From 44604a9f5d92cc5019cec6a7a86a217d51fa93b9e595984ed11366d92db63e35 Mon Sep 17 00:00:00 2001
From: Lars Vogdt <lrupp@suse.com>
Date: Sun, 3 Nov 2019 18:13:33 +0000
Subject: [PATCH 1/2] Accepting request 744904 from home:mnhauke

- Add missing requires(pre): user(ftp) for Leap 15 and Tumbleweed

OBS-URL: https://build.opensuse.org/request/show/744904
OBS-URL: https://build.opensuse.org/package/show/network/proftpd?expand=0&rev=66
---
 proftpd.changes | 5 +++++
 proftpd.spec    | 4 +++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/proftpd.changes b/proftpd.changes
index deeb700..57ee7d9 100644
--- a/proftpd.changes
+++ b/proftpd.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Sat Nov  2 18:12:51 UTC 2019 - Martin Hauke <mardnh@gmx.de>
+
+- Add missing requires(pre): user(ftp) for Leap 15 and Tumbleweed
+
 -------------------------------------------------------------------
 Wed Oct  2 15:01:11 UTC 2019 - Bernhard Wiedemann <bwiedemann@suse.com>
 
diff --git a/proftpd.spec b/proftpd.spec
index a830d1b..a3819f6 100644
--- a/proftpd.spec
+++ b/proftpd.spec
@@ -63,7 +63,6 @@ BuildRequires:  sqlite3-devel
 BuildRequires:  unixODBC-devel
 BuildRequires:  pkgconfig(libssl) < 1.1
 Requires:       logrotate
-
 %if 0%{?lang_package:1} > 0
 Recommends:     %{name}-lang
 %endif
@@ -75,6 +74,9 @@ BuildRequires:  systemd-rpm-macros
 %else
 Requires(pre):  %insserv_prereq
 %endif
+%if 0%{?suse_version} >= 1330
+Requires(pre):  user(ftp)
+%endif
 
 %description
 ProFTPD is a configurable FTP daemon for Unix and Unix-like

From dc495d556251f9e7d7dea9a1a53473878778c948d646bd0e51245aa483079f45 Mon Sep 17 00:00:00 2001
From: Christian Wittmer <chris@computersalat.de>
Date: Sun, 3 Nov 2019 20:48:31 +0000
Subject: [PATCH 2/2] Accepting request 745041 from
 home:computersalat:devel:network

fix for boo#1142281 (CVE-2019-12815, bpo#4372), fix deps and changes file

OBS-URL: https://build.opensuse.org/request/show/745041
OBS-URL: https://build.opensuse.org/package/show/network/proftpd?expand=0&rev=67
---
 proftpd-CVE-2019-12815.patch | 85 ++++++++++++++++++++++++++++++++++++
 proftpd.changes              | 15 ++++++-
 proftpd.spec                 |  4 ++
 3 files changed, 103 insertions(+), 1 deletion(-)
 create mode 100644 proftpd-CVE-2019-12815.patch

diff --git a/proftpd-CVE-2019-12815.patch b/proftpd-CVE-2019-12815.patch
new file mode 100644
index 0000000..cbe7572
--- /dev/null
+++ b/proftpd-CVE-2019-12815.patch
@@ -0,0 +1,85 @@
+Fix for CVE-2019-12815
+http://bugs.proftpd.org/show_bug.cgi?id=4372
+https://github.com/proftpd/proftpd/commit/a73dbfe3b61459e7c2806d5162b12f0957990cb3
+Index: contrib/mod_copy.c
+===================================================================
+--- contrib/mod_copy.c.orig
++++ contrib/mod_copy.c
+@@ -1,7 +1,7 @@
+ /*
+  * ProFTPD: mod_copy -- a module supporting copying of files on the server
+  *                      without transferring the data to the client and back
+- * Copyright (c) 2009-2016 TJ Saunders
++ * Copyright (c) 2009-2019 TJ Saunders
+  *
+  * This program is free software; you can redistribute it and/or modify
+  * it under the terms of the GNU General Public License as published by
+@@ -657,7 +657,7 @@ MODRET copy_copy(cmd_rec *cmd) {
+ MODRET copy_cpfr(cmd_rec *cmd) {
+   register unsigned int i;
+   int res;
+-  char *path = "";
++  char *cmd_name, *path = "";
+   unsigned char *authenticated = NULL;
+ 
+   if (copy_engine == FALSE) {
+@@ -705,6 +705,21 @@ MODRET copy_cpfr(cmd_rec *cmd) {
+     path = pstrcat(cmd->tmp_pool, path, *path ? " " : "", decoded_path, NULL);
+   }
+ 
++  cmd_name = cmd->argv[0];
++  pr_cmd_set_name(cmd, "SITE_CPFR");
++  if (!dir_check(cmd->tmp_pool, cmd, G_READ, path, NULL)) {
++    int xerrno = EPERM;
++
++    pr_cmd_set_name(cmd, cmd_name);
++    pr_response_add_err(R_550, "%s: %s", (char *) cmd->argv[3],
++      strerror(xerrno));
++
++    pr_cmd_set_errno(cmd, xerrno);
++    errno = xerrno;
++    return PR_ERROR(cmd);
++  }
++  pr_cmd_set_name(cmd, cmd_name);
++
+   res = pr_filter_allow_path(CURRENT_CONF, path);
+   switch (res) {
+     case 0:
+@@ -758,6 +773,7 @@ MODRET copy_cpfr(cmd_rec *cmd) {
+ MODRET copy_cpto(cmd_rec *cmd) {
+   register unsigned int i;
+   const char *from, *to = "";
++  char *cmd_name;
+   unsigned char *authenticated = NULL;
+ 
+   if (copy_engine == FALSE) {
+@@ -816,6 +832,20 @@ MODRET copy_cpto(cmd_rec *cmd) {
+ 
+   to = dir_canonical_vpath(cmd->tmp_pool, to);
+ 
++  cmd_name = cmd->argv[0];
++  pr_cmd_set_name(cmd, "SITE_CPTO");
++  if (!dir_check(cmd->tmp_pool, cmd, G_WRITE, to, NULL)) {
++    int xerrno = EPERM;
++
++    pr_cmd_set_name(cmd, cmd_name);
++    pr_response_add_err(R_550, "%s: %s", to, strerror(xerrno));
++
++    pr_cmd_set_errno(cmd, xerrno);
++    errno = xerrno;
++    return PR_ERROR(cmd);
++  }
++  pr_cmd_set_name(cmd, cmd_name);
++
+   if (copy_paths(cmd->tmp_pool, from, to) < 0) {
+     int xerrno = errno;
+     const char *err_code = R_550;
+@@ -940,7 +970,7 @@ static conftable copy_conftab[] = {
+ 
+ static cmdtable copy_cmdtab[] = {
+   { CMD, 	C_SITE, G_WRITE,	copy_copy,	FALSE,	FALSE, CL_MISC },
+-  { CMD, 	C_SITE, G_DIRS,		copy_cpfr,	FALSE,	FALSE, CL_MISC },
++  { CMD, 	C_SITE, G_READ,		copy_cpfr,	FALSE,	FALSE, CL_MISC },
+   { CMD, 	C_SITE, G_WRITE,	copy_cpto,	FALSE,	FALSE, CL_MISC },
+   { POST_CMD,	C_PASS,	G_NONE,		copy_post_pass, FALSE,	FALSE },
+   { LOG_CMD, 	C_SITE, G_NONE,		copy_log_site,	FALSE,	FALSE },
diff --git a/proftpd.changes b/proftpd.changes
index 57ee7d9..198f7a7 100644
--- a/proftpd.changes
+++ b/proftpd.changes
@@ -1,13 +1,26 @@
 -------------------------------------------------------------------
 Sat Nov  2 18:12:51 UTC 2019 - Martin Hauke <mardnh@gmx.de>
 
-- Add missing requires(pre): user(ftp) for Leap 15 and Tumbleweed
+- Add missing Requires(pre): group(ftp) for Leap 15 and Tumbleweed
+- Add missing Requires(pre): user(ftp) for Leap 15 and Tumbleweed
 
 -------------------------------------------------------------------
 Wed Oct  2 15:01:11 UTC 2019 - Bernhard Wiedemann <bwiedemann@suse.com>
 
 - Update proftpd-dist.patch to use pam_keyinit.so (boo#1144056)
 
+-------------------------------------------------------------------
+Fri Aug  2 14:52:48 UTC 2019 - chris@computersalat.de
+
+- fix for boo#1142281 (CVE-2019-12815, bpo#4372)
+  arbitrary file copy in mod_copy allows for remote code execution
+   and information disclosure without authentication
+- add patch
+  * proftpd-CVE-2019-12815.patch
+    taken from:
+    - http://bugs.proftpd.org/show_bug.cgi?id=4372
+    - https://github.com/proftpd/proftpd/commit/a73dbfe3b61459e7c2806d5162b12f0957990cb3
+
 -------------------------------------------------------------------
 Mon Jul  1 13:50:01 UTC 2019 - chris@computersalat.de
 
diff --git a/proftpd.spec b/proftpd.spec
index a3819f6..29b3bd8 100644
--- a/proftpd.spec
+++ b/proftpd.spec
@@ -45,6 +45,8 @@ Patch102:       %{name}-ftpasswd.patch
 Patch103:       %{name}-strip.patch
 #PATCH-FIX-openSUSE: file-contains-date-and-time
 Patch104:       %{name}-no_BuildDate.patch
+#PATCH-CVE-Backport: CVE-2019-12815 (bpo#4372)
+Patch106:       %{name}-CVE-2019-12815.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 #BuildRequires:  gpg-offline
 BuildRequires:  fdupes
@@ -75,6 +77,7 @@ BuildRequires:  systemd-rpm-macros
 Requires(pre):  %insserv_prereq
 %endif
 %if 0%{?suse_version} >= 1330
+Requires(pre):  group(ftp)
 Requires(pre):  user(ftp)
 %endif
 
@@ -150,6 +153,7 @@ rm README.AIX
 %patch102
 %patch103
 %patch104
+%patch106
 
 %build
 rm contrib/mod_wrap.c