Fix anon umask uploads, #183213 thanks to Serhij S. Stasyuk

(Portage version: 2.1.3_rc5)

4 files changed, 142 insertions, 1 deletions

diff --git a/net-ftp/vsftpd/ChangeLog b/net-ftp/vsftpd/ChangeLog
index c2addcad264d..6d00ed3598e1 100644
--- a/net-ftp/vsftpd/ChangeLog
+++ b/net-ftp/vsftpd/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for net-ftp/vsftpd
 # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-ftp/vsftpd/ChangeLog,v 1.86 2007/05/15 14:03:32 bangert Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/vsftpd/ChangeLog,v 1.87 2007/06/26 17:59:23 uberlord Exp $
+
+*vsftpd-2.0.5-r3 (26 Jun 2007)
+
+  26 Jun 2007; Roy Marples <uberlord@gentoo.org>
+  +files/vsftpd-2.0.5-anon-upload-umask.patch, +vsftpd-2.0.5-r3.ebuild:
+  Fix anon umask uploads, #183213 thanks to Serhij S. Stasyuk
 
   15 May 2007; Thilo Bangert <bangert@gentoo.org> metadata.xml:
   add <herd>no-herd</herd>
diff --git a/net-ftp/vsftpd/files/digest-vsftpd-2.0.5-r3 b/net-ftp/vsftpd/files/digest-vsftpd-2.0.5-r3
new file mode 100644
index 000000000000..162037302490
--- /dev/null
+++ b/net-ftp/vsftpd/files/digest-vsftpd-2.0.5-r3
@@ -0,0 +1,3 @@
+MD5 146062e8b2f93af43ff6c2c770feea94 vsftpd-2.0.5.tar.gz 155985
+RMD160 297c383aae9fd90f75d5d6a62b2ed5e54adf25d4 vsftpd-2.0.5.tar.gz 155985
+SHA256 5462ebf0df2792dde8ea3cf5d87c715200aac388554b3f0a9ace6265edecfa5b vsftpd-2.0.5.tar.gz 155985
diff --git a/net-ftp/vsftpd/files/vsftpd-2.0.5-anon-upload-umask.patch b/net-ftp/vsftpd/files/vsftpd-2.0.5-anon-upload-umask.patch
new file mode 100644
index 000000000000..223744b8f58e
--- /dev/null
+++ b/net-ftp/vsftpd/files/vsftpd-2.0.5-anon-upload-umask.patch
@@ -0,0 +1,22 @@
+From: Bruno Cornec <Bruno.Cornec@hp.com>
+To: 269193@bugs.debian.org
+Subject: Proposal of patch
+Date: Wed, 2 May 2007 19:51:49 +0200
+
+Hello,
+
+I'm not a Debian contributer, but a Mandriva one.
+Here is the patch I made for the Mandriva cooker package.
+Maybe it could be useful, or at least serve as a base for discussion:
+
+--- vsftpd-2.0.5/postlogin.c.orig       2007-05-02 19:43:54.000000000 +0200
++++ vsftpd-2.0.5/postlogin.c    2007-05-02 19:44:28.000000000 +0200
+@@ -1009,7 +1009,7 @@
+   /* Are we required to chown() this file for security? */
+   if (p_sess->is_anonymous && tunable_chown_uploads)
+   {
+-    vsf_sysutil_fchmod(new_file_fd, 0600);
++    vsf_sysutil_fchmod(new_file_fd, (0777 & ~tunable_anon_umask));
+     if (tunable_one_process_model)
+     {
+       vsf_one_process_chown_upload(p_sess, new_file_fd);
diff --git a/net-ftp/vsftpd/vsftpd-2.0.5-r3.ebuild b/net-ftp/vsftpd/vsftpd-2.0.5-r3.ebuild
new file mode 100644
index 000000000000..916c8b37a1a3
--- /dev/null
+++ b/net-ftp/vsftpd/vsftpd-2.0.5-r3.ebuild
@@ -0,0 +1,110 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/vsftpd/vsftpd-2.0.5-r3.ebuild,v 1.1 2007/06/26 17:59:23 uberlord Exp $
+
+inherit eutils toolchain-funcs
+
+DESCRIPTION="Very Secure FTP Daemon written with speed, size and security in mind"
+HOMEPAGE="http://vsftpd.beasts.org/"
+SRC_URI="ftp://vsftpd.beasts.org/users/cevans/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm ia64 ppc ppc64 s390 sh sparc x86"
+IUSE="caps logrotate pam tcpd ssl selinux xinetd"
+
+DEPEND="caps? ( sys-libs/libcap )
+	pam? ( || ( virtual/pam sys-libs/pam ) )
+	tcpd? ( >=sys-apps/tcp-wrappers-7.6 )
+	ssl? ( >=dev-libs/openssl-0.9.7d )"
+RDEPEND="${DEPEND}
+	net-ftp/ftpbase
+	logrotate? ( app-admin/logrotate )
+	selinux? ( sec-policy/selinux-ftpd )
+	xinetd? ( sys-apps/xinetd )"
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+
+	# Patch the source, config and the manpage to use /etc/vsftpd/
+	epatch "${FILESDIR}/${PN}-2.0.3-gentoo.patch"
+
+	# Fix building without the libcap
+	epatch "${FILESDIR}/${P}-caps.patch"
+
+	# Fix anon umask uploads, #183213.
+	epatch "${FILESDIR}/${P}-anon-upload-umask.patch"
+
+	# Configure vsftpd build defaults
+	use tcpd && echo "#define VSF_BUILD_TCPWRAPPERS" >> builddefs.h
+	use ssl && echo "#define VSF_BUILD_SSL" >> builddefs.h
+	use pam || echo "#undef VSF_BUILD_PAM" >> builddefs.h
+
+	# Ensure that we don't link against libcap unless asked
+	if ! use caps ; then
+		sed -i '/^#define VSF_SYSDEP_HAVE_LIBCAP$/ d' sysdeputil.c
+		sed -i '/libcap/ d' vsf_findlibs.sh
+	fi
+
+	# Let portage control stripping
+	sed -i '/^LINK[[:space:]]*=[[:space:]]*/ s/-Wl,-s//' Makefile
+}
+
+src_compile() {
+	emake CFLAGS="${CFLAGS}" CC="$(tc-getCC)" || die
+}
+
+src_install() {
+	into /usr
+	doman vsftpd.conf.5 vsftpd.8
+	dosbin vsftpd || die
+
+	dodoc AUDIT BENCHMARKS BUGS Changelog FAQ \
+		README README.security REWARD SIZE \
+		SPEED TODO TUNING
+	newdoc vsftpd.conf vsftpd.conf.example
+
+	docinto security
+	dodoc SECURITY/*
+
+	insinto "/usr/share/doc/${PF}/examples"
+	doins -r EXAMPLE/*
+
+	insinto /etc/vsftpd
+	newins vsftpd.conf vsftpd.conf.example
+
+	if use logrotate ; then
+		insinto /etc/logrotate.d
+		newins "${FILESDIR}/vsftpd.logrotate" vsftpd
+	fi
+
+	if use xinetd ; then
+		insinto /etc/xinetd.d
+		newins "${FILESDIR}/vsftpd.xinetd" vsftpd
+	fi
+
+	newinitd "${FILESDIR}/vsftpd.init" vsftpd
+
+	keepdir /usr/share/vsftpd/empty
+}
+
+pkg_preinst() {
+	# If we use xinetd, then we comment out listen=YES
+	# so that our default config works under xinetd - fixes #78347
+	if use xinetd ; then
+		sed -i '/\listen=YES/s/^/#/g' "${D}"/etc/vsftpd/vsftpd.conf.example
+	fi
+}
+
+pkg_postinst() {
+	einfo "vsftpd init script can now be multiplexed."
+	einfo "The default init script forces /etc/vsftpd/vsftpd.conf to exist."
+	einfo "If you symlink the init script to another one, say vsftpd.foo"
+	einfo "then that uses /etc/vsftpd/foo.conf instead."
+	einfo
+	einfo "Example:"
+	einfo "   cd /etc/init.d"
+	einfo "   ln -s vsftpd vsftpd.foo"
+	einfo "You can now treat vsftpd.foo like any other service"
+}