[SCM] proftpd-dfsg branch, master, updated. debian/1.3.3a-6-42-g2f48c4e

Sat Apr 9 15:23:26 UTC 2011

The following commit has been merged in the master branch:
commit 7a5d108b2061b355450bbdf142c8ef748038ec20
Author: Francesco Paolo Lovergine <frankie at debian.org>
Date:   Sat Apr 9 17:06:24 2011 +0200

    New upstream RC version.

diff --git a/debian/changelog b/debian/changelog
index e38af52..e37fabc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-proftpd-dfsg (1.3.4~rc1+20110317-1) unstable; urgency=low
+proftpd-dfsg (1.3.4~rc4-1) unstable; urgency=low
 
   [ Mahyuddin Susanto <udienz at ubuntu.com> ]
 
@@ -37,7 +37,7 @@ proftpd-dfsg (1.3.4~rc1+20110317-1) unstable; urgency=low
   [ Francesco Paolo Lovergine ]
 
   * Annotated CVE IDs in debian/changelog for recent vulnerabilities fixed.
-  * New upstream snapshot from 1.3.4 pre-release series.
+  * New upstream release candidate for 1.3.4 series.
   * Patch removed: 
         debian/patches/prxs (merged upstream)
   * Patch updated:
@@ -50,9 +50,6 @@ proftpd-dfsg (1.3.4~rc1+20110317-1) unstable; urgency=low
   * Moved ftp user home to /srv/ftp as used by other ftp servers.
   * Now ftp home and user are removed on purge (old or new one).
   * Removing the whole log directory on purge.
-  * [SECURITY,PATCH] 3624 This patch fixes the issue by causing mod_tls 
-    to clear the buffers of any data received from the client, once the SSL/TLS 
-    handshake has succeeded.
   * Now lastlog logging is enabled at building time to allow UseLastlog on/off 
     use in configuration. Thanks TerminX.
 
diff --git a/debian/patches/3624 b/debian/patches/3624
deleted file mode 100644
index 56e0960..0000000
--- a/debian/patches/3624
+++ /dev/null
@@ -1,44 +0,0 @@
-Index: proftpd-dfsg/contrib/mod_tls.c
-===================================================================
---- proftpd-dfsg.orig/contrib/mod_tls.c	2011-03-23 09:56:16.000000000 +0100
-+++ proftpd-dfsg/contrib/mod_tls.c	2011-03-23 10:46:50.000000000 +0100
-@@ -3004,9 +3004,20 @@
- 
-   /* Stash the SSL object in the pointers of the correct NetIO streams. */
-   if (conn == session.c) {
-+    pr_buffer_t *strm_buf;
-+
-     ctrl_ssl = ssl;
-     tls_ctrl_rd_nstrm->strm_data = tls_ctrl_wr_nstrm->strm_data = (void *) ssl;
- 
-+    /* Clear any data from the NetIO stream buffers which may have been read
-+     * in before the SSL/TLS handshake occurred (Bug#3624).
-+     */
-+    strm_buf = tls_ctrl_rd_nstrm->strm_buf;
-+    if (strm_buf != NULL) {
-+      strm_buf->current = NULL;
-+      strm_buf->remaining = strm_buf->buflen;
-+    }
-+
- #if OPENSSL_VERSION_NUMBER >= 0x009080dfL
-     if (SSL_get_secure_renegotiation_support(ssl) == 1) {
-       /* If the peer indicates that it can support secure renegotiations,
-@@ -3018,7 +3029,18 @@
- #endif /* OpenSSL 0.9.8m and later */
- 
-   } else if (conn == session.d) {
-+    pr_buffer_t *strm_buf;
-+
-     tls_data_rd_nstrm->strm_data = tls_data_wr_nstrm->strm_data = (void *) ssl;
-+
-+    /* Clear any data from the NetIO stream buffers which may have been read
-+     * in before the SSL/TLS handshake occurred (Bug#3624).
-+     */
-+    strm_buf = tls_data_rd_nstrm->strm_buf;
-+    if (strm_buf != NULL) {
-+      strm_buf->current = NULL;
-+      strm_buf->remaining = strm_buf->buflen;
-+    }
-   }
- 
- #if OPENSSL_VERSION_NUMBER == 0x009080cfL
diff --git a/debian/patches/series b/debian/patches/series
index ee929f3..8c40ce7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -11,4 +11,3 @@ odbc
 mod_vroot
 silent
 use_hypen_in_manpage
-3624

-- 
ProFTPD core package

