summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Volkov <pva@gentoo.org>2011-06-14 11:42:16 +0000
committerPeter Volkov <pva@gentoo.org>2011-06-14 11:42:16 +0000
commitfd1a6ab2ed8b19d4941fa9a224ab12bfa2672da0 (patch)
treecba0e122e8bcaa6e343f23e28caffc9702986d98 /net-im/ejabberd
parentAdded missed mkfontdir to DEPEND, bug #371231 thank Piotr Szymaniak for report. (diff)
downloadgentoo-2-fd1a6ab2ed8b19d4941fa9a224ab12bfa2672da0.tar.gz
gentoo-2-fd1a6ab2ed8b19d4941fa9a224ab12bfa2672da0.tar.bz2
gentoo-2-fd1a6ab2ed8b19d4941fa9a224ab12bfa2672da0.zip
Version bump, fixes security bug #370201 thank Federico Cuello for report. Fix permissions of ssl certificate, but #369809 thank Gavin Pryke for the patch.
(Portage version: 2.1.10.3/cvs/Linux x86_64)
Diffstat (limited to 'net-im/ejabberd')
-rw-r--r--net-im/ejabberd/ChangeLog9
-rw-r--r--net-im/ejabberd/ejabberd-2.1.8.ebuild214
2 files changed, 222 insertions, 1 deletions
diff --git a/net-im/ejabberd/ChangeLog b/net-im/ejabberd/ChangeLog
index 796c276bc357..d27ff42185ac 100644
--- a/net-im/ejabberd/ChangeLog
+++ b/net-im/ejabberd/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for net-im/ejabberd
# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-im/ejabberd/ChangeLog,v 1.93 2011/03/25 11:18:22 tomka Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-im/ejabberd/ChangeLog,v 1.94 2011/06/14 11:42:16 pva Exp $
+
+*ejabberd-2.1.8 (14 Jun 2011)
+
+ 14 Jun 2011; Peter Volkov <pva@gentoo.org> +ejabberd-2.1.8.ebuild:
+ Version bump, fixes security bug #370201 thank Federico Cuello for report.
+ Fix permissions of ssl certificate, but #369809 thank Gavin Pryke for the
+ patch.
25 Mar 2011; Thomas Kahle <tomka@gentoo.org> ejabberd-2.1.6.ebuild:
x86 stable per bug 359961
diff --git a/net-im/ejabberd/ejabberd-2.1.8.ebuild b/net-im/ejabberd/ejabberd-2.1.8.ebuild
new file mode 100644
index 000000000000..5258d77b1145
--- /dev/null
+++ b/net-im/ejabberd/ejabberd-2.1.8.ebuild
@@ -0,0 +1,214 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-im/ejabberd/ejabberd-2.1.8.ebuild,v 1.1 2011/06/14 11:42:16 pva Exp $
+
+EAPI=4
+
+inherit eutils multilib pam ssl-cert
+
+DESCRIPTION="The Erlang Jabber Daemon"
+HOMEPAGE="http://www.ejabberd.im/"
+SRC_URI="http://www.process-one.net/downloads/${PN}/${PV}/${P}.tar.gz
+ mod_statsdx? ( mirror://gentoo/ejabberd-mod_statsdx-1080.patch.gz )"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~ia64 ~ppc ~sparc ~x86"
+EJABBERD_MODULES="mod_irc mod_muc mod_proxy65 mod_pubsub mod_statsdx"
+IUSE="captcha debug ldap odbc pam +web zlib ${EJABBERD_MODULES}"
+
+DEPEND=">=net-im/jabber-base-0.01
+ >=dev-libs/expat-1.95
+ >=dev-lang/erlang-12.2.5[ssl]
+ odbc? ( dev-db/unixODBC )
+ ldap? ( =net-nds/openldap-2* )
+ >=dev-libs/openssl-0.9.8e
+ captcha? ( media-gfx/imagemagick[truetype,png] )
+ zlib? ( sys-libs/zlib )"
+#>=sys-apps/shadow-4.1.4.2-r3 - fixes bug in su that made ejabberdctl unworkable.
+RDEPEND="${DEPEND}
+ >=sys-apps/shadow-4.1.4.2-r3
+ pam? ( virtual/pam )"
+
+S=${WORKDIR}/${P}/src
+
+# paths in net-im/jabber-base
+JABBER_ETC="${EPREFIX}/etc/jabber"
+#JABBER_RUN="/var/run/jabber"
+JABBER_SPOOL="${EPREFIX}/var/spool/jabber"
+JABBER_LOG="${EPREFIX}/var/log/jabber"
+JABBER_DOC="${EPREFIX}/usr/share/doc/${PF}"
+
+src_prepare() {
+ if use mod_statsdx; then
+ ewarn "mod_statsdx is not a part of upstream tarball but is a third-party module"
+ ewarn "taken from here: http://www.ejabberd.im/mod_stats2file"
+ epatch "${WORKDIR}/2.1.1-mod_statsdx.patch"
+ fi
+
+ # don't install release notes (we'll do this manually)
+ sed '/install .* [.][.]\/doc\/[*][.]txt $(DOCDIR)/d' -i Makefile.in || die
+ # Set correct paths
+ sed -e "/^EJABBERDDIR[[:space:]]*=/{s:ejabberd:${PF}:}" \
+ -e "/^ETCDIR[[:space:]]*=/{s:@sysconfdir@/ejabberd:${JABBER_ETC}:}" \
+ -e "/^LOGDIR[[:space:]]*=/{s:@localstatedir@/log/ejabberd:${JABBER_LOG}:}" \
+ -e "/^SPOOLDIR[[:space:]]*=/{s:@localstatedir@/lib/ejabberd:${JABBER_SPOOL}:}" \
+ -i Makefile.in || die
+ sed -e "/EJABBERDDIR=/{s:ejabberd:${PF}:}" \
+ -e "s|\(ETCDIR=\)@SYSCONFDIR@.*|\1${JABBER_ETC}|" \
+ -e "s|\(LOGS_DIR=\)@LOCALSTATEDIR@.*|\1${JABBER_LOG}|" \
+ -e "s|\(SPOOLDIR=\)@LOCALSTATEDIR@.*|\1${JABBER_SPOOL}|" \
+ -i ejabberdctl.template || die
+
+ # Set shell, so it'll work even in case jabber user have no shell
+ # This is gentoo specific I guess since other distributions may have
+ # ejabberd user with reall shell, while we share this user among different
+ # jabberd implementations.
+ sed '/^HOME/aSHELL=/bin/sh' -i ejabberdctl.template || die
+ sed '/^export HOME/aexport SHELL' -i ejabberdctl.template || die
+
+ #sed -e "s:/share/doc/ejabberd/:${JABBER_DOC}:" -i web/ejabberd_web_admin.erl
+
+ # fix up the ssl cert paths in ejabberd.cfg to use our cert
+ sed -e "s:/path/to/ssl.pem:/etc/ssl/ejabberd/server.pem:g" \
+ -i ejabberd.cfg.example || die "Failed sed ejabberd.cfg.example"
+
+ # correct path to captcha script in default ejabberd.cfg
+ sed -e 's|\({captcha_cmd,[[:space:]]*"\).\+"}|\1/usr/'$(get_libdir)'/erlang/lib/'${P}'/priv/bin/captcha.sh"}|' \
+ -i ejabberd.cfg.example || die "Failed sed ejabberd.cfg.example"
+
+ # disable mod_irc in ejabberd.cfg
+ if ! use mod_irc; then
+ sed -i -e "s/{mod_irc,/%{mod_irc,/" \
+ -i ejabberd.cfg.example || die "Failed to disable mod_irc"
+ fi
+
+}
+
+src_configure() {
+ econf \
+ --docdir="${EPREFIX}/usr/share/doc/${PF}/html" \
+ --libdir="${EPREFIX}/usr/$(get_libdir)/erlang/lib/" \
+ $(use_enable mod_irc) \
+ $(use_enable ldap eldap) \
+ $(use_enable mod_muc) \
+ $(use_enable mod_proxy65) \
+ $(use_enable mod_pubsub) \
+ $(use_enable web) \
+ $(use_enable odbc) \
+ $(use_enable zlib ejabberd_zlib) \
+ $(use_enable pam) \
+ --enable-user=jabber
+}
+
+src_compile() {
+ emake $(use debug && echo debug=true ejabberd_debug=true) || die "compiling ejabberd core failed"
+}
+
+src_install() {
+ emake DESTDIR="${ED}" install || die "install failed"
+
+ # Pam helper module permissions
+ # http://www.process-one.net/docs/ejabberd/guide_en.html
+ if use pam; then
+ pamd_mimic_system xmpp auth account || die "Cannot create pam.d file"
+ fowners root:jabber "/usr/$(get_libdir)/erlang/lib/${PF}/priv/bin/epam" || die
+ fperms 4750 "/usr/$(get_libdir)/erlang/lib/${PF}/priv/bin/epam" || die "Cannot adjust epam permissions"
+ fi
+
+ cd "${WORKDIR}/${P}/doc"
+ dodoc "release_notes_${PV%%_rc*}.txt" || die
+
+ #dodir /var/lib/ejabberd
+ newinitd "${FILESDIR}/${PN}-3.initd" ${PN} || die "Cannot install init.d script"
+ newconfd "${FILESDIR}/${PN}-3.confd" ${PN} || die "Cannot install conf.d file"
+}
+
+pkg_postinst() {
+ elog "For configuration instructions, please see"
+ elog "/usr/share/doc/${PF}/html/guide.html, or the online version at"
+ elog "http://www.process-one.net/en/ejabberd/docs/guide_en/"
+
+ if ! use web ; then
+ ewarn
+ ewarn "The web USE flag is off, this has disabled the web admin interface."
+ ewarn
+ fi
+
+ elog
+ elog '===================================================================='
+ elog 'Quick Start Guide:'
+ elog '1) Add output of `hostname -f` to /etc/jabber/ejabberd.cfg line 91'
+ elog ' {hosts, ["localhost", "thehost"]}.'
+ elog '2) Add an admin user to /etc/jabber/ejabberd.cfg line 360'
+ elog ' {acl, admin, {user, "theadmin", "thehost"}}.'
+ elog '3) Start the server'
+ elog ' # /etc/init.d/ejabberd start'
+ elog '4) Register the admin user'
+ elog ' # /usr/sbin/ejabberdctl register theadmin thehost thepassword'
+ elog '5) Log in with your favourite jabber client or using the web admin'
+
+ # Upgrading from ejabberd-2.0.x:
+ if grep -E '^[^#]*EJABBERD_NODE=' "${EROOT}/etc/conf.d/ejabberd" >/dev/null 2>&1; then
+ source "${EROOT}/etc/conf.d/ejabberd"
+ ewarn
+ ewarn "!!! WARNING !!! WARNING !!! WARNING !!! WARNING !!!"
+ ewarn "Starting with 2.1.x some paths and configuration files were"
+ ewarn "changed to reflect upstream intentions better. Notable changes are:"
+ ewarn
+ ewarn "1. Everything (even init scripts) is now handled with ejabberdctl script."
+ ewarn "Thus main configuration file became /etc/jabberd/ejabberdctl.cfg"
+ ewarn "You must update ERLANG_NODE there with the value of EJABBERD_NODE"
+ ewarn "from /etc/conf.d/ejebberd or ejabberd will refuse to start."
+ ewarn
+ ewarn "2. SSL certificate is now generated with ssl-cert eclass and resides"
+ ewarn "at standard location: /etc/ssl/ejabberd/server.pem."
+ ewarn
+ ewarn "3. Cookie now resides at /var/spool/jabber/.erlang.cookie"
+ ewarn
+ ewarn "4. /var/log/jabber/sasl.log is now /var/log/jabber/erlang.log"
+ ewarn
+ ewarn "5. Crash dumps (if any) will be located at /var/log/jabber"
+
+ local i ctlcfg new_ctlcfg
+ i=0
+ ctlcfg=${EROOT}/etc/jabber/ejabberdctl.cfg
+ while :; do
+ new_ctlcfg=$(printf "${EROOT}/etc/jabber/._cfg%04d_ejabberdctl.cfg" ${i})
+ [[ ! -e ${new_ctlcfg} ]] && break
+ ctlcfg=${new_ctlcfg}
+ ((i++))
+ done
+
+ ewarn
+ ewarn "Updating ${ctlcfg} (debug: ${new_ctlcfg})"
+ sed -e "/#ERLANG_NODE=/aERLANG_NODE=$EJABBERD_NODE" "${ctlcfg}" > "${new_ctlcfg}" || die
+
+ if [[ -e ${EROOT}/var/run/jabber/.erlang.cookie ]]; then
+ ewarn "Moving .erlang.cookie..."
+ if [[ -e ${EROOT}/var/spool/jabber/.erlang.cookie ]]; then
+ mv -v "${EROOT}"/var/spool/jabber/.erlang.cookie{,bak}
+ fi
+ mv -v "${EROOT}"/var/{run/jabber,spool/jabber}/.erlang.cookie
+ fi
+ ewarn
+ ewarn "We'll try to handle upgrade automagically but, please, do your"
+ ewarn "own checks and do not forget to run 'etc-update'!"
+ ewarn "PLEASE! Run 'etc-update' now!"
+ fi
+
+ SSL_ORGANIZATION="${SSL_ORGANIZATION:-Ejabberd XMPP Server}"
+ install_cert /etc/ssl/ejabberd/server
+ # Fix ssl cert permissions bug #369809
+ chown root:jabber "${EROOT}/etc/ssl/ejabberd/server.pem"
+ chmod 0440 "${EROOT}/etc/ssl/ejabberd/server.pem"
+ if [[ -e ${EROOT}/etc/jabber/ssl.pem ]]; then
+ ewarn
+ ewarn "The location of SSL certificates has changed. If you are"
+ ewarn "upgrading from ${CATEGORY}/${PN}-2.0.5* or earlier you might"
+ ewarn "want to move your old certificates from /etc/jabber into"
+ ewarn "/etc/ssl/ejabberd/, update config files and"
+ ewarn "rm /etc/jabber/ssl.pem to avoid this message."
+ ewarn
+ fi
+}