[CVS] OpenPKG: openpkg-src/proftpd/ proftpd.patch proftpd.spec

Fri, 13 Apr 2007 12:23:30 -0700 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /v/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   13-Apr-2007 21:24:07
  Branch: HEAD                             Handle: 2007041320240600

  Modified files:
    openpkg-src/proftpd     proftpd.patch proftpd.spec

  Log:
    MFE:
    Security Fix (CVE-2006-6171)
    Security Fix (CVE-2006-6563)

  Summary:
    Revision    Changes     Path
    1.22        +52 -0      openpkg-src/proftpd/proftpd.patch
    1.126       +1  -1      openpkg-src/proftpd/proftpd.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/proftpd/proftpd.patch
  ============================================================================
  $ cvs diff -u -r1.21 -r1.22 proftpd.patch
  --- openpkg-src/proftpd/proftpd.patch 19 Jan 2007 12:49:16 -0000      1.21
  +++ openpkg-src/proftpd/proftpd.patch 13 Apr 2007 19:24:06 -0000      1.22
  @@ -214,6 +214,7 @@
   -----------------------------------------------------------------------------
   
   Security Fix (CVE-2006-5815, according to CVE, but vendor thinks differently)
  +Security Fix (CVE-2006-6171, according to OpenPKG GmbH information)
   
   Index: src/main.c
   --- src/main.c.orig  2006-03-15 20:41:01 +0100
  @@ -1279,3 +1280,54 @@
   +  MOD_AUTH_FILE_VERSION
    };
    
  + 
  +-----------------------------------------------------------------------------
  +
  +Security Fix (CVE-2006-6563)
  +
  +Index: src/ctrls.c
  +--- src/ctrls.c.orig 2005-11-11 22:05:32 +0100
  ++++ src/ctrls.c      2006-12-15 23:30:05 +0100
  +@@ -526,11 +526,20 @@
  +     return -1;
  +   }
  + 
  ++  if (reqarglen >= sizeof(reqaction)) {
  ++    pr_signals_unblock();
  ++    errno = ENOMEM;
  ++    return -1;
  ++  }
  ++
  ++  memset(reqaction, '\0', sizeof(reqaction));
  ++
  +   if (read(cl->cl_fd, reqaction, reqarglen) < 0) {
  +     pr_signals_unblock();
  +     return -1;
  +   }
  + 
  ++  reqaction[sizeof(reqaction)-1] = '\0';
  +   nreqargs--;
  + 
  +   /* Find a matching action object, and use it to populate a ctrl object,
  +@@ -649,17 +658,16 @@
  +       return -1;
  +     }
  + 
  +-    memset(response, '\0', sizeof(response));
  +-
  +     /* Make sure resparglen is not too big */
  +-    if (resparglen > sizeof(response)) {
  ++    if (resparglen >= sizeof(response)) {
  +       pr_signals_unblock();
  +       errno = ENOMEM;
  +       return -1;
  +     }
  + 
  +-    bread = read(ctrls_sockfd, response, resparglen);
  ++    memset(response, '\0', sizeof(response));
  + 
  ++    bread = read(ctrls_sockfd, response, resparglen);
  +     while (bread != resparglen) {
  +       if (bread < 0) {
  +         pr_signals_unblock(); 
  +
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/proftpd/proftpd.spec
  ============================================================================
  $ cvs diff -u -r1.125 -r1.126 proftpd.spec
  --- openpkg-src/proftpd/proftpd.spec  20 Jan 2007 13:41:12 -0000      1.125
  +++ openpkg-src/proftpd/proftpd.spec  13 Apr 2007 19:24:06 -0000      1.126
  @@ -44,7 +44,7 @@
   Group:        FTP
   License:      GPL
   Version:      %{V_proftpd}
  -Release:      20070120
  +Release:      20070413
   
   #   package options
   %option       with_ifsession  no
  @@ .
______________________________________________________________________
OpenPKG                                             http://openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]

Reply via email to