aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2015-03-11 10:20:14 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2015-03-11 10:20:14 +0000
commit0f34999f6985bddddfd91ed96461e855b8ac37cc (patch)
tree5b4e0c9b7af1e34700b05c3ce0446b2046c28510
parentf5ea0fe91cddfad3fcdeb1d263a2ad695f1074ca (diff)
downloadaports-0f34999f6985bddddfd91ed96461e855b8ac37cc.tar.bz2
aports-0f34999f6985bddddfd91ed96461e855b8ac37cc.tar.xz
main/vsftpd: security fix for CVE-2015-1419
-rw-r--r--main/vsftpd/APKBUILD6
-rw-r--r--main/vsftpd/CVE-2015-1419.patch97
2 files changed, 102 insertions, 1 deletions
diff --git a/main/vsftpd/APKBUILD b/main/vsftpd/APKBUILD
index d97261b7a4..c77004d89b 100644
--- a/main/vsftpd/APKBUILD
+++ b/main/vsftpd/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=vsftpd
pkgver=3.0.2
-pkgrel=8
+pkgrel=9
pkgdesc="Very secure ftpd"
url="http://vsftpd.beasts.org"
arch="all"
@@ -14,6 +14,7 @@ install="$pkgname.pre-install"
source="https://security.appspot.com/downloads/vsftpd-${pkgver}.tar.gz
vsftpd-enable-ssl.patch
vsftpd-clearenv.patch
+ CVE-2015-1419.patch
vsftpd.initd
vsftpd.confd
wtmpx_file.patch"
@@ -54,18 +55,21 @@ package() {
md5sums="8b00c749719089401315bd3c44dddbb2 vsftpd-3.0.2.tar.gz
018ee421c56dd1b6f21bdfdf3628b97e vsftpd-enable-ssl.patch
a97b6a7c69d872393dc993f6eb291bfa vsftpd-clearenv.patch
+9ee92ccdf8e9a7db7e668617dc269def CVE-2015-1419.patch
b48784af42b0f787e55276fc20476aa2 vsftpd.initd
9e495776096c78c3f9d9e6756a8c3003 vsftpd.confd
a8ca7b0680a76bbb79b0fd978a6b5d0f wtmpx_file.patch"
sha256sums="be46f0e2c5528fe021fafc8dab1ecfea0c1f183063a06977f8537fcd0b195e56 vsftpd-3.0.2.tar.gz
4cce385d98f0ddd76ab6bb07703d4ca6b6cab7f2b3c6f44da993b9df77e626db vsftpd-enable-ssl.patch
7c29e61c1fbb8881fc252c2b79c242a084b628299f7963f9c43d6e8162ed776e vsftpd-clearenv.patch
+fb50d1e24ee65bab005007179b8d128ca84decc93222f790ab3fd6eca5237180 CVE-2015-1419.patch
78d79b46017accf34d64f02e22d2f1d7bd58c78d8bc5cb6f692c139d285a562a vsftpd.initd
5ed45cbe507676fd1252427016047e02b775acfb3dd0f3e44fe61410a8e7a1ba vsftpd.confd
5ea711e43ae4dff6ca110432dec27af9cbea4b697920ba5ea0a254b2642e3e41 wtmpx_file.patch"
sha512sums="d5b978e07d8b0a623b79a531824666fb9b970ad5989a8c34c21b545b62ba07cde4bfe3d77b40a8b6e92d17890c37cae209231af8f106da3404f6548e217bd023 vsftpd-3.0.2.tar.gz
842c1bd972f710e4ba15e1d62a4c8ebf133dc279607b844710ad6484834b6f3a43f9f3296a53e3176df2cec129b0d96b30f0610042ee66b3263d821e1efda398 vsftpd-enable-ssl.patch
13a3949695ad904c5389513206b9db71b6a4f5d35cd0c37484d9a8d8db1cd7a10c023b005661241a2e6b993fdd9c93eb7b3faaaf2542bf68a1520cf869abd710 vsftpd-clearenv.patch
+73023176872a60a60ea72dc370c13617b5113ff9eb8df8f56c4efc709ca9f7752aed4c7e19530927ea6fe9ccb52dbd8ec128ec898cc8177c6d62ad41c4f281f1 CVE-2015-1419.patch
23c9b66f2463b16d54f9ec5f03134f893692700f269dc9baa57f4659599b2afe04c5b0f302a610deee763656447b50a4ef082fc8551241c399122fc4c1a9431e vsftpd.initd
7bd138cf66356db55d00796f99b327e9aedf45a48b6fc9b464801fd17a69949ca1296131513c289b0293d27b29c1add08e601068501591108ed7fb13efeeacf3 vsftpd.confd
bb1bcb97df769d658e3d99a1ed1b585250a84ecfb7371adc17dff85732eee0bdc53442725c91e7563dda250d3c0b1cea1f3a5e805f3abc36aa7d27a7ba237742 wtmpx_file.patch"
diff --git a/main/vsftpd/CVE-2015-1419.patch b/main/vsftpd/CVE-2015-1419.patch
new file mode 100644
index 0000000000..b0662b4580
--- /dev/null
+++ b/main/vsftpd/CVE-2015-1419.patch
@@ -0,0 +1,97 @@
+Index: vsftpd-3.0.2/ls.c
+===================================================================
+--- vsftpd-3.0.2.orig/ls.c
++++ vsftpd-3.0.2/ls.c
+@@ -7,6 +7,7 @@
+ * Would you believe, code to handle directory listing.
+ */
+
++#include <stdlib.h>
+ #include "ls.h"
+ #include "access.h"
+ #include "defs.h"
+@@ -243,11 +244,42 @@ vsf_filename_passes_filter(const struct
+ struct mystr temp_str = INIT_MYSTR;
+ struct mystr brace_list_str = INIT_MYSTR;
+ struct mystr new_filter_str = INIT_MYSTR;
++ struct mystr normalize_filename_str = INIT_MYSTR;
++ const char *normname;
++ const char *path;
+ int ret = 0;
+ char last_token = 0;
+ int must_match_at_current_pos = 1;
++
+ str_copy(&filter_remain_str, p_filter_str);
+- str_copy(&name_remain_str, p_filename_str);
++
++ /* normalize filepath */
++ path = str_strdup(p_filename_str);
++ normname = realpath(path, NULL);
++ if (normname == NULL)
++ goto out;
++ str_alloc_text(&normalize_filename_str, normname);
++
++ if (!str_isempty (&filter_remain_str) && !str_isempty(&normalize_filename_str)) {
++ if (str_get_char_at(p_filter_str, 0) == '/') {
++ if (str_get_char_at(&normalize_filename_str, 0) != '/') {
++ str_getcwd (&name_remain_str);
++
++ if (str_getlen(&name_remain_str) > 1) /* cwd != root dir */
++ str_append_char (&name_remain_str, '/');
++
++ str_append_str (&name_remain_str, &normalize_filename_str);
++ }
++ else
++ str_copy (&name_remain_str, &normalize_filename_str);
++ } else {
++ if (str_get_char_at(p_filter_str, 0) != '{')
++ str_basename (&name_remain_str, &normalize_filename_str);
++ else
++ str_copy (&name_remain_str, &normalize_filename_str);
++ }
++ } else
++ str_copy(&name_remain_str, &normalize_filename_str);
+
+ while (!str_isempty(&filter_remain_str) && *iters < VSFTP_MATCHITERS_MAX)
+ {
+@@ -360,6 +392,9 @@ vsf_filename_passes_filter(const struct
+ ret = 0;
+ }
+ out:
++ free(normname);
++ free(path);
++ str_free(&normalize_filename_str);
+ str_free(&filter_remain_str);
+ str_free(&name_remain_str);
+ str_free(&temp_str);
+Index: vsftpd-3.0.2/str.c
+===================================================================
+--- vsftpd-3.0.2.orig/str.c
++++ vsftpd-3.0.2/str.c
+@@ -770,3 +770,14 @@ str_replace_unprintable(struct mystr* p_
+ }
+ }
+
++void
++str_basename (struct mystr* d_str, const struct mystr* path)
++{
++ static struct mystr tmp;
++
++ str_copy (&tmp, path);
++ str_split_char_reverse(&tmp, d_str, '/');
++
++ if (str_isempty(d_str))
++ str_copy (d_str, path);
++}
+Index: vsftpd-3.0.2/str.h
+===================================================================
+--- vsftpd-3.0.2.orig/str.h
++++ vsftpd-3.0.2/str.h
+@@ -101,6 +101,7 @@ void str_replace_unprintable(struct myst
+ int str_atoi(const struct mystr* p_str);
+ filesize_t str_a_to_filesize_t(const struct mystr* p_str);
+ unsigned int str_octal_to_uint(const struct mystr* p_str);
++void str_basename (struct mystr* d_str, const struct mystr* path);
+
+ /* PURPOSE: Extract a line of text (delimited by \n or EOF) from a string
+ * buffer, starting at character position 'p_pos'. The extracted line will