Accepting request 394270 from network

fix for boo#970890, CVE-2016-3125) (forwarded request 394269 from computersalat)

OBS-URL: https://build.opensuse.org/request/show/394270
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/proftpd?expand=0&rev=22

proftpd-1.3.5a.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a1f48df8539c414ec56e0cea63dcf4b8e16e606c05f10156f030a4a67fae5696
-size 29988477

proftpd-1.3.5a.tar.gz.asc

@@ -1,7 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.9 (GNU/Linux)
-
-iEYEABECAAYFAlVmZ+4ACgkQt46JP6URl2pTLwCeMiXrNoRkvmHGEUFDwFwHdYIM
-io8AoIxqqi320QUG1sSePFQ6Fy041WSl
-=Vapu
------END PGP SIGNATURE-----

proftpd-1.3.5b.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:afc1789f2478acf88dfdc7d70da90a4fa2786d628218e9574273295d044b4fc8
+size 29992107

proftpd-1.3.5b.tar.gz.asc

@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Comment: GPGTools - https://gpgtools.org
+
+iEYEABECAAYFAlbiG/wACgkQt46JP6URl2oHTQCgu/R5ZS7ekS+6d5xxrPNPgjx1
+SsQAoK6ZNVCmDi1VT30SKKGsOj89/TD9
+=8Ct3
+-----END PGP SIGNATURE-----

proftpd-no_BuildDate.patch

@@ -65,13 +65,13 @@ Index: include/version.h
 -#include "buildstamp.h"
 -
  /* Application version (in various forms) */
- #define PROFTPD_VERSION_NUMBER		0x0001030507
- #define PROFTPD_VERSION_TEXT		"1.3.5a"
+ #define PROFTPD_VERSION_NUMBER		0x0001030508
+ #define PROFTPD_VERSION_TEXT		"1.3.5b"
 Index: src/main.c
 ===================================================================
 --- src/main.c.orig
 +++ src/main.c
-@@ -2426,8 +2426,8 @@ static void standalone_main(void) {
+@@ -2435,8 +2435,8 @@ static void standalone_main(void) {
  
    init_bindings();
  
@@ -82,7 +82,7 @@ Index: src/main.c
  
    pr_pidfile_write();
    daemon_loop();
-@@ -2482,7 +2482,6 @@ static void show_settings(void) {
+@@ -2491,7 +2491,6 @@ static void show_settings(void) {
    printf("%s", "  Platform: " PR_PLATFORM " [unknown]\n");
  #endif /* !HAVE_UNAME */
  
@@ -90,7 +90,7 @@ Index: src/main.c
    printf("%s", "  Built With:\n    configure " PR_BUILD_OPTS "\n\n");
  
    printf("%s", "  CFLAGS: " PR_BUILD_CFLAGS "\n");
-@@ -3000,7 +2999,6 @@ int main(int argc, char *argv[], char **
+@@ -3009,7 +3008,6 @@ int main(int argc, char *argv[], char **
  
      printf("ProFTPD Version: %s", PROFTPD_VERSION_TEXT " " PR_STATUS "\n");
      printf("  Scoreboard Version: %08x\n", PR_SCOREBOARD_VERSION); 

proftpd.changes

@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Sun May  8 19:25:45 UTC 2016 - chris@computersalat.de
+
+- fix for boo#970890 (CVE-2016-3125)
+- update to 1.3.5b:
+  http://www.proftpd.org/docs/RELEASE_NOTES-1.3.5b
+  * SSH RSA hostkeys smaller than 2048 bits now work properly.
+  * MLSD response lines are now properly CRLF terminated.
+  * Fixed selection of DH groups from TLSDHParamFile.
+- rebase proftpd-no_BuildDate.patch
+
 -------------------------------------------------------------------
 Sun May 31 18:54:45 UTC 2015 - chris@computersalat.de
 

proftpd.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package proftpd
 #
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -22,7 +22,7 @@ License:        GPL-2.0+
 Group:          Productivity/Networking/Ftp/Servers
 # Please save your time and do not update to "rc" versions.
 # We only accept updates for "STABLE" Versions
-Version:        1.3.5a
+Version:        1.3.5b
 Release:        0
 Url:            http://www.proftpd.org/
 Source0:        ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz