commit: ef2959f12a4402bf6050d6b5f4c07447d8aba5ac Author: John Helmert III <jchelmert3 <AT> posteo <DOT> net> AuthorDate: Wed Jul 22 17:04:39 2020 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Wed Jul 22 18:46:47 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ef2959f1
net-misc/hylafaxplus: Security cleanup Bug: https://bugs.gentoo.org/730290 Package-Manager: Portage-3.0.0, Repoman-2.3.23 Signed-off-by: John Helmert III <jchelmert3 <AT> posteo.net> Closes: https://github.com/gentoo/gentoo/pull/16781 Signed-off-by: Sam James <sam <AT> gentoo.org> net-misc/hylafaxplus/Manifest | 2 - .../hylafaxplus/files/hylafax-cryptglibc.patch | 98 ------------ net-misc/hylafaxplus/hylafaxplus-5.5.5.ebuild | 177 --------------------- net-misc/hylafaxplus/hylafaxplus-5.6.1.ebuild | 162 ------------------- 4 files changed, 439 deletions(-) diff --git a/net-misc/hylafaxplus/Manifest b/net-misc/hylafaxplus/Manifest index 51882b7cd3d..22ece946d03 100644 --- a/net-misc/hylafaxplus/Manifest +++ b/net-misc/hylafaxplus/Manifest @@ -1,3 +1 @@ -DIST hylafax-5.5.5.tar.gz 1353495 BLAKE2B e1b41a5cf5502ad28467625495171c085f43f4352b73bfd633da851a1366502aca04a157790ad4a7f3d634a6adbb5dab4c1eeb294283352e9eedaf03c565cb42 SHA512 ee6225ae044c567093103f35c30d848db757636c1d8db78e8f7cb43eb01ea34ab229a81ca4175e2bf30d3c87b598d5b5797b7d92b0dc852bf4b69c697baca8cf -DIST hylafax-5.6.1.tar.gz 1370677 BLAKE2B bd93d54f2c3e2c5c4c33617a0d95569c82bcbd32f669fb2ea513b86e112a5743ae6b4ddc8d43f3bd4af6006517e8787392c84bf60e715c104ddb0d819b22985a SHA512 c86c33dc9e8feec4e265156fa3bbda18cf187feeef5c812ff3d3c7857de048a688bb979fcd3494ee8fe58a004a384a2a161d05245c86d0c304311d63f62a9eb1 DIST hylafax-7.0.2.tar.gz 1393586 BLAKE2B cbf99f91a0aa07783dd30e76ce8416b2933240d4bf829220909000519f9c9e14a324163707c14504848ba71e7c1ee7d98455f06bb040c2c50c1493d0138122aa SHA512 ea68404ad79e798b29450683eaa927e73033e0fa8160b803a3e2c9000df487c81193cc8fc0c1187477f5e1b2e26eec1c065ebc17e0be82e9a3e3758b1b5b5e4e diff --git a/net-misc/hylafaxplus/files/hylafax-cryptglibc.patch b/net-misc/hylafaxplus/files/hylafax-cryptglibc.patch deleted file mode 100644 index dbfc8bac539..00000000000 --- a/net-misc/hylafaxplus/files/hylafax-cryptglibc.patch +++ /dev/null @@ -1,98 +0,0 @@ -diff -urN hylafax-5.5.4/hfaxd/Login.c++ hylafax-5.5.4-libc217/hfaxd/Login.c++ ---- hylafax-5.5.4/hfaxd/Login.c++ 2013-08-07 01:23:35.000000000 +0200 -+++ hylafax-5.5.4-libc217/hfaxd/Login.c++ 2013-11-13 12:56:02.000000000 +0100 -@@ -30,9 +30,6 @@ - #include <ctype.h> - #include <fcntl.h> - #include <pwd.h> --#if HAS_CRYPT_H --#include <crypt.h> --#endif - - void - HylaFAXServer::loginRefused(const char* why) -@@ -434,7 +431,7 @@ - /* - * Check hosts.hfaxd first, then PAM, and last, LDAP - */ -- if (pass[0] == '\0' || !(strcmp(crypt(pass, passWd), passWd) == 0 || -+ if (pass[0] == '\0' || !(strcmp(Sys::crypt(pass, passWd), passWd) == 0 || - pamCheck(the_user, pass) || - ldapCheck(the_user,pass))) - { -@@ -513,7 +510,7 @@ - { - fxAssert(IS(LOGGEDIN), "ADMIN command permitted when not logged in"); - // NB: null adminWd is permitted -- if ((strcmp(crypt(pass, adminWd), adminWd) != 0) && !pamIsAdmin()) { -+ if ((strcmp(Sys::crypt(pass, adminWd), adminWd) != 0) && !pamIsAdmin()) { - if (++adminAttempts >= maxAdminAttempts) { - reply(530, "Password incorrect (closing connection)."); - logNotice("Repeated admin failures from %s [%s]" -diff -urN hylafax-5.5.4/hfaxd/SNPPServer.c++ hylafax-5.5.4-libc217/hfaxd/SNPPServer.c++ ---- hylafax-5.5.4/hfaxd/SNPPServer.c++ 2013-08-07 01:23:35.000000000 +0200 -+++ hylafax-5.5.4-libc217/hfaxd/SNPPServer.c++ 2013-11-13 12:55:42.000000000 +0100 -@@ -36,9 +36,6 @@ - #include "RE.h" - - #include <ctype.h> --#if HAS_CRYPT_H --#include <crypt.h> --#endif - - extern "C" { - #include <netdb.h> -@@ -1003,7 +1000,7 @@ - - if (checkUser(loginID)) { - if (passWd != "") { -- if (pass[0] == '\0' || !(streq(crypt(pass, passWd), passWd) || pamCheck(the_user, pass))) { -+ if (pass[0] == '\0' || !(streq(Sys::crypt(pass, passWd), passWd) || pamCheck(the_user, pass))) { - if (++loginAttempts >= maxLoginAttempts) { - reply(421, "Login incorrect (closing connection)."); - logNotice("Repeated SNPP login failures for user %s from %s [%s]" -diff -urN hylafax-5.5.4/hfaxd/User.c++ hylafax-5.5.4-libc217/hfaxd/User.c++ ---- hylafax-5.5.4/hfaxd/User.c++ 2013-08-07 01:23:35.000000000 +0200 -+++ hylafax-5.5.4-libc217/hfaxd/User.c++ 2013-11-13 12:55:19.000000000 +0100 -@@ -30,9 +30,6 @@ - - #include <ctype.h> - #include <pwd.h> --#if HAS_CRYPT_H --#include <crypt.h> --#endif - #include <math.h> - - #ifndef CHAR_BIT -@@ -374,7 +371,7 @@ - #else - to64(&salt[0], random(), 2); - #endif -- result = crypt(pass, salt); -+ result = Sys::crypt(pass, salt); - return (true); - } - -diff -urN hylafax-5.5.4/util/Sys.h hylafax-5.5.4-libc217/util/Sys.h ---- hylafax-5.5.4/util/Sys.h 2013-08-07 01:23:35.000000000 +0200 -+++ hylafax-5.5.4-libc217/util/Sys.h 2013-11-13 12:56:26.000000000 +0100 -@@ -44,6 +44,10 @@ - #include <osfcn.h> - #endif - -+#if HAS_CRYPT_H -+#include <crypt.h> -+#endif -+ - /* - * Wrapper functions for C library calls. - * -@@ -140,5 +144,8 @@ - { return ::fopen(filename, mode); } - - static int getOpenMax(); -+ -+ static const char* crypt(const char* key, const char* salt) -+ { const char* enc = ::crypt(key, salt); return enc ? enc : ""; } - }; - #endif /* _Sys_ */ diff --git a/net-misc/hylafaxplus/hylafaxplus-5.5.5.ebuild b/net-misc/hylafaxplus/hylafaxplus-5.5.5.ebuild deleted file mode 100644 index e1d8b5510a8..00000000000 --- a/net-misc/hylafaxplus/hylafaxplus-5.5.5.ebuild +++ /dev/null @@ -1,177 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="5" -inherit eutils multilib pam toolchain-funcs - -MY_PN="${PN/plus/}" -MY_P="${MY_PN}-${PV}" - -DESCRIPTION="Enterprise client-server fax package for class 1 and 2 fax modems" -HOMEPAGE="http://hylafax.sourceforge.net"; -SRC_URI="mirror://sourceforge/hylafax/${MY_P}.tar.gz" - -SLOT="0" -LICENSE="hylafaxplus" -KEYWORDS="amd64 x86" - -IUSE="jbig html ldap mgetty pam" - -DEPEND=" - >=sys-libs/zlib-1.1.4 - app-text/ghostscript-gpl - virtual/mta - media-libs/tiff:0[jbig?] - virtual/jpeg:0 - jbig? ( media-libs/jbigkit ) - virtual/awk - ldap? ( net-nds/openldap ) - pam? ( sys-libs/pam ) - mgetty? ( net-dialup/mgetty[-fax] ) - !net-dialup/mgetty[fax] -" -RDEPEND="${DEPEND} - net-mail/metamail - !net-dialup/sendpage -" - -S="${WORKDIR}/${MY_P}" - -export CONFIG_PROTECT="${CONFIG_PROTECT} /var/spool/fax/etc /usr/lib/fax" - -src_prepare() { - epatch "${FILESDIR}/ldconfig-patch" - epatch "${FILESDIR}/hylafax-cryptglibc.patch" - - # force it not to strip binaries - for dir in etc util faxalter faxcover faxd faxmail faxrm faxstat \ - hfaxd sendfax sendpage ; do - sed -i -e "s:-idb:-idb \"nostrip\" -idb:g" \ - "${dir}"/Makefile.in || die "sed failed" - done - - sed -i -e "s:hostname:hostname -f:g" util/{faxrcvd,pollrcvd}.sh.in || die "sed on hostname failed" - - # Respect LDFLAGS(at least partially) - sed -i -e "/^LDFLAGS/s/LDOPTS}/LDOPTS} ${LDFLAGS}/" defs.in || die "sed on defs.in failed" - - sed -i -e "s|-fpic|-fPIC|g" \ - configure || die - - epatch_user -} - -src_configure() { - do_configure() { - echo ./configure --nointeractive ${1} - # eval required for quoting in ${my_conf} to work properly, better way? - eval ./configure --nointeractive ${1} || die "./configure failed" - } - local my_conf=" - --with-DIR_BIN=/usr/bin - --with-DIR_SBIN=/usr/sbin - --with-DIR_LIB=/usr/$(get_libdir) - --with-DIR_LIBEXEC=/usr/sbin - --with-DIR_LIBDATA=/usr/$(get_libdir)/fax - --with-DIR_LOCALE=/usr/share/locale - --with-DIR_LOCKS=/var/lock - --with-DIR_MAN=/usr/share/man - --with-DIR_SPOOL=/var/spool/fax - --with-DIR_HTML=/usr/share/doc/${P}/html - --with-DIR_CGI="${WORKDIR}" - --with-PATH_DPSRIP=/var/spool/fax/bin/ps2fax - --with-PATH_IMPRIP=\"\" - --with-SYSVINIT=no - --with-REGEX=yes - --with-LIBTIFF=\"-ltiff -ljpeg -lz\" - --with-OPTIMIZER=\"${CFLAGS}\" - --with-DSO=auto - --with-HTML=$(usex html)" - - if use mgetty; then - my_conf="${my_conf} \ - --with-PATH_GETTY=/sbin/mgetty \ - --with-PATH_EGETTY=/sbin/mgetty \ - --with-PATH_VGETTY=/usr/sbin/vgetty" - else - # GETTY defaults to /sbin/agetty - my_conf="${my_conf} \ - --with-PATH_EGETTY=/bin/false \ - --with-PATH_VGETTY=/bin/false" - fi - - #--enable-pam isn't valid - use pam || my_conf="${my_conf} $(use_enable pam)" - use ldap || my_conf="${my_conf} $(use_enable ldap)" - use jbig || my_conf="${my_conf} $(use_enable jbig)" - - tc-export CC CXX AR RANLIB - - do_configure "${my_conf}" -} - -src_compile() { - # Parallel building is borked - emake -j1 -} - -src_install() { - dodir /usr/{bin,sbin} /usr/$(get_libdir)/fax /usr/share/man - dodir /var/spool /var/spool/recvq /var/spool/fax - fowners uucp:uucp /var/spool/fax - fperms 0600 /var/spool/fax - dodir "/usr/share/doc/${P}/samples" - - emake DESTDIR="${D}" \ - BIN="${D}/usr/bin" \ - SBIN="${D}/usr/sbin" \ - LIBDIR="${D}/usr/$(get_libdir)" \ - LIB="${D}/usr/$(get_libdir)" \ - LIBEXEC="${D}/usr/sbin" \ - LIBDATA="${D}/usr/$(get_libdir)/fax" \ - DIR_LOCALE="${D}/usr/share/locale" \ - MAN="${D}/usr/share/man" \ - SPOOL="${D}/var/spool/fax" \ - HTMLDIR="${D}/usr/share/doc/${PF}/html" \ - install - - keepdir /var/spool/fax/{archive,client,etc,pollq,recvq,tmp} - keepdir /var/spool/fax/{status,sendq,log,info,doneq,docq,dev} - - generate_files # in this case, it only generates the env.d entry - - einfo "Adding env.d entry for ${PN}" - doenvd "${T}/99${PN}" - - newconfd "${FILESDIR}/${PN}-conf" ${PN} - newinitd "${FILESDIR}/${PN}-init" ${PN} - - use pam && pamd_mimic_system ${MY_PN} auth account session - - dodoc CONTRIBUTORS README TODO - docinto samples -} - -pkg_postinst() { - elog - elog "The faxonly USE flag has been removed; since ${PN} does not" - elog "require mgetty, and certain fax files conflict, you must build" - elog "mgetty without fax support if you wish to use them both. You" - elog "may want to add both to package.use so any future updates are" - elog "correctly built:" - elog - elog " net-dialup/mgetty -fax" - elog " net-misc/hylafax [-mgetty|mgetty]" - elog - elog "See the docs and man pages for detailed configuration info." - elog - elog "Now run faxsetup and (if necessary) faxaddmodem." - elog -} - -generate_files() { - cat <<-EOF > "${T}/99${PN}" - PATH="/var/spool/fax/bin" - CONFIG_PROTECT="/var/spool/fax/etc /usr/$(get_libdir)/fax" - EOF -} diff --git a/net-misc/hylafaxplus/hylafaxplus-5.6.1.ebuild b/net-misc/hylafaxplus/hylafaxplus-5.6.1.ebuild deleted file mode 100644 index 6a3be949d08..00000000000 --- a/net-misc/hylafaxplus/hylafaxplus-5.6.1.ebuild +++ /dev/null @@ -1,162 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 -inherit pam toolchain-funcs - -MY_PN="${PN/plus/}" -MY_P="${MY_PN}-${PV}" - -DESCRIPTION="Enterprise client-server fax package for class 1 and 2 fax modems" -HOMEPAGE="http://hylafax.sourceforge.net"; -SRC_URI="mirror://sourceforge/hylafax/${MY_P}.tar.gz" - -SLOT="0" -LICENSE="hylafaxplus" -KEYWORDS="~amd64 ~x86" -IUSE="jbig html lcms ldap mgetty pam" - -DEPEND=" - >=sys-libs/zlib-1.1.4 - app-text/ghostscript-gpl - virtual/mta - media-libs/tiff:0[jbig?] - virtual/jpeg:0 - jbig? ( media-libs/jbigkit ) - virtual/awk - lcms? ( media-libs/lcms ) - ldap? ( net-nds/openldap ) - pam? ( sys-libs/pam ) - mgetty? ( net-dialup/mgetty[-fax] ) - !net-dialup/mgetty[fax] -" -RDEPEND="${DEPEND} - net-mail/metamail - !net-dialup/sendpage -" - -S="${WORKDIR}/${MY_P}" - -export CONFIG_PROTECT="${CONFIG_PROTECT} /var/spool/fax/etc /usr/lib/fax" -export CONFIG_PROTECT_MASK="${CONFIG_PROTECT_MASK} /var/spool/fax/etc/xferfaxlog" - -PATCHES=( "${FILESDIR}/ldconfig-patch" ) - -src_prepare() { - default - - # force it not to strip binaries - for dir in etc util faxalter faxcover faxd faxmail faxrm faxstat \ - hfaxd sendfax sendpage ; do - sed -i -e "s:-idb:-idb \"nostrip\" -idb:g" \ - "${dir}"/Makefile.in || die "sed failed" - done - - sed -i -e "s:hostname:hostname -f:g" util/{faxrcvd,pollrcvd}.sh.in || die "sed on hostname failed" - - # Respect LDFLAGS(at least partially) - sed -i -e "/^LDFLAGS/s/LDOPTS}/LDOPTS} ${LDFLAGS}/" defs.in || die "sed on defs.in failed" - - sed -i -e "s|-fpic|-fPIC|g" \ - configure || die -} - -src_configure() { - do_configure() { - echo ./configure --nointeractive ${1} - # eval required for quoting in ${my_conf} to work properly, better way? - eval ./configure --nointeractive ${1} || die "./configure failed" - } - local my_conf=" - --with-DIR_BIN=/usr/bin - --with-DIR_SBIN=/usr/sbin - --with-DIR_LIB=/usr/$(get_libdir) - --with-DIR_LIBEXEC=/usr/sbin - --with-DIR_LIBDATA=/usr/$(get_libdir)/fax - --with-DIR_LOCALE=/usr/share/locale - --with-DIR_LOCKS=/var/lock - --with-DIR_MAN=/usr/share/man - --with-DIR_SPOOL=/var/spool/fax - --with-DIR_HTML=/usr/share/doc/${P}/html - --with-DIR_CGI="${WORKDIR}" - --with-PATH_DPSRIP=/var/spool/fax/bin/ps2fax - --with-PATH_IMPRIP=\"\" - --with-SYSVINIT=no - --with-REGEX=yes - --with-LIBTIFF=\"-ltiff -ljpeg -lz\" - --with-OPTIMIZER=\"${CFLAGS}\" - --with-DSO=auto - --with-HTML=$(usex html)" - - if use mgetty; then - my_conf="${my_conf} \ - --with-PATH_GETTY=/sbin/mgetty \ - --with-PATH_EGETTY=/sbin/mgetty \ - --with-PATH_VGETTY=/usr/sbin/vgetty" - else - # GETTY defaults to /sbin/agetty - my_conf="${my_conf} \ - --with-PATH_EGETTY=/bin/false \ - --with-PATH_VGETTY=/bin/false" - fi - - #--enable-pam isn't valid - use pam || my_conf="${my_conf} $(use_enable pam)" - use lcms || my_conf="${my_conf} $(use_enable lcms)" - use ldap || my_conf="${my_conf} $(use_enable ldap)" - use jbig || my_conf="${my_conf} $(use_enable jbig)" - - tc-export CC CXX AR RANLIB - - do_configure "${my_conf}" -} - -src_compile() { - # Parallel building is borked, bug #???? - emake -j1 -} - -src_install() { - dodir /usr/{bin,sbin} /usr/$(get_libdir)/fax /usr/share/man - dodir /var/spool /var/spool/fax - fowners uucp:uucp /var/spool/fax - fperms 0600 /var/spool/fax - dodir "/usr/share/doc/${P}/samples" - - emake DESTDIR="${D}" \ - BIN="${D}/usr/bin" \ - SBIN="${D}/usr/sbin" \ - LIBDIR="${D}/usr/$(get_libdir)" \ - LIB="${D}/usr/$(get_libdir)" \ - LIBEXEC="${D}/usr/sbin" \ - LIBDATA="${D}/usr/$(get_libdir)/fax" \ - DIR_LOCALE="${D}/usr/share/locale" \ - MAN="${D}/usr/share/man" \ - SPOOL="${D}/var/spool/fax" \ - HTMLDIR="${D}/usr/share/doc/${PF}/html" \ - install - - keepdir /var/spool/fax/{archive,client,etc,pollq,recvq,tmp} - keepdir /var/spool/fax/{status,sendq,log,info,doneq,docq,dev} - - generate_files # in this case, it only generates the env.d entry - - einfo "Adding env.d entry for ${PN}" - doenvd "${T}/99${PN}" - - newconfd "${FILESDIR}/${PN}-conf" ${PN} - newinitd "${FILESDIR}/${PN}-init" ${PN} - - use pam && pamd_mimic_system ${MY_PN} auth account session - - einstalldocs - docinto samples -} - -generate_files() { - cat <<-EOF > "${T}/99${PN}" - PATH="/var/spool/fax/bin" - CONFIG_PROTECT="/var/spool/fax/etc /usr/$(get_libdir)/fax" - CONFIG_PROTECT_MASK="/var/spool/fax/etc/xferfaxlog" - EOF -}
