1 |
commit: c32aef5d13c57017978860eb65c1c4f5ce88721c |
2 |
Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Jun 23 17:13:53 2019 +0000 |
4 |
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Jun 23 17:15:16 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c32aef5d |
7 |
|
8 |
net-im/openfire: new revision to clean up ownership handling. |
9 |
|
10 |
The new revision (-r2) is intended to clean up some of the ownership |
11 |
and group handling that led to the security issue in bug 630914. Note |
12 |
that while that *particular* bug was fixed, the ebuild was still |
13 |
calling "chmod" in a user-controlled directory, which is also |
14 |
exploitable. The following changes hopefully eliminate all of |
15 |
those problems: |
16 |
|
17 |
* Add /opt/openfire/conf to CONFIG_PROTECT. |
18 |
|
19 |
* Use insopts/diropts to create everything under /opt/openfire with |
20 |
the correct ownership and permissions to begin with. |
21 |
|
22 |
* Install conf/openfire.xml and conf/security.xml in src_install(), |
23 |
instead of creating (and chmod'ing) them later in pkg_postinst(). |
24 |
|
25 |
* Drop pkg_postinst() entirely now that we install {openfire,security}.xml |
26 |
in src_install(). |
27 |
|
28 |
Bug: https://bugs.gentoo.org/630914 |
29 |
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org> |
30 |
Package-Manager: Portage-2.3.66, Repoman-2.3.11 |
31 |
|
32 |
net-im/openfire/openfire-4.2.3-r2.ebuild | 80 ++++++++++++++++++++++++++++++++ |
33 |
1 file changed, 80 insertions(+) |
34 |
|
35 |
diff --git a/net-im/openfire/openfire-4.2.3-r2.ebuild b/net-im/openfire/openfire-4.2.3-r2.ebuild |
36 |
new file mode 100644 |
37 |
index 00000000000..d504e403aba |
38 |
--- /dev/null |
39 |
+++ b/net-im/openfire/openfire-4.2.3-r2.ebuild |
40 |
@@ -0,0 +1,80 @@ |
41 |
+# Copyright 1999-2019 Gentoo Authors |
42 |
+# Distributed under the terms of the GNU General Public License v2 |
43 |
+ |
44 |
+EAPI=6 |
45 |
+ |
46 |
+inherit eutils java-pkg-2 java-ant-2 systemd |
47 |
+ |
48 |
+MY_P=${PN}_src_${PV//./_} |
49 |
+DESCRIPTION="Openfire (formerly wildfire) real time collaboration (RTC) server" |
50 |
+HOMEPAGE="http://www.igniterealtime.org/projects/openfire/" |
51 |
+SRC_URI="http://www.igniterealtime.org/builds/openfire/${MY_P}.tar.gz" |
52 |
+ |
53 |
+LICENSE="GPL-2" |
54 |
+SLOT="0" |
55 |
+KEYWORDS="~amd64 ~x86" |
56 |
+IUSE="doc" |
57 |
+ |
58 |
+RDEPEND=">=virtual/jre-1.7" |
59 |
+DEPEND="net-im/jabber-base |
60 |
+ ~dev-java/ant-contrib-1.0_beta2 |
61 |
+ >=virtual/jdk-1.7" |
62 |
+ |
63 |
+S=${WORKDIR}/${PN}_src |
64 |
+ |
65 |
+pkg_setup() { |
66 |
+ java-pkg-2_pkg_setup |
67 |
+} |
68 |
+ |
69 |
+src_compile() { |
70 |
+ # Jikes doesn't support -source 1.5 |
71 |
+ java-pkg_filter-compiler jikes |
72 |
+ |
73 |
+ ANT_TASKS="ant-contrib" |
74 |
+ eant -f build/build.xml openfire plugins $(use_doc) |
75 |
+ |
76 |
+ # delete nativeAuth prebuilt libs: |
77 |
+ # uses outdated unmaintained libshaj, does not support amd64 |
78 |
+ rm -rfv target/openfire/resources/nativeAuth || die |
79 |
+} |
80 |
+ |
81 |
+src_install() { |
82 |
+ #Protect ssl key on upgrade |
83 |
+ dodir /etc/env.d/ |
84 |
+ echo 'CONFIG_PROTECT="/opt/openfire/resources/security/"' > "${D}"/etc/env.d/98openfire |
85 |
+ echo 'CONFIG_PROTECT="/opt/openfire/conf/"' > "${D}"/etc/env.d/98openfire |
86 |
+ |
87 |
+ newinitd "${FILESDIR}"/openfire-initd openfire |
88 |
+ newconfd "${FILESDIR}"/openfire-confd openfire |
89 |
+ systemd_dounit "${FILESDIR}"/${PN}.service |
90 |
+ |
91 |
+ diropts --owner=jabber --group=jabber |
92 |
+ insopts --owner=jabber --group=jabber |
93 |
+ dodir /opt/openfire |
94 |
+ |
95 |
+ dodir /opt/openfire/logs |
96 |
+ keepdir /opt/openfire/logs |
97 |
+ |
98 |
+ dodir /opt/openfire/lib |
99 |
+ insinto /opt/openfire/lib |
100 |
+ doins target/openfire/lib/* |
101 |
+ |
102 |
+ dodir /opt/openfire/plugins |
103 |
+ insinto /opt/openfire/plugins |
104 |
+ doins -r target/openfire/plugins/* |
105 |
+ |
106 |
+ dodir /opt/openfire/resources |
107 |
+ insinto /opt/openfire/resources |
108 |
+ doins -r target/openfire/resources/* |
109 |
+ |
110 |
+ if use doc; then |
111 |
+ dohtml -r documentation/docs/* |
112 |
+ fi |
113 |
+ dodoc documentation/dist/* |
114 |
+ |
115 |
+ dodir /opt/openfire/conf |
116 |
+ insinto /opt/openfire/conf |
117 |
+ insopts --mode=0600 --owner=jabber --group=jabber |
118 |
+ newins target/openfire/conf/openfire.xml openfire.xml |
119 |
+ newins target/openfire/conf/security.xml security.xml |
120 |
+} |