Bug#790692: wheezy-pu: package ftpd-ssl/0.17.33+0.3-1+deb7u1

To: submit@bugs.debian.org
Subject: Bug#790692: wheezy-pu: package ftpd-ssl/0.17.33+0.3-1+deb7u1
From: Mats Erik Andersson <mats.andersson@gisladisker.se>
Date: Tue, 30 Jun 2015 23:24:34 +0200
Message-id: <[🔎] 20150630212434.GA64560@aun.utmark.mea>
Reply-to: Mats Erik Andersson <mats.andersson@gisladisker.se>, 790692@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian.org@packages.debian.org
Usertags: pu

Hello all,

I would like to proceed with an update also to
oldstable/wheezy of the SSL-enhanced FTP server
built from linux-ftpd-ssl. It deals with the
same denial of service as was established in
the report #788331, and the remedy is identical
to the one applied to testing as well has been
queued for jessie-pu. The relevant debdiff is
herewith attached.

Best regards,
  Mats Erik Andersson, present maintainer of linux-ftpd-ssl.

diff -Nru linux-ftpd-ssl-0.17.33+0.3/debian/changelog linux-ftpd-ssl-0.17.33+0.3/debian/changelog
--- linux-ftpd-ssl-0.17.33+0.3/debian/changelog	2011-04-20 03:47:23.000000000 +0200
+++ linux-ftpd-ssl-0.17.33+0.3/debian/changelog	2015-06-30 01:04:24.000000000 +0200
@@ -1,3 +1,11 @@
+linux-ftpd-ssl (0.17.33+0.3-1+deb7u1) wheezy; urgency=medium
+
+  * QA Upload
+  * NLST of empty directory results in segfault. (Closes: #788331)
+    + debian/patches/500-ssl.diff: Updated.
+
+ -- Mats Erik Andersson <mats.andersson@gisladisker.se>  Tue, 30 Jun 2015 01:04:03 +0200
+
 linux-ftpd-ssl (0.17.33+0.3-1) unstable; urgency=low
 
   * Update to linux-ftpd 0.17-33.
diff -Nru linux-ftpd-ssl-0.17.33+0.3/debian/patches/500-ssl.diff linux-ftpd-ssl-0.17.33+0.3/debian/patches/500-ssl.diff
--- linux-ftpd-ssl-0.17.33+0.3/debian/patches/500-ssl.diff	2011-04-20 03:47:23.000000000 +0200
+++ linux-ftpd-ssl-0.17.33+0.3/debian/patches/500-ssl.diff	2015-06-16 13:46:42.000000000 +0200
@@ -3,7 +3,7 @@
 Origin: ftp://ftp.uni-mainz.de/pub/software/security/ssl/SSL-MZapps/linux-ftpd-0.17+ssl-0.3.diff.gz
 Forwarded: not-needed
 Author: Tim Hudson <tjh@cryptsoft.com>
-Last-Update: 2010-06-21
+Last-Update: 2015-06-11
 
 Index: linux-ftpd-ssl/ftpd/Makefile
 ===================================================================
@@ -917,10 +917,12 @@
  				byte_count += strlen(nbuf) + 1;
  			}
  		}
-@@ -2705,6 +3193,13 @@
+@@ -2704,8 +3193,16 @@
+ 		reply(226, "Transfer complete.");
  
  	transflag = 0;
- 	if (dout != NULL)
+-	if (dout != NULL)
++	if (dout != NULL) {
 +#ifdef USE_SSL
 +                if (ssl_data_active_flag && (ssl_data_con!=NULL)) {
 +		    SSL_free(ssl_data_con);
@@ -929,8 +931,10 @@
 +		}
 +#endif /* USE_SSL */
  		(void) fclose(dout);
++	}
  	data = -1;
  	pdata = -1;
+ out:
 @@ -2792,3 +3287,223 @@
  }
  #endif	/* TCPWRAPPERS */

Reply to:

Prev by Date: Bug#790622: marked as done (nmu: tvc_4.2.3+dfsg-1)
Next by Date: Processed (with 2 errors): block 790626 with 789447, merging 790626 790533, tagging 790626
Previous by thread: Bug#790622: marked as done (nmu: tvc_4.2.3+dfsg-1)
Next by thread: Processed (with 2 errors): block 790626 with 789447, merging 790626 790533, tagging 790626
Index(es):
- Date
- Thread