rpm/proftpd
SHA256
1
0
Fork 0
forked from pool/proftpd
Code Pull Requests Activity

Accepting request 747209 from network

Browse Source 
udpate to 1.3.6b (forwarded request 747208 from computersalat)

OBS-URL: https://build.opensuse.org/request/show/747209
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/proftpd?expand=0&rev=36
This commit is contained in:
Dominique Leuenberger 2019-11-10 21:52:46 +00:00 committed by Git OBS Bridge
commit effcfe3e48
9 changed files with 76 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
proftpd-1.3.6.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:91ef74b143495d5ff97c4d4770c6804072a8c8eb1ad1ecc8cc541b40e152ecaf
size 20251898

7
proftpd-1.3.6.tar.gz.asc
View File

@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iEYEABECAAYFAljq8/4ACgkQt46JP6URl2oeRgCgnSKx9AkHLREqrmWZo+3i6moP
IjYAn1UICZqevlqSkXr9dFBbI1850pTv
=mcPy
-----END PGP SIGNATURE-----

3
proftpd-1.3.6b.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:fe5baf6c469a2b0b7f0e2611561b6fd5414300e32a76b96adb2ccfe05b5efb60
size 20260731

7
proftpd-1.3.6b.tar.gz.asc Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iEYEABECAAYFAl2rcwQACgkQt46JP6URl2rJjgCg1nlOJXXWDtriYR1VXN6HFoYg
rNwAn1eUP98+weNzMjbHRgnoypjq02WQ
=p339
-----END PGP SIGNATURE-----

85
proftpd-CVE-2019-12815.patch
View File

@ -1,85 +0,0 @@
Fix for CVE-2019-12815
http://bugs.proftpd.org/show_bug.cgi?id=4372
https://github.com/proftpd/proftpd/commit/a73dbfe3b61459e7c2806d5162b12f0957990cb3
Index: contrib/mod_copy.c
===================================================================
--- contrib/mod_copy.c.orig
+++ contrib/mod_copy.c
@@ -1,7 +1,7 @@
/*
* ProFTPD: mod_copy -- a module supporting copying of files on the server
* without transferring the data to the client and back
- * Copyright (c) 2009-2016 TJ Saunders
+ * Copyright (c) 2009-2019 TJ Saunders
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -657,7 +657,7 @@ MODRET copy_copy(cmd_rec *cmd) {
MODRET copy_cpfr(cmd_rec *cmd) {
register unsigned int i;
int res;
- char *path = "";
+ char *cmd_name, *path = "";
unsigned char *authenticated = NULL;
if (copy_engine == FALSE) {
@@ -705,6 +705,21 @@ MODRET copy_cpfr(cmd_rec *cmd) {
path = pstrcat(cmd->tmp_pool, path, *path ? " " : "", decoded_path, NULL);
}
+ cmd_name = cmd->argv[0];
+ pr_cmd_set_name(cmd, "SITE_CPFR");
+ if (!dir_check(cmd->tmp_pool, cmd, G_READ, path, NULL)) {
+ int xerrno = EPERM;
+
+ pr_cmd_set_name(cmd, cmd_name);
+ pr_response_add_err(R_550, "%s: %s", (char *) cmd->argv[3],
+ strerror(xerrno));
+
+ pr_cmd_set_errno(cmd, xerrno);
+ errno = xerrno;
+ return PR_ERROR(cmd);
+ }
+ pr_cmd_set_name(cmd, cmd_name);
+
res = pr_filter_allow_path(CURRENT_CONF, path);
switch (res) {
case 0:
@@ -758,6 +773,7 @@ MODRET copy_cpfr(cmd_rec *cmd) {
MODRET copy_cpto(cmd_rec *cmd) {
register unsigned int i;
const char *from, *to = "";
+ char *cmd_name;
unsigned char *authenticated = NULL;
if (copy_engine == FALSE) {
@@ -816,6 +832,20 @@ MODRET copy_cpto(cmd_rec *cmd) {
to = dir_canonical_vpath(cmd->tmp_pool, to);
+ cmd_name = cmd->argv[0];
+ pr_cmd_set_name(cmd, "SITE_CPTO");
+ if (!dir_check(cmd->tmp_pool, cmd, G_WRITE, to, NULL)) {
+ int xerrno = EPERM;
+
+ pr_cmd_set_name(cmd, cmd_name);
+ pr_response_add_err(R_550, "%s: %s", to, strerror(xerrno));
+
+ pr_cmd_set_errno(cmd, xerrno);
+ errno = xerrno;
+ return PR_ERROR(cmd);
+ }
+ pr_cmd_set_name(cmd, cmd_name);
+
if (copy_paths(cmd->tmp_pool, from, to) < 0) {
int xerrno = errno;
const char *err_code = R_550;
@@ -940,7 +970,7 @@ static conftable copy_conftab[] = {
static cmdtable copy_cmdtab[] = {
{ CMD, C_SITE, G_WRITE, copy_copy, FALSE, FALSE, CL_MISC },
- { CMD, C_SITE, G_DIRS, copy_cpfr, FALSE, FALSE, CL_MISC },
+ { CMD, C_SITE, G_READ, copy_cpfr, FALSE, FALSE, CL_MISC },
{ CMD, C_SITE, G_WRITE, copy_cpto, FALSE, FALSE, CL_MISC },
{ POST_CMD, C_PASS, G_NONE, copy_post_pass, FALSE, FALSE },
{ LOG_CMD, C_SITE, G_NONE, copy_log_site, FALSE, FALSE },

10
proftpd-no_BuildDate.patch
View File

@ -65,13 +65,13 @@ Index: include/version.h
-#include "buildstamp.h" -#include "buildstamp.h"
- -
/* Application version (in various forms) */ /* Application version (in various forms) */
#define PROFTPD_VERSION_NUMBER 0x0001030605 #define PROFTPD_VERSION_NUMBER 0x0001030607
#define PROFTPD_VERSION_TEXT "1.3.6" #define PROFTPD_VERSION_TEXT "1.3.6b"
Index: src/main.c Index: src/main.c
=================================================================== ===================================================================
--- src/main.c.orig --- src/main.c.orig
+++ src/main.c +++ src/main.c
@@ -1883,8 +1883,8 @@ static void standalone_main(void) { @@ -1891,8 +1891,8 @@ static void standalone_main(void) {
init_bindings(); init_bindings();
@ -82,7 +82,7 @@ Index: src/main.c
if (pr_pidfile_write() < 0) { if (pr_pidfile_write() < 0) {
fprintf(stderr, "error opening PidFile '%s': %s\n", pr_pidfile_get(), fprintf(stderr, "error opening PidFile '%s': %s\n", pr_pidfile_get(),
@@ -1944,7 +1944,6 @@ static void show_settings(void) { @@ -1952,7 +1952,6 @@ static void show_settings(void) {
printf("%s", " Platform: " PR_PLATFORM " [unknown]\n"); printf("%s", " Platform: " PR_PLATFORM " [unknown]\n");
#endif /* !HAVE_UNAME */ #endif /* !HAVE_UNAME */
@ -90,7 +90,7 @@ Index: src/main.c
printf("%s", " Built With:\n configure " PR_BUILD_OPTS "\n\n"); printf("%s", " Built With:\n configure " PR_BUILD_OPTS "\n\n");
printf("%s", " CFLAGS: " PR_BUILD_CFLAGS "\n"); printf("%s", " CFLAGS: " PR_BUILD_CFLAGS "\n");
@@ -2523,7 +2522,6 @@ int main(int argc, char *argv[], char ** @@ -2532,7 +2531,6 @@ int main(int argc, char *argv[], char **
printf("ProFTPD Version: %s", PROFTPD_VERSION_TEXT " " PR_STATUS "\n"); printf("ProFTPD Version: %s", PROFTPD_VERSION_TEXT " " PR_STATUS "\n");
printf(" Scoreboard Version: %08x\n", PR_SCOREBOARD_VERSION); printf(" Scoreboard Version: %08x\n", PR_SCOREBOARD_VERSION);

17
proftpd.changes
View File

@ -1,3 +1,20 @@
-------------------------------------------------------------------
Sun Nov 3 22:25:28 UTC 2019 - chris@computersalat.de
- update to 1.3.6b
* Fixed pre-authentication remote denial-of-service issue (Issue #846).
* Backported fix for building mod_sql_mysql using MySQL 8 (Issue #824).
- update to 1.3.6a
* Fixed symlink navigation (Bug#4332).
* Fixed building of mod_sftp using OpenSSL 1.1.x releases (Issue#674).
* Fixed SITE COPY honoring of <Limit> restrictions (Bug#4372).
* Fixed segfault on login when using mod_sftp + mod_sftp_pam (Issue#656).
* Fixed restarts when using mod_facl as a static module
- remove obsolete proftpd-CVE-2019-12815.patch
* included in 1.3.6a (Bug#4372)
- add proftpd_env-script-interpreter.patch
* RPMLINT fix for env-script-interpreter (Badness: 9)
------------------------------------------------------------------- -------------------------------------------------------------------
Sat Nov 2 18:12:51 UTC 2019 - Martin Hauke <mardnh@gmx.de> Sat Nov 2 18:12:51 UTC 2019 - Martin Hauke <mardnh@gmx.de>

8
proftpd.spec
View File

@ -22,7 +22,7 @@ Summary: Configurable GPL-licensed FTP server software
# We only accept updates for "STABLE" Versions # We only accept updates for "STABLE" Versions
License: GPL-2.0-or-later License: GPL-2.0-or-later
Group: Productivity/Networking/Ftp/Servers Group: Productivity/Networking/Ftp/Servers
Version: 1.3.6 Version: 1.3.6b
Release: 0 Release: 0
Url: http://www.proftpd.org/ Url: http://www.proftpd.org/
Source0: ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz Source0: ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz
@ -45,8 +45,8 @@ Patch102: %{name}-ftpasswd.patch
Patch103: %{name}-strip.patch Patch103: %{name}-strip.patch
#PATCH-FIX-openSUSE: file-contains-date-and-time #PATCH-FIX-openSUSE: file-contains-date-and-time
Patch104: %{name}-no_BuildDate.patch Patch104: %{name}-no_BuildDate.patch
#PATCH-CVE-Backport: CVE-2019-12815 (bpo#4372) #RPMLINT-FIX-openSUSE: env-script-interpreter
Patch106: %{name}-CVE-2019-12815.patch Patch105: %{name}_env-script-interpreter.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
#BuildRequires: gpg-offline #BuildRequires: gpg-offline
BuildRequires: fdupes BuildRequires: fdupes
@ -153,7 +153,7 @@ rm README.AIX
%patch102 %patch102
%patch103 %patch103
%patch104 %patch104
%patch106 %patch105
%build %build
rm contrib/mod_wrap.c rm contrib/mod_wrap.c

40
proftpd_env-script-interpreter.patch Normal file
View File

@ -0,0 +1,40 @@
Index: contrib/ftpasswd
===================================================================
--- contrib/ftpasswd.orig
+++ contrib/ftpasswd
@@ -1,4 +1,4 @@
-#!/usr/bin/env perl
+#!/usr/bin/perl
# ---------------------------------------------------------------------------
# Copyright (C) 2000-2015 TJ Saunders <tj@castaglia.org>
#
Index: contrib/ftpmail
===================================================================
--- contrib/ftpmail.orig
+++ contrib/ftpmail
@@ -1,4 +1,4 @@
-#!/usr/bin/env perl
+#!/usr/bin/perl
# ---------------------------------------------------------------------------
# Copyright (C) 2008-2013 TJ Saunders <tj@castaglia.org>
#
Index: contrib/ftpquota
===================================================================
--- contrib/ftpquota.orig
+++ contrib/ftpquota
@@ -1,4 +1,4 @@
-#!/usr/bin/env perl
+#!/usr/bin/perl
# -------------------------------------------------------------------------
# Copyright (C) 2000-2017 TJ Saunders <tj@castaglia.org>
#
Index: src/prxs.in
===================================================================
--- src/prxs.in.orig
+++ src/prxs.in
@@ -1,4 +1,4 @@
-#!/usr/bin/env perl
+#!/usr/bin/perl
# ---------------------------------------------------------------------------
# Copyright (C) 2008-2012 TJ Saunders <tj@castaglia.org>