[Git][debian-proftpd-team/proftpd][master] Two more patches for upstream_2052.

Thu May 7 19:59:17 BST 2026


Hilmar Preuße pushed to branch master at Debian ProFTPD Team / proftpd


Commits:
cc789583 by Hilmar Preuße at 2026-05-07T20:59:07+02:00
Two more patches for upstream_2052.

- - - - -


4 changed files:

- debian/changelog
- + debian/patches/04d89957d8ace325ef76fdfab22049df16a40c0b.diff
- + debian/patches/7e076e844ab5da63a0887b875aca2c3cfbc83a49.diff
- debian/patches/series


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,9 @@
+proftpd-dfsg (1.3.9a~dfsg-2) UNRELEASED; urgency=medium
+
+  * Two more patches for upstream_2052.
+
+ -- Hilmar Preuße <hille42 at debian.org>  Thu, 07 May 2026 20:58:24 +0200
+
 proftpd-dfsg (1.3.9a~dfsg-1) unstable; urgency=medium
 
   * New upstream version, disable patches I cherry picked from upstream.


=====================================
debian/patches/04d89957d8ace325ef76fdfab22049df16a40c0b.diff
=====================================
@@ -0,0 +1,30 @@
+From 04d89957d8ace325ef76fdfab22049df16a40c0b Mon Sep 17 00:00:00 2001
+From: TJ Saunders <tj at castaglia.org>
+Date: Tue, 5 May 2026 17:22:18 -0700
+Subject: [PATCH] Issue #2052: It is possible that some note values come from
+ client-supplied text, and as such, they should always be escaped as well.
+
+---
+ contrib/mod_sql.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/contrib/mod_sql.c b/contrib/mod_sql.c
+index 4872f5fa6..bafe175ff 100644
+--- a/contrib/mod_sql.c
++++ b/contrib/mod_sql.c
+@@ -987,6 +987,7 @@ static int sql_resolve_on_meta(pool *p, pr_jot_ctx_t *jot_ctx,
+       case LOGFMT_META_FILENAME:
+       case LOGFMT_META_IDENT_USER:
+       case LOGFMT_META_METHOD:
++      case LOGFMT_META_NOTE_VAR:
+       case LOGFMT_META_ORIGINAL_USER:
+       case LOGFMT_META_RESPONSE_STR:
+       case LOGFMT_META_REMOTE_HOST:
+@@ -1016,7 +1017,6 @@ static int sql_resolve_on_meta(pool *p, pr_jot_ctx_t *jot_ctx,
+       case LOGFMT_META_LOCAL_FQDN:
+       case LOGFMT_META_LOCAL_IP:
+       case LOGFMT_META_LOCAL_NAME:
+-      case LOGFMT_META_NOTE_VAR:
+       case LOGFMT_META_PROTOCOL:
+       case LOGFMT_META_REMOTE_IP:
+       case LOGFMT_META_VERSION:


=====================================
debian/patches/7e076e844ab5da63a0887b875aca2c3cfbc83a49.diff
=====================================
@@ -0,0 +1,31 @@
+From 7e076e844ab5da63a0887b875aca2c3cfbc83a49 Mon Sep 17 00:00:00 2001
+From: TJ Saunders <tj at castaglia.org>
+Date: Thu, 7 May 2026 09:15:08 -0700
+Subject: [PATCH] Issue #2052: It is possible that some environment values come
+ from user-supplied text, so we should always escape `%{env:...}` variables,
+ too.
+
+---
+ contrib/mod_sql.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/contrib/mod_sql.c b/contrib/mod_sql.c
+index bafe175ff..b90725942 100644
+--- a/contrib/mod_sql.c
++++ b/contrib/mod_sql.c
+@@ -984,6 +984,7 @@ static int sql_resolve_on_meta(pool *p, pr_jot_ctx_t *jot_ctx,
+       case LOGFMT_META_COMMAND:
+       case LOGFMT_META_DIR_NAME:
+       case LOGFMT_META_DIR_PATH:
++      case LOGFMT_META_ENV_VAR:
+       case LOGFMT_META_FILENAME:
+       case LOGFMT_META_IDENT_USER:
+       case LOGFMT_META_METHOD:
+@@ -1010,7 +1011,6 @@ static int sql_resolve_on_meta(pool *p, pr_jot_ctx_t *jot_ctx,
+       }
+ 
+       case LOGFMT_META_CLASS:
+-      case LOGFMT_META_ENV_VAR:
+       case LOGFMT_META_EOS_REASON:
+       case LOGFMT_META_GROUP:
+       case LOGFMT_META_ISO8601:


=====================================
debian/patches/series
=====================================
@@ -12,3 +12,5 @@ odbc
 #3d3a936b696d73f24a7f1a99bf7aa26735ff2306.diff
 #415395b795436ae47cc25b2394e80033b80f11be.diff
 07797aba88dca902da7eaf1dfe262c8896943de7.diff
+04d89957d8ace325ef76fdfab22049df16a40c0b.diff
+7e076e844ab5da63a0887b875aca2c3cfbc83a49.diff



View it on GitLab: https://salsa.debian.org/debian-proftpd-team/proftpd/-/commit/cc789583d685eb99048cb9721f265e18b1c68aba

-- 
View it on GitLab: https://salsa.debian.org/debian-proftpd-team/proftpd/-/commit/cc789583d685eb99048cb9721f265e18b1c68aba
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


