diff options
author | Sergei Trofimovich <slyfox@gentoo.org> | 2016-06-30 21:20:04 +0100 |
---|---|---|
committer | Sergei Trofimovich <slyfox@gentoo.org> | 2016-06-30 21:20:04 +0100 |
commit | a2c956361dce86ec2c3fed71e0502d12a53b1cfd (patch) | |
tree | 31626687dc86267850809016ea15ac792fdf738e /net-ftp | |
parent | net-ftp/proftpd: ia64, sparc stable, bug #577046 (diff) | |
download | gentoo-a2c956361dce86ec2c3fed71e0502d12a53b1cfd.tar.gz gentoo-a2c956361dce86ec2c3fed71e0502d12a53b1cfd.tar.bz2 gentoo-a2c956361dce86ec2c3fed71e0502d12a53b1cfd.zip |
net-ftp/proftpd: drop old vulnerable versions, bug #577046
Package-Manager: portage-2.3.0
Diffstat (limited to 'net-ftp')
-rw-r--r-- | net-ftp/proftpd/Manifest | 1 | ||||
-rw-r--r-- | net-ftp/proftpd/files/proftpd-1.3.5a-unbound-sftp-p1.patch | 70 | ||||
-rw-r--r-- | net-ftp/proftpd/files/proftpd-1.3.5a-unbound-sftp-p2.patch | 61 | ||||
-rw-r--r-- | net-ftp/proftpd/proftpd-1.3.5a-r2.ebuild | 240 |
4 files changed, 0 insertions, 372 deletions
diff --git a/net-ftp/proftpd/Manifest b/net-ftp/proftpd/Manifest index 11fe9ba3ffc0..008160e707c6 100644 --- a/net-ftp/proftpd/Manifest +++ b/net-ftp/proftpd/Manifest @@ -1,7 +1,6 @@ DIST mod_clamav-0.11rc.tar.gz 5115 SHA256 87630eb1866066d6320ee711897d8998b8f4915c0498b2e78cc0464abd34855a SHA512 6d33ee7b1c9c8e3fb0a0014dde90cfb1d37daa0f4914f147bb800a8318bcf0e03c7c6748d84cda36c5e5c7cd11ee8114bad9978362f581f367db54d3563f4636 WHIRLPOOL b15024d1011a83a10ce52fb676f1f2162d67750dc137600b624cd04ebd498bb3c9242e4889fd7b73c18224eb483286cb543fc627b27e6a8ff4c9bf35468218b9 DIST mod_gss-1.3.3.tar.gz 115098 SHA256 24702cf0333720730cc269eb30529061365b1384fdce274bc3d46ccfc300934e SHA512 61473f3102e2204a27d691907482a3e86108bb423be54ba47a79ef0d2a0313bcdc022529f8e620bd868453bee1b1169fce74cc454d835fdfd4be964e342bdedb WHIRLPOOL 90a15ca919326fa2b2e21fb2928e5ac39b912681bce015f3bff0b0b0c47241f41cc3c78789797ba2d8a61dafc24a9f1d18bf085808350301c228b6ed62721e80 DIST mod_vroot-0.9.3.tar.gz 28352 SHA256 f16c61ed7fe2d7231e1421f8f1a484f29972e0efe0e8e065ab373c388b0c073c SHA512 08a3e5df26bb4d5875b57af9e97e7e7cf27b2ad6983bfae0fac8a21f4a5be0a487cf0d9d03e9e1c08701eb3f22f2cb51a14c05fe1cba5f4085eb8a31d5142776 WHIRLPOOL be30931f117fc4f0b7de87579b483e41d86ad3ecd2999267a726664b32090cd32e6a7e748d66ddec525ee784ee2974212fd2455af313c13b67ab61625efa29d0 -DIST proftpd-1.3.5a.tar.gz 29988477 SHA256 a1f48df8539c414ec56e0cea63dcf4b8e16e606c05f10156f030a4a67fae5696 SHA512 d64de12c100814c5c8a3916b3c9344f5a68c2b85902ffc8e5bb088d8975b5f13a7b9a29f82085b70dc93f4599c0e0f2645977d20998dda11981e66f534ea692c WHIRLPOOL 19b361b0481d5a2eab7fbe40de7bb8c9cd320a2ac04343d2fe858fdc9a62a747f89a5d4a619808bd252f6cfd9f15353df28405eb9bdc10c7c9f0162ab093bc1e DIST proftpd-1.3.5b.tar.gz 29992107 SHA256 afc1789f2478acf88dfdc7d70da90a4fa2786d628218e9574273295d044b4fc8 SHA512 5bdb9718c85c26b92256d7b3791a6a5456bec3826801b7b68f4d493d202ac77179c8378ad06efc1a805efce639db266561d3beb4bc7af61ca1352fb4bdfd4e6a WHIRLPOOL bb1a9fef464d2070c7dc1204cf2a8682e4f2719d682b0b1e541fff11f5c8a4a9a133011a607831fd30548b201531c3534248ed0eb36d0b4708e7b5b75353fc6f DIST proftpd-mod-case-0.7.tar.gz 13184 SHA256 c3f65588250fea7771439933fa754927794f664e99b8d20f99b1e400fea62111 SHA512 c08d13ef82fec36ae75aa3213dd02e0ce4045904849f422e152f039a9da66a45e4423751074b8bcf8ce347a40ce0e7bde798a85cbadc962fd872aeaa898261fc WHIRLPOOL 27f49e9f34099c081add803aa679fd9abe7afa652dffe5d8e42889fef49aeaefd499e1009fc564d6c8f882b3c6dc31d4c6dd08cc06a42b770e7ef76a2ebfcf8a DIST proftpd-mod-diskuse-0.9.tar.gz 18596 SHA256 424f3fd49237245ec176d27ade0965fe21a0db1d645979d5ae3e55497e3da036 SHA512 d41976bf2810e4b783e775e8c767ca2030c3b5df116219fd31cbbac7feaf9922c315bf4ea092881b0d6cf43f2f4c5dbcae61be3c3a833058d12f962a3024b975 WHIRLPOOL aabd1dc23d6c38d308e859ff778beffd0dabfe70d3530c093cf2f95e80b5e9c94b97b6b5ae5109d031f76ff94dffc3822a7aa60fa30df04523d37ebed99730d6 diff --git a/net-ftp/proftpd/files/proftpd-1.3.5a-unbound-sftp-p1.patch b/net-ftp/proftpd/files/proftpd-1.3.5a-unbound-sftp-p1.patch deleted file mode 100644 index 03dd1d82fd6f..000000000000 --- a/net-ftp/proftpd/files/proftpd-1.3.5a-unbound-sftp-p1.patch +++ /dev/null @@ -1,70 +0,0 @@ -commit a24db7f9864240a4ebb236a6615ec649138fef0e -Author: TJ Saunders <tj@castaglia.org> -Date: Sat Nov 28 17:08:03 2015 -0800 - - Bug#4210 - Avoid unbounded SFTP extension key/values. - -diff --git a/contrib/mod_sftp/fxp.c b/contrib/mod_sftp/fxp.c -index 5d9ae17..03c7eb5 100644 ---- a/contrib/mod_sftp/fxp.c -+++ b/contrib/mod_sftp/fxp.c -@@ -241,6 +241,9 @@ struct fxp_extpair { - unsigned char *ext_data; - }; - -+/* Maximum length of SFTP extension name, AND of the extension value. */ -+#define SFTP_EXT_MAX_LEN 1024 -+ - static pool *fxp_pool = NULL; - static int fxp_use_gmt = TRUE; - -@@ -1240,6 +1243,14 @@ static struct fxp_extpair *fxp_msg_read_extpair(pool *p, unsigned char **buf, - SFTP_DISCONNECT_CONN(SFTP_SSH2_DISCONNECT_BY_APPLICATION, NULL); - } - -+ if (namelen > SFTP_EXT_MAX_LEN) { -+ (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION, -+ "received too-long SFTP extension name (%lu > max %lu), ignoring", -+ (unsigned long) namelen, (unsigned long) SFTP_EXT_MAX_LEN); -+ errno = EINVAL; -+ return NULL; -+ } -+ - name = palloc(p, namelen + 1); - memcpy(name, *buf, namelen); - (*buf) += namelen; -@@ -1248,6 +1259,14 @@ static struct fxp_extpair *fxp_msg_read_extpair(pool *p, unsigned char **buf, - - datalen = sftp_msg_read_int(p, buf, buflen); - if (datalen > 0) { -+ if (datalen > SFTP_EXT_MAX_LEN) { -+ (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION, -+ "received too-long SFTP extension '%s' data (%lu > max %lu), ignoring", -+ name, (unsigned long) datalen, (unsigned long) SFTP_EXT_MAX_LEN); -+ errno = EINVAL; -+ return NULL; -+ } -+ - data = sftp_msg_read_data(p, buf, buflen, datalen); - - } else { -@@ -2210,11 +2229,13 @@ static struct stat *fxp_attrs_read(struct fxp_packet *fxp, unsigned char **buf, - struct fxp_extpair *ext; - - ext = fxp_msg_read_extpair(fxp->pool, buf, buflen); -- pr_trace_msg(trace_channel, 15, -- "protocol version %lu: read EXTENDED attribute: " -- "extension '%s' (%lu bytes of data)", -- (unsigned long) fxp_session->client_version, ext->ext_name, -- (unsigned long) ext->ext_datalen); -+ if (ext != NULL) { -+ pr_trace_msg(trace_channel, 15, -+ "protocol version %lu: read EXTENDED attribute: " -+ "extension '%s' (%lu bytes of data)", -+ (unsigned long) fxp_session->client_version, ext->ext_name, -+ (unsigned long) ext->ext_datalen); -+ } - } - } - - diff --git a/net-ftp/proftpd/files/proftpd-1.3.5a-unbound-sftp-p2.patch b/net-ftp/proftpd/files/proftpd-1.3.5a-unbound-sftp-p2.patch deleted file mode 100644 index c7d0a02639a3..000000000000 --- a/net-ftp/proftpd/files/proftpd-1.3.5a-unbound-sftp-p2.patch +++ /dev/null @@ -1,61 +0,0 @@ -commit f30ac3cc1a58ec7522de6aeeaa09314a45dbc690 -Author: TJ Saunders <tj@castaglia.org> -Date: Sat Nov 28 17:13:55 2015 -0800 - - Correct the parameters to talk of "extended attributes", not SFTP extensions. - -diff --git a/contrib/mod_sftp/fxp.c b/contrib/mod_sftp/fxp.c -index 03c7eb5..e7161d5 100644 ---- a/contrib/mod_sftp/fxp.c -+++ b/contrib/mod_sftp/fxp.c -@@ -235,15 +235,18 @@ static size_t fxp_packet_data_allocsz = 0; - #define FXP_PACKET_DATA_DEFAULT_SZ (1024 * 16) - #define FXP_RESPONSE_DATA_DEFAULT_SZ 512 - -+#define FXP_MAX_PACKET_LEN (1024 * 512) -+#define FXP_MAX_EXTENDED_ATTRIBUTES 100 -+ -+/* Maximum length of SFTP extended attribute name OR value. */ -+#define FXP_MAX_EXTENDED_ATTR_LEN 1024 -+ - struct fxp_extpair { - char *ext_name; - uint32_t ext_datalen; - unsigned char *ext_data; - }; - --/* Maximum length of SFTP extension name, AND of the extension value. */ --#define SFTP_EXT_MAX_LEN 1024 -- - static pool *fxp_pool = NULL; - static int fxp_use_gmt = TRUE; - -@@ -1243,10 +1246,10 @@ static struct fxp_extpair *fxp_msg_read_extpair(pool *p, unsigned char **buf, - SFTP_DISCONNECT_CONN(SFTP_SSH2_DISCONNECT_BY_APPLICATION, NULL); - } - -- if (namelen > SFTP_EXT_MAX_LEN) { -+ if (namelen > FXP_MAX_EXTENDED_ATTR_LEN) { - (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION, -- "received too-long SFTP extension name (%lu > max %lu), ignoring", -- (unsigned long) namelen, (unsigned long) SFTP_EXT_MAX_LEN); -+ "received too-long extended attribute name (%lu > max %lu), ignoring", -+ (unsigned long) namelen, (unsigned long) FXP_MAX_EXTENDED_ATTR_LEN); - errno = EINVAL; - return NULL; - } -@@ -1259,10 +1262,11 @@ static struct fxp_extpair *fxp_msg_read_extpair(pool *p, unsigned char **buf, - - datalen = sftp_msg_read_int(p, buf, buflen); - if (datalen > 0) { -- if (datalen > SFTP_EXT_MAX_LEN) { -+ if (datalen > FXP_MAX_EXTENDED_ATTR_LEN) { - (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION, -- "received too-long SFTP extension '%s' data (%lu > max %lu), ignoring", -- name, (unsigned long) datalen, (unsigned long) SFTP_EXT_MAX_LEN); -+ "received too-long extended attribute '%s' value (%lu > max %lu), " -+ "ignoring", name, (unsigned long) datalen, -+ (unsigned long) FXP_MAX_EXTENDED_ATTR_LEN); - errno = EINVAL; - return NULL; - } diff --git a/net-ftp/proftpd/proftpd-1.3.5a-r2.ebuild b/net-ftp/proftpd/proftpd-1.3.5a-r2.ebuild deleted file mode 100644 index beab3f91ccbd..000000000000 --- a/net-ftp/proftpd/proftpd-1.3.5a-r2.ebuild +++ /dev/null @@ -1,240 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=5 -inherit eutils multilib systemd - -MOD_CASE="0.7" -MOD_CLAMAV="0.11rc" -MOD_DISKUSE="0.9" -MOD_GSS="1.3.3" -MOD_MSG="0.4.1" -MOD_VROOT="0.9.3" - -DESCRIPTION="An advanced and very configurable FTP server" -HOMEPAGE="http://www.proftpd.org/ - http://www.castaglia.org/proftpd/ - http://www.thrallingpenguin.com/resources/mod_clamav.htm - http://gssmod.sourceforge.net/" -SRC_URI="ftp://ftp.proftpd.org/distrib/source/${P/_/}.tar.gz - case? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-case-${MOD_CASE}.tar.gz ) - clamav? ( https://secure.thrallingpenguin.com/redmine/attachments/download/1/mod_clamav-${MOD_CLAMAV}.tar.gz ) - diskuse? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-diskuse-${MOD_DISKUSE}.tar.gz ) - kerberos? ( mirror://sourceforge/gssmod/mod_gss-${MOD_GSS}.tar.gz ) - msg? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-msg-${MOD_MSG}.tar.gz ) - vroot? ( https://github.com/Castaglia/${PN}-mod_vroot/archive/mod_vroot-${MOD_VROOT}.tar.gz )" -LICENSE="GPL-2" - -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 sparc x86 ~x86-fbsd" -IUSE="acl authfile ban +caps case clamav copy ctrls deflate diskuse doc dso dynmasq exec ifsession ifversion ident ipv6 - kerberos ldap libressl linguas_bg_BG linguas_en_US linguas_fr_FR linguas_it_IT linguas_ja_JP linguas_ko_KR - linguas_ru_RU linguas_zh_CN linguas_zh_TW log_forensic memcache msg mysql ncurses nls pam +pcre postgres qos radius - ratio readme rewrite selinux sftp shaper sitemisc snmp softquota sqlite ssl tcpd test trace unique_id vroot xinetd" -# TODO: geoip -REQUIRED_USE="ban? ( ctrls ) - msg? ( ctrls ) - sftp? ( ssl ) - shaper? ( ctrls )" - -CDEPEND="acl? ( virtual/acl ) - caps? ( sys-libs/libcap ) - clamav? ( app-antivirus/clamav ) - kerberos? ( virtual/krb5 ) - ldap? ( net-nds/openldap ) - memcache? ( >=dev-libs/libmemcached-0.41 ) - mysql? ( virtual/mysql ) - nls? ( virtual/libiconv ) - ncurses? ( sys-libs/ncurses:0= ) - ssl? ( - !libressl? ( dev-libs/openssl:0= ) - libressl? ( dev-libs/libressl:= ) - ) - pam? ( virtual/pam ) - pcre? ( dev-libs/libpcre ) - postgres? ( dev-db/postgresql:= ) - sqlite? ( dev-db/sqlite:3 ) - xinetd? ( virtual/inetd )" -DEPEND="${CDEPEND} - test? ( dev-libs/check )" -RDEPEND="${CDEPEND} - net-ftp/ftpbase - selinux? ( sec-policy/selinux-ftp )" - -S="${WORKDIR}/${P/_/}" - -__prepare_module() { - local mod_name=$1 - local mod_topdir=${WORKDIR}/${2:-${mod_name}} - - mv "${mod_topdir}/${mod_name}.c" contrib || die - mv "${mod_topdir}/${mod_name}.html" doc/contrib || die - rm -r "${mod_topdir}" || die -} - -src_prepare() { - epatch -p1 "${FILESDIR}"/${P}-unbound-sftp-{p1,p2}.patch - - # Skip 'install-conf' / Support LINGUAS - sed -i -e "/install-all/s/ install-conf//" Makefile.in - sed -i -e "s/^LANGS=.*$/LANGS=${LINGUAS}/" locale/Makefile.in - - # Prepare external modules - use case && __prepare_module mod_case - if use clamav ; then - mv "${WORKDIR}"/mod_clamav-${MOD_CLAMAV}/mod_clamav.{c,h} contrib - epatch "${WORKDIR}"/mod_clamav-${MOD_CLAMAV}/${PN}.patch - rm -r "${WORKDIR}"/mod_clamav-${MOD_CLAMAV} - fi - use msg && __prepare_module mod_msg - use vroot && __prepare_module mod_vroot ${PN}-mod_vroot-mod_vroot-${MOD_VROOT} - - # Prepare external kerberos module - if use kerberos ; then - cd "${WORKDIR}"/mod_gss-${MOD_GSS} - - # Support app-crypt/heimdal / Gentoo Bug #284853 - sed -i -e "s/krb5_principal2principalname/_\0/" mod_auth_gss.c.in - - # Remove obsolete DES / Gentoo Bug #324903 - # Replace 'rpm' lookups / Gentoo Bug #391021 - sed -i -e "/ac_gss_libs/s/ -ldes425//" \ - -e "s/ac_libdir=\`rpm -q -l.*$/ac_libdir=\/usr\/$(get_libdir)\//" \ - -e "s/ac_includedir=\`rpm -q -l.*$/ac_includedir=\/usr\/include\//" configure{,.in} - fi -} - -src_configure() { - local c m - - use acl && m="${m}:mod_facl" - use ban && m="${m}:mod_ban" - use case && m="${m}:mod_case" - use clamav && m="${m}:mod_clamav" - use copy && m="${m}:mod_copy" - use ctrls && m="${m}:mod_ctrls_admin" - use deflate && m="${m}:mod_deflate" - if use diskuse ; then - cd "${WORKDIR}"/mod_diskuse - econf - mv mod_diskuse.{c,h} "${S}"/contrib - mv mod_diskuse.html "${S}"/doc/contrib - cd "${S}" - rm -r "${WORKDIR}"/mod_diskuse - m="${m}:mod_diskuse" - fi - use dynmasq && m="${m}:mod_dynmasq" - use exec && m="${m}:mod_exec" - use ifsession && m="${m}:mod_ifsession" - use ifversion && m="${m}:mod_ifversion" - if use kerberos ; then - cd "${WORKDIR}"/mod_gss-${MOD_GSS} - if has_version app-crypt/mit-krb5 ; then - econf --enable-mit - else - econf --enable-heimdal - fi - mv mod_{auth_gss,gss}.c "${S}"/contrib - mv mod_gss.h "${S}"/include - mv README.mod_{auth_gss,gss} "${S}" - mv mod_gss.html "${S}"/doc/contrib - mv rfc{1509,2228}.txt "${S}"/doc/rfc - cd "${S}" - rm -r "${WORKDIR}"/mod_gss-${MOD_GSS} - m="${m}:mod_gss:mod_auth_gss" - fi - use ldap && m="${m}:mod_ldap" - use log_forensic && m="${m}:mod_log_forensic" - use msg && m="${m}:mod_msg" - if use mysql || use postgres || use sqlite ; then - m="${m}:mod_sql:mod_sql_passwd" - use mysql && m="${m}:mod_sql_mysql" - use postgres && m="${m}:mod_sql_postgres" - use sqlite && m="${m}:mod_sql_sqlite" - fi - use qos && m="${m}:mod_qos" - use radius && m="${m}:mod_radius" - use ratio && m="${m}:mod_ratio" - use readme && m="${m}:mod_readme" - use rewrite && m="${m}:mod_rewrite" - if use sftp ; then - m="${m}:mod_sftp" - use pam && m="${m}:mod_sftp_pam" - use mysql || use postgres || use sqlite && m="${m}:mod_sftp_sql" - fi - use shaper && m="${m}:mod_shaper" - use sitemisc && m="${m}:mod_site_misc" - use snmp && m="${m}:mod_snmp" - if use softquota ; then - m="${m}:mod_quotatab:mod_quotatab_file" - use ldap && m="${m}:mod_quotatab_ldap" - use radius && m="${m}:mod_quotatab_radius" - use mysql || use postgres || use sqlite && m="${m}:mod_quotatab_sql" - fi - if use ssl ; then - m="${m}:mod_tls:mod_tls_shmcache" - use memcache && m="${m}:mod_tls_memcache" - fi - if use tcpd ; then - m="${m}:mod_wrap2:mod_wrap2_file" - use mysql || use postgres || use sqlite && m="${m}:mod_wrap2_sql" - fi - use unique_id && m="${m}:mod_unique_id" - use vroot && m="${m}:mod_vroot" - - if [[ -n ${PROFTP_CUSTOM_MODULES} ]]; then - einfo "Adding user-specified extra modules: '${PROFTP_CUSTOM_MODULES}'" - m="${m}:${PROFTP_CUSTOM_MODULES}" - fi - - [[ -z ${m} ]] || c="${c} --with-modules=${m:1}" - econf --localstatedir=/var/run/proftpd --sysconfdir=/etc/proftpd --disable-strip \ - $(use_enable acl facl) \ - $(use_enable authfile auth-file) \ - $(use_enable caps cap) \ - $(use_enable ctrls) \ - $(use_enable dso) \ - $(use_enable ident) \ - $(use_enable ipv6) \ - $(use_enable memcache) \ - $(use_enable ncurses) \ - $(use_enable nls) \ - $(use_enable ssl openssl) \ - $(use_enable pam auth-pam) \ - $(use_enable pcre) \ - $(use_enable test tests) \ - $(use_enable trace) \ - $(use_enable userland_GNU shadow) \ - $(use_enable userland_GNU autoshadow) \ - ${c:1} -} - -src_test() { - emake api-tests -C tests -} - -src_install() { - default - [[ -z ${LINGUAS} ]] && rm -r "${ED}"/usr/share/locale - rm -rf "${ED}"/var/run - - newinitd "${FILESDIR}"/proftpd.initd proftpd - insinto /etc/proftpd - doins "${FILESDIR}"/proftpd.conf.sample - - if use xinetd ; then - insinto /etc/xinetd.d - newins "${FILESDIR}"/proftpd.xinetd proftpd - fi - - dodoc ChangeLog CREDITS INSTALL NEWS README* RELEASE_NOTES - if use doc ; then - dohtml doc/*.html doc/contrib/*.html doc/howto/*.html doc/modules/*.html - docinto rfc - dodoc doc/rfc/*.txt - fi - - systemd_dounit "${FILESDIR}"/${PN}.service - systemd_newtmpfilesd "${FILESDIR}"/${PN}-tmpfiles.d.conf ${PN}.conf -} |