From: Louis Sautier Date: Sun, 16 Jun 2019 14:01:53 +0000 (+0200) Subject: net-irc/znc: bump 1.7.4_rc1, fixes authenticated RCE CVE-2019-12816 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=f70923983bf75ea5175942f34d9825a2193dc846;p=gentoo.git net-irc/znc: bump 1.7.4_rc1, fixes authenticated RCE CVE-2019-12816 Bug: https://bugs.gentoo.org/688152 Package-Manager: Portage-2.3.67, Repoman-2.3.14 Signed-off-by: Louis Sautier --- diff --git a/net-irc/znc/Manifest b/net-irc/znc/Manifest index 015aae3862b8..c04a8449bb71 100644 --- a/net-irc/znc/Manifest +++ b/net-irc/znc/Manifest @@ -1,2 +1,3 @@ DIST gtest-1.8.1.tar.gz 992298 BLAKE2B 40ef3417fe424205c0617f07207347ce671ac87605f8ac9b8a333b0b06e3fbef9f556041ee324c18f957f3258ab9fe06704f31cdd038355fb7890180eb77ced1 SHA512 e6283c667558e1fd6e49fa96e52af0e415a3c8037afe1d28b7ff1ec4c2ef8f49beb70a9327b7fc77eb4052a58c4ccad8b5260ec90e4bceeac7a46ff59c4369d7 DIST znc-1.7.3.tar.gz 2084575 BLAKE2B 4d8f76abef8bf2c5f96d9bd04716cd2debae2b2fcd3b8688aa715af6ef09e60c2aac203c5c7b32d2f4d56730f30dbbe9abd5eeec4f07e7580900dcb1cd164530 SHA512 4cd63be2cb3bc1e3950f38984b128c6511bd1b9fc01a00d51cfcdc46826c2dedad120d6ed8e30d9c400909e33d39b2b14579fb40ee1e3508b7f3a07eff3a15d8 +DIST znc-1.7.4-rc1.tar.gz 2084722 BLAKE2B cdbc9a6713ecb1261275060b07bfdc16f9edd933bd7337f346c4c2bbf450f1810b5c82f382d31000d3b07fef145279adacf2bdd8518541dbe9ba3a9c4ab972f5 SHA512 49e45732db371159ada2678df1e494a0f4ae9c517f111672ab184e3c5ac60e354a63f7039167a7ca0ca09c300c33b9cc3f9dfc35ba3940f5a70efa35c0089911 diff --git a/net-irc/znc/znc-1.7.4_rc1.ebuild b/net-irc/znc/znc-1.7.4_rc1.ebuild new file mode 100644 index 000000000000..e2a032f9ea5e --- /dev/null +++ b/net-irc/znc/znc-1.7.4_rc1.ebuild @@ -0,0 +1,182 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{5,6,7} ) + +inherit cmake-utils python-single-r1 readme.gentoo-r1 systemd user + +GTEST_VER="1.8.1" +GTEST_URL="https://github.com/google/googletest/archive/${GTEST_VER}.tar.gz -> gtest-${GTEST_VER}.tar.gz" +DESCRIPTION="An advanced IRC Bouncer" + +if [[ ${PV} == *9999* ]]; then + inherit git-r3 + EGIT_REPO_URI=${EGIT_REPO_URI:-"https://github.com/znc/znc.git"} + SRC_URI="" +else + MY_PV=${PV/_/-} + MY_P=${PN}-${MY_PV} + SRC_URI=" + https://znc.in/releases/archive/${MY_P}.tar.gz + test? ( ${GTEST_URL} ) + " + KEYWORDS="~amd64 ~arm ~x86" + S=${WORKDIR}/${MY_P} +fi + +HOMEPAGE="https://znc.in" +LICENSE="Apache-2.0" +SLOT="0" +IUSE="+ipv6 +icu libressl nls perl python +ssl sasl tcl test +zlib" + +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} icu )" + +RDEPEND=" + icu? ( dev-libs/icu:= ) + nls? ( dev-libs/boost:=[nls] ) + perl? ( >=dev-lang/perl-5.10:= ) + python? ( ${PYTHON_DEPS} ) + sasl? ( >=dev-libs/cyrus-sasl-2 ) + ssl? ( + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) + ) + tcl? ( dev-lang/tcl:0= ) + zlib? ( sys-libs/zlib:0= ) +" +DEPEND=" + ${RDEPEND} + virtual/pkgconfig + nls? ( sys-devel/gettext ) + perl? ( >=dev-lang/swig-3.0.0 ) + python? ( >=dev-lang/swig-3.0.0 ) + test? ( dev-qt/qtnetwork:5 ) +" + +PATCHES=( "${FILESDIR}"/${PN}-1.7.1-inttest-dir.patch ) + +pkg_setup() { + if use python; then + python-single-r1_pkg_setup + fi + + enewgroup ${PN} + enewuser ${PN} -1 -1 /var/lib/${PN} ${PN} + # The home directory was previously set to /dev/null + # This caused a bug with the systemd unit + # https://bugs.gentoo.org/521916 + esethome ${PN} /var/lib/${PN} +} + +src_prepare() { + # Let SWIG rebuild modperl/modpython to make user patching easier. + if [[ ${PV} != *9999* ]]; then + rm modules/modperl/generated.tar.gz || die + rm modules/modpython/generated.tar.gz || die + fi + + sed -i -e "s|DZNC_BIN_DIR:path=|DZNC_BIN_DIR:path=${T}/inttest|" \ + test/CMakeLists.txt || die + + cmake-utils_src_prepare +} + +src_configure() { + local mycmakeargs=( + -DWANT_SYSTEMD=yes # Causes -DSYSTEMD_DIR to be used. + -DSYSTEMD_DIR="$(systemd_get_systemunitdir)" + -DWANT_ICU="$(usex icu)" + -DWANT_IPV6="$(usex ipv6)" + -DWANT_I18N="$(usex nls)" + -DWANT_PERL="$(usex perl)" + -DWANT_PYTHON="$(usex python)" + -DWANT_CYRUS="$(usex sasl)" + -DWANT_OPENSSL="$(usex ssl)" + -DWANT_TCL="$(usex tcl)" + -DWANT_ZLIB="$(usex zlib)" + ) + + if [[ ${PV} != *9999* ]] && use test; then + export GTEST_ROOT="${WORKDIR}/googletest-release-${GTEST_VER}/googletest" + export GMOCK_ROOT="${WORKDIR}/googletest-release-${GTEST_VER}/googlemock" + fi + + cmake-utils_src_configure +} + +src_test() { + cmake-utils_src_make unittest + if has network-sandbox ${FEATURES}; then + DESTDIR="${T}/inttest" cmake-utils_src_make install + local filter='-' + if ! use perl; then + filter="${filter}:ZNCTest.Modperl*" + fi + if ! use python; then + filter="${filter}:ZNCTest.Modpython*" + fi + # CMAKE_PREFIX_PATH and CXXFLAGS are needed for znc-buildmod + # invocations from inside the test + GTEST_FILTER="${filter}" ZNC_UNUSUAL_ROOT="${T}/inttest" \ + CMAKE_PREFIX_PATH="${T}/inttest/usr/share/znc/cmake" \ + CXXFLAGS="${CXXFLAGS} -isystem ${T}/inttest/usr/include" \ + cmake-utils_src_make inttest + else + # TODO: don't require sandbox after + # https://github.com/znc/znc/pull/1363 is implemented + ewarn "FEATURES=-network-sandbox; skipping integration tests which" + ewarn "temporary open local ports." + fi +} + +src_install() { + cmake-utils_src_install + + dodoc NOTICE + newinitd "${FILESDIR}"/znc.initd-r2 znc + newconfd "${FILESDIR}"/znc.confd-r1 znc + + DOC_CONTENTS=$(<"${FILESDIR}/README.gentoo-r1") || die + DISABLE_AUTOFORMATTING=1 + readme.gentoo_create_doc +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + readme.gentoo_print_elog + fi + + if [[ -d "${EROOT%/}"/etc/znc ]]; then + ewarn "${EROOT%/}/etc/znc exists on your system." + ewarn "Due to the nature of the contents of that folder," + ewarn "we have changed the default configuration to use" + ewarn " ${EROOT%/}/var/lib/znc" + ewarn "please move ${EROOT%/}/etc/znc to ${EROOT%/}/var/lib/znc" + ewarn "or adjust your service configuration." + fi +} + +pkg_config() { + if [[ -e "${EROOT%/}/var/lib/znc" ]]; then + ewarn "${EROOT%/}/var/lib/znc already exists, aborting to avoid damaging" + ewarn "any existing configuration. If you are sure you want" + ewarn "to generate a new configuration, remove the folder" + ewarn "and try again." + else + einfo "Press enter to interactively create a new configuration file for znc." + einfo "To abort, press Control-C" + read + mkdir -p "${EROOT%/}/var/lib/znc" || die + chown -R ${PN}:${PN} "${EROOT%/}/var/lib/znc" || + die "Setting permissions failed" + start-stop-daemon --start --user ${PN}:${PN} --env ZNC_NO_LAUNCH_AFTER_MAKECONF=1 \ + "${EROOT%/}"/usr/bin/znc -- --makeconf --datadir "${EROOT%/}/var/lib/znc" || + die "Config failed" + einfo + einfo "You can now start the znc service using the init system of your choice." + einfo "Don't forget to enable it if you want to use znc at boot." + fi +}