diff --git a/proftpd-1.3.4c.tar.gz b/proftpd-1.3.4c.tar.gz deleted file mode 100644 index 8bea09a..0000000 --- a/proftpd-1.3.4c.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fb80dd422969b8c900920a30a56f5e272862275d244d3857a980f5f2386ea912 -size 7689622 diff --git a/proftpd-1.3.4c.tar.gz.asc b/proftpd-1.3.4c.tar.gz.asc deleted file mode 100644 index c4e7c83..0000000 --- a/proftpd-1.3.4c.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.9 (GNU/Linux) - -iEYEABECAAYFAlE3iYYACgkQt46JP6URl2oSPgCfX4mzFaXUVYsHS8rz60GH7KzP -9WgAniLOpNU11NPtRAdviGnsuOLDmMGW -=Ocyb ------END PGP SIGNATURE----- diff --git a/proftpd-1.3.4d.tar.gz b/proftpd-1.3.4d.tar.gz new file mode 100644 index 0000000..cd4d9d2 --- /dev/null +++ b/proftpd-1.3.4d.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c198b53991ce641eae6b3237e856e59f0bfe8330794145b49cae33f85b6f5370 +size 7697046 diff --git a/proftpd-1.3.4d.tar.gz.asc b/proftpd-1.3.4d.tar.gz.asc new file mode 100644 index 0000000..25d8bc7 --- /dev/null +++ b/proftpd-1.3.4d.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (GNU/Linux) + +iEYEABECAAYFAlG7UkEACgkQt46JP6URl2rkugCg3f2dkMdkHjrplr2P4bq04pzS +oVIAoI69AFTzGVjsAReiU1lIh8q4Qojo +=f/F/ +-----END PGP SIGNATURE----- diff --git a/proftpd-no_BuildDate.patch b/proftpd-no_BuildDate.patch index 4d3d785..281bb9d 100644 --- a/proftpd-no_BuildDate.patch +++ b/proftpd-no_BuildDate.patch @@ -76,5 +76,5 @@ Index: include/version.h -#include "buildstamp.h" - /* Application version (in various forms) */ - #define PROFTPD_VERSION_NUMBER 0x0001030407 - #define PROFTPD_VERSION_TEXT "1.3.4c" + #define PROFTPD_VERSION_NUMBER 0x0001030408 + #define PROFTPD_VERSION_TEXT "1.3.4d" diff --git a/proftpd-sftp-kbdint-max-responses-bug3973.patch b/proftpd-sftp-kbdint-max-responses-bug3973.patch new file mode 100644 index 0000000..9d30e20 --- /dev/null +++ b/proftpd-sftp-kbdint-max-responses-bug3973.patch @@ -0,0 +1,131 @@ +Index: contrib/mod_sftp_pam.c +=================================================================== +--- contrib/mod_sftp_pam.c.orig ++++ contrib/mod_sftp_pam.c +@@ -197,22 +197,13 @@ static int sftppam_converse(int nmsgs, P + return PAM_CONV_ERR; + } + +- if (sftp_kbdint_recv_response(sftppam_driver.driver_pool, &recvd_count, +- &recvd_responses) < 0) { ++ if (sftp_kbdint_recv_response(sftppam_driver.driver_pool, list->nelts, ++ &recvd_count, &recvd_responses) < 0) { + pr_trace_msg(trace_channel, 3, + "error receiving keyboard-interactive responses: %s", strerror(errno)); + return PAM_CONV_ERR; + } + +- /* Make sure that the count of responses matches the challenge count. */ +- if (recvd_count != list->nelts) { +- (void) pr_log_writefile(sftp_logfd, MOD_SFTP_PAM_VERSION, +- "sent %d %s, but received %u %s", nmsgs, +- list->nelts != 1 ? "challenges" : "challenge", recvd_count, +- recvd_count != 1 ? "responses" : "response"); +- return PAM_CONV_ERR; +- } +- + res = calloc(nmsgs, sizeof(struct pam_response)); + if (res == NULL) { + pr_log_pri(PR_LOG_CRIT, "Out of memory!"); +Index: contrib/mod_sftp/kbdint.c +=================================================================== +--- contrib/mod_sftp/kbdint.c.orig ++++ contrib/mod_sftp/kbdint.c +@@ -1,6 +1,6 @@ + /* + * ProFTPD - mod_sftp keyboard-interactive driver mgmt +- * Copyright (c) 2008-2009 TJ Saunders ++ * Copyright (c) 2008-2013 TJ Saunders + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by +@@ -31,6 +31,8 @@ + #include "utf8.h" + #include "kbdint.h" + ++#define SFTP_KBDINT_MAX_RESPONSES 500 ++ + struct kbdint_driver { + struct kbdint_driver *next, *prev; + +@@ -252,8 +254,8 @@ int sftp_kbdint_send_challenge(const cha + return res; + } + +-int sftp_kbdint_recv_response(pool *p, unsigned int *count, +- const char ***responses) { ++int sftp_kbdint_recv_response(pool *p, unsigned int expected_count, ++ unsigned int *rcvd_count, const char ***responses) { + register unsigned int i; + char *buf; + cmd_rec *cmd; +@@ -264,7 +266,7 @@ int sftp_kbdint_recv_response(pool *p, u + int res; + + if (p == NULL || +- count == NULL || ++ rcvd_count == NULL || + responses == NULL) { + errno = EINVAL; + return -1; +@@ -299,6 +301,29 @@ int sftp_kbdint_recv_response(pool *p, u + + resp_count = sftp_msg_read_int(pkt->pool, &buf, &buflen); + ++ /* Ensure that the number of responses sent by the client is the same ++ * as the number of challenges sent, lest a malicious client attempt to ++ * trick us into allocating too much memory (Bug#3973). ++ */ ++ if (resp_count != expected_count) { ++ (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION, ++ "sent %lu %s, but received %lu %s", (unsigned long) expected_count, ++ expected_count != 1 ? "challenges" : "challenge", ++ (unsigned long) resp_count, resp_count != 1 ? "responses" : "response"); ++ destroy_pool(pkt->pool); ++ errno = EPERM; ++ return -1; ++ } ++ ++ if (resp_count > SFTP_KBDINT_MAX_RESPONSES) { ++ (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION, ++ "received too many responses (%lu > max %lu), rejecting", ++ (unsigned long) resp_count, (unsigned long) SFTP_KBDINT_MAX_RESPONSES); ++ destroy_pool(pkt->pool); ++ errno = EPERM; ++ return -1; ++ } ++ + list = make_array(p, resp_count, sizeof(char *)); + for (i = 0; i < resp_count; i++) { + char *resp; +@@ -307,7 +332,7 @@ int sftp_kbdint_recv_response(pool *p, u + *((char **) push_array(list)) = pstrdup(p, sftp_utf8_decode_str(p, resp)); + } + +- *count = (unsigned int) resp_count; ++ *rcvd_count = (unsigned int) resp_count; + *responses = ((const char **) list->elts); + return 0; + } +Index: contrib/mod_sftp/mod_sftp.h.in +=================================================================== +--- contrib/mod_sftp/mod_sftp.h.in.orig ++++ contrib/mod_sftp/mod_sftp.h.in +@@ -1,6 +1,6 @@ + /* + * ProFTPD - mod_sftp +- * Copyright (c) 2008-2011 TJ Saunders ++ * Copyright (c) 2008-2013 TJ Saunders + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by +@@ -174,7 +174,8 @@ int sftp_kbdint_register_driver(const ch + int sftp_kbdint_unregister_driver(const char *name); + int sftp_kbdint_send_challenge(const char *, const char *, unsigned int, + sftp_kbdint_challenge_t *); +-int sftp_kbdint_recv_response(pool *, unsigned int *, const char ***); ++int sftp_kbdint_recv_response(pool *, unsigned int, unsigned int *, ++ const char ***); + + /* API for modules that which to register keystores, for the + * SFTPAuthorizedHostKeys and SFTPAuthorizedUserKeys directives. diff --git a/proftpd.changes b/proftpd.changes index 5f2ddba..6c645a8 100644 --- a/proftpd.changes +++ b/proftpd.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Thu Oct 3 20:48:44 UTC 2013 - chris@computersalat.de + +- update to 1.3.4d + * Fixed broken build when using --disable-ipv6 configure option + * Fixed mod_sql "SQLAuthType Backend" MySQL issues +- fix for bnc#843444 (CVE-2013-4359) + * http://bugs.proftpd.org/show_bug.cgi?id=3973 + * add proftpd-sftp-kbdint-max-responses-bug3973.patch + ------------------------------------------------------------------- Mon Jul 29 01:12:53 UTC 2013 - crrodriguez@opensuse.org diff --git a/proftpd.spec b/proftpd.spec index 35760c0..b8d1a01 100644 --- a/proftpd.spec +++ b/proftpd.spec @@ -22,7 +22,7 @@ License: GPL-2.0+ Group: Productivity/Networking/Ftp/Servers # Please save your time and do not update to "rc" versions. # We only accept updates for "STABLE" Versions -Version: 1.3.4c +Version: 1.3.4d Release: 0 Url: http://www.proftpd.org/ Source0: ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz @@ -41,6 +41,8 @@ Patch102: %{name}-ftpasswd.patch Patch103: %{name}-strip.patch #PATCH-FIX-openSUSE: file-contains-date-and-time Patch104: %{name}-no_BuildDate.patch +# PATCH-FIX-upstream: sftp-kbdint-max-responses-bug3973 +Patch105: %{name}-sftp-kbdint-max-responses-bug3973.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: gpg-offline BuildRequires: krb5-devel @@ -141,6 +143,7 @@ Here are Documentation for ProFTPD %patch102 %patch103 %patch104 +%patch105 %build PROFTPD_SHARED_MODS="$(for spec_mod in $(find contrib -name mod_\*.c); do echo "$(basename ${spec_mod%%.c})"; done | tr '\n' ':' | sed -e 's|:$||')"