1 |
commit: f676fd7463f36c8a9860677295731fc2f3e93460 |
2 |
Author: Sergei Trofimovich <slyfox <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun May 31 17:15:07 2020 +0000 |
4 |
Commit: Sergei Trofimovich <slyfox <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun May 31 17:17:40 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f676fd74 |
7 |
|
8 |
net-ftp/proftpd: fix mod_ldap SIGSEGV |
9 |
|
10 |
Closes: https://bugs.gentoo.org/726460 |
11 |
Package-Manager: Portage-2.3.100, Repoman-2.3.22 |
12 |
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org> |
13 |
|
14 |
.../files/proftpd-1.3.7_rc4-ldap_mod-SEGV.patch | 38 +++ |
15 |
.../files/proftpd-1.3.7_rc4-str-sentinel.patch | 43 ++++ |
16 |
net-ftp/proftpd/proftpd-1.3.7_rc4-r1.ebuild | 277 +++++++++++++++++++++ |
17 |
3 files changed, 358 insertions(+) |
18 |
|
19 |
diff --git a/net-ftp/proftpd/files/proftpd-1.3.7_rc4-ldap_mod-SEGV.patch b/net-ftp/proftpd/files/proftpd-1.3.7_rc4-ldap_mod-SEGV.patch |
20 |
new file mode 100644 |
21 |
index 00000000000..2f50a28b87f |
22 |
--- /dev/null |
23 |
+++ b/net-ftp/proftpd/files/proftpd-1.3.7_rc4-ldap_mod-SEGV.patch |
24 |
@@ -0,0 +1,38 @@ |
25 |
+https://github.com/proftpd/proftpd/issues/1027 |
26 |
+https://bugs.gentoo.org/726460 |
27 |
+ |
28 |
+From 6ac1c727ddfd70080b38097e5484390ec84ef9be Mon Sep 17 00:00:00 2001 |
29 |
+From: Sergei Trofimovich <slyfox@g.o> |
30 |
+Date: Sun, 31 May 2020 17:55:08 +0100 |
31 |
+Subject: [PATCH 1/2] contrib/mod_ldap.c: fix SIGSEGV in mod_ldap:ldap_mod_init |
32 |
+ () |
33 |
+ |
34 |
+The crash happens due to missing sentinel value in `pstrcat()` |
35 |
+ |
36 |
+```c |
37 |
+ feats = pstrcat(tmp_pool, feats, i != 0 ? ", " : "", |
38 |
+ api_info.ldapai_extensions[i]); |
39 |
+``` |
40 |
+ |
41 |
+The change is to add sentinel to `pstrcat()` call. |
42 |
+ |
43 |
+Bug: https://github.com/proftpd/proftpd/issues/1027 |
44 |
+Signed-off-by: Sergei Trofimovich <slyfox@g.o> |
45 |
+--- |
46 |
+ contrib/mod_ldap.c | 2 +- |
47 |
+ 1 file changed, 1 insertion(+), 1 deletion(-) |
48 |
+ |
49 |
+--- a/contrib/mod_ldap.c |
50 |
++++ b/contrib/mod_ldap.c |
51 |
+@@ -3218,7 +3218,7 @@ static int ldap_mod_init(void) { |
52 |
+ |
53 |
+ for (i = 0; api_info.ldapai_extensions[i]; i++) { |
54 |
+ feats = pstrcat(tmp_pool, feats, i != 0 ? ", " : "", |
55 |
+- api_info.ldapai_extensions[i]); |
56 |
++ api_info.ldapai_extensions[i], NULL); |
57 |
+ ldap_memfree(api_info.ldapai_extensions[i]); |
58 |
+ } |
59 |
+ |
60 |
+-- |
61 |
+2.26.2 |
62 |
+ |
63 |
|
64 |
diff --git a/net-ftp/proftpd/files/proftpd-1.3.7_rc4-str-sentinel.patch b/net-ftp/proftpd/files/proftpd-1.3.7_rc4-str-sentinel.patch |
65 |
new file mode 100644 |
66 |
index 00000000000..cf1e4e91d41 |
67 |
--- /dev/null |
68 |
+++ b/net-ftp/proftpd/files/proftpd-1.3.7_rc4-str-sentinel.patch |
69 |
@@ -0,0 +1,43 @@ |
70 |
+https://github.com/proftpd/proftpd/issues/1027 |
71 |
+https://bugs.gentoo.org/726460 |
72 |
+ |
73 |
+From c5f98b6e047e0e5ca841372d78d06c05fe8770c6 Mon Sep 17 00:00:00 2001 |
74 |
+From: Sergei Trofimovich <slyfox@g.o> |
75 |
+Date: Sun, 31 May 2020 18:03:29 +0100 |
76 |
+Subject: [PATCH 2/2] include/str.h: add __attribute__((sentinel)) to variadic |
77 |
+ concats |
78 |
+ |
79 |
+`pstrcat()` needs to always have literal trailing `NULL`. |
80 |
+ |
81 |
+Bug: https://github.com/proftpd/proftpd/issues/1027 |
82 |
+Signed-off-by: Sergei Trofimovich <slyfox@g.o> |
83 |
+--- |
84 |
+ include/str.h | 14 ++++++++++++-- |
85 |
+ 1 file changed, 12 insertions(+), 2 deletions(-) |
86 |
+ |
87 |
+--- a/include/str.h |
88 |
++++ b/include/str.h |
89 |
+@@ -39,8 +39,18 @@ const char *quote_dir(pool *p, char *dir); |
90 |
+ char *sstrcat(char *, const char *, size_t); |
91 |
+ const char *sreplace(pool *, const char *, ...); |
92 |
+ |
93 |
+-char *pdircat(pool *, ...); |
94 |
+-char *pstrcat(pool *, ...); |
95 |
++char *pdircat(pool *, ...) |
96 |
++#ifdef __GNUC__ |
97 |
++ __attribute__ ((sentinel)); |
98 |
++#else |
99 |
++ ; |
100 |
++#endif |
101 |
++char *pstrcat(pool *, ...) |
102 |
++#ifdef __GNUC__ |
103 |
++ __attribute__ ((sentinel)); |
104 |
++#else |
105 |
++ ; |
106 |
++#endif |
107 |
+ char *pstrdup(pool *, const char *); |
108 |
+ char *pstrndup(pool *, const char *, size_t); |
109 |
+ |
110 |
+-- |
111 |
+2.26.2 |
112 |
+ |
113 |
|
114 |
diff --git a/net-ftp/proftpd/proftpd-1.3.7_rc4-r1.ebuild b/net-ftp/proftpd/proftpd-1.3.7_rc4-r1.ebuild |
115 |
new file mode 100644 |
116 |
index 00000000000..9f1b1ca53ed |
117 |
--- /dev/null |
118 |
+++ b/net-ftp/proftpd/proftpd-1.3.7_rc4-r1.ebuild |
119 |
@@ -0,0 +1,277 @@ |
120 |
+# Copyright 1999-2020 Gentoo Authors |
121 |
+# Distributed under the terms of the GNU General Public License v2 |
122 |
+ |
123 |
+EAPI=7 |
124 |
+inherit multilib systemd tmpfiles toolchain-funcs |
125 |
+ |
126 |
+MOD_CASE="0.7" |
127 |
+MOD_CLAMAV="0.14rc2" |
128 |
+MOD_DISKUSE="0.9" |
129 |
+MOD_GSS="1.3.9" |
130 |
+MOD_MSG="0.4.1" |
131 |
+MOD_VROOT="0.9.4" |
132 |
+ |
133 |
+DESCRIPTION="An advanced and very configurable FTP server" |
134 |
+HOMEPAGE="http://www.proftpd.org/ |
135 |
+ http://www.castaglia.org/proftpd/ |
136 |
+ https://github.com/jbenden/mod_clamav |
137 |
+ http://gssmod.sourceforge.net/" |
138 |
+SRC_URI="ftp://ftp.proftpd.org/distrib/source/${P/_/}.tar.gz |
139 |
+ case? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-case-${MOD_CASE}.tar.gz ) |
140 |
+ clamav? ( https://github.com/jbenden/mod_clamav/archive/v${MOD_CLAMAV}.tar.gz -> ${PN}-mod_clamav-${MOD_CLAMAV}.tar.gz ) |
141 |
+ diskuse? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-diskuse-${MOD_DISKUSE}.tar.gz ) |
142 |
+ kerberos? ( mirror://sourceforge/gssmod/mod_gss-${MOD_GSS}.tar.gz ) |
143 |
+ msg? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-msg-${MOD_MSG}.tar.gz ) |
144 |
+ vroot? ( https://github.com/Castaglia/${PN}-mod_vroot/archive/v${MOD_VROOT}.tar.gz -> mod_vroot-${MOD_VROOT}.tar.gz )" |
145 |
+LICENSE="GPL-2" |
146 |
+ |
147 |
+SLOT="0" |
148 |
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86" |
149 |
+IUSE="acl authfile ban +caps case clamav copy ctrls deflate diskuse dso dynmasq exec ifsession ifversion ident ipv6 |
150 |
+ kerberos ldap libressl log-forensic memcache msg mysql ncurses nls pam +pcre postgres qos radius |
151 |
+ ratio readme rewrite selinux sftp shaper sitemisc snmp sodium softquota sqlite ssl tcpd test unique-id vroot" |
152 |
+# TODO: geoip |
153 |
+REQUIRED_USE="ban? ( ctrls ) |
154 |
+ msg? ( ctrls ) |
155 |
+ sftp? ( ssl ) |
156 |
+ shaper? ( ctrls ) |
157 |
+ |
158 |
+ mysql? ( ssl ) |
159 |
+ postgres? ( ssl ) |
160 |
+ sqlite? ( ssl ) |
161 |
+" |
162 |
+ |
163 |
+CDEPEND="acl? ( virtual/acl ) |
164 |
+ caps? ( sys-libs/libcap ) |
165 |
+ clamav? ( app-antivirus/clamav ) |
166 |
+ kerberos? ( virtual/krb5 ) |
167 |
+ ldap? ( net-nds/openldap ) |
168 |
+ memcache? ( >=dev-libs/libmemcached-0.41 ) |
169 |
+ mysql? ( dev-db/mysql-connector-c:0= ) |
170 |
+ nls? ( virtual/libiconv ) |
171 |
+ ncurses? ( sys-libs/ncurses:0= ) |
172 |
+ ssl? ( |
173 |
+ !libressl? ( dev-libs/openssl:0= ) |
174 |
+ libressl? ( dev-libs/libressl:= ) |
175 |
+ ) |
176 |
+ pam? ( sys-libs/pam ) |
177 |
+ pcre? ( dev-libs/libpcre ) |
178 |
+ postgres? ( dev-db/postgresql:= ) |
179 |
+ sodium? ( dev-libs/libsodium:0= ) |
180 |
+ sqlite? ( dev-db/sqlite:3 ) |
181 |
+" |
182 |
+DEPEND="${CDEPEND} |
183 |
+ test? ( dev-libs/check )" |
184 |
+RDEPEND="${CDEPEND} |
185 |
+ net-ftp/ftpbase |
186 |
+ selinux? ( sec-policy/selinux-ftp )" |
187 |
+ |
188 |
+S="${WORKDIR}/${P/_/}" |
189 |
+ |
190 |
+PATCHES=( |
191 |
+ "${FILESDIR}"/${PN}-1.3.6-use-trace.patch |
192 |
+ "${FILESDIR}"/${PN}-1.3.7_rc4-ldap_mod-SEGV.patch |
193 |
+ "${FILESDIR}"/${PN}-1.3.7_rc4-str-sentinel.patch |
194 |
+) |
195 |
+ |
196 |
+RESTRICT=test # Some tests are ran in chroot. Confuse sandbox. |
197 |
+ |
198 |
+in_dir() { |
199 |
+ pushd "${WORKDIR}/${1}" || die |
200 |
+ shift |
201 |
+ "$@" |
202 |
+ popd |
203 |
+} |
204 |
+ |
205 |
+src_prepare() { |
206 |
+ # Skip 'install-conf' / Support LINGUAS |
207 |
+ sed -i -e "/install-all/s/ install-conf//" Makefile.in || die |
208 |
+ sed -i -e "s/^LANGS=.*$/LANGS=${LINGUAS}/" locale/Makefile.in || die |
209 |
+ |
210 |
+ # Prepare external modules |
211 |
+ if use case; then |
212 |
+ cp -v "${WORKDIR}"/mod_case/mod_case.c contrib || die |
213 |
+ cp -v "${WORKDIR}"/mod_case/mod_case.html doc/contrib || die |
214 |
+ fi |
215 |
+ |
216 |
+ if use clamav ; then |
217 |
+ cp -v "${WORKDIR}"/mod_clamav-${MOD_CLAMAV}/mod_clamav.{c,h} contrib || die |
218 |
+ eapply -p0 "${WORKDIR}"/mod_clamav-${MOD_CLAMAV}/001-add-mod_clamav-to-tests.patch |
219 |
+ fi |
220 |
+ |
221 |
+ if use diskuse; then |
222 |
+ in_dir mod_diskuse eapply "${FILESDIR}"/${PN}-1.3.6_rc4-diskuse-refresh-api.patch |
223 |
+ |
224 |
+ # ./configure will modify files. Symlink them instead of copying |
225 |
+ ln -sv "${WORKDIR}"/mod_diskuse/mod_diskuse.h "${S}"/contrib || die |
226 |
+ |
227 |
+ cp -v "${WORKDIR}"/mod_diskuse/mod_diskuse.c "${S}"/contrib || die |
228 |
+ cp -v "${WORKDIR}"/mod_diskuse/mod_diskuse.html "${S}"/doc/contrib || die |
229 |
+ fi |
230 |
+ |
231 |
+ if use msg; then |
232 |
+ in_dir mod_msg eapply "${FILESDIR}"/${PN}-1.3.6_rc4-msg-refresh-api.patch |
233 |
+ |
234 |
+ cp -v "${WORKDIR}"/mod_msg/mod_msg.c contrib || die |
235 |
+ cp -v "${WORKDIR}"/mod_msg/mod_msg.html doc/contrib || die |
236 |
+ fi |
237 |
+ |
238 |
+ if use vroot; then |
239 |
+ in_dir ${PN}-mod_vroot-${MOD_VROOT} eapply "${FILESDIR}"/${PN}-1.3.6_rc4-vroot-refresh-api.patch |
240 |
+ |
241 |
+ cp -v "${WORKDIR}"/${PN}-mod_vroot-${MOD_VROOT}/mod_vroot.c contrib || die |
242 |
+ cp -v "${WORKDIR}"/${PN}-mod_vroot-${MOD_VROOT}/mod_vroot.html doc/contrib || die |
243 |
+ fi |
244 |
+ |
245 |
+ if use kerberos ; then |
246 |
+ # in_dir mod_gss-${MOD_GSS} eapply "${FILESDIR}"/${PN}-1.3.6_rc4-gss-refresh-api.patch |
247 |
+ |
248 |
+ # Support app-crypt/heimdal / Gentoo Bug #284853 |
249 |
+ sed -i -e "s/krb5_principal2principalname/_\0/" "${WORKDIR}"/mod_gss-${MOD_GSS}/mod_auth_gss.c.in || die |
250 |
+ |
251 |
+ # Remove obsolete DES / Gentoo Bug #324903 |
252 |
+ # Replace 'rpm' lookups / Gentoo Bug #391021 |
253 |
+ sed -i -e "/ac_gss_libs/s/ -ldes425//" \ |
254 |
+ -e "s/ac_libdir=\`rpm -q -l.*$/ac_libdir=\/usr\/$(get_libdir)\//" \ |
255 |
+ -e "s/ac_includedir=\`rpm -q -l.*$/ac_includedir=\/usr\/include\//" "${WORKDIR}"/mod_gss-${MOD_GSS}/configure{,.ac} || die |
256 |
+ |
257 |
+ # ./configure will modify files. Symlink them instead of copying |
258 |
+ ln -sv "${WORKDIR}"/mod_gss-${MOD_GSS}/mod_auth_gss.c "${S}"/contrib || die |
259 |
+ ln -sv "${WORKDIR}"/mod_gss-${MOD_GSS}/mod_gss.c "${S}"/contrib || die |
260 |
+ ln -sv "${WORKDIR}"/mod_gss-${MOD_GSS}/mod_gss.h "${S}"/include || die |
261 |
+ |
262 |
+ cp -v "${WORKDIR}"/mod_gss-${MOD_GSS}/README.mod_{auth_gss,gss} "${S}" || die |
263 |
+ cp -v "${WORKDIR}"/mod_gss-${MOD_GSS}/mod_gss.html "${S}"/doc/contrib || die |
264 |
+ cp -v "${WORKDIR}"/mod_gss-${MOD_GSS}/rfc{1509,2228}.txt "${S}"/doc/rfc || die |
265 |
+ fi |
266 |
+ |
267 |
+ default |
268 |
+ |
269 |
+ tc-export CC |
270 |
+} |
271 |
+ |
272 |
+src_configure() { |
273 |
+ local c m |
274 |
+ |
275 |
+ use acl && m="${m}:mod_facl" |
276 |
+ use ban && m="${m}:mod_ban" |
277 |
+ use case && m="${m}:mod_case" |
278 |
+ use clamav && m="${m}:mod_clamav" |
279 |
+ use copy && m="${m}:mod_copy" |
280 |
+ use ctrls && m="${m}:mod_ctrls_admin" |
281 |
+ use deflate && m="${m}:mod_deflate" |
282 |
+ if use diskuse ; then |
283 |
+ in_dir mod_diskuse econf |
284 |
+ m="${m}:mod_diskuse" |
285 |
+ fi |
286 |
+ use dynmasq && m="${m}:mod_dynmasq" |
287 |
+ use exec && m="${m}:mod_exec" |
288 |
+ use ifsession && m="${m}:mod_ifsession" |
289 |
+ use ifversion && m="${m}:mod_ifversion" |
290 |
+ if use kerberos ; then |
291 |
+ in_dir mod_gss-${MOD_GSS} econf |
292 |
+ m="${m}:mod_gss:mod_auth_gss" |
293 |
+ fi |
294 |
+ use ldap && m="${m}:mod_ldap" |
295 |
+ use log-forensic && m="${m}:mod_log_forensic" |
296 |
+ use msg && m="${m}:mod_msg" |
297 |
+ if use mysql || use postgres || use sqlite ; then |
298 |
+ m="${m}:mod_sql:mod_sql_passwd" |
299 |
+ use mysql && m="${m}:mod_sql_mysql" |
300 |
+ use postgres && m="${m}:mod_sql_postgres" |
301 |
+ use sqlite && m="${m}:mod_sql_sqlite" |
302 |
+ fi |
303 |
+ use qos && m="${m}:mod_qos" |
304 |
+ use radius && m="${m}:mod_radius" |
305 |
+ use ratio && m="${m}:mod_ratio" |
306 |
+ use readme && m="${m}:mod_readme" |
307 |
+ use rewrite && m="${m}:mod_rewrite" |
308 |
+ if use sftp ; then |
309 |
+ m="${m}:mod_sftp" |
310 |
+ use pam && m="${m}:mod_sftp_pam" |
311 |
+ use mysql || use postgres || use sqlite && m="${m}:mod_sftp_sql" |
312 |
+ fi |
313 |
+ use shaper && m="${m}:mod_shaper" |
314 |
+ use sitemisc && m="${m}:mod_site_misc" |
315 |
+ use snmp && m="${m}:mod_snmp" |
316 |
+ if use softquota ; then |
317 |
+ m="${m}:mod_quotatab:mod_quotatab_file" |
318 |
+ use ldap && m="${m}:mod_quotatab_ldap" |
319 |
+ use radius && m="${m}:mod_quotatab_radius" |
320 |
+ use mysql || use postgres || use sqlite && m="${m}:mod_quotatab_sql" |
321 |
+ fi |
322 |
+ if use ssl ; then |
323 |
+ m="${m}:mod_tls:mod_tls_shmcache" |
324 |
+ use memcache && m="${m}:mod_tls_memcache" |
325 |
+ fi |
326 |
+ if use tcpd ; then |
327 |
+ m="${m}:mod_wrap2:mod_wrap2_file" |
328 |
+ use mysql || use postgres || use sqlite && m="${m}:mod_wrap2_sql" |
329 |
+ fi |
330 |
+ use unique-id && m="${m}:mod_unique_id" |
331 |
+ use vroot && m="${m}:mod_vroot" |
332 |
+ |
333 |
+ if [[ -n ${PROFTP_CUSTOM_MODULES} ]]; then |
334 |
+ einfo "Adding user-specified extra modules: '${PROFTP_CUSTOM_MODULES}'" |
335 |
+ m="${m}:${PROFTP_CUSTOM_MODULES}" |
336 |
+ fi |
337 |
+ |
338 |
+ [[ -z ${m} ]] || c="${c} --with-modules=${m:1}" |
339 |
+ |
340 |
+ econf --localstatedir=/run/proftpd --sysconfdir=/etc/proftpd --disable-strip \ |
341 |
+ $(use_enable acl facl) \ |
342 |
+ $(use_enable authfile auth-file) \ |
343 |
+ $(use_enable caps cap) \ |
344 |
+ $(use_enable ctrls) \ |
345 |
+ $(use_enable dso) \ |
346 |
+ $(use_enable ident) \ |
347 |
+ $(use_enable ipv6) \ |
348 |
+ $(use_enable memcache) \ |
349 |
+ $(use_enable ncurses) \ |
350 |
+ $(use_enable nls) \ |
351 |
+ $(use_enable ssl openssl) \ |
352 |
+ $(use_enable pam auth-pam) \ |
353 |
+ $(use_enable pcre) \ |
354 |
+ $(use_enable sodium) \ |
355 |
+ $(use_enable test tests) \ |
356 |
+ --enable-trace \ |
357 |
+ $(use_enable userland_GNU shadow) \ |
358 |
+ $(use_enable userland_GNU autoshadow) \ |
359 |
+ ${c:1} |
360 |
+} |
361 |
+ |
362 |
+src_test() { |
363 |
+ emake api-tests -C tests |
364 |
+} |
365 |
+ |
366 |
+src_install() { |
367 |
+ default |
368 |
+ [[ -z ${LINGUAS-set} ]] && rm -r "${ED}"/usr/share/locale |
369 |
+ rm -rf "${ED}"/run "${ED}"/var/run |
370 |
+ |
371 |
+ newinitd "${FILESDIR}"/proftpd.initd-r1 proftpd |
372 |
+ insinto /etc/proftpd |
373 |
+ doins "${FILESDIR}"/proftpd.conf.sample |
374 |
+ |
375 |
+ insinto /etc/xinetd.d |
376 |
+ newins "${FILESDIR}"/proftpd.xinetd proftpd |
377 |
+ |
378 |
+ insinto /etc/logrotate.d |
379 |
+ newins "${FILESDIR}"/${PN}.logrotate ${PN} |
380 |
+ |
381 |
+ dodoc ChangeLog CREDITS INSTALL NEWS README* RELEASE_NOTES |
382 |
+ |
383 |
+ docinto html |
384 |
+ dodoc doc/*.html doc/contrib/*.html doc/howto/*.html doc/modules/*.html |
385 |
+ |
386 |
+ docinto rfc |
387 |
+ dodoc doc/rfc/*.txt |
388 |
+ |
389 |
+ systemd_dounit "${FILESDIR}"/${PN}.service |
390 |
+ systemd_newtmpfilesd "${FILESDIR}"/${PN}-tmpfiles.d.conf-r1 ${PN}.conf |
391 |
+} |
392 |
+ |
393 |
+pkg_postinst() { |
394 |
+ # Create /var/run files at package merge time: bug #650000 |
395 |
+ tmpfiles_process ${PN}.conf |
396 |
+} |