Accepting request 486641 from network

fix for boo#1032443 (CVE-2017-7418) (forwarded request 486640 from computersalat) OBS-URL: https://build.opensuse.org/request/show/486641 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/proftpd?expand=0&rev=28
2017-04-12 15:35:38 +00:00 · 2017-04-12 15:35:38 +00:00 · f2d636d9f0
commit f2d636d9f0
parent eef92c21ee 76f785ae31
4 changed files with 154 additions and 6 deletions
--- a/proftpd-AllowChrootSymlinks.patch
+++ b/proftpd-AllowChrootSymlinks.patch
@ -0,0 +1,125 @@
+commit ecff21e0d0e84f35c299ef91d7fda088e516d4ed
+Author: TJ Saunders <tj@castaglia.org>
+Date:   Mon Mar 6 08:31:29 2017 -0800
+
+    Backporting recursive handling of DefaultRoot path, when AllowChrootSymlinks
+    is off, to 1.3.5 branch. (CVE-2017-7418)
+
+diff --git a/modules/mod_auth.c b/modules/mod_auth.c
+index 386576162..410215979 100644
+--- a/modules/mod_auth.c
+++ b/modules/mod_auth.c
+@@ -2,7 +2,7 @@
+  * ProFTPD - FTP server daemon
+  * Copyright (c) 1997, 1998 Public Flood Software
+  * Copyright (c) 1999, 2000 MacGyver aka Habeeb J. Dihu <macgyver@tos.net>
+- * Copyright (c) 2001-2016 The ProFTPD Project team
+ * Copyright (c) 2001-2017 The ProFTPD Project team
+  *
+  * This program is free software; you can redistribute it and/or modify
+  * it under the terms of the GNU General Public License as published by
+@@ -688,9 +688,66 @@ static char *get_default_chdir(pool *p, xaset_t *conf) {
+   return dir;
+ }
+ 
+-/* Determine if the user (non-anon) needs a default root dir other than /.
+- */
+static int is_symlink_path(pool *p, const char *path, size_t pathlen) {
+  int res, xerrno = 0;
+  struct stat st;
+  char *ptr;
+
+  if (pathlen == 0) {
+    return 0;
+  }
+
+  pr_fs_clear_cache();
+  res = pr_fsio_lstat(path, &st);
+  if (res < 0) {
+    xerrno = errno;
+
+    pr_log_pri(PR_LOG_WARNING, "error: unable to check %s: %s", path,
+      strerror(xerrno));
+
+    errno = xerrno;
+    return -1;
+  }
+ 
+  if (S_ISLNK(st.st_mode)) {
+    errno = EPERM;
+    return -1;
+  }
+
+  /* To handle the case where a component further up the path might be a
+   * symlink (which lstat(2) will NOT handle), we walk the path backwards,
+   * calling ourselves recursively.
+   */
+
+  ptr = strrchr(path, '/');
+  if (ptr != NULL) {
+    char *new_path;
+    size_t new_pathlen;
+
+    pr_signals_handle();
+
+    new_pathlen = ptr - path;
+
+    /* Make sure our pointer actually changed position. */
+    if (new_pathlen == pathlen) {
+      return 0;
+    }
+
+    new_path = pstrndup(p, path, new_pathlen);
+
+    pr_log_debug(DEBUG10,
+      "AllowChrootSymlink: path '%s' not a symlink, checking '%s'", path,
+      new_path);
+    res = is_symlink_path(p, new_path, new_pathlen);
+    if (res < 0) {
+      return -1;
+    }
+  }
+
+  return 0;
+}
+
+/* Determine if the user (non-anon) needs a default root dir other than /. */
+ static int get_default_root(pool *p, int allow_symlinks, char **root) {
+   config_rec *c = NULL;
+   char *dir = NULL;
+@@ -733,7 +790,6 @@ static int get_default_root(pool *p, int allow_symlinks, char **root) {
+ 
+       if (allow_symlinks == FALSE) {
+         char *path, target_path[PR_TUNABLE_PATH_MAX + 1];
+-        struct stat st;
+         size_t pathlen;
+ 
+         /* First, deal with any possible interpolation.  dir_realpath() will
+@@ -764,22 +820,13 @@ static int get_default_root(pool *p, int allow_symlinks, char **root) {
+           path[pathlen-1] = '\0';
+         }
+ 
+-        pr_fs_clear_cache();
+-        res = pr_fsio_lstat(path, &st);
+        res = is_symlink_path(p, path, pathlen);
+         if (res < 0) {
+-          xerrno = errno;
+-
+-          pr_log_pri(PR_LOG_WARNING, "error: unable to check %s: %s", path,
+-            strerror(xerrno));
+-
+-          errno = xerrno;
+-          return -1;
+-        }
+          if (errno == EPERM) {
+            pr_log_pri(PR_LOG_WARNING, "error: DefaultRoot %s is a symlink "
+              "(denied by AllowChrootSymlinks config)", path);
+          }
+ 
+-        if (S_ISLNK(st.st_mode)) {
+-          pr_log_pri(PR_LOG_WARNING,
+-            "error: DefaultRoot %s is a symlink (denied by AllowChrootSymlinks "
+-            "config)", path);
+           errno = EPERM;
+           return -1;
+         }
--- a/proftpd-tls.template
+++ b/proftpd-tls.template
@ -10,8 +10,9 @@
    TLSEngine                  on
    TLSLog                     /var/log/proftpd/tls.log

-    # Support both SSLv3 and TLSv1
-    TLSProtocol                TLSv1 TLSv1.1 TLSv1.2
+    # Support both SSLv3 and TLSv1, but they should not be used
+    #  (known to be weak)
+    TLSProtocol                TLSv1.1 TLSv1.2

    # Are clients required to use FTP over TLS when talking to this server?
    TLSRequired                off
@ -20,8 +21,11 @@
    TLSRSACertificateFile      /etc/proftpd/ssl/proftpd.cert.pem
    TLSRSACertificateKeyFile   /etc/proftpd/ssl/proftpd.key.pem

-    # CA (or CA chain) the server trusts
-    TLSCACertificateFile        /etc/proftpd/ssl/proftpd.cacert.pem
+    # CA (or CA chain) to verify client certs 
+    #TLSCACertificateFile        /etc/proftpd/ssl/proftpd.cacert.pem
+
+    # CA (or CA chain) to verify certification path of server cert
+    TLSCertificateChainFile     /etc/proftpd/ssl/proftpd.cacert.pem

    # Authenticate clients that want to use FTP over TLS?
    TLSVerifyClient            off
--- a/proftpd.changes
+++ b/proftpd.changes
@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Fri Apr  7 20:49:37 UTC 2017 - chris@computersalat.de
+
+- fix for boo#1032443 (CVE-2017-7418)
+  * AllowChrootSymlinks not enforced by replacing a path component
+    with a symbolic link
+  * add upstream commit (ecff21e0d0e84f35c299ef91d7fda088e516d4ed)
+    as proftpd-AllowChrootSymlinks.patch
+- fix proftpd-tls.template
+  * reduce TLS protocols to TLSv1.1 and TLSv1.2
+  * disable TLSCACertificateFile
+  * add TLSCertificateChainFile
+
 -------------------------------------------------------------------
 Thu Mar 23 15:05:22 UTC 2017 - jengelh@inai.de

--- a/proftpd.spec
+++ b/proftpd.spec
@ -18,10 +18,10 @@

 Name:           proftpd
 Summary:        Highly configurable GPL-licensed FTP server software
-# Please save your time and do not update to "rc" versions.
-# We only accept updates for "STABLE" Versions
 License:        GPL-2.0+
 Group:          Productivity/Networking/Ftp/Servers
+# Please save your time and do not update to "rc" versions.
+# We only accept updates for "STABLE" Versions
 Version:        1.3.5d
 Release:        0
 Url:            http://www.proftpd.org/
@ -35,6 +35,10 @@ Source15:       %{name}.keyring
 Source16:       %{name}-tls.template
 Source17:       %{name}-limit.template
 Source18:       %{name}-ssl.README
+#PATCH-FIX-UPSTREAM (CVE-2017-7418):
+# AllowChrootSymlinks not enforced by replacing a path component with a symbolic link
+### github commit: ecff21e0d0e84f35c299ef91d7fda088e516d4ed
+Patch0:         %{name}-AllowChrootSymlinks.patch
 #PATCH-FIX-openSUSE: pam, logrotate, xinet
 Patch100:       %{name}-dist.patch
 #PATCH-FIX-openSUSE: provide a useful default config
@ -144,6 +148,8 @@ Here are Documentation for ProFTPD
 #gpg_verify %{S:1}
 %setup -q
 rm README.AIX
+%patch0 -p1
+#
 %patch100
 %patch101
 %patch102