[pkgsrc/pkgsrc-2007Q1]: pkgsrc/net/proftpd Pullup ticket 2124 - requested by ...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/pkgsrc-2007Q1]: pkgsrc/net/proftpd Pullup ticket 2124 - requested by ...
From: ghen <ghen%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 04:45:39 +0000
details:   https://anonhg.NetBSD.org/pkgsrc/rev/3ae42503a456
branches:  pkgsrc-2007Q1
changeset: 527438:3ae42503a456
user:      ghen <ghen%pkgsrc.org@localhost>
date:      Thu Jun 28 10:49:44 2007 +0000

description:
Pullup ticket 2124 - requested by lkundrak
security fix for proftpd

- pkgsrc/net/proftpd/Makefile                           1.41
- pkgsrc/net/proftpd/distinfo                           1.23
- pkgsrc/net/proftpd/patches/patch-ad                   1.3
- pkgsrc/net/proftpd/patches/patch-ae                   1.3
- pkgsrc/net/proftpd/patches/patch-af                   1.1

   Module Name:        pkgsrc
   Committed By:        lkundrak
   Date:                Tue Jun 26 23:25:57 UTC 2007

   Modified Files:
           pkgsrc/net/proftpd: Makefile distinfo
   Added Files:
           pkgsrc/net/proftpd/patches: patch-ad patch-ae patch-af

   Log Message:
   Fix for a CVE-2007-2165 security issue grabbed from upstream #2922.

diffstat:

 net/proftpd/Makefile         |    4 +-
 net/proftpd/distinfo         |    5 +-
 net/proftpd/patches/patch-ad |   22 ++
 net/proftpd/patches/patch-ae |   15 +
 net/proftpd/patches/patch-af |  398 +++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 441 insertions(+), 3 deletions(-)

diffs (truncated from 476 to 300 lines):

diff -r 207def653ca8 -r 3ae42503a456 net/proftpd/Makefile
--- a/net/proftpd/Makefile      Tue Jun 26 11:59:58 2007 +0000
+++ b/net/proftpd/Makefile      Thu Jun 28 10:49:44 2007 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.40 2007/01/24 05:22:01 martti Exp $
+# $NetBSD: Makefile,v 1.40.2.1 2007/06/28 10:49:44 ghen Exp $
 
 DISTNAME=              proftpd-1.3.1rc2
-#PKGREVISION=          1
+PKGREVISION=           1
 CATEGORIES=            net
 MASTER_SITES=          ftp://ftp.proftpd.org/distrib/source/ \
                        ftp://ftp.servus.at/ProFTPD/distrib/source/ \
diff -r 207def653ca8 -r 3ae42503a456 net/proftpd/distinfo
--- a/net/proftpd/distinfo      Tue Jun 26 11:59:58 2007 +0000
+++ b/net/proftpd/distinfo      Thu Jun 28 10:49:44 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.22 2007/01/13 09:47:38 martti Exp $
+$NetBSD: distinfo,v 1.22.2.1 2007/06/28 10:49:45 ghen Exp $
 
 SHA1 (proftpd-1.3.1rc2.tar.bz2) = 7db6435707983fe8e865064661cedb159ebc1cf6
 RMD160 (proftpd-1.3.1rc2.tar.bz2) = aa928315880cf1e9d1980850ce2bb07193d2ac46
@@ -6,3 +6,6 @@
 SHA1 (patch-aa) = d7ad034e763a2bf729c9af669c3094402bdd03b7
 SHA1 (patch-ab) = 2b6921efa11884286c022a1da7691fc971d65cca
 SHA1 (patch-ac) = a73ceb99485ea16a4b008971cba58204b8d3f90d
+SHA1 (patch-ad) = 17390cac03e1a3fb8d2ce5f854ad9d239eae40fd
+SHA1 (patch-ae) = b7a8ba05a4399438f04d976aa36535e1f02f0c41
+SHA1 (patch-af) = 5f6642a36efe9fdacefed698aba2a86b737dd953
diff -r 207def653ca8 -r 3ae42503a456 net/proftpd/patches/patch-ad
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/proftpd/patches/patch-ad      Thu Jun 28 10:49:44 2007 +0000
@@ -0,0 +1,22 @@
+$NetBSD: patch-ad,v 1.2.12.1 2007/06/28 10:49:45 ghen Exp $
+
+Part of fix for CVE-2007-2165 grabbed from upstream #2922.
+
+--- include/auth.h.orig        2007-06-27 01:13:43.000000000 +0200
++++ include/auth.h
+@@ -1,6 +1,6 @@
+ /*
+  * ProFTPD - FTP server daemon
+- * Copyright (c) 2004-2005 The ProFTPD Project team
++ * Copyright (c) 2004-2007 The ProFTPD Project team
+  *
+  * This program is free software; you can redistribute it and/or modify
+  * it under the terms of the GNU General Public License as published by
+@@ -86,6 +86,7 @@ int pr_auth_requires_pass(pool *, const 
+ config_rec *pr_auth_get_anon_config(pool *p, char **, char **, char **);
+ 
+ /* For internal use only. */
++int init_auth(void);
+ int set_groups(pool *, gid_t, array_header *);
+ 
+ #endif /* PR_MODULES_H */
diff -r 207def653ca8 -r 3ae42503a456 net/proftpd/patches/patch-ae
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/proftpd/patches/patch-ae      Thu Jun 28 10:49:44 2007 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-ae,v 1.2.12.1 2007/06/28 10:49:45 ghen Exp $
+
+Part of fix for CVE-2007-2165 grabbed from upstream #2922.
+
+--- modules/mod_core.c.orig    2007-06-27 01:13:50.000000000 +0200
++++ modules/mod_core.c
+@@ -4444,6 +4444,8 @@ static int core_sess_init(void) {
+   config_rec *c = NULL;
+   unsigned int *debug_level = NULL;
+ 
++  init_auth();
++
+   /* Check for a server-specific TimeoutIdle. */
+   c = find_config(main_server->conf, CONF_PARAM, "TimeoutIdle", FALSE);
+   if (c != NULL)
diff -r 207def653ca8 -r 3ae42503a456 net/proftpd/patches/patch-af
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/proftpd/patches/patch-af      Thu Jun 28 10:49:44 2007 +0000
@@ -0,0 +1,398 @@
+$NetBSD: patch-af,v 1.1.2.2 2007/06/28 10:49:46 ghen Exp $
+
+Part of fix for CVE-2007-2165 grabbed from upstream #2922.
+
+--- src/auth.c.orig    2007-06-27 01:13:58.000000000 +0200
++++ src/auth.c
+@@ -2,7 +2,7 @@
+  * ProFTPD - FTP server daemon
+  * Copyright (c) 1997, 1998 Public Flood Software
+  * Copyright (c) 1999, 2000 MacGyver aka Habeeb J. Dihu <macgyver%tos.net@localhost>
+- * Copyright (c) 2001-2006 The ProFTPD Project team
++ * Copyright (c) 2001-2007 The ProFTPD Project team
+  *
+  * This program is free software; you can redistribute it and/or modify
+  * it under the terms of the GNU General Public License as published by
+@@ -30,6 +30,10 @@
+ 
+ #include "conf.h"
+ 
++static pool *auth_pool = NULL;
++static pr_table_t *auth_tab = NULL;
++static const char *trace_channel = "auth";
++
+ /* The difference between this function, and pr_cmd_alloc(), is that this
+  * allocates the cmd_rec directly from the given pool, whereas pr_cmd_alloc()
+  * will allocate a subpool from the given pool, and allocate its cmd_rec
+@@ -63,7 +67,7 @@ static cmd_rec *make_cmd(pool *cp, int a
+   return c;
+ }
+ 
+-static modret_t *dispatch_auth(cmd_rec *cmd, char *match) {
++static modret_t *dispatch_auth(cmd_rec *cmd, char *match, module **m) {
+   authtable *start_tab = NULL, *iter_tab = NULL;
+   modret_t *mr = NULL;
+ 
+@@ -74,7 +78,12 @@ static modret_t *dispatch_auth(cmd_rec *
+   while (iter_tab) {
+     pr_signals_handle();
+ 
+-    pr_trace_msg("auth", 6, "dispatching auth request \"%s\" to module mod_%s",
++    if (m && *m && *m != iter_tab->m) {
++      goto next;
++    }
++
++    pr_trace_msg(trace_channel, 6,
++      "dispatching auth request \"%s\" to module mod_%s",
+       match, iter_tab->m->name);
+ 
+     mr = call_module(iter_tab->m, iter_tab->handler, cmd);
+@@ -83,9 +92,19 @@ static modret_t *dispatch_auth(cmd_rec *
+       break;
+ 
+     if (MODRET_ISHANDLED(mr) ||
+-        MODRET_ISERROR(mr))
++        MODRET_ISERROR(mr)) {
++
++      /* Return a pointer, if requested, to the module which answered the
++       * auth request.  This is used, for example, by auth_getpwnam() for
++       * associating the answering auth module with the data looked up.
++       */
++      if (m)
++        *m = iter_tab->m;
++
+       break;
++    }
+ 
++  next:
+     iter_tab = pr_stash_get_symbol(PR_SYM_AUTH, match, iter_tab,
+       &cmd->stash_index);
+ 
+@@ -106,7 +125,7 @@ void pr_auth_setpwent(pool *p) {
+   modret_t *mr = NULL;
+ 
+   cmd = make_cmd(p, 0);
+-  mr = dispatch_auth(cmd, "setpwent");
++  mr = dispatch_auth(cmd, "setpwent", NULL);
+ 
+   if (cmd->tmp_pool) {
+     destroy_pool(cmd->tmp_pool);
+@@ -121,13 +140,20 @@ void pr_auth_endpwent(pool *p) {
+   modret_t *mr = NULL;
+ 
+   cmd = make_cmd(p, 0);
+-  mr = dispatch_auth(cmd, "endpwent");
++  mr = dispatch_auth(cmd, "endpwent", NULL);
+ 
+   if (cmd->tmp_pool) {
+     destroy_pool(cmd->tmp_pool);
+     cmd->tmp_pool = NULL;
+   }
+ 
++  if (auth_tab) {
++    pr_trace_msg(trace_channel, 5, "emptying authcache");
++    (void) pr_table_empty(auth_tab);
++    (void) pr_table_free(auth_tab);
++    auth_tab = NULL;
++  }
++
+   return;
+ }
+ 
+@@ -136,7 +162,7 @@ void pr_auth_setgrent(pool *p) {
+   modret_t *mr = NULL;
+ 
+   cmd = make_cmd(p, 0);
+-  mr = dispatch_auth(cmd, "setgrent");
++  mr = dispatch_auth(cmd, "setgrent", NULL);
+ 
+   if (cmd->tmp_pool) {
+     destroy_pool(cmd->tmp_pool);
+@@ -151,7 +177,7 @@ void pr_auth_endgrent(pool *p) {
+   modret_t *mr = NULL;
+ 
+   cmd = make_cmd(p, 0);
+-  mr = dispatch_auth(cmd, "endgrent");
++  mr = dispatch_auth(cmd, "endgrent", NULL);
+ 
+   if (cmd->tmp_pool) {
+     destroy_pool(cmd->tmp_pool);
+@@ -167,7 +193,7 @@ struct passwd *pr_auth_getpwent(pool *p)
+   struct passwd *res = NULL;
+ 
+   cmd = make_cmd(p, 0);
+-  mr = dispatch_auth(cmd, "getpwent");
++  mr = dispatch_auth(cmd, "getpwent", NULL);
+ 
+   if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr))
+     res = mr->data;
+@@ -201,7 +227,7 @@ struct group *pr_auth_getgrent(pool *p) 
+   struct group *res = NULL;
+ 
+   cmd = make_cmd(p, 0);
+-  mr = dispatch_auth(cmd, "getgrent");
++  mr = dispatch_auth(cmd, "getgrent", NULL);
+ 
+   if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr))
+     res = mr->data;
+@@ -228,11 +254,13 @@ struct passwd *pr_auth_getpwnam(pool *p,
+   cmd_rec *cmd = NULL;
+   modret_t *mr = NULL;
+   struct passwd *res = NULL;
++  module *m = NULL;
+ 
+   cmd = make_cmd(p, 1, name);
+-  mr = dispatch_auth(cmd, "getpwnam");
++  mr = dispatch_auth(cmd, "getpwnam", &m);
+ 
+-  if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr))
++  if (MODRET_ISHANDLED(mr) &&
++      MODRET_HASDATA(mr))
+     res = mr->data;
+ 
+   if (cmd->tmp_pool) {
+@@ -257,6 +285,46 @@ struct passwd *pr_auth_getpwnam(pool *p,
+     return NULL;
+   }
+ 
++  if (!auth_tab && auth_pool) {
++    auth_tab = pr_table_alloc(auth_pool, 0);
++  }
++
++  if (m && auth_tab) {
++    int count = 0;
++    void *value = NULL;
++
++    value = palloc(auth_pool, sizeof(module *));
++    *((module **) value) = m;
++
++    count = pr_table_exists(auth_tab, name);
++    if (count <= 0) {
++      if (pr_table_add(auth_tab, pstrdup(auth_pool, name), value,
++          sizeof(module *)) < 0) {
++        pr_trace_msg(trace_channel, 3,
++          "error adding module 'mod_%s.c' for user '%s' to the authcache: %s",
++          m->name, name, strerror(errno));
++
++      } else {
++        pr_trace_msg(trace_channel, 5,
++          "stashed module 'mod_%s.c' for user '%s' in the authcache",
++          m->name, name);
++      }
++
++    } else {
++      if (pr_table_set(auth_tab, pstrdup(auth_pool, name), value,
++          sizeof(module *)) < 0) {
++        pr_trace_msg(trace_channel, 3,
++          "error setting module 'mod_%s.c' for user '%s' in the authcache: %s",
++          m->name, name, strerror(errno));
++
++      } else {
++        pr_trace_msg(trace_channel, 5,
++          "stashed module 'mod_%s.c' for user '%s' in the authcache",
++          m->name, name);
++      }
++    }
++  }
++
+   pr_log_debug(DEBUG10, "retrieved UID %lu for user '%s'",
+     (unsigned long) res->pw_uid, name);
+   return res;
+@@ -268,7 +336,7 @@ struct passwd *pr_auth_getpwuid(pool *p,
+   struct passwd *res = NULL;
+ 
+   cmd = make_cmd(p, 1, (void *) &uid);
+-  mr = dispatch_auth(cmd, "getpwuid");
++  mr = dispatch_auth(cmd, "getpwuid", NULL);
+ 
+   if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr))
+     res = mr->data;
+@@ -306,7 +374,7 @@ struct group *pr_auth_getgrnam(pool *p, 
+   struct group *res = NULL;
+ 
+   cmd = make_cmd(p, 1, name);
+-  mr = dispatch_auth(cmd, "getgrnam");
++  mr = dispatch_auth(cmd, "getgrnam", NULL);
+ 
+   if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr))
+     res = mr->data;
+@@ -339,7 +407,7 @@ struct group *pr_auth_getgrgid(pool *p, 
+   struct group *res = NULL;
+ 
+   cmd = make_cmd(p, 1, (void *) &gid);
Prev by Date: [pkgsrc/trunk]: pkgsrc/doc The pkgsrc-2007Q1 branch has been created.
Next by Date: [pkgsrc/trunk]: pkgsrc/doc Updated mail/sylpheed-devel to 2.4.0beta7
Previous by Thread: [pkgsrc/trunk]: pkgsrc/doc The pkgsrc-2007Q1 branch has been created.
Next by Thread: [pkgsrc/trunk]: pkgsrc/doc Updated mail/sylpheed-devel to 2.4.0beta7
Indexes:
Home | Main Index | Thread Index | Old Index