+++ /dev/null
-DIST linux-ftpd-0.17-ssl.patch 36459 BLAKE2B 36db6fb984afa6350623ebb2af3913644e01a999e9aea17e2a064c9599fcca1d69c412d67fda8303e83049ea42b89eacb27dd4d5e794612d41a0eb7b409961d5 SHA512 f27dd2f9a50a2b3c38131c46cdb4420f81abfdbb7cd7e70d00e864da3e4562363d585a308e57b9abce7db64ede8d02e41710101e618f6c14489193776b2b1e71
-DIST linux-ftpd-0.17.tar.gz 46763 BLAKE2B b0370a6d96a666e4b58d3841c544e6f2c767c1b561fe53371b06d561332aa8418593d875a7f340df96a60e6d8e8d8bf08f38f296121de85f9c72914fa3cca3b9 SHA512 160191baa904b4c404473e2c1de23813de1b31cbb11a3c28ff64f9953aec8270b74d865a57d5aaa6d25cf404c8aeadff05348a9b32847a2a137ef4c998557d58
+++ /dev/null
-# default: off
-# description: The netkit ftp daemon with optional SSL support.
-
-service ftp
-{
- socket_type = stream
- protocol = tcp
- wait = no
- user = root
- server = /usr/bin/ftpd
- disable = yes
-}
+++ /dev/null
-http://bugs.gentoo.org/239047
-
---- linux-ftpd-0.17/ftpd/extern.h
-+++ linux-ftpd-0.17/ftpd/extern.h
-@@ -43,7 +43,7 @@ void dologout __P((int));
- void fatal __P((const char *));
- int ftpd_pclose __P((FILE *));
- FILE *ftpd_popen __P((char *, const char *));
--char *ftpd_getline __P((char *, int, FILE *));
-+int ftpd_getline __P((char *, int, FILE *));
- void ftpdlogwtmp __P((const char *, const char *, const char *));
- void lreply __P((int, const char *, ...));
- void makedir __P((char *));
---- linux-ftpd-0.17/ftpd/ftpcmd.y
-+++ linux-ftpd-0.17/ftpd/ftpcmd.y
-@@ -980,7 +980,7 @@ static struct tab *lookup(struct tab *p,
- /*
- * getline - a hacked up version of fgets to ignore TELNET escape codes.
- */
--char * ftpd_getline(char *s, int n, FILE *iop)
-+int ftpd_getline(char *s, int n, FILE *iop)
- {
- int c;
- register char *cs;
-@@ -995,7 +995,7 @@ char * ftpd_getline(char *s, int n, FILE
- if (debug)
- syslog(LOG_DEBUG, "command: %s", s);
- tmpline[0] = '\0';
-- return(s);
-+ return(0);
- }
- if (c == 0)
- tmpline[0] = '\0';
-@@ -1037,11 +1037,22 @@ char * ftpd_getline(char *s, int n, FILE
- }
- }
- *cs++ = c;
-- if (--n <= 0 || c == '\n')
-+ if (--n <= 0) {
-+ /*
-+ * If command doesn't fit into buffer, discard the
-+ * rest of the command and indicate truncation.
-+ * This prevents the command to be split up into
-+ * multiple commands.
-+ */
-+ while (c != '\n' && (c = getc(iop)) != EOF)
-+ ;
-+ return (-2);
-+ }
-+ if (c == '\n')
- break;
- }
- if (c == EOF && cs == s)
-- return (NULL);
-+ return (-1);
- *cs++ = '\0';
- if (debug) {
- if (!guest && strncasecmp("pass ", s, 5) == 0) {
-@@ -1061,7 +1072,7 @@ char * ftpd_getline(char *s, int n, FILE
- syslog(LOG_DEBUG, "command: %.*s", len, s);
- }
- }
-- return (s);
-+ return (0);
- }
-
- void toolong(int signo)
-@@ -1090,9 +1101,14 @@ static int yylex(void)
- case CMD:
- (void) signal(SIGALRM, toolong);
- (void) alarm((unsigned) timeout);
-- if (ftpd_getline(cbuf, sizeof(cbuf)-1, stdin)==NULL) {
-+ n = ftpd_getline(cbuf, sizeof(cbuf)-1, stdin);
-+ if (n == -1) {
- reply(221, "You could at least say goodbye.");
- dologout(0);
-+ } else if (n == -2) {
-+ reply(500, "Command too long.");
-+ alarm(0);
-+ continue;
- }
- (void) alarm(0);
- if ((cp = strchr(cbuf, '\r'))) {
---- linux-ftpd-0.17/ftpd/ftpd.c
-+++ linux-ftpd-0.17/ftpd/ftpd.c
-@@ -2210,6 +2210,7 @@ void dologout(int status)
- static void myoob(int signo)
- {
- char *cp;
-+ int ret;
- int save_errno = errno;
-
- (void)signo;
-@@ -2218,9 +2219,13 @@ static void myoob(int signo)
- if (!transflag)
- return;
- cp = tmpline;
-- if (ftpd_getline(cp, 7, stdin) == NULL) {
-+ ret = ftpd_getline(cp, 7, stdin);
-+ if (ret == -1) {
- reply(221, "You could at least say goodbye.");
- dologout(0);
-+ } else if (ret == -2) {
-+ /* Ignore truncated command */
-+ return;
- }
- upper(cp);
- if (strcmp(cp, "ABOR\r\n") == 0) {
+++ /dev/null
---- configure
-+++ configure
-@@ -114,40 +114,6 @@
- echo 'no'
- fi
-
--if [ x$DEBUG = x ]; then
-- echo -n "Checking if $CC accepts -O2... "
-- if (
-- $CC -O2 __conftest.c -o __conftest
-- ) >/dev/null 2>&1; then
-- echo 'yes'
-- CFLAGS="$CFLAGS -O2"
-- else
-- echo 'no'
-- echo -n "Checking if $CC accepts -O... "
-- if (
-- $CC -O __conftest.c -o __conftest
-- ) >/dev/null 2>&1; then
-- echo 'yes'
-- CFLAGS="$CFLAGS -O"
-- else
-- echo 'no'
-- fi
-- fi
--
--else
-- echo -n "Checking if $CC accepts -g... "
-- if (
-- $CC -g __conftest.c -o __conftest
-- ) >/dev/null 2>&1; then
-- echo 'yes'
-- CFLAGS="$CFLAGS -g"
-- else
-- echo 'no'
-- fi
--
--fi
--
--LDFLAGS=
- LIBS=
-
- rm -f __conftest*
+++ /dev/null
---- ftpd/ftpcmd.y
-+++ ftpd/ftpcmd.y
-@@ -109,6 +109,7 @@
- typedef struct ssl_st SSL;
- int SSL_write(SSL *ssl,const char *buf,int num);
- extern int do_ssl_start(void);
-+int ssl_getc(SSL *ssl_con);
- extern int ssl_secure_flag;
- extern int ssl_active_flag;
- extern SSL *ssl_con;
+++ /dev/null
---- ftpd/logwtmp.c
-+++ ftpd/logwtmp.c
-@@ -43,6 +43,7 @@
- #include <sys/types.h>
- #include <sys/time.h>
- #include <sys/stat.h>
-+#include <time.h>
-
- #include <fcntl.h>
- #include <utmp.h>
+++ /dev/null
---- configure.orig 2008-05-11 12:02:50.000000000 -0700
-+++ configure 2008-05-11 12:04:14.000000000 -0700
-@@ -93,7 +93,7 @@
- echo -n 'Checking if C compiler works... '
- if (
- $CC __conftest.c -o __conftest || exit 1
-- ./__conftest || exit 1
-+ [ -e __conftest ] || exit 1
- ) >/dev/null 2>&1; then
- echo 'yes'
- else
-@@ -169,13 +169,13 @@
- EOF
- if (
- $CC $CFLAGS __conftest.c -o __conftest || exit 1
-- ./__conftest || exit 1
-+ [ -e __conftest ] || exit 1
- ) >/dev/null 2>&1; then
- echo 'yes'
- else
- if (
- $CC $CFLAGS -D__USE_BSD_SIGNAL __conftest.c -o __conftest || exit 1
-- ./__conftest || exit 1
-+ [ -e ./__conftest ] || exit 1
- ) >/dev/null 2>&1; then
- echo '-D__USE_BSD_SIGNAL'
- CFLAGS="$CFLAGS -D__USE_BSD_SIGNAL"
-@@ -311,7 +311,7 @@
- else
- if (
- $CC $CFLAGS -D_GNU_SOURCE __conftest.c -o __conftest || exit 1
-- ./__conftest || exit 1
-+ [ -e ./__conftest ] || exit 1
- ) >/dev/null 2>&1; then
- echo '-D_GNU_SOURCE'
- CFLAGS="$CFLAGS -D_GNU_SOURCE"
-@@ -342,7 +342,7 @@
- EOF
- if (
- $CC $CFLAGS __conftest.c $LIBBSD -o __conftest || exit 1
-- ./__conftest || exit 1
-+ [ -e ./__conftest ] || exit 1
- ) >/dev/null 2>&1; then
- echo 'ok'
- else
+++ /dev/null
-diff -u linux-ftpd-ssl-0.17.18+0.3/ftpd/ftpd.c linux-ftpd-ssl-0.17.18+0.3/ftpd/ftpd.c
---- linux-ftpd-ssl-0.17.18+0.3/ftpd/ftpd.c
-+++ linux-ftpd-ssl-0.17.18+0.3/ftpd/ftpd.c
-@@ -1729,7 +1729,7 @@
- static FILE * dataconn(const char *name, off_t size, const char *mode, int stou)
- {
- char sizebuf[32];
-- FILE *file;
-+ FILE *file = NULL;
- int retry = 0, tos;
-
- file_size = size;
-@@ -1822,7 +1822,10 @@
- ERR_error_string(ERR_get_error(),NULL));
- perror_reply(425, errbuf);
- /* abort time methinks ... */
-- fclose(file);
-+ if(file != NULL){
-+ fclose(file);
-+ file = NULL;
-+ }
- return NULL;
- } else {
- if (ssl_debug_flag) {
+++ /dev/null
---- linux-ftpd-0.17/ftpd/ftpcmd.y
-+++ linux-ftpd-0.17/ftpd/ftpcmd.y
-@@ -125,7 +125,14 @@
- char cbuf[512];
- char *fromname;
-
--struct tab;
-+struct tab {
-+ const char *name;
-+ short token;
-+ short state;
-+ short implemented; /* 1 if command is implemented */
-+ const char *help;
-+};
-+
- static int yylex __P((void));
- static void sizecmd __P((char *));
- static void help __P((struct tab *, char *));
-@@ -891,13 +898,6 @@
- #define SITECMD 7 /* SITE command */
- #define NSTR 8 /* Number followed by a string */
-
--struct tab {
-- const char *name;
-- short token;
-- short state;
-- short implemented; /* 1 if command is implemented */
-- const char *help;
--};
-
- struct tab cmdtab[] = { /* In order defined in RFC 765 */
- { "AUTH", AUTH, STR1, 1, "<sp> auth_type" },
+++ /dev/null
---- linux-ftpd-0.17/ftpd/popen.c
-+++ linux-ftpd-0.17/ftpd/popen.c
-@@ -169,8 +169,13 @@
- * XXX: this doesn't seem right... and shouldn't
- * we initgroups, or at least setgroups(0,0)?
- */
-- setgid(getegid());
-- setuid(i);
-+
-+/*
-+ * PSz 25 Aug 06 Must check the return status of these setgid/setuid calls,
-+ * see http://www.bress.net/blog/archives/34-setuid-madness.html
-+ */
-+ if ( setgid(getegid()) != 0 ) _exit(1);
-+ if ( setuid(i) != 0 ) _exit(1);
-
- #ifndef __linux__
- /*
---- linux-ftpd-0.17/ftpd/ftpd.c
-+++ linux-ftpd-0.17/ftpd/ftpd.c
-@@ -1159,6 +1159,13 @@
- }
- strcpy(pw->pw_dir, "/");
- setenv("HOME", "/", 1);
-+ }
-+ /* PSz 25 Aug 06 chdir for real users done after setting UID */
-+ if (seteuid((uid_t)pw->pw_uid) < 0) {
-+ reply(550, "Can't set uid.");
-+ goto bad;
-+ }
-+ if (guest || dochroot) { /* do nothing, handled above */
- } else if (chdir(pw->pw_dir) < 0) {
- if (chdir("/") < 0) {
- reply(530, "User %s: can't change directory to %s.",
-@@ -1167,10 +1174,7 @@
- } else
- lreply(230, "No directory! Logging in with home=/");
- }
-- if (seteuid((uid_t)pw->pw_uid) < 0) {
-- reply(550, "Can't set uid.");
-- goto bad;
-- }
-+
- sigfillset(&allsigs);
- sigprocmask(SIG_UNBLOCK,&allsigs,NULL);
-
-@@ -1408,7 +1412,8 @@
- goto bad;
- sleep(tries);
- }
-- (void) seteuid((uid_t)pw->pw_uid);
-+/* PSz 25 Aug 06 Check return status */
-+ if (seteuid((uid_t)pw->pw_uid) != 0) _exit(1);
- sigfillset(&allsigs);
- sigprocmask (SIG_UNBLOCK, &allsigs, NULL);
-
-@@ -1440,7 +1445,8 @@
- bad:
- /* Return the real value of errno (close may change it) */
- t = errno;
-- (void) seteuid((uid_t)pw->pw_uid);
-+/* PSz 25 Aug 06 Check return status */
-+ if (seteuid((uid_t)pw->pw_uid) != 0) _exit(1);
- sigfillset (&allsigs);
- sigprocmask (SIG_UNBLOCK, &allsigs, NULL);
- (void) close(s);
+++ /dev/null
---- linux-ftpd-0.17/ftpd/Makefile
-+++ linux-ftpd-0.17-patched/ftpd/Makefile
-@@ -19,7 +19,11 @@
- all: ftpd
-
- %.o: %.c
-+ ifdef USE_SHADOW
-+ $(CC) $(CFLAGS) -DUSE_SHADOW -DHASSETPROCTITLE $< -c
-+ else
- $(CC) $(CFLAGS) -DHASSETPROCTITLE $< -c
-+ endif
-
- ftpcmd.c: %.c: %.y
- $(YACC) $<
---- linux-ftpd-0.17/support/Makefile
-+++ linux-ftpd-0.17-patched/support/Makefile
-@@ -5,7 +5,11 @@
- all: libsupport.a
-
- %.o: %.c
-+ ifdef USE_SHADOW
-+ $(CC) $(CFLAGS) -DUSE_SHADOW -DHASSETPROCTITLE $< -c
-+ else
- $(CC) $(CFLAGS) -DHASSETPROCTITLE $< -c
-+ endif
-
- libsupport.a: $(OBJS)
- ar -cruv $@ $^
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
-<maintainer type="project">
- <email>base-system@gentoo.org</email>
- <name>Gentoo Base System</name>
-</maintainer>
-</pkgmetadata>
+++ /dev/null
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit eutils ssl-cert toolchain-funcs
-
-MY_P="linux-ftpd-${PV}"
-DESCRIPTION="The netkit FTP server with optional SSL support"
-HOMEPAGE="http://www.hcs.harvard.edu/~dholland/computers/netkit.html"
-SRC_URI="ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/${MY_P}.tar.gz
- mirror://gentoo/${MY_P}-ssl.patch"
-
-LICENSE="BSD"
-SLOT="0"
-KEYWORDS="alpha amd64 arm ia64 ppc ~ppc64 s390 sh sparc x86"
-IUSE="libressl ssl"
-
-DEPEND="ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:0= ) )
-"
-RDEPEND="${DEPEND}
- virtual/inetd
- !www-servers/publicfile"
-
-S=${WORKDIR}/${MY_P}
-
-src_prepare() {
- default
-
- cd "${S}" || die
- if use ssl; then
- epatch "${DISTDIR}"/${MY_P}-ssl.patch
- epatch "${FILESDIR}"/${P}-cleanup-ssl.patch
- epatch "${FILESDIR}"/${P}-fclose-CVE-2007-6263.patch #199206
- fi
-
- epatch "${FILESDIR}"/${P}-cleanup.patch
- epatch "${FILESDIR}"/${P}-build.patch
- epatch "${FILESDIR}"/${P}-shadowfix.patch
- epatch "${FILESDIR}"/${P}-gcc41.patch
- epatch "${FILESDIR}"/${P}-setguid.patch
- epatch "${FILESDIR}"/${P}-cross.patch
- epatch "${FILESDIR}"/${P}-CVE-2008-4247.patch #239047
-}
-
-src_configure() {
- tc-export CC
- ./configure --prefix=/usr || die
-}
-
-src_compile() {
- emake
-}
-
-src_install() {
- dobin ftpd/ftpd
- doman ftpd/ftpd.8
- dodoc README ChangeLog
- insinto /etc/xinetd.d
- newins "${FILESDIR}"/ftp.xinetd ftp
-}
-
-pkg_postinst() {
- if use ssl; then
- install_cert /etc/ssl/certs/ftpd
- elog "In order to start the server with SSL support"
- elog "You need a certificate /etc/ssl/certs/ftpd.pem."
- elog "A temporary certificiate has been created."
- fi
-}
# net-analyzer/ffp: #674244, dead homepage, current version added 2005
# net-analyzer/nodebrain: #674796, last commits in 2015
# net-analyzer/postal: #677478, last release in 2012
-# net-ftp/netkit-ftpd: #676000, last rel in 2000, also #236290, #540330
#
# Removal in 30 days.
app-crypt/keynote
net-analyzer/ffp
net-analyzer/nodebrain
net-analyzer/postal
-net-ftp/netkit-ftpd
# Miroslav Šulc <fordfrog@gentoo.org> (19 Mar 2019)
# Depends on >=virtual/{jdk,jre}-11 which is masked
projects / gentoo.git / commitdiff