diff options
| author |   Christian Hoffmann <hoffie@gentoo.org> | 2008-11-09 11:56:31 +0000 |
|---|---|---|
| committer | Christian Hoffmann <hoffie@gentoo.org> | 2008-11-09 11:56:31 +0000 |
| commit | 18f6b4f74600a58eb8198ec17176699255b0c3b1 (patch) | |
| tree | 55fe8c284ac412521dde8fdc141e96dbb90eaffa /net-ftp/proftpd | |
| parent | amd64/x86 stable, bug #245169 (diff) | |
| download | historical-18f6b4f74600a58eb8198ec17176699255b0c3b1.tar.gz historical-18f6b4f74600a58eb8198ec17176699255b0c3b1.tar.bz2 historical-18f6b4f74600a58eb8198ec17176699255b0c3b1.zip | |
adding proftpd-1.3.1-r1 to get a regression-free version of proftpd which ships a patch for security bug 238762, adding proftpd-1.3.2_rc2-r2 to fix a mod_shaper-related compile failure as pointed out by Joker in bug 238762; also fixing bug 221275
Package-Manager: portage-2.2_rc13/cvs/Linux 2.6.27-gentoo x86_64
Diffstat (limited to 'net-ftp/proftpd')
| -rw-r--r-- | net-ftp/proftpd/ChangeLog | 13 | ||||
| -rw-r--r-- | net-ftp/proftpd/Manifest | 17 | ||||
| -rw-r--r-- | net-ftp/proftpd/files/proftpd-1.3.1-CVE-2008-4242.patch | 172 | ||||
| -rw-r--r-- | net-ftp/proftpd/proftpd-1.3.1-r1.ebuild | 256 | ||||
| -rw-r--r-- | net-ftp/proftpd/proftpd-1.3.2_rc2-r2.ebuild | 250 |
5 files changed, 706 insertions, 2 deletions
diff --git a/net-ftp/proftpd/ChangeLog b/net-ftp/proftpd/ChangeLog index 9eaf7027cc3d..f6097c9c5c63 100644 --- a/net-ftp/proftpd/ChangeLog +++ b/net-ftp/proftpd/ChangeLog @@ -1,6 +1,17 @@ # ChangeLog for net-ftp/proftpd # Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-ftp/proftpd/ChangeLog,v 1.180 2008/11/08 19:57:30 klausman Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-ftp/proftpd/ChangeLog,v 1.181 2008/11/09 11:56:30 hoffie Exp $ + +*proftpd-1.3.2_rc2-r2 (09 Nov 2008) +*proftpd-1.3.1-r1 (09 Nov 2008) + + 09 Nov 2008; Christian Hoffmann <hoffie@gentoo.org> + +files/proftpd-1.3.1-CVE-2008-4242.patch, +proftpd-1.3.1-r1.ebuild, + +proftpd-1.3.2_rc2-r2.ebuild: + adding proftpd-1.3.1-r1 to get a regression-free version of proftpd which + ships a patch for security bug 238762, adding proftpd-1.3.2_rc2-r2 to fix + a mod_shaper-related compile failure as pointed out by Joker in bug + 238762; also fixing bug 221275 08 Nov 2008; Tobias Klausmann <klausman@gentoo.org> proftpd-1.3.2_rc2.ebuild: diff --git a/net-ftp/proftpd/Manifest b/net-ftp/proftpd/Manifest index f91d4c351e4f..2bbecaa96d26 100644 --- a/net-ftp/proftpd/Manifest +++ b/net-ftp/proftpd/Manifest @@ -1,3 +1,7 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +AUX proftpd-1.3.1-CVE-2008-4242.patch 5186 RMD160 1da8efc5d06ae9f8cac7d2bc78df2e76a5f36f75 SHA1 bdb766d56fe10b0a26fcefc6163a5ba6065037b0 SHA256 cfdf5af3c674f3c87f04e421a75013c0562470bcb32dacb8a863018b81696a75 AUX proftpd-1.3.1-bug208840.patch 1000 RMD160 f8cc6aadf4496c3d88a2968d18479f021d40abb8 SHA1 4de215408ec6be835133c41db3015f4dd24a7774 SHA256 b0c0d16ffaeb12e118c929e535e5d8297b8265894ee80b4c8ea32c8c0f0fbb5e AUX proftpd-1.3.1-bug218850.patch 482 RMD160 934f1a9efdae189df9b30390d1b579a96a7ed99e SHA1 6a4c5225de5a15958868eca42cc44e034e5b28df SHA256 383c1146f40d57845532147e0c28f8df4b116603e6d089d46c5b4c5691f62be4 AUX proftpd-1.3.1_rc2-bug164612.patch 779 RMD160 3bb73beff421ff27d153a6051299ada6bc532330 SHA1 cbf74c1c6a2ed794b1558e39cc85a41650bac21d SHA256 68b0bb47c3f46b931ff1887f299028803a15888641dfaad47865615bb0d6952c @@ -9,6 +13,7 @@ AUX proftpd-1.3.2_rc2-CVE-2008-4242.patch 5522 RMD160 a0f73525f1b6b9f06fd6b6ff0b AUX proftpd.conf 1671 RMD160 1242c9c20e21e4832e5771e5fd57085cc5312066 SHA1 91cadfcbd1034f744f6513492258efa3b95fa9e6 SHA256 d289078ee6c5764b16979e7b720d99bcccf4d87176eecd6108dc9dc37949f0dd AUX proftpd.rc6 1202 RMD160 03e4bd127d379bdc9c62640dea0e6f65b9defda7 SHA1 f674f0871052d7a031b4ee9886b33d6a041d635d SHA256 0ab218ccb323cbcbd53598e93c3565f00245380a9ee1374cc22c2c1db88f7a37 AUX proftpd.xinetd 295 RMD160 c5c829319e901f478fe58b920347cc1b8706a366 SHA1 3f1bd8d6cbb1488301b9aa0346e02b571fd0783a SHA256 150a5701f5c2788ecdf2c6ec228ce674963c9dc7bc1c511ad1eba8dfe05e2d5d +DIST mod_clamav-0.10.tar.gz 5256 RMD160 5db26964bc1d3135d0da4234de010f2236d0f881 SHA1 ddb01f168d7c349deab8fe18bd4f42358c9d3d40 SHA256 8b31ab3e7caf11a8d3503380b85c1d563e4e995fcf44a7d3aba0196eade33d62 DIST mod_clamav-0.7.tar.gz 3676 RMD160 779203276643343bb54dc5e8225cf16392959533 SHA1 2e9376865eb03d482e2aac89a0ce611a5587e084 SHA256 61aa9d6af9432d1409170305526d87f63742aca198dd299d21ce37a60a8f41e7 DIST mod_clamav_new.c 7399 RMD160 ae4de6385245a3c79d3c54bb7af9d2fe45a59feb SHA1 f037c573b6c0052f8ed5ee427504a8cd8834f15c SHA256 a5a3860c73c8bc3781516cbc912d7736517a92a15a6fd8352eeed638bcce60c1 DIST mod_clamav_new.html 4645 RMD160 bc853541e6859e7929c0ed9b01b8f220e09b8ca2 SHA1 58479f3aae082effad3636026a27c09ddb232905 SHA256 ac0ab5f44cfc6c8118664c2a7300450486f52fb3bcde332b4bb9c506dd765a1e @@ -19,10 +24,20 @@ DIST proftpd-mod-case-0.3.tar.gz 4781 RMD160 99f46a2cfb88ec2f3070d632dbc17d89d12 DIST proftpd-mod-deflate-0.3.tar.gz 7704 RMD160 dd51a966942642b2a5ae1cd1c3b3b6f47721637c SHA1 9d08a32da1c1e7e8b126e1fdbc172aa6889bccbc SHA256 dd6650e1cb69ee118319c19bbaa9dbe277b92675ab26e9c70a93e1e93f724adb DIST proftpd-mod-shaper-0.6.2.tar.gz 19002 RMD160 3d1fdb82596672c9177009ebb30459a017e74c53 SHA1 930d6dc6b8785da48dc7102db5f1eb20546ccd75 SHA256 59f39bca40462c3bba20feb7be031d7453c366adb4b7fa6d8f50974eb45ae99e DIST proftpd-mod-shaper-0.6.3.tar.gz 19040 RMD160 9978fda37d0099c48d755e53132482506c948c05 SHA1 a5c9a1889c441b9290f2c571ad7fc06bebaf9326 SHA256 a6947836461872adca53dab2708b1e140fa6ce7a8b93ccbe2dafbc3ca63fde67 +DIST proftpd-mod-shaper-0.6.4.tar.gz 19172 RMD160 867829eaeb47a737382f14cca19ffdb319df329c SHA1 e4751801b5210562c6ac6274174f71057c0f42e4 SHA256 0d06d58dd5cbabb5ece68a67e9851cc46b7cf61e6f39155bead6f77f65f18a3c DIST proftpd-mod-vroot-0.7.2.tar.gz 6071 RMD160 b152162b3714910d5b9378611313041c3e7e17d4 SHA1 3fc4c5874deba4bbe989b0bd54a7478a47f3d876 SHA256 cab5a42390eac4e0b8bdcbe1e6d15804c8029d51da9ad3bd428b46a80cd69d5a +EBUILD proftpd-1.3.1-r1.ebuild 7268 RMD160 325241cc3f68e24e73c8f627daee64b42490ca7b SHA1 cea90842c97883ed1804db2ae0502430fe98ca89 SHA256 45305301330d44ba4796d40e72d29b56d00679f0942b0d1e9172c1b25dfba7b7 EBUILD proftpd-1.3.1.ebuild 6951 RMD160 f2d030f82d5c73d2312d413aa9ba2f9f8174219d SHA1 69618caa7299ec3a9b4ae935aa71b0096b937b62 SHA256 f8b1ba70aba8cbb6c5b296731e0ed748c7659eac3935ffe2758df0c3363dab1f EBUILD proftpd-1.3.1_rc2-r3.ebuild 6338 RMD160 5af01205da38a4e4cdf4ad4ddfbb8f979b42cfdc SHA1 993a40f69700583842aa7c1d1527ee97f7292cc3 SHA256 5977e86165767799cd4123e14bd391b04cbd14f29c563ecc6081d014f9fadbb2 EBUILD proftpd-1.3.2_rc2-r1.ebuild 6866 RMD160 957abaf1d215e283cf6fba9596c99b38bc0f280b SHA1 7c383e52874c514a07949a103b6492b9379909c5 SHA256 9bd1c563370a5238f7ec4e76bfd35ec62b7ee4bda75e197b058d8a4a58391a63 +EBUILD proftpd-1.3.2_rc2-r2.ebuild 7147 RMD160 03aeee1e2ffe6d76c99afbad846e118b1274b7f9 SHA1 0b849d1755b50d234246249ef9759c53af82a7d7 SHA256 0ffffc03e0ba3599ffb35c9d6c0f1a05c5ff8c439453ecfa724d47ea6438bac2 EBUILD proftpd-1.3.2_rc2.ebuild 6117 RMD160 cc531c8dd2e471301b60968cb8d20dfa90790e1c SHA1 7eabe46dc93f9cbaf850b4c31c1dc7cd17b5cb84 SHA256 76600e594fb69342e0f30f4ea636a3c47020cb3c8268fc2ea96685b587f58039 -MISC ChangeLog 29813 RMD160 dd85b3a272f3e11bdf4e4ea2a77ebce71b904f3f SHA1 b5044ed9bc61196b51053225e35bc79767484e07 SHA256 c7763ce0ae5fce34448d66ea1ac21b95d9c0c79a91d974a9650010de50d3213b +MISC ChangeLog 30292 RMD160 03d010b3a6d119db6d99ed684a5fe6cb8fbbe810 SHA1 3aae6206e51b04afb4963be49999a764809fcac2 SHA256 4a5cff8f435acf353899e4f216f557f0330bbbe364e0d7a2b772f3a63deb5f48 MISC metadata.xml 1266 RMD160 2eb6ab3b7a7c68eca09e193daaea833a2dc08362 SHA1 86bf2fc8f6b6c944bf384e97e9bcdec7d7ec8d77 SHA256 ffe716530aba4cf0ec4069d86c2b09f9a4dbfca541d7f467c579f871cf78c0de +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.9 (GNU/Linux) + +iEYEARECAAYFAkkWz/cACgkQSamB34AN3N7TDgCgiXDXAv4dRpRvDNT7pdf5vkw+ +AucAnR9TKMo+mPQYSNsRXTh7sGK9Fs5l +=7bfy +-----END PGP SIGNATURE----- diff --git a/net-ftp/proftpd/files/proftpd-1.3.1-CVE-2008-4242.patch b/net-ftp/proftpd/files/proftpd-1.3.1-CVE-2008-4242.patch new file mode 100644 index 000000000000..9b08cade2ab9 --- /dev/null +++ b/net-ftp/proftpd/files/proftpd-1.3.1-CVE-2008-4242.patch @@ -0,0 +1,172 @@ +Patch taken from debian, closes +http://secunia.com/advisories/cve_reference/CVE-2008-4242/ +https://bugs.gentoo.org/show_bug.cgi?id=238762 +diff -urNad trunk~/src/main.c trunk/src/main.c +--- trunk~/src/main.c 2008-09-21 23:50:55.000000000 +0200 ++++ trunk/src/main.c 2008-09-21 23:50:55.000000000 +0200 +@@ -674,12 +674,17 @@ + while (TRUE) { + pr_signals_handle(); + ++ memset(buf,'\0',sizeof(buf)); ++ + if (pr_netio_telnet_gets(buf, sizeof(buf)-1, session.c->instrm, + session.c->outstrm) == NULL) { + +- if (PR_NETIO_ERRNO(session.c->instrm) == EINTR) +- /* Simple interrupted syscall */ ++ if (errno == E2BIG) { ++ /* The client sent a too-long command which was ignored; give ++ * them another chance? ++ */ + continue; ++ } + + #ifndef PR_DEVEL_NO_DAEMON + /* Otherwise, EOF */ +@@ -695,20 +700,31 @@ + + if (cmd_buf_size == -1) { + int *bufsz = get_param_ptr(main_server->conf, "CommandBufferSize", FALSE); ++ size_t default_cmd_bufsz; ++ ++ /* It's possible for the admin to select a PR_TUNABLE_BUFFER_SIZE which ++ * is smaller than PR_DEFAULT_CMD_BUFSZ. We need to handle such cases ++ * properly. ++ */ ++ default_cmd_bufsz = PR_DEFAULT_CMD_BUFSZ; ++ if (default_cmd_bufsz > sizeof(buf)) { ++ default_cmd_bufsz = sizeof(buf); ++ } ++ + if (bufsz == NULL) { +- cmd_buf_size = PR_DEFAULT_CMD_BUFSZ; ++ cmd_buf_size = default_cmd_bufsz; + + } else if (*bufsz <= 0) { + pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) " + "given, using default buffer size (%u) instead", +- *bufsz, PR_DEFAULT_CMD_BUFSZ); +- cmd_buf_size = PR_DEFAULT_CMD_BUFSZ; ++ *bufsz, default_cmd_bufsz); ++ cmd_buf_size = default_cmd_bufsz; + + } else if (*bufsz + 1 > sizeof(buf)) { + pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) " + "given, using default buffer size (%u) instead", +- *bufsz, PR_DEFAULT_CMD_BUFSZ); +- cmd_buf_size = PR_DEFAULT_CMD_BUFSZ; ++ *bufsz, default_cmd_bufsz); ++ cmd_buf_size = default_cmd_bufsz; + + } else { + pr_log_debug(DEBUG1, "setting CommandBufferSize to %d", *bufsz); +diff -urNad trunk~/src/netio.c trunk/src/netio.c +--- trunk~/src/netio.c 2008-09-21 23:39:34.000000000 +0200 ++++ trunk/src/netio.c 2008-09-21 23:52:17.000000000 +0200 +@@ -1,6 +1,6 @@ + /* + * ProFTPD - FTP server daemon +- * Copyright (c) 2001-2007 The ProFTPD Project team ++ * Copyright (c) 2001-2008 The ProFTPD Project team + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by +@@ -30,19 +30,19 @@ + #include <signal.h> + + #ifndef IAC +-#define IAC 255 ++# define IAC 255 + #endif + #ifndef DONT +-#define DONT 254 ++# define DONT 254 + #endif + #ifndef DO +-#define DO 253 ++# define DO 253 + #endif + #ifndef WONT +-#define WONT 252 ++# define WONT 252 + #endif + #ifndef WILL +-#define WILL 251 ++# define WILL 251 + #endif + + static const char *trace_channel = "netio"; +@@ -51,6 +51,17 @@ + static pr_netio_t *core_data_netio = NULL, *data_netio = NULL; + static pr_netio_t *core_othr_netio = NULL, *othr_netio = NULL; + ++/* Used to track whether the previous text read from the client's control ++ * connection was a properly-terminated command. If so, then read in the ++ * next/current text as per normal. If NOT (e.g. the client sent a too-long ++ * command), then read in the next/current text, but ignore it. Only clear ++ * this flag if the next/current command can be read as per normal. ++ * ++ * The pr_netio_telnet_gets() uses this variable, in conjunction with its ++ * saw_newline flag, for handling too-long commands from clients. ++ */ ++static int properly_terminated_prev_command = TRUE; ++ + static pr_netio_stream_t *netio_stream_alloc(pool *parent_pool) { + pool *netio_pool = NULL; + pr_netio_stream_t *nstrm = NULL; +@@ -911,7 +922,7 @@ + char *bp = buf; + unsigned char cp; + static unsigned char mode = 0; +- int toread; ++ int toread, saw_newline = FALSE; + pr_buffer_t *pbuf = NULL; + + if (buflen == 0) { +@@ -940,8 +951,9 @@ + *bp = '\0'; + return buf; + +- } else ++ } else { + return NULL; ++ } + } + + pbuf->remaining = pbuf->buflen - toread; +@@ -1004,6 +1016,8 @@ + toread--; + *bp++ = *pbuf->current++; + pbuf->remaining++; ++ ++ saw_newline = TRUE; + break; + } + +@@ -1011,6 +1025,25 @@ + pbuf->current = NULL; + } + ++ if (!saw_newline) { ++ /* If we haven't seen a newline, then assume the client is deliberately ++ * sending a too-long command, trying to exploit buffer sizes and make ++ * the server make some possibly bad assumptions. ++ */ ++ ++ properly_terminated_prev_command = FALSE; ++ errno = E2BIG; ++ return NULL; ++ } ++ ++ if (!properly_terminated_prev_command) { ++ properly_terminated_prev_command = TRUE; ++ pr_log_pri(PR_LOG_NOTICE, "client sent too-long command, ignoring"); ++ errno = E2BIG; ++ return NULL; ++ } ++ ++ properly_terminated_prev_command = TRUE; + *bp = '\0'; + return buf; + } diff --git a/net-ftp/proftpd/proftpd-1.3.1-r1.ebuild b/net-ftp/proftpd/proftpd-1.3.1-r1.ebuild new file mode 100644 index 000000000000..479f625a6dab --- /dev/null +++ b/net-ftp/proftpd/proftpd-1.3.1-r1.ebuild @@ -0,0 +1,256 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-ftp/proftpd/proftpd-1.3.1-r1.ebuild,v 1.1 2008/11/09 11:56:30 hoffie Exp $ + +inherit eutils flag-o-matic toolchain-funcs autotools + +KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86" + +IUSE="acl authfile ban case clamav deflate hardened ifsession ipv6 ldap mysql ncurses nls noauthunix opensslcrypt pam postgres radius rewrite selinux shaper sitemisc softquota ssl tcpd vroot xinetd" + +CASE_VER="0.3" +CLAMAV_VER="0.7" +DEFLATE_VER="0.3" +SHAPER_VER="0.6.3" +VROOT_VER="0.7.2" + +DESCRIPTION="An advanced and very configurable FTP server." + +SRC_URI="ftp://ftp.proftpd.org/distrib/source/${P/_/}.tar.bz2 + case? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-case-${CASE_VER}.tar.gz ) + clamav? ( http://www.thrallingpenguin.com/resources/mod_clamav-${CLAMAV_VER}.tar.gz ) + deflate? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-deflate-${DEFLATE_VER}.tar.gz ) + shaper? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-shaper-${SHAPER_VER}.tar.gz ) + vroot? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-vroot-${VROOT_VER}.tar.gz )" + +HOMEPAGE="http://www.proftpd.org/ + http://www.castaglia.org/proftpd/ + http://www.thrallingpenguin.com/resources/mod_clamav.htm" + +SLOT="0" +LICENSE="GPL-2" + +DEPEND="acl? ( sys-apps/acl sys-apps/attr ) + clamav? ( app-antivirus/clamav ) + ldap? ( >=net-nds/openldap-1.2.11 ) + mysql? ( virtual/mysql ) + ncurses? ( sys-libs/ncurses ) + opensslcrypt? ( >=dev-libs/openssl-0.9.6f ) + pam? ( virtual/pam ) + postgres? ( virtual/postgresql-base ) + ssl? ( >=dev-libs/openssl-0.9.6f ) + tcpd? ( >=sys-apps/tcp-wrappers-7.6-r3 ) + xinetd? ( virtual/inetd )" + +RDEPEND="${DEPEND} + net-ftp/ftpbase + selinux? ( sec-policy/selinux-ftpd )" + +S="${WORKDIR}/${P/_/}" + +pkg_setup() { + # Add the proftpd user to make the default config + # work out-of-the-box + enewgroup proftpd + enewuser proftpd -1 -1 -1 proftpd +} + +src_unpack() { + unpack ${P/_/}.tar.bz2 + + cd "${S}" + + epatch "${FILESDIR}/${P}-CVE-2008-4242.patch" + + # Fix stripping of files + sed -e "s| @INSTALL_STRIP@||g" -i Make* + + if use case ; then + unpack ${PN}-mod-case-${CASE_VER}.tar.gz + cp -f mod_case/mod_case.c contrib/ + cp -f mod_case/mod_case.html doc/ + fi + + if use clamav ; then + unpack mod_clamav-${CLAMAV_VER}.tar.gz + cp -f mod_clamav-${CLAMAV_VER}/mod_clamav.* contrib/ + epatch mod_clamav-${CLAMAV_VER}/${PN}.patch + fi + + if use deflate ; then + unpack ${PN}-mod-deflate-${DEFLATE_VER}.tar.gz + cp -f mod_deflate/mod_deflate.c contrib/ + cp -f mod_deflate/mod_deflate.html doc/ + fi + + if use shaper ; then + unpack ${PN}-mod-shaper-${SHAPER_VER}.tar.gz + cp -f mod_shaper/mod_shaper.c contrib/ + cp -f mod_shaper/mod_shaper.html doc/ + fi + + if use vroot ; then + unpack ${PN}-mod-vroot-${VROOT_VER}.tar.gz + cp -f mod_vroot/mod_vroot.c contrib/ + cp -f mod_vroot/mod_vroot.html doc/ + fi + + # Fix bug #218850 + epatch "${FILESDIR}/${P}-bug218850.patch" + + # Fix bug #208840 + epatch "${FILESDIR}/${P}-bug208840.patch" + + # Fix bug #221275 + # extract custom PR_ macros from aclocal.m4 to acinclude.m4 + # and delete the provided aclocal.m4 before running autoreconf + elog "Extract custom m4 macros from aclocal.m4..." + sed -e '/libtool\.m4/q' aclocal.m4 > acinclude.m4 + rm -f aclocal.m4 + + eautoreconf +} + +src_compile() { + addpredict /etc/krb5.conf + local modules myconf + + modules="mod_ratio:mod_readme" + use acl && modules="${modules}:mod_facl" + use ban && modules="${modules}:mod_ban" + use case && modules="${modules}:mod_case" + use clamav && modules="${modules}:mod_clamav" + use deflate && modules="${modules}:mod_deflate" + use pam && modules="${modules}:mod_auth_pam" + use radius && modules="${modules}:mod_radius" + use rewrite && modules="${modules}:mod_rewrite" + use shaper && modules="${modules}:mod_shaper" + use sitemisc && modules="${modules}:mod_site_misc" + use ssl && modules="${modules}:mod_tls" + use tcpd && modules="${modules}:mod_wrap" + use vroot && modules="${modules}:mod_vroot" + + # pam needs to be explicitely disabled + use pam || myconf="${myconf} --enable-auth-pam=no" + + if use ldap ; then + modules="${modules}:mod_ldap" + append-ldflags "-lresolv" + if use ssl ; then + CFLAGS="${CFLAGS} -DUSE_LDAP_TLS" + fi + fi + + if use opensslcrypt ; then + myconf="${myconf} --enable-openssl --with-includes=/usr/include/openssl" + append-ldflags "-lcrypto" + CFLAGS="${CFLAGS} -DHAVE_OPENSSL" + fi + + if use nls ; then + myconf="${myconf} --enable-nls" + fi + + if use mysql && use postgres ; then + ewarn "ProFTPD only supports either the MySQL or PostgreSQL modules." + ewarn "Presently this ebuild defaults to mysql. If you would like to" + ewarn "change the default behaviour, merge ProFTPD with:" + ewarn "USE='-mysql postgres' emerge proftpd" + epause 5 + fi + + if use mysql ; then + modules="${modules}:mod_sql:mod_sql_mysql" + myconf="${myconf} --with-includes=/usr/include/mysql" + elif use postgres ; then + modules="${modules}:mod_sql:mod_sql_postgres" + myconf="${myconf} --with-includes=/usr/include/postgresql" + fi + + if use softquota ; then + modules="${modules}:mod_quotatab" + if use mysql || use postgres ; then + modules="${modules}:mod_quotatab_sql" + fi + if use radius ; then + modules="${modules}:mod_quotatab_radius" + fi + if use ldap ; then + modules="${modules}:mod_quotatab_file:mod_quotatab_ldap" + else + modules="${modules}:mod_quotatab_file" + fi + fi + + # mod_ifsession should be the last module in the --with-modules list + # see http://www.castaglia.org/proftpd/modules/mod_ifsession.html#Installation + use ifsession && modules="${modules}:mod_ifsession" + + # bug #30359 + use hardened && echo > lib/libcap/cap_sys.c + gcc-specs-pie && echo > lib/libcap/cap_sys.c + + if use noauthunix ; then + myconf="${myconf} --disable-auth-unix" + else + myconf="${myconf} --enable-auth-unix" + fi + + econf \ + --sbindir=/usr/sbin \ + --localstatedir=/var/run \ + --sysconfdir=/etc/proftpd \ + --enable-shadow \ + --enable-autoshadow \ + --enable-ctrls \ + --with-modules=${modules} \ + $(use_enable acl facl) \ + $(use_enable authfile auth-file) \ + $(use_enable ipv6) \ + $(use_enable ncurses) \ + ${myconf} || die "econf failed" + + emake || die "emake failed" +} + +src_install() { + emake DESTDIR="${D}" install || die "emake install failed" + + keepdir /var/run/proftpd + + dodoc "${FILESDIR}/proftpd.conf" \ + COPYING CREDITS ChangeLog NEWS README* \ + doc/license.txt + dohtml doc/*.html + dohtml doc/howto/*.html + + docinto rfc + dodoc doc/rfc/*.txt + + mv -f "${D}/etc/proftpd/proftpd.conf" "${D}/etc/proftpd/proftpd.conf.distrib" + + insinto /etc/proftpd + newins "${FILESDIR}/proftpd.conf" proftpd.conf.sample + + if use xinetd ; then + insinto /etc/xinetd.d + newins "${FILESDIR}/proftpd.xinetd" proftpd + fi + + newinitd "${FILESDIR}/proftpd.rc6" proftpd +} + +pkg_postinst() { + elog + elog "You can find the config files in /etc/proftpd" + elog + ewarn "With the introduction of net-ftp/ftpbase the ftp user is now ftp." + ewarn "Remember to change that in the configuration file." + ewarn + if use clamav ; then + ewarn "mod_clamav was updated to a new version, which uses Clamd" + ewarn "only for virus scanning, so you'll have to set Clamd up" + ewarn "and start it, also re-check the mod_clamav docs." + ewarn + fi +} diff --git a/net-ftp/proftpd/proftpd-1.3.2_rc2-r2.ebuild b/net-ftp/proftpd/proftpd-1.3.2_rc2-r2.ebuild new file mode 100644 index 000000000000..a4766a7c4dcc --- /dev/null +++ b/net-ftp/proftpd/proftpd-1.3.2_rc2-r2.ebuild @@ -0,0 +1,250 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-ftp/proftpd/proftpd-1.3.2_rc2-r2.ebuild,v 1.1 2008/11/09 11:56:30 hoffie Exp $ + +inherit eutils flag-o-matic toolchain-funcs autotools + +KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86" + +IUSE="acl authfile ban case clamav deflate hardened ifsession ipv6 ldap mysql ncurses nls noauthunix opensslcrypt pam postgres radius rewrite selinux shaper sitemisc softquota ssl tcpd vroot xinetd" + +CASE_VER="0.3" +CLAMAV_VER="0.10" +DEFLATE_VER="0.3" +SHAPER_VER="0.6.4" +VROOT_VER="0.7.2" + +DESCRIPTION="An advanced and very configurable FTP server." + +SRC_URI="ftp://ftp.proftpd.org/distrib/source/${P/_/}.tar.bz2 + case? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-case-${CASE_VER}.tar.gz ) + clamav? ( http://www.thrallingpenguin.com/resources/mod_clamav-${CLAMAV_VER}.tar.gz ) + deflate? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-deflate-${DEFLATE_VER}.tar.gz ) + shaper? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-shaper-${SHAPER_VER}.tar.gz ) + vroot? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-vroot-${VROOT_VER}.tar.gz )" + +HOMEPAGE="http://www.proftpd.org/ + http://www.castaglia.org/proftpd/ + http://www.thrallingpenguin.com/resources/mod_clamav.htm" + +SLOT="0" +LICENSE="GPL-2" + +DEPEND="acl? ( sys-apps/acl sys-apps/attr ) + clamav? ( app-antivirus/clamav ) + ldap? ( >=net-nds/openldap-1.2.11 ) + mysql? ( virtual/mysql ) + ncurses? ( sys-libs/ncurses ) + opensslcrypt? ( >=dev-libs/openssl-0.9.6f ) + pam? ( virtual/pam ) + postgres? ( virtual/postgresql-base ) + ssl? ( >=dev-libs/openssl-0.9.6f ) + tcpd? ( >=sys-apps/tcp-wrappers-7.6-r3 ) + xinetd? ( virtual/inetd )" + +RDEPEND="${DEPEND} + net-ftp/ftpbase + selinux? ( sec-policy/selinux-ftpd )" + +S="${WORKDIR}/${P/_/}" + +pkg_setup() { + # Add the proftpd user to make the default config + # work out-of-the-box + enewgroup proftpd + enewuser proftpd -1 -1 -1 proftpd +} + +src_unpack() { + unpack ${P/_/}.tar.bz2 + + cd "${S}" + + epatch "${FILESDIR}/${P}-CVE-2008-4242.patch" + + # Fix stripping of files + sed -e "s| @INSTALL_STRIP@||g" -i Make* + + if use case ; then + unpack ${PN}-mod-case-${CASE_VER}.tar.gz + cp -f mod_case/mod_case.c contrib/ + cp -f mod_case/mod_case.html doc/ + fi + + if use clamav ; then + unpack mod_clamav-${CLAMAV_VER}.tar.gz + cp -f mod_clamav-${CLAMAV_VER}/mod_clamav.* contrib/ + epatch mod_clamav-${CLAMAV_VER}/${PN}.patch + fi + + if use deflate ; then + unpack ${PN}-mod-deflate-${DEFLATE_VER}.tar.gz + cp -f mod_deflate/mod_deflate.c contrib/ + cp -f mod_deflate/mod_deflate.html doc/ + fi + + if use shaper ; then + unpack ${PN}-mod-shaper-${SHAPER_VER}.tar.gz + cp -f mod_shaper/mod_shaper.c contrib/ + cp -f mod_shaper/mod_shaper.html doc/ + fi + + if use vroot ; then + unpack ${PN}-mod-vroot-${VROOT_VER}.tar.gz + cp -f mod_vroot/mod_vroot.c contrib/ + cp -f mod_vroot/mod_vroot.html doc/ + fi + + # Fix bug #221275 + # extract custom PR_ macros from aclocal.m4 to acinclude.m4 + # and delete the provided aclocal.m4 before running autoreconf + elog "Extract custom m4 macros from aclocal.m4..." + sed -e '/libtool\.m4/q' aclocal.m4 > acinclude.m4 + rm -f aclocal.m4 + + eautoreconf +} + +src_compile() { + addpredict /etc/krb5.conf + local modules myconf + + modules="mod_ratio:mod_readme" + use acl && modules="${modules}:mod_facl" + use ban && modules="${modules}:mod_ban" + use case && modules="${modules}:mod_case" + use clamav && modules="${modules}:mod_clamav" + use deflate && modules="${modules}:mod_deflate" + use pam && modules="${modules}:mod_auth_pam" + use radius && modules="${modules}:mod_radius" + use rewrite && modules="${modules}:mod_rewrite" + use shaper && modules="${modules}:mod_shaper" + use sitemisc && modules="${modules}:mod_site_misc" + use ssl && modules="${modules}:mod_tls" + use tcpd && modules="${modules}:mod_wrap" + use vroot && modules="${modules}:mod_vroot" + + # pam needs to be explicitely disabled + use pam || myconf="${myconf} --enable-auth-pam=no" + + if use ldap ; then + modules="${modules}:mod_ldap" + append-ldflags "-lresolv" + if use ssl ; then + CFLAGS="${CFLAGS} -DUSE_LDAP_TLS" + fi + fi + + if use opensslcrypt ; then + myconf="${myconf} --enable-openssl --with-includes=/usr/include/openssl" + append-ldflags "-lcrypto" + CFLAGS="${CFLAGS} -DHAVE_OPENSSL" + fi + + if use nls ; then + myconf="${myconf} --enable-nls" + fi + + if use mysql && use postgres ; then + ewarn "ProFTPD only supports either the MySQL or PostgreSQL modules." + ewarn "Presently this ebuild defaults to mysql. If you would like to" + ewarn "change the default behaviour, merge ProFTPD with:" + ewarn "USE='-mysql postgres' emerge proftpd" + epause 5 + fi + + if use mysql ; then + modules="${modules}:mod_sql:mod_sql_mysql" + myconf="${myconf} --with-includes=/usr/include/mysql" + elif use postgres ; then + modules="${modules}:mod_sql:mod_sql_postgres" + myconf="${myconf} --with-includes=/usr/include/postgresql" + fi + + if use softquota ; then + modules="${modules}:mod_quotatab" + if use mysql || use postgres ; then + modules="${modules}:mod_quotatab_sql" + fi + if use radius ; then + modules="${modules}:mod_quotatab_radius" + fi + if use ldap ; then + modules="${modules}:mod_quotatab_file:mod_quotatab_ldap" + else + modules="${modules}:mod_quotatab_file" + fi + fi + + # mod_ifsession should be the last module in the --with-modules list + # see http://www.castaglia.org/proftpd/modules/mod_ifsession.html#Installation + use ifsession && modules="${modules}:mod_ifsession" + + # bug #30359 + use hardened && echo > lib/libcap/cap_sys.c + gcc-specs-pie && echo > lib/libcap/cap_sys.c + + if use noauthunix ; then + myconf="${myconf} --disable-auth-unix" + else + myconf="${myconf} --enable-auth-unix" + fi + + econf \ + --sbindir=/usr/sbin \ + --localstatedir=/var/run \ + --sysconfdir=/etc/proftpd \ + --enable-shadow \ + --enable-autoshadow \ + --enable-ctrls \ + --with-modules=${modules} \ + $(use_enable acl facl) \ + $(use_enable authfile auth-file) \ + $(use_enable ipv6) \ + $(use_enable ncurses) \ + ${myconf} || die "econf failed" + + emake || die "emake failed" +} + +src_install() { + emake DESTDIR="${D}" install || die "emake install failed" + + keepdir /var/run/proftpd + + dodoc "${FILESDIR}/proftpd.conf" \ + COPYING CREDITS ChangeLog NEWS README* \ + doc/license.txt + dohtml doc/*.html + dohtml doc/howto/*.html + + docinto rfc + dodoc doc/rfc/*.txt + + mv -f "${D}/etc/proftpd/proftpd.conf" "${D}/etc/proftpd/proftpd.conf.distrib" + + insinto /etc/proftpd + newins "${FILESDIR}/proftpd.conf" proftpd.conf.sample + + if use xinetd ; then + insinto /etc/xinetd.d + newins "${FILESDIR}/proftpd.xinetd" proftpd + fi + + newinitd "${FILESDIR}/proftpd.rc6" proftpd +} + +pkg_postinst() { + elog + elog "You can find the config files in /etc/proftpd" + elog + ewarn "With the introduction of net-ftp/ftpbase the ftp user is now ftp." + ewarn "Remember to change that in the configuration file." + ewarn + if use clamav ; then + ewarn "mod_clamav was updated to a new version, which uses Clamd" + ewarn "only for virus scanning, so you'll have to set Clamd up" + ewarn "and start it, also re-check the mod_clamav docs." + ewarn + fi +} |