diff options
author | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 13:49:04 -0700 |
---|---|---|
committer | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 17:38:18 -0700 |
commit | 56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch) | |
tree | 3f91093cdb475e565ae857f1c5a7fd339e2d781e /net-ftp/netkit-ftpd/files | |
download | gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2 gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip |
proj/gentoo: Initial commit
This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.
This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.
Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'net-ftp/netkit-ftpd/files')
10 files changed, 379 insertions, 0 deletions
diff --git a/net-ftp/netkit-ftpd/files/ftp.xinetd b/net-ftp/netkit-ftpd/files/ftp.xinetd new file mode 100644 index 000000000000..b69694d1dcf6 --- /dev/null +++ b/net-ftp/netkit-ftpd/files/ftp.xinetd @@ -0,0 +1,13 @@ +# default: off +# $Id$ +# description: The netkit ftp daemon with optional SSL support. + +service ftp +{ + socket_type = stream + protocol = tcp + wait = no + user = root + server = /usr/bin/ftpd + disable = yes +} diff --git a/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-CVE-2008-4247.patch b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-CVE-2008-4247.patch new file mode 100644 index 000000000000..e1b50c825bfc --- /dev/null +++ b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-CVE-2008-4247.patch @@ -0,0 +1,108 @@ +http://bugs.gentoo.org/239047 + +--- linux-ftpd-0.17/ftpd/extern.h ++++ linux-ftpd-0.17/ftpd/extern.h +@@ -43,7 +43,7 @@ void dologout __P((int)); + void fatal __P((const char *)); + int ftpd_pclose __P((FILE *)); + FILE *ftpd_popen __P((char *, const char *)); +-char *ftpd_getline __P((char *, int, FILE *)); ++int ftpd_getline __P((char *, int, FILE *)); + void ftpdlogwtmp __P((const char *, const char *, const char *)); + void lreply __P((int, const char *, ...)); + void makedir __P((char *)); +--- linux-ftpd-0.17/ftpd/ftpcmd.y ++++ linux-ftpd-0.17/ftpd/ftpcmd.y +@@ -980,7 +980,7 @@ static struct tab *lookup(struct tab *p, + /* + * getline - a hacked up version of fgets to ignore TELNET escape codes. + */ +-char * ftpd_getline(char *s, int n, FILE *iop) ++int ftpd_getline(char *s, int n, FILE *iop) + { + int c; + register char *cs; +@@ -995,7 +995,7 @@ char * ftpd_getline(char *s, int n, FILE + if (debug) + syslog(LOG_DEBUG, "command: %s", s); + tmpline[0] = '\0'; +- return(s); ++ return(0); + } + if (c == 0) + tmpline[0] = '\0'; +@@ -1037,11 +1037,22 @@ char * ftpd_getline(char *s, int n, FILE + } + } + *cs++ = c; +- if (--n <= 0 || c == '\n') ++ if (--n <= 0) { ++ /* ++ * If command doesn't fit into buffer, discard the ++ * rest of the command and indicate truncation. ++ * This prevents the command to be split up into ++ * multiple commands. ++ */ ++ while (c != '\n' && (c = getc(iop)) != EOF) ++ ; ++ return (-2); ++ } ++ if (c == '\n') + break; + } + if (c == EOF && cs == s) +- return (NULL); ++ return (-1); + *cs++ = '\0'; + if (debug) { + if (!guest && strncasecmp("pass ", s, 5) == 0) { +@@ -1061,7 +1072,7 @@ char * ftpd_getline(char *s, int n, FILE + syslog(LOG_DEBUG, "command: %.*s", len, s); + } + } +- return (s); ++ return (0); + } + + void toolong(int signo) +@@ -1090,9 +1101,14 @@ static int yylex(void) + case CMD: + (void) signal(SIGALRM, toolong); + (void) alarm((unsigned) timeout); +- if (ftpd_getline(cbuf, sizeof(cbuf)-1, stdin)==NULL) { ++ n = ftpd_getline(cbuf, sizeof(cbuf)-1, stdin); ++ if (n == -1) { + reply(221, "You could at least say goodbye."); + dologout(0); ++ } else if (n == -2) { ++ reply(500, "Command too long."); ++ alarm(0); ++ continue; + } + (void) alarm(0); + if ((cp = strchr(cbuf, '\r'))) { +--- linux-ftpd-0.17/ftpd/ftpd.c ++++ linux-ftpd-0.17/ftpd/ftpd.c +@@ -2210,6 +2210,7 @@ void dologout(int status) + static void myoob(int signo) + { + char *cp; ++ int ret; + int save_errno = errno; + + (void)signo; +@@ -2218,9 +2219,13 @@ static void myoob(int signo) + if (!transflag) + return; + cp = tmpline; +- if (ftpd_getline(cp, 7, stdin) == NULL) { ++ ret = ftpd_getline(cp, 7, stdin); ++ if (ret == -1) { + reply(221, "You could at least say goodbye."); + dologout(0); ++ } else if (ret == -2) { ++ /* Ignore truncated command */ ++ return; + } + upper(cp); + if (strcmp(cp, "ABOR\r\n") == 0) { diff --git a/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-build.patch b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-build.patch new file mode 100644 index 000000000000..6df58378c93f --- /dev/null +++ b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-build.patch @@ -0,0 +1,43 @@ +--- configure ++++ configure +@@ -114,40 +114,6 @@ + echo 'no' + fi + +-if [ x$DEBUG = x ]; then +- echo -n "Checking if $CC accepts -O2... " +- if ( +- $CC -O2 __conftest.c -o __conftest +- ) >/dev/null 2>&1; then +- echo 'yes' +- CFLAGS="$CFLAGS -O2" +- else +- echo 'no' +- echo -n "Checking if $CC accepts -O... " +- if ( +- $CC -O __conftest.c -o __conftest +- ) >/dev/null 2>&1; then +- echo 'yes' +- CFLAGS="$CFLAGS -O" +- else +- echo 'no' +- fi +- fi +- +-else +- echo -n "Checking if $CC accepts -g... " +- if ( +- $CC -g __conftest.c -o __conftest +- ) >/dev/null 2>&1; then +- echo 'yes' +- CFLAGS="$CFLAGS -g" +- else +- echo 'no' +- fi +- +-fi +- +-LDFLAGS= + LIBS= + + rm -f __conftest* diff --git a/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-cleanup-ssl.patch b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-cleanup-ssl.patch new file mode 100644 index 000000000000..e228eaceda5f --- /dev/null +++ b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-cleanup-ssl.patch @@ -0,0 +1,10 @@ +--- ftpd/ftpcmd.y ++++ ftpd/ftpcmd.y +@@ -109,6 +109,7 @@ + typedef struct ssl_st SSL; + int SSL_write(SSL *ssl,const char *buf,int num); + extern int do_ssl_start(void); ++int ssl_getc(SSL *ssl_con); + extern int ssl_secure_flag; + extern int ssl_active_flag; + extern SSL *ssl_con; diff --git a/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-cleanup.patch b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-cleanup.patch new file mode 100644 index 000000000000..73289adfba05 --- /dev/null +++ b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-cleanup.patch @@ -0,0 +1,10 @@ +--- ftpd/logwtmp.c ++++ ftpd/logwtmp.c +@@ -43,6 +43,7 @@ + #include <sys/types.h> + #include <sys/time.h> + #include <sys/stat.h> ++#include <time.h> + + #include <fcntl.h> + #include <utmp.h> diff --git a/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-cross.patch b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-cross.patch new file mode 100644 index 000000000000..cb6ad986a914 --- /dev/null +++ b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-cross.patch @@ -0,0 +1,45 @@ +--- configure.orig 2008-05-11 12:02:50.000000000 -0700 ++++ configure 2008-05-11 12:04:14.000000000 -0700 +@@ -93,7 +93,7 @@ + echo -n 'Checking if C compiler works... ' + if ( + $CC __conftest.c -o __conftest || exit 1 +- ./__conftest || exit 1 ++ [ -e __conftest ] || exit 1 + ) >/dev/null 2>&1; then + echo 'yes' + else +@@ -169,13 +169,13 @@ + EOF + if ( + $CC $CFLAGS __conftest.c -o __conftest || exit 1 +- ./__conftest || exit 1 ++ [ -e __conftest ] || exit 1 + ) >/dev/null 2>&1; then + echo 'yes' + else + if ( + $CC $CFLAGS -D__USE_BSD_SIGNAL __conftest.c -o __conftest || exit 1 +- ./__conftest || exit 1 ++ [ -e ./__conftest ] || exit 1 + ) >/dev/null 2>&1; then + echo '-D__USE_BSD_SIGNAL' + CFLAGS="$CFLAGS -D__USE_BSD_SIGNAL" +@@ -311,7 +311,7 @@ + else + if ( + $CC $CFLAGS -D_GNU_SOURCE __conftest.c -o __conftest || exit 1 +- ./__conftest || exit 1 ++ [ -e ./__conftest ] || exit 1 + ) >/dev/null 2>&1; then + echo '-D_GNU_SOURCE' + CFLAGS="$CFLAGS -D_GNU_SOURCE" +@@ -342,7 +342,7 @@ + EOF + if ( + $CC $CFLAGS __conftest.c $LIBBSD -o __conftest || exit 1 +- ./__conftest || exit 1 ++ [ -e ./__conftest ] || exit 1 + ) >/dev/null 2>&1; then + echo 'ok' + else diff --git a/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-fclose-CVE-2007-6263.patch b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-fclose-CVE-2007-6263.patch new file mode 100644 index 000000000000..5da61aee7343 --- /dev/null +++ b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-fclose-CVE-2007-6263.patch @@ -0,0 +1,24 @@ +diff -u linux-ftpd-ssl-0.17.18+0.3/ftpd/ftpd.c linux-ftpd-ssl-0.17.18+0.3/ftpd/ftpd.c +--- linux-ftpd-ssl-0.17.18+0.3/ftpd/ftpd.c ++++ linux-ftpd-ssl-0.17.18+0.3/ftpd/ftpd.c +@@ -1729,7 +1729,7 @@ + static FILE * dataconn(const char *name, off_t size, const char *mode, int stou) + { + char sizebuf[32]; +- FILE *file; ++ FILE *file = NULL; + int retry = 0, tos; + + file_size = size; +@@ -1822,7 +1822,10 @@ + ERR_error_string(ERR_get_error(),NULL)); + perror_reply(425, errbuf); + /* abort time methinks ... */ +- fclose(file); ++ if(file != NULL){ ++ fclose(file); ++ file = NULL; ++ } + return NULL; + } else { + if (ssl_debug_flag) { diff --git a/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-gcc41.patch b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-gcc41.patch new file mode 100644 index 000000000000..5f516ce5d356 --- /dev/null +++ b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-gcc41.patch @@ -0,0 +1,32 @@ +--- linux-ftpd-0.17/ftpd/ftpcmd.y ++++ linux-ftpd-0.17/ftpd/ftpcmd.y +@@ -125,7 +125,14 @@ + char cbuf[512]; + char *fromname; + +-struct tab; ++struct tab { ++ const char *name; ++ short token; ++ short state; ++ short implemented; /* 1 if command is implemented */ ++ const char *help; ++}; ++ + static int yylex __P((void)); + static void sizecmd __P((char *)); + static void help __P((struct tab *, char *)); +@@ -891,13 +898,6 @@ + #define SITECMD 7 /* SITE command */ + #define NSTR 8 /* Number followed by a string */ + +-struct tab { +- const char *name; +- short token; +- short state; +- short implemented; /* 1 if command is implemented */ +- const char *help; +-}; + + struct tab cmdtab[] = { /* In order defined in RFC 765 */ + { "AUTH", AUTH, STR1, 1, "<sp> auth_type" }, diff --git a/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-setguid.patch b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-setguid.patch new file mode 100644 index 000000000000..f5d0cf75fcfd --- /dev/null +++ b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-setguid.patch @@ -0,0 +1,66 @@ +--- linux-ftpd-0.17/ftpd/popen.c ++++ linux-ftpd-0.17/ftpd/popen.c +@@ -169,8 +169,13 @@ + * XXX: this doesn't seem right... and shouldn't + * we initgroups, or at least setgroups(0,0)? + */ +- setgid(getegid()); +- setuid(i); ++ ++/* ++ * PSz 25 Aug 06 Must check the return status of these setgid/setuid calls, ++ * see http://www.bress.net/blog/archives/34-setuid-madness.html ++ */ ++ if ( setgid(getegid()) != 0 ) _exit(1); ++ if ( setuid(i) != 0 ) _exit(1); + + #ifndef __linux__ + /* +--- linux-ftpd-0.17/ftpd/ftpd.c ++++ linux-ftpd-0.17/ftpd/ftpd.c +@@ -1159,6 +1159,13 @@ + } + strcpy(pw->pw_dir, "/"); + setenv("HOME", "/", 1); ++ } ++ /* PSz 25 Aug 06 chdir for real users done after setting UID */ ++ if (seteuid((uid_t)pw->pw_uid) < 0) { ++ reply(550, "Can't set uid."); ++ goto bad; ++ } ++ if (guest || dochroot) { /* do nothing, handled above */ + } else if (chdir(pw->pw_dir) < 0) { + if (chdir("/") < 0) { + reply(530, "User %s: can't change directory to %s.", +@@ -1167,10 +1174,7 @@ + } else + lreply(230, "No directory! Logging in with home=/"); + } +- if (seteuid((uid_t)pw->pw_uid) < 0) { +- reply(550, "Can't set uid."); +- goto bad; +- } ++ + sigfillset(&allsigs); + sigprocmask(SIG_UNBLOCK,&allsigs,NULL); + +@@ -1408,7 +1412,8 @@ + goto bad; + sleep(tries); + } +- (void) seteuid((uid_t)pw->pw_uid); ++/* PSz 25 Aug 06 Check return status */ ++ if (seteuid((uid_t)pw->pw_uid) != 0) _exit(1); + sigfillset(&allsigs); + sigprocmask (SIG_UNBLOCK, &allsigs, NULL); + +@@ -1440,7 +1445,8 @@ + bad: + /* Return the real value of errno (close may change it) */ + t = errno; +- (void) seteuid((uid_t)pw->pw_uid); ++/* PSz 25 Aug 06 Check return status */ ++ if (seteuid((uid_t)pw->pw_uid) != 0) _exit(1); + sigfillset (&allsigs); + sigprocmask (SIG_UNBLOCK, &allsigs, NULL); + (void) close(s); diff --git a/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-shadowfix.patch b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-shadowfix.patch new file mode 100644 index 000000000000..79a241ff9c51 --- /dev/null +++ b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-shadowfix.patch @@ -0,0 +1,28 @@ +--- linux-ftpd-0.17/ftpd/Makefile ++++ linux-ftpd-0.17-patched/ftpd/Makefile +@@ -19,7 +19,11 @@ + all: ftpd + + %.o: %.c ++ ifdef USE_SHADOW ++ $(CC) $(CFLAGS) -DUSE_SHADOW -DHASSETPROCTITLE $< -c ++ else + $(CC) $(CFLAGS) -DHASSETPROCTITLE $< -c ++ endif + + ftpcmd.c: %.c: %.y + $(YACC) $< +--- linux-ftpd-0.17/support/Makefile ++++ linux-ftpd-0.17-patched/support/Makefile +@@ -5,7 +5,11 @@ + all: libsupport.a + + %.o: %.c ++ ifdef USE_SHADOW ++ $(CC) $(CFLAGS) -DUSE_SHADOW -DHASSETPROCTITLE $< -c ++ else + $(CC) $(CFLAGS) -DHASSETPROCTITLE $< -c ++ endif + + libsupport.a: $(OBJS) + ar -cruv $@ $^ |