diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2008-10-26 05:44:14 +0000 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2008-10-26 05:44:14 +0000 |
| commit | e54d1754893dc3addf45e33e5c0c1802babbb2c2 (patch) | |
| tree | 929bd71c0bf0d012ebebcc053bc11cb8f9a42fa8 /net-ftp/netkit-ftpd | |
| parent | Do not force building with -O3. (diff) | |
| download | gentoo-2-e54d1754893dc3addf45e33e5c0c1802babbb2c2.tar.gz gentoo-2-e54d1754893dc3addf45e33e5c0c1802babbb2c2.tar.bz2 gentoo-2-e54d1754893dc3addf45e33e5c0c1802babbb2c2.zip | |
Add fix for CVE-2008-4247 #239047.
(Portage version: 2.2_rc12/cvs/Linux 2.6.26.2 x86_64)
Diffstat (limited to 'net-ftp/netkit-ftpd')
| -rw-r--r-- | net-ftp/netkit-ftpd/ChangeLog | 8 | ||||
| -rw-r--r-- | net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-CVE-2008-4247.patch | 108 | ||||
| -rw-r--r-- | net-ftp/netkit-ftpd/netkit-ftpd-0.17-r8.ebuild | 59 |
3 files changed, 174 insertions, 1 deletions
diff --git a/net-ftp/netkit-ftpd/ChangeLog b/net-ftp/netkit-ftpd/ChangeLog index 6133131be3e6..7c5d92493183 100644 --- a/net-ftp/netkit-ftpd/ChangeLog +++ b/net-ftp/netkit-ftpd/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for net-ftp/netkit-ftpd # Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-ftp/netkit-ftpd/ChangeLog,v 1.18 2008/05/11 19:10:29 solar Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-ftp/netkit-ftpd/ChangeLog,v 1.19 2008/10/26 05:44:14 vapier Exp $ + +*netkit-ftpd-0.17-r8 (26 Oct 2008) + + 26 Oct 2008; Mike Frysinger <vapier@gentoo.org> + +files/netkit-ftpd-0.17-CVE-2008-4247.patch, +netkit-ftpd-0.17-r8.ebuild: + Add fix for CVE-2008-4247 #239047. 11 May 2008; <solar@gentoo.org> +files/netkit-ftpd-0.17-cross.patch, netkit-ftpd-0.17-r7.ebuild: diff --git a/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-CVE-2008-4247.patch b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-CVE-2008-4247.patch new file mode 100644 index 000000000000..e1b50c825bfc --- /dev/null +++ b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-CVE-2008-4247.patch @@ -0,0 +1,108 @@ +http://bugs.gentoo.org/239047 + +--- linux-ftpd-0.17/ftpd/extern.h ++++ linux-ftpd-0.17/ftpd/extern.h +@@ -43,7 +43,7 @@ void dologout __P((int)); + void fatal __P((const char *)); + int ftpd_pclose __P((FILE *)); + FILE *ftpd_popen __P((char *, const char *)); +-char *ftpd_getline __P((char *, int, FILE *)); ++int ftpd_getline __P((char *, int, FILE *)); + void ftpdlogwtmp __P((const char *, const char *, const char *)); + void lreply __P((int, const char *, ...)); + void makedir __P((char *)); +--- linux-ftpd-0.17/ftpd/ftpcmd.y ++++ linux-ftpd-0.17/ftpd/ftpcmd.y +@@ -980,7 +980,7 @@ static struct tab *lookup(struct tab *p, + /* + * getline - a hacked up version of fgets to ignore TELNET escape codes. + */ +-char * ftpd_getline(char *s, int n, FILE *iop) ++int ftpd_getline(char *s, int n, FILE *iop) + { + int c; + register char *cs; +@@ -995,7 +995,7 @@ char * ftpd_getline(char *s, int n, FILE + if (debug) + syslog(LOG_DEBUG, "command: %s", s); + tmpline[0] = '\0'; +- return(s); ++ return(0); + } + if (c == 0) + tmpline[0] = '\0'; +@@ -1037,11 +1037,22 @@ char * ftpd_getline(char *s, int n, FILE + } + } + *cs++ = c; +- if (--n <= 0 || c == '\n') ++ if (--n <= 0) { ++ /* ++ * If command doesn't fit into buffer, discard the ++ * rest of the command and indicate truncation. ++ * This prevents the command to be split up into ++ * multiple commands. ++ */ ++ while (c != '\n' && (c = getc(iop)) != EOF) ++ ; ++ return (-2); ++ } ++ if (c == '\n') + break; + } + if (c == EOF && cs == s) +- return (NULL); ++ return (-1); + *cs++ = '\0'; + if (debug) { + if (!guest && strncasecmp("pass ", s, 5) == 0) { +@@ -1061,7 +1072,7 @@ char * ftpd_getline(char *s, int n, FILE + syslog(LOG_DEBUG, "command: %.*s", len, s); + } + } +- return (s); ++ return (0); + } + + void toolong(int signo) +@@ -1090,9 +1101,14 @@ static int yylex(void) + case CMD: + (void) signal(SIGALRM, toolong); + (void) alarm((unsigned) timeout); +- if (ftpd_getline(cbuf, sizeof(cbuf)-1, stdin)==NULL) { ++ n = ftpd_getline(cbuf, sizeof(cbuf)-1, stdin); ++ if (n == -1) { + reply(221, "You could at least say goodbye."); + dologout(0); ++ } else if (n == -2) { ++ reply(500, "Command too long."); ++ alarm(0); ++ continue; + } + (void) alarm(0); + if ((cp = strchr(cbuf, '\r'))) { +--- linux-ftpd-0.17/ftpd/ftpd.c ++++ linux-ftpd-0.17/ftpd/ftpd.c +@@ -2210,6 +2210,7 @@ void dologout(int status) + static void myoob(int signo) + { + char *cp; ++ int ret; + int save_errno = errno; + + (void)signo; +@@ -2218,9 +2219,13 @@ static void myoob(int signo) + if (!transflag) + return; + cp = tmpline; +- if (ftpd_getline(cp, 7, stdin) == NULL) { ++ ret = ftpd_getline(cp, 7, stdin); ++ if (ret == -1) { + reply(221, "You could at least say goodbye."); + dologout(0); ++ } else if (ret == -2) { ++ /* Ignore truncated command */ ++ return; + } + upper(cp); + if (strcmp(cp, "ABOR\r\n") == 0) { diff --git a/net-ftp/netkit-ftpd/netkit-ftpd-0.17-r8.ebuild b/net-ftp/netkit-ftpd/netkit-ftpd-0.17-r8.ebuild new file mode 100644 index 000000000000..0e03e22c494f --- /dev/null +++ b/net-ftp/netkit-ftpd/netkit-ftpd-0.17-r8.ebuild @@ -0,0 +1,59 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-ftp/netkit-ftpd/netkit-ftpd-0.17-r8.ebuild,v 1.1 2008/10/26 05:44:14 vapier Exp $ + +inherit eutils ssl-cert toolchain-funcs + +MY_P="linux-ftpd-${PV}" +DESCRIPTION="The netkit FTP server with optional SSL support" +HOMEPAGE="http://www.hcs.harvard.edu/~dholland/computers/netkit.html" +SRC_URI="ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/${MY_P}.tar.gz + mirror://gentoo/${MY_P}-ssl.patch" + +LICENSE="as-is" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="ssl" + +DEPEND="ssl? ( dev-libs/openssl )" +RDEPEND="${DEPEND} + virtual/inetd" + +S=${WORKDIR}/${MY_P} + +src_unpack() { + unpack ${MY_P}.tar.gz + cd "${S}" + use ssl && epatch "${DISTDIR}"/${MY_P}-ssl.patch "${FILESDIR}"/${P}-cleanup-ssl.patch + epatch "${FILESDIR}"/${P}-cleanup.patch + epatch "${FILESDIR}"/${P}-build.patch + epatch "${FILESDIR}"/${P}-shadowfix.patch + epatch "${FILESDIR}"/${P}-gcc41.patch + epatch "${FILESDIR}"/${P}-setguid.patch + epatch "${FILESDIR}"/${P}-cross.patch + epatch "${FILESDIR}"/${P}-CVE-2008-4247.patch #239047 + use ssl && epatch "${FILESDIR}"/${P}-fclose-CVE-2007-6263.patch #199206 +} + +src_compile() { + tc-export CC + ./configure --prefix=/usr || die "configure failed" + emake || die "parallel make failed" +} + +src_install() { + dobin ftpd/ftpd || die + doman ftpd/ftpd.8 + dodoc README ChangeLog + insinto /etc/xinetd.d + newins "${FILESDIR}"/ftp.xinetd ftp +} + +pkg_postinst() { + if use ssl ; then + install_cert /etc/ssl/certs/ftpd + elog "In order to start the server with SSL support" + elog "You need a certificate /etc/ssl/certs/ftpd.pem." + elog "A temporary certificiate has been created." + fi +} |