rpms/proftpd/FC-5 proftpd-1.3.0-cmdbufsize.patch, NONE, 1.1 proftpd-1.3.0-mod_tls.patch, NONE, 1.1 .cvsignore, 1.8, 1.9 proftpd.spec, 1.17, 1.18 sources, 1.8, 1.9
Matthias Saou (thias)
fedora-extras-commits at redhat.com
Wed Nov 29 12:45:18 UTC 2006
- Previous message (by thread): rpms/libmal/devel libmal.spec,1.5,1.6
- Next message (by thread): rpms/proftpd/FC-6 proftpd-1.3.0-cmdbufsize.patch, NONE, 1.1 proftpd-1.3.0-mod_tls.patch, NONE, 1.1 .cvsignore, 1.8, 1.9 proftpd.spec, 1.20, 1.21 sources, 1.8, 1.9
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: thias
Update of /cvs/extras/rpms/proftpd/FC-5
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23950/FC-5
Modified Files:
.cvsignore proftpd.spec sources
Added Files:
proftpd-1.3.0-cmdbufsize.patch proftpd-1.3.0-mod_tls.patch
Log Message:
Backport 1.3.0a update and patches to FC-5 and FC-6 branches.
proftpd-1.3.0-cmdbufsize.patch:
--- NEW FILE proftpd-1.3.0-cmdbufsize.patch ---
--- proftpd-1.3.0/src/main.c.cmdbufsize 2006-03-15 19:41:01.000000000 +0000
+++ proftpd-1.3.0/src/main.c 2006-11-17 16:53:35.000000000 +0000
@@ -116,6 +116,8 @@
static char sbuf[PR_TUNABLE_BUFFER_SIZE] = {'\0'};
+#define PR_DEFAULT_CMD_BUFSZ 512
+
static char **Argv = NULL;
static char *LastArgv = NULL;
static const char *PidPath = PR_PID_FILE_PATH;
@@ -823,13 +825,26 @@
long *buf_size = get_param_ptr(main_server->conf,
"CommandBufferSize", FALSE);
- if (buf_size == NULL || *buf_size <= 0)
- cmd_buf_size = 512;
+ if (buf_size == NULL) {
+ pr_log_debug(DEBUG1, "no CommandBufferSize size given, "
+ "using default buffer size (%u)", (unsigned int) PR_DEFAULT_CMD_BUFSZ);
+ cmd_buf_size = PR_DEFAULT_CMD_BUFSZ;
+
+ } else if (*buf_size <= 0) {
+ pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%ld) "
+ "given, resetting to default buffer size (%u)",
+ *buf_size, (unsigned int) PR_DEFAULT_CMD_BUFSZ);
+ cmd_buf_size = PR_DEFAULT_CMD_BUFSZ;
+
+ } else if (*buf_size + 1 > sizeof(buf)) {
+ pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%ld) "
+ "given, resetting to default buffer size (%u)",
+ *buf_size, (unsigned int) PR_DEFAULT_CMD_BUFSZ);
+ cmd_buf_size = PR_DEFAULT_CMD_BUFSZ;
- else if (*buf_size + 1 > sizeof(buf)) {
- pr_log_pri(PR_LOG_WARNING, "Invalid CommandBufferSize size given. "
- "Resetting to 512.");
- cmd_buf_size = 512;
+ } else {
+ pr_log_debug(DEBUG1, "setting CommandBufferSize to %ld", *buf_size);
+ cmd_buf_size = (long) *buf_size;
}
}
proftpd-1.3.0-mod_tls.patch:
--- NEW FILE proftpd-1.3.0-mod_tls.patch ---
This is a possible fix Ralf S. Engelschall <rse+openpkg-security at openpkg.org>
has made myself for the X.509 issue of mod_tls.c
Index: contrib/mod_tls.c
--- contrib/mod_tls.c.orig 2005-11-08 18:59:49 +0100
+++ contrib/mod_tls.c 2006-11-15 17:54:43 +0100
@@ -2421,6 +2421,8 @@
datalen = BIO_get_mem_data(mem, &data);
if (data) {
+ if (datalen > sizeof(buf)-1)
+ datalen = sizeof(buf)-1;
memset(&buf, '\0', sizeof(buf));
memcpy(buf, data, datalen);
buf[datalen] = '\0';
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/proftpd/FC-5/.cvsignore,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- .cvsignore 2 May 2006 15:47:53 -0000 1.8
+++ .cvsignore 29 Nov 2006 12:44:48 -0000 1.9
@@ -1 +1 @@
-proftpd-1.3.0.tar.bz2
+proftpd-1.3.0a.tar.bz2
Index: proftpd.spec
===================================================================
RCS file: /cvs/extras/rpms/proftpd/FC-5/proftpd.spec,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- proftpd.spec 23 Aug 2006 14:45:53 -0000 1.17
+++ proftpd.spec 29 Nov 2006 12:44:48 -0000 1.18
@@ -1,7 +1,7 @@
Summary: Flexible, stable and highly-configurable FTP server
Name: proftpd
-Version: 1.3.0
-Release: 6%{?dist}
+Version: 1.3.0a
+Release: 1%{?dist}
License: GPL
Group: System Environment/Daemons
URL: http://www.proftpd.org/
@@ -14,6 +14,8 @@
Source6: proftpd.pam
Patch0: proftpd-1.3.0-rpath.patch
Patch1: proftpd-1.3.0-ctrls-restart.patch
+Patch2: proftpd-1.3.0-cmdbufsize.patch
+Patch3: proftpd-1.3.0-mod_tls.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
Requires: pam >= 0.59
Requires(post): /sbin/chkconfig
@@ -66,6 +68,8 @@
%setup
%patch0 -p1 -b .rpath
%patch1 -p0 -b .ctrls-restart
+%patch2 -p1 -b .cmdbufsize
+%patch3 -p0 -b .mod_tls
%build
@@ -186,7 +190,22 @@
%changelog
-* Mon Aug 23 2006 Matthias Saou <http://freshrpms.net/> 1.3.0-6
+* Mon Nov 27 2006 Matthias Saou <http://freshrpms.net/> 1.3.0a-1
+- Update to 1.3.0a, which actually fixes CVE-2006-5815... yes, #214820!).
+
+* Thu Nov 16 2006 Matthias Saou <http://freshrpms.net/> 1.3.0-10
+- Fix cmdbufsize patch for missing CommandBufferSize case (#214820 once more).
+
+* Thu Nov 16 2006 Matthias Saou <http://freshrpms.net/> 1.3.0-9
+- Include mod_tls patch (#214820 too).
+
+* Mon Nov 13 2006 Matthias Saou <http://freshrpms.net/> 1.3.0-8
+- Include cmdbufsize patch (#214820).
+
+* Mon Aug 28 2006 Matthias Saou <http://freshrpms.net/> 1.3.0-7
+- FC6 rebuild.
+
+* Mon Aug 21 2006 Matthias Saou <http://freshrpms.net/> 1.3.0-6
- Add mod_quotatab, _file, _ldap and _sql (#134291).
* Mon Jul 3 2006 Matthias Saou <http://freshrpms.net/> 1.3.0-5
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/proftpd/FC-5/sources,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- sources 2 May 2006 15:47:53 -0000 1.8
+++ sources 29 Nov 2006 12:44:48 -0000 1.9
@@ -1 +1 @@
-fae47d01b52e035eb6b7190e74c17722 proftpd-1.3.0.tar.bz2
+cc2e99f38a810982f91d5cbe1f4091f0 proftpd-1.3.0a.tar.bz2
- Previous message (by thread): rpms/libmal/devel libmal.spec,1.5,1.6
- Next message (by thread): rpms/proftpd/FC-6 proftpd-1.3.0-cmdbufsize.patch, NONE, 1.1 proftpd-1.3.0-mod_tls.patch, NONE, 1.1 .cvsignore, 1.8, 1.9 proftpd.spec, 1.20, 1.21 sources, 1.8, 1.9
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list