diff --git a/proftpd-1.3.4d.tar.gz b/proftpd-1.3.4d.tar.gz deleted file mode 100644 index cd4d9d2..0000000 --- a/proftpd-1.3.4d.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c198b53991ce641eae6b3237e856e59f0bfe8330794145b49cae33f85b6f5370 -size 7697046 diff --git a/proftpd-1.3.4d.tar.gz.asc b/proftpd-1.3.4d.tar.gz.asc deleted file mode 100644 index 25d8bc7..0000000 --- a/proftpd-1.3.4d.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.9 (GNU/Linux) - -iEYEABECAAYFAlG7UkEACgkQt46JP6URl2rkugCg3f2dkMdkHjrplr2P4bq04pzS -oVIAoI69AFTzGVjsAReiU1lIh8q4Qojo -=f/F/ ------END PGP SIGNATURE----- diff --git a/proftpd-1.3.5.tar.gz b/proftpd-1.3.5.tar.gz new file mode 100644 index 0000000..a26ee05 --- /dev/null +++ b/proftpd-1.3.5.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c10316fb003bd25eccbc08c77dd9057e053693e6527ffa2ea2cc4e08ccb87715 +size 7594509 diff --git a/proftpd-1.3.5.tar.gz.asc b/proftpd-1.3.5.tar.gz.asc new file mode 100644 index 0000000..c736830 --- /dev/null +++ b/proftpd-1.3.5.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (GNU/Linux) + +iEYEABECAAYFAlN072oACgkQt46JP6URl2qVBACgiUEbFlAIzStk+jX0rljjv9xw +8jkAoIabYGbQ9Wr8+ohBGLoOrlSoJQnH +=ZAXp +-----END PGP SIGNATURE----- diff --git a/proftpd-no_BuildDate.patch b/proftpd-no_BuildDate.patch index 281bb9d..1305a90 100644 --- a/proftpd-no_BuildDate.patch +++ b/proftpd-no_BuildDate.patch @@ -1,38 +1,14 @@ -Index: src/main.c +--- + Makefile.in | 14 ++++++-------- + contrib/mod_snmp/db.c | 2 +- + include/version.h | 2 -- + src/main.c | 6 ++---- + 4 files changed, 9 insertions(+), 15 deletions(-) + +Index: proftpd-1.3.5/Makefile.in =================================================================== ---- src/main.c.orig -+++ src/main.c -@@ -2703,8 +2703,8 @@ static void standalone_main(void) { - - init_bindings(); - -- pr_log_pri(PR_LOG_NOTICE, "ProFTPD %s (built %s) standalone mode STARTUP", -- PROFTPD_VERSION_TEXT " " PR_STATUS, BUILD_STAMP); -+ pr_log_pri(PR_LOG_NOTICE, "ProFTPD %s standalone mode STARTUP", -+ PROFTPD_VERSION_TEXT " " PR_STATUS); - - pr_pidfile_write(); - daemon_loop(); -@@ -2759,7 +2759,6 @@ static void show_settings(void) { - printf("%s", " Platform: " PR_PLATFORM " [unknown]\n"); - #endif /* !HAVE_UNAME */ - -- printf("%s", " Built: " BUILD_STAMP "\n"); - printf("%s", " Built With:\n configure " PR_BUILD_OPTS "\n\n"); - - printf("%s", " CFLAGS: " PR_BUILD_CFLAGS "\n"); -@@ -3271,7 +3270,6 @@ int main(int argc, char *argv[], char ** - - printf("ProFTPD Version: %s", PROFTPD_VERSION_TEXT " " PR_STATUS "\n"); - printf(" Scoreboard Version: %08x\n", PR_SCOREBOARD_VERSION); -- printf(" Built: %s\n\n", BUILD_STAMP); - - modules_list(PR_MODULES_LIST_FL_SHOW_VERSION); - exit(0); -Index: Makefile.in -=================================================================== ---- Makefile.in.orig -+++ Makefile.in +--- proftpd-1.3.5.orig/Makefile.in 2012-10-02 18:10:23.000000000 +0100 ++++ proftpd-1.3.5/Makefile.in 2014-09-01 20:12:57.000000000 +0100 @@ -24,28 +24,26 @@ BUILD_BIN=proftpd$(EXEEXT) ftpcount$(EXE all: $(BUILD_BIN) @@ -68,13 +44,57 @@ Index: Makefile.in @dirs="$(DIRS)"; \ for dir in $$dirs; do \ if [ -d "$$dir" ]; then cd $$dir/ && $(MAKE); fi; \ -Index: include/version.h +Index: proftpd-1.3.5/contrib/mod_snmp/db.c =================================================================== ---- include/version.h.orig -+++ include/version.h +--- proftpd-1.3.5.orig/contrib/mod_snmp/db.c 2014-01-27 17:32:16.000000000 +0000 ++++ proftpd-1.3.5/contrib/mod_snmp/db.c 2014-09-01 23:08:18.000000000 +0100 +@@ -1122,7 +1122,7 @@ int snmp_db_get_value(pool *p, unsigned + return 0; + + case SNMP_DB_DAEMON_F_VERSION: +- *str_value = "ProFTPD Version " PROFTPD_VERSION_TEXT " (built at " BUILD_STAMP ")"; ++ *str_value = "ProFTPD Version " PROFTPD_VERSION_TEXT; + *str_valuelen = strlen(*str_value); + + pr_trace_msg(trace_channel, 19, +Index: proftpd-1.3.5/include/version.h +=================================================================== +--- proftpd-1.3.5.orig/include/version.h 2014-05-15 16:53:13.000000000 +0100 ++++ proftpd-1.3.5/include/version.h 2014-09-01 20:12:57.000000000 +0100 @@ -1,5 +1,3 @@ -#include "buildstamp.h" - /* Application version (in various forms) */ - #define PROFTPD_VERSION_NUMBER 0x0001030408 - #define PROFTPD_VERSION_TEXT "1.3.4d" + #define PROFTPD_VERSION_NUMBER 0x0001030505 + #define PROFTPD_VERSION_TEXT "1.3.5" +Index: proftpd-1.3.5/src/main.c +=================================================================== +--- proftpd-1.3.5.orig/src/main.c 2014-01-25 16:34:09.000000000 +0000 ++++ proftpd-1.3.5/src/main.c 2014-09-01 20:12:57.000000000 +0100 +@@ -2382,8 +2382,8 @@ static void standalone_main(void) { + + init_bindings(); + +- pr_log_pri(PR_LOG_NOTICE, "ProFTPD %s (built %s) standalone mode STARTUP", +- PROFTPD_VERSION_TEXT " " PR_STATUS, BUILD_STAMP); ++ pr_log_pri(PR_LOG_NOTICE, "ProFTPD %s standalone mode STARTUP", ++ PROFTPD_VERSION_TEXT " " PR_STATUS); + + pr_pidfile_write(); + daemon_loop(); +@@ -2438,7 +2438,6 @@ static void show_settings(void) { + printf("%s", " Platform: " PR_PLATFORM " [unknown]\n"); + #endif /* !HAVE_UNAME */ + +- printf("%s", " Built: " BUILD_STAMP "\n"); + printf("%s", " Built With:\n configure " PR_BUILD_OPTS "\n\n"); + + printf("%s", " CFLAGS: " PR_BUILD_CFLAGS "\n"); +@@ -2956,7 +2955,6 @@ int main(int argc, char *argv[], char ** + + printf("ProFTPD Version: %s", PROFTPD_VERSION_TEXT " " PR_STATUS "\n"); + printf(" Scoreboard Version: %08x\n", PR_SCOREBOARD_VERSION); +- printf(" Built: %s\n\n", BUILD_STAMP); + + modules_list(PR_MODULES_LIST_FL_SHOW_VERSION); + exit(0); diff --git a/proftpd-sftp-kbdint-max-responses-bug3973.patch b/proftpd-sftp-kbdint-max-responses-bug3973.patch deleted file mode 100644 index 9d30e20..0000000 --- a/proftpd-sftp-kbdint-max-responses-bug3973.patch +++ /dev/null @@ -1,131 +0,0 @@ -Index: contrib/mod_sftp_pam.c -=================================================================== ---- contrib/mod_sftp_pam.c.orig -+++ contrib/mod_sftp_pam.c -@@ -197,22 +197,13 @@ static int sftppam_converse(int nmsgs, P - return PAM_CONV_ERR; - } - -- if (sftp_kbdint_recv_response(sftppam_driver.driver_pool, &recvd_count, -- &recvd_responses) < 0) { -+ if (sftp_kbdint_recv_response(sftppam_driver.driver_pool, list->nelts, -+ &recvd_count, &recvd_responses) < 0) { - pr_trace_msg(trace_channel, 3, - "error receiving keyboard-interactive responses: %s", strerror(errno)); - return PAM_CONV_ERR; - } - -- /* Make sure that the count of responses matches the challenge count. */ -- if (recvd_count != list->nelts) { -- (void) pr_log_writefile(sftp_logfd, MOD_SFTP_PAM_VERSION, -- "sent %d %s, but received %u %s", nmsgs, -- list->nelts != 1 ? "challenges" : "challenge", recvd_count, -- recvd_count != 1 ? "responses" : "response"); -- return PAM_CONV_ERR; -- } -- - res = calloc(nmsgs, sizeof(struct pam_response)); - if (res == NULL) { - pr_log_pri(PR_LOG_CRIT, "Out of memory!"); -Index: contrib/mod_sftp/kbdint.c -=================================================================== ---- contrib/mod_sftp/kbdint.c.orig -+++ contrib/mod_sftp/kbdint.c -@@ -1,6 +1,6 @@ - /* - * ProFTPD - mod_sftp keyboard-interactive driver mgmt -- * Copyright (c) 2008-2009 TJ Saunders -+ * Copyright (c) 2008-2013 TJ Saunders - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by -@@ -31,6 +31,8 @@ - #include "utf8.h" - #include "kbdint.h" - -+#define SFTP_KBDINT_MAX_RESPONSES 500 -+ - struct kbdint_driver { - struct kbdint_driver *next, *prev; - -@@ -252,8 +254,8 @@ int sftp_kbdint_send_challenge(const cha - return res; - } - --int sftp_kbdint_recv_response(pool *p, unsigned int *count, -- const char ***responses) { -+int sftp_kbdint_recv_response(pool *p, unsigned int expected_count, -+ unsigned int *rcvd_count, const char ***responses) { - register unsigned int i; - char *buf; - cmd_rec *cmd; -@@ -264,7 +266,7 @@ int sftp_kbdint_recv_response(pool *p, u - int res; - - if (p == NULL || -- count == NULL || -+ rcvd_count == NULL || - responses == NULL) { - errno = EINVAL; - return -1; -@@ -299,6 +301,29 @@ int sftp_kbdint_recv_response(pool *p, u - - resp_count = sftp_msg_read_int(pkt->pool, &buf, &buflen); - -+ /* Ensure that the number of responses sent by the client is the same -+ * as the number of challenges sent, lest a malicious client attempt to -+ * trick us into allocating too much memory (Bug#3973). -+ */ -+ if (resp_count != expected_count) { -+ (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION, -+ "sent %lu %s, but received %lu %s", (unsigned long) expected_count, -+ expected_count != 1 ? "challenges" : "challenge", -+ (unsigned long) resp_count, resp_count != 1 ? "responses" : "response"); -+ destroy_pool(pkt->pool); -+ errno = EPERM; -+ return -1; -+ } -+ -+ if (resp_count > SFTP_KBDINT_MAX_RESPONSES) { -+ (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION, -+ "received too many responses (%lu > max %lu), rejecting", -+ (unsigned long) resp_count, (unsigned long) SFTP_KBDINT_MAX_RESPONSES); -+ destroy_pool(pkt->pool); -+ errno = EPERM; -+ return -1; -+ } -+ - list = make_array(p, resp_count, sizeof(char *)); - for (i = 0; i < resp_count; i++) { - char *resp; -@@ -307,7 +332,7 @@ int sftp_kbdint_recv_response(pool *p, u - *((char **) push_array(list)) = pstrdup(p, sftp_utf8_decode_str(p, resp)); - } - -- *count = (unsigned int) resp_count; -+ *rcvd_count = (unsigned int) resp_count; - *responses = ((const char **) list->elts); - return 0; - } -Index: contrib/mod_sftp/mod_sftp.h.in -=================================================================== ---- contrib/mod_sftp/mod_sftp.h.in.orig -+++ contrib/mod_sftp/mod_sftp.h.in -@@ -1,6 +1,6 @@ - /* - * ProFTPD - mod_sftp -- * Copyright (c) 2008-2011 TJ Saunders -+ * Copyright (c) 2008-2013 TJ Saunders - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by -@@ -174,7 +174,8 @@ int sftp_kbdint_register_driver(const ch - int sftp_kbdint_unregister_driver(const char *name); - int sftp_kbdint_send_challenge(const char *, const char *, unsigned int, - sftp_kbdint_challenge_t *); --int sftp_kbdint_recv_response(pool *, unsigned int *, const char ***); -+int sftp_kbdint_recv_response(pool *, unsigned int, unsigned int *, -+ const char ***); - - /* API for modules that which to register keystores, for the - * SFTPAuthorizedHostKeys and SFTPAuthorizedUserKeys directives. diff --git a/proftpd.changes b/proftpd.changes index 29ede1f..64abd31 100644 --- a/proftpd.changes +++ b/proftpd.changes @@ -1,3 +1,28 @@ +------------------------------------------------------------------- +Mon Sep 1 22:04:02 UTC 2014 - andreas.stieger@gmx.de + +- ProFTPD 1.3.5 + * Added support for SHA-256, SHA-512 password hashes to the ftpasswd tool + * New Modules + mod_geoip, mod_log_forensic, mod_rlimit, mod_snmp, mod_dnsbl + * mod_sftp now supports ECC, ECDSA, ECDH + * Improved FIPS support in mod_sftp. + * mod_sftp module now honors the MaxStoreFileSize directive. + * Many new and changed configuration directives +- update proftpd-no_BuildDate.patch + +------------------------------------------------------------------- +Mon Sep 1 19:00:57 UTC 2014 - andreas.stieger@gmx.de + +- proftpd 1.3.4e: + Multiple other backported fix from the 1.3.5 branch. + See http://www.proftpd.org/docs/NEWS-1.3.4e +- The fix for the mod_sftp/mod_sftp_pam memory allocation + (CVE-2013-4359) contained in this release was previously patched + into the package. +- adjust proftpd-no_BuildDate.patch for context changes +- remove proftpd-sftp-kbdint-max-responses-bug3973.patch, upstream + ------------------------------------------------------------------- Tue Mar 25 19:56:04 UTC 2014 - crrodriguez@opensuse.org diff --git a/proftpd.spec b/proftpd.spec index f9a9297..e037f31 100644 --- a/proftpd.spec +++ b/proftpd.spec @@ -22,7 +22,7 @@ License: GPL-2.0+ Group: Productivity/Networking/Ftp/Servers # Please save your time and do not update to "rc" versions. # We only accept updates for "STABLE" Versions -Version: 1.3.4d +Version: 1.3.5 Release: 0 Url: http://www.proftpd.org/ Source0: ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz @@ -42,14 +42,13 @@ Patch102: %{name}-ftpasswd.patch Patch103: %{name}-strip.patch #PATCH-FIX-openSUSE: file-contains-date-and-time Patch104: %{name}-no_BuildDate.patch -# PATCH-FIX-upstream: sftp-kbdint-max-responses-bug3973 -Patch105: %{name}-sftp-kbdint-max-responses-bug3973.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: gpg-offline BuildRequires: krb5-devel BuildRequires: libacl-devel BuildRequires: libattr-devel #BuildRequires: libmemcached-devel +BuildRequires: libGeoIP-devel BuildRequires: mysql-devel BuildRequires: ncurses-devel BuildRequires: openldap2-devel @@ -142,8 +141,7 @@ Here are Documentation for ProFTPD %patch101 %patch102 %patch103 -%patch104 -%patch105 +%patch104 -p1 %build rm contrib/mod_wrap.c @@ -260,7 +258,7 @@ fi %files -f %{name}.lang %endif %defattr(-,root,root,-) -%doc COPYING CREDITS ChangeLog INSTALL NEWS README* RELEASE_NOTES +%doc COPYING CREDITS ChangeLog NEWS README* RELEASE_NOTES %doc contrib/README.* #%doc contrib/xferstats.holger-preiss* #%doc contrib/ftpasswd contrib/ftpquota @@ -270,6 +268,7 @@ fi %config(noreplace) %attr(0644,root,ftp) %{_sysconfdir}/%{name}/auth/passwd %dir %attr(0755,root,root) %{_sysconfdir}/%{name}/conf.d %config(noreplace) %attr(0640,root,root) %{_sysconfdir}/%{name}/%{name}.conf +%{_sysconfdir}/%{name}/PROFTPD-MIB.txt %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %config(noreplace) %{_sysconfdir}/pam.d/%{name} %config(noreplace) %{_sysconfdir}/xinetd.d/%{name}