Security fix relating to an unspecified arbitrary file modification vulnerability. Ebuild, init script and systemd service file by Ferenc Erki. Closes bug #537314 by Austin M. Matherne and bug #547964 by Tomas Mozes. Adding Ferenc Erki as proxy maintainer. Removing all vulnerable ebuilds for security bug #551776.

(Portage version: 2.2.20/cvs/Linux x86_64, signed Manifest commit with key 0xB5058F9A)

6 files changed, 120 insertions, 103 deletions

diff --git a/app-misc/elasticsearch/ChangeLog b/app-misc/elasticsearch/ChangeLog
index cf1403482511..481a5f501330 100644
--- a/app-misc/elasticsearch/ChangeLog
+++ b/app-misc/elasticsearch/ChangeLog
@@ -1,6 +1,17 @@
 # ChangeLog for app-misc/elasticsearch
 # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-misc/elasticsearch/ChangeLog,v 1.12 2015/04/01 17:33:46 blueness Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-misc/elasticsearch/ChangeLog,v 1.13 2015/06/11 15:36:30 chainsaw Exp $
+
+*elasticsearch-1.6.0 (11 Jun 2015)
+
+  11 Jun 2015; Tony Vroon <chainsaw@gentoo.org> -elasticsearch-1.4.4.ebuild,
+  -elasticsearch-1.5.0.ebuild, +elasticsearch-1.6.0.ebuild,
+  +files/elasticsearch.init4, +files/elasticsearch.service3, metadata.xml:
+  Security fix relating to an unspecified arbitrary file modification
+  vulnerability. Ebuild, init script and systemd service file by Ferenc Erki.
+  Closes bug #537314 by Austin M. Matherne and bug #547964 by Tomas Mozes.
+  Adding Ferenc Erki as proxy maintainer. Removing all vulnerable ebuilds for
+  security bug #551776.
 
 *elasticsearch-1.5.0 (01 Apr 2015)
 
diff --git a/app-misc/elasticsearch/elasticsearch-1.5.0.ebuild b/app-misc/elasticsearch/elasticsearch-1.5.0.ebuild
deleted file mode 100644
index b7da8703f71e..000000000000
--- a/app-misc/elasticsearch/elasticsearch-1.5.0.ebuild
+++ /dev/null
@@ -1,84 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-misc/elasticsearch/elasticsearch-1.5.0.ebuild,v 1.1 2015/04/01 17:33:46 blueness Exp $
-
-EAPI=5
-
-inherit eutils systemd user
-
-MY_PN="${PN%-bin}"
-DESCRIPTION="Open Source, Distributed, RESTful, Search Engine"
-HOMEPAGE="http://www.elasticsearch.org/"
-SRC_URI="http://download.${MY_PN}.org/${MY_PN}/${MY_PN}/${MY_PN}-${PV}.tar.gz"
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS="~amd64"
-
-RESTRICT="strip"
-QA_PREBUILT="usr/share/elasticsearch/lib/sigar/libsigar-*.so"
-
-RDEPEND="virtual/jre:1.7"
-
-pkg_setup() {
-	enewgroup ${MY_PN}
-	enewuser ${MY_PN} -1 /bin/bash /var/lib/${MY_PN} ${MY_PN}
-}
-
-src_prepare() {
-	rm -rf lib/sigar/*{solaris,winnt,freebsd,macosx}*
-	rm -rf bin/*.{bat,exe}
-	rm lib/sigar/libsigar-ia64-linux.so
-	rm LICENSE.txt
-
-	use amd64 && {
-		rm lib/sigar/libsigar-x86-linux.so
-	}
-
-	use x86 && {
-		rm lib/sigar/libsigar-amd64-linux.so
-	}
-}
-
-src_install() {
-	dodir /etc/${MY_PN}
-
-	insinto /usr/share/doc/${P}/examples
-	doins bin/${MY_PN}.in.sh
-	doins config/*
-	rm bin/${MY_PN}.in.sh
-	rm -rf config
-
-	insinto /usr/share/${MY_PN}
-	doins -r ./*
-	chmod +x "${D}"/usr/share/${MY_PN}/bin/*
-
-	keepdir /var/{lib,log}/${MY_PN}
-
-	local rcscript=elasticsearch.init3
-	local eshome="/usr/share/${MY_PN}"
-	local jarfile="${MY_PN}-${PV}.jar"
-	local esclasspath="${eshome}/lib/${jarfile}:${eshome}/lib/*:${eshome}/lib/sigar/*"
-
-	cp "${FILESDIR}/${rcscript}" "${T}" || die
-	sed -i \
-		-e "s|@ES_CLASS_PATH@|${esclasspath}|" \
-		"${T}/${rcscript}" \
-		|| die "failed to filter ${rcscript}"
-
-	newinitd "${T}/${rcscript}" "${MY_PN}"
-	newconfd "${FILESDIR}/${MY_PN}.conf" "${MY_PN}"
-	systemd_newunit "${FILESDIR}"/${PN}.service2 "${PN}.service"
-}
-
-pkg_postinst() {
-	elog
-	elog "You may create multiple instances of ${MY_PN} by"
-	elog "symlinking the init script:"
-	elog "ln -sf /etc/init.d/${MY_PN} /etc/init.d/${MY_PN}.instance"
-	elog
-	elog "Each of the example files in /usr/share/doc/${P}/examples"
-	elog "should be extracted to the proper configuration directory:"
-	elog "/etc/${MY_PN} (for standard init)"
-	elog "/etc/${MY_PN}/instance (for symlinked init)"
-	elog
-}
diff --git a/app-misc/elasticsearch/elasticsearch-1.4.4.ebuild b/app-misc/elasticsearch/elasticsearch-1.6.0.ebuild
index d545ec1903d1..9eb032f393a8 100644
--- a/app-misc/elasticsearch/elasticsearch-1.4.4.ebuild
+++ b/app-misc/elasticsearch/elasticsearch-1.6.0.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-misc/elasticsearch/elasticsearch-1.4.4.ebuild,v 1.1 2015/03/18 10:07:27 chainsaw Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-misc/elasticsearch/elasticsearch-1.6.0.ebuild,v 1.1 2015/06/11 15:36:30 chainsaw Exp $
 
 EAPI=5
 
@@ -8,8 +8,8 @@ inherit eutils systemd user
 
 MY_PN="${PN%-bin}"
 DESCRIPTION="Open Source, Distributed, RESTful, Search Engine"
-HOMEPAGE="http://www.elasticsearch.org/"
-SRC_URI="http://download.${MY_PN}.org/${MY_PN}/${MY_PN}/${MY_PN}-${PV}.tar.gz"
+HOMEPAGE="https://www.elastic.co/products/elasticsearch"
+SRC_URI="https://download.elastic.co/${MY_PN}/${MY_PN}/${MY_PN}-${PV}.tar.gz"
 LICENSE="Apache-2.0"
 SLOT="0"
 KEYWORDS="~amd64"
@@ -43,9 +43,7 @@ src_install() {
 	dodir /etc/${MY_PN}
 
 	insinto /usr/share/doc/${P}/examples
-	doins bin/${MY_PN}.in.sh
 	doins config/*
-	rm bin/${MY_PN}.in.sh
 	rm -rf config
 
 	insinto /usr/share/${MY_PN}
@@ -54,20 +52,9 @@ src_install() {
 
 	keepdir /var/{lib,log}/${MY_PN}
 
-	local rcscript=elasticsearch.init3
-	local eshome="/usr/share/${MY_PN}"
-	local jarfile="${MY_PN}-${PV}.jar"
-	local esclasspath="${eshome}/lib/${jarfile}:${eshome}/lib/*:${eshome}/lib/sigar/*"
-
-	cp "${FILESDIR}/${rcscript}" "${T}" || die
-	sed -i \
-		-e "s|@ES_CLASS_PATH@|${esclasspath}|" \
-		"${T}/${rcscript}" \
-		|| die "failed to filter ${rcscript}"
-
-	newinitd "${T}/${rcscript}" "${MY_PN}"
+	newinitd "${FILESDIR}/elasticsearch.init4" "${MY_PN}"
 	newconfd "${FILESDIR}/${MY_PN}.conf" "${MY_PN}"
-	systemd_newunit "${FILESDIR}"/${PN}.service2 "${PN}.service"
+	systemd_newunit "${FILESDIR}"/${PN}.service3 "${PN}.service"
 }
 
 pkg_postinst() {
diff --git a/app-misc/elasticsearch/files/elasticsearch.init4 b/app-misc/elasticsearch/files/elasticsearch.init4
new file mode 100644
index 000000000000..7110e584196e
--- /dev/null
+++ b/app-misc/elasticsearch/files/elasticsearch.init4
@@ -0,0 +1,87 @@
+#!/sbin/runscript
+
+name="Elasticsearch"
+description=""
+
+ES_USER=${ES_USER:="elasticsearch"}
+ES_INSTANCE=${SVCNAME#*.}
+
+if [ -n "${ES_INSTANCE}" ] && [ ${SVCNAME} != "elasticsearch" ]; then
+	PIDFILE="/run/elasticsearch/elasticsearch.${ES_INSTANCE}.pid"
+	ES_BASE_PATH="/var/lib/elasticsearch/${ES_INSTANCE}"
+	ES_CONF_PATH="/etc/elasticsearch/${ES_INSTANCE}"
+	ES_LOG_PATH="/var/log/elasticsearch/${ES_INSTANCE}"
+else
+	PIDFILE="/run/elasticsearch/elasticsearch.pid"
+	ES_BASE_PATH="/var/lib/elasticsearch/_default"
+	ES_CONF_PATH="/etc/elasticsearch"
+	ES_LOG_PATH="/var/log/elasticsearch/_default"
+fi
+
+ES_DATA_PATH="${ES_BASE_PATH}/data"
+ES_WORK_PATH="${ES_BASE_PATH}/work"
+
+export ES_INCLUDE="/usr/share/elasticsearch/bin/elasticsearch.in.sh"
+export JAVA_OPTS
+export ES_JAVA_OPTS
+export ES_HEAP_SIZE
+export ES_HEAP_NEWSIZE
+export ES_DIRECT_SIZE
+export ES_USE_IPV4
+
+server_command="/usr/share/elasticsearch/bin/elasticsearch"
+server_args=" -p ${PIDFILE} -Des.default.path.conf=\"${ES_CONF_PATH}\" -Des.default.path.data=\"${ES_DATA_PATH}\" -Des.default.path.work=\"${ES_WORK_PATH}\" -Des.default.path.logs=\"${ES_LOG_PATH}\""
+
+depend() {
+	use net
+}
+
+start() {
+	# elasticsearch -Des.config=/path/to/config/file
+	# elasticsearch -Des.network.host=10.0.0.4
+	
+	[ ! -f "${ES_INCLUDE}" ] && {
+		eerror "${ES_INCLUDE} must be copied into place"
+		return 1
+	}
+
+	local conf
+	local conf_file
+	for conf in elasticsearch.yml logging.yml; do
+		conf_file="${ES_CONF_PATH}/${conf}"
+		if [ ! -f "${conf_file}" ]; then
+			eerror "${conf_file} must be copied into place"
+			return 1
+		fi
+	done
+
+	ebegin "Starting ${SVCNAME}"
+
+	if [ -n "${ES_MAX_FD}" ]; then
+		ulimit -n ${ES_MAX_FD}
+		einfo "Max open filedescriptors  : ${ES_MAX_FD}"
+	fi
+
+	checkpath -d -o "${ES_USER}" -m750 "/var/lib/elasticsearch"
+	checkpath -d -o "${ES_USER}" -m750 "/var/log/elasticsearch"
+	checkpath -d -o "${ES_USER}" -m750 "$(dirname "${PIDFILE}")"
+	checkpath -d -o "${ES_USER}" -m750 "${ES_BASE_PATH}"
+	checkpath -d -o "${ES_USER}" -m750 "${ES_LOG_PATH}"
+	
+	start-stop-daemon --start \
+		--background \
+		--chdir "${ES_BASE_PATH}" \
+		--user="${ES_USER}" \
+		--pidfile="${PIDFILE}" \
+		--exec ${server_command} -- ${server_args}
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping ${SVCNAME}"
+	start-stop-daemon --stop \
+		--pidfile=${PIDFILE} \
+		--user="${ES_USER}" \
+		--retry=TERM/20/KILL/5
+	eend $?
+}
diff --git a/app-misc/elasticsearch/files/elasticsearch.service3 b/app-misc/elasticsearch/files/elasticsearch.service3
new file mode 100644
index 000000000000..c5aa7179f73f
--- /dev/null
+++ b/app-misc/elasticsearch/files/elasticsearch.service3
@@ -0,0 +1,11 @@
+[Unit]
+Description=Elasticsearch
+After=network.target
+
+[Service]
+User=elasticsearch
+Environment=ES_INCLUDE=/usr/share/elasticsaerch/bin/elasticsearch.in.sh
+ExecStart=/usr/share/elasticsearch/bin/elasticsearch -Des.default.path.conf=/etc/elasticsearch
+
+[Install]
+WantedBy=multi-user.target
diff --git a/app-misc/elasticsearch/metadata.xml b/app-misc/elasticsearch/metadata.xml
index 3ed4669f55a4..c3eb101d09bc 100644
--- a/app-misc/elasticsearch/metadata.xml
+++ b/app-misc/elasticsearch/metadata.xml
@@ -2,6 +2,11 @@
 <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
   <maintainer>
+    <email>erkiferenc@gmail.com</email>
+    <name>Ferenc Erki</name>
+    <description>Proxy maintaining through chainsaw</description>
+  </maintainer>
+  <maintainer>
     <email>chainsaw@gentoo.org</email>
     <name>Tony Vroon</name>
   </maintainer>