Package: proftpd-dfsg / 1.3.6-4+deb10u6

Metadata

Package Version Patches format
proftpd-dfsg 1.3.6-4+deb10u6 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
autotools | (download)

Make.rules.in | 6 3 + 3 - 0 !
Makefile.in | 8 4 + 4 - 0 !
contrib/mod_dnsbl/Makefile.in | 5 3 + 2 - 0 !
contrib/mod_load/Makefile.in | 4 2 + 2 - 0 !
contrib/mod_sftp/Makefile.in | 4 2 + 2 - 0 !
contrib/mod_snmp/Makefile.in | 4 2 + 2 - 0 !
contrib/mod_wrap2/Makefile.in | 4 2 + 2 - 0 !
7 files changed, 18 insertions(+), 17 deletions(-)

 do not touch config.h.in and stamp-h.in. also export dpkg build flags.
change_pam_name | (download)

modules/mod_auth_pam.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 change pam name ftp -> proftpd
ftpasswd.cracklib.location | (download)

contrib/ftpasswd | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 change the default location of the cracklib dictionaries
 to match their Debian location
quotatab_modules | (download)

README.mod_quotatab | 354 354 + 0 - 0 !
diskuse | 232 232 + 0 - 0 !
diskuse.html | 103 103 + 0 - 0 !
3 files changed, 689 insertions(+)

 add mod_quotatab module
mod_sql_mysql.c | (download)

contrib/mod_sql_mysql.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 use mysql/mysql.h instead of mysql.h
mod_wrap_noparanoid | (download)

contrib/mod_wrap.c | 3 1 + 2 - 0 !
1 file changed, 1 insertion(+), 2 deletions(-)

 avoid builtin paranoid checking in libwrap.
ftpstats | (download)

contrib/xferstats.holger-preiss | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fixes default xferlog pathname in ftpstats
mod_cap | (download)

lib/libcap/Makefile | 2 1 + 1 - 0 !
modules/mod_cap.c | 6 2 + 4 - 0 !
2 files changed, 3 insertions(+), 5 deletions(-)

 removed obsolete embedded sys/capability.h header
 inclusion in mod_cap.c modules. Also it avoids building of the obsolete
 embedded libpcap.
odbc | (download)

contrib/mod_sql_odbc.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 manage automagically unixodbc library linking
reproducible_build | (download)

Makefile.in | 8 7 + 1 - 0 !
1 file changed, 7 insertions(+), 1 deletion(-)

---
spelling_errors | (download)

contrib/mod_ldap.c | 2 1 + 1 - 0 !
contrib/mod_sftp/date.c | 2 1 + 1 - 0 !
contrib/mod_sftp/keys.c | 6 3 + 3 - 0 !
contrib/mod_tls.c | 6 3 + 3 - 0 !
doc/utils/ftpwho.html | 2 1 + 1 - 0 !
utils/ftpwho.1.in | 2 1 + 1 - 0 !
6 files changed, 10 insertions(+), 10 deletions(-)

 fixed some spelling errors in sources
upstream_4335 | (download)

contrib/mod_auth_otp/crypto.c | 7 2 + 5 - 0 !
1 file changed, 2 insertions(+), 5 deletions(-)

 [patch] bug #4335: mod_auth_otp fails to build with openssl 1.1.x.


upstream_4336 | (download)

configure | 217 216 + 1 - 0 !
configure.in | 5 5 + 0 - 0 !
2 files changed, 221 insertions(+), 1 deletion(-)

 [patch] bug #4336: check for, and use, the necessary libraries for
 Memcache and Redis support.


upstream_4312 | (download)

contrib/mod_exec.c | 65 4 + 61 - 0 !
include/fsio.h | 3 3 + 0 - 0 !
src/fsio.c | 55 55 + 0 - 0 !
src/main.c | 1 1 + 0 - 0 !
tests/api/fsio.c | 7 7 + 0 - 0 !
5 files changed, 70 insertions(+), 61 deletions(-)

 [patch] bug#4312: close any "extra" open fds at startup.


upstream_4312_fix_version | (download)

contrib/mod_exec.c | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 [patch] merge pulled in a bad version check, breaking the build. 
 Caught by Travis.


github_pr_710 | (download)

contrib/mod_sftp/keys.c | 10 5 + 5 - 0 !
1 file changed, 5 insertions(+), 5 deletions(-)

 [patch] issue #674: update mod_sftp to handle changed apis in openssl
 1.1.x releases.


upstream_4356 | (download)

contrib/mod_sftp/mod_sftp.c | 4 3 + 1 - 0 !
1 file changed, 3 insertions(+), 1 deletion(-)

 [patch 1/2] bug#4356: fix infinite loop by actually iterating properly for the next configuration record.  oops.


wrong path for interpreter_perl.diff | (download)

contrib/ftpasswd | 2 1 + 1 - 0 !
contrib/ftpmail | 2 1 + 1 - 0 !
contrib/ftpquota | 2 1 + 1 - 0 !
contrib/xferstats.holger-preiss | 2 1 + 1 - 0 !
src/prxs.in | 2 1 + 1 - 0 !
5 files changed, 5 insertions(+), 5 deletions(-)

---
github_pr_594 | (download)

contrib/mod_sftp/fxp.c | 36 33 + 3 - 0 !
1 file changed, 33 insertions(+), 3 deletions(-)

 [patch] issue #593: if the ignoreextendedattributes fsoption is used,
 then do not include the EXTENDED attribute flag in the SFTP ATTRS responses.


CVE 2019 12815.patch | (download)

contrib/mod_copy.c | 36 33 + 3 - 0 !
tests/t/lib/ProFTPD/Tests/Modules/mod_copy.pm | 253 252 + 1 - 0 !
2 files changed, 285 insertions(+), 4 deletions(-)

 [patch] bug #4372: ensure that mod_copy checks for <limits> for its
 SITE CPFR/CPTO commands.


bug_846_CVE 2019 18217.patch | (download)

src/main.c | 10 9 + 1 - 0 !
src/netio.c | 3 2 + 1 - 0 !
2 files changed, 11 insertions(+), 2 deletions(-)

 [patch] issue #846: handle the case where a client tries to send
 too-large commands in an effort to DoS the server.


upstream_pull_859_861_CVE 2019 19270_CVE 2019 19269 | (download)

contrib/mod_tls.c | 7 5 + 2 - 0 !
1 file changed, 5 insertions(+), 2 deletions(-)

 [patch] issue #859, #861: fix handling of crl lookups by properly
 using issuer for lookups, and guarding against null pointers.


Issue 903 Ensure that we do not reuse already destro.patch | (download)

src/data.c | 25 19 + 6 - 0 !
src/main.c | 6 4 + 2 - 0 !
src/response.c | 12 12 + 0 - 0 !
tests/api/response.c | 10 10 + 0 - 0 !
4 files changed, 45 insertions(+), 8 deletions(-)

 issue #903: ensure that we do not reuse already-destroyed memory
 pools during data transfers.
Issue 903 We want to remove the data transfer comman.patch | (download)

src/data.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 issue #903: we want to remove the data transfer command pool, but we
 _do_ want some memory pool, lest we regress the %{transfer-status} LogFormat
 functionality.
upstream_pull_657 | (download)

contrib/mod_sftp/kbdint.c | 10 9 + 1 - 0 !
1 file changed, 9 insertions(+), 1 deletion(-)

 [patch] issue #656: the keyboard-interative code in mod_sftp was
 changing the memory pool used for response, but not restoring the previous
 pool.

Newer compilers/distros are far better about catching this, with e.g. ASLR
and such; the previous behavior "worked" only because the memory areas in
question _usually_ were not trampled.  But with e.g. Ubuntu 17.10, such
trampling is noticed, caught, and rejected.

upstream_pull_885 | (download)

contrib/mod_sftp/kbdint.c | 99 76 + 23 - 0 !
1 file changed, 76 insertions(+), 23 deletions(-)

 [patch] bug #4385: when handling the `keyboard-interactive`
 authentication mechanism, as used for _e.g._ PAM, make sure to properly
 handle DEBUG, IGNORE, DISCONNECT, and UNIMPLEMENTED messages, per RFC 4253.


upstream_pull_1076 | (download)

contrib/mod_tls.c | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

---
d0ccdef643f92ff171920a5bf2892faa5f90124d.diff | (download)

modules/mod_core.c | 17 1 + 16 - 0 !
1 file changed, 1 insertion(+), 16 deletions(-)

 [patch] bug #4332: fix navigation into symlinked directories by
 removing interfering code added as part of Bug#4219.


issue_866.diff | (download)

contrib/mod_sftp/keys.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
upstream_1284 | (download)

contrib/mod_radius.c | 11 8 + 3 - 0 !
1 file changed, 8 insertions(+), 3 deletions(-)

 [patch] mod_radius: copy _only_ the password