pool/proftpd
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

..

No commits in common. "factory" and "factory" have entirely different histories.
factory ... factory

8 changed files with 14 additions and 73 deletions

3
proftpd-1.3.8b.tar.gz Normal file

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:183ab7c6107de271a2959ff268f55c9b6c76b2cf0029e6584fccc019686601e0
size 19752808

7
proftpd-1.3.8b.tar.gz.asc Normal file

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iEYEABECAAYFAmWCcGMACgkQt46JP6URl2rOOACgqd6poiniUeOej3gVoE4ZHA1Z
PKgAoKgsyi9zqoilnOtZJKfzWw4BJ546
=GIJC
-----END PGP SIGNATURE-----

3
proftpd-1.3.8c.tar.gz

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2a48f2ca338456e750d2373bf671025ed799e04e0baa16c7bb8dbfd67d8734d2
size 19751847

6
proftpd-1.3.8c.tar.gz.asc

@ -1,6 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQRpfmhNFmjWloQoQFy3jok/pRGXagUCZ1nafgAKCRC3jok/pRGX
arsZAKDP6Vk4oWO9BB0TbMnNNe1TRZwjOwCdH+pBD7f0WDsf6cO4D9oF6iqNgvY=
=YGOJ
-----END PGP SIGNATURE-----

4
proftpd-no_BuildDate.patch

@ -99,5 +99,5 @@ Index: include/version.h
-#include "buildstamp.h" -#include "buildstamp.h"
- -
/* Application version (in various forms) */ /* Application version (in various forms) */
#define PROFTPD_VERSION_NUMBER 0x0001030808 #define PROFTPD_VERSION_NUMBER 0x0001030807
#define PROFTPD_VERSION_TEXT "1.3.8c" #define PROFTPD_VERSION_TEXT "1.3.8b"

37
proftpd-null_pointer.patch

@ -1,37 +0,0 @@
# Mitigation CVE-2024-57392 / GHSA-cf42-x7h8-3v3q #1866
# #1866: Some of the fuzzing tests submitted in the advisory ran into existing
# null pointer dereferences (not buffer overflows); let's correct them.
Index: modules/mod_ls.c
===================================================================
--- modules/mod_ls.c.orig
+++ modules/mod_ls.c
@@ -2,7 +2,7 @@
* ProFTPD - FTP server daemon
* Copyright (c) 1997, 1998 Public Flood Software
* Copyright (c) 1999, 2000 MacGyver aka Habeeb J. Dihu <macgyver@tos.net>
- * Copyright (c) 2001-2022 The ProFTPD Project
+ * Copyright (c) 2001-2025 The ProFTPD Project
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -360,7 +360,8 @@ static int sendline(int flags, char *fmt
errno != 0) {
int xerrno = errno;
- if (session.d != NULL) {
+ if (session.d != NULL &&
+ session.d->outstrm != NULL) {
xerrno = PR_NETIO_ERRNO(session.d->outstrm);
}
@@ -1101,7 +1102,9 @@ static int outputfiles(cmd_rec *cmd) {
return res;
}
- tail->down = NULL;
+ if (tail != NULL) {
+ tail->down = NULL;
+ }
tail = NULL;
colwidth = (colwidth | 7) + 1;
if (opt_l || !opt_C) {

21
proftpd.changes

@ -1,24 +1,3 @@
-------------------------------------------------------------------
Thu Feb 20 09:05:57 UTC 2025 - chris@computersalat.de
- fix for boo#1236889 (CVE-2024-57392)
https://github.com/proftpd/proftpd/issues/1866
Some of the fuzzing tests submitted in the advisory ran into existing null
pointer dereferences (not buffer overflows); let's correct them.
- Add proftpd-null_pointer.patch
-------------------------------------------------------------------
Thu Jan 9 17:25:19 UTC 2025 - chris@computersalat.de
- 1.3.8c - Released 11-Dec-2024
fix for boo#1233997 (CVE-2024-48651)
* http://proftpd.org/docs/NEWS-1.3.8c
gh#1830 - Supplemental group inheritance grants unintended access to GID 0
due to lack of supplemental groups from mod_sql
https://github.com/proftpd/proftpd/issues/1830
- rebase patch
* proftpd-no_BuildDate.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Feb 29 14:45:47 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org> Thu Feb 29 14:45:47 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>

6
proftpd.spec

@ -1,7 +1,7 @@
# #
# spec file for package proftpd # spec file for package proftpd
# #
# Copyright (c) 2025 SUSE LLC # Copyright (c) 2024 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -33,7 +33,7 @@ Summary: Configurable GPL-licensed FTP server software
# We only accept updates for "STABLE" Versions # We only accept updates for "STABLE" Versions
License: GPL-2.0-or-later License: GPL-2.0-or-later
Group: Productivity/Networking/Ftp/Servers Group: Productivity/Networking/Ftp/Servers
Version: 1.3.8c Version: 1.3.8b
Release: 0 Release: 0
URL: http://www.proftpd.org/ URL: http://www.proftpd.org/
Source0: ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz Source0: ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz
@ -60,8 +60,6 @@ Patch104: %{name}-no_BuildDate.patch
Patch105: %{name}_env-script-interpreter.patch Patch105: %{name}_env-script-interpreter.patch
#openSUSE:Security_Features#Systemd_hardening_effort #openSUSE:Security_Features#Systemd_hardening_effort
Patch106: harden_proftpd.service.patch Patch106: harden_proftpd.service.patch
#PATCH-FIX-Upstream: Mitigation CVE-2024-57392 / GHSA-cf42-x7h8-3v3q #1866
Patch200: %{name}-null_pointer.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
#BuildRequires: gpg-offline #BuildRequires: gpg-offline
BuildRequires: cyrus-sasl-devel BuildRequires: cyrus-sasl-devel