From patchwork Wed Oct 30 15:00:39 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matt Weber X-Patchwork-Id: 1186794 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=rockwellcollins.com Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 473BTt6pk8z9sP3 for ; Thu, 31 Oct 2019 02:00:50 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 8418987D17; Wed, 30 Oct 2019 15:00:47 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fsxCoKZGwlFM; Wed, 30 Oct 2019 15:00:45 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by hemlock.osuosl.org (Postfix) with ESMTP id B6B6087C91; Wed, 30 Oct 2019 15:00:44 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by ash.osuosl.org (Postfix) with ESMTP id 6744F1BF3CE for ; Wed, 30 Oct 2019 15:00:43 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 5F9B685E6E for ; Wed, 30 Oct 2019 15:00:43 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KrVCrVHd3kfd for ; Wed, 30 Oct 2019 15:00:42 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from da1vs05.rockwellcollins.com (da1vs05.rockwellcollins.com [205.175.227.130]) by fraxinus.osuosl.org (Postfix) with ESMTPS id DE8248360B for ; Wed, 30 Oct 2019 15:00:41 +0000 (UTC) IronPort-SDR: P0Oel2frv9Hztwp4r+E96INXLgFLenuExUL0vjLVsbLYxLzcoUmSybRiBNjLq9NLY1VWrxDK33 YZhCvdY+QLTKLwSwF0cI9YpxIkIIz2fGjz7/KiZgn4NXckMWkKRwvKfMqNw4Dm6LR0n5Xc3wzA 6qDtzGRVeXQbG1P/zepFsLIbb7DyPvXjKp0G07w7h0thGU655SoAtkCS6EuIWUA6deAvZXUMF7 nbGCTb27R6tv1BmTtp3iCKYUlmhjtPFSr4V9SKr8M8mj/AupG0xrA8UCVXrZFYPZ6SwtUEH83H 3sQ= Received: from ofwda1n02.rockwellcollins.com (HELO crulimr01.rockwellcollins.com) ([205.175.227.14]) by da1vs05.rockwellcollins.com with ESMTP; 30 Oct 2019 10:00:41 -0500 X-Received: from biscuits.rockwellcollins.lab (biscuits.rockwellcollins.lab [10.148.119.137]) by crulimr01.rockwellcollins.com (Postfix) with ESMTP id 5D88360567; Wed, 30 Oct 2019 10:00:40 -0500 (CDT) From: Matt Weber To: buildroot@buildroot.org Date: Wed, 30 Oct 2019 10:00:39 -0500 Message-Id: <20191030150039.62821-1-matthew.weber@rockwellcollins.com> X-Mailer: git-send-email 2.17.1 Subject: [Buildroot] [PATCH] package/proftpd: bump to 1.3.6b X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" This bump incorporates the changes found while preparing the 1.3.7 release and drops the CVE 2019-12815 patch which was incorporated in https://github.com/proftpd/proftpd/commit/a73dbfe3b61459e7c2806d5162b12f0957990cb3. Adjusted the site location to point at github. Signed-off-by: Matthew Weber --- package/proftpd/0002-fix-CVE-2019-12815.patch | 382 ------------------ package/proftpd/proftpd.hash | 4 +- package/proftpd/proftpd.mk | 4 +- 3 files changed, 3 insertions(+), 387 deletions(-) delete mode 100644 package/proftpd/0002-fix-CVE-2019-12815.patch diff --git a/package/proftpd/0002-fix-CVE-2019-12815.patch b/package/proftpd/0002-fix-CVE-2019-12815.patch deleted file mode 100644 index 8b56d08866..0000000000 --- a/package/proftpd/0002-fix-CVE-2019-12815.patch +++ /dev/null @@ -1,382 +0,0 @@ -From 71cd49ea82313f78d52a52d0c628a3770dc96608 Mon Sep 17 00:00:00 2001 -From: TJ Saunders -Date: Wed, 17 Jul 2019 09:25:31 -0700 -Subject: [PATCH] Bug #4372: Ensure that mod_copy checks for for its - SITE CPFR/CPTO commands. - -https://tbspace.de/cve201912815proftpd.html - -Downloaded from upstream commit -https://github.com/proftpd/proftpd/commit/d19dd64161936d70c0a1544bd2c8e90850f4b7ae - -Signed-off-by: Bernd Kuhls ---- - contrib/mod_copy.c | 36 ++- - tests/t/lib/ProFTPD/Tests/Modules/mod_copy.pm | 253 +++++++++++++++++- - 2 files changed, 285 insertions(+), 4 deletions(-) - -diff --git a/contrib/mod_copy.c b/contrib/mod_copy.c -index 26b72a91d..c8672c40d 100644 ---- a/contrib/mod_copy.c -+++ b/contrib/mod_copy.c -@@ -1,7 +1,7 @@ - /* - * ProFTPD: mod_copy -- a module supporting copying of files on the server - * without transferring the data to the client and back -- * Copyright (c) 2009-2016 TJ Saunders -+ * Copyright (c) 2009-2019 TJ Saunders - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by -@@ -657,7 +657,7 @@ MODRET copy_copy(cmd_rec *cmd) { - MODRET copy_cpfr(cmd_rec *cmd) { - register unsigned int i; - int res; -- char *path = ""; -+ char *cmd_name, *path = ""; - unsigned char *authenticated = NULL; - - if (copy_engine == FALSE) { -@@ -705,6 +705,21 @@ MODRET copy_cpfr(cmd_rec *cmd) { - path = pstrcat(cmd->tmp_pool, path, *path ? " " : "", decoded_path, NULL); - } - -+ cmd_name = cmd->argv[0]; -+ pr_cmd_set_name(cmd, "SITE_CPFR"); -+ if (!dir_check(cmd->tmp_pool, cmd, G_READ, path, NULL)) { -+ int xerrno = EPERM; -+ -+ pr_cmd_set_name(cmd, cmd_name); -+ pr_response_add_err(R_550, "%s: %s", (char *) cmd->argv[3], -+ strerror(xerrno)); -+ -+ pr_cmd_set_errno(cmd, xerrno); -+ errno = xerrno; -+ return PR_ERROR(cmd); -+ } -+ pr_cmd_set_name(cmd, cmd_name); -+ - res = pr_filter_allow_path(CURRENT_CONF, path); - switch (res) { - case 0: -@@ -758,6 +773,7 @@ MODRET copy_cpfr(cmd_rec *cmd) { - MODRET copy_cpto(cmd_rec *cmd) { - register unsigned int i; - const char *from, *to = ""; -+ char *cmd_name; - unsigned char *authenticated = NULL; - - if (copy_engine == FALSE) { -@@ -816,6 +832,20 @@ MODRET copy_cpto(cmd_rec *cmd) { - - to = dir_canonical_vpath(cmd->tmp_pool, to); - -+ cmd_name = cmd->argv[0]; -+ pr_cmd_set_name(cmd, "SITE_CPTO"); -+ if (!dir_check(cmd->tmp_pool, cmd, G_WRITE, to, NULL)) { -+ int xerrno = EPERM; -+ -+ pr_cmd_set_name(cmd, cmd_name); -+ pr_response_add_err(R_550, "%s: %s", to, strerror(xerrno)); -+ -+ pr_cmd_set_errno(cmd, xerrno); -+ errno = xerrno; -+ return PR_ERROR(cmd); -+ } -+ pr_cmd_set_name(cmd, cmd_name); -+ - if (copy_paths(cmd->tmp_pool, from, to) < 0) { - int xerrno = errno; - const char *err_code = R_550; -@@ -940,7 +970,7 @@ static conftable copy_conftab[] = { - - static cmdtable copy_cmdtab[] = { - { CMD, C_SITE, G_WRITE, copy_copy, FALSE, FALSE, CL_MISC }, -- { CMD, C_SITE, G_DIRS, copy_cpfr, FALSE, FALSE, CL_MISC }, -+ { CMD, C_SITE, G_READ, copy_cpfr, FALSE, FALSE, CL_MISC }, - { CMD, C_SITE, G_WRITE, copy_cpto, FALSE, FALSE, CL_MISC }, - { POST_CMD, C_PASS, G_NONE, copy_post_pass, FALSE, FALSE }, - { LOG_CMD, C_SITE, G_NONE, copy_log_site, FALSE, FALSE }, -diff --git a/tests/t/lib/ProFTPD/Tests/Modules/mod_copy.pm b/tests/t/lib/ProFTPD/Tests/Modules/mod_copy.pm -index 778bff839..2018e71bc 100644 ---- a/tests/t/lib/ProFTPD/Tests/Modules/mod_copy.pm -+++ b/tests/t/lib/ProFTPD/Tests/Modules/mod_copy.pm -@@ -121,6 +121,15 @@ my $TESTS = { - test_class => [qw(bug forking)], - }, - -+ copy_cpfr_config_limit_read_bug4372 => { -+ order => ++$order, -+ test_class => [qw(bug forking)], -+ }, -+ -+ copy_cpto_config_limit_write_bug4372 => { -+ order => ++$order, -+ test_class => [qw(bug forking)], -+ }, - }; - - sub new { -@@ -3248,6 +3257,12 @@ sub copy_config_limit_bug3399 { - - my ($port, $config_user, $config_group) = config_write($config_file, $config); - -+ my $config_subdir = $sub_dir; -+ if ($^O eq 'darwin') { -+ # MacOSX hack -+ $config_subdir = '/private' . $sub_dir; -+ } -+ - if (open(my $fh, ">> $config_file")) { - print $fh < -@@ -3256,7 +3271,7 @@ sub copy_config_limit_bug3399 { - - - -- -+ - - AllowAll - -@@ -3652,4 +3667,240 @@ sub copy_cpto_timeout_bug4263 { - test_cleanup($setup->{log_file}, $ex); - } - -+sub copy_cpfr_config_limit_read_bug4372 { -+ my $self = shift; -+ my $tmpdir = $self->{tmpdir}; -+ my $setup = test_setup($tmpdir, 'copy'); -+ -+ my $src_file = File::Spec->rel2abs("$tmpdir/foo.dat"); -+ if (open(my $fh, "> $src_file")) { -+ unless (close($fh)) { -+ die("Can't write $src_file: $!"); -+ } -+ -+ } else { -+ die("Can't open $src_file: $!"); -+ } -+ -+ my $config = { -+ PidFile => $setup->{pid_file}, -+ ScoreboardFile => $setup->{scoreboard_file}, -+ SystemLog => $setup->{log_file}, -+ TraceLog => $setup->{log_file}, -+ Trace => 'copy:20 timer:20', -+ -+ AuthUserFile => $setup->{auth_user_file}, -+ AuthGroupFile => $setup->{auth_group_file}, -+ TimeoutIdle => 3, -+ -+ IfModules => { -+ 'mod_delay.c' => { -+ DelayEngine => 'off', -+ }, -+ }, -+ }; -+ -+ my ($port, $config_user, $config_group) = config_write($setup->{config_file}, -+ $config); -+ -+ if (open(my $fh, ">> $setup->{config_file}")) { -+ print $fh < -+ -+ DenyAll -+ -+ -+EOC -+ unless (close($fh)) { -+ die("Can't write $setup->{config_file}: $!"); -+ } -+ -+ } else { -+ die("Can't open $setup->{config_file}: $!"); -+ } -+ -+ # Open pipes, for use between the parent and child processes. Specifically, -+ # the child will indicate when it's done with its test by writing a message -+ # to the parent. -+ my ($rfh, $wfh); -+ unless (pipe($rfh, $wfh)) { -+ die("Can't open pipe: $!"); -+ } -+ -+ my $ex; -+ -+ # Fork child -+ $self->handle_sigchld(); -+ defined(my $pid = fork()) or die("Can't fork: $!"); -+ if ($pid) { -+ eval { -+ my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port, 0, 1); -+ $client->login($setup->{user}, $setup->{passwd}); -+ -+ eval { $client->site('CPFR', 'foo.dat') }; -+ unless ($@) { -+ die("SITE CPFR succeeded unexpectedly"); -+ } -+ -+ my $resp_code = $client->response_code(); -+ my $resp_msg = $client->response_msg(); -+ -+ my $expected = 550; -+ $self->assert($expected == $resp_code, -+ test_msg("Expected response code $expected, got $resp_code")); -+ -+ $expected = 'Operation not permitted'; -+ $self->assert(qr/$expected/, $resp_msg, -+ test_msg("Expected response message '$expected', got '$resp_msg'")); -+ -+ $client->quit(); -+ }; -+ if ($@) { -+ $ex = $@; -+ } -+ -+ $wfh->print("done\n"); -+ $wfh->flush(); -+ -+ } else { -+ eval { server_wait($setup->{config_file}, $rfh, 30) }; -+ if ($@) { -+ warn($@); -+ exit 1; -+ } -+ -+ exit 0; -+ } -+ -+ # Stop server -+ server_stop($setup->{pid_file}); -+ $self->assert_child_ok($pid); -+ -+ test_cleanup($setup->{log_file}, $ex); -+} -+ -+sub copy_cpto_config_limit_write_bug4372 { -+ my $self = shift; -+ my $tmpdir = $self->{tmpdir}; -+ my $setup = test_setup($tmpdir, 'copy'); -+ -+ my $src_file = File::Spec->rel2abs("$tmpdir/foo.dat"); -+ if (open(my $fh, "> $src_file")) { -+ unless (close($fh)) { -+ die("Can't write $src_file: $!"); -+ } -+ -+ } else { -+ die("Can't open $src_file: $!"); -+ } -+ -+ my $dst_file = File::Spec->rel2abs("$tmpdir/bar.dat"); -+ -+ my $config = { -+ PidFile => $setup->{pid_file}, -+ ScoreboardFile => $setup->{scoreboard_file}, -+ SystemLog => $setup->{log_file}, -+ TraceLog => $setup->{log_file}, -+ Trace => 'copy:20 timer:20', -+ -+ AuthUserFile => $setup->{auth_user_file}, -+ AuthGroupFile => $setup->{auth_group_file}, -+ TimeoutIdle => 3, -+ -+ IfModules => { -+ 'mod_delay.c' => { -+ DelayEngine => 'off', -+ }, -+ }, -+ }; -+ -+ my ($port, $config_user, $config_group) = config_write($setup->{config_file}, -+ $config); -+ -+ if (open(my $fh, ">> $setup->{config_file}")) { -+ print $fh < -+ -+ DenyAll -+ -+ -+EOC -+ unless (close($fh)) { -+ die("Can't write $setup->{config_file}: $!"); -+ } -+ -+ } else { -+ die("Can't open $setup->{config_file}: $!"); -+ } -+ -+ # Open pipes, for use between the parent and child processes. Specifically, -+ # the child will indicate when it's done with its test by writing a message -+ # to the parent. -+ my ($rfh, $wfh); -+ unless (pipe($rfh, $wfh)) { -+ die("Can't open pipe: $!"); -+ } -+ -+ my $ex; -+ -+ # Fork child -+ $self->handle_sigchld(); -+ defined(my $pid = fork()) or die("Can't fork: $!"); -+ if ($pid) { -+ eval { -+ my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port, 0, 1); -+ $client->login($setup->{user}, $setup->{passwd}); -+ -+ my ($resp_code, $resp_msg) = $client->site('CPFR', 'foo.dat'); -+ -+ my $expected = 350; -+ $self->assert($expected == $resp_code, -+ test_msg("Expected response code $expected, got $resp_code")); -+ -+ $expected = 'File or directory exists, ready for destination name'; -+ $self->assert($expected eq $resp_msg, -+ test_msg("Expected response message '$expected', got '$resp_msg'")); -+ -+ eval { $client->site('CPTO', 'bar.dat') }; -+ unless ($@) { -+ die('SITE CPTO succeeded unexpectedly'); -+ } -+ -+ my $resp_code = $client->response_code(); -+ my $resp_msg = $client->response_msg(); -+ -+ my $expected = 550; -+ $self->assert($expected == $resp_code, -+ test_msg("Expected response code $expected, got $resp_code")); -+ -+ $expected = 'Operation not permitted'; -+ $self->assert(qr/$expected/, $resp_msg, -+ test_msg("Expected response message '$expected', got '$resp_msg'")); -+ -+ $client->quit(); -+ }; -+ if ($@) { -+ $ex = $@; -+ } -+ -+ $wfh->print("done\n"); -+ $wfh->flush(); -+ -+ } else { -+ eval { server_wait($setup->{config_file}, $rfh, 30) }; -+ if ($@) { -+ warn($@); -+ exit 1; -+ } -+ -+ exit 0; -+ } -+ -+ # Stop server -+ server_stop($setup->{pid_file}); -+ $self->assert_child_ok($pid); -+ -+ test_cleanup($setup->{log_file}, $ex); -+} -+ - 1; diff --git a/package/proftpd/proftpd.hash b/package/proftpd/proftpd.hash index 47bc8fe815..0f2acd3a20 100644 --- a/package/proftpd/proftpd.hash +++ b/package/proftpd/proftpd.hash @@ -1,5 +1,3 @@ -# From ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.6.tar.gz.md5 -md5 13270911c42aac842435f18205546a1b proftpd-1.3.6.tar.gz # Locally calculated -sha256 91ef74b143495d5ff97c4d4770c6804072a8c8eb1ad1ecc8cc541b40e152ecaf proftpd-1.3.6.tar.gz +sha256 fe5baf6c469a2b0b7f0e2611561b6fd5414300e32a76b96adb2ccfe05b5efb60 proftpd-1.3.6b.tar.gz sha256 391a473d755c29b5326fb726326ff3c37e42512f53a8f5789fc310232150bf80 COPYING diff --git a/package/proftpd/proftpd.mk b/package/proftpd/proftpd.mk index 67d8eb8c6f..da1c07b410 100644 --- a/package/proftpd/proftpd.mk +++ b/package/proftpd/proftpd.mk @@ -4,8 +4,8 @@ # ################################################################################ -PROFTPD_VERSION = 1.3.6 -PROFTPD_SITE = ftp://ftp.proftpd.org/distrib/source +PROFTPD_VERSION = 1.3.6b +PROFTPD_SITE = $(call github,proftpd,proftpd,v$(PROFTPD_VERSION)) PROFTPD_LICENSE = GPL-2.0+ PROFTPD_LICENSE_FILES = COPYING