Update to latest version.
This commit is contained in:
Elliott Sales de Andrade
parent
dc88dcb757
commit
fd56bdb665
|
|
@ -1,2 +1,3 @@
|
|||
/httpuv_1.3.5.tar.gz
|
||||
/httpuv_1.3.6.2.tar.gz
|
||||
/httpuv_1.4.1.tar.gz
|
||||
|
|
|
|||
46
215.patch
46
215.patch
|
|
@ -1,46 +0,0 @@
|
|||
From 2773e1181dfb1e10fc2e3bfd3ffd83c71b730408 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= <saghul@gmail.com>
|
||||
Date: Mon, 10 Feb 2014 17:41:51 +0100
|
||||
Subject: [PATCH] unix: call setgoups before calling setuid/setgid
|
||||
|
||||
Backported from v1.x (66ab389)
|
||||
|
||||
PR-URL: https://github.com/libuv/libuv/pull/215
|
||||
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
|
||||
---
|
||||
src/unix/process.c | 15 +++++++++++++++
|
||||
1 file changed, 15 insertions(+)
|
||||
|
||||
diff --git a/src/unix/process.c b/src/unix/process.c
|
||||
index 19686a291..d1f9440c5 100644
|
||||
--- a/src/unix/process.c
|
||||
+++ b/src/unix/process.c
|
||||
@@ -40,6 +40,10 @@
|
||||
extern char **environ;
|
||||
#endif
|
||||
|
||||
+#ifdef __linux__
|
||||
+# include <grp.h>
|
||||
+#endif
|
||||
+
|
||||
|
||||
static ngx_queue_t* uv__process_queue(uv_loop_t* loop, int pid) {
|
||||
assert(pid > 0);
|
||||
@@ -322,6 +326,17 @@ static void uv__process_child_init(uv_process_options_t options,
|
||||
_exit(127);
|
||||
}
|
||||
|
||||
+ if (options.flags & (UV_PROCESS_SETUID | UV_PROCESS_SETGID)) {
|
||||
+ /* When dropping privileges from root, the `setgroups` call will
|
||||
+ * remove any extraneous groups. If we don't call this, then
|
||||
+ * even though our uid has dropped, we may still have groups
|
||||
+ * that enable us to do super-user things. This will fail if we
|
||||
+ * aren't root, so don't bother checking the return value, this
|
||||
+ * is just done as an optimistic privilege dropping function.
|
||||
+ */
|
||||
+ SAVE_ERRNO(setgroups(0, NULL));
|
||||
+ }
|
||||
+
|
||||
if ((options.flags & UV_PROCESS_SETGID) && setgid(options.gid)) {
|
||||
uv__write_int(error_fd, errno);
|
||||
perror("setgid()");
|
||||
|
|
@ -2,32 +2,41 @@
|
|||
%global rlibdir %{_libdir}/R/library
|
||||
|
||||
Name: R-%{packname}
|
||||
Version: 1.3.6.2
|
||||
Release: 2%{?dist}
|
||||
Version: 1.4.1
|
||||
Release: 1%{?dist}
|
||||
Summary: HTTP and WebSocket Server Library
|
||||
|
||||
# Main: GPLv3; http-parser & libuv: MIT; sha1: Public Domain
|
||||
License: GPLv3 and MIT and Public Domain
|
||||
# Main: GPLv2+; http-parser & libuv: MIT; sha1: Public Domain
|
||||
License: GPLv2+ and MIT and Public Domain
|
||||
URL: https://cran.r-project.org/web/packages/%{packname}/index.html
|
||||
Source0: https://cran.r-project.org/src/contrib/%{packname}_%{version}.tar.gz
|
||||
# https://github.com/libuv/libuv/pull/215; CVE-2015-0278
|
||||
Patch0001: 215.patch
|
||||
|
||||
# Here's the R view of the dependencies world:
|
||||
# Depends: R-methods
|
||||
# Imports: R-Rcpp R-utils
|
||||
# Suggests:
|
||||
# Imports: R-Rcpp >= 0.11.0, R-utils, R-promises, R-later >= 0.7.1
|
||||
# Suggests: R-testthat, R-callr
|
||||
# LinkingTo:
|
||||
# Enhances:
|
||||
|
||||
Requires: R-methods
|
||||
Requires: R-Rcpp R-utils
|
||||
BuildRequires: R-devel tex(latex) R-methods
|
||||
BuildRequires: R-Rcpp-devel R-utils
|
||||
Requires: R-Rcpp >= 0.11.0
|
||||
Requires: R-utils
|
||||
Requires: R-promises
|
||||
Requires: R-later >= 0.7.1
|
||||
BuildRequires: R-devel
|
||||
BuildRequires: tex(latex)
|
||||
BuildRequires: R-methods
|
||||
BuildRequires: R-Rcpp-devel >= 0.11.0
|
||||
BuildRequires: R-utils
|
||||
BuildRequires: R-promises
|
||||
BuildRequires: R-later-devel >= 0.7.1
|
||||
BuildRequires: R-testthat
|
||||
BuildRequires: R-callr
|
||||
BuildRequires: R-BH-devel
|
||||
# Hopefully will be removable in the next release, which also upgrades the
|
||||
# internal copies.
|
||||
Provides: bundled(http-parser) = 2.0.0
|
||||
Provides: bundled(libuv) = 0.10.13
|
||||
Provides: bundled(http-parser) = 2.7.1
|
||||
Provides: bundled(libuv) = 1.18.0
|
||||
|
||||
%description
|
||||
Provides low-level socket and protocol support for handling HTTP and
|
||||
|
|
@ -40,9 +49,6 @@ by Joyent, Inc.
|
|||
|
||||
%prep
|
||||
%setup -q -c -n %{packname}
|
||||
pushd %{packname}/src/libuv
|
||||
%patch0001 -p1
|
||||
popd
|
||||
|
||||
|
||||
%build
|
||||
|
|
@ -64,17 +70,21 @@ rm -f %{buildroot}%{rlibdir}/R.css
|
|||
%doc %{rlibdir}/%{packname}/html
|
||||
%{rlibdir}/%{packname}/DESCRIPTION
|
||||
%license %{rlibdir}/%{packname}/LICENSE
|
||||
%doc %{rlibdir}/%{packname}/NEWS
|
||||
%doc %{rlibdir}/%{packname}/NEWS.md
|
||||
%{rlibdir}/%{packname}/INDEX
|
||||
%{rlibdir}/%{packname}/NAMESPACE
|
||||
%{rlibdir}/%{packname}/Meta
|
||||
%{rlibdir}/%{packname}/R
|
||||
%{rlibdir}/%{packname}/help
|
||||
%{rlibdir}/%{packname}/demo
|
||||
%{rlibdir}/%{packname}/libs
|
||||
%dir %{rlibdir}/%{packname}/libs
|
||||
%{rlibdir}/%{packname}/libs/%{packname}.so
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Apr 30 2018 Elliott Sales de Andrade <quantum.analyst@gmail.com> - 1.4.1-1
|
||||
- Update to latest version
|
||||
|
||||
* Fri Mar 09 2018 Elliott Sales de Andrade <quantum.analyst@gmail.com> - 1.3.6.2-2
|
||||
- Fix license and changelog
|
||||
|
||||
|
|
|
|||
2
sources
2
sources
|
|
@ -1 +1 @@
|
|||
SHA512 (httpuv_1.3.6.2.tar.gz) = ff67caee9d0a42451c061ad7f65c85ef6ba691b8da1711e4181171904ec5950469e2210aee83bf3cd6e9c3ccb47e36d0d1612175b19fa0ef6740d9196a74dd7e
|
||||
SHA512 (httpuv_1.4.1.tar.gz) = 5ec2af509bd2d50be364c424e7f3094951170e11eefbe36125100a8fb7257b16c7d18ce0b963289d07c759498eeabf7be78ec192e28c437c66231a2746115bba
|
||||
|
|
|
|||
Loading…
Reference in New Issue