[gentoo-commits] repo/gentoo:master commit in: net-analyzer/icinga/, net-analyzer/icinga/files/

2017-12-21 Thread Robin H. Johnson 
commit: 926ea83a6bf896333bdf10a58d240cfb500cb171
Author: Robin H. Johnson  gentoo  org>
AuthorDate: Thu Dec 21 21:56:43 2017 +
Commit: Robin H. Johnson  gentoo  org>
CommitDate: Thu Dec 21 21:56:59 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=926ea83a

net-analyzer/icinga: fix start under grsec

Package-Manager: Portage-2.3.16, Repoman-2.3.6

 net-analyzer/icinga/files/icinga-init.d |   7 +-
 net-analyzer/icinga/icinga-1.14.0-r2.ebuild | 274 
 2 files changed, 279 insertions(+), 2 deletions(-)

diff --git a/net-analyzer/icinga/files/icinga-init.d 
b/net-analyzer/icinga/files/icinga-init.d
index af1f3c5d29e..3a20f31c194 100644
--- a/net-analyzer/icinga/files/icinga-init.d
+++ b/net-analyzer/icinga/files/icinga-init.d
@@ -1,5 +1,5 @@
 #!/sbin/openrc-run
-# Copyright 1999-2012 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 : ${ICINGACFG:=/etc/icinga/icinga.cfg}
@@ -41,9 +41,12 @@ reload()
 }
 
 start_pre() {
-   checkpath -d -o icinga:icinga $(get_config temp_path)  $(dirname 
$(get_config lock_file)) $(dirname $(get_config log_file)) $(dirname 
$(get_config status_file))
+   checkpath -d -o icinga:icinga $(dirname $(get_config lock_file)) 
$(dirname $(get_config log_file)) $(dirname $(get_config status_file))
checkpath -f -o icinga:icinga $(get_config log_file)
rm -f $(get_config command_file)
+   # Temp dir must NOT be group-writable
+   # grsec: denied untrusted exec (due to file in group-writable directory)
+   checkpath -d -o icinga:icinga -m 0750 $(get_config temp_path)
 }
 
 stop_post() {

diff --git a/net-analyzer/icinga/icinga-1.14.0-r2.ebuild 
b/net-analyzer/icinga/icinga-1.14.0-r2.ebuild
new file mode 100644
index 000..681ce94efa8
--- /dev/null
+++ b/net-analyzer/icinga/icinga-1.14.0-r2.ebuild
@@ -0,0 +1,274 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit depend.apache eutils multilib pax-utils toolchain-funcs user 
versionator
+
+DESCRIPTION="Nagios Fork - Check daemon, CGIs, docs, IDOutils"
+HOMEPAGE="http://www.icinga.org/;
+#MY_PV=$(delete_version_separator 3)
+#SRC_URI="mirror://sourceforge/${PN}/${PN}-${MY_PV}.tar.gz"
+#S=${WORKDIR}/${PN}-${MY_PV}
+#SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
+SRC_URI="https://github.com/${PN}/${PN}-core/archive/v${PV}/${P}.tar.gz;
+S="${WORKDIR}/${PN}-core-${PV}"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~hppa ~ppc ~ppc64 ~x86"
+IUSE="+apache2 contrib eventhandler +idoutils lighttpd +mysql perl +plugins 
postgres ssl +vim-syntax +web"
+DEPEND="idoutils? ( dev-db/libdbi-drivers[mysql?,postgres?] )
+   perl? ( dev-lang/perl:= )
+   virtual/mailx
+   web? (
+   media-libs/gd[jpeg,png]
+   lighttpd? ( www-servers/lighttpd )
+   )
+   !net-analyzer/nagios-core"
+RDEPEND="${DEPEND}
+   plugins? ( || (
+   net-analyzer/monitoring-plugins
+   net-analyzer/nagios-plugins
+   ) )"
+RESTRICT="test"
+
+want_apache2
+
+pkg_setup() {
+   depend.apache_pkg_setup
+   enewgroup icinga
+   enewgroup nagios
+   enewuser icinga -1 -1 /var/lib/icinga "icinga,nagios"
+}
+
+src_prepare() {
+   epatch "${FILESDIR}/fix-prestripped-binaries-1.7.0.patch"
+   eapply_user
+}
+
+src_configure() {
+   local myconf
+
+   myconf="$(use_enable perl embedded-perl)
+   $(use_with perl perlcache)
+   $(use_enable idoutils)
+   $(use_enable ssl)
+   --with-cgiurl=/icinga/cgi-bin
+   --with-log-dir=/var/log/icinga
+   --libdir=/usr/$(get_libdir)
+   --bindir=/usr/sbin
+   --sbindir=/usr/$(get_libdir)/icinga/cgi-bin
+   --datarootdir=/usr/share/icinga/htdocs
+   --localstatedir=/var/lib/icinga
+   --sysconfdir=/etc/icinga
+   --with-lockfile=/var/run/icinga/icinga.lock
+   --with-temp-dir=/tmp/icinga
+   --with-temp-file=/tmp/icinga/icinga.tmp"
+
+   if use idoutils ; then
+   myconf+=" --with-ido2db-lockfile=/var/run/icinga/ido2db.lock
+   --with-icinga-chkfile=/var/lib/icinga/icinga.chk
+   --with-ido-sockfile=/var/lib/icinga/ido.sock
+   --with-idomod-tmpfile=/tmp/icinga/idomod.tmp"
+   fi
+
+   if use eventhandler ; then
+   myconfig+=" --with-eventhandler-dir=/etc/icinga/eventhandlers"
+   fi
+
+   if use plugins ; then
+   myconf+=" --with-plugin-dir=/usr/$(get_libdir)/nagios/plugins"
+   else
+   myconf+=" --with-plugin-dir=/usr/$(get_libdir)/nagios/plugins"
+   fi
+
+   if use !apache2 && use !lighttpd ; then
+   myconf+=" --with-command-group=icinga"
+   else
+   if use apache2 ; then
+   myconf+=" --with-httpd-conf=/etc/apache2/conf.d"
+

[gentoo-commits] repo/gentoo:master commit in: net-analyzer/icinga/, net-analyzer/icinga/files/

2015-11-04 Thread Matt Thode 
commit: b0b83ba267a1daadaa6cc671c67cd7bfc09b42bb
Author: Matthew Thode  gentoo  org>
AuthorDate: Wed Nov  4 23:37:36 2015 +
Commit: Matt Thode  gentoo  org>
CommitDate: Wed Nov  4 23:37:36 2015 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b0b83ba2

net-analyzer/icinga: actually fixing bug 564242 CVE-2015-8010

Package-Manager: portage-2.2.20.1

 net-analyzer/icinga/Manifest | 1 +
 net-analyzer/icinga/files/CVE-2015-8010_1.13.3.patch | 0
 net-analyzer/icinga/icinga-1.13.3-r1.ebuild  | 5 +++--
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/net-analyzer/icinga/Manifest b/net-analyzer/icinga/Manifest
index e72df2b..066d121 100644
--- a/net-analyzer/icinga/Manifest
+++ b/net-analyzer/icinga/Manifest
@@ -1 +1,2 @@
+DIST CVE-2015-8010_1.13.3.patch 177807 SHA256 
8ccd8cdf221b8f2aa90ae1e4c76ccc61e7cf7519eadc9482c671502c2138c2a7 SHA512 
bc82e588db33fbb955002cf51ae7b0e40109d4ec3fa6199b046ffbf23b649d74fbdd04c8fb4a5af4cd44301e26f30aa295a9574281c14bc45eec2b9149a6339a
 WHIRLPOOL 
90f3eb3a6ad79337cf9d7fe63e201e313769fea6e3fdf2f2de0b2072b1b21e66d650b632794dcb39b458e7c17449f7fb2d45d678a3b628a467496284f238231d
 DIST icinga-1.13.3.tar.gz 18738204 SHA256 
d6994bcc9e137f6639b781a78a55d29c51d74cdfce7f35c13c47e09f200acd84 SHA512 
babdbb823c6d7241aa67c39c35f67bdf9a4963688b6edd1190af32e056639c1e592791071c90eae3daa44bcb63beee2ff260ce5a0d5e7edb0ed3c99d69ffdaed
 WHIRLPOOL 
6886f98f44cf2aed3b1f2a23d905cbbf5ecf22055ba66d44b44c46942947103863e47e8ba889ba97d98a22f9364946cd3e725563d05df105be519486e2f4857d

diff --git a/net-analyzer/icinga/files/CVE-2015-8010_1.13.3.patch 
b/net-analyzer/icinga/files/CVE-2015-8010_1.13.3.patch
deleted file mode 100644
index e69de29..000

diff --git a/net-analyzer/icinga/icinga-1.13.3-r1.ebuild 
b/net-analyzer/icinga/icinga-1.13.3-r1.ebuild
index 9560c51..6580643 100644
--- a/net-analyzer/icinga/icinga-1.13.3-r1.ebuild
+++ b/net-analyzer/icinga/icinga-1.13.3-r1.ebuild
@@ -12,7 +12,8 @@ HOMEPAGE="http://www.icinga.org/;
 #SRC_URI="mirror://sourceforge/${PN}/${PN}-${MY_PV}.tar.gz"
 #S=${WORKDIR}/${PN}-${MY_PV}
 #SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
-SRC_URI="https://github.com/${PN}/${PN}-core/releases/download/v${PV}/${P}.tar.gz;
+SRC_URI="https://github.com/${PN}/${PN}-core/releases/download/v${PV}/${P}.tar.gz
+   
https://dev.gentoo.org/~prometheanfire/dist/patches/CVEs/CVE-2015-8010_1.13.3.patch;
 
 LICENSE="GPL-2"
 SLOT="0"
@@ -44,7 +45,7 @@ pkg_setup() {
 
 src_prepare() {
epatch "${FILESDIR}/fix-prestripped-binaries-1.7.0.patch"
-   epatch "${FILESDIR}/CVE-2015-8010_1.13.3.patch"
+   epatch "${DISTDIR}/CVE-2015-8010_1.13.3.patch"
 }
 
 src_configure() {