packages/proftpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!30 Update to 1.3.8b for fix CVE-2023-51713,CVE-2023-48795

Browse Source 
From: @wk333 
Reviewed-by: @caodongxia 
Signed-off-by: @caodongxia
This commit is contained in:
openeuler-ci-bot 2023-12-26 11:33:54 +00:00 committed by Gitee
commit aa1b182edf
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
9 changed files with 131 additions and 117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules.conf
View File

@ -171,6 +171,10 @@ LoadModule mod_vroot.c
LoadModule mod_qos.c
</IfDefine>
# Attempt to generate a unique ID for every FTP session
# (http://www.proftpd.org/docs/contrib/mod_unique_id.html)
# LoadModule mod_unique_id.c
#
# Provide a flexible way of specifying that certain configuration directives
# only apply to certain sessions, based on credentials such as connection
# class, user, or group membership

25
proftpd-1.3.7a-Adjusting-unit-test-timeouts-for-netacl.patch
View File

@ -1,25 +0,0 @@
From 27d632208163a73a0501e595fcdef0302cb44d8c Mon Sep 17 00:00:00 2001
From: eaglegai <eaglegai@163.com>
Date: Tue, 1 Jun 2021 17:21:55 +0800
Subject: [PATCH] proftpd 1.3.7a Adjusting unit test timeouts for netacl
---
tests/api/netacl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tests/api/netacl.c b/tests/api/netacl.c
index c4da486..86b628d 100644
--- a/tests/api/netacl.c
+++ b/tests/api/netacl.c
@@ -894,6 +894,8 @@ Suite *tests_get_netacl_suite(void) {
tcase_add_test(testcase, netacl_match_test);
tcase_add_test(testcase, netacl_get_negated_test);
+ tcase_set_timeout(testcase, 60);
+
suite_add_tcase(suite, testcase);
return suite;
}
--
1.8.3.1

84
proftpd-1.3.7a-fix-environment-sensitive-tests-failure.patch
View File

@ -1,84 +0,0 @@
diff -ruNa proftpd-1.3.7a/tests/api/netacl.c proftpd-1.3.7a-fix/tests/api/netacl.c
--- proftpd-1.3.7a/tests/api/netacl.c 2020-07-22 01:25:51.000000000 +0800
+++ proftpd-1.3.7a-fix/tests/api/netacl.c 2021-01-13 14:44:00.679322360 +0800
@@ -773,8 +773,10 @@
res = pr_netacl_match(acl, addr);
if (getenv("CI") == NULL &&
getenv("TRAVIS") == NULL) {
- fail_unless(res == 1, "Failed to positively match ACL to addr: %s",
- strerror(errno));
+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
+ fail_unless(res == 1, "Failed to positively match ACL to addr: %s",
+ strerror(errno));
+ }
}
if (!have_localdomain) {
@@ -790,8 +790,10 @@
res = pr_netacl_match(acl, addr);
if (getenv("CI") == NULL &&
getenv("TRAVIS") == NULL) {
- fail_unless(res == -1, "Failed to negatively match ACL to addr: %s",
- strerror(errno));
+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
+ fail_unless(res == -1, "Failed to negatively match ACL to addr: %s",
+ strerror(errno));
+ }
}
acl_str = "!www.google.com";
@@ -816,8 +816,10 @@
res = pr_netacl_match(acl, addr);
if (getenv("CI") == NULL &&
getenv("TRAVIS") == NULL) {
- fail_unless(res == 1, "Failed to positively match ACL to addr: %s",
- strerror(errno));
+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
+ fail_unless(res == 1, "Failed to positively match ACL to addr: %s",
+ strerror(errno));
+ }
}
if (!have_localdomain) {
@@ -833,8 +835,10 @@
res = pr_netacl_match(acl, addr);
if (getenv("CI") == NULL &&
getenv("TRAVIS") == NULL) {
- fail_unless(res == -1, "Failed to negatively match ACL to addr: %s",
- strerror(errno));
+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
+ fail_unless(res == -1, "Failed to negatively match ACL to addr: %s",
+ strerror(errno));
+ }
}
acl_str = "!www.g*g.com";
diff -ruNa proftpd-1.3.7a/tests/api/netaddr.c proftpd-1.3.7a-fix/tests/api/netaddr.c
--- proftpd-1.3.7a/tests/api/netaddr.c 2021-01-13 14:30:47.467322360 +0800
+++ proftpd-1.3.7a-fix/tests/api/netaddr.c 2021-01-13 14:42:45.851322360 +0800
@@ -417,7 +417,9 @@
if (getenv("CI") == NULL &&
getenv("TRAVIS") == NULL) {
/* This test is sensitive the environment. */
- fail_unless(res == TRUE, "Expected TRUE, got %d", res);
+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
+ fail_unless(res == TRUE, "Expected TRUE, got %d", res);
+ }
}
flags = PR_NETADDR_MATCH_IP;
@@ -879,9 +881,11 @@
if (getenv("CI") == NULL &&
getenv("TRAVIS") == NULL) {
/* This test is sensitive the environment. */
- fail_unless(strcmp(res, "localhost") == 0 ||
- strcmp(res, "localhost.localdomain") == 0,
- "Expected '%s', got '%s'", "localhost or localhost.localdomain", res);
+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
+ fail_unless(strcmp(res, "localhost") == 0 ||
+ strcmp(res, "localhost.localdomain") == 0,
+ "Expected '%s', got '%s'", "localhost or localhost.localdomain", res);
+ }
}
}
END_TEST

105
proftpd-1.3.8-fix-environment-sensitive-tests-failure.patch Normal file
View File

@ -0,0 +1,105 @@
From cb0e408e8b82fa8c198d9dd95e5818d8431e9fd5 Mon Sep 17 00:00:00 2001
From: chen-jan <chen_aka_jan@163.com>
Date: Tue, 11 Apr 2023 16:55:34 +0800
Subject: [PATCH] proftpd-1.3.8-fix-environment-sensitive-tests-failure
---
tests/api/netacl.c | 8 ++++++++
tests/api/netaddr.c | 6 ++++++
2 files changed, 14 insertions(+)
diff --git a/tests/api/netacl.c b/tests/api/netacl.c
index e4b0431..b91ecdb 100644
--- a/tests/api/netacl.c
+++ b/tests/api/netacl.c
@@ -775,8 +775,10 @@ START_TEST (netacl_match_test) {
res = pr_netacl_match(acl, addr);
if (getenv("CI") == NULL &&
getenv("TRAVIS") == NULL) {
+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
ck_assert_msg(res == 1, "Failed to positively match ACL to addr: %s",
strerror(errno));
+ }
}
if (!have_localdomain) {
@@ -793,8 +795,10 @@ START_TEST (netacl_match_test) {
res = pr_netacl_match(acl, addr);
if (getenv("CI") == NULL &&
getenv("TRAVIS") == NULL) {
+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
ck_assert_msg(res == -1, "Failed to negatively match ACL to addr: %s",
strerror(errno));
+ }
}
acl_str = "!www.google.com";
@@ -820,8 +824,10 @@ START_TEST (netacl_match_test) {
res = pr_netacl_match(acl, addr);
if (getenv("CI") == NULL &&
getenv("TRAVIS") == NULL) {
+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
ck_assert_msg(res == 1, "Failed to positively match ACL to addr: %s",
strerror(errno));
+ }
}
if (!have_localdomain) {
@@ -838,8 +844,10 @@ START_TEST (netacl_match_test) {
res = pr_netacl_match(acl, addr);
if (getenv("CI") == NULL &&
getenv("TRAVIS") == NULL) {
+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
ck_assert_msg(res == -1, "Failed to negatively match ACL to addr: %s",
strerror(errno));
+ }
}
acl_str = "!www.g*g.com";
diff --git a/tests/api/netaddr.c b/tests/api/netaddr.c
index e79b06c..b7dbeaf 100644
--- a/tests/api/netaddr.c
+++ b/tests/api/netaddr.c
@@ -424,8 +424,10 @@ START_TEST (netaddr_fnmatch_test) {
res = pr_netaddr_fnmatch(addr, "LOCAL*", flags);
if (getenv("CI") == NULL &&
getenv("TRAVIS") == NULL) {
+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
/* This test is sensitive the environment. */
ck_assert_msg(res == TRUE, "Expected TRUE, got %d", res);
+ }
}
flags = PR_NETADDR_MATCH_IP;
@@ -887,10 +889,12 @@ START_TEST (netaddr_get_dnsstr_test) {
*/
if (getenv("CI") == NULL &&
getenv("TRAVIS") == NULL) {
+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
/* This test is sensitive the environment. */
ck_assert_msg(strcmp(res, "localhost") == 0 ||
strcmp(res, "localhost.localdomain") == 0,
"Expected '%s', got '%s'", "localhost or localhost.localdomain", res);
+ }
}
}
END_TEST
@@ -1011,6 +1015,7 @@ START_TEST (netaddr_get_dnsstr_ipv6_test) {
*/
if (getenv("CI") == NULL &&
getenv("TRAVIS") == NULL) {
+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
ck_assert_msg(strcmp(res, "localhost") == 0 ||
strcmp(res, "localhost.localdomain") == 0 ||
strcmp(res, "localhost6") == 0 ||
@@ -1019,6 +1024,7 @@ START_TEST (netaddr_get_dnsstr_ipv6_test) {
strcmp(res, "ip6-loopback") == 0 ||
strcmp(res, ip) == 0,
"Expected '%s', got '%s'", "localhost, localhost.localdomain et al", res);
+ }
}
}
END_TEST
--
2.39.1

2
proftpd-1.3.7-shellbang.patch → proftpd-1.3.8-shellbang.patch
View File

@ -4,7 +4,7 @@
-#!/usr/bin/env perl
+#!/usr/bin/perl
# ---------------------------------------------------------------------------
# Copyright (C) 2000-2020 TJ Saunders <tj@castaglia.org>
# Copyright (C) 2000-2021 TJ Saunders <tj@castaglia.org>
#
--- contrib/ftpmail
+++ contrib/ftpmail

BIN
proftpd-1.3.7c.tar.gz → proftpd-1.3.8b.tar.gz
View File

Binary file not shown.

28
proftpd.spec
View File

@ -16,13 +16,13 @@
# Dynamic modules contain references to symbols in main daemon, so we need to disable linker checks for undefined symbols
%undefine _strict_symbol_defs_build
%global mod_vroot_version 0.9.9
%global mod_vroot_version 0.9.11
%global vendor %{?_vendor:%{_vendor}}%{!?_vendor:openEuler}
Name: proftpd
Version: 1.3.7c
Release: 4
Version: 1.3.8b
Release: 1
Summary: Flexible, stable and highly-configurable FTP server
License: GPLv2+
URL: http://www.proftpd.org/
@ -38,14 +38,13 @@ Source8: proftpd-welcome.msg
Source9: proftpd.sysconfig
Source10: http://github.com/Castaglia/proftpd-mod_vroot/archive/v%{mod_vroot_version}.tar.gz
Patch1: proftpd-1.3.7-shellbang.patch
Patch1: proftpd-1.3.8-shellbang.patch
Patch2: proftpd.conf-no-memcached.patch
Patch3: proftpd-1.3.4rc1-mod_vroot-test.patch
Patch4: proftpd-1.3.6-no-mod-wrap.patch
Patch5: proftpd-1.3.6-no-mod-geoip.patch
Patch6: proftpd-1.3.7rc3-logging-not-systemd.patch
Patch7: proftpd-1.3.7a-Adjusting-unit-test-timeouts-for-netacl.patch
Patch8: proftpd-1.3.7a-fix-environment-sensitive-tests-failure.patch
Patch8: proftpd-1.3.8-fix-environment-sensitive-tests-failure.patch
BuildRequires: coreutils
BuildRequires: gcc
@ -70,6 +69,10 @@ BuildRequires: sqlite-devel
BuildRequires: tar
BuildRequires: zlib-devel
BuildRequires: chrpath
BuildRequires: libidn2-devel
BuildRequires: libmemcached-devel >= 0.41
BuildRequires: pcre2-devel >= 10.30
BuildRequires: tcp_wrappers-devel
# Test suite requirements
BuildRequires: check-devel
@ -143,6 +146,10 @@ Requires: postgresql-devel
%endif
Requires: sqlite-devel
Requires: zlib-devel
Requires: libmemcached-devel >= 0.41
Requires: pcre2-devel >= 10.30
Requires: tcp_wrappers-devel
%description devel
This package is required to build additional modules for ProFTPD.
@ -242,7 +249,6 @@ sed -i -e '/killall/s/test.*/systemctl reload proftpd.service/' \
%patch6
%endif
%patch7 -p1
%patch8 -p1
# Avoid docfile dependencies
@ -272,6 +278,8 @@ SMOD7=mod_unique_id
--libexecdir="%{_libexecdir}/proftpd" \
--localstatedir="%{rundir}/proftpd" \
--disable-strip \
--enable-memcache \
--enable-pcre2 \
--enable-ctrls \
--enable-dso \
--enable-facl \
@ -527,6 +535,12 @@ fi
%{_mandir}/man1/ftpwho.1*
%changelog
* Tue Dec 26 2023 wangkai <13474090681@163.com> - 1.3.8b-1
- Update to 1.3.8b for fix CVE-2023-51713,CVE-2023-48795
* Tue Apr 11 2023 chenchen <chen_aka_jan@163.com> - 1.3.8-1
- Update to 1.3.8
* Fri Nov 18 2022 caodongxia <caodongxia@h-partners.com> - 1.3.7c-4
- Replace openEuler with vendor macro

BIN
v0.9.11.tar.gz Normal file
View File

Binary file not shown.

BIN
v0.9.9.tar.gz
View File

Binary file not shown.