Update to 1.3.8b for fix CVE-2023-51713,CVE-2023-48795

2023-12-26 10:26:07 +08:00 · 2023-12-26 10:26:07 +08:00 · 2bbf5c8636
commit 2bbf5c8636
parent c82be714d3
3 changed files with 4 additions and 143 deletions
--- a/1592.patch
+++ b/1592.patch
@ -1,139 +0,0 @@
 From c2c1232255d35ca641709a7dfbd3b70a6cb155bf Mon Sep 17 00:00:00 2001
 From: TJ Saunders <tj@castaglia.org>
 Date: Fri, 3 Feb 2023 11:04:24 -0800
 Subject: [PATCH] Issue #1590: When we properly detect (via linking) the
 `libidn2` library, make sure that the proper linker flags are set, especially
 for linking dynamic modules.
 ---
 configure    | 20 ++++++++++++++++----
 configure.in | 14 ++++++++++++--
 2 files changed, 28 insertions(+), 6 deletions(-)
 diff --git a/configure b/configure
 index 8db039b50..03d973203 100755
 --- a/configure
 +++ b/configure
@@ -21447,6 +21447,8 @@ rm -f core conftest.err conftest.$ac_objext \
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for idn2_to_ascii_8z" >&5
 $as_echo_n "checking for idn2_to_ascii_8z... " >&6; }
 +old_libs=$LIBS
 +LIBS="-lidn2 $LIBS"
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
@@ -21468,7 +21470,7 @@ main ()
   return 0;
 }
 _ACEOF
 -if ac_fn_c_try_compile "$LINENO"; then :
 +if ac_fn_c_try_link "$LINENO"; then :
     { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 $as_echo "yes" >&6; }
@@ -21476,18 +21478,24 @@ $as_echo "yes" >&6; }
 $as_echo "#define HAVE_IDN2_TO_ASCII_8Z 1" >>confdefs.h
     MAIN_LIBS="$MAIN_LIBS -lidn2"
 +    ac_orig_libs="$ac_orig_libs -lidn2"
 +    SHARED_MODULE_LIBS="$SHARED_MODULE_LIBS -lidn2"
 else
     { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
 $as_echo "no" >&6; }
 +    LIBS=$old_libs
 fi
 -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 +rm -f core conftest.err conftest.$ac_objext \
 +    conftest$ac_exeext conftest.$ac_ext
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for idna_to_ascii_8z" >&5
 $as_echo_n "checking for idna_to_ascii_8z... " >&6; }
 +old_libs=$LIBS
 +LIBS="-lidn $LIBS"
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
@@ -21509,7 +21517,7 @@ main ()
   return 0;
 }
 _ACEOF
 -if ac_fn_c_try_compile "$LINENO"; then :
 +if ac_fn_c_try_link "$LINENO"; then :
     { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 $as_echo "yes" >&6; }
@@ -21517,15 +21525,19 @@ $as_echo "yes" >&6; }
 $as_echo "#define HAVE_IDNA_TO_ASCII_8Z 1" >>confdefs.h
     MAIN_LIBS="$MAIN_LIBS -lidn"
 +    ac_orig_libs="$ac_orig_libs -lidn"
 +    SHARED_MODULE_LIBS="$SHARED_MODULE_LIBS -lidn"
 else
     { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
 $as_echo "no" >&6; }
 +    LIBS=$old_libs
 fi
 -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 +rm -f core conftest.err conftest.$ac_objext \
 +    conftest$ac_exeext conftest.$ac_ext
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dirfd" >&5
 $as_echo_n "checking for dirfd... " >&6; }
 diff --git a/configure.in b/configure.in
 index cd753c1f2..12a534451 100644
 --- a/configure.in
 +++ b/configure.in
@@ -2058,7 +2058,9 @@ AC_TRY_LINK(
 )
 AC_MSG_CHECKING([for idn2_to_ascii_8z])
 -AC_TRY_COMPILE(
 +old_libs=$LIBS
 +LIBS="-lidn2 $LIBS"
 +AC_TRY_LINK(
   [
     #include <sys/types.h>
     #ifdef HAVE_IDN2_H
@@ -2075,14 +2077,19 @@ AC_TRY_COMPILE(
     AC_MSG_RESULT(yes)
     AC_DEFINE(HAVE_IDN2_TO_ASCII_8Z, 1, [Define if you have idn2_to_ascii_8z])
     MAIN_LIBS="$MAIN_LIBS -lidn2"
 +    ac_orig_libs="$ac_orig_libs -lidn2"
 +    SHARED_MODULE_LIBS="$SHARED_MODULE_LIBS -lidn2"
   ],
   [
     AC_MSG_RESULT(no)
 +    LIBS=$old_libs
   ]
 )
 AC_MSG_CHECKING([for idna_to_ascii_8z])
 -AC_TRY_COMPILE(
 +old_libs=$LIBS
 +LIBS="-lidn $LIBS"
 +AC_TRY_LINK(
   [
     #include <sys/types.h>
     #ifdef HAVE_IDNA_H
@@ -2099,9 +2106,12 @@ AC_TRY_COMPILE(
     AC_MSG_RESULT(yes)
     AC_DEFINE(HAVE_IDNA_TO_ASCII_8Z, 1, [Define if you have idna_to_ascii_8z])
     MAIN_LIBS="$MAIN_LIBS -lidn"
 +    ac_orig_libs="$ac_orig_libs -lidn"
 +    SHARED_MODULE_LIBS="$SHARED_MODULE_LIBS -lidn"
   ],
   [
     AC_MSG_RESULT(no)
 +    LIBS=$old_libs
   ]
 )
--- a/proftpd-1.3.8b.tar.gz
+++ b/proftpd-1.3.8b.tar.gz
--- a/proftpd.spec
+++ b/proftpd.spec
@ -21,7 +21,7 @@
 %global vendor %{?_vendor:%{_vendor}}%{!?_vendor:openEuler}
 Name:			proftpd
-Version:		1.3.8
+Version:		1.3.8b
 Release:		1
 Summary:		Flexible, stable and highly-configurable FTP server
 License:		GPLv2+
@ -45,7 +45,6 @@ Patch4:			proftpd-1.3.6-no-mod-wrap.patch
 Patch5:			proftpd-1.3.6-no-mod-geoip.patch
 Patch6:			proftpd-1.3.7rc3-logging-not-systemd.patch
 Patch8:			proftpd-1.3.8-fix-environment-sensitive-tests-failure.patch
 Patch9:			1592.patch
 BuildRequires:		coreutils
 BuildRequires:		gcc
@ -252,8 +251,6 @@ sed -i -e '/killall/s/test.*/systemctl reload proftpd.service/' \
 %patch8 -p1
 %patch9 -p1 -b .libidn2
 # Avoid docfile dependencies
 chmod -c -x contrib/xferstats.holger-preiss
@ -538,6 +535,9 @@ fi
 %{_mandir}/man1/ftpwho.1*
 %changelog
 * Tue Dec 26 2023 wangkai <13474090681@163.com> - 1.3.8b-1
 - Update to 1.3.8b for fix CVE-2023-51713,CVE-2023-48795
 * Tue Apr 11 2023 chenchen <chen_aka_jan@163.com> - 1.3.8-1
 - Update to 1.3.8