OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 16-Nov-2006 22:26:52
Branch: HEAD Handle: 2006111621265200
Modified files:
openpkg-src/proftpd proftpd.patch proftpd.spec
Log:
Security Fixes
Summary:
Revision Changes Path
1.14 +68 -0 openpkg-src/proftpd/proftpd.patch
1.113 +1 -1 openpkg-src/proftpd/proftpd.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/proftpd/proftpd.patch
============================================================================
$ cvs diff -u -r1.13 -r1.14 proftpd.patch
--- openpkg-src/proftpd/proftpd.patch 27 Jun 2006 14:12:21 -0000 1.13
+++ openpkg-src/proftpd/proftpd.patch 16 Nov 2006 21:26:52 -0000 1.14
@@ -49,3 +49,71 @@
if (table == uid_table)
return id.uid == idcomp.uid;
else
+
+-----------------------------------------------------------------------------
+
+Security Fix (CVE-2006-5815)
+
+Index: src/main.c
+--- src/main.c.orig 2006-03-15 20:41:01 +0100
++++ src/main.c 2006-11-15 16:47:29 +0100
+@@ -116,6 +116,8 @@
+
+ static char sbuf[PR_TUNABLE_BUFFER_SIZE] = {'\0'};
+
++#define PR_DEFAULT_CMD_BUFSZ 512
++
+ static char **Argv = NULL;
+ static char *LastArgv = NULL;
+ static const char *PidPath = PR_PID_FILE_PATH;
+@@ -820,16 +822,25 @@
+ pr_timer_reset(TIMER_IDLE, NULL);
+
+ if (cmd_buf_size == -1) {
+- long *buf_size = get_param_ptr(main_server->conf,
+- "CommandBufferSize", FALSE);
++ int *bufsz = get_param_ptr(main_server->conf, "CommandBufferSize",
++ FALSE);
+
+- if (buf_size == NULL || *buf_size <= 0)
+- cmd_buf_size = 512;
++ if (bufsz == NULL ||
++ *bufsz <= 0) {
++ pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) "
++ "given, resetting to default buffer size (%u)",
++ *bufsz, (unsigned int) PR_DEFAULT_CMD_BUFSZ);
++ cmd_buf_size = PR_DEFAULT_CMD_BUFSZ;
++
++ } else if (*bufsz + 1 > sizeof(buf)) {
++ pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) "
++ "given, resetting to default buffer size (%u)",
++ *bufsz, (unsigned int) PR_DEFAULT_CMD_BUFSZ);
++ cmd_buf_size = PR_DEFAULT_CMD_BUFSZ;
+
+- else if (*buf_size + 1 > sizeof(buf)) {
+- pr_log_pri(PR_LOG_WARNING, "Invalid CommandBufferSize size given. "
+- "Resetting to 512.");
+- cmd_buf_size = 512;
++ } else {
++ pr_log_debug(DEBUG1, "setting CommandBufferSize to %d", *bufsz);
++ cmd_buf_size = (long) *bufsz;
+ }
+ }
+
+-----------------------------------------------------------------------------
+
+Security Fix
+
+Index: contrib/mod_tls.c
+--- contrib/mod_tls.c.orig 2005-11-08 18:59:49 +0100
++++ contrib/mod_tls.c 2006-11-15 17:54:43 +0100
+@@ -2421,6 +2421,8 @@
+ datalen = BIO_get_mem_data(mem, &data);
+
+ if (data) {
++ if (datalen > sizeof(buf)-1)
++ datalen = sizeof(buf)-1;
+ memset(&buf, '\0', sizeof(buf));
+ memcpy(buf, data, datalen);
+ buf[datalen] = '\0';
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/proftpd/proftpd.spec
============================================================================
$ cvs diff -u -r1.112 -r1.113 proftpd.spec
--- openpkg-src/proftpd/proftpd.spec 24 Oct 2006 05:46:50 -0000 1.112
+++ openpkg-src/proftpd/proftpd.spec 16 Nov 2006 21:26:52 -0000 1.113
@@ -43,7 +43,7 @@
Group: FTP
License: GPL
Version: %{V_proftpd}
-Release: 20061024
+Release: 20061116
# package options
%option with_ifsession no
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [email protected]
