Date: Wed, 10 Jun 2015 14:04:47 +0200 From: "zoon01" <zoon01@nas4free.org> To: <mm@FreeBSD.org> Cc: <ports@FreeBSD.org> Subject: FreeBSD Port: proftpd-1.3.5_7 upgrade to 1.3.5a Message-ID: <000301d0a375$a6806d80$f3814880$@nas4free.org>
next in thread | raw e-mail | index | archive | help
This is a multipart message in MIME format. ------=_NextPart_000_0004_01D0A386.6A0A00D0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hi, Include files for port upgrade of proftpd to version 1.3.5a In folder Files: Those Patches: <http://svnweb.freebsd.org/ports/head/ftp/proftpd/files/patch-src_proftpd.8. in?view=log> patch-src_proftpd.8.in <http://svnweb.freebsd.org/ports/head/ftp/proftpd/files/patch-CVE-2015-3306? view=log> patch-CVE-2015-3306 can removed That's it :) ------=_NextPart_000_0004_01D0A386.6A0A00D0 Content-Type: application/octet-stream; name="extra-patch-8-src-fsio.c" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="extra-patch-8-src-fsio.c" --- src/fsio.c.orig 2010-04-12 21:00:00.000000000 +0200=0A= +++ src/fsio.c 2011-12-29 21:51:33.844925577 +0200=0A= @@ -50,6 +50,10 @@=0A= # include <acl/libacl.h>=0A= #endif=0A= =0A= +#if defined(__FreeBSD__)=0A= +#include <dlfcn.h>=0A= +#endif=0A= +=0A= typedef struct fsopendir fsopendir_t;=0A= =0A= struct fsopendir {=0A= @@ -284,7 +288,30 @@=0A= #endif=0A= }=0A= =0A= +#if defined(__FreeBSD__)=0A= +static int=0A= +enter_freebsd_restricted_mode()=0A= +{=0A= + typedef void frmode_t();=0A= + frmode_t *frmode;=0A= +=0A= + frmode =3D (frmode_t *)dlfunc(=0A= + RTLD_NEXT, "__FreeBSD_libc_enter_restricted_mode");=0A= + if (frmode =3D=3D NULL) {=0A= + pr_log_pri(PR_LOG_ERR,=0A= + "error: FreeBSD with vulnerable chroot = (FreeBSD-SA-11:07.chroot)");=0A= + return 1;=0A= + }=0A= + frmode();=0A= + return 0;=0A= +}=0A= +#endif=0A= +=0A= static int sys_chroot(pr_fs_t *fs, const char *path) {=0A= +#if defined(__FreeBSD__)=0A= + if (enter_freebsd_restricted_mode() !=3D 0)=0A= + return -1;=0A= +#endif=0A= if (chroot(path) < 0)=0A= return -1;=0A= =0A= ------=_NextPart_000_0004_01D0A386.6A0A00D0 Content-Type: application/octet-stream; name="extra-patch-modules_mod_xfer.c" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="extra-patch-modules_mod_xfer.c" --- modules/mod_xfer.c.orig 2015-05-28 02:25:54.000000000 +0200=0A= +++ modules/mod_xfer.c 2015-06-10 08:47:38.000000000 +0200=0A= @@ -43,6 +43,8 @@=0A= # define PRIO_MAX 20=0A= #endif=0A= =0A= +#include "mod_clamav.h"=0A= +=0A= extern module auth_module;=0A= extern pid_t mpid;=0A= =0A= @@ -1838,6 +1840,11 @@=0A= return PR_ERROR(cmd);=0A= }=0A= =0A= + if (clamav_scan(cmd)) {=0A= + pr_data_close(FALSE);=0A= + return PR_ERROR(cmd);=0A= + }=0A= +=0A= if (session.xfer.path &&=0A= session.xfer.path_hidden) {=0A= if (pr_fsio_rename(session.xfer.path_hidden, session.xfer.path) = !=3D 0) {=0A= ------=_NextPart_000_0004_01D0A386.6A0A00D0 Content-Type: application/octet-stream; name="patch-contrib-mod_sftp-Makefile.in" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="patch-contrib-mod_sftp-Makefile.in" --- contrib/mod_sftp/Makefile.in.orig 2015-05-28 02:25:54.000000000 +0200=0A= +++ contrib/mod_sftp/Makefile.in 2015-06-10 09:00:47.000000000 +0200=0A= @@ -46,8 +46,9 @@=0A= fi=0A= =0A= install-misc:=0A= - $(INSTALL) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0644 dhparams.pem = $(DESTDIR)$(sysconfdir)/dhparams.pem =0A= - $(INSTALL) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0644 = blacklist.dat $(DESTDIR)$(sysconfdir)/blacklist.dat=0A= + $(INSTALL) -d -m 0755 $(DESTDIR)$(sysconfdir)/proftpd=0A= + $(INSTALL) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0644 dhparams.pem = $(DESTDIR)$(sysconfdir)/proftpd/dhparams.pem.sample=0A= + $(INSTALL) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0644 = blacklist.dat $(DESTDIR)$(sysconfdir)/proftpd/blacklist.dat.sample=0A= =0A= clean:=0A= $(LIBTOOL) --mode=3Dclean $(RM) $(MODULE_NAME).a $(MODULE_NAME).la *.o = *.lo .libs/*.o=0A= ------=_NextPart_000_0004_01D0A386.6A0A00D0 Content-Disposition: attachment; filename="patch-doc__Configuration.html" MIME-Version: 1.0 Content-Type: text/plain; name="patch-doc__Configuration.html" --- doc/Configuration.html.orig 2015-05-28 02:25:54.000000000 +0200 +++ doc/Configuration.html 2015-06-10 11:08:29.000000000 +0200 @@ -4359,7 +4359,7 @@ > ftp ftpd ------=_NextPart_000_0004_01D0A386.6A0A00D0 Content-Type: application/octet-stream; name="patch-sample-configurations_basic.conf" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="patch-sample-configurations_basic.conf" --- sample-configurations/basic.conf.orig 2015-05-28 02:25:54.000000000 = +0200=0A= +++ sample-configurations/basic.conf 2015-06-10 10:56:36.000000000 +0200=0A= @@ -1,3 +1,7 @@=0A= +#=0A= +# For more information about Proftpd configuration=0A= +# see http://www.proftpd.org/=0A= +#=0A= # This is a basic ProFTPD configuration file (rename it to =0A= # 'proftpd.conf' for actual use. It establishes a single server=0A= # and a single anonymous login. It assumes that you have a user/group=0A= @@ -6,12 +10,13 @@=0A= ServerName "ProFTPD Default Installation"=0A= ServerType standalone=0A= DefaultServer on=0A= +ScoreboardFile /var/run/proftpd/proftpd.scoreboard=0A= =0A= # Port 21 is the standard FTP port.=0A= Port 21=0A= =0A= -# Don't use IPv6 support by default.=0A= -UseIPv6 off=0A= +# Use IPv6 support by default.=0A= +UseIPv6=0A= =0A= # Umask 022 is a good standard umask to prevent new dirs and files=0A= # from being group and world writable.=0A= @@ -25,6 +30,8 @@=0A= # (such as xinetd).=0A= MaxInstances 30=0A= =0A= +CommandBufferSize 512=0A= +=0A= # Set the user and group under which the server will run.=0A= User nobody=0A= Group nogroup=0A= @@ -43,23 +50,30 @@=0A= =0A= # A basic anonymous configuration, no upload directories. If you do not=0A= # want anonymous users, simply delete this entire <Anonymous> section.=0A= -<Anonymous ~ftp>=0A= - User ftp=0A= - Group ftp=0A= -=0A= - # We want clients to be able to login with "anonymous" as well as = "ftp"=0A= - UserAlias anonymous ftp=0A= -=0A= - # Limit the maximum number of anonymous logins=0A= - MaxClients 10=0A= -=0A= - # We want 'welcome.msg' displayed at login, and '.message' displayed=0A= - # in each newly chdired directory.=0A= - DisplayLogin welcome.msg=0A= - DisplayChdir .message=0A= -=0A= - # Limit WRITE everywhere in the anonymous chroot=0A= - <Limit WRITE>=0A= - DenyAll=0A= - </Limit>=0A= -</Anonymous>=0A= +=0A= +########################################################################= #=0A= +# = #=0A= +# Uncomment lines with only one # to allow basic anonymous access = #=0A= +# = #=0A= +########################################################################= #=0A= +=0A= +#<Anonymous ~ftp>=0A= +# User ftp=0A= +# Group ftp=0A= +=0A= + ### We want clients to be able to login with "anonymous" as well as = "ftp"=0A= + # UserAlias anonymous ftp=0A= +=0A= + ### Limit the maximum number of anonymous logins=0A= + # MaxClients 10=0A= +=0A= + ### We want 'welcome.msg' displayed at login, and '.message' displayed=0A= + ### in each newly chdired directory.=0A= + # DisplayLogin welcome.msg=0A= + # DisplayFirstChdir .message=0A= +=0A= + ### Limit WRITE everywhere in the anonymous chroot=0A= + # <Limit WRITE>=0A= + # DenyAll=0A= + # </Limit>=0A= +#</Anonymous>=0A= ------=_NextPart_000_0004_01D0A386.6A0A00D0 Content-Type: application/octet-stream; name="proftpd.in" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="proftpd.in" #!/bin/sh=0A= #=0A= # $FreeBSD: head/ftp/proftpd/files/proftpd.in 378282 2015-02-01 = 22:25:50Z mm $=0A= #=0A= =0A= # PROVIDE: proftpd=0A= # REQUIRE: DAEMON=0A= # BEFORE: LOGIN=0A= # KEYWORD: shutdown=0A= =0A= #=0A= # Add the following lines to /etc/rc.conf to enable proftpd:=0A= #=0A= # proftpd_enable=3D"YES"=0A= # proftpd_flags=3D"<set as needed>"=0A= #=0A= # See proftpd(8) for flags=0A= #=0A= =0A= . /etc/rc.subr=0A= =0A= name=3Dproftpd=0A= rcvar=3Dproftpd_enable=0A= =0A= load_rc_config $name=0A= =0A= : ${proftpd_enable:=3D"NO"}=0A= : ${proftpd_config:=3D"%%PREFIX%%/etc/proftpd.conf"}=0A= =0A= command=3D%%PREFIX%%/sbin/proftpd=0A= command_args=3D"-c ${proftpd_config}"=0A= pidfile=3D$(grep PidFile ${proftpd_config} | awk '{print($2)}')=0A= required_files=3D${proftpd_config}=0A= =0A= extra_commands=3D"reload"=0A= stop_postcmd=3Dstop_postcmd=0A= stop_postcmd()=0A= {=0A= rm -f $pidfile=0A= }=0A= =0A= run_rc_command "$1"=0A= ------=_NextPart_000_0004_01D0A386.6A0A00D0 Content-Type: application/octet-stream; name="distinfo" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="distinfo" SHA256 (proftpd-1.3.5a.tar.gz) =3D = a1f48df8539c414ec56e0cea63dcf4b8e16e606c05f10156f030a4a67fae5696=0A= SIZE (proftpd-1.3.5a.tar.gz) =3D 29988477 ------=_NextPart_000_0004_01D0A386.6A0A00D0 Content-Type: application/octet-stream; name="Makefile" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="Makefile" # Created by: Stephane Legrand=0A= # $FreeBSD$=0A= =0A= PORTNAME?=3D proftpd=0A= .if !defined(DISTVERSION)=0A= PORTVERSION?=3D ${PROFTPD_VERSION}=0A= .endif=0A= PORTREVISION?=3D 8=0A= CATEGORIES?=3D ftp=0A= MASTER_SITES=3D ftp://ftp.proftpd.org/distrib/source/ \=0A= https://github.com/downloads/proftpd/proftpd.github.com/ \=0A= ftp://ftpmirror.uk/ftp.proftpd.org/distrib/source/ \=0A= http://www.mirrorservice.org/sites/ftp.proftpd.org/distrib/source/=0A= .if defined(_BUILDING_PROFTPD_MODULE)=0A= DISTNAME=3D proftpd-${PROFTPD_VERSION}=0A= .endif=0A= =0A= MAINTAINER?=3D mm@FreeBSD.org=0A= COMMENT?=3D Highly configurable FTP daemon=0A= =0A= LICENSE?=3D GPLv2=0A= LICENSE_FILE?=3D ${WRKSRC}/COPYING=0A= =0A= .if defined(_BUILDING_PROFTPD_MODULE)=0A= BUILD_DEPENDS+=3D ${LOCALBASE}/sbin/proftpd:${PORTSDIR}/ftp/proftpd=0A= RUN_DEPENDS+=3D ${LOCALBASE}/sbin/proftpd:${PORTSDIR}/ftp/proftpd=0A= .endif=0A= =0A= PROFTPD_VERSION=3D 1.3.5a=0A= =0A= .if defined(_BUILDING_PROFTPD_MODULE)=0A= DISTFILES+=3D ${DISTNAME}${EXTRACT_SUFX}=0A= EXTRACT_ONLY+=3D ${DISTNAME}${EXTRACT_SUFX}=0A= WRKSRC=3D ${WRKDIR}/proftpd-${PROFTPD_VERSION}=0A= . if defined(_PROFTPD_MODULE_EXTRACT_ONLY)=0A= EXTRACT_ONLY+=3D ${_PROFTPD_MODULE_EXTRACT_ONLY}=0A= . endif=0A= . if defined(_PROFTPD_MODULE_DISTFILES)=0A= DISTFILES+=3D ${_PROFTPD_MODULE_DISTFILES}=0A= . endif=0A= . if defined(_PROFTPD_MODULE_MASTER_SITES)=0A= MASTER_SITES+=3D ${_PROFTPD_MODULE_MASTER_SITES}=0A= . endif=0A= .endif=0A= =0A= .if !defined(_BUILDING_PROFTPD_MODULE)=0A= PORTDOCS=3D *=0A= .endif=0A= =0A= MAKE_JOBS_UNSAFE=3D yes=0A= USES+=3D cpe gmake libtool=0A= USE_AUTOTOOLS=3D autoconf=0A= GNU_CONFIGURE=3D yes=0A= =0A= .if !defined(_BUILDING_PROFTPD_MODULE)=0A= USE_OPENSSL=3D yes=0A= USE_RC_SUBR=3D proftpd=0A= .endif=0A= =0A= LOCALSTATEDIR?=3D /var/run=0A= =0A= CONFIGURE_ARGS=3D--localstatedir=3D${LOCALSTATEDIR} \=0A= --libexecdir=3D${PREFIX}/libexec/proftpd \=0A= --with-pkgconfig=3Dlibdata/pkgconfig \=0A= --sysconfdir=3D${PREFIX}/etc \=0A= --enable-ctrls \=0A= --enable-dso \=0A= --disable-sendfile=0A= =0A= CONFIGURE_ENV+=3D install_user=3D`${ID} -u` \=0A= install_group=3D`${ID} -g`=0A= =0A= .if defined(_BUILDING_PROFTPD_MODULE)=0A= MODULES=3D ${_BUILDING_PROFTPD_MODULE}=0A= .for m in ${MODULES}=0A= __MODULES:=3D${__MODULES}:${m}=0A= .endfor=0A= CONFIGURE_ARGS+=3D --with-shared=3D${__MODULES:C/^://g}=0A= INCLUDEDIRS:=3D${INCLUDEDIRS}:${LOCALBASE}/include/proftpd=0A= ALL_TARGET=3D shared=0A= BUILD_WRKSRC=3D ${WRKSRC}/modules=0A= INSTALL_WRKSRC=3D ${WRKSRC}/modules=0A= PLIST=3D ${WRKDIR}/PLIST=0A= .for m in ${MODULES}=0A= PLIST_FILES+=3D libexec/proftpd/${m}.a \=0A= libexec/proftpd/${m}.so=0A= .endfor=0A= .else=0A= OPTIONS_DEFINE=3D DOCS HTMLDOCS IPV6 NLS MEMCACHE PCRE=0A= OPTIONS_DEFAULT=3D IPV6 NLS PCRE=0A= =0A= HTMLDOCS_DESC=3D Include HTML documentation=0A= MEMCACHE_DESC=3D Memcache support using libmemcached=0A= =0A= PLIST_SUB+=3D LOCALSTATEDIR=3D"${LOCALSTATEDIR}"=0A= =0A= .endif #!defined(_BUILDING_PROFTPD_MODULE)=0A= =0A= .include <bsd.port.options.mk>=0A= =0A= .if !defined(_BUILDING_PROFTPD_MODULE)=0A= CPPFLAGS+=3D -DHAVE_OPENSSL -I${OPENSSLINC}=0A= LIBS+=3D -lssl -lcrypto -L${OPENSSLLIB}=0A= LDFLAGS+=3D -lpthread=0A= .endif=0A= =0A= .if !defined(_BUILDING_PROFTPD_MODULE)=0A= LIBDIRS?=3D ${LOCALBASE}/lib=0A= INCLUDEDIRS?=3D ${LOCALBASE}/include=0A= =0A= # Always built modules=0A= MODULES+=3D mod_ban \=0A= mod_copy \=0A= mod_ctrls_admin \=0A= mod_deflate \=0A= mod_dnsbl \=0A= mod_dynmasq \=0A= mod_exec \=0A= mod_ifsession \=0A= mod_ifversion \=0A= mod_qos \=0A= mod_quotatab \=0A= mod_quotatab_file \=0A= mod_quotatab_radius \=0A= mod_quotatab_sql \=0A= mod_radius \=0A= mod_ratio \=0A= mod_readme \=0A= mod_rewrite \=0A= mod_sftp \=0A= mod_sftp_pam \=0A= mod_sftp_sql \=0A= mod_shaper \=0A= mod_site_misc \=0A= mod_snmp \=0A= mod_sql \=0A= mod_sql_passwd \=0A= mod_tls \=0A= mod_tls_shmcache \=0A= mod_unique_id \=0A= mod_wrap2 \=0A= mod_wrap2_file \=0A= mod_wrap2_sql=0A= =0A= .if ${PORT_OPTIONS:MIPV6}=0A= CONFIGURE_ARGS+=3D --enable-ipv6=0A= .else=0A= CONFIGURE_ARGS+=3D --disable-ipv6=0A= .endif=0A= =0A= .if ${PORT_OPTIONS:MNLS}=0A= CONFIGURE_ARGS+=3D --enable-nls=0A= USES+=3D gettext iconv=0A= PLIST_SUB+=3D NLS=3D""=0A= .else=0A= PLIST_SUB+=3D NLS=3D"@comment "=0A= .endif=0A= =0A= .if ${PORT_OPTIONS:MPCRE}=0A= LIB_DEPENDS+=3D libpcre.so:${PORTSDIR}/devel/pcre=0A= CONFIGURE_ARGS+=3D --enable-pcre=0A= .else=0A= CONFIGURE_ARGS+=3D --disable-pcre=0A= .endif=0A= =0A= .if ${PORT_OPTIONS:MMEMCACHE}=0A= MODULES+=3D mod_memcache \=0A= mod_tls_memcache=0A= LIB_DEPENDS+=3D libmemcached.so:${PORTSDIR}/databases/libmemcached=0A= CONFIGURE_ARGS+=3D --enable-memcache=0A= LIBS+=3D -L${LOCALBASE}/lib -lmemcached -lmemcachedutil=0A= PLIST_SUB+=3D MEMCACHE=3D""=0A= .else=0A= CONFIGURE_ARGS+=3D --disable-memcache=0A= PLIST_SUB+=3D MEMCACHE=3D"@comment "=0A= .endif=0A= =0A= # Generate modules configuration string=0A= .for m in ${MODULES}=0A= _MODULES:=3D${_MODULES}:${m}=0A= .endfor=0A= =0A= # Keep this here below, in case similar constructs need to be made=0A= CONFIGURE_ARGS+=3D --with-shared=3D${_MODULES:C/^://g}=0A= =0A= .endif #!defined(_BUILDING_PROFTPD_MODULE)=0A= =0A= CONFIGURE_ARGS+=3D --with-includes=3D${INCLUDEDIRS}=0A= CONFIGURE_ARGS+=3D --with-libraries=3D${LIBDIRS}=0A= =0A= .include <bsd.port.pre.mk>=0A= =0A= .if !defined(_BUILDING_PROFTPD_MODULE)=0A= =0A= .if empty(ICONV_LIB)=0A= CONFIGURE_ARGS+=3D ac_cv_lib_iconv_iconv_open=3Dno \=0A= ac_cv_lib_iconv_libiconv_open=3Dno=0A= .endif=0A= =0A= post-patch:=0A= @${REINPLACE_CMD} -e 's|proftpd\.conf |proftpd.conf.sample |g' = ${WRKSRC}/Makefile.in=0A= =0A= pre-configure:=0A= @${ECHO_MSG} "=3D=3D> Configuring with following modules:"=0A= @${ECHO_MSG} "${MODULES:C/^://g}"=0A= =0A= post-configure:=0A= ${REINPLACE_CMD} -e 's: -lnsl::' ${WRKSRC}/Make.rules=0A= ${REINPLACE_CMD} -e 's:/usr/sbin:${PREFIX}/sbin:' \=0A= -e 's:/usr/bin:${PREFIX}/bin:' \=0A= ${WRKSRC}/src/proftpd.8 ${WRKSRC}/utils/ftpshut.8 \=0A= ${WRKSRC}/utils/ftpcount.1=0A= =0A= .endif #!defined(_BUILDING_PROFTPD_MODULE)=0A= =0A= .if defined(_BUILDING_PROFTPD_MODULE)=0A= pre-build:=0A= @cd ${WRKSRC} && ${MAKE} include/buildstamp.h=0A= =0A= pre-install:=0A= @${MKDIR} ${STAGEDIR}${PREFIX}/libexec/proftpd=0A= =0A= .else=0A= post-install:=0A= @${MKDIR} ${STAGEDIR}/var/run/proftpd=0A= .if ${PORT_OPTIONS:MDOCS}=0A= @${INSTALL} -d ${STAGEDIR}${DOCSDIR}=0A= @cd ${WRKSRC} && ${CP} README* RELEASE_NOTES ${STAGEDIR}${DOCSDIR}=0A= @cd ${WRKSRC}/doc/ && ${INSTALL_DATA} license.txt ${STAGEDIR}${DOCSDIR}=0A= . if ${PORT_OPTIONS:MHTMLDOCS}=0A= @${INSTALL} -d ${STAGEDIR}${DOCSDIR}/html=0A= @cd ${WRKSRC}/doc/ && ${INSTALL_DATA} Configuration.html faq.html = ${STAGEDIR}${DOCSDIR}/html=0A= @${CP} -RP ${WRKSRC}/doc/contrib ${STAGEDIR}${DOCSDIR}/html/contrib=0A= @${CP} -RP ${WRKSRC}/doc/modules ${STAGEDIR}${DOCSDIR}/html/modules=0A= @${CP} -RP ${WRKSRC}/doc/howto ${STAGEDIR}${DOCSDIR}/html/howto=0A= . endif=0A= .endif=0A= @${INSTALL_MAN} ${WRKSRC}/src/ftpdctl.8 = ${STAGEDIR}${MAN8PREFIX}/man/man8/=0A= .endif #!defined(_BUILDING_PROFTPD_MODULE)=0A= =0A= .include <bsd.port.post.mk>=0A= ------=_NextPart_000_0004_01D0A386.6A0A00D0--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000301d0a375$a6806d80$f3814880$>