Accepting request 247173 from network

1

OBS-URL: https://build.opensuse.org/request/show/247173
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/proftpd?expand=0&rev=20

proftpd-1.3.4d.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c198b53991ce641eae6b3237e856e59f0bfe8330794145b49cae33f85b6f5370
-size 7697046

proftpd-1.3.4d.tar.gz.asc

@@ -1,7 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.9 (GNU/Linux)
-
-iEYEABECAAYFAlG7UkEACgkQt46JP6URl2rkugCg3f2dkMdkHjrplr2P4bq04pzS
-oVIAoI69AFTzGVjsAReiU1lIh8q4Qojo
-=f/F/
------END PGP SIGNATURE-----

proftpd-1.3.5.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c10316fb003bd25eccbc08c77dd9057e053693e6527ffa2ea2cc4e08ccb87715
+size 7594509

proftpd-1.3.5.tar.gz.asc

@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (GNU/Linux)
+
+iEYEABECAAYFAlN072oACgkQt46JP6URl2qVBACgiUEbFlAIzStk+jX0rljjv9xw
+8jkAoIabYGbQ9Wr8+ohBGLoOrlSoJQnH
+=ZAXp
+-----END PGP SIGNATURE-----

proftpd-no_BuildDate.patch

@@ -1,38 +1,14 @@
-Index: src/main.c
+---
+ Makefile.in           |   14 ++++++--------
+ contrib/mod_snmp/db.c |    2 +-
+ include/version.h     |    2 --
+ src/main.c            |    6 ++----
+ 4 files changed, 9 insertions(+), 15 deletions(-)
+
+Index: proftpd-1.3.5/Makefile.in
 ===================================================================
---- src/main.c.orig
-+++ src/main.c
-@@ -2703,8 +2703,8 @@ static void standalone_main(void) {
- 
-   init_bindings();
- 
--  pr_log_pri(PR_LOG_NOTICE, "ProFTPD %s (built %s) standalone mode STARTUP",
--    PROFTPD_VERSION_TEXT " " PR_STATUS, BUILD_STAMP);
-+  pr_log_pri(PR_LOG_NOTICE, "ProFTPD %s standalone mode STARTUP",
-+    PROFTPD_VERSION_TEXT " " PR_STATUS);
- 
-   pr_pidfile_write();
-   daemon_loop();
-@@ -2759,7 +2759,6 @@ static void show_settings(void) {
-   printf("%s", "  Platform: " PR_PLATFORM " [unknown]\n");
- #endif /* !HAVE_UNAME */
- 
--  printf("%s", "  Built: " BUILD_STAMP "\n");
-   printf("%s", "  Built With:\n    configure " PR_BUILD_OPTS "\n\n");
- 
-   printf("%s", "  CFLAGS: " PR_BUILD_CFLAGS "\n");
-@@ -3271,7 +3270,6 @@ int main(int argc, char *argv[], char **
- 
-     printf("ProFTPD Version: %s", PROFTPD_VERSION_TEXT " " PR_STATUS "\n");
-     printf("  Scoreboard Version: %08x\n", PR_SCOREBOARD_VERSION); 
--    printf("  Built: %s\n\n", BUILD_STAMP);
- 
-     modules_list(PR_MODULES_LIST_FL_SHOW_VERSION);
-     exit(0);
-Index: Makefile.in
-===================================================================
---- Makefile.in.orig
-+++ Makefile.in
+--- proftpd-1.3.5.orig/Makefile.in	2012-10-02 18:10:23.000000000 +0100
++++ proftpd-1.3.5/Makefile.in	2014-09-01 20:12:57.000000000 +0100
 @@ -24,28 +24,26 @@ BUILD_BIN=proftpd$(EXEEXT) ftpcount$(EXE
  
  all: $(BUILD_BIN)
@@ -68,13 +44,57 @@ Index: Makefile.in
  	@dirs="$(DIRS)"; \
  	for dir in $$dirs; do \
  		if [ -d "$$dir" ]; then cd $$dir/ && $(MAKE); fi; \
-Index: include/version.h
+Index: proftpd-1.3.5/contrib/mod_snmp/db.c
 ===================================================================
---- include/version.h.orig
-+++ include/version.h
+--- proftpd-1.3.5.orig/contrib/mod_snmp/db.c	2014-01-27 17:32:16.000000000 +0000
++++ proftpd-1.3.5/contrib/mod_snmp/db.c	2014-09-01 23:08:18.000000000 +0100
+@@ -1122,7 +1122,7 @@ int snmp_db_get_value(pool *p, unsigned
+       return 0;
+ 
+     case SNMP_DB_DAEMON_F_VERSION:
+-      *str_value = "ProFTPD Version " PROFTPD_VERSION_TEXT " (built at " BUILD_STAMP ")";
++      *str_value = "ProFTPD Version " PROFTPD_VERSION_TEXT;
+       *str_valuelen = strlen(*str_value);
+ 
+       pr_trace_msg(trace_channel, 19,
+Index: proftpd-1.3.5/include/version.h
+===================================================================
+--- proftpd-1.3.5.orig/include/version.h	2014-05-15 16:53:13.000000000 +0100
++++ proftpd-1.3.5/include/version.h	2014-09-01 20:12:57.000000000 +0100
 @@ -1,5 +1,3 @@
 -#include "buildstamp.h"
 -
  /* Application version (in various forms) */
- #define PROFTPD_VERSION_NUMBER		0x0001030408
- #define PROFTPD_VERSION_TEXT		"1.3.4d"
+ #define PROFTPD_VERSION_NUMBER		0x0001030505
+ #define PROFTPD_VERSION_TEXT		"1.3.5"
+Index: proftpd-1.3.5/src/main.c
+===================================================================
+--- proftpd-1.3.5.orig/src/main.c	2014-01-25 16:34:09.000000000 +0000
++++ proftpd-1.3.5/src/main.c	2014-09-01 20:12:57.000000000 +0100
+@@ -2382,8 +2382,8 @@ static void standalone_main(void) {
+ 
+   init_bindings();
+ 
+-  pr_log_pri(PR_LOG_NOTICE, "ProFTPD %s (built %s) standalone mode STARTUP",
+-    PROFTPD_VERSION_TEXT " " PR_STATUS, BUILD_STAMP);
++  pr_log_pri(PR_LOG_NOTICE, "ProFTPD %s standalone mode STARTUP",
++    PROFTPD_VERSION_TEXT " " PR_STATUS);
+ 
+   pr_pidfile_write();
+   daemon_loop();
+@@ -2438,7 +2438,6 @@ static void show_settings(void) {
+   printf("%s", "  Platform: " PR_PLATFORM " [unknown]\n");
+ #endif /* !HAVE_UNAME */
+ 
+-  printf("%s", "  Built: " BUILD_STAMP "\n");
+   printf("%s", "  Built With:\n    configure " PR_BUILD_OPTS "\n\n");
+ 
+   printf("%s", "  CFLAGS: " PR_BUILD_CFLAGS "\n");
+@@ -2956,7 +2955,6 @@ int main(int argc, char *argv[], char **
+ 
+     printf("ProFTPD Version: %s", PROFTPD_VERSION_TEXT " " PR_STATUS "\n");
+     printf("  Scoreboard Version: %08x\n", PR_SCOREBOARD_VERSION); 
+-    printf("  Built: %s\n\n", BUILD_STAMP);
+ 
+     modules_list(PR_MODULES_LIST_FL_SHOW_VERSION);
+     exit(0);

proftpd-sftp-kbdint-max-responses-bug3973.patch

@@ -1,131 +0,0 @@
-Index: contrib/mod_sftp_pam.c
-===================================================================
---- contrib/mod_sftp_pam.c.orig
-+++ contrib/mod_sftp_pam.c
-@@ -197,22 +197,13 @@ static int sftppam_converse(int nmsgs, P
-     return PAM_CONV_ERR;
-   }
- 
--  if (sftp_kbdint_recv_response(sftppam_driver.driver_pool, &recvd_count,
--      &recvd_responses) < 0) {
-+  if (sftp_kbdint_recv_response(sftppam_driver.driver_pool, list->nelts,
-+      &recvd_count, &recvd_responses) < 0) {
-     pr_trace_msg(trace_channel, 3,
-       "error receiving keyboard-interactive responses: %s", strerror(errno));
-     return PAM_CONV_ERR;
-   }
- 
--  /* Make sure that the count of responses matches the challenge count. */
--  if (recvd_count != list->nelts) {
--    (void) pr_log_writefile(sftp_logfd, MOD_SFTP_PAM_VERSION,
--      "sent %d %s, but received %u %s", nmsgs,
--      list->nelts != 1 ? "challenges" : "challenge", recvd_count,
--      recvd_count != 1 ? "responses" : "response");
--    return PAM_CONV_ERR;
--  }
--
-   res = calloc(nmsgs, sizeof(struct pam_response));
-   if (res == NULL) {
-     pr_log_pri(PR_LOG_CRIT, "Out of memory!");
-Index: contrib/mod_sftp/kbdint.c
-===================================================================
---- contrib/mod_sftp/kbdint.c.orig
-+++ contrib/mod_sftp/kbdint.c
-@@ -1,6 +1,6 @@
- /*
-  * ProFTPD - mod_sftp keyboard-interactive driver mgmt
-- * Copyright (c) 2008-2009 TJ Saunders
-+ * Copyright (c) 2008-2013 TJ Saunders
-  *
-  * This program is free software; you can redistribute it and/or modify
-  * it under the terms of the GNU General Public License as published by
-@@ -31,6 +31,8 @@
- #include "utf8.h"
- #include "kbdint.h"
- 
-+#define SFTP_KBDINT_MAX_RESPONSES	500
-+
- struct kbdint_driver {
-   struct kbdint_driver *next, *prev;
- 
-@@ -252,8 +254,8 @@ int sftp_kbdint_send_challenge(const cha
-   return res;
- }
- 
--int sftp_kbdint_recv_response(pool *p, unsigned int *count,
--    const char ***responses) {
-+int sftp_kbdint_recv_response(pool *p, unsigned int expected_count,
-+    unsigned int *rcvd_count, const char ***responses) {
-   register unsigned int i;
-   char *buf;
-   cmd_rec *cmd;
-@@ -264,7 +266,7 @@ int sftp_kbdint_recv_response(pool *p, u
-   int res;
- 
-   if (p == NULL ||
--      count == NULL ||
-+      rcvd_count == NULL ||
-       responses == NULL) {
-     errno = EINVAL;
-     return -1;
-@@ -299,6 +301,29 @@ int sftp_kbdint_recv_response(pool *p, u
- 
-   resp_count = sftp_msg_read_int(pkt->pool, &buf, &buflen);
- 
-+  /* Ensure that the number of responses sent by the client is the same
-+   * as the number of challenges sent, lest a malicious client attempt to
-+   * trick us into allocating too much memory (Bug#3973).
-+   */
-+  if (resp_count != expected_count) {
-+    (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION,
-+      "sent %lu %s, but received %lu %s", (unsigned long) expected_count,
-+      expected_count != 1 ? "challenges" : "challenge",
-+      (unsigned long) resp_count, resp_count != 1 ? "responses" : "response");
-+    destroy_pool(pkt->pool);
-+    errno = EPERM;
-+    return -1;
-+  }
-+
-+  if (resp_count > SFTP_KBDINT_MAX_RESPONSES) {
-+    (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION,
-+      "received too many responses (%lu > max %lu), rejecting",
-+      (unsigned long) resp_count, (unsigned long) SFTP_KBDINT_MAX_RESPONSES);
-+    destroy_pool(pkt->pool);
-+    errno = EPERM;
-+    return -1;
-+  }
-+
-   list = make_array(p, resp_count, sizeof(char *));
-   for (i = 0; i < resp_count; i++) {
-     char *resp;
-@@ -307,7 +332,7 @@ int sftp_kbdint_recv_response(pool *p, u
-     *((char **) push_array(list)) = pstrdup(p, sftp_utf8_decode_str(p, resp));
-   }
- 
--  *count = (unsigned int) resp_count;
-+  *rcvd_count = (unsigned int) resp_count;
-   *responses = ((const char **) list->elts);
-   return 0;
- }
-Index: contrib/mod_sftp/mod_sftp.h.in
-===================================================================
---- contrib/mod_sftp/mod_sftp.h.in.orig
-+++ contrib/mod_sftp/mod_sftp.h.in
-@@ -1,6 +1,6 @@
- /*
-  * ProFTPD - mod_sftp
-- * Copyright (c) 2008-2011 TJ Saunders
-+ * Copyright (c) 2008-2013 TJ Saunders
-  *
-  * This program is free software; you can redistribute it and/or modify
-  * it under the terms of the GNU General Public License as published by
-@@ -174,7 +174,8 @@ int sftp_kbdint_register_driver(const ch
- int sftp_kbdint_unregister_driver(const char *name);
- int sftp_kbdint_send_challenge(const char *, const char *, unsigned int,
-   sftp_kbdint_challenge_t *);
--int sftp_kbdint_recv_response(pool *, unsigned int *, const char ***);
-+int sftp_kbdint_recv_response(pool *, unsigned int, unsigned int *,
-+  const char ***);
- 
- /* API for modules that which to register keystores, for the
-  * SFTPAuthorizedHostKeys and SFTPAuthorizedUserKeys directives.

proftpd.changes

@@ -1,3 +1,28 @@
+-------------------------------------------------------------------
+Mon Sep  1 22:04:02 UTC 2014 - andreas.stieger@gmx.de
+
+- ProFTPD 1.3.5
+  * Added support for SHA-256, SHA-512 password hashes to the ftpasswd tool
+  * New Modules
+    mod_geoip, mod_log_forensic, mod_rlimit, mod_snmp, mod_dnsbl
+  * mod_sftp now supports ECC, ECDSA, ECDH
+  * Improved FIPS support in mod_sftp.
+  * mod_sftp module now honors the MaxStoreFileSize directive.
+  * Many new and changed configuration directives
+- update proftpd-no_BuildDate.patch
+
+-------------------------------------------------------------------
+Mon Sep  1 19:00:57 UTC 2014 - andreas.stieger@gmx.de
+
+- proftpd 1.3.4e:
+  Multiple other backported fix from the 1.3.5 branch.
+  See http://www.proftpd.org/docs/NEWS-1.3.4e
+- The fix for the mod_sftp/mod_sftp_pam memory allocation 
+  (CVE-2013-4359) contained in this release was previously patched
+  into the package.
+- adjust proftpd-no_BuildDate.patch for context changes
+- remove proftpd-sftp-kbdint-max-responses-bug3973.patch, upstream
+
 -------------------------------------------------------------------
 Tue Mar 25 19:56:04 UTC 2014 - crrodriguez@opensuse.org
 

proftpd.spec

@@ -22,7 +22,7 @@ License:        GPL-2.0+
 Group:          Productivity/Networking/Ftp/Servers
 # Please save your time and do not update to "rc" versions.
 # We only accept updates for "STABLE" Versions
-Version:        1.3.4d
+Version:        1.3.5
 Release:        0
 Url:            http://www.proftpd.org/
 Source0:        ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz
@@ -42,14 +42,13 @@ Patch102:       %{name}-ftpasswd.patch
 Patch103:       %{name}-strip.patch
 #PATCH-FIX-openSUSE: file-contains-date-and-time
 Patch104:       %{name}-no_BuildDate.patch
-# PATCH-FIX-upstream: sftp-kbdint-max-responses-bug3973
-Patch105:       %{name}-sftp-kbdint-max-responses-bug3973.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  gpg-offline
 BuildRequires:  krb5-devel
 BuildRequires:  libacl-devel
 BuildRequires:  libattr-devel
 #BuildRequires:  libmemcached-devel
+BuildRequires:  libGeoIP-devel
 BuildRequires:  mysql-devel
 BuildRequires:  ncurses-devel
 BuildRequires:  openldap2-devel
@@ -142,8 +141,7 @@ Here are Documentation for ProFTPD
 %patch101
 %patch102
 %patch103
-%patch104
-%patch105
+%patch104 -p1
 
 %build
 rm contrib/mod_wrap.c
@@ -260,7 +258,7 @@ fi
 %files -f %{name}.lang
 %endif
 %defattr(-,root,root,-)
-%doc COPYING CREDITS ChangeLog INSTALL NEWS README* RELEASE_NOTES
+%doc COPYING CREDITS ChangeLog NEWS README* RELEASE_NOTES
 %doc contrib/README.*
 #%doc contrib/xferstats.holger-preiss*
 #%doc contrib/ftpasswd contrib/ftpquota
@@ -270,6 +268,7 @@ fi
 %config(noreplace) %attr(0644,root,ftp) %{_sysconfdir}/%{name}/auth/passwd
 %dir %attr(0755,root,root) %{_sysconfdir}/%{name}/conf.d
 %config(noreplace) %attr(0640,root,root) %{_sysconfdir}/%{name}/%{name}.conf
+%{_sysconfdir}/%{name}/PROFTPD-MIB.txt
 %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
 %config(noreplace) %{_sysconfdir}/pam.d/%{name}
 %config(noreplace) %{_sysconfdir}/xinetd.d/%{name}