From d38fa80bfba39e4d031bbe6b153e74628258e7b4 Mon Sep 17 00:00:00 2001
From: Paul Howarth <pghmcfc@fedoraproject.org>
Date: Dec 10 2009 23:28:03 +0000
Subject: - Update to 1.3.2c, addressing the following issues:

- SSL/TLS renegotiation vulnerability (CVE-2009-3555, bug 3324)
- Failed database transaction can cause mod_quotatab to loop (bug 3228)
- Segfault in mod_wrap (bug 3332)
- <Directory> sections can have <Limit> problems (bug 3337)
- mod_wrap2 segfaults when a valid user retries the USER command (bug 3341)
- mod_auth_file handles 'getgroups' request incorrectly (bug 3347)
- Segfault caused by scrubbing zero-length portion of memory (bug 3350)
- Drop upstreamed segfault patch

---

diff --git a/.cvsignore b/.cvsignore
index 0ef3122..0b45570 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1,3 +1,3 @@
-proftpd-1.3.2b.tar.bz2
+proftpd-1.3.2c.tar.bz2
 proftpd-mod-vroot-0.8.5.tar.gz
 proftpd-mod-exec-0.9.6.tar.gz
diff --git a/proftpd-1.3.2b-segfault-on-auth-fail.patch b/proftpd-1.3.2b-segfault-on-auth-fail.patch
deleted file mode 100644
index 4700858..0000000
--- a/proftpd-1.3.2b-segfault-on-auth-fail.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Got this backtrace on auth failures on Fedora 12 with OpenSSL 1.0.0 beta 4
-
-Core was generated by `proftpd -n'.
-Program terminated with signal 11, Segmentation fault.
-#0  strcmp () at ../sysdeps/x86_64/strcmp.S:64
-64		cmpb	(%rsi), %al
-(gdb) bt
-#0  strcmp () at ../sysdeps/x86_64/strcmp.S:64
-#1  0x0000003a1b00e965 in _dl_name_match_p (name=0x3a1b53a89e "libgcc_s.so.1", map=0x7fc600) at dl-misc.c:302
-#2  0x0000003a1b007ad2 in _dl_map_object (loader=0x3a1b21f0e8, name=0x3a1b53a89e "libgcc_s.so.1", preloaded=<value optimized out>, 
-    type=<value optimized out>, trace_mode=<value optimized out>, mode=-1879048191, nsid=<value optimized out>) at dl-load.c:1977
-#3  0x0000003a1b012500 in dl_open_worker (a=0x7fff079d1010) at dl-open.c:254
-#4  0x0000003a1b00dd46 in _dl_catch_error (objname=<value optimized out>, errstring=<value optimized out>, mallocedp=<value optimized out>, 
-    operate=<value optimized out>, args=<value optimized out>) at dl-error.c:178
-#5  0x0000003a1b011f87 in _dl_open (file=0x3a1b53a89e "libgcc_s.so.1", mode=-2147483647, caller_dlopen=0x0, nsid=-2, argc=2, 
-    argv=<value optimized out>, env=<value optimized out>) at dl-open.c:583
-#6  0x0000003a1b51a620 in do_dlopen (ptr=0x7fff079d1200) at dl-libc.c:86
-#7  0x0000003a1b00dd46 in _dl_catch_error (objname=<value optimized out>, errstring=<value optimized out>, mallocedp=<value optimized out>, 
-    operate=<value optimized out>, args=<value optimized out>) at dl-error.c:178
-#8  0x0000003a1b51a777 in dlerror_run (args=<value optimized out>, operate=<value optimized out>) at dl-libc.c:47
-#9  __libc_dlopen_mode (args=<value optimized out>, operate=<value optimized out>) at dl-libc.c:160
-#10 0x0000003a1b4f3345 in init () at ../sysdeps/ia64/backtrace.c:41
-#11 0x0000003a1bc0c733 in pthread_once () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_once.S:104
-#12 0x0000003a1b4f3444 in __backtrace (array=<value optimized out>, size=32) at ../sysdeps/ia64/backtrace.c:85
-#13 0x0000000000414312 in handle_segv (signo=11, info=0x7fff079d1530, ptr=0x7fff079d1400) at main.c:1871
-#14 <signal handler called>
-#15 OPENSSL_cleanse () at x86_64cpuid.s:135
-#16 0x0000000000424abb in pr_memscrub (ptr=0x7fbe40, ptrlen=0) at support.c:570
-#17 0x0000000000473322 in setup_env (p=0x80b150, cmd=0x7fbdb8, user=0x80c3f0 "", pass=0x7fbe40 "") at mod_auth.c:1381
-#18 0x0000000000474eb3 in auth_pass (cmd=0x7fbdb8) at mod_auth.c:1963
-#19 0x000000000043a0ee in pr_module_call (m=0x6e3480, func=0x474d9e <auth_pass>, cmd=0x7fbdb8) at modules.c:502
-#20 0x0000000000411702 in _dispatch (cmd=0x7fbdb8, cmd_type=2, validate=1, match=0x7fbe38 "PASS") at main.c:446
-#21 0x0000000000411f5e in pr_cmd_dispatch_phase (cmd=0x7fbdb8, phase=0, flags=3) at main.c:703
-#22 0x000000000041220d in pr_cmd_dispatch (cmd=0x7fbdb8) at main.c:773
-#23 0x0000000000412796 in cmd_loop (server=0x7b4628, c=0x805e88) at main.c:914
-#24 0x00000000004136be in fork_server (fd=9, l=0x804408, nofork=0 '\000') at main.c:1436
-#25 0x0000000000413ca7 in daemon_loop () at main.c:1643
-#26 0x00000000004151ff in standalone_main () at main.c:2504
-#27 0x0000000000415e08 in main (argc=2, argv=0x7fff079d2118, envp=0x7fff079d2130) at main.c:3124
-
---- proftpd-1.3.3rc2/src/support.c	2009-08-04 16:53:28.000000000 +0100
-+++ proftpd-1.3.3rc2/src/support.c	2009-12-10 13:52:06.916586992 +0000
-@@ -567,6 +567,11 @@
-   /* Just use OpenSSL's function for this.  They have optimized it for
-    * performance in later OpenSSL releases.
-    */
-+
-+  if (!ptr || ptrlen == 0) {
-+    return;
-+  }
-+
-   OPENSSL_cleanse(ptr, ptrlen);
- 
- #else 
diff --git a/proftpd.spec b/proftpd.spec
index 47d89bc..3c99446 100644
--- a/proftpd.spec
+++ b/proftpd.spec
@@ -7,11 +7,11 @@
 %endif
 
 #global prever rc3
-%global rpmrel 3
+%global rpmrel 1
 
 Summary:		Flexible, stable and highly-configurable FTP server
 Name:			proftpd
-Version:		1.3.2b
+Version:		1.3.2c
 Release:		%{?prever:0.}%{rpmrel}%{?prever:.%{prever}}%{?dist}
 License:		GPLv2+
 Group:			System Environment/Daemons
@@ -31,7 +31,6 @@ Source11:		http://www.castaglia.org/proftpd/modules/proftpd-mod-exec-0.9.6.tar.g
 Patch0:			proftpd-1.3.2rc3-nostrip.patch
 Patch2:			proftpd-1.3.2-parallel-build.patch
 Patch3:			proftpd-1.3.2a-mlsd.patch
-Patch4:			proftpd-1.3.2b-segfault-on-auth-fail.patch
 BuildRoot:		%{_tmppath}/%{name}-%{version}-%{release}-root
 Requires(post):		/sbin/chkconfig
 Requires(preun):	/sbin/service, /sbin/chkconfig, coreutils, findutils
@@ -100,9 +99,6 @@ Module to add PostgreSQL support to the ProFTPD FTP server.
 # (upstream patch)
 %patch3 -p1 -b .mlsd
 
-# Fix segfault on auth failures (bug 3350)
-%patch4 -p1 -b .segfault-on-auth-failure
-
 # Avoid documentation name conflicts
 %{__mv} contrib/README contrib/README.contrib
 
@@ -295,6 +291,17 @@ fi
 
 
 %changelog
+* Thu Dec 10 2009 Paul Howarth <paul@city-fan.org> 1.3.2c-1
+- Update to 1.3.2c, addressing the following issues:
+  - SSL/TLS renegotiation vulnerability (CVE-2009-3555, bug 3324)
+  - Failed database transaction can cause mod_quotatab to loop (bug 3228)
+  - Segfault in mod_wrap (bug 3332)
+  - <Directory> sections can have <Limit> problems (bug 3337)
+  - mod_wrap2 segfaults when a valid user retries the USER command (bug 3341)
+  - mod_auth_file handles 'getgroups' request incorrectly (bug 3347)
+  - Segfault caused by scrubbing zero-length portion of memory (bug 3350)
+- Drop upstreamed segfault patch
+
 * Thu Dec 10 2009 Paul Howarth <paul@city-fan.org> 1.3.2b-3
 - Add patch for upstream bug 3350 - segfault on auth failures
 
diff --git a/sources b/sources
index 1b98cee..a2bbcdd 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-0d6777839f37115654ce384841f68131  proftpd-1.3.2b.tar.bz2
+559fd3fb6959d42ddd66b333a03b0c49  proftpd-1.3.2c.tar.bz2
 139fc328c43a9afbe290ec787713096b  proftpd-mod-vroot-0.8.5.tar.gz
 dfcaf605f116c29d7b4771a9b02f509b  proftpd-mod-exec-0.9.6.tar.gz