+++ /dev/null
-https://bugs.gentoo.org/695972
-https://github.com/proftpd/proftpd/commit/f09f0c661621eb22cb1ce579194478007ba62866
-
-From f09f0c661621eb22cb1ce579194478007ba62866 Mon Sep 17 00:00:00 2001
-From: Justin Maggard <jmaggard@netgear.com>
-Date: Tue, 10 Oct 2017 18:20:06 -0700
-Subject: [PATCH] Bug #4319: Treat EINTR like EAGAIN
-
-This bug described a situation where an ongoing transfer would be
-prematurely aborted when one of our timers fired. The timer could have
-fired for an unrelated reason, but if we were in the process of reading
-or writing with pr_netio_read() or pr_netio_write(), those calls would
-be interrupted with errno set to EINTR, and an error would be returned.
-Then pr_data_xfer() would abort the transfer.
-
-EAGAIN was already being handled properly, and we can just use the same
-treatment for EINTR so that we only respond to the timers we should
-actually care about.
----
- src/data.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
---- a/src/data.c
-+++ b/src/data.c
-@@ -1143,7 +1143,7 @@ int pr_data_xfer(char *cl_buf, size_t cl_size) {
- while (len < 0) {
- int xerrno = errno;
-
-- if (xerrno == EAGAIN) {
-+ if (xerrno == EAGAIN || xerrno == EINTR) {
- /* Since our socket is in non-blocking mode, read(2) can return
- * EAGAIN if there is no data yet for us. Handle this by
- * delaying temporarily, then trying again.
-@@ -1265,7 +1265,7 @@ int pr_data_xfer(char *cl_buf, size_t cl_size) {
- while (len < 0) {
- int xerrno = errno;
-
-- if (xerrno == EAGAIN) {
-+ if (xerrno == EAGAIN || xerrno == EINTR) {
- /* Since our socket is in non-blocking mode, read(2) can return
- * EAGAIN if there is no data yet for us. Handle this by
- * delaying temporarily, then trying again.
-@@ -1362,7 +1362,7 @@ int pr_data_xfer(char *cl_buf, size_t cl_size) {
- while (bwrote < 0) {
- int xerrno = errno;
-
-- if (xerrno == EAGAIN) {
-+ if (xerrno == EAGAIN || xerrno == EINTR) {
- /* Since our socket is in non-blocking mode, write(2) can return
- * EAGAIN if there is not enough from for our data yet. Handle
- * this by delaying temporarily, then trying again.
---
-2.23.0
-
+++ /dev/null
-https://bugs.gentoo.org/690528
-CVE-2019-12815
-
-From a73dbfe3b61459e7c2806d5162b12f0957990cb3 Mon Sep 17 00:00:00 2001
-From: TJ Saunders <tj@castaglia.org>
-Date: Wed, 17 Jul 2019 09:48:39 -0700
-Subject: [PATCH] Backport of fix for Bug#4372 to the 1.3.6 branch.
-
----
- NEWS | 1 +
- contrib/mod_copy.c | 36 +++++++++++++++++++++++++++++++++---
- 2 files changed, 34 insertions(+), 3 deletions(-)
-
---- a/contrib/mod_copy.c
-+++ b/contrib/mod_copy.c
-@@ -1,7 +1,7 @@
- /*
- * ProFTPD: mod_copy -- a module supporting copying of files on the server
- * without transferring the data to the client and back
-- * Copyright (c) 2009-2016 TJ Saunders
-+ * Copyright (c) 2009-2019 TJ Saunders
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
-@@ -657,7 +657,7 @@ MODRET copy_copy(cmd_rec *cmd) {
- MODRET copy_cpfr(cmd_rec *cmd) {
- register unsigned int i;
- int res;
-- char *path = "";
-+ char *cmd_name, *path = "";
- unsigned char *authenticated = NULL;
-
- if (copy_engine == FALSE) {
-@@ -705,6 +705,21 @@ MODRET copy_cpfr(cmd_rec *cmd) {
- path = pstrcat(cmd->tmp_pool, path, *path ? " " : "", decoded_path, NULL);
- }
-
-+ cmd_name = cmd->argv[0];
-+ pr_cmd_set_name(cmd, "SITE_CPFR");
-+ if (!dir_check(cmd->tmp_pool, cmd, G_READ, path, NULL)) {
-+ int xerrno = EPERM;
-+
-+ pr_cmd_set_name(cmd, cmd_name);
-+ pr_response_add_err(R_550, "%s: %s", (char *) cmd->argv[3],
-+ strerror(xerrno));
-+
-+ pr_cmd_set_errno(cmd, xerrno);
-+ errno = xerrno;
-+ return PR_ERROR(cmd);
-+ }
-+ pr_cmd_set_name(cmd, cmd_name);
-+
- res = pr_filter_allow_path(CURRENT_CONF, path);
- switch (res) {
- case 0:
-@@ -758,6 +773,7 @@ MODRET copy_cpfr(cmd_rec *cmd) {
- MODRET copy_cpto(cmd_rec *cmd) {
- register unsigned int i;
- const char *from, *to = "";
-+ char *cmd_name;
- unsigned char *authenticated = NULL;
-
- if (copy_engine == FALSE) {
-@@ -816,6 +832,20 @@ MODRET copy_cpto(cmd_rec *cmd) {
-
- to = dir_canonical_vpath(cmd->tmp_pool, to);
-
-+ cmd_name = cmd->argv[0];
-+ pr_cmd_set_name(cmd, "SITE_CPTO");
-+ if (!dir_check(cmd->tmp_pool, cmd, G_WRITE, to, NULL)) {
-+ int xerrno = EPERM;
-+
-+ pr_cmd_set_name(cmd, cmd_name);
-+ pr_response_add_err(R_550, "%s: %s", to, strerror(xerrno));
-+
-+ pr_cmd_set_errno(cmd, xerrno);
-+ errno = xerrno;
-+ return PR_ERROR(cmd);
-+ }
-+ pr_cmd_set_name(cmd, cmd_name);
-+
- if (copy_paths(cmd->tmp_pool, from, to) < 0) {
- int xerrno = errno;
- const char *err_code = R_550;
-@@ -940,7 +970,7 @@ static conftable copy_conftab[] = {
-
- static cmdtable copy_cmdtab[] = {
- { CMD, C_SITE, G_WRITE, copy_copy, FALSE, FALSE, CL_MISC },
-- { CMD, C_SITE, G_DIRS, copy_cpfr, FALSE, FALSE, CL_MISC },
-+ { CMD, C_SITE, G_READ, copy_cpfr, FALSE, FALSE, CL_MISC },
- { CMD, C_SITE, G_WRITE, copy_cpto, FALSE, FALSE, CL_MISC },
- { POST_CMD, C_PASS, G_NONE, copy_post_pass, FALSE, FALSE },
- { LOG_CMD, C_SITE, G_NONE, copy_log_site, FALSE, FALSE },
---
-2.22.0
-
+++ /dev/null
-https://bugs.gentoo.org/692434
-https://github.com/proftpd/proftpd/issues/824
---- a/contrib/mod_sql_mysql.c
-+++ b/contrib/mod_sql_mysql.c
-@@ -132,6 +132,7 @@
- #include "../contrib/mod_sql.h"
-
- #include <mysql.h>
-+#include <stdbool.h>
-
- /* The my_make_scrambled_password{,_323} functions are not part of the public
- * MySQL API and are not declared in any of the MySQL header files. But the
-@@ -495,7 +495,11 @@ MODRET cmd_open(cmd_rec *cmd) {
- * http://dev.mysql.com/doc/refman/5.0/en/auto-reconnect.html
- */
- if (!(pr_sql_opts & SQL_OPT_NO_RECONNECT)) {
-+#if MYSQL_VERSION_ID >= 80000
-+ bool reconnect = true;
-+#else
- my_bool reconnect = TRUE;
-+#endif
- mysql_options(conn->mysql, MYSQL_OPT_RECONNECT, &reconnect);
- }
- #endif
+++ /dev/null
-https://bugs.gentoo.org/678490
-
-From 345aa19ee2a98a3612d9b64a49107461455031a0 Mon Sep 17 00:00:00 2001
-From: TJ Saunders <tj@castaglia.org>
-Date: Tue, 18 Jul 2017 23:00:22 -0700
-Subject: [PATCH] Bug#4310: Use of mod_facl as static module causes ProFTPD to
- die on SIGHUP/restart.
-
----
- modules/mod_facl.c | 35 +++++++++++++++++++++++++++++++----
- 1 file changed, 31 insertions(+), 4 deletions(-)
-
-diff --git a/modules/mod_facl.c b/modules/mod_facl.c
-index b3ac42b7b..258708cf5 100644
---- a/modules/mod_facl.c
-+++ b/modules/mod_facl.c
-@@ -1260,16 +1260,34 @@ MODRET set_faclengine(cmd_rec *cmd) {
- return PR_HANDLED(cmd);
- }
-
-+/* Event listeners
-+ */
-+
-+static void unmount_facl(void) {
-+ pr_fs_t *fs;
-+
-+ fs = pr_unmount_fs("/", "facl");
-+ if (fs != NULL) {
-+ destroy_pool(fs->fs_pool);
-+ fs->fs_pool = NULL;
-+ return;
-+ }
-+
-+ if (errno != ENOENT) {
-+ pr_log_debug(DEBUG0, MOD_FACL_VERSION
-+ ": error unmounting 'facl' FS: %s", strerror(errno));
-+ }
-+}
-+
- #if defined(PR_SHARED_MODULE) && \
- defined(PR_USE_FACL) && \
- defined(HAVE_POSIX_ACL)
- static void facl_mod_unload_ev(const void *event_data, void *user_data) {
- if (strcmp("mod_facl.c", (const char *) event_data) == 0) {
-+ pr_fs_t *fs;
-+
- pr_event_unregister(&facl_module, NULL, NULL);
-- if (pr_unregister_fs("/") < 0) {
-- pr_log_debug(DEBUG0, MOD_FACL_VERSION
-- ": error unregistering 'facl' FS: %s", strerror(errno));
-- }
-+ unmount_facl();
- }
- }
- #endif /* !PR_SHARED_MODULE */
-@@ -1303,6 +1321,14 @@ static void facl_postparse_ev(const void *event_data, void *user_data) {
- #endif /* PR_USE_FACL and HAVE_POSIX_ACL */
- }
-
-+static void facl_restart_ev(const void *event_data, void *user_data) {
-+ if (facl_engine == FALSE) {
-+ return;
-+ }
-+
-+ unmount_facl();
-+}
-+
- /* Initialization routines
- */
-
-@@ -1315,6 +1341,7 @@ static int facl_init(void) {
- # endif /* !PR_SHARED_MODULE */
- #endif /* PR_USE_FACL and HAVE_POSIX_ACL */
- pr_event_register(&facl_module, "core.postparse", facl_postparse_ev, NULL);
-+ pr_event_register(&facl_module, "core.restart", facl_restart_ev, NULL);
-
- return 0;
- }
---
-2.20.1
-
+++ /dev/null
-https://bugs.gentoo.org/701814
-https://github.com/proftpd/proftpd/commit/be8e1687819cb665359bd62b4c896ff4b1a09c3f
-
-From be8e1687819cb665359bd62b4c896ff4b1a09c3f Mon Sep 17 00:00:00 2001
-From: TJ Saunders <tj@castaglia.org>
-Date: Sun, 24 Nov 2019 14:03:54 -0800
-Subject: [PATCH] Issue #859, #861: Fix handling of CRL lookups by properly
- using issuer for lookups, and guarding against null pointers.
-
----
- contrib/mod_tls.c | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
---- a/contrib/mod_tls.c
-+++ b/contrib/mod_tls.c
-@@ -9066,10 +9066,10 @@ static int tls_verify_crl(int ok, X509_STORE_CTX *ctx) {
-
- #if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
- !defined(HAVE_LIBRESSL)
-- crls = X509_STORE_CTX_get1_crls(store_ctx, subject);
-+ crls = X509_STORE_CTX_get1_crls(store_ctx, issuer);
- #elif OPENSSL_VERSION_NUMBER >= 0x10000000L && \
- !defined(HAVE_LIBRESSL)
-- crls = X509_STORE_get1_crls(store_ctx, subject);
-+ crls = X509_STORE_get1_crls(store_ctx, issuer);
- #else
- /* Your OpenSSL is before 1.0.0. You really need to upgrade. */
- crls = NULL;
-@@ -9088,6 +9088,9 @@ static int tls_verify_crl(int ok, X509_STORE_CTX *ctx) {
- ASN1_INTEGER *sn;
-
- revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), j);
-+ if (revoked == NULL) {
-+ continue;
-+ }
- #if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
- !defined(HAVE_LIBRESSL)
- sn = X509_REVOKED_get0_serialNumber(revoked);
---
-2.24.0
projects / gentoo.git / commitdiff