Hello community, here is the log from the commit of package pure-ftpd for openSUSE:11.2 checked in at Tue Apr 12 10:32:03 CEST 2011. -------- --- old-versions/11.2/UPDATES/all/pure-ftpd/pure-ftpd.changes 2010-01-12 17:42:19.000000000 +0100 +++ 11.2/pure-ftpd/pure-ftpd.changes 2011-04-11 14:56:51.000000000 +0200 @@ -1,0 +2,7 @@ +Mon Apr 11 12:56:35 UTC 2011 - mvyskocil@suse.cz + +- fix bnc#686590 - VUL-0: new pure-ftpd version fix STARTTLS issues similar to + CVE-2011-0411 + * flush command buffer after switch to TLS + +------------------------------------------------------------------- calling whatdependson for 11.2-i586 New: ---- pure-ftpd-1.0.22-flush-cmd-after-tls.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pure-ftpd.spec ++++++ --- /var/tmp/diff_new_pack.8xdqdc/_old 2011-04-12 10:31:36.000000000 +0200 +++ /var/tmp/diff_new_pack.8xdqdc/_new 2011-04-12 10:31:36.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package pure-ftpd (Version 1.0.22) +# spec file for package pure-ftpd # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ Name: pure-ftpd BuildRequires: mysql-devel openldap2-devel pam-devel postgresql-devel Version: 1.0.22 -Release: 3.<RELEASE2> +Release: 3.<RELEASE4> Url: http://www.pureftpd.org Source: ftp://ftp.pureftpd.org/pub/%{name}/releases/%{name}-%version.tar.bz2 Source1: %{name}.init @@ -36,6 +36,9 @@ Patch5: %{name}-1.0.20_ftpwho_path.patch Patch7: pure-ftpd-1.0.22-default_tcp_sedrcv_buffer_size.patch Patch8: pure-ftpd-1.0.21-portrange.patch +#PATCH-FIX-UPSTREAM: +#https://github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d2... +Patch9: pure-ftpd-1.0.22-flush-cmd-after-tls.patch Patch100: pure-ftpd-1.0.20-oes_remote_server.patch Group: Productivity/Networking/Ftp/Servers License: BSD3c @@ -66,6 +69,7 @@ %patch5 %patch7 %patch8 +%patch9 -p1 # uncomment this if you want to have the OES remote_server feature # %patch100 -p0 ++++++ pure-ftpd-1.0.22-flush-cmd-after-tls.patch ++++++ Index: pure-ftpd-1.0.22/src/ftp_parser.c =================================================================== --- pure-ftpd-1.0.22.orig/src/ftp_parser.c 2009-04-30 07:51:04.000000000 +0200 +++ pure-ftpd-1.0.22/src/ftp_parser.c 2011-04-11 14:45:40.701995388 +0200 @@ -57,14 +57,20 @@ * -Frank. */ +static size_t scanned; +static size_t readend; + +static void flush_cmd(void) +{ + scanned = readend = (size_t) 0U; +} + int sfgets(void) { fd_set rs; struct timeval tv; ssize_t readen; signed char seen_r = 0; - static size_t scanned; - static size_t readend; if (scanned > (size_t) 0U) { /* support pipelining */ readend -= scanned; @@ -346,6 +352,7 @@ addreply_noformat(234, "AUTH TLS OK."); doreply(); if (tls_cnx == NULL) { + flush_cmd(); (void) tls_init_new_session(); } goto wayout; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org