!30 Update to 1.3.8b for fix CVE-2023-51713,CVE-2023-48795

From: @wk333 
Reviewed-by: @caodongxia 
Signed-off-by: @caodongxia

modules.conf

@@ -171,6 +171,10 @@ LoadModule mod_vroot.c
   LoadModule                    mod_qos.c
 </IfDefine>
 
+# Attempt to generate a unique ID for every FTP session
+# (http://www.proftpd.org/docs/contrib/mod_unique_id.html)
+#   LoadModule mod_unique_id.c
+#
 # Provide a flexible way of specifying that certain configuration directives
 # only apply to certain sessions, based on credentials such as connection
 # class, user, or group membership

proftpd-1.3.7a-Adjusting-unit-test-timeouts-for-netacl.patch

@@ -1,25 +0,0 @@
-From 27d632208163a73a0501e595fcdef0302cb44d8c Mon Sep 17 00:00:00 2001
-From: eaglegai <eaglegai@163.com>
-Date: Tue, 1 Jun 2021 17:21:55 +0800
-Subject: [PATCH] proftpd 1.3.7a Adjusting unit test timeouts for netacl
-
----
- tests/api/netacl.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/tests/api/netacl.c b/tests/api/netacl.c
-index c4da486..86b628d 100644
---- a/tests/api/netacl.c
-+++ b/tests/api/netacl.c
-@@ -894,6 +894,8 @@ Suite *tests_get_netacl_suite(void) {
-   tcase_add_test(testcase, netacl_match_test);
-   tcase_add_test(testcase, netacl_get_negated_test);
- 
-+  tcase_set_timeout(testcase, 60);
-+
-   suite_add_tcase(suite, testcase);
-   return suite;
- }
--- 
-1.8.3.1
-

proftpd-1.3.7a-fix-environment-sensitive-tests-failure.patch

@@ -1,84 +0,0 @@
-diff -ruNa proftpd-1.3.7a/tests/api/netacl.c proftpd-1.3.7a-fix/tests/api/netacl.c
---- proftpd-1.3.7a/tests/api/netacl.c   2020-07-22 01:25:51.000000000 +0800
-+++ proftpd-1.3.7a-fix/tests/api/netacl.c       2021-01-13 14:44:00.679322360 +0800
-@@ -773,8 +773,10 @@
-   res = pr_netacl_match(acl, addr);
-   if (getenv("CI") == NULL &&
-       getenv("TRAVIS") == NULL) {
--    fail_unless(res == 1, "Failed to positively match ACL to addr: %s",
--      strerror(errno));
-+    if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
-+      fail_unless(res == 1, "Failed to positively match ACL to addr: %s",
-+        strerror(errno));
-+    }
-   }
-
-   if (!have_localdomain) {
-@@ -790,8 +790,10 @@
-   res = pr_netacl_match(acl, addr);
-   if (getenv("CI") == NULL &&
-       getenv("TRAVIS") == NULL) {
--    fail_unless(res == -1, "Failed to negatively match ACL to addr: %s",
--      strerror(errno));
-+    if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
-+      fail_unless(res == -1, "Failed to negatively match ACL to addr: %s",
-+        strerror(errno));
-+    }
-   }
-
-   acl_str = "!www.google.com";
-@@ -816,8 +816,10 @@
-   res = pr_netacl_match(acl, addr);
-   if (getenv("CI") == NULL &&
-       getenv("TRAVIS") == NULL) {
--    fail_unless(res == 1, "Failed to positively match ACL to addr: %s",
--      strerror(errno));
-+    if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
-+      fail_unless(res == 1, "Failed to positively match ACL to addr: %s",
-+        strerror(errno));
-+    }
-   }
-
-   if (!have_localdomain) {
-@@ -833,8 +835,10 @@
-   res = pr_netacl_match(acl, addr);
-   if (getenv("CI") == NULL &&
-       getenv("TRAVIS") == NULL) {
--    fail_unless(res == -1, "Failed to negatively match ACL to addr: %s",
--      strerror(errno));
-+    if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
-+      fail_unless(res == -1, "Failed to negatively match ACL to addr: %s",
-+        strerror(errno));
-+    }
-   }
-
-   acl_str = "!www.g*g.com";
-diff -ruNa proftpd-1.3.7a/tests/api/netaddr.c proftpd-1.3.7a-fix/tests/api/netaddr.c
---- proftpd-1.3.7a/tests/api/netaddr.c  2021-01-13 14:30:47.467322360 +0800
-+++ proftpd-1.3.7a-fix/tests/api/netaddr.c      2021-01-13 14:42:45.851322360 +0800
-@@ -417,7 +417,9 @@
-   if (getenv("CI") == NULL &&
-       getenv("TRAVIS") == NULL) {
-     /* This test is sensitive the environment. */
--    fail_unless(res == TRUE, "Expected TRUE, got %d", res);
-+    if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
-+      fail_unless(res == TRUE, "Expected TRUE, got %d", res);
-+    }
-   }
-
-   flags = PR_NETADDR_MATCH_IP;
-@@ -879,9 +881,11 @@
-   if (getenv("CI") == NULL &&
-       getenv("TRAVIS") == NULL) {
-     /* This test is sensitive the environment. */
--    fail_unless(strcmp(res, "localhost") == 0 ||
--                strcmp(res, "localhost.localdomain") == 0,
--      "Expected '%s', got '%s'", "localhost or localhost.localdomain", res);
-+    if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
-+      fail_unless(strcmp(res, "localhost") == 0 ||
-+                  strcmp(res, "localhost.localdomain") == 0,
-+        "Expected '%s', got '%s'", "localhost or localhost.localdomain", res);
-+    }
-   }
- }
- END_TEST

proftpd-1.3.8-fix-environment-sensitive-tests-failure.patch

@@ -0,0 +1,105 @@
+From cb0e408e8b82fa8c198d9dd95e5818d8431e9fd5 Mon Sep 17 00:00:00 2001
+From: chen-jan <chen_aka_jan@163.com>
+Date: Tue, 11 Apr 2023 16:55:34 +0800
+Subject: [PATCH] proftpd-1.3.8-fix-environment-sensitive-tests-failure
+
+---
+ tests/api/netacl.c  | 8 ++++++++
+ tests/api/netaddr.c | 6 ++++++
+ 2 files changed, 14 insertions(+)
+
+diff --git a/tests/api/netacl.c b/tests/api/netacl.c
+index e4b0431..b91ecdb 100644
+--- a/tests/api/netacl.c
++++ b/tests/api/netacl.c
+@@ -775,8 +775,10 @@ START_TEST (netacl_match_test) {
+   res = pr_netacl_match(acl, addr);
+   if (getenv("CI") == NULL &&
+       getenv("TRAVIS") == NULL) {
++     if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
+     ck_assert_msg(res == 1, "Failed to positively match ACL to addr: %s",
+       strerror(errno));
++     }
+   }
+ 
+   if (!have_localdomain) {
+@@ -793,8 +795,10 @@ START_TEST (netacl_match_test) {
+   res = pr_netacl_match(acl, addr);
+   if (getenv("CI") == NULL &&
+       getenv("TRAVIS") == NULL) {
++     if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
+     ck_assert_msg(res == -1, "Failed to negatively match ACL to addr: %s",
+       strerror(errno));
++     }
+   }
+ 
+   acl_str = "!www.google.com";
+@@ -820,8 +824,10 @@ START_TEST (netacl_match_test) {
+   res = pr_netacl_match(acl, addr);
+   if (getenv("CI") == NULL &&
+       getenv("TRAVIS") == NULL) {
++     if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
+     ck_assert_msg(res == 1, "Failed to positively match ACL to addr: %s",
+       strerror(errno));
++     }
+   }
+ 
+   if (!have_localdomain) {
+@@ -838,8 +844,10 @@ START_TEST (netacl_match_test) {
+   res = pr_netacl_match(acl, addr);
+   if (getenv("CI") == NULL &&
+       getenv("TRAVIS") == NULL) {
++     if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
+     ck_assert_msg(res == -1, "Failed to negatively match ACL to addr: %s",
+       strerror(errno));
++     }
+   }
+ 
+   acl_str = "!www.g*g.com";
+diff --git a/tests/api/netaddr.c b/tests/api/netaddr.c
+index e79b06c..b7dbeaf 100644
+--- a/tests/api/netaddr.c
++++ b/tests/api/netaddr.c
+@@ -424,8 +424,10 @@ START_TEST (netaddr_fnmatch_test) {
+   res = pr_netaddr_fnmatch(addr, "LOCAL*", flags);
+   if (getenv("CI") == NULL &&
+       getenv("TRAVIS") == NULL) {
++     if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
+     /* This test is sensitive the environment. */
+     ck_assert_msg(res == TRUE, "Expected TRUE, got %d", res);
++    }
+   }
+ 
+   flags = PR_NETADDR_MATCH_IP;
+@@ -887,10 +889,12 @@ START_TEST (netaddr_get_dnsstr_test) {
+    */
+   if (getenv("CI") == NULL &&
+       getenv("TRAVIS") == NULL) {
++     if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
+     /* This test is sensitive the environment. */
+     ck_assert_msg(strcmp(res, "localhost") == 0 ||
+                 strcmp(res, "localhost.localdomain") == 0,
+       "Expected '%s', got '%s'", "localhost or localhost.localdomain", res);
++     }
+   }
+ }
+ END_TEST
+@@ -1011,6 +1015,7 @@ START_TEST (netaddr_get_dnsstr_ipv6_test) {
+    */
+   if (getenv("CI") == NULL &&
+       getenv("TRAVIS") == NULL) {
++     if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
+     ck_assert_msg(strcmp(res, "localhost") == 0 ||
+                 strcmp(res, "localhost.localdomain") == 0 ||
+                 strcmp(res, "localhost6") == 0 ||
+@@ -1019,6 +1024,7 @@ START_TEST (netaddr_get_dnsstr_ipv6_test) {
+                 strcmp(res, "ip6-loopback") == 0 ||
+                 strcmp(res, ip) == 0,
+       "Expected '%s', got '%s'", "localhost, localhost.localdomain et al", res);
++     }
+   }
+ }
+ END_TEST
+-- 
+2.39.1
+

proftpd-1.3.8-shellbang.patch

@@ -4,7 +4,7 @@
 -#!/usr/bin/env perl
 +#!/usr/bin/perl
  # ---------------------------------------------------------------------------
- # Copyright (C) 2000-2020 TJ Saunders <tj@castaglia.org>
+ # Copyright (C) 2000-2021 TJ Saunders <tj@castaglia.org>
  #
 --- contrib/ftpmail
 +++ contrib/ftpmail

proftpd.spec

@@ -16,13 +16,13 @@
 # Dynamic modules contain references to symbols in main daemon, so we need to disable linker checks for undefined symbols
 %undefine _strict_symbol_defs_build
 
-%global mod_vroot_version 0.9.9
+%global mod_vroot_version 0.9.11
 
 %global vendor %{?_vendor:%{_vendor}}%{!?_vendor:openEuler}
 
 Name:			proftpd
-Version:		1.3.7c
+Version:		1.3.8b
-Release:		4
+Release:		1
 Summary:		Flexible, stable and highly-configurable FTP server
 License:		GPLv2+
 URL:			http://www.proftpd.org/
@@ -38,14 +38,13 @@ Source8:		proftpd-welcome.msg
 Source9:		proftpd.sysconfig
 Source10:		http://github.com/Castaglia/proftpd-mod_vroot/archive/v%{mod_vroot_version}.tar.gz
 
-Patch1:			proftpd-1.3.7-shellbang.patch
+Patch1:			proftpd-1.3.8-shellbang.patch
 Patch2:			proftpd.conf-no-memcached.patch
 Patch3:			proftpd-1.3.4rc1-mod_vroot-test.patch
 Patch4:			proftpd-1.3.6-no-mod-wrap.patch
 Patch5:			proftpd-1.3.6-no-mod-geoip.patch
 Patch6:			proftpd-1.3.7rc3-logging-not-systemd.patch
-Patch7: 		proftpd-1.3.7a-Adjusting-unit-test-timeouts-for-netacl.patch
+Patch8:			proftpd-1.3.8-fix-environment-sensitive-tests-failure.patch
-Patch8: 		proftpd-1.3.7a-fix-environment-sensitive-tests-failure.patch
 
 BuildRequires:		coreutils
 BuildRequires:		gcc
@@ -70,6 +69,10 @@ BuildRequires:		sqlite-devel
 BuildRequires:		tar
 BuildRequires:		zlib-devel
 BuildRequires:		chrpath
+BuildRequires:		libidn2-devel
+BuildRequires:		libmemcached-devel >= 0.41
+BuildRequires:		pcre2-devel >= 10.30
+BuildRequires:		tcp_wrappers-devel
 
 # Test suite requirements
 BuildRequires:		check-devel
@@ -143,6 +146,10 @@ Requires:	postgresql-devel
 %endif
 Requires:	sqlite-devel
 Requires:	zlib-devel
+Requires:	libmemcached-devel >= 0.41
+Requires:	pcre2-devel >= 10.30
+Requires:	tcp_wrappers-devel
+
 
 %description devel
 This package is required to build additional modules for ProFTPD.
@@ -242,7 +249,6 @@ sed -i -e '/killall/s/test.*/systemctl reload proftpd.service/' \
 %patch6
 %endif
 
-%patch7 -p1
 %patch8 -p1
 
 # Avoid docfile dependencies
@@ -272,6 +278,8 @@ SMOD7=mod_unique_id
 			--libexecdir="%{_libexecdir}/proftpd" \
 			--localstatedir="%{rundir}/proftpd" \
 			--disable-strip \
+			--enable-memcache \
+			--enable-pcre2 \
 			--enable-ctrls \
 			--enable-dso \
 			--enable-facl \
@@ -527,6 +535,12 @@ fi
 %{_mandir}/man1/ftpwho.1*
 
 %changelog
+* Tue Dec 26 2023 wangkai <13474090681@163.com> - 1.3.8b-1
+- Update to 1.3.8b for fix CVE-2023-51713,CVE-2023-48795
+
+* Tue Apr 11 2023 chenchen <chen_aka_jan@163.com> - 1.3.8-1
+- Update to 1.3.8
+
 * Fri Nov 18 2022 caodongxia <caodongxia@h-partners.com> - 1.3.7c-4
 - Replace openEuler with vendor macro