[Git][debian-proftpd-team/proftpd][bookworm] Add patch from upstream to address CVE-2024-57392.

Fri Mar 7 22:56:57 GMT 2025


Hilmar Preuße pushed to branch bookworm at Debian ProFTPD Team / proftpd


Commits:
f8c1990f by Hilmar Preuße at 2025-03-07T23:56:42+01:00
Add patch from upstream to address CVE-2024-57392.

- - - - -


3 changed files:

- debian/changelog
- + debian/patches/9b2b4a3e32d251798bf8fa841b124ab15ba58f11.diff
- debian/patches/series


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,9 @@
+proftpd-dfsg (1.3.8+dfsg-4+deb12u5) UNRELEASED; urgency=medium
+
+  * Add patch from upstream to address CVE-2024-57392.
+
+ -- Hilmar Preuße <hille42 at debian.org>  Fri, 07 Mar 2025 23:55:03 +0100
+
 proftpd-dfsg (1.3.8+dfsg-4+deb12u4) bookworm-security; urgency=high
 
   * Add my Debian E-Mail address to Field Uploaders.


=====================================
debian/patches/9b2b4a3e32d251798bf8fa841b124ab15ba58f11.diff
=====================================
@@ -0,0 +1,44 @@
+From 9b2b4a3e32d251798bf8fa841b124ab15ba58f11 Mon Sep 17 00:00:00 2001
+From: TJ Saunders <tj at castaglia.org>
+Date: Sun, 9 Feb 2025 12:13:48 -0800
+Subject: [PATCH] Manually backporting some of the null pointer guards from
+ Issue #1866 to the 1.3.8 branch.
+
+---
+ modules/mod_ls.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/modules/mod_ls.c b/modules/mod_ls.c
+index 5458ccc74d..980691b9d6 100644
+--- a/modules/mod_ls.c
++++ b/modules/mod_ls.c
+@@ -2,7 +2,7 @@
+  * ProFTPD - FTP server daemon
+  * Copyright (c) 1997, 1998 Public Flood Software
+  * Copyright (c) 1999, 2000 MacGyver aka Habeeb J. Dihu <macgyver at tos.net>
+- * Copyright (c) 2001-2022 The ProFTPD Project
++ * Copyright (c) 2001-2024 The ProFTPD Project
+  *
+  * This program is free software; you can redistribute it and/or modify
+  * it under the terms of the GNU General Public License as published by
+@@ -360,7 +360,8 @@ static int sendline(int flags, char *fmt, ...) {
+           errno != 0) {
+         int xerrno = errno;
+ 
+-        if (session.d != NULL) {
++        if (session.d != NULL &&
++            session.d->outstrm != NULL) {
+           xerrno = PR_NETIO_ERRNO(session.d->outstrm);
+         }
+ 
+@@ -1101,7 +1102,9 @@ static int outputfiles(cmd_rec *cmd) {
+     return res;
+   }
+ 
+-  tail->down = NULL;
++  if (tail != NULL) {
++    tail->down = NULL;
++  }
+   tail = NULL;
+   colwidth = (colwidth | 7) + 1;
+   if (opt_l || !opt_C) {


=====================================
debian/patches/series
=====================================
@@ -21,3 +21,4 @@ upstream_1707.diff
 bcec15efe6c53dac40420731013f1cd2fd54123b.diff
 97bbe68363ccf2de0c07f67170ec64a8b4d62592.diff
 5031d498a71c493b9659e2b5ccafde58b0897e30.diff
+9b2b4a3e32d251798bf8fa841b124ab15ba58f11.diff



View it on GitLab: https://salsa.debian.org/debian-proftpd-team/proftpd/-/commit/f8c1990fb972b4485ea9b1cca9f321ba6a9e5b97

-- 
View it on GitLab: https://salsa.debian.org/debian-proftpd-team/proftpd/-/commit/f8c1990fb972b4485ea9b1cca9f321ba6a9e5b97
You're receiving this email because of your account on salsa.debian.org.


