Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2019-11-04 17:15:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new.2990 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "proftpd" Mon Nov 4 17:15:40 2019 rev:35 rq:745042 version:1.3.6 Changes: -------- --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2019-10-07 14:14:28.186831560 +0200 +++ /work/SRC/openSUSE:Factory/.proftpd.new.2990/proftpd.changes 2019-11-04 17:15:55.552871323 +0100 @@ -1,0 +2,6 @@ +Sat Nov 2 18:12:51 UTC 2019 - Martin Hauke <[email protected]> + +- Add missing Requires(pre): group(ftp) for Leap 15 and Tumbleweed +- Add missing Requires(pre): user(ftp) for Leap 15 and Tumbleweed + +------------------------------------------------------------------- @@ -4,0 +11,12 @@ + +------------------------------------------------------------------- +Fri Aug 2 14:52:48 UTC 2019 - [email protected] + +- fix for boo#1142281 (CVE-2019-12815, bpo#4372) + arbitrary file copy in mod_copy allows for remote code execution + and information disclosure without authentication +- add patch + * proftpd-CVE-2019-12815.patch + taken from: + - http://bugs.proftpd.org/show_bug.cgi?id=4372 + - https://github.com/proftpd/proftpd/commit/a73dbfe3b61459e7c2806d5162b12f0957990cb3 New: ---- proftpd-CVE-2019-12815.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ proftpd.spec ++++++ --- /var/tmp/diff_new_pack.5AnolL/_old 2019-11-04 17:15:56.548872387 +0100 +++ /var/tmp/diff_new_pack.5AnolL/_new 2019-11-04 17:15:56.556872396 +0100 @@ -45,6 +45,8 @@ Patch103: %{name}-strip.patch #PATCH-FIX-openSUSE: file-contains-date-and-time Patch104: %{name}-no_BuildDate.patch +#PATCH-CVE-Backport: CVE-2019-12815 (bpo#4372) +Patch106: %{name}-CVE-2019-12815.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build #BuildRequires: gpg-offline BuildRequires: fdupes @@ -63,7 +65,6 @@ BuildRequires: unixODBC-devel BuildRequires: pkgconfig(libssl) < 1.1 Requires: logrotate - %if 0%{?lang_package:1} > 0 Recommends: %{name}-lang %endif @@ -75,6 +76,10 @@ %else Requires(pre): %insserv_prereq %endif +%if 0%{?suse_version} >= 1330 +Requires(pre): group(ftp) +Requires(pre): user(ftp) +%endif %description ProFTPD is a configurable FTP daemon for Unix and Unix-like @@ -148,6 +153,7 @@ %patch102 %patch103 %patch104 +%patch106 %build rm contrib/mod_wrap.c ++++++ proftpd-CVE-2019-12815.patch ++++++ Fix for CVE-2019-12815 http://bugs.proftpd.org/show_bug.cgi?id=4372 https://github.com/proftpd/proftpd/commit/a73dbfe3b61459e7c2806d5162b12f0957990cb3 Index: contrib/mod_copy.c =================================================================== --- contrib/mod_copy.c.orig +++ contrib/mod_copy.c @@ -1,7 +1,7 @@ /* * ProFTPD: mod_copy -- a module supporting copying of files on the server * without transferring the data to the client and back - * Copyright (c) 2009-2016 TJ Saunders + * Copyright (c) 2009-2019 TJ Saunders * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -657,7 +657,7 @@ MODRET copy_copy(cmd_rec *cmd) { MODRET copy_cpfr(cmd_rec *cmd) { register unsigned int i; int res; - char *path = ""; + char *cmd_name, *path = ""; unsigned char *authenticated = NULL; if (copy_engine == FALSE) { @@ -705,6 +705,21 @@ MODRET copy_cpfr(cmd_rec *cmd) { path = pstrcat(cmd->tmp_pool, path, *path ? " " : "", decoded_path, NULL); } + cmd_name = cmd->argv[0]; + pr_cmd_set_name(cmd, "SITE_CPFR"); + if (!dir_check(cmd->tmp_pool, cmd, G_READ, path, NULL)) { + int xerrno = EPERM; + + pr_cmd_set_name(cmd, cmd_name); + pr_response_add_err(R_550, "%s: %s", (char *) cmd->argv[3], + strerror(xerrno)); + + pr_cmd_set_errno(cmd, xerrno); + errno = xerrno; + return PR_ERROR(cmd); + } + pr_cmd_set_name(cmd, cmd_name); + res = pr_filter_allow_path(CURRENT_CONF, path); switch (res) { case 0: @@ -758,6 +773,7 @@ MODRET copy_cpfr(cmd_rec *cmd) { MODRET copy_cpto(cmd_rec *cmd) { register unsigned int i; const char *from, *to = ""; + char *cmd_name; unsigned char *authenticated = NULL; if (copy_engine == FALSE) { @@ -816,6 +832,20 @@ MODRET copy_cpto(cmd_rec *cmd) { to = dir_canonical_vpath(cmd->tmp_pool, to); + cmd_name = cmd->argv[0]; + pr_cmd_set_name(cmd, "SITE_CPTO"); + if (!dir_check(cmd->tmp_pool, cmd, G_WRITE, to, NULL)) { + int xerrno = EPERM; + + pr_cmd_set_name(cmd, cmd_name); + pr_response_add_err(R_550, "%s: %s", to, strerror(xerrno)); + + pr_cmd_set_errno(cmd, xerrno); + errno = xerrno; + return PR_ERROR(cmd); + } + pr_cmd_set_name(cmd, cmd_name); + if (copy_paths(cmd->tmp_pool, from, to) < 0) { int xerrno = errno; const char *err_code = R_550; @@ -940,7 +970,7 @@ static conftable copy_conftab[] = { static cmdtable copy_cmdtab[] = { { CMD, C_SITE, G_WRITE, copy_copy, FALSE, FALSE, CL_MISC }, - { CMD, C_SITE, G_DIRS, copy_cpfr, FALSE, FALSE, CL_MISC }, + { CMD, C_SITE, G_READ, copy_cpfr, FALSE, FALSE, CL_MISC }, { CMD, C_SITE, G_WRITE, copy_cpto, FALSE, FALSE, CL_MISC }, { POST_CMD, C_PASS, G_NONE, copy_post_pass, FALSE, FALSE }, { LOG_CMD, C_SITE, G_NONE, copy_log_site, FALSE, FALSE },
