OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src openpkg-web Date: 24-Sep-2003 09:16:02
Branch: OPENPKG_1_3_SOLID HEAD Handle: 2003092408160002
Modified files:
openpkg-web news.txt
Modified files: (Branch: OPENPKG_1_3_SOLID)
openpkg-src/proftpd proftpd.patch proftpd.spec
Log:
apply security bugfix
Summary:
Revision Changes Path
1.2.2.2.2.1 +131 -0 openpkg-src/proftpd/proftpd.patch
1.42.2.4.2.2+1 -1 openpkg-src/proftpd/proftpd.spec
1.6705 +1 -0 openpkg-web/news.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/proftpd/proftpd.patch
============================================================================
$ cvs diff -u -r1.2.2.2 -r1.2.2.2.2.1 proftpd.patch
--- openpkg-src/proftpd/proftpd.patch 24 Jul 2003 20:45:09 -0000 1.2.2.2
+++ openpkg-src/proftpd/proftpd.patch 24 Sep 2003 07:16:02 -0000 1.2.2.2.2.1
@@ -1,3 +1,134 @@
+Security bugfix related to
+http://xforce.iss.net/xforce/alerts/id/154
+
+--- src/data.c Wed Feb 12 20:03:36 2003
++++ src/data.c Thu Sep 18 06:00:19 2003
+@@ -114,16 +114,14 @@
+ * value and its value when this function returns
+ */
+ static void _xlate_ascii_write(char **buf, unsigned int *buflen,
+- unsigned int bufsize, unsigned int *expand) {
++ unsigned int bufsize) {
+ char *tmpbuf = *buf;
+ unsigned int tmplen = *buflen;
+ unsigned int lfcount = 0;
++ unsigned int added = 0;
+ int res = 0;
+ register unsigned int i = 0;
+
+- /* Make sure this is zero (could be a holdover from a previous call). */
+- *expand = 0;
+-
+ /* First, determine how many bare LFs are present. */
+ if (tmpbuf[0] == '\n')
+ lfcount++;
+@@ -132,6 +130,9 @@
+ if (tmpbuf[i] == '\n' && tmpbuf[i-1] != '\r')
+ lfcount++;
+
++ if (lfcount == 0)
++ return;
++
+ /* Assume that for each LF (including a leading LF), space for another
+ * char (a '\r') is needed. Determine whether there is enough space in
+ * the buffer for the adjusted data. If not, allocate a new buffer that is
+@@ -146,7 +147,7 @@
+ * would be of the same type as the operands: an unsigned int (which will
+ * never be less than zero).
+ */
+- if ((res = (bufsize - tmplen - lfcount)) < 0) {
++ if ((res = (bufsize - tmplen - lfcount)) <= 0) {
+ pool *copy_pool = make_sub_pool(session.xfer.p);
+ char *copy_buf = pcalloc(copy_pool, tmplen);
+
+@@ -180,7 +181,7 @@
+ /* Increment the number of "expanded" characters, and decrement the
+ * number of bare LFs.
+ */
+- (*expand)++;
++ added++;
+ lfcount--;
+ }
+
+@@ -188,15 +189,15 @@
+ if (tmpbuf[i] == '\n' && tmpbuf[i-1] != '\r') {
+ memmove(&(tmpbuf[i+1]), &(tmpbuf[i]), bufsize - i);
+ tmpbuf[i] = '\r';
+- (*expand)++;
++ added++;
+ lfcount--;
+ }
+ }
+
+ /* Always make sure the buffer is NUL-terminated. */
+- tmpbuf[tmplen + (*expand)] = '\0';
++ tmpbuf[tmplen + added] = '\0';
+ *buf = tmpbuf;
+- *buflen = tmplen + (*expand);
++ *buflen = tmplen + added;
+ }
+
+ static void data_new_xfer(char *filename, int direction) {
+@@ -844,41 +845,29 @@
+ * xlate ascii as necessary
+ */
+ while (cl_size) {
+- int o_size, size = cl_size;
++ int buflen = cl_size;
++ unsigned int xferbuflen;
+
+- if (size > PR_TUNABLE_BUFFER_SIZE)
+- size = PR_TUNABLE_BUFFER_SIZE;
++ if (buflen > PR_TUNABLE_BUFFER_SIZE)
++ buflen = PR_TUNABLE_BUFFER_SIZE;
+
+- o_size = size;
+- memcpy(buf, cl_buf, size);
++ xferbuflen = buflen;
++ memcpy(session.xfer.buf, cl_buf, buflen);
+
+- while (size) {
+- char *wb = buf;
+- unsigned int wsize = size, adjlen = 0;
++ if (session.sf_flags & (SF_ASCII|SF_ASCII_OVERRIDE))
++ _xlate_ascii_write(&session.xfer.buf, &xferbuflen,
++ session.xfer.bufsize);
+
+- if (session.sf_flags & (SF_ASCII|SF_ASCII_OVERRIDE))
+- _xlate_ascii_write(&wb, &wsize, session.xfer.bufsize, &adjlen);
++ if (pr_netio_write(session.d->outstrm, session.xfer.buf,
++ xferbuflen) == -1)
++ return -1;
+
+- if (pr_netio_write(session.d->outstrm, wb, wsize) == -1)
+- return -1;
+-
+- if (TimeoutStalled)
+- reset_timer(TIMER_STALLED, ANY_MODULE);
+-
+- /* Do not take any added CRs into account for the session sum. */
+- total += (wsize - adjlen);
+- size -= (wsize - adjlen);
+-
+- if (size) {
+- /* Advance the output buffer pointer into unsent buffer space. */
+- wb += wsize;
+- memcpy(buf, wb, size);
+- buf[size] = '\0';
+- }
+- }
++ if (TimeoutStalled)
++ reset_timer(TIMER_STALLED, ANY_MODULE);
+
+- cl_size -= o_size;
+- cl_buf += o_size;
++ cl_size -= buflen;
++ cl_buf += buflen;
++ total += buflen;
+ }
+
+ len = total;
+
http://www.debian.org/security/2003/dsa-338
DSA-338-1 proftpd -- SQL injection, Date Reported: 29 Jun 2003
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/proftpd/proftpd.spec
============================================================================
$ cvs diff -u -r1.42.2.4.2.1 -r1.42.2.4.2.2 proftpd.spec
--- openpkg-src/proftpd/proftpd.spec 29 Jul 2003 15:01:07 -0000 1.42.2.4.2.1
+++ openpkg-src/proftpd/proftpd.spec 24 Sep 2003 07:16:02 -0000 1.42.2.4.2.2
@@ -33,7 +33,7 @@
Group: FTP
License: GPL
Version: 1.2.8
-Release: 1.3.0
+Release: 1.3.1
# package options
%option with_mysql no
@@ .
patch -p0 <<'@@ .'
Index: openpkg-web/news.txt
============================================================================
$ cvs diff -u -r1.6704 -r1.6705 news.txt
--- openpkg-web/news.txt 24 Sep 2003 07:11:38 -0000 1.6704
+++ openpkg-web/news.txt 24 Sep 2003 07:16:00 -0000 1.6705
@@ -1,3 +1,4 @@
+24-Sep-2003: Upgraded package: P<proftpd-1.2.8-1.3.1>
24-Sep-2003: Upgraded package: P<pgadmin-0.9.3.20030924-20030924>
24-Sep-2003: Upgraded package: P<delegate-8.7.0-20030924>
24-Sep-2003: Upgraded package: P<proftpd-1.2.7-1.2.1>
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
