openpkg
/
openpkg-packages
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23576 Commits
1 Branch
2 Tags
576 MiB
 
 
 
 
 
 
Tree: 1c4c7f0b57
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1c4c7f0b57'
${ noResults }
openpkg-packages/proftpd/proftpd.patch

280 lines
8.1 KiB
Raw Blame History

Index: mod_sql_sqlite/mod_sql_sqlite.c
--- mod_sql_sqlite/mod_sql_sqlite.c.orig 2006-12-06 08:49:36 +0100
+++ mod_sql_sqlite/mod_sql_sqlite.c 2006-12-06 09:01:01 +0100
@@ -22,15 +22,15 @@
* the source code for OpenSSL in the source distribution.
*
* $Id: mod_sql_sqlite.c,v 1.1 2004/10/17 19:59:48 tj Exp tj $
- * $Libraries: -lsqlite $
+ * $Libraries: -lsqlite3 $
*/
-#include <sqlite.h>
+#include <sqlite3.h>
#include "conf.h"
#include "mod_sql.h"
-#define MOD_SQL_SQLITE_VERSION "mod_sql_sqlite/0.1"
+#define MOD_SQL_SQLITE_VERSION "mod_sql_sqlite/0.1+"
/* Make sure the version of proftpd is as necessary. */
#if PROFTPD_VERSION_NUMBER < 0x0001021101
@@ -44,7 +44,7 @@
char *user;
char *pass;
- sqlite *dbh;
+ sqlite3 *dbh;
} db_conn_t;
@@ -185,7 +185,6 @@
}
MODRET sql_sqlite_open(cmd_rec *cmd) {
- char *tmp = NULL;
conn_entry_t *entry = NULL;
db_conn_t *conn = NULL;
@@ -220,21 +219,17 @@
return HANDLED(cmd);
}
- conn->dbh = sqlite_open(conn->dsn, 0, &tmp);
- if (conn->dbh == NULL) {
- char *errstr = pstrdup(cmd->pool, tmp);
- sqlite_freemem(tmp);
+ if (sqlite3_open(conn->dsn, &conn->dbh) != SQLITE_OK) {
+ char *errstr = pstrdup(cmd->pool, sqlite3_errmsg(conn->dbh));
+ sqlite3_close(conn->dbh);
sql_log(DEBUG_FUNC, "%s", "exiting \tsqlite cmd_open");
return ERROR_MSG(cmd, MOD_SQL_SQLITE_VERSION, errstr);
}
- if (tmp)
- sqlite_freemem(tmp);
-
/* Add some SQLite information to the logs. */
sql_log(DEBUG_INFO, MOD_SQL_SQLITE_VERSION ": SQLite version: %s",
- sqlite_libversion());
+ sqlite3_libversion());
entry->nconn++;
@@ -295,7 +290,7 @@
(cmd->argc == 2 && cmd->argv[1])) {
if (conn->dbh) {
- sqlite_close(conn->dbh);
+ sqlite3_close(conn->dbh);
conn->dbh = NULL;
}
@@ -447,9 +442,9 @@
/* Perform the query. If it doesn't work, log the error, close the
* connection, then return the error from the query processing.
*/
- if (sqlite_exec(conn->dbh, query, exec_cb, cmd, &tmp) != SQLITE_OK) {
+ if (sqlite3_exec(conn->dbh, query, exec_cb, cmd, &tmp) != SQLITE_OK) {
char *errstr = pstrdup(cmd->pool, tmp);
- sqlite_freemem(tmp);
+ sqlite3_free(tmp);
close_cmd = pr_cmd_alloc(cmd->tmp_pool, 1, entry->name);
sql_sqlite_close(close_cmd);
@@ -460,7 +455,7 @@
}
if (tmp)
- sqlite_freemem(tmp);
+ sqlite3_free(tmp);
mr = sql_sqlite_get_data(cmd);
@@ -517,9 +512,9 @@
* connection (and log any errors there, too) then return the error
* from the query processing.
*/
- if (sqlite_exec(conn->dbh, query, exec_cb, cmd, &tmp) != SQLITE_OK) {
+ if (sqlite3_exec(conn->dbh, query, exec_cb, cmd, &tmp) != SQLITE_OK) {
char *errstr = pstrdup(cmd->pool, tmp);
- sqlite_freemem(tmp);
+ sqlite3_free(tmp);
close_cmd = pr_cmd_alloc(cmd->tmp_pool, 1, entry->name);
sql_sqlite_close(close_cmd);
@@ -530,7 +525,7 @@
}
if (tmp)
- sqlite_freemem(tmp);
+ sqlite3_free(tmp);
/* Reset these variables. The memory in them is allocated from this
* same cmd_rec, and will be recovered when the cmd_rec is destroyed.
@@ -594,9 +589,9 @@
/* Perform the query. If it doesn't work close the connection, then
* return the error from the query processing.
*/
- if (sqlite_exec(conn->dbh, query, exec_cb, cmd, &tmp) != SQLITE_OK) {
+ if (sqlite3_exec(conn->dbh, query, exec_cb, cmd, &tmp) != SQLITE_OK) {
char *errstr = pstrdup(cmd->pool, tmp);
- sqlite_freemem(tmp);
+ sqlite3_free(tmp);
close_cmd = pr_cmd_alloc(cmd->tmp_pool, 1, entry->name);
sql_sqlite_close(close_cmd);
@@ -607,7 +602,7 @@
}
if (tmp)
- sqlite_freemem(tmp);
+ sqlite3_free(tmp);
/* Reset these variables. The memory in them is allocated from this
* same cmd_rec, and will be recovered when the cmd_rec is destroyed.
@@ -674,9 +669,9 @@
/* Perform the query. If it doesn't work close the connection, then
* return the error from the query processing.
*/
- if (sqlite_exec(conn->dbh, query, exec_cb, cmd, &tmp) != SQLITE_OK) {
+ if (sqlite3_exec(conn->dbh, query, exec_cb, cmd, &tmp) != SQLITE_OK) {
char *errstr = pstrdup(cmd->pool, tmp);
- sqlite_freemem(tmp);
+ sqlite3_free(tmp);
close_cmd = pr_cmd_alloc(cmd->tmp_pool, 1, entry->name);
sql_sqlite_close(close_cmd);
@@ -687,7 +682,7 @@
}
if (tmp)
- sqlite_freemem(tmp);
+ sqlite3_free(tmp);
mr = sql_sqlite_get_data(cmd);
@@ -724,9 +719,9 @@
conn = (db_conn_t *) entry->data;
unescaped = cmd->argv[1];
- tmp = sqlite_mprintf("%q", unescaped);
+ tmp = sqlite3_mprintf("%q", unescaped);
escaped = pstrdup(cmd->pool, tmp);
- sqlite_freemem(tmp);
+ sqlite3_free(tmp);
sql_log(DEBUG_FUNC, "%s", "exiting \tsqlite cmd_escapestring");
return mod_create_data(cmd, escaped);
Index: mod_vroot/mod_vroot.c
--- mod_vroot/mod_vroot.c.orig 2006-12-06 03:58:51 +0100
+++ mod_vroot/mod_vroot.c 2006-12-06 08:00:45 +0100
@@ -582,7 +582,7 @@
CONF_ERROR(cmd, "must be an absolute path");
add_config_param_str(cmd->argv[0], 1, cmd->argv[1]);
- return PR_HANDLED(cmd);
+ return HANDLED(cmd);
}
/* usage: VRootOptions opt1 opt2 ... optN */
Index: modules/mod_auth_unix.c
--- modules/mod_auth_unix.c.orig 2005-07-03 20:52:02 +0200
+++ modules/mod_auth_unix.c 2006-06-27 16:10:20 +0200
@@ -248,7 +248,7 @@
return gr;
}
-inline static int _compare_uid(idmap_t *m1, idmap_t *m2) {
+static int _compare_uid(idmap_t *m1, idmap_t *m2) {
if (m1->id.uid < m2->id.uid)
return -1;
@@ -258,7 +258,7 @@
return 0;
}
-inline static int _compare_gid(idmap_t *m1, idmap_t *m2) {
+static int _compare_gid(idmap_t *m1, idmap_t *m2) {
if (m1->id.gid < m2->id.gid)
return -1;
@@ -268,7 +268,7 @@
return 0;
}
-inline static int _compare_id(xaset_t **table, idauth_t id, idauth_t idcomp) {
+static int _compare_id(xaset_t **table, idauth_t id, idauth_t idcomp) {
if (table == uid_table)
return id.uid == idcomp.uid;
else
-----------------------------------------------------------------------------
Security Fix (CVE-2006-5815, according to CVE, but vendor thinks differently)
Index: src/main.c
--- src/main.c.orig 2006-03-15 20:41:01 +0100
+++ src/main.c 2006-11-15 16:47:29 +0100
@@ -116,6 +116,8 @@
static char sbuf[PR_TUNABLE_BUFFER_SIZE] = {'\0'};
+#define PR_DEFAULT_CMD_BUFSZ 512
+
static char **Argv = NULL;
static char *LastArgv = NULL;
static const char *PidPath = PR_PID_FILE_PATH;
@@ -820,16 +822,25 @@
pr_timer_reset(TIMER_IDLE, NULL);
if (cmd_buf_size == -1) {
- long *buf_size = get_param_ptr(main_server->conf,
- "CommandBufferSize", FALSE);
+ int *bufsz = get_param_ptr(main_server->conf, "CommandBufferSize",
+ FALSE);
- if (buf_size == NULL || *buf_size <= 0)
- cmd_buf_size = 512;
+ if (bufsz == NULL ||
+ *bufsz <= 0) {
+ pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) "
+ "given, resetting to default buffer size (%u)",
+ bufsz != NULL ? *bufsz : 0, (unsigned int) PR_DEFAULT_CMD_BUFSZ);
+ cmd_buf_size = PR_DEFAULT_CMD_BUFSZ;
+
+ } else if (*bufsz + 1 > sizeof(buf)) {
+ pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) "
+ "given, resetting to default buffer size (%u)",
+ *bufsz, (unsigned int) PR_DEFAULT_CMD_BUFSZ);
+ cmd_buf_size = PR_DEFAULT_CMD_BUFSZ;
- else if (*buf_size + 1 > sizeof(buf)) {
- pr_log_pri(PR_LOG_WARNING, "Invalid CommandBufferSize size given. "
- "Resetting to 512.");
- cmd_buf_size = 512;
+ } else {
+ pr_log_debug(DEBUG1, "setting CommandBufferSize to %d", *bufsz);
+ cmd_buf_size = (long) *bufsz;
}
}
-----------------------------------------------------------------------------
Security Fix
Index: contrib/mod_tls.c
--- contrib/mod_tls.c.orig 2005-11-08 18:59:49 +0100
+++ contrib/mod_tls.c 2006-11-15 17:54:43 +0100
@@ -2421,6 +2421,8 @@
datalen = BIO_get_mem_data(mem, &data);
if (data) {
+ if (datalen > sizeof(buf)-1)
+ datalen = sizeof(buf)-1;
memset(&buf, '\0', sizeof(buf));
memcpy(buf, data, datalen);
buf[datalen] = '\0';