Initial import (#1511435).

2017-11-09 17:50:05 -05:00 · 2017-11-09 17:50:05 -05:00 · d3bc37c2ce
parent bbda7f209e
commit d3bc37c2ce
5 changed files with 130 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+/httpuv_1.3.5.tar.gz
--- a/215.patch
+++ b/215.patch
@ -0,0 +1,46 @@
+From 2773e1181dfb1e10fc2e3bfd3ffd83c71b730408 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= <saghul@gmail.com>
+Date: Mon, 10 Feb 2014 17:41:51 +0100
+Subject: [PATCH] unix: call setgoups before calling setuid/setgid
+
+Backported from v1.x (66ab389)
+
+PR-URL: https://github.com/libuv/libuv/pull/215
+Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
+---
+ src/unix/process.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/src/unix/process.c b/src/unix/process.c
+index 19686a291..d1f9440c5 100644
+--- a/src/unix/process.c
+++ b/src/unix/process.c
+@@ -40,6 +40,10 @@
+ extern char **environ;
+ #endif
+ 
+#ifdef __linux__
+# include <grp.h>
+#endif
+
+ 
+ static ngx_queue_t* uv__process_queue(uv_loop_t* loop, int pid) {
+   assert(pid > 0);
+@@ -322,6 +326,17 @@ static void uv__process_child_init(uv_process_options_t options,
+     _exit(127);
+   }
+ 
+  if (options.flags & (UV_PROCESS_SETUID | UV_PROCESS_SETGID)) {
+    /* When dropping privileges from root, the `setgroups` call will
+     * remove any extraneous groups. If we don't call this, then
+     * even though our uid has dropped, we may still have groups
+     * that enable us to do super-user things. This will fail if we
+     * aren't root, so don't bother checking the return value, this
+     * is just done as an optimistic privilege dropping function.
+     */
+    SAVE_ERRNO(setgroups(0, NULL));
+  }
+
+   if ((options.flags & UV_PROCESS_SETGID) && setgid(options.gid)) {
+     uv__write_int(error_fd, errno);
+     perror("setgid()");
--- a/R-httpuv.spec
+++ b/R-httpuv.spec
@ -0,0 +1,82 @@
+%global packname  httpuv
+%global rlibdir  %{_libdir}/R/library
+
+Name:             R-%{packname}
+Version:          1.3.5
+Release:          2%{?dist}
+Summary:          HTTP and WebSocket Server Library
+
+# Main: GPLv3; http-parser & libuv: MIT; sha1: Public Domain
+License:          GPLv3 and MIT and Public Domain
+URL:              https://cran.r-project.org/web/packages/%{packname}/index.html
+Source0:          https://cran.r-project.org/src/contrib/%{packname}_%{version}.tar.gz
+# https://github.com/libuv/libuv/pull/215; CVE-2015-0278
+Patch0001:        215.patch
+
+# Here's the R view of the dependencies world:
+# Depends:   R-methods
+# Imports:   R-Rcpp R-utils
+# Suggests:
+# LinkingTo:
+# Enhances:
+
+Requires:         R-methods
+Requires:         R-Rcpp R-utils
+BuildRequires:    R-devel tex(latex) R-methods
+BuildRequires:    R-Rcpp-devel R-utils
+# Hopefully will be removable in the next release, which also upgrades the
+# internal copies.
+Provides:         bundled(http-parser) = 2.0.0
+Provides:         bundled(libuv) = 0.10.13
+
+%description
+Provides low-level socket and protocol support for handling HTTP and
+WebSocket requests directly from within R. It is primarily intended as a
+building block for other packages, rather than making it particularly easy
+to create complete web applications using httpuv alone. httpuv is built on
+top of the libuv and http-parser C libraries, both of which were developed
+by Joyent, Inc.
+
+
+%prep
+%setup -q -c -n %{packname}
+pushd %{packname}/src/libuv
+%patch0001 -p1
+popd
+
+
+%build
+
+
+%install
+mkdir -p %{buildroot}%{rlibdir}
+%{_bindir}/R CMD INSTALL -l %{buildroot}%{rlibdir} %{packname}
+test -d %{packname}/src && (cd %{packname}/src; rm -f *.o *.so)
+rm -f %{buildroot}%{rlibdir}/R.css
+
+
+%check
+%{_bindir}/R CMD check %{packname}
+
+
+%files
+%dir %{rlibdir}/%{packname}
+%doc %{rlibdir}/%{packname}/html
+%{rlibdir}/%{packname}/DESCRIPTION
+%license %{rlibdir}/%{packname}/LICENSE
+%doc %{rlibdir}/%{packname}/NEWS
+%{rlibdir}/%{packname}/INDEX
+%{rlibdir}/%{packname}/NAMESPACE
+%{rlibdir}/%{packname}/Meta
+%{rlibdir}/%{packname}/R
+%{rlibdir}/%{packname}/help
+%{rlibdir}/%{packname}/demo
+%{rlibdir}/%{packname}/libs
+
+
+%changelog
+* Thu Nov 09 2017 Elliott Sales de Andrade <quantum.analyst@gmail.com> 1.3.5-2
+- Apply patch for CVE-2015-0278
+
+* Tue Oct 31 2017 Elliott Sales de Andrade <quantum.analyst@gmail.com> 1.3.5-1
+- initial package for Fedora
--- a/README.md
+++ b/README.md
@ -1,3 +0,0 @@
-# R-httpuv
-
-The R-httpuv package
--- a/1
+++ b/1
@ -0,0 +1 @@
+SHA512 (httpuv_1.3.5.tar.gz) = 4ced65631a227e66206d7e29eab9191c858ad6778893d297282482a1e662d6c49beb3d6caaf62ae128c64189f4846c83446e38f17c4c2bb8fdaa9f17b7d0bc50
				`@ -0,0 +1 @@`
				`SHA512 (httpuv_1.3.5.tar.gz) = 4ced65631a227e66206d7e29eab9191c858ad6778893d297282482a1e662d6c49beb3d6caaf62ae128c64189f4846c83446e38f17c4c2bb8fdaa9f17b7d0bc50`