summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2008-10-26 05:44:14 +0000
committerMike Frysinger <vapier@gentoo.org>2008-10-26 05:44:14 +0000
commit57025999675b59a3762ed5c784e12f12f6063455 (patch)
treeb846afd0dea463546f2616546280b6dd507efa77
parentDo not force building with -O3. (diff)
downloadhistorical-57025999675b59a3762ed5c784e12f12f6063455.tar.gz
historical-57025999675b59a3762ed5c784e12f12f6063455.tar.bz2
historical-57025999675b59a3762ed5c784e12f12f6063455.zip
Add fix for CVE-2008-4247 #239047.
Package-Manager: portage-2.2_rc12/cvs/Linux 2.6.26.2 x86_64
-rw-r--r--net-ftp/netkit-ftpd/ChangeLog8
-rw-r--r--net-ftp/netkit-ftpd/Manifest14
-rw-r--r--net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-CVE-2008-4247.patch108
-rw-r--r--net-ftp/netkit-ftpd/netkit-ftpd-0.17-r8.ebuild59
4 files changed, 187 insertions, 2 deletions
diff --git a/net-ftp/netkit-ftpd/ChangeLog b/net-ftp/netkit-ftpd/ChangeLog
index 6133131be3e6..7c5d92493183 100644
--- a/net-ftp/netkit-ftpd/ChangeLog
+++ b/net-ftp/netkit-ftpd/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for net-ftp/netkit-ftpd
# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-ftp/netkit-ftpd/ChangeLog,v 1.18 2008/05/11 19:10:29 solar Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/netkit-ftpd/ChangeLog,v 1.19 2008/10/26 05:44:14 vapier Exp $
+
+*netkit-ftpd-0.17-r8 (26 Oct 2008)
+
+ 26 Oct 2008; Mike Frysinger <vapier@gentoo.org>
+ +files/netkit-ftpd-0.17-CVE-2008-4247.patch, +netkit-ftpd-0.17-r8.ebuild:
+ Add fix for CVE-2008-4247 #239047.
11 May 2008; <solar@gentoo.org> +files/netkit-ftpd-0.17-cross.patch,
netkit-ftpd-0.17-r7.ebuild:
diff --git a/net-ftp/netkit-ftpd/Manifest b/net-ftp/netkit-ftpd/Manifest
index aa03325f90fb..91cee1676e5d 100644
--- a/net-ftp/netkit-ftpd/Manifest
+++ b/net-ftp/netkit-ftpd/Manifest
@@ -1,4 +1,8 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
AUX ftp.xinetd 318 RMD160 fbb913e2ec08c7cbd08b1a520ca8893c21919cf3 SHA1 90b9af1d19230098a45d2995d5271d5343be0a16 SHA256 e55e99f3b978648f9e126f31caae7b7ab870e310dd29dc2120723bae9addd24f
+AUX netkit-ftpd-0.17-CVE-2008-4247.patch 2909 RMD160 5c08da76eadd1c4e4c72ad48eb14c73cbcbfcb34 SHA1 f0b17858619cf72d9b26f8a4ac0910dc8978d928 SHA256 fa585fd8499a8670015f35cc31f2b15ca2781ae9635a1eb4c1541eb18c9bdd4d
AUX netkit-ftpd-0.17-build.patch 862 RMD160 601b57beddbc66386173721c4777084121c3f761 SHA1 49b3d2ebf5ee837a72c02757e7a08d1b9fd3490f SHA256 2dabb6d6df74c15a1f97ea6fa90ed9ed7f437c5ebeb26f6ba4183362119b769c
AUX netkit-ftpd-0.17-cleanup-ssl.patch 279 RMD160 3bfb7342b300749b2754828ad994043c45dce3f9 SHA1 d31f8108a5e0c311ad85b95dea4571e5782e032e SHA256 110d1de5c37f29de6e9e753114d97c03742793481f1f377fd91a7b4dc5483076
AUX netkit-ftpd-0.17-cleanup.patch 186 RMD160 4e9690b7d03cd49783bc8f2f1ca0c021eddce117 SHA1 476bbf54d6bb1a1abb373813a745dea10ada38ba SHA256 5eb8134a8be569f1fc448bb781193f1820bddd36e735b1d164de2dfd4071a12f
@@ -10,5 +14,13 @@ AUX netkit-ftpd-0.17-shadowfix.patch 587 RMD160 118077a510b651086547693e0da7bf14
DIST linux-ftpd-0.17-ssl.patch 36459 RMD160 5a0d7301f69b4c1714f36419f98134f9aa0ce874 SHA1 a684c075dbc7603b40704713350c1bb95d98a4c5 SHA256 0082ee6a71fdd83f61e63166f7bbba97c204cdc67f9e1bf10f2df31590fba780
DIST linux-ftpd-0.17.tar.gz 46763 RMD160 869e410d8f063c764c04f1d3b41b625a9d679d22 SHA1 b348e2c9561d746a42b7a24ba8730a3adc203dfb SHA256 65a0b249e38bf3c3a16dbd4d3edd2657683ca8f47b307e92007f378b21d2fa65
EBUILD netkit-ftpd-0.17-r7.ebuild 1693 RMD160 661727f3f658b700cedce79051324d5b9ffaee66 SHA1 95581e8a2a6a7055eebc7a3c17476f6c55026c3a SHA256 8a69da99d7afc4046306b3009df181e1eedff1786b347eb7a684880019e24e08
-MISC ChangeLog 7073 RMD160 ec9dec5aaaad783f16bd4b6e17763fcab7b44994 SHA1 f8daaaf664154b7ff341a20e5a9072d39ec85454 SHA256 afdfd3183be51aab6829990c931e137d41146b42115461f726ee62eb9995e2f1
+EBUILD netkit-ftpd-0.17-r8.ebuild 1757 RMD160 8d27bc78fc8f1d32ef7114c3ef38c030478fad34 SHA1 f7bf01bd107cb4878db502f2603ffc50c8e89276 SHA256 aa2df634f5e738c96f08fac90ebf954cbe6ac5e438269a5bcac09077355ee827
+MISC ChangeLog 7274 RMD160 55d46609ac00f873310b78af459aa2e8b6759ce1 SHA1 d62af10b5516db57ebae033623ec00bb3381c797 SHA256 034e39ad6678bc77733cc666f90cbac17dba07218524566c2700a766e4b3040c
MISC metadata.xml 165 RMD160 1c3eeab5c3fc7c211e19ce70d30db054b3448591 SHA1 e5bc9fac08f72762fdc827e1b520ed403667be37 SHA256 0879c713d0d1ea2f39c1088bf4717b1328b4ab06d6f5dd6968c5559750422ae6
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.9 (GNU/Linux)
+
+iEYEARECAAYFAkkEA7cACgkQ67wieSYcaxcnOQCgviz906OoTEDfzqlrHSzVG+jN
+aeUAmgINhGtjsMEFvU3z1/gnDDn6+pzV
+=nql3
+-----END PGP SIGNATURE-----
diff --git a/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-CVE-2008-4247.patch b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-CVE-2008-4247.patch
new file mode 100644
index 000000000000..e1b50c825bfc
--- /dev/null
+++ b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-CVE-2008-4247.patch
@@ -0,0 +1,108 @@
+http://bugs.gentoo.org/239047
+
+--- linux-ftpd-0.17/ftpd/extern.h
++++ linux-ftpd-0.17/ftpd/extern.h
+@@ -43,7 +43,7 @@ void dologout __P((int));
+ void fatal __P((const char *));
+ int ftpd_pclose __P((FILE *));
+ FILE *ftpd_popen __P((char *, const char *));
+-char *ftpd_getline __P((char *, int, FILE *));
++int ftpd_getline __P((char *, int, FILE *));
+ void ftpdlogwtmp __P((const char *, const char *, const char *));
+ void lreply __P((int, const char *, ...));
+ void makedir __P((char *));
+--- linux-ftpd-0.17/ftpd/ftpcmd.y
++++ linux-ftpd-0.17/ftpd/ftpcmd.y
+@@ -980,7 +980,7 @@ static struct tab *lookup(struct tab *p,
+ /*
+ * getline - a hacked up version of fgets to ignore TELNET escape codes.
+ */
+-char * ftpd_getline(char *s, int n, FILE *iop)
++int ftpd_getline(char *s, int n, FILE *iop)
+ {
+ int c;
+ register char *cs;
+@@ -995,7 +995,7 @@ char * ftpd_getline(char *s, int n, FILE
+ if (debug)
+ syslog(LOG_DEBUG, "command: %s", s);
+ tmpline[0] = '\0';
+- return(s);
++ return(0);
+ }
+ if (c == 0)
+ tmpline[0] = '\0';
+@@ -1037,11 +1037,22 @@ char * ftpd_getline(char *s, int n, FILE
+ }
+ }
+ *cs++ = c;
+- if (--n <= 0 || c == '\n')
++ if (--n <= 0) {
++ /*
++ * If command doesn't fit into buffer, discard the
++ * rest of the command and indicate truncation.
++ * This prevents the command to be split up into
++ * multiple commands.
++ */
++ while (c != '\n' && (c = getc(iop)) != EOF)
++ ;
++ return (-2);
++ }
++ if (c == '\n')
+ break;
+ }
+ if (c == EOF && cs == s)
+- return (NULL);
++ return (-1);
+ *cs++ = '\0';
+ if (debug) {
+ if (!guest && strncasecmp("pass ", s, 5) == 0) {
+@@ -1061,7 +1072,7 @@ char * ftpd_getline(char *s, int n, FILE
+ syslog(LOG_DEBUG, "command: %.*s", len, s);
+ }
+ }
+- return (s);
++ return (0);
+ }
+
+ void toolong(int signo)
+@@ -1090,9 +1101,14 @@ static int yylex(void)
+ case CMD:
+ (void) signal(SIGALRM, toolong);
+ (void) alarm((unsigned) timeout);
+- if (ftpd_getline(cbuf, sizeof(cbuf)-1, stdin)==NULL) {
++ n = ftpd_getline(cbuf, sizeof(cbuf)-1, stdin);
++ if (n == -1) {
+ reply(221, "You could at least say goodbye.");
+ dologout(0);
++ } else if (n == -2) {
++ reply(500, "Command too long.");
++ alarm(0);
++ continue;
+ }
+ (void) alarm(0);
+ if ((cp = strchr(cbuf, '\r'))) {
+--- linux-ftpd-0.17/ftpd/ftpd.c
++++ linux-ftpd-0.17/ftpd/ftpd.c
+@@ -2210,6 +2210,7 @@ void dologout(int status)
+ static void myoob(int signo)
+ {
+ char *cp;
++ int ret;
+ int save_errno = errno;
+
+ (void)signo;
+@@ -2218,9 +2219,13 @@ static void myoob(int signo)
+ if (!transflag)
+ return;
+ cp = tmpline;
+- if (ftpd_getline(cp, 7, stdin) == NULL) {
++ ret = ftpd_getline(cp, 7, stdin);
++ if (ret == -1) {
+ reply(221, "You could at least say goodbye.");
+ dologout(0);
++ } else if (ret == -2) {
++ /* Ignore truncated command */
++ return;
+ }
+ upper(cp);
+ if (strcmp(cp, "ABOR\r\n") == 0) {
diff --git a/net-ftp/netkit-ftpd/netkit-ftpd-0.17-r8.ebuild b/net-ftp/netkit-ftpd/netkit-ftpd-0.17-r8.ebuild
new file mode 100644
index 000000000000..0e03e22c494f
--- /dev/null
+++ b/net-ftp/netkit-ftpd/netkit-ftpd-0.17-r8.ebuild
@@ -0,0 +1,59 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/netkit-ftpd/netkit-ftpd-0.17-r8.ebuild,v 1.1 2008/10/26 05:44:14 vapier Exp $
+
+inherit eutils ssl-cert toolchain-funcs
+
+MY_P="linux-ftpd-${PV}"
+DESCRIPTION="The netkit FTP server with optional SSL support"
+HOMEPAGE="http://www.hcs.harvard.edu/~dholland/computers/netkit.html"
+SRC_URI="ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/${MY_P}.tar.gz
+ mirror://gentoo/${MY_P}-ssl.patch"
+
+LICENSE="as-is"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="ssl"
+
+DEPEND="ssl? ( dev-libs/openssl )"
+RDEPEND="${DEPEND}
+ virtual/inetd"
+
+S=${WORKDIR}/${MY_P}
+
+src_unpack() {
+ unpack ${MY_P}.tar.gz
+ cd "${S}"
+ use ssl && epatch "${DISTDIR}"/${MY_P}-ssl.patch "${FILESDIR}"/${P}-cleanup-ssl.patch
+ epatch "${FILESDIR}"/${P}-cleanup.patch
+ epatch "${FILESDIR}"/${P}-build.patch
+ epatch "${FILESDIR}"/${P}-shadowfix.patch
+ epatch "${FILESDIR}"/${P}-gcc41.patch
+ epatch "${FILESDIR}"/${P}-setguid.patch
+ epatch "${FILESDIR}"/${P}-cross.patch
+ epatch "${FILESDIR}"/${P}-CVE-2008-4247.patch #239047
+ use ssl && epatch "${FILESDIR}"/${P}-fclose-CVE-2007-6263.patch #199206
+}
+
+src_compile() {
+ tc-export CC
+ ./configure --prefix=/usr || die "configure failed"
+ emake || die "parallel make failed"
+}
+
+src_install() {
+ dobin ftpd/ftpd || die
+ doman ftpd/ftpd.8
+ dodoc README ChangeLog
+ insinto /etc/xinetd.d
+ newins "${FILESDIR}"/ftp.xinetd ftp
+}
+
+pkg_postinst() {
+ if use ssl ; then
+ install_cert /etc/ssl/certs/ftpd
+ elog "In order to start the server with SSL support"
+ elog "You need a certificate /etc/ssl/certs/ftpd.pem."
+ elog "A temporary certificiate has been created."
+ fi
+}