Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2015-06-02 10:07:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "proftpd" Changes: -------- --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2014-09-03 20:48:29.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.proftpd.new/proftpd.changes 2015-06-02 10:07:42.000000000 +0200 @@ -1,0 +2,14 @@ +Sun May 31 18:54:45 UTC 2015 - ch...@computersalat.de + +- fix for boo#927290 (CVE-2015-3306) +- update to 1.3.5a: + See http://www.proftpd.org/docs/NEWS-1.3.5a +- rebase patches + * proftpd-ftpasswd.patch + * proftpd-no_BuildDate.patch +- remove gpg-offline dependency +- fix permissions on passwd file + * unable to use world-readable AuthUserFile '.../passwd' (perms 0644): + * 0644 -> 0440 + +------------------------------------------------------------------- Old: ---- proftpd-1.3.5.tar.gz proftpd-1.3.5.tar.gz.asc New: ---- proftpd-1.3.5a.tar.gz proftpd-1.3.5a.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ proftpd.spec ++++++ --- /var/tmp/diff_new_pack.UvFclE/_old 2015-06-02 10:07:43.000000000 +0200 +++ /var/tmp/diff_new_pack.UvFclE/_new 2015-06-02 10:07:43.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package proftpd # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ Group: Productivity/Networking/Ftp/Servers # Please save your time and do not update to "rc" versions. # We only accept updates for "STABLE" Versions -Version: 1.3.5 +Version: 1.3.5a Release: 0 Url: http://www.proftpd.org/ Source0: ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz @@ -43,7 +43,7 @@ #PATCH-FIX-openSUSE: file-contains-date-and-time Patch104: %{name}-no_BuildDate.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: gpg-offline +#BuildRequires: gpg-offline BuildRequires: krb5-devel BuildRequires: libacl-devel BuildRequires: libattr-devel @@ -134,14 +134,14 @@ Here are Documentation for ProFTPD %prep -%gpg_verify %{S:1} +#gpg_verify %{S:1} %setup -q %{__rm} README.AIX %patch100 %patch101 %patch102 %patch103 -%patch104 -p1 +%patch104 %build rm contrib/mod_wrap.c @@ -188,7 +188,7 @@ # some needed dirs %{__install} -d $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/{conf.d,auth} -%{__install} -m 0644 %{S:12} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/auth/passwd +%{__install} -m 0440 %{S:12} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/auth/passwd %{__install} -d -m 0750 $RPM_BUILD_ROOT/var/log/%{name} %if 0%{?has_systemd} @@ -265,7 +265,7 @@ %doc sample-configurations/*.conf %dir %attr(0755,root,root) %{_sysconfdir}/%{name}/ %dir %attr(0750,ftp,ftp) %{_sysconfdir}/%{name}/auth/ -%config(noreplace) %attr(0644,root,ftp) %{_sysconfdir}/%{name}/auth/passwd +%config(noreplace) %attr(0440,root,ftp) %{_sysconfdir}/%{name}/auth/passwd %dir %attr(0755,root,root) %{_sysconfdir}/%{name}/conf.d %config(noreplace) %attr(0640,root,root) %{_sysconfdir}/%{name}/%{name}.conf %{_sysconfdir}/%{name}/PROFTPD-MIB.txt ++++++ proftpd-1.3.5.tar.gz -> proftpd-1.3.5a.tar.gz ++++++ /work/SRC/openSUSE:Factory/proftpd/proftpd-1.3.5.tar.gz /work/SRC/openSUSE:Factory/.proftpd.new/proftpd-1.3.5a.tar.gz differ: char 5, line 1 ++++++ proftpd-ftpasswd.patch ++++++ --- /var/tmp/diff_new_pack.UvFclE/_old 2015-06-02 10:07:43.000000000 +0200 +++ /var/tmp/diff_new_pack.UvFclE/_new 2015-06-02 10:07:43.000000000 +0200 @@ -2,7 +2,7 @@ =================================================================== --- contrib/ftpasswd.orig +++ contrib/ftpasswd -@@ -33,8 +33,8 @@ use Getopt::Long; +@@ -34,8 +34,8 @@ use Getopt::Long; $Getopt::Long::auto_abbrev = 0; my $program = basename($0); @@ -13,7 +13,7 @@ my $shell_file = "/etc/shells"; my $default_cracklib_dict = "/usr/lib/cracklib_dict"; my $cracklib_dict; -@@ -921,6 +921,46 @@ usage: $program [--help] [--hash|--group +@@ -1074,6 +1074,46 @@ usage: $program [--help] [--hash|--group --version Displays the version of $program. ++++++ proftpd-no_BuildDate.patch ++++++ --- /var/tmp/diff_new_pack.UvFclE/_old 2015-06-02 10:07:43.000000000 +0200 +++ /var/tmp/diff_new_pack.UvFclE/_new 2015-06-02 10:07:43.000000000 +0200 @@ -5,10 +5,10 @@ src/main.c | 6 ++---- 4 files changed, 9 insertions(+), 15 deletions(-) -Index: proftpd-1.3.5/Makefile.in +Index: Makefile.in =================================================================== ---- proftpd-1.3.5.orig/Makefile.in 2012-10-02 18:10:23.000000000 +0100 -+++ proftpd-1.3.5/Makefile.in 2014-09-01 20:12:57.000000000 +0100 +--- Makefile.in.orig ++++ Makefile.in @@ -24,28 +24,26 @@ BUILD_BIN=proftpd$(EXEEXT) ftpcount$(EXE all: $(BUILD_BIN) @@ -44,10 +44,10 @@ @dirs="$(DIRS)"; \ for dir in $$dirs; do \ if [ -d "$$dir" ]; then cd $$dir/ && $(MAKE); fi; \ -Index: proftpd-1.3.5/contrib/mod_snmp/db.c +Index: contrib/mod_snmp/db.c =================================================================== ---- proftpd-1.3.5.orig/contrib/mod_snmp/db.c 2014-01-27 17:32:16.000000000 +0000 -+++ proftpd-1.3.5/contrib/mod_snmp/db.c 2014-09-01 23:08:18.000000000 +0100 +--- contrib/mod_snmp/db.c.orig ++++ contrib/mod_snmp/db.c @@ -1122,7 +1122,7 @@ int snmp_db_get_value(pool *p, unsigned return 0; @@ -57,21 +57,21 @@ *str_valuelen = strlen(*str_value); pr_trace_msg(trace_channel, 19, -Index: proftpd-1.3.5/include/version.h +Index: include/version.h =================================================================== ---- proftpd-1.3.5.orig/include/version.h 2014-05-15 16:53:13.000000000 +0100 -+++ proftpd-1.3.5/include/version.h 2014-09-01 20:12:57.000000000 +0100 +--- include/version.h.orig ++++ include/version.h @@ -1,5 +1,3 @@ -#include "buildstamp.h" - /* Application version (in various forms) */ - #define PROFTPD_VERSION_NUMBER 0x0001030505 - #define PROFTPD_VERSION_TEXT "1.3.5" -Index: proftpd-1.3.5/src/main.c + #define PROFTPD_VERSION_NUMBER 0x0001030507 + #define PROFTPD_VERSION_TEXT "1.3.5a" +Index: src/main.c =================================================================== ---- proftpd-1.3.5.orig/src/main.c 2014-01-25 16:34:09.000000000 +0000 -+++ proftpd-1.3.5/src/main.c 2014-09-01 20:12:57.000000000 +0100 -@@ -2382,8 +2382,8 @@ static void standalone_main(void) { +--- src/main.c.orig ++++ src/main.c +@@ -2426,8 +2426,8 @@ static void standalone_main(void) { init_bindings(); @@ -82,7 +82,7 @@ pr_pidfile_write(); daemon_loop(); -@@ -2438,7 +2438,6 @@ static void show_settings(void) { +@@ -2482,7 +2482,6 @@ static void show_settings(void) { printf("%s", " Platform: " PR_PLATFORM " [unknown]\n"); #endif /* !HAVE_UNAME */ @@ -90,7 +90,7 @@ printf("%s", " Built With:\n configure " PR_BUILD_OPTS "\n\n"); printf("%s", " CFLAGS: " PR_BUILD_CFLAGS "\n"); -@@ -2956,7 +2955,6 @@ int main(int argc, char *argv[], char ** +@@ -3000,7 +2999,6 @@ int main(int argc, char *argv[], char ** printf("ProFTPD Version: %s", PROFTPD_VERSION_TEXT " " PR_STATUS "\n"); printf(" Scoreboard Version: %08x\n", PR_SCOREBOARD_VERSION);