Revbump. Fixes #466340 and #450536

(Portage version: 2.1.11.62/cvs/Linux x86_64, signed Manifest commit with key C2BA7F3C!)
author: Markos Chandras <hwoarang@gentoo.org> 2013-04-20 16:51:02 +0000
committer: Markos Chandras <hwoarang@gentoo.org> 2013-04-20 16:51:02 +0000
commit: dc723d39b7b885035af6b7b06aedfbb31d39c710 (patch)
tree: 851eef8c196f0319ae21f4d62f251c34856979a8 /net-ftp
parent: new rev for subslot dep operations (diff)
download: gentoo-2-dc723d39b7b885035af6b7b06aedfbb31d39c710.tar.gz
gentoo-2-dc723d39b7b885035af6b7b06aedfbb31d39c710.tar.bz2
gentoo-2-dc723d39b7b885035af6b7b06aedfbb31d39c710.zip
6 files changed, 234 insertions, 28 deletions
diff --git a/net-ftp/vsftpd/ChangeLog b/net-ftp/vsftpd/ChangeLog
index 3f588f6055f7..2d05d97d311d 100644
--- a/net-ftp/vsftpd/ChangeLog
+++ b/net-ftp/vsftpd/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for net-ftp/vsftpd
 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-ftp/vsftpd/ChangeLog,v 1.166 2013/03/17 15:44:15 hwoarang Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/vsftpd/ChangeLog,v 1.167 2013/04/20 16:51:02 hwoarang Exp $
+
+*vsftpd-3.0.2-r1 (20 Apr 2013)
+
+  20 Apr 2013; Markos Chandras <hwoarang@gentoo.org> +vsftpd-3.0.2-r1.ebuild,
+  +files/vsftpd-3.0.2-remove-legacy-cap.patch, +files/vsftpd.service,
+  +files/vsftpd-checkconfig.sh, files/vsftpd.init:
+  Add systemd unit file. Bug #466340 thanks to Fabio Erculiani
+  <lxnay@gentoo.org>. Add patch to remove legacy capabilities by
+  Joakim Tjernlund <Joakim.Tjernlund@transmode.se>. Bug #450536
 
   17 Mar 2013; Markos Chandras <hwoarang@gentoo.org> metadata.xml:
   Add proxy-maintainers to metadata.xml
diff --git a/net-ftp/vsftpd/files/vsftpd-3.0.2-remove-legacy-cap.patch b/net-ftp/vsftpd/files/vsftpd-3.0.2-remove-legacy-cap.patch
new file mode 100644
index 000000000000..2401f37c7e88
--- /dev/null
+++ b/net-ftp/vsftpd/files/vsftpd-3.0.2-remove-legacy-cap.patch
@@ -0,0 +1,57 @@
+https://bugs.gentoo.org/show_bug.cgi?id=450536
+Patch by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
+
+Probe the preferred version
+--- vsftpd-3.0.2/sysdeputil.c.org       2013-01-05 18:32:13.241288839 +0100
++++ vsftpd-3.0.2/sysdeputil.c   2013-01-05 19:41:53.038148078 +0100
+@@ -561,11 +561,17 @@
+ }
+
+   #ifndef VSF_SYSDEP_HAVE_LIBCAP
++static struct __user_cap_header_struct sys_cap_head;
+ static int
+ do_checkcap(void)
+ {
++  int retval;
++
++  /* Store preferred version in sys_cap_head */
++  vsf_sysutil_memclr(&sys_cap_head, sizeof(sys_cap_head));
+   /* EFAULT (EINVAL if page 0 mapped) vs. ENOSYS */
+-  int retval = capset(0, 0);
++  retval = capset(&sys_cap_head, 0);
++
+   if (!vsf_sysutil_retval_is_error(retval) ||
+       vsf_sysutil_get_error() != kVSFSysUtilErrNOSYS)
+   {
+@@ -579,17 +585,13 @@
+ {
+   /* n.b. yes I know I should be using libcap!! */
+   int retval;
+-  struct __user_cap_header_struct cap_head;
+-  struct __user_cap_data_struct cap_data;
++  struct __user_cap_data_struct cap_data[2];
+   __u32 cap_mask = 0;
+   if (!caps)
+   {
+     bug("asked to adopt no capabilities");
+   }
+-  vsf_sysutil_memclr(&cap_head, sizeof(cap_head));
+   vsf_sysutil_memclr(&cap_data, sizeof(cap_data));
+-  cap_head.version = _LINUX_CAPABILITY_VERSION;
+-  cap_head.pid = 0;
+   if (caps & kCapabilityCAP_CHOWN)
+   {
+     cap_mask |= (1 << CAP_CHOWN);
+@@ -598,9 +600,9 @@
+   {
+     cap_mask |= (1 << CAP_NET_BIND_SERVICE);
+   }
+-  cap_data.effective = cap_data.permitted = cap_mask;
+-  cap_data.inheritable = 0;
+-  retval = capset(&cap_head, &cap_data);
++  cap_data[0].effective = cap_data[0].permitted = cap_mask;
++  cap_data[0].inheritable = 0;
++  retval = capset(&sys_cap_head, &cap_data[0]);
+   if (retval != 0)
+   {
+     die("capset");
diff --git a/net-ftp/vsftpd/files/vsftpd-checkconfig.sh b/net-ftp/vsftpd/files/vsftpd-checkconfig.sh
new file mode 100644
index 000000000000..e1d1e5231b67
--- /dev/null
+++ b/net-ftp/vsftpd/files/vsftpd-checkconfig.sh
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+VSFTPD_CONF="${VSFTPD_CONF:-/etc/vsftpd/vsftpd.conf}"
+
+if [ ! -e ${VSFTPD_CONF} ] ; then
+	echo "Please setup ${VSFTPD_CONF} before starting vsftpd" >&2
+	echo "There are sample configurations in /usr/share/doc/vsftpd" >&2
+	exit 1
+fi
+
+if egrep -iq "^ *background *= *yes" "${VSFTPD_CONF}" ; then
+	echo "${VSFTPD_CONF} must not set background=YES" >&2
+	exit 1
+fi
+
+has_ip=false has_ipv6=false ip_error=true
+egrep -iq "^ *listen *= *yes" "${VSFTPD_CONF}" && has_ip=true
+egrep -iq "^ *listen_ipv6 *= *yes" "${VSFTPD_CONF}" && has_ipv6=true
+if ${has_ip} && ! ${has_ipv6} ; then
+	ip_error=false
+elif ! ${has_ip} && ${has_ipv6} ; then
+	ip_error=false
+fi
+if ${ip_error} ; then
+	echo "${VSFTPD_CONF} must contain listen=YES or listen_ipv6=YES" >&2
+	echo "but not both" >&2
+	exit 1
+fi
+
diff --git a/net-ftp/vsftpd/files/vsftpd.init b/net-ftp/vsftpd/files/vsftpd.init
index e486e1fc0863..1650da1b325c 100644
--- a/net-ftp/vsftpd/files/vsftpd.init
+++ b/net-ftp/vsftpd/files/vsftpd.init
@@ -1,7 +1,7 @@
 #!/sbin/runscript
-# Copyright 2003-2004 Gentoo Foundation
+# Copyright 1999-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License, v2
-# $Header: /var/cvsroot/gentoo-x86/net-ftp/vsftpd/files/vsftpd.init,v 1.7 2008/12/26 16:50:15 armin76 Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/vsftpd/files/vsftpd.init,v 1.8 2013/04/20 16:51:02 hwoarang Exp $
 
 VSFTPD_NAME=${SVCNAME##*.}
 if [ -n "${VSFTPD_NAME}" -a "${SVCNAME}" != "vsftpd" ]; then
@@ -20,30 +20,8 @@ depend() {
 }
 
 checkconfig() {
-	if [ ! -e ${VSFTPD_CONF} ] ; then
-		eerror "Please setup ${VSFTPD_CONF} before starting vsftpd"
-		eerror "There are sample configurations in /usr/share/doc/vsftpd"
-		return 1
-	fi
-
-	if egrep -iq "^ *background *= *yes" "${VSFTPD_CONF}" ; then
-		eerror "${VSFTPD_CONF} must not set background=YES"
-		return 1
-	fi
-
-	local has_ip=false has_ipv6=false ip_error=true
-	egrep -iq "^ *listen *= *yes" "${VSFTPD_CONF}" && has_ip=true
-	egrep -iq "^ *listen_ipv6 *= *yes" "${VSFTPD_CONF}" && has_ipv6=true
-	if ${has_ip} && ! ${has_ipv6} ; then
-		ip_error=false
-	elif ! ${has_ip} && ${has_ipv6} ; then
-		ip_error=false
-	fi
-	if ${ip_error} ; then
-		eerror "${VSFTPD_CONF} must contain listen=YES or listen_ipv6=YES"
-		eerror "but not both"
-		return 1
-	fi
+	VSFTPD_CONF="${VSFTPD_CONF}" \
+		/usr/libexec/vsftpd-checkconfig.sh || return 1
 }
 
 start() {
@@ -58,7 +36,7 @@ start() {
 stop() {
 	ebegin "Stopping ${SVCNAME}"
 	if [ -f ${VSFTPD_PID} ]; then
-		start-stop-daemon --stop --pidfile ${VSFTPD_PID} 
+		start-stop-daemon --stop --pidfile ${VSFTPD_PID}
 	else
 		ewarn "Couldn't found ${VSFTPD_PID} trying to stop over the process name ${SVCNAME}"
 		start-stop-daemon --stop --name ${SVCNAME}
diff --git a/net-ftp/vsftpd/files/vsftpd.service b/net-ftp/vsftpd/files/vsftpd.service
new file mode 100644
index 000000000000..1445f2769861
--- /dev/null
+++ b/net-ftp/vsftpd/files/vsftpd.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Vsftpd ftp daemon
+After=network.target
+
+[Service]
+Type=simple
+ExecStartPre=/usr/libexec/vsftpd-checkconfig.sh
+ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-ftp/vsftpd/vsftpd-3.0.2-r1.ebuild b/net-ftp/vsftpd/vsftpd-3.0.2-r1.ebuild
new file mode 100644
index 000000000000..102fccfab67d
--- /dev/null
+++ b/net-ftp/vsftpd/vsftpd-3.0.2-r1.ebuild
@@ -0,0 +1,122 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/vsftpd/vsftpd-3.0.2-r1.ebuild,v 1.1 2013/04/20 16:51:02 hwoarang Exp $
+
+EAPI="4"
+
+inherit eutils systemd toolchain-funcs
+
+DESCRIPTION="Very Secure FTP Daemon written with speed, size and security in mind"
+HOMEPAGE="http://vsftpd.beasts.org/"
+SRC_URI="http://security.appspot.com/downloads/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE="caps pam tcpd ssl selinux xinetd"
+
+DEPEND="caps? ( >=sys-libs/libcap-2 )
+	pam? ( virtual/pam )
+	tcpd? ( >=sys-apps/tcp-wrappers-7.6 )
+	ssl? ( >=dev-libs/openssl-0.9.7d )"
+RDEPEND="${DEPEND}
+	net-ftp/ftpbase
+	selinux? ( sec-policy/selinux-ftp )
+	xinetd? ( sys-apps/xinetd )"
+
+src_prepare() {
+
+	# kerberos patch. bug #335980
+	epatch "${FILESDIR}/${PN}-2.3.2-kerberos.patch"
+
+	# Patch the source, config and the manpage to use /etc/vsftpd/
+	epatch "${FILESDIR}/${PN}-2.3.5-gentoo.patch"
+
+	# Fix building without the libcap
+	epatch "${FILESDIR}/${PN}-2.1.0-caps.patch"
+
+	# Fix building on alpha. Bug #405829
+	epatch "${FILESDIR}/${PN}-3.0.2-alpha.patch"
+
+	# Configure vsftpd build defaults
+	use tcpd && echo "#define VSF_BUILD_TCPWRAPPERS" >> builddefs.h
+	use ssl && echo "#define VSF_BUILD_SSL" >> builddefs.h
+	use pam || echo "#undef VSF_BUILD_PAM" >> builddefs.h
+
+	# Ensure that we don't link against libcap unless asked
+	if ! use caps ; then
+		sed -i '/^#define VSF_SYSDEP_HAVE_LIBCAP$/ d' sysdeputil.c || die
+		epatch "${FILESDIR}"/${PN}-2.2.0-dont-link-caps.patch
+	fi
+
+	# Let portage control stripping
+	sed -i '/^LINK[[:space:]]*=[[:space:]]*/ s/-Wl,-s//' Makefile || die
+
+	#Bug #335977
+	epatch "${FILESDIR}"/${PN}-3.0.0-Makefile.patch
+
+	#Bug #450536
+	epatch "${FILESDIR}"/${P}-remove-legacy-cap.patch
+}
+
+src_compile() {
+	CFLAGS="${CFLAGS}" \
+	CC="$(tc-getCC)" \
+	emake
+}
+
+src_install() {
+	into /usr
+	doman ${PN}.conf.5 ${PN}.8
+	dosbin ${PN} || die "disbin failed"
+
+	dodoc AUDIT BENCHMARKS BUGS Changelog FAQ \
+		README README.security REWARD SIZE \
+		SPEED TODO TUNING || die "dodoc failed"
+	newdoc ${PN}.conf ${PN}.conf.example
+
+	docinto security
+	dodoc SECURITY/* || die "dodoc failed"
+
+	insinto "/usr/share/doc/${PF}/examples"
+	doins -r EXAMPLE/* || die "doins faileD"
+
+	insinto /etc/${PN}
+	newins ${PN}.conf{,.example}
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}/${PN}.logrotate" ${PN}
+
+	if use xinetd ; then
+		insinto /etc/xinetd.d
+		newins "${FILESDIR}/${PN}.xinetd" ${PN}
+	fi
+
+	newinitd "${FILESDIR}/${PN}.init" ${PN}
+
+	keepdir /usr/share/${PN}/empty
+
+	exeinto /usr/libexec
+	doexe "${FILESDIR}/vsftpd-checkconfig.sh"
+	systemd_dounit "${FILESDIR}/${PN}.service"
+}
+
+pkg_preinst() {
+	# If we use xinetd, then we set listen=NO
+	# so that our default config works under xinetd - fixes #78347
+	if use xinetd ; then
+		sed -i 's/listen=YES/listen=NO/g' "${D}"/etc/${PN}/${PN}.conf.example
+	fi
+}
+
+pkg_postinst() {
+	einfo "vsftpd init script can now be multiplexed."
+	einfo "The default init script forces /etc/vsftpd/vsftpd.conf to exist."
+	einfo "If you symlink the init script to another one, say vsftpd.foo"
+	einfo "then that uses /etc/vsftpd/foo.conf instead."
+	einfo
+	einfo "Example:"
+	einfo "   cd /etc/init.d"
+	einfo "   ln -s vsftpd vsftpd.foo"
+	einfo "You can now treat vsftpd.foo like any other service"
+}
author	Markos Chandras <hwoarang@gentoo.org>	2013-04-20 16:51:02 +0000
committer	Markos Chandras <hwoarang@gentoo.org>	2013-04-20 16:51:02 +0000
commit	dc723d39b7b885035af6b7b06aedfbb31d39c710 (patch)
tree	851eef8c196f0319ae21f4d62f251c34856979a8 /net-ftp
parent	new rev for subslot dep operations (diff)
download	gentoo-2-dc723d39b7b885035af6b7b06aedfbb31d39c710.tar.gz gentoo-2-dc723d39b7b885035af6b7b06aedfbb31d39c710.tar.bz2 gentoo-2-dc723d39b7b885035af6b7b06aedfbb31d39c710.zip