[Git][debian-proftpd-team/proftpd][buster] Remove patch for "CVE-2020-9273".

Hilmar Preuße gitlab at salsa.debian.org
Tue Mar 10 22:36:05 GMT 2020



Hilmar Preuße pushed to branch buster at Debian ProFTPD Team / proftpd


Commits:
6d9cb402 by Hilmar Preusse at 2020-03-10T23:35:43+01:00
Remove patch for "CVE-2020-9273".

- - - - -


3 changed files:

- debian/changelog
- − debian/patches/e845abc1bd86eebec7a0342fded908a1b0f1996b.patch
- debian/patches/series


Changes:

=====================================
debian/changelog
=====================================
@@ -2,8 +2,6 @@ proftpd-dfsg (1.3.6-4+deb10u4) UNRELEASED; urgency=medium
 
   * Patch for upstream Issue #656 (Closes: #951412)
   * Patch for upstream Bug #4385 (Closes: #949622)
-  * Patch for upstream Issue #903 (CVE-2020-9273)
-    (Closes: #951800)
 
  -- Hilmar Preusse <hille42 at web.de>  Sun, 16 Feb 2020 21:59:04 +0100
 


=====================================
debian/patches/e845abc1bd86eebec7a0342fded908a1b0f1996b.patch deleted
=====================================
@@ -1,186 +0,0 @@
-From e845abc1bd86eebec7a0342fded908a1b0f1996b Mon Sep 17 00:00:00 2001
-From: TJ Saunders <tj at castaglia.org>
-Date: Tue, 18 Feb 2020 09:48:18 -0800
-Subject: [PATCH] Issue #903: Ensure that we do not reuse already-destroyed
- memory pools during data transfers.
-
----
- src/data.c           | 27 ++++++++++++++++++++-------
- src/main.c           |  6 ++++--
- src/response.c       | 12 ++++++++++++
- tests/api/data.c     |  2 +-
- tests/api/response.c | 10 ++++++++++
- 5 files changed, 47 insertions(+), 10 deletions(-)
-
-diff --git a/src/data.c b/src/data.c
-index d5c85114b..6ef6d420e 100644
---- a/src/data.c
-+++ b/src/data.c
-@@ -684,7 +684,7 @@ void pr_data_close(int quiet) {
-  */
- void pr_data_cleanup(void) {
-   /* sanity check */
--  if (session.d) {
-+  if (session.d != NULL) {
-     pr_inet_lingering_close(session.pool, session.d, timeout_linger);
-     session.d = NULL;
-   }
-@@ -711,7 +711,7 @@ void pr_data_abort(int err, int quiet) {
-     strerror(err), err, quiet ? "true" : "false",
-     true_abort ? "true" : "false");
- 
--  if (session.d) {
-+  if (session.d != NULL) {
-     if (true_abort == FALSE) {
-       pr_inet_lingering_close(session.pool, session.d, timeout_linger);
- 
-@@ -893,6 +893,11 @@ void pr_data_abort(int err, int quiet) {
-     if (true_abort == FALSE) {
-       pr_response_add_err(respcode, _("Transfer aborted. %s"), msg ? msg : "");
-     }
-+
-+    /* Forcibly clear the data-transfer instigating command pool from the
-+     * Response API.
-+     */
-+    pr_response_set_pool(NULL);
-   }
- 
-   if (true_abort) {
-@@ -925,6 +930,7 @@ static void poll_ctrl(void) {
-     res = pr_cmd_read(&cmd);
-     if (res < 0) {
-       int xerrno;
-+
- #if defined(ECONNABORTED)
-       xerrno = ECONNABORTED;
- #elif defined(ENOTCONN)
-@@ -993,8 +999,8 @@ static void poll_ctrl(void) {
- 
-         pr_response_flush(&resp_err_list);
- 
--        destroy_pool(cmd->pool);
-         pr_response_set_pool(resp_pool);
-+        destroy_pool(cmd->pool);
- 
-       /* We don't want to actually dispatch the NOOP command, since that
-        * would overwrite the scoreboard with the NOOP state; admins probably
-@@ -1019,13 +1025,14 @@ static void poll_ctrl(void) {
- 
-         pr_response_flush(&resp_list);
- 
--        destroy_pool(cmd->pool);
-         pr_response_set_pool(resp_pool);
-+        destroy_pool(cmd->pool);
- 
-       } else {
-         char *title_buf = NULL;
--        int title_len = -1;
--        const char *sce_cmd = NULL, *sce_cmd_arg = NULL;
-+        int curr_cmd_id = 0, title_len = -1;
-+        const char *curr_cmd = NULL, *sce_cmd = NULL, *sce_cmd_arg = NULL;
-+        cmd_rec *curr_cmd_rec = NULL;
- 
-         pr_trace_msg(trace_channel, 5,
-           "client sent '%s' command during data transfer, dispatching",
-@@ -1037,6 +1044,9 @@ static void poll_ctrl(void) {
-           pr_proctitle_get(title_buf, title_len + 1); 
-         }
- 
-+        curr_cmd = session.curr_cmd;
-+        curr_cmd_id = session.curr_cmd_id;
-+        curr_cmd_rec = session.curr_cmd_rec;
-         sce_cmd = pr_scoreboard_entry_get(PR_SCORE_CMD);
-         sce_cmd_arg = pr_scoreboard_entry_get(PR_SCORE_CMD_ARG);
- 
-@@ -1052,6 +1062,9 @@ static void poll_ctrl(void) {
-         }
- 
-         destroy_pool(cmd->pool);
-+        session.curr_cmd = curr_cmd;
-+        session.curr_cmd_id = curr_cmd_id;
-+        session.curr_cmd_rec = curr_cmd_rec;
-       }
- 
-     } else {
-diff --git a/src/main.c b/src/main.c
-index 0e926c969..aa18ead86 100644
---- a/src/main.c
-+++ b/src/main.c
-@@ -900,8 +900,7 @@ static void cmd_loop(server_rec *server, conn_t *c) {
-       pr_timer_reset(PR_TIMER_IDLE, ANY_MODULE);
-     }
- 
--    if (cmd) {
--
-+    if (cmd != NULL) {
-       /* Detect known commands for other protocols; if found, drop the
-        * connection, lest we be used as part of an attack on a different
-        * protocol server (Bug#4143).
-@@ -917,6 +916,9 @@ static void cmd_loop(server_rec *server, conn_t *c) {
-  
-       pr_cmd_dispatch(cmd);
-       destroy_pool(cmd->pool);
-+      session.curr_cmd = NULL;
-+      session.curr_cmd_id = 0;
-+      session.curr_cmd_rec = NULL;
- 
-     } else {
-       pr_event_generate("core.invalid-command", NULL);
-diff --git a/src/response.c b/src/response.c
-index 9b4395ff9..93d31e2d6 100644
---- a/src/response.c
-+++ b/src/response.c
-@@ -219,6 +219,12 @@ void pr_response_add_err(const char *numeric, const char *fmt, ...) {
-     return;
-   }
- 
-+  if (resp_pool == NULL) {
-+    pr_trace_msg(trace_channel, 1,
-+      "no response pool set, ignoring added %s error response", numeric);
-+    return;
-+  }
-+
-   va_start(msg, fmt);
-   res = vsnprintf(resp_buf, sizeof(resp_buf), fmt, msg);
-   va_end(msg);
-@@ -272,6 +278,12 @@ void pr_response_add(const char *numeric, const char *fmt, ...) {
-     return;
-   }
- 
-+  if (resp_pool == NULL) {
-+    pr_trace_msg(trace_channel, 1,
-+      "no response pool set, ignoring added %s response", numeric);
-+    return;
-+  }
-+
-   va_start(msg, fmt);
-   res = vsnprintf(resp_buf, sizeof(resp_buf), fmt, msg);
-   va_end(msg);
-diff --git a/tests/api/response.c b/tests/api/response.c
-index 0d9506977..9a047741c 100644
---- a/tests/api/response.c
-+++ b/tests/api/response.c
-@@ -87,6 +87,11 @@ START_TEST (response_add_test) {
-   const char *last_resp_code = NULL, *last_resp_msg = NULL;
-   char *resp_code = R_200, *resp_msg = "OK";
- 
-+  pr_response_set_pool(NULL);
-+
-+  mark_point();
-+  pr_response_add(resp_code, "%s", resp_msg);
-+
-   pr_response_set_pool(p);
- 
-   mark_point();
-@@ -118,6 +123,11 @@ START_TEST (response_add_err_test) {
-   const char *last_resp_code = NULL, *last_resp_msg = NULL;
-   char *resp_code = R_450, *resp_msg = "Busy";
- 
-+  pr_response_set_pool(NULL);
-+
-+  mark_point();
-+  pr_response_add(resp_code, "%s", resp_msg);
-+
-   pr_response_set_pool(p);
- 
-   mark_point();


=====================================
debian/patches/series
=====================================
@@ -22,4 +22,3 @@ bug_846_CVE-2019-18217.patch
 upstream_pull_859_861_CVE-2019-19270_CVE-2019-19269
 upstream_pull_657
 upstream_pull_885
-e845abc1bd86eebec7a0342fded908a1b0f1996b.patch



View it on GitLab: https://salsa.debian.org/debian-proftpd-team/proftpd/-/commit/6d9cb40282a6ddb9a5cb0d6df507180debb938a6

-- 
View it on GitLab: https://salsa.debian.org/debian-proftpd-team/proftpd/-/commit/6d9cb40282a6ddb9a5cb0d6df507180debb938a6
You're receiving this email because of your account on salsa.debian.org.




More information about the Pkg-proftpd-maintainers mailing list