From c9f880e8b090e0ed41903fe06f4d64f58580b531 Mon Sep 17 00:00:00 2001 From: Michael Orlitzky Date: Sat, 3 Dec 2016 21:12:38 -0500 Subject: net-analyzer/nagios{,-core}: new version 4.2.3 to fix CVE-2016-8641. Gentoo-Bug: 600864 Package-Manager: portage-2.3.0 --- net-analyzer/nagios-core/Manifest | 2 +- net-analyzer/nagios-core/nagios-core-4.2.2.ebuild | 248 ---------------------- net-analyzer/nagios-core/nagios-core-4.2.3.ebuild | 248 ++++++++++++++++++++++ 3 files changed, 249 insertions(+), 249 deletions(-) delete mode 100644 net-analyzer/nagios-core/nagios-core-4.2.2.ebuild create mode 100644 net-analyzer/nagios-core/nagios-core-4.2.3.ebuild (limited to 'net-analyzer/nagios-core') diff --git a/net-analyzer/nagios-core/Manifest b/net-analyzer/nagios-core/Manifest index 466b8340e1be..1a5ebd122371 100644 --- a/net-analyzer/nagios-core/Manifest +++ b/net-analyzer/nagios-core/Manifest @@ -1,4 +1,4 @@ DIST nagios-3.5.1.tar.gz 1763584 SHA256 ca9dd68234fa090b3c35ecc8767b2c9eb743977eaf32612fa9b8341cc00a0f99 SHA512 48e2ecb91002b08203937b12a438c87c62cd3c5c401a0ed9e861cd6d79074c7017ed373e9379f013d87dea1fd7cb8e3d85112d55c87ac91aed96b256868c112d WHIRLPOOL 2c02584702c64dbb0e353e34b758fab079eee0dc7a401e7b5947a21733758d3596401e5519e2dd7f05c89ee4835c21965d2718157fd9d6d3d20af9c853d688ca DIST nagios-4.0.8.tar.gz 1805059 SHA256 8b268d250c97851775abe162f46f64724f95f367d752ae4630280cc5d368ca4b SHA512 d72fdbcc0beb2de72e5aa788b4ccc83aa30c7f4a4460edaa831f012db04647e4836b876bb7dc235e2a1b525827e9a2a0f4d348919f69fbfbfdaa4d13e968e18c WHIRLPOOL bdd9c63e0e495073b7b046952baa50b9e448fa56cda167806546a3b58fdd8fad328c9285ebb6d07da81786676d805671cad7295be389c4b8a4f3971264c97f74 -DIST nagios-4.2.2.tar.gz 11086388 SHA256 3e82795d75e475b03e76cb18c0e009b5ddce7306ca9c54dbcf16003a5e4f49ea SHA512 f89ca1e7c6aa47141dc79208d4ca095a2aecac064999641f663bd0ec86117e2223f8654e0203a7c549d511832a0c152ce0bf3b75d8dcd524d8046bec05e2cbe1 WHIRLPOOL bd533c6b2ee34a1eaa57cb19448e06299d3439ea8bbd2621fe0e3d21234af30fd6aa337e0993fff97f300b2617b9a7dc26bc277018be2976fad09abf83f6624c +DIST nagios-4.2.3.tar.gz 11087851 SHA256 83ee7eb00b77b829c98473ebeff810949114d0a89f4330fc25eeaf794bd5265c SHA512 8ebf6befffd9e5ab8fcd8ea29f48e792b5ef68646317484fbbdea47542a0ea30465731d0bc918887cddfe07a02d93b7cc0bad288a2f1c4174652fa005f95ef81 WHIRLPOOL 7090c1a8afaec823d51dd0a59c333142ceae8081a0218df258d09bc139918a7d06803243dc93b20fdea6486aa8bba21455155b9bfca94b459c658ac9fce19959 DIST nagios-core-gentoo-icons-20141125.tar 40960 SHA256 68b715f636eb291343cab3259862bbed8b6b898520b58df522438524de3d8761 SHA512 bf109879cddd6136b76baba55d0b60b2596e37431dcf5ce0905d34a9fa292ebf7e4bde82d9a084362c486e8fac344c76d88f9298b1b85541ed70ffd608493766 WHIRLPOOL 7ec3a944b2a659b456d3168818ca5b1af3a427436e6af2f3e5d6cba6fc7b1c7bad6f552301f064df31988865b3b32fd117d9e6f61c630d6d817a51cbbbcb331d diff --git a/net-analyzer/nagios-core/nagios-core-4.2.2.ebuild b/net-analyzer/nagios-core/nagios-core-4.2.2.ebuild deleted file mode 100644 index f3d1d3e68a40..000000000000 --- a/net-analyzer/nagios-core/nagios-core-4.2.2.ebuild +++ /dev/null @@ -1,248 +0,0 @@ -# Copyright 1999-2016 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=6 - -inherit toolchain-funcs user - -MY_P=${PN/-core}-${PV} -DESCRIPTION="Nagios core - monitoring daemon, web GUI, and documentation" -HOMEPAGE="http://www.nagios.org/" - -# The name of the directory into which our Gentoo icons will be -# extracted, and also the basename of the archive containing it. -GENTOO_ICONS="${PN}-gentoo-icons-20141125" -SRC_URI="mirror://sourceforge/nagios/${MY_P}.tar.gz - web? ( https://dev.gentoo.org/~mjo/distfiles/${GENTOO_ICONS}.tar )" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86" -IUSE="apache2 classicui lighttpd perl +web vim-syntax" - -# In pkg_postinst(), we change the group of the Nagios configuration -# directory to that of the web server user. It can't belong to both -# apache/lighttpd groups at the same time, so we block this combination -# for our own sanity. -# -# This could be made to work, but we would need a better way to allow -# the web user read-only access to Nagios's configuration directory. -# -REQUIRED_USE="apache2? ( !lighttpd )" - -# sys-devel/libtool dependency is bug #401237. -# -# Note, we require one of the apache2 CGI modules: -# -# * mod_cgi -# * mod_cgid -# * mod_fcgid -# -# We just don't care /which/ one. And of course PHP supports both CGI -# (USE=cgi) and FastCGI (USE=fpm). We're pretty lenient with the -# dependencies, and expect the user not to do anything /too/ -# stupid. (For example, installing Apache with only FastCGI support, and -# PHP with only CGI support.) -# -# Another annoyance is that the upstream Makefile uses app-arch/unzip to -# extract a snapshot of AngularJS, but that's only needed when USE=web. -# -MOD_ALIAS=apache2_modules_alias -DEPEND="sys-devel/libtool - virtual/mailx - perl? ( dev-lang/perl ) - web? ( - app-arch/unzip - media-libs/gd[jpeg,png] - lighttpd? ( www-servers/lighttpd[php] ) - apache2? ( - || ( - >=www-servers/apache-2.4[${MOD_ALIAS},apache2_modules_cgi] - >=www-servers/apache-2.4[${MOD_ALIAS},apache2_modules_cgid] - >=www-servers/apache-2.4[${MOD_ALIAS},apache2_modules_fcgid] ) - || ( - dev-lang/php:*[apache2] - dev-lang/php:*[cgi] - dev-lang/php:*[fpm] ) - ) - )" -RDEPEND="${DEPEND} - vim-syntax? ( app-vim/nagios-syntax )" - -S="${WORKDIR}/${MY_P}" - -pkg_setup() { - enewgroup nagios - enewuser nagios -1 /bin/bash /var/nagios/home nagios -} - -src_configure() { - local myconf - - if use perl; then - myconf="${myconf} --enable-embedded-perl --with-perlcache" - fi - - if use !apache2 && use !lighttpd ; then - myconf="${myconf} --with-command-group=nagios" - else - if use apache2 ; then - myconf="${myconf} --with-command-group=apache" - myconf="${myconf} --with-httpd-conf=/etc/apache2/conf.d" - elif use lighttpd ; then - myconf="${myconf} --with-command-group=lighttpd" - fi - fi - - econf ${myconf} \ - --prefix=/usr \ - --bindir=/usr/sbin \ - --sbindir=/usr/$(get_libdir)/nagios/cgi-bin \ - --datadir=/usr/share/nagios/htdocs \ - --localstatedir=/var/nagios \ - --sysconfdir=/etc/nagios \ - --libexecdir=/usr/$(get_libdir)/nagios/plugins -} - -src_compile() { - emake CC=$(tc-getCC) nagios - - if use web; then - # Only compile the CGIs/HTML when USE=web is set. - emake CC=$(tc-getCC) DESTDIR="${D}" cgis html - fi -} - -src_install() { - dodoc Changelog INSTALLING LEGAL README.asciidoc UPGRADING - - emake DESTDIR="${D}" install-base - emake DESTDIR="${D}" install-basic - emake DESTDIR="${D}" install-config - emake DESTDIR="${D}" install-commandmode - - if use web; then - emake DESTDIR="${D}" install-cgis - - # install-html installs the new exfoliation theme - emake DESTDIR="${D}" install-html - - if use classicui; then - # This overwrites the already-installed exfoliation theme - emake DESTDIR="${D}" install-classicui - fi - - # Install cute Gentoo icons (bug #388323), setting their - # owner, group, and mode to match those of the rest of Nagios's - # images. - insopts --group=nagios --owner=nagios --mode=0664 - insinto /usr/share/nagios/htdocs/images/logos - doins "${WORKDIR}/${GENTOO_ICONS}"/*.* - insopts --mode=0644 # Back to the default... - fi - - newinitd "${FILESDIR}"/nagios4 nagios - newconfd "${FILESDIR}"/conf.d nagios - - if use web ; then - if use apache2 ; then - # Install the Nagios configuration file for Apache. - insinto "/etc/apache2/modules.d" - doins "${FILESDIR}"/99_nagios4.conf - elif use lighttpd ; then - # Install the Nagios configuration file for Lighttpd. - insinto /etc/lighttpd - newins "${FILESDIR}/lighttpd_nagios4.conf" nagios.conf - else - ewarn "${CATEGORY}/${PF} only supports apache or lighttpd" - ewarn "out of the box. Since you are not using one of them, you" - ewarn "will have to configure your webserver yourself." - fi - fi - - for dir in etc/nagios var/nagios ; do - chown -R nagios:nagios "${D}/${dir}" \ - || die "failed chown of ${D}/${dir}" - done - - chown -R root:root "${D}/usr/$(get_libdir)/nagios" \ - || die "failed chown of ${D}/usr/$(get_libdir)/nagios" - - # The following two find...exec statements will die properly as long - # as chmod is only called once (that is, as long as the argument - # list is small enough). - find "${D}/usr/$(get_libdir)/nagios" -type d \ - -exec chmod 755 '{}' + || die 'failed to make nagios dirs traversable' - - if use web; then - find "${D}/usr/$(get_libdir)/nagios/cgi-bin" -type f \ - -exec chmod 755 '{}' + || die 'failed to make cgi-bins executable' - fi - - keepdir /etc/nagios - keepdir /var/nagios - keepdir /var/nagios/archives - keepdir /var/nagios/rw - keepdir /var/nagios/spool/checkresults - - if use !apache2 && use !lighttpd; then - chown -R nagios:nagios "${D}"/var/nagios/rw \ - || die "failed chown of ${D}/var/nagios/rw" - else - if use apache2 ; then - chown -R nagios:apache "${D}"/var/nagios/rw \ - || die "failed chown of ${D}/var/nagios/rw" - elif use lighttpd ; then - chown -R nagios:lighttpd "${D}"/var/nagios/rw \ - || die "failed chown of ${D}/var/nagios/rw" - fi - fi - - chmod ug+s "${D}"/var/nagios/rw || die "failed chmod of ${D}/var/nagios/rw" - chmod 0750 "${D}"/etc/nagios || die "failed chmod of ${D}/etc/nagios" -} - -pkg_postinst() { - - if use web; then - elog "Note that your web server user requires read-only access to" - elog "${ROOT}etc/nagios." - - if use apache2 || use lighttpd ; then - elog - elog "To that end, we have changed the group of ${ROOT}etc/nagios" - elog "to that of your web server user." - elog - if use apache2; then - chown nagios:apache "${ROOT}etc/nagios" \ - || die "failed to change group of ${ROOT}etc/nagios" - - elog "To enable the Nagios web front-end, please edit" - elog "${ROOT}etc/conf.d/apache2 and add \"-D NAGIOS -D PHP5\"" - elog "to APACHE2_OPTS. Then Nagios will be available at," - elog - elif use lighttpd; then - chown nagios:lighttpd "${ROOT}etc/nagios" \ - || die "failed to change group of ${ROOT}etc/nagios" - elog "To enable the Nagios web front-end, please add" - elog "'include \"nagios.conf\"' to the lighttpd configuration" - elog "file at ${ROOT}etc/lighttpd/lighttpd.conf. Then Nagios" - elog "will be available at," - elog - fi - - elog " http://localhost/nagios/" - else - elog "Since you're not using either Apache or Lighttpd, you" - elog "will have to grant the necessary permissions yourself." - fi - fi - - elog - elog "If your kernel has /proc protection, nagios" - elog "will not be happy as it relies on accessing the proc" - elog "filesystem. You can fix this by adding nagios into" - elog "the group wheel, but this is not recomended." - elog -} diff --git a/net-analyzer/nagios-core/nagios-core-4.2.3.ebuild b/net-analyzer/nagios-core/nagios-core-4.2.3.ebuild new file mode 100644 index 000000000000..f3d1d3e68a40 --- /dev/null +++ b/net-analyzer/nagios-core/nagios-core-4.2.3.ebuild @@ -0,0 +1,248 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=6 + +inherit toolchain-funcs user + +MY_P=${PN/-core}-${PV} +DESCRIPTION="Nagios core - monitoring daemon, web GUI, and documentation" +HOMEPAGE="http://www.nagios.org/" + +# The name of the directory into which our Gentoo icons will be +# extracted, and also the basename of the archive containing it. +GENTOO_ICONS="${PN}-gentoo-icons-20141125" +SRC_URI="mirror://sourceforge/nagios/${MY_P}.tar.gz + web? ( https://dev.gentoo.org/~mjo/distfiles/${GENTOO_ICONS}.tar )" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86" +IUSE="apache2 classicui lighttpd perl +web vim-syntax" + +# In pkg_postinst(), we change the group of the Nagios configuration +# directory to that of the web server user. It can't belong to both +# apache/lighttpd groups at the same time, so we block this combination +# for our own sanity. +# +# This could be made to work, but we would need a better way to allow +# the web user read-only access to Nagios's configuration directory. +# +REQUIRED_USE="apache2? ( !lighttpd )" + +# sys-devel/libtool dependency is bug #401237. +# +# Note, we require one of the apache2 CGI modules: +# +# * mod_cgi +# * mod_cgid +# * mod_fcgid +# +# We just don't care /which/ one. And of course PHP supports both CGI +# (USE=cgi) and FastCGI (USE=fpm). We're pretty lenient with the +# dependencies, and expect the user not to do anything /too/ +# stupid. (For example, installing Apache with only FastCGI support, and +# PHP with only CGI support.) +# +# Another annoyance is that the upstream Makefile uses app-arch/unzip to +# extract a snapshot of AngularJS, but that's only needed when USE=web. +# +MOD_ALIAS=apache2_modules_alias +DEPEND="sys-devel/libtool + virtual/mailx + perl? ( dev-lang/perl ) + web? ( + app-arch/unzip + media-libs/gd[jpeg,png] + lighttpd? ( www-servers/lighttpd[php] ) + apache2? ( + || ( + >=www-servers/apache-2.4[${MOD_ALIAS},apache2_modules_cgi] + >=www-servers/apache-2.4[${MOD_ALIAS},apache2_modules_cgid] + >=www-servers/apache-2.4[${MOD_ALIAS},apache2_modules_fcgid] ) + || ( + dev-lang/php:*[apache2] + dev-lang/php:*[cgi] + dev-lang/php:*[fpm] ) + ) + )" +RDEPEND="${DEPEND} + vim-syntax? ( app-vim/nagios-syntax )" + +S="${WORKDIR}/${MY_P}" + +pkg_setup() { + enewgroup nagios + enewuser nagios -1 /bin/bash /var/nagios/home nagios +} + +src_configure() { + local myconf + + if use perl; then + myconf="${myconf} --enable-embedded-perl --with-perlcache" + fi + + if use !apache2 && use !lighttpd ; then + myconf="${myconf} --with-command-group=nagios" + else + if use apache2 ; then + myconf="${myconf} --with-command-group=apache" + myconf="${myconf} --with-httpd-conf=/etc/apache2/conf.d" + elif use lighttpd ; then + myconf="${myconf} --with-command-group=lighttpd" + fi + fi + + econf ${myconf} \ + --prefix=/usr \ + --bindir=/usr/sbin \ + --sbindir=/usr/$(get_libdir)/nagios/cgi-bin \ + --datadir=/usr/share/nagios/htdocs \ + --localstatedir=/var/nagios \ + --sysconfdir=/etc/nagios \ + --libexecdir=/usr/$(get_libdir)/nagios/plugins +} + +src_compile() { + emake CC=$(tc-getCC) nagios + + if use web; then + # Only compile the CGIs/HTML when USE=web is set. + emake CC=$(tc-getCC) DESTDIR="${D}" cgis html + fi +} + +src_install() { + dodoc Changelog INSTALLING LEGAL README.asciidoc UPGRADING + + emake DESTDIR="${D}" install-base + emake DESTDIR="${D}" install-basic + emake DESTDIR="${D}" install-config + emake DESTDIR="${D}" install-commandmode + + if use web; then + emake DESTDIR="${D}" install-cgis + + # install-html installs the new exfoliation theme + emake DESTDIR="${D}" install-html + + if use classicui; then + # This overwrites the already-installed exfoliation theme + emake DESTDIR="${D}" install-classicui + fi + + # Install cute Gentoo icons (bug #388323), setting their + # owner, group, and mode to match those of the rest of Nagios's + # images. + insopts --group=nagios --owner=nagios --mode=0664 + insinto /usr/share/nagios/htdocs/images/logos + doins "${WORKDIR}/${GENTOO_ICONS}"/*.* + insopts --mode=0644 # Back to the default... + fi + + newinitd "${FILESDIR}"/nagios4 nagios + newconfd "${FILESDIR}"/conf.d nagios + + if use web ; then + if use apache2 ; then + # Install the Nagios configuration file for Apache. + insinto "/etc/apache2/modules.d" + doins "${FILESDIR}"/99_nagios4.conf + elif use lighttpd ; then + # Install the Nagios configuration file for Lighttpd. + insinto /etc/lighttpd + newins "${FILESDIR}/lighttpd_nagios4.conf" nagios.conf + else + ewarn "${CATEGORY}/${PF} only supports apache or lighttpd" + ewarn "out of the box. Since you are not using one of them, you" + ewarn "will have to configure your webserver yourself." + fi + fi + + for dir in etc/nagios var/nagios ; do + chown -R nagios:nagios "${D}/${dir}" \ + || die "failed chown of ${D}/${dir}" + done + + chown -R root:root "${D}/usr/$(get_libdir)/nagios" \ + || die "failed chown of ${D}/usr/$(get_libdir)/nagios" + + # The following two find...exec statements will die properly as long + # as chmod is only called once (that is, as long as the argument + # list is small enough). + find "${D}/usr/$(get_libdir)/nagios" -type d \ + -exec chmod 755 '{}' + || die 'failed to make nagios dirs traversable' + + if use web; then + find "${D}/usr/$(get_libdir)/nagios/cgi-bin" -type f \ + -exec chmod 755 '{}' + || die 'failed to make cgi-bins executable' + fi + + keepdir /etc/nagios + keepdir /var/nagios + keepdir /var/nagios/archives + keepdir /var/nagios/rw + keepdir /var/nagios/spool/checkresults + + if use !apache2 && use !lighttpd; then + chown -R nagios:nagios "${D}"/var/nagios/rw \ + || die "failed chown of ${D}/var/nagios/rw" + else + if use apache2 ; then + chown -R nagios:apache "${D}"/var/nagios/rw \ + || die "failed chown of ${D}/var/nagios/rw" + elif use lighttpd ; then + chown -R nagios:lighttpd "${D}"/var/nagios/rw \ + || die "failed chown of ${D}/var/nagios/rw" + fi + fi + + chmod ug+s "${D}"/var/nagios/rw || die "failed chmod of ${D}/var/nagios/rw" + chmod 0750 "${D}"/etc/nagios || die "failed chmod of ${D}/etc/nagios" +} + +pkg_postinst() { + + if use web; then + elog "Note that your web server user requires read-only access to" + elog "${ROOT}etc/nagios." + + if use apache2 || use lighttpd ; then + elog + elog "To that end, we have changed the group of ${ROOT}etc/nagios" + elog "to that of your web server user." + elog + if use apache2; then + chown nagios:apache "${ROOT}etc/nagios" \ + || die "failed to change group of ${ROOT}etc/nagios" + + elog "To enable the Nagios web front-end, please edit" + elog "${ROOT}etc/conf.d/apache2 and add \"-D NAGIOS -D PHP5\"" + elog "to APACHE2_OPTS. Then Nagios will be available at," + elog + elif use lighttpd; then + chown nagios:lighttpd "${ROOT}etc/nagios" \ + || die "failed to change group of ${ROOT}etc/nagios" + elog "To enable the Nagios web front-end, please add" + elog "'include \"nagios.conf\"' to the lighttpd configuration" + elog "file at ${ROOT}etc/lighttpd/lighttpd.conf. Then Nagios" + elog "will be available at," + elog + fi + + elog " http://localhost/nagios/" + else + elog "Since you're not using either Apache or Lighttpd, you" + elog "will have to grant the necessary permissions yourself." + fi + fi + + elog + elog "If your kernel has /proc protection, nagios" + elog "will not be happy as it relies on accessing the proc" + elog "filesystem. You can fix this by adding nagios into" + elog "the group wheel, but this is not recomended." + elog +} -- cgit v1.2.3-65-gdbad