Hello community, here is the log from the commit of package jabberd checked in at Wed May 31 17:03:52 CEST 2006. -------- --- jabberd/jabberd.changes 2006-01-25 21:36:45.000000000 +0100 +++ jabberd/jabberd.changes 2006-05-31 15:54:28.000000000 +0200 @@ -1,0 +2,26 @@ +Wed May 31 15:26:04 CEST 2006 - max@suse.de + +- Updated to version 2.0s11, fixing a remote DoS vulnerability. + +- Build the storage and authreg drivers as loadable modules + (jabberd-dbmodules.patch). + +- Skip automatic dependency generation for the modules to avoid + the requiremet for mini subpackages only containing a single + small shared library. + +- Enable all possible storage and authreg modules, now that we + have the flexibility. + +- Added jabberd-README.SUSE to explain the new module concept. + +- Use an installed copy of expat (jabberd-expat.patch). + +- Support authentication via SQLite (jabberd-sqlite.patch). + +- Make PostgreSQL connection credencials optional + (jabberd-pgsql.patch). + +- Create a user and group so that the server doesn't run as root. + +------------------------------------------------------------------- Old: ---- jabberd-2.0s10.tar.bz2 New: ---- jabberd-2.0s11.tar.bz2 jabberd-README.SUSE jabberd-dbmodules.patch jabberd-expat.patch jabberd-pgsql.patch jabberd-sqlite.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ jabberd.spec ++++++ --- /var/tmp/diff_new_pack.M6jcKb/_old 2006-05-31 17:03:11.000000000 +0200 +++ /var/tmp/diff_new_pack.M6jcKb/_new 2006-05-31 17:03:11.000000000 +0200 @@ -1,18 +1,20 @@ # -# spec file for package jabberd (Version 2.0s10) +# spec file for package jabberd (Version 2.0s11) # # Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # -# Please submit bugfixes or comments via http://bugs.opensuse.org +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild Name: jabberd -BuildRequires: db-devel krb5-devel libidn-devel mysql-devel openldap2 openldap2-devel pam-devel -Version: 2.0s10 +BuildRequires: expat openssl-devel postgresql-devel sqlite-devel +BuildRequires: db-devel krb5-devel libidn-devel mysql-devel +BuildRequires: openldap2 openldap2-devel pam-devel +Version: 2.0s11 Release: 1 URL: http://jabberd.jabberstudio.org/ Group: Productivity/Networking/Other @@ -21,13 +23,20 @@ Source: %{name}-%{version}.tar.bz2 Source1: jabberd.init Source2: jabberd.pam +Source3: jabberd-README.SUSE +Patch1: jabberd-sqlite.patch +Patch2: jabberd-pgsql.patch +Patch3: jabberd-dbmodules.patch +Patch9: jabberd-expat.patch # Needed for init script, Requires: net-tools +PreReq: /usr/sbin/useradd /usr/sbin/groupadd +PreReq: %insserv_prereq Autoreqprov: on BuildRoot: %{_tmppath}/%{name}-%{version}-build %description -Jabber Open Source Server. +Jabber open source server. @@ -56,35 +65,75 @@ Albert Chin <china@thewrittenword.com> %prep -%setup +%setup -q +rm -rf expat +cp -a %SOURCE3 README.SUSE +%patch1 +%patch2 +%patch3 +%patch9 %build +%{?suse_update_config:%suse_update_config} +autoreconf --force --install export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -DLDAP_DEPRECATED" -# If you want to compile for postgreSQL, add postgresql-libs postgresql-devel to neededforbuild and -# "--enable-pgsql --with-extra-include-path=/usr/include/pgsql" and optionally "--disable-mysql" ./configure\ - --prefix=/usr\ - --sysconfdir=/etc\ - --localstatedir=/var/lib\ - --mandir=/usr/share/man\ - --enable-db --enable-ldap --enable-pam --enable-pipe --enable-anon --enable-fs + --prefix=/usr \ + --libdir=%_libdir \ + --sysconfdir=/etc \ + --localstatedir=/var/lib \ + --mandir=/usr/share/man \ + --enable-mysql \ + --enable-pgsql \ + --with-extra-include-path=/usr/include/pgsql \ + --enable-sqlite \ + --enable-db \ + --enable-ldap \ + --enable-pam \ + --enable-pipe \ + --enable-anon \ + --enable-fs make %install -rm -rf $RPM_BUILD_ROOT -make DESTDIR=$RPM_BUILD_ROOT install -mkdir -p $RPM_BUILD_ROOT/etc/{init,pam}.d $RPM_BUILD_ROOT/usr/sbin -install %{S:1} $RPM_BUILD_ROOT/etc/init.d/jabberd -install -m0644 %{S:2} $RPM_BUILD_ROOT/etc/pam.d/jabberd -ln -s ../../etc/init.d/jabberd $RPM_BUILD_ROOT/usr/sbin/rcjabberd -mkdir -p $RPM_BUILD_ROOT/var/lib/jabberd/db $RPM_BUILD_ROOT/var/lib/jabberd/pid +make DESTDIR=%buildroot install +install -d -m750 %buildroot/etc/{init,pam}.d %buildroot/usr/sbin +install %{S:1} %buildroot/etc/init.d/jabberd +install -m0644 %{S:2} %buildroot/etc/pam.d/jabberd +ln -s /etc/init.d/jabberd %buildroot/usr/sbin/rcjabberd +mkdir -p %buildroot/var/lib/jabberd/{db,pid} +# .la files are not needed for loadable modules. +rm -f %buildroot%_libdir/%name/*.la +# keep the dependencies of the database plugins out of the requires list +%define my_requires /tmp/my-requires +cat << EOF > %my_requires +#!/bin/sh +fgrep -v %_libdir/%name | %__find_requires +EOF +chmod 755 %my_requires +%define __find_requires %my_requires %clean -rm -rf $RPM_BUILD_ROOT +rm -rf %buildroot + +%pre +groupadd --system jabber 2>/dev/null ||: +useradd --system --gid jabber --comment "Jabber Server" \ + --home /var/lib/jabberd --shell /bin/false jabber 2>/dev/null ||: +exit 0 + +%preun +%{?stop_on_removal:%stop_on_removal jabberd} +exit 0 + +%postun +%{?insserv_cleanup:%insserv_cleanup} +exit 0 %files -%defattr (-, root, root) +%defattr (-, root, root, -) %doc AUTHORS COPYING ChangeLog NEWS PROTOCOL README TODO +%doc README.SUSE tools/db-* /etc/init.d/* %config /etc/pam.d/* %dir /etc/jabberd @@ -97,12 +146,27 @@ /etc/jabberd/templates/*.xml.dist /usr/bin/* /usr/sbin/* -%doc /usr/share/man/man?/*.* -%dir /var/lib/jabberd -%dir /var/lib/jabberd/db -%dir /var/lib/jabberd/pid +%_libdir/%name +%doc /usr/share/man/*/* +%defattr (-, jabber, jabber, -) +/var/lib/jabberd %changelog -n jabberd +* Wed May 31 2006 - max@suse.de +- Updated to version 2.0s11, fixing a remote DoS vulnerability. +- Build the storage and authreg drivers as loadable modules + (jabberd-dbmodules.patch). +- Skip automatic dependency generation for the modules to avoid + the requiremet for mini subpackages only containing a single + small shared library. +- Enable all possible storage and authreg modules, now that we + have the flexibility. +- Added jabberd-README.SUSE to explain the new module concept. +- Use an installed copy of expat (jabberd-expat.patch). +- Support authentication via SQLite (jabberd-sqlite.patch). +- Make PostgreSQL connection credencials optional + (jabberd-pgsql.patch). +- Create a user and group so that the server doesn't run as root. * Wed Jan 25 2006 - mls@suse.de - converted neededforbuild to BuildRequires * Tue Jan 10 2006 - sbrabec@suse.cz ++++++ jabberd-2.0s10.tar.bz2 -> jabberd-2.0s11.tar.bz2 ++++++ ++++ 11122 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/jabberd-2.0s10/PROTOCOL new/jabberd-2.0s11/PROTOCOL --- old/jabberd-2.0s10/PROTOCOL 2005-10-04 08:44:07.000000000 +0200 +++ new/jabberd-2.0s11/PROTOCOL 2006-03-09 08:51:21.000000000 +0100 @@ -10,7 +10,7 @@ This document lists the protocols supported by the server, and any notes relating to the implementation. -This is current as of 2005-10-04 (jabberd 2.0s10). +This is current as of 2005-10-04 (jabberd 2.0s11). XMPP diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/jabberd-2.0s10/README new/jabberd-2.0s11/README --- old/jabberd-2.0s10/README 2005-10-04 08:43:12.000000000 +0200 +++ new/jabberd-2.0s11/README 2006-03-09 08:51:07.000000000 +0100 @@ -1,4 +1,4 @@ -README for Jabber Open Source Server (2.0s10) +README for Jabber Open Source Server (2.0s11) Thanks for downloading jabberd 2.0. Below are some basic instructions to get you started. Complete documentation is available at diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/jabberd-2.0s10/configure.in new/jabberd-2.0s11/configure.in --- old/jabberd-2.0s10/configure.in 2005-10-04 08:42:58.000000000 +0200 +++ new/jabberd-2.0s11/configure.in 2006-03-09 08:50:54.000000000 +0100 @@ -1,5 +1,5 @@ dnl jabberd2 configure script -dnl $Id: configure.in,v 1.79.2.36 2005/08/21 10:01:58 zion Exp $ +dnl $Id: configure.in,v 1.79.2.37 2005/10/29 20:30:16 zion Exp $ dnl dnl autoconf setup @@ -8,7 +8,7 @@ AC_PREREQ(2.57) dnl startup -AC_INIT(jabberd, 2.0s10) +AC_INIT(jabberd, 2.0s11) AM_INIT_AUTOMAKE dnl copyright diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/jabberd-2.0s10/scod/scod.c new/jabberd-2.0s11/scod/scod.c --- old/jabberd-2.0s10/scod/scod.c 2003-10-28 05:53:43.000000000 +0100 +++ new/jabberd-2.0s11/scod/scod.c 2005-10-29 22:23:57.000000000 +0200 @@ -279,7 +279,10 @@ int scod_server_step(scod_t sd, const char *resp, int resplen, char **chal, int *challen) { int ret; - assert((int) sd); + /* Check that auth has actually begun */ + if(sd == NULL) + return sd_err_UNKNOWN_MECH; + assert((int) resp); assert((int) chal); assert((int) challen); diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/jabberd-2.0s10/sx/sasl.c new/jabberd-2.0s11/sx/sasl.c --- old/jabberd-2.0s10/sx/sasl.c 2005-07-26 09:28:15.000000000 +0200 +++ new/jabberd-2.0s11/sx/sasl.c 2005-10-29 22:23:57.000000000 +0200 @@ -211,7 +211,7 @@ static void _sx_sasl_client_process(sx_t s, sx_plugin_t p, scod_t sd, char *mech, char *in, int inlen) { _sx_sasl_t ctx = (_sx_sasl_t) p->private; char realm[256]; - char *buf, *out; + char *buf = NULL, *out = NULL; int buflen, outlen, ret; if(mech != NULL) { ++++++ jabberd-dbmodules.patch ++++++ ++++ 642 lines (skipped) ++++++ jabberd-expat.patch ++++++ --- Makefile.am +++ Makefile.am @@ -1,6 +1,6 @@ EXTRA_DIST = PROTOCOL Doxyfile.in README.win32 contrib -SUBDIRS = etc tools man expat mio scod subst sx util c2s resolver router s2s sm +SUBDIRS = etc tools man mio scod subst sx util c2s resolver router s2s sm docs: Doxyfile @doxygen --- c2s/Makefile.am +++ c2s/Makefile.am @@ -10,7 +10,7 @@ $(top_builddir)/mio/libmio.la \ $(top_builddir)/util/libutil.la \ $(top_builddir)/subst/libsubst.la \ - $(top_builddir)/expat/libexpat.la + -lexpat MODULE_LDFLAGS = -module -avoid-version --- configure.in +++ configure.in @@ -791,7 +791,6 @@ etc/templates/Makefile \ tools/Makefile \ man/Makefile \ - expat/Makefile \ mio/Makefile \ scod/Makefile \ subst/Makefile \ --- resolver/Makefile.am +++ resolver/Makefile.am @@ -10,4 +10,4 @@ $(top_builddir)/mio/libmio.la \ $(top_builddir)/util/libutil.la \ $(top_builddir)/subst/libsubst.la \ - $(top_builddir)/expat/libexpat.la + -lexpat --- router/Makefile.am +++ router/Makefile.am @@ -10,4 +10,4 @@ $(top_builddir)/mio/libmio.la \ $(top_builddir)/util/libutil.la \ $(top_builddir)/subst/libsubst.la \ - $(top_builddir)/expat/libexpat.la + -lexpat \ No newline at end of file --- s2s/Makefile.am +++ s2s/Makefile.am @@ -10,4 +10,4 @@ $(top_builddir)/mio/libmio.la \ $(top_builddir)/util/libutil.la \ $(top_builddir)/subst/libsubst.la \ - $(top_builddir)/expat/libexpat.la + -lexpat --- sm/Makefile.am +++ sm/Makefile.am @@ -42,7 +42,7 @@ $(top_builddir)/mio/libmio.la \ $(top_builddir)/util/libutil.la \ $(top_builddir)/subst/libsubst.la \ - $(top_builddir)/expat/libexpat.la + -lexpat sm_LDFLAGS = -export-dynamic --- sx/sx.h +++ sx/sx.h @@ -27,7 +27,7 @@ #include "ac-stdint.h" -#include <expat/expat.h> +#include <expat.h> #include <util/util.h> #ifdef __cplusplus --- util/config.c +++ util/config.c @@ -19,7 +19,7 @@ */ #include "util.h" -#include "expat/expat.h" +#include <expat.h> /** new config structure */ config_t config_new(void) --- util/nad.c +++ util/nad.c @@ -35,7 +35,7 @@ #include "util.h" #ifdef HAVE_EXPAT -#include "expat/expat.h" +#include <expat.h> #endif /* define NAD_DEBUG to get pointer tracking - great for weird bugs that you can't reproduce */ ++++++ jabberd-pgsql.patch ++++++ --- c2s/authreg_pgsql.c +++ c2s/authreg_pgsql.c @@ -500,11 +500,6 @@ user = config_get_one(ar->c2s->config, "authreg.pgsql.user", 0); pass = config_get_one(ar->c2s->config, "authreg.pgsql.pass", 0); - if(host == NULL || port == NULL || dbname == NULL || user == NULL || pass == NULL) { - log_write(ar->c2s->log, LOG_ERR, "pgsql: invalid module config"); - return 1; - } - log_debug( ZONE, "pgsql connecting as '%s' to database '%s' on %s:%s", user, dbname, host, port ); conn = PQsetdbLogin(host, port, NULL, NULL, dbname, user, pass); --- resolver/dns.c +++ resolver/dns.c @@ -72,7 +72,7 @@ /* unix implementation */ -#ifdef HAVE_RES_QUERY +#if defined(HAVE_RES_QUERY) || defined(HAVE___RES_QUERY) /* older systems might not have these */ #ifndef T_SRV --- sm/storage_pgsql.c +++ sm/storage_pgsql.c @@ -599,11 +599,6 @@ user = config_get_one(drv->st->sm->config, "storage.pgsql.user", 0); pass = config_get_one(drv->st->sm->config, "storage.pgsql.pass", 0); - if(host == NULL || port == NULL || dbname == NULL || user == NULL || pass == NULL) { - log_write(drv->st->sm->log, LOG_ERR, "pgsql: invalid driver config"); - return st_FAILED; - } - conn = PQsetdbLogin(host, port, NULL, NULL, dbname, user, pass); if(conn == NULL) { log_write(drv->st->sm->log, LOG_ERR, "pgsql: unable to allocate database connection state"); ++++++ jabberd-sqlite.patch ++++++ ++++ 689 lines (skipped) ++++++ jabberd.init ++++++ --- jabberd/jabberd.init 2005-09-06 13:52:03.000000000 +0200 +++ jabberd/jabberd.init 2006-04-12 12:22:49.000000000 +0200 @@ -88,6 +88,7 @@ # description: jabberd2 is the next generation of the jabberd server # chkconfig: 2345 85 15 # + progs="router resolver sm c2s s2s" progsPath="/usr/bin" confPath="/etc/jabberd" @@ -173,7 +174,7 @@ rm -f /var/lock/subsys/${prog} rm -f ${pidPath}/${prog}.pid args="-c ${confPath}/${prog}.xml" - ${progsPath}/${prog} ${args} & 2> /dev/null + startproc -u jabber -p ${pidPath}/${prog}.pid -q ${progsPath}/${prog} ${args} retval=$? if [ ${retval} == 0 ]; then StatusOK @@ -193,7 +194,7 @@ echo "Terminating jabberd processes..." for prog in ${progs}; do echo -ne "\tStopping ${prog} " - killproc ${prog} + killproc -p ${pidPath}/${prog}.pid ${prog} retval=$? if [ ${retval} == 0 ]; then StatusOK ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun...