--- /dev/null
+# ChangeLog for net-ftp/netkit-ftpd
+# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/netkit-ftpd/ChangeLog,v 1.1 2007/01/21 18:54:47 vapier Exp $
+
+*ftpd-0.17-r5 (21 Jan 2007)
+
+ 21 Jan 2007; Mike Frysinger <vapier@gentoo.org> +ftpd-0.17-r5.ebuild,
+ +netkit-ftpd-0.17-build.patch, +netkit-ftpd-0.17-cleanup.patch,
+ +netkit-ftpd-0.17-cleanup-ssl.patch, netkit-ftpd-0.17-setguid.patch:
+ Version bump to fix security issues #155317.
+
+ 08 Jan 2007; Danny van Dyk <kugelfang@gentoo.org> -ftpd-0.17-r3.ebuild:
+ QA: Removed unused versions.
+
+ 17 Oct 2006; Gustavo Zacarias <gustavoz@gentoo.org> ftpd-0.17-r4.ebuild:
+ sparc stable for real
+
+ 15 Oct 2006; Jason Wever <weeve@gentoo.org> ChangeLog:
+ Stable on SPARC wrt security bug #150292.
+
+ 14 Oct 2006; Aron Griffis <agriffis@gentoo.org> ftpd-0.17-r4.ebuild:
+ Mark 0.17-r4 ~ia64
+
+ 14 Oct 2006; Thomas Cort <tcort@gentoo.org> ftpd-0.17-r4.ebuild:
+ Stable on alpha and amd64 wrt security Bug #150292.
+
+ 12 Oct 2006; Paul Varner <fuzzyray@gentoo.org> ftpd-0.17-r4.ebuild:
+ Stable on x86 - Bug #150292
+
+ 11 Oct 2006; Tobias Scherbaum <dertobi123@gentoo.org> ftpd-0.17-r4.ebuild:
+ ppc stable, bug #150292
+
+*ftpd-0.17-r4 (11 Oct 2006)
+
+ 11 Oct 2006; Chris White <chriswhite@gentoo.org>
+ +files/ftpd-0.17-setguid.patch, +ftpd-0.17-r4.ebuild:
+ Security bump for bug #384454.
+
+ 05 Aug 2006; Chris White <chriswhite@gentoo.org> -ftpd-0.17.ebuild,
+ -ftpd-0.17-r1.ebuild, -ftpd-0.17-r2.ebuild:
+ Security punts for bug #140498.
+
+ 20 Jun 2006; Stefan Schweizer <genstef@gentoo.org>
+ +files/ftpd-0.17-gcc41.patch, +metadata.xml, ftpd-0.17-r3.ebuild:
+ Gcc41 patch thanks to Piotr Jaroszynski <peper@aster.pl> in bug 135713
+ thanks to Frank T. Lofaro Jr. <ftlofaro@yahoo.com>, add maintainer-needed
+ metadata.xml
+
+ 28 Jan 2006; Simon Stelling <blubb@gentoo.org> ftpd-0.17.ebuild,
+ ftpd-0.17-r1.ebuild, ftpd-0.17-r2.ebuild:
+ move binary files to mirrors
+
+ 11 Nov 2005; Simon Stelling <blubb@gentoo.org> ftpd-0.17-r3.ebuild:
+ stable on amd64 wrt bug 111573
+
+ 10 Nov 2005; Jose Luis Rivero <yoswink@gentoo.org> ftpd-0.17-r3.ebuild:
+ Stable on alpha wrt security bug #111573
+
+ 10 Nov 2005; Jason Wever <weeve@gentoo.org> ftpd-0.17-r3.ebuild:
+ Stable on SPARC wrt bug #111573.
+
+ 10 Nov 2005; Mark Loeser <halcy0n@gentoo.org> ftpd-0.17-r3.ebuild:
+ Stable on x86; bug #111573
+
+*ftpd-0.17-r3 (09 Nov 2005)
+
+ 09 Nov 2005; Daniel Black <dragonheart@gentoo.org>
+ +ftpd-0.17-r3.ebuild:
+ bumped with a better patch from solar
+
+*ftpd-0.17-r2 (06 Nov 2005)
+
+ 06 Nov 2005; Daniel Black <dragonheart@gentoo.org>
+ +files/ftpd-0.17+ssl-0.3-overflowpatch.diff, +ftpd-0.17-r2.ebuild:
+ fix remote hole in linux-ftpd-ssl - security bug #111573 - patch thanks to
+ James Longstreet, bug thanks to Wernfried Haas
+
+ 26 Jul 2005; David Holm <dholm@gentoo.org> ftpd-0.17-r1.ebuild:
+ Added to ~ppc.
+
+ 19 Oct 2004; Dylan Carlson <absinthe@gentoo.org> ftpd-0.17-r1.ebuild:
+ Stable on amd64.
+
+ 14 Aug 2004; Sven Wegener <swegener@gentoo.org> files/ftp.xinetd:
+ Fixed CVS Header.
+
+ 19 Jun 2004; Jason Wever <weeve@gentoo.org> ftpd-0.17-r1.ebuild:
+ Stable on sparc.
+
+ 09 Jun 2004; Aron Griffis <agriffis@gentoo.org> ftpd-0.17-r1.ebuild,
+ ftpd-0.17.ebuild:
+ Fix use invocation
+
+ 13 Aug 2003; Aron Griffis <agriffis@gentoo.org> ftpd-0.17-r1.ebuild:
+ Mark stable on alpha for LiveCD
+
+ 08 Jun 2003; Seemant Kulleen <seemant@gentoo.org> ftpd-0.17-r1.ebuild:
+ shadow fix patch is not ssl specific, moved out of ssl USE check. Thanks again
+ to: Frank Straetz
+
+*ftpd-0.17-r1 (07 Jun 2003)
+
+ 07 Jun 2003; Seemant Kulleen <seemant@gentoo.org> ftpd-0.17-r1.ebuild,
+ files/ftpd-0.17-shadowfix.patch:
+ fix for shadow passwords, to close bug #12353 opened by Adam Bolte
+ <adam@vivid.net.au>. Fix provided by Frank Straetz <Frank@KTHXBYE.de>
+
+*ftpd-0.17 (25 Nov 2002)
+
+ 29 Apr 2003; Jason Wever <weeve@gentoo.org> ftpd-0.17.ebuild:
+ Added ~sparc to keywords.
+
+ 19 Apr 2003; Martin Holzer <mholzer@gentoo.org> ftpd-0.17.ebuild:
+ Changed to virtual/inetd depend.
+
+ 09 Feb 2003; Seemant Kulleen <seemant@gentoo.org> ftpd-0.17.ebuild :
+
+ Sed expression delimiter from / to :, closing bug #15006 by Blu3
+ <david+gentoo.org@blue-labs.org>
+
+ 15 Jan 2003; Nick Hadaway <raker@gentoo.org> ftpd-0.17.ebuild :
+ Fixed a typo in postinst and added xinetd as an RDEPEND and now
+ installing an /etc/xinetd.d/ftp. Also changed to epatch.
+
+ 05 Dec 2002; Nick Hadaway <raker@gentoo.org> ftpd-0.17.ebuild :
+ Marked stable.
+
+ 25 Nov 2002; Nick Hadaway <raker@gentoo.org> ftpd-0.17.ebuild,
+ files/digest-ftpd-0.17.ebuild, files/ssl.diff.gz :
+ New ebuild. Your basic netkit linux-ftpd patched for ssl support.
--- /dev/null
+MD5 0b9185d5144904798b721354ea9ff156 linux-ftpd-0.17-ssl.patch 36459
+RMD160 5a0d7301f69b4c1714f36419f98134f9aa0ce874 linux-ftpd-0.17-ssl.patch 36459
+SHA256 0082ee6a71fdd83f61e63166f7bbba97c204cdc67f9e1bf10f2df31590fba780 linux-ftpd-0.17-ssl.patch 36459
+MD5 f5f491564812db5d8783daa538c49186 linux-ftpd-0.17.tar.gz 46763
+RMD160 869e410d8f063c764c04f1d3b41b625a9d679d22 linux-ftpd-0.17.tar.gz 46763
+SHA256 65a0b249e38bf3c3a16dbd4d3edd2657683ca8f47b307e92007f378b21d2fa65 linux-ftpd-0.17.tar.gz 46763
--- /dev/null
+MD5 0b9185d5144904798b721354ea9ff156 linux-ftpd-0.17-ssl.patch 36459
+RMD160 5a0d7301f69b4c1714f36419f98134f9aa0ce874 linux-ftpd-0.17-ssl.patch 36459
+SHA256 0082ee6a71fdd83f61e63166f7bbba97c204cdc67f9e1bf10f2df31590fba780 linux-ftpd-0.17-ssl.patch 36459
+MD5 f5f491564812db5d8783daa538c49186 linux-ftpd-0.17.tar.gz 46763
+RMD160 869e410d8f063c764c04f1d3b41b625a9d679d22 linux-ftpd-0.17.tar.gz 46763
+SHA256 65a0b249e38bf3c3a16dbd4d3edd2657683ca8f47b307e92007f378b21d2fa65 linux-ftpd-0.17.tar.gz 46763
--- /dev/null
+# default: off
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/netkit-ftpd/files/ftp.xinetd,v 1.1 2007/01/21 18:54:47 vapier Exp $
+# description: The netkit ftp daemon with optional SSL support.
+
+service ftp
+{
+ socket_type = stream
+ protocol = tcp
+ wait = no
+ user = root
+ server = /usr/bin/ftpd
+ disable = yes
+}
--- /dev/null
+--- configure
++++ configure
+@@ -114,40 +114,6 @@
+ echo 'no'
+ fi
+
+-if [ x$DEBUG = x ]; then
+- echo -n "Checking if $CC accepts -O2... "
+- if (
+- $CC -O2 __conftest.c -o __conftest
+- ) >/dev/null 2>&1; then
+- echo 'yes'
+- CFLAGS="$CFLAGS -O2"
+- else
+- echo 'no'
+- echo -n "Checking if $CC accepts -O... "
+- if (
+- $CC -O __conftest.c -o __conftest
+- ) >/dev/null 2>&1; then
+- echo 'yes'
+- CFLAGS="$CFLAGS -O"
+- else
+- echo 'no'
+- fi
+- fi
+-
+-else
+- echo -n "Checking if $CC accepts -g... "
+- if (
+- $CC -g __conftest.c -o __conftest
+- ) >/dev/null 2>&1; then
+- echo 'yes'
+- CFLAGS="$CFLAGS -g"
+- else
+- echo 'no'
+- fi
+-
+-fi
+-
+-LDFLAGS=
+ LIBS=
+
+ rm -f __conftest*
--- /dev/null
+--- ftpd/ftpcmd.y
++++ ftpd/ftpcmd.y
+@@ -109,6 +109,7 @@
+ typedef struct ssl_st SSL;
+ int SSL_write(SSL *ssl,const char *buf,int num);
+ extern int do_ssl_start(void);
++int ssl_getc(SSL *ssl_con);
+ extern int ssl_secure_flag;
+ extern int ssl_active_flag;
+ extern SSL *ssl_con;
--- /dev/null
+--- ftpd/logwtmp.c
++++ ftpd/logwtmp.c
+@@ -43,6 +43,7 @@
+ #include <sys/types.h>
+ #include <sys/time.h>
+ #include <sys/stat.h>
++#include <time.h>
+
+ #include <fcntl.h>
+ #include <utmp.h>
--- /dev/null
+--- linux-ftpd-0.17/ftpd/ftpcmd.y
++++ linux-ftpd-0.17/ftpd/ftpcmd.y
+@@ -125,7 +125,14 @@
+ char cbuf[512];
+ char *fromname;
+
+-struct tab;
++struct tab {
++ const char *name;
++ short token;
++ short state;
++ short implemented; /* 1 if command is implemented */
++ const char *help;
++};
++
+ static int yylex __P((void));
+ static void sizecmd __P((char *));
+ static void help __P((struct tab *, char *));
+@@ -891,13 +898,6 @@
+ #define SITECMD 7 /* SITE command */
+ #define NSTR 8 /* Number followed by a string */
+
+-struct tab {
+- const char *name;
+- short token;
+- short state;
+- short implemented; /* 1 if command is implemented */
+- const char *help;
+-};
+
+ struct tab cmdtab[] = { /* In order defined in RFC 765 */
+ { "AUTH", AUTH, STR1, 1, "<sp> auth_type" },
--- /dev/null
+--- linux-ftpd-0.17/ftpd/popen.c
++++ linux-ftpd-0.17/ftpd/popen.c
+@@ -169,8 +169,13 @@
+ * XXX: this doesn't seem right... and shouldn't
+ * we initgroups, or at least setgroups(0,0)?
+ */
+- setgid(getegid());
+- setuid(i);
++
++/*
++ * PSz 25 Aug 06 Must check the return status of these setgid/setuid calls,
++ * see http://www.bress.net/blog/archives/34-setuid-madness.html
++ */
++ if ( setgid(getegid()) != 0 ) _exit(1);
++ if ( setuid(i) != 0 ) _exit(1);
+
+ #ifndef __linux__
+ /*
+--- linux-ftpd-0.17/ftpd/ftpd.c
++++ linux-ftpd-0.17/ftpd/ftpd.c
+@@ -1159,6 +1159,13 @@
+ }
+ strcpy(pw->pw_dir, "/");
+ setenv("HOME", "/", 1);
++ }
++ /* PSz 25 Aug 06 chdir for real users done after setting UID */
++ if (seteuid((uid_t)pw->pw_uid) < 0) {
++ reply(550, "Can't set uid.");
++ goto bad;
++ }
++ if (guest || dochroot) { /* do nothing, handled above */
+ } else if (chdir(pw->pw_dir) < 0) {
+ if (chdir("/") < 0) {
+ reply(530, "User %s: can't change directory to %s.",
+@@ -1167,10 +1174,7 @@
+ } else
+ lreply(230, "No directory! Logging in with home=/");
+ }
+- if (seteuid((uid_t)pw->pw_uid) < 0) {
+- reply(550, "Can't set uid.");
+- goto bad;
+- }
++
+ sigfillset(&allsigs);
+ sigprocmask(SIG_UNBLOCK,&allsigs,NULL);
+
+@@ -1408,7 +1412,8 @@
+ goto bad;
+ sleep(tries);
+ }
+- (void) seteuid((uid_t)pw->pw_uid);
++/* PSz 25 Aug 06 Check return status */
++ if (seteuid((uid_t)pw->pw_uid) != 0) _exit(1);
+ sigfillset(&allsigs);
+ sigprocmask (SIG_UNBLOCK, &allsigs, NULL);
+
+@@ -1440,7 +1445,8 @@
+ bad:
+ /* Return the real value of errno (close may change it) */
+ t = errno;
+- (void) seteuid((uid_t)pw->pw_uid);
++/* PSz 25 Aug 06 Check return status */
++ if (seteuid((uid_t)pw->pw_uid) != 0) _exit(1);
+ sigfillset (&allsigs);
+ sigprocmask (SIG_UNBLOCK, &allsigs, NULL);
+ (void) close(s);
--- /dev/null
+--- linux-ftpd-0.17/ftpd/Makefile
++++ linux-ftpd-0.17-patched/ftpd/Makefile
+@@ -19,7 +19,11 @@
+ all: ftpd
+
+ %.o: %.c
++ ifdef USE_SHADOW
++ $(CC) $(CFLAGS) -DUSE_SHADOW -DHASSETPROCTITLE $< -c
++ else
+ $(CC) $(CFLAGS) -DHASSETPROCTITLE $< -c
++ endif
+
+ ftpcmd.c: %.c: %.y
+ $(YACC) $<
+--- linux-ftpd-0.17/support/Makefile
++++ linux-ftpd-0.17-patched/support/Makefile
+@@ -5,7 +5,11 @@
+ all: libsupport.a
+
+ %.o: %.c
++ ifdef USE_SHADOW
++ $(CC) $(CFLAGS) -DUSE_SHADOW -DHASSETPROCTITLE $< -c
++ else
+ $(CC) $(CFLAGS) -DHASSETPROCTITLE $< -c
++ endif
+
+ libsupport.a: $(OBJS)
+ ar -cruv $@ $^
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>base-system</herd>
+</pkgmetadata>
--- /dev/null
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/netkit-ftpd/netkit-ftpd-0.17-r4.ebuild,v 1.1 2007/01/21 18:54:47 vapier Exp $
+
+inherit eutils ssl-cert
+
+MY_P="linux-ftpd-${PV}"
+DESCRIPTION="The netkit FTP server with optional SSL support"
+HOMEPAGE="http://www.hcs.harvard.edu/~dholland/computers/netkit.html"
+SRC_URI="ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/${MY_P}.tar.gz
+ mirror://gentoo/${MY_P}-ssl.patch"
+
+LICENSE="as-is"
+SLOT="0"
+KEYWORDS="alpha amd64 ~ia64 ppc sparc x86"
+IUSE="ssl"
+
+DEPEND="ssl? ( dev-libs/openssl )"
+RDEPEND="${DEPEND}
+ virtual/inetd"
+
+S=${WORKDIR}/${MY_P}
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+ use ssl && epatch "${DISTDIR}"/${MY_P}-ssl.patch
+ epatch "${FILESDIR}"/${P}-shadowfix.patch
+ epatch "${FILESDIR}"/${P}-gcc41.patch
+ epatch "${FILESDIR}"/${P}-setguid.patch
+}
+
+src_compile() {
+ ./configure --prefix=/usr || die "configure failed"
+ sed -i -e "s:-pipe -O2:${CFLAGS}:" MCONFIG
+ emake || die "parallel make failed"
+}
+
+src_install() {
+ dobin ftpd/ftpd || die
+ doman ftpd/ftpd.8
+ dodoc README ChangeLog
+ insinto /etc/xinetd.d
+ newins "${FILESDIR}"/ftp.xinetd ftp
+ if use ssl ; then
+ insinto /etc/ssl/certs
+ docert ftpd
+ fi
+}
+
+pkg_postinst() {
+ if use ssl ; then
+ einfo "In order to start the server with SSL support"
+ einfo "You need a certificate /etc/ssl/certs/ftpd.pem."
+ einfo "A temporary certificiate has been created."
+ fi
+}
--- /dev/null
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/netkit-ftpd/netkit-ftpd-0.17-r5.ebuild,v 1.1 2007/01/21 18:54:47 vapier Exp $
+
+inherit eutils ssl-cert
+
+MY_P="linux-ftpd-${PV}"
+DESCRIPTION="The netkit FTP server with optional SSL support"
+HOMEPAGE="http://www.hcs.harvard.edu/~dholland/computers/netkit.html"
+SRC_URI="ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/${MY_P}.tar.gz
+ mirror://gentoo/${MY_P}-ssl.patch"
+
+LICENSE="as-is"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~s390 ~sh ~sparc ~x86"
+IUSE="ssl"
+
+DEPEND="ssl? ( dev-libs/openssl )"
+RDEPEND="${DEPEND}
+ virtual/inetd"
+
+S=${WORKDIR}/${MY_P}
+
+src_unpack() {
+ unpack ${MY_P}.tar.gz
+ cd "${S}"
+ use ssl && epatch "${DISTDIR}"/${MY_P}-ssl.patch "${FILESDIR}"/${P}-cleanup-ssl.patch
+ epatch "${FILESDIR}"/${P}-cleanup.patch
+ epatch "${FILESDIR}"/${P}-build.patch
+ epatch "${FILESDIR}"/${P}-shadowfix.patch
+ epatch "${FILESDIR}"/${P}-gcc41.patch
+ epatch "${FILESDIR}"/${P}-setguid.patch
+}
+
+src_compile() {
+ ./configure --prefix=/usr || die "configure failed"
+ emake || die "parallel make failed"
+}
+
+src_install() {
+ dobin ftpd/ftpd || die
+ doman ftpd/ftpd.8
+ dodoc README ChangeLog
+ insinto /etc/xinetd.d
+ newins "${FILESDIR}"/ftp.xinetd ftp
+ if use ssl ; then
+ insinto /etc/ssl/certs
+ docert ftpd
+ fi
+}
+
+pkg_postinst() {
+ if use ssl ; then
+ einfo "In order to start the server with SSL support"
+ einfo "You need a certificate /etc/ssl/certs/ftpd.pem."
+ einfo "A temporary certificiate has been created."
+ fi
+}
projects / gentoo.git / commitdiff