[Git][debian-proftpd-team/proftpd][buster] Remove patch for "CVE-2020-9273".
Hilmar Preuße
gitlab at salsa.debian.org
Tue Mar 10 22:36:05 GMT 2020
Hilmar Preuße pushed to branch buster at Debian ProFTPD Team / proftpd
Commits:
6d9cb402 by Hilmar Preusse at 2020-03-10T23:35:43+01:00
Remove patch for "CVE-2020-9273".
- - - - -
3 changed files:
- debian/changelog
- − debian/patches/e845abc1bd86eebec7a0342fded908a1b0f1996b.patch
- debian/patches/series
Changes:
=====================================
debian/changelog
=====================================
@@ -2,8 +2,6 @@ proftpd-dfsg (1.3.6-4+deb10u4) UNRELEASED; urgency=medium
* Patch for upstream Issue #656 (Closes: #951412)
* Patch for upstream Bug #4385 (Closes: #949622)
- * Patch for upstream Issue #903 (CVE-2020-9273)
- (Closes: #951800)
-- Hilmar Preusse <hille42 at web.de> Sun, 16 Feb 2020 21:59:04 +0100
=====================================
debian/patches/e845abc1bd86eebec7a0342fded908a1b0f1996b.patch deleted
=====================================
@@ -1,186 +0,0 @@
-From e845abc1bd86eebec7a0342fded908a1b0f1996b Mon Sep 17 00:00:00 2001
-From: TJ Saunders <tj at castaglia.org>
-Date: Tue, 18 Feb 2020 09:48:18 -0800
-Subject: [PATCH] Issue #903: Ensure that we do not reuse already-destroyed
- memory pools during data transfers.
-
----
- src/data.c | 27 ++++++++++++++++++++-------
- src/main.c | 6 ++++--
- src/response.c | 12 ++++++++++++
- tests/api/data.c | 2 +-
- tests/api/response.c | 10 ++++++++++
- 5 files changed, 47 insertions(+), 10 deletions(-)
-
-diff --git a/src/data.c b/src/data.c
-index d5c85114b..6ef6d420e 100644
---- a/src/data.c
-+++ b/src/data.c
-@@ -684,7 +684,7 @@ void pr_data_close(int quiet) {
- */
- void pr_data_cleanup(void) {
- /* sanity check */
-- if (session.d) {
-+ if (session.d != NULL) {
- pr_inet_lingering_close(session.pool, session.d, timeout_linger);
- session.d = NULL;
- }
-@@ -711,7 +711,7 @@ void pr_data_abort(int err, int quiet) {
- strerror(err), err, quiet ? "true" : "false",
- true_abort ? "true" : "false");
-
-- if (session.d) {
-+ if (session.d != NULL) {
- if (true_abort == FALSE) {
- pr_inet_lingering_close(session.pool, session.d, timeout_linger);
-
-@@ -893,6 +893,11 @@ void pr_data_abort(int err, int quiet) {
- if (true_abort == FALSE) {
- pr_response_add_err(respcode, _("Transfer aborted. %s"), msg ? msg : "");
- }
-+
-+ /* Forcibly clear the data-transfer instigating command pool from the
-+ * Response API.
-+ */
-+ pr_response_set_pool(NULL);
- }
-
- if (true_abort) {
-@@ -925,6 +930,7 @@ static void poll_ctrl(void) {
- res = pr_cmd_read(&cmd);
- if (res < 0) {
- int xerrno;
-+
- #if defined(ECONNABORTED)
- xerrno = ECONNABORTED;
- #elif defined(ENOTCONN)
-@@ -993,8 +999,8 @@ static void poll_ctrl(void) {
-
- pr_response_flush(&resp_err_list);
-
-- destroy_pool(cmd->pool);
- pr_response_set_pool(resp_pool);
-+ destroy_pool(cmd->pool);
-
- /* We don't want to actually dispatch the NOOP command, since that
- * would overwrite the scoreboard with the NOOP state; admins probably
-@@ -1019,13 +1025,14 @@ static void poll_ctrl(void) {
-
- pr_response_flush(&resp_list);
-
-- destroy_pool(cmd->pool);
- pr_response_set_pool(resp_pool);
-+ destroy_pool(cmd->pool);
-
- } else {
- char *title_buf = NULL;
-- int title_len = -1;
-- const char *sce_cmd = NULL, *sce_cmd_arg = NULL;
-+ int curr_cmd_id = 0, title_len = -1;
-+ const char *curr_cmd = NULL, *sce_cmd = NULL, *sce_cmd_arg = NULL;
-+ cmd_rec *curr_cmd_rec = NULL;
-
- pr_trace_msg(trace_channel, 5,
- "client sent '%s' command during data transfer, dispatching",
-@@ -1037,6 +1044,9 @@ static void poll_ctrl(void) {
- pr_proctitle_get(title_buf, title_len + 1);
- }
-
-+ curr_cmd = session.curr_cmd;
-+ curr_cmd_id = session.curr_cmd_id;
-+ curr_cmd_rec = session.curr_cmd_rec;
- sce_cmd = pr_scoreboard_entry_get(PR_SCORE_CMD);
- sce_cmd_arg = pr_scoreboard_entry_get(PR_SCORE_CMD_ARG);
-
-@@ -1052,6 +1062,9 @@ static void poll_ctrl(void) {
- }
-
- destroy_pool(cmd->pool);
-+ session.curr_cmd = curr_cmd;
-+ session.curr_cmd_id = curr_cmd_id;
-+ session.curr_cmd_rec = curr_cmd_rec;
- }
-
- } else {
-diff --git a/src/main.c b/src/main.c
-index 0e926c969..aa18ead86 100644
---- a/src/main.c
-+++ b/src/main.c
-@@ -900,8 +900,7 @@ static void cmd_loop(server_rec *server, conn_t *c) {
- pr_timer_reset(PR_TIMER_IDLE, ANY_MODULE);
- }
-
-- if (cmd) {
--
-+ if (cmd != NULL) {
- /* Detect known commands for other protocols; if found, drop the
- * connection, lest we be used as part of an attack on a different
- * protocol server (Bug#4143).
-@@ -917,6 +916,9 @@ static void cmd_loop(server_rec *server, conn_t *c) {
-
- pr_cmd_dispatch(cmd);
- destroy_pool(cmd->pool);
-+ session.curr_cmd = NULL;
-+ session.curr_cmd_id = 0;
-+ session.curr_cmd_rec = NULL;
-
- } else {
- pr_event_generate("core.invalid-command", NULL);
-diff --git a/src/response.c b/src/response.c
-index 9b4395ff9..93d31e2d6 100644
---- a/src/response.c
-+++ b/src/response.c
-@@ -219,6 +219,12 @@ void pr_response_add_err(const char *numeric, const char *fmt, ...) {
- return;
- }
-
-+ if (resp_pool == NULL) {
-+ pr_trace_msg(trace_channel, 1,
-+ "no response pool set, ignoring added %s error response", numeric);
-+ return;
-+ }
-+
- va_start(msg, fmt);
- res = vsnprintf(resp_buf, sizeof(resp_buf), fmt, msg);
- va_end(msg);
-@@ -272,6 +278,12 @@ void pr_response_add(const char *numeric, const char *fmt, ...) {
- return;
- }
-
-+ if (resp_pool == NULL) {
-+ pr_trace_msg(trace_channel, 1,
-+ "no response pool set, ignoring added %s response", numeric);
-+ return;
-+ }
-+
- va_start(msg, fmt);
- res = vsnprintf(resp_buf, sizeof(resp_buf), fmt, msg);
- va_end(msg);
-diff --git a/tests/api/response.c b/tests/api/response.c
-index 0d9506977..9a047741c 100644
---- a/tests/api/response.c
-+++ b/tests/api/response.c
-@@ -87,6 +87,11 @@ START_TEST (response_add_test) {
- const char *last_resp_code = NULL, *last_resp_msg = NULL;
- char *resp_code = R_200, *resp_msg = "OK";
-
-+ pr_response_set_pool(NULL);
-+
-+ mark_point();
-+ pr_response_add(resp_code, "%s", resp_msg);
-+
- pr_response_set_pool(p);
-
- mark_point();
-@@ -118,6 +123,11 @@ START_TEST (response_add_err_test) {
- const char *last_resp_code = NULL, *last_resp_msg = NULL;
- char *resp_code = R_450, *resp_msg = "Busy";
-
-+ pr_response_set_pool(NULL);
-+
-+ mark_point();
-+ pr_response_add(resp_code, "%s", resp_msg);
-+
- pr_response_set_pool(p);
-
- mark_point();
=====================================
debian/patches/series
=====================================
@@ -22,4 +22,3 @@ bug_846_CVE-2019-18217.patch
upstream_pull_859_861_CVE-2019-19270_CVE-2019-19269
upstream_pull_657
upstream_pull_885
-e845abc1bd86eebec7a0342fded908a1b0f1996b.patch
View it on GitLab: https://salsa.debian.org/debian-proftpd-team/proftpd/-/commit/6d9cb40282a6ddb9a5cb0d6df507180debb938a6
--
View it on GitLab: https://salsa.debian.org/debian-proftpd-team/proftpd/-/commit/6d9cb40282a6ddb9a5cb0d6df507180debb938a6
You're receiving this email because of your account on salsa.debian.org.
More information about the Pkg-proftpd-maintainers
mailing list