diff options
| author |   Ian Delaney <idella4@gentoo.org> | 2015-05-27 05:40:59 +0000 |
|---|---|---|
| committer | Ian Delaney <idella4@gentoo.org> | 2015-05-27 05:40:59 +0000 |
| commit | dce0a8bc1c100027f2181b64145dfe662f13f281 (patch) | |
| tree | 97161b17465aad39c1e43bc684065275df3d9720 /net-ftp | |
| parent | Stable for HPPA PPC64 (bug #550318). (diff) | |
| download | gentoo-2-dce0a8bc1c100027f2181b64145dfe662f13f281.tar.gz gentoo-2-dce0a8bc1c100027f2181b64145dfe662f13f281.tar.bz2 gentoo-2-dce0a8bc1c100027f2181b64145dfe662f13f281.zip | |
revbump; security patch (split into 2) wrt bug #546644, address qa issues by repoman for deps requiring slot operator
(Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key 0xB8072B0D)
Diffstat (limited to 'net-ftp')
| -rw-r--r-- | net-ftp/proftpd/ChangeLog | 9 | ||||
| -rw-r--r-- | net-ftp/proftpd/files/CVE-2015-3306-test.patch | 321 | ||||
| -rw-r--r-- | net-ftp/proftpd/files/CVE-2015-3306.patch | 269 | ||||
| -rw-r--r-- | net-ftp/proftpd/proftpd-1.3.5-r2.ebuild | 242 |
4 files changed, 840 insertions, 1 deletions
diff --git a/net-ftp/proftpd/ChangeLog b/net-ftp/proftpd/ChangeLog index de33fd25fb91..6d11c441d3db 100644 --- a/net-ftp/proftpd/ChangeLog +++ b/net-ftp/proftpd/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-ftp/proftpd # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-ftp/proftpd/ChangeLog,v 1.329 2015/03/11 09:16:03 slyfox Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-ftp/proftpd/ChangeLog,v 1.330 2015/05/27 05:40:59 idella4 Exp $ + +*proftpd-1.3.5-r2 (27 May 2015) + + 27 May 2015; Ian Delaney <idella4@gentoo.org> +files/CVE-2015-3306-test.patch, + +files/CVE-2015-3306.patch, +proftpd-1.3.5-r2.ebuild: + revbump; security patch (split into 2) wrt bug #546644, address qa issues by + repoman for deps requiring slot operator 11 Mar 2015; Sergei Trofimovich <slyfox@gentoo.org> proftpd-1.3.5.ebuild: ppc64 stable wrt #518290 diff --git a/net-ftp/proftpd/files/CVE-2015-3306-test.patch b/net-ftp/proftpd/files/CVE-2015-3306-test.patch new file mode 100644 index 000000000000..9c939faa8442 --- /dev/null +++ b/net-ftp/proftpd/files/CVE-2015-3306-test.patch @@ -0,0 +1,321 @@ +https://github.com/proftpd/proftpd/commit/3ef395d81327558e6e6def43df9138b1cd4955dd +diff --git a/tests/t/lib/ProFTPD/Tests/Modules/mod_copy.pm b/tests/t/lib/ProFTPD/Tests/Modules/mod_copy.pm +index 251df45..00d8610 100644 +--- a/tests/t/lib/ProFTPD/Tests/Modules/mod_copy.pm ++++ b/tests/t/lib/ProFTPD/Tests/Modules/mod_copy.pm +@@ -21,6 +21,11 @@ my $TESTS = { + test_class => [qw(forking)], + }, + ++ copy_file_no_login => { ++ order => ++$order, ++ test_class => [qw(bug forking)], ++ }, ++ + copy_dir => { + order => ++$order, + test_class => [qw(forking)], +@@ -86,6 +91,11 @@ my $TESTS = { + test_class => [qw(forking)], + }, + ++ copy_cpfr_cpto_no_login => { ++ order => ++$order, ++ test_class => [qw(bug forking)], ++ }, ++ + copy_cpto_no_cpfr => { + order => ++$order, + test_class => [qw(forking)], +@@ -263,6 +273,137 @@ sub copy_file { + unlink($log_file); + } + ++sub copy_file_no_login { ++ my $self = shift; ++ my $tmpdir = $self->{tmpdir}; ++ ++ my $config_file = "$tmpdir/copy.conf"; ++ my $pid_file = File::Spec->rel2abs("$tmpdir/copy.pid"); ++ my $scoreboard_file = File::Spec->rel2abs("$tmpdir/copy.scoreboard"); ++ ++ my $log_file = File::Spec->rel2abs('tests.log'); ++ ++ my $auth_user_file = File::Spec->rel2abs("$tmpdir/copy.passwd"); ++ my $auth_group_file = File::Spec->rel2abs("$tmpdir/copy.group"); ++ ++ my $user = 'proftpd'; ++ my $passwd = 'test'; ++ my $group = 'ftpd'; ++ my $home_dir = File::Spec->rel2abs($tmpdir); ++ my $uid = 500; ++ my $gid = 500; ++ ++ # Make sure that, if we're running as root, that the home directory has ++ # permissions/privs set for the account we create ++ if ($< == 0) { ++ unless (chmod(0755, $home_dir)) { ++ die("Can't set perms on $home_dir to 0755: $!"); ++ } ++ ++ unless (chown($uid, $gid, $home_dir)) { ++ die("Can't set owner of $home_dir to $uid/$gid: $!"); ++ } ++ } ++ ++ auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, ++ '/bin/bash'); ++ auth_group_write($auth_group_file, $group, $gid, $user); ++ ++ my $src_file = File::Spec->rel2abs("$home_dir/foo.txt"); ++ if (open(my $fh, "> $src_file")) { ++ print $fh "Hello, World!\n"; ++ ++ unless (close($fh)) { ++ die("Can't write $src_file: $!"); ++ } ++ ++ } else { ++ die("Can't open $src_file: $!"); ++ } ++ ++ my $dst_file = File::Spec->rel2abs("$home_dir/bar.txt"); ++ ++ my $config = { ++ PidFile => $pid_file, ++ ScoreboardFile => $scoreboard_file, ++ SystemLog => $log_file, ++ ++ AuthUserFile => $auth_user_file, ++ AuthGroupFile => $auth_group_file, ++ ++ IfModules => { ++ 'mod_delay.c' => { ++ DelayEngine => 'off', ++ }, ++ }, ++ }; ++ ++ my ($port, $config_user, $config_group) = config_write($config_file, $config); ++ ++ # Open pipes, for use between the parent and child processes. Specifically, ++ # the child will indicate when it's done with its test by writing a message ++ # to the parent. ++ my ($rfh, $wfh); ++ unless (pipe($rfh, $wfh)) { ++ die("Can't open pipe: $!"); ++ } ++ ++ my $ex; ++ ++ # Fork child ++ $self->handle_sigchld(); ++ defined(my $pid = fork()) or die("Can't fork: $!"); ++ if ($pid) { ++ eval { ++ my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port); ++ ++ eval { $client->site('COPY', 'foo.txt', 'bar.txt') }; ++ unless ($@) { ++ die("SITE COPY succeeded unexpectedly"); ++ } ++ ++ my $resp_code = $client->response_code(); ++ my $resp_msg = $client->response_msg(); ++ ++ my $expected; ++ $expected = 530; ++ $self->assert($expected == $resp_code, ++ test_msg("Expected response code $expected, got $resp_code")); ++ ++ $expected = "Please login with USER and PASS"; ++ $self->assert($expected eq $resp_msg, ++ test_msg("Expected response message '$expected', got '$resp_msg'")); ++ }; ++ ++ if ($@) { ++ $ex = $@; ++ } ++ ++ $wfh->print("done\n"); ++ $wfh->flush(); ++ ++ } else { ++ eval { server_wait($config_file, $rfh) }; ++ if ($@) { ++ warn($@); ++ exit 1; ++ } ++ ++ exit 0; ++ } ++ ++ # Stop server ++ server_stop($pid_file); ++ ++ $self->assert_child_ok($pid); ++ ++ if ($ex) { ++ die($ex); ++ } ++ ++ unlink($log_file); ++} ++ + sub copy_dir { + my $self = shift; + my $tmpdir = $self->{tmpdir}; +@@ -2606,6 +2747,153 @@ sub copy_cpfr_cpto { + unlink($log_file); + } + ++sub copy_cpfr_cpto_no_login { ++ my $self = shift; ++ my $tmpdir = $self->{tmpdir}; ++ ++ my $config_file = "$tmpdir/copy.conf"; ++ my $pid_file = File::Spec->rel2abs("$tmpdir/copy.pid"); ++ my $scoreboard_file = File::Spec->rel2abs("$tmpdir/copy.scoreboard"); ++ ++ my $log_file = File::Spec->rel2abs('tests.log'); ++ ++ my $auth_user_file = File::Spec->rel2abs("$tmpdir/copy.passwd"); ++ my $auth_group_file = File::Spec->rel2abs("$tmpdir/copy.group"); ++ ++ my $user = 'proftpd'; ++ my $passwd = 'test'; ++ my $group = 'ftpd'; ++ my $home_dir = File::Spec->rel2abs($tmpdir); ++ my $uid = 500; ++ my $gid = 500; ++ ++ # Make sure that, if we're running as root, that the home directory has ++ # permissions/privs set for the account we create ++ if ($< == 0) { ++ unless (chmod(0755, $home_dir)) { ++ die("Can't set perms on $home_dir to 0755: $!"); ++ } ++ ++ unless (chown($uid, $gid, $home_dir)) { ++ die("Can't set owner of $home_dir to $uid/$gid: $!"); ++ } ++ } ++ ++ auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, ++ '/bin/bash'); ++ auth_group_write($auth_group_file, $group, $gid, $user); ++ ++ my $src_file = File::Spec->rel2abs("$home_dir/foo.txt"); ++ if (open(my $fh, "> $src_file")) { ++ print $fh "Hello, World!\n"; ++ ++ unless (close($fh)) { ++ die("Can't write $src_file: $!"); ++ } ++ ++ } else { ++ die("Can't open $src_file: $!"); ++ } ++ ++ my $dst_file = File::Spec->rel2abs("$home_dir/bar.txt"); ++ ++ my $config = { ++ PidFile => $pid_file, ++ ScoreboardFile => $scoreboard_file, ++ SystemLog => $log_file, ++ ++ AuthUserFile => $auth_user_file, ++ AuthGroupFile => $auth_group_file, ++ ++ IfModules => { ++ 'mod_delay.c' => { ++ DelayEngine => 'off', ++ }, ++ }, ++ }; ++ ++ my ($port, $config_user, $config_group) = config_write($config_file, $config); ++ ++ # Open pipes, for use between the parent and child processes. Specifically, ++ # the child will indicate when it's done with its test by writing a message ++ # to the parent. ++ my ($rfh, $wfh); ++ unless (pipe($rfh, $wfh)) { ++ die("Can't open pipe: $!"); ++ } ++ ++ my $ex; ++ ++ # Fork child ++ $self->handle_sigchld(); ++ defined(my $pid = fork()) or die("Can't fork: $!"); ++ if ($pid) { ++ eval { ++ my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port); ++ ++ eval { $client->site('CPFR', 'foo.txt') }; ++ unless ($@) { ++ die("SITE CPFR succeeded unexpectedly"); ++ } ++ ++ my $resp_code = $client->response_code(); ++ my $resp_msg = $client->response_msg(); ++ ++ my $expected; ++ $expected = 530; ++ $self->assert($expected == $resp_code, ++ test_msg("Expected response code $expected, got $resp_code")); ++ ++ $expected = "Please login with USER and PASS"; ++ $self->assert($expected eq $resp_msg, ++ test_msg("Expected response message '$expected', got '$resp_msg'")); ++ ++ eval { $client->site('CPTO', 'bar.txt') }; ++ unless ($@) { ++ die("SITE CPTO succeeded unexpectedly"); ++ } ++ ++ $resp_code = $client->response_code(); ++ $resp_msg = $client->response_msg(); ++ ++ $expected = 530; ++ $self->assert($expected == $resp_code, ++ test_msg("Expected response code $expected, got $resp_code")); ++ ++ $expected = "Please login with USER and PASS"; ++ $self->assert($expected eq $resp_msg, ++ test_msg("Expected response message '$expected', got '$resp_msg'")); ++ }; ++ ++ if ($@) { ++ $ex = $@; ++ } ++ ++ $wfh->print("done\n"); ++ $wfh->flush(); ++ ++ } else { ++ eval { server_wait($config_file, $rfh) }; ++ if ($@) { ++ warn($@); ++ exit 1; ++ } ++ ++ exit 0; ++ } ++ ++ # Stop server ++ server_stop($pid_file); ++ ++ $self->assert_child_ok($pid); ++ ++ if ($ex) { ++ die($ex); ++ } ++ ++ unlink($log_file); ++} ++ + sub copy_cpto_no_cpfr { + my $self = shift; + my $tmpdir = $self->{tmpdir}; diff --git a/net-ftp/proftpd/files/CVE-2015-3306.patch b/net-ftp/proftpd/files/CVE-2015-3306.patch new file mode 100644 index 000000000000..eb5e5405173b --- /dev/null +++ b/net-ftp/proftpd/files/CVE-2015-3306.patch @@ -0,0 +1,269 @@ +https://github.com/proftpd/proftpd/commit/3ef395d81327558e6e6def43df9138b1cd4955dd +diff -ur proftpd-1.3.5.orig/contrib/mod_copy.c +proftpd-1.3.5/contrib/mod_copy.c +--- contrib/mod_copy.c 2012-12-28 06:31:29.000000000 +0800 ++++ contrib/mod_copy.c 2015-05-27 10:36:12.411377839 +0800 +@@ -31,7 +31,7 @@ + + #include "conf.h" + +-#define MOD_COPY_VERSION "mod_copy/0.4" ++#define MOD_COPY_VERSION "mod_copy/0.5" + + /* Make sure the version of proftpd is as necessary. */ + #if PROFTPD_VERSION_NUMBER < 0x0001030401 +@@ -40,6 +40,8 @@ + + extern pr_response_t *resp_list, *resp_err_list; + ++static int copy_engine = TRUE; ++ + static const char *trace_channel = "copy"; + + /* These are copied largely from src/mkhome.c */ +@@ -363,7 +365,7 @@ + errno = xerrno; + return -1; + } +- ++ + if (S_ISREG(st.st_mode)) { + char *abs_path; + +@@ -471,10 +473,37 @@ + return 0; + } + ++/* Configuration handlers ++ */ ++ ++/* usage: CopyEngine on|off */ ++MODRET set_copyengine(cmd_rec *cmd) { ++ int engine = -1; ++ config_rec *c; ++ ++ CHECK_ARGS(cmd, 1); ++ CHECK_CONF(cmd, CONF_ROOT|CONF_VIRTUAL|CONF_GLOBAL); ++ ++ engine = get_boolean(cmd, 1); ++ if (engine == -1) { ++ CONF_ERROR(cmd, "expected Boolean parameter"); ++ } ++ ++ c = add_config_param(cmd->argv[0], 1, NULL); ++ c->argv[0] = palloc(c->pool, sizeof(int)); ++ *((int *) c->argv[0]) = engine; ++ ++ return PR_HANDLED(cmd); ++} ++ + /* Command handlers + */ + + MODRET copy_copy(cmd_rec *cmd) { ++ if (copy_engine == FALSE) { ++ return DECLINED(cmd); ++ } ++ + if (cmd->argc < 2) { + return PR_DECLINED(cmd); + } +@@ -539,12 +568,27 @@ + register unsigned int i; + int res; + char *path = ""; ++ unsigned char *authenticated = NULL; ++ ++ if (copy_engine == FALSE) { ++ return PR_DECLINED(cmd); ++ } + + if (cmd->argc < 3 || + strncasecmp(cmd->argv[1], "CPFR", 5) != 0) { + return PR_DECLINED(cmd); + } + ++ authenticated = get_param_ptr(cmd->server->conf, "authenticated", FALSE); ++ if (authenticated == NULL || ++ *authenticated == FALSE) { ++ pr_response_add_err(R_530, _("Please login with USER and PASS")); ++ ++ pr_cmd_set_errno(cmd, EPERM); ++ errno = EPERM; ++ return PR_ERROR(cmd); ++ } ++ + CHECK_CMD_MIN_ARGS(cmd, 3); + + /* Construct the target file name by concatenating all the parameters after +@@ -594,12 +638,27 @@ + MODRET copy_cpto(cmd_rec *cmd) { + register unsigned int i; + char *from, *to = ""; ++ unsigned char *authenticated = NULL; ++ ++ if (copy_engine == FALSE) { ++ return PR_DECLINED(cmd); ++ } + + if (cmd->argc < 3 || + strncasecmp(cmd->argv[1], "CPTO", 5) != 0) { + return PR_DECLINED(cmd); + } + ++ authenticated = get_param_ptr(cmd->server->conf, "authenticated", FALSE); ++ if (authenticated == NULL || ++ *authenticated == FALSE) { ++ pr_response_add_err(R_530, _("Please login with USER and PASS")); ++ ++ pr_cmd_set_errno(cmd, EPERM); ++ errno = EPERM; ++ return PR_ERROR(cmd); ++ } ++ + CHECK_CMD_MIN_ARGS(cmd, 3); + + from = pr_table_get(session.notes, "mod_copy.cpfr-path", NULL); +@@ -632,6 +691,10 @@ + } + + MODRET copy_log_site(cmd_rec *cmd) { ++ if (copy_engine == FALSE) { ++ return PR_DECLINED(cmd); ++ } ++ + if (cmd->argc < 3 || + strncasecmp(cmd->argv[1], "CPTO", 5) != 0) { + return PR_DECLINED(cmd); +@@ -643,23 +706,58 @@ + return PR_DECLINED(cmd); + } + ++MODRET copy_post_pass(cmd_rec *cmd) { ++ config_rec *c; ++ ++ if (copy_engine == FALSE) { ++ return PR_DECLINED(cmd); ++ } ++ ++ /* The CopyEngine directive may have been changed for this user by ++ * e.g. mod_ifsession, thus we check again. ++ */ ++ c = find_config(main_server->conf, CONF_PARAM, "CopyEngine", FALSE); ++ if (c != NULL) { ++ copy_engine = *((int *) c->argv[0]); ++ } ++ ++ return PR_DECLINED(cmd); ++} ++ + /* Initialization functions + */ + + static int copy_sess_init(void) { ++ config_rec *c; ++ ++ c = find_config(main_server->conf, CONF_PARAM, "CopyEngine", FALSE); ++ if (c != NULL) { ++ copy_engine = *((int *) c->argv[0]); ++ } ++ ++ if (copy_engine == FALSE) { ++ return 0; ++ } ++ + /* Advertise support for the SITE command */ + pr_feat_add("SITE COPY"); +- + return 0; + } + + /* Module API tables + */ + ++static conftable copy_conftab[] = { ++ { "CopyEngine", set_copyengine, NULL }, ++ ++ { NULL } ++}; ++ + static cmdtable copy_cmdtab[] = { + { CMD, C_SITE, G_WRITE, copy_copy, FALSE, FALSE, CL_MISC }, + { CMD, C_SITE, G_DIRS, copy_cpfr, FALSE, FALSE, CL_MISC }, + { CMD, C_SITE, G_WRITE, copy_cpto, FALSE, FALSE, CL_MISC }, ++ { POST_CMD, C_PASS, G_NONE, copy_post_pass, FALSE, FALSE }, + { LOG_CMD, C_SITE, G_NONE, copy_log_site, FALSE, FALSE }, + { LOG_CMD_ERR, C_SITE, G_NONE, copy_log_site, FALSE, FALSE }, + +@@ -676,7 +774,7 @@ + "copy", + + /* Module configuration handler table */ +- NULL, ++ copy_conftab, + + /* Module command handler table */ + copy_cmdtab, +diff -ur proftpd-1.3.5.orig/doc/contrib/mod_copy.html proftpd-1.3.5/doc/contrib/mod_copy.html +--- doc/contrib/mod_copy.html 2015-05-27 11:29:40.919649342 +0800 ++++ doc/contrib/mod_copy.html 2015-05-27 11:48:13.087057870 +0800 +@@ -27,22 +27,40 @@ + instructions are discussed <a href="#Installation">here</a>. + + <p> +-The most current version of <code>mod_copy</code> can be found at: +-<pre> +- <a href="http://www.castaglia.org/proftpd/">http://www.castaglia.org/proftpd/</a> +-</pre> ++The most current version of <code>mod_copy</code> is distributed with the ++ProFTPD source code. + + <h2>Author</h2> + <p> + Please contact TJ Saunders <tj <i>at</i> castaglia.org> with any + questions, concerns, or suggestions regarding this module. + ++<h2>Directives</h2> ++<ul> ++ <li><a href="#CopyEngine">CopyEngine</a> ++</ul> ++ + <h2><code>SITE</code> Commands</h2> + <ul> + <li><a href="#SITE_CPFR">SITE CPFR</a> + <li><a href="#SITE_CPTO">SITE CPTO</a> + </ul> + ++<p> ++<hr> ++<h2><a name="CopyEngine">CopyEngine</a></h2> ++<strong>Syntax:</strong> CopyEngine <em>on|off</em><br> ++<strong>Default:</strong> CopyEngine on<br> ++<strong>Context:</strong> server config, <code><VirtualHost></code>, <code><Global></code><br> ++<strong>Module:</strong> mod_radius<br> ++<strong>Compatibility:</strong> 1.3.6rc1 and later ++ ++<p> ++The <code>CopyEngine</code> directive enables or disables the module's ++handling of <code>SITE COPY</code> <i>et al</i> commands. If it is set to ++<em>off</em> this module ignores these commands. ++ ++<p> + <hr> + <h2><a name="SITE_CPFR">SITE CPFR</a></h2> + This <code>SITE</code> command specifies the source file/directory to use +@@ -118,13 +136,8 @@ + <p> + <hr><br> + +-Author: <i>$Author: idella4 $</i><br> +-Last Updated: <i>$Date: 2015/05/27 05:40:59 $</i><br> +- +-<br><hr> +- + <font size=2><b><i> +-© Copyright 2009-2010 TJ Saunders<br> ++© Copyright 2009-2015 TJ Saunders<br> + All Rights Reserved<br> + </i></b></font> + diff --git a/net-ftp/proftpd/proftpd-1.3.5-r2.ebuild b/net-ftp/proftpd/proftpd-1.3.5-r2.ebuild new file mode 100644 index 000000000000..c00dab53537b --- /dev/null +++ b/net-ftp/proftpd/proftpd-1.3.5-r2.ebuild @@ -0,0 +1,242 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-ftp/proftpd/proftpd-1.3.5-r2.ebuild,v 1.1 2015/05/27 05:40:59 idella4 Exp $ + +EAPI=5 +inherit eutils multilib systemd + +MOD_CASE="0.7" +MOD_CLAMAV="0.11rc" +MOD_DISKUSE="0.9" +MOD_GSS="1.3.3" +MOD_MSG="0.4.1" +MOD_VROOT="0.9.3" + +DESCRIPTION="An advanced and very configurable FTP server" +HOMEPAGE="http://www.proftpd.org/ + http://www.castaglia.org/proftpd/ + http://www.thrallingpenguin.com/resources/mod_clamav.htm + http://gssmod.sourceforge.net/" +SRC_URI="ftp://ftp.proftpd.org/distrib/source/${P/_/}.tar.gz + case? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-case-${MOD_CASE}.tar.gz ) + clamav? ( https://secure.thrallingpenguin.com/redmine/attachments/download/1/mod_clamav-${MOD_CLAMAV}.tar.gz ) + diskuse? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-diskuse-${MOD_DISKUSE}.tar.gz ) + kerberos? ( mirror://sourceforge/gssmod/mod_gss-${MOD_GSS}.tar.gz ) + msg? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-msg-${MOD_MSG}.tar.gz ) + vroot? ( https://github.com/Castaglia/${PN}-mod_vroot/archive/mod_vroot-${MOD_VROOT}.tar.gz )" +LICENSE="GPL-2" + +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="acl authfile ban +caps case clamav copy ctrls deflate diskuse doc dso dynmasq exec ifsession ifversion ident ipv6 + kerberos ldap linguas_bg_BG linguas_en_US linguas_fr_FR linguas_it_IT linguas_ja_JP linguas_ko_KR + linguas_ru_RU linguas_zh_CN linguas_zh_TW log_forensic memcache msg mysql ncurses nls openssl pam +pcre postgres qos radius + ratio readme rewrite selinux sftp shaper sitemisc snmp softquota sqlite ssl tcpd test trace unique_id vroot xinetd" +# TODO: geoip +REQUIRED_USE="ban? ( ctrls ) + msg? ( ctrls ) + sftp? ( openssl ) + shaper? ( ctrls ) + ssl? ( openssl )" + +CDEPEND="acl? ( virtual/acl ) + caps? ( sys-libs/libcap ) + clamav? ( app-antivirus/clamav ) + kerberos? ( virtual/krb5 ) + ldap? ( net-nds/openldap ) + memcache? ( >=dev-libs/libmemcached-0.41 ) + mysql? ( virtual/mysql ) + nls? ( virtual/libiconv ) + ncurses? ( sys-libs/ncurses ) + openssl? ( dev-libs/openssl:= ) + pam? ( virtual/pam ) + pcre? ( dev-libs/libpcre ) + postgres? ( dev-db/postgresql:= ) + sqlite? ( dev-db/sqlite:3 ) + xinetd? ( virtual/inetd )" +DEPEND="${CDEPEND} + test? ( dev-libs/check )" +RDEPEND="${CDEPEND} + net-ftp/ftpbase + selinux? ( sec-policy/selinux-ftp )" + +S="${WORKDIR}/${P/_/}" + +__prepare_module() { + local mod_name=$1 + local mod_topdir=${WORKDIR}/${2:-${mod_name}} + + mv "${mod_topdir}/${mod_name}.c" contrib || die + mv "${mod_topdir}/${mod_name}.html" doc/contrib || die + rm -r "${mod_topdir}" || die +} + +src_prepare() { + epatch "${FILESDIR}"/${P}-netaddr-segv.patch + # Bug 546644 security patch CVE-2015-3306 + # CVE-2015-3306.patch was re-based, CVE-2015-3306-test.patch is as it came in + # https://github.com/proftpd/proftpd/commit/3ef395d81327558e6e6def43df9138b1cd4955dd + epatch "${FILESDIR}"/{CVE-2015-3306.patch,CVE-2015-3306-test.patch} + + # Skip 'install-conf' / Support LINGUAS + sed -i -e "/install-all/s/ install-conf//" Makefile.in + sed -i -e "s/^LANGS=.*$/LANGS=${LINGUAS}/" locale/Makefile.in + + # Prepare external modules + use case && __prepare_module mod_case + if use clamav ; then + mv "${WORKDIR}"/mod_clamav-${MOD_CLAMAV}/mod_clamav.{c,h} contrib + epatch "${WORKDIR}"/mod_clamav-${MOD_CLAMAV}/${PN}.patch + rm -r "${WORKDIR}"/mod_clamav-${MOD_CLAMAV} + fi + use msg && __prepare_module mod_msg + use vroot && __prepare_module mod_vroot ${PN}-mod_vroot-mod_vroot-${MOD_VROOT} + + # Prepare external kerberos module + if use kerberos ; then + cd "${WORKDIR}"/mod_gss-${MOD_GSS} + + # Support app-crypt/heimdal / Gentoo Bug #284853 + sed -i -e "s/krb5_principal2principalname/_\0/" mod_auth_gss.c.in + + # Remove obsolete DES / Gentoo Bug #324903 + # Replace 'rpm' lookups / Gentoo Bug #391021 + sed -i -e "/ac_gss_libs/s/ -ldes425//" \ + -e "s/ac_libdir=\`rpm -q -l.*$/ac_libdir=\/usr\/$(get_libdir)\//" \ + -e "s/ac_includedir=\`rpm -q -l.*$/ac_includedir=\/usr\/include\//" configure{,.in} + fi +} + +src_configure() { + local c m + + use acl && m="${m}:mod_facl" + use ban && m="${m}:mod_ban" + use case && m="${m}:mod_case" + use clamav && m="${m}:mod_clamav" + use copy && m="${m}:mod_copy" + use ctrls && m="${m}:mod_ctrls_admin" + use deflate && m="${m}:mod_deflate" + if use diskuse ; then + cd "${WORKDIR}"/mod_diskuse + econf + mv mod_diskuse.{c,h} "${S}"/contrib + mv mod_diskuse.html "${S}"/doc/contrib + cd "${S}" + rm -r "${WORKDIR}"/mod_diskuse + m="${m}:mod_diskuse" + fi + use dynmasq && m="${m}:mod_dynmasq" + use exec && m="${m}:mod_exec" + use ifsession && m="${m}:mod_ifsession" + use ifversion && m="${m}:mod_ifversion" + if use kerberos ; then + cd "${WORKDIR}"/mod_gss-${MOD_GSS} + if has_version app-crypt/mit-krb5 ; then + econf --enable-mit + else + econf --enable-heimdal + fi + mv mod_{auth_gss,gss}.c "${S}"/contrib + mv mod_gss.h "${S}"/include + mv README.mod_{auth_gss,gss} "${S}" + mv mod_gss.html "${S}"/doc/contrib + mv rfc{1509,2228}.txt "${S}"/doc/rfc + cd "${S}" + rm -r "${WORKDIR}"/mod_gss-${MOD_GSS} + m="${m}:mod_gss:mod_auth_gss" + fi + use ldap && m="${m}:mod_ldap" + use log_forensic && m="${m}:mod_log_forensic" + use msg && m="${m}:mod_msg" + if use mysql || use postgres || use sqlite ; then + m="${m}:mod_sql:mod_sql_passwd" + use mysql && m="${m}:mod_sql_mysql" + use postgres && m="${m}:mod_sql_postgres" + use sqlite && m="${m}:mod_sql_sqlite" + fi + use qos && m="${m}:mod_qos" + use radius && m="${m}:mod_radius" + use ratio && m="${m}:mod_ratio" + use readme && m="${m}:mod_readme" + use rewrite && m="${m}:mod_rewrite" + if use sftp ; then + m="${m}:mod_sftp" + use pam && m="${m}:mod_sftp_pam" + use mysql || use postgres || use sqlite && m="${m}:mod_sftp_sql" + fi + use shaper && m="${m}:mod_shaper" + use sitemisc && m="${m}:mod_site_misc" + use snmp && m="${m}:mod_snmp" + if use softquota ; then + m="${m}:mod_quotatab:mod_quotatab_file" + use ldap && m="${m}:mod_quotatab_ldap" + use radius && m="${m}:mod_quotatab_radius" + use mysql || use postgres || use sqlite && m="${m}:mod_quotatab_sql" + fi + if use ssl ; then + m="${m}:mod_tls:mod_tls_shmcache" + use memcache && m="${m}:mod_tls_memcache" + fi + if use tcpd ; then + m="${m}:mod_wrap2:mod_wrap2_file" + use mysql || use postgres || use sqlite && m="${m}:mod_wrap2_sql" + fi + use unique_id && m="${m}:mod_unique_id" + use vroot && m="${m}:mod_vroot" + + if [[ -n ${PROFTP_CUSTOM_MODULES} ]]; then + einfo "Adding user-specified extra modules: '${PROFTP_CUSTOM_MODULES}'" + m="${m}:${PROFTP_CUSTOM_MODULES}" + fi + + [[ -z ${m} ]] || c="${c} --with-modules=${m:1}" + econf --localstatedir=/var/run/proftpd --sysconfdir=/etc/proftpd --disable-strip \ + $(use_enable acl facl) \ + $(use_enable authfile auth-file) \ + $(use_enable caps cap) \ + $(use_enable ctrls) \ + $(use_enable dso) \ + $(use_enable ident) \ + $(use_enable ipv6) \ + $(use_enable memcache) \ + $(use_enable ncurses) \ + $(use_enable nls) \ + $(use_enable openssl) \ + $(use_enable pam auth-pam) \ + $(use_enable pcre) \ + $(use_enable test tests) \ + $(use_enable trace) \ + $(use_enable userland_GNU shadow) \ + $(use_enable userland_GNU autoshadow) \ + ${c:1} +} + +src_test() { + emake api-tests -C tests +} + +src_install() { + default + [[ -z ${LINGUAS} ]] && rm -r "${ED}"/usr/share/locale + rm -rf "${ED}"/var/run + + newinitd "${FILESDIR}"/proftpd.initd proftpd + insinto /etc/proftpd + doins "${FILESDIR}"/proftpd.conf.sample + + if use xinetd ; then + insinto /etc/xinetd.d + newins "${FILESDIR}"/proftpd.xinetd proftpd + fi + + dodoc ChangeLog CREDITS INSTALL NEWS README* RELEASE_NOTES + if use doc ; then + dohtml doc/*.html doc/contrib/*.html doc/howto/*.html doc/modules/*.html + docinto rfc + dodoc doc/rfc/*.txt + fi + + systemd_dounit "${FILESDIR}"/${PN}.service + systemd_newtmpfilesd "${FILESDIR}"/${PN}-tmpfiles.d.conf ${PN}.conf +} |