[SCM] proftpd-dfsg branch, master, updated. upstream/1.3.4a-82-g99fbc33

Francesco Paolo Lovergine frankie at debian.org
Tue Jan 8 16:27:05 UTC 2013


The following commit has been merged in the master branch:
commit a65bb98175ccd10dde66f300f1ab5e75fe0c74fb
Author: Francesco Paolo Lovergine <frankie at debian.org>
Date:   Tue Jan 8 15:50:46 2013 +0100

    First iteration for 1.3.5rc1. Targeted for experimental.

diff --git a/debian/changelog b/debian/changelog
index 6d23904..47b4b56 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+proftpd-dfsg (1.3.5~rc2-1) experimental; urgency=low
+
+  * New upstream pre-release.
+  * Refreshed main patchset for 1.3.5 source tree.
+
+ -- Francesco Paolo Lovergine <frankie at debian.org>  Tue, 08 Jan 2013 15:42:27 +0100
+
 proftpd-dfsg (1.3.4a-3) unstable; urgency=low
 
   [SECURITY] New patch 3841 fixes CVE-2012-6095: a possible race
diff --git a/debian/control b/debian/control
index ec865fb..18c41cb 100644
--- a/debian/control
+++ b/debian/control
@@ -39,7 +39,7 @@ Depends: adduser,
 Conflicts: ftp-server
 Breaks: proftpd (<< 1.3.2)
 Replaces: proftpd (<< 1.3.2)
-Provides: ftp-server, proftpd, proftpd-abi-1.3.4a
+Provides: ftp-server, proftpd, proftpd-abi-1.3.5rc1
 Suggests: openbsd-inetd | inet-superserver,
           openssl,
           proftpd-doc,
diff --git a/debian/patches/3841 b/debian/patches/3841
deleted file mode 100644
index 1496d3c..0000000
--- a/debian/patches/3841
+++ /dev/null
@@ -1,387 +0,0 @@
-Index: proftpd-dfsg/contrib/mod_sftp/fxp.c
-===================================================================
---- proftpd-dfsg.orig/contrib/mod_sftp/fxp.c	2013-01-08 14:11:42.000000000 +0100
-+++ proftpd-dfsg/contrib/mod_sftp/fxp.c	2013-01-08 14:47:58.000000000 +0100
-@@ -6093,7 +6093,7 @@
-   (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION,
-     "creating directory '%s' with mode 0%o", path, (unsigned int) dir_mode);
- 
--  res = pr_fsio_mkdir(path, dir_mode);
-+  res = pr_fsio_smkdir(fxp->pool, path, dir_mode, (uid_t) -1, (gid_t) -1);
-   if (res < 0) {
-     const char *reason;
-     int xerrno = errno;
-Index: proftpd-dfsg/contrib/mod_sftp/scp.c
-===================================================================
---- proftpd-dfsg.orig/contrib/mod_sftp/scp.c	2013-01-08 14:11:42.000000000 +0100
-+++ proftpd-dfsg/contrib/mod_sftp/scp.c	2013-01-08 14:47:58.000000000 +0100
-@@ -731,7 +731,7 @@
-          * recursive directory uploads via SCP?
-          */
- 
--        if (pr_fsio_mkdir(sp->filename, 0777) < 0) {
-+        if (pr_fsio_smkdir(p, sp->filename, 0777, (uid_t) -1, (gid_t) -1) < 0) {
-           xerrno = errno;
- 
-           (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION,
-Index: proftpd-dfsg/include/fsio.h
-===================================================================
---- proftpd-dfsg.orig/include/fsio.h	2013-01-08 14:11:42.000000000 +0100
-+++ proftpd-dfsg/include/fsio.h	2013-01-08 14:49:28.000000000 +0100
-@@ -125,6 +125,7 @@
-   int (*fchmod)(pr_fh_t *, int, mode_t);
-   int (*chown)(pr_fs_t *, const char *, uid_t, gid_t);
-   int (*fchown)(pr_fh_t *, int, uid_t, gid_t);
-+  int (*lchown)(pr_fs_t *, const char *, uid_t, gid_t);
-   int (*access)(pr_fs_t *, const char *, int, uid_t, gid_t, array_header *);
-   int (*faccess)(pr_fh_t *, int, uid_t, gid_t, array_header *);
-   int (*utimes)(pr_fs_t *, const char *, struct timeval *);
-@@ -243,6 +244,7 @@
- int pr_fsio_rmdir(const char *);
- int pr_fsio_rename(const char *, const char *);
- int pr_fsio_rename_canon(const char *, const char *);
-+int pr_fsio_smkdir(pool *, const char *, mode_t, uid_t, gid_t);
- int pr_fsio_unlink(const char *);
- int pr_fsio_unlink_canon(const char *);
- pr_fh_t *pr_fsio_open(const char *, int);
-@@ -266,6 +268,7 @@
- int pr_fsio_fchown(pr_fh_t *, uid_t, gid_t);
- int pr_fsio_chown_canon(const char *, uid_t, gid_t);
- int pr_fsio_chroot(const char *);
-+int pr_fsio_lchown(const char *, uid_t, gid_t);
- int pr_fsio_access(const char *, int, uid_t, gid_t, array_header *);
- int pr_fsio_faccess(pr_fh_t *, int, uid_t, gid_t, array_header *);
- int pr_fsio_utimes(const char *, struct timeval *);
-Index: proftpd-dfsg/modules/mod_core.c
-===================================================================
---- proftpd-dfsg.orig/modules/mod_core.c	2013-01-08 14:11:42.000000000 +0100
-+++ proftpd-dfsg/modules/mod_core.c	2013-01-08 14:47:58.000000000 +0100
-@@ -4617,7 +4617,8 @@
-     return PR_ERROR(cmd);
-   }
- 
--  if (pr_fsio_mkdir(dir, 0777) < 0) {
-+  if (pr_fsio_smkdir(cmd->tmp_pool, dir, 0777, session.fsuid,
-+      session.fsgid) < 0) {
-     int xerrno = errno;
- 
-     (void) pr_trace_msg("fileperms", 1, "%s, user '%s' (UID %lu, GID %lu): "
-@@ -4631,71 +4632,6 @@
-     return PR_ERROR(cmd);
-   }
- 
--  /* Check to see if we need to change the ownership (user and/or group) of
--   * the newly created directory.
--   */
--  if (session.fsuid != (uid_t) -1) {
--    int err = 0, iserr = 0;
--
--    pr_fsio_stat(dir, &st);
--
--    PRIVS_ROOT
--    if (pr_fsio_chown(dir, session.fsuid, session.fsgid) == -1) {
--      iserr++;
--      err = errno;
--    }
--    PRIVS_RELINQUISH
--
--    if (iserr) {
--      pr_log_pri(PR_LOG_WARNING, "chown() as root failed: %s", strerror(err));
--
--    } else {
--      if (session.fsgid != (gid_t) -1) {
--        pr_log_debug(DEBUG2, "root chown(%s) to uid %lu, gid %lu successful",
--          dir, (unsigned long) session.fsuid, (unsigned long) session.fsgid);
--
--      } else {
--        pr_log_debug(DEBUG2, "root chown(%s) to uid %lu successful", dir,
--          (unsigned long) session.fsuid);
--      }
--    }
--
--  } else if (session.fsgid != (gid_t) -1) {
--    register unsigned int i;
--    int use_root_privs = TRUE;
--
--    pr_fsio_stat(dir, &st);
--
--    /* Check if session.fsgid is in session.gids.  If not, use root privs.  */
--    for (i = 0; i < session.gids->nelts; i++) {
--      gid_t *group_ids = session.gids->elts;
--
--      if (group_ids[i] == session.fsgid) {
--        use_root_privs = FALSE;
--        break;
--      }
--    }
--
--    if (use_root_privs) {
--      PRIVS_ROOT
--    }
--
--    res = pr_fsio_chown(dir, (uid_t) -1, session.fsgid);
--
--    if (use_root_privs) {
--      PRIVS_RELINQUISH
--    }
--
--    if (res == -1) {
--      pr_log_pri(PR_LOG_WARNING, "%schown() failed: %s",
--        use_root_privs ? "root " : "", strerror(errno));
--
--    } else { 
--      pr_log_debug(DEBUG2, "%schown(%s) to gid %lu successful",
--        use_root_privs ? "root " : "", dir, (unsigned long) session.fsgid);
--    }
--  }
--
-   pr_response_add(R_257, _("\"%s\" - Directory successfully created"),
-     quote_dir(cmd, dir));
- 
-Index: proftpd-dfsg/src/fsio.c
-===================================================================
---- proftpd-dfsg.orig/src/fsio.c	2013-01-08 14:11:42.000000000 +0100
-+++ proftpd-dfsg/src/fsio.c	2013-01-08 14:47:58.000000000 +0100
-@@ -29,6 +29,7 @@
-  */
- 
- #include "conf.h"
-+#include "privs.h"
- 
- #ifdef HAVE_SYS_STATVFS_H
- # include <sys/statvfs.h>
-@@ -175,6 +176,11 @@
-   return fchown(fd, uid, gid);
- }
- 
-+static int sys_lchown(pr_fs_t *fs, const char *path, uid_t uid, gid_t gid) {
-+  return lchown(path, uid, gid);
-+}
-+
-+
- /* We provide our own equivalent of access(2) here, rather than using
-  * access(2) directly, because access(2) uses the real IDs, rather than
-  * the effective IDs, of the process.
-@@ -2498,6 +2504,170 @@
-   return res;
- }
- 
-+/* "secure mkdir" variant of mkdir(2), uses mkdtemp(3), lchown(2), and
-+ * rename(2) to create a directory which cannot be hijacked by a symlink
-+ * race (hopefully) before the UserOwner/GroupOwner ownership changes are
-+ * applied.
-+ */
-+int pr_fsio_smkdir(pool *p, const char *path, mode_t mode, uid_t uid,
-+    gid_t gid) {
-+  int res;
-+  char *tmpl_path;
-+#ifdef HAVE_MKDTEMP
-+  mode_t mask, *dir_umask;
-+  char *dst_dir, *tmpl, *ptr;
-+  size_t tmpl_len;
-+  struct stat st;
-+#endif /* HAVE_MKDTEMP */
-+
-+  if (path == NULL) {
-+    errno = EINVAL;
-+    return -1;
-+  }
-+
-+#ifdef HAVE_MKDTEMP
-+  ptr = strrchr(path, '/');
-+  if (ptr == NULL) {
-+    errno = EINVAL;
-+    return -1;
-+  }
-+
-+  dst_dir = pstrndup(p, path, (ptr - path));
-+  res = lstat(dst_dir, &st);
-+  if (res < 0) {
-+    return -1;
-+  }
-+
-+  if (!S_ISDIR(st.st_mode)) {
-+    errno = EPERM;
-+    return -1;
-+  }
-+
-+  /* Allocate enough space for the temporary name: the length of the
-+   * destination directory, a slash, 9 X's, 3 for the prefix, and 1 for the
-+   * trailing NUL.
-+   */
-+  tmpl_len = strlen(path) + 14;
-+  tmpl = pcalloc(p, tmpl_len);
-+  snprintf(tmpl, tmpl_len-1, "%s/dstXXXXXXXXX", dst_dir);
-+
-+  /* Use mkdtemp(3) to create the temporary directory (in the same destination
-+   * directory as the target path).
-+   */
-+  tmpl_path = mkdtemp(tmpl);
-+  if (tmpl_path == NULL) {
-+    return -1;
-+  }
-+#else
-+
-+  res = pr_fsio_mkdir(path, mode);
-+  if (res < 0) {
-+    return -1;
-+  }
-+
-+  tmpl_path = pstrdup(p, path);
-+
-+#endif /* HAVE_MKDTEMP */
-+
-+  if (uid != (uid_t) -1) {
-+    int xerrno;
-+
-+    PRIVS_ROOT
-+    res = pr_fsio_lchown(tmpl_path, uid, gid);
-+    xerrno = errno;
-+    PRIVS_RELINQUISH
-+
-+    if (res < 0) {
-+      pr_log_pri(PR_LOG_WARNING, "lchown(%s) as root failed: %s", tmpl_path,
-+        strerror(xerrno));
-+
-+    } else {
-+      if (gid != (gid_t) -1) {
-+        pr_log_debug(DEBUG2, "root lchown(%s) to UID %lu, GID %lu successful",
-+          tmpl_path, (unsigned long) uid, (unsigned long) gid);
-+
-+      } else {
-+        pr_log_debug(DEBUG2, "root lchown(%s) to UID %lu successful",
-+          tmpl_path, (unsigned long) uid);
-+      }
-+    }
-+
-+  } else if (gid != (gid_t) -1) {
-+    register unsigned int i;
-+    int use_root_privs = TRUE, xerrno;
-+
-+    /* Check if session.fsgid is in session.gids.  If not, use root privs.  */
-+    for (i = 0; i < session.gids->nelts; i++) {
-+      gid_t *group_ids = session.gids->elts;
-+
-+      if (group_ids[i] == gid) {
-+        use_root_privs = FALSE;
-+        break;
-+      }
-+    }
-+
-+    if (use_root_privs) {
-+      PRIVS_ROOT
-+    }
-+
-+    res = pr_fsio_lchown(tmpl_path, (uid_t) -1, gid);
-+    xerrno = errno;
-+
-+    if (use_root_privs) {
-+      PRIVS_RELINQUISH
-+    }
-+
-+    if (res < 0) {
-+      pr_log_pri(PR_LOG_WARNING, "%slchown(%s) failed: %s",
-+        use_root_privs ? "root " : "", tmpl_path, strerror(xerrno));
-+
-+    } else {
-+      pr_log_debug(DEBUG2, "%slchown(%s) to GID %lu successful",
-+        use_root_privs ? "root " : "", tmpl_path, (unsigned long) gid);
-+    }
-+  }
-+
-+#ifdef HAVE_MKDTEMP
-+  /* Use chmod(2) to set the permission that we want.
-+   *
-+   * mkdtemp(3) creates a directory with 0700 perms; we are given the
-+   * target mode (modulo the configured Umask).
-+   */
-+  dir_umask = get_param_ptr(CURRENT_CONF, "DirUmask", FALSE);
-+  if (dir_umask) {
-+    mask = *dir_umask;
-+
-+  } else {
-+    mask = (mode_t) 0022;
-+  }
-+
-+  res = chmod(tmpl_path, mode & ~mask);
-+  if (res < 0) {
-+    int xerrno = errno;
-+
-+    (void) rmdir(tmpl_path);
-+
-+    errno = xerrno;
-+    return -1;
-+  }
-+
-+  /* Use rename(2) to move the temporary directory into place at the
-+   * target path.
-+   */
-+  res = rename(tmpl_path, path);
-+  if (res < 0) {
-+    int xerrno = errno;
-+    
-+    (void) rmdir(tmpl_path);
-+    
-+    errno = xerrno;
-+    return -1;
-+  }
-+#endif /* HAVE_MKDTEMP */
-+
-+  return 0;
-+}
-+
- int pr_fsio_rmdir(const char *path) {
-   int res;
-   pr_fs_t *fs;
-@@ -3357,6 +3527,33 @@
-   return res;
- }
- 
-+int pr_fsio_lchown(const char *name, uid_t uid, gid_t gid) {
-+  int res;
-+  pr_fs_t *fs;
-+
-+  fs = lookup_file_fs(name, NULL, FSIO_FILE_CHOWN);
-+  if (fs == NULL) {
-+    return -1;
-+  }
-+
-+  /* Find the first non-NULL custom lchown handler.  If there are none,
-+   * use the system chown.
-+   */
-+  while (fs && fs->fs_next && !fs->lchown) {
-+    fs = fs->fs_next;
-+  }
-+
-+  pr_trace_msg(trace_channel, 8, "using %s lchown() for path '%s'",
-+    fs->fs_name, name);
-+  res = (fs->lchown)(fs, name, uid, gid);
-+
-+  if (res == 0) {
-+    pr_fs_clear_cache();
-+  }
-+
-+  return res;
-+}
-+
- int pr_fsio_access(const char *path, int mode, uid_t uid, gid_t gid,
-     array_header *suppl_gids) {
-   pr_fs_t *fs;
-@@ -4015,6 +4212,7 @@
-   root_fs->fchmod = sys_fchmod;
-   root_fs->chown = sys_chown;
-   root_fs->fchown = sys_fchown;
-+  root_fs->lchown = sys_lchown;
-   root_fs->access = sys_access;
-   root_fs->faccess = sys_faccess;
-   root_fs->utimes = sys_utimes;
-@@ -4096,6 +4294,9 @@
-   if (fs->chown)
-     hooks = pstrcat(p, hooks, *hooks ? ", " : "", "chown(2)", NULL);
- 
-+  if (fs->lchown)
-+    hooks = pstrcat(p, hooks, *hooks ? ", " : "", "lchown(2)", NULL);
-+
-   if (fs->access)
-     hooks = pstrcat(p, hooks, *hooks ? ", " : "", "access(2)", NULL);
- 
diff --git a/debian/patches/ftpstats b/debian/patches/ftpstats
index 617e0f3..b58a1c2 100644
--- a/debian/patches/ftpstats
+++ b/debian/patches/ftpstats
@@ -5,9 +5,9 @@ Bug-Debian: http://bugs.debian.org/378826
 
 Index: proftpd-dfsg/contrib/xferstats.holger-preiss
 ===================================================================
---- proftpd-dfsg.orig/contrib/xferstats.holger-preiss	2011-02-08 13:29:20.000000000 +0100
-+++ proftpd-dfsg/contrib/xferstats.holger-preiss	2011-02-08 13:36:06.000000000 +0100
-@@ -49,7 +49,7 @@
+--- proftpd-dfsg.orig/contrib/xferstats.holger-preiss	2013-01-08 15:45:23.000000000 +0100
++++ proftpd-dfsg/contrib/xferstats.holger-preiss	2013-01-08 15:45:52.000000000 +0100
+@@ -51,7 +51,7 @@
  # $mydom2 = "org";
  
  # edit the next line to customize for your default log file
diff --git a/debian/patches/mod_cap b/debian/patches/mod_cap
index d01dc2a..4863320 100644
--- a/debian/patches/mod_cap
+++ b/debian/patches/mod_cap
@@ -7,8 +7,8 @@ Bug-Debian: http://bugs.debian.org/479893
 
 Index: proftpd-dfsg/lib/libcap/Makefile
 ===================================================================
---- proftpd-dfsg.orig/lib/libcap/Makefile	2011-10-05 18:13:28.000000000 +0200
-+++ proftpd-dfsg/lib/libcap/Makefile	2011-10-05 18:14:52.000000000 +0200
+--- proftpd-dfsg.orig/lib/libcap/Makefile	2013-01-08 14:50:16.000000000 +0100
++++ proftpd-dfsg/lib/libcap/Makefile	2013-01-08 15:45:56.000000000 +0100
 @@ -23,7 +23,7 @@
  INCLS=libcap.h cap_names.h $(INCS)
  OBJS=$(addsuffix .o, $(FILES))
@@ -20,9 +20,9 @@ Index: proftpd-dfsg/lib/libcap/Makefile
  	$(CC) $(CFLAGS) $(LDFLAGS) $< -o $@
 Index: proftpd-dfsg/modules/mod_cap.c
 ===================================================================
---- proftpd-dfsg.orig/modules/mod_cap.c	2011-10-05 18:13:28.000000000 +0200
-+++ proftpd-dfsg/modules/mod_cap.c	2011-10-05 18:14:52.000000000 +0200
-@@ -42,10 +42,8 @@
+--- proftpd-dfsg.orig/modules/mod_cap.c	2013-01-08 15:42:19.000000000 +0100
++++ proftpd-dfsg/modules/mod_cap.c	2013-01-08 15:45:56.000000000 +0100
+@@ -43,10 +43,8 @@
  #  define _LINUX_BYTEORDER_GENERIC_H
  # endif
  
diff --git a/debian/patches/series b/debian/patches/series
index 8d0f684..da36ad9 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -10,4 +10,3 @@ mod_cap
 odbc
 silent
 use_hypen_in_manpage
-3841
diff --git a/debian/patches/silent b/debian/patches/silent
index 8317eb4..246d462 100644
--- a/debian/patches/silent
+++ b/debian/patches/silent
@@ -5,9 +5,9 @@ Forwarded: not needed
 
 Index: proftpd-dfsg/src/dirtree.c
 ===================================================================
---- proftpd-dfsg.orig/src/dirtree.c	2011-02-15 13:31:17.000000000 +0100
-+++ proftpd-dfsg/src/dirtree.c	2011-02-15 13:31:22.000000000 +0100
-@@ -2970,9 +2970,6 @@
+--- proftpd-dfsg.orig/src/dirtree.c	2013-01-08 15:42:19.000000000 +0100
++++ proftpd-dfsg/src/dirtree.c	2013-01-08 15:46:50.000000000 +0100
+@@ -3156,9 +3156,6 @@
        }
      }
  
diff --git a/debian/proftpd-substvars b/debian/proftpd-substvars
index bbd0e12..473eff1 100644
--- a/debian/proftpd-substvars
+++ b/debian/proftpd-substvars
@@ -1 +1 @@
-proftpd:Depends=proftpd-abi-1.3.4a 
+proftpd:Depends=proftpd-abi-1.3.5rc1 

-- 
ProFTPD core package



More information about the Pkg-proftpd-maintainers mailing list