diff options
| author |   Alin Năstac <mrness@gentoo.org> | 2005-11-20 05:55:23 +0000 |
|---|---|---|
| committer | Alin Năstac <mrness@gentoo.org> | 2005-11-20 05:55:23 +0000 |
| commit | 75320681bddeb772689bd81f0677a2c99c1608ed (patch) | |
| tree | 5b92e16cf1f72d8c5e3590222cb4db7ffbd681a2 /net-proxy | |
| parent | Stable on mips, bug #112226. (diff) | |
| download | gentoo-2-75320681bddeb772689bd81f0677a2c99c1608ed.tar.gz gentoo-2-75320681bddeb772689bd81f0677a2c99c1608ed.tar.bz2 gentoo-2-75320681bddeb772689bd81f0677a2c99c1608ed.zip | |
ver bump (#112260)
(Portage version: 2.0.51.22-r3)
Diffstat (limited to 'net-proxy')
| -rw-r--r-- | net-proxy/bfilter/ChangeLog | 8 | ||||
| -rw-r--r-- | net-proxy/bfilter/Manifest | 15 | ||||
| -rw-r--r-- | net-proxy/bfilter/bfilter-0.10.1.ebuild | 64 | ||||
| -rw-r--r-- | net-proxy/bfilter/files/bfilter-0.10.1-droppriv.patch | 127 | ||||
| -rw-r--r-- | net-proxy/bfilter/files/digest-bfilter-0.10.1 | 1 |
5 files changed, 203 insertions, 12 deletions
diff --git a/net-proxy/bfilter/ChangeLog b/net-proxy/bfilter/ChangeLog index f8b2952d0d9a..f3d512f7a2e7 100644 --- a/net-proxy/bfilter/ChangeLog +++ b/net-proxy/bfilter/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for net-proxy/bfilter # Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-proxy/bfilter/ChangeLog,v 1.1 2005/09/19 05:35:35 mrness Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-proxy/bfilter/ChangeLog,v 1.2 2005/11/20 05:55:23 mrness Exp $ + +*bfilter-0.10.1 (20 Nov 2005) + + 20 Nov 2005; Alin Nastac <mrness@gentoo.org> + +files/bfilter-0.10.1-droppriv.patch, +bfilter-0.10.1.ebuild: + Version bump (#112260). Credit goes to Alan Swanson <swanson@ukfsn.org>. *bfilter-0.9.4 (18 Sep 2005) diff --git a/net-proxy/bfilter/Manifest b/net-proxy/bfilter/Manifest index 6fe320946e16..62103d06811a 100644 --- a/net-proxy/bfilter/Manifest +++ b/net-proxy/bfilter/Manifest @@ -1,18 +1,11 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - MD5 f0ccb6eae44507f9faf8faf911bc9b9a bfilter-0.9.4.ebuild 1259 -MD5 04de055e268efcd15fcf2790fd58a71b ChangeLog 505 +MD5 7501f43f364f7a2b55a2fdbf5b0a43e6 bfilter-0.10.1.ebuild 1731 +MD5 459698d9736f92d185bb5099df004e3e ChangeLog 723 MD5 2b32df81d3a9693c235baddd9386cce9 metadata.xml 1179 +MD5 8c7f7fd24bd2fc2681e185c511db4d57 files/digest-bfilter-0.10.1 67 MD5 59c8af85f08eaafc38f6c3421caa8ca3 files/bfilter-0.9.4-droppriv.patch 5108 MD5 e6e2c311139ed184131d6a945b12a3fb files/digest-bfilter-0.9.4 66 MD5 51acec84c4acfc995ab2a02fd8a3c7fe files/bfilter.8 9512 +MD5 13b255051243f8ef4f66a4118d4a1cbd files/bfilter-0.10.1-droppriv.patch 3650 MD5 598c43884dae3c39ecd580f74fbf5bef files/bfilter.conf 154 MD5 cf9b6d00bed0c12ed1fc046cda9b49e5 files/bfilter.init 493 ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.1 (GNU/Linux) - -iD8DBQFDLk4+NSP4Vda7IdsRApnQAJ4jGiEGDIrq7SRfGU4NVc/Zg9KMRgCgj2xx -0ix4zKv2Os0caEGIS+2i3TA= -=zGg0 ------END PGP SIGNATURE----- diff --git a/net-proxy/bfilter/bfilter-0.10.1.ebuild b/net-proxy/bfilter/bfilter-0.10.1.ebuild new file mode 100644 index 000000000000..5da519579582 --- /dev/null +++ b/net-proxy/bfilter/bfilter-0.10.1.ebuild @@ -0,0 +1,64 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-proxy/bfilter/bfilter-0.10.1.ebuild,v 1.1 2005/11/20 05:55:23 mrness Exp $ + +inherit eutils + +DESCRIPTION="An ad-filtering web proxy featuring an effective heuristic ad-detection algorithm" +HOMEPAGE="http://bfilter.sourceforge.net/" +SRC_URI="mirror://sourceforge/bfilter/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~x86" +IUSE="X debug" + +RDEPEND="sys-libs/zlib + dev-libs/ace + =dev-libs/libsigc++-1.2* + X? ( =dev-cpp/gtkmm-2.4* )" +DEPEND="${RDEPEND} + dev-util/scons + dev-util/pkgconfig" + +src_unpack() { + unpack ${A} + + # Provide user, group and chroot privilege lowering + epatch ${FILESDIR}/${P}-droppriv.patch +} + +src_compile() { + econf `use_enable debug` `use_with X gui` || die "econf failed" + emake -j1 || die "emake failed" +} + +src_install() { + make DESTDIR="${D}" install || die "make install failed" + + # This is also created by openssh for privilege separation + keepdir /var/empty + + #doman ${FILESDIR}/bfilter.8 + + dodoc AUTHORS ChangeLog + dohtml doc/*.png doc/*.jpg doc/*.html + + newinitd ${FILESDIR}/bfilter.init bfilter + newconfd ${FILESDIR}/bfilter.conf bfilter +} + +pkg_preinst() { + enewgroup bfilter + enewuser bfilter -1 -1 -1 bfilter +} + +pkg_postinst() { + if has_version =${CATEGORY}/${PN}-0.9.4 ; then + ewarn "Please note that the filtering configuration files have been changed." + ewarn "Any custom settings defined in the rules and rules.local files" + ewarn "need to be converted to the new url and url.local files" + ewarn "(the old rules and rules.local can then be deleted). " + ewarn "See http://bfilter.sourceforge.net/doc/url-patterns.php for further details." + fi +} diff --git a/net-proxy/bfilter/files/bfilter-0.10.1-droppriv.patch b/net-proxy/bfilter/files/bfilter-0.10.1-droppriv.patch new file mode 100644 index 000000000000..01e852ffc0c6 --- /dev/null +++ b/net-proxy/bfilter/files/bfilter-0.10.1-droppriv.patch @@ -0,0 +1,127 @@ +diff -ur bfilter-0.10.1/main/daemon/Daemon.cpp bfilter-0.10.1-droppriv/main/daemon/Daemon.cpp +--- bfilter-0.10.1/main/daemon/Daemon.cpp 2005-10-10 23:52:20.000000000 +0100 ++++ bfilter-0.10.1-droppriv/main/daemon/Daemon.cpp 2005-11-14 20:05:40.000000000 +0000 +@@ -52,6 +52,10 @@ + #include <deque> + #include <list> + #include <cstdlib> ++#include <sys/stat.h> ++#include <pwd.h> ++#include <grp.h> ++#include <netdb.h> + + namespace po = boost::program_options; + using namespace std; +@@ -340,6 +344,69 @@ + } + + bool ++Daemon::droppriv(std::string const& chrootdir, std::string const& user, std::string const& group) ++{ ++ uid_t uid = 0; ++ uid_t gid = 0; ++ ++ if (!chrootdir.empty() || !user.empty() || !group.empty()) { ++ struct stat stat_r; ++ struct passwd *user_r; ++ struct group *group_r; ++ ++ if (getuid()) { ++ std::cerr << "Cannot lower privileges, not running as root" << std::endl; ++ return false; ++ } ++ if (!chrootdir.empty() && stat(chrootdir.c_str(), &stat_r)) { ++ if (!S_ISDIR(stat_r.st_mode)) { ++ std::cerr << "Cannot lower privileges, chroot directory does not exist" << std::endl; ++ return false; ++ } ++ } ++ if (!user.empty()) { ++ user_r = getpwnam(user.c_str()); ++ if (user_r) { ++ uid = user_r->pw_uid; ++ } else { ++ std::cerr << "Cannot lower privileges, unknown user" << std::endl; ++ return false; ++ } ++ } ++ if (!group.empty()) { ++ group_r = getgrnam(group.c_str()); ++ if (group_r) { ++ gid = group_r->gr_gid; ++ } else { ++ std::cerr << "Cannot lower privileges, unknown group" << std::endl; ++ return false; ++ } ++ } ++ } ++ ++ if (!chrootdir.empty()) { ++ // Using gethostbyname before chrooting means that the chroot ++ // directory can be empty (no etc/resolv.conf or dynamically ++ // loaded lib/libnss* libraries). Using localhost here to ++ // prevent remote name resolution does not work. ++ gethostbyname("slashdot.org"); ++ if (chroot(chrootdir.c_str())) { ++ std::cerr << "Cannot lower privileges, chroot directory no longer exists" << std::endl; ++ return false; ++ } ++ chdir("/"); ++ } ++ if (gid) { ++ setgroups(0, NULL); ++ setgid(gid); ++ } ++ if (uid) { ++ setuid(uid); ++ } ++ return true; ++} ++ ++bool + Daemon::run(bool nodaemon) + { + if (!nodaemon) { +@@ -447,13 +514,19 @@ + { + bool nodaemon = false; + std::string confdir = string(SYSCONFDIR) + "/bfilter"; +- ++ std::string chrootdir; ++ std::string user; ++ std::string group; ++ + try { + po::options_description desc("Allowed options"); + desc.add_options() + ("help,h", "Print help message") + ("version,v", "Print version") + ("confdir,c", po::value<string>(&confdir), "Set custom config directory") ++ ("chroot,r", po::value<string>(&chrootdir), "Set chroot directory") ++ ("user,u", po::value<string>(&user), "Set unprivileged user") ++ ("group,g", po::value<string>(&group), "Set unprivileged group") + ("nodaemon,n", po::bool_switch(&nodaemon), "Disable background daemon mode") + ; + po::variables_map vm; +@@ -476,6 +549,9 @@ + if (!daemon.init(confdir)) { + exit(EXIT_FAILURE); + } ++ if (!daemon.droppriv(chrootdir, user, group)) { ++ exit(EXIT_FAILURE); ++ } + if (!daemon.run(nodaemon)) { + exit(EXIT_FAILURE); + } +diff -ur bfilter-0.10.1/main/daemon/Daemon.h bfilter-0.10.1-droppriv/main/daemon/Daemon.h +--- bfilter-0.10.1/main/daemon/Daemon.h 2005-01-14 16:54:32.000000000 +0000 ++++ bfilter-0.10.1-droppriv/main/daemon/Daemon.h 2005-11-14 18:22:58.000000000 +0000 +@@ -33,7 +33,7 @@ + { + public: + bool init(std::string const& confdir); +- ++ bool droppriv(std::string const& chrootdir, std::string const& user, std::string const& group); + bool run(bool nodaemon); + private: + class ConfigErrorHandler; diff --git a/net-proxy/bfilter/files/digest-bfilter-0.10.1 b/net-proxy/bfilter/files/digest-bfilter-0.10.1 new file mode 100644 index 000000000000..8f7fca3ca0df --- /dev/null +++ b/net-proxy/bfilter/files/digest-bfilter-0.10.1 @@ -0,0 +1 @@ +MD5 1c2439a22e9674feeba8cfbf337191e3 bfilter-0.10.1.tar.gz 2346339 |