[Git][debian-proftpd-team/proftpd][master] 2 commits: Add patch for upstream issue #1284 (Closes: #993173).
Hilmar Preuße (@hilmar-guest)
gitlab at salsa.debian.org
Sat Aug 28 22:18:21 BST 2021
Hilmar Preuße pushed to branch master at Debian ProFTPD Team / proftpd
Commits:
c26d9df3 by Hilmar Preusse at 2021-08-28T23:17:48+02:00
Add patch for upstream issue #1284 (Closes: #993173).
- - - - -
90f7a44a by Hilmar Preusse at 2021-08-28T23:17:55+02:00
E: depends-on-essential-package-without-using-version (sed & debianutils).
- - - - -
5 changed files:
- debian/changelog
- debian/control
- debian/control.in
- debian/patches/series
- + debian/patches/upstream_1284
Changes:
=====================================
debian/changelog
=====================================
@@ -1,3 +1,9 @@
+proftpd-dfsg (1.3.7b+dfsg-3) UNRELEASED; urgency=medium
+
+ * Add patch for upstream issue #1285 (Closes: #993173).
+
+ -- Hilmar Preusse <hille42 at web.de> Sat, 28 Aug 2021 16:11:20 +0200
+
proftpd-dfsg (1.3.7b+dfsg-2) unstable; urgency=medium
[ Hilmar Preusse ]
=====================================
debian/control
=====================================
@@ -33,10 +33,8 @@ Package: proftpd-core
Architecture: any
Pre-Depends: ${misc:Pre-Depends}
Depends: adduser,
- debianutils,
libpam-runtime (>= 0.76-13.1),
netbase,
- sed,
ucf,
lsb-base (>= 3.0-6),
${misc:Depends},
=====================================
debian/control.in
=====================================
@@ -33,10 +33,8 @@ Package: proftpd-core
Architecture: any
Pre-Depends: ${misc:Pre-Depends}
Depends: adduser,
- debianutils,
libpam-runtime (>= 0.76-13.1),
netbase,
- sed,
ucf,
lsb-base (>= 3.0-6),
${misc:Depends},
=====================================
debian/patches/series
=====================================
@@ -17,3 +17,4 @@ proftpd-mysql-password-backend.diff
#3c73f39f0db6724db597646eb6e476278f76edf5.diff
#pr_1094.diff
#2eadd82f392573235432a9cb60266f6472d08884.diff
+upstream_1284
=====================================
debian/patches/upstream_1284
=====================================
@@ -0,0 +1,43 @@
+From 10a227b4d50e0a2cd2faf87926f58d865da44e43 Mon Sep 17 00:00:00 2001
+From: Chris Hofstaedtler <chris.hofstaedtler at deduktiva.com>
+Date: Tue, 3 Aug 2021 21:53:28 +0200
+Subject: [PATCH] mod_radius: copy _only_ the password
+
+---
+ contrib/mod_radius.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+Index: proftpd/contrib/mod_radius.c
+===================================================================
+--- proftpd.orig/contrib/mod_radius.c 2021-08-28 16:10:46.810595478 +0200
++++ proftpd/contrib/mod_radius.c 2021-08-28 16:10:46.782595919 +0200
+@@ -2319,21 +2319,26 @@
+
+ pwlen = strlen((const char *) passwd);
+
++ /* Clear the buffers. */
++ memset(pwhash, '\0', sizeof(pwhash));
++
+ if (pwlen == 0) {
+ pwlen = RADIUS_PASSWD_LEN;
+
+ } if ((pwlen & (RADIUS_PASSWD_LEN - 1)) != 0) {
++ /* pwlen is not a multiple of RADIUS_PASSWD_LEN, need to prepare a proper buffer */
++ memcpy(pwhash, passwd, pwlen);
+
+ /* Round up the length. */
+ pwlen += (RADIUS_PASSWD_LEN - 1);
+
+ /* Truncate the length, as necessary. */
+ pwlen &= ~(RADIUS_PASSWD_LEN - 1);
++ } else {
++ /* pwlen is a multiple of RADIUS_PASSWD_LEN, we can just use it. */
++ memcpy(pwhash, passwd, pwlen);
+ }
+
+- /* Clear the buffers. */
+- memset(pwhash, '\0', sizeof(pwhash));
+- memcpy(pwhash, passwd, pwlen);
+
+ /* Find the password attribute. */
+ attrib = radius_get_attrib(packet, RADIUS_PASSWORD);
View it on GitLab: https://salsa.debian.org/debian-proftpd-team/proftpd/-/compare/1d5b7392a7cc9643cb8c032b48285672077be676...90f7a44a54b3ec82f3e25e3a466d9a5a0acbc640
--
View it on GitLab: https://salsa.debian.org/debian-proftpd-team/proftpd/-/compare/1d5b7392a7cc9643cb8c032b48285672077be676...90f7a44a54b3ec82f3e25e3a466d9a5a0acbc640
You're receiving this email because of your account on salsa.debian.org.
More information about the Pkg-proftpd-maintainers
mailing list