Gentoo Archives: gentoo-commits

From: Michael Orlitzky <mjo@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: net-im/openfire/
Date: Sun, 23 Jun 2019 17:15:55
Message-Id: 1561310116.c32aef5d13c57017978860eb65c1c4f5ce88721c.mjo@gentoo
1 commit: c32aef5d13c57017978860eb65c1c4f5ce88721c
2 Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
3 AuthorDate: Sun Jun 23 17:13:53 2019 +0000
4 Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
5 CommitDate: Sun Jun 23 17:15:16 2019 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c32aef5d
7
8 net-im/openfire: new revision to clean up ownership handling.
9
10 The new revision (-r2) is intended to clean up some of the ownership
11 and group handling that led to the security issue in bug 630914. Note
12 that while that *particular* bug was fixed, the ebuild was still
13 calling "chmod" in a user-controlled directory, which is also
14 exploitable. The following changes hopefully eliminate all of
15 those problems:
16
17 * Add /opt/openfire/conf to CONFIG_PROTECT.
18
19 * Use insopts/diropts to create everything under /opt/openfire with
20 the correct ownership and permissions to begin with.
21
22 * Install conf/openfire.xml and conf/security.xml in src_install(),
23 instead of creating (and chmod'ing) them later in pkg_postinst().
24
25 * Drop pkg_postinst() entirely now that we install {openfire,security}.xml
26 in src_install().
27
28 Bug: https://bugs.gentoo.org/630914
29 Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>
30 Package-Manager: Portage-2.3.66, Repoman-2.3.11
31
32 net-im/openfire/openfire-4.2.3-r2.ebuild | 80 ++++++++++++++++++++++++++++++++
33 1 file changed, 80 insertions(+)
34
35 diff --git a/net-im/openfire/openfire-4.2.3-r2.ebuild b/net-im/openfire/openfire-4.2.3-r2.ebuild
36 new file mode 100644
37 index 00000000000..d504e403aba
38 --- /dev/null
39 +++ b/net-im/openfire/openfire-4.2.3-r2.ebuild
40 @@ -0,0 +1,80 @@
41 +# Copyright 1999-2019 Gentoo Authors
42 +# Distributed under the terms of the GNU General Public License v2
43 +
44 +EAPI=6
45 +
46 +inherit eutils java-pkg-2 java-ant-2 systemd
47 +
48 +MY_P=${PN}_src_${PV//./_}
49 +DESCRIPTION="Openfire (formerly wildfire) real time collaboration (RTC) server"
50 +HOMEPAGE="http://www.igniterealtime.org/projects/openfire/"
51 +SRC_URI="http://www.igniterealtime.org/builds/openfire/${MY_P}.tar.gz"
52 +
53 +LICENSE="GPL-2"
54 +SLOT="0"
55 +KEYWORDS="~amd64 ~x86"
56 +IUSE="doc"
57 +
58 +RDEPEND=">=virtual/jre-1.7"
59 +DEPEND="net-im/jabber-base
60 + ~dev-java/ant-contrib-1.0_beta2
61 + >=virtual/jdk-1.7"
62 +
63 +S=${WORKDIR}/${PN}_src
64 +
65 +pkg_setup() {
66 + java-pkg-2_pkg_setup
67 +}
68 +
69 +src_compile() {
70 + # Jikes doesn't support -source 1.5
71 + java-pkg_filter-compiler jikes
72 +
73 + ANT_TASKS="ant-contrib"
74 + eant -f build/build.xml openfire plugins $(use_doc)
75 +
76 + # delete nativeAuth prebuilt libs:
77 + # uses outdated unmaintained libshaj, does not support amd64
78 + rm -rfv target/openfire/resources/nativeAuth || die
79 +}
80 +
81 +src_install() {
82 + #Protect ssl key on upgrade
83 + dodir /etc/env.d/
84 + echo 'CONFIG_PROTECT="/opt/openfire/resources/security/"' > "${D}"/etc/env.d/98openfire
85 + echo 'CONFIG_PROTECT="/opt/openfire/conf/"' > "${D}"/etc/env.d/98openfire
86 +
87 + newinitd "${FILESDIR}"/openfire-initd openfire
88 + newconfd "${FILESDIR}"/openfire-confd openfire
89 + systemd_dounit "${FILESDIR}"/${PN}.service
90 +
91 + diropts --owner=jabber --group=jabber
92 + insopts --owner=jabber --group=jabber
93 + dodir /opt/openfire
94 +
95 + dodir /opt/openfire/logs
96 + keepdir /opt/openfire/logs
97 +
98 + dodir /opt/openfire/lib
99 + insinto /opt/openfire/lib
100 + doins target/openfire/lib/*
101 +
102 + dodir /opt/openfire/plugins
103 + insinto /opt/openfire/plugins
104 + doins -r target/openfire/plugins/*
105 +
106 + dodir /opt/openfire/resources
107 + insinto /opt/openfire/resources
108 + doins -r target/openfire/resources/*
109 +
110 + if use doc; then
111 + dohtml -r documentation/docs/*
112 + fi
113 + dodoc documentation/dist/*
114 +
115 + dodir /opt/openfire/conf
116 + insinto /opt/openfire/conf
117 + insopts --mode=0600 --owner=jabber --group=jabber
118 + newins target/openfire/conf/openfire.xml openfire.xml
119 + newins target/openfire/conf/security.xml security.xml
120 +}