From 96c20d0de1116a9d4317c8cb9c2810cdc352421a Mon Sep 17 00:00:00 2001 From: Brandon Hale Date: Tue, 4 May 2004 16:23:05 +0000 Subject: Add patch to close privelage escalation bug, see bug #49496. Removing affected versions. --- net-ftp/proftpd/ChangeLog | 9 +- net-ftp/proftpd/Manifest | 17 ++- net-ftp/proftpd/files/digest-proftpd-1.2.9 | 1 - net-ftp/proftpd/files/digest-proftpd-1.2.9-r1 | 1 - net-ftp/proftpd/files/digest-proftpd-1.2.9-r2 | 1 + .../files/proftpd-1.2.9-privescal-fix.patch | 20 +++ net-ftp/proftpd/proftpd-1.2.9-r1.ebuild | 133 -------------------- net-ftp/proftpd/proftpd-1.2.9-r2.ebuild | 134 +++++++++++++++++++++ net-ftp/proftpd/proftpd-1.2.9.ebuild | 127 ------------------- 9 files changed, 171 insertions(+), 272 deletions(-) delete mode 100644 net-ftp/proftpd/files/digest-proftpd-1.2.9 delete mode 100644 net-ftp/proftpd/files/digest-proftpd-1.2.9-r1 create mode 100644 net-ftp/proftpd/files/digest-proftpd-1.2.9-r2 create mode 100644 net-ftp/proftpd/files/proftpd-1.2.9-privescal-fix.patch delete mode 100644 net-ftp/proftpd/proftpd-1.2.9-r1.ebuild create mode 100644 net-ftp/proftpd/proftpd-1.2.9-r2.ebuild delete mode 100644 net-ftp/proftpd/proftpd-1.2.9.ebuild (limited to 'net-ftp/proftpd') diff --git a/net-ftp/proftpd/ChangeLog b/net-ftp/proftpd/ChangeLog index 2cf63a27ec97..5d79af56d487 100644 --- a/net-ftp/proftpd/ChangeLog +++ b/net-ftp/proftpd/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-ftp/proftpd # Copyright 2002-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-ftp/proftpd/ChangeLog,v 1.55 2004/04/27 21:51:21 agriffis Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-ftp/proftpd/ChangeLog,v 1.56 2004/05/04 16:23:04 tseng Exp $ + +*proftpd-1.2.9-r2 (04 May 2004) + + 04 May 2004; Brandon Hale -proftpd-1.2.9-r1.ebuild, + +proftpd-1.2.9-r2.ebuild, -proftpd-1.2.9.ebuild: + Add patch to close privelage escalation bug, see bug #49496. Removing affected + versions. 27 Apr 2004; Aron Griffis proftpd-1.2.9-r1.ebuild: Add inherit eutils diff --git a/net-ftp/proftpd/Manifest b/net-ftp/proftpd/Manifest index 03d451393908..ba7c303c783a 100644 --- a/net-ftp/proftpd/Manifest +++ b/net-ftp/proftpd/Manifest @@ -1,16 +1,15 @@ -MD5 bc516617f8c972f86a42a2bf81e04c21 ChangeLog 8679 -MD5 4cac4135685a0c8d0b20cacafd608c28 proftpd-1.2.9-r1.ebuild 3429 +MD5 d1a58ddb3d9fed89396f672a5d772c1c ChangeLog 8927 +MD5 90dec360681d62748ca722d3eca56e1a proftpd-1.2.9-r2.ebuild 3462 MD5 9fc268673f01fb44ccbeb1ba9b03fe10 proftpd-1.2.8.ebuild 2735 -MD5 8403cc3447fabc18a92eeb5dc891ed26 proftpd-1.2.7.ebuild 3668 MD5 63bd6e87942a25d48bd5365edd8246c0 metadata.xml 268 -MD5 ac1c9c977f6f474e593755940e831dc2 proftpd-1.2.9.ebuild 3322 -MD5 cb6cd6133728449d0da092b1d6147b9d files/digest-proftpd-1.2.8 66 +MD5 8403cc3447fabc18a92eeb5dc891ed26 proftpd-1.2.7.ebuild 3668 +MD5 c1dc1d9278d5b77f53ea44ee848dafc6 files/digest-proftpd-1.2.7 211 +MD5 6c1a92fc601780a49fdfc01aaf483b69 files/digest-proftpd-1.2.9-r2 66 +MD5 50955f0d375360841d50a82b9589e435 files/proftpd-1.2.9-privescal-fix.patch 588 MD5 0cf02f8c82f22e714b8299e7b7907d8f files/mod_sql_postgres.c.patch 275 +MD5 cb6cd6133728449d0da092b1d6147b9d files/digest-proftpd-1.2.8 66 MD5 b338504ed873219e368abab7df6c276d files/proftpd.conf 1704 MD5 09c4b572a757ab1b1b852c5755ac3c67 files/proftpd.rc6 738 MD5 4d676b70c97bc6daabd8c2ba8d52d27a files/proftpd.xinetd 295 -MD5 c1dc1d9278d5b77f53ea44ee848dafc6 files/digest-proftpd-1.2.7 211 -MD5 e558f099037d359da5f855285542246e files/1.2.9_rc3-reversedns.diff 1974 -MD5 6c1a92fc601780a49fdfc01aaf483b69 files/digest-proftpd-1.2.9 66 -MD5 6c1a92fc601780a49fdfc01aaf483b69 files/digest-proftpd-1.2.9-r1 66 MD5 b00999f820f1e46a501ce4fcaeb5fe23 files/proftpd-1.2.9-makefile.patch 434 +MD5 e558f099037d359da5f855285542246e files/1.2.9_rc3-reversedns.diff 1974 diff --git a/net-ftp/proftpd/files/digest-proftpd-1.2.9 b/net-ftp/proftpd/files/digest-proftpd-1.2.9 deleted file mode 100644 index dc35e2c279e0..000000000000 --- a/net-ftp/proftpd/files/digest-proftpd-1.2.9 +++ /dev/null @@ -1 +0,0 @@ -MD5 7c85503b160a36a96594ef75f3180a07 proftpd-1.2.9.tar.bz2 778953 diff --git a/net-ftp/proftpd/files/digest-proftpd-1.2.9-r1 b/net-ftp/proftpd/files/digest-proftpd-1.2.9-r1 deleted file mode 100644 index dc35e2c279e0..000000000000 --- a/net-ftp/proftpd/files/digest-proftpd-1.2.9-r1 +++ /dev/null @@ -1 +0,0 @@ -MD5 7c85503b160a36a96594ef75f3180a07 proftpd-1.2.9.tar.bz2 778953 diff --git a/net-ftp/proftpd/files/digest-proftpd-1.2.9-r2 b/net-ftp/proftpd/files/digest-proftpd-1.2.9-r2 new file mode 100644 index 000000000000..dc35e2c279e0 --- /dev/null +++ b/net-ftp/proftpd/files/digest-proftpd-1.2.9-r2 @@ -0,0 +1 @@ +MD5 7c85503b160a36a96594ef75f3180a07 proftpd-1.2.9.tar.bz2 778953 diff --git a/net-ftp/proftpd/files/proftpd-1.2.9-privescal-fix.patch b/net-ftp/proftpd/files/proftpd-1.2.9-privescal-fix.patch new file mode 100644 index 000000000000..76204e4ad0de --- /dev/null +++ b/net-ftp/proftpd/files/proftpd-1.2.9-privescal-fix.patch @@ -0,0 +1,20 @@ +--- proftpd/src/dirtree.c 1 Nov 2003 07:11:07 -0000 1.125 ++++ proftpd/src/dirtree.c 4 Nov 2003 21:18:25 -0000 +@@ -1556,10 +1556,14 @@ + + if (cidr_mode) { + /* NOTE: encapsulation breakage note/IPv6 change needed here. */ +-#if 0 +- if ((cli_addr->s_addr & htonl(cidr_mask)) == cidr_addr.s_addr) +-#endif ++ ++ if (pr_netaddr_get_family(cli_addr) == AF_INET) { ++ struct in_addr *cli_in_addr = pr_netaddr_get_inaddr(cli_addr); ++ if ((cli_in_addr->s_addr & htonl(cidr_mask)) == cidr_addr.s_addr) { + return 1; ++ } ++ }; ++ + + } else { + pr_netaddr_t *acl_addr = NULL; diff --git a/net-ftp/proftpd/proftpd-1.2.9-r1.ebuild b/net-ftp/proftpd/proftpd-1.2.9-r1.ebuild deleted file mode 100644 index be2eaa707bf5..000000000000 --- a/net-ftp/proftpd/proftpd-1.2.9-r1.ebuild +++ /dev/null @@ -1,133 +0,0 @@ -# Copyright 1999-2004 Gentoo Technologies, Inc. -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-ftp/proftpd/proftpd-1.2.9-r1.ebuild,v 1.5 2004/04/27 21:51:21 agriffis Exp $ - -inherit flag-o-matic eutils - -IUSE="ldap pam postgres mysql ssl tcpd ipv6" - -MY_P=${P/_/} -S=${WORKDIR}/${MY_P} - -DESCRIPTION="An advanced and very configurable FTP server" -SRC_URI="ftp://ftp.proftpd.org/distrib/source/${MY_P}.tar.bz2" -HOMEPAGE="http://www.proftpd.org/" - -SLOT="0" -LICENSE="GPL-2" -KEYWORDS="~x86 ~sparc ~hppa ~alpha ~ppc ~mips ~amd64" - -DEPEND="pam? ( >=sys-libs/pam-0.75 ) - mysql? ( >=dev-db/mysql-3.23.26 ) - ldap? ( >=net-nds/openldap-1.2.11 ) - postgres? ( >=dev-db/postgresql-7.3 ) - ssl? ( >=dev-libs/openssl-0.9.6f ) - tcpd? ( >=sys-apps/tcp-wrappers-7.6-r3 )" - -src_unpack() { - unpack ${A} - cd ${S} - epatch ${FILESDIR}/proftpd-1.2.9-makefile.patch -} - -src_compile() { - local modules myconf - - modules="mod_ratio:mod_readme" - use pam && modules="${modules}:mod_auth_pam" - use tcpd && modules="${modules}:mod_wrap" - - if use ldap; then - einfo ldap - modules="${modules}:mod_ldap" - append-ldflags "-lresolv" - fi - - if use ssl; then - einfo ssl - # enable mod_tls - modules="${modules}:mod_tls" - fi - - if use mysql && use postgres - then - ewarn "ProFTPD only supports either the MySQL or PostgreSQL modules." - ewarn "Presently this ebuild defaults to mysql. If you would like to" - ewarn "change the default behaviour, merge ProFTPD with;" - ewarn "USE=\"-mysql postgres\" emerge proftpd" - sleep 5 - fi - - if use mysql; then - modules="${modules}:mod_sql:mod_sql_mysql" - myconf="--with-includes=/usr/include/mysql" - elif use postgres; then - modules="${modules}:mod_sql:mod_sql_postgres" - myconf="--with-includes=/usr/include/postgresql" - fi - - # New modules for 1.2.9 - # Not sure how these should be enabled yet as no use variables - # apply currently. Uncomment if you want to use them though. - # -raker 06/16/2003 - # - # modules="${modules}:mod_ifsession" - # modules="${modules}:mod_radius" - # modules="${modules}:mod_rewrite" - - # bug #30359 - has_version sys-devel/hardened-gcc && echo > lib/libcap/cap_sys.c - has_pic && echo > lib/libcap/cap_sys.c - - econf \ - --sbindir=/usr/sbin \ - --localstatedir=/var/run \ - --sysconfdir=/etc/proftpd \ - --enable-shadow \ - --disable-sendfile \ - --enable-autoshadow \ - --with-modules=${modules} \ - ${myconf} $( use_enable ipv6 ) || die "bad ./configure" - - emake || die "compile problem" -} - -src_install() { - # Note rundir needs to be specified to avoid sandbox violation - # on initial install. See Make.rules - make DESTDIR=${D} install || die - - keepdir /home/ftp - keepdir /var/run/proftpd - - dodoc contrib/README.mod_sql ${FILESDIR}/proftpd.conf \ - COPYING CREDITS ChangeLog NEWS README* \ - doc/{license.txt,GetConf} - dohtml doc/*.html - docinto rfc - dodoc doc/rfc/*.txt - - mv ${D}/etc/proftpd/proftpd.conf ${D}/etc/proftpd/proftpd.conf.distrib - - insinto /etc/proftpd - newins ${FILESDIR}/proftpd.conf proftpd.conf.sample - - if use pam; then - insinto /etc/pam.d - newins ${S}/contrib/dist/rpm/ftp.pamd ftp - fi - - insinto /etc/xinetd.d - newins ${FILESDIR}/proftpd.xinetd proftpd - - exeinto /etc/init.d ; newexe ${FILESDIR}/proftpd.rc6 proftpd -} - -pkg_postinst() { - groupadd proftpd &>/dev/null - id proftpd &>/dev/null || \ - useradd -g proftpd -d /home/ftp -s /bin/false proftpd - einfo - einfo 'You can find the config files in /etc/proftpd' - einfo -} diff --git a/net-ftp/proftpd/proftpd-1.2.9-r2.ebuild b/net-ftp/proftpd/proftpd-1.2.9-r2.ebuild new file mode 100644 index 000000000000..b6e871426b46 --- /dev/null +++ b/net-ftp/proftpd/proftpd-1.2.9-r2.ebuild @@ -0,0 +1,134 @@ +# Copyright 1999-2004 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-ftp/proftpd/proftpd-1.2.9-r2.ebuild,v 1.1 2004/05/04 16:23:04 tseng Exp $ + +inherit flag-o-matic eutils + +IUSE="ldap pam postgres mysql ssl tcpd ipv6" + +MY_P=${P/_/} +S=${WORKDIR}/${MY_P} + +DESCRIPTION="An advanced and very configurable FTP server" +SRC_URI="ftp://ftp.proftpd.org/distrib/source/${MY_P}.tar.bz2" +HOMEPAGE="http://www.proftpd.org/" + +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="~x86 ~sparc ~hppa ~alpha ~ppc ~mips ~amd64" + +DEPEND="pam? ( >=sys-libs/pam-0.75 ) + mysql? ( >=dev-db/mysql-3.23.26 ) + ldap? ( >=net-nds/openldap-1.2.11 ) + postgres? ( >=dev-db/postgresql-7.3 ) + ssl? ( >=dev-libs/openssl-0.9.6f ) + tcpd? ( >=sys-apps/tcp-wrappers-7.6-r3 )" + +src_unpack() { + unpack ${A} + cd ${S} + epatch ${FILESDIR}/${P}-makefile.patch + epatch ${FILESDIR}/${P}-privescal-fix.patch +} + +src_compile() { + local modules myconf + + modules="mod_ratio:mod_readme" + use pam && modules="${modules}:mod_auth_pam" + use tcpd && modules="${modules}:mod_wrap" + + if use ldap; then + einfo ldap + modules="${modules}:mod_ldap" + append-ldflags "-lresolv" + fi + + if use ssl; then + einfo ssl + # enable mod_tls + modules="${modules}:mod_tls" + fi + + if use mysql && use postgres + then + ewarn "ProFTPD only supports either the MySQL or PostgreSQL modules." + ewarn "Presently this ebuild defaults to mysql. If you would like to" + ewarn "change the default behaviour, merge ProFTPD with;" + ewarn "USE=\"-mysql postgres\" emerge proftpd" + sleep 5 + fi + + if use mysql; then + modules="${modules}:mod_sql:mod_sql_mysql" + myconf="--with-includes=/usr/include/mysql" + elif use postgres; then + modules="${modules}:mod_sql:mod_sql_postgres" + myconf="--with-includes=/usr/include/postgresql" + fi + + # New modules for 1.2.9 + # Not sure how these should be enabled yet as no use variables + # apply currently. Uncomment if you want to use them though. + # -raker 06/16/2003 + # + # modules="${modules}:mod_ifsession" + # modules="${modules}:mod_radius" + # modules="${modules}:mod_rewrite" + + # bug #30359 + has_version sys-devel/hardened-gcc && echo > lib/libcap/cap_sys.c + has_pic && echo > lib/libcap/cap_sys.c + + econf \ + --sbindir=/usr/sbin \ + --localstatedir=/var/run \ + --sysconfdir=/etc/proftpd \ + --enable-shadow \ + --disable-sendfile \ + --enable-autoshadow \ + --with-modules=${modules} \ + ${myconf} $( use_enable ipv6 ) || die "bad ./configure" + + emake || die "compile problem" +} + +src_install() { + # Note rundir needs to be specified to avoid sandbox violation + # on initial install. See Make.rules + make DESTDIR=${D} install || die + + keepdir /home/ftp + keepdir /var/run/proftpd + + dodoc contrib/README.mod_sql ${FILESDIR}/proftpd.conf \ + COPYING CREDITS ChangeLog NEWS README* \ + doc/{license.txt,GetConf} + dohtml doc/*.html + docinto rfc + dodoc doc/rfc/*.txt + + mv ${D}/etc/proftpd/proftpd.conf ${D}/etc/proftpd/proftpd.conf.distrib + + insinto /etc/proftpd + newins ${FILESDIR}/proftpd.conf proftpd.conf.sample + + if use pam; then + insinto /etc/pam.d + newins ${S}/contrib/dist/rpm/ftp.pamd ftp + fi + + insinto /etc/xinetd.d + newins ${FILESDIR}/proftpd.xinetd proftpd + + exeinto /etc/init.d ; newexe ${FILESDIR}/proftpd.rc6 proftpd +} + +pkg_postinst() { + groupadd proftpd &>/dev/null + id proftpd &>/dev/null || \ + useradd -g proftpd -d /home/ftp -s /bin/false proftpd + einfo + einfo 'You can find the config files in /etc/proftpd' + einfo +} diff --git a/net-ftp/proftpd/proftpd-1.2.9.ebuild b/net-ftp/proftpd/proftpd-1.2.9.ebuild deleted file mode 100644 index 437ee81b2981..000000000000 --- a/net-ftp/proftpd/proftpd-1.2.9.ebuild +++ /dev/null @@ -1,127 +0,0 @@ -# Copyright 1999-2004 Gentoo Technologies, Inc. -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-ftp/proftpd/proftpd-1.2.9.ebuild,v 1.11 2004/04/21 02:25:43 eradicator Exp $ - -inherit flag-o-matic - -IUSE="ldap pam postgres mysql ssl tcpd ipv6" - -MY_P=${P/_/} -S=${WORKDIR}/${MY_P} - -DESCRIPTION="An advanced and very configurable FTP server" -SRC_URI="ftp://ftp.proftpd.org/distrib/source/${MY_P}.tar.bz2" -HOMEPAGE="http://www.proftpd.org/" - -SLOT="0" -LICENSE="GPL-2" -KEYWORDS="x86 sparc hppa ~alpha ppc ~mips" - -DEPEND="pam? ( >=sys-libs/pam-0.75 ) - mysql? ( >=dev-db/mysql-3.23.26 ) - ldap? ( >=net-nds/openldap-1.2.11 ) - postgres? ( >=dev-db/postgresql-7.3 ) - ssl? ( >=dev-libs/openssl-0.9.6f ) - tcpd? ( >=sys-apps/tcp-wrappers-7.6-r3 )" - -src_compile() { - local modules myconf - - modules="mod_ratio:mod_readme" - use pam && modules="${modules}:mod_auth_pam" - use tcpd && modules="${modules}:mod_wrap" - - if use ldap; then - einfo ldap - modules="${modules}:mod_ldap" - append-ldflags "-lresolv" - fi - - if use ssl; then - einfo ssl - # enable mod_tls - modules="${modules}:mod_tls" - fi - - if use mysql && use postgres - then - ewarn "ProFTPD only supports either the MySQL or PostgreSQL modules." - ewarn "Presently this ebuild defaults to mysql. If you would like to" - ewarn "change the default behaviour, merge ProFTPD with;" - ewarn "USE=\"-mysql postgres\" emerge proftpd" - sleep 5 - fi - - if use mysql; then - modules="${modules}:mod_sql:mod_sql_mysql" - myconf="--with-includes=/usr/include/mysql" - elif use postgres; then - modules="${modules}:mod_sql:mod_sql_postgres" - myconf="--with-includes=/usr/include/postgresql" - fi - - # New modules for 1.2.9 - # Not sure how these should be enabled yet as no use variables - # apply currently. Uncomment if you want to use them though. - # -raker 06/16/2003 - # - # modules="${modules}:mod_ifsession" - # modules="${modules}:mod_radius" - # modules="${modules}:mod_rewrite" - - # bug #30359 - has_version sys-devel/hardened-gcc && echo > lib/libcap/cap_sys.c - has_pic && echo > lib/libcap/cap_sys.c - - econf \ - --sbindir=/usr/sbin \ - --localstatedir=/var/run \ - --sysconfdir=/etc/proftpd \ - --enable-shadow \ - --disable-sendfile \ - --enable-autoshadow \ - --with-modules=${modules} \ - ${myconf} $( use_enable ipv6 ) || die "bad ./configure" - - emake || die "compile problem" -} - -src_install() { - # Note rundir needs to be specified to avoid sandbox violation - # on initial install. See Make.rules - make DESTDIR=${D} install || die - - keepdir /home/ftp - keepdir /var/run/proftpd - - dodoc contrib/README.mod_sql ${FILESDIR}/proftpd.conf \ - COPYING CREDITS ChangeLog NEWS README* \ - doc/{license.txt,GetConf} - dohtml doc/*.html - docinto rfc - dodoc doc/rfc/*.txt - - mv ${D}/etc/proftpd/proftpd.conf ${D}/etc/proftpd/proftpd.conf.distrib - - insinto /etc/proftpd - newins ${FILESDIR}/proftpd.conf proftpd.conf.sample - - if use pam; then - insinto /etc/pam.d - newins ${S}/contrib/dist/rpm/ftp.pamd ftp - fi - - insinto /etc/xinetd.d - newins ${FILESDIR}/proftpd.xinetd proftpd - - exeinto /etc/init.d ; newexe ${FILESDIR}/proftpd.rc6 proftpd -} - -pkg_postinst() { - groupadd proftpd &>/dev/null - id proftpd &>/dev/null || \ - useradd -g proftpd -d /home/ftp -s /bin/false proftpd - einfo - einfo 'You can find the config files in /etc/proftpd' - einfo -} -- cgit v1.2.3-65-gdbad