OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 06-Sep-2005 16:04:55
Branch: OPENPKG_2_3_SOLID Handle: 2005090615045300
Modified files: (Branch: OPENPKG_2_3_SOLID)
openpkg-src/proftpd proftpd.patch proftpd.spec
Log:
apply two security fixes (CAN-2005-2390, format string bug)
Summary:
Revision Changes Path
1.7.2.1 +58 -0 openpkg-src/proftpd/proftpd.patch
1.89.2.3 +1 -1 openpkg-src/proftpd/proftpd.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/proftpd/proftpd.patch
============================================================================
$ cvs diff -u -r1.7 -r1.7.2.1 proftpd.patch
--- openpkg-src/proftpd/proftpd.patch 7 Dec 2004 12:03:07 -0000 1.7
+++ openpkg-src/proftpd/proftpd.patch 6 Sep 2005 14:04:53 -0000 1.7.2.1
@@ -91,3 +91,61 @@
+
+ return;
+}
+
+-----------------------------------------------------------------------------
+
+Security Bugfixes (CAN-2005-2390)
+http://bugs.proftpd.org/show_bug.cgi?id=2645
+http://bugs.proftpd.org/show_bug.cgi?id=2646
+
+Index: contrib/mod_sql.c
+--- contrib/mod_sql.c.orig 2004-08-03 02:44:31 +0200
++++ contrib/mod_sql.c 2005-09-06 16:02:48 +0200
+@@ -2036,7 +2036,7 @@
+ *outsp++ = 0;
+
+ /* add the response */
+- pr_response_add( c->argv[0], outs);
++ pr_response_add(c->argv[0], "%s", outs);
+
+ } while((c = find_config_next(c, c->next, CONF_PARAM, name, FALSE)) !=
NULL);
+
+@@ -2110,7 +2110,7 @@
+ *outsp++ = 0;
+
+ /* add the response */
+- pr_response_add( c->argv[0], outs);
++ pr_response_add(c->argv[0], "%s", outs);
+
+ } while((c = find_config_next(c, c->next, CONF_PARAM, name, FALSE)) !=
NULL);
+
+@@ -2201,7 +2201,7 @@
+ *outsp++ = 0;
+
+ /* add the response */
+- pr_response_add_err( c->argv[0], outs);
++ pr_response_add_err(c->argv[0], "%s", outs);
+
+ } while((c = find_config_next(c, c->next, CONF_PARAM, name, FALSE)) !=
NULL);
+
+@@ -2275,7 +2275,7 @@
+ *outsp++ = 0;
+
+ /* add the response */
+- pr_response_add( c->argv[0], outs);
++ pr_response_add(c->argv[0], "%s", outs);
+
+ } while((c = find_config_next(c, c->next, CONF_PARAM, name, FALSE)) !=
NULL);
+
+Index: src/response.c
+--- src/response.c.orig 2003-06-03 18:25:23 +0200
++++ src/response.c 2005-09-06 16:01:37 +0200
+@@ -169,7 +169,7 @@
+ buf[sizeof(buf) - 1] = '\0';
+ sstrcat(buf, "\r\n", sizeof(buf));
+
+- RESPONSE_WRITE_STR_ASYNC(session.c->outstrm, buf, strlen(buf))
++ RESPONSE_WRITE_STR_ASYNC(session.c->outstrm, "%s", buf)
+ }
+
+ void pr_response_send(const char *resp_numeric, const char *fmt, ...) {
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/proftpd/proftpd.spec
============================================================================
$ cvs diff -u -r1.89.2.2 -r1.89.2.3 proftpd.spec
--- openpkg-src/proftpd/proftpd.spec 25 Mar 2005 19:06:45 -0000 1.89.2.2
+++ openpkg-src/proftpd/proftpd.spec 6 Sep 2005 14:04:53 -0000 1.89.2.3
@@ -34,7 +34,7 @@
Group: FTP
License: GPL
Version: 1.2.10
-Release: 2.3.1
+Release: 2.3.2
# package options
%option with_ifsession no
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [email protected]
