Bug#790692: wheezy-pu: package ftpd-ssl/0.17.33+0.3-1+deb7u1
Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian.org@packages.debian.org
Usertags: pu
Hello all,
I would like to proceed with an update also to
oldstable/wheezy of the SSL-enhanced FTP server
built from linux-ftpd-ssl. It deals with the
same denial of service as was established in
the report #788331, and the remedy is identical
to the one applied to testing as well has been
queued for jessie-pu. The relevant debdiff is
herewith attached.
Best regards,
Mats Erik Andersson, present maintainer of linux-ftpd-ssl.
diff -Nru linux-ftpd-ssl-0.17.33+0.3/debian/changelog linux-ftpd-ssl-0.17.33+0.3/debian/changelog
--- linux-ftpd-ssl-0.17.33+0.3/debian/changelog 2011-04-20 03:47:23.000000000 +0200
+++ linux-ftpd-ssl-0.17.33+0.3/debian/changelog 2015-06-30 01:04:24.000000000 +0200
@@ -1,3 +1,11 @@
+linux-ftpd-ssl (0.17.33+0.3-1+deb7u1) wheezy; urgency=medium
+
+ * QA Upload
+ * NLST of empty directory results in segfault. (Closes: #788331)
+ + debian/patches/500-ssl.diff: Updated.
+
+ -- Mats Erik Andersson <mats.andersson@gisladisker.se> Tue, 30 Jun 2015 01:04:03 +0200
+
linux-ftpd-ssl (0.17.33+0.3-1) unstable; urgency=low
* Update to linux-ftpd 0.17-33.
diff -Nru linux-ftpd-ssl-0.17.33+0.3/debian/patches/500-ssl.diff linux-ftpd-ssl-0.17.33+0.3/debian/patches/500-ssl.diff
--- linux-ftpd-ssl-0.17.33+0.3/debian/patches/500-ssl.diff 2011-04-20 03:47:23.000000000 +0200
+++ linux-ftpd-ssl-0.17.33+0.3/debian/patches/500-ssl.diff 2015-06-16 13:46:42.000000000 +0200
@@ -3,7 +3,7 @@
Origin: ftp://ftp.uni-mainz.de/pub/software/security/ssl/SSL-MZapps/linux-ftpd-0.17+ssl-0.3.diff.gz
Forwarded: not-needed
Author: Tim Hudson <tjh@cryptsoft.com>
-Last-Update: 2010-06-21
+Last-Update: 2015-06-11
Index: linux-ftpd-ssl/ftpd/Makefile
===================================================================
@@ -917,10 +917,12 @@
byte_count += strlen(nbuf) + 1;
}
}
-@@ -2705,6 +3193,13 @@
+@@ -2704,8 +3193,16 @@
+ reply(226, "Transfer complete.");
transflag = 0;
- if (dout != NULL)
+- if (dout != NULL)
++ if (dout != NULL) {
+#ifdef USE_SSL
+ if (ssl_data_active_flag && (ssl_data_con!=NULL)) {
+ SSL_free(ssl_data_con);
@@ -929,8 +931,10 @@
+ }
+#endif /* USE_SSL */
(void) fclose(dout);
++ }
data = -1;
pdata = -1;
+ out:
@@ -2792,3 +3287,223 @@
}
#endif /* TCPWRAPPERS */
Reply to: