Bug 201677

Summary:	net-im/ejabberd < 1.1.3 use install_cert in pkg_postinst
Product:	Gentoo Linux	Reporter:	Robert Buchholz (RETIRED) <rbu>
Component:	New packages	Assignee:	Tony Vroon (RETIRED) <chainsaw>
Status:	VERIFIED FIXED
Severity:	normal	CC:	net-im, ulm
Priority:	Normal	Keywords:	SECURITY
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Bug Depends on:
Bug Blocks:	174759

Description Robert Buchholz (RETIRED) gentoo-dev

2007-12-08 14:40:43 UTC

Installation of SSL certificates in src_install might expose the secret
keys when building binary packages (bug 174759).

Please update the package mentioned in this bug's title to use the new
"install_cert" function of ssl-cert.eclass, and use it only in
your pkg_postinst or pkg_config.

This bug is for keeping track of specific changes to your ebuilds
and stabling, general questions about this should be discussed in
bug 174759.

Our aim is to have fixed ebuilds in the tree by Dec. 23rd, otherwise
we will commit this minor change. Stabling should be done two weeks after the
commit, at last around Jan, 6th.

Comment 1 Tony Vroon (RETIRED) gentoo-dev

2007-12-08 16:00:26 UTC

Maintainer permission for you to intervene, SSL certificate installation has been the cause of a bug before and I may not have fixed it correctly. I'm available on IRC for questions most of the time.

Comment 2 Tony Vroon (RETIRED) gentoo-dev

2007-12-08 16:25:38 UTC

Removed old ebuilds up to and including 1.1.1 which removes all docert calls, per advise of ulm on IRC.

Comment 3 Ulrich Müller gentoo-dev

2007-12-08 16:52:51 UTC

I hope you don't mind that I've restored files/ejabberd-1.1.1-r1.initd and files/ejabberd-1.1.1.confd. They are still needed by the newer ebuilds.

Comment 4 Tony Vroon (RETIRED) gentoo-dev

2007-12-08 17:14:15 UTC

Apologies for that. It is appreciated.

Comment 5 Robert Buchholz (RETIRED) gentoo-dev

2007-12-09 01:42:06 UTC

Just for reference: Fixed in already stable 1.1.3.