Security: Fix a double-fclose vulnerability in the dataconn function (CVE-2007-6263, #199206)

Package-Manager: portage-2.1.3.19
author: Robert Buchholz <rbu@gentoo.org> 2008-01-10 23:51:09 +0000
committer: Robert Buchholz <rbu@gentoo.org> 2008-01-10 23:51:09 +0000
commit: 778e5af14013ce973d8db208e21a1f2e59073d05 (patch)
tree: 49c7877a1793a794322d95e4cc91f246b3726acc /net-ftp/netkit-ftpd
parent: Remove old. (diff)
download: historical-778e5af14013ce973d8db208e21a1f2e59073d05.tar.gz
historical-778e5af14013ce973d8db208e21a1f2e59073d05.tar.bz2
historical-778e5af14013ce973d8db208e21a1f2e59073d05.zip
5 files changed, 52 insertions, 25 deletions
diff --git a/net-ftp/netkit-ftpd/ChangeLog b/net-ftp/netkit-ftpd/ChangeLog
index 5133c26f65cb..a564bfe43997 100644
--- a/net-ftp/netkit-ftpd/ChangeLog
+++ b/net-ftp/netkit-ftpd/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for net-ftp/netkit-ftpd
-# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-ftp/netkit-ftpd/ChangeLog,v 1.8 2007/12/30 20:38:31 ulm Exp $
+# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/netkit-ftpd/ChangeLog,v 1.9 2008/01/10 23:51:08 rbu Exp $
+
+*netkit-ftpd-0.17-r7 (10 Jan 2008)
+
+  10 Jan 2008; Robert Buchholz <rbu@gentoo.org>
+  +files/netkit-ftpd-0.17-fclose-CVE-2007-6263.patch,
+  -netkit-ftpd-0.17-r6.ebuild, +netkit-ftpd-0.17-r7.ebuild:
+  Security: Fix a double-fclose vulnerability in the dataconn function
+  (CVE-2007-6263, #199206)
 
 *netkit-ftpd-0.17-r6 (30 Dec 2007)
 
diff --git a/net-ftp/netkit-ftpd/Manifest b/net-ftp/netkit-ftpd/Manifest
index ef28ca4522ad..361ee83357bf 100644
--- a/net-ftp/netkit-ftpd/Manifest
+++ b/net-ftp/netkit-ftpd/Manifest
@@ -1,6 +1,3 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
 AUX ftp.xinetd 318 RMD160 fbb913e2ec08c7cbd08b1a520ca8893c21919cf3 SHA1 90b9af1d19230098a45d2995d5271d5343be0a16 SHA256 e55e99f3b978648f9e126f31caae7b7ab870e310dd29dc2120723bae9addd24f
 MD5 4a89aeceac5dd0b32bfa42c3103714ff files/ftp.xinetd 318
 RMD160 fbb913e2ec08c7cbd08b1a520ca8893c21919cf3 files/ftp.xinetd 318
@@ -17,6 +14,10 @@ AUX netkit-ftpd-0.17-cleanup.patch 186 RMD160 4e9690b7d03cd49783bc8f2f1ca0c021ed
 MD5 c4967c150312787be69aaea3127feb88 files/netkit-ftpd-0.17-cleanup.patch 186
 RMD160 4e9690b7d03cd49783bc8f2f1ca0c021eddce117 files/netkit-ftpd-0.17-cleanup.patch 186
 SHA256 5eb8134a8be569f1fc448bb781193f1820bddd36e735b1d164de2dfd4071a12f files/netkit-ftpd-0.17-cleanup.patch 186
+AUX netkit-ftpd-0.17-fclose-CVE-2007-6263.patch 658 RMD160 eaad780f4978e9f1bffde66a5b06226cc045daae SHA1 4a05d978f1c1c3c855c83b0adf0e85df7dbe122b SHA256 aa233506a3322bd9363aca4423b1bbb18ad618f2d722edae614b47640f42bb65
+MD5 558c647338ad82eb337e531331f43b1b files/netkit-ftpd-0.17-fclose-CVE-2007-6263.patch 658
+RMD160 eaad780f4978e9f1bffde66a5b06226cc045daae files/netkit-ftpd-0.17-fclose-CVE-2007-6263.patch 658
+SHA256 aa233506a3322bd9363aca4423b1bbb18ad618f2d722edae614b47640f42bb65 files/netkit-ftpd-0.17-fclose-CVE-2007-6263.patch 658
 AUX netkit-ftpd-0.17-gcc41.patch 770 RMD160 d9c69b0b8d1ded60b399ec36e0f975f8e14e57af SHA1 87db2260da0d0ae00d558de586853794b27c168e SHA256 d5ebda1221b9dbce3ba7ddccae846da65a0c7c5e544a0a8625d93396a3a1ea50
 MD5 7e94d8f9f93abba34bff5b358dead289 files/netkit-ftpd-0.17-gcc41.patch 770
 RMD160 d9c69b0b8d1ded60b399ec36e0f975f8e14e57af files/netkit-ftpd-0.17-gcc41.patch 770
@@ -39,14 +40,14 @@ EBUILD netkit-ftpd-0.17-r5.ebuild 1571 RMD160 ac26540f7510735ed9dc04b3e45147b8a8
 MD5 75a29a8ad0cbb178eb680557bbdc4f39 netkit-ftpd-0.17-r5.ebuild 1571
 RMD160 ac26540f7510735ed9dc04b3e45147b8a80133b0 netkit-ftpd-0.17-r5.ebuild 1571
 SHA256 39d9b1cc5633a9a35117bc567e23380e14070783838ca6fc78961dcd391b22a1 netkit-ftpd-0.17-r5.ebuild 1571
-EBUILD netkit-ftpd-0.17-r6.ebuild 1550 RMD160 7c9572e28712de00a1a96c940c931ab38b9c1a56 SHA1 a4744ba251e74d2b0066db5c9f993452a694fd7e SHA256 0aaac24001710a395e905bd9f4f6959a8c30f9705a7e0426a2f261d3f4d5c1e1
-MD5 388b99a2f8a286f4112ef853d1e3e67c netkit-ftpd-0.17-r6.ebuild 1550
-RMD160 7c9572e28712de00a1a96c940c931ab38b9c1a56 netkit-ftpd-0.17-r6.ebuild 1550
-SHA256 0aaac24001710a395e905bd9f4f6959a8c30f9705a7e0426a2f261d3f4d5c1e1 netkit-ftpd-0.17-r6.ebuild 1550
-MISC ChangeLog 5605 RMD160 f2889d37713af6629b54e43167ca82ef2a2258f5 SHA1 5d01387eab0b9b56d8f1199c10b9d2610e37307a SHA256 687cfe05fb2259c6d2fb72f7e4645085a6a28eaeabd5a0b64f1d6ec14cccc1e8
-MD5 14d179e87b017860a2a82ad2f403294a ChangeLog 5605
-RMD160 f2889d37713af6629b54e43167ca82ef2a2258f5 ChangeLog 5605
-SHA256 687cfe05fb2259c6d2fb72f7e4645085a6a28eaeabd5a0b64f1d6ec14cccc1e8 ChangeLog 5605
+EBUILD netkit-ftpd-0.17-r7.ebuild 1612 RMD160 68a1d34ca2d510d1c76eb2649784daf1d78c44f3 SHA1 de0000492f99e61373a14cd0ccf96603afbbe8c8 SHA256 2db58a085c5267c56e9bb34c2a0a74a731ca5de676aa583e947c11a54d6a3803
+MD5 a3c4c576523fe9cae1dc13ac1f1a5075 netkit-ftpd-0.17-r7.ebuild 1612
+RMD160 68a1d34ca2d510d1c76eb2649784daf1d78c44f3 netkit-ftpd-0.17-r7.ebuild 1612
+SHA256 2db58a085c5267c56e9bb34c2a0a74a731ca5de676aa583e947c11a54d6a3803 netkit-ftpd-0.17-r7.ebuild 1612
+MISC ChangeLog 5902 RMD160 fb34681075c1ba46d66f9e5d466551c017c8ff26 SHA1 5c1adec75a614e33d3f96df0751397e6e6e69e63 SHA256 b86a7bd33a5a439f3090d9f379b2111c286586a0eac2c104d65bfd49e26c3db1
+MD5 c52325765a46ab77cc144669c1766d4d ChangeLog 5902
+RMD160 fb34681075c1ba46d66f9e5d466551c017c8ff26 ChangeLog 5902
+SHA256 b86a7bd33a5a439f3090d9f379b2111c286586a0eac2c104d65bfd49e26c3db1 ChangeLog 5902
 MISC metadata.xml 165 RMD160 1c3eeab5c3fc7c211e19ce70d30db054b3448591 SHA1 e5bc9fac08f72762fdc827e1b520ed403667be37 SHA256 0879c713d0d1ea2f39c1088bf4717b1328b4ab06d6f5dd6968c5559750422ae6
 MD5 2fde084ac8d62be622a13e156d25f684 metadata.xml 165
 RMD160 1c3eeab5c3fc7c211e19ce70d30db054b3448591 metadata.xml 165
@@ -57,13 +58,6 @@ SHA256 193c18b7c4e2467ed5453bee8fc5e2b66ab314c429cc4a2daf79fbe652de26ba files/di
 MD5 a5158bf958d1411f9daefa3a43b7f12e files/digest-netkit-ftpd-0.17-r5 497
 RMD160 db856b5782788330427703698f410c205225d8e2 files/digest-netkit-ftpd-0.17-r5 497
 SHA256 193c18b7c4e2467ed5453bee8fc5e2b66ab314c429cc4a2daf79fbe652de26ba files/digest-netkit-ftpd-0.17-r5 497
-MD5 a5158bf958d1411f9daefa3a43b7f12e files/digest-netkit-ftpd-0.17-r6 497
-RMD160 db856b5782788330427703698f410c205225d8e2 files/digest-netkit-ftpd-0.17-r6 497
-SHA256 193c18b7c4e2467ed5453bee8fc5e2b66ab314c429cc4a2daf79fbe652de26ba files/digest-netkit-ftpd-0.17-r6 497
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.8 (GNU/Linux)
-
-iEYEARECAAYFAkd4Ad4ACgkQOeoy/oIi7uyqUwCfY0+jy9edcHUfODqIvGBwnLId
-Jl8AoOsNLrYW6XmgkVh9D0bnoekgvRow
-=OfQY
------END PGP SIGNATURE-----
+MD5 a5158bf958d1411f9daefa3a43b7f12e files/digest-netkit-ftpd-0.17-r7 497
+RMD160 db856b5782788330427703698f410c205225d8e2 files/digest-netkit-ftpd-0.17-r7 497
+SHA256 193c18b7c4e2467ed5453bee8fc5e2b66ab314c429cc4a2daf79fbe652de26ba files/digest-netkit-ftpd-0.17-r7 497
diff --git a/net-ftp/netkit-ftpd/files/digest-netkit-ftpd-0.17-r6 b/net-ftp/netkit-ftpd/files/digest-netkit-ftpd-0.17-r7
index 9c0de1ba222e..9c0de1ba222e 100644
--- a/net-ftp/netkit-ftpd/files/digest-netkit-ftpd-0.17-r6
+++ b/net-ftp/netkit-ftpd/files/digest-netkit-ftpd-0.17-r7
diff --git a/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-fclose-CVE-2007-6263.patch b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-fclose-CVE-2007-6263.patch
new file mode 100644
index 000000000000..5da61aee7343
--- /dev/null
+++ b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-fclose-CVE-2007-6263.patch
@@ -0,0 +1,24 @@
+diff -u linux-ftpd-ssl-0.17.18+0.3/ftpd/ftpd.c linux-ftpd-ssl-0.17.18+0.3/ftpd/ftpd.c
+--- linux-ftpd-ssl-0.17.18+0.3/ftpd/ftpd.c
++++ linux-ftpd-ssl-0.17.18+0.3/ftpd/ftpd.c
+@@ -1729,7 +1729,7 @@
+ static FILE * dataconn(const char *name, off_t size, const char *mode, int stou)
+ {
+ 	char sizebuf[32];
+-	FILE *file;
++	FILE *file = NULL;
+ 	int retry = 0, tos;
+ 
+ 	file_size = size;
+@@ -1822,7 +1822,10 @@
+ 				    ERR_error_string(ERR_get_error(),NULL));
+ 			perror_reply(425, errbuf);
+ 			/* abort time methinks ... */
+-			fclose(file);
++			if(file != NULL){
++				fclose(file);
++				file = NULL;
++			}
+ 			return NULL;
+ 		    } else {
+ 			if (ssl_debug_flag) {
diff --git a/net-ftp/netkit-ftpd/netkit-ftpd-0.17-r6.ebuild b/net-ftp/netkit-ftpd/netkit-ftpd-0.17-r7.ebuild
index 068bc031ddba..3d754854d2d2 100644
--- a/net-ftp/netkit-ftpd/netkit-ftpd-0.17-r6.ebuild
+++ b/net-ftp/netkit-ftpd/netkit-ftpd-0.17-r7.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2007 Gentoo Foundation
+# Copyright 1999-2008 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-ftp/netkit-ftpd/netkit-ftpd-0.17-r6.ebuild,v 1.1 2007/12/30 20:38:31 ulm Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/netkit-ftpd/netkit-ftpd-0.17-r7.ebuild,v 1.1 2008/01/10 23:51:08 rbu Exp $
 
 inherit eutils ssl-cert
 
@@ -30,6 +30,7 @@ src_unpack() {
 	epatch "${FILESDIR}"/${P}-shadowfix.patch
 	epatch "${FILESDIR}"/${P}-gcc41.patch
 	epatch "${FILESDIR}"/${P}-setguid.patch
+	epatch "${FILESDIR}"/${P}-fclose-CVE-2007-6263.patch #199206
 }
 
 src_compile() {
author	Robert Buchholz <rbu@gentoo.org>	2008-01-10 23:51:09 +0000
committer	Robert Buchholz <rbu@gentoo.org>	2008-01-10 23:51:09 +0000
commit	778e5af14013ce973d8db208e21a1f2e59073d05 (patch)
tree	49c7877a1793a794322d95e4cc91f246b3726acc /net-ftp/netkit-ftpd
parent	Remove old. (diff)
download	historical-778e5af14013ce973d8db208e21a1f2e59073d05.tar.gz historical-778e5af14013ce973d8db208e21a1f2e59073d05.tar.bz2 historical-778e5af14013ce973d8db208e21a1f2e59073d05.zip