diff options
author | Mike Frysinger <vapier@gentoo.org> | 2008-10-26 05:44:14 +0000 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2008-10-26 05:44:14 +0000 |
commit | 57025999675b59a3762ed5c784e12f12f6063455 (patch) | |
tree | b846afd0dea463546f2616546280b6dd507efa77 | |
parent | Do not force building with -O3. (diff) | |
download | historical-57025999675b59a3762ed5c784e12f12f6063455.tar.gz historical-57025999675b59a3762ed5c784e12f12f6063455.tar.bz2 historical-57025999675b59a3762ed5c784e12f12f6063455.zip |
Add fix for CVE-2008-4247 #239047.
Package-Manager: portage-2.2_rc12/cvs/Linux 2.6.26.2 x86_64
-rw-r--r-- | net-ftp/netkit-ftpd/ChangeLog | 8 | ||||
-rw-r--r-- | net-ftp/netkit-ftpd/Manifest | 14 | ||||
-rw-r--r-- | net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-CVE-2008-4247.patch | 108 | ||||
-rw-r--r-- | net-ftp/netkit-ftpd/netkit-ftpd-0.17-r8.ebuild | 59 |
4 files changed, 187 insertions, 2 deletions
diff --git a/net-ftp/netkit-ftpd/ChangeLog b/net-ftp/netkit-ftpd/ChangeLog index 6133131be3e6..7c5d92493183 100644 --- a/net-ftp/netkit-ftpd/ChangeLog +++ b/net-ftp/netkit-ftpd/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for net-ftp/netkit-ftpd # Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-ftp/netkit-ftpd/ChangeLog,v 1.18 2008/05/11 19:10:29 solar Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-ftp/netkit-ftpd/ChangeLog,v 1.19 2008/10/26 05:44:14 vapier Exp $ + +*netkit-ftpd-0.17-r8 (26 Oct 2008) + + 26 Oct 2008; Mike Frysinger <vapier@gentoo.org> + +files/netkit-ftpd-0.17-CVE-2008-4247.patch, +netkit-ftpd-0.17-r8.ebuild: + Add fix for CVE-2008-4247 #239047. 11 May 2008; <solar@gentoo.org> +files/netkit-ftpd-0.17-cross.patch, netkit-ftpd-0.17-r7.ebuild: diff --git a/net-ftp/netkit-ftpd/Manifest b/net-ftp/netkit-ftpd/Manifest index aa03325f90fb..91cee1676e5d 100644 --- a/net-ftp/netkit-ftpd/Manifest +++ b/net-ftp/netkit-ftpd/Manifest @@ -1,4 +1,8 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + AUX ftp.xinetd 318 RMD160 fbb913e2ec08c7cbd08b1a520ca8893c21919cf3 SHA1 90b9af1d19230098a45d2995d5271d5343be0a16 SHA256 e55e99f3b978648f9e126f31caae7b7ab870e310dd29dc2120723bae9addd24f +AUX netkit-ftpd-0.17-CVE-2008-4247.patch 2909 RMD160 5c08da76eadd1c4e4c72ad48eb14c73cbcbfcb34 SHA1 f0b17858619cf72d9b26f8a4ac0910dc8978d928 SHA256 fa585fd8499a8670015f35cc31f2b15ca2781ae9635a1eb4c1541eb18c9bdd4d AUX netkit-ftpd-0.17-build.patch 862 RMD160 601b57beddbc66386173721c4777084121c3f761 SHA1 49b3d2ebf5ee837a72c02757e7a08d1b9fd3490f SHA256 2dabb6d6df74c15a1f97ea6fa90ed9ed7f437c5ebeb26f6ba4183362119b769c AUX netkit-ftpd-0.17-cleanup-ssl.patch 279 RMD160 3bfb7342b300749b2754828ad994043c45dce3f9 SHA1 d31f8108a5e0c311ad85b95dea4571e5782e032e SHA256 110d1de5c37f29de6e9e753114d97c03742793481f1f377fd91a7b4dc5483076 AUX netkit-ftpd-0.17-cleanup.patch 186 RMD160 4e9690b7d03cd49783bc8f2f1ca0c021eddce117 SHA1 476bbf54d6bb1a1abb373813a745dea10ada38ba SHA256 5eb8134a8be569f1fc448bb781193f1820bddd36e735b1d164de2dfd4071a12f @@ -10,5 +14,13 @@ AUX netkit-ftpd-0.17-shadowfix.patch 587 RMD160 118077a510b651086547693e0da7bf14 DIST linux-ftpd-0.17-ssl.patch 36459 RMD160 5a0d7301f69b4c1714f36419f98134f9aa0ce874 SHA1 a684c075dbc7603b40704713350c1bb95d98a4c5 SHA256 0082ee6a71fdd83f61e63166f7bbba97c204cdc67f9e1bf10f2df31590fba780 DIST linux-ftpd-0.17.tar.gz 46763 RMD160 869e410d8f063c764c04f1d3b41b625a9d679d22 SHA1 b348e2c9561d746a42b7a24ba8730a3adc203dfb SHA256 65a0b249e38bf3c3a16dbd4d3edd2657683ca8f47b307e92007f378b21d2fa65 EBUILD netkit-ftpd-0.17-r7.ebuild 1693 RMD160 661727f3f658b700cedce79051324d5b9ffaee66 SHA1 95581e8a2a6a7055eebc7a3c17476f6c55026c3a SHA256 8a69da99d7afc4046306b3009df181e1eedff1786b347eb7a684880019e24e08 -MISC ChangeLog 7073 RMD160 ec9dec5aaaad783f16bd4b6e17763fcab7b44994 SHA1 f8daaaf664154b7ff341a20e5a9072d39ec85454 SHA256 afdfd3183be51aab6829990c931e137d41146b42115461f726ee62eb9995e2f1 +EBUILD netkit-ftpd-0.17-r8.ebuild 1757 RMD160 8d27bc78fc8f1d32ef7114c3ef38c030478fad34 SHA1 f7bf01bd107cb4878db502f2603ffc50c8e89276 SHA256 aa2df634f5e738c96f08fac90ebf954cbe6ac5e438269a5bcac09077355ee827 +MISC ChangeLog 7274 RMD160 55d46609ac00f873310b78af459aa2e8b6759ce1 SHA1 d62af10b5516db57ebae033623ec00bb3381c797 SHA256 034e39ad6678bc77733cc666f90cbac17dba07218524566c2700a766e4b3040c MISC metadata.xml 165 RMD160 1c3eeab5c3fc7c211e19ce70d30db054b3448591 SHA1 e5bc9fac08f72762fdc827e1b520ed403667be37 SHA256 0879c713d0d1ea2f39c1088bf4717b1328b4ab06d6f5dd6968c5559750422ae6 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.9 (GNU/Linux) + +iEYEARECAAYFAkkEA7cACgkQ67wieSYcaxcnOQCgviz906OoTEDfzqlrHSzVG+jN +aeUAmgINhGtjsMEFvU3z1/gnDDn6+pzV +=nql3 +-----END PGP SIGNATURE----- diff --git a/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-CVE-2008-4247.patch b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-CVE-2008-4247.patch new file mode 100644 index 000000000000..e1b50c825bfc --- /dev/null +++ b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-CVE-2008-4247.patch @@ -0,0 +1,108 @@ +http://bugs.gentoo.org/239047 + +--- linux-ftpd-0.17/ftpd/extern.h ++++ linux-ftpd-0.17/ftpd/extern.h +@@ -43,7 +43,7 @@ void dologout __P((int)); + void fatal __P((const char *)); + int ftpd_pclose __P((FILE *)); + FILE *ftpd_popen __P((char *, const char *)); +-char *ftpd_getline __P((char *, int, FILE *)); ++int ftpd_getline __P((char *, int, FILE *)); + void ftpdlogwtmp __P((const char *, const char *, const char *)); + void lreply __P((int, const char *, ...)); + void makedir __P((char *)); +--- linux-ftpd-0.17/ftpd/ftpcmd.y ++++ linux-ftpd-0.17/ftpd/ftpcmd.y +@@ -980,7 +980,7 @@ static struct tab *lookup(struct tab *p, + /* + * getline - a hacked up version of fgets to ignore TELNET escape codes. + */ +-char * ftpd_getline(char *s, int n, FILE *iop) ++int ftpd_getline(char *s, int n, FILE *iop) + { + int c; + register char *cs; +@@ -995,7 +995,7 @@ char * ftpd_getline(char *s, int n, FILE + if (debug) + syslog(LOG_DEBUG, "command: %s", s); + tmpline[0] = '\0'; +- return(s); ++ return(0); + } + if (c == 0) + tmpline[0] = '\0'; +@@ -1037,11 +1037,22 @@ char * ftpd_getline(char *s, int n, FILE + } + } + *cs++ = c; +- if (--n <= 0 || c == '\n') ++ if (--n <= 0) { ++ /* ++ * If command doesn't fit into buffer, discard the ++ * rest of the command and indicate truncation. ++ * This prevents the command to be split up into ++ * multiple commands. ++ */ ++ while (c != '\n' && (c = getc(iop)) != EOF) ++ ; ++ return (-2); ++ } ++ if (c == '\n') + break; + } + if (c == EOF && cs == s) +- return (NULL); ++ return (-1); + *cs++ = '\0'; + if (debug) { + if (!guest && strncasecmp("pass ", s, 5) == 0) { +@@ -1061,7 +1072,7 @@ char * ftpd_getline(char *s, int n, FILE + syslog(LOG_DEBUG, "command: %.*s", len, s); + } + } +- return (s); ++ return (0); + } + + void toolong(int signo) +@@ -1090,9 +1101,14 @@ static int yylex(void) + case CMD: + (void) signal(SIGALRM, toolong); + (void) alarm((unsigned) timeout); +- if (ftpd_getline(cbuf, sizeof(cbuf)-1, stdin)==NULL) { ++ n = ftpd_getline(cbuf, sizeof(cbuf)-1, stdin); ++ if (n == -1) { + reply(221, "You could at least say goodbye."); + dologout(0); ++ } else if (n == -2) { ++ reply(500, "Command too long."); ++ alarm(0); ++ continue; + } + (void) alarm(0); + if ((cp = strchr(cbuf, '\r'))) { +--- linux-ftpd-0.17/ftpd/ftpd.c ++++ linux-ftpd-0.17/ftpd/ftpd.c +@@ -2210,6 +2210,7 @@ void dologout(int status) + static void myoob(int signo) + { + char *cp; ++ int ret; + int save_errno = errno; + + (void)signo; +@@ -2218,9 +2219,13 @@ static void myoob(int signo) + if (!transflag) + return; + cp = tmpline; +- if (ftpd_getline(cp, 7, stdin) == NULL) { ++ ret = ftpd_getline(cp, 7, stdin); ++ if (ret == -1) { + reply(221, "You could at least say goodbye."); + dologout(0); ++ } else if (ret == -2) { ++ /* Ignore truncated command */ ++ return; + } + upper(cp); + if (strcmp(cp, "ABOR\r\n") == 0) { diff --git a/net-ftp/netkit-ftpd/netkit-ftpd-0.17-r8.ebuild b/net-ftp/netkit-ftpd/netkit-ftpd-0.17-r8.ebuild new file mode 100644 index 000000000000..0e03e22c494f --- /dev/null +++ b/net-ftp/netkit-ftpd/netkit-ftpd-0.17-r8.ebuild @@ -0,0 +1,59 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-ftp/netkit-ftpd/netkit-ftpd-0.17-r8.ebuild,v 1.1 2008/10/26 05:44:14 vapier Exp $ + +inherit eutils ssl-cert toolchain-funcs + +MY_P="linux-ftpd-${PV}" +DESCRIPTION="The netkit FTP server with optional SSL support" +HOMEPAGE="http://www.hcs.harvard.edu/~dholland/computers/netkit.html" +SRC_URI="ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/${MY_P}.tar.gz + mirror://gentoo/${MY_P}-ssl.patch" + +LICENSE="as-is" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="ssl" + +DEPEND="ssl? ( dev-libs/openssl )" +RDEPEND="${DEPEND} + virtual/inetd" + +S=${WORKDIR}/${MY_P} + +src_unpack() { + unpack ${MY_P}.tar.gz + cd "${S}" + use ssl && epatch "${DISTDIR}"/${MY_P}-ssl.patch "${FILESDIR}"/${P}-cleanup-ssl.patch + epatch "${FILESDIR}"/${P}-cleanup.patch + epatch "${FILESDIR}"/${P}-build.patch + epatch "${FILESDIR}"/${P}-shadowfix.patch + epatch "${FILESDIR}"/${P}-gcc41.patch + epatch "${FILESDIR}"/${P}-setguid.patch + epatch "${FILESDIR}"/${P}-cross.patch + epatch "${FILESDIR}"/${P}-CVE-2008-4247.patch #239047 + use ssl && epatch "${FILESDIR}"/${P}-fclose-CVE-2007-6263.patch #199206 +} + +src_compile() { + tc-export CC + ./configure --prefix=/usr || die "configure failed" + emake || die "parallel make failed" +} + +src_install() { + dobin ftpd/ftpd || die + doman ftpd/ftpd.8 + dodoc README ChangeLog + insinto /etc/xinetd.d + newins "${FILESDIR}"/ftp.xinetd ftp +} + +pkg_postinst() { + if use ssl ; then + install_cert /etc/ssl/certs/ftpd + elog "In order to start the server with SSL support" + elog "You need a certificate /etc/ssl/certs/ftpd.pem." + elog "A temporary certificiate has been created." + fi +} |