Accepting request 745042 from network

fix for boo#1142281 (CVE-2019-12815, bpo#4372), fix deps and changes file (forwarded request 745041 from computersalat) OBS-URL: https://build.opensuse.org/request/show/745042 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/proftpd?expand=0&rev=35
2019-11-04 16:15:40 +00:00 · 2019-11-04 16:15:40 +00:00 · 62a2d25048
commit 62a2d25048
parent e9e42b7a68 dc495d5562
3 changed files with 110 additions and 1 deletions
--- a/proftpd-CVE-2019-12815.patch
+++ b/proftpd-CVE-2019-12815.patch
@ -0,0 +1,85 @@
+Fix for CVE-2019-12815
+http://bugs.proftpd.org/show_bug.cgi?id=4372
+https://github.com/proftpd/proftpd/commit/a73dbfe3b61459e7c2806d5162b12f0957990cb3
+Index: contrib/mod_copy.c
+===================================================================
+--- contrib/mod_copy.c.orig
+++ contrib/mod_copy.c
+@@ -1,7 +1,7 @@
+ /*
+  * ProFTPD: mod_copy -- a module supporting copying of files on the server
+  *                      without transferring the data to the client and back
+- * Copyright (c) 2009-2016 TJ Saunders
+ * Copyright (c) 2009-2019 TJ Saunders
+  *
+  * This program is free software; you can redistribute it and/or modify
+  * it under the terms of the GNU General Public License as published by
+@@ -657,7 +657,7 @@ MODRET copy_copy(cmd_rec *cmd) {
+ MODRET copy_cpfr(cmd_rec *cmd) {
+   register unsigned int i;
+   int res;
+-  char *path = "";
+  char *cmd_name, *path = "";
+   unsigned char *authenticated = NULL;
+ 
+   if (copy_engine == FALSE) {
+@@ -705,6 +705,21 @@ MODRET copy_cpfr(cmd_rec *cmd) {
+     path = pstrcat(cmd->tmp_pool, path, *path ? " " : "", decoded_path, NULL);
+   }
+ 
+  cmd_name = cmd->argv[0];
+  pr_cmd_set_name(cmd, "SITE_CPFR");
+  if (!dir_check(cmd->tmp_pool, cmd, G_READ, path, NULL)) {
+    int xerrno = EPERM;
+
+    pr_cmd_set_name(cmd, cmd_name);
+    pr_response_add_err(R_550, "%s: %s", (char *) cmd->argv[3],
+      strerror(xerrno));
+
+    pr_cmd_set_errno(cmd, xerrno);
+    errno = xerrno;
+    return PR_ERROR(cmd);
+  }
+  pr_cmd_set_name(cmd, cmd_name);
+
+   res = pr_filter_allow_path(CURRENT_CONF, path);
+   switch (res) {
+     case 0:
+@@ -758,6 +773,7 @@ MODRET copy_cpfr(cmd_rec *cmd) {
+ MODRET copy_cpto(cmd_rec *cmd) {
+   register unsigned int i;
+   const char *from, *to = "";
+  char *cmd_name;
+   unsigned char *authenticated = NULL;
+ 
+   if (copy_engine == FALSE) {
+@@ -816,6 +832,20 @@ MODRET copy_cpto(cmd_rec *cmd) {
+ 
+   to = dir_canonical_vpath(cmd->tmp_pool, to);
+ 
+  cmd_name = cmd->argv[0];
+  pr_cmd_set_name(cmd, "SITE_CPTO");
+  if (!dir_check(cmd->tmp_pool, cmd, G_WRITE, to, NULL)) {
+    int xerrno = EPERM;
+
+    pr_cmd_set_name(cmd, cmd_name);
+    pr_response_add_err(R_550, "%s: %s", to, strerror(xerrno));
+
+    pr_cmd_set_errno(cmd, xerrno);
+    errno = xerrno;
+    return PR_ERROR(cmd);
+  }
+  pr_cmd_set_name(cmd, cmd_name);
+
+   if (copy_paths(cmd->tmp_pool, from, to) < 0) {
+     int xerrno = errno;
+     const char *err_code = R_550;
+@@ -940,7 +970,7 @@ static conftable copy_conftab[] = {
+ 
+ static cmdtable copy_cmdtab[] = {
+   { CMD, 	C_SITE, G_WRITE,	copy_copy,	FALSE,	FALSE, CL_MISC },
+-  { CMD, 	C_SITE, G_DIRS,		copy_cpfr,	FALSE,	FALSE, CL_MISC },
+  { CMD, 	C_SITE, G_READ,		copy_cpfr,	FALSE,	FALSE, CL_MISC },
+   { CMD, 	C_SITE, G_WRITE,	copy_cpto,	FALSE,	FALSE, CL_MISC },
+   { POST_CMD,	C_PASS,	G_NONE,		copy_post_pass, FALSE,	FALSE },
+   { LOG_CMD, 	C_SITE, G_NONE,		copy_log_site,	FALSE,	FALSE },
--- a/proftpd.changes
+++ b/proftpd.changes
@ -1,8 +1,26 @@
+-------------------------------------------------------------------
+Sat Nov  2 18:12:51 UTC 2019 - Martin Hauke <mardnh@gmx.de>
+
+- Add missing Requires(pre): group(ftp) for Leap 15 and Tumbleweed
+- Add missing Requires(pre): user(ftp) for Leap 15 and Tumbleweed
+
 -------------------------------------------------------------------
 Wed Oct  2 15:01:11 UTC 2019 - Bernhard Wiedemann <bwiedemann@suse.com>

 - Update proftpd-dist.patch to use pam_keyinit.so (boo#1144056)

+-------------------------------------------------------------------
+Fri Aug  2 14:52:48 UTC 2019 - chris@computersalat.de
+
+- fix for boo#1142281 (CVE-2019-12815, bpo#4372)
+  arbitrary file copy in mod_copy allows for remote code execution
+   and information disclosure without authentication
+- add patch
+  * proftpd-CVE-2019-12815.patch
+    taken from:
+    - http://bugs.proftpd.org/show_bug.cgi?id=4372
+    - https://github.com/proftpd/proftpd/commit/a73dbfe3b61459e7c2806d5162b12f0957990cb3
+
 -------------------------------------------------------------------
 Mon Jul  1 13:50:01 UTC 2019 - chris@computersalat.de

--- a/proftpd.spec
+++ b/proftpd.spec
@ -45,6 +45,8 @@ Patch102:       %{name}-ftpasswd.patch
 Patch103:       %{name}-strip.patch
 #PATCH-FIX-openSUSE: file-contains-date-and-time
 Patch104:       %{name}-no_BuildDate.patch
+#PATCH-CVE-Backport: CVE-2019-12815 (bpo#4372)
+Patch106:       %{name}-CVE-2019-12815.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 #BuildRequires:  gpg-offline
 BuildRequires:  fdupes
@ -63,7 +65,6 @@ BuildRequires:  sqlite3-devel
 BuildRequires:  unixODBC-devel
 BuildRequires:  pkgconfig(libssl) < 1.1
 Requires:       logrotate
-
 %if 0%{?lang_package:1} > 0
 Recommends:     %{name}-lang
 %endif
@ -75,6 +76,10 @@ BuildRequires:  systemd-rpm-macros
 %else
 Requires(pre):  %insserv_prereq
 %endif
+%if 0%{?suse_version} >= 1330
+Requires(pre):  group(ftp)
+Requires(pre):  user(ftp)
+%endif

 %description
 ProFTPD is a configurable FTP daemon for Unix and Unix-like
@ -148,6 +153,7 @@ rm README.AIX
 %patch102
 %patch103
 %patch104
+%patch106

 %build
 rm contrib/mod_wrap.c