Saturday den 27 June 2015 klockan 19:27 skrev Adam D. Barratt detta: > On Sat, 2015-06-27 at 19:47 +0200, Mats Erik Andersson wrote: > > was recently uncovered to produce a denial of service, > > as was demonstrated in #788331. > > That bug should be closed in the changelog.
Right, for unstable it was closed by 0.17.35+0.3-2. While at it, I added a 'found' also for the presently relevant version 0.17.33+0.3-1. > +linux-ftpd-ssl (0.17.33+0.3-1deb8u1) jessie; urgency=medium > > That should be 0.17.33+0.3-1+deb8u1. Corrected. > > since the error is present ever since at least June, 2010 > > [sic!], I would like to propose an update also to the stable > > Please go ahead, thanks (bearing in mind the notes above). I have uploaded a built package to 'mentors.debian.net'. It is the only location known to be accessible to me. Tell me if I should deposit the package somewhere else. The new deb diff is attached. > Have you considered preparing updates for wheezy and squeeze-lts? Yes, but I need to prepare clean build environments to do so. Best regards, Mats E A
diff -Nru linux-ftpd-ssl-0.17.33+0.3/debian/changelog linux-ftpd-ssl-0.17.33+0.3/debian/changelog --- linux-ftpd-ssl-0.17.33+0.3/debian/changelog 2011-04-20 03:47:23.000000000 +0200 +++ linux-ftpd-ssl-0.17.33+0.3/debian/changelog 2015-06-27 22:27:06.000000000 +0200 @@ -1,3 +1,11 @@ +linux-ftpd-ssl (0.17.33+0.3-1+deb8u1) jessie; urgency=medium + + * QA Upload + * NLST of empty directory results in segfault. (Closes: #788331) + + debian/patches/500-ssl.diff: Updated. + + -- Mats Erik Andersson <mats.anders...@gisladisker.se> Sat, 27 Jun 2015 22:17:53 +0200 + linux-ftpd-ssl (0.17.33+0.3-1) unstable; urgency=low * Update to linux-ftpd 0.17-33. diff -Nru linux-ftpd-ssl-0.17.33+0.3/debian/patches/500-ssl.diff linux-ftpd-ssl-0.17.33+0.3/debian/patches/500-ssl.diff --- linux-ftpd-ssl-0.17.33+0.3/debian/patches/500-ssl.diff 2011-04-20 03:47:23.000000000 +0200 +++ linux-ftpd-ssl-0.17.33+0.3/debian/patches/500-ssl.diff 2015-06-16 13:46:42.000000000 +0200 @@ -3,7 +3,7 @@ Origin: ftp://ftp.uni-mainz.de/pub/software/security/ssl/SSL-MZapps/linux-ftpd-0.17+ssl-0.3.diff.gz Forwarded: not-needed Author: Tim Hudson <t...@cryptsoft.com> -Last-Update: 2010-06-21 +Last-Update: 2015-06-11 Index: linux-ftpd-ssl/ftpd/Makefile =================================================================== @@ -917,10 +917,12 @@ byte_count += strlen(nbuf) + 1; } } -@@ -2705,6 +3193,13 @@ +@@ -2704,8 +3193,16 @@ + reply(226, "Transfer complete."); transflag = 0; - if (dout != NULL) +- if (dout != NULL) ++ if (dout != NULL) { +#ifdef USE_SSL + if (ssl_data_active_flag && (ssl_data_con!=NULL)) { + SSL_free(ssl_data_con); @@ -929,8 +931,10 @@ + } +#endif /* USE_SSL */ (void) fclose(dout); ++ } data = -1; pdata = -1; + out: @@ -2792,3 +3287,223 @@ } #endif /* TCPWRAPPERS */
