bump to -r2 per security bug 75941

author: Mike Doty <kingtaco@gentoo.org> 2005-01-11 15:34:23 +0000
committer: Mike Doty <kingtaco@gentoo.org> 2005-01-11 15:34:23 +0000
commit: 61c4d7de938502461d937e82e8923c0100364ba8 (patch)
tree: 7ece8474b52c79a321ed8d002152159a7f18095a /net-misc/hylafax
parent: added wolk fix (diff)
download: gentoo-2-61c4d7de938502461d937e82e8923c0100364ba8.tar.gz
gentoo-2-61c4d7de938502461d937e82e8923c0100364ba8.tar.bz2
gentoo-2-61c4d7de938502461d937e82e8923c0100364ba8.zip
6 files changed, 186 insertions, 5 deletions
diff --git a/net-misc/hylafax/ChangeLog b/net-misc/hylafax/ChangeLog
index 0b39b3fd7cc0..913034f1e4c9 100644
--- a/net-misc/hylafax/ChangeLog
+++ b/net-misc/hylafax/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for net-misc/hylafax
 # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/hylafax/ChangeLog,v 1.46 2005/01/06 20:41:01 gmsoft Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/hylafax/ChangeLog,v 1.47 2005/01/11 15:34:23 kingtaco Exp $
+
+*hylafax-4.2.0-r2 (11 Jan 2005)
+
+  11 Jan 2005; Mike Doty <kingtaco@gentoo.org> +files/hylafax-hostvuln.patch,
+  +hylafax-4.2.0-r2.ebuild:
+  bump to -r2 per security bug 75941
 
   06 Jan 2005; Guy Martin <gmsoft@gentoo.org> +files/hylafax-4.2.0-fPIC.patch,
   hylafax-4.2.0-r1.ebuild:
diff --git a/net-misc/hylafax/files/digest-hylafax-4.2.0-r2 b/net-misc/hylafax/files/digest-hylafax-4.2.0-r2
new file mode 100644
index 000000000000..9de57e0107eb
--- /dev/null
+++ b/net-misc/hylafax/files/digest-hylafax-4.2.0-r2
@@ -0,0 +1 @@
+MD5 463726ed21cfdac730c5d6915e0840cf hylafax-4.2.0.tar.gz 1351870
diff --git a/net-misc/hylafax/files/hylafax-hostvuln.patch b/net-misc/hylafax/files/hylafax-hostvuln.patch
new file mode 100644
index 000000000000..dd60220e1df1
--- /dev/null
+++ b/net-misc/hylafax/files/hylafax-hostvuln.patch
@@ -0,0 +1,55 @@
+diff -Nru hylafax-4.2.0.orig/hfaxd/InetFaxServer.c++ hylafax-4.2.0/hfaxd/InetFaxServer.c++
+--- hylafax-4.2.0.orig/hfaxd/InetFaxServer.c++	Mon Dec 27 14:10:09 2004
++++ hylafax-4.2.0/hfaxd/InetFaxServer.c++	Tue Dec 28 10:49:52 2004
+@@ -177,16 +177,14 @@
+ /*
+  * Check host identity returned by gethostbyaddr to
+  * weed out clients trying to spoof us (this is mostly
+- * a sanity check; it's still trivial to spoof).
+- * If the name returned by gethostbyaddr is in our domain,
+- * look up the name and check that the peer's address
++ * a sanity check; if they have full control of DNS
++ * they can still spoof)
++ * Look up the name and check that the peer's address
+  * corresponds to the host name.
+  */
+ bool
+ InetFaxServer::checkHostIdentity(hostent*& hp)
+ {
+-    if (!isLocalDomain(hp->h_name))		// not local, don't check
+-	return (true);
+     fxStr name(hp->h_name);			// must copy static value
+     hp = Socket::gethostbyname(name);
+     if (hp) {
+diff -Nru hylafax-4.2.0.orig/hfaxd/User.c++ hylafax-4.2.0/hfaxd/User.c++
+--- hylafax-4.2.0.orig/hfaxd/User.c++	Mon Dec 27 14:10:21 2004
++++ hylafax-4.2.0/hfaxd/User.c++	Tue Dec 28 11:00:32 2004
+@@ -136,16 +136,26 @@
+ 	 * must supply.  The next field is the password that
+ 	 * must be presented to gain administrative privileges.
+ 	 *
++	 * If the regex is a single word (no @ sign), we take it
++	 * as a host only short form for (^[^@]*@<input>
++	 *
+ 	 * If the first character of the <regex> is a ``!''
+ 	 * then the line specifies user(s) to disallow; a match
+ 	 * causes the user to be rejected w/o a password prompt.
+ 	 * This facility is mainly for backwards compatibility.
+ 	 */
+ 	char* cp;
++	bool userandhost = false;
+ 	for (cp = line; *cp && *cp != ':'; cp++)
+-	    ;
++	    if (*cp == '@') userandhost = true;
++
+ 	const char* base = &line[line[0] == '!'];
+-	RE pat(base, cp-base);
++	fxStr pattern(base, cp-base);
++	if (! userandhost) {
++	    pattern.insert("^.*@");
++	    pattern.append("$");
++	}
++	RE pat(pattern);
+ 	if (line[0] == '!') {		// disallow access on match
+ 	    if (pat.Find(dotform) || pat.Find(hostform))
+ 		return (false);
diff --git a/net-misc/hylafax/hylafax-4.1.8-r4.ebuild b/net-misc/hylafax/hylafax-4.1.8-r4.ebuild
index 31241b941044..087feb278c36 100644
--- a/net-misc/hylafax/hylafax-4.1.8-r4.ebuild
+++ b/net-misc/hylafax/hylafax-4.1.8-r4.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2004 Gentoo Foundation
+# Copyright 1999-2005 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/hylafax/hylafax-4.1.8-r4.ebuild,v 1.5 2004/10/13 16:20:24 gmsoft Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/hylafax/hylafax-4.1.8-r4.ebuild,v 1.6 2005/01/11 15:34:23 kingtaco Exp $
 
 # This was originally contributed by Stephane Loeuillet, via
 # Gentoo bug: http://bugs.gentoo.org/show_bug.cgi?id=28574
diff --git a/net-misc/hylafax/hylafax-4.2.0-r1.ebuild b/net-misc/hylafax/hylafax-4.2.0-r1.ebuild
index 431b6eb67b36..0cae3d474dd9 100644
--- a/net-misc/hylafax/hylafax-4.2.0-r1.ebuild
+++ b/net-misc/hylafax/hylafax-4.2.0-r1.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2004 Gentoo Foundation
+# Copyright 1999-2005 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/hylafax/hylafax-4.2.0-r1.ebuild,v 1.5 2005/01/06 20:41:01 gmsoft Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/hylafax/hylafax-4.2.0-r1.ebuild,v 1.6 2005/01/11 15:34:23 kingtaco Exp $
 
 inherit eutils
 
diff --git a/net-misc/hylafax/hylafax-4.2.0-r2.ebuild b/net-misc/hylafax/hylafax-4.2.0-r2.ebuild
new file mode 100644
index 000000000000..960f7ba65a1d
--- /dev/null
+++ b/net-misc/hylafax/hylafax-4.2.0-r2.ebuild
@@ -0,0 +1,119 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/hylafax/hylafax-4.2.0-r2.ebuild,v 1.1 2005/01/11 15:34:23 kingtaco Exp $
+
+inherit eutils
+
+IUSE="faxonly jpeg pam"
+
+DESCRIPTION="Client-server fax package for class 1 and 2 fax modems."
+HOMEPAGE="http://www.hylafax.org"
+SRC_URI="ftp://ftp.hylafax.org/source/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="hylafax"
+KEYWORDS="x86 sparc hppa ~alpha amd64 ~ppc"
+
+DEPEND="!faxonly? ( net-dialup/mgetty )
+	>=sys-libs/zlib-1.1.4
+	virtual/ghostscript
+	>=media-libs/tiff-3.7.0
+	jpeg? ( media-libs/jpeg )
+	sys-apps/gawk
+	pam? ( sys-libs/pam )"
+
+RDEPEND="${DEPEND}
+	app-arch/sharutils"
+
+export CONFIG_PROTECT="${CONFIG_PROTECT} /var/spool/fax/etc"
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+	epatch ${FILESDIR}/${P}-faxcron_uid.patch
+	epatch ${FILESDIR}/${P}-tiff_version.patch
+	epatch ${FILESDIR}/configure-gcc-3.4.patch
+	epatch ${FILESDIR}/hylafax-hostvuln.patch
+}
+
+src_compile() {
+	local my_conf="
+		--with-DIR_BIN=/usr/bin
+		--with-DIR_SBIN=/usr/sbin
+		--with-DIR_LIB=/usr/lib
+		--with-DIR_LIBEXEC=/usr/sbin
+		--with-DIR_LIBDATA=/usr/lib/fax
+		--with-DIR_LOCKS=/var/lock
+		--with-DIR_MAN=/usr/share/man
+		--with-DIR_SPOOL=/var/spool/fax
+		--with-DIR_HTML=/usr/share/doc/${P}/html
+		--with-DIR_CGI=${WORKDIR}
+		--with-PATH_EGETTY=/bin/false
+		--with-HTML=yes
+		--with-PATH_DPSRIP=/var/spool/fax/bin/ps2fax
+		--with-PATH_IMPRIP=\"\"
+		--with-SYSVINIT=no
+		--with-LIBTIFF=\"-ltiff -ljpeg -lz\"
+		--with-OPTIMIZER=\"${CFLAGS}\"
+		--with-DSO=auto"
+
+	if [ -h /etc/localtime ]; then
+		local continent=$(readlink /etc/localtime | cut -d / -f 5)
+		if [ "${continent}" == "Europe" ]; then
+			my_conf="${my_conf} --with-PAGESIZE=A4"
+		fi
+	fi
+
+	use faxonly && my_conf="${my_conf} --with-PATH_GETTY=/bin/false
+	                                  --with-PATH_VGETTY=/bin/false"
+	#--enable-pam isn't valid
+	use pam || my_conf="${my_conf} $(use_enable pam)"
+
+	# eval required for quoting in ${my_conf} to work properly, better way?
+	eval ./configure --nointeractive ${my_conf} || die "./configure failed"
+
+	emake -j1 || die "emake failed"
+}
+
+src_install() {
+	dodir /usr/{bin,sbin} /usr/lib/fax /usr/share/man /var/spool /var/spool/recvq
+	dodir /usr/share/doc/${P}/html
+
+	make \
+		BIN=${D}/usr/bin \
+		SBIN=${D}/usr/sbin \
+		LIBDIR=${D}/usr/lib \
+		LIB=${D}/usr/lib \
+		LIBEXEC=${D}/usr/sbin \
+		LIBDATA=${D}/usr/lib/fax \
+		MAN=${D}/usr/share/man \
+		SPOOL=${D}/var/spool/fax \
+		HTMLDIR=${D}/usr/share/doc/${P}/html \
+		install || die "make install failed"
+
+	keepdir /var/spool/fax/{archive,client,etc,pollq,recvq,tmp}
+	keepdir /var/spool/fax/{status,sendq,log,info,doneq,docq,dev}
+
+	einfo "Adding env.d entry for Hylafax"
+	insinto /etc/env.d
+	newins ${FILESDIR}/99hylafax-4.2 99hylafax
+
+	einfo "Adding init.d entry for Hylafax"
+	insinto /etc/init.d
+	insopts -m 755
+	newins ${FILESDIR}/hylafax-4.2 hylafax
+
+	dodoc COPYRIGHT README TODO VERSION
+}
+
+pkg_postinst() {
+	ewarn "New Hylafax tiff support requires tiff-3.7.0 now,"
+	ewarn "but hopefully this libtiff silliness is now fixed."
+	echo
+	einfo "Hylafax now depends on sharutils instead of metamail for mime"
+	einfo "handling, however, you can continue to use the latter if you"
+	einfo "like (emerge metamail manually)."
+	echo
+	einfo "Now run faxsetup and (if necessary) faxaddmodem."
+	echo
+}
author	Mike Doty <kingtaco@gentoo.org>	2005-01-11 15:34:23 +0000
committer	Mike Doty <kingtaco@gentoo.org>	2005-01-11 15:34:23 +0000
commit	61c4d7de938502461d937e82e8923c0100364ba8 (patch)
tree	7ece8474b52c79a321ed8d002152159a7f18095a /net-misc/hylafax
parent	added wolk fix (diff)
download	gentoo-2-61c4d7de938502461d937e82e8923c0100364ba8.tar.gz gentoo-2-61c4d7de938502461d937e82e8923c0100364ba8.tar.bz2 gentoo-2-61c4d7de938502461d937e82e8923c0100364ba8.zip