mgorny 15/02/19 16:58:38 Modified: ChangeLog Added: xrdp-0.8.0-r1.ebuild Removed: xrdp-0.6.1.ebuild xrdp-0.8.0.ebuild Log: Patch out crypt() NULL return check vulnerability, bug #540630. Remove old. (Portage version: 2.2.17/cvs/Linux x86_64, signed Manifest commit with key EFB4464E!)
Revision Changes Path 1.13 net-misc/xrdp/ChangeLog file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/xrdp/ChangeLog?rev=1.13&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/xrdp/ChangeLog?rev=1.13&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/xrdp/ChangeLog?r1=1.12&r2=1.13 Index: ChangeLog =================================================================== RCS file: /var/cvsroot/gentoo-x86/net-misc/xrdp/ChangeLog,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- ChangeLog 27 Oct 2014 14:33:09 -0000 1.12 +++ ChangeLog 19 Feb 2015 16:58:37 -0000 1.13 @@ -1,6 +1,13 @@ # ChangeLog for net-misc/xrdp -# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/xrdp/ChangeLog,v 1.12 2014/10/27 14:33:09 mgorny Exp $ +# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/xrdp/ChangeLog,v 1.13 2015/02/19 16:58:37 mgorny Exp $ + +*xrdp-0.8.0-r1 (19 Feb 2015) + + 19 Feb 2015; Michał Górny <[email protected]> + +files/xrdp-0.8.0-crypt-null-return.patch, +xrdp-0.8.0-r1.ebuild, + -xrdp-0.6.1.ebuild, -xrdp-0.8.0.ebuild: + Patch out crypt() NULL return check vulnerability, bug #540630. Remove old. 27 Oct 2014; Michał Górny <[email protected]> xrdp-0.6.1.ebuild, xrdp-0.8.0.ebuild: 1.1 net-misc/xrdp/xrdp-0.8.0-r1.ebuild file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/xrdp/xrdp-0.8.0-r1.ebuild?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/xrdp/xrdp-0.8.0-r1.ebuild?rev=1.1&content-type=text/plain Index: xrdp-0.8.0-r1.ebuild =================================================================== # Copyright 1999-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Header: /var/cvsroot/gentoo-x86/net-misc/xrdp/xrdp-0.8.0-r1.ebuild,v 1.1 2015/02/19 16:58:37 mgorny Exp $ EAPI=5 inherit autotools eutils pam systemd DESCRIPTION="An open source Remote Desktop Protocol server" HOMEPAGE="http://www.xrdp.org/"; # mirrored from https://github.com/neutrinolabs/xrdp/releases SRC_URI="http://dev.gentoo.org/~mgorny/dist/${P}.tar.xz"; LICENSE="Apache-2.0" SLOT="0" KEYWORDS="~amd64 ~x86" IUSE="debug fuse kerberos jpeg pam pulseaudio" RDEPEND="dev-libs/openssl:0= x11-libs/libX11:0= x11-libs/libXfixes:0= x11-libs/libXrandr:0= fuse? ( sys-fs/fuse:0= ) jpeg? ( virtual/jpeg:0= ) kerberos? ( virtual/krb5:0= ) pam? ( virtual/pam:0= ) pulseaudio? ( media-sound/pulseaudio:0= )" DEPEND="${RDEPEND} app-arch/xz-utils" RDEPEND="${RDEPEND} || ( net-misc/tigervnc:0=[server,xorgmodule] net-misc/x11rdp:0= )" # does not work with gentoo version of freerdp # neutrinordp? ( net-misc/freerdp:0= ) # incompatible with current ffmpeg/libav (surprising, isn't it?) # xrdpvr? ( virtual/ffmpeg:0= ) src_prepare() { epatch_user # #540630: crypt() unchecked for NULL return epatch "${FILESDIR}"/${P}-crypt-null-return.patch # don't let USE=debug adjust CFLAGS sed -i -e 's:-g -O0::' configure.ac || die # disallow root login by default sed -i -e '/^AllowRootLogin/s/1/0/' sesman/sesman.ini || die # Fedora files, not included here sed -i -e '/EnvironmentFile=/d' instfiles/*.service || die # reorder so that X11rdp comes last again since it's not supported sed -i -e '/^\[xrdp1\]$/,/^$/{wxrdp.ini.tmp ;d}' xrdp/xrdp.ini || die # move newline to the beginning sed -i -e 'x' xrdp.ini.tmp || die cat xrdp.ini.tmp >> xrdp/xrdp.ini || die rm -f xrdp.ini.tmp || die eautoreconf # part of ./bootstrap ln -s ../config.c sesman/tools/config.c || die } src_configure() { use kerberos && use pam \ && ewarn "Both kerberos & pam auth enabled, kerberos will take precedence." local myconf=( # warning: configure.ac is completed flawed --localstatedir="${EPREFIX}"/var # -- authentication backends -- # kerberos is inside !SESMAN_NOPAM conditional for no reason $(use pam || use kerberos || echo --enable-nopam) $(usex kerberos --enable-kerberos '') # pam_userpass is not in Gentoo at the moment #--disable-pamuserpass # -- jpeg support -- $(usex jpeg --enable-jpeg '') # the package supports explicit linking against libjpeg-turbo # (no need for -ljpeg compat) $(use jpeg && has_version 'media-libs/libjpeg-turbo:0' && echo --enable-tjpeg) # -- sound support -- $(usex pulseaudio '--enable-simplesound --enable-loadpulsemodules' '') # -- others -- $(usex debug --enable-xrdpdebug '') $(usex fuse --enable-fuse '') # $(usex neutrinordp --enable-neutrinordp '') # $(usex xrdpvr --enable-xrdpvr '') "$(systemd_with_unitdir)" ) econf "${myconf[@]}" } src_install() { default prune_libtool_files --all # use our pam.d file since upstream's incompatible with Gentoo use pam && newpamd "${FILESDIR}"/xrdp-sesman.pamd xrdp-sesman # and our startwm.sh exeinto /etc/xrdp doexe "${FILESDIR}"/startwm.sh # Fedora stuff rm -r "${ED}"/etc/default || die # own /etc/xrdp/rsakeys.ini : > rsakeys.ini insinto /etc/xrdp doins rsakeys.ini # contributed by Jan Psota <[email protected]> newinitd "${FILESDIR}/${PN}-initd" ${PN} } pkg_preinst() { # either copy existing keys over to avoid CONFIG_PROTECT whining # or generate new keys (but don't include them in binpkg!) if [[ -f ${EROOT}/etc/xrdp/rsakeys.ini ]]; then cp {"${EROOT}","${ED}"}/etc/xrdp/rsakeys.ini || die else einfo "Running xrdp-keygen to generate new rsakeys.ini ..." "${S}"/keygen/xrdp-keygen xrdp "${ED}"/etc/xrdp/rsakeys.ini \ || die "xrdp-keygen failed to generate RSA keys" fi } pkg_postinst() { # check for use of bundled rsakeys.ini (installed by default upstream) if [[ $(cksum "${EROOT}"/etc/xrdp/rsakeys.ini) == '2935297193 1019 '* ]] then ewarn "You seem to be using upstream bundled rsakeys.ini. This means that" ewarn "your communications are encrypted using a well-known key. Please" ewarn "consider regenerating rsakeys.ini using the following command:" ewarn ewarn " ${EROOT}/usr/bin/xrdp-keygen xrdp ${EROOT}/etc/xrdp/rsakeys.ini" ewarn fi elog "Various session types require different backend implementations:" elog "- sesman-Xvnc requires net-misc/tigervnc[server,xorgmodule]" elog "- sesman-X11rdp requires net-misc/x11rdp" }
