[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#785047: jessie-pu: package vsftpd/3.0.2-17



Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

I have 2 patches for vsftpd 3.0.2-17+deb8u1:

- - patch for CVE-2015-1419
- - patch for Debian bug #783077

A debdiff is attached.

Thanks.

CU
Jörg

- -- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (900, 'testing'), (800, 'unstable'), (500, 'testing-updates'),
(1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/6 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVUPqxAAoJEAn4nzyModJdEp0QAJHTjE0lDWYKYSHm+mq9Q4Pe
cvgfTDb1kVIEsG35cu4LKMhogNMsM0a3pHVOGtVvR3ioKjjCZO7BQca6lp42IMZO
hIilFgtdmgyf/pnqXRmEz3zrLEq8YL5bmd2FpA5yAkVKHRhAAK9qYrECW5cXd5gY
OpEOH5quZAAuVB+yDDfbbi/tzx45Lalr0OxyHurRFrshYT3YSyKzK0f/sSCRIEwY
Ao7m71Y3/bYao035yjC29GU/ctS4Pdn3+TA1oGIqpx9umAzEMbs+0TPHlwKsZ423
n4RWcNHToMqMIkb+tvN+9QYMjtWzDGkxdu+CfRw6Bk51WGGHk4sxasrcupQoFoy5
cJirrSrJlgz7bJ1hPRe5Y+szaO8Jjacxl/raunCx4TgbR/pEtO3vc5OFMnAsp+Uv
yt3VAN/EFLLng0A4CX2fu92NPL4We7a9U1jZ0cEYUvT1JlYrjF/PLFyDOe9FJFt3
0SACRc08Cd72F1D4ELHW/jpiVvAczHMfghPqFEA0zX+XbM2Gn2ekq0o4VRtzYoxr
ocb3Dmy4kDzVmvGjK/ypbJTnPsuxAmxElY3wwozN6+W/zLU8Fzpxr90Rh4k/z4RQ
3hmOK+BWfkJFTMugOWzOYBL54E3/usU/gUc90R6XCQORNI4CsAXZghVfTqwYYALH
/zsOUCgh7QAgoIWOXHlu
=QBV+
-----END PGP SIGNATURE-----
diff -Nru vsftpd-3.0.2/debian/changelog vsftpd-3.0.2/debian/changelog
--- vsftpd-3.0.2/debian/changelog	2014-10-07 15:56:49.000000000 +0200
+++ vsftpd-3.0.2/debian/changelog	2015-05-11 20:51:26.000000000 +0200
@@ -1,3 +1,19 @@
+vsftpd (3.0.2-17+deb8u1) stable; urgency=medium
+
+  * Add patch debian/patches/0050-CVE-2015-1419.patch from 3.0.2-18:
+    - Fix config option "deny_file" not always being handled correctly
+      CVE-2015-1419 (Closes: #776922).
+  * Add patch debian/patches/0055-set_default_listen.patch from 3.0.2-19:
+    - Set the default value of tunable_listen to the same value of listen from
+      the man page vsftpd.conf (Closes: #783077).
+  * Add year 2015 to debian/copyright.
+  * debian/vsftpd.postrm:
+    - Remove systemd files and directories when purging.
+    - Replace fixed path with a POSIX-compliant shell function to check
+      the existence of a command.
+
+ -- Jörg Frings-Fürst <debian@jff-webhosting.net>  Mon, 11 May 2015 15:35:19 +0200
+
 vsftpd (3.0.2-17) unstable; urgency=medium
 
   * Add debian/patches/0035-address_space_limit.patch to increase the
diff -Nru vsftpd-3.0.2/debian/copyright vsftpd-3.0.2/debian/copyright
--- vsftpd-3.0.2/debian/copyright	2014-08-20 21:56:58.000000000 +0200
+++ vsftpd-3.0.2/debian/copyright	2015-05-11 15:47:38.000000000 +0200
@@ -10,7 +10,7 @@
 
 Files: debian/*
 Copyright: 2009-2014 Daniel Baumann <mail@daniel-baumann.ch>
-           2014      Jörg Frings-Fürst <debian@jff-webhosting.net>
+           2014-2015 Jörg Frings-Fürst <debian@jff-webhosting.net>
 License: GPL-2 with SSL exception
 
 License: GPL-2 with SSL exception
diff -Nru vsftpd-3.0.2/debian/patches/0050-CVE-2015-1419.patch vsftpd-3.0.2/debian/patches/0050-CVE-2015-1419.patch
--- vsftpd-3.0.2/debian/patches/0050-CVE-2015-1419.patch	1970-01-01 01:00:00.000000000 +0100
+++ vsftpd-3.0.2/debian/patches/0050-CVE-2015-1419.patch	2015-02-24 16:41:52.000000000 +0100
@@ -0,0 +1,104 @@
+Description: CVE-2015-1419: config option deny_file is not handled correctly
+Author: Marcus Meissner <meissner@suse.com>
+Origin: https://bugzilla.novell.com/show_bug.cgi?id=CVE-2015-1419
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776922
+Last-Update: 2015-02-24
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: trunk/ls.c
+===================================================================
+--- trunk.orig/ls.c
++++ trunk/ls.c
+@@ -7,6 +7,7 @@
+  * Would you believe, code to handle directory listing.
+  */
+ 
++#include <stdlib.h>
+ #include "ls.h"
+ #include "access.h"
+ #include "defs.h"
+@@ -243,11 +244,42 @@ vsf_filename_passes_filter(const struct
+   struct mystr temp_str = INIT_MYSTR;
+   struct mystr brace_list_str = INIT_MYSTR;
+   struct mystr new_filter_str = INIT_MYSTR;
++  struct mystr normalize_filename_str = INIT_MYSTR;
++  const char *normname;
++  const char *path;
+   int ret = 0;
+   char last_token = 0;
+   int must_match_at_current_pos = 1;
++
+   str_copy(&filter_remain_str, p_filter_str);
+-  str_copy(&name_remain_str, p_filename_str);
++
++  /* normalize filepath */
++  path = str_strdup(p_filename_str);
++  normname = realpath(path, NULL);
++  if (normname == NULL)
++     goto out;
++  str_alloc_text(&normalize_filename_str, normname);
++
++  if (!str_isempty (&filter_remain_str) && !str_isempty(&normalize_filename_str)) {
++    if (str_get_char_at(p_filter_str, 0) == '/') {
++      if (str_get_char_at(&normalize_filename_str, 0) != '/') {
++        str_getcwd (&name_remain_str);
++
++        if (str_getlen(&name_remain_str) > 1) /* cwd != root dir */
++          str_append_char (&name_remain_str, '/');
++
++        str_append_str (&name_remain_str, &normalize_filename_str);
++      }
++      else
++       str_copy (&name_remain_str, &normalize_filename_str);
++    } else {
++      if (str_get_char_at(p_filter_str, 0) != '{')
++        str_basename (&name_remain_str, &normalize_filename_str);
++      else
++        str_copy (&name_remain_str, &normalize_filename_str);
++    }
++  } else
++    str_copy(&name_remain_str, &normalize_filename_str);
+ 
+   while (!str_isempty(&filter_remain_str) && *iters < VSFTP_MATCHITERS_MAX)
+   {
+@@ -379,6 +411,9 @@ vsf_filename_passes_filter(const struct
+     ret = 0;
+   }
+ out:
++  free(normname);
++  free(path);
++  str_free(&normalize_filename_str);
+   str_free(&filter_remain_str);
+   str_free(&name_remain_str);
+   str_free(&temp_str);
+Index: trunk/str.c
+===================================================================
+--- trunk.orig/str.c
++++ trunk/str.c
+@@ -723,3 +723,14 @@ str_replace_unprintable(struct mystr* p_
+   }
+ }
+ 
++void
++str_basename (struct mystr* d_str, const struct mystr* path)
++{
++  static struct mystr tmp;
++
++  str_copy (&tmp, path);
++  str_split_char_reverse(&tmp, d_str, '/');
++
++  if (str_isempty(d_str))
++   str_copy (d_str, path);
++}
+Index: trunk/str.h
+===================================================================
+--- trunk.orig/str.h
++++ trunk/str.h
+@@ -101,6 +101,7 @@ void str_replace_unprintable(struct myst
+ int str_atoi(const struct mystr* p_str);
+ filesize_t str_a_to_filesize_t(const struct mystr* p_str);
+ unsigned int str_octal_to_uint(const struct mystr* p_str);
++void str_basename (struct mystr* d_str, const struct mystr* path);
+ 
+ /* PURPOSE: Extract a line of text (delimited by \n or EOF) from a string
+  * buffer, starting at character position 'p_pos'. The extracted line will
diff -Nru vsftpd-3.0.2/debian/patches/0055-set_default_listen.patch vsftpd-3.0.2/debian/patches/0055-set_default_listen.patch
--- vsftpd-3.0.2/debian/patches/0055-set_default_listen.patch	1970-01-01 01:00:00.000000000 +0100
+++ vsftpd-3.0.2/debian/patches/0055-set_default_listen.patch	2015-04-21 20:45:30.000000000 +0200
@@ -0,0 +1,21 @@
+Description: Change the default of tunable_listen.
+ Change the default of tunable_listen to the same as in
+ man page vsftpd.conf.
+Author: Jörg Frings-Fürst <debian@jff-webhosting.net>
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783077
+Last-Update: 2015-04-21
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: trunk/tunables.c
+===================================================================
+--- trunk.orig/tunables.c
++++ trunk/tunables.c
+@@ -182,7 +182,7 @@ tunables_load_defaults()
+   tunable_use_localtime = 0;
+   tunable_check_shell = 1;
+   tunable_hide_ids = 0;
+-  tunable_listen = 1;
++  tunable_listen = 0;
+   tunable_port_promiscuous = 0;
+   tunable_passwd_chroot_enable = 0;
+   tunable_no_anon_password = 0;
diff -Nru vsftpd-3.0.2/debian/patches/series vsftpd-3.0.2/debian/patches/series
--- vsftpd-3.0.2/debian/patches/series	2014-10-05 12:05:36.000000000 +0200
+++ vsftpd-3.0.2/debian/patches/series	2015-05-11 15:39:42.000000000 +0200
@@ -19,3 +19,5 @@
 0035-address_space_limit.patch
 0040-disable-anonymous.patch
 0045-seccomp-gettimeofday.patch
+0050-CVE-2015-1419.patch
+0055-set_default_listen.patch
diff -Nru vsftpd-3.0.2/debian/vsftpd.postrm vsftpd-3.0.2/debian/vsftpd.postrm
--- vsftpd-3.0.2/debian/vsftpd.postrm	2014-05-07 22:17:52.000000000 +0200
+++ vsftpd-3.0.2/debian/vsftpd.postrm	2015-03-03 18:40:36.000000000 +0100
@@ -2,18 +2,39 @@
 
 set -e
 
+#
+# POSIX-compliant shell function
+# to check for the existence of a command
+# Return 0 if found
+#
+pathfind() {
+    OLDIFS="$IFS"
+    IFS=:
+    for p in $PATH; do
+        if [ -x "$p/$*" ]; then
+            IFS="$OLDIFS"
+            return 0
+        fi
+    done
+    IFS="$OLDIFS"
+    return 1
+}
+
+
 case "${1}" in
 	remove)
 		_USERNAME="ftp"
 		_GROUPNAME="${_USERNAME}"
 		_DIRECTORY="/srv/ftp"
 
-		if [ -x /usr/sbin/deluser ]
+		pathfind deluser
+		if [ $? = 0 ] ;
 		then
 			deluser --quiet --system ${_USERNAME}
 		fi
 
-		if [ -x /usr/sbin/delgroup ]
+		pathfind delgroup
+		if [ $? = 0 ] ;
 		then
 			delgroup --quiet --system --only-if-empty ${_GROUPNAME} || true
 		fi
@@ -24,7 +45,27 @@
 		fi
 		;;
 
-	purge|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+	purge)
+#
+# purge systemd files
+#
+	    rm -f /etc/systemd/system/vsftpd.service
+	    rm -f /etc/systemd/system/multi-user.target.wants/vsftpd.service
+	    rm -f /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/vsftpd.service
+	    rm -f /var/lib/systemd/deb-systemd-helper-enabled/vsftpd.service.dsh-also
+	    rm -f /var/lib/systemd/deb-systemd-helper-masked/vsftpd.service
+	    if [ -d /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/ ]; then
+    		rmdir --ignore-fail-on-non-empty /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/
+	    fi
+	    if [ -d /var/lib/systemd/deb-systemd-helper-enabled ]; then
+    		rmdir --ignore-fail-on-non-empty /var/lib/systemd/deb-systemd-helper-enabled
+	    fi
+	    if [ -d /var/lib/systemd/deb-systemd-helper-masked ]; then
+		rmdir --ignore-fail-on-non-empty /var/lib/systemd/deb-systemd-helper-masked
+	    fi
+	    ;;
+
+	upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
 
 		;;
 

Reply to: