commit: 30c18705dcfa3ee3f51ffa025e45a89f402d5677 Author: Aaron W. Swenson <titanofold <AT> gentoo <DOT> org> AuthorDate: Wed Nov 18 18:02:33 2015 +0000 Commit: Aaron Swenson <titanofold <AT> gentoo <DOT> org> CommitDate: Wed Nov 18 18:02:33 2015 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=30c18705
www-apps/rt: Remove Insecure Version Susceptible to cross-site scripting in cryptography interface security issue. Bug: 558424 Package-Manager: portage-2.2.20.1 www-apps/rt/Manifest | 1 - www-apps/rt/rt-4.2.11.ebuild | 292 ------------------------------------------- 2 files changed, 293 deletions(-) diff --git a/www-apps/rt/Manifest b/www-apps/rt/Manifest index 15a1419..25c8e4e 100644 --- a/www-apps/rt/Manifest +++ b/www-apps/rt/Manifest @@ -1,2 +1 @@ -DIST rt-4.2.11.tar.gz 7537515 SHA256 dc07f32dd04a50bd9d0ff86a1f9fe3cd1a128f01cbbd018e5fa23a41ddfb87e6 SHA512 dec4db4c2e3ec8c167e6fde16817fb07441a297cbdf6e035f100aa94d9eb1831f11b8d4dbfb8376a5da689ff2378647de2a52683692f91d3ab6b1044aecd9c43 WHIRLPOOL aefeac9dd7cbf343f5a20f467a5b86d10a07e742475dc4d397b61c7499245862d9c67bd3406e419bccefa069a69aa3375b0e9fe0879d7a67899f99f978fb782a DIST rt-4.2.12.tar.gz 7537620 SHA256 e21220c609706dc9977a13309d78a4d9171455ae823cf549311342cedd837264 SHA512 e816c5481bdb158209bd78bc82af4abc0243af500abe55ae3aac666259e983282d82577de6207899745b4781fb0a50d3094901a248e7ac958dd852343b6f2676 WHIRLPOOL 726d6f7c92bdd120ae3c0463181cef3ade9c705ac23dbb93bf1a262ebc4d0d2f07144a67d04a06c3127dead7ad7e6b50f3966e2969bc8c0199507af4af854fec diff --git a/www-apps/rt/rt-4.2.11.ebuild b/www-apps/rt/rt-4.2.11.ebuild deleted file mode 100644 index 5762f03..0000000 --- a/www-apps/rt/rt-4.2.11.ebuild +++ /dev/null @@ -1,292 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=5 - -inherit webapp eutils depend.apache user - -DESCRIPTION="RT is an enterprise-grade ticketing system" -HOMEPAGE="http://www.bestpractical.com/rt/"; -SRC_URI="http://download.bestpractical.com/pub/${PN}/release/${P}.tar.gz"; - -KEYWORDS="~amd64" -LICENSE="GPL-2" -IUSE="mysql +postgres fastcgi lighttpd" -REQUIRED_USE="^^ ( mysql postgres )" - -RESTRICT="test" - -DEPEND=" - >=dev-lang/perl-5.10.1 - - >=dev-perl/Apache-Session-1.53 - >=dev-perl/CSS-Squish-0.06 - >=dev-perl/Class-Accessor-0.34 - >=dev-perl/Class-ReturnValue-0.550.0-r1 - >=dev-perl/DBI-1.37 - >=dev-perl/Date-Extract-0.02 - >=dev-perl/DateTime-Format-Natural-0.67 - >=dev-perl/Devel-StackTrace-1.19 - >=dev-perl/HTML-FormatText-WithLinks-0.14 - >=dev-perl/HTML-Mason-1.43 - >=dev-perl/HTML-Scrubber-0.08 - >=dev-perl/HTTP-Server-Simple-0.34 - >=dev-perl/HTTP-Server-Simple-Mason-0.14 - >=dev-perl/Log-Dispatch-2.410.0 - >=dev-perl/MIME-tools-5.425 - >=dev-perl/MailTools-1.60 - >=dev-perl/Module-Versions-Report-1.05 - >=dev-perl/Role-Basic-0.12 - >=dev-perl/Symbol-Global-Name-0.04 - >=dev-perl/Text-Quoted-2.80.0 - >=dev-perl/Text-WikiFormat-0.76 - >=dev-perl/Tree-Simple-1.04 - >=dev-perl/XML-RSS-1.05 - >=dev-perl/dbix-searchbuilder-1.660.0 - >=dev-perl/Locale-Maketext-Lexicon-0.32 - >=dev-perl/CGI-4 - >=virtual/perl-Digest-MD5-2.27 - >=virtual/perl-Encode-2.730.0 - >=virtual/perl-File-Spec-0.8 - >=virtual/perl-Getopt-Long-2.24 - >=virtual/perl-Locale-Maketext-1.06 - >=virtual/perl-Storable-2.08 - dev-perl/CGI-Emulate-PSGI - dev-perl/CGI-PSGI - dev-perl/Cache-Simple-TimedExpiry - dev-perl/Calendar-Simple - dev-perl/Convert-Color - dev-perl/Crypt-Eksblowfish - dev-perl/Crypt-SSLeay - dev-perl/Crypt-X509 - dev-perl/DBD-SQLite - dev-perl/Data-GUID - dev-perl/Data-ICal - dev-perl/DateManip - dev-perl/Devel-GlobalDestruction - dev-perl/Email-Address - dev-perl/Email-Address-List - dev-perl/File-ShareDir - dev-perl/File-Which - dev-perl/GD - dev-perl/GDGraph - dev-perl/GDTextUtil - dev-perl/GnuPG-Interface - dev-perl/GraphViz - dev-perl/HTML-Format - dev-perl/HTML-FormatText-WithLinks-AndTables - dev-perl/HTML-Mason-PSGIHandler - dev-perl/HTML-Parser - dev-perl/HTML-Quoted - dev-perl/HTML-RewriteAttributes - dev-perl/HTML-Tree - dev-perl/IPC-Run3 - dev-perl/JSON - dev-perl/JavaScript-Minifier - dev-perl/MIME-Types - dev-perl/Module-Refresh - dev-perl/Mozilla-CA - dev-perl/Net-CIDR - dev-perl/PerlIO-eol - dev-perl/Plack - dev-perl/Regexp-Common-net-CIDR - dev-perl/Regexp-IPv6 - dev-perl/Starlet - dev-perl/String-ShellQuote - dev-perl/TermReadKey - dev-perl/Text-Password-Pronounceable - dev-perl/Time-modules - dev-perl/TimeDate - dev-perl/UNIVERSAL-require - dev-perl/libwww-perl - dev-perl/locale-maketext-fuzzy - dev-perl/net-server - dev-perl/regexp-common - dev-perl/Text-Autoformat - dev-perl/text-template - dev-perl/text-wrapper - virtual/perl-Digest - virtual/perl-File-Temp - virtual/perl-Scalar-List-Utils - virtual/perl-Time-HiRes - virtual/perl-libnet - - fastcgi? ( - dev-perl/FCGI - dev-perl/FCGI-ProcManager - ) - !lighttpd? ( - dev-perl/Apache-DBI - !fastcgi? ( >=www-apache/mod_perl-2 ) - ) - lighttpd? ( dev-perl/FCGI ) - mysql? ( >=dev-perl/DBD-mysql-2.1018 ) - postgres? ( >=dev-perl/DBD-Pg-1.43 ) -" - -RDEPEND="${DEPEND} - virtual/mta - !lighttpd? ( ${APACHE2_DEPEND} ) - lighttpd? ( - >=www-servers/lighttpd-1.3.13 - sys-apps/openrc - ) -" - -need_httpd_cgi - -add_user_rt() { - # add new user - # suexec2 requires uid >= 1000; enewuser is of no help here - # From: Mike Frysinger <vap...@gentoo.org> - # Date: Fri, 17 Jun 2005 08:41:44 -0400 - # i'd pick a 5 digit # if i were you - - local euser="rt" - - # first check if username rt exists - if [[ ${euser} == $(egetent passwd "${euser}" | cut -d: -f1) ]] ; then - # check uid - rt_uid=$(egetent passwd "${euser}" | cut -d: -f3) - if $(expr ${rt_uid} '<' 1000 > /dev/null); then - ewarn "uid of user rt is less than 1000. suexec2 will not work." - ewarn "If you want to use FastCGI, please delete the user 'rt'" - ewarn "from your system and re-emerge www-apps/rt" - fi - return 0 # all is well - fi - - # add user - # stolen from enewuser - local pwrange euid - - pwrange=$(seq 10001 11001) - for euid in ${pwrange} ; do - [[ -z $(egetent passwd ${euid}) ]] && break - done - if [[ ${euid} == "11001" ]]; then - # she gets around, doesn't she? - die "No available uid's found" - fi - - elog " - Userid: ${euid}" - - enewuser rt ${euid} -1 /dev/null rt - return 0 -} - -pkg_setup() { - webapp_pkg_setup - - ewarn - ewarn "If you are upgrading from an existing RT installation" - ewarn "make sure to read the related upgrade documentation in" - ewarn "${ROOT}usr/share/doc/${PF}." - ewarn - - enewgroup rt - add_user_rt || die "Could not add user" -} - -src_prepare() { - # add Gentoo-specific layout - cat "${FILESDIR}"/config.layout-gentoo >> config.layout - sed -e "s|PREFIX|${ED}/${MY_HOSTROOTDIR}/${PF}|g" \ - -e "s|HTMLDIR|${ED}/${MY_HTDOCSDIR}|g" \ - -e 's|/\+|/|g' \ - -i ./config.layout || die 'config sed failed' - - # don't need to check dev dependencies - sed -e "s|\$args{'with-DEV'} =1;|#\$args{'with-DEV'} =1;|" \ - -i sbin/rt-test-dependencies.in || die 'dev sed failed' - - epatch "${FILESDIR}/rt-makefile-serialize-install-prereqs.patch" -} - -src_configure() { - local web - local myconf - local depsconf - - if use mysql ; then - myconf="--with-db-type=mysql --with-db-dba=root" - depsconf="--with-MYSQL" - elif use postgres ; then - myconf="--with-db-type=Pg --with-db-dba=postgres" - depsconf="--with-PG" - else - die "Pick a database backend" - fi - - if use fastcgi ; then - myconf+=" --with-web-handler=fastcgi" - web="apache" - depsconf+=" --with-FASTCGI" - elif use lighttpd ; then - myconf+=" --with-web-handler=fastcgi" - web="lighttpd" - depsconf+=" --with-FASTCGI" - else - myconf+=" --with-web-handler=modperl2" - web="apache" - depsconf+=" --with-MODPERL2" - fi - - ./configure --enable-layout=Gentoo \ - --with-bin-owner=rt \ - --with-libs-owner=rt \ - --with-libs-group=rt \ - --with-rt-group=rt \ - --with-web-user=${web} \ - --with-web-group=${web} \ - ${myconf} - - # check for missing deps and ask to report if something is broken - /usr/bin/perl ./sbin/rt-test-dependencies ${depsconf} > "${T}"/t - if grep -q "MISSING" "${T}"/t; then - ewarn "Missing Perl dependency!" - ewarn - cat "${T}"/t | grep MISSING - ewarn - ewarn "Please run perl-cleaner. If the problem persists," - ewarn "please file a bug in the Gentoo Bugzilla with the information above" - die "Missing dependencies." - fi -} - -src_compile() { :; } - -src_install() { - webapp_src_preinst - emake install - - dodoc -r docs/* - # Disable compression because `perldoc` doesn't decompress transparently - docompress -x /usr/share/doc - - # make sure we don't clobber existing site configuration - rm -f "${ED}"/${MY_HOSTROOTDIR}/${PF}/etc/RT_SiteConfig.pm - - # fix paths - find "${ED}" -type f -print0 | xargs -0 sed -i -e "s:${ED}::g" - - # copy upgrade files - insinto "${MY_HOSTROOTDIR}/${PF}" - doins -r etc/upgrade - - if use lighttpd ; then - newinitd "${FILESDIR}"/${PN}.init.d.2 ${PN} - newconfd "${FILESDIR}"/${PN}.conf.d.2 ${PN} - sed -i -e "s/@@PF@@/${PF}/g" "${ED}"/etc/conf.d/${PN} || die - fi - - # require the web server's permissions - webapp_serverowned "${MY_HOSTROOTDIR}"/${PF}/var - webapp_serverowned "${MY_HOSTROOTDIR}"/${PF}/var/mason_data/obj - - webapp_postinst_txt en "${FILESDIR}"/postinstall-en.txt - webapp_hook_script "${FILESDIR}"/reconfig - - webapp_src_install -}
