Security bump for bug #384454.

Package-Manager: portage-2.1.2_pre1

diff --git a/net-ftp/ftpd/ChangeLog b/net-ftp/ftpd/ChangeLog
index a88611a1eb612ebd4376b6c43ddb460a22164589..f8a83c9b78e5a8c48d070dd253ff096f06bcfd46 100644 (file)
--- a/net-ftp/ftpd/ChangeLog
+++ b/net-ftp/ftpd/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for net-ftp/ftpd
 # Copyright 2002-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-ftp/ftpd/ChangeLog,v 1.26 2006/08/06 02:14:05 chriswhite Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/ftpd/ChangeLog,v 1.27 2006/10/11 01:37:46 chriswhite Exp $
+
+*ftpd-0.17-r4 (11 Oct 2006)
+
+  11 Oct 2006; Chris White <chriswhite@gentoo.org>
+  +files/ftpd-0.17-setguid.patch, +ftpd-0.17-r4.ebuild:
+  Security bump for bug #384454.
 
   05 Aug 2006; Chris White <chriswhite@gentoo.org> -ftpd-0.17.ebuild,
   -ftpd-0.17-r1.ebuild, -ftpd-0.17-r2.ebuild:

diff --git a/net-ftp/ftpd/Manifest b/net-ftp/ftpd/Manifest
index 744a93d4164559c53f6823e0011d877a16dde8f1..2c69f32bff4a6051b1bb9ecd5abf913366c93757 100644 (file)
--- a/net-ftp/ftpd/Manifest
+++ b/net-ftp/ftpd/Manifest
@@ -13,6 +13,10 @@ AUX ftpd-0.17-gcc41.patch 921 RMD160 f1e2348d98602c7ff3cbe7bb0a2777c08c9e52cd SH
 MD5 835a4cb3e4b0fb1234f3b8cb66139a47 files/ftpd-0.17-gcc41.patch 921
 RMD160 f1e2348d98602c7ff3cbe7bb0a2777c08c9e52cd files/ftpd-0.17-gcc41.patch 921
 SHA256 eb1e24e1dfd3443ee197a0f9f4eb44c66db463b67bf3fb427543d6ab5093eaaa files/ftpd-0.17-gcc41.patch 921
+AUX ftpd-0.17-setguid.patch 1961 RMD160 c5ba8678127fdb5dbdd032aa33259251d1266fb7 SHA1 09e6ad7a482d5625e972cb7a998014de76ab3bd9 SHA256 5910195af528a42b37507304303e0fc3ae2e164803674b83c3dc1fb7f91c1944
+MD5 59d1eae5854b8730a05e8aee0d3776b3 files/ftpd-0.17-setguid.patch 1961
+RMD160 c5ba8678127fdb5dbdd032aa33259251d1266fb7 files/ftpd-0.17-setguid.patch 1961
+SHA256 5910195af528a42b37507304303e0fc3ae2e164803674b83c3dc1fb7f91c1944 files/ftpd-0.17-setguid.patch 1961
 AUX ftpd-0.17-shadowfix.patch 895 RMD160 64fc0211ae0f7b7760a7460a9d1044736833d7fc SHA1 23e77f0548f99c34ce1813529ee572eb1548caf4 SHA256 8c8b221554b713c7d842b2b10608010fbf264577cebfaf20c9f34e560e054886
 MD5 7e1217f2de231dda2c8e842a7d7dfb7b files/ftpd-0.17-shadowfix.patch 895
 RMD160 64fc0211ae0f7b7760a7460a9d1044736833d7fc files/ftpd-0.17-shadowfix.patch 895
@@ -27,10 +31,14 @@ EBUILD ftpd-0.17-r3.ebuild 1471 RMD160 ccc78f31a55ae8b366819b0cf80b84d7589fb668
 MD5 09b6a60973d7efdeed923d5485afddd9 ftpd-0.17-r3.ebuild 1471
 RMD160 ccc78f31a55ae8b366819b0cf80b84d7589fb668 ftpd-0.17-r3.ebuild 1471
 SHA256 9d13e34351b1845a4de5b9d55c70b4e6a1df6870a68c0f019311cf4bce34d4a5 ftpd-0.17-r3.ebuild 1471
-MISC ChangeLog 3518 RMD160 021c5c638dac138fc8066f3df9be68c3d612f853 SHA1 3f9bb9c2fcbec67f16381732b0a638622dc36228 SHA256 f3ed2c4585e5d0898edeae422266e5138b0b1ab27150554644713660b4bbb1f7
-MD5 6573a25c1b6f5d41c0693873ca040b1e ChangeLog 3518
-RMD160 021c5c638dac138fc8066f3df9be68c3d612f853 ChangeLog 3518
-SHA256 f3ed2c4585e5d0898edeae422266e5138b0b1ab27150554644713660b4bbb1f7 ChangeLog 3518
+EBUILD ftpd-0.17-r4.ebuild 1535 RMD160 a3a58ad1a1d0618b035610c047e34c495bb62eee SHA1 3d301bdf43397152dc2819e49f2790beb141f73b SHA256 e2836d6b86d20d85f45a5c97cabedc786dcb3f93327bfe4bb79491670be83d3d
+MD5 8543fead649180567485e4d9f1f4c20c ftpd-0.17-r4.ebuild 1535
+RMD160 a3a58ad1a1d0618b035610c047e34c495bb62eee ftpd-0.17-r4.ebuild 1535
+SHA256 e2836d6b86d20d85f45a5c97cabedc786dcb3f93327bfe4bb79491670be83d3d ftpd-0.17-r4.ebuild 1535
+MISC ChangeLog 3688 RMD160 f1fd3b502408f7b6459694352f8bc9958416d25d SHA1 f7b7a927fb2f422ba6f5f8b9803c46efa848a691 SHA256 92a5937e6b839ab018e52cd349d389c19f861515f828dde205228ef42b02c5ae
+MD5 c730d67481950cc8e75cb17c69875bdb ChangeLog 3688
+RMD160 f1fd3b502408f7b6459694352f8bc9958416d25d ChangeLog 3688
+SHA256 92a5937e6b839ab018e52cd349d389c19f861515f828dde205228ef42b02c5ae ChangeLog 3688
 MISC metadata.xml 171 RMD160 5a4d3e8a2c9e0358aa437eb0c76569f91b857ef3 SHA1 ebdc031ba92333fa3e0f93e723dbb09334d819d6 SHA256 35e9133d78efd3d08a76e7e7542de5053f7bbf9bd4b8d15a85c3406086aa4ee5
 MD5 097850a9c53cf1e70cecd8b06234b8e4 metadata.xml 171
 RMD160 5a4d3e8a2c9e0358aa437eb0c76569f91b857ef3 metadata.xml 171
@@ -38,10 +46,13 @@ SHA256 35e9133d78efd3d08a76e7e7542de5053f7bbf9bd4b8d15a85c3406086aa4ee5 metadata
 MD5 a5158bf958d1411f9daefa3a43b7f12e files/digest-ftpd-0.17-r3 497
 RMD160 db856b5782788330427703698f410c205225d8e2 files/digest-ftpd-0.17-r3 497
 SHA256 193c18b7c4e2467ed5453bee8fc5e2b66ab314c429cc4a2daf79fbe652de26ba files/digest-ftpd-0.17-r3 497
+MD5 a5158bf958d1411f9daefa3a43b7f12e files/digest-ftpd-0.17-r4 497
+RMD160 db856b5782788330427703698f410c205225d8e2 files/digest-ftpd-0.17-r4 497
+SHA256 193c18b7c4e2467ed5453bee8fc5e2b66ab314c429cc4a2daf79fbe652de26ba files/digest-ftpd-0.17-r4 497
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.4 (GNU/Linux)
+Version: GnuPG v1.4.5 (GNU/Linux)
 
-iD8DBQFE1EUpFdQwWVoAgN4RAqMEAKDtEbUoqh6ZHBSSzctHNXNHjlVOmgCcCkan
-GT6gKEgBV8wouI1h274PL4A=
-=s4AS
+iD8DBQFFLEsFFdQwWVoAgN4RAlItAJsGckQiIlC7VomWFAXdRbYeiA2iLwCg09sF
+yz4CkCYj52n8/Q5/BK06NwA=
+=c+7N
 -----END PGP SIGNATURE-----

diff --git a/net-ftp/ftpd/files/digest-ftpd-0.17-r4 b/net-ftp/ftpd/files/digest-ftpd-0.17-r4
new file mode 100644 (file)
index 0000000..9c0de1b
--- /dev/null
+++ b/net-ftp/ftpd/files/digest-ftpd-0.17-r4
@@ -0,0 +1,6 @@
+MD5 0b9185d5144904798b721354ea9ff156 linux-ftpd-0.17-ssl.patch 36459
+RMD160 5a0d7301f69b4c1714f36419f98134f9aa0ce874 linux-ftpd-0.17-ssl.patch 36459
+SHA256 0082ee6a71fdd83f61e63166f7bbba97c204cdc67f9e1bf10f2df31590fba780 linux-ftpd-0.17-ssl.patch 36459
+MD5 f5f491564812db5d8783daa538c49186 linux-ftpd-0.17.tar.gz 46763
+RMD160 869e410d8f063c764c04f1d3b41b625a9d679d22 linux-ftpd-0.17.tar.gz 46763
+SHA256 65a0b249e38bf3c3a16dbd4d3edd2657683ca8f47b307e92007f378b21d2fa65 linux-ftpd-0.17.tar.gz 46763

diff --git a/net-ftp/ftpd/files/ftpd-0.17-setguid.patch b/net-ftp/ftpd/files/ftpd-0.17-setguid.patch
new file mode 100644 (file)
index 0000000..f25b2b3
--- /dev/null
+++ b/net-ftp/ftpd/files/ftpd-0.17-setguid.patch
@@ -0,0 +1,66 @@
+--- linux-ftpd-0.17/ftpd/popen.c.bak   1999-07-16 11:12:54.000000000 +1000
++++ linux-ftpd-0.17/ftpd/popen.c       2006-08-25 13:31:33.950447078 +1000
+@@ -169,8 +169,13 @@
+                * XXX: this doesn't seem right... and shouldn't
+                * we initgroups, or at least setgroups(0,0)?
+                */
+-              setgid(getegid());
+-              setuid(i);
++
++/*
++ * PSz 25 Aug 06  Must check the return status of these setgid/setuid calls,
++ * see  http://www.bress.net/blog/archives/34-setuid-madness.html
++ */
++              if ( setgid(geteuid())  != 0 ) _exit(1);
++              if ( setuid(i)          != 0 ) _exit(1);
+  
+ #ifndef __linux__
+ /* 
+--- linux-ftpd-0.17/ftpd/ftpd.c.bak    2006-08-25 12:53:25.277537000 +1000
++++ linux-ftpd-0.17/ftpd/ftpd.c        2006-08-25 13:46:28.798975583 +1000
+@@ -1159,6 +1159,13 @@
+               }
+               strcpy(pw->pw_dir, "/");
+               setenv("HOME", "/", 1);
++      }
++      /* PSz 25 Aug 06  chdir for real users done after setting UID */
++      if (seteuid((uid_t)pw->pw_uid) < 0) {
++              reply(550, "Can't set uid.");
++              goto bad;
++      }
++      if (guest || dochroot) { /* do nothing, handled above */
+       } else if (chdir(pw->pw_dir) < 0) {
+               if (chdir("/") < 0) {
+                       reply(530, "User %s: can't change directory to %s.",
+@@ -1167,10 +1174,7 @@
+               } else
+                       lreply(230, "No directory! Logging in with home=/");
+       }
+-      if (seteuid((uid_t)pw->pw_uid) < 0) {
+-              reply(550, "Can't set uid.");
+-              goto bad;
+-      }
++
+       sigfillset(&allsigs);
+       sigprocmask(SIG_UNBLOCK,&allsigs,NULL);
+ 
+@@ -1408,7 +1412,8 @@
+                       goto bad;
+               sleep(tries);
+       }
+-      (void) seteuid((uid_t)pw->pw_uid);
++/* PSz 25 Aug 06  Check return status */
++      if (seteuid((uid_t)pw->pw_uid) != 0) _exit(1);
+       sigfillset(&allsigs);
+       sigprocmask (SIG_UNBLOCK, &allsigs, NULL);
+ 
+@@ -1440,7 +1445,8 @@
+ bad:
+       /* Return the real value of errno (close may change it) */
+       t = errno;
+-      (void) seteuid((uid_t)pw->pw_uid);
++/* PSz 25 Aug 06  Check return status */
++      if (seteuid((uid_t)pw->pw_uid) != 0) _exit(1);
+       sigfillset (&allsigs);
+       sigprocmask (SIG_UNBLOCK, &allsigs, NULL);
+       (void) close(s);

diff --git a/net-ftp/ftpd/ftpd-0.17-r4.ebuild b/net-ftp/ftpd/ftpd-0.17-r4.ebuild
new file mode 100644 (file)
index 0000000..824de5f
--- /dev/null
+++ b/net-ftp/ftpd/ftpd-0.17-r4.ebuild
@@ -0,0 +1,62 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/ftpd/ftpd-0.17-r4.ebuild,v 1.1 2006/10/11 01:37:46 chriswhite Exp $
+
+inherit eutils ssl-cert
+
+DESCRIPTION="The netkit FTP server with optional SSL support"
+HOMEPAGE="http://www.hcs.harvard.edu/~dholland/computers/netkit.html"
+SRC_URI="ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/linux-${P}.tar.gz
+       mirror://gentoo/linux-${P}-ssl.patch"
+
+LICENSE="as-is"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~ppc ~sparc ~x86"
+IUSE="ssl"
+
+DEPEND="ssl? ( dev-libs/openssl )"
+
+RDEPEND="${DEPEND}
+       virtual/inetd"
+
+S=${WORKDIR}/linux-${P}
+
+src_unpack() {
+       unpack ${A}
+       cd "${S}"
+       use ssl && epatch "${DISTDIR}/linux-${P}-ssl.patch"
+       epatch "${FILESDIR}/${P}-shadowfix.patch"
+
+       # fixes gcc 4.1 compatibility
+       epatch "${FILESDIR}/${P}-gcc41.patch"
+
+       # setguid fix
+       epatch "${FILESDIR}"/${P}-setguid.patch
+}
+
+src_compile() {
+       ./configure --prefix=/usr || die "configure failed"
+       cp MCONFIG MCONFIG.orig
+       sed -e "s:-pipe -O2:${CFLAGS}:" MCONFIG.orig > MCONFIG
+       emake || die "parallel make failed"
+}
+
+src_install() {
+       dobin ftpd/ftpd
+       doman ftpd/ftpd.8
+       dodoc README ChangeLog
+       insinto /etc/xinetd.d
+       newins "${FILESDIR}/ftp.xinetd" ftp
+       if use ssl; then
+               insinto /etc/ssl/certs/
+               docert ftpd
+       fi
+}
+
+pkg_postinst() {
+       if use ssl; then
+               einfo "In order to start the server with SSL support"
+               einfo "You need a certificate /etc/ssl/certs/ftpd.pem."
+               einfo "A temporary certificiate has been created."
+       fi
+}