summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Weber <xmw@gentoo.org>2012-06-02 18:04:48 +0000
committerMichael Weber <xmw@gentoo.org>2012-06-02 18:04:48 +0000
commit73d915948ce0575e0c043f6da3d12c88847edffd (patch)
tree839dc327e903c98926f659b4090d8f70466b86fe /sys-power/nut
parentVersion bump (diff)
downloadgentoo-2-73d915948ce0575e0c043f6da3d12c88847edffd.tar.gz
gentoo-2-73d915948ce0575e0c043f6da3d12c88847edffd.tar.bz2
gentoo-2-73d915948ce0575e0c043f6da3d12c88847edffd.zip
Version bump (bug 406099, thanks Matthew Stapleton and Guillaume Castagnino). Include ubuntus CVE-2012-2944.patch to fix bug 419377.
(Portage version: 2.1.10.63/cvs/Linux x86_64)
Diffstat (limited to 'sys-power/nut')
-rw-r--r--sys-power/nut/ChangeLog9
-rw-r--r--sys-power/nut/files/nut-2.6.3-CVE-2012-2944.patch21
-rw-r--r--sys-power/nut/nut-2.6.3.ebuild221
3 files changed, 250 insertions, 1 deletions
diff --git a/sys-power/nut/ChangeLog b/sys-power/nut/ChangeLog
index 7c61ef37e668..cd094df67bda 100644
--- a/sys-power/nut/ChangeLog
+++ b/sys-power/nut/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for sys-power/nut
# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-power/nut/ChangeLog,v 1.97 2012/05/24 05:46:03 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-power/nut/ChangeLog,v 1.98 2012/06/02 18:04:48 xmw Exp $
+
+*nut-2.6.3 (02 Jun 2012)
+
+ 02 Jun 2012; Michael Weber <xmw@gentoo.org> +nut-2.6.3.ebuild,
+ +files/nut-2.6.3-CVE-2012-2944.patch:
+ Version bump (bug 406099, thanks Matthew Stapleton and Guillaume Castagnino).
+ Include ubuntus CVE-2012-2944.patch to fix bug 419377.
24 May 2012; Mike Frysinger <vapier@gentoo.org> nut-2.6.0-r1.ebuild,
nut-2.6.2.ebuild:
diff --git a/sys-power/nut/files/nut-2.6.3-CVE-2012-2944.patch b/sys-power/nut/files/nut-2.6.3-CVE-2012-2944.patch
new file mode 100644
index 000000000000..9debd3b9da3f
--- /dev/null
+++ b/sys-power/nut/files/nut-2.6.3-CVE-2012-2944.patch
@@ -0,0 +1,21 @@
+Origin: http://trac.networkupstools.org/projects/nut/changeset/3633
+Description: Fix CVE-2012-2944: upsd can be remotely crashed
+
+Index: nut-2.6.3/common/parseconf.c
+===================================================================
+--- nut-2.6.3.orig/common/parseconf.c 2011-10-04 02:06:25.000000000 -0500
++++ nut-2.6.3/common/parseconf.c 2012-05-30 13:29:41.000000000 -0500
+@@ -171,6 +171,13 @@
+
+ wbuflen = strlen(ctx->wordbuf);
+
++ /* CVE-2012-2944: only allow the subset Ascii charset from Space to ~ */
++ if ((ctx->ch < 0x20) || (ctx->ch > 0x7f)) {
++ fprintf(stderr, "addchar: discarding invalid character (0x%02x)!\n",
++ ctx->ch);
++ return;
++ }
++
+ if (ctx->wordlen_limit != 0) {
+ if (wbuflen >= ctx->wordlen_limit) {
+
diff --git a/sys-power/nut/nut-2.6.3.ebuild b/sys-power/nut/nut-2.6.3.ebuild
new file mode 100644
index 000000000000..e2ca69500a99
--- /dev/null
+++ b/sys-power/nut/nut-2.6.3.ebuild
@@ -0,0 +1,221 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-power/nut/nut-2.6.3.ebuild,v 1.1 2012/06/02 18:04:48 xmw Exp $
+
+EAPI=2
+inherit autotools bash-completion eutils fixheadtails multilib user
+
+MY_P=${P/_/-}
+
+DESCRIPTION="Network-UPS Tools"
+HOMEPAGE="http://www.networkupstools.org/"
+# Nut mirrors are presently broken
+SRC_URI="http://random.networkupstools.org/source/${PV%.*}/${MY_P}.tar.gz
+ http://www.networkupstools.org/source/${PV%.*}/${MY_P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE="avahi cgi snmp usb ssl tcpd xml"
+
+RDEPEND="avahi? ( net-dns/avahi )
+ cgi? ( >=media-libs/gd-2[png] )
+ snmp? ( net-analyzer/net-snmp )
+ usb? ( virtual/libusb:0 )
+ ssl? ( >=dev-libs/openssl-1 )
+ tcpd? ( sys-apps/tcp-wrappers )
+ xml? ( >=net-libs/neon-0.25.0 )
+ >=sys-fs/udev-114"
+DEPEND="$RDEPEND
+ >=sys-apps/sed-4
+ virtual/pkgconfig"
+
+S=${WORKDIR}/${MY_P}
+
+# public files should be 644 root:root
+NUT_PUBLIC_FILES="/etc/nut/{ups,upssched}.conf"
+# private files should be 640 root:nut - readable by nut, writeable by root,
+NUT_PRIVATE_FILES="/etc/nut/{upsd.conf,upsd.users,upsmon.conf}"
+# public files should be 644 root:root, only installed if USE=cgi
+NUT_CGI_FILES="/etc/nut/{{hosts,upsset}.conf,upsstats{,-single}.html}"
+
+pkg_setup() {
+ enewgroup nut 84
+ enewuser nut 84 -1 /var/lib/nut nut,uucp
+ # As of udev-104, NUT must be in uucp and NOT in tty.
+ gpasswd -d nut tty 2>/dev/null
+ gpasswd -a nut uucp 2>/dev/null
+ # in some cases on old systems it wasn't in the nut group either!
+ gpasswd -a nut nut 2>/dev/null
+ warningmsg ewarn
+}
+
+src_prepare() {
+ ht_fix_file configure.in
+
+ epatch "${FILESDIR}"/${PN}-2.4.1-no-libdummy.patch
+ epatch "${FILESDIR}"/${PN}-2.6.2-lowspeed-buffer-size.patch
+ epatch "${FILESDIR}"/${PN}-2.6.3-CVE-2012-2944.patch
+
+ sed -e "s:GD_LIBS.*=.*-L/usr/X11R6/lib \(.*\) -lXpm -lX11:GD_LIBS=\"\1:" \
+ -i configure.in || die
+
+ sed -e "s:52.nut-usbups.rules:70-nut-usbups.rules:" \
+ -i scripts/udev/Makefile.am || die
+
+ rm -f ltmain.sh m4/lt* m4/libtool.m4
+
+ sed -i \
+ -e 's:@LIBSSL_LDFLAGS@:@LIBSSL_LIBS@:' \
+ lib/libupsclient{.pc,-config}.in || die #361685
+
+ eautoreconf
+}
+
+src_configure() {
+ local myconf
+
+ if [ -n "${NUT_DRIVERS}" ]; then
+ myconf="${myconf} --with-drivers=${NUT_DRIVERS// /,}"
+ fi
+
+ use cgi && myconf="${myconf} --with-cgipath=/usr/share/nut/cgi"
+
+ # TODO: USE flag for sys-power/powerman
+ econf \
+ --sysconfdir=/etc/nut \
+ --datarootdir=/usr/share/nut \
+ --datadir=/usr/share/nut \
+ --disable-static \
+ --with-dev \
+ $(use_with usb) \
+ --without-hal \
+ $(use_with snmp) \
+ $(use_with xml neon) \
+ --without-powerman \
+ $(use_with ssl) \
+ $(use_with tcpd wrap) \
+ $(use_with cgi) \
+ $(use_with avahi) \
+ --with-statepath=/var/lib/nut \
+ --with-drvpath=/$(get_libdir)/nut \
+ --with-htmlpath=/usr/share/nut/html \
+ --with-user=nut \
+ --with-group=nut \
+ --with-logfacility=LOG_DAEMON \
+ ${myconf}
+}
+
+src_install() {
+ emake DESTDIR="${D}" install || die
+
+ find "${D}" -name '*.la' -exec rm -f {} +
+
+ dodir /sbin
+ dosym /$(get_libdir)/nut/upsdrvctl /sbin/upsdrvctl
+ # This needs to exist for the scripts
+ dosym /$(get_libdir)/nut/upsdrvctl /usr/sbin/upsdrvctl
+
+ if use cgi; then
+ elog "CGI monitoring scripts are installed in /usr/share/nut/cgi."
+ elog "copy them to your web server's ScriptPath to activate (this is a"
+ elog "change from the old location)."
+ elog "If you use lighttpd, see lighttpd_nut.conf in the documentation."
+ fi
+
+ # this must be done after all of the install phases
+ for i in "${D}"/etc/nut/*.sample ; do
+ mv "${i}" "${i/.sample/}"
+ done
+
+ dodoc AUTHORS ChangeLog docs/*.txt MAINTAINERS NEWS README TODO UPGRADING || die
+
+ newdoc lib/README README.lib || die
+ newdoc "${FILESDIR}"/lighttpd_nut.conf-2.2.0 lighttpd_nut.conf || die
+
+ docinto cables
+ dodoc docs/cables/* || die
+
+ newinitd "${FILESDIR}"/nut-2.2.2-init.d-upsd upsd || die
+ newinitd "${FILESDIR}"/nut-2.2.2-init.d-upsdrv upsdrv || die
+ newinitd "${FILESDIR}"/nut-2.2.2-init.d-upsmon upsmon || die
+ newinitd "${FILESDIR}"/nut.powerfail.initd nut.powerfail || die
+
+ keepdir /var/lib/nut
+
+ einfo "Setting up permissions on files and directories"
+ fperms 0700 /var/lib/nut
+ fowners nut:nut /var/lib/nut
+
+ # Do not remove eval here, because the variables contain shell expansions.
+ eval fperms 0640 ${NUT_PRIVATE_FILES}
+ eval fowners root:nut ${NUT_PRIVATE_FILES}
+
+ # Do not remove eval here, because the variables contain shell expansions.
+ eval fperms 0644 ${NUT_PUBLIC_FILES}
+ eval fowners root:root ${NUT_PUBLIC_FILES}
+
+ # Do not remove eval here, because the variables contain shell expansions.
+ if use cgi; then
+ eval fperms 0644 ${NUT_CGI_FILES}
+ eval fowners root:root ${NUT_CGI_FILES}
+ fi
+
+ # this is installed for 2.4 and fbsd guys
+ if ! has_version sys-fs/udev; then
+ einfo "Installing non-udev hotplug support"
+ insinto /etc/hotplug/usb
+ insopts -m 755
+ doins scripts/hotplug/nut-usbups.hotplug
+ fi
+
+ dobashcompletion "${S}"/scripts/misc/nut.bash_completion
+}
+
+pkg_postinst() {
+ # this is to ensure that everybody that installed old versions still has
+ # correct permissions
+
+ chown nut:nut "${ROOT}"/var/lib/nut 2>/dev/null
+ chmod 0700 "${ROOT}"/var/lib/nut 2>/dev/null
+
+ # Do not remove eval here, because the variables contain shell expansions.
+ eval chown root:nut "${ROOT}"${NUT_PRIVATE_FILES} 2>/dev/null
+ eval chmod 0640 "${ROOT}"${NUT_PRIVATE_FILES} 2>/dev/null
+
+ # Do not remove eval here, because the variables contain shell expansions.
+ eval chown root:root "${ROOT}"${NUT_PUBLIC_FILES} 2>/dev/null
+ eval chmod 0644 "${ROOT}"${NUT_PUBLIC_FILES} 2>/dev/null
+
+ # Do not remove eval here, because the variables contain shell expansions.
+ if use cgi; then
+ eval chown root:root "${ROOT}"${NUT_CGI_FILES} 2>/dev/null
+ eval chmod 0644 "${ROOT}"${NUT_CGI_FILES} 2>/dev/null
+ fi
+
+ warningmsg elog
+}
+
+warningmsg() {
+ msgfunc="$1"
+ [ -z "$msgfunc" ] && die "msgfunc not specified in call to warningmsg!"
+ ${msgfunc} "Please note that NUT now runs under the 'nut' user."
+ ${msgfunc} "NUT is in the uucp group for access to RS-232 UPS."
+ ${msgfunc} "However if you use a USB UPS you may need to look at the udev or"
+ ${msgfunc} "hotplug rules that are installed, and alter them suitably."
+ ${msgfunc} ''
+ ${msgfunc} "You are strongly advised to read the UPGRADING file provided by upstream."
+ ${msgfunc} ''
+ ${msgfunc} "Please note that upsdrv is NOT automatically started by upsd anymore."
+ ${msgfunc} "If you have multiple UPS units, you can use their NUT names to"
+ ${msgfunc} "have a service per UPS:"
+ ${msgfunc} "ln -s /etc/init.d/upsdrv /etc/init.d/upsdrv.\$UPSNAME"
+ ${msgfunc} ''
+ ${msgfunc} 'If you want apcupsd to power off your UPS when it'
+ ${msgfunc} 'shuts down your system in a power failure, you must'
+ ${msgfunc} 'add nut.powerfail to your shutdown runlevel:'
+ ${msgfunc} ''
+ ${msgfunc} 'rc-update add nut.powerfail shutdown'
+ ${msgfunc} ''
+
+}