Hello community, here is the log from the commit of package pure-ftpd for openSUSE:11.4 checked in at Tue Apr 12 10:34:43 CEST 2011.
-------- --- old-versions/11.4/all/pure-ftpd/pure-ftpd.changes 2010-10-07 15:30:45.000000000 +0200 +++ 11.4/pure-ftpd/pure-ftpd.changes 2011-04-11 15:01:40.000000000 +0200 @@ -1,0 +2,7 @@ +Mon Apr 11 13:01:08 UTC 2011 - [email protected] + +- fix bnc#686590 - VUL-0: new pure-ftpd version fix STARTTLS issues similar to + CVE-2011-0411 + * flush command buffer after switch to TLS + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.4/all/pure-ftpd Destination is old-versions/11.4/UPDATES/all/pure-ftpd calling whatdependson for 11.4-i586 New: ---- pure-ftpd-1.0.29-flush-cmd-after-tls.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pure-ftpd.spec ++++++ --- /var/tmp/diff_new_pack.mcyKee/_old 2011-04-12 10:34:05.000000000 +0200 +++ /var/tmp/diff_new_pack.mcyKee/_new 2011-04-12 10:34:05.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package pure-ftpd (Version 1.0.29) +# spec file for package pure-ftpd # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ Name: pure-ftpd Version: 1.0.29 -Release: 6 +Release: 8.<RELEASE9> License: BSD3c Summary: A Lightweight, Fast, and Secure FTP Server Url: http://www.pureftpd.org @@ -42,6 +42,9 @@ Patch7: %{name}-1.0.22-default_tcp_sedrcv_buffer_size.patch # PATCH-FEATURE-OPENSUSE %{name}-1.0.21-portrange.patch -- Add PassivePortRange to "%numpairc_switch_for". Patch8: %{name}-1.0.21-portrange.patch +#PATCH-FIX-UPSTREAM: +#https://github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d28698999c4 +Patch9: pure-ftpd-1.0.29-flush-cmd-after-tls.patch # OES patches - see %with_oes Patch100: %{name}-1.0.20-oes_remote_server.patch Patch101: pure-ftpd-1.0.22-oes-bugfix-534424.patch @@ -74,6 +77,7 @@ %patch5 %patch7 %patch8 +%patch9 -p1 # uncomment this if you want to have the OES remote_server feature %if %{with_oes} %patch100 -p0 ++++++ pure-ftpd-1.0.29-flush-cmd-after-tls.patch ++++++ Index: pure-ftpd-1.0.29/src/ftp_parser.c =================================================================== --- pure-ftpd-1.0.29.orig/src/ftp_parser.c 2010-03-15 16:20:24.000000000 +0100 +++ pure-ftpd-1.0.29/src/ftp_parser.c 2011-04-11 14:58:58.189341827 +0200 @@ -56,6 +56,13 @@ * * -Frank. */ +static size_t scanned; +static size_t readnbd; + +static void flush_cmd(void) +{ + scanned = readnbd = (size_t) 0U; +} int sfgets(void) { @@ -63,8 +70,6 @@ int pollret; ssize_t readnb; signed char seen_r = 0; - static size_t scanned; - static size_t readnbd; if (scanned > (size_t) 0U) { /* support pipelining */ readnbd -= scanned; @@ -362,6 +367,7 @@ addreply_noformat(234, "AUTH TLS OK."); doreply(); if (tls_cnx == NULL) { + flush_cmd(); (void) tls_init_new_session(); } goto wayout; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
