[Git][debian-proftpd-team/proftpd][bullseye] Copy adaptions for 1.3.7a+dfsg-12+deb11u5.

Hilmar Preuße (@hilmar) hille42 at debian.org
Tue Mar 4 18:21:13 GMT 2025 


Hilmar Preuße pushed to branch bullseye at Debian ProFTPD Team / proftpd


Commits:
d92b9a6a by Hilmar Preuße at 2025-03-04T19:20:36+01:00
Copy adaptions for 1.3.7a+dfsg-12+deb11u5.

- - - - -


7 changed files:

- debian/changelog
- + debian/patches/0036-Fix-blastradius-followup.patch
- + debian/patches/CVE-2024-57392.patch
- debian/patches/57ae0b5ecd2f3e3cc85a87f6b9713bf8d1480dc2.patch → debian/patches/issue-1171.patch
- debian/patches/series
- + debian/tests/control
- + debian/tests/test-suite


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,19 @@
+proftpd-dfsg (1.3.7a+dfsg-12+deb11u5) bullseye-security; urgency=high
+
+  * LTS Team upload
+  * Add autopkgtest suite.
+  * Fix issue #1171 patch
+  * Fix CVE-2024-57392:
+    A Buffer Overflow vulnerability in Proftpd allowed a remote
+    attacker to execute arbitrary code and can cause a
+    Denial of Service (DoS) on the FTP service by sending a
+    maliciously crafted message to the ProFTPD service port.
+  * Bug Fix: Blastradius fix breakage. Fix the computation of
+    the RADIUS Message-Authenticator signature to conform
+    more properly to RFC 2869
+
+ -- Bastien Roucariès <rouca at debian.org>  Sun, 02 Mar 2025 11:00:29 +0000
+
 proftpd-dfsg (1.3.7a+dfsg-12+deb11u4) bullseye; urgency=medium
 
    * Add patch for upstream issue #1171 (Closes: #1090813).


=====================================
debian/patches/0036-Fix-blastradius-followup.patch
=====================================
@@ -0,0 +1,32 @@
+From: TJ Saunders <tj at castaglia.org>
+Date: Sat, 26 Oct 2024 12:06:00 -0700
+Subject: Fix blastradius followup
+
+Blastradius fixes break proftpd
+
+Fix the computation of the RADIUS Message-Authenticator signature to conform more properly to RFC 2869
+
+origin: backport, https://github.com/proftpd/proftpd/commit/fb922fd3bd2239be1e2512e33af515e4d674ebe3
+bug: https://github.com/proftpd/proftpd/issues/1840
+---
+ contrib/mod_radius.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/contrib/mod_radius.c b/contrib/mod_radius.c
+index 2f90214..4add45d 100644
+--- a/contrib/mod_radius.c
++++ b/contrib/mod_radius.c
+@@ -2261,8 +2261,11 @@ static int radius_verify_auth_mac(radius_packet_t *pkt, const char *pkt_type,
+       memset(replied, '\0', sizeof(replied));
+       memcpy(replied, attrib->data, attrib_len);
+ 
+-      /* Next, zero out the value so that we can calculate it ourselves. */
+-      memset(attrib->data, '\0', attrib_len);
++      /* Next, zero out the value so that we can calculate it ourselves.
++       *
++       * Note that we only want to zero out the first 16 bytes, per RFC 2869.
++       */
++      memset(attrib->data, '\0', expected_len);
+ 
+       memset(digest, '\0', sizeof(digest));
+       md = EVP_md5();


=====================================
debian/patches/CVE-2024-57392.patch
=====================================
@@ -0,0 +1,37 @@
+From: TJ Saunders <tj at castaglia.org>
+Date: Sun, 9 Feb 2025 12:14:25 -0800
+Subject: [PATCH] Issue #1866: Some of the fuzzing tests submitted in the
+  advisory ran into existing null pointer dereferences (not buffer
+ overflows);  let's correct them. (#1867)
+
+bug: https://github.com/proftpd/proftpd/issues/1866
+origin: https://github.com/proftpd/proftpd/commit/981a37916fdb7b73435c6d5cdb01428b2269427d
+---
+ modules/mod_ls.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/modules/mod_ls.c b/modules/mod_ls.c
+index 45a3187..ccef278 100644
+--- a/modules/mod_ls.c
++++ b/modules/mod_ls.c
+@@ -349,7 +349,8 @@ static int sendline(int flags, char *fmt, ...) {
+           errno != 0) {
+         int xerrno = errno;
+ 
+-        if (session.d != NULL) {
++        if (session.d != NULL &&
++            session.d->outstrm != NULL) {
+           xerrno = PR_NETIO_ERRNO(session.d->outstrm);
+         }
+ 
+@@ -1039,7 +1040,9 @@ static int outputfiles(cmd_rec *cmd) {
+     return res;
+   }
+ 
+-  tail->down = NULL;
++  if (tail != NULL) {
++    tail->down = NULL;
++  }
+   tail = NULL;
+   colwidth = (colwidth | 7) + 1;
+   if (opt_l || !opt_C) {


=====================================
debian/patches/57ae0b5ecd2f3e3cc85a87f6b9713bf8d1480dc2.patch → debian/patches/issue-1171.patch
=====================================
@@ -1,18 +1,23 @@
-From 57ae0b5ecd2f3e3cc85a87f6b9713bf8d1480dc2 Mon Sep 17 00:00:00 2001
 From: TJ Saunders <tj at castaglia.org>
 Date: Wed, 3 Mar 2021 21:28:24 -0800
-Subject: [PATCH] Issue #1171: Only set the `SO_REUSEPORT` socket option for
- active data transfers.
+Subject: Issue #1171: Only set the `SO_REUSEPORT` socket option for active
+ data transfers.
 
+Proftpd does use the same server port for multiple passive FTP connections.
+Even when executing multiple simultaneous FTP sessions from different clients.
+This does break simultaneous passive FTP connections, file listings and transfers.
+
+origin: backport, https://github.com/proftpd/proftpd/commit/57ae0b5ecd2f3e3cc85a87f6b9713bf8d1480dc2
+bug: https://github.com/proftpd/proftpd/issues/1171
 ---
  include/inet.h   |  4 +++-
- src/data.c       | 18 ++++++++--------
- src/inet.c       | 54 +++++++++++++++++++++++++++++-------------------
- tests/api/inet.c | 49 ++++++++++++++++++++++++++++++++++++++++++-
- 4 files changed, 93 insertions(+), 32 deletions(-)
+ src/data.c       | 16 +++++++--------
+ src/inet.c       | 37 ++++++++++++++++++++++++++++++-----
+ tests/api/inet.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 102 insertions(+), 14 deletions(-)
 
 diff --git a/include/inet.h b/include/inet.h
-index 6ca12ad92b..12fc35a452 100644
+index 6ca12ad..12fc35a 100644
 --- a/include/inet.h
 +++ b/include/inet.h
 @@ -2,7 +2,7 @@
@@ -34,18 +39,9 @@ index 6ca12ad92b..12fc35a452 100644
  int pr_inet_listen(pool *p, conn_t *conn, int backlog, int flags);
  #define PR_INET_LISTEN_FL_FATAL_ON_ERROR		0x0001
 diff --git a/src/data.c b/src/data.c
-index 0c9d5bdc3b..940bd8ed7a 100644
+index 0c9d5bd..980cfc4 100644
 --- a/src/data.c
 +++ b/src/data.c
-@@ -2,7 +2,7 @@
-  * ProFTPD - FTP server daemon
-  * Copyright (c) 1997, 1998 Public Flood Software
-  * Copyright (c) 1999, 2000 MacGyver aka Habeeb J. Dihu <macgyver at tos.net>
-- * Copyright (c) 2001-2020 The ProFTPD Project team
-+ * Copyright (c) 2001-2021 The ProFTPD Project team
-  *
-  * This program is free software; you can redistribute it and/or modify
-  * it under the terms of the GNU General Public License as published by
 @@ -133,14 +133,14 @@ static int data_passive_open(const char *reason, off_t size) {
    /* Protocol and socket options should be set before handshaking. */
  
@@ -85,41 +81,10 @@ index 0c9d5bdc3b..940bd8ed7a 100644
  
    /* Make sure that the necessary socket options are set on the socket prior
 diff --git a/src/inet.c b/src/inet.c
-index 5d8dfdd999..33ce349aa3 100644
+index 5d8dfdd..532243a 100644
 --- a/src/inet.c
 +++ b/src/inet.c
-@@ -2,7 +2,7 @@
-  * ProFTPD - FTP server daemon
-  * Copyright (c) 1997, 1998 Public Flood Software
-  * Copyright (c) 1999, 2000 MacGyver aka Habeeb J. Dihu <macgyver at tos.net>
-- * Copyright (c) 2001-2020 The ProFTPD Project team
-+ * Copyright (c) 2001-2021 The ProFTPD Project team
-  *
-  * This program is free software; you can redistribute it and/or modify
-  * it under the terms of the GNU General Public License as published by
-@@ -324,21 +324,6 @@ static conn_t *init_conn(pool *p, int fd, const pr_netaddr_t *bind_addr,
-         strerror(errno));
-     }
- 
--#ifdef SO_REUSEPORT
--    /* Note that we only want to use this socket option if we are NOT the
--     * master/parent daemon.  Otherwise, we would allow multiple daemon
--     * processes to bind to the same socket, causing unexpected terror
--     * and madness (see Issue #622).
--     */
--    if (!is_master) {
--      if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, (void *) &on,
--          sizeof(on)) < 0) {
--        pr_log_pri(PR_LOG_NOTICE, "error setting SO_REUSEPORT: %s",
--          strerror(errno));
--      }
--    }
--#endif /* SO_REUSEPORT */
--
-     /* Allow socket keepalive messages by default.  However, if
-      * "SocketOptions keepalive off" is in effect, then explicitly
-      * disable keepalives.
-@@ -941,8 +926,8 @@ int pr_inet_set_proto_opts(pool *p, conn_t *c, int mss, int nodelay,
+@@ -941,8 +941,8 @@ int pr_inet_set_proto_opts(pool *p, conn_t *c, int mss, int nodelay,
  }
  
  /* Set socket options on a connection.  */
@@ -130,7 +95,7 @@ index 5d8dfdd999..33ce349aa3 100644
  
    if (c == NULL) {
      errno = EINVAL;
-@@ -982,7 +967,7 @@ int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf,
+@@ -982,7 +982,7 @@ int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf,
        if (tcp_keepalive != NULL) {
          int val = 0;
  
@@ -139,7 +104,7 @@ index 5d8dfdd999..33ce349aa3 100644
          val = tcp_keepalive->keepalive_idle;
          if (val != -1) {
  # ifdef __DragonFly__
-@@ -1002,7 +987,7 @@ int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf,
+@@ -1002,7 +1002,7 @@ int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf,
          }
  #endif /* TCP_KEEPIDLE */
  
@@ -148,7 +113,7 @@ index 5d8dfdd999..33ce349aa3 100644
          val = tcp_keepalive->keepalive_count;
          if (val != -1) {
            if (setsockopt(c->listen_fd, SOL_SOCKET, TCP_KEEPCNT, (void *)
-@@ -1018,7 +1003,7 @@ int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf,
+@@ -1018,7 +1018,7 @@ int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf,
          }
  #endif /* TCP_KEEPCNT */
  
@@ -157,7 +122,7 @@ index 5d8dfdd999..33ce349aa3 100644
          val = tcp_keepalive->keepalive_intvl;
          if (val != -1) {
  # ifdef __DragonFly__
-@@ -1108,9 +1093,36 @@ int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf,
+@@ -1108,9 +1108,36 @@ int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf,
      c->rcvbuf = (rcvbuf ? rcvbuf : crcvbuf);
    }
  
@@ -195,18 +160,29 @@ index 5d8dfdd999..33ce349aa3 100644
  static void set_oobinline(int fd) {
    int on = 1;
 diff --git a/tests/api/inet.c b/tests/api/inet.c
-index 3b6e8d5de9..27f89d5ce8 100644
+index 3b6e8d5..dfb3ba0 100644
 --- a/tests/api/inet.c
 +++ b/tests/api/inet.c
-@@ -1,6 +1,6 @@
- /*
-  * ProFTPD - FTP server testsuite
-- * Copyright (c) 2014-2020 The ProFTPD Project team
-+ * Copyright (c) 2014-2021 The ProFTPD Project team
-  *
-  * This program is free software; you can redistribute it and/or modify
-  * it under the terms of the GNU General Public License as published by
-@@ -457,6 +457,52 @@ START_TEST (inet_set_socket_opts_test) {
+@@ -68,6 +68,18 @@ static void tear_down(void) {
+   } 
+ }
+ 
++static int devnull_fd(void) {
++  int fd;
++
++  fd = open("/dev/null", O_RDWR);
++  if (fd < 0) {
++    fprintf(stderr, "Error opening /dev/null: %s\n", strerror(errno));
++    return -1;
++  }
++
++  return fd;
++}
++
+ /* Tests */
+ 
+ START_TEST (inet_family_test) {
+@@ -457,6 +469,52 @@ START_TEST (inet_set_socket_opts_test) {
  }
  END_TEST
  
@@ -259,7 +235,7 @@ index 3b6e8d5de9..27f89d5ce8 100644
  START_TEST (inet_listen_test) {
    int fd, mode, sockfd = -1, port = INPORT_ANY, res;
    conn_t *conn;
-@@ -830,6 +876,7 @@ Suite *tests_get_inet_suite(void) {
+@@ -830,6 +888,7 @@ Suite *tests_get_inet_suite(void) {
    tcase_add_test(testcase, inet_set_proto_opts_test);
    tcase_add_test(testcase, inet_set_proto_opts_ipv6_test);
    tcase_add_test(testcase, inet_set_socket_opts_test);


=====================================
debian/patches/series
=====================================
@@ -19,4 +19,6 @@ upstream_1149
 bcec15efe6c53dac40420731013f1cd2fd54123b.diff
 97bbe68363ccf2de0c07f67170ec64a8b4d62592.diff
 0021-PATCH-Issue-1830-When-no-supplemental-groups-are-pro.patch
-57ae0b5ecd2f3e3cc85a87f6b9713bf8d1480dc2.patch
+issue-1171.patch
+CVE-2024-57392.patch
+0036-Fix-blastradius-followup.patch


=====================================
debian/tests/control
=====================================
@@ -0,0 +1,10 @@
+Tests: test-suite
+Depends: @builddeps@,
+	check,
+	libtest-unit-perl,
+	libnet-address-ip-local-perl,
+	libnet-inet6glue-perl,
+	libnet-telnet-perl,
+	libhttp-message-perl,
+	redis-server
+Restrictions: allow-stderr


=====================================
debian/tests/test-suite
=====================================
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+set -e
+
+# Temporary fix for LP: #2071468
+eval "$(dpkg-buildflags --export=sh)"
+
+./configure --disable-option-checking --disable-silent-rules --disable-dependency-tracking \
+	    --prefix=/usr --with-pkgconfig=lib/pkgconfig LIBS="-lm -lrt -pthread -lsubunit" \
+	    --with-includes=$(pg_config --includedir)$(mysql_config --include|sed -e 's/-I/:/g'|sed -e 's/ //') \
+	    --mandir=/usr/share/man --localstatedir=/run --libexecdir=/usr/lib/proftpd \
+	    --enable-sendfile --enable-facl --enable-dso --enable-autoshadow --enable-ctrls --enable-openssl \
+	    --enable-ipv6 --enable-nls --enable-memcache --enable-pcre2 \
+	    --disable-strip --disable-redis --enable-tests=nonetwork
+
+make check-api



View it on GitLab: https://salsa.debian.org/debian-proftpd-team/proftpd/-/commit/d92b9a6a835056cba1703ed16c2f2e09ffa324b1

-- 
View it on GitLab: https://salsa.debian.org/debian-proftpd-team/proftpd/-/commit/d92b9a6a835056cba1703ed16c2f2e09ffa324b1
You're receiving this email because of your account on salsa.debian.org.

More information about the Pkg-proftpd-maintainers mailing list