head 1.8; access; symbols pkgsrc-2013Q2:1.8.0.8 pkgsrc-2013Q2-base:1.8 pkgsrc-2012Q4:1.8.0.6 pkgsrc-2012Q4-base:1.8 pkgsrc-2011Q4:1.8.0.4 pkgsrc-2011Q4-base:1.8 pkgsrc-2011Q2:1.8.0.2 pkgsrc-2011Q2-base:1.8 pkgsrc-2010Q3:1.7.0.16 pkgsrc-2010Q3-base:1.7 pkgsrc-2010Q2:1.7.0.14 pkgsrc-2010Q2-base:1.7 pkgsrc-2010Q1:1.7.0.12 pkgsrc-2010Q1-base:1.7 pkgsrc-2009Q4:1.7.0.10 pkgsrc-2009Q4-base:1.7 pkgsrc-2009Q3:1.7.0.8 pkgsrc-2009Q3-base:1.7 pkgsrc-2009Q2:1.7.0.6 pkgsrc-2009Q2-base:1.7 pkgsrc-2009Q1:1.7.0.4 pkgsrc-2009Q1-base:1.7 pkgsrc-2008Q4:1.7.0.2 pkgsrc-2008Q4-base:1.7 pkgsrc-2008Q3:1.5.0.2 pkgsrc-2008Q3-base:1.5 cube-native-xorg:1.4.0.10 cube-native-xorg-base:1.4 pkgsrc-2008Q2:1.4.0.8 pkgsrc-2008Q2-base:1.4 pkgsrc-2008Q1:1.4.0.6 pkgsrc-2008Q1-base:1.4 pkgsrc-2007Q4:1.4.0.4 pkgsrc-2007Q4-base:1.4 pkgsrc-2007Q3:1.4.0.2 pkgsrc-2007Q3-base:1.4 pkgsrc-2007Q2:1.3.0.2 pkgsrc-2007Q2-base:1.3 pkgsrc-2007Q1:1.2.0.12 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.10 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.2.0.8 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.2.0.6 pkgsrc-2006Q2-base:1.2 pkgsrc-2006Q1:1.2.0.4 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.2.0.2 pkgsrc-2005Q4-base:1.2 pkgsrc-2005Q3:1.1.0.4 pkgsrc-2005Q3-base:1.1 pkgsrc-2005Q2:1.1.0.2; locks; strict; comment @# @; 1.8 date 2010.11.07.12.21.10; author obache; state dead; branches; next 1.7; 1.7 date 2008.12.28.08.42.01; author kim; state Exp; branches 1.7.16.1; next 1.6; 1.6 date 2008.11.21.08.00.36; author martti; state dead; branches; next 1.5; 1.5 date 2008.10.03.06.52.03; author martti; state Exp; branches; next 1.4; 1.4 date 2007.07.06.11.04.41; author martti; state dead; branches; next 1.3; 1.3 date 2007.06.26.23.25.56; author lkundrak; state Exp; branches 1.3.2.1; next 1.2; 1.2 date 2005.11.03.19.09.46; author martti; state dead; branches 1.2.12.1; next 1.1; 1.1 date 2005.08.06.11.51.18; author adrianp; state Exp; branches 1.1.2.1; next ; 1.7.16.1 date 2010.11.09.20.58.59; author spz; state dead; branches; next ; 1.3.2.1 date 2007.07.10.12.16.06; author ghen; state dead; branches; next ; 1.2.12.1 date 2007.06.28.10.49.45; author ghen; state Exp; branches; next ; 1.1.2.1 date 2005.08.06.11.51.18; author salo; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2005.08.06.22.17.34; author salo; state Exp; branches; next ; desc @@ 1.8 log @Update proftpd to 1.3.3c. pksrc changes: * Instead of patch&subst to change layout of statedir, pass it to configure instead (and subst for manpages are fixed). * Convert custom mod_wrap library modification to SUBST. * Need to buildlink with security/tcp_wappers for mod_wrap. NEWS: 1.3.3c - Released 29-Oct-2010 -------------------------------- - Bug 3511 - SQLAuthType Backend not properly rejected by mod_sql_sqlite. - Bug 3513 - EPERM error logged unnecessarily for SFTP logins on Linux. - Bug 3517 - mod_quotatab decrements file tally improperly for failed DELE commands. - Bug 3518 - Support SiteMiscEngine directive, for disabling mod_site_misc functionality via proftpd.conf. - Bug 3519 - Inappropriate directory traversal allowed by mod_site_misc. - Bug 3521 - Telnet IAC processing stack overflow. 1.3.3b - Released 09-Sep-2010 -------------------------------- - Bug 3481 - Problem with SFTP directory listings. - Bug 3483 - NULL pointer dereference handling SITE command in mod_quotatab. - Bug 3485 - Disabling IPv6 via -4 or --ipv4 command-line options does not work. - Bug 3487 - Null pointer dereference with EPRT/EPSV/PASV/PORT command during data transfer. - Bug 3482 - ProFTPD corrupts utmpx log files on FreeBSD 9.0/HEAD. - Bug 3491 - Directory pattern not matching as expected. - Bug 3492 - Null pointer dereference during data transfer due to RNFR/RNTO. - Bug 3494 - Null pointer dereference for IPv6-enabled proftpd when no DefaultServer configured. - Bug 3501 - logins with "AuthAliasOnly on" still handled as anonymous logins. 1.3.3a - Released 01-Jul-2010 -------------------------------- - Bug 3400 - Add Japanese translation. - Bug 3401 - mod_sftp does not compile with pre-0.9.7 OpenSSL. - Bug 3402 - mod_tls does not compile with pre-0.9.7 OpenSSL due to Bug#3349. - Bug 3403 - File upload followed by MLSD leads to wrong file size entries in TransferLog. - Bug 3405 - Multiple SFTPAuthorizedUserKeys stores causes segfault on 64-bit platforms. - Bug 3354 - Renaming a file across mount points to a full disk does not fail as expected. - Bug 3408 - Use instead of where possible. - Bug 3412 - Include files not included after restart due to permissions. - Bug 3409 - Build failure on newer FreeBSD due to utmp/utmpx system changes. - Bug 3417 - Unsafe use of pointer when scanning config for ScoreboardFile. - Bug 3418 - %U sometimes showing up as "(none)" in ExtendedLog. - Bug 3421 - RewriteHome does not work properly for SFTP connections. - Bug 3419 - SSL_shutdown() errors with openssl-0.9.8m. - Bug 3423 - Last line of multiline DisplayLogin file improperly handled. - Bug 3426 - mod_sftp does not log to TransferLog by default. - Bug 3425 - Improperly constructed destination paths for SCP uploads. - Bug 3427 - mod_sftp does not handle recursive SCP uploads properly. - Bug 3432 - ExecBeforeCommand does not interpolate the %F/%f variables properly. - Bug 3434 - TraceLog contains messages even with "Trace DEFAULT:0" configured. - Bug 3435 - Encoding/decoding conversion can cause CPU spike. - Bug 3436 - Support build-time option to disable use of nonblocking open of log files. Use --disable-nonblocking-log-open to get the pre-1.3.3 behavior of opening log files. - Bug 3437 - UseImplicitSSL TLSOption causes PBSZ/PROT commands to fail. - Bug 3439 - Encoding fails if an NLS-enabled proftpd starts in a UTF8 locale. - Bug 3446 - .ftpaccess ignored in some cases. - Bug 3447 - mod_sftp can become confused during large recursive SCP uploads. - Bug 3448 - Ensure that STAT/LSTAT/FSTAT SFTP requests do not use cached/stale data. - Bug 3449 - mod_sftp does not properly handle the O_TRUNC flag in a SFTP OPEN request. - Bug 3450 - mod_sftp does not properly handle the O_APPEND flag in a SFTP OPEN request. - Bug 3451 - WinSCP can't upload files using protocol version 5 with mod_sftp. - Bug 3452 - mod_sftp does not advertise its supported SFTP extensions for protocol version 5. - Bug 3454 - msgfmt(1) options used for generating NLS files are not compatible with Solaris' msgfmt. - Bug 3456 - Problem attempting to recursively download a directory via SCP. - Bug 3458 - mod_sftp incorrectly performs OpenSSL cleanup. - Bug 3459 - mod_radius segfaults during incorrect login due to stale data. - Bug 3460 - REALPATH SFTP request can cause improperly cached directory configuration. - Bug 3462 - ftpasswd script's --delete-user option does not work. - Bug 3463 - ftpasswd script's --delete-group option does not work. - Bug 3465 - SIGSEGV at LIST after CCC. - Bug 3470 - Deferred resolution paths not handled properly by mod_sftp. - Bug 3469 - ExtendedLog's %f variable not properly expanded for DELE if path begins with tilde ('~'). - Bug 3467 - mod_ifsession does not merge blocks properly. - Bug 3471 - Null values in allow/deny rules causes mod_wrap2 to segfault. - Bug 3472 - mod_sftp publickey authentication fails for large keys. - Bug 3424 - Bad LDAP lookup can cause mod_ldap segfault under some conditions. - Bug 3476 - LIST/NLST of path starting with "-" fails. - Bug 3475 - Add new 'noGetgrouplist' AuthUnixOption to work around buggy libc code. - Bug 3474 - Using SQLite database and SQLLog directive can lead to problems under load. @ text @$NetBSD: patch-ae,v 1.7 2008/12/28 08:42:01 kim Exp $ Old versions of msgfmt don't know about --check-format. --- locale/Makefile.in.orig 2008-11-19 05:51:38.000000000 +0200 +++ locale/Makefile.in 2008-12-26 12:27:18.000000000 +0200 @@@@ -26,7 +26,7 @@@@ # gettext utilities. Note that this assumes gettext is installed and # available on the system. MSGCMP=msgcmp -MSGFMT=msgfmt --check-format +MSGFMT=msgfmt MSGINIT=msginit XGETTEXT=xgettext @ 1.7 log @Fix the "pam" option to leave out PAM when it is not wanted. Add an "inet6" option for enabling IPv6 support. Add a "ban" option for enabling mod_ban. Make the "wrap" option compile all binaries successfully. Fix generating language catalog with older versions of msgfmt. @ text @d1 1 a1 1 $NetBSD$ @ 1.7.16.1 log @Pullup ticket 3269 - requested by obache security update Revisions pulled up: - pkgsrc/net/proftpd/Makefile 1.59 - pkgsrc/net/proftpd/PLIST 1.22 - pkgsrc/net/proftpd/distinfo 1.34 - pkgsrc/net/proftpd/options.mk 1.9 - pkgsrc/net/proftpd/patches/patch-aa 1.13 - pkgsrc/net/proftpd/patches/patch-ac 1.13 - pkgsrc/net/proftpd/patches/patch-ab 1.12 Files deleted: pkgsrc/net/proftpd/patches/patch-ae ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: obache Date: Sun Nov 7 12:21:10 UTC 2010 Modified Files: pkgsrc/net/proftpd: Makefile PLIST distinfo options.mk pkgsrc/net/proftpd/patches: patch-aa patch-ab patch-ac Removed Files: pkgsrc/net/proftpd/patches: patch-ae Log Message: Update proftpd to 1.3.3c. pksrc changes: * Instead of patch&subst to change layout of statedir, pass it to configure instead (and subst for manpages are fixed). * Convert custom mod_wrap library modification to SUBST. * Need to buildlink with security/tcp_wappers for mod_wrap. NEWS: 1.3.3c - Released 29-Oct-2010 -------------------------------- - Bug 3511 - SQLAuthType Backend not properly rejected by mod_sql_sqlite. - Bug 3513 - EPERM error logged unnecessarily for SFTP logins on Linux. - Bug 3517 - mod_quotatab decrements file tally improperly for failed DELE commands. - Bug 3518 - Support SiteMiscEngine directive, for disabling mod_site_misc functionality via proftpd.conf. - Bug 3519 - Inappropriate directory traversal allowed by mod_site_misc. - Bug 3521 - Telnet IAC processing stack overflow. 1.3.3b - Released 09-Sep-2010 -------------------------------- - Bug 3481 - Problem with SFTP directory listings. - Bug 3483 - NULL pointer dereference handling SITE command in mod_quotatab. - Bug 3485 - Disabling IPv6 via -4 or --ipv4 command-line options does not work. - Bug 3487 - Null pointer dereference with EPRT/EPSV/PASV/PORT command during data transfer. - Bug 3482 - ProFTPD corrupts utmpx log files on FreeBSD 9.0/HEAD. - Bug 3491 - Directory pattern not matching as expected. - Bug 3492 - Null pointer dereference during data transfer due to RNFR/RNTO. - Bug 3494 - Null pointer dereference for IPv6-enabled proftpd when no DefaultServer configured. - Bug 3501 - logins with "AuthAliasOnly on" still handled as anonymous logins. 1.3.3a - Released 01-Jul-2010 -------------------------------- - Bug 3400 - Add Japanese translation. - Bug 3401 - mod_sftp does not compile with pre-0.9.7 OpenSSL. - Bug 3402 - mod_tls does not compile with pre-0.9.7 OpenSSL due to Bug#3349. - Bug 3403 - File upload followed by MLSD leads to wrong file size entries in TransferLog. - Bug 3405 - Multiple SFTPAuthorizedUserKeys stores causes segfault on 64-bit platforms. - Bug 3354 - Renaming a file across mount points to a full disk does not fail as expected. - Bug 3408 - Use instead of where possible. - Bug 3412 - Include files not included after restart due to permissions. - Bug 3409 - Build failure on newer FreeBSD due to utmp/utmpx system changes. - Bug 3417 - Unsafe use of pointer when scanning config for ScoreboardFile. - Bug 3418 - %U sometimes showing up as "(none)" in ExtendedLog. - Bug 3421 - RewriteHome does not work properly for SFTP connections. - Bug 3419 - SSL_shutdown() errors with openssl-0.9.8m. - Bug 3423 - Last line of multiline DisplayLogin file improperly handled. - Bug 3426 - mod_sftp does not log to TransferLog by default. - Bug 3425 - Improperly constructed destination paths for SCP uploads. - Bug 3427 - mod_sftp does not handle recursive SCP uploads properly. - Bug 3432 - ExecBeforeCommand does not interpolate the %F/%f variables properly. - Bug 3434 - TraceLog contains messages even with "Trace DEFAULT:0" configured. - Bug 3435 - Encoding/decoding conversion can cause CPU spike. - Bug 3436 - Support build-time option to disable use of nonblocking open of log files. Use --disable-nonblocking-log-open to get the pre-1.3.3 behavior of opening log files. - Bug 3437 - UseImplicitSSL TLSOption causes PBSZ/PROT commands to fail. - Bug 3439 - Encoding fails if an NLS-enabled proftpd starts in a UTF8 locale. - Bug 3446 - .ftpaccess ignored in some cases. - Bug 3447 - mod_sftp can become confused during large recursive SCP uploads. - Bug 3448 - Ensure that STAT/LSTAT/FSTAT SFTP requests do not use cached/stale data. - Bug 3449 - mod_sftp does not properly handle the O_TRUNC flag in a SFTP OPEN request. - Bug 3450 - mod_sftp does not properly handle the O_APPEND flag in a SFTP OPEN request. - Bug 3451 - WinSCP can't upload files using protocol version 5 with mod_sftp. - Bug 3452 - mod_sftp does not advertise its supported SFTP extensions for protocol version 5. - Bug 3454 - msgfmt(1) options used for generating NLS files are not compatible with Solaris' msgfmt. - Bug 3456 - Problem attempting to recursively download a directory via SCP. - Bug 3458 - mod_sftp incorrectly performs OpenSSL cleanup. - Bug 3459 - mod_radius segfaults during incorrect login due to stale data. - Bug 3460 - REALPATH SFTP request can cause improperly cached directory configuration. - Bug 3462 - ftpasswd script's --delete-user option does not work. - Bug 3463 - ftpasswd script's --delete-group option does not work. - Bug 3465 - SIGSEGV at LIST after CCC. - Bug 3470 - Deferred resolution paths not handled properly by mod_sftp. - Bug 3469 - ExtendedLog's %f variable not properly expanded for DELE if path begins with tilde ('~'). - Bug 3467 - mod_ifsession does not merge blocks properly. - Bug 3471 - Null values in allow/deny rules causes mod_wrap2 to segfault. - Bug 3472 - mod_sftp publickey authentication fails for large keys. - Bug 3424 - Bad LDAP lookup can cause mod_ldap segfault under some conditions. - Bug 3476 - LIST/NLST of path starting with "-" fails. - Bug 3475 - Add new 'noGetgrouplist' AuthUnixOption to work around buggy libc code. - Bug 3474 - Using SQLite database and SQLLog directive can lead to problems under load. To generate a diff of this commit: cvs rdiff -u -r1.58 -r1.59 pkgsrc/net/proftpd/Makefile cvs rdiff -u -r1.21 -r1.22 pkgsrc/net/proftpd/PLIST cvs rdiff -u -r1.33 -r1.34 pkgsrc/net/proftpd/distinfo cvs rdiff -u -r1.8 -r1.9 pkgsrc/net/proftpd/options.mk cvs rdiff -u -r1.12 -r1.13 pkgsrc/net/proftpd/patches/patch-aa \ pkgsrc/net/proftpd/patches/patch-ac cvs rdiff -u -r1.11 -r1.12 pkgsrc/net/proftpd/patches/patch-ab cvs rdiff -u -r1.7 -r0 pkgsrc/net/proftpd/patches/patch-ae @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.7 2008/12/28 08:42:01 kim Exp $ @ 1.6 log @Updated net/proftpd to 1.3.2rc3 * Bug fixes @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.5 2008/10/03 06:52:03 martti Exp $ d3 1 a3 1 http://bugs.proftpd.org/show_bug.cgi?id=3115 d5 10 a14 17 Index: src/netio.c =================================================================== RCS file: /cvsroot/proftp/proftpd/src/netio.c,v retrieving revision 1.33 diff -u -r1.33 netio.c --- src/netio.c 3 Apr 2008 03:14:31 -0000 1.33 +++ src/netio.c 20 Sep 2008 20:10:49 -0000 @@@@ -1,6 +1,6 @@@@ /* * ProFTPD - FTP server daemon - * Copyright (c) 2001-2007 The ProFTPD Project team + * Copyright (c) 2001-2008 The ProFTPD Project team * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@@@ -30,19 +30,19 @@@@ #include a15 95 #ifndef IAC -#define IAC 255 +# define IAC 255 #endif #ifndef DONT -#define DONT 254 +# define DONT 254 #endif #ifndef DO -#define DO 253 +# define DO 253 #endif #ifndef WONT -#define WONT 252 +# define WONT 252 #endif #ifndef WILL -#define WILL 251 +# define WILL 251 #endif static const char *trace_channel = "netio"; @@@@ -51,6 +51,17 @@@@ static pr_netio_t *core_data_netio = NULL, *data_netio = NULL; static pr_netio_t *core_othr_netio = NULL, *othr_netio = NULL; +/* Used to track whether the previous text read from the client's control + * connection was a properly-terminated command. If so, then read in the + * next/current text as per normal. If NOT (e.g. the client sent a too-long + * command), then read in the next/current text, but ignore it. Only clear + * this flag if the next/current command can be read as per normal. + * + * The pr_netio_telnet_gets() uses this variable, in conjunction with its + * saw_newline flag, for handling too-long commands from clients. + */ +static int properly_terminated_prev_command = TRUE; + static pr_netio_stream_t *netio_stream_alloc(pool *parent_pool) { pool *netio_pool = NULL; pr_netio_stream_t *nstrm = NULL; @@@@ -950,7 +961,7 @@@@ char *bp = buf; unsigned char cp; static unsigned char mode = 0; - int toread, handle_iac = TRUE; + int toread, handle_iac = TRUE, saw_newline = FALSE; pr_buffer_t *pbuf = NULL; if (buflen == 0) { @@@@ -983,8 +994,9 @@@@ *bp = '\0'; return buf; - } else + } else { return NULL; + } } pbuf->remaining = pbuf->buflen - toread; @@@@ -1049,6 +1061,8 @@@@ toread--; *bp++ = *pbuf->current++; pbuf->remaining++; + + saw_newline = TRUE; break; } @@@@ -1056,6 +1070,25 @@@@ pbuf->current = NULL; } + if (!saw_newline) { + /* If we haven't seen a newline, then assume the client is deliberately + * sending a too-long command, trying to exploit buffer sizes and make + * the server make some possibly bad assumptions. + */ + + properly_terminated_prev_command = FALSE; + errno = E2BIG; + return NULL; + } + + if (!properly_terminated_prev_command) { + properly_terminated_prev_command = TRUE; + pr_log_pri(PR_LOG_NOTICE, "client sent too-long command, ignoring"); + errno = E2BIG; + return NULL; + } + + properly_terminated_prev_command = TRUE; *bp = '\0'; return buf; } @ 1.5 log @Updated net/proftpd to 1.3.2rc2 Fix for http://bugs.proftpd.org/show_bug.cgi?id=3115 @ text @d1 1 a1 1 $NetBSD$ @ 1.4 log @Updated net/proftpd to 1.3.1rc3 Hello, ProFTPD community. The ProFTPD Project team is pleased to announce that the third release candidate for ProFTPD 1.3.1 is now available for public consumption. The 1.3.1rc3 release includes a number of minor bugfixes, including segfaults when handling the NLST command, dealing assigning IPv6 addresses for the EPSV command, and better handling of Display files in chrooted sessions. Please read the included NEWS and ChangeLog files for the full details. @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.3 2007/06/26 23:25:56 lkundrak Exp $ d3 1 a3 1 Part of fix for CVE-2007-2165 grabbed from upstream #2922. d5 17 a21 5 --- modules/mod_core.c.orig 2007-06-27 01:13:50.000000000 +0200 +++ modules/mod_core.c @@@@ -4444,6 +4444,8 @@@@ static int core_sess_init(void) { config_rec *c = NULL; unsigned int *debug_level = NULL; d23 90 a112 1 + init_auth(); d114 4 a117 3 /* Check for a server-specific TimeoutIdle. */ c = find_config(main_server->conf, CONF_PARAM, "TimeoutIdle", FALSE); if (c != NULL) @ 1.3 log @Fix for a CVE-2007-2165 security issue grabbed from upstream #2922. @ text @d1 1 a1 1 $NetBSD$ @ 1.3.2.1 log @Pullup ticket 2139 - requested by martti bugfix update for proftpd - pkgsrc/net/proftpd/Makefile 1.42 - pkgsrc/net/proftpd/PLIST 1.13 - pkgsrc/net/proftpd/distinfo 1.24 - pkgsrc/net/proftpd/patches/patch-ab 1.7 - pkgsrc/net/proftpd/patches/patch-ac 1.9 - pkgsrc/net/proftpd/patches/patch-ad removed - pkgsrc/net/proftpd/patches/patch-ae removed - pkgsrc/net/proftpd/patches/patch-af removed Module Name: pkgsrc Committed By: martti Date: Fri Jul 6 11:04:41 UTC 2007 Modified Files: pkgsrc/net/proftpd: Makefile PLIST distinfo pkgsrc/net/proftpd/patches: patch-ab patch-ac Removed Files: pkgsrc/net/proftpd/patches: patch-ad patch-ae patch-af Log Message: Updated net/proftpd to 1.3.1rc3 Hello, ProFTPD community. The ProFTPD Project team is pleased to announce that the third release candidate for ProFTPD 1.3.1 is now available for public consumption. The 1.3.1rc3 release includes a number of minor bugfixes, including segfaults when handling the NLST command, dealing assigning IPv6 addresses for the EPSV command, and better handling of Display files in chrooted sessions. Please read the included NEWS and ChangeLog files for the full details. @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.3 2007/06/26 23:25:56 lkundrak Exp $ @ 1.2 log @Updated proftpd to 1.3.0rc3 A lot of changes and bug fixes, including fix for the following security problem: http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02 @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.1 2005/08/06 11:51:18 adrianp Exp $ d3 13 a15 38 --- contrib/mod_sql.c.orig 2004-08-03 01:44:31.000000000 +0100 +++ contrib/mod_sql.c @@@@ -2036,7 +2036,7 @@@@ MODRET info_master(cmd_rec *cmd) { *outsp++ = 0; /* add the response */ - pr_response_add( c->argv[0], outs); + pr_response_add(c->argv[0], "%s", outs); } while((c = find_config_next(c, c->next, CONF_PARAM, name, FALSE)) != NULL); @@@@ -2110,7 +2110,7 @@@@ MODRET info_master(cmd_rec *cmd) { *outsp++ = 0; /* add the response */ - pr_response_add( c->argv[0], outs); + pr_response_add(c->argv[0], "%s", outs); } while((c = find_config_next(c, c->next, CONF_PARAM, name, FALSE)) != NULL); @@@@ -2201,7 +2201,7 @@@@ MODRET errinfo_master(cmd_rec *cmd) { *outsp++ = 0; /* add the response */ - pr_response_add_err( c->argv[0], outs); + pr_response_add_err(c->argv[0], "%s", outs); } while((c = find_config_next(c, c->next, CONF_PARAM, name, FALSE)) != NULL); @@@@ -2275,7 +2275,7 @@@@ MODRET errinfo_master(cmd_rec *cmd) { *outsp++ = 0; /* add the response */ - pr_response_add( c->argv[0], outs); + pr_response_add(c->argv[0], "%s", outs); } while((c = find_config_next(c, c->next, CONF_PARAM, name, FALSE)) != NULL); @ 1.2.12.1 log @Pullup ticket 2124 - requested by lkundrak security fix for proftpd - pkgsrc/net/proftpd/Makefile 1.41 - pkgsrc/net/proftpd/distinfo 1.23 - pkgsrc/net/proftpd/patches/patch-ad 1.3 - pkgsrc/net/proftpd/patches/patch-ae 1.3 - pkgsrc/net/proftpd/patches/patch-af 1.1 Module Name: pkgsrc Committed By: lkundrak Date: Tue Jun 26 23:25:57 UTC 2007 Modified Files: pkgsrc/net/proftpd: Makefile distinfo Added Files: pkgsrc/net/proftpd/patches: patch-ad patch-ae patch-af Log Message: Fix for a CVE-2007-2165 security issue grabbed from upstream #2922. @ text @d1 1 a1 1 $NetBSD$ d3 38 a40 13 Part of fix for CVE-2007-2165 grabbed from upstream #2922. --- modules/mod_core.c.orig 2007-06-27 01:13:50.000000000 +0200 +++ modules/mod_core.c @@@@ -4444,6 +4444,8 @@@@ static int core_sess_init(void) { config_rec *c = NULL; unsigned int *debug_level = NULL; + init_auth(); + /* Check for a server-specific TimeoutIdle. */ c = find_config(main_server->conf, CONF_PARAM, "TimeoutIdle", FALSE); if (c != NULL) @ 1.1 log @Patches to address recent security issue via Gentoo: http://secunia.com/advisories/16181/ @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-ae was added on branch pkgsrc-2005Q2 on 2005-08-06 11:51:18 +0000 @ text @d1 40 @ 1.1.2.2 log @Pullup ticket 662 - requested by Adrian Portelli update and security fixes for proftpd Revisions pulled up: - pkgsrc/net/proftpd/Makefile 1.22, 1.23, 1.24 - pkgsrc/net/proftpd/PLIST 1.9 - pkgsrc/net/proftpd/distinfo 1.10, 1.11, 1.12, 1.13 - pkgsrc/net/proftpd/options.mk 1.1 - pkgsrc/net/proftpd/files/proftpd.sh 1.2 - pkgsrc/net/proftpd/patches/patch-ab 1.1 - pkgsrc/net/proftpd/patches/patch-ac 1.1, 1.2 - pkgsrc/net/proftpd/patches/patch-ad 1.1 - pkgsrc/net/proftpd/patches/patch-ae 1.1 Module Name: pkgsrc Committed By: salo Date: Wed Jun 22 22:43:37 UTC 2005 Modified Files: pkgsrc/net/proftpd: Makefile PLIST distinfo pkgsrc/net/proftpd/files: proftpd.sh Added Files: pkgsrc/net/proftpd: options.mk pkgsrc/net/proftpd/patches: patch-ab Log Message: PKGREVISION++ - split PKG_OPTIONS to options.mk file - fix issue with state directory in (typically) /var/run, noted by Justin Newcomer on tech-pkg@@ - delint --- Module Name: pkgsrc Committed By: christos Date: Thu Jun 23 04:49:27 UTC 2005 Modified Files: pkgsrc/net/proftpd: Makefile distinfo Added Files: pkgsrc/net/proftpd/patches: patch-ac Log Message: Make it log in wtmpx properly. XXX: someone should fix the array has type char issues. --- Module Name: pkgsrc Committed By: christos Date: Sun Jul 10 19:57:07 UTC 2005 Modified Files: pkgsrc/net/proftpd: distinfo pkgsrc/net/proftpd/patches: patch-ac Log Message: Simplify (and correct) the previous ut_ss filling code. --- Module Name: pkgsrc Committed By: adrianp Date: Sat Aug 6 11:51:18 UTC 2005 Modified Files: pkgsrc/net/proftpd: Makefile Added Files: pkgsrc/net/proftpd/patches: patch-ad patch-ae Log Message: Patches to address recent security issue via Gentoo: http://secunia.com/advisories/16181/ --- Module Name: pkgsrc Committed By: adrianp Date: Sat Aug 6 12:29:25 UTC 2005 Modified Files: pkgsrc/net/proftpd: distinfo Log Message: Add missing patch from last update - ride the previous bump @ text @a0 40 $NetBSD: patch-ae,v 1.1.2.1 2005/08/06 22:17:34 salo Exp $ --- contrib/mod_sql.c.orig 2004-08-03 01:44:31.000000000 +0100 +++ contrib/mod_sql.c @@@@ -2036,7 +2036,7 @@@@ MODRET info_master(cmd_rec *cmd) { *outsp++ = 0; /* add the response */ - pr_response_add( c->argv[0], outs); + pr_response_add(c->argv[0], "%s", outs); } while((c = find_config_next(c, c->next, CONF_PARAM, name, FALSE)) != NULL); @@@@ -2110,7 +2110,7 @@@@ MODRET info_master(cmd_rec *cmd) { *outsp++ = 0; /* add the response */ - pr_response_add( c->argv[0], outs); + pr_response_add(c->argv[0], "%s", outs); } while((c = find_config_next(c, c->next, CONF_PARAM, name, FALSE)) != NULL); @@@@ -2201,7 +2201,7 @@@@ MODRET errinfo_master(cmd_rec *cmd) { *outsp++ = 0; /* add the response */ - pr_response_add_err( c->argv[0], outs); + pr_response_add_err(c->argv[0], "%s", outs); } while((c = find_config_next(c, c->next, CONF_PARAM, name, FALSE)) != NULL); @@@@ -2275,7 +2275,7 @@@@ MODRET errinfo_master(cmd_rec *cmd) { *outsp++ = 0; /* add the response */ - pr_response_add( c->argv[0], outs); + pr_response_add(c->argv[0], "%s", outs); } while((c = find_config_next(c, c->next, CONF_PARAM, name, FALSE)) != NULL); @