diff options
| author |   Bernard Cafarelli <voyageur@gentoo.org> | 2009-10-27 07:30:39 +0000 |
|---|---|---|
| committer | Bernard Cafarelli <voyageur@gentoo.org> | 2009-10-27 07:30:39 +0000 |
| commit | c2a65d78ed52749958d49016349aa4cda708ebe0 (patch) | |
| tree | bb7ff7cd882fddf8f3ab32e64c0e91a31d41e1c4 /net-ftp/proftpd | |
| parent | Fix bug 289113. Thanks to David Abbott for ebuild fixups. (diff) | |
| download | gentoo-2-c2a65d78ed52749958d49016349aa4cda708ebe0.tar.gz gentoo-2-c2a65d78ed52749958d49016349aa4cda708ebe0.tar.bz2 gentoo-2-c2a65d78ed52749958d49016349aa4cda708ebe0.zip | |
Remove some security vulnerable versions, security bug #290664
(Portage version: 2.2_rc46/cvs/Linux x86_64)
Diffstat (limited to 'net-ftp/proftpd')
| -rw-r--r-- | net-ftp/proftpd/ChangeLog | 6 | ||||
| -rw-r--r-- | net-ftp/proftpd/proftpd-1.3.2a.ebuild | 277 | ||||
| -rw-r--r-- | net-ftp/proftpd/proftpd-1.3.3_rc1-r1.ebuild | 218 |
3 files changed, 5 insertions, 496 deletions
diff --git a/net-ftp/proftpd/ChangeLog b/net-ftp/proftpd/ChangeLog index bc5037775473..640e05c0f406 100644 --- a/net-ftp/proftpd/ChangeLog +++ b/net-ftp/proftpd/ChangeLog @@ -1,6 +1,10 @@ # ChangeLog for net-ftp/proftpd # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-ftp/proftpd/ChangeLog,v 1.210 2009/10/26 15:06:15 voyageur Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-ftp/proftpd/ChangeLog,v 1.211 2009/10/27 07:30:39 voyageur Exp $ + + 27 Oct 2009; Bernard Cafarelli <voyageur@gentoo.org> + -proftpd-1.3.2a.ebuild, -proftpd-1.3.3_rc1-r1.ebuild: + Remove some security vulnerable versions, security bug #290664 *proftpd-1.3.3_rc2 (26 Oct 2009) *proftpd-1.3.2b (26 Oct 2009) diff --git a/net-ftp/proftpd/proftpd-1.3.2a.ebuild b/net-ftp/proftpd/proftpd-1.3.2a.ebuild deleted file mode 100644 index c0c9695a8e98..000000000000 --- a/net-ftp/proftpd/proftpd-1.3.2a.ebuild +++ /dev/null @@ -1,277 +0,0 @@ -# Copyright 1999-2009 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-ftp/proftpd/proftpd-1.3.2a.ebuild,v 1.1 2009/09/07 16:46:32 voyageur Exp $ - -inherit eutils flag-o-matic toolchain-funcs autotools - -KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86" - -IUSE="acl authfile ban case clamav deflate hardened ifsession ipv6 kerberos ldap mysql ncurses nls noauthunix opensslcrypt pam postgres radius rewrite selinux shaper sitemisc softquota ssl tcpd vroot xinetd" - -CASE_VER="0.3" -CLAMAV_VER="0.11rc" -DEFLATE_VER="0.3.3" -MODGSS_VER="1.3.2" -SHAPER_VER="0.6.5" -VROOT_VER="0.8.3" - -DESCRIPTION="An advanced and very configurable FTP server." - -SRC_URI="ftp://ftp.proftpd.org/distrib/source/${P/_/}.tar.bz2 - case? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-case-${CASE_VER}.tar.gz ) - clamav? ( https://secure.thrallingpenguin.com/redmine/attachments/download/1/mod_clamav-${CLAMAV_VER}.tar.gz ) - deflate? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-deflate-${DEFLATE_VER}.tar.gz ) - kerberos? ( mirror://sourceforge/gssmod/mod_gss-${MODGSS_VER}.tar.gz ) - shaper? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-shaper-${SHAPER_VER}.tar.gz ) - vroot? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-vroot-${VROOT_VER}.tar.gz )" - -HOMEPAGE="http://www.proftpd.org/ - http://www.castaglia.org/proftpd/ - http://www.thrallingpenguin.com/resources/mod_clamav.htm - http://gssmod.sourceforge.net" - -SLOT="0" -LICENSE="GPL-2" - -DEPEND="acl? ( sys-apps/acl sys-apps/attr ) - clamav? ( app-antivirus/clamav ) - kerberos? ( || ( <app-crypt/mit-krb5-1.7 app-crypt/heimdal ) ) - ldap? ( >=net-nds/openldap-1.2.11 ) - mysql? ( virtual/mysql ) - ncurses? ( sys-libs/ncurses ) - opensslcrypt? ( >=dev-libs/openssl-0.9.6f ) - pam? ( virtual/pam ) - postgres? ( virtual/postgresql-base ) - ssl? ( >=dev-libs/openssl-0.9.6f ) - tcpd? ( >=sys-apps/tcp-wrappers-7.6-r3 ) - xinetd? ( virtual/inetd )" - -RDEPEND="${DEPEND} - net-ftp/ftpbase - selinux? ( sec-policy/selinux-ftpd )" - -S="${WORKDIR}/${P/_/}" - -pkg_setup() { - # Add the proftpd user to make the default config - # work out-of-the-box - enewgroup proftpd - enewuser proftpd -1 -1 -1 proftpd -} - -src_unpack() { - unpack ${P/_/}.tar.bz2 - cd "${S}" - - # Fix parallel build (committed upstream in 1.3.3rc1) - epatch "${FILESDIR}"/${PN}-1.3.2-parallel-build.patch - # Fix mysql include when both backends are enabled - epatch "${FILESDIR}"/${PN}-1.3.2-mysql-include.patch - # Do not use bundled libltdl when compiling mod_dso - epatch "${FILESDIR}"/${PN}-1.3.2-system-libltdl.patch - - # Fix stripping of files - sed -e "s| @INSTALL_STRIP@||g" -i Make* - - if use case ; then - unpack ${PN}-mod-case-${CASE_VER}.tar.gz - cp -f mod_case/mod_case.c contrib/ - cp -f mod_case/mod_case.html doc/ - fi - - if use clamav ; then - unpack mod_clamav-${CLAMAV_VER}.tar.gz - cp -f mod_clamav-${CLAMAV_VER}/mod_clamav.* contrib/ - epatch mod_clamav-${CLAMAV_VER}/${PN}.patch - fi - - if use deflate ; then - unpack ${PN}-mod-deflate-${DEFLATE_VER}.tar.gz - cp -f mod_deflate/mod_deflate.c contrib/ - cp -f mod_deflate/mod_deflate.html doc/ - fi - - if use kerberos ; then - unpack mod_gss-${MODGSS_VER}.tar.gz - fi - - if use shaper ; then - unpack ${PN}-mod-shaper-${SHAPER_VER}.tar.gz - cp -f mod_shaper/mod_shaper.c contrib/ - cp -f mod_shaper/mod_shaper.html doc/ - fi - - if use vroot ; then - unpack ${PN}-mod-vroot-${VROOT_VER}.tar.gz - cp -f mod_vroot/mod_vroot.c contrib/ - cp -f mod_vroot/mod_vroot.html doc/ - fi - - # Fix bug #221275 - # extract custom PR_ macros from aclocal.m4 to acinclude.m4 - # and delete the provided aclocal.m4 before running autoreconf - einfo "Extract custom m4 macros from aclocal.m4 ..." - sed -e '/libtool\.m4/q' aclocal.m4 > acinclude.m4 - rm -f aclocal.m4 - - eautoreconf -} - -src_compile() { - addpredict /etc/krb5.conf - local modules myconf mylibs - - modules="mod_ratio:mod_readme:mod_ctrls_admin" - use acl && modules="${modules}:mod_facl" - use ban && modules="${modules}:mod_ban" - use case && modules="${modules}:mod_case" - use clamav && modules="${modules}:mod_clamav" - use deflate && modules="${modules}:mod_deflate" - use pam && modules="${modules}:mod_auth_pam" - use radius && modules="${modules}:mod_radius" - use rewrite && modules="${modules}:mod_rewrite" - use shaper && modules="${modules}:mod_shaper" - use sitemisc && modules="${modules}:mod_site_misc" - use ssl && modules="${modules}:mod_tls" - use tcpd && modules="${modules}:mod_wrap" - use vroot && modules="${modules}:mod_vroot" - - # pam needs to be explicitely disabled - use pam || myconf="${myconf} --enable-auth-pam=no" - - if use ldap ; then - modules="${modules}:mod_ldap" - mylibs="${mylibs} -lresolv" - use ssl && CFLAGS="${CFLAGS} -DUSE_LDAP_TLS" - fi - - if use opensslcrypt ; then - myconf="${myconf} --enable-openssl --with-includes=/usr/include/openssl" - mylibs="${mylibs} -lcrypto" - CFLAGS="${CFLAGS} -DHAVE_OPENSSL" - fi - - use nls && myconf="${myconf} --enable-nls" - - if use mysql || use postgres ; then - modules="${modules}:mod_sql" - if use mysql ; then - modules="${modules}:mod_sql_mysql" - myconf="${myconf} --with-includes=/usr/include/mysql" - fi - if use postgres ; then - modules="${modules}:mod_sql_postgres" - myconf="${myconf} --with-includes=/usr/include/postgresql" - fi - fi - - if use softquota ; then - modules="${modules}:mod_quotatab" - if use mysql || use postgres ; then - modules="${modules}:mod_quotatab_sql" - fi - if use radius ; then - modules="${modules}:mod_quotatab_radius" - fi - if use ldap ; then - modules="${modules}:mod_quotatab_file:mod_quotatab_ldap" - else - modules="${modules}:mod_quotatab_file" - fi - fi - - # mod_ifsession should be the last module in the --with-modules list - # see http://www.castaglia.org/proftpd/modules/mod_ifsession.html#Installation - use ifsession && modules="${modules}:mod_ifsession" - - # bug #30359 - use hardened && echo > lib/libcap/cap_sys.c - gcc-specs-pie && echo > lib/libcap/cap_sys.c - - if use noauthunix ; then - myconf="${myconf} --disable-auth-unix" - else - myconf="${myconf} --enable-auth-unix" - fi - - if use kerberos ; then - cd "${S}"/mod_gss-${MODGSS_VER} - # Generate source files for installed virtual/krb5 provider - if has_version app-crypt/mit-krb5; then - econf --enable-mit - else - econf --enable-heimdal - fi - cd "${S}" - # copy the generated files - cp -f mod_gss-${MODGSS_VER}/mod_gss.c contrib/ - cp -f mod_gss-${MODGSS_VER}/mod_gss.h include/ - cp -f mod_gss-${MODGSS_VER}/mod_auth_gss.c contrib/ - - myconf="${myconf} --enable-dso --with-shared=mod_gss:mod_auth_gss" - fi - - LIBS="${mylibs}" econf \ - --sbindir=/usr/sbin \ - --localstatedir=/var/run \ - --sysconfdir=/etc/proftpd \ - --enable-shadow \ - --enable-autoshadow \ - --enable-ctrls \ - --with-modules=${modules} \ - $(use_enable acl facl) \ - $(use_enable authfile auth-file) \ - $(use_enable ipv6) \ - $(use_enable ncurses) \ - ${myconf} || die "econf failed" - - emake || die "emake failed" -} - -src_install() { - emake DESTDIR="${D}" install || die "emake install failed" - - keepdir /var/run/proftpd - - dodoc "${FILESDIR}/proftpd.conf" \ - COPYING CREDITS ChangeLog NEWS README* \ - doc/license.txt - dohtml doc/*.html - dohtml doc/howto/*.html - - docinto rfc - dodoc doc/rfc/*.txt - - mv -f "${D}/etc/proftpd/proftpd.conf" "${D}/etc/proftpd/proftpd.conf.distrib" - - insinto /etc/proftpd - newins "${FILESDIR}/proftpd.conf" proftpd.conf.sample - - if use xinetd ; then - insinto /etc/xinetd.d - newins "${FILESDIR}/proftpd.xinetd" proftpd - fi - - newinitd "${FILESDIR}/proftpd.rc6" proftpd -} - -pkg_postinst() { - elog - elog "You can find the config files in /etc/proftpd" - elog - ewarn "With the introduction of net-ftp/ftpbase the ftp user is now ftp." - ewarn "Remember to change that in the configuration file." - ewarn - if use mysql && use postgres ; then - ewarn "ProFTPD has been build with the MySQL and PostgreSQL modules." - ewarn "You can use the 'SQLBackend' directive to specify the used SQL" - ewarn "backend. Without this directive the default backend is MySQL." - ewarn - fi - if use clamav ; then - ewarn "mod_clamav was updated to a new version, which uses Clamd" - ewarn "only for virus scanning, so you'll have to set Clamd up" - ewarn "and start it, also re-check the mod_clamav docs." - ewarn - fi -} diff --git a/net-ftp/proftpd/proftpd-1.3.3_rc1-r1.ebuild b/net-ftp/proftpd/proftpd-1.3.3_rc1-r1.ebuild deleted file mode 100644 index 75c7f7a61b21..000000000000 --- a/net-ftp/proftpd/proftpd-1.3.3_rc1-r1.ebuild +++ /dev/null @@ -1,218 +0,0 @@ -# Copyright 1999-2009 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-ftp/proftpd/proftpd-1.3.3_rc1-r1.ebuild,v 1.3 2009/09/24 15:42:20 voyageur Exp $ - -EAPI="2" -inherit autotools eutils - -CASE_VER="0.3" -CLAMAV_VER="0.11rc" -DEFLATE_VER="0.3.3" -GSS_VER="1.3.2" -VROOT_VER="0.8.5" - -DESCRIPTION="An advanced and very configurable FTP server." -HOMEPAGE="http://www.proftpd.org/ - http://www.castaglia.org/proftpd/ - http://www.thrallingpenguin.com/resources/mod_clamav.htm - http://gssmod.sourceforge.net/" -SRC_URI="ftp://ftp.proftpd.org/distrib/source/${P/_/}.tar.bz2 - case? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-case-${CASE_VER}.tar.gz ) - clamav? ( https://secure.thrallingpenguin.com/redmine/attachments/download/1/mod_clamav-${CLAMAV_VER}.tar.gz ) - deflate? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-deflate-${DEFLATE_VER}.tar.gz ) - kerberos? ( mirror://sourceforge/gssmod/mod_gss-${GSS_VER}.tar.gz ) - vroot? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-vroot-${VROOT_VER}.tar.gz )" -LICENSE="GPL-2" - -SLOT="0" -KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86" -IUSE="acl authfile ban +caps case clamav +ctrls deflate doc exec hardened ifsession ident ipv6 kerberos ldap mysql ncurses nls pam postgres radius ratio readme rewrite selinux sftp shaper sitemisc softquota +ssl tcpd trace vroot xinetd" - -DEPEND="acl? ( sys-apps/acl sys-apps/attr ) - caps? ( sys-libs/libcap ) - clamav? ( app-antivirus/clamav ) - kerberos? ( || ( <app-crypt/mit-krb5-1.7 app-crypt/heimdal ) ) - ldap? ( net-nds/openldap ) - mysql? ( virtual/mysql ) - ncurses? ( sys-libs/ncurses ) - pam? ( virtual/pam ) - postgres? ( virtual/postgresql-base ) - sftp? ( dev-libs/openssl ) - ssl? ( dev-libs/openssl ) - tcpd? ( sys-apps/tcp-wrappers ) - xinetd? ( virtual/inetd )" -RDEPEND="${DEPEND} - net-ftp/ftpbase - selinux? ( sec-policy/selinux-ftpd )" - -S="${WORKDIR}/${P/_/}" - -__prepare_plugin() { - mv "${WORKDIR}"/$1/$1.c contrib - mv "${WORKDIR}"/$1/$1.html doc/contrib - rm -rf "${WORKDIR}"/$1 -} - -pkg_setup() { - if [ -f "${ROOT}"/var/run/proftpd.pid ] ; then - eerror "Your ProFTPD server is running. In order to install this update" - eerror "you have to stop the running server. If you are using ProFTPD in" - eerror "the standalone mode you can stop the server by executing:" - eerror " /etc/init.d/proftpd stop" - eerror "If you are sure that ProFTPD is not running anymore you have to" - eerror "delete the /var/run/proftpd.pid file." - die "This update requires to stop the ProFTPD server!" - fi -} - -src_prepare() { - use case && __prepare_plugin mod_case - if use clamav ; then - mv "${WORKDIR}"/mod_clamav-${CLAMAV_VER}/mod_clamav.{c,h} contrib - epatch "${WORKDIR}"/mod_clamav-${CLAMAV_VER}/${PN}.patch - rm -rf "${WORKDIR}"/mod_clamav-${CLAMAV_VER} - fi - use deflate && __prepare_plugin mod_deflate - use vroot && __prepare_plugin mod_vroot - # Bug #284853 when using heimdal - use kerberos && sed -i -e "s/krb5_principal2principalname/_\0/" \ - "${WORKDIR}"/mod_gss-${GSS_VER}/mod_auth_gss.c.in - - # Fix MySQL includes - sed -i -e "s/<mysql.h>/<mysql\/mysql.h>/g" contrib/mod_sql_mysql.c - - # Manipulate build system - sed -i -e "s/utils install-conf install/utils install/g" Makefile.in - sed -i -e "s/ @INSTALL_STRIP@//g" Make.rules.in - sed -e "/libtool\.m4/q" aclocal.m4 > acinclude.m4 - rm -f aclocal.m4 - eautoreconf -} - -src_configure() { - local myconf mylibs mymodules - - use acl && mymodules="${mymodules}:mod_facl" - use ban && mymodules="${mymodules}:mod_ban" - use case && mymodules="${mymodules}:mod_case" - use clamav && mymodules="${mymodules}:mod_clamav" - if use ctrls || use shaper ; then - myconf="${myconf} --enable-ctrls" - mymodules="${mymodules}:mod_ctrls_admin" - fi - use deflate && mymodules="${mymodules}:mod_deflate" - use exec && mymodules="${mymodules}:mod_exec" - if use kerberos ; then - cd "${WORKDIR}"/mod_gss-${GSS_VER} - if has_version <app-crypt/mit-krb5-1.7 ; then - econf --enable-mit - else - econf --enable-heimdal - fi - mv mod_{auth_gss,gss}.c "${S}"/contrib - mv mod_gss.h "${S}"/include - mv README.mod_{auth_gss,gss} "${S}" - mv mod_gss.html "${S}"/doc/contrib - mv rfc{1509,2228}.txt "${S}"/doc/rfc - cd "${S}" - rm -rf "${WORKDIR}"/mod_gss-${GSS_VER} - mymodules="${mymodules}:mod_gss:mod_auth_gss" - fi - if use ldap ; then - mylibs="${mylibs} -lresolv" - mymodules="${mymodules}:mod_ldap" - fi - if use mysql || use postgres ; then - mymodules="${mymodules}:mod_sql" - if use mysql ; then - myconf="${myconf} --with-includes=/usr/include/mysql" - mymodules="${mymodules}:mod_sql_mysql" - fi - if use postgres ; then - myconf="${myconf} --with-includes=/usr/include/postgresql" - mymodules="${mymodules}:mod_sql_postgres" - fi - fi - if use sftp || use ssl ; then - CFLAGS="${CFLAGS} -DHAVE_OPENSSL" - myconf="${myconf} --enable-openssl --with-includes=/usr/include/openssl" - mylibs="${mylibs} -lcrypto" - fi - use radius && mymodules="${mymodules}:mod_radius" - use ratio && mymodules="${mymodules}:mod_ratio" - use readme && mymodules="${mymodules}:mod_readme" - use rewrite && mymodules="${mymodules}:mod_rewrite" - if use sftp ; then - mymodules="${mymodules}:mod_sftp" - use pam && mymodules="${mymodules}:mod_sftp_pam" - if use mysql || use postgres ; then - mymodules="${mymodules}:mod_sftp_sql" - fi - fi - use shaper && mymodules="${mymodules}:mod_shaper" - use sitemisc && mymodules="${mymodules}:mod_site_misc" - if use softquota ; then - mymodules="${mymodules}:mod_quotatab:mod_quotatab_file" - use ldap && mymodules="${mymodules}:mod_quotatab_ldap" - use radius && mymodules="${mymodules}:mod_quotatab_radius" - if use mysql || use postgres ; then - mymodules="${mymodules}:mod_quotatab_sql" - fi - fi - use ssl && mymodules="${mymodules}:mod_tls:mod_tls_shmcache" - use tcpd && mymodules="${mymodules}:mod_wrap" - use vroot && mymodules="${mymodules}:mod_vroot" - # mod_ifsession needs to be the last module in the mymodules list. - use ifsession && mymodules="${mymodules}:mod_ifsession" - - [ ! -z ${mymodules} ] && myconf="${myconf} --with-modules=${mymodules:1}" - LIBS="${mylibs}" econf --sbindir=/usr/sbin --localstatedir=/var/run/proftpd \ - --sysconfdir=/etc/proftpd --enable-shadow --enable-autoshadow \ - $(use_enable acl facl) \ - $(use_enable authfile auth-file) \ - $(use_enable caps cap) \ - $(use_enable ident) \ - $(use_enable ipv6) \ - $(use_enable ncurses) \ - $(use_enable nls) \ - $(use_enable trace) \ - $(use_enable pam auth-pam) \ - ${myconf} || die "econf failed" -} - -src_install() { - emake DESTDIR="${D}" install || die "emake install failed" - - keepdir /var/run/proftpd - newinitd "${FILESDIR}"/proftpd.rc7 proftpd - if use xinetd ; then - insinto /etc/xinetd.d - newins "${FILESDIR}"/proftpd.xinetd proftpd - fi - insinto /etc/proftpd - doins "${FILESDIR}"/proftpd.conf.sample - - dodoc ChangeLog CREDITS INSTALL NEWS README* RELEASE_NOTES - if use doc ; then - dohtml doc/*.html doc/contrib/*.html doc/howto/*.html doc/modules/*.html - docinto rfc - dodoc doc/rfc/*.txt - fi -} - -pkg_postinst() { - if use mysql && use postgres ; then - elog "ProFTPD has been built with the MySQL and PostgreSQL modules." - elog "You can use the 'SQLBackend' directive to specify the used SQL" - elog "backend. Without this directive the default backend is MySQL." - fi - if use exec ; then - ewarn "You have enabled the mod_exec module. This can be a security risk," - ewarn "as detailed in documentation:" - ewarn "Use of this module allows for such external programs to be executed, and also" - ewarn "opens up the server to the mentioned possibilities of compromise or disclosure" - ewarn "via those programs." - ewarn "YOU HAVE BEEN WARNED" - ewarn "USE AT YOUR OWN RISK" - fi -} |