diff options
author | Mike Frysinger <vapier@gentoo.org> | 2007-01-21 18:54:47 +0000 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2007-01-21 18:54:47 +0000 |
commit | 72d8ba47bfb252a16be4b59543e4f8da05b46c96 (patch) | |
tree | 3f266d14ff3eaaae3729415aa881ca4d5bba1ff9 /net-ftp/netkit-ftpd/files | |
parent | renamed to netkit-ftpd (diff) | |
download | gentoo-2-72d8ba47bfb252a16be4b59543e4f8da05b46c96.tar.gz gentoo-2-72d8ba47bfb252a16be4b59543e4f8da05b46c96.tar.bz2 gentoo-2-72d8ba47bfb252a16be4b59543e4f8da05b46c96.zip |
rename from "ftpd" and update for security #155317
(Portage version: 2.1.2-r1)
Diffstat (limited to 'net-ftp/netkit-ftpd/files')
9 files changed, 214 insertions, 0 deletions
diff --git a/net-ftp/netkit-ftpd/files/digest-netkit-ftpd-0.17-r4 b/net-ftp/netkit-ftpd/files/digest-netkit-ftpd-0.17-r4 new file mode 100644 index 000000000000..9c0de1ba222e --- /dev/null +++ b/net-ftp/netkit-ftpd/files/digest-netkit-ftpd-0.17-r4 @@ -0,0 +1,6 @@ +MD5 0b9185d5144904798b721354ea9ff156 linux-ftpd-0.17-ssl.patch 36459 +RMD160 5a0d7301f69b4c1714f36419f98134f9aa0ce874 linux-ftpd-0.17-ssl.patch 36459 +SHA256 0082ee6a71fdd83f61e63166f7bbba97c204cdc67f9e1bf10f2df31590fba780 linux-ftpd-0.17-ssl.patch 36459 +MD5 f5f491564812db5d8783daa538c49186 linux-ftpd-0.17.tar.gz 46763 +RMD160 869e410d8f063c764c04f1d3b41b625a9d679d22 linux-ftpd-0.17.tar.gz 46763 +SHA256 65a0b249e38bf3c3a16dbd4d3edd2657683ca8f47b307e92007f378b21d2fa65 linux-ftpd-0.17.tar.gz 46763 diff --git a/net-ftp/netkit-ftpd/files/digest-netkit-ftpd-0.17-r5 b/net-ftp/netkit-ftpd/files/digest-netkit-ftpd-0.17-r5 new file mode 100644 index 000000000000..9c0de1ba222e --- /dev/null +++ b/net-ftp/netkit-ftpd/files/digest-netkit-ftpd-0.17-r5 @@ -0,0 +1,6 @@ +MD5 0b9185d5144904798b721354ea9ff156 linux-ftpd-0.17-ssl.patch 36459 +RMD160 5a0d7301f69b4c1714f36419f98134f9aa0ce874 linux-ftpd-0.17-ssl.patch 36459 +SHA256 0082ee6a71fdd83f61e63166f7bbba97c204cdc67f9e1bf10f2df31590fba780 linux-ftpd-0.17-ssl.patch 36459 +MD5 f5f491564812db5d8783daa538c49186 linux-ftpd-0.17.tar.gz 46763 +RMD160 869e410d8f063c764c04f1d3b41b625a9d679d22 linux-ftpd-0.17.tar.gz 46763 +SHA256 65a0b249e38bf3c3a16dbd4d3edd2657683ca8f47b307e92007f378b21d2fa65 linux-ftpd-0.17.tar.gz 46763 diff --git a/net-ftp/netkit-ftpd/files/ftp.xinetd b/net-ftp/netkit-ftpd/files/ftp.xinetd new file mode 100644 index 000000000000..2081ba9be2be --- /dev/null +++ b/net-ftp/netkit-ftpd/files/ftp.xinetd @@ -0,0 +1,13 @@ +# default: off +# $Header: /var/cvsroot/gentoo-x86/net-ftp/netkit-ftpd/files/ftp.xinetd,v 1.1 2007/01/21 18:54:47 vapier Exp $ +# description: The netkit ftp daemon with optional SSL support. + +service ftp +{ + socket_type = stream + protocol = tcp + wait = no + user = root + server = /usr/bin/ftpd + disable = yes +} diff --git a/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-build.patch b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-build.patch new file mode 100644 index 000000000000..6df58378c93f --- /dev/null +++ b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-build.patch @@ -0,0 +1,43 @@ +--- configure ++++ configure +@@ -114,40 +114,6 @@ + echo 'no' + fi + +-if [ x$DEBUG = x ]; then +- echo -n "Checking if $CC accepts -O2... " +- if ( +- $CC -O2 __conftest.c -o __conftest +- ) >/dev/null 2>&1; then +- echo 'yes' +- CFLAGS="$CFLAGS -O2" +- else +- echo 'no' +- echo -n "Checking if $CC accepts -O... " +- if ( +- $CC -O __conftest.c -o __conftest +- ) >/dev/null 2>&1; then +- echo 'yes' +- CFLAGS="$CFLAGS -O" +- else +- echo 'no' +- fi +- fi +- +-else +- echo -n "Checking if $CC accepts -g... " +- if ( +- $CC -g __conftest.c -o __conftest +- ) >/dev/null 2>&1; then +- echo 'yes' +- CFLAGS="$CFLAGS -g" +- else +- echo 'no' +- fi +- +-fi +- +-LDFLAGS= + LIBS= + + rm -f __conftest* diff --git a/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-cleanup-ssl.patch b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-cleanup-ssl.patch new file mode 100644 index 000000000000..e228eaceda5f --- /dev/null +++ b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-cleanup-ssl.patch @@ -0,0 +1,10 @@ +--- ftpd/ftpcmd.y ++++ ftpd/ftpcmd.y +@@ -109,6 +109,7 @@ + typedef struct ssl_st SSL; + int SSL_write(SSL *ssl,const char *buf,int num); + extern int do_ssl_start(void); ++int ssl_getc(SSL *ssl_con); + extern int ssl_secure_flag; + extern int ssl_active_flag; + extern SSL *ssl_con; diff --git a/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-cleanup.patch b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-cleanup.patch new file mode 100644 index 000000000000..73289adfba05 --- /dev/null +++ b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-cleanup.patch @@ -0,0 +1,10 @@ +--- ftpd/logwtmp.c ++++ ftpd/logwtmp.c +@@ -43,6 +43,7 @@ + #include <sys/types.h> + #include <sys/time.h> + #include <sys/stat.h> ++#include <time.h> + + #include <fcntl.h> + #include <utmp.h> diff --git a/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-gcc41.patch b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-gcc41.patch new file mode 100644 index 000000000000..5f516ce5d356 --- /dev/null +++ b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-gcc41.patch @@ -0,0 +1,32 @@ +--- linux-ftpd-0.17/ftpd/ftpcmd.y ++++ linux-ftpd-0.17/ftpd/ftpcmd.y +@@ -125,7 +125,14 @@ + char cbuf[512]; + char *fromname; + +-struct tab; ++struct tab { ++ const char *name; ++ short token; ++ short state; ++ short implemented; /* 1 if command is implemented */ ++ const char *help; ++}; ++ + static int yylex __P((void)); + static void sizecmd __P((char *)); + static void help __P((struct tab *, char *)); +@@ -891,13 +898,6 @@ + #define SITECMD 7 /* SITE command */ + #define NSTR 8 /* Number followed by a string */ + +-struct tab { +- const char *name; +- short token; +- short state; +- short implemented; /* 1 if command is implemented */ +- const char *help; +-}; + + struct tab cmdtab[] = { /* In order defined in RFC 765 */ + { "AUTH", AUTH, STR1, 1, "<sp> auth_type" }, diff --git a/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-setguid.patch b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-setguid.patch new file mode 100644 index 000000000000..f5d0cf75fcfd --- /dev/null +++ b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-setguid.patch @@ -0,0 +1,66 @@ +--- linux-ftpd-0.17/ftpd/popen.c ++++ linux-ftpd-0.17/ftpd/popen.c +@@ -169,8 +169,13 @@ + * XXX: this doesn't seem right... and shouldn't + * we initgroups, or at least setgroups(0,0)? + */ +- setgid(getegid()); +- setuid(i); ++ ++/* ++ * PSz 25 Aug 06 Must check the return status of these setgid/setuid calls, ++ * see http://www.bress.net/blog/archives/34-setuid-madness.html ++ */ ++ if ( setgid(getegid()) != 0 ) _exit(1); ++ if ( setuid(i) != 0 ) _exit(1); + + #ifndef __linux__ + /* +--- linux-ftpd-0.17/ftpd/ftpd.c ++++ linux-ftpd-0.17/ftpd/ftpd.c +@@ -1159,6 +1159,13 @@ + } + strcpy(pw->pw_dir, "/"); + setenv("HOME", "/", 1); ++ } ++ /* PSz 25 Aug 06 chdir for real users done after setting UID */ ++ if (seteuid((uid_t)pw->pw_uid) < 0) { ++ reply(550, "Can't set uid."); ++ goto bad; ++ } ++ if (guest || dochroot) { /* do nothing, handled above */ + } else if (chdir(pw->pw_dir) < 0) { + if (chdir("/") < 0) { + reply(530, "User %s: can't change directory to %s.", +@@ -1167,10 +1174,7 @@ + } else + lreply(230, "No directory! Logging in with home=/"); + } +- if (seteuid((uid_t)pw->pw_uid) < 0) { +- reply(550, "Can't set uid."); +- goto bad; +- } ++ + sigfillset(&allsigs); + sigprocmask(SIG_UNBLOCK,&allsigs,NULL); + +@@ -1408,7 +1412,8 @@ + goto bad; + sleep(tries); + } +- (void) seteuid((uid_t)pw->pw_uid); ++/* PSz 25 Aug 06 Check return status */ ++ if (seteuid((uid_t)pw->pw_uid) != 0) _exit(1); + sigfillset(&allsigs); + sigprocmask (SIG_UNBLOCK, &allsigs, NULL); + +@@ -1440,7 +1445,8 @@ + bad: + /* Return the real value of errno (close may change it) */ + t = errno; +- (void) seteuid((uid_t)pw->pw_uid); ++/* PSz 25 Aug 06 Check return status */ ++ if (seteuid((uid_t)pw->pw_uid) != 0) _exit(1); + sigfillset (&allsigs); + sigprocmask (SIG_UNBLOCK, &allsigs, NULL); + (void) close(s); diff --git a/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-shadowfix.patch b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-shadowfix.patch new file mode 100644 index 000000000000..79a241ff9c51 --- /dev/null +++ b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-shadowfix.patch @@ -0,0 +1,28 @@ +--- linux-ftpd-0.17/ftpd/Makefile ++++ linux-ftpd-0.17-patched/ftpd/Makefile +@@ -19,7 +19,11 @@ + all: ftpd + + %.o: %.c ++ ifdef USE_SHADOW ++ $(CC) $(CFLAGS) -DUSE_SHADOW -DHASSETPROCTITLE $< -c ++ else + $(CC) $(CFLAGS) -DHASSETPROCTITLE $< -c ++ endif + + ftpcmd.c: %.c: %.y + $(YACC) $< +--- linux-ftpd-0.17/support/Makefile ++++ linux-ftpd-0.17-patched/support/Makefile +@@ -5,7 +5,11 @@ + all: libsupport.a + + %.o: %.c ++ ifdef USE_SHADOW ++ $(CC) $(CFLAGS) -DUSE_SHADOW -DHASSETPROCTITLE $< -c ++ else + $(CC) $(CFLAGS) -DHASSETPROCTITLE $< -c ++ endif + + libsupport.a: $(OBJS) + ar -cruv $@ $^ |