Package: release.debian.org Severity: normal Tags: stretch User: release.debian.org@packages.debian.org Usertags: pu Dear Release managers, the package fixes two critical issues, which impact the usability of the mod_sftp proftp module and the proftp package itself. There are situations, where users can't connect to an proftp server using sftp in case the client is recent enough. Further I removed the debconf call as it causes a hang in postinst. Debconf integration has been removed for buster anyway. - Issue is solved in Debian unstable since 1.3.6c-1 - Both bugs are set to important - debdiff is attached I tested a build on Debian oldstable and the reporters confirmed that the patch solved both issues. The debdiff is against deb9u4, which has been uploaded by the sec team. Consider to include it in Debian oldstable. Thanks! Thanks, Hilmar! -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 5.4.0-4-686-pae (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- sigmentation fault
diff -Nru proftpd-dfsg-1.3.5b/debian/changelog proftpd-dfsg-1.3.5b/debian/changelog
--- proftpd-dfsg-1.3.5b/debian/changelog 2020-02-25 22:43:05.000000000 +0100
+++ proftpd-dfsg-1.3.5b/debian/changelog 2020-02-13 15:39:08.000000000 +0100
@@ -1,3 +1,12 @@
+proftpd-dfsg (1.3.5b-4+deb9u5) stretch; urgency=medium
+
+ * Add patch from upstream to solve bug4385. (Closes: #949622).
+ * Disable call to /usr/share/debconf/confmodule. Causes hangs during
+ postinst and it is unsure why we have it at all.
+ (Closes: #870624)
+
+ -- Hilmar Preusse <hille42@web.de> Thu, 12 Mar 2020 15:52:02 +0100
+
proftpd-dfsg (1.3.5b-4+deb9u4) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
diff -Nru proftpd-dfsg-1.3.5b/debian/patches/Issue-903-We-want-to-remove-the-data-transfer-comman.patch proftpd-dfsg-1.3.5b/debian/patches/Issue-903-We-want-to-remove-the-data-transfer-comman.patch
--- proftpd-dfsg-1.3.5b/debian/patches/Issue-903-We-want-to-remove-the-data-transfer-comman.patch 2020-02-25 22:43:05.000000000 +0100
+++ proftpd-dfsg-1.3.5b/debian/patches/Issue-903-We-want-to-remove-the-data-transfer-comman.patch 2020-02-13 15:39:08.000000000 +0100
@@ -11,11 +11,11 @@
src/data.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/src/data.c b/src/data.c
-index 6ef6d420ef4d..e7b03e231b80 100644
---- a/src/data.c
-+++ b/src/data.c
-@@ -897,7 +897,7 @@ void pr_data_abort(int err, int quiet) {
+Index: proftpd/src/data.c
+===================================================================
+--- proftpd.orig/src/data.c 2020-03-12 15:11:56.344000000 +0100
++++ proftpd/src/data.c 2020-03-12 15:11:56.340000000 +0100
+@@ -955,7 +955,7 @@
/* Forcibly clear the data-transfer instigating command pool from the
* Response API.
*/
@@ -24,6 +24,3 @@
}
if (true_abort) {
---
-2.20.1
-
diff -Nru proftpd-dfsg-1.3.5b/debian/patches/kbdint-packets-bug4385.patch proftpd-dfsg-1.3.5b/debian/patches/kbdint-packets-bug4385.patch
--- proftpd-dfsg-1.3.5b/debian/patches/kbdint-packets-bug4385.patch 1970-01-01 01:00:00.000000000 +0100
+++ proftpd-dfsg-1.3.5b/debian/patches/kbdint-packets-bug4385.patch 2020-02-13 15:39:08.000000000 +0100
@@ -0,0 +1,126 @@
+Index: proftpd_build/contrib/mod_sftp/kbdint.c
+===================================================================
+--- proftpd_build.orig/contrib/mod_sftp/kbdint.c 2019-12-08 23:19:15.037069504 +0100
++++ proftpd_build/contrib/mod_sftp/kbdint.c 2020-02-13 15:17:13.000000000 +0100
+@@ -31,6 +31,8 @@
+
+ #define SFTP_KBDINT_MAX_RESPONSES 500
+
++extern pr_response_t *resp_list, *resp_err_list;
++
+ struct kbdint_driver {
+ struct kbdint_driver *next, *prev;
+
+@@ -252,6 +254,77 @@
+ return res;
+ }
+
++static struct ssh2_packet *read_response_packet(pool *p) {
++ struct ssh2_packet *pkt = NULL;
++
++ /* Keep looping until we get the desired message, or we time out. */
++ while (pkt == NULL) {
++ int res;
++ char mesg_type;
++
++ pr_signals_handle();
++
++ pkt = sftp_ssh2_packet_create(kbdint_pool);
++ res = sftp_ssh2_packet_read(sftp_conn->rfd, pkt);
++ if (res < 0) {
++ int xerrno = errno;
++
++ destroy_pool(pkt->pool);
++
++ errno = xerrno;
++ return NULL;
++ }
++
++ pr_response_clear(&resp_list);
++ pr_response_clear(&resp_err_list);
++
++ /* Per RFC 4253, Section 11, DEBUG, DISCONNECT, IGNORE, and UNIMPLEMENTED
++ * messages can occur at any time, even during KEX. We have to be prepared
++ * for this, and Do The Right Thing(tm).
++ */
++
++ mesg_type = sftp_ssh2_packet_get_mesg_type(pkt);
++
++ switch (mesg_type) {
++ case SFTP_SSH2_MSG_DEBUG:
++ sftp_ssh2_packet_handle_debug(pkt);
++ pkt = NULL;
++ break;
++
++ case SFTP_SSH2_MSG_DISCONNECT:
++ sftp_ssh2_packet_handle_disconnect(pkt);
++ pkt = NULL;
++ break;
++
++ case SFTP_SSH2_MSG_IGNORE:
++ sftp_ssh2_packet_handle_ignore(pkt);
++ pkt = NULL;
++ break;
++
++ case SFTP_SSH2_MSG_UNIMPLEMENTED:
++ sftp_ssh2_packet_handle_unimplemented(pkt);
++ pkt = NULL;
++ break;
++
++ case SFTP_SSH2_MSG_USER_AUTH_INFO_RESP:
++ pr_trace_msg(trace_channel, 13,
++ "received expected %s message",
++ sftp_ssh2_packet_get_mesg_type_desc(mesg_type));
++ break;
++
++ default:
++ (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION,
++ "expecting USER_AUTH_INFO_RESP message, received %s (%d)",
++ sftp_ssh2_packet_get_mesg_type_desc(mesg_type), mesg_type);
++ destroy_pool(pkt->pool);
++ errno = EPERM;
++ return NULL;
++ }
++ }
++
++ return pkt;
++}
++
+ int sftp_kbdint_recv_response(pool *p, uint32_t expected_count,
+ uint32_t *rcvd_count, const char ***responses) {
+ register unsigned int i;
+@@ -259,9 +332,7 @@
+ cmd_rec *cmd;
+ array_header *list;
+ uint32_t buflen, resp_count;
+- struct ssh2_packet *pkt;
+- char mesg_type;
+- int res;
++ struct ssh2_packet *pkt = NULL;
+
+ if (p == NULL ||
+ rcvd_count == NULL ||
+@@ -270,21 +341,8 @@
+ return -1;
+ }
+
+- pkt = sftp_ssh2_packet_create(kbdint_pool);
+-
+- res = sftp_ssh2_packet_read(sftp_conn->rfd, pkt);
+- if (res < 0) {
+- destroy_pool(pkt->pool);
+- return res;
+- }
+-
+- mesg_type = sftp_ssh2_packet_get_mesg_type(pkt);
+- if (mesg_type != SFTP_SSH2_MSG_USER_AUTH_INFO_RESP) {
+- (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION,
+- "expecting USER_AUTH_INFO_RESP message, received %s (%d)",
+- sftp_ssh2_packet_get_mesg_type_desc(mesg_type), mesg_type);
+- destroy_pool(pkt->pool);
+- errno = EPERM;
++ pkt = read_response_packet(p);
++ if (pkt == NULL) {
+ return -1;
+ }
+
diff -Nru proftpd-dfsg-1.3.5b/debian/patches/series proftpd-dfsg-1.3.5b/debian/patches/series
--- proftpd-dfsg-1.3.5b/debian/patches/series 2020-02-25 22:43:05.000000000 +0100
+++ proftpd-dfsg-1.3.5b/debian/patches/series 2020-02-13 15:39:08.000000000 +0100
@@ -18,5 +18,6 @@
proftpd-1.3.5e-CVE-2019-12815.patch
bug_846_CVE-2019-18217.patch
upstream_861_CVE-2019-19269
+kbdint-packets-bug4385.patch
Issue-903-Ensure-that-we-do-not-reuse-already-destro.patch
Issue-903-We-want-to-remove-the-data-transfer-comman.patch
diff -Nru proftpd-dfsg-1.3.5b/debian/proftpd-basic.postinst proftpd-dfsg-1.3.5b/debian/proftpd-basic.postinst
--- proftpd-dfsg-1.3.5b/debian/proftpd-basic.postinst 2020-02-25 22:43:05.000000000 +0100
+++ proftpd-dfsg-1.3.5b/debian/proftpd-basic.postinst 2020-02-13 15:39:08.000000000 +0100
@@ -117,7 +117,7 @@
DONTSTART=0
-. /usr/share/debconf/confmodule
+#. /usr/share/debconf/confmodule
# update-ined is used if found, else you are on your own
if [ -x /usr/sbin/update-inetd ]; then
Attachment:
signature.asc
Description: PGP signature