[svn] r5597 - in trunk/rpms: proftpd taskjuggler
packagers at lists.rpmforge.net
packagers at lists.rpmforge.net
Tue Jul 10 22:24:21 CEST 2007
Author: dries
Date: 2007-07-10 22:24:19 +0200 (Tue, 10 Jul 2007)
New Revision: 5597
Added:
trunk/rpms/proftpd/proftpd-1.3.0-CVE-2007-2165-pam_fixes.patch
trunk/rpms/proftpd/proftpd-1.3.0-CVE-2007-2165.patch
Modified:
trunk/rpms/proftpd/proftpd.spec
trunk/rpms/taskjuggler/taskjuggler.spec
Log:
taskjuggler update, proftpd security fix added
Added: trunk/rpms/proftpd/proftpd-1.3.0-CVE-2007-2165-pam_fixes.patch
===================================================================
--- trunk/rpms/proftpd/proftpd-1.3.0-CVE-2007-2165-pam_fixes.patch (rev 0)
+++ trunk/rpms/proftpd/proftpd-1.3.0-CVE-2007-2165-pam_fixes.patch 2007-07-10 20:24:19 UTC (rev 5597)
@@ -0,0 +1,68 @@
+--- src/auth.c.cve-2007-2165-fix_pam 2007-06-20 12:49:02.000000000 -0600
++++ src/auth.c 2007-06-20 12:50:50.000000000 -0600
+@@ -429,6 +429,32 @@ int pr_auth_authenticate(pool *p, const
+
+ cmd = make_cmd(p, 2, name, pw);
+
++ /* First, check for the mod_auth_pam.c module.
++ *
++ * PAM is a bit of hack in this Auth API, because PAM only provides
++ * yes/no checks, and is not a source of user information.
++ */
++ m = pr_module_get("mod_auth_pam.c");
++ if (m) {
++ pr_log_debug(DEBUG4,
++ "using module 'mod_auth_pam.c' to authenticate user '%s'", name);
++
++ mr = dispatch_auth(cmd, "auth", &m);
++
++ if (MODRET_ISHANDLED(mr)) {
++ res = MODRET_HASDATA(mr) ? PR_AUTH_RFC2228_OK : PR_AUTH_OK;
++
++ if (cmd->tmp_pool) {
++ destroy_pool(cmd->tmp_pool);
++ cmd->tmp_pool = NULL;
++ }
++
++ return res;
++ }
++
++ m = NULL;
++ }
++
+ if (auth_tab) {
+
+ /* Fetch the specific module to be used for authenticating this user. */
+@@ -466,6 +492,32 @@ int pr_auth_check(pool *p, const char *c
+
+ cmd = make_cmd(p, 3, cpw, name, pw);
+
++ /* First, check for the mod_auth_pam.c module.
++ *
++ * PAM is a bit of hack in this Auth API, because PAM only provides
++ * yes/no checks, and is not a source of user information.
++ */
++ m = pr_module_get("mod_auth_pam.c");
++ if (m) {
++ pr_log_debug(DEBUG4,
++ "using module 'mod_auth_pam.c' to authenticate user '%s'", name);
++
++ mr = dispatch_auth(cmd, "check", &m);
++
++ if (MODRET_ISHANDLED(mr)) {
++ res = MODRET_HASDATA(mr) ? PR_AUTH_RFC2228_OK : PR_AUTH_OK;
++
++ if (cmd->tmp_pool) {
++ destroy_pool(cmd->tmp_pool);
++ cmd->tmp_pool = NULL;
++ }
++
++ return res;
++ }
++
++ m = NULL;
++ }
++
+ if (auth_tab) {
+
+ /* Fetch the specific module to be used for authenticating this user. */
Added: trunk/rpms/proftpd/proftpd-1.3.0-CVE-2007-2165.patch
===================================================================
--- trunk/rpms/proftpd/proftpd-1.3.0-CVE-2007-2165.patch (rev 0)
+++ trunk/rpms/proftpd/proftpd-1.3.0-CVE-2007-2165.patch 2007-07-10 20:24:19 UTC (rev 5597)
@@ -0,0 +1,373 @@
+diff --git a/include/auth.h b/include/auth.h
+index 9319d70..aff2dcb 100644
+--- a/include/auth.h
++++ b/include/auth.h
+@@ -1,6 +1,6 @@
+ /*
+ * ProFTPD - FTP server daemon
+- * Copyright (c) 2004-2005 The ProFTPD Project team
++ * Copyright (c) 2004-2007 The ProFTPD Project team
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+@@ -86,6 +86,7 @@ int pr_auth_requires_pass(pool *, const char *);
+ config_rec *pr_auth_get_anon_config(pool *p, char **, char **, char **);
+
+ /* For internal use only. */
++int init_auth(void);
+ int set_groups(pool *, gid_t, array_header *);
+
+ #endif /* PR_MODULES_H */
+diff --git a/modules/mod_core.c b/modules/mod_core.c
+index d4f0b7e..586e087 100644
+--- a/modules/mod_core.c
++++ b/modules/mod_core.c
+@@ -4356,6 +4356,8 @@ static int core_sess_init(void) {
+ config_rec *c = NULL;
+ unsigned int *debug_level = NULL;
+
++ init_auth();
++
+ /* Check for a server-specific TimeoutIdle. */
+ c = find_config(main_server->conf, CONF_PARAM, "TimeoutIdle", FALSE);
+ if (c != NULL)
+diff --git a/src/auth.c b/src/auth.c
+index 56a28c5..7537a3e 100644
+--- a/src/auth.c
++++ b/src/auth.c
+@@ -2,7 +2,7 @@
+ * ProFTPD - FTP server daemon
+ * Copyright (c) 1997, 1998 Public Flood Software
+ * Copyright (c) 1999, 2000 MacGyver aka Habeeb J. Dihu <macgyver at tos.net>
+- * Copyright (c) 2001-2005 The ProFTPD Project team
++ * Copyright (c) 2001-2007 The ProFTPD Project team
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+@@ -30,6 +30,10 @@
+
+ #include "conf.h"
+
++static pool *auth_pool = NULL;
++static pr_table_t *auth_tab = NULL;
++static const char *trace_channel = "auth";
++
+ /* The difference between this function, and pr_cmd_alloc(), is that this
+ * allocates the cmd_rec directly from the given pool, whereas pr_cmd_alloc()
+ * will allocate a subpool from the given pool, and allocate its cmd_rec
+@@ -63,7 +67,7 @@ static cmd_rec *make_cmd(pool *cp, int argc, ...) {
+ return c;
+ }
+
+-static modret_t *dispatch_auth(cmd_rec *cmd, char *match) {
++static modret_t *dispatch_auth(cmd_rec *cmd, char *match, module **m) {
+ authtable *authtab = NULL;
+ modret_t *mr = NULL;
+
+@@ -71,6 +75,10 @@ static modret_t *dispatch_auth(cmd_rec *cmd, char *match) {
+ &cmd->stash_index);
+
+ while (authtab) {
++ if (m && *m && *m != authtab->m) {
++ goto next;
++ }
++
+ pr_log_debug(DEBUG6, "dispatching auth request \"%s\" to module mod_%s",
+ match, authtab->m->name);
+
+@@ -80,9 +88,18 @@ static modret_t *dispatch_auth(cmd_rec *cmd, char *match) {
+ break;
+
+ if (MODRET_ISHANDLED(mr) ||
+- MODRET_ISERROR(mr))
++ MODRET_ISERROR(mr)) {
++ /* Return a pointer, if requested, to the module which answered the
++ * auth request. This is used, for example, by auth_getpwnam() for
++ * associating the answering auth module with the data looked up.
++ */
++ if (m)
++ *m = authtab->m;
++
+ break;
++ }
+
++ next:
+ authtab = pr_stash_get_symbol(PR_SYM_AUTH, match, authtab,
+ &cmd->stash_index);
+ }
+@@ -95,7 +112,7 @@ void pr_auth_setpwent(pool *p) {
+ modret_t *mr = NULL;
+
+ cmd = make_cmd(p, 0);
+- mr = dispatch_auth(cmd, "setpwent");
++ mr = dispatch_auth(cmd, "setpwent", NULL);
+
+ if (cmd->tmp_pool) {
+ destroy_pool(cmd->tmp_pool);
+@@ -110,13 +127,20 @@ void pr_auth_endpwent(pool *p) {
+ modret_t *mr = NULL;
+
+ cmd = make_cmd(p, 0);
+- mr = dispatch_auth(cmd, "endpwent");
++ mr = dispatch_auth(cmd, "endpwent", NULL);
+
+ if (cmd->tmp_pool) {
+ destroy_pool(cmd->tmp_pool);
+ cmd->tmp_pool = NULL;
+ }
+
++ if (auth_tab) {
++ pr_log_debug(DEBUG5, "emptying authcache");
++ (void) pr_table_empty(auth_tab);
++ (void) pr_table_free(auth_tab);
++ auth_tab = NULL;
++ }
++
+ return;
+ }
+
+@@ -125,7 +149,7 @@ void pr_auth_setgrent(pool *p) {
+ modret_t *mr = NULL;
+
+ cmd = make_cmd(p, 0);
+- mr = dispatch_auth(cmd, "setgrent");
++ mr = dispatch_auth(cmd, "setgrent", NULL);
+
+ if (cmd->tmp_pool) {
+ destroy_pool(cmd->tmp_pool);
+@@ -140,7 +164,7 @@ void pr_auth_endgrent(pool *p) {
+ modret_t *mr = NULL;
+
+ cmd = make_cmd(p, 0);
+- mr = dispatch_auth(cmd, "endgrent");
++ mr = dispatch_auth(cmd, "endgrent", NULL);
+
+ if (cmd->tmp_pool) {
+ destroy_pool(cmd->tmp_pool);
+@@ -156,7 +180,7 @@ struct passwd *pr_auth_getpwent(pool *p) {
+ struct passwd *res = NULL;
+
+ cmd = make_cmd(p, 0);
+- mr = dispatch_auth(cmd, "getpwent");
++ mr = dispatch_auth(cmd, "getpwent", NULL);
+
+ if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr))
+ res = mr->data;
+@@ -190,7 +214,7 @@ struct group *pr_auth_getgrent(pool *p) {
+ struct group *res = NULL;
+
+ cmd = make_cmd(p, 0);
+- mr = dispatch_auth(cmd, "getgrent");
++ mr = dispatch_auth(cmd, "getgrent", NULL);
+
+ if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr))
+ res = mr->data;
+@@ -217,11 +241,13 @@ struct passwd *pr_auth_getpwnam(pool *p, const char *name) {
+ cmd_rec *cmd = NULL;
+ modret_t *mr = NULL;
+ struct passwd *res = NULL;
++ module *m = NULL;
+
+ cmd = make_cmd(p, 1, name);
+- mr = dispatch_auth(cmd, "getpwnam");
++ mr = dispatch_auth(cmd, "getpwnam", &m);
+
+- if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr))
++ if (MODRET_ISHANDLED(mr) &&
++ MODRET_HASDATA(mr))
+ res = mr->data;
+
+ if (cmd->tmp_pool) {
+@@ -246,6 +272,46 @@ struct passwd *pr_auth_getpwnam(pool *p, const char *name) {
+ return NULL;
+ }
+
++ if (!auth_tab && auth_pool) {
++ auth_tab = pr_table_alloc(auth_pool, 0);
++ }
++
++ if (m && auth_tab) {
++ int count = 0;
++ void *value = NULL;
++
++ value = palloc(auth_pool, sizeof(module *));
++ *((module **) value) = m;
++
++ count = pr_table_exists(auth_tab, name);
++ if (count <= 0) {
++ if (pr_table_add(auth_tab, pstrdup(auth_pool, name), value,
++ sizeof(module *)) < 0) {
++ pr_log_debug(DEBUG3,
++ "error adding module 'mod_%s.c' for user '%s' to the authcache: %s",
++ m->name, name, strerror(errno));
++
++ } else {
++ pr_log_debug(DEBUG5,
++ "stashed module 'mod_%s.c' for user '%s' in the authcache",
++ m->name, name);
++ }
++
++ } else {
++ if (pr_table_set(auth_tab, pstrdup(auth_pool, name), value,
++ sizeof(module *)) < 0) {
++ pr_log_debug(DEBUG3,
++ "error setting module 'mod_%s.c' for user '%s' in the authcache: %s",
++ m->name, name, strerror(errno));
++
++ } else {
++ pr_log_debug(DEBUG5,
++ "stashed module 'mod_%s.c' for user '%s' in the authcache",
++ m->name, name);
++ }
++ }
++ }
++
+ pr_log_debug(DEBUG10, "retrieved UID %lu for user '%s'",
+ (unsigned long) res->pw_uid, name);
+ return res;
+@@ -257,7 +323,7 @@ struct passwd *pr_auth_getpwuid(pool *p, uid_t uid) {
+ struct passwd *res = NULL;
+
+ cmd = make_cmd(p, 1, (void *) &uid);
+- mr = dispatch_auth(cmd, "getpwuid");
++ mr = dispatch_auth(cmd, "getpwuid", NULL);
+
+ if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr))
+ res = mr->data;
+@@ -295,7 +361,7 @@ struct group *pr_auth_getgrnam(pool *p, const char *name) {
+ struct group *res = NULL;
+
+ cmd = make_cmd(p, 1, name);
+- mr = dispatch_auth(cmd, "getgrnam");
++ mr = dispatch_auth(cmd, "getgrnam", NULL);
+
+ if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr))
+ res = mr->data;
+@@ -328,7 +394,7 @@ struct group *pr_auth_getgrgid(pool *p, gid_t gid) {
+ struct group *res = NULL;
+
+ cmd = make_cmd(p, 1, (void *) &gid);
+- mr = dispatch_auth(cmd, "getgrgid");
++ mr = dispatch_auth(cmd, "getgrgid", NULL);
+
+ if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr))
+ res = mr->data;
+@@ -358,10 +424,25 @@ struct group *pr_auth_getgrgid(pool *p, gid_t gid) {
+ int pr_auth_authenticate(pool *p, const char *name, const char *pw) {
+ cmd_rec *cmd = NULL;
+ modret_t *mr = NULL;
++ module *m = NULL;
+ int res = PR_AUTH_NOPWD;
+
+ cmd = make_cmd(p, 2, name, pw);
+- mr = dispatch_auth(cmd, "auth");
++
++ if (auth_tab) {
++
++ /* Fetch the specific module to be used for authenticating this user. */
++ void *v = pr_table_get(auth_tab, name, NULL);
++ if (v) {
++ m = *((module **) v);
++
++ pr_log_debug(DEBUG4,
++ "using module 'mod_%s.c' from authcache to authenticate user '%s'",
++ m->name, name);
++ }
++ }
++
++ mr = dispatch_auth(cmd, "auth", m ? &m : NULL);
+
+ if (MODRET_ISHANDLED(mr))
+ res = MODRET_HASDATA(mr) ? PR_AUTH_RFC2228_OK : PR_AUTH_OK;
+@@ -380,10 +461,25 @@ int pr_auth_authenticate(pool *p, const char *name, const char *pw) {
+ int pr_auth_check(pool *p, const char *cpw, const char *name, const char *pw) {
+ cmd_rec *cmd = NULL;
+ modret_t *mr = NULL;
++ module *m = NULL;
+ int res = PR_AUTH_BADPWD;
+
+ cmd = make_cmd(p, 3, cpw, name, pw);
+- mr = dispatch_auth(cmd, "check");
++
++ if (auth_tab) {
++
++ /* Fetch the specific module to be used for authenticating this user. */
++ void *v = pr_table_get(auth_tab, name, NULL);
++ if (v) {
++ m = *((module **) v);
++
++ pr_log_debug(DEBUG4,
++ "using module 'mod_%s.c' from authcache to authenticate user '%s'",
++ m->name, name);
++ }
++ }
++
++ mr = dispatch_auth(cmd, "check", m ? &m : NULL);
+
+ if (MODRET_ISHANDLED(mr))
+ res = MODRET_HASDATA(mr) ? PR_AUTH_RFC2228_OK : PR_AUTH_OK;
+@@ -402,7 +498,7 @@ int pr_auth_requires_pass(pool *p, const char *name) {
+ int res = TRUE;
+
+ cmd = make_cmd(p, 1, name);
+- mr = dispatch_auth(cmd, "requires_pass");
++ mr = dispatch_auth(cmd, "requires_pass", NULL);
+
+ if (MODRET_ISHANDLED(mr))
+ res = FALSE;
+@@ -427,7 +523,7 @@ const char *pr_auth_uid2name(pool *p, uid_t uid) {
+ memset(namebuf, '\0', sizeof(namebuf));
+
+ cmd = make_cmd(p, 1, (void *) &uid);
+- mr = dispatch_auth(cmd, "uid2name");
++ mr = dispatch_auth(cmd, "uid2name", NULL);
+
+ if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr)) {
+ res = mr->data;
+@@ -452,7 +548,7 @@ const char *pr_auth_gid2name(pool *p, gid_t gid) {
+ memset(namebuf, '\0', sizeof(namebuf));
+
+ cmd = make_cmd(p, 1, (void *) &gid);
+- mr = dispatch_auth(cmd, "gid2name");
++ mr = dispatch_auth(cmd, "gid2name", NULL);
+
+ if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr)) {
+ res = mr->data;
+@@ -474,7 +570,7 @@ uid_t pr_auth_name2uid(pool *p, const char *name) {
+ uid_t res = (uid_t) -1;
+
+ cmd = make_cmd(p, 1, name);
+- mr = dispatch_auth(cmd, "name2uid");
++ mr = dispatch_auth(cmd, "name2uid", NULL);
+
+ if (MODRET_ISHANDLED(mr))
+ res = *((uid_t *) mr->data);
+@@ -495,7 +591,7 @@ gid_t pr_auth_name2gid(pool *p, const char *name) {
+ gid_t res = (gid_t) -1;
+
+ cmd = make_cmd(p, 1, name);
+- mr = dispatch_auth(cmd, "name2gid");
++ mr = dispatch_auth(cmd, "name2gid", NULL);
+
+ if (MODRET_ISHANDLED(mr))
+ res = *((gid_t *) mr->data);
+@@ -527,7 +623,7 @@ int pr_auth_getgroups(pool *p, const char *name, array_header **group_ids,
+ cmd = make_cmd(p, 3, name, group_ids ? *group_ids : NULL,
+ group_names ? *group_names : NULL);
+
+- mr = dispatch_auth(cmd, "getgroups");
++ mr = dispatch_auth(cmd, "getgroups", NULL);
+
+ if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr)) {
+ res = *((int *) mr->data);
+@@ -821,3 +917,10 @@ int set_groups(pool *p, gid_t primary_gid, array_header *suppl_gids) {
+ return res;
+ }
+
++/* Internal use only. To be called in the session process. */
++int init_auth(void) {
++ auth_pool = make_sub_pool(permanent_pool);
++ pr_pool_tag(auth_pool, "Auth API");
++
++ return 0;
++}
Modified: trunk/rpms/proftpd/proftpd.spec
===================================================================
--- trunk/rpms/proftpd/proftpd.spec 2007-07-10 14:44:23 UTC (rev 5596)
+++ trunk/rpms/proftpd/proftpd.spec 2007-07-10 20:24:19 UTC (rev 5597)
@@ -4,7 +4,7 @@
Summary: Flexible, stable and highly-configurable FTP server
Name: proftpd
Version: 1.3.0a
-Release: 3
+Release: 4
License: GPL
Group: System Environment/Daemons
URL: http://www.proftpd.org/
@@ -30,6 +30,11 @@
BuildRequires: openldap-devel, mysql-devel, zlib-devel, postgresql-devel
Provides: ftpserver
+# Taken from ftp://carroll.cac.psu.edu/pub/linux/distributions/mandrivalinux/official/updates/2007.0/SRPMS/main/updates/proftpd-1.3.0-4.5mdv2007.0.src.rpm
+# http://www.mandriva.com/security/advisories?name=MDKSA-2007:130
+Patch100: proftpd-1.3.0-CVE-2007-2165.patch
+Patch101: proftpd-1.3.0-CVE-2007-2165-pam_fixes.patch
+
%description
ProFTPD is an enhanced FTP server with a focus toward simplicity, security,
and ease of configuration. It features a very Apache-like configuration
@@ -76,6 +81,8 @@
%patch3 -p0 -b .mod_tls
%patch4 -p0 -b .ctrls-bug2867
+%patch100 -p1 -b .CVE-2007-2165
+%patch101 -p0 -b .CVE-2007-2165-pam_fixes
%build
# Disable stripping in order to get useful debuginfo packages
@@ -195,6 +202,9 @@
%changelog
+* Thu Jul 5 2007 Peter Bieringer <pb at bieringer.de> 1.3.0a-4
+- Migrate CVE-2007-2165 patches from Mandrake.
+
* Tue Feb 6 2007 Matthias Saou <http://freshrpms.net/> 1.3.0a-3
- Patch to fix local user buffer overflow in controls request handling, rhbz
bug #219938, proftpd bug #2867.
Modified: trunk/rpms/taskjuggler/taskjuggler.spec
===================================================================
--- trunk/rpms/taskjuggler/taskjuggler.spec 2007-07-10 14:44:23 UTC (rev 5596)
+++ trunk/rpms/taskjuggler/taskjuggler.spec 2007-07-10 20:24:19 UTC (rev 5597)
@@ -4,7 +4,7 @@
Summary: Project management tool
Name: taskjuggler
-Version: 2.3.0
+Version: 2.4.0
Release: 1
License: GPL
Group: Applications/Utilities
@@ -65,6 +65,12 @@
%{_bindir}/TaskJugglerUI
%changelog
+* Tue Jul 10 2007 Dries Verachtert <dries at ulyssis.org> - 2.4.0-1
+- Updated to release 2.4.0.
+
+* Tue Apr 17 2007 Dries Verachtert <dries at ulyssis.org> - 2.3.1-1
+- Updated to release 2.3.1.
+
* Sun Nov 12 2006 Dries Verachtert <dries at ulyssis.org> - 2.3.0-1
- Updated to release 2.3.0.
More information about the svn-commits
mailing list