diff options
author | Mike Frysinger <vapier@gentoo.org> | 2004-10-31 05:58:05 +0000 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2004-10-31 05:58:05 +0000 |
commit | e5cacf49b5b9333d0a2371a2b79ae6084130ebfd (patch) | |
tree | e1bc285dd8a9c829ee73cb8f7c7a2d97175ea54d | |
parent | arm/hppa/ia64 stable for security #69315 (Manifest recommit) (diff) | |
download | gentoo-2-e5cacf49b5b9333d0a2371a2b79ae6084130ebfd.tar.gz gentoo-2-e5cacf49b5b9333d0a2371a2b79ae6084130ebfd.tar.bz2 gentoo-2-e5cacf49b5b9333d0a2371a2b79ae6084130ebfd.zip |
Clean up ebuilds and add support for loopback-only #65199 by Elros Cyriatan.
-rw-r--r-- | net-nds/portmap/ChangeLog | 8 | ||||
-rw-r--r-- | net-nds/portmap/files/portmap-5b-loopback-only.patch | 62 | ||||
-rw-r--r-- | net-nds/portmap/files/portmap-5b-optional-tcpd.patch | 38 | ||||
-rw-r--r-- | net-nds/portmap/files/portmap.confd | 6 | ||||
-rw-r--r-- | net-nds/portmap/files/portmap.rc6 | 8 | ||||
-rw-r--r-- | net-nds/portmap/portmap-5b-r8.ebuild | 32 | ||||
-rw-r--r-- | net-nds/portmap/portmap-5b-r9.ebuild | 89 |
7 files changed, 168 insertions, 75 deletions
diff --git a/net-nds/portmap/ChangeLog b/net-nds/portmap/ChangeLog index 2ddd5cb06016..1946105286a7 100644 --- a/net-nds/portmap/ChangeLog +++ b/net-nds/portmap/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for net-nds/portmap # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-nds/portmap/ChangeLog,v 1.24 2004/08/02 04:21:21 agriffis Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-nds/portmap/ChangeLog,v 1.25 2004/10/31 05:58:05 vapier Exp $ + + 31 Oct 2004; Mike Frysinger <vapier@gentoo.org> + +files/portmap-5b-loopback-only.patch, + +files/portmap-5b-optional-tcpd.patch, +files/portmap.confd, + files/portmap.rc6, portmap-5b-r8.ebuild, portmap-5b-r9.ebuild: + Clean up ebuilds and add support for loopback-only #65199 by Elros Cyriatan. 02 Aug 2004; Aron Griffis <agriffis@gentoo.org> portmap-5b-r8.ebuild, portmap-5b-r9.ebuild: diff --git a/net-nds/portmap/files/portmap-5b-loopback-only.patch b/net-nds/portmap/files/portmap-5b-loopback-only.patch new file mode 100644 index 000000000000..4684319ce574 --- /dev/null +++ b/net-nds/portmap/files/portmap-5b-loopback-only.patch @@ -0,0 +1,62 @@ +diff -u portmap_5beta/pmap_check.c portmap_5beta_elros/pmap_check.c +--- portmap_5beta/pmap_check.c 1996-07-07 10:49:10.000000000 +0200 ++++ portmap_5beta_elros/pmap_check.c 2004-09-24 01:56:47.000000000 +0200 +@@ -63,6 +63,7 @@ + static void logit(); + static void toggle_verboselog(); + int verboselog = 0; ++int listenonlyloopback = 0; + int allow_severity = LOG_INFO; + int deny_severity = LOG_WARNING; + +diff -u portmap_5beta/pmap_check.h portmap_5beta_elros/pmap_check.h +--- portmap_5beta/pmap_check.h 1996-07-06 23:06:23.000000000 +0200 ++++ portmap_5beta_elros/pmap_check.h 2004-09-24 01:55:24.000000000 +0200 +@@ -7,6 +7,7 @@ + extern int check_privileged_port(); + extern int check_callit(); + extern int verboselog; ++extern int listenonlyloopback; + extern int allow_severity; + extern int deny_severity; + +diff -u portmap_5beta/portmap.c portmap_5beta_elros/portmap.c +--- portmap_5beta/portmap.c 1996-07-06 23:06:24.000000000 +0200 ++++ portmap_5beta_elros/portmap.c 2004-09-24 01:49:47.000000000 +0200 +@@ -158,7 +158,7 @@ + int len = sizeof(struct sockaddr_in); + register struct pmaplist *pml; + +- while ((c = getopt(argc, argv, "dv")) != EOF) { ++ while ((c = getopt(argc, argv, "dvl")) != EOF) { + switch (c) { + + case 'd': +@@ -169,10 +169,15 @@ + verboselog = 1; + break; + ++ case 'l': ++ listenonlyloopback = 1; ++ break; ++ + default: + (void) fprintf(stderr, "usage: %s [-dv]\n", argv[0]); + (void) fprintf(stderr, "-d: debugging mode\n"); + (void) fprintf(stderr, "-v: verbose logging\n"); ++ (void) fprintf(stderr, "-l: listen only on loopback address (not on external address)\n"); + exit(1); + } + } +@@ -201,6 +206,11 @@ + addr.sin_addr.s_addr = 0; + addr.sin_family = AF_INET; + addr.sin_port = htons(PMAPPORT); ++ ++ if (listenonlyloopback) { ++ addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); ++ } ++ + if (bind(sock, (struct sockaddr *)&addr, len) != 0) { + syslog(LOG_ERR, "cannot bind udp: %m"); + exit(1); diff --git a/net-nds/portmap/files/portmap-5b-optional-tcpd.patch b/net-nds/portmap/files/portmap-5b-optional-tcpd.patch new file mode 100644 index 000000000000..fa2d5204af86 --- /dev/null +++ b/net-nds/portmap/files/portmap-5b-optional-tcpd.patch @@ -0,0 +1,38 @@ +--- Makefile.orig 2004-10-31 01:54:48.073875024 -0400 ++++ Makefile 2004-10-31 01:54:58.395305928 -0400 +@@ -15,8 +15,6 @@ + # no access control tables. The local system, since it runs the portmap + # daemon, is always treated as an authorized host. + +-HOSTS_ACCESS= -DHOSTS_ACCESS +-WRAP_LIB = $(WRAP_DIR)/libwrap.a + + # Comment out if your RPC library does not allocate privileged ports for + # requests from processes with root privilege, or the new portmap will +@@ -87,7 +85,7 @@ + # + AUX = # daemon.o strerror.o + +-LIBS = -lwrap -lutil ++LIBS = -lutil + NSARCHS = + O = -Wall -O2 -pipe + +@@ -110,7 +108,7 @@ + + SHELL = /bin/sh + +-COPT = $(CONST) -Dperror=xperror $(HOSTS_ACCESS) $(CHECK_PORT) \ ++COPT = $(CONST) -Dperror=xperror $(CHECK_PORT) \ + $(SYS) -DFACILITY=$(FACILITY) $(ULONG) $(ZOMBIES) $(SA_LEN) \ + $(LOOPBACK) $(SETPGRP) + CFLAGS = $(COPT) $(O) $(NSARCHS) +@@ -118,7 +116,7 @@ + + all: portmap pmap_dump pmap_set + +-portmap: $(OBJECTS) $(WRAP_DIR)/libwrap.a ++portmap: $(OBJECTS) + $(CC) $(CFLAGS) -o $@ $(OBJECTS) $(WRAP_LIB) $(LIBS) + + pmap_dump: pmap_dump.c diff --git a/net-nds/portmap/files/portmap.confd b/net-nds/portmap/files/portmap.confd new file mode 100644 index 000000000000..3f909c4d233e --- /dev/null +++ b/net-nds/portmap/files/portmap.confd @@ -0,0 +1,6 @@ +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-nds/portmap/files/portmap.confd,v 1.1 2004/10/31 05:58:05 vapier Exp $ + +# Listen on localhost only by default +#PORTMAP_OPTS="-l" diff --git a/net-nds/portmap/files/portmap.rc6 b/net-nds/portmap/files/portmap.rc6 index ca8b2f692c01..1868004bb5a2 100644 --- a/net-nds/portmap/files/portmap.rc6 +++ b/net-nds/portmap/files/portmap.rc6 @@ -1,7 +1,7 @@ #!/sbin/runscript # Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-nds/portmap/files/portmap.rc6,v 1.8 2004/09/20 18:20:26 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-nds/portmap/files/portmap.rc6,v 1.9 2004/10/31 05:58:05 vapier Exp $ depend() { need net @@ -11,11 +11,11 @@ depend() { start() { ebegin "Starting portmap" - start-stop-daemon --start --quiet --exec /sbin/portmap + start-stop-daemon --start --quiet --exec /sbin/portmap -- ${PORTMAP_OPTS} local ret=$? eend ${ret} - #without, if a service depending on portmap is started too fast, - #connecting to portmap will fail -- azarah + # without, if a service depending on portmap is started too fast, + # connecting to portmap will fail -- azarah sleep 1 return ${ret} } diff --git a/net-nds/portmap/portmap-5b-r8.ebuild b/net-nds/portmap/portmap-5b-r8.ebuild index 31c3082cb8ff..648d8fd74431 100644 --- a/net-nds/portmap/portmap-5b-r8.ebuild +++ b/net-nds/portmap/portmap-5b-r8.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-nds/portmap/portmap-5b-r8.ebuild,v 1.16 2004/09/20 18:20:26 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-nds/portmap/portmap-5b-r8.ebuild,v 1.17 2004/10/31 05:58:05 vapier Exp $ inherit eutils @@ -12,13 +12,19 @@ SRC_URI="ftp://ftp.porcupine.org/pub/security/${MY_P}.tar.gz" LICENSE="as-is" SLOT="0" -KEYWORDS="x86 ppc sparc mips alpha arm hppa amd64 ia64 ppc64 s390" +KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sparc x86" IUSE="selinux" DEPEND="virtual/libc - >=sys-apps/tcp-wrappers-7.6-r7" + tcpd? ( >=sys-apps/tcp-wrappers-7.6-r7 ) + >=sys-apps/portage-2.0.51" RDEPEND="selinux? ( sec-policy/selinux-portmap )" +pkg_setup() { + enewgroup rpc 111 + enewuser rpc 111 /bin/false /dev/null rpc +} + src_unpack() { unpack ${A} @@ -53,20 +59,12 @@ src_compile() { } src_install() { - into / ; dosbin portmap - into /usr ; dosbin pmap_dump pmap_set - doman portmap.8 pmap_dump.8 pmap_set.8 - - exeinto /etc/init.d - newexe ${FILESDIR}/portmap.rc6 portmap - - # Is this really the sort of thing we wanna be doing? :) - # ln -s ../../init.d/portmap ${D}/etc/runlevels/default/portmap + into / + dosbin portmap || die "portmap" + into /usr + dosbin pmap_dump pmap_set || die "pmap" + doman portmap.8 pmap_dump.8 pmap_set.8 dodoc BLURB CHANGES README -} - -pkg_postinst() { - enewgroup rpc 111 - enewuser rpc 111 /bin/false /dev/null rpc + newinitd ${FILESDIR}/portmap.rc6 portmap } diff --git a/net-nds/portmap/portmap-5b-r9.ebuild b/net-nds/portmap/portmap-5b-r9.ebuild index 4cb5380131c4..eac0fb60d7c0 100644 --- a/net-nds/portmap/portmap-5b-r9.ebuild +++ b/net-nds/portmap/portmap-5b-r9.ebuild @@ -1,24 +1,29 @@ # Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-nds/portmap/portmap-5b-r9.ebuild,v 1.4 2004/08/02 04:21:21 agriffis Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-nds/portmap/portmap-5b-r9.ebuild,v 1.5 2004/10/31 05:58:05 vapier Exp $ -inherit eutils +inherit eutils flag-o-matic toolchain-funcs MY_P="${PN}_${PV}eta" S="${WORKDIR}/${MY_P}" DESCRIPTION="Netkit - portmapper" -SRC_URI="ftp://ftp.porcupine.org/pub/security/${MY_P}.tar.gz" HOMEPAGE="ftp://ftp.porcupine.org/pub/security/index.html" +SRC_URI="ftp://ftp.porcupine.org/pub/security/${MY_P}.tar.gz" -SLOT="0" LICENSE="as-is" -KEYWORDS="-*" -#KEYWORDS="~x86 ~ppc ~sparc ~mips ~alpha ~hppa ~amd64 ~ia64 ~ppc64" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" +IUSE="selinux tcpd" DEPEND="virtual/libc - tcpd? ( >=sys-apps/tcp-wrappers-7.6-r7 )" + tcpd? ( >=sys-apps/tcp-wrappers-7.6-r7 ) + >=sys-apps/portage-2.0.51" RDEPEND="selinux? ( sec-policy/selinux-portmap )" -IUSE="tcpd selinux" + +pkg_setup() { + enewgroup rpc 111 + enewuser rpc 111 /bin/false /dev/null rpc +} src_unpack() { unpack ${A} @@ -37,58 +42,36 @@ src_unpack() { # <azarah@gentoo.org> (31 Dec 2002). epatch ${FILESDIR}/${P}-include-errno_h.patch - # Get portmap to use our CFLAGS ... - sed -e "s:-O2:${CFLAGS}:" -i Makefile || die + # Path to listen on loopback only #65199 + epatch ${FILESDIR}/${P}-loopback-only.patch + + # Make tcp wrapper checks easier + cp Makefile Makefile.orig + epatch ${FILESDIR}/${P}-optional-tcpd.patch } src_compile() { - local LIBS - local WRAP_DIR - local HOSTS_ACCESS - # libutil static as per -r8 - #LIBS="-Wl,-Bstatic -lutil -Wl,-Bdynamic -lnsl" - # libutil dynamic - LIBS="-Wl,-Bdynamic -lutil -Wl,-Bdynamic -lnsl" - WRAP_DIR="" - HOSTS_ACCESS="" - if use tcpd; then - WRAP_DIR="${ROOT}/usr/lib" - [ -f "${ROOT}/lib/libwrap.a" ] && WRAP_DIR="${ROOT}/lib" - # static libwrap as per -r8 - #LIBS="-Wl,-Bstatic -lwrap ${LIBS}" - # libwrap dynamic - LIBS="-Wl,-Bdynamic -lwrap ${LIBS}" - HOSTS_ACCESS="-DHOSTS_ACCESS" - else - sed -i -e "s:^WRAP_LIB:\#WRAP_LIB:" \ - -e "s:^HOSTS_ACCESS:\#HOSTS_ACCESS:" \ - -e 's:$(WRAP_DIR)/libwrap.a::g' \ - Makefile - fi - - make FACILITY=LOG_AUTH \ - ZOMBIES='-DIGNORE_SIGCHLD' \ - HOSTS_ACCESS="${HOSTS_ACCESS}" \ - WRAP_DIR="${WRAP_DIR}" \ - LIBS="${LIBS}" \ - AUX= || die + local tcpd="" + use tcpd \ + && tcpd="-lwrap" \ + && append-flags -DHOSTS_ACCESS + + emake \ + CC="$(tc-getCC)" \ + O="${CFLAGS}" \ + WRAP_LIB="${tcpd}" \ + || die } src_install() { - into / ; dosbin portmap - into /usr ; dosbin pmap_dump pmap_set - doman portmap.8 pmap_dump.8 pmap_set.8 - - exeinto /etc/init.d - newexe ${FILESDIR}/portmap.rc6 portmap - - # Is this really the sort of thing we wanna be doing? :) - # ln -s ../../init.d/portmap ${D}/etc/runlevels/default/portmap + into / + dosbin portmap || die "portmap" + into /usr + dosbin pmap_dump pmap_set || die "pmap" + doman portmap.8 pmap_dump.8 pmap_set.8 dodoc BLURB CHANGES README -} -pkg_postinst() { - enewgroup rpc 111 - enewuser rpc 111 /bin/false /dev/null rpc + newinitd ${FILESDIR}/portmap.rc6 portmap + newconfd ${FILESDIR}/portmap.confd portmap } |