Version bump for security bug #258450, minimal changes from 1.3.2_rc2 ebuild for security stabling

(Portage version: 2.2_rc23/cvs/Linux x86_64)

3 files changed, 361 insertions, 2 deletions

diff --git a/net-ftp/proftpd/ChangeLog b/net-ftp/proftpd/ChangeLog
index 69eef4c4d940..187922dea77d 100644
--- a/net-ftp/proftpd/ChangeLog
+++ b/net-ftp/proftpd/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for net-ftp/proftpd
-# Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-ftp/proftpd/ChangeLog,v 1.186 2008/11/15 10:35:18 maekke Exp $
+# Copyright 2002-2009 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/proftpd/ChangeLog,v 1.187 2009/02/17 13:12:04 voyageur Exp $
+
+*proftpd-1.3.2 (17 Feb 2009)
+
+  17 Feb 2009; Bernard Cafarelli <voyageur@gentoo.org>
+  +files/proftpd-1.3.2-upstream-bug-3183.patch, +proftpd-1.3.2.ebuild:
+  Version bump for security bug #258450, minimal changes from 1.3.2_rc2
+  ebuild for security stabling
 
   15 Nov 2008; Markus Meier <maekke@gentoo.org> proftpd-1.3.2_rc2-r2.ebuild:
   amd64/x86 stable, bug #238762
diff --git a/net-ftp/proftpd/files/proftpd-1.3.2-upstream-bug-3183.patch b/net-ftp/proftpd/files/proftpd-1.3.2-upstream-bug-3183.patch
new file mode 100644
index 000000000000..8f7c1267f2dc
--- /dev/null
+++ b/net-ftp/proftpd/files/proftpd-1.3.2-upstream-bug-3183.patch
@@ -0,0 +1,101 @@
+Index: modules/mod_auth.c
+===================================================================
+RCS file: /cvsroot/proftp/proftpd/modules/mod_auth.c,v
+retrieving revision 1.252
+diff -u -r1.252 mod_auth.c
+--- modules/mod_auth.c	11 Feb 2009 06:56:43 -0000	1.252
++++ modules/mod_auth.c	12 Feb 2009 18:48:16 -0000
+@@ -1074,11 +1074,13 @@
+    * through with the login process.  Oh well.
+    */
+ 
++  memset(sess_ttyname, '\0', sizeof(sess_ttyname));
+ #if (defined(BSD) && (BSD >= 199103))
+   snprintf(sess_ttyname, sizeof(sess_ttyname), "ftp%ld", (long) getpid());
+ #else
+   snprintf(sess_ttyname, sizeof(sess_ttyname), "ftpd%d", (int) getpid());
+ #endif
++  sess_ttyname[sizeof(sess_ttyname)-1] = '\0';
+ 
+   /* Perform wtmp logging only if not turned off in <Anonymous>
+    * or the current server
+Index: src/main.c
+===================================================================
+RCS file: /cvsroot/proftp/proftpd/src/main.c,v
+retrieving revision 1.361
+diff -u -r1.361 main.c
+--- src/main.c	11 Feb 2009 05:57:12 -0000	1.361
++++ src/main.c	12 Feb 2009 18:48:16 -0000
+@@ -92,8 +92,6 @@
+ 
+ static unsigned char have_dead_child = FALSE;
+ 
+-static char sbuf[PR_TUNABLE_BUFFER_SIZE] = {'\0'};
+-
+ #define PR_DEFAULT_CMD_BUFSZ	512
+ 
+ /* From mod_auth_unix.c */
+@@ -108,7 +106,16 @@
+ static int syntax_check = 0;
+ 
+ static const char *protocol_name = "FTP";
++
++/* This protocol_name_lc variable is used only by WtmpLog logging.  Newer
++ * BSD variants require a name of "ftp" while other, non-BSD variants
++ * prefer "ftpd".
++ */
++#if (defined(BSD) && (BSD >= 199103))
+ static const char *protocol_name_lc = "ftp";
++#else
++static const char *protocol_name_lc = "ftpd";
++#endif
+ 
+ /* Command handling */
+ static void cmd_loop(server_rec *, conn_t *);
+@@ -185,6 +192,7 @@
+ }
+ 
+ static void end_login_noexit(void) {
++  char wtmp_buf[PR_TUNABLE_BUFFER_SIZE];
+ 
+   /* Clear the scoreboard entry. */
+   if (ServerType == SERVER_STANDALONE) {
+@@ -206,20 +214,25 @@
+         strerror(errno));
+   }
+ 
++  if (session.wtmp_log) {
++    memset(wtmp_buf, '\0', sizeof(wtmp_buf));
++  }
++
+   /* If session.user is set, we have a valid login */
+   if (session.user) {
+ #if (defined(BSD) && (BSD >= 199103))
+-    snprintf(sbuf, sizeof(sbuf), "%s%ld", protocol_name_lc,
++    snprintf(wtmp_buf, sizeof(wtmp_buf), "%s%ld", protocol_name_lc,
+       (long) (session.pid ? session.pid : getpid()));
+ #else
+-    snprintf(sbuf, sizeof(sbuf), "%s%d", protocol_name_lc,
++    snprintf(wtmp_buf, sizeof(wtmp_buf), "%s%d", protocol_name_lc,
+       (int) (session.pid ? session.pid : getpid()));
+ #endif
+-    sbuf[sizeof(sbuf) - 1] = '\0';
++    wtmp_buf[sizeof(wtmp_buf) - 1] = '\0';
+ 
+-    if (session.wtmp_log)
+-      log_wtmp(sbuf, "", pr_netaddr_get_sess_remote_name(),
++    if (session.wtmp_log) {
++      log_wtmp(wtmp_buf, "", pr_netaddr_get_sess_remote_name(),
+         pr_netaddr_get_sess_remote_addr());
++    }
+   }
+ 
+   /* These are necessary in order that cleanups associated with these pools
+@@ -573,7 +586,6 @@
+   }
+ 
+   protocol_name_lc = lc;
+-
+   return 0;
+ }
+ 
diff --git a/net-ftp/proftpd/proftpd-1.3.2.ebuild b/net-ftp/proftpd/proftpd-1.3.2.ebuild
new file mode 100644
index 000000000000..57022e88ec81
--- /dev/null
+++ b/net-ftp/proftpd/proftpd-1.3.2.ebuild
@@ -0,0 +1,251 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/proftpd/proftpd-1.3.2.ebuild,v 1.1 2009/02/17 13:12:04 voyageur Exp $
+
+inherit eutils flag-o-matic toolchain-funcs autotools
+
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+
+IUSE="acl authfile ban case clamav deflate hardened ifsession ipv6 ldap mysql ncurses nls noauthunix opensslcrypt pam postgres radius rewrite selinux shaper sitemisc softquota ssl tcpd vroot xinetd"
+
+CASE_VER="0.3"
+CLAMAV_VER="0.10"
+DEFLATE_VER="0.3.1"
+SHAPER_VER="0.6.5"
+VROOT_VER="0.8.3"
+
+DESCRIPTION="An advanced and very configurable FTP server."
+
+SRC_URI="ftp://ftp.proftpd.org/distrib/source/${P/_/}.tar.bz2
+		case? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-case-${CASE_VER}.tar.gz )
+		clamav? ( http://www.thrallingpenguin.com/resources/mod_clamav-${CLAMAV_VER}.tar.gz )
+		deflate? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-deflate-${DEFLATE_VER}.tar.gz )
+		shaper? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-shaper-${SHAPER_VER}.tar.gz )
+		vroot? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-vroot-${VROOT_VER}.tar.gz )"
+
+HOMEPAGE="http://www.proftpd.org/
+		http://www.castaglia.org/proftpd/
+		http://www.thrallingpenguin.com/resources/mod_clamav.htm"
+
+SLOT="0"
+LICENSE="GPL-2"
+
+DEPEND="acl? ( sys-apps/acl sys-apps/attr )
+		clamav? ( app-antivirus/clamav )
+		ldap? ( >=net-nds/openldap-1.2.11 )
+		mysql? ( virtual/mysql )
+		ncurses? ( sys-libs/ncurses )
+		opensslcrypt? ( >=dev-libs/openssl-0.9.6f )
+		pam? ( virtual/pam )
+		postgres? ( virtual/postgresql-base )
+		ssl? ( >=dev-libs/openssl-0.9.6f )
+		tcpd? ( >=sys-apps/tcp-wrappers-7.6-r3 )
+		xinetd? ( virtual/inetd )"
+
+RDEPEND="${DEPEND}
+		net-ftp/ftpbase
+		selinux? ( sec-policy/selinux-ftpd )"
+
+S="${WORKDIR}/${P/_/}"
+
+pkg_setup() {
+	# Add the proftpd user to make the default config
+	# work out-of-the-box
+	enewgroup proftpd
+	enewuser proftpd -1 -1 -1 proftpd
+}
+
+src_unpack() {
+	unpack ${P/_/}.tar.bz2
+
+	cd "${S}"
+
+	# Fix upstream bug 3183 (incorrect logging to wtmp)
+	epatch "${FILESDIR}/${P}-upstream-bug-3183.patch"
+
+	# Fix stripping of files
+	sed -e "s| @INSTALL_STRIP@||g" -i Make*
+
+	if use case ; then
+		unpack ${PN}-mod-case-${CASE_VER}.tar.gz
+		cp -f mod_case/mod_case.c contrib/
+		cp -f mod_case/mod_case.html doc/
+	fi
+
+	if use clamav ; then
+		unpack mod_clamav-${CLAMAV_VER}.tar.gz
+		cp -f mod_clamav-${CLAMAV_VER}/mod_clamav.* contrib/
+		epatch mod_clamav-${CLAMAV_VER}/${PN}.patch
+	fi
+
+	if use deflate ; then
+		unpack ${PN}-mod-deflate-${DEFLATE_VER}.tar.gz
+		cp -f mod_deflate/mod_deflate.c contrib/
+		cp -f mod_deflate/mod_deflate.html doc/
+	fi
+
+	if use shaper ; then
+		unpack ${PN}-mod-shaper-${SHAPER_VER}.tar.gz
+		cp -f mod_shaper/mod_shaper.c contrib/
+		cp -f mod_shaper/mod_shaper.html doc/
+	fi
+
+	if use vroot ; then
+		unpack ${PN}-mod-vroot-${VROOT_VER}.tar.gz
+		cp -f mod_vroot/mod_vroot.c contrib/
+		cp -f mod_vroot/mod_vroot.html doc/
+	fi
+
+	# Fix bug #221275
+	# extract custom PR_ macros from aclocal.m4 to acinclude.m4
+	# and delete the provided aclocal.m4 before running autoreconf
+	elog "Extract custom m4 macros from aclocal.m4..."
+	sed -e '/libtool\.m4/q' aclocal.m4 > acinclude.m4
+	rm -f aclocal.m4
+
+	eautoreconf
+}
+
+src_compile() {
+	addpredict /etc/krb5.conf
+	local modules myconf
+
+	modules="mod_ratio:mod_readme"
+	use acl && modules="${modules}:mod_facl"
+	use ban && modules="${modules}:mod_ban"
+	use case && modules="${modules}:mod_case"
+	use clamav && modules="${modules}:mod_clamav"
+	use deflate && modules="${modules}:mod_deflate"
+	use pam && modules="${modules}:mod_auth_pam"
+	use radius && modules="${modules}:mod_radius"
+	use rewrite && modules="${modules}:mod_rewrite"
+	use shaper && modules="${modules}:mod_shaper"
+	use sitemisc && modules="${modules}:mod_site_misc"
+	use ssl && modules="${modules}:mod_tls"
+	use tcpd && modules="${modules}:mod_wrap"
+	use vroot && modules="${modules}:mod_vroot"
+
+	# pam needs to be explicitely disabled
+	use pam || myconf="${myconf} --enable-auth-pam=no"
+
+	if use ldap ; then
+		modules="${modules}:mod_ldap"
+		append-ldflags "-lresolv"
+		if use ssl ; then
+			CFLAGS="${CFLAGS} -DUSE_LDAP_TLS"
+		fi
+	fi
+
+	if use opensslcrypt ; then
+		myconf="${myconf} --enable-openssl --with-includes=/usr/include/openssl"
+		append-ldflags "-lcrypto"
+		CFLAGS="${CFLAGS} -DHAVE_OPENSSL"
+	fi
+
+	if use nls ; then
+		myconf="${myconf} --enable-nls"
+	fi
+
+	if use mysql && use postgres ; then
+		ewarn "ProFTPD only supports either the MySQL or PostgreSQL modules."
+		ewarn "Presently this ebuild defaults to mysql. If you would like to"
+		ewarn "change the default behaviour, merge ProFTPD with:"
+		ewarn "USE='-mysql postgres' emerge proftpd"
+		epause 5
+	fi
+
+	if use mysql ; then
+		modules="${modules}:mod_sql:mod_sql_mysql"
+		myconf="${myconf} --with-includes=/usr/include/mysql"
+	elif use postgres ; then
+		modules="${modules}:mod_sql:mod_sql_postgres"
+		myconf="${myconf} --with-includes=/usr/include/postgresql"
+	fi
+
+	if use softquota ; then
+		modules="${modules}:mod_quotatab"
+		if use mysql || use postgres ; then
+			modules="${modules}:mod_quotatab_sql"
+		fi
+		if use radius ; then
+			modules="${modules}:mod_quotatab_radius"
+		fi
+		if use ldap ; then
+			modules="${modules}:mod_quotatab_file:mod_quotatab_ldap"
+		else
+			modules="${modules}:mod_quotatab_file"
+		fi
+	fi
+
+	# mod_ifsession should be the last module in the --with-modules list
+	# see http://www.castaglia.org/proftpd/modules/mod_ifsession.html#Installation
+	use ifsession && modules="${modules}:mod_ifsession"
+
+	# bug #30359
+	use hardened && echo > lib/libcap/cap_sys.c
+	gcc-specs-pie && echo > lib/libcap/cap_sys.c
+
+	if use noauthunix ; then
+		myconf="${myconf} --disable-auth-unix"
+	else
+		myconf="${myconf} --enable-auth-unix"
+	fi
+
+	econf \
+		--sbindir=/usr/sbin \
+		--localstatedir=/var/run \
+		--sysconfdir=/etc/proftpd \
+		--enable-shadow \
+		--enable-autoshadow \
+		--enable-ctrls \
+		--with-modules=${modules} \
+		$(use_enable acl facl) \
+		$(use_enable authfile auth-file) \
+		$(use_enable ipv6) \
+		$(use_enable ncurses) \
+		${myconf} || die "econf failed"
+
+	emake || die "emake failed"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install || die "emake install failed"
+
+	keepdir /var/run/proftpd
+
+	dodoc "${FILESDIR}/proftpd.conf" \
+		COPYING CREDITS ChangeLog NEWS README* \
+		doc/license.txt
+	dohtml doc/*.html
+	dohtml doc/howto/*.html
+
+	docinto rfc
+	dodoc doc/rfc/*.txt
+
+	mv -f "${D}/etc/proftpd/proftpd.conf" "${D}/etc/proftpd/proftpd.conf.distrib"
+
+	insinto /etc/proftpd
+	newins "${FILESDIR}/proftpd.conf" proftpd.conf.sample
+
+	if use xinetd ; then
+		insinto /etc/xinetd.d
+		newins "${FILESDIR}/proftpd.xinetd" proftpd
+	fi
+
+	newinitd "${FILESDIR}/proftpd.rc6" proftpd
+}
+
+pkg_postinst() {
+	elog
+	elog "You can find the config files in /etc/proftpd"
+	elog
+	ewarn "With the introduction of net-ftp/ftpbase the ftp user is now ftp."
+	ewarn "Remember to change that in the configuration file."
+	ewarn
+	if use clamav ; then
+		ewarn "mod_clamav was updated to a new version, which uses Clamd"
+		ewarn "only for virus scanning, so you'll have to set Clamd up"
+		ewarn "and start it, also re-check the mod_clamav docs."
+		ewarn
+	fi
+}