Revbump wrt security bug 169599

(Portage version: 2.1.2.1)
author: Raúl Porcel <armin76@gentoo.org> 2007-03-06 13:49:07 +0000
committer: Raúl Porcel <armin76@gentoo.org> 2007-03-06 13:49:07 +0000
commit: b7b8eb498c5b7e0099b969fddbbb5385e40c5be7 (patch)
tree: eefa85a9f759b1891bb817ce3d94ad4a1e82c300 /net-im/silc-server
parent: typo (diff)
download: gentoo-2-b7b8eb498c5b7e0099b969fddbbb5385e40c5be7.tar.gz
gentoo-2-b7b8eb498c5b7e0099b969fddbbb5385e40c5be7.tar.bz2
gentoo-2-b7b8eb498c5b7e0099b969fddbbb5385e40c5be7.zip
4 files changed, 176 insertions, 1 deletions
diff --git a/net-im/silc-server/ChangeLog b/net-im/silc-server/ChangeLog
index e04bb0d2342f..63ae2408db86 100644
--- a/net-im/silc-server/ChangeLog
+++ b/net-im/silc-server/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for net-im/silc-server
 # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-im/silc-server/ChangeLog,v 1.16 2007/01/27 17:57:28 josejx Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-im/silc-server/ChangeLog,v 1.17 2007/03/06 13:49:06 armin76 Exp $
+
+*silc-server-1.0.2-r1 (06 Mar 2007)
+
+  06 Mar 2007; Raúl Porcel <armin76@gentoo.org>
+  +files/silc-server-1.0.2-join-hmac.patch, +silc-server-1.0.2-r1.ebuild:
+  Revbump wrt security bug 169599
 
   27 Jan 2007; Joseph Jezak <josejx@gentoo.org> silc-server-1.0.2.ebuild:
   Forced -fsigned-char on and marked ppc stable for bug #152916.
diff --git a/net-im/silc-server/files/digest-silc-server-1.0.2-r1 b/net-im/silc-server/files/digest-silc-server-1.0.2-r1
new file mode 100644
index 000000000000..34466545eb0e
--- /dev/null
+++ b/net-im/silc-server/files/digest-silc-server-1.0.2-r1
@@ -0,0 +1,3 @@
+MD5 a55b86783cc6b502e80fcbe73e698329 silc-server-1.0.2.tar.bz2 890357
+RMD160 9108b64761e01f7e3877f6c9a207ae45046cab21 silc-server-1.0.2.tar.bz2 890357
+SHA256 37812c18a7221fe4ff87ef31a28ba9de97a3b722d7507c14ed0552cee20559b3 silc-server-1.0.2.tar.bz2 890357
diff --git a/net-im/silc-server/files/silc-server-1.0.2-join-hmac.patch b/net-im/silc-server/files/silc-server-1.0.2-join-hmac.patch
new file mode 100644
index 000000000000..b5e6061c1590
--- /dev/null
+++ b/net-im/silc-server/files/silc-server-1.0.2-join-hmac.patch
@@ -0,0 +1,84 @@
+diff -ur silc-server-1.0.2.orig/apps/silcd/command.c silc-server-1.0.2/apps/silcd/command.c
+--- silc-server-1.0.2.orig/apps/silcd/command.c	2007-03-06 11:21:40.000000000 +0100
++++ silc-server-1.0.2/apps/silcd/command.c	2007-03-06 13:33:28.000000000 +0100
+@@ -2441,10 +2441,22 @@
+ 	  channel = silc_server_create_new_channel(server, server->id, cipher,
+ 						   hmac, channel_name, TRUE);
+ 	  if (!channel) {
+-	    silc_server_command_send_status_data(
+-				  cmd, SILC_COMMAND_JOIN,
+-				  SILC_STATUS_ERR_UNKNOWN_ALGORITHM,
+-				  0, 2, cipher, strlen(cipher));
++	    if (cipher) {
++		silc_server_command_send_status_data(
++				      cmd, SILC_COMMAND_JOIN,
++				      SILC_STATUS_ERR_UNKNOWN_ALGORITHM,
++				      0, 2, cipher, strlen(cipher));
++	    } else if (hmac) {
++		silc_server_command_send_status_data(
++				      cmd, SILC_COMMAND_JOIN,
++				      SILC_STATUS_ERR_UNKNOWN_ALGORITHM,
++				      0, 2, hmac, strlen(hmac));
++	    } else {
++		silc_server_command_send_status_reply(
++				      cmd, SILC_COMMAND_JOIN,
++				      SILC_STATUS_ERR_RESOURCE_LIMIT,
++				      0);
++	    }
+ 	    silc_free(client_id);
+ 	    goto out;
+ 	  }
+@@ -2505,10 +2517,22 @@
+ 	  channel = silc_server_create_new_channel(server, server->id, cipher,
+ 						   hmac, channel_name, TRUE);
+ 	  if (!channel) {
+-	    silc_server_command_send_status_data(
+-				       cmd, SILC_COMMAND_JOIN,
+-				       SILC_STATUS_ERR_UNKNOWN_ALGORITHM, 0,
+-				       2, cipher, strlen(cipher));
++	    if (cipher) {
++		silc_server_command_send_status_data(
++				      cmd, SILC_COMMAND_JOIN,
++				      SILC_STATUS_ERR_UNKNOWN_ALGORITHM,
++				      0, 2, cipher, strlen(cipher));
++	    } else if (hmac) {
++		silc_server_command_send_status_data(
++				      cmd, SILC_COMMAND_JOIN,
++				      SILC_STATUS_ERR_UNKNOWN_ALGORITHM,
++				      0, 2, hmac, strlen(hmac));
++	    } else {
++		silc_server_command_send_status_reply(
++				      cmd, SILC_COMMAND_JOIN,
++				      SILC_STATUS_ERR_RESOURCE_LIMIT,
++				      0);
++	    }
+ 	    silc_free(client_id);
+ 	    goto out;
+ 	  }
+@@ -2541,10 +2565,22 @@
+ 	channel = silc_server_create_new_channel(server, server->id, cipher,
+ 						 hmac, channel_name, TRUE);
+ 	if (!channel) {
+-	  silc_server_command_send_status_data(
+-				       cmd, SILC_COMMAND_JOIN,
+-				       SILC_STATUS_ERR_UNKNOWN_ALGORITHM, 0,
+-				       2, cipher, strlen(cipher));
++	  if (cipher) {
++	      silc_server_command_send_status_data(
++				cmd, SILC_COMMAND_JOIN,
++				SILC_STATUS_ERR_UNKNOWN_ALGORITHM,
++				0, 2, cipher, strlen(cipher));
++	  } else if (hmac) {
++	      silc_server_command_send_status_data(
++				cmd, SILC_COMMAND_JOIN,
++				SILC_STATUS_ERR_UNKNOWN_ALGORITHM,
++				0, 2, hmac, strlen(hmac));
++	  } else {
++	      silc_server_command_send_status_reply(
++				cmd, SILC_COMMAND_JOIN,
++				SILC_STATUS_ERR_RESOURCE_LIMIT,
++				0);
++	  }
+ 	  silc_free(client_id);
+ 	  goto out;
+ 	}
diff --git a/net-im/silc-server/silc-server-1.0.2-r1.ebuild b/net-im/silc-server/silc-server-1.0.2-r1.ebuild
new file mode 100644
index 000000000000..7e4d52e3a4d3
--- /dev/null
+++ b/net-im/silc-server/silc-server-1.0.2-r1.ebuild
@@ -0,0 +1,82 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-im/silc-server/silc-server-1.0.2-r1.ebuild,v 1.1 2007/03/06 13:49:06 armin76 Exp $
+
+inherit eutils autotools flag-o-matic
+
+DESCRIPTION="Server for Secure Internet Live Conferencing"
+SRC_URI="http://www.silcnet.org/download/server/sources/${P}.tar.bz2"
+HOMEPAGE="http://silcnet.org/"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~ppc ~sparc ~x86"
+IUSE="ipv6 debug"
+
+RDEPEND="!<=net-im/silc-toolkit-0.9.12-r1
+	!<=net-im/silc-client-1.0.1"
+DEPEND="${RDEPEND}
+	=sys-devel/automake-1.9*"
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+
+	epatch "${FILESDIR}"/1.0-fPIC.patch
+
+	# DoS vuln, bug 169599
+	epatch "${FILESDIR}"/${P}-join-hmac.patch
+
+	eautoreconf
+}
+
+src_compile() {
+	### Append -fsigned-char for platforms without this as default
+	### Fixes runtime conf parsing bug on ppc
+	append-flags -fsigned-char
+
+	econf \
+		--sysconfdir=/etc/silc \
+		--with-docdir=/usr/share/doc/${PF} \
+		--with-helpdir=/usr/share/${PN}/help \
+		--with-logsdir=/var/log/${PN} \
+		--with-mandir=/usr/share/man \
+		--with-silcd-pid-file=/var/run/silcd.pid \
+		--with-simdir=/usr/$(get_libdir)/${PN} \
+		--without-silc-libs \
+		$(use_enable ipv6) \
+		$(use_enable debug) \
+		|| die "econf failed"
+	emake -j1 || die "emake failed"
+}
+
+src_install() {
+	make DESTDIR="${D}" install || die "make install failed"
+
+	insinto /usr/share/doc/${PF}/examples
+	doins doc/examples/*.conf
+
+	fperms 600 /etc/silc
+	keepdir /var/log/${PN}
+
+	rm -rf \
+		"${D}"/usr/libsilc* \
+		"${D}"/usr/include \
+		"${D}"/etc/silc/silcd.{pub,prv}
+
+	newinitd "${FILESDIR}/silcd.initd" silcd
+
+	sed -i \
+		-e 's:10.2.1.6:0.0.0.0:' \
+		-e 's:User = "nobody";:User = "silcd";:' \
+		"${D}"/etc/silc/silcd.conf
+}
+
+pkg_postinst() {
+	enewuser silcd
+
+	if [ ! -f "${ROOT}"/etc/silc/silcd.prv ] ; then
+		einfo "Creating key pair in /etc/silc"
+		silcd -C "${ROOT}"/etc/silc
+	fi
+}
author	Raúl Porcel <armin76@gentoo.org>	2007-03-06 13:49:07 +0000
committer	Raúl Porcel <armin76@gentoo.org>	2007-03-06 13:49:07 +0000
commit	b7b8eb498c5b7e0099b969fddbbb5385e40c5be7 (patch)
tree	eefa85a9f759b1891bb817ce3d94ad4a1e82c300 /net-im/silc-server
parent	typo (diff)
download	gentoo-2-b7b8eb498c5b7e0099b969fddbbb5385e40c5be7.tar.gz gentoo-2-b7b8eb498c5b7e0099b969fddbbb5385e40c5be7.tar.bz2 gentoo-2-b7b8eb498c5b7e0099b969fddbbb5385e40c5be7.zip