summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Black <dragonheart@gentoo.org>2005-11-06 12:30:48 +0000
committerDaniel Black <dragonheart@gentoo.org>2005-11-06 12:30:48 +0000
commit48836a1ce2a09c454cf38d029b3c304362fcdc0c (patch)
treea229a187cfa9920269429fdc7f911c0e16f906e8 /net-ftp
parentVersion bump (#111232). Removed old ebuilds. (diff)
downloadgentoo-2-48836a1ce2a09c454cf38d029b3c304362fcdc0c.tar.gz
gentoo-2-48836a1ce2a09c454cf38d029b3c304362fcdc0c.tar.bz2
gentoo-2-48836a1ce2a09c454cf38d029b3c304362fcdc0c.zip
fix remote hole in linux-ftpd-ssl - security bug #111573
(Portage version: 2.0.53_rc7)
Diffstat (limited to 'net-ftp')
-rw-r--r--net-ftp/ftpd/ChangeLog9
-rw-r--r--net-ftp/ftpd/Manifest9
-rw-r--r--net-ftp/ftpd/files/digest-ftpd-0.17-r21
-rw-r--r--net-ftp/ftpd/files/ftpd-0.17+ssl-0.3-overflowpatch.diff14
-rw-r--r--net-ftp/ftpd/ftpd-0.17-r2.ebuild58
5 files changed, 87 insertions, 4 deletions
diff --git a/net-ftp/ftpd/ChangeLog b/net-ftp/ftpd/ChangeLog
index 6646962eabb1..5a0d39953d53 100644
--- a/net-ftp/ftpd/ChangeLog
+++ b/net-ftp/ftpd/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for net-ftp/ftpd
# Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-ftp/ftpd/ChangeLog,v 1.17 2005/07/26 13:41:40 dholm Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/ftpd/ChangeLog,v 1.18 2005/11/06 12:30:48 dragonheart Exp $
+
+*ftpd-0.17-r2 (06 Nov 2005)
+
+ 06 Nov 2005; Daniel Black <dragonheart@gentoo.org>
+ +files/ftpd-0.17+ssl-0.3-overflowpatch.diff, +ftpd-0.17-r2.ebuild:
+ fix remote hole in linux-ftpd-ssl - security bug #111573 - patch thanks to
+ James Longstreet, bug thanks to Wernfried Haas
26 Jul 2005; David Holm <dholm@gentoo.org> ftpd-0.17-r1.ebuild:
Added to ~ppc.
diff --git a/net-ftp/ftpd/Manifest b/net-ftp/ftpd/Manifest
index 04259c4af9a2..de416d7773c3 100644
--- a/net-ftp/ftpd/Manifest
+++ b/net-ftp/ftpd/Manifest
@@ -1,8 +1,11 @@
-MD5 12d43b913f1fef64fe772705df647677 ChangeLog 2084
-MD5 753fb4b95ec8ae858ff343a599376b18 ftpd-0.17-r1.ebuild 1461
-MD5 a49ca8164b73a5b126e5d4403ec0e6ef ftpd-0.17.ebuild 1410
+MD5 519950150d050fe4ca1c10fd02d16fcf ChangeLog 2362
MD5 1185c6db5ae646d809d0c757f02d8e35 files/digest-ftpd-0.17 66
MD5 1185c6db5ae646d809d0c757f02d8e35 files/digest-ftpd-0.17-r1 66
+MD5 1185c6db5ae646d809d0c757f02d8e35 files/digest-ftpd-0.17-r2 66
MD5 c77f5bcf2f56d61c7e8845d94df88164 files/ftp.xinetd 313
+MD5 fb54312525ec906691ee16975f1658be files/ftpd-0.17+ssl-0.3-overflowpatch.diff 532
MD5 7e1217f2de231dda2c8e842a7d7dfb7b files/ftpd-0.17-shadowfix.patch 895
MD5 0630d5a4a420220cc8b912bdad705f6c files/ssl.diff.gz 10444
+MD5 753fb4b95ec8ae858ff343a599376b18 ftpd-0.17-r1.ebuild 1461
+MD5 4e5860c74f17edf1d20b7d9b6da711d5 ftpd-0.17-r2.ebuild 1518
+MD5 a49ca8164b73a5b126e5d4403ec0e6ef ftpd-0.17.ebuild 1410
diff --git a/net-ftp/ftpd/files/digest-ftpd-0.17-r2 b/net-ftp/ftpd/files/digest-ftpd-0.17-r2
new file mode 100644
index 000000000000..909d577cfb10
--- /dev/null
+++ b/net-ftp/ftpd/files/digest-ftpd-0.17-r2
@@ -0,0 +1 @@
+MD5 f5f491564812db5d8783daa538c49186 linux-ftpd-0.17.tar.gz 46763
diff --git a/net-ftp/ftpd/files/ftpd-0.17+ssl-0.3-overflowpatch.diff b/net-ftp/ftpd/files/ftpd-0.17+ssl-0.3-overflowpatch.diff
new file mode 100644
index 000000000000..6290079a7062
--- /dev/null
+++ b/net-ftp/ftpd/files/ftpd-0.17+ssl-0.3-overflowpatch.diff
@@ -0,0 +1,14 @@
+--- linux-ftpd-0.17/ftpd/ftpd.c 2005-11-05 17:04:53.000000000 -0600
++++ linux-ftpd-0.17-patched/ftpd/ftpd.c 2005-11-05 17:11:54.000000000 -0600
+@@ -2082,9 +2082,9 @@
+ va_start(ap);
+ #endif
+ #ifdef USE_SSL
+- /* assemble the output into a buffer */
++ /* assemble the output into a buffer, checking for length*/
+ sprintf(outputbuf,"%d ",n);
+- vsprintf(outputbuf+strlen(outputbuf),fmt,ap);
++ vsnprintf(outputbuf+strlen(outputbuf),2048-(strlen(outputbuf) + 3),fmt,ap);
+ strcat(outputbuf,"\r\n");
+
+ if (ssl_debug_flag)
diff --git a/net-ftp/ftpd/ftpd-0.17-r2.ebuild b/net-ftp/ftpd/ftpd-0.17-r2.ebuild
new file mode 100644
index 000000000000..edc461904a3d
--- /dev/null
+++ b/net-ftp/ftpd/ftpd-0.17-r2.ebuild
@@ -0,0 +1,58 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/ftpd/ftpd-0.17-r2.ebuild,v 1.1 2005/11/06 12:30:48 dragonheart Exp $
+
+inherit eutils
+
+IUSE="ssl"
+
+S=${WORKDIR}/linux-${P}
+DESCRIPTION="The netkit FTP server with optional SSL support"
+HOMEPAGE="http://www.hcs.harvard.edu/~dholland/computers/netkit.html"
+SRC_URI="ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/linux-${P}.tar.gz"
+
+SLOT="0"
+LICENSE="as-is"
+KEYWORDS="~alpha ~amd64 ~ppc ~sparc ~x86"
+
+DEPEND="ssl? ( dev-libs/openssl )"
+
+RDEPEND="${DEPEND}
+ virtual/inetd"
+
+src_unpack() {
+ unpack ${A}
+ cd ${S}
+ if use ssl; then
+ epatch ${FILESDIR}/ssl.diff.gz
+ epatch ${FILESDIR}/${P}+ssl-0.3-overflowpatch.diff
+ fi
+ epatch ${FILESDIR}/${P}-shadowfix.patch
+}
+
+src_compile() {
+ ./configure --prefix=/usr || die "configure failed"
+ cp MCONFIG MCONFIG.orig
+ sed -e "s:-pipe -O2:${CFLAGS}:" MCONFIG.orig > MCONFIG
+ emake || die "parallel make failed"
+}
+
+src_install() {
+ dobin ftpd/ftpd
+ doman ftpd/ftpd.8
+ dodoc README ChangeLog
+ insinto /etc/xinetd.d
+ newins ${FILESDIR}/ftp.xinetd ftp
+}
+
+pkg_postinst() {
+ einfo "In order to start the server with SSL support"
+ einfo "You need to create a certificate and place it"
+ einfo "in SSLCERTDIR..."
+ einfo "<=openssl-0.9.6g - SSLCERTDIR=/usr/lib/ssl/certs"
+ einfo ">=openssl-0.9.6g-r1 - SSLCERTDIR=/etc/ssl/certs"
+ einfo ""
+ einfo "cd SSLCERTDIR"
+ einfo "openssl req -new -x509 -nodes -out ftpd.pem -keyout ftpd.pem"
+ einfo ""
+}