public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
* [rpms/proftpd] epel10.2: Update proftpd to 1.3.9b and mod_proxy to 0.9.7
@ 2026-06-08 16:14 Paul Howarth
0 siblings, 0 replies; only message in thread
From: Paul Howarth @ 2026-06-08 16:14 UTC (permalink / raw)
To: git-commits
A new commit has been pushed.
Repo : rpms/proftpd
Branch : epel10.2
Commit : ef0d3e654f697ebb0bc6e653f2d608e4cf6afca7
Author : Paul Howarth <paul@city-fan.org>
Date : 2026-06-08T16:51:55+01:00
Stats : +54/-237 in 7 file(s)
URL : https://src.fedoraproject.org/rpms/proftpd/c/ef0d3e654f697ebb0bc6e653f2d608e4cf6afca7?branch=epel10.2
Log:
Update proftpd to 1.3.9b and mod_proxy to 0.9.7
- New upstream release 1.3.9b
- Fix SQL Injection in mod_wrap2_sql via reverse DNS hostname (GH#2057,
CVE-2026-44331)
- Additional fix for session management with OpenSSL 3.2.x or later, when
using TLSv1.2 or earlier; this complements the fix for GH#1963 (GH#2096)
- Hard quota limits on uploads do not cause SFTP WRITE requests to fail as
expected (GH#2098)
- Fix SSH payload length underflow calculation for ETM/ChaChaPoly algorithms
in mod_sftp (GH#2102)
- SSH packet with empty payload triggered null pointer dereference in
mod_sftp (GH#2104)
- Bad DSA signatures could lead to out-of-bounds read of heap memory in
mod_sftp (GH#2106)
- Mismatched RSA/DSA algorithm signatures could lead to null dereference in
mod_sftp (GH#2108)
- SFTP request payload length underflow calculation in mod_sftp (GH#2115)
- Several modules failed to build using OpenSSL 4.0 (GH#2120)
- Update mod_proxy to 0.9.7
- Add a check on the maximum allowed SSH payload (vs. packet) length (GH#291)
- Set the payload_len field before checking its value (GH#292)
- Keep the SSH packet reading code in mod_proxy more in line with what is
done in mod_sftp, for legibility (GH#294)
- Implement support for the OpenSSH-specific ChaChaPoly SSH algorithm
(GH#295, GH#296)
- Correct misspellings noted by codespell (GH#297)
- Use clang-tidy to start polishing the codebase (GH#298)
- Disable the Nagle algorithm by default on our TCP connections to back-end
servers (GH#299)
- Require OpenSSL for building (GH#249, GH#300)
- Documentation fixes
- Implement a limit on the number of EXT_INFO extensions we'll be willing to
accept (GH#303)
- Comparison of expected/provided MAC data should be done in a constant-time
manner
- Support PKCS11-stored private keys
- Implement the "mlkem768x25519-sha256" and "sntrup761x25519-sha512"
post-quantum SSH key exchange mechanisms (GH#306)
- Add sanity check for SRV record lengths
- Ensure that the SSH payload length computation, for ETM/ChaChaPoly packets,
does not underflow
- If we detect a bad DSA signature length, properly error out
- Ensure that RSA/DSA signatures match their expected algorithm types, and
avoid null pointer dereferences
- Update to build against OpenSSL 4.x (GH#313)
---
diff --git a/.gitignore b/.gitignore
index 697a1ba..7eeea01 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,13 +1,12 @@
-# rawhide/f44/f43/f42/epel10
-# note: the v0.9.5.tar.gz is mod_proxy
+# rawhide/f44/f43/epel10
/proftpd-1.3.9a.tar.gz
/v0.9.12.tar.gz
-/v0.9.5.tar.gz
+/v0.9.7.tar.gz
# epel9
/proftpd-1.3.8d.tar.gz
/v0.9.11.tar.gz
/v0.9.4.tar.gz
# epel8
-# note: the v0.9.5.tar.gz is mod_vroot
/proftpd-1.3.6e.tar.gz
/v0.9.5.tar.gz
+/proftpd-1.3.9b.tar.gz
diff --git a/04d89957.patch b/04d89957.patch
deleted file mode 100644
index 866ab74..0000000
--- a/04d89957.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 04d89957d8ace325ef76fdfab22049df16a40c0b Mon Sep 17 00:00:00 2001
-From: TJ Saunders <tj@castaglia.org>
-Date: Tue, 5 May 2026 17:22:18 -0700
-Subject: [PATCH] Issue #2052: It is possible that some note values come from
- client-supplied text, and as such, they should always be escaped as well.
-
----
- contrib/mod_sql.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/contrib/mod_sql.c b/contrib/mod_sql.c
-index 4872f5fa6..bafe175ff 100644
---- a/contrib/mod_sql.c
-+++ b/contrib/mod_sql.c
-@@ -987,6 +987,7 @@ static int sql_resolve_on_meta(pool *p, pr_jot_ctx_t *jot_ctx,
- case LOGFMT_META_FILENAME:
- case LOGFMT_META_IDENT_USER:
- case LOGFMT_META_METHOD:
-+ case LOGFMT_META_NOTE_VAR:
- case LOGFMT_META_ORIGINAL_USER:
- case LOGFMT_META_RESPONSE_STR:
- case LOGFMT_META_REMOTE_HOST:
-@@ -1016,7 +1017,6 @@ static int sql_resolve_on_meta(pool *p, pr_jot_ctx_t *jot_ctx,
- case LOGFMT_META_LOCAL_FQDN:
- case LOGFMT_META_LOCAL_IP:
- case LOGFMT_META_LOCAL_NAME:
-- case LOGFMT_META_NOTE_VAR:
- case LOGFMT_META_PROTOCOL:
- case LOGFMT_META_REMOTE_IP:
- case LOGFMT_META_VERSION:
diff --git a/07797aba.patch b/07797aba.patch
deleted file mode 100644
index 521f75d..0000000
--- a/07797aba.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-From 07797aba88dca902da7eaf1dfe262c8896943de7 Mon Sep 17 00:00:00 2001
-From: TJ Saunders <tj@castaglia.org>
-Date: Tue, 5 May 2026 09:56:33 -0700
-Subject: [PATCH] Issue #2057: Properly escape the "name" provided when doing
- SQL lookups for allowed/denied client IP addresses or DNS names.
-
----
- contrib/mod_wrap2_sql.c | 49 +++++++++++++++++++++++++++++++++++++----
- 1 file changed, 45 insertions(+), 4 deletions(-)
-
-diff --git a/contrib/mod_wrap2_sql.c b/contrib/mod_wrap2_sql.c
-index eaf6ea7dc5..d4fd56e699 100644
---- a/contrib/mod_wrap2_sql.c
-+++ b/contrib/mod_wrap2_sql.c
-@@ -1,7 +1,7 @@
- /*
- * ProFTPD: mod_wrap2_sql -- a mod_wrap2 sub-module for supplying IP-based
- * access control data via SQL tables
-- * Copyright (c) 2002-2016 TJ Saunders
-+ * Copyright (c) 2002-2026 TJ Saunders
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
-@@ -25,7 +25,7 @@
- #include "mod_wrap2.h"
- #include "mod_sql.h"
-
--#define MOD_WRAP2_SQL_VERSION "mod_wrap2_sql/1.0"
-+#define MOD_WRAP2_SQL_VERSION "mod_wrap2_sql/1.1"
-
- #define WRAP2_SQL_NSLOTS 2
- #define WRAP2_SQL_CLIENT_QUERY_IDX 0
-@@ -62,6 +62,41 @@ static int sqltab_close_cb(wrap2_table_t *sqltab) {
- return 0;
- }
-
-+static char *sqltab_get_escaped_text(pool *p, wrap2_table_t *sqltab,
-+ const char *text) {
-+ pool *tmp_pool = NULL;
-+ cmdtable *sql_cmdtab = NULL;
-+ cmd_rec *sql_cmd = NULL;
-+ modret_t *sql_res = NULL;
-+
-+ /* Find the cmdtable for the sql_escapestr command, as the provided
-+ * name needs to be properly escaped for SQL syntax; see Issue #2057.
-+ */
-+ sql_cmdtab = pr_stash_get_symbol2(PR_SYM_HOOK, "sql_escapestr", NULL, NULL,
-+ NULL);
-+ if (sql_cmdtab == NULL) {
-+ wrap2_log("error: unable to find SQL hook symbol 'sql_escapestr': "
-+ "perhaps your proftpd.conf needs 'LoadModule mod_sql.c'?");
-+ return NULL;
-+ }
-+
-+ sql_cmd = sql_cmd_create(tmp_pool, 1, text);
-+ sql_res = pr_module_call(sql_cmdtab->m, sql_cmdtab->handler, sql_cmd);
-+ if (sql_res == NULL) {
-+ wrap2_log("sql_escapestr '%s' returned no data; "
-+ "see the mod_sql.c SQLLogFile for more details", text);
-+ return NULL;
-+ }
-+
-+ if (MODRET_ISERROR(sql_res)) {
-+ wrap2_log("error processing sql_escapestr '%s': "
-+ "check the mod_sql.c SQLLogFile for more details", text);
-+ return NULL;
-+ }
-+
-+ return sql_res->data;
-+}
-+
- static array_header *sqltab_fetch_clients_cb(wrap2_table_t *sqltab,
- const char *name) {
- register unsigned int i;
-@@ -70,12 +105,18 @@ static array_header *sqltab_fetch_clients_cb(wrap2_table_t *sqltab,
- cmd_rec *sql_cmd = NULL;
- modret_t *sql_res = NULL;
- array_header *sql_data = NULL;
-- char *query = NULL, **vals = NULL;
-+ char *escaped_name = NULL, *query = NULL, **vals = NULL;
- array_header *clients_list = NULL;
-
- /* Allocate a temporary pool for the duration of this read. */
- tmp_pool = make_sub_pool(sqltab->tab_pool);
-
-+ escaped_name = sqltab_get_escaped_text(tmp_pool, sqltab, name);
-+ if (escaped_name == NULL) {
-+ destroy_pool(tmp_pool);
-+ return NULL;
-+ }
-+
- query = ((char **) sqltab->tab_data)[WRAP2_SQL_CLIENT_QUERY_IDX];
-
- /* Find the cmdtable for the sql_lookup command. */
-@@ -89,7 +130,7 @@ static array_header *sqltab_fetch_clients_cb(wrap2_table_t *sqltab,
- }
-
- /* Prepare the SELECT query. */
-- sql_cmd = sql_cmd_create(tmp_pool, 3, "sql_lookup", query, name);
-+ sql_cmd = sql_cmd_create(tmp_pool, 3, "sql_lookup", query, escaped_name);
-
- /* Call the handler. */
- sql_res = pr_module_call(sql_cmdtab->m, sql_cmdtab->handler, sql_cmd);
diff --git a/5e06acc4.patch b/5e06acc4.patch
deleted file mode 100644
index 270db6c..0000000
--- a/5e06acc4.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 5e06acc4687046c7bf794b55bd8c44a86a05ae61 Mon Sep 17 00:00:00 2001
-From: TJ Saunders <tj@castaglia.org>
-Date: Tue, 5 May 2026 15:59:08 -0700
-Subject: [PATCH] Issue #2057: The same escaping of possibly remote DNS
- hostname should be done when fetching any optional "options" from the SQL
- tables as well.
-
----
- contrib/mod_wrap2_sql.c | 12 +++++++++---
- 1 file changed, 9 insertions(+), 3 deletions(-)
-
-diff --git a/contrib/mod_wrap2_sql.c b/contrib/mod_wrap2_sql.c
-index d4fd56e69..0d52e3833 100644
---- a/contrib/mod_wrap2_sql.c
-+++ b/contrib/mod_wrap2_sql.c
-@@ -233,16 +233,22 @@ static array_header *sqltab_fetch_options_cb(wrap2_table_t *sqltab,
- cmd_rec *sql_cmd = NULL;
- modret_t *sql_res = NULL;
- array_header *sql_data = NULL;
-- char *query = NULL, **vals = NULL;
-+ char *escaped_name = NULL, *query = NULL, **vals = NULL;
- array_header *options_list = NULL;
-
- /* Allocate a temporary pool for the duration of this read. */
- tmp_pool = make_sub_pool(sqltab->tab_pool);
-
-+ escaped_name = sqltab_get_escaped_text(tmp_pool, sqltab, name);
-+ if (escaped_name == NULL) {
-+ destroy_pool(tmp_pool);
-+ return NULL;
-+ }
-+
- query = ((char **) sqltab->tab_data)[WRAP2_SQL_OPTION_QUERY_IDX];
-
- /* The options-query is not necessary. Skip if not present. */
-- if (!query) {
-+ if (query == NULL) {
- destroy_pool(tmp_pool);
- return NULL;
- }
-@@ -258,7 +264,7 @@ static array_header *sqltab_fetch_options_cb(wrap2_table_t *sqltab,
- }
-
- /* Prepare the SELECT query. */
-- sql_cmd = sql_cmd_create(tmp_pool, 3, "sql_lookup", query, name);
-+ sql_cmd = sql_cmd_create(tmp_pool, 3, "sql_lookup", query, escaped_name);
-
- /* Call the handler. */
- sql_res = pr_module_call(sql_cmdtab->m, sql_cmdtab->handler, sql_cmd);
diff --git a/7e076e84.patch b/7e076e84.patch
deleted file mode 100644
index 78a4d49..0000000
--- a/7e076e84.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 7e076e844ab5da63a0887b875aca2c3cfbc83a49 Mon Sep 17 00:00:00 2001
-From: TJ Saunders <tj@castaglia.org>
-Date: Thu, 7 May 2026 09:15:08 -0700
-Subject: [PATCH] Issue #2052: It is possible that some environment values come
- from user-supplied text, so we should always escape `%{env:...}` variables,
- too.
-
----
- contrib/mod_sql.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/contrib/mod_sql.c b/contrib/mod_sql.c
-index bafe175ff..b90725942 100644
---- a/contrib/mod_sql.c
-+++ b/contrib/mod_sql.c
-@@ -984,6 +984,7 @@ static int sql_resolve_on_meta(pool *p, pr_jot_ctx_t *jot_ctx,
- case LOGFMT_META_COMMAND:
- case LOGFMT_META_DIR_NAME:
- case LOGFMT_META_DIR_PATH:
-+ case LOGFMT_META_ENV_VAR:
- case LOGFMT_META_FILENAME:
- case LOGFMT_META_IDENT_USER:
- case LOGFMT_META_METHOD:
-@@ -1010,7 +1011,6 @@ static int sql_resolve_on_meta(pool *p, pr_jot_ctx_t *jot_ctx,
- }
-
- case LOGFMT_META_CLASS:
-- case LOGFMT_META_ENV_VAR:
- case LOGFMT_META_EOS_REASON:
- case LOGFMT_META_GROUP:
- case LOGFMT_META_ISO8601:
diff --git a/proftpd.spec b/proftpd.spec
index b4dc616..9274909 100644
--- a/proftpd.spec
+++ b/proftpd.spec
@@ -17,13 +17,13 @@
%undefine _strict_symbol_defs_build
#global prever rc4
-%global baserelease 2
-%global mod_proxy_version 0.9.5
+%global baserelease 1
+%global mod_proxy_version 0.9.7
%global mod_vroot_version 0.9.12
Summary: Flexible, stable and highly-configurable FTP server
Name: proftpd
-Version: 1.3.9a
+Version: 1.3.9b
Release: %{?prever:0.}%{baserelease}%{?prever:.%{prever}}%{?dist}
License: GPL-2.0-or-later
URL: http://www.proftpd.org/
@@ -43,10 +43,6 @@ Source11: http://github.com/Castaglia/proftpd-mod_proxy/archive/v%{mod_proxy_ve
Patch1: proftpd-1.3.8-shellbang.patch
Patch2: mod_proxy-certificate.patch
Patch3: proftpd-1.3.4rc1-mod_vroot-test.patch
-Patch11: https://github.com/proftpd/proftpd/commit/04d89957.patch
-Patch12: https://github.com/proftpd/proftpd/commit/7e076e84.patch
-Patch13: https://github.com/proftpd/proftpd/commit/07797aba.patch
-Patch14: https://github.com/proftpd/proftpd/commit/5e06acc4.patch
BuildRequires: coreutils
BuildRequires: gcc
@@ -228,17 +224,6 @@ mv contrib/README contrib/README.contrib
# If we're running the full test suite, include the mod_vroot test
%patch -P 3 -p1 -b .test_vroot
-# Additional escaping for avoidance of SQL injection issues with %%{note:...} and %%{env:...}
-# These are on top of the existing fix for CVE-2026-42167 in 1.3.10rc1
-# https://github.com/proftpd/proftpd/issues/2052
-%patch -P 11 -p1
-%patch -P 12 -p1
-
-# Fix for SQL Injection in mod_wrap2_sql via reverse DNS hostname (CVE-2026-44331)
-# https://github.com/proftpd/proftpd/issues/2057
-%patch -P 13 -p1
-%patch -P 14 -p1
-
# Tweak logrotate script for systemd compatibility (#802178)
sed -i -e '/killall/s/test.*/systemctl try-reload-or-restart proftpd.service/' \
contrib/dist/rpm/proftpd.logrotate
@@ -476,6 +461,52 @@ fi
%{_mandir}/man1/ftpwho.1*
%changelog
+* Mon Jun 8 2026 Paul Howarth <paul@city-fan.org> - 1.3.9b-1
+- Update to 1.3.9b
+ - Fix SQL Injection in mod_wrap2_sql via reverse DNS hostname (GH#2057,
+ CVE-2026-44331)
+ - Additional fix for session management with OpenSSL 3.2.x or later, when
+ using TLSv1.2 or earlier; this complements the fix for GH#1963 (GH#2096)
+ - Hard quota limits on uploads do not cause SFTP WRITE requests to fail as
+ expected (GH#2098)
+ - Fix SSH payload length underflow calculation for ETM/ChaChaPoly algorithms
+ in mod_sftp (GH#2102)
+ - SSH packet with empty payload triggered null pointer dereference in
+ mod_sftp (GH#2104)
+ - Bad DSA signatures could lead to out-of-bounds read of heap memory in
+ mod_sftp (GH#2106)
+ - Mismatched RSA/DSA algorithm signatures could lead to null dereference in
+ mod_sftp (GH#2108)
+ - SFTP request payload length underflow calculation in mod_sftp (GH#2115)
+ - Several modules failed to build using OpenSSL 4.0 (GH#2120)
+- Update mod_proxy to 0.9.7
+ - Add a check on the maximum allowed SSH payload (vs. packet) length (GH#291)
+ - Set the payload_len field before checking its value (GH#292)
+ - Keep the SSH packet reading code in mod_proxy more in line with what is
+ done in mod_sftp, for legibility (GH#294)
+ - Implement support for the OpenSSH-specific ChaChaPoly SSH algorithm
+ (GH#295, GH#296)
+ - Correct misspellings noted by codespell (GH#297)
+ - Use clang-tidy to start polishing the codebase (GH#298)
+ - Disable the Nagle algorithm by default on our TCP connections to back-end
+ servers (GH#299)
+ - Require OpenSSL for building (GH#249, GH#300)
+ - Documentation fixes
+ - Implement a limit on the number of EXT_INFO extensions we'll be willing to
+ accept (GH#303)
+ - Comparison of expected/provided MAC data should be done in a constant-time
+ manner
+ - Support PKCS11-stored private keys
+ - Implement the "mlkem768x25519-sha256" and "sntrup761x25519-sha512"
+ post-quantum SSH key exchange mechanisms (GH#306)
+ - Add sanity check for SRV record lengths
+ - Ensure that the SSH payload length computation, for ETM/ChaChaPoly packets,
+ does not underflow
+ - If we detect a bad DSA signature length, properly error out
+ - Ensure that RSA/DSA signatures match their expected algorithm types, and
+ avoid null pointer dereferences
+ - Update to build against OpenSSL 4.x (GH#313)
+
* Mon May 11 2026 Paul Howarth <paul@city-fan.org> - 1.3.9a-2
- Additional escaping for avoidance of SQL injection issues with %%{note:...}
and %%{env:...}; these are on top of the existing fix for CVE-2026-42167 in
diff --git a/sources b/sources
index 959a85f..3354efa 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (proftpd-1.3.9a.tar.gz) = 217780522a9366dd16c678ab4ca3de8a6079482a0d68d2f0ab7869d0f8aba4982d0cb0105821f52c8d2fca6f76b3156da70bdbb7d01ac96ad5c16f99f33fdd76
+SHA512 (proftpd-1.3.9b.tar.gz) = bfcfe013db3b93247abacd2fd8fb2d929feede4e7f804a2416ca161c5cc1a3a4a18e1cc5914ae6536ebc2f40da69c1713a65c1317a3a8cbfe63706709f2e4dec
SHA512 (v0.9.12.tar.gz) = a84c14b9d05c4890abe50c86f832c91fa4d0971bc2b1866a3a34d73ff85acd1e902fc0cae739e22ea46e530c73230fb005ea9edeb68fd6cfb963e0c5ca9655ec
-SHA512 (v0.9.5.tar.gz) = 72fc691ea480f3c71ac2f21a1d35465412faf09fddb1b78f6e8f7b26fbf9a7db7813a74dd3e20b9992430bd7a61ef55395474a9c4b6ccaf45ee3e2b36784346b
+SHA512 (v0.9.7.tar.gz) = 9979dc21ebebf5f219303769cebd73be9ab66ae7f50756fa12bdf37bcac1cdc9ac70feeb557ef16bb4bb3fcf8121aed4d16b6a0e5c0738bbcc53a0055410c3cd
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-08 16:14 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-08 16:14 [rpms/proftpd] epel10.2: Update proftpd to 1.3.9b and mod_proxy to 0.9.7 Paul Howarth
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox