New version due to a security flaw. See proftpd.org or the ChangeLog for more details.

5 files changed, 156 insertions, 8 deletions

diff --git a/net-ftp/proftpd/ChangeLog b/net-ftp/proftpd/ChangeLog
index 2d21359547f4..8a706ab4f0a3 100644
--- a/net-ftp/proftpd/ChangeLog
+++ b/net-ftp/proftpd/ChangeLog
@@ -1,6 +1,16 @@
 # ChangeLog for net-ftp/proftpd
 # Copyright 2002-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-ftp/proftpd/ChangeLog,v 1.62 2004/06/05 17:21:10 kloeri Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/proftpd/ChangeLog,v 1.63 2004/06/08 06:17:39 raker Exp $
+
+*proftpd-1.2.10_rc1 (08 Jun 2004)
+
+  08 Jun 2004; Nick Hadaway <raker@gentoo.org> proftpd-1.2.10_rc1.ebuild :
+  Important security fixes.  From proftpd.org:  Additionally a flaw in 
+  the CIDRACL code has been discovered which can lead to an escalation in 
+  access rights within the ftp site. This flaw affects all versions up to 
+  and including 1.2.9, it has been fixed in cvs and 1.2.10rc1. To avoid 
+  the flaw do not use CIDR based ACLs on vulnerable versions or use 
+  mod_wrap and /etc/hosts.allow|deny.
 
   05 Jun 2004; Bryan Østergaard <kloeri@gentoo.org> proftpd-1.2.9-r2.ebuild:
   Stable on alpha.
diff --git a/net-ftp/proftpd/Manifest b/net-ftp/proftpd/Manifest
index df63a50d1e8d..83cf4085c0af 100644
--- a/net-ftp/proftpd/Manifest
+++ b/net-ftp/proftpd/Manifest
@@ -1,14 +1,16 @@
 MD5 9fc268673f01fb44ccbeb1ba9b03fe10 proftpd-1.2.8.ebuild 2735
 MD5 8403cc3447fabc18a92eeb5dc891ed26 proftpd-1.2.7.ebuild 3668
+MD5 5db7ee5abc718440e8781e718aaecfc4 proftpd-1.2.10_rc1.ebuild 3316
 MD5 0b2b4f8403cb7c25d68a9219f4dfab19 ChangeLog 9618
 MD5 d6baef0c3c73c8a7e386edb22a544287 proftpd-1.2.9-r2.ebuild 3435
-MD5 c1dc1d9278d5b77f53ea44ee848dafc6 files/digest-proftpd-1.2.7 211
-MD5 6c1a92fc601780a49fdfc01aaf483b69 files/digest-proftpd-1.2.9-r2 66
+MD5 b00999f820f1e46a501ce4fcaeb5fe23 files/proftpd-1.2.9-makefile.patch 434
+MD5 df6669427e230a70e2a4dd815456c7fe files/digest-proftpd-1.2.10_rc1 70
+MD5 09c4b572a757ab1b1b852c5755ac3c67 files/proftpd.rc6 738
 MD5 b338504ed873219e368abab7df6c276d files/proftpd.conf 1704
-MD5 e558f099037d359da5f855285542246e files/1.2.9_rc3-reversedns.diff 1974
-MD5 4d676b70c97bc6daabd8c2ba8d52d27a files/proftpd.xinetd 295
-MD5 0cf02f8c82f22e714b8299e7b7907d8f files/mod_sql_postgres.c.patch 275
+MD5 c1dc1d9278d5b77f53ea44ee848dafc6 files/digest-proftpd-1.2.7 211
 MD5 cb6cd6133728449d0da092b1d6147b9d files/digest-proftpd-1.2.8 66
-MD5 09c4b572a757ab1b1b852c5755ac3c67 files/proftpd.rc6 738
+MD5 0cf02f8c82f22e714b8299e7b7907d8f files/mod_sql_postgres.c.patch 275
+MD5 4d676b70c97bc6daabd8c2ba8d52d27a files/proftpd.xinetd 295
 MD5 50955f0d375360841d50a82b9589e435 files/proftpd-1.2.9-privescal-fix.patch 588
-MD5 b00999f820f1e46a501ce4fcaeb5fe23 files/proftpd-1.2.9-makefile.patch 434
+MD5 6c1a92fc601780a49fdfc01aaf483b69 files/digest-proftpd-1.2.9-r2 66
+MD5 e558f099037d359da5f855285542246e files/1.2.9_rc3-reversedns.diff 1974
diff --git a/net-ftp/proftpd/files/digest-proftpd-1.2.10_rc1 b/net-ftp/proftpd/files/digest-proftpd-1.2.10_rc1
new file mode 100644
index 000000000000..256c6b7296e0
--- /dev/null
+++ b/net-ftp/proftpd/files/digest-proftpd-1.2.10_rc1
@@ -0,0 +1 @@
+MD5 fefde742d34b573fab56d9acbac45593 proftpd-1.2.10rc1.tar.bz2 908722
diff --git a/net-ftp/proftpd/metadata.xml b/net-ftp/proftpd/metadata.xml
new file mode 100644
index 000000000000..194b369637e4
--- /dev/null
+++ b/net-ftp/proftpd/metadata.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>no-herd</herd>
+<maintainer>
+  <email>raker@gentoo.org</email>
+</maintainer>
+</pkgmetadata>
diff --git a/net-ftp/proftpd/proftpd-1.2.10_rc1.ebuild b/net-ftp/proftpd/proftpd-1.2.10_rc1.ebuild
new file mode 100644
index 000000000000..00b6cfe0cbc7
--- /dev/null
+++ b/net-ftp/proftpd/proftpd-1.2.10_rc1.ebuild
@@ -0,0 +1,127 @@
+# Copyright 1999-2004 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/proftpd/proftpd-1.2.10_rc1.ebuild,v 1.1 2004/06/08 06:17:39 raker Exp $
+
+inherit flag-o-matic eutils
+
+IUSE="ldap pam postgres mysql ssl tcpd ipv6"
+
+MY_P=${P/_/}
+S=${WORKDIR}/${MY_P}
+
+DESCRIPTION="An advanced and very configurable FTP server"
+SRC_URI="ftp://ftp.proftpd.org/distrib/source/${MY_P}.tar.bz2"
+HOMEPAGE="http://www.proftpd.org/"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~x86 ~sparc ~hppa ~alpha ~ppc ~mips ~amd64"
+
+DEPEND="pam? ( >=sys-libs/pam-0.75 )
+	mysql? ( >=dev-db/mysql-3.23.26 )
+	ldap? ( >=net-nds/openldap-1.2.11 )
+	postgres? ( >=dev-db/postgresql-7.3 )
+	ssl? ( >=dev-libs/openssl-0.9.6f )
+	tcpd? ( >=sys-apps/tcp-wrappers-7.6-r3 )"
+
+src_compile() {
+	local modules myconf
+
+	modules="mod_ratio:mod_readme"
+	use pam && modules="${modules}:mod_auth_pam"
+	use tcpd && modules="${modules}:mod_wrap"
+
+	if use ldap; then
+		einfo ldap
+		modules="${modules}:mod_ldap"
+		append-ldflags "-lresolv"
+	fi
+
+	if use ssl; then
+		einfo ssl
+		# enable mod_tls
+		modules="${modules}:mod_tls"
+	fi
+
+	if use mysql && use postgres
+	then
+		ewarn "ProFTPD only supports either the MySQL or PostgreSQL modules."
+		ewarn "Presently this ebuild defaults to mysql. If you would like to"
+		ewarn "change the default behaviour, merge ProFTPD with;"
+		ewarn "USE=\"-mysql postgres\" emerge proftpd"
+		sleep 5
+	fi
+
+	if use mysql; then
+		modules="${modules}:mod_sql:mod_sql_mysql"
+		myconf="--with-includes=/usr/include/mysql"
+	elif use postgres; then
+		modules="${modules}:mod_sql:mod_sql_postgres"
+		myconf="--with-includes=/usr/include/postgresql"
+	fi
+
+	# New modules for 1.2.9
+	# Not sure how these should be enabled yet as no use variables
+	# apply currently.  Uncomment if you want to use them though.
+	# -raker 06/16/2003
+	#
+	# modules="${modules}:mod_ifsession"
+	# modules="${modules}:mod_radius"
+	# modules="${modules}:mod_rewrite"
+
+	# bug #30359
+	use hardened && echo > lib/libcap/cap_sys.c
+	has_pic && echo > lib/libcap/cap_sys.c
+
+	econf \
+		--sbindir=/usr/sbin \
+		--localstatedir=/var/run \
+		--sysconfdir=/etc/proftpd \
+		--enable-shadow \
+		--disable-sendfile \
+		--enable-autoshadow \
+		--with-modules=${modules} \
+		${myconf} $( use_enable ipv6 ) || die "bad ./configure"
+
+	emake || die "compile problem"
+}
+
+src_install() {
+	# Note rundir needs to be specified to avoid sandbox violation
+	# on initial install. See Make.rules
+	make DESTDIR=${D} install || die
+
+	keepdir /home/ftp
+	keepdir /var/run/proftpd
+
+	dodoc contrib/README.mod_sql ${FILESDIR}/proftpd.conf \
+		COPYING CREDITS ChangeLog NEWS README* \
+		doc/{license.txt,GetConf}
+	dohtml doc/*.html
+	docinto rfc
+	dodoc doc/rfc/*.txt
+
+	mv ${D}/etc/proftpd/proftpd.conf ${D}/etc/proftpd/proftpd.conf.distrib
+
+	insinto /etc/proftpd
+	newins ${FILESDIR}/proftpd.conf proftpd.conf.sample
+
+	if use pam; then
+		insinto /etc/pam.d
+		newins ${S}/contrib/dist/rpm/ftp.pamd ftp
+	fi
+
+	insinto /etc/xinetd.d
+	newins ${FILESDIR}/proftpd.xinetd proftpd
+
+	exeinto /etc/init.d ; newexe ${FILESDIR}/proftpd.rc6 proftpd
+}
+
+pkg_postinst() {
+	groupadd proftpd &>/dev/null
+	id proftpd &>/dev/null || \
+		useradd -g proftpd -d /home/ftp -s /bin/false proftpd
+	einfo
+	einfo 'You can find the config files in /etc/proftpd'
+	einfo
+}