From 7a53f17a4d10097ad94f3535eb0bf53d5dd07592 Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Sat, 19 Feb 2005 22:53:54 +0000 Subject: Version bump #79532 by Peter. Include patch to fix information disclosure bug #82544. (Portage version: 2.0.51-r15) --- net-ftp/glftpd/ChangeLog | 10 +- net-ftp/glftpd/files/digest-glftpd-2.00 | 1 + net-ftp/glftpd/files/glftpd-2.00-gcc.patch | 7 ++ net-ftp/glftpd/files/glftpd-2.00-install.patch | 101 +++++++++++++++++++++ .../files/glftpd-2.00-script-path-checks.patch | 47 ++++++++++ net-ftp/glftpd/glftpd-1.32-r2.ebuild | 4 +- net-ftp/glftpd/glftpd-2.00.ebuild | 99 ++++++++++++++++++++ 7 files changed, 265 insertions(+), 4 deletions(-) create mode 100644 net-ftp/glftpd/files/digest-glftpd-2.00 create mode 100644 net-ftp/glftpd/files/glftpd-2.00-gcc.patch create mode 100644 net-ftp/glftpd/files/glftpd-2.00-install.patch create mode 100644 net-ftp/glftpd/files/glftpd-2.00-script-path-checks.patch create mode 100644 net-ftp/glftpd/glftpd-2.00.ebuild (limited to 'net-ftp/glftpd') diff --git a/net-ftp/glftpd/ChangeLog b/net-ftp/glftpd/ChangeLog index f4090bad60f2..24ec4d9985f6 100644 --- a/net-ftp/glftpd/ChangeLog +++ b/net-ftp/glftpd/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for net-ftp/glftpd -# Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-ftp/glftpd/ChangeLog,v 1.11 2004/10/07 04:52:05 vapier Exp $ +# Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/net-ftp/glftpd/ChangeLog,v 1.12 2005/02/19 22:53:54 vapier Exp $ + +*glftpd-2.00 (19 Feb 2005) + + 19 Feb 2005; Mike Frysinger : + Version bump #79532 by Peter. Include patch to fix information disclosure + bug #82544. *glftpd-1.32-r2 (07 Oct 2004) diff --git a/net-ftp/glftpd/files/digest-glftpd-2.00 b/net-ftp/glftpd/files/digest-glftpd-2.00 new file mode 100644 index 000000000000..c90fde5007a3 --- /dev/null +++ b/net-ftp/glftpd/files/digest-glftpd-2.00 @@ -0,0 +1 @@ +MD5 7911a44f800f179c9c1c39b88682bd30 glftpd-LNX_2.00.tgz 2601322 diff --git a/net-ftp/glftpd/files/glftpd-2.00-gcc.patch b/net-ftp/glftpd/files/glftpd-2.00-gcc.patch new file mode 100644 index 000000000000..28c9c187c8c7 --- /dev/null +++ b/net-ftp/glftpd/files/glftpd-2.00-gcc.patch @@ -0,0 +1,7 @@ +--- bin/sources/glupdate.c ++++ bin/sources/glupdate.c +@@ -64,3 +64,3 @@ + void update_log (struct dirlog); +-void get_dir_size (char *, int *, long *); ++void get_dir_size (char *, int *, unsigned long long *); + char *trim (char *); diff --git a/net-ftp/glftpd/files/glftpd-2.00-install.patch b/net-ftp/glftpd/files/glftpd-2.00-install.patch new file mode 100644 index 000000000000..32ee8ef0b138 --- /dev/null +++ b/net-ftp/glftpd/files/glftpd-2.00-install.patch @@ -0,0 +1,101 @@ +--- installgl.sh ++++ installgl.sh +@@ -246 +245,0 @@ +-read randomkey +@@ -272 +271 @@ +- read usetcpd ++ usetcpd=${USETCPD} +@@ -336 +335 @@ +- read jail ++ jail=y +@@ -349 +348 @@ +- read jaildir ++ jaildir=${GLROOT} +@@ -361 +360 @@ +- read reply ++ echo "SHOULD NOT HAVE BEEN HERE 1" ; exit 1 +@@ -393 +392 @@ +- read useprivgroup ++ useprivgroup=n +@@ -414 +413 @@ +- read privgroup ++ echo "SHOULD NOT HAVE BEEN HERE 2" ; exit 1 +@@ -423 +422 @@ +- read reply ++ echo "SHOULD NOT HAVE BEEN HERE 3" ; exit 1 +@@ -441 +440 @@ +- read jailusers ++ echo "SHOULD NOT HAVE BEEN HERE 4" ; exit 1 +@@ -505 +504 @@ +- read glroot ++ break +@@ -517 +516 @@ +- read reply ++ echo "SHOULD NOT HAVE BEEN HERE 5" ; exit 1 +@@ -602 +601 @@ +- read servicename ++ servicename=glftpd +@@ -617 +616 @@ +- read keystroke ++ echo "SHOULD NOT HAVE BEEN HERE 6" ; exit 1 +@@ -639 +638 @@ +- read keystroke ++ echo "SHOULD NOT HAVE BEEN HERE 6.2" ; exit 1 +@@ -696 +695 @@ +- $usegcc $gccflags "$jaildir$glroot/bin/$base" "$cfile" >/dev/null 2>&1 || \ ++ $usegcc $gccflags "$jaildir$glroot/bin/$base" "$cfile" >& "$cfile".cc.log || \ +@@ -699 +698 @@ +- echo "OK." ++ echo "OK." ; rm -f "$cfile".cc.log +@@ -702 +701 @@ +- echo "FAILED!" ++ echo "FAILED!" ; cat "$cfile".cc.log +@@ -826 +825 @@ +- read port ++ port=21 +@@ -842,4 +840,0 @@ +-{ grep -v ^${servicename} /etc/services; +- echo "$servicename $port/tcp" +-} > /etc/services.new +-mv -f /etc/services.new /etc/services +@@ -891 +886 @@ +- read whichnetd ++ whichnetd=${WHICHNETD} +@@ -903,3 +898 @@ +- echo "ERROR: Can't determine if you are using inetd or xinetd!" +- echo "Please fix this problem and re-run the installation script" +- exit 1 ++ whichnetd=${WHICHNETD} +@@ -920 +913 @@ +- read keystroke ++ keystroke=n +@@ -938 +931 @@ +- read keystroke ++ keystroke=no +@@ -960 +952,0 @@ +- cp /etc/localtime /usr/lib/ +@@ -980 +972 @@ +- read tlsname ++ tlsname="ftp server" +@@ -1041 +1033 @@ +- mv -f $base.pem $tls/ ++ mv -f $base.pem $D$tls/ +@@ -1068 +1060 @@ +- read tls ++ echo "SHOULD NOT HAVE BEEN HERE 7" ; exit 1 +@@ -1096 +1088 @@ +- read tls ++ tls=/etc/glftpd-dsa.pem ; break +@@ -1222,3 +1214,2 @@ +- [ ! -d "/etc/xinetd.d" ] && { +- mkdir /etc/xinetd.d +- echo "includedir /etc/xinetd.d" >> /etc/xinetd.conf ++ [ ! -d "$D/etc/xinetd.d" ] && { ++ mkdir $D/etc/xinetd.d +@@ -1226 +1217 @@ +- cat < /etc/xinetd.d/$servicename ++ cat < $D/etc/xinetd.d/$servicename +@@ -1252,3 +1242,0 @@ +-{ crontab -l | grep -v "$jaildir$glroot/bin/reset" +- echo "0 0 * * * $jaildir$glroot/bin/reset ${euroweek}${confpath}" +-} | crontab - > /dev/null diff --git a/net-ftp/glftpd/files/glftpd-2.00-script-path-checks.patch b/net-ftp/glftpd/files/glftpd-2.00-script-path-checks.patch new file mode 100644 index 000000000000..892e914e1590 --- /dev/null +++ b/net-ftp/glftpd/files/glftpd-2.00-script-path-checks.patch @@ -0,0 +1,47 @@ +Make people don't try scanning for files they shouldn't have +access to normally. + +http://bugs.gentoo.org/show_bug.cgi?id=82544 + +--- bin/sitenfo.sh ++++ bin/sitenfo.sh +@@ -37,6 +37,11 @@ + exit 0 + } + ++[ "${1/..\/}" != "$1" ] && { ++ echo "That zipfile does not exist!" ++ exit 1 ++} ++ + [ ! -e "$1" ] && { + echo "That zipfile does not exist!" + exit 1 +--- bin/sitezipchk.sh ++++ bin/sitezipchk.sh +@@ -37,6 +37,11 @@ + exit 0 + } + ++[ "${1/..\/}" != "$1" ] && { ++ echo "That zipfile does not exist!" ++ exit 1 ++} ++ + [ ! -e "$1" ] && { + echo "That zipfile does not exist!" + exit 1 +--- bin/siteziplist.sh ++++ bin/siteziplist.sh +@@ -37,6 +37,11 @@ + exit 0 + } + ++[ "${1/..\/}" != "$1" ] && { ++ echo "That zipfile does not exist!" ++ exit 1 ++} ++ + [ ! -e "$1" ] && { + echo "That zipfile does not exist!" + exit 1 diff --git a/net-ftp/glftpd/glftpd-1.32-r2.ebuild b/net-ftp/glftpd/glftpd-1.32-r2.ebuild index bbd768c14a97..216c7122ad84 100644 --- a/net-ftp/glftpd/glftpd-1.32-r2.ebuild +++ b/net-ftp/glftpd/glftpd-1.32-r2.ebuild @@ -1,6 +1,6 @@ -# Copyright 1999-2004 Gentoo Foundation +# Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-ftp/glftpd/glftpd-1.32-r2.ebuild,v 1.1 2004/10/07 04:52:05 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-ftp/glftpd/glftpd-1.32-r2.ebuild,v 1.2 2005/02/19 22:53:54 vapier Exp $ inherit eutils diff --git a/net-ftp/glftpd/glftpd-2.00.ebuild b/net-ftp/glftpd/glftpd-2.00.ebuild new file mode 100644 index 000000000000..4e6cea603fdf --- /dev/null +++ b/net-ftp/glftpd/glftpd-2.00.ebuild @@ -0,0 +1,99 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-ftp/glftpd/glftpd-2.00.ebuild,v 1.1 2005/02/19 22:53:54 vapier Exp $ + +inherit eutils + +MY_P=${P/-/-LNX_} +DESCRIPTION="a HIGHLY configurable ftp server" +HOMEPAGE="http://www.glftpd.com/" +SRC_URI="http://www.glftpd.com/files/${MY_P}.tgz" + +LICENSE="freedist" +SLOT="0" +KEYWORDS="-* ~x86" +IUSE="" + +DEPEND="dev-libs/openssl" +RDEPEND="${DEPEND} + sys-apps/xinetd" + +S=${WORKDIR}/${MY_P} + +# custom options +export CUSTOMGLROOT=${CUSTOMGLROOT:-/opt/glftpd} +export GLROOT=${GLROOT:-${D}${CUSTOMGLROOT}} + +pkg_setup() { + [[ -d /proc/sysvipc ]] || die "You need System V IPC support in your kernel" +} + +src_unpack() { + unpack ${A} + cd "${S}" + cp installgl.sh{,.orig} + epatch "${FILESDIR}"/${P}-install.patch + epatch "${FILESDIR}"/${P}-gcc.patch + epatch "${FILESDIR}"/${P}-script-path-checks.patch +} + +yesno() { if $@ ; then echo y ; else echo n ; fi ; } + +src_install() { + dodir /etc/xinetd.d + + # custom options + export USETCPD=$(yesno useq tcpd) + export JAIL=y + export MAKETLS=$(yesno [ ! -e /etc/glftpd-dsa.pem ]) + export WHICHNETD=x + "${S}"/installgl.sh || die "installgl.sh failed" + + # fix the glftpd.conf file + sed -i \ + -e "s:${GLROOT}:${CUSTOMGLROOT}/:" \ + ${GLROOT}/glftpd.conf + + mv ${GLROOT}/glftpd.conf ${D}/etc/ + ln -s /etc/glftpd.conf ${GLROOT}/glftpd.conf + if [ -e /etc/glftpd-dsa.pem ] ; then + cp /etc/glftpd-dsa.pem ${D}/etc/ + else + cp ftpd-dsa.pem ${D}/etc/glftpd-dsa.pem + fi + ln -s /etc/glftpd-dsa.pem ${GLROOT}/etc/glftpd-dsa.pem + fperms o-r /etc/glftpd-dsa.pem + + # xinetd.d entry (use our custom one :]) + insinto /etc/xinetd.d + newins ${FILESDIR}/glftpd.xinetd.d glftpd + dosed "s:GLROOT:${CUSTOMGLROOT}:g" /etc/xinetd.d/glftpd + + # env entry to protect our ftp passwd/group files + newenvd ${FILESDIR}/glftpd.env.d 99glftpd + dosed "s:GLROOT:${CUSTOMGLROOT}:g" /etc/env.d/99glftpd + + # chmod the glftpd dir so that user files will work + chmod 711 ${GLROOT} +} + +pkg_postinst() { + echo + einfo "Read the documentation in /opt/glftpd/docs/" + einfo "After you setup your conf file, edit the xinetd" + einfo "entry in /etc/xinetd.d/glftpd to enable, then" + einfo "start xinetd: /etc/init.d/xinetd start" + echo + einfo "To add glftpd to your services file and to" + einfo "create a cronjob for auto generating statistics," + einfo "just run this command after you install:" + echo + einfo "ebuild /var/db/pkg/${CATEGORY}/${PF}/${PF}.ebuild config" +} + +pkg_config() { + einfo "Updating crontab" + { crontab -l | grep -v "bin/reset" + echo "0 0 * * * ${CUSTOMGLROOT}/bin/reset -r ${CUSTOMGLROOT}/glftpd.conf" + } | crontab - > /dev/null +} -- cgit v1.2.3-65-gdbad