Security bump (bug 524290). Remote syslog PRI vulnerability (CVE-2014-3683)

Package-Manager: portage-2.2.14_rc1/cvs/Linux x86_64 Manifest-Sign-Key: 0x981CA6FC
author: Lars Wendler <polynomial-c@gentoo.org> 2014-10-02 15:03:25 +0000
committer: Lars Wendler <polynomial-c@gentoo.org> 2014-10-02 15:03:25 +0000
commit: f8708bdb975468b37021c910b71e51cb0e7d6c99 (patch)
tree: a5b8419226543945d3a57e7b7394b7da6420e265 /app-admin/rsyslog
parent: add missed dep for doc build (diff)
download: historical-f8708bdb975468b37021c910b71e51cb0e7d6c99.tar.gz
historical-f8708bdb975468b37021c910b71e51cb0e7d6c99.tar.bz2
historical-f8708bdb975468b37021c910b71e51cb0e7d6c99.zip
4 files changed, 374 insertions, 5 deletions
diff --git a/app-admin/rsyslog/ChangeLog b/app-admin/rsyslog/ChangeLog
index 58d116d86cec..4a0389aa3311 100644
--- a/app-admin/rsyslog/ChangeLog
+++ b/app-admin/rsyslog/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for app-admin/rsyslog
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/rsyslog/ChangeLog,v 1.121 2014/10/01 10:58:52 jer Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/rsyslog/ChangeLog,v 1.122 2014/10/02 15:03:24 polynomial-c Exp $
+
+*rsyslog-8.4.2 (02 Oct 2014)
+
+  02 Oct 2014; Lars Wendler <polynomial-c@gentoo.org> +rsyslog-8.4.2.ebuild,
+  +files/8-stable/10-respect_CFLAGS.patch:
+  Security bump (bug 524290). Remote syslog PRI vulnerability (CVE-2014-3683).
 
   01 Oct 2014; Jeroen Roovers <jer@gentoo.org> rsyslog-8.4.1.ebuild:
   Stable for HPPA (bug #524058).
diff --git a/app-admin/rsyslog/Manifest b/app-admin/rsyslog/Manifest
index bac5ab888a36..aa368a1c19d8 100644
--- a/app-admin/rsyslog/Manifest
+++ b/app-admin/rsyslog/Manifest
@@ -17,6 +17,7 @@ AUX 7-stable/rsyslog.initd 985 SHA256 7b3b32e89c051566b68c5e5a077cd5960da183e071
 AUX 7-stable/rsyslog.initd-r1 1708 SHA256 35277ef9d6b9e12780ba0806ae9c99047421d9e5ed77734c344235c803d9677a SHA512 d27e28f4a45efcdf772112d38302e035777a24a5f5027385cb4b9fdef4c39aee10033e854ecdb6d9a3243026178ebcbf06e71b44a1dfe1872b8956c3d3c8fa0d WHIRLPOOL b5cd17afaacde85471483c645a339f9588a387452f73525769a2a55f710da3697890e81593d06e2156c82a82a207598c009ab5c0ea9095989d16dafbec9b108c
 AUX 7-stable/rsyslog.logrotate 555 SHA256 fe65a914ad2a90bc07dae4fe879fdc5d50c930062107528c817de4b1eb460aec SHA512 bb6354a10d7b9421ece10f5f54cca235b9195653fa33c1498995a4b538002c6eeb38eb5c44b8f41b6d8ca18ec65966587be789a8ece516ffb6cbb0557bb0f146 WHIRLPOOL ea73d1bc538ec472ed4dff35ef2a8fb0cd3b664c8cae9c7148b57ec45f5c13133ad21ca6586a1faf09b8c666ea54a91d5bd9c1206553aa7aed0325355e4c3f0e
 AUX 7-stable/rsyslog.logrotate-r1 690 SHA256 88d8587f25e222721a7db82948b43b1e9912a6599f0835dfcffee19600dffad4 SHA512 f51c61aef8e107a2e8865ff59e5ab3211db6105ad23f142369ee71519fc797113ec409e85788acf315f793f0fc57e93ccb3db2020974cc2dc17ec56a700b4bc6 WHIRLPOOL fd47e469e152772dd977d5329d2df4a1868bbb62c661a0d148eb10317a34f7c5cf8a93a36bd58741c0058d28db5ee5a0ab15260fc12c98eb1a27f9bb6aca524b
+AUX 8-stable/10-respect_CFLAGS.patch 646 SHA256 e1c28e8088a9237d3987da5b6902235eb11de3343f3d3516cb4f011d25f70cac SHA512 446ae1bd61817ed20012b504db81daeb2b8e121d82ca4c6dc561a3e468e740d676ac695dfc46c4417b62c3d97fcd4b2db9e9207ef65017eda2a090a9fc209594 WHIRLPOOL 2bc4c4800c9f0650f181fa1095cc4b5c495936a5a3bd82b50281b4d23dbf76fdd2d10d0419c13284f345496ca0006781efe7a0f51edc1d6f858b04ad63b7453f
 AUX 8-stable/50-default.conf 1701 SHA256 61c1dd1450f574a21a8d8375faaf3e42f9856df91011150ff13c0cfddc86ed41 SHA512 33e4e63239b9112fec1a37115ac80ab8dbd6e7189d9d29b1bc743c433e0124ea0d1a4cf6f7ada9e5b92e9b0025b6617a1a16f4c491e743bbf4327a5f376a1ea9 WHIRLPOOL d33b83bb690e78b5e5f7cfc090d21da03615c891a287b1f3a92a51514dcad1f5dfe8d2ceed867b3007768d47f48d207fac43a1ff33a85b24c21a5531cdf9d311
 AUX 8-stable/README.gentoo 1126 SHA256 29b4c68f521f2f1f138f44c4635da1a270fed9cbd4a780569754080987aa777c SHA512 46fdf3350e2005d3ef588d50dfc6d474a1b5d3010329b656879a43cbbd7be0cd91944b88d3838f45f69c830fc28c42e7fac2cd52e0a4b24bb6780562d59ae384 WHIRLPOOL a1a3ec8b887110a01e8c1c1320f25493dd8ff343e4b08780c30c9bc3bb842afa0ef79db08195db876697c1a69807f49a8b3793609d25f78559fa534507fc195e
 AUX 8-stable/rsyslog.conf 1562 SHA256 fc70a94213b5eb519febf9aa7d758ee9526433bcc5683bcb7451d16e65a2f5b0 SHA512 1720174fab020e2de590f3d6bbb03784aca1928fe05f7e75e02fb4597cb8b2ee755e6deb8e8f989060511044ae483f791f496f24e0eecaf27eb9e0b5e20a2c7a WHIRLPOOL 97cf3fdee62a9339b412ebe93b71b2d6804df60aad9cb7e71779fcaddb01d489e38bbb353557864ea38aba384e664e6da636812c3c078ed9e22e261ed7b78cba
@@ -25,15 +26,28 @@ AUX 8-stable/rsyslog.initd 1711 SHA256 204c66d2b7d4d20115acc7499708cf538538fe1c1
 AUX 8-stable/rsyslog.logrotate 682 SHA256 89cc8f13c1f7a3ae446b40da7b31cdf471e2c9e2d3d5b8f48e524f7a82fbff89 SHA512 6c58abd2f02157177a61695f53eccbf201c514821b0c551a4812621e8d3dd2da9b5cd651d93860cb51ebdbdc7056d0ef0dde99c2a57ac3c43aa968a141805912 WHIRLPOOL 9d29c2c9351252887c3dad78962df942bb1cd7387eb44e3c98764319f82d90c42d255a5642c55bb37811fb903e1c5314ca536bc9d32ccfd0535f0579f4e25ff0
 DIST rsyslog-7.4.4.tar.gz 2910075 SHA256 276d094d1e4c62c770ec8a72723667f119eee038912b79cf3337d439bc2f9087 SHA512 cefaa0d5c5e9deb8a6e049a5b6c4503a9f30bfe89324a06f3e8ac6d85334bbddfec9e81010a1821ad5f902347bbc519e92d501783f77bd12f29e216a9abbfc08 WHIRLPOOL 0ba87e3edd7e0eba6ceaeef251d9e29d580452e0305c9df9577769abd53e01345a86de45c0289b945eca3d283838d7cbc4d36eb04ba8105fe3cb754c06a759b9
 DIST rsyslog-8.4.1.tar.gz 1938151 SHA256 1c7f3e8ebb7f9865dd4100c4982d50567dded2218177086d1e02d698e352d8ac SHA512 20b57554d1e097b392eca2dc3dc472330072c9ccdb190d4291e952508c6392ef832041ba9aef1e2e52a5df586326958b582764bbe6cf01648cf1b11bd80ac8a6 WHIRLPOOL 8de09b6c04520d0171e27f5fb8df570ce7a8ab2ed1fda17a6ff56a2207de475761341d13813e077538e63c16e7b619e53347682e75f0629dbd6b094c6ec61fa4
+DIST rsyslog-8.4.2.tar.gz 1938563 SHA256 71c3c6dac74fba2692f9fefb092cd3d22e2bd71eb702e0da06648de51b8b7b9a SHA512 f3a8af9c859fac4f490d8836f2083125c2daddf0647df06318628ad92cb63538612ecdc78f725bd3e3725a3c79f0c06a67fafe6a2fd5c9194fa18020de6d3847 WHIRLPOOL b4a17389215202158721739b216f43602668c62d52f169362a548f8db0fdc2c8e8114eb8b12727f638ede3077f1172d5077eb9dc64c5f29e28282cee145e098e
 DIST rsyslog-doc-8.4.1.tar.gz 4066598 SHA256 21862b046b3504f136f9b8961466f2b248ac315c67de8742bd4a35c599f3dd48 SHA512 cbb46e219af5a7b9c60e3a60a75713f88405f7a4036f9d308f17a06ae8e8db0bdff9eae5807a067b9347a0aad264ef9ed73e6587502df2de412569f6d13b7ff6 WHIRLPOOL 97f4de085bf388523df8fa245607c965b0bfdeb13f28c6659f4a267fccaa9f6f7a898cc2f68822796ad69266e5593297db572a9679c8e20e5bc5fd6d26d067f5
+DIST rsyslog-doc-8.4.2.tar.gz 4066598 SHA256 21862b046b3504f136f9b8961466f2b248ac315c67de8742bd4a35c599f3dd48 SHA512 cbb46e219af5a7b9c60e3a60a75713f88405f7a4036f9d308f17a06ae8e8db0bdff9eae5807a067b9347a0aad264ef9ed73e6587502df2de412569f6d13b7ff6 WHIRLPOOL 97f4de085bf388523df8fa245607c965b0bfdeb13f28c6659f4a267fccaa9f6f7a898cc2f68822796ad69266e5593297db572a9679c8e20e5bc5fd6d26d067f5
 EBUILD rsyslog-7.4.4.ebuild 7068 SHA256 5fd6b6681b9fb7677ed00541237ce6e1b1eede86c9ac4ecfff56a1ccd2aae4a1 SHA512 e979da21fde67ce6d759273cdc0cfd138d2fd4dd7550650d7a467ca5484f0eac4ce0832e13fef7ffe638f005b91eed940037e8784fc7772b1d46823c62554c3a WHIRLPOOL dfa887210559f405484b59ad0f22015dc9a832f474af108652a9defddc8ab4329e8855322904b110fc2e0cbe65805839772d6dd00ef5d1db283d2cd6b83d864f
 EBUILD rsyslog-8.4.1.ebuild 9492 SHA256 1a44d61cdbbb28ba25e07d9d26c4d6391cb5d80ada8a88e74af24c24c72a99ca SHA512 84e4abed7bc0eecabb76a7d867dde041a4607eb1abb42f38ef1b5352aeb046c340c644484fbf6fc032e4ece602a073096fc2bf73577027fbbef473b4f437c8a3 WHIRLPOOL ca837e6a8fb4b92daff3c5ad6fc9e8b418ef81565083d62a0086ca30946ada87c57ac20f343e2182b7b5c5985c5420339d1f05f03f8cd91847530d2b5ba3ddb5
-MISC ChangeLog 23306 SHA256 9dc6a166acbe7a96bd29498220607f4d12f2b89d0c10a50aada3a9e873c5b821 SHA512 8d974bead43679eb191d2ff724cd8615b7d8bf1089b5eeb93fdfec791bc738b3ac6cba201f3b5e70154b50736629fd3c190ba2a263c5d89b6b743d6a606cbe78 WHIRLPOOL 278dddd4d87c1c75cd7498a0942d883fe9df97496df133923b9f98e6ad1686582f6465dd5d24ec55e130045d5daef8c612d4db890d4ed204a543a619a447e283
+EBUILD rsyslog-8.4.2.ebuild 9563 SHA256 82c581293f451c15e9e1e215db8820528e4b1f6968945e7c04c212d89585d059 SHA512 e5ec63f32d546a93deb39e02a7310a0ba402f150b6da8d2c5bc76a0b75829ad4bebea80d3e7f6dd390840d7b55146e5b0b233cdefb79cf06204734b68172c504 WHIRLPOOL bc9e6025df90bdc5d75bdcb9a1245935b030b075dc48a8018fa647f3191ec42b31f4bc97b1ca67ebf0185deeb3fcfc906ad0f48fd7523f4411e1056e34f73acb
+MISC ChangeLog 23545 SHA256 f9ff486d81f2c4bd73eafdf7e0f04fc9f01ee691453749e97931348a24705431 SHA512 e8fb6dd65b359d0b35e28b46efdd501db14bd8666564516ad38a8f0eeade75052d5ccc011a1733296c4da0349a57af75d19e4629ea73815fd01f217299afff4c WHIRLPOOL e9080a0dee52a6d77f7d6e3d97940c324da9573a4e6e6bbba6391ccfcfdc843ada1064544953b2df5ba0c9d7cfd1d763cb34d4b4e38631ea3a18951b5ee53d2d
 MISC metadata.xml 3022 SHA256 beef16872a84a41762913e3e5f438d631ff6d1380670d0a715c95d4e90c3acc2 SHA512 9e5b3b2832cf3a2ca0f49cdd422552bc40c634a5080e2c92d50df637347af90c60b3427abb6ef1831f0cebf897d894f6b5ef60d15cf58937e5dd5e803cc14c5d WHIRLPOOL d7e17381498f0e211eadadbbfd560cc34b21c9771d8979cce64ac7011538f6ac52f42303ecd413a0181e4cbd5cfe672819066689af3f8bcc1aea64e90e7dc1d5
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
-iEYEAREIAAYFAlQr3m4ACgkQVWmRsqeSphOMSQCfVYs1CM3Pd2UeLRJEXCq3Lw1U
-feMAn1RdMaiQlT8ERBTGAIzHeTiqvWe2
-=rfC6
+iQIcBAEBCAAGBQJULWk9AAoJEPiazRVxLXTFC3sP/2+B6sSqmdk70+MDEqfCRBge
+AToQ66pjAee0807vA3x4r1qyctm7LD1FGh8zPaWcpVGcUqCTN4SQb7+nA1HiYzrm
+dFDK0hO5nD1Y7Hqf8lvFCFXLjj+WSl+gyRq0UqnkMdYXh/awM6+qm9ifwiPeLrM2
+JFzZiNmetz0C5GI/hgmpcfKoH/JlacBw6M8TWXllslWE6ojgx8pOXCIWl0iscikn
+atfhC6MNUNtuDIy021XKYvgoi9ftx21UGhuYz7v6HR7ONfeachJcJEVGdzIWsEQi
+lK51vJ+DZQ69W65rCPcc/IYshZNzsGJRGwCNsa7ZeV/PCRyJZ6696NjJY5MUhHY8
+MMsNlZOae3CJ+8MaOS6462UAcpH/ld9VWI8lX8xbs6uo7a6HZqsWVvvLCBemHdX1
+oVnpACbaGK8NmUVH+Wiem7uNlBuYVnNZl+BA4Y6GMNh33HfgXCiz72ofALs1XbC4
+MJz+ba4QM+q5jVEwpOA0N2dpa8EfCs36gRmvzpGxEo4sadB0jiTfp2oSjZd6Twi9
+IwzsrdKQ2aBbWBbqPprQ37u3QH8rWVEep6owJMpO5B53NX9GMYPSxP+IZK2xK95f
+WYpyUKgYwWv1fKpBYo9H+b6se+s61snawQE7TTFEis7SbMdSYlxlJkrwym2knb6N
+owTX/n4XiOWuD9Sr0GV2
+=1qo6
 -----END PGP SIGNATURE-----
diff --git a/app-admin/rsyslog/files/8-stable/10-respect_CFLAGS.patch b/app-admin/rsyslog/files/8-stable/10-respect_CFLAGS.patch
new file mode 100644
index 000000000000..c74279bfdedc
--- /dev/null
+++ b/app-admin/rsyslog/files/8-stable/10-respect_CFLAGS.patch
@@ -0,0 +1,11 @@
+--- configure.old	2014-10-02 15:41:45.692471540 +0200
++++ configure.ac	2014-10-02 15:42:11.122743182 +0200
+@@ -835,7 +835,7 @@
+ AM_CONDITIONAL(ENABLE_RSYSLOGRT, test x$enable_rsyslogrt = xyes)
+ RSRT_CFLAGS="\$(RSRT_CFLAGS1) \$(LIBESTR_CFLAGS) \$(JSON_C_CFLAGS)"
+ if test "$GCC" = "yes"
+-then RSRT_CFLAGS="$RSRT_CFLAGS -W -std=c99 -Wall -Wformat-security -Wshadow -Wcast-align -Wpointer-arith -Wmissing-format-attribute -g"
++then RSRT_CFLAGS="$RSRT_CFLAGS -W -std=c99 -Wall -Wformat-security -Wshadow -Wcast-align -Wpointer-arith -Wmissing-format-attribute"
+ fi
+ RSRT_LIBS="\$(RSRT_LIBS1) \$(LIBESTR_LIBS) \$(JSON_C_LIBS)"
+ AC_SUBST(RSRT_CFLAGS1)
diff --git a/app-admin/rsyslog/rsyslog-8.4.2.ebuild b/app-admin/rsyslog/rsyslog-8.4.2.ebuild
new file mode 100644
index 000000000000..9c8e0d17a8a5
--- /dev/null
+++ b/app-admin/rsyslog/rsyslog-8.4.2.ebuild
@@ -0,0 +1,338 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-admin/rsyslog/rsyslog-8.4.2.ebuild,v 1.1 2014/10/02 15:03:24 polynomial-c Exp $
+
+EAPI=5
+AUTOTOOLS_AUTORECONF=1
+
+inherit autotools-utils eutils systemd
+
+DESCRIPTION="An enhanced multi-threaded syslogd with database support and more"
+HOMEPAGE="http://www.rsyslog.com/"
+SRC_URI="
+	http://www.rsyslog.com/files/download/${PN}/${P}.tar.gz
+	doc? ( http://www.rsyslog.com/files/download/${PN}/${PN}-doc-${PV}.tar.gz )
+"
+
+LICENSE="GPL-3 LGPL-3 Apache-2.0"
+KEYWORDS="~amd64 ~arm ~hppa ~x86"
+SLOT="0"
+IUSE="dbi debug doc elasticsearch +gcrypt jemalloc kerberos mongodb mysql normalize omudpspoof oracle postgres rabbitmq redis relp rfc3195 rfc5424hmac snmp ssl systemd usertools zeromq"
+
+RDEPEND="
+	>=dev-libs/json-c-0.11:=
+	>=dev-libs/libestr-0.1.9
+	>=dev-libs/liblogging-1.0.1:=[stdlog]
+	>=sys-libs/zlib-1.2.5
+	dbi? ( >=dev-db/libdbi-0.8.3 )
+	elasticsearch? ( >=net-misc/curl-7.35.0 )
+	gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= )
+	jemalloc? ( >=dev-libs/jemalloc-3.3.1 )
+	kerberos? ( virtual/krb5 )
+	mongodb? ( >=dev-libs/libmongo-client-0.1.4 )
+	mysql? ( virtual/mysql )
+	normalize? (
+		>=dev-libs/libee-0.4.0
+		>=dev-libs/liblognorm-1.0.0:=
+	)
+	omudpspoof? ( >=net-libs/libnet-1.1.6 )
+	oracle? ( >=dev-db/oracle-instantclient-basic-10.2 )
+	postgres? ( >=dev-db/postgresql-base-8.4.20 )
+	rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0 )
+	redis? ( >=dev-libs/hiredis-0.11.0 )
+	relp? ( >=dev-libs/librelp-1.2.5 )
+	rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] )
+	rfc5424hmac? ( >=dev-libs/openssl-0.9.8y )
+	snmp? ( >=net-analyzer/net-snmp-5.7.2 )
+	ssl? ( >=net-libs/gnutls-2.12.23 )
+	systemd? ( >=sys-apps/systemd-208 )
+	zeromq? ( >=net-libs/czmq-1.2.0 )"
+DEPEND="${RDEPEND}
+	virtual/pkgconfig"
+
+BRANCH="8-stable"
+
+# Test suite requires a special setup or will always fail
+RESTRICT="test"
+
+# Maitainer note : open a bug to upstream
+# showing that building in a separate dir fails
+AUTOTOOLS_IN_SOURCE_BUILD=1
+
+AUTOTOOLS_PRUNE_LIBTOOL_FILES="modules"
+
+DOCS=(
+	AUTHORS
+	ChangeLog
+	"${FILESDIR}"/${BRANCH}/README.gentoo
+)
+
+PATCHES=( "${FILESDIR}"/${BRANCH}/10-respect_CFLAGS.patch )
+
+src_unpack() {
+	unpack ${P}.tar.gz
+
+	if use doc; then
+		local doc_tarball="${PN}-doc-${PV}.tar.gz"
+
+		cd "${S}" || die "Cannot change dir into '$S'"
+		mkdir docs || die "Failed to create docs directory"
+		cd docs || die "Failed to change dir into '${S}/docs'"
+		unpack ${doc_tarball}
+	fi
+}
+
+src_configure() {
+	# Maintainer notes:
+	# * Guardtime support is missing because libgt isn't yet available
+	#   in portage.
+	# * Hadoop's HDFS file system output module is currently not
+	#   supported in Gentoo because nobody is able to test it
+	#   (JAVA dependency).
+	# * dev-libs/hiredis doesn't provide pkg-config (see #504614,
+	#   upstream PR 129 and 136) so we need to export HIREDIS_*
+	#   variables because rsyslog's build system depends on pkg-config.
+
+	if use redis; then
+		export HIREDIS_LIBS="-L${EPREFIX}/usr/$(get_libdir) -lhiredis"
+		export HIREDIS_CFLAGS="-I${EPREFIX}/usr/include"
+	fi
+
+	local myeconfargs=(
+		--disable-generate-man-pages
+		# Input Plugins without depedencies
+		--enable-imfile
+		--enable-impstats
+		--enable-imptcp
+		--enable-imttcp
+		# Message Modificiation Plugins without depedencies
+		--enable-mmanon
+		--enable-mmaudit
+		--enable-mmfields
+		--enable-mmjsonparse
+		--enable-mmpstrucdata
+		--enable-mmsequence
+		--enable-mmutf8fix
+		# Output Modification Plugins without dependencies
+		--enable-mail
+		--enable-omprog
+		--enable-omruleset
+		--enable-omstdout
+		--enable-omuxsock
+		# Misc
+		--enable-pmaixforwardedfrom
+		--enable-pmciscoios
+		--enable-pmcisconames
+		--enable-pmlastmsg
+		--enable-pmrfc3164sd
+		--enable-pmsnare
+		# DB
+		$(use_enable dbi libdbi)
+		$(use_enable mongodb ommongodb)
+		$(use_enable mysql)
+		$(use_enable oracle)
+		$(use_enable postgres pgsql)
+		$(use_enable redis omhiredis)
+		# Debug
+		$(use_enable debug)
+		$(use_enable debug diagtools)
+		$(use_enable debug imdiag)
+		$(use_enable debug memcheck)
+		$(use_enable debug rtinst)
+		$(use_enable debug valgrind)
+		# Misc
+		$(use_enable elasticsearch)
+		$(use_enable gcrypt libgcrypt)
+		$(use_enable jemalloc)
+		$(use_enable kerberos gssapi-krb5)
+		$(use_enable normalize mmnormalize)
+		$(use_enable omudpspoof)
+		$(use_enable rabbitmq omrabbitmq)
+		$(use_enable relp)
+		$(use_enable rfc3195)
+		$(use_enable rfc5424hmac mmrfc5424addhmac)
+		$(use_enable snmp)
+		$(use_enable snmp mmsnmptrapd)
+		$(use_enable ssl gnutls)
+		$(use_enable systemd imjournal)
+		$(use_enable systemd omjournal)
+		$(use_enable usertools)
+		$(use_enable zeromq imzmq3)
+		$(use_enable zeromq omzmq3)
+		"$(systemd_with_unitdir)"
+	)
+
+	autotools-utils_src_configure
+}
+
+src_install() {
+	use doc && HTML_DOCS=( "${S}/docs/build/" )
+	autotools-utils_src_install
+
+	newconfd "${FILESDIR}/${BRANCH}/${PN}.confd" ${PN}
+	newinitd "${FILESDIR}/${BRANCH}/${PN}.initd" ${PN}
+
+	keepdir /var/empty/dev
+	keepdir /var/spool/${PN}
+	keepdir /etc/ssl/${PN}
+	keepdir /etc/${PN}.d
+
+	insinto /etc
+	newins "${FILESDIR}/${BRANCH}/${PN}.conf" ${PN}.conf
+
+	insinto /etc/rsyslog.d/
+	doins "${FILESDIR}/${BRANCH}/50-default.conf"
+
+	insinto /etc/logrotate.d/
+	newins "${FILESDIR}/${BRANCH}/${PN}.logrotate" ${PN}
+
+	if use mysql; then
+		insinto /usr/share/doc/${PF}/scripts/mysql
+		doins plugins/ommysql/{createDB.sql,contrib/delete_mysql}
+	fi
+
+	if use postgres; then
+		insinto /usr/share/doc/${PF}/scripts/pgsql
+		doins plugins/ompgsql/createDB.sql
+	fi
+}
+
+pkg_postinst() {
+	local advertise_readme=0
+
+	if [[ -z "${REPLACING_VERSIONS}" ]]; then
+		# This is a new installation
+
+		advertise_readme=1
+
+		if use mysql || use postgres; then
+			echo
+			elog "Sample SQL scripts for MySQL & PostgreSQL have been installed to:"
+			elog "  /usr/share/doc/${PF}/scripts"
+		fi
+
+		if use ssl; then
+			echo
+			elog "To create a default CA and certificates for your server and clients, run:"
+			elog "  emerge --config =${PF}"
+			elog "on your logging server. You can run it several times,"
+			elog "once for each logging client. The client certificates will be signed"
+			elog "using the CA certificate generated during the first run."
+		fi
+	fi
+
+	if [[ -z "${REPLACING_VERSIONS}" ]] || [[ ${REPLACING_VERSIONS} < 8.0 ]]; then
+		# Show this message until rsyslog-8.x
+		echo
+		elog "Since ${PN}-7.6.3 we no longer use the catch-all log target"
+		elog "\"/var/log/syslog\" due to its redundancy to the other log targets."
+
+		advertise_readme=1
+	fi
+
+	if [[ ${advertise_readme} -gt 0 ]]; then
+		# We need to show the README file location
+
+		echo ""
+		elog "Please read"
+		elog ""
+		elog "  ${EPREFIX}/usr/share/doc/${PF}/README.gentoo*"
+		elog ""
+		elog "for more details."
+	fi
+}
+
+pkg_config() {
+	if ! use ssl ; then
+		einfo "There is nothing to configure for rsyslog unless you"
+		einfo "used USE=ssl to build it."
+		return 0
+	fi
+
+	# Make sure the certificates directory exists
+	CERTDIR="${EROOT}/etc/ssl/${PN}"
+	if [ ! -d "${CERTDIR}" ]; then
+		mkdir "${CERTDIR}" || die
+	fi
+	einfo "Your certificates will be stored in ${CERTDIR}"
+
+	# Create a default CA if needed
+	if [ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]; then
+		einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..."
+		certtool --generate-privkey \
+			--outfile "${CERTDIR}/${PN}_ca.privkey.pem" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
+
+		cat > "${T}/${PF}.$$" <<- _EOF
+		cn = Portage automated CA
+		ca
+		cert_signing_key
+		expiration_days = 3650
+		_EOF
+
+		certtool --generate-self-signed \
+			--load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
+			--outfile "${CERTDIR}/${PN}_ca.cert.pem" \
+			--template "${T}/${PF}.$$" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
+
+		# Create the server certificate
+		echo
+		einfon "Please type the Common Name of the SERVER you wish to create a certificate for: "
+		read -r CN
+
+		einfo "Creating private key and certificate for server ${CN}..."
+		certtool --generate-privkey \
+			--outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
+
+		cat > "${T}/${PF}.$$" <<- _EOF
+		cn = ${CN}
+		tls_www_server
+		dns_name = ${CN}
+		expiration_days = 3650
+		_EOF
+
+		certtool --generate-certificate \
+			--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
+			--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
+			--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
+			--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
+			--template "${T}/${PF}.$$" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
+
+	else
+		einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation."
+	fi
+
+	# Create a client certificate
+	echo
+	einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: "
+	read -r CN
+
+	einfo "Creating private key and certificate for client ${CN}..."
+	certtool --generate-privkey \
+		--outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
+	chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
+
+	cat > "${T}/${PF}.$$" <<- _EOF
+	cn = ${CN}
+	tls_www_client
+	dns_name = ${CN}
+	expiration_days = 3650
+	_EOF
+
+	certtool --generate-certificate \
+		--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
+		--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
+		--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
+		--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
+		--template "${T}/${PF}.$$" &>/dev/null
+	chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
+
+	rm -f "${T}/${PF}.$$"
+
+	echo
+	einfo "Here is the documentation on how to encrypt your log traffic:"
+	einfo " http://www.rsyslog.com/doc/rsyslog_tls.html"
+}
author	Lars Wendler <polynomial-c@gentoo.org>	2014-10-02 15:03:25 +0000
committer	Lars Wendler <polynomial-c@gentoo.org>	2014-10-02 15:03:25 +0000
commit	f8708bdb975468b37021c910b71e51cb0e7d6c99 (patch)
tree	a5b8419226543945d3a57e7b7394b7da6420e265 /app-admin/rsyslog
parent	add missed dep for doc build (diff)
download	historical-f8708bdb975468b37021c910b71e51cb0e7d6c99.tar.gz historical-f8708bdb975468b37021c910b71e51cb0e7d6c99.tar.bz2 historical-f8708bdb975468b37021c910b71e51cb0e7d6c99.zip