forked from pool/pure-ftpd
Compare commits
9 Commits
| Author | SHA256 | Date | |
|---|---|---|---|
| 417f29be51 | |||
| deee531733 | |||
| 4eed34beaa | |||
| 4e4fc86f61 | |||
| ec4fd97876 | |||
| 3edbc34698 | |||
| fc11481023 | |||
| 5c00415e74 | |||
| 109b42cfe8 |
25
CVE-2024-48208.patch
Normal file
25
CVE-2024-48208.patch
Normal file
@@ -0,0 +1,25 @@
|
||||
From 2bbe0f25c6b905044803649a29df5f765f940b91 Mon Sep 17 00:00:00 2001
|
||||
From: Frank Denis <github@pureftpd.org>
|
||||
Date: Fri, 25 Oct 2024 10:20:24 +0200
|
||||
Subject: [PATCH] Fix code similar to the one fixed in 350d66fbbd6
|
||||
|
||||
Noticed by @StayPirate, thanks!
|
||||
---
|
||||
src/ls.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/ls.c b/src/ls.c
|
||||
index 9063646..94150ad 100644
|
||||
--- a/src/ls.c
|
||||
+++ b/src/ls.c
|
||||
@@ -972,8 +972,8 @@ void donlst(const char *base)
|
||||
|
||||
if (*base != 0 && chdir(base) != 0) {
|
||||
if (*base++ == '-') {
|
||||
- while (!isspace((unsigned char) *base++));
|
||||
- while (isspace((unsigned char) *base++));
|
||||
+ while (*base != 0 && !isspace((unsigned char) *base++));
|
||||
+ while (*base != 0 && isspace((unsigned char) *base++));
|
||||
if (*base != 0 && chdir(base) != 0) {
|
||||
addreply_noformat(550, MSG_STAT_FAILURE2);
|
||||
return;
|
||||
@@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jun 17 07:57:50 UTC 2025 - Peter Simons <psimons@suse.com>
|
||||
|
||||
- Apply "CVE-2024-48208.patch" to fix a buffer overflow
|
||||
vulnerability cause by an out-of-bounds read in the domlsd()
|
||||
function. [bsc#1232331, CVE-2024-48208]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 29 14:59:24 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package pure-ftpd
|
||||
#
|
||||
# Copyright (c) 2023 SUSE LLC
|
||||
# Copyright (c) 2025 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@@ -45,6 +45,7 @@ Patch7: %{name}-1.0.50-default_tcp_sedrcv_buffer_size.patch
|
||||
Patch8: pure-ftpd-1.0.36-cap-audit-control.patch
|
||||
Patch9: pure-ftpd-apparmor.patch
|
||||
Patch10: pure-ftpd-malloc-limit.patch
|
||||
Patch11: https://github.com/jedisct1/pure-ftpd/commit/2bbe0f25c6b905044803649a29df5f765f940b91.patch#:/CVE-2024-48208.patch
|
||||
BuildRequires: libcap-devel
|
||||
BuildRequires: libsodium-devel
|
||||
BuildRequires: mysql-devel
|
||||
@@ -80,6 +81,7 @@ Apache log files, and more.
|
||||
%patch -P 8 -p1
|
||||
%patch -P 9 -p2
|
||||
%patch -P 10 -p1
|
||||
%patch -P 11 -p1
|
||||
|
||||
%build
|
||||
CFLAGS="%{optflags} -I%{_includedir}/mysql"
|
||||
|
||||
Reference in New Issue
Block a user