commit: e3b663adafd6756f5fd136e71e078fe31083eac8 Author: Louis Sautier <sbraz <AT> gentoo <DOT> org> AuthorDate: Mon Jul 16 07:02:08 2018 +0000 Commit: Louis Sautier <sbraz <AT> gentoo <DOT> org> CommitDate: Mon Jul 16 07:03:45 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e3b663ad
net-irc/znc: remove the last vulnerable version Bug: https://bugs.gentoo.org/661228 Package-Manager: Portage-2.3.42, Repoman-2.3.9 net-irc/znc/Manifest | 2 - net-irc/znc/files/README.gentoo | 22 --- .../znc-1.6.1-create-pidfile-per-default.patch | 23 --- net-irc/znc/files/znc-1.6.1-systemwideconfig.patch | 215 --------------------- net-irc/znc/files/znc.initd-r1 | 39 ---- net-irc/znc/metadata.xml | 1 - net-irc/znc/znc-1.6.6.ebuild | 129 ------------- 7 files changed, 431 deletions(-) diff --git a/net-irc/znc/Manifest b/net-irc/znc/Manifest index eedc2aef66e..62133c7bbce 100644 --- a/net-irc/znc/Manifest +++ b/net-irc/znc/Manifest @@ -1,4 +1,2 @@ -DIST googletest-release-1.7.0.tar.gz 468653 BLAKE2B 8dfca8b79dcd7b64ce84bad11ee68c549f4fe3dff7638ed1d845af4a7f754ad5df782d2cbebdb9fecfda2499dae6585e07cda7a8c8c454f0b70723d5c9578aa4 SHA512 c623d5720c4ed574e95158529872815ecff478c03bdcee8b79c9b042a603533f93fe55f939bcfe2cd745ce340fd626ad6d9a95981596f1a4d05053d874cd1dfc DIST gtest-ba96d0b1161f540656efdaed035b3c062b60e006.tar.gz 987370 BLAKE2B fcedfe559c4c93166962900117dc492da3cbb99165c30766c39131c20e3b41f057a31a8cb631beaca829c1e9966e90cbc37469ba56a5fc15a2bea86cbe401a63 SHA512 ce78098f973b45f4a177db387c42a56d5ea34407a2af278760b850c326e8450760a58991d62a5408f5df79f89fefd10fee71745b7e8669b2a6f74fa63a259600 -DIST znc-1.6.6.tar.gz 1471612 BLAKE2B 8bd977a95417c4259e9f38759d838f55a146f376dc8bb6230ab6e1b698fb7c9e060cbc237efd4e836961314abab56cc02e7c6bc74e40bad17abaf06e47fbb516 SHA512 cc5bc7328bfe36525ab215b4b53c7cd20aa02b41e7bb28507ff9d9632560f4c30396804e4b828bca0ece19f42813e3fce59d1bae639ea5fc149059f6979e63e7 DIST znc-1.7.1-rc1.tar.gz 2041320 BLAKE2B 62669b598d7423cb55fad458fe6172be36904e8599dcde757936883093f24deb6a5ed6a093e3e92854810f02e96372f44139f9807e70e0cf007de90a1373c6a8 SHA512 b4e223c86c75bc97620c52333d90d6458a02777dce9c629f8a095f8134a06992a60978b2fe8bbce29ed1155932f9f37e0a324a498ee16527b0235e4306c34973 diff --git a/net-irc/znc/files/README.gentoo b/net-irc/znc/files/README.gentoo deleted file mode 100644 index 5b222a24f58..00000000000 --- a/net-irc/znc/files/README.gentoo +++ /dev/null @@ -1,22 +0,0 @@ -To run znc as a user, run 'znc --makeconf' to create a configuration file. - -If znc was compiled with the 'daemon' use flag, you may run - emerge --config znc -to configure it. - -To generate a new SSL certificate, run: - znc --system-wide-config-as znc --makepem -d /var/lib/znc -as root. - -If migrating from a user-based install, you can copy the existing -configuration files: - mkdir /var/lib/znc - mv /home/$USER/.znc/* /var/lib/znc - rm -rf /home/$USER/.znc - chown -R znc:znc /var/lib/znc -You may also adjust the location of the files and the user running znc -in /etc/conf.d/znc instead. - -To run as a daemon, please make sure that your configuration contains - PidFile = /run/znc/znc.pid -or that the PidFile value matches the one in /etc/conf.d/znc. diff --git a/net-irc/znc/files/znc-1.6.1-create-pidfile-per-default.patch b/net-irc/znc/files/znc-1.6.1-create-pidfile-per-default.patch deleted file mode 100644 index 8419e9344bf..00000000000 --- a/net-irc/znc/files/znc-1.6.1-create-pidfile-per-default.patch +++ /dev/null @@ -1,23 +0,0 @@ -Add PidFile option to new configurations per default - -Our runscript requires that ZNC creates a pidfile. This patch will add -the PidFile directive to ZNC's default configuration. ---- - src/znc.cpp | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/znc.cpp b/src/znc.cpp -index b33e860..4a02568 100644 ---- a/src/znc.cpp -+++ b/src/znc.cpp -@@ -575,6 +575,7 @@ bool CZNC::WriteNewConfig(const CString& sConfigFile) { - VCString vsLines; - - vsLines.push_back(MakeConfigHeader()); -+ vsLines.push_back("PidFile = /run/znc/znc.pid"); - vsLines.push_back("Version = " + CString(VERSION_STR)); - - m_sConfigFile = ExpandConfigPath(sConfigFile); --- -2.5.0 - diff --git a/net-irc/znc/files/znc-1.6.1-systemwideconfig.patch b/net-irc/znc/files/znc-1.6.1-systemwideconfig.patch deleted file mode 100644 index d28fa30c219..00000000000 --- a/net-irc/znc/files/znc-1.6.1-systemwideconfig.patch +++ /dev/null @@ -1,215 +0,0 @@ -Add system-wide daemon support. - -This patch adds system-wide daemon support to ZNC so that you can run -one ZNC instance system-wide using the new "--system-wide-config-as" -option. - -Patch is based on @mrueg version from 2012. - -X-Gentoo-Bug: 438430 -X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=438430 ---- - include/znc/znc.h | 3 ++ - src/main.cpp | 83 ++++++++++++++++++++++++++++++++++++++++--------------- - src/znc.cpp | 7 ++++- - 3 files changed, 70 insertions(+), 23 deletions(-) - -diff --git a/include/znc/znc.h b/include/znc/znc.h -index cf2326e..16394f9 100644 ---- a/include/znc/znc.h -+++ b/include/znc/znc.h -@@ -187,6 +187,8 @@ public: - - static void DumpConfig(const CConfig* Config); - -+ void SetSystemWideConfig(bool systemWideConfig); -+ - private: - CFile* InitPidFile(); - bool DoRehash(CString& sError); -@@ -231,6 +233,7 @@ protected: - unsigned int m_uiConnectPaused; - TCacheMap<CString> m_sConnectThrottle; - bool m_bProtectWebSessions; -+ bool m_bSystemWideConfig; - bool m_bHideVersion; - }; - -diff --git a/src/main.cpp b/src/main.cpp -index 09b2c9c..bd5cca6 100644 ---- a/src/main.cpp -+++ b/src/main.cpp -@@ -16,6 +16,9 @@ - - #include <znc/znc.h> - #include <signal.h> -+#include <sys/types.h> -+#include <pwd.h> -+#include <grp.h> - - #if defined(HAVE_LIBSSL) && defined(HAVE_PTHREAD) - #include <znc/Threads.h> -@@ -99,34 +102,36 @@ static inline int getopt_long(int argc, char * const argv[], const char *optstri - #endif - - static const struct option g_LongOpts[] = { -- { "help", no_argument, 0, 'h' }, -- { "version", no_argument, 0, 'v' }, -- { "debug", no_argument, 0, 'D' }, -- { "foreground", no_argument, 0, 'f' }, -- { "no-color", no_argument, 0, 'n' }, -- { "allow-root", no_argument, 0, 'r' }, -- { "makeconf", no_argument, 0, 'c' }, -- { "makepass", no_argument, 0, 's' }, -- { "makepem", no_argument, 0, 'p' }, -- { "datadir", required_argument, 0, 'd' }, -+ { "help", no_argument, 0, 'h' }, -+ { "version", no_argument, 0, 'v' }, -+ { "debug", no_argument, 0, 'D' }, -+ { "foreground", no_argument, 0, 'f' }, -+ { "no-color", no_argument, 0, 'n' }, -+ { "allow-root", no_argument, 0, 'r' }, -+ { "makeconf", no_argument, 0, 'c' }, -+ { "makepass", no_argument, 0, 's' }, -+ { "makepem", no_argument, 0, 'p' }, -+ { "datadir", required_argument, 0, 'd' }, -+ { "system-wide-config-as", required_argument, 0, 'S' }, - { 0, 0, 0, 0 } - }; - - static void GenerateHelp(const char *appname) { - CUtils::PrintMessage("USAGE: " + CString(appname) + " [options]"); - CUtils::PrintMessage("Options are:"); -- CUtils::PrintMessage("\t-h, --help List available command line options (this page)"); -- CUtils::PrintMessage("\t-v, --version Output version information and exit"); -- CUtils::PrintMessage("\t-f, --foreground Don't fork into the background"); -- CUtils::PrintMessage("\t-D, --debug Output debugging information (Implies -f)"); -- CUtils::PrintMessage("\t-n, --no-color Don't use escape sequences in the output"); -- CUtils::PrintMessage("\t-r, --allow-root Don't complain if ZNC is run as root"); -- CUtils::PrintMessage("\t-c, --makeconf Interactively create a new config"); -- CUtils::PrintMessage("\t-s, --makepass Generates a password for use in config"); -+ CUtils::PrintMessage("\t-h, --help List available command line options (this page)"); -+ CUtils::PrintMessage("\t-v, --version Output version information and exit"); -+ CUtils::PrintMessage("\t-f, --foreground Don't fork into the background"); -+ CUtils::PrintMessage("\t-D, --debug Output debugging information (Implies -f)"); -+ CUtils::PrintMessage("\t-n, --no-color Don't use escape sequences in the output"); -+ CUtils::PrintMessage("\t-r, --allow-root Don't complain if ZNC is run as root"); -+ CUtils::PrintMessage("\t-c, --makeconf Interactively create a new config"); -+ CUtils::PrintMessage("\t-s, --makepass Generates a password for use in config"); - #ifdef HAVE_LIBSSL -- CUtils::PrintMessage("\t-p, --makepem Generates a pemfile for use with SSL"); -+ CUtils::PrintMessage("\t-p, --makepem Generates a pemfile for use with SSL"); - #endif /* HAVE_LIBSSL */ -- CUtils::PrintMessage("\t-d, --datadir Set a different ZNC repository (default is ~/.znc)"); -+ CUtils::PrintMessage("\t-d, --datadir Set a different ZNC repository (default is ~/.znc)"); -+ CUtils::PrintMessage("\t-S, --system-wide-config-as Create a system-wide ZNC daemon configuration"); - } - - static void die(int sig) { -@@ -192,6 +197,8 @@ int main(int argc, char** argv) { - bool bMakeConf = false; - bool bMakePass = false; - bool bAllowRoot = false; -+ bool bSystemWideConfig = false; -+ CString sSystemWideConfigUser = "znc"; - bool bForeground = false; - #ifdef ALWAYS_RUN_IN_FOREGROUND - bForeground = true; -@@ -201,7 +208,7 @@ int main(int argc, char** argv) { - #endif - CZNC::CreateInstance(); - -- while ((iArg = getopt_long(argc, argv, "hvnrcspd:Df", g_LongOpts, &iOptIndex)) != -1) { -+ while ((iArg = getopt_long(argc, argv, "hvnrcspd:DfS:", g_LongOpts, &iOptIndex)) != -1) { - switch (iArg) { - case 'h': - GenerateHelp(argv[0]); -@@ -219,6 +226,10 @@ int main(int argc, char** argv) { - case 'c': - bMakeConf = true; - break; -+ case 'S': -+ bSystemWideConfig = true; -+ sSystemWideConfigUser = optarg; -+ break; - case 's': - bMakePass = true; - break; -@@ -254,8 +265,36 @@ int main(int argc, char** argv) { - return 1; - } - -+ if (bSystemWideConfig && getuid() == 0) { -+ struct passwd *pwd; -+ -+ pwd = getpwnam(sSystemWideConfigUser.c_str()); -+ if (pwd == NULL) { -+ CUtils::PrintError("Daemon user not found."); -+ return 1; -+ } -+ -+ if ((long) pwd->pw_uid == 0) { -+ CUtils::PrintError("Please define a daemon user other than root."); -+ return 1; -+ } -+ if (setgroups(0, NULL) != 0) { -+ CUtils::PrintError("setgroups: Unable to clear supplementary group IDs"); -+ return 1; -+ } -+ if (setgid((long) pwd->pw_gid) != 0) { -+ CUtils::PrintError("setgid: Unable to drop group privileges"); -+ return 1; -+ } -+ if (setuid((long) pwd->pw_uid) != 0) { -+ CUtils::PrintError("setuid: Unable to drop user privileges"); -+ return 1; -+ } -+ } -+ - CZNC* pZNC = &CZNC::Get(); - pZNC->InitDirs(((argc) ? argv[0] : ""), sDataDir); -+ pZNC->SetSystemWideConfig(bSystemWideConfig); - - #ifdef HAVE_LIBSSL - if (bMakePem) { -@@ -304,7 +343,7 @@ int main(int argc, char** argv) { - CUtils::PrintStatus(true, ""); - } - -- if (isRoot()) { -+ if (isRoot() && !bSystemWideConfig) { - CUtils::PrintError("You are running ZNC as root! Don't do that! There are not many valid"); - CUtils::PrintError("reasons for this and it can, in theory, cause great damage!"); - if (!bAllowRoot) { -diff --git a/src/znc.cpp b/src/znc.cpp -index 78cda1a..b33e860 100644 ---- a/src/znc.cpp -+++ b/src/znc.cpp -@@ -55,6 +55,7 @@ CZNC::CZNC() { - m_sConnectThrottle.SetTTL(30000); - m_pLockFile = NULL; - m_bProtectWebSessions = true; -+ m_bSystemWideConfig = false; - m_bHideVersion = false; - m_uDisabledSSLProtocols = Csock::EDP_SSL; - m_sSSLProtocols = ""; -@@ -861,7 +862,7 @@ bool CZNC::WriteNewConfig(const CString& sConfigFile) { - CUtils::PrintMessage(""); - - File.UnLock(); -- return bFileOpen && CUtils::GetBoolInput("Launch ZNC now?", true); -+ return bFileOpen && !m_bSystemWideConfig && CUtils::GetBoolInput("Launch ZNC now?", true); - } - - void CZNC::BackupConfigOnce(const CString& sSuffix) { -@@ -1973,3 +1974,7 @@ void CZNC::LeakConnectQueueTimer(CConnectQueueTimer *pTimer) { - bool CZNC::WaitForChildLock() { - return m_pLockFile && m_pLockFile->ExLock(); - } -+ -+void CZNC::SetSystemWideConfig(bool systemWideConfig) { -+ m_bSystemWideConfig = systemWideConfig; -+} --- -2.5.0 - diff --git a/net-irc/znc/files/znc.initd-r1 b/net-irc/znc/files/znc.initd-r1 deleted file mode 100644 index dedb44b1362..00000000000 --- a/net-irc/znc/files/znc.initd-r1 +++ /dev/null @@ -1,39 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -extra_commands="config" -extra_started_commands="reload save" -command="/usr/bin/znc" -command_args="--datadir \"${ZNC_DATADIR}\"" -pidfile="${ZNC_PIDFILE:-/run/znc/znc.pid}" -user=${ZNC_USER:-znc} -group=${ZNC_GROUP:-znc} -start_stop_daemon_args="--chdir \"${ZNC_DATADIR}\" --user ${user} --group ${group} ${ZNC_SSDARGS}" -retry="${ZNC_TERMTIMEOUT}" - -required_dirs="${ZNC_DATADIR}" - -depend() { - use dns logger -} - -start_pre() { - checkpath -d -m 0770 -o ${user}:${group} "$(dirname ${pidfile})" -} - -stop_post() { - rm -f "${pidfile}" -} - -reload() { - ebegin "Reloading ZNC Configuration File from Disk" - start-stop-daemon --signal SIGHUP --pidfile "${pidfile}" - eend $? -} - -save() { - ebegin "Saving ZNC Configuration File to Disk" - start-stop-daemon --signal SIGUSR1 --pidfile "${pidfile}" - eend $? -} diff --git a/net-irc/znc/metadata.xml b/net-irc/znc/metadata.xml index 16293e77692..b58dd845044 100644 --- a/net-irc/znc/metadata.xml +++ b/net-irc/znc/metadata.xml @@ -6,7 +6,6 @@ <name>Louis Sautier</name> </maintainer> <use> - <flag name="daemon">Allow znc to run as a system-wide service. Installs an init script and creates a znc user:group.</flag> <flag name="zlib">Enable mod_deflate-like gzip support for znc's web interface using <pkg>sys-libs/zlib</pkg>.</flag> </use> <upstream> diff --git a/net-irc/znc/znc-1.6.6.ebuild b/net-irc/znc/znc-1.6.6.ebuild deleted file mode 100644 index 76b253fef23..00000000000 --- a/net-irc/znc/znc-1.6.6.ebuild +++ /dev/null @@ -1,129 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -PYTHON_COMPAT=( python3_{4,5,6} ) -inherit eutils python-single-r1 readme.gentoo-r1 systemd user - -MY_PV=${PV/_/-} -GTEST_VER="1.7.0" -GTEST_URL="https://github.com/google/googletest/archive/release-${GTEST_VER}.tar.gz -> googletest-release-${GTEST_VER}.tar.gz" - -DESCRIPTION="An advanced IRC Bouncer" -HOMEPAGE="https://znc.in"; -SRC_URI=" - http://znc.in/releases/archive/${PN}-${MY_PV}.tar.gz - test? ( ${GTEST_URL} ) -" - -LICENSE="Apache-2.0" -SLOT="0" -KEYWORDS="amd64 arm x86" -IUSE="daemon debug +ipv6 +icu libressl perl python +ssl sasl tcl test +zlib" -REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" - -RDEPEND=" - icu? ( dev-libs/icu:= ) - perl? ( >=dev-lang/perl-5.10:= ) - python? ( ${PYTHON_DEPS} ) - sasl? ( >=dev-libs/cyrus-sasl-2 ) - ssl? ( - !libressl? ( dev-libs/openssl:0= ) - libressl? ( dev-libs/libressl:0= ) - ) - tcl? ( dev-lang/tcl:0= ) - zlib? ( sys-libs/zlib ) -" -DEPEND=" - ${RDEPEND} - virtual/pkgconfig -" - -S=${WORKDIR}/${PN}-${MY_PV} - -PATCHES=( - "${FILESDIR}"/${PN}-1.6.1-systemwideconfig.patch - "${FILESDIR}"/${PN}-1.6.1-create-pidfile-per-default.patch -) - -pkg_setup() { - if use python; then - python-single-r1_pkg_setup - fi - if use daemon; then - enewgroup ${PN} - enewuser ${PN} -1 -1 /var/lib/${PN} ${PN} - # The home directory was previously set to /dev/null - # This caused a bug with the systemd unit - # https://bugs.gentoo.org/521916 - esethome ${PN} /var/lib/${PN} - fi -} - -src_configure() { - econf \ - --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \ - $(use_enable debug) \ - $(use_enable icu charset) \ - $(use_enable ipv6) \ - $(use_enable perl) \ - $(use_enable python) \ - $(use_enable sasl cyrus) \ - $(use_enable ssl openssl) \ - $(use_enable tcl) \ - $(use_enable zlib) \ - $(use_with test gtest "${WORKDIR}/googletest-release-${GTEST_VER}") -} - -src_install() { - default - dodoc NOTICE - if use daemon; then - newinitd "${FILESDIR}"/znc.initd-r1 znc - newconfd "${FILESDIR}"/znc.confd-r1 znc - fi - DOC_CONTENTS=$(<"${FILESDIR}/README.gentoo") || die - DISABLE_AUTOFORMATTING=1 - readme.gentoo_create_doc -} - -pkg_postinst() { - readme.gentoo_print_elog - if [[ -d "${EROOT%/}"/etc/znc ]]; then - ewarn "/etc/znc exists on your system." - ewarn "Due to the nature of the contents of that folder," - ewarn "we have changed the default configuration to use" - ewarn " /var/lib/znc" - ewarn "please move /etc/znc to /var/lib/znc" - ewarn "or adjust /etc/conf.d/znc" - fi -} - -pkg_config() { - if use daemon; then - if [[ -e "${EROOT%/}/var/lib/znc" ]]; then - ewarn "${EROOT%/}/var/lib/znc already exists, aborting to avoid damaging" - ewarn "any existing configuration. If you are sure you want" - ewarn "to generate a new configuration, remove the folder" - ewarn "and try again." - else - einfo "Press any key to interactively create a new configuration file" - einfo "for znc." - einfo "To abort, press Control-C" - read - mkdir -p "${EROOT%/}/var/lib/znc" || die - chown -R ${PN}:${PN} "${EROOT%/}/var/lib/znc" || - die "Setting permissions failed" - "${EROOT%/}"/usr/bin/znc --system-wide-config-as ${PN} -c -r -d "${EROOT%/}/var/lib/znc" || - die "Config failed" - echo - einfo "To start znc, run '/etc/init.d/znc start'" - einfo "or add znc to a runlevel:" - einfo " rc-update add znc default" - fi - else - ewarn "To configure znc as a system-wide daemon you have to" - ewarn "enable the 'daemon' use flag." - fi -}
