forked from pool/pure-ftpd
Compare commits
9 Commits
| Author | SHA256 | Date | |
|---|---|---|---|
| 417f29be51 | |||
| deee531733 | |||
| 4eed34beaa | |||
| 4e4fc86f61 | |||
| ec4fd97876 | |||
| 3edbc34698 | |||
| fc11481023 | |||
| 5c00415e74 | |||
| 109b42cfe8 |
25
CVE-2024-48208.patch
Normal file
25
CVE-2024-48208.patch
Normal file
@@ -0,0 +1,25 @@
|
|||||||
|
From 2bbe0f25c6b905044803649a29df5f765f940b91 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Frank Denis <github@pureftpd.org>
|
||||||
|
Date: Fri, 25 Oct 2024 10:20:24 +0200
|
||||||
|
Subject: [PATCH] Fix code similar to the one fixed in 350d66fbbd6
|
||||||
|
|
||||||
|
Noticed by @StayPirate, thanks!
|
||||||
|
---
|
||||||
|
src/ls.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/ls.c b/src/ls.c
|
||||||
|
index 9063646..94150ad 100644
|
||||||
|
--- a/src/ls.c
|
||||||
|
+++ b/src/ls.c
|
||||||
|
@@ -972,8 +972,8 @@ void donlst(const char *base)
|
||||||
|
|
||||||
|
if (*base != 0 && chdir(base) != 0) {
|
||||||
|
if (*base++ == '-') {
|
||||||
|
- while (!isspace((unsigned char) *base++));
|
||||||
|
- while (isspace((unsigned char) *base++));
|
||||||
|
+ while (*base != 0 && !isspace((unsigned char) *base++));
|
||||||
|
+ while (*base != 0 && isspace((unsigned char) *base++));
|
||||||
|
if (*base != 0 && chdir(base) != 0) {
|
||||||
|
addreply_noformat(550, MSG_STAT_FAILURE2);
|
||||||
|
return;
|
||||||
@@ -1,3 +1,10 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jun 17 07:57:50 UTC 2025 - Peter Simons <psimons@suse.com>
|
||||||
|
|
||||||
|
- Apply "CVE-2024-48208.patch" to fix a buffer overflow
|
||||||
|
vulnerability cause by an out-of-bounds read in the domlsd()
|
||||||
|
function. [bsc#1232331, CVE-2024-48208]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Feb 29 14:59:24 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
|
Thu Feb 29 14:59:24 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
|
||||||
|
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package pure-ftpd
|
# spec file for package pure-ftpd
|
||||||
#
|
#
|
||||||
# Copyright (c) 2023 SUSE LLC
|
# Copyright (c) 2025 SUSE LLC
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@@ -45,6 +45,7 @@ Patch7: %{name}-1.0.50-default_tcp_sedrcv_buffer_size.patch
|
|||||||
Patch8: pure-ftpd-1.0.36-cap-audit-control.patch
|
Patch8: pure-ftpd-1.0.36-cap-audit-control.patch
|
||||||
Patch9: pure-ftpd-apparmor.patch
|
Patch9: pure-ftpd-apparmor.patch
|
||||||
Patch10: pure-ftpd-malloc-limit.patch
|
Patch10: pure-ftpd-malloc-limit.patch
|
||||||
|
Patch11: https://github.com/jedisct1/pure-ftpd/commit/2bbe0f25c6b905044803649a29df5f765f940b91.patch#:/CVE-2024-48208.patch
|
||||||
BuildRequires: libcap-devel
|
BuildRequires: libcap-devel
|
||||||
BuildRequires: libsodium-devel
|
BuildRequires: libsodium-devel
|
||||||
BuildRequires: mysql-devel
|
BuildRequires: mysql-devel
|
||||||
@@ -80,6 +81,7 @@ Apache log files, and more.
|
|||||||
%patch -P 8 -p1
|
%patch -P 8 -p1
|
||||||
%patch -P 9 -p2
|
%patch -P 9 -p2
|
||||||
%patch -P 10 -p1
|
%patch -P 10 -p1
|
||||||
|
%patch -P 11 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
CFLAGS="%{optflags} -I%{_includedir}/mysql"
|
CFLAGS="%{optflags} -I%{_includedir}/mysql"
|
||||||
|
|||||||
Reference in New Issue
Block a user