fix for DoS

author: Gustavo Felisberto <humpback@gentoo.org> 2004-09-20 15:50:53 +0000
committer: Gustavo Felisberto <humpback@gentoo.org> 2004-09-20 15:50:53 +0000
commit: c0d10ce914e6da899ee0472c5886fb439b7682e6 (patch)
tree: 39c6b85d0e10a32fcb16d4d0a21b90cd400ebaa4 /net-im
parent: Stable on amd64 GLSA bug #63996 (diff)
download: historical-c0d10ce914e6da899ee0472c5886fb439b7682e6.tar.gz
historical-c0d10ce914e6da899ee0472c5886fb439b7682e6.tar.bz2
historical-c0d10ce914e6da899ee0472c5886fb439b7682e6.zip
4 files changed, 197 insertions, 6 deletions
diff --git a/net-im/jabberd/ChangeLog b/net-im/jabberd/ChangeLog
index 5623d2815077..f395eb98e322 100644
--- a/net-im/jabberd/ChangeLog
+++ b/net-im/jabberd/ChangeLog
@@ -1,10 +1,17 @@
 # ChangeLog for net-im/jabberd
 # Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-im/jabberd/ChangeLog,v 1.37 2004/09/01 13:38:06 humpback Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-im/jabberd/ChangeLog,v 1.38 2004/09/20 15:50:53 humpback Exp $
+
+*jabberd-1.4.3-r4 (20 Sep 2004)
+
+  20 Sep 2004; Gustavo Felisberto <humpback@gentoo.org>;
+  +jabberd-1.4.3-r4.ebuild:
+  Bumping version with fix for DoS attack. See bug #64741 for more info. Thanks
+  to justin-gentoo at openaether.org for bringing this to our attention.
 
   01 Sep 2004; Gustavo Felisberto <humpback@gentoo.org>;
   jabberd-2.0-r1.ebuild:
-  Fixing new away that configure receives parameters, closes bug 61896
+  Fixing new way that configure receives parameters, closes bug 61896
 
 *jabberd-2.0-r1 (12 Aug 2004)
 
diff --git a/net-im/jabberd/Manifest b/net-im/jabberd/Manifest
index 205177041438..5009a67860ef 100644
--- a/net-im/jabberd/Manifest
+++ b/net-im/jabberd/Manifest
@@ -1,11 +1,12 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
-MD5 b33f80b5508a780a359739bfcf9f0d0b ChangeLog 5866
+MD5 26ed27ff291d9983ef7bf07f2fadba96 ChangeLog 6137
 MD5 dc6c6a998ae507cbfdf00a40e4805ef7 jabberd-2.0-r1.ebuild 4845
 MD5 609148cca96d0710152b6b09cb438184 jabberd-1.4.3-r3.ebuild 5389
 MD5 3722bebc05427c4b5f7df97ffc8b1563 jabberd-2.0.ebuild 4914
 MD5 073710b6dd1869d3930f8f2e857341e8 metadata.xml 411
+MD5 f19e36aaa54244e18480fee0902aa516 jabberd-1.4.3-r4.ebuild 5590
 MD5 1a325b6068e591bc222376a7d70f6e17 files/README.Gentoo 984
 MD5 4ea516e4527dd2de19281709704238ee files/jabber.rc6-r7 1842
 MD5 c0945b1bc206e13be453cd2c1bb7e3f1 files/digest-jabberd-1.4.3-r3 129
@@ -20,10 +21,11 @@ MD5 6ec1c588cf732d89e8bc7b5864842ab9 files/self-cert.sh 494
 MD5 92ba69168d2fb8c1384e8e13e03dcbc2 files/xdb-ldap.xml 985
 MD5 a8408aaabc3453cfd3cbe3df1a65f67e files/xml-stream-patch-00 726
 MD5 feebb4b71e7f3e5a30adf1234cd9b1d4 files/digest-jabberd-2.0-r1 65
+MD5 264b9719c0773f480ee42d8a61c34d0a files/digest-jabberd-1.4.3-r4 201
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.2.4 (GNU/Linux)
 
-iD8DBQFBNd7GKSoOBZY9iUIRAkbcAKCDpoGnQdlNaDkOrt/8LiPU4lmMjACfdgPh
-ea+rB5jvAUyI7/gZ9DcqX/s=
-=3cku
+iD8DBQFBTv1VKSoOBZY9iUIRAhQHAJ9KgR1P4j0JO8a1muzyaTJIkMwwiwCgl5OB
+rieJC6BuNana6vuEvsrSczM=
+=isZR
 -----END PGP SIGNATURE-----
diff --git a/net-im/jabberd/files/digest-jabberd-1.4.3-r4 b/net-im/jabberd/files/digest-jabberd-1.4.3-r4
new file mode 100644
index 000000000000..2348a4a5114e
--- /dev/null
+++ b/net-im/jabberd/files/digest-jabberd-1.4.3-r4
@@ -0,0 +1,3 @@
+MD5 a3e964d6fa07b5d850302ae0512f94c6 jabberd-1.4.3.tar.gz 258016
+MD5 293c77245963b21e73f17fbde4aec200 jabberd-1.4.3-extexpat.diff 309514
+MD5 373f0f780c725cc06c824e322fc694ff xdb_ldap-1.0.tar.gz 112204
diff --git a/net-im/jabberd/jabberd-1.4.3-r4.ebuild b/net-im/jabberd/jabberd-1.4.3-r4.ebuild
new file mode 100644
index 000000000000..48cf71be2298
--- /dev/null
+++ b/net-im/jabberd/jabberd-1.4.3-r4.ebuild
@@ -0,0 +1,179 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-im/jabberd/jabberd-1.4.3-r4.ebuild,v 1.1 2004/09/20 15:50:53 humpback Exp $
+
+inherit eutils
+
+S="${WORKDIR}/jabberd-${PV}"
+DESCRIPTION="Open Source Jabber Server"
+HOMEPAGE="http://www.jabber.org"
+SRC_URI="http://jabberd.jabberstudio.org/1.4/dist/jabberd-${PV}.tar.gz
+	http://www.gentoo-pt.org/~humpback/jabberd-1.4.3-extexpat.diff
+	ldap? ( http://www.jabberstudio.org/files/xdb_ldap/xdb_ldap-1.0.tar.gz )"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="x86 ~ppc hppa ~sparc"
+IUSE="ssl ldap ipv6 msn oscar yahoo icq"
+
+DEPEND="!net-im/jabber-server
+	=dev-libs/pth-1.4.0
+	ssl? ( >=dev-libs/openssl-0.9.6i )
+	ldap? ( =net-nds/openldap-2* )"
+
+PDEPEND="msn? ( net-im/msn-transport )
+		 oscar? ( net-im/aim-transport )
+		 yahoo? ( net-im/yahoo-transport )
+		 icq? ( net-im/jit )"
+
+src_unpack() {
+	unpack jabberd-${PV}.tar.gz
+	cd ${S}
+	use ldap	&& unpack xdb_ldap-1.0.tar.gz
+	epatch ${FILESDIR}/multiple-xml-patch-00
+	epatch ${FILESDIR}/multiple-xml-patch-01
+	#Patch for extexpat DoS http://www.jabber.org/pipermail/jadmin/2004-September/018046.html
+	epatch ${DISTDIR}/jabberd-1.4.3-extexpat.diff
+	mv jabber.xml multiple.xml
+}
+
+src_compile() {
+	# These can cause problems with certain configure scripts used...
+	unset LC_ALL LC_CTYPE
+
+
+	local myconf
+	cd ${S}
+	use ssl && myconf="--enable-ssl"
+	use ipv6 && myconf="${myconf} --enable-ipv6"
+
+	mv jabberd/jabberd.c jabberd/jabberd.c.orig
+	sed 's:pstrdup(jabberd__runtime,HOME):"/var/spool/jabber":' jabberd/jabberd.c.orig > jabberd/jabberd.c
+	rm -f jabberd/jabberd.c.orig
+	./configure ${myconf} || die
+	make || die
+
+	if use ldap; then
+		cd ${S}/xdb_ldap/src
+		make all || die
+	fi
+}
+
+src_install() {
+	insinto /etc/conf.d ; newins ${FILESDIR}/jabber-conf.d jabber
+	exeinto /etc/init.d ; newexe ${FILESDIR}/jabber.rc6-r7 jabber
+	dodir /usr/sbin /etc/jabber /usr/lib/jabberd /var/log/jabber /usr/include/jabberd
+	touch ${D}/var/log/jabber/error.log
+	touch ${D}/var/log/jabber/record.log
+	dodir /var/spool/jabber
+	keepdir /var/spool/jabber/
+	keepdir /var/log/jabber/
+	dodir /var/run
+
+	exeinto /usr/sbin
+	doexe jabberd/jabberd
+	insinto /usr/lib/jabberd
+	doins platform-settings
+	doins jsm/jsm.so
+	doins xdb_file/xdb_file.so
+	doins pthsock/pthsock_client.so
+	doins dnsrv/dnsrv.so
+	doins dialback/dialback.so
+	if use ldap; then
+		insinto /etc/jabber
+		doins xdb_ldap/jabber.schema
+		doins xdb_ldap/slapd.conf
+		doins config/xdb-ldap.xml
+		insinto /usr/lib/jabberd
+		doins xdb_ldap/src/xdb_ldap.so
+	fi
+	insinto /etc/jabber
+	doins multiple.xml
+	exeinto /etc/jabber
+	doexe ${FILESDIR}/self-cert.sh
+
+	local test_group=`grep ^jabber: /etc/group | cut -d: -f1`
+	if [ -z $test_group ]
+	then
+		enewgroup jabber
+	fi
+
+	local test_user=`grep ^jabber: /etc/passwd | cut -d: -f1`
+	if [ -z $test_user ]
+	then
+		enewuser jabber -1 /bin/false /var/spool/jabber jabber
+	fi
+
+	dodoc README UPGRADE ${FILESDIR}/README.Gentoo
+
+	fowners jabber:jabber /etc/jabber
+	fowners jabber:jabber /usr/sbin/jabberd
+	fowners jabber:jabber /var/log/jabber
+	fowners jabber:jabber /var/log/jabber/error.log
+	fowners jabber:jabber /var/log/jabber/record.log
+	fowners jabber:jabber /var/spool/jabber
+
+	fperms o-rwx /etc/jabber
+	fperms o-rwx /usr/sbin/jabberd
+	fperms o-rwx /var/log/jabber
+	fperms o-rwx /var/log/jabber/error.log
+	fperms o-rwx /var/log/jabber/record.log
+	fperms o-rwx /var/spool/jabber
+	fperms u+rwx /usr/sbin/jabberd
+
+	fperms g-x /etc/jabber
+	fperms g-x /usr/sbin/jabberd
+	fperms g-x /var/log/jabber
+	fperms g-x /var/log/jabber/error.log
+	fperms g-x /var/log/jabber/record.log
+	fperms g-x /var/spool/jabber
+
+	fperms g+rw /etc/jabber
+	fperms g+rw /usr/sbin/jabberd
+	fperms g+rw /var/log/jabber
+	fperms g+rw /var/log/jabber/error.log
+	fperms g+rw /var/log/jabber/record.log
+	fperms g+rw /var/spool/jabber
+	fperms u+xs /usr/sbin/jabberd
+
+	#Install header files for transports to use
+	cd ${S}/jabberd
+	tar cf - `find . -name \*.h` | (cd ${D}/usr/include/jabberd ; tar xvf -)
+	assert "Failed to install header files to /usr/include/jabberd"
+}
+
+pkg_postinst() {
+
+	einfo
+	einfo "Change 'localhost' to your server's domainname in the"
+	einfo "/etc/jabber/*.xml configs first"
+	einfo "Server admins should be added to the "jabber" group"
+	if use ssl; then
+		einfo
+		einfo "To enable SSL connections, execute /etc/jabber/self-cert.sh"
+	fi
+	if use ldap; then
+		einfo
+		einfo "In order to use the ldap backend, you need to copy"
+		einfo "the file /etc/jabber/jabber.schema into the /etc/openldap/schemas"
+		einfo "directory on your ldap server. You will also need to"
+		einfo "include the schema in your slapd.conf file and retsart openldap."
+		einfo "An example slapd.conf file is included in /etc/jabber."
+		einfo "The xdb_ldap backend expects your ldap server to handle"
+		einfo "StartTLS or run in ldaps mode."
+	fi
+	einfo
+	einfo "The various IM transports for jabber are now separate packages,"
+	einfo "which you will need to install separately if you want them:"
+	einfo "net-im/jit - ICQ transport (You can use aim-transport for icq but JIT is better)"
+	einfo "net-im/msn-transport - MSN transport (USE=msn)"
+	einfo "net-im/jud - Jabber User Directory"
+	einfo "net-im/yahoo-transport - Yahoo IM system (USE=yahoo)"
+	einfo "net-im/aim-transport - AOL transport (USE=oscar)"
+	einfo "net-im/mu-conference - Jabber multi user conference"
+	einfo
+	einfo "Please read /usr/share/doc/${PF}/README.Gentoo.gz"
+	einfo
+	ewarn "If upgrading from older version please stop jabberd BEFORE updating the init.d"
+	ewarn "script, or you will end with a \"dead\" server."
+}
author	Gustavo Felisberto <humpback@gentoo.org>	2004-09-20 15:50:53 +0000
committer	Gustavo Felisberto <humpback@gentoo.org>	2004-09-20 15:50:53 +0000
commit	c0d10ce914e6da899ee0472c5886fb439b7682e6 (patch)
tree	39c6b85d0e10a32fcb16d4d0a21b90cd400ebaa4 /net-im
parent	Stable on amd64 GLSA bug #63996 (diff)
download	historical-c0d10ce914e6da899ee0472c5886fb439b7682e6.tar.gz historical-c0d10ce914e6da899ee0472c5886fb439b7682e6.tar.bz2 historical-c0d10ce914e6da899ee0472c5886fb439b7682e6.zip