Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2020-02-25 16:05:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "proftpd" Tue Feb 25 16:05:25 2020 rev:39 rq:778858 version:1.3.6c Changes: -------- --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2020-02-03 11:14:35.301883447 +0100 +++ /work/SRC/openSUSE:Factory/.proftpd.new.26092/proftpd.changes 2020-02-25 16:05:55.768455730 +0100 @@ -1,0 +2,18 @@ +Mon Feb 24 17:06:07 UTC 2020 - ch...@computersalat.de + +- fix for boo#1164572 (CVE-2020-9272, gh#902) +- fix for boo#1164574 (CVE-2020-9273, gh#903) +- update to 1.3.6c + * Fixed regression in directory listing latency (Issue #863). + * Detect OpenSSH-specific formatted SFTPHostKeys, and log hint for + converting them to supported format. + * Fixed use-after-free vulnerability during data transfers (Issue #903). + * Fixed out-of-bounds read in mod_cap by updating the bundled libcap + (Issue #902). +- remove obsolete proftpd-tls-crls-issue859.patch +- rebase patches + * proftpd-ftpasswd.patch + * proftpd-no_BuildDate.patch + * proftpd_env-script-interpreter.patch + +------------------------------------------------------------------- Old: ---- proftpd-1.3.6b.tar.gz proftpd-1.3.6b.tar.gz.asc proftpd-tls-crls-issue859.patch New: ---- proftpd-1.3.6c.tar.gz proftpd-1.3.6c.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ proftpd.spec ++++++ --- /var/tmp/diff_new_pack.0vDl7H/_old 2020-02-25 16:05:57.448459246 +0100 +++ /var/tmp/diff_new_pack.0vDl7H/_new 2020-02-25 16:05:57.452459255 +0100 @@ -22,7 +22,7 @@ # We only accept updates for "STABLE" Versions License: GPL-2.0-or-later Group: Productivity/Networking/Ftp/Servers -Version: 1.3.6b +Version: 1.3.6c Release: 0 URL: http://www.proftpd.org/ Source0: ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz @@ -47,8 +47,6 @@ Patch104: %{name}-no_BuildDate.patch #RPMLINT-FIX-openSUSE: env-script-interpreter Patch105: %{name}_env-script-interpreter.patch -#PATCH-FIX-UPSTREAM: (CVE-2019-19269, CVE-2019-19270) -Patch200: %{name}-tls-crls-issue859.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build #BuildRequires: gpg-offline BuildRequires: fdupes @@ -157,8 +155,6 @@ %patch104 %patch105 -%patch200 -p1 - %build rm contrib/mod_wrap.c rm contrib/mod_geoip.c ++++++ proftpd-1.3.6b.tar.gz -> proftpd-1.3.6c.tar.gz ++++++ /work/SRC/openSUSE:Factory/proftpd/proftpd-1.3.6b.tar.gz /work/SRC/openSUSE:Factory/.proftpd.new.26092/proftpd-1.3.6c.tar.gz differ: char 17, line 1 ++++++ proftpd-ftpasswd.patch ++++++ --- /var/tmp/diff_new_pack.0vDl7H/_old 2020-02-25 16:05:57.496459347 +0100 +++ /var/tmp/diff_new_pack.0vDl7H/_new 2020-02-25 16:05:57.496459347 +0100 @@ -13,7 +13,7 @@ my $shell_file = "/etc/shells"; my $default_cracklib_dict = "/usr/lib/cracklib_dict"; my $cracklib_dict; -@@ -1109,6 +1109,46 @@ usage: $program [--help] [--hash|--group +@@ -1128,6 +1128,46 @@ usage: $program [--help] [--hash|--group --version Displays the version of $program. ++++++ proftpd-no_BuildDate.patch ++++++ --- /var/tmp/diff_new_pack.0vDl7H/_old 2020-02-25 16:05:57.520459396 +0100 +++ /var/tmp/diff_new_pack.0vDl7H/_new 2020-02-25 16:05:57.520459396 +0100 @@ -65,13 +65,13 @@ -#include "buildstamp.h" - /* Application version (in various forms) */ - #define PROFTPD_VERSION_NUMBER 0x0001030607 - #define PROFTPD_VERSION_TEXT "1.3.6b" + #define PROFTPD_VERSION_NUMBER 0x0001030608 + #define PROFTPD_VERSION_TEXT "1.3.6c" Index: src/main.c =================================================================== --- src/main.c.orig +++ src/main.c -@@ -1891,8 +1891,8 @@ static void standalone_main(void) { +@@ -1893,8 +1893,8 @@ static void standalone_main(void) { init_bindings(); @@ -82,7 +82,7 @@ if (pr_pidfile_write() < 0) { fprintf(stderr, "error opening PidFile '%s': %s\n", pr_pidfile_get(), -@@ -1952,7 +1952,6 @@ static void show_settings(void) { +@@ -1954,7 +1954,6 @@ static void show_settings(void) { printf("%s", " Platform: " PR_PLATFORM " [unknown]\n"); #endif /* !HAVE_UNAME */ @@ -90,7 +90,7 @@ printf("%s", " Built With:\n configure " PR_BUILD_OPTS "\n\n"); printf("%s", " CFLAGS: " PR_BUILD_CFLAGS "\n"); -@@ -2532,7 +2531,6 @@ int main(int argc, char *argv[], char ** +@@ -2534,7 +2533,6 @@ int main(int argc, char *argv[], char ** printf("ProFTPD Version: %s", PROFTPD_VERSION_TEXT " " PR_STATUS "\n"); printf(" Scoreboard Version: %08x\n", PR_SCOREBOARD_VERSION); ++++++ proftpd_env-script-interpreter.patch ++++++ --- /var/tmp/diff_new_pack.0vDl7H/_old 2020-02-25 16:05:57.648459665 +0100 +++ /var/tmp/diff_new_pack.0vDl7H/_new 2020-02-25 16:05:57.648459665 +0100 @@ -6,7 +6,7 @@ -#!/usr/bin/env perl +#!/usr/bin/perl # --------------------------------------------------------------------------- - # Copyright (C) 2000-2015 TJ Saunders <t...@castaglia.org> + # Copyright (C) 2000-2020 TJ Saunders <t...@castaglia.org> # Index: contrib/ftpmail ===================================================================