary blobs.")
> (assoc-ref %outputs "out")
> "/include/security"))
>
> - ;; XXX: Tests won't run in chroot, presumably because /etc/pam.d
> + ;; FIXME: Tests won't run in chroot, presumably because /etc/pam.d
> ;; isn't available.
> #:tests? #f))
“XXX” is fine here, because it may be impossible for us to fix it.
Thanks!
Ludo’.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] gnu: linux-pam: Update to 1.3.0.
2016-08-28 20:14 ` Ludovic Courtès
@ 2016-08-28 20:21 ` David Craven
0 siblings, 0 replies; 4+ messages in thread
From: David Craven @ 2016-08-28 20:21 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: guix-devel
> “XXX” is fine here, because it may be impossible for us to fix it.
Ah ok.
> I think this part should indeed be a separate patch. Also, Flex should
> be ‘native-inputs’ presumably, whereas Cracklib should be in ‘inputs’.
Already realized it, and pushed to core-updates as
7483230f17880c1cd50d1de53496dc1ececebbb8
25d1b3107fc7ebdc155649722fc257f4dbc4b04a
and Leo already commented on a related security issue and is reverting
the second commit:
> For CVE-2016-6318, the disclosure message pointed out that if
> cracklib is compiled without the FORTIFY_SOURCE compiler flag, the bug
> can result in code execution and privilege escalation.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-08-28 20:21 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-08-26 19:59 [PATCH] gnu: linux-pam: Update to 1.3.0 David Craven
2016-08-26 20:04 ` David Craven
2016-08-28 20:14 ` Ludovic Courtès
2016-08-28 20:21 ` David Craven
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).