[Git][debian-proftpd-team/proftpd][bookworm] 2 commits: Add patch for #1133677.

Hilmar Preuße (@hilmar) gitlab at salsa.debian.org
Mon Apr 13 21:50:59 BST 2026 


Hilmar Preuße pushed to branch bookworm at Debian ProFTPD Team / proftpd


Commits:
e1b0dedc by Hilmar Preuße at 2026-04-13T22:49:19+02:00
Add patch for #1133677.

- - - - -
73eca178 by Hilmar Preuße at 2026-04-13T22:49:56+02:00
Finalize for upload to bookworm.

- - - - -


3 changed files:

- debian/changelog
- + debian/patches/3cf5ad4b7e6df0e5a980aeab9021ef25c63dbfd6.diff
- debian/patches/series


Changes:

=====================================
debian/changelog
=====================================
@@ -1,8 +1,9 @@
-proftpd-dfsg (1.3.8+dfsg-4+deb12u5) UNRELEASED; urgency=medium
+proftpd-dfsg (1.3.8+dfsg-4+deb12u5) bookworm; urgency=medium
 
   * Add patch from upstream to address CVE-2024-57392.
+  * Add patch from upstream to address issues #1840 (Closes: #1133677).
 
- -- Hilmar Preuße <hille42 at debian.org>  Fri, 07 Mar 2025 23:55:03 +0100
+ -- Hilmar Preuße <hille42 at debian.org>  Mon, 13 Apr 2026 22:49:27 +0200
 
 proftpd-dfsg (1.3.8+dfsg-4+deb12u4) bookworm-security; urgency=high
 


=====================================
debian/patches/3cf5ad4b7e6df0e5a980aeab9021ef25c63dbfd6.diff
=====================================
@@ -0,0 +1,36 @@
+From 3cf5ad4b7e6df0e5a980aeab9021ef25c63dbfd6 Mon Sep 17 00:00:00 2001
+From: TJ Saunders <tj at castaglia.org>
+Date: Sat, 26 Oct 2024 12:06:00 -0700
+Subject: [PATCH] Issue #1840: Fix the computation of the RADIUS
+ Message-Authenticator signature to conform more properly to RFC 2869. (#1843)
+
+---
+ contrib/mod_radius.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/contrib/mod_radius.c b/contrib/mod_radius.c
+index f232e99290..057bd1a377 100644
+--- a/contrib/mod_radius.c
++++ b/contrib/mod_radius.c
+@@ -1,6 +1,6 @@
+ /*
+  * ProFTPD: mod_radius -- a module for RADIUS authentication and accounting
+- * Copyright (c) 2001-2022 TJ Saunders
++ * Copyright (c) 2001-2024 TJ Saunders
+  *
+  * This program is free software; you can redistribute it and/or modify
+  * it under the terms of the GNU General Public License as published by
+@@ -2266,8 +2266,11 @@ static int radius_verify_auth_mac(radius_packet_t *pkt, const char *pkt_type,
+       memset(replied, '\0', sizeof(replied));
+       memcpy(replied, attrib->data, attrib_len);
+ 
+-      /* Next, zero out the value so that we can calculate it ourselves. */
+-      memset(attrib->data, '\0', attrib_len);
++      /* Next, zero out the value so that we can calculate it ourselves.
++       *
++       * Note that we only want to zero out the first 16 bytes, per RFC 2869.
++       */
++      memset(attrib->data, '\0', expected_len);
+ 
+       memset(digest, '\0', sizeof(digest));
+       md = EVP_md5();


=====================================
debian/patches/series
=====================================
@@ -22,3 +22,4 @@ bcec15efe6c53dac40420731013f1cd2fd54123b.diff
 97bbe68363ccf2de0c07f67170ec64a8b4d62592.diff
 5031d498a71c493b9659e2b5ccafde58b0897e30.diff
 9b2b4a3e32d251798bf8fa841b124ab15ba58f11.diff
+3cf5ad4b7e6df0e5a980aeab9021ef25c63dbfd6.diff



View it on GitLab: https://salsa.debian.org/debian-proftpd-team/proftpd/-/compare/f8c1990fb972b4485ea9b1cca9f321ba6a9e5b97...73eca178866792a3c4db581c5c94321e0a607d1f

-- 
View it on GitLab: https://salsa.debian.org/debian-proftpd-team/proftpd/-/compare/f8c1990fb972b4485ea9b1cca9f321ba6a9e5b97...73eca178866792a3c4db581c5c94321e0a607d1f
You're receiving this email because of your account on salsa.debian.org.

More information about the Pkg-proftpd-maintainers mailing list