diff options
author | Bernard Cafarelli <voyageur@gentoo.org> | 2009-09-07 16:46:33 +0000 |
---|---|---|
committer | Bernard Cafarelli <voyageur@gentoo.org> | 2009-09-07 16:46:33 +0000 |
commit | 50f1f2bdf2df4cf96079e82c102c1c8ff92e25db (patch) | |
tree | 2a76999cff442f32ff4ec41544f09f7bcb10bdfc /net-ftp/proftpd/files | |
parent | openvas-server bump (diff) | |
download | gentoo-2-50f1f2bdf2df4cf96079e82c102c1c8ff92e25db.tar.gz gentoo-2-50f1f2bdf2df4cf96079e82c102c1c8ff92e25db.tar.bz2 gentoo-2-50f1f2bdf2df4cf96079e82c102c1c8ff92e25db.zip |
Remove old versions, bump to 1.3.2a (with some modules), thanks to Bernd Lommerzheim <bernd@lommerzheim.com> in bug #276371. Also fix bug #280150, updating mit-krb5 dependency
(Portage version: 2.2_rc40/cvs/Linux x86_64)
Diffstat (limited to 'net-ftp/proftpd/files')
9 files changed, 0 insertions, 906 deletions
diff --git a/net-ftp/proftpd/files/proftpd-1.3.1-CVE-2008-4242.patch b/net-ftp/proftpd/files/proftpd-1.3.1-CVE-2008-4242.patch deleted file mode 100644 index 9b08cade2ab9..000000000000 --- a/net-ftp/proftpd/files/proftpd-1.3.1-CVE-2008-4242.patch +++ /dev/null @@ -1,172 +0,0 @@ -Patch taken from debian, closes -http://secunia.com/advisories/cve_reference/CVE-2008-4242/ -https://bugs.gentoo.org/show_bug.cgi?id=238762 -diff -urNad trunk~/src/main.c trunk/src/main.c ---- trunk~/src/main.c 2008-09-21 23:50:55.000000000 +0200 -+++ trunk/src/main.c 2008-09-21 23:50:55.000000000 +0200 -@@ -674,12 +674,17 @@ - while (TRUE) { - pr_signals_handle(); - -+ memset(buf,'\0',sizeof(buf)); -+ - if (pr_netio_telnet_gets(buf, sizeof(buf)-1, session.c->instrm, - session.c->outstrm) == NULL) { - -- if (PR_NETIO_ERRNO(session.c->instrm) == EINTR) -- /* Simple interrupted syscall */ -+ if (errno == E2BIG) { -+ /* The client sent a too-long command which was ignored; give -+ * them another chance? -+ */ - continue; -+ } - - #ifndef PR_DEVEL_NO_DAEMON - /* Otherwise, EOF */ -@@ -695,20 +700,31 @@ - - if (cmd_buf_size == -1) { - int *bufsz = get_param_ptr(main_server->conf, "CommandBufferSize", FALSE); -+ size_t default_cmd_bufsz; -+ -+ /* It's possible for the admin to select a PR_TUNABLE_BUFFER_SIZE which -+ * is smaller than PR_DEFAULT_CMD_BUFSZ. We need to handle such cases -+ * properly. -+ */ -+ default_cmd_bufsz = PR_DEFAULT_CMD_BUFSZ; -+ if (default_cmd_bufsz > sizeof(buf)) { -+ default_cmd_bufsz = sizeof(buf); -+ } -+ - if (bufsz == NULL) { -- cmd_buf_size = PR_DEFAULT_CMD_BUFSZ; -+ cmd_buf_size = default_cmd_bufsz; - - } else if (*bufsz <= 0) { - pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) " - "given, using default buffer size (%u) instead", -- *bufsz, PR_DEFAULT_CMD_BUFSZ); -- cmd_buf_size = PR_DEFAULT_CMD_BUFSZ; -+ *bufsz, default_cmd_bufsz); -+ cmd_buf_size = default_cmd_bufsz; - - } else if (*bufsz + 1 > sizeof(buf)) { - pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) " - "given, using default buffer size (%u) instead", -- *bufsz, PR_DEFAULT_CMD_BUFSZ); -- cmd_buf_size = PR_DEFAULT_CMD_BUFSZ; -+ *bufsz, default_cmd_bufsz); -+ cmd_buf_size = default_cmd_bufsz; - - } else { - pr_log_debug(DEBUG1, "setting CommandBufferSize to %d", *bufsz); -diff -urNad trunk~/src/netio.c trunk/src/netio.c ---- trunk~/src/netio.c 2008-09-21 23:39:34.000000000 +0200 -+++ trunk/src/netio.c 2008-09-21 23:52:17.000000000 +0200 -@@ -1,6 +1,6 @@ - /* - * ProFTPD - FTP server daemon -- * Copyright (c) 2001-2007 The ProFTPD Project team -+ * Copyright (c) 2001-2008 The ProFTPD Project team - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by -@@ -30,19 +30,19 @@ - #include <signal.h> - - #ifndef IAC --#define IAC 255 -+# define IAC 255 - #endif - #ifndef DONT --#define DONT 254 -+# define DONT 254 - #endif - #ifndef DO --#define DO 253 -+# define DO 253 - #endif - #ifndef WONT --#define WONT 252 -+# define WONT 252 - #endif - #ifndef WILL --#define WILL 251 -+# define WILL 251 - #endif - - static const char *trace_channel = "netio"; -@@ -51,6 +51,17 @@ - static pr_netio_t *core_data_netio = NULL, *data_netio = NULL; - static pr_netio_t *core_othr_netio = NULL, *othr_netio = NULL; - -+/* Used to track whether the previous text read from the client's control -+ * connection was a properly-terminated command. If so, then read in the -+ * next/current text as per normal. If NOT (e.g. the client sent a too-long -+ * command), then read in the next/current text, but ignore it. Only clear -+ * this flag if the next/current command can be read as per normal. -+ * -+ * The pr_netio_telnet_gets() uses this variable, in conjunction with its -+ * saw_newline flag, for handling too-long commands from clients. -+ */ -+static int properly_terminated_prev_command = TRUE; -+ - static pr_netio_stream_t *netio_stream_alloc(pool *parent_pool) { - pool *netio_pool = NULL; - pr_netio_stream_t *nstrm = NULL; -@@ -911,7 +922,7 @@ - char *bp = buf; - unsigned char cp; - static unsigned char mode = 0; -- int toread; -+ int toread, saw_newline = FALSE; - pr_buffer_t *pbuf = NULL; - - if (buflen == 0) { -@@ -940,8 +951,9 @@ - *bp = '\0'; - return buf; - -- } else -+ } else { - return NULL; -+ } - } - - pbuf->remaining = pbuf->buflen - toread; -@@ -1004,6 +1016,8 @@ - toread--; - *bp++ = *pbuf->current++; - pbuf->remaining++; -+ -+ saw_newline = TRUE; - break; - } - -@@ -1011,6 +1025,25 @@ - pbuf->current = NULL; - } - -+ if (!saw_newline) { -+ /* If we haven't seen a newline, then assume the client is deliberately -+ * sending a too-long command, trying to exploit buffer sizes and make -+ * the server make some possibly bad assumptions. -+ */ -+ -+ properly_terminated_prev_command = FALSE; -+ errno = E2BIG; -+ return NULL; -+ } -+ -+ if (!properly_terminated_prev_command) { -+ properly_terminated_prev_command = TRUE; -+ pr_log_pri(PR_LOG_NOTICE, "client sent too-long command, ignoring"); -+ errno = E2BIG; -+ return NULL; -+ } -+ -+ properly_terminated_prev_command = TRUE; - *bp = '\0'; - return buf; - } diff --git a/net-ftp/proftpd/files/proftpd-1.3.1-bug208840.patch b/net-ftp/proftpd/files/proftpd-1.3.1-bug208840.patch deleted file mode 100644 index 90931f99f50f..000000000000 --- a/net-ftp/proftpd/files/proftpd-1.3.1-bug208840.patch +++ /dev/null @@ -1,35 +0,0 @@ ---- acconfig.h 2002/12/15 18:05:09 1.15 -+++ acconfig.h 2007/10/15 17:27:25 1.16 -@@ -12,9 +12,6 @@ - /* Define to `int' if <sys/types.h> doesn't define. */ - #undef ino_t - --/* Define to `mode_t' if <sys/types.h> doesn't define. */ --#undef umode_t -- - /* Define to `int' if <sys/socket.h> doesn't define. */ - #undef socklen_t - ---- config.h.in 2007/10/13 03:05:27 1.118 -+++ config.h.in 2007/10/15 17:27:25 1.119 -@@ -37,9 +37,6 @@ - /* Define to `int' if <sys/socket.h> doesn't define. */ - #undef socklen_t - --/* Define to `mode_t' if <sys/types.h> doesn't define. */ --#undef umode_t -- - /* Define if you have AIX send_file() semantics. */ - #undef HAVE_AIX_SENDFILE - ---- configure.in 2007/10/13 03:05:27 1.261 -+++ configure.in 2007/10/15 17:27:25 1.262 -@@ -1119,7 +1119,7 @@ - AC_CHECK_SIZEOF(time_t, 0) - - dnl Check for generic typedefs --AC_CHECK_TYPE(umode_t, mode_t) -+AC_CHECK_TYPE(mode_t, mode_t) - AC_CHECK_TYPE(ino_t, ino_t) - AC_CHECK_TYPE(intptr_t, AC_DEFINE(HAVE_INTPTR_T),, [ - #if HAVE_INTTYPES_H diff --git a/net-ftp/proftpd/files/proftpd-1.3.1-bug218850.patch b/net-ftp/proftpd/files/proftpd-1.3.1-bug218850.patch deleted file mode 100644 index 3e2adf34ea5c..000000000000 --- a/net-ftp/proftpd/files/proftpd-1.3.1-bug218850.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- lib/libcap/libcap.h 2008-04-24 19:46:29.475883739 +0200 -+++ lib/libcap/libcap.h 2008-04-24 19:48:31.116088563 +0200 -@@ -52,7 +52,8 @@ - */ - - #if !defined(_LINUX_CAPABILITY_VERSION) || \ -- (_LINUX_CAPABILITY_VERSION != 0x19980330) -+ ((_LINUX_CAPABILITY_VERSION != 0x19980330) && \ -+ (_LINUX_CAPABILITY_VERSION != 0x20071026)) - - # error "Kernel <linux/capability.h> does not match library" - # error "file "libcap.h" --> fix and recompile libcap" diff --git a/net-ftp/proftpd/files/proftpd-1.3.1_rc2-bug164612.patch b/net-ftp/proftpd/files/proftpd-1.3.1_rc2-bug164612.patch deleted file mode 100644 index 060fc9518456..000000000000 --- a/net-ftp/proftpd/files/proftpd-1.3.1_rc2-bug164612.patch +++ /dev/null @@ -1,23 +0,0 @@ ---- modules/mod_lang.c 2007/01/19 21:59:44 1.4 -+++ modules/mod_lang.c 2007/01/19 23:01:25 1.5 -@@ -262,10 +262,19 @@ - - static int lang_init(void) { - if (setlocale(LC_ALL, "") == NULL) { -- pr_log_pri(PR_LOG_NOTICE, "unable to set locale: %s", strerror(errno)); -+ pr_log_pri(PR_LOG_NOTICE, "unable to set LC_ALL: %s", strerror(errno)); - return -1; - } - -+ /* Preserve the POSIX/portable handling of number formatting; local -+ * formatting of decimal points, for example, can cause problems with -+ * numbers in SQL queries. -+ */ -+ if (setlocale(LC_NUMERIC, "C") == NULL) { -+ pr_log_pri(PR_LOG_NOTICE, "unable to set LC_NUMERIC: %s", -+ strerror(errno)); -+ } -+ - lang_pool = make_sub_pool(permanent_pool); - pr_pool_tag(lang_pool, MOD_LANG_VERSION); - diff --git a/net-ftp/proftpd/files/proftpd-1.3.1_rc2-bug167003.patch b/net-ftp/proftpd/files/proftpd-1.3.1_rc2-bug167003.patch deleted file mode 100644 index d6ce55a148b0..000000000000 --- a/net-ftp/proftpd/files/proftpd-1.3.1_rc2-bug167003.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- modules/mod_facl.c 2007/04/18 15:31:28 1.6 -+++ modules/mod_facl.c 2007/04/30 17:47:34 1.7 -@@ -826,10 +826,10 @@ - "facl", - - /* Module configuration directive handlers */ -- NULL, -+ facl_conftab, - - /* Module command handlers */ -- facl_conftab, -+ NULL, - - /* Module authentication handlers */ - NULL, diff --git a/net-ftp/proftpd/files/proftpd-1.3.1_rc2-bug175082.patch b/net-ftp/proftpd/files/proftpd-1.3.1_rc2-bug175082.patch deleted file mode 100644 index 7e3b6cf6f4ac..000000000000 --- a/net-ftp/proftpd/files/proftpd-1.3.1_rc2-bug175082.patch +++ /dev/null @@ -1,354 +0,0 @@ ---- include/auth.h 2005/06/10 17:21:10 1.4 -+++ include/auth.h 2007/04/17 21:33:40 1.5 -@@ -86,6 +86,7 @@ - config_rec *pr_auth_get_anon_config(pool *p, char **, char **, char **); - - /* For internal use only. */ -+int init_auth(void); - int set_groups(pool *, gid_t, array_header *); - - #endif /* PR_MODULES_H */ ---- modules/mod_core.c 2007/03/09 16:20:54 1.298 -+++ modules/mod_core.c 2007/04/17 21:33:40 1.299 -@@ -4418,6 +4418,8 @@ - config_rec *c = NULL; - unsigned int *debug_level = NULL; - -+ init_auth(); -+ - /* Check for a server-specific TimeoutIdle. */ - c = find_config(main_server->conf, CONF_PARAM, "TimeoutIdle", FALSE); - if (c != NULL) ---- src/auth.c 2007/01/08 22:59:28 1.47 -+++ src/auth.c 2007/04/17 21:33:40 1.48 -@@ -30,6 +30,10 @@ - - #include "conf.h" - -+static pool *auth_pool = NULL; -+static pr_table_t *auth_tab = NULL; -+static const char *trace_channel = "auth"; -+ - /* The difference between this function, and pr_cmd_alloc(), is that this - * allocates the cmd_rec directly from the given pool, whereas pr_cmd_alloc() - * will allocate a subpool from the given pool, and allocate its cmd_rec -@@ -63,7 +67,7 @@ - return c; - } - --static modret_t *dispatch_auth(cmd_rec *cmd, char *match) { -+static modret_t *dispatch_auth(cmd_rec *cmd, char *match, module **m) { - authtable *start_tab = NULL, *iter_tab = NULL; - modret_t *mr = NULL; - -@@ -74,7 +78,12 @@ - while (iter_tab) { - pr_signals_handle(); - -- pr_trace_msg("auth", 6, "dispatching auth request \"%s\" to module mod_%s", -+ if (m && *m && *m != iter_tab->m) { -+ goto next; -+ } -+ -+ pr_trace_msg(trace_channel, 6, -+ "dispatching auth request \"%s\" to module mod_%s", - match, iter_tab->m->name); - - mr = call_module(iter_tab->m, iter_tab->handler, cmd); -@@ -83,9 +92,19 @@ - break; - - if (MODRET_ISHANDLED(mr) || -- MODRET_ISERROR(mr)) -+ MODRET_ISERROR(mr)) { -+ -+ /* Return a pointer, if requested, to the module which answered the -+ * auth request. This is used, for example, by auth_getpwnam() for -+ * associating the answering auth module with the data looked up. -+ */ -+ if (m) -+ *m = iter_tab->m; -+ - break; -+ } - -+ next: - iter_tab = pr_stash_get_symbol(PR_SYM_AUTH, match, iter_tab, - &cmd->stash_index); - -@@ -106,7 +125,7 @@ - modret_t *mr = NULL; - - cmd = make_cmd(p, 0); -- mr = dispatch_auth(cmd, "setpwent"); -+ mr = dispatch_auth(cmd, "setpwent", NULL); - - if (cmd->tmp_pool) { - destroy_pool(cmd->tmp_pool); -@@ -121,13 +140,20 @@ - modret_t *mr = NULL; - - cmd = make_cmd(p, 0); -- mr = dispatch_auth(cmd, "endpwent"); -+ mr = dispatch_auth(cmd, "endpwent", NULL); - - if (cmd->tmp_pool) { - destroy_pool(cmd->tmp_pool); - cmd->tmp_pool = NULL; - } - -+ if (auth_tab) { -+ pr_trace_msg(trace_channel, 5, "emptying authcache"); -+ (void) pr_table_empty(auth_tab); -+ (void) pr_table_free(auth_tab); -+ auth_tab = NULL; -+ } -+ - return; - } - -@@ -136,7 +162,7 @@ - modret_t *mr = NULL; - - cmd = make_cmd(p, 0); -- mr = dispatch_auth(cmd, "setgrent"); -+ mr = dispatch_auth(cmd, "setgrent", NULL); - - if (cmd->tmp_pool) { - destroy_pool(cmd->tmp_pool); -@@ -151,7 +177,7 @@ - modret_t *mr = NULL; - - cmd = make_cmd(p, 0); -- mr = dispatch_auth(cmd, "endgrent"); -+ mr = dispatch_auth(cmd, "endgrent", NULL); - - if (cmd->tmp_pool) { - destroy_pool(cmd->tmp_pool); -@@ -167,7 +193,7 @@ - struct passwd *res = NULL; - - cmd = make_cmd(p, 0); -- mr = dispatch_auth(cmd, "getpwent"); -+ mr = dispatch_auth(cmd, "getpwent", NULL); - - if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr)) - res = mr->data; -@@ -201,7 +227,7 @@ - struct group *res = NULL; - - cmd = make_cmd(p, 0); -- mr = dispatch_auth(cmd, "getgrent"); -+ mr = dispatch_auth(cmd, "getgrent", NULL); - - if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr)) - res = mr->data; -@@ -228,11 +254,13 @@ - cmd_rec *cmd = NULL; - modret_t *mr = NULL; - struct passwd *res = NULL; -+ module *m = NULL; - - cmd = make_cmd(p, 1, name); -- mr = dispatch_auth(cmd, "getpwnam"); -+ mr = dispatch_auth(cmd, "getpwnam", &m); - -- if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr)) -+ if (MODRET_ISHANDLED(mr) && -+ MODRET_HASDATA(mr)) - res = mr->data; - - if (cmd->tmp_pool) { -@@ -257,6 +285,46 @@ - return NULL; - } - -+ if (!auth_tab && auth_pool) { -+ auth_tab = pr_table_alloc(auth_pool, 0); -+ } -+ -+ if (m && auth_tab) { -+ int count = 0; -+ void *value = NULL; -+ -+ value = palloc(auth_pool, sizeof(module *)); -+ *((module **) value) = m; -+ -+ count = pr_table_exists(auth_tab, name); -+ if (count <= 0) { -+ if (pr_table_add(auth_tab, pstrdup(auth_pool, name), value, -+ sizeof(module *)) < 0) { -+ pr_trace_msg(trace_channel, 3, -+ "error adding module 'mod_%s.c' for user '%s' to the authcache: %s", -+ m->name, name, strerror(errno)); -+ -+ } else { -+ pr_trace_msg(trace_channel, 5, -+ "stashed module 'mod_%s.c' for user '%s' in the authcache", -+ m->name, name); -+ } -+ -+ } else { -+ if (pr_table_set(auth_tab, pstrdup(auth_pool, name), value, -+ sizeof(module *)) < 0) { -+ pr_trace_msg(trace_channel, 3, -+ "error setting module 'mod_%s.c' for user '%s' in the authcache: %s", -+ m->name, name, strerror(errno)); -+ -+ } else { -+ pr_trace_msg(trace_channel, 5, -+ "stashed module 'mod_%s.c' for user '%s' in the authcache", -+ m->name, name); -+ } -+ } -+ } -+ - pr_log_debug(DEBUG10, "retrieved UID %lu for user '%s'", - (unsigned long) res->pw_uid, name); - return res; -@@ -268,7 +336,7 @@ - struct passwd *res = NULL; - - cmd = make_cmd(p, 1, (void *) &uid); -- mr = dispatch_auth(cmd, "getpwuid"); -+ mr = dispatch_auth(cmd, "getpwuid", NULL); - - if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr)) - res = mr->data; -@@ -306,7 +374,7 @@ - struct group *res = NULL; - - cmd = make_cmd(p, 1, name); -- mr = dispatch_auth(cmd, "getgrnam"); -+ mr = dispatch_auth(cmd, "getgrnam", NULL); - - if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr)) - res = mr->data; -@@ -339,7 +407,7 @@ - struct group *res = NULL; - - cmd = make_cmd(p, 1, (void *) &gid); -- mr = dispatch_auth(cmd, "getgrgid"); -+ mr = dispatch_auth(cmd, "getgrgid", NULL); - - if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr)) - res = mr->data; -@@ -369,10 +437,25 @@ - int pr_auth_authenticate(pool *p, const char *name, const char *pw) { - cmd_rec *cmd = NULL; - modret_t *mr = NULL; -+ module *m = NULL; - int res = PR_AUTH_NOPWD; - - cmd = make_cmd(p, 2, name, pw); -- mr = dispatch_auth(cmd, "auth"); -+ -+ if (auth_tab) { -+ -+ /* Fetch the specific module to be used for authenticating this user. */ -+ void *v = pr_table_get(auth_tab, name, NULL); -+ if (v) { -+ m = *((module **) v); -+ -+ pr_trace_msg(trace_channel, 4, -+ "using module 'mod_%s.c' from authcache to authenticate user '%s'", -+ m->name, name); -+ } -+ } -+ -+ mr = dispatch_auth(cmd, "auth", m ? &m : NULL); - - if (MODRET_ISHANDLED(mr)) - res = MODRET_HASDATA(mr) ? PR_AUTH_RFC2228_OK : PR_AUTH_OK; -@@ -391,10 +474,25 @@ - int pr_auth_check(pool *p, const char *cpw, const char *name, const char *pw) { - cmd_rec *cmd = NULL; - modret_t *mr = NULL; -+ module *m = NULL; - int res = PR_AUTH_BADPWD; - - cmd = make_cmd(p, 3, cpw, name, pw); -- mr = dispatch_auth(cmd, "check"); -+ -+ if (auth_tab) { -+ -+ /* Fetch the specific module to be used for authenticating this user. */ -+ void *v = pr_table_get(auth_tab, name, NULL); -+ if (v) { -+ m = *((module **) v); -+ -+ pr_trace_msg(trace_channel, 4, -+ "using module 'mod_%s.c' from authcache to authenticate user '%s'", -+ m->name, name); -+ } -+ } -+ -+ mr = dispatch_auth(cmd, "check", m ? &m : NULL); - - if (MODRET_ISHANDLED(mr)) - res = MODRET_HASDATA(mr) ? PR_AUTH_RFC2228_OK : PR_AUTH_OK; -@@ -413,7 +511,7 @@ - int res = TRUE; - - cmd = make_cmd(p, 1, name); -- mr = dispatch_auth(cmd, "requires_pass"); -+ mr = dispatch_auth(cmd, "requires_pass", NULL); - - if (MODRET_ISHANDLED(mr)) - res = FALSE; -@@ -438,7 +536,7 @@ - memset(namebuf, '\0', sizeof(namebuf)); - - cmd = make_cmd(p, 1, (void *) &uid); -- mr = dispatch_auth(cmd, "uid2name"); -+ mr = dispatch_auth(cmd, "uid2name", NULL); - - if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr)) { - res = mr->data; -@@ -463,7 +561,7 @@ - memset(namebuf, '\0', sizeof(namebuf)); - - cmd = make_cmd(p, 1, (void *) &gid); -- mr = dispatch_auth(cmd, "gid2name"); -+ mr = dispatch_auth(cmd, "gid2name", NULL); - - if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr)) { - res = mr->data; -@@ -485,7 +583,7 @@ - uid_t res = (uid_t) -1; - - cmd = make_cmd(p, 1, name); -- mr = dispatch_auth(cmd, "name2uid"); -+ mr = dispatch_auth(cmd, "name2uid", NULL); - - if (MODRET_ISHANDLED(mr)) - res = *((uid_t *) mr->data); -@@ -506,7 +604,7 @@ - gid_t res = (gid_t) -1; - - cmd = make_cmd(p, 1, name); -- mr = dispatch_auth(cmd, "name2gid"); -+ mr = dispatch_auth(cmd, "name2gid", NULL); - - if (MODRET_ISHANDLED(mr)) - res = *((gid_t *) mr->data); -@@ -538,7 +636,7 @@ - cmd = make_cmd(p, 3, name, group_ids ? *group_ids : NULL, - group_names ? *group_names : NULL); - -- mr = dispatch_auth(cmd, "getgroups"); -+ mr = dispatch_auth(cmd, "getgroups", NULL); - - if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr)) { - res = *((int *) mr->data); -@@ -832,3 +930,10 @@ - return res; - } - -+/* Internal use only. To be called in the session process. */ -+int init_auth(void) { -+ auth_pool = make_sub_pool(permanent_pool); -+ pr_pool_tag(auth_pool, "Auth API"); -+ -+ return 0; -+} diff --git a/net-ftp/proftpd/files/proftpd-1.3.1_rc2-bug178866.patch b/net-ftp/proftpd/files/proftpd-1.3.1_rc2-bug178866.patch deleted file mode 100644 index 206ffb0d6384..000000000000 --- a/net-ftp/proftpd/files/proftpd-1.3.1_rc2-bug178866.patch +++ /dev/null @@ -1,68 +0,0 @@ ---- src/auth.c 2007/04/17 21:33:40 1.48 -+++ src/auth.c 2007/05/21 15:19:41 1.49 -@@ -442,6 +442,32 @@ - - cmd = make_cmd(p, 2, name, pw); - -+ /* First, check for the mod_auth_pam.c module. -+ * -+ * PAM is a bit of hack in this Auth API, because PAM only provides -+ * yes/no checks, and is not a source of user information. -+ */ -+ m = pr_module_get("mod_auth_pam.c"); -+ if (m) { -+ pr_trace_msg(trace_channel, 4, -+ "using module 'mod_auth_pam.c' to authenticate user '%s'", name); -+ -+ mr = dispatch_auth(cmd, "auth", &m); -+ -+ if (MODRET_ISHANDLED(mr)) { -+ res = MODRET_HASDATA(mr) ? PR_AUTH_RFC2228_OK : PR_AUTH_OK; -+ -+ if (cmd->tmp_pool) { -+ destroy_pool(cmd->tmp_pool); -+ cmd->tmp_pool = NULL; -+ } -+ -+ return res; -+ } -+ -+ m = NULL; -+ } -+ - if (auth_tab) { - - /* Fetch the specific module to be used for authenticating this user. */ -@@ -479,6 +505,32 @@ - - cmd = make_cmd(p, 3, cpw, name, pw); - -+ /* First, check for the mod_auth_pam.c module. -+ * -+ * PAM is a bit of hack in this Auth API, because PAM only provides -+ * yes/no checks, and is not a source of user information. -+ */ -+ m = pr_module_get("mod_auth_pam.c"); -+ if (m) { -+ pr_trace_msg(trace_channel, 4, -+ "using module 'mod_auth_pam.c' to authenticate user '%s'", name); -+ -+ mr = dispatch_auth(cmd, "auth", &m); -+ -+ if (MODRET_ISHANDLED(mr)) { -+ res = MODRET_HASDATA(mr) ? PR_AUTH_RFC2228_OK : PR_AUTH_OK; -+ -+ if (cmd->tmp_pool) { -+ destroy_pool(cmd->tmp_pool); -+ cmd->tmp_pool = NULL; -+ } -+ -+ return res; -+ } -+ -+ m = NULL; -+ } -+ - if (auth_tab) { - - /* Fetch the specific module to be used for authenticating this user. */ diff --git a/net-ftp/proftpd/files/proftpd-1.3.1_rc2-bug181712.patch b/net-ftp/proftpd/files/proftpd-1.3.1_rc2-bug181712.patch deleted file mode 100644 index fbe8fed1f1f0..000000000000 --- a/net-ftp/proftpd/files/proftpd-1.3.1_rc2-bug181712.patch +++ /dev/null @@ -1,35 +0,0 @@ ---- src/auth.c 21 May 2007 15:19:41 -0000 1.49 -+++ src/auth.c 12 Jun 2007 18:54:15 -0000 -@@ -449,12 +449,12 @@ - */ - m = pr_module_get("mod_auth_pam.c"); - if (m) { -- pr_trace_msg(trace_channel, 4, -- "using module 'mod_auth_pam.c' to authenticate user '%s'", name); -- - mr = dispatch_auth(cmd, "auth", &m); - - if (MODRET_ISHANDLED(mr)) { -+ pr_trace_msg(trace_channel, 4, -+ "module 'mod_auth_pam.c' used for authenticating user '%s'", name); -+ - res = MODRET_HASDATA(mr) ? PR_AUTH_RFC2228_OK : PR_AUTH_OK; - - if (cmd->tmp_pool) { -@@ -512,12 +512,12 @@ - */ - m = pr_module_get("mod_auth_pam.c"); - if (m) { -- pr_trace_msg(trace_channel, 4, -- "using module 'mod_auth_pam.c' to authenticate user '%s'", name); -- -- mr = dispatch_auth(cmd, "auth", &m); -+ mr = dispatch_auth(cmd, "check", &m); - - if (MODRET_ISHANDLED(mr)) { -+ pr_trace_msg(trace_channel, 4, -+ "module 'mod_auth_pam.c' used for authenticating user '%s'", name); -+ - res = MODRET_HASDATA(mr) ? PR_AUTH_RFC2228_OK : PR_AUTH_OK; - - if (cmd->tmp_pool) { diff --git a/net-ftp/proftpd/files/proftpd-1.3.2_rc2-CVE-2008-4242.patch b/net-ftp/proftpd/files/proftpd-1.3.2_rc2-CVE-2008-4242.patch deleted file mode 100644 index 1b95d3c239d5..000000000000 --- a/net-ftp/proftpd/files/proftpd-1.3.2_rc2-CVE-2008-4242.patch +++ /dev/null @@ -1,192 +0,0 @@ -This fixes CVE-2008-4242 (Gentoo bug 238762) -Source: http://bugs.proftpd.org/show_bug.cgi?id=3115 - -Index: src/main.c -=================================================================== -RCS file: /cvsroot/proftp/proftpd/src/main.c,v -retrieving revision 1.344 -diff -u -r1.344 main.c ---- src/main.c 8 Sep 2008 00:47:11 -0000 1.344 -+++ src/main.c 20 Sep 2008 20:10:49 -0000 -@@ -516,20 +516,32 @@ - static long get_max_cmd_len(size_t buflen) { - long res; - int *bufsz = NULL; -+ size_t default_cmd_bufsz; - -+ /* It's possible for the admin to select a PR_TUNABLE_BUFFER_SIZE which -+ * is smaller than PR_DEFAULT_CMD_BUFSZ. We need to handle such cases -+ * properly. -+ */ -+ default_cmd_bufsz = PR_DEFAULT_CMD_BUFSZ; -+ if (default_cmd_bufsz > buflen) { -+ default_cmd_bufsz = buflen; -+ } -+ - bufsz = get_param_ptr(main_server->conf, "CommandBufferSize", FALSE); - if (bufsz == NULL) { -- res = PR_DEFAULT_CMD_BUFSZ; -+ res = default_cmd_bufsz; - - } else if (*bufsz <= 0) { - pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) given, " -- "using default buffer size (%u) instead", *bufsz, PR_DEFAULT_CMD_BUFSZ); -- res = PR_DEFAULT_CMD_BUFSZ; -+ "using default buffer size (%lu) instead", *bufsz, -+ (unsigned long) default_cmd_bufsz); -+ res = default_cmd_bufsz; - - } else if (*bufsz + 1 > buflen) { - pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) given, " -- "using default buffer size (%u) instead", *bufsz, PR_DEFAULT_CMD_BUFSZ); -- res = PR_DEFAULT_CMD_BUFSZ; -+ "using default buffer size (%lu) instead", *bufsz, -+ (unsigned long) default_cmd_bufsz); -+ res = default_cmd_bufsz; - - } else { - pr_log_debug(DEBUG1, "setting CommandBufferSize to %d", *bufsz); -@@ -577,11 +589,26 @@ - return -1; - } - -- memset(buf, '\0', sizeof(buf)); -+ while (TRUE) { -+ pr_signals_handle(); - -- if (pr_netio_telnet_gets(buf, sizeof(buf)-1, session.c->instrm, -- session.c->outstrm) == NULL) -- return -1; -+ memset(buf, '\0', sizeof(buf)); -+ -+ if (pr_netio_telnet_gets(buf, sizeof(buf)-1, session.c->instrm, -+ session.c->outstrm) == NULL) { -+ -+ if (errno == E2BIG) { -+ /* The client sent a too-long command which was ignored; give -+ * them another chance? -+ */ -+ continue; -+ } -+ -+ return -1; -+ } -+ -+ break; -+ } - - if (cmd_bufsz == -1) - cmd_bufsz = get_max_cmd_len(sizeof(buf)); -Index: src/netio.c -=================================================================== -RCS file: /cvsroot/proftp/proftpd/src/netio.c,v -retrieving revision 1.33 -diff -u -r1.33 netio.c ---- src/netio.c 3 Apr 2008 03:14:31 -0000 1.33 -+++ src/netio.c 20 Sep 2008 20:10:49 -0000 -@@ -1,6 +1,6 @@ - /* - * ProFTPD - FTP server daemon -- * Copyright (c) 2001-2007 The ProFTPD Project team -+ * Copyright (c) 2001-2008 The ProFTPD Project team - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by -@@ -30,19 +30,19 @@ - #include <signal.h> - - #ifndef IAC --#define IAC 255 -+# define IAC 255 - #endif - #ifndef DONT --#define DONT 254 -+# define DONT 254 - #endif - #ifndef DO --#define DO 253 -+# define DO 253 - #endif - #ifndef WONT --#define WONT 252 -+# define WONT 252 - #endif - #ifndef WILL --#define WILL 251 -+# define WILL 251 - #endif - - static const char *trace_channel = "netio"; -@@ -51,6 +51,17 @@ - static pr_netio_t *core_data_netio = NULL, *data_netio = NULL; - static pr_netio_t *core_othr_netio = NULL, *othr_netio = NULL; - -+/* Used to track whether the previous text read from the client's control -+ * connection was a properly-terminated command. If so, then read in the -+ * next/current text as per normal. If NOT (e.g. the client sent a too-long -+ * command), then read in the next/current text, but ignore it. Only clear -+ * this flag if the next/current command can be read as per normal. -+ * -+ * The pr_netio_telnet_gets() uses this variable, in conjunction with its -+ * saw_newline flag, for handling too-long commands from clients. -+ */ -+static int properly_terminated_prev_command = TRUE; -+ - static pr_netio_stream_t *netio_stream_alloc(pool *parent_pool) { - pool *netio_pool = NULL; - pr_netio_stream_t *nstrm = NULL; -@@ -950,7 +961,7 @@ - char *bp = buf; - unsigned char cp; - static unsigned char mode = 0; -- int toread, handle_iac = TRUE; -+ int toread, handle_iac = TRUE, saw_newline = FALSE; - pr_buffer_t *pbuf = NULL; - - if (buflen == 0) { -@@ -983,8 +994,9 @@ - *bp = '\0'; - return buf; - -- } else -+ } else { - return NULL; -+ } - } - - pbuf->remaining = pbuf->buflen - toread; -@@ -1049,6 +1061,8 @@ - toread--; - *bp++ = *pbuf->current++; - pbuf->remaining++; -+ -+ saw_newline = TRUE; - break; - } - -@@ -1056,6 +1070,25 @@ - pbuf->current = NULL; - } - -+ if (!saw_newline) { -+ /* If we haven't seen a newline, then assume the client is deliberately -+ * sending a too-long command, trying to exploit buffer sizes and make -+ * the server make some possibly bad assumptions. -+ */ -+ -+ properly_terminated_prev_command = FALSE; -+ errno = E2BIG; -+ return NULL; -+ } -+ -+ if (!properly_terminated_prev_command) { -+ properly_terminated_prev_command = TRUE; -+ pr_log_pri(PR_LOG_NOTICE, "client sent too-long command, ignoring"); -+ errno = E2BIG; -+ return NULL; -+ } -+ -+ properly_terminated_prev_command = TRUE; - *bp = '\0'; - return buf; - } |