rpms/proftpd/FC-6 proftpd-1.3.0-cmdbufsize.patch, NONE, 1.1 proftpd-1.3.0-mod_tls.patch, NONE, 1.1 .cvsignore, 1.8, 1.9 proftpd.spec, 1.20, 1.21 sources, 1.8, 1.9

Wed Nov 29 12:45:19 UTC 2006

Author: thias

Update of /cvs/extras/rpms/proftpd/FC-6
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23950/FC-6

Modified Files:
	.cvsignore proftpd.spec sources 
Added Files:
	proftpd-1.3.0-cmdbufsize.patch proftpd-1.3.0-mod_tls.patch 
Log Message:
Backport 1.3.0a update and patches to FC-5 and FC-6 branches.


proftpd-1.3.0-cmdbufsize.patch:

--- NEW FILE proftpd-1.3.0-cmdbufsize.patch ---
--- proftpd-1.3.0/src/main.c.cmdbufsize	2006-03-15 19:41:01.000000000 +0000
+++ proftpd-1.3.0/src/main.c	2006-11-17 16:53:35.000000000 +0000
@@ -116,6 +116,8 @@
 
 static char sbuf[PR_TUNABLE_BUFFER_SIZE] = {'\0'};
 
+#define PR_DEFAULT_CMD_BUFSZ 512
+
 static char **Argv = NULL;
 static char *LastArgv = NULL;
 static const char *PidPath = PR_PID_FILE_PATH;
@@ -823,13 +825,26 @@
       long *buf_size = get_param_ptr(main_server->conf,
         "CommandBufferSize", FALSE);
 
-      if (buf_size == NULL || *buf_size <= 0)
-        cmd_buf_size = 512;
+      if (buf_size == NULL) {
+        pr_log_debug(DEBUG1, "no CommandBufferSize size given, "
+          "using default buffer size (%u)", (unsigned int) PR_DEFAULT_CMD_BUFSZ);
+        cmd_buf_size = PR_DEFAULT_CMD_BUFSZ;
+
+      } else if (*buf_size <= 0) {
+	pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%ld) "
+          "given, resetting to default buffer size (%u)",
+          *buf_size, (unsigned int) PR_DEFAULT_CMD_BUFSZ);
+        cmd_buf_size = PR_DEFAULT_CMD_BUFSZ;
+
+      } else if (*buf_size + 1 > sizeof(buf)) {
+	pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%ld) "
+          "given, resetting to default buffer size (%u)",
+          *buf_size, (unsigned int) PR_DEFAULT_CMD_BUFSZ);
+	cmd_buf_size = PR_DEFAULT_CMD_BUFSZ;
 
-      else if (*buf_size + 1 > sizeof(buf)) {
-	pr_log_pri(PR_LOG_WARNING, "Invalid CommandBufferSize size given. "
-          "Resetting to 512.");
-	cmd_buf_size = 512;
+      } else {
+        pr_log_debug(DEBUG1, "setting CommandBufferSize to %ld", *buf_size);
+        cmd_buf_size = (long) *buf_size;
       }
     }
 

proftpd-1.3.0-mod_tls.patch:

--- NEW FILE proftpd-1.3.0-mod_tls.patch ---
This is a possible fix Ralf S. Engelschall <rse+openpkg-security at openpkg.org>
has made myself for the X.509 issue of mod_tls.c

Index: contrib/mod_tls.c
--- contrib/mod_tls.c.orig      2005-11-08 18:59:49 +0100
+++ contrib/mod_tls.c   2006-11-15 17:54:43 +0100
@@ -2421,6 +2421,8 @@
      datalen = BIO_get_mem_data(mem, &data);

   if (data) {
+    if (datalen > sizeof(buf)-1)
+        datalen = sizeof(buf)-1;
     memset(&buf, '\0', sizeof(buf));
     memcpy(buf, data, datalen);
     buf[datalen] = '\0';


Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/proftpd/FC-6/.cvsignore,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- .cvsignore	21 Apr 2006 17:05:11 -0000	1.8
+++ .cvsignore	29 Nov 2006 12:44:49 -0000	1.9
@@ -1 +1 @@
-proftpd-1.3.0.tar.bz2
+proftpd-1.3.0a.tar.bz2


Index: proftpd.spec
===================================================================
RCS file: /cvs/extras/rpms/proftpd/FC-6/proftpd.spec,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- proftpd.spec	28 Aug 2006 12:28:49 -0000	1.20
+++ proftpd.spec	29 Nov 2006 12:44:49 -0000	1.21
@@ -1,7 +1,7 @@
 Summary: Flexible, stable and highly-configurable FTP server
 Name: proftpd
-Version: 1.3.0
-Release: 7%{?dist}
+Version: 1.3.0a
+Release: 1%{?dist}
 License: GPL
 Group: System Environment/Daemons
 URL: http://www.proftpd.org/
@@ -14,6 +14,8 @@
 Source6: proftpd.pam
 Patch0: proftpd-1.3.0-rpath.patch
 Patch1: proftpd-1.3.0-ctrls-restart.patch
+Patch2: proftpd-1.3.0-cmdbufsize.patch
+Patch3: proftpd-1.3.0-mod_tls.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 Requires: pam >= 0.59
 Requires(post): /sbin/chkconfig
@@ -66,6 +68,8 @@
 %setup
 %patch0 -p1 -b .rpath
 %patch1 -p0 -b .ctrls-restart
+%patch2 -p1 -b .cmdbufsize
+%patch3 -p0 -b .mod_tls
 
 
 %build
@@ -186,6 +190,18 @@
 
 
 %changelog
+* Mon Nov 27 2006 Matthias Saou <http://freshrpms.net/> 1.3.0a-1
+- Update to 1.3.0a, which actually fixes CVE-2006-5815... yes, #214820!).
+
+* Thu Nov 16 2006 Matthias Saou <http://freshrpms.net/> 1.3.0-10
+- Fix cmdbufsize patch for missing CommandBufferSize case (#214820 once more).
+
+* Thu Nov 16 2006 Matthias Saou <http://freshrpms.net/> 1.3.0-9
+- Include mod_tls patch (#214820 too).
+
+* Mon Nov 13 2006 Matthias Saou <http://freshrpms.net/> 1.3.0-8
+- Include cmdbufsize patch (#214820).
+
 * Mon Aug 28 2006 Matthias Saou <http://freshrpms.net/> 1.3.0-7
 - FC6 rebuild.
 


Index: sources
===================================================================
RCS file: /cvs/extras/rpms/proftpd/FC-6/sources,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- sources	21 Apr 2006 17:05:11 -0000	1.8
+++ sources	29 Nov 2006 12:44:49 -0000	1.9
@@ -1 +1 @@
-fae47d01b52e035eb6b7190e74c17722  proftpd-1.3.0.tar.bz2
+cc2e99f38a810982f91d5cbe1f4091f0  proftpd-1.3.0a.tar.bz2


