Hello community, here is the log from the commit of package proftpd for openSUSE:Leap:15.2 checked in at 2020-03-02 13:25:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/proftpd (Old) and /work/SRC/openSUSE:Leap:15.2/.proftpd.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "proftpd" Mon Mar 2 13:25:56 2020 rev:14 rq:780761 version:1.3.6c Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/proftpd/proftpd.changes 2020-01-15 15:45:29.331324986 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.proftpd.new.26092/proftpd.changes 2020-03-02 13:26:03.898721372 +0100 @@ -1,0 +2,24 @@ +Mon Feb 24 17:06:07 UTC 2020 - [email protected] + +- fix for boo#1164572 (CVE-2020-9272, gh#902) +- fix for boo#1164574 (CVE-2020-9273, gh#903) +- update to 1.3.6c + * Fixed regression in directory listing latency (Issue #863). + * Detect OpenSSH-specific formatted SFTPHostKeys, and log hint for + converting them to supported format. + * Fixed use-after-free vulnerability during data transfers (Issue #903). + * Fixed out-of-bounds read in mod_cap by updating the bundled libcap + (Issue #902). +- remove obsolete proftpd-tls-crls-issue859.patch +- rebase patches + * proftpd-ftpasswd.patch + * proftpd-no_BuildDate.patch + * proftpd_env-script-interpreter.patch + +------------------------------------------------------------------- +Sat Feb 1 17:25:05 UTC 2020 - [email protected] + +- cleanup tls.template + * remove deprecated NoCertRequest from TLSOptions + +------------------------------------------------------------------- Old: ---- proftpd-1.3.6b.tar.gz proftpd-1.3.6b.tar.gz.asc proftpd-tls-crls-issue859.patch New: ---- proftpd-1.3.6c.tar.gz proftpd-1.3.6c.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ proftpd.spec ++++++ --- /var/tmp/diff_new_pack.jKuNEE/_old 2020-03-02 13:26:04.482722533 +0100 +++ /var/tmp/diff_new_pack.jKuNEE/_new 2020-03-02 13:26:04.486722541 +0100 @@ -1,7 +1,7 @@ # # spec file for package proftpd # -# Copyright (c) 2019 SUSE LLC +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ # We only accept updates for "STABLE" Versions License: GPL-2.0-or-later Group: Productivity/Networking/Ftp/Servers -Version: 1.3.6b +Version: 1.3.6c Release: 0 URL: http://www.proftpd.org/ Source0: ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz @@ -47,8 +47,6 @@ Patch104: %{name}-no_BuildDate.patch #RPMLINT-FIX-openSUSE: env-script-interpreter Patch105: %{name}_env-script-interpreter.patch -#PATCH-FIX-UPSTREAM: (CVE-2019-19269, CVE-2019-19270) -Patch200: %{name}-tls-crls-issue859.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build #BuildRequires: gpg-offline BuildRequires: fdupes @@ -157,8 +155,6 @@ %patch104 %patch105 -%patch200 -p1 - %build rm contrib/mod_wrap.c rm contrib/mod_geoip.c ++++++ proftpd-1.3.6b.tar.gz -> proftpd-1.3.6c.tar.gz ++++++ /work/SRC/openSUSE:Leap:15.2/proftpd/proftpd-1.3.6b.tar.gz /work/SRC/openSUSE:Leap:15.2/.proftpd.new.26092/proftpd-1.3.6c.tar.gz differ: char 17, line 1 ++++++ proftpd-ftpasswd.patch ++++++ --- /var/tmp/diff_new_pack.jKuNEE/_old 2020-03-02 13:26:04.514722597 +0100 +++ /var/tmp/diff_new_pack.jKuNEE/_new 2020-03-02 13:26:04.514722597 +0100 @@ -13,7 +13,7 @@ my $shell_file = "/etc/shells"; my $default_cracklib_dict = "/usr/lib/cracklib_dict"; my $cracklib_dict; -@@ -1109,6 +1109,46 @@ usage: $program [--help] [--hash|--group +@@ -1128,6 +1128,46 @@ usage: $program [--help] [--hash|--group --version Displays the version of $program. ++++++ proftpd-no_BuildDate.patch ++++++ --- /var/tmp/diff_new_pack.jKuNEE/_old 2020-03-02 13:26:04.530722628 +0100 +++ /var/tmp/diff_new_pack.jKuNEE/_new 2020-03-02 13:26:04.530722628 +0100 @@ -65,13 +65,13 @@ -#include "buildstamp.h" - /* Application version (in various forms) */ - #define PROFTPD_VERSION_NUMBER 0x0001030607 - #define PROFTPD_VERSION_TEXT "1.3.6b" + #define PROFTPD_VERSION_NUMBER 0x0001030608 + #define PROFTPD_VERSION_TEXT "1.3.6c" Index: src/main.c =================================================================== --- src/main.c.orig +++ src/main.c -@@ -1891,8 +1891,8 @@ static void standalone_main(void) { +@@ -1893,8 +1893,8 @@ static void standalone_main(void) { init_bindings(); @@ -82,7 +82,7 @@ if (pr_pidfile_write() < 0) { fprintf(stderr, "error opening PidFile '%s': %s\n", pr_pidfile_get(), -@@ -1952,7 +1952,6 @@ static void show_settings(void) { +@@ -1954,7 +1954,6 @@ static void show_settings(void) { printf("%s", " Platform: " PR_PLATFORM " [unknown]\n"); #endif /* !HAVE_UNAME */ @@ -90,7 +90,7 @@ printf("%s", " Built With:\n configure " PR_BUILD_OPTS "\n\n"); printf("%s", " CFLAGS: " PR_BUILD_CFLAGS "\n"); -@@ -2532,7 +2531,6 @@ int main(int argc, char *argv[], char ** +@@ -2534,7 +2533,6 @@ int main(int argc, char *argv[], char ** printf("ProFTPD Version: %s", PROFTPD_VERSION_TEXT " " PR_STATUS "\n"); printf(" Scoreboard Version: %08x\n", PR_SCOREBOARD_VERSION); ++++++ proftpd-tls.template ++++++ --- /var/tmp/diff_new_pack.jKuNEE/_old 2020-03-02 13:26:04.558722684 +0100 +++ /var/tmp/diff_new_pack.jKuNEE/_new 2020-03-02 13:26:04.558722684 +0100 @@ -7,19 +7,19 @@ </IfModule> <IfModule mod_tls.c> - TLSEngine on - TLSLog /var/log/proftpd/tls.log + TLSEngine on + TLSLog /var/log/proftpd/tls.log # Support both SSLv3 and TLSv1, but they should not be used # (known to be weak) - TLSProtocol TLSv1.1 TLSv1.2 + TLSProtocol TLSv1.1 TLSv1.2 # Are clients required to use FTP over TLS when talking to this server? - TLSRequired off + TLSRequired off # Server's RSA certificate - TLSRSACertificateFile /etc/proftpd/ssl/proftpd.cert.pem - TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key.pem + TLSRSACertificateFile /etc/proftpd/ssl/proftpd.cert.pem + TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key.pem # CA (or CA chain) to verify client certs #TLSCACertificateFile /etc/proftpd/ssl/proftpd.cacert.pem @@ -28,15 +28,15 @@ TLSCertificateChainFile /etc/proftpd/ssl/proftpd.cacert.pem # Authenticate clients that want to use FTP over TLS? - TLSVerifyClient off + TLSVerifyClient off # Allow SSL/TLS renegotiations when the client requests them, but # do not force the renegotations. Some clients do not support # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these # clients will close the data connection, or there will be a timeout # on an idle data connection. - TLSRenegotiate none + TLSRenegotiate none # Should Server request a Clients Certificate and send valid CA list ? - TLSOptions NoCertRequest NoSessionReuseRequired + TLSOptions NoSessionReuseRequired </IfModule> ++++++ proftpd_env-script-interpreter.patch ++++++ --- /var/tmp/diff_new_pack.jKuNEE/_old 2020-03-02 13:26:04.630722827 +0100 +++ /var/tmp/diff_new_pack.jKuNEE/_new 2020-03-02 13:26:04.630722827 +0100 @@ -6,7 +6,7 @@ -#!/usr/bin/env perl +#!/usr/bin/perl # --------------------------------------------------------------------------- - # Copyright (C) 2000-2015 TJ Saunders <[email protected]> + # Copyright (C) 2000-2020 TJ Saunders <[email protected]> # Index: contrib/ftpmail ===================================================================
