net-irc/znc: bump 1.7.4_rc1, fixes authenticated RCE CVE-2019-12816
authorLouis Sautier <sbraz@gentoo.org>
Sun, 16 Jun 2019 14:01:53 +0000 (16:01 +0200)
committerLouis Sautier <sbraz@gentoo.org>
Sun, 16 Jun 2019 14:03:24 +0000 (16:03 +0200)
Bug: https://bugs.gentoo.org/688152
Package-Manager: Portage-2.3.67, Repoman-2.3.14
Signed-off-by: Louis Sautier <sbraz@gentoo.org>
net-irc/znc/Manifest
net-irc/znc/znc-1.7.4_rc1.ebuild [new file with mode: 0644]

index 015aae3862b80aa7a5f9ee712b5a3cf1945f6713..c04a8449bb71b181cb1165b566f543df4337b7fb 100644 (file)
@@ -1,2 +1,3 @@
 DIST gtest-1.8.1.tar.gz 992298 BLAKE2B 40ef3417fe424205c0617f07207347ce671ac87605f8ac9b8a333b0b06e3fbef9f556041ee324c18f957f3258ab9fe06704f31cdd038355fb7890180eb77ced1 SHA512 e6283c667558e1fd6e49fa96e52af0e415a3c8037afe1d28b7ff1ec4c2ef8f49beb70a9327b7fc77eb4052a58c4ccad8b5260ec90e4bceeac7a46ff59c4369d7
 DIST znc-1.7.3.tar.gz 2084575 BLAKE2B 4d8f76abef8bf2c5f96d9bd04716cd2debae2b2fcd3b8688aa715af6ef09e60c2aac203c5c7b32d2f4d56730f30dbbe9abd5eeec4f07e7580900dcb1cd164530 SHA512 4cd63be2cb3bc1e3950f38984b128c6511bd1b9fc01a00d51cfcdc46826c2dedad120d6ed8e30d9c400909e33d39b2b14579fb40ee1e3508b7f3a07eff3a15d8
+DIST znc-1.7.4-rc1.tar.gz 2084722 BLAKE2B cdbc9a6713ecb1261275060b07bfdc16f9edd933bd7337f346c4c2bbf450f1810b5c82f382d31000d3b07fef145279adacf2bdd8518541dbe9ba3a9c4ab972f5 SHA512 49e45732db371159ada2678df1e494a0f4ae9c517f111672ab184e3c5ac60e354a63f7039167a7ca0ca09c300c33b9cc3f9dfc35ba3940f5a70efa35c0089911
diff --git a/net-irc/znc/znc-1.7.4_rc1.ebuild b/net-irc/znc/znc-1.7.4_rc1.ebuild
new file mode 100644 (file)
index 0000000..e2a032f
--- /dev/null
@@ -0,0 +1,182 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{5,6,7} )
+
+inherit cmake-utils python-single-r1 readme.gentoo-r1 systemd user
+
+GTEST_VER="1.8.1"
+GTEST_URL="https://github.com/google/googletest/archive/${GTEST_VER}.tar.gz -> gtest-${GTEST_VER}.tar.gz"
+DESCRIPTION="An advanced IRC Bouncer"
+
+if [[ ${PV} == *9999* ]]; then
+       inherit git-r3
+       EGIT_REPO_URI=${EGIT_REPO_URI:-"https://github.com/znc/znc.git"}
+       SRC_URI=""
+else
+       MY_PV=${PV/_/-}
+       MY_P=${PN}-${MY_PV}
+       SRC_URI="
+               https://znc.in/releases/archive/${MY_P}.tar.gz
+               test? ( ${GTEST_URL} )
+       "
+       KEYWORDS="~amd64 ~arm ~x86"
+       S=${WORKDIR}/${MY_P}
+fi
+
+HOMEPAGE="https://znc.in"
+LICENSE="Apache-2.0"
+SLOT="0"
+IUSE="+ipv6 +icu libressl nls perl python +ssl sasl tcl test +zlib"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} icu )"
+
+RDEPEND="
+       icu? ( dev-libs/icu:= )
+       nls? ( dev-libs/boost:=[nls] )
+       perl? ( >=dev-lang/perl-5.10:= )
+       python? ( ${PYTHON_DEPS} )
+       sasl? ( >=dev-libs/cyrus-sasl-2 )
+       ssl? (
+               !libressl? ( dev-libs/openssl:0= )
+               libressl? ( dev-libs/libressl:0= )
+       )
+       tcl? ( dev-lang/tcl:0= )
+       zlib? ( sys-libs/zlib:0= )
+"
+DEPEND="
+       ${RDEPEND}
+       virtual/pkgconfig
+       nls? ( sys-devel/gettext )
+       perl? ( >=dev-lang/swig-3.0.0 )
+       python? ( >=dev-lang/swig-3.0.0 )
+       test? ( dev-qt/qtnetwork:5 )
+"
+
+PATCHES=( "${FILESDIR}"/${PN}-1.7.1-inttest-dir.patch )
+
+pkg_setup() {
+       if use python; then
+               python-single-r1_pkg_setup
+       fi
+
+       enewgroup ${PN}
+       enewuser ${PN} -1 -1 /var/lib/${PN} ${PN}
+       # The home directory was previously set to /dev/null
+       # This caused a bug with the systemd unit
+       # https://bugs.gentoo.org/521916
+       esethome ${PN} /var/lib/${PN}
+}
+
+src_prepare() {
+       # Let SWIG rebuild modperl/modpython to make user patching easier.
+       if [[ ${PV} != *9999* ]]; then
+               rm modules/modperl/generated.tar.gz || die
+               rm modules/modpython/generated.tar.gz || die
+       fi
+
+       sed -i -e "s|DZNC_BIN_DIR:path=|DZNC_BIN_DIR:path=${T}/inttest|" \
+               test/CMakeLists.txt || die
+
+       cmake-utils_src_prepare
+}
+
+src_configure() {
+       local mycmakeargs=(
+               -DWANT_SYSTEMD=yes  # Causes -DSYSTEMD_DIR to be used.
+               -DSYSTEMD_DIR="$(systemd_get_systemunitdir)"
+               -DWANT_ICU="$(usex icu)"
+               -DWANT_IPV6="$(usex ipv6)"
+               -DWANT_I18N="$(usex nls)"
+               -DWANT_PERL="$(usex perl)"
+               -DWANT_PYTHON="$(usex python)"
+               -DWANT_CYRUS="$(usex sasl)"
+               -DWANT_OPENSSL="$(usex ssl)"
+               -DWANT_TCL="$(usex tcl)"
+               -DWANT_ZLIB="$(usex zlib)"
+       )
+
+       if [[ ${PV} != *9999* ]] && use test; then
+               export GTEST_ROOT="${WORKDIR}/googletest-release-${GTEST_VER}/googletest"
+               export GMOCK_ROOT="${WORKDIR}/googletest-release-${GTEST_VER}/googlemock"
+       fi
+
+       cmake-utils_src_configure
+}
+
+src_test() {
+       cmake-utils_src_make unittest
+       if has network-sandbox ${FEATURES}; then
+               DESTDIR="${T}/inttest" cmake-utils_src_make install
+               local filter='-'
+               if ! use perl; then
+                       filter="${filter}:ZNCTest.Modperl*"
+               fi
+               if ! use python; then
+                       filter="${filter}:ZNCTest.Modpython*"
+               fi
+               # CMAKE_PREFIX_PATH and CXXFLAGS are needed for znc-buildmod
+               # invocations from inside the test
+               GTEST_FILTER="${filter}" ZNC_UNUSUAL_ROOT="${T}/inttest" \
+                       CMAKE_PREFIX_PATH="${T}/inttest/usr/share/znc/cmake" \
+                       CXXFLAGS="${CXXFLAGS} -isystem ${T}/inttest/usr/include" \
+                       cmake-utils_src_make inttest
+       else
+               # TODO: don't require sandbox after
+               # https://github.com/znc/znc/pull/1363 is implemented
+               ewarn "FEATURES=-network-sandbox; skipping integration tests which"
+               ewarn "temporary open local ports."
+       fi
+}
+
+src_install() {
+       cmake-utils_src_install
+
+       dodoc NOTICE
+       newinitd "${FILESDIR}"/znc.initd-r2 znc
+       newconfd "${FILESDIR}"/znc.confd-r1 znc
+
+       DOC_CONTENTS=$(<"${FILESDIR}/README.gentoo-r1") || die
+       DISABLE_AUTOFORMATTING=1
+       readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+       if [[ -z "${REPLACING_VERSIONS}" ]]; then
+               # This is a new installation
+               readme.gentoo_print_elog
+       fi
+
+       if [[ -d "${EROOT%/}"/etc/znc ]]; then
+               ewarn "${EROOT%/}/etc/znc exists on your system."
+               ewarn "Due to the nature of the contents of that folder,"
+               ewarn "we have changed the default configuration to use"
+               ewarn " ${EROOT%/}/var/lib/znc"
+               ewarn "please move ${EROOT%/}/etc/znc to ${EROOT%/}/var/lib/znc"
+               ewarn "or adjust your service configuration."
+       fi
+}
+
+pkg_config() {
+       if [[ -e "${EROOT%/}/var/lib/znc" ]]; then
+               ewarn "${EROOT%/}/var/lib/znc already exists, aborting to avoid damaging"
+               ewarn "any existing configuration. If you are sure you want"
+               ewarn "to generate a new configuration, remove the folder"
+               ewarn "and try again."
+       else
+               einfo "Press enter to interactively create a new configuration file for znc."
+               einfo "To abort, press Control-C"
+               read
+               mkdir -p "${EROOT%/}/var/lib/znc" || die
+               chown -R ${PN}:${PN} "${EROOT%/}/var/lib/znc" ||
+                       die "Setting permissions failed"
+               start-stop-daemon --start --user ${PN}:${PN} --env ZNC_NO_LAUNCH_AFTER_MAKECONF=1 \
+                       "${EROOT%/}"/usr/bin/znc -- --makeconf --datadir "${EROOT%/}/var/lib/znc" ||
+                       die "Config failed"
+               einfo
+               einfo "You can now start the znc service using the init system of your choice."
+               einfo "Don't forget to enable it if you want to use znc at boot."
+       fi
+}