security fix for PASV overflow

4 files changed, 71 insertions, 1 deletions

diff --git a/net-ftp/lukemftp/ChangeLog b/net-ftp/lukemftp/ChangeLog
index 62e6ed6f33bb..9cdbfce458bb 100644
--- a/net-ftp/lukemftp/ChangeLog
+++ b/net-ftp/lukemftp/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for net-ftp/lukemftp
 # Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL
-# $Header: /var/cvsroot/gentoo-x86/net-ftp/lukemftp/ChangeLog,v 1.2 2002/05/04 03:42:50 woodchip Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/lukemftp/ChangeLog,v 1.3 2002/05/22 21:19:33 woodchip Exp $
+
+*lukemftp-1.5-r4 (22 May 2002)
+
+  22 May 2002; Donny Davies <woodchip@gentoo.org> :
+
+  Security fix for PASV overflow.
 
 *lukemftp-1.5-r3 (3 May 2002)
   
diff --git a/net-ftp/lukemftp/files/digest-lukemftp-1.5-r4 b/net-ftp/lukemftp/files/digest-lukemftp-1.5-r4
new file mode 100644
index 000000000000..f6d3378a1238
--- /dev/null
+++ b/net-ftp/lukemftp/files/digest-lukemftp-1.5-r4
@@ -0,0 +1 @@
+MD5 0cd0fc2e3fca21ca56647b2e1142a01a lukemftp-1.5.tar.gz 264861
diff --git a/net-ftp/lukemftp/files/lukemftp-1.5-pasv-overflow.patch b/net-ftp/lukemftp/files/lukemftp-1.5-pasv-overflow.patch
new file mode 100644
index 000000000000..73ad3ca935f9
--- /dev/null
+++ b/net-ftp/lukemftp/files/lukemftp-1.5-pasv-overflow.patch
@@ -0,0 +1,16 @@
+--- src/ftp.c
++++ src/ftp.c
+@@ -454,9 +454,10 @@
+ 			if (dig > 4 && pflag == 1 && isdigit(c))
+ 				pflag = 2;
+ 			if (pflag == 2) {
+-				if (c != '\r' && c != ')')
+-					*pt++ = c;
+-				else {
++			  if (c != '\r' && c != ')') {
++			          if (pt < &pasv[sizeof(pasv) - 1])
++			                   *pt++ = c;
++			          } else {
+ 					*pt = '\0';
+ 					pflag = 3;
+ 				}
diff --git a/net-ftp/lukemftp/lukemftp-1.5-r4.ebuild b/net-ftp/lukemftp/lukemftp-1.5-r4.ebuild
new file mode 100644
index 000000000000..68ab675d7f97
--- /dev/null
+++ b/net-ftp/lukemftp/lukemftp-1.5-r4.ebuild
@@ -0,0 +1,47 @@
+# Copyright 2000-2002 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License, v2 or later
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/lukemftp/lukemftp-1.5-r4.ebuild,v 1.1 2002/05/22 21:19:33 woodchip Exp $
+
+S=${WORKDIR}/${P}
+DESCRIPTION="NetBSD FTP client with several advanced features"
+SRC_URI="ftp://ftp.netbsd.org/pub/NetBSD/misc/lukemftp/${P}.tar.gz"
+HOMEPAGE="ftp://ftp.netbsd.org/pub/NetBSD/misc/lukemftp/"
+DEPEND="virtual/glibc >=sys-libs/ncurses-5.1"
+LICENSE="as-is"
+SLOT="0"
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+	# security fix for PASV buffer overflow from malicious server.
+	# http://linux.oreillynet.com/pub/a/linux/2002/05/21/insecurities.html
+	patch -p0 < ${FILESDIR}/lukemftp-1.5-pasv-overflow.patch || die
+	# Adds a command line option: -s, which produces clean, informative output.
+	# Shows progess status, ETA, transfer speed, no server responses or login messages.
+	# ~woodchip
+	cp src/main.c src/main.orig
+	sed -e "s/Aadefgino:pP:r:RtT:u:vV/Aadefgino:pP:r:RstT:u:vV/" \
+		-e "s/case 't'/case 's':\n\t\t\tverbose = 0;\n\t\t\tprogress = 1;\n\t\t\tbreak;\n\n\t\t&/" \
+		src/main.orig > src/main.c
+}
+
+src_compile() {
+	local myconf
+	use ipv6 || myconf="${myconf} --disable-ipv6"
+	./configure \
+		--prefix=/usr \
+		--enable-editcomplete \
+		--host=${CHOST} ${myconf} || die "bad ./configure"
+	emake || die "compile problem"
+}
+
+src_install() {
+	dodoc COPYING ChangeLog README* THANKS NEWS
+	newbin src/ftp lukemftp
+	newman src/ftp.1 lukemftp.1
+	if [ ! -e /usr/bin/ftp ]
+	then
+		cd ${D}/usr/bin
+		ln -s lukemftp ftp
+	fi
+}