diff --git a/bitlbee-3.2.2-no-root.patch b/bitlbee-3.2.2-no-root.patch deleted file mode 100644 index 57ca6d6..0000000 --- a/bitlbee-3.2.2-no-root.patch +++ /dev/null @@ -1,21 +0,0 @@ -Patch by Robert Scheck for bitlbee <= 3.2.2, that is -removing the check if the user is root as this causes failures when building RPM -packages. See also http://bugs.bitlbee.org/bitlbee/ticket/1162 at upstream trac. - ---- bitlbee-3.2.2/Makefile 2014-07-05 23:40:53.000000000 +0200 -+++ bitlbee-3.2.2/Makefile.no-root 2014-07-06 15:50:18.000000000 +0200 -@@ -148,14 +148,10 @@ - - install-systemd: - ifdef SYSTEMDSYSTEMUNITDIR --ifeq ($(shell id -u),0) - mkdir -p $(DESTDIR)$(SYSTEMDSYSTEMUNITDIR) - $(INSTALL) -m 0644 init/bitlbee.service $(DESTDIR)$(SYSTEMDSYSTEMUNITDIR) - $(INSTALL) -m 0644 init/bitlbee@.service $(DESTDIR)$(SYSTEMDSYSTEMUNITDIR) - $(INSTALL) -m 0644 $(_SRCDIR_)init/bitlbee.socket $(DESTDIR)$(SYSTEMDSYSTEMUNITDIR) --else -- @echo Not root, so not installing systemd files. --endif - endif - - tar: diff --git a/bitlbee-3.2.2-nss-forkdaemon.patch b/bitlbee-3.2.2-nss-forkdaemon.patch deleted file mode 100644 index 1c6f7bd..0000000 --- a/bitlbee-3.2.2-nss-forkdaemon.patch +++ /dev/null @@ -1,87 +0,0 @@ -From d77df0ab3fceaca84932f90948a24eec4f576fb0 Mon Sep 17 00:00:00 2001 -From: dequis -Date: Wed, 9 Jul 2014 07:58:30 -0300 -Subject: [PATCH] Fix the NSS init after fork bug, and clean up lies in unix.c - -This might look like a simple diff, but those 'lies' made this not very -straightforward. - -The NSS bug itself is simple: NSS detects a fork happened after the -initialization, and refuses to work because shared CSPRNG state is bad. -The bug has been around for long time. I've been aware of it for 5 -months, which says something about this mess. Trac link: - -http://bugs.bitlbee.org/bitlbee/ticket/785 - -This wasn't a big deal because the main users of NSS (redhat) already -applied a different patch in their packages that workarounded the issue -somewhat accidentally. And this is the ticket for the 'lies' in unix.c: - -http://bugs.bitlbee.org/bitlbee/ticket/1159 - -Basically a conflict with libotr that doesn't happen anymore. Read that -ticket for details on why ignoring those comments is acceptable. - -Anyway: yay! ---- - irc.c | 6 ++++++ - unix.c | 9 --------- - 2 files changed, 6 insertions(+), 9 deletions(-) - -diff --git a/irc.c b/irc.c -index 187004c..f864e31 100644 ---- a/irc.c -+++ b/irc.c -@@ -26,6 +26,7 @@ - #include "bitlbee.h" - #include "ipc.h" - #include "dcc.h" -+#include "lib/ssl_client.h" - - GSList *irc_connection_list; - GSList *irc_plugins; -@@ -170,6 +171,11 @@ irc_t *irc_new( int fd ) - #ifdef WITH_PURPLE - nogaim_init(); - #endif -+ -+ /* SSL library initialization also should be done after the fork, to -+ avoid shared CSPRNG state. This is required by NSS, which refuses to -+ work if a fork is detected */ -+ ssl_init(); - - for( l = irc_plugins; l; l = l->next ) - { -diff --git a/unix.c b/unix.c -index 1ea24af..329b33c 100644 ---- a/unix.c -+++ b/unix.c -@@ -31,7 +31,6 @@ - #include "protocols/nogaim.h" - #include "help.h" - #include "ipc.h" --#include "lib/ssl_client.h" - #include "md5.h" - #include "misc.h" - #include -@@ -81,17 +80,9 @@ int main( int argc, char *argv[] ) - nogaim_init(); - #endif - -- /* Ugly Note: libotr and gnutls both use libgcrypt. libgcrypt -- has a process-global config state whose initialization happpens -- twice if libotr and gnutls are used together. libotr installs custom -- memory management functions for libgcrypt while our gnutls module -- uses the defaults. Therefore we initialize OTR after SSL. *sigh* */ -- ssl_init(); - #ifdef OTR_BI - otr_init(); - #endif -- /* And in case OTR is loaded as a plugin, it'll also get loaded after -- this point. */ - - srand( time( NULL ) ^ getpid() ); - --- -2.0.0 - diff --git a/bitlbee-glib-version.patch b/bitlbee-glib-version.patch deleted file mode 100644 index d0fa903..0000000 --- a/bitlbee-glib-version.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- bitlbee-3.2/configure 2013-01-07 00:41:11.000000000 +0100 -+++ bitlbee-3.2/configure.glib-version 2013-02-20 01:25:10.000000000 +0100 -@@ -46,7 +46,7 @@ - arch=`uname -s` - cpu=`uname -m` - --GLIB_MIN_VERSION=2.14 -+GLIB_MIN_VERSION=2.4 - - echo BitlBee configure - diff --git a/bitlbee-libresolv.patch b/bitlbee-libresolv.patch deleted file mode 100644 index b6d3149..0000000 --- a/bitlbee-libresolv.patch +++ /dev/null @@ -1,287 +0,0 @@ -Patch by Matěj Cepl for bitlbee >= 3.2 to avoid static linking -to a private glibc function, that is normally visible as libc.so.6(GLIBC_PRIVATE) -in the binary RPM package. Glibc >= 2.9 allows dynamic linking using -lresolv for -ns_initparse()/ns_parserr(), but Red Hat Enterprise Linux 5 (including derivates) -is shipping glibc 2.5. A few more information and details regarding this patch in -Red Hat Bugzilla ID #439047: https://bugzilla.redhat.com/show_bug.cgi?id=439047 - ---- bitlbee-3.2.1/configure 2013-11-27 23:54:54.000000000 +0100 -+++ bitlbee-3.2.1/configure.libresolv 2013-12-18 21:56:14.000000000 +0100 -@@ -364,10 +364,10 @@ - TMPFILE=$(mktemp /tmp/bitlbee-configure.XXXXXX) - ret=1 - for i in $systemlibdirs; do -- if [ -f $i/libresolv.a ]; then -+ if [ -f $i/libresolv.so ]; then - echo "$RESOLV_TESTCODE" | $CC -o $TMPFILE -x c - -Wl,$i/libresolv.a >/dev/null 2>/dev/null - if [ "$?" = "0" ]; then -- echo 'EFLAGS+='$i'/libresolv.a' >> Makefile.settings -+ echo 'EFLAGS+=-lresolv' >> Makefile.settings - ret=0 - fi - fi ---- bitlbee-3.2.1/lib/misc.c 2013-11-27 23:54:54.000000000 +0100 -+++ bitlbee-3.2.1/lib/misc.c.libresolv 2013-12-18 22:10:45.000000000 +0100 ---- bitlbee-3.2.1/lib/misc.c 2013-11-27 23:54:54.000000000 +0100 -+++ bitlbee-3.2.1/lib/misc.c.libresolv.c 2013-12-18 22:18:29.000000000 +0100 -@@ -30,6 +30,12 @@ - Suite 330, Boston, MA 02111-1307 USA - */ - -+#undef TEST -+ -+#ifdef TEST -+#define HAVE_RESOLV_A -+#endif -+ - #define BITLBEE_CORE - #include "nogaim.h" - #include "base64.h" -@@ -42,13 +48,17 @@ - #include - - #ifdef HAVE_RESOLV_A --#include - #include - #endif - - #include "md5.h" - #include "ssl_client.h" - -+/* Not every installation has gotten around to supporting SRVs yet... */ -+#ifndef T_SRV -+#define T_SRV 33 -+#endif -+ - void strip_linefeed(gchar *text) - { - int i, j; -@@ -514,66 +524,6 @@ - return 0; - } - --struct ns_srv_reply **srv_lookup( char *service, char *protocol, char *domain ) --{ -- struct ns_srv_reply **replies = NULL; --#ifdef HAVE_RESOLV_A -- struct ns_srv_reply *reply = NULL; -- char name[1024]; -- unsigned char querybuf[1024]; -- const unsigned char *buf; -- ns_msg nsh; -- ns_rr rr; -- int i, n, len, size; -- -- g_snprintf( name, sizeof( name ), "_%s._%s.%s", service, protocol, domain ); -- -- if( ( size = res_query( name, ns_c_in, ns_t_srv, querybuf, sizeof( querybuf ) ) ) <= 0 ) -- return NULL; -- -- if( ns_initparse( querybuf, size, &nsh ) != 0 ) -- return NULL; -- -- n = 0; -- while( ns_parserr( &nsh, ns_s_an, n, &rr ) == 0 ) -- { -- size = ns_rr_rdlen( rr ); -- buf = ns_rr_rdata( rr ); -- -- len = 0; -- for( i = 6; i < size && buf[i]; i += buf[i] + 1 ) -- len += buf[i] + 1; -- -- if( i > size ) -- break; -- -- reply = g_malloc( sizeof( struct ns_srv_reply ) + len ); -- memcpy( reply->name, buf + 7, len ); -- -- for( i = buf[6]; i < len && buf[7+i]; i += buf[7+i] + 1 ) -- reply->name[i] = '.'; -- -- if( i > len ) -- { -- g_free( reply ); -- break; -- } -- -- reply->prio = ( buf[0] << 8 ) | buf[1]; -- reply->weight = ( buf[2] << 8 ) | buf[3]; -- reply->port = ( buf[4] << 8 ) | buf[5]; -- -- n ++; -- replies = g_renew( struct ns_srv_reply *, replies, n + 1 ); -- replies[n-1] = reply; -- } -- if( replies ) -- replies[n] = NULL; --#endif -- -- return replies; --} -- - void srv_free( struct ns_srv_reply **srv ) - { - int i; -@@ -586,6 +536,136 @@ - g_free( srv ); - } - -+static int srv_compare( const void *a, const void *b ) -+{ -+ int prio; -+ const struct ns_srv_reply *sa = *(struct ns_srv_reply **) a; -+ const struct ns_srv_reply *sb = *(struct ns_srv_reply **) b; -+ -+ prio = sa->prio - sb->prio; -+ if( prio == 0 ) -+ { -+ /* Place weight 0 entries first. */ -+ if( sa->weight == 0 ) -+ return -1; -+ if( sb->weight == 0 ) -+ return 1; -+ } -+ -+ return prio; -+} -+ -+struct ns_srv_reply **srv_lookup( char *service, char *protocol, char *domain ) -+{ -+ struct ns_srv_reply **results = NULL; -+ struct ns_srv_reply *reply = NULL; -+ char name[1024]; -+ -+ /* PACKETSZ is a maximum packet size and -+ defined in arpa/nameser_compat.h as 512 */ -+ unsigned char answer[PACKETSZ]; -+ int len; -+ HEADER *header; -+ unsigned char *p; -+ unsigned char *end; -+ unsigned int count; -+ size_t n; -+ -+ uint16_t type; -+ uint16_t class; -+ uint32_t ttl; -+ uint16_t rdlength; -+ -+ g_snprintf( name, sizeof( name ), "_%s._%s.%s", service, protocol, domain ); -+ -+ len = res_query( name, C_IN, T_SRV, answer, PACKETSZ ); -+ if( len == -1 ) -+ { -+ goto fail; -+ } -+ -+ header = (HEADER *) answer; -+ p = answer + sizeof( HEADER ); -+ end = answer + len; -+ -+ if( header->rcode != NOERROR ) -+ { -+ goto fail; -+ } -+ -+ len = dn_skipname( p, end ); -+ if( len == -1 ) -+ { -+ goto fail; -+ } -+ p += len + QFIXEDSZ; -+ -+ count = ntohs( header->ancount ); -+ -+ n = 0; -+ while( count-- > 0 && p < end ) -+ { -+ len = dn_skipname( p, end ); -+ if( len == -1 ) -+ { -+ goto fail; -+ } -+ p += len; -+ -+ GETSHORT( type, p ); -+ GETSHORT( class, p ); -+ GETLONG( ttl, p ); -+ GETSHORT( rdlength, p ); -+ -+ if( type != T_SRV || class != C_IN ) -+ { -+ p += rdlength; -+ continue; -+ } -+ -+ /* This is an overestimate of the needed size. */ -+ reply = g_malloc( sizeof( struct ns_srv_reply ) + rdlength + 1 ); -+ -+ GETSHORT( reply->prio, p ); -+ GETSHORT( reply->weight, p ); -+ GETSHORT( reply->port, p ); -+ -+ len = dn_expand( answer, end, p, reply->name, rdlength + 1 ); -+ if( len == -1 ) -+ { -+ g_free( reply ); -+ goto fail; -+ } -+ p += len; -+ -+ /* n + 2 includes an entry for the terminating NULL. */ -+ results = g_renew( struct ns_srv_reply *, results, n + 2 ); -+ results[n++] = reply; -+ } -+ -+ if( results != NULL ) -+ { -+ results[n] = NULL; -+ -+ /* Order by priority. */ -+ qsort( results, n, sizeof( struct ns_srv_reply * ), srv_compare ); -+ } -+ -+ return results; -+ -+fail: -+ if( results ) -+ { -+ while( n-- > 0 ) -+ { -+ g_free( results[n] ); -+ } -+ g_free( results ); -+ } -+ -+ return NULL; -+} -+ - /* Word wrapping. Yes, I know this isn't UTF-8 clean. I'm willing to take the risk. */ - char *word_wrap( const char *msg, int line_len ) - { -@@ -783,3 +863,24 @@ - - return NULL; - } -+ -+#ifdef TEST -+int main() -+{ -+ struct ns_srv_reply **srv; -+ int i; -+ -+ srv = srv_lookup( "xmpp-client", "tcp", "jabber.org" ); -+ for( i = 0; srv[i]; ++i ) -+ { -+ printf( "priority=%hu\n", srv[i]->prio ); -+ printf( "weight=%hu\n", srv[i]->weight ); -+ printf( "port=%hu\n", srv[i]->port ); -+ printf( "target=%s\n", srv[i]->name ); -+ printf( "\n" ); -+ } -+ srv_free( srv ); -+ -+ return 0; -+} -+#endif /* TEST */ diff --git a/bitlbee.spec b/bitlbee.spec index 3238bc1..3438689 100644 --- a/bitlbee.spec +++ b/bitlbee.spec @@ -10,11 +10,10 @@ %bcond_with systemd %endif -# libpurple requires forkdaemon or inetd mode, however forkdaemon needs -# adapted SELinux policy, thus enable it only on Rawhide for now to get -# a new policy developed. Switch from forkdaemon to daemon happens with -# patch 4 that is only applied to non-Rawhide. -%if 0%{?fedora} >= 22 +# libpurple requires forkdaemon or inetd mode, however forkdaemon needed +# adapted SELinux policy in former times. To-do: Can we enable libpurple +# for RHEL 7 or should we wait until RHEL 8? +%if 0%{?fedora} >= 22 || 0%{?rhel} >= 8 %bcond_without purple %else %bcond_with purple @@ -36,24 +35,14 @@ Group: System Environment/Daemons URL: https://www.bitlbee.org/ Source0: https://get.bitlbee.org/src/%{name}-%{version}.tar.gz Source1: bitlbee-wrapper.h -# Support for old glibc (EL-5) which doesn't have ns_initparse and its friends -Patch0: bitlbee-libresolv.patch -# Patch configure to build with glib2 2.12.3 (EL-5) without twitter support -Patch1: bitlbee-glib-version.patch -# When the above patches will be consolidated upstream, this should merge -# with Patch1 or Patch2 or something like that -Patch2: bitlbee-forkdaemon.patch -# Patch rejected upstream, however we need to keep this, because -# of the SELinux policy is set up for this mode of operation. -Patch3: bitlbee-systemd.patch +# Downstream: Run bitlbee as non-root and bind to 127.0.0.1 only +Patch0: bitlbee-forkdaemon.patch +# Restart systemd in case it dies...should get removed or upstreamed +Patch1: bitlbee-systemd.patch Requires(pre): shadow-utils BuildRequires: libxslt, docbook-style-xsl -%if 0%{?rhel} == 5 -BuildRequires: glib2-devel >= 2.4 -%else BuildRequires: glib2-devel >= 2.14 -%endif BuildRequires: gnutls-devel %if %{with systemd} BuildRequires: pkgconfig(systemd) @@ -73,9 +62,6 @@ BuildRequires: python3-devel %else BuildRequires: python2-devel %endif -%if %{with purple} -BuildRequires: libpurple-devel -%endif BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) %description @@ -109,17 +95,10 @@ stable and not 100% foolproof so use at your own risk. echo With OTR %with_otr echo With systemd %with_systemd %setup -q - -%if 0%{?rhel} == 5 +%if %{with systemd} %patch0 -p1 %patch1 -p1 %endif - -%if %{with systemd} -%patch2 -p1 -%if 0%{?fedora} < 22 -%patch3 -p1 -%endif %endif %build @@ -148,9 +127,6 @@ CFLAGS="$RPM_OPT_FLAGS" ./configure \ --twitter=1 \ --purple=1 \ %endif -%if 0%{?rhel} == 5 - --twitter=0 \ -%endif %if %{with otr} --otr=plugin %endif @@ -193,29 +169,13 @@ exit 0 %post %if %{with systemd} -%if 0%{?fedora} >= 18 %systemd_post %{name}.service -%else -if [ $1 -eq 1 ]; then - # Package install, not upgrade - /bin/systemctl daemon-reload > /dev/null 2>&1 || : -fi -%endif %endif %preun %if %{with systemd} -%if 0%{?fedora} >= 18 %systemd_preun %{name}.service %else -# Work around RHBZ #655116 -if [ $1 -eq 0 ]; then - # Package removal, not upgrade - /bin/systemctl disable %{name}.service > /dev/null 2>&1 || : - /bin/systemctl stop %{name}.service > /dev/null 2>&1 || : -fi -%endif -%else if [ $1 -eq 0 ]; then /sbin/service xinetd condrestart > /dev/null 2>&1 fi @@ -223,16 +183,8 @@ fi %postun %if %{with systemd} -%if 0%{?fedora} >= 18 %systemd_postun_with_restart %{name}.service %else -/bin/systemctl daemon-reload > /dev/null 2>&1 || : -if [ $1 -ge 1 ]; then - # Package upgrade, not uninstall - /bin/systemctl try-restart %{name}.service > /dev/null 2>&1 || : -fi -%endif -%else if [ $1 -eq 1 ]; then /sbin/service xinetd condrestart > /dev/null 2>&1 fi