summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2007-01-21 18:54:47 +0000
committerMike Frysinger <vapier@gentoo.org>2007-01-21 18:54:47 +0000
commit72d8ba47bfb252a16be4b59543e4f8da05b46c96 (patch)
tree3f266d14ff3eaaae3729415aa881ca4d5bba1ff9 /net-ftp/netkit-ftpd/files
parentrenamed to netkit-ftpd (diff)
downloadgentoo-2-72d8ba47bfb252a16be4b59543e4f8da05b46c96.tar.gz
gentoo-2-72d8ba47bfb252a16be4b59543e4f8da05b46c96.tar.bz2
gentoo-2-72d8ba47bfb252a16be4b59543e4f8da05b46c96.zip
rename from "ftpd" and update for security #155317
(Portage version: 2.1.2-r1)
Diffstat (limited to 'net-ftp/netkit-ftpd/files')
-rw-r--r--net-ftp/netkit-ftpd/files/digest-netkit-ftpd-0.17-r46
-rw-r--r--net-ftp/netkit-ftpd/files/digest-netkit-ftpd-0.17-r56
-rw-r--r--net-ftp/netkit-ftpd/files/ftp.xinetd13
-rw-r--r--net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-build.patch43
-rw-r--r--net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-cleanup-ssl.patch10
-rw-r--r--net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-cleanup.patch10
-rw-r--r--net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-gcc41.patch32
-rw-r--r--net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-setguid.patch66
-rw-r--r--net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-shadowfix.patch28
9 files changed, 214 insertions, 0 deletions
diff --git a/net-ftp/netkit-ftpd/files/digest-netkit-ftpd-0.17-r4 b/net-ftp/netkit-ftpd/files/digest-netkit-ftpd-0.17-r4
new file mode 100644
index 000000000000..9c0de1ba222e
--- /dev/null
+++ b/net-ftp/netkit-ftpd/files/digest-netkit-ftpd-0.17-r4
@@ -0,0 +1,6 @@
+MD5 0b9185d5144904798b721354ea9ff156 linux-ftpd-0.17-ssl.patch 36459
+RMD160 5a0d7301f69b4c1714f36419f98134f9aa0ce874 linux-ftpd-0.17-ssl.patch 36459
+SHA256 0082ee6a71fdd83f61e63166f7bbba97c204cdc67f9e1bf10f2df31590fba780 linux-ftpd-0.17-ssl.patch 36459
+MD5 f5f491564812db5d8783daa538c49186 linux-ftpd-0.17.tar.gz 46763
+RMD160 869e410d8f063c764c04f1d3b41b625a9d679d22 linux-ftpd-0.17.tar.gz 46763
+SHA256 65a0b249e38bf3c3a16dbd4d3edd2657683ca8f47b307e92007f378b21d2fa65 linux-ftpd-0.17.tar.gz 46763
diff --git a/net-ftp/netkit-ftpd/files/digest-netkit-ftpd-0.17-r5 b/net-ftp/netkit-ftpd/files/digest-netkit-ftpd-0.17-r5
new file mode 100644
index 000000000000..9c0de1ba222e
--- /dev/null
+++ b/net-ftp/netkit-ftpd/files/digest-netkit-ftpd-0.17-r5
@@ -0,0 +1,6 @@
+MD5 0b9185d5144904798b721354ea9ff156 linux-ftpd-0.17-ssl.patch 36459
+RMD160 5a0d7301f69b4c1714f36419f98134f9aa0ce874 linux-ftpd-0.17-ssl.patch 36459
+SHA256 0082ee6a71fdd83f61e63166f7bbba97c204cdc67f9e1bf10f2df31590fba780 linux-ftpd-0.17-ssl.patch 36459
+MD5 f5f491564812db5d8783daa538c49186 linux-ftpd-0.17.tar.gz 46763
+RMD160 869e410d8f063c764c04f1d3b41b625a9d679d22 linux-ftpd-0.17.tar.gz 46763
+SHA256 65a0b249e38bf3c3a16dbd4d3edd2657683ca8f47b307e92007f378b21d2fa65 linux-ftpd-0.17.tar.gz 46763
diff --git a/net-ftp/netkit-ftpd/files/ftp.xinetd b/net-ftp/netkit-ftpd/files/ftp.xinetd
new file mode 100644
index 000000000000..2081ba9be2be
--- /dev/null
+++ b/net-ftp/netkit-ftpd/files/ftp.xinetd
@@ -0,0 +1,13 @@
+# default: off
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/netkit-ftpd/files/ftp.xinetd,v 1.1 2007/01/21 18:54:47 vapier Exp $
+# description: The netkit ftp daemon with optional SSL support.
+
+service ftp
+{
+ socket_type = stream
+ protocol = tcp
+ wait = no
+ user = root
+ server = /usr/bin/ftpd
+ disable = yes
+}
diff --git a/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-build.patch b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-build.patch
new file mode 100644
index 000000000000..6df58378c93f
--- /dev/null
+++ b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-build.patch
@@ -0,0 +1,43 @@
+--- configure
++++ configure
+@@ -114,40 +114,6 @@
+ echo 'no'
+ fi
+
+-if [ x$DEBUG = x ]; then
+- echo -n "Checking if $CC accepts -O2... "
+- if (
+- $CC -O2 __conftest.c -o __conftest
+- ) >/dev/null 2>&1; then
+- echo 'yes'
+- CFLAGS="$CFLAGS -O2"
+- else
+- echo 'no'
+- echo -n "Checking if $CC accepts -O... "
+- if (
+- $CC -O __conftest.c -o __conftest
+- ) >/dev/null 2>&1; then
+- echo 'yes'
+- CFLAGS="$CFLAGS -O"
+- else
+- echo 'no'
+- fi
+- fi
+-
+-else
+- echo -n "Checking if $CC accepts -g... "
+- if (
+- $CC -g __conftest.c -o __conftest
+- ) >/dev/null 2>&1; then
+- echo 'yes'
+- CFLAGS="$CFLAGS -g"
+- else
+- echo 'no'
+- fi
+-
+-fi
+-
+-LDFLAGS=
+ LIBS=
+
+ rm -f __conftest*
diff --git a/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-cleanup-ssl.patch b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-cleanup-ssl.patch
new file mode 100644
index 000000000000..e228eaceda5f
--- /dev/null
+++ b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-cleanup-ssl.patch
@@ -0,0 +1,10 @@
+--- ftpd/ftpcmd.y
++++ ftpd/ftpcmd.y
+@@ -109,6 +109,7 @@
+ typedef struct ssl_st SSL;
+ int SSL_write(SSL *ssl,const char *buf,int num);
+ extern int do_ssl_start(void);
++int ssl_getc(SSL *ssl_con);
+ extern int ssl_secure_flag;
+ extern int ssl_active_flag;
+ extern SSL *ssl_con;
diff --git a/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-cleanup.patch b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-cleanup.patch
new file mode 100644
index 000000000000..73289adfba05
--- /dev/null
+++ b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-cleanup.patch
@@ -0,0 +1,10 @@
+--- ftpd/logwtmp.c
++++ ftpd/logwtmp.c
+@@ -43,6 +43,7 @@
+ #include <sys/types.h>
+ #include <sys/time.h>
+ #include <sys/stat.h>
++#include <time.h>
+
+ #include <fcntl.h>
+ #include <utmp.h>
diff --git a/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-gcc41.patch b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-gcc41.patch
new file mode 100644
index 000000000000..5f516ce5d356
--- /dev/null
+++ b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-gcc41.patch
@@ -0,0 +1,32 @@
+--- linux-ftpd-0.17/ftpd/ftpcmd.y
++++ linux-ftpd-0.17/ftpd/ftpcmd.y
+@@ -125,7 +125,14 @@
+ char cbuf[512];
+ char *fromname;
+
+-struct tab;
++struct tab {
++ const char *name;
++ short token;
++ short state;
++ short implemented; /* 1 if command is implemented */
++ const char *help;
++};
++
+ static int yylex __P((void));
+ static void sizecmd __P((char *));
+ static void help __P((struct tab *, char *));
+@@ -891,13 +898,6 @@
+ #define SITECMD 7 /* SITE command */
+ #define NSTR 8 /* Number followed by a string */
+
+-struct tab {
+- const char *name;
+- short token;
+- short state;
+- short implemented; /* 1 if command is implemented */
+- const char *help;
+-};
+
+ struct tab cmdtab[] = { /* In order defined in RFC 765 */
+ { "AUTH", AUTH, STR1, 1, "<sp> auth_type" },
diff --git a/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-setguid.patch b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-setguid.patch
new file mode 100644
index 000000000000..f5d0cf75fcfd
--- /dev/null
+++ b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-setguid.patch
@@ -0,0 +1,66 @@
+--- linux-ftpd-0.17/ftpd/popen.c
++++ linux-ftpd-0.17/ftpd/popen.c
+@@ -169,8 +169,13 @@
+ * XXX: this doesn't seem right... and shouldn't
+ * we initgroups, or at least setgroups(0,0)?
+ */
+- setgid(getegid());
+- setuid(i);
++
++/*
++ * PSz 25 Aug 06 Must check the return status of these setgid/setuid calls,
++ * see http://www.bress.net/blog/archives/34-setuid-madness.html
++ */
++ if ( setgid(getegid()) != 0 ) _exit(1);
++ if ( setuid(i) != 0 ) _exit(1);
+
+ #ifndef __linux__
+ /*
+--- linux-ftpd-0.17/ftpd/ftpd.c
++++ linux-ftpd-0.17/ftpd/ftpd.c
+@@ -1159,6 +1159,13 @@
+ }
+ strcpy(pw->pw_dir, "/");
+ setenv("HOME", "/", 1);
++ }
++ /* PSz 25 Aug 06 chdir for real users done after setting UID */
++ if (seteuid((uid_t)pw->pw_uid) < 0) {
++ reply(550, "Can't set uid.");
++ goto bad;
++ }
++ if (guest || dochroot) { /* do nothing, handled above */
+ } else if (chdir(pw->pw_dir) < 0) {
+ if (chdir("/") < 0) {
+ reply(530, "User %s: can't change directory to %s.",
+@@ -1167,10 +1174,7 @@
+ } else
+ lreply(230, "No directory! Logging in with home=/");
+ }
+- if (seteuid((uid_t)pw->pw_uid) < 0) {
+- reply(550, "Can't set uid.");
+- goto bad;
+- }
++
+ sigfillset(&allsigs);
+ sigprocmask(SIG_UNBLOCK,&allsigs,NULL);
+
+@@ -1408,7 +1412,8 @@
+ goto bad;
+ sleep(tries);
+ }
+- (void) seteuid((uid_t)pw->pw_uid);
++/* PSz 25 Aug 06 Check return status */
++ if (seteuid((uid_t)pw->pw_uid) != 0) _exit(1);
+ sigfillset(&allsigs);
+ sigprocmask (SIG_UNBLOCK, &allsigs, NULL);
+
+@@ -1440,7 +1445,8 @@
+ bad:
+ /* Return the real value of errno (close may change it) */
+ t = errno;
+- (void) seteuid((uid_t)pw->pw_uid);
++/* PSz 25 Aug 06 Check return status */
++ if (seteuid((uid_t)pw->pw_uid) != 0) _exit(1);
+ sigfillset (&allsigs);
+ sigprocmask (SIG_UNBLOCK, &allsigs, NULL);
+ (void) close(s);
diff --git a/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-shadowfix.patch b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-shadowfix.patch
new file mode 100644
index 000000000000..79a241ff9c51
--- /dev/null
+++ b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-shadowfix.patch
@@ -0,0 +1,28 @@
+--- linux-ftpd-0.17/ftpd/Makefile
++++ linux-ftpd-0.17-patched/ftpd/Makefile
+@@ -19,7 +19,11 @@
+ all: ftpd
+
+ %.o: %.c
++ ifdef USE_SHADOW
++ $(CC) $(CFLAGS) -DUSE_SHADOW -DHASSETPROCTITLE $< -c
++ else
+ $(CC) $(CFLAGS) -DHASSETPROCTITLE $< -c
++ endif
+
+ ftpcmd.c: %.c: %.y
+ $(YACC) $<
+--- linux-ftpd-0.17/support/Makefile
++++ linux-ftpd-0.17-patched/support/Makefile
+@@ -5,7 +5,11 @@
+ all: libsupport.a
+
+ %.o: %.c
++ ifdef USE_SHADOW
++ $(CC) $(CFLAGS) -DUSE_SHADOW -DHASSETPROCTITLE $< -c
++ else
+ $(CC) $(CFLAGS) -DHASSETPROCTITLE $< -c
++ endif
+
+ libsupport.a: $(OBJS)
+ ar -cruv $@ $^