version bump

Package-Manager: portage-2.1.9.28/cvs/Linux x86_64

5 files changed, 282 insertions, 3 deletions

diff --git a/net-nds/389-admin/389-admin-1.1.13.ebuild b/net-nds/389-admin/389-admin-1.1.13.ebuild
new file mode 100644
index 000000000000..c8b3c4affe0b
--- /dev/null
+++ b/net-nds/389-admin/389-admin-1.1.13.ebuild
@@ -0,0 +1,169 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-nds/389-admin/389-admin-1.1.13.ebuild,v 1.1 2011/01/11 22:30:13 lxnay Exp $
+
+EAPI="2"
+
+WANT_AUTOMAKE="1.9"
+
+MY_PV=${PV/_rc/.rc}
+MY_PV=${MY_PV/_a/.a}
+
+inherit eutils multilib autotools depend.apache
+
+DESCRIPTION="389 Directory Server (admin)"
+HOMEPAGE="http://port389.org/"
+SRC_URI="http://directory.fedoraproject.org/sources/${PN}-${MY_PV}.tar.bz2"
+
+LICENSE="GPL-2 Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="debug ipv6 selinux"
+
+# TODO snmp agent init script
+
+COMMON_DEPEND=">=app-admin/389-admin-console-1.1.0
+	>=app-admin/389-ds-console-1.1.0
+	app-misc/mime-types
+	dev-libs/389-adminutil
+	dev-libs/cyrus-sasl
+	dev-libs/icu
+	dev-libs/mozldap
+	dev-libs/nss[utils]
+	|| ( <=dev-libs/nspr-4.8.3-r3[ipv6?] >=dev-libs/nspr-4.8.4 )
+	dev-libs/svrcore
+	net-analyzer/net-snmp[ipv6?]
+	selinux? (
+		sys-apps/checkpolicy
+		sys-apps/policycoreutils
+		sec-policy/selinux-base-policy
+	)
+	>=sys-libs/db-4.2.52
+	sys-libs/pam
+	sys-apps/tcp-wrappers[ipv6?]
+	www-apache/mod_nss
+	www-servers/apache:2[apache2_modules_actions,apache2_modules_alias,apache2_modules_auth_basic,apache2_modules_authz_default,apache2_modules_cgi,apache2_modules_mime_magic,apache2_modules_rewrite,apache2_modules_setenvif,suexec,threads]"
+RDEPEND="${COMMON_DEPEND} www-client/lynx"
+DEPEND="sys-apps/sed ${COMMON_DEPEND}"
+
+S="${WORKDIR}/${PN}-${MY_PV}"
+
+need_apache2_2
+
+src_prepare() {
+	# as per 389 documentation, when 64bit, export USE_64
+	use amd64 && export USE_64=1
+
+	epatch "${FILESDIR}/1.1.11_rc1/0001-gentoo-apache-names.patch"
+	epatch "${FILESDIR}/1.1.11_rc1/0003-find-mod_nss.m4.patch"
+	epatch "${FILESDIR}/1.1.11_rc1/0004-rpath-fix.configure.ac.patch"
+	# Configuration fixes
+	epatch "${FILESDIR}/${PN}-cfgstuff-1.patch"
+
+	# 1.1.14 backports
+	epatch "${FILESDIR}/1.1.14_backports"/*.patch
+
+	sed -e "s!SUBDIRS!# SUBDIRS!g" -i Makefile.am || die "sed failed"
+	# Setup default user/group, in this case it's dirsrv
+	sed -e "s!nobody!dirsrv!g" -i configure.ac || die "sed failed"
+
+	eautoreconf
+}
+
+src_configure() {
+	# stub autoconf triplet  :(
+	local myconf=""
+	use debug && myconf="--enable-debug"
+	use selinux &&  myconf="${myconf} --with-selinux"
+
+	econf \
+		--enable-threading \
+		--disable-rpath \
+		--with-fhs \
+		--with-apr-config \
+		--with-apxs=${APXS} \
+		--with-httpd=${APACHE_BIN} \
+		${myconf} || die "econf failed"
+}
+
+src_install () {
+
+	emake DESTDIR="${D}" install || die "emake failed"
+	keepdir /var/log/dirsrv/admin-serv
+
+	# remove redhat style init script.
+	rm -rf "${D}"/etc/rc.d
+	rm -rf "${D}"/etc/default
+
+	# install gentoo style init script.
+	newinitd "${FILESDIR}"/${PN}.initd ${PN}
+	newconfd "${FILESDIR}"/${PN}.confd ${PN}
+
+	# remove redhat style wrapper scripts
+	# and install gentoo scripts.
+	rm -rf "${D}"/usr/sbin/*-ds-admin
+	dosbin "${FILESDIR}"/*-ds-admin || die "cannot install gentoo start/stop scripts"
+
+	# In this version build systems for modules is delete :(
+	# manually install modules, not using apache-modules eclass
+	# because use bindled library
+
+	# install mod_admserv
+	exeinto "${APACHE_MODULESDIR}"
+	doexe "${S}/.libs"/mod_admserv.so || die "internal ebuild error: mod_admserv not found"
+
+	insinto "${APACHE_MODULES_CONFDIR}"
+	newins "${FILESDIR}/1.1.11_rc1"/48_mod_admserv.conf 48_mod_admserv \
+				|| die "internal ebuild error: 48_mod_admserv.conf not found"
+
+	# install mod_restard
+	exeinto "${APACHE_MODULESDIR}"
+	doexe "${S}/.libs"/mod_restartd.so || die "internal ebuild error: mod_restartd  not found"
+
+	insinto "${APACHE_MODULES_CONFDIR}"
+	newins "${FILESDIR}/1.1.11_rc1"/48_mod_restartd.conf 48_mod_restartd \
+		|| die "internal ebuild error: 48_mod_restard.conf not found"
+
+	if use selinux; then
+		local POLICY_TYPES="targeted"
+		cd "${S}"/selinux-build
+		cp /usr/share/selinux/${POLICY_TYPES}/include/Makefile  .
+		make || die "selinux policy compile failed"
+		insinto /usr/share/selinux/${POLICY_TYPES}
+		doins -r "${S}/selinux-build/"*.pp
+	fi
+
+}
+
+pkg_postinst() {
+
+	# show setup information
+	elog "Once you configured www-servers/apache as written above,"
+	elog "you need to run (as root): /usr/sbin/setup-ds-admin.pl"
+	elog
+
+	# show security and sysctl info
+	elog "It is recommended to setup net.ipv4.tcp_keep_alive_time"
+	elog "in /etc/sysctl.conf (or via sysctl -w && sysctl -p) to a reasonable"
+	elog "value (in milliseconds) to avoid temporary server congestions"
+	elog "from lost client connections"
+	elog
+
+	# /etc/security/limits.conf settings
+	elog "It is also recommended to fine tune the maximum open files"
+	elog "settings inside /etc/security/limits.conf:"
+	elog "* soft nofile 2048"
+	elog "* hard nofile 4096"
+	elog
+
+	elog "To start 389 Directory Server Administration Interface at boot"
+	elog "please add 389-admin service to the default runlevel:"
+	elog
+	elog "    rc-update add 389-admin default"
+	elog
+
+	elog "for 389 Directory Server Admin interface to work, you need"
+	elog "to setup a FQDN hostname and use it while running /usr/sbin/setup-ds-admin.pl"
+	elog
+
+}
diff --git a/net-nds/389-admin/ChangeLog b/net-nds/389-admin/ChangeLog
index 55c4e22bf1ca..3c0129f66df3 100644
--- a/net-nds/389-admin/ChangeLog
+++ b/net-nds/389-admin/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for net-nds/389-admin
-# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-nds/389-admin/ChangeLog,v 1.5 2010/11/12 06:36:48 lxnay Exp $
+# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-nds/389-admin/ChangeLog,v 1.6 2011/01/11 22:30:13 lxnay Exp $
+
+*389-admin-1.1.13 (11 Jan 2011)
+
+  11 Jan 2011; Fabio Erculiani <lxnay@gentoo.org>
+  +files/1.1.14_backports/0000-selinux-crash-fix.patch,
+  +389-admin-1.1.13.ebuild,
+  +files/1.1.14_backports/0001-ssl-segfault-fix.patch:
+  version bump
 
 *389-admin-1.1.11_rc1-r1 (12 Nov 2010)
 
diff --git a/net-nds/389-admin/Manifest b/net-nds/389-admin/Manifest
index 54e38772f770..4569fb508a3a 100644
--- a/net-nds/389-admin/Manifest
+++ b/net-nds/389-admin/Manifest
@@ -4,6 +4,8 @@ AUX 1.1.11_rc1/0004-rpath-fix.configure.ac.patch 633 RMD160 369fcbdc4ac78e97657a
 AUX 1.1.11_rc1/0010-gentoo_selinux_makefile.patch 410 RMD160 740270c1331e29ac752b3ec83539032d3f88dc45 SHA1 3ee1abf259af424a5b6b2573e145b2d321bbf40c SHA256 c0102c8c33a482782005de62cc1f2b0a7c30e8985d4803a097a593f9bbaa71aa
 AUX 1.1.11_rc1/48_mod_admserv.conf 87 RMD160 ccd49a802e45a0300867438651f7782861f92a3f SHA1 002a39651cc2f4ce9364b06620c1fa8a69887ff6 SHA256 99b42c7de91de448b5974360820c27f89a641ff59e6bdac46595ca8043058f84
 AUX 1.1.11_rc1/48_mod_restartd.conf 126 RMD160 c60b0d5ab784508f670ded3015e1a7bcfd0a7209 SHA1 e3d842b3f358116c10f01987ecc89d05ac06549f SHA256 48561ef7da874d08bab5e97b1eecdda77680d1b9e417507da1afa3c62fbcc958
+AUX 1.1.14_backports/0000-selinux-crash-fix.patch 1070 RMD160 48bb6e3a3222975804be74cc64f22e553e6769dc SHA1 1f2e7e96ff5d118e2326ef41b02bf944af0c53e6 SHA256 bee21fd38ba52ed8a8ce210723895480a4b761c117102c2c82bd2a7c84232409
+AUX 1.1.14_backports/0001-ssl-segfault-fix.patch 3288 RMD160 49d1cae63f0db0864903e54e7e002547c295d49b SHA1 c8a1a0863f2222c636ff683efa62a287983ad610 SHA256 059bbd1a377305eeb1af39077e3705d8daa163bd26491caa20203b8dc8777111
 AUX 389-admin-cfgstuff-1.patch 2035 RMD160 75f4bb6ebaa0aeb7da954dcb3b66e920c9274ccf SHA1 fc46e58875fc64cd1fa0c9c72c8078e0a99e0316 SHA256 baa2f8c5f7d9e62d9c983edcac2620b2bc480ba4004eee2559740dfb3ffcd9c6
 AUX 389-admin.confd 3083 RMD160 0b897c6b0593ec4ba2b30e4b4181215bd32ae461 SHA1 d190753070fc63520e611e5c0a306a4f563fd342 SHA256 c70ca2808bd07d31bd6b25103fb54234ec4f7c714c31d4350e9c91dee41be9f2
 AUX 389-admin.initd 3859 RMD160 167897d14de1b9846ee4ff0f59690c6ed61893b4 SHA1 ed00bc22656cc58bc59f4097c4015e92621692b8 SHA256 3050b923f9cf8b2da66ce8019526a4738646ef0caa97aeeb7a0d46013e2004b7
@@ -11,6 +13,8 @@ AUX restart-ds-admin 155 RMD160 5b0323ca05f75e08c043fbb4f6221e6688d4f24c SHA1 f2
 AUX start-ds-admin 153 RMD160 b77b3e0a6d4658869e0cbf1d001e480c3141b14a SHA1 686d2748d781301dfc2f83b373efda9fbcbc253e SHA256 c4df46c6041fb11d0069ee2837361c12a05b349ac259bb9c29fa0b389de416ec
 AUX stop-ds-admin 152 RMD160 64e8627ceed23664432ced3311442c9088ded19e SHA1 101045da509e09a3f84f8cbdc41a6dd3dd6d37f3 SHA256 4e7ecdeb64807b8ce0b2da4dca8c1bb9511c8babbfe8d7ae1c9e63f490070685
 DIST 389-admin-1.1.11.rc1.tar.bz2 657171 RMD160 0bc411e0d0ed944be68f69d79378c980c54d9f22 SHA1 1e48f1f8a742476ffb2560802b3fc8c230f5db0c SHA256 8712d7a5b0ca721470a65585f359cfe4fa923996478228781393375e0d4d197e
+DIST 389-admin-1.1.13.tar.bz2 665138 RMD160 ae3eca19a0c3cf83c0d19c817d0d0f93da3b45c5 SHA1 4b169fefbb6357909778a500dca7a7ca63903be1 SHA256 7dd66dd3d2e1604f093e32f4655f140ae1b8def81dbd53c910dde1dbef1bf1a1
 EBUILD 389-admin-1.1.11_rc1-r1.ebuild 4829 RMD160 79a5d93d06545fa377c4d20d41f023753422fd66 SHA1 bbd90b65ae19df06a00f65a494544ccfc80ab9a8 SHA256 d1842e6347a272189eb367416a150a83d7c0f72701abf454466d5e245fbc57a9
-MISC ChangeLog 1453 RMD160 084e4dc17e11bbac3b90904a383e629e5dcbf301 SHA1 fbf8dc14daf6aa175324eb249a973777fd364a6c SHA256 e07a60defc4fc740b670ddb923b76df7630799a8c5538d944183128907422e8f
+EBUILD 389-admin-1.1.13.ebuild 5055 RMD160 865d9762591e0813202cce32dba0c54d8a3c4883 SHA1 1c18f26408b380d8ccef2e8c5a3ff532f66b4d83 SHA256 50594c40606c86550288cc978d849d0fa5d6c3bd8c23fbd68e93a1c7c49006fc
+MISC ChangeLog 1691 RMD160 2a5031b4db2b02fb91376f424ed608b6a59c097c SHA1 1942fd893b35160f73c28f87b4358a99a7927e42 SHA256 6a8286fe5f835e1f40fcf51df8c29e214c0d263318682b7b6da7adb6635b9c28
 MISC metadata.xml 527 RMD160 f5e5e8933b5d37c85fde74c92266727f7f11b3b9 SHA1 3836ea478456bd04e65d2adc262200b48faf36b9 SHA256 9b67f22fea1b3f65cfaec5ef7d4d1f411436c87c9ffb107c5e6bc604b77cd31a
diff --git a/net-nds/389-admin/files/1.1.14_backports/0000-selinux-crash-fix.patch b/net-nds/389-admin/files/1.1.14_backports/0000-selinux-crash-fix.patch
new file mode 100644
index 000000000000..1917acd7aacd
--- /dev/null
+++ b/net-nds/389-admin/files/1.1.14_backports/0000-selinux-crash-fix.patch
@@ -0,0 +1,29 @@
+From 6d86721d58f9dd150c970f61911c8a8bc2c8c050 Mon Sep 17 00:00:00 2001
+From: Nathan Kinder <nkinder@redhat.com>
+Date: Tue, 4 Jan 2011 15:03:29 -0800
+Subject: [PATCH] Bug 638511 - dirsrv-admin crashes at startup with SELinux enabled
+
+On RHEL5, starting the dirsrv-admin service with SELinux enabled
+will cause httpd child processes to repeatedly crash.  The context
+used by the dirsrv-admin start scripts needs some additional
+process capabilities to fix this problem.
+---
+ selinux/dirsrv-admin.te |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/selinux/dirsrv-admin.te b/selinux/dirsrv-admin.te
+index 51c2dc6..4c842d9 100644
+--- a/selinux/dirsrv-admin.te
++++ b/selinux/dirsrv-admin.te
+@@ -78,7 +78,7 @@ ifdef(`targeted_policy',`
+ 
+ # Needed for stop and restart scripts
+ dirsrv_read_var_run(dirsrvadmin_t)
+-allow dirsrvadmin_t httpd_t:process signal;
++allow dirsrvadmin_t httpd_t:process { signal siginh rlimitinh noatsecure };
+ allow dirsrvadmin_t httpd_var_run_t:file read_file_perms;
+ 
+ ########################################
+-- 
+1.5.5.6
+
diff --git a/net-nds/389-admin/files/1.1.14_backports/0001-ssl-segfault-fix.patch b/net-nds/389-admin/files/1.1.14_backports/0001-ssl-segfault-fix.patch
new file mode 100644
index 000000000000..f56b00253900
--- /dev/null
+++ b/net-nds/389-admin/files/1.1.14_backports/0001-ssl-segfault-fix.patch
@@ -0,0 +1,69 @@
+From f08ab2ae5a9ce1ed7d5187f5e93a7e7854faacf3 Mon Sep 17 00:00:00 2001
+From: Rich Megginson <rmeggins@redhat.com>
+Date: Wed, 5 Jan 2011 15:47:28 -0700
+Subject: [PATCH] Bug 664671 - Admin server segfault when full SSL access (http+ldap+console) required
+
+https://bugzilla.redhat.com/show_bug.cgi?id=664671
+Resolves: bug 664671
+Bug Description: Admin server segfault when full SSL access (http+ldap+console) required
+Reviewed by: ???
+Branch: master
+Fix Description: Do not call NSS_Shutdown in mod_admserv.  It should always
+be called in mod_nss, after mod_admserv_unload is called.  The only thing
+we need to do in mod_admserv_unload() is to clear the session cache to
+release any resources acquired by mod_admserv.  mod_nss unload will take
+care of the rest.
+Platforms tested: RHEL5 i386
+Flag Day: no
+Doc impact: no
+---
+ mod_admserv/mod_admserv.c |   27 +++++++++++----------------
+ 1 files changed, 11 insertions(+), 16 deletions(-)
+
+diff --git a/mod_admserv/mod_admserv.c b/mod_admserv/mod_admserv.c
+index ec7397c..6f96669 100644
+--- a/mod_admserv/mod_admserv.c
++++ b/mod_admserv/mod_admserv.c
+@@ -2223,28 +2223,23 @@ host_ip_init(apr_pool_t *p, apr_pool_t *plog,
+  * NSS caches SSL client session information - this cache must be cleared, otherwise
+  * NSS_Shutdown will give an error.  mod_nss also does this (along with the NSS_Shutdown)
+  * It is ok to call SSL_ClearSessionCache multiple times.
++ * The actual NSS_Shutdown is done in mod_nss.  Note that we cannot call NSS_Shutdown
++ * here - if NSS_Shutdown fails because mod_nss still has server caches referenced,
++ * NSS will be left in a bad state - it won't really be shutdown because of the outstanding
++ * references, but NSS_IsInitialized will return false, and NSS_Initialize will fail.
++ * So we must be careful here to just release any references we have.
++ * The assumption here is that mod_nss is loaded before mod_admserv (which will usually
++ * happen since it is listed first in the httpd.conf) - but note that module unload
++ * happens in _reverse_ order - so mod_admserv_unload will be called _before_ the
++ * mod_nss unload function.  If this ever changes, we will need to figure out some other
++ * way to ensure that NSS_Shutdown is only ever called once, and only after all caches
++ * and other resources have been released.
+  */
+ static
+ apr_status_t mod_admserv_unload(void *data)
+ {
+     if (NSS_IsInitialized()) {
+-        SECStatus status;
+         SSL_ClearSessionCache();
+-        status = NSS_Shutdown();
+-        if (status != SECSuccess) {
+-            PRErrorCode prerr = PR_GetError();
+-            if (prerr == SEC_ERROR_NOT_INITIALIZED) {
+-                ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
+-                             "Unable to shutdown NSS - not initialized");
+-            } else if (prerr == SEC_ERROR_BUSY) {
+-                ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
+-                             "Unable to shutdown NSS - still busy - assume mod_nss is holding references - continuing");
+-            } else {
+-                ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL,
+-                             "Unable to shutdown NSS - [%d:%s]",
+-                             prerr, SSL_Strerror(prerr));
+-            }
+-        }
+     }
+     return OK;
+ }
+-- 
+1.5.5.6
+