Bug#953745: marked as done (stretch-pu: package proftpd-dfsg/1.3.5b-4+deb9u5)

Debian Bug Tracking System Sat, 18 Jul 2020 05:13:01 -0700

Your message dated Sat, 18 Jul 2020 13:07:00 +0100
with message-id 
<b8d89cdfeeda7b6d1ef96a8706a20f9525c2151b.ca...@adam-barratt.org.uk>
and subject line Closing requests for fixes included in 9.13 point release
has caused the Debian Bug report #953745,
regarding stretch-pu: package proftpd-dfsg/1.3.5b-4+deb9u5
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
953745: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953745
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian....@packages.debian.org
Usertags: pu

Dear Release managers,

the package fixes two critical issues, which impact the usability of the
mod_sftp proftp module and the proftp package itself.
There are situations, where users can't connect to an proftp server using
sftp in case the client is recent enough.  Further I removed the debconf
call as it causes a hang in postinst.  Debconf integration has been removed
for buster anyway.

- Issue is solved in Debian unstable since 1.3.6c-1
- Both bugs are set to important
- debdiff is attached

I tested a build on Debian oldstable and the reporters confirmed that the
patch solved both issues.  The debdiff is against deb9u4, which has been
uploaded by the sec team.

Consider to include it in Debian oldstable. Thanks!

Thanks, Hilmar!
-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 5.4.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_GB.UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to en_GB.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-- 
sigmentation fault

diff -Nru proftpd-dfsg-1.3.5b/debian/changelog proftpd-dfsg-1.3.5b/debian/changelog
--- proftpd-dfsg-1.3.5b/debian/changelog	2020-02-25 22:43:05.000000000 +0100
+++ proftpd-dfsg-1.3.5b/debian/changelog	2020-02-13 15:39:08.000000000 +0100
@@ -1,3 +1,12 @@
+proftpd-dfsg (1.3.5b-4+deb9u5) stretch; urgency=medium
+
+  * Add patch from upstream to solve bug4385. (Closes: #949622).
+  * Disable call to /usr/share/debconf/confmodule. Causes hangs during
+    postinst and it is unsure why we have it at all.
+    (Closes: #870624)
+
+ -- Hilmar Preusse <hill...@web.de>  Thu, 12 Mar 2020 15:52:02 +0100
+
 proftpd-dfsg (1.3.5b-4+deb9u4) stretch-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -Nru proftpd-dfsg-1.3.5b/debian/patches/Issue-903-We-want-to-remove-the-data-transfer-comman.patch proftpd-dfsg-1.3.5b/debian/patches/Issue-903-We-want-to-remove-the-data-transfer-comman.patch
--- proftpd-dfsg-1.3.5b/debian/patches/Issue-903-We-want-to-remove-the-data-transfer-comman.patch	2020-02-25 22:43:05.000000000 +0100
+++ proftpd-dfsg-1.3.5b/debian/patches/Issue-903-We-want-to-remove-the-data-transfer-comman.patch	2020-02-13 15:39:08.000000000 +0100
@@ -11,11 +11,11 @@
  src/data.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
-diff --git a/src/data.c b/src/data.c
-index 6ef6d420ef4d..e7b03e231b80 100644
---- a/src/data.c
-+++ b/src/data.c
-@@ -897,7 +897,7 @@ void pr_data_abort(int err, int quiet) {
+Index: proftpd/src/data.c
+===================================================================
+--- proftpd.orig/src/data.c	2020-03-12 15:11:56.344000000 +0100
++++ proftpd/src/data.c	2020-03-12 15:11:56.340000000 +0100
+@@ -955,7 +955,7 @@
      /* Forcibly clear the data-transfer instigating command pool from the
       * Response API.
       */
@@ -24,6 +24,3 @@
    }
  
    if (true_abort) {
--- 
-2.20.1
-
diff -Nru proftpd-dfsg-1.3.5b/debian/patches/kbdint-packets-bug4385.patch proftpd-dfsg-1.3.5b/debian/patches/kbdint-packets-bug4385.patch
--- proftpd-dfsg-1.3.5b/debian/patches/kbdint-packets-bug4385.patch	1970-01-01 01:00:00.000000000 +0100
+++ proftpd-dfsg-1.3.5b/debian/patches/kbdint-packets-bug4385.patch	2020-02-13 15:39:08.000000000 +0100
@@ -0,0 +1,126 @@
+Index: proftpd_build/contrib/mod_sftp/kbdint.c
+===================================================================
+--- proftpd_build.orig/contrib/mod_sftp/kbdint.c	2019-12-08 23:19:15.037069504 +0100
++++ proftpd_build/contrib/mod_sftp/kbdint.c	2020-02-13 15:17:13.000000000 +0100
+@@ -31,6 +31,8 @@
+ 
+ #define SFTP_KBDINT_MAX_RESPONSES	500
+ 
++extern pr_response_t *resp_list, *resp_err_list;
++
+ struct kbdint_driver {
+   struct kbdint_driver *next, *prev;
+ 
+@@ -252,6 +254,77 @@
+   return res;
+ }
+ 
++static struct ssh2_packet *read_response_packet(pool *p) {
++  struct ssh2_packet *pkt = NULL;
++
++  /* Keep looping until we get the desired message, or we time out. */
++  while (pkt == NULL) {
++    int res;
++    char mesg_type;
++
++    pr_signals_handle();
++
++    pkt = sftp_ssh2_packet_create(kbdint_pool);
++    res = sftp_ssh2_packet_read(sftp_conn->rfd, pkt);
++    if (res < 0) {
++      int xerrno = errno;
++
++      destroy_pool(pkt->pool);
++
++      errno = xerrno;
++      return NULL;
++    }
++
++    pr_response_clear(&resp_list);
++    pr_response_clear(&resp_err_list);
++
++    /* Per RFC 4253, Section 11, DEBUG, DISCONNECT, IGNORE, and UNIMPLEMENTED
++     * messages can occur at any time, even during KEX.  We have to be prepared
++     * for this, and Do The Right Thing(tm).
++     */
++
++    mesg_type = sftp_ssh2_packet_get_mesg_type(pkt);
++
++    switch (mesg_type) {
++      case SFTP_SSH2_MSG_DEBUG:
++        sftp_ssh2_packet_handle_debug(pkt);
++        pkt = NULL;
++        break;
++
++      case SFTP_SSH2_MSG_DISCONNECT:
++        sftp_ssh2_packet_handle_disconnect(pkt);
++        pkt = NULL;
++        break;
++
++      case SFTP_SSH2_MSG_IGNORE:
++        sftp_ssh2_packet_handle_ignore(pkt);
++        pkt = NULL;
++        break;
++
++      case SFTP_SSH2_MSG_UNIMPLEMENTED:
++        sftp_ssh2_packet_handle_unimplemented(pkt);
++        pkt = NULL;
++        break;
++
++      case SFTP_SSH2_MSG_USER_AUTH_INFO_RESP:
++        pr_trace_msg(trace_channel, 13,
++          "received expected %s message",
++          sftp_ssh2_packet_get_mesg_type_desc(mesg_type));
++        break;
++
++      default:
++        (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION,
++          "expecting USER_AUTH_INFO_RESP message, received %s (%d)",
++          sftp_ssh2_packet_get_mesg_type_desc(mesg_type), mesg_type);
++        destroy_pool(pkt->pool);
++        errno = EPERM;
++        return NULL;
++    }
++  }
++
++  return pkt;
++}
++
+ int sftp_kbdint_recv_response(pool *p, uint32_t expected_count,
+     uint32_t *rcvd_count, const char ***responses) {
+   register unsigned int i;
+@@ -259,9 +332,7 @@
+   cmd_rec *cmd;
+   array_header *list;
+   uint32_t buflen, resp_count;
+-  struct ssh2_packet *pkt;
+-  char mesg_type;
+-  int res;
++  struct ssh2_packet *pkt = NULL;
+ 
+   if (p == NULL ||
+       rcvd_count == NULL ||
+@@ -270,21 +341,8 @@
+     return -1;
+   }
+ 
+-  pkt = sftp_ssh2_packet_create(kbdint_pool);
+-
+-  res = sftp_ssh2_packet_read(sftp_conn->rfd, pkt);
+-  if (res < 0) {
+-    destroy_pool(pkt->pool);
+-    return res;
+-  }
+-
+-  mesg_type = sftp_ssh2_packet_get_mesg_type(pkt);
+-  if (mesg_type != SFTP_SSH2_MSG_USER_AUTH_INFO_RESP) {
+-    (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION,
+-      "expecting USER_AUTH_INFO_RESP message, received %s (%d)",
+-      sftp_ssh2_packet_get_mesg_type_desc(mesg_type), mesg_type);
+-    destroy_pool(pkt->pool);
+-    errno = EPERM;
++  pkt = read_response_packet(p);
++  if (pkt == NULL) {
+     return -1;
+   }
+ 
diff -Nru proftpd-dfsg-1.3.5b/debian/patches/series proftpd-dfsg-1.3.5b/debian/patches/series
--- proftpd-dfsg-1.3.5b/debian/patches/series	2020-02-25 22:43:05.000000000 +0100
+++ proftpd-dfsg-1.3.5b/debian/patches/series	2020-02-13 15:39:08.000000000 +0100
@@ -18,5 +18,6 @@
 proftpd-1.3.5e-CVE-2019-12815.patch
 bug_846_CVE-2019-18217.patch
 upstream_861_CVE-2019-19269
+kbdint-packets-bug4385.patch
 Issue-903-Ensure-that-we-do-not-reuse-already-destro.patch
 Issue-903-We-want-to-remove-the-data-transfer-comman.patch
diff -Nru proftpd-dfsg-1.3.5b/debian/proftpd-basic.postinst proftpd-dfsg-1.3.5b/debian/proftpd-basic.postinst
--- proftpd-dfsg-1.3.5b/debian/proftpd-basic.postinst	2020-02-25 22:43:05.000000000 +0100
+++ proftpd-dfsg-1.3.5b/debian/proftpd-basic.postinst	2020-02-13 15:39:08.000000000 +0100
@@ -117,7 +117,7 @@
 
 DONTSTART=0
 
-. /usr/share/debconf/confmodule
+#. /usr/share/debconf/confmodule
 
 # update-ined is used if found, else you are on your own
 if [ -x /usr/sbin/update-inetd ]; then

signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message ---

Package: release.debian.org
Version: 9.13

Hi,

All of these requests relate to updates that were included in today's
stretch point release.

Regards,

Adam

--- End Message ---

Bug#953745: marked as done (stretch-pu: package proftpd-dfsg/1.3.5b-4+deb9u5)

Reply via email to