aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ftp/proftpd/Makefile3
-rw-r--r--ftp/proftpd/distinfo8
-rw-r--r--ftp/proftpd/files/patch-cmd_too_long189
3 files changed, 5 insertions, 195 deletions
diff --git a/ftp/proftpd/Makefile b/ftp/proftpd/Makefile
index 43ae07bead2a..7015367ecbe0 100644
--- a/ftp/proftpd/Makefile
+++ b/ftp/proftpd/Makefile
@@ -6,8 +6,7 @@
#
PORTNAME= proftpd
-DISTVERSION= 1.3.2rc2
-PORTREVISION= 1
+DISTVERSION= 1.3.2rc3
CATEGORIES= ftp
MASTER_SITES= ftp://ftp.proftpd.org/distrib/source/ \
ftp://ftp.fastorama.com/mirrors/ftp.proftpd.org/distrib/source/ \
diff --git a/ftp/proftpd/distinfo b/ftp/proftpd/distinfo
index 533561cf9b00..e5f53eb53e89 100644
--- a/ftp/proftpd/distinfo
+++ b/ftp/proftpd/distinfo
@@ -1,7 +1,7 @@
-MD5 (proftpd-1.3.2rc2.tar.bz2) = c8b32ffb8febc33c5897165f0d61a475
-SHA256 (proftpd-1.3.2rc2.tar.bz2) = 1fb46b8b0d1ac11ed80a3106e261e15fd4c0b3bc83c198ab9620a852d31f96b7
-SIZE (proftpd-1.3.2rc2.tar.bz2) = 2356053
-MD5 (mod_clamav-0.10.tar.bz2) = 7150cde88f6c692711c007f6312bd495
+MD5 (proftpd-1.3.2rc3.tar.bz2) = 8ecfc2976aa6a5016bd4f4f6745aa3d4
+SHA256 (proftpd-1.3.2rc3.tar.bz2) = e98938c6ee38e036010d3c345facb7ebfc37a48d358aca8f311e0301747b7e94
+SIZE (proftpd-1.3.2rc3.tar.bz2) = 2407996
+MD5 (mod_clamav-0.10.tar.bz2) = 7150cde88f6c692711c007f6312bd495
SHA256 (mod_clamav-0.10.tar.bz2) = 4f6d09979514a8b3f120890753dcf7c6247dfce0aa09d340edf8a359b031a1f4
SIZE (mod_clamav-0.10.tar.bz2) = 5435
MD5 (mod_digest.c) = e706e66fa4d82cf7875a1a5d6767fe00
diff --git a/ftp/proftpd/files/patch-cmd_too_long b/ftp/proftpd/files/patch-cmd_too_long
deleted file mode 100644
index 917f548c991a..000000000000
--- a/ftp/proftpd/files/patch-cmd_too_long
+++ /dev/null
@@ -1,189 +0,0 @@
-Index: src/main.c
-===================================================================
-RCS file: /cvsroot/proftp/proftpd/src/main.c,v
-retrieving revision 1.344
-diff -u -r1.344 main.c
---- src/main.c 8 Sep 2008 00:47:11 -0000 1.344
-+++ src/main.c 20 Sep 2008 20:10:49 -0000
-@@ -516,20 +516,32 @@
- static long get_max_cmd_len(size_t buflen) {
- long res;
- int *bufsz = NULL;
-+ size_t default_cmd_bufsz;
-
-+ /* It's possible for the admin to select a PR_TUNABLE_BUFFER_SIZE which
-+ * is smaller than PR_DEFAULT_CMD_BUFSZ. We need to handle such cases
-+ * properly.
-+ */
-+ default_cmd_bufsz = PR_DEFAULT_CMD_BUFSZ;
-+ if (default_cmd_bufsz > buflen) {
-+ default_cmd_bufsz = buflen;
-+ }
-+
- bufsz = get_param_ptr(main_server->conf, "CommandBufferSize", FALSE);
- if (bufsz == NULL) {
-- res = PR_DEFAULT_CMD_BUFSZ;
-+ res = default_cmd_bufsz;
-
- } else if (*bufsz <= 0) {
- pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) given, "
-- "using default buffer size (%u) instead", *bufsz, PR_DEFAULT_CMD_BUFSZ);
-- res = PR_DEFAULT_CMD_BUFSZ;
-+ "using default buffer size (%lu) instead", *bufsz,
-+ (unsigned long) default_cmd_bufsz);
-+ res = default_cmd_bufsz;
-
- } else if (*bufsz + 1 > buflen) {
- pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) given, "
-- "using default buffer size (%u) instead", *bufsz, PR_DEFAULT_CMD_BUFSZ);
-- res = PR_DEFAULT_CMD_BUFSZ;
-+ "using default buffer size (%lu) instead", *bufsz,
-+ (unsigned long) default_cmd_bufsz);
-+ res = default_cmd_bufsz;
-
- } else {
- pr_log_debug(DEBUG1, "setting CommandBufferSize to %d", *bufsz);
-@@ -577,11 +589,26 @@
- return -1;
- }
-
-- memset(buf, '\0', sizeof(buf));
-+ while (TRUE) {
-+ pr_signals_handle();
-
-- if (pr_netio_telnet_gets(buf, sizeof(buf)-1, session.c->instrm,
-- session.c->outstrm) == NULL)
-- return -1;
-+ memset(buf, '\0', sizeof(buf));
-+
-+ if (pr_netio_telnet_gets(buf, sizeof(buf)-1, session.c->instrm,
-+ session.c->outstrm) == NULL) {
-+
-+ if (errno == E2BIG) {
-+ /* The client sent a too-long command which was ignored; give
-+ * them another chance?
-+ */
-+ continue;
-+ }
-+
-+ return -1;
-+ }
-+
-+ break;
-+ }
-
- if (cmd_bufsz == -1)
- cmd_bufsz = get_max_cmd_len(sizeof(buf));
-Index: src/netio.c
-===================================================================
-RCS file: /cvsroot/proftp/proftpd/src/netio.c,v
-retrieving revision 1.33
-diff -u -r1.33 netio.c
---- src/netio.c 3 Apr 2008 03:14:31 -0000 1.33
-+++ src/netio.c 20 Sep 2008 20:10:49 -0000
-@@ -1,6 +1,6 @@
- /*
- * ProFTPD - FTP server daemon
-- * Copyright (c) 2001-2007 The ProFTPD Project team
-+ * Copyright (c) 2001-2008 The ProFTPD Project team
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
-@@ -30,19 +30,19 @@
- #include <signal.h>
-
- #ifndef IAC
--#define IAC 255
-+# define IAC 255
- #endif
- #ifndef DONT
--#define DONT 254
-+# define DONT 254
- #endif
- #ifndef DO
--#define DO 253
-+# define DO 253
- #endif
- #ifndef WONT
--#define WONT 252
-+# define WONT 252
- #endif
- #ifndef WILL
--#define WILL 251
-+# define WILL 251
- #endif
-
- static const char *trace_channel = "netio";
-@@ -51,6 +51,17 @@
- static pr_netio_t *core_data_netio = NULL, *data_netio = NULL;
- static pr_netio_t *core_othr_netio = NULL, *othr_netio = NULL;
-
-+/* Used to track whether the previous text read from the client's control
-+ * connection was a properly-terminated command. If so, then read in the
-+ * next/current text as per normal. If NOT (e.g. the client sent a too-long
-+ * command), then read in the next/current text, but ignore it. Only clear
-+ * this flag if the next/current command can be read as per normal.
-+ *
-+ * The pr_netio_telnet_gets() uses this variable, in conjunction with its
-+ * saw_newline flag, for handling too-long commands from clients.
-+ */
-+static int properly_terminated_prev_command = TRUE;
-+
- static pr_netio_stream_t *netio_stream_alloc(pool *parent_pool) {
- pool *netio_pool = NULL;
- pr_netio_stream_t *nstrm = NULL;
-@@ -950,7 +961,7 @@
- char *bp = buf;
- unsigned char cp;
- static unsigned char mode = 0;
-- int toread, handle_iac = TRUE;
-+ int toread, handle_iac = TRUE, saw_newline = FALSE;
- pr_buffer_t *pbuf = NULL;
-
- if (buflen == 0) {
-@@ -983,8 +994,9 @@
- *bp = '\0';
- return buf;
-
-- } else
-+ } else {
- return NULL;
-+ }
- }
-
- pbuf->remaining = pbuf->buflen - toread;
-@@ -1049,6 +1061,8 @@
- toread--;
- *bp++ = *pbuf->current++;
- pbuf->remaining++;
-+
-+ saw_newline = TRUE;
- break;
- }
-
-@@ -1056,6 +1070,25 @@
- pbuf->current = NULL;
- }
-
-+ if (!saw_newline) {
-+ /* If we haven't seen a newline, then assume the client is deliberately
-+ * sending a too-long command, trying to exploit buffer sizes and make
-+ * the server make some possibly bad assumptions.
-+ */
-+
-+ properly_terminated_prev_command = FALSE;
-+ errno = E2BIG;
-+ return NULL;
-+ }
-+
-+ if (!properly_terminated_prev_command) {
-+ properly_terminated_prev_command = TRUE;
-+ pr_log_pri(PR_LOG_NOTICE, "client sent too-long command, ignoring");
-+ errno = E2BIG;
-+ return NULL;
-+ }
-+
-+ properly_terminated_prev_command = TRUE;
- *bp = '\0';
- return buf;
- }