[proftpd] Don't use make_scrambled_password_323
Paul Howarth
pghmcfc at fedoraproject.org
Thu Oct 6 15:35:16 UTC 2011
commit e918f167efaff8f89dab623000b84f19498155fc
Author: Paul Howarth <paul at city-fan.org>
Date: Thu Oct 6 16:30:21 2011 +0100
Don't use make_scrambled_password_323
- Add upstream patch to not try make_scrambled_password_323 if the MySQL
library doesn't export it (#718327, upstream bug 3669); this removes support
for password hashes generated on MySQL prior to 4.1
....4rc3-make-scrambled-password-323-bug3669.patch | 253 ++++++++++++++++++++
proftpd-1.3.4rc3-mysql-password.patch | 13 -
proftpd.spec | 17 +-
3 files changed, 267 insertions(+), 16 deletions(-)
---
diff --git a/proftpd-1.3.4rc3-make-scrambled-password-323-bug3669.patch b/proftpd-1.3.4rc3-make-scrambled-password-323-bug3669.patch
new file mode 100644
index 0000000..b4b0696
--- /dev/null
+++ b/proftpd-1.3.4rc3-make-scrambled-password-323-bug3669.patch
@@ -0,0 +1,253 @@
+diff -up proftpd-1.3.4rc3/configure.in.mypasswd323 proftpd-1.3.4rc3/configure.in
+--- proftpd-1.3.4rc3/configure.in.mypasswd323 2011-08-12 18:41:43.000000000 +0100
++++ proftpd-1.3.4rc3/configure.in 2011-10-06 15:39:35.000000000 +0100
+@@ -2179,7 +2179,9 @@ my_static_modules=`echo "$ac_static_modu
+ my_shared_modules=`echo "$ac_shared_modules" | sed -e 's/\.la//g'`;
+ all_modules="$my_core_modules $my_static_modules $my_shared_modules";
+
++pr_use_mysql="no"
+ pr_use_openssl="no"
++pr_use_postgres="no"
+
+ AC_MSG_CHECKING([for duplicate module build requests])
+ for i in $all_modules; do
+@@ -2211,6 +2213,8 @@ for i in $all_modules; do
+ dnl Use database-specific config scripts, if we can. Note that
+ dnl these will cause problems for cross-compiles!
+ if test x"$i" = x"mod_sql_mysql"; then
++ pr_use_mysql="yes"
++
+ if test x"$my_config" != xno; then
+ if `$my_config --version 2>/dev/null 1>&2`; then
+ # mysql_config --include gives path WITH -I prefix
+@@ -2233,6 +2237,8 @@ for i in $all_modules; do
+ fi
+
+ elif test x"$i" = x"mod_sql_postgres"; then
++ pr_use_postgres="yes"
++
+ if test x"$pg_config" != xno; then
+ if `$pg_config 2>/dev/null 1>&2`; then
+ # pg_config --includedir gives path, no -I prefix
+@@ -2252,6 +2258,52 @@ for i in $all_modules; do
+ done
+ AC_MSG_RESULT([no])
+
++if test x"$pr_use_mysql" = xyes; then
++ # Check for other MySQL-specific functionality here
++ saved_ldflags="$LDFLAGS"
++ saved_libs="$LIBS"
++ saved_cppflags="$CPPFLAGS"
++
++ dnl Splice out -lsupp, since that library hasn't been built yet
++ LIBS=`echo "$LIBS" | sed -e 's/-lsupp//g'`;
++
++ AC_MSG_CHECKING([for MySQL's make_scrambled_password_323])
++
++ # fiddle with CPPFLAGS, LDFLAGS
++ CPPFLAGS="$CPPFLAGS $ac_build_addl_includes"
++ LDFLAGS="$LDFLAGS -lm -lmysqlclient -lz"
++ LIBS="$LIBS $c_build_addl_libdirs"
++
++ AC_TRY_LINK(
++ [
++ #ifdef HAVE_STDLIB_H
++ # include <stdlib.h>
++ #endif
++ #ifdef HAVE_SYS_TYPES_H
++ # include <sys/types.h>
++ #endif
++ #include <mysql.h>
++ ],
++ [
++ char input[32];
++ char *output = NULL;
++ (void) make_scrambled_password_323(input, output);
++ ],
++ [
++ AC_MSG_RESULT(yes)
++ AC_DEFINE(HAVE_MYSQL_MAKE_SCRAMBLED_PASSWORD_323, 1, [Define if you have MySQL's make_scrambled_password_323])
++ ],
++ [
++ AC_MSG_RESULT(no)
++ ]
++ )
++
++ # restore CPPFLAGS, LDFLAGS
++ CPPFLAGS="$saved_cppflags"
++ LDFLAGS="$saved_ldflags"
++ LIBS="$saved_libs"
++fi
++
+ if test x"$pr_use_openssl" = xyes; then
+ AC_DEFINE(PR_USE_OPENSSL, 1, [Define if using OpenSSL support.])
+ ac_build_addl_libs="$ac_build_addl_libs -lssl -lcrypto"
+diff -up proftpd-1.3.4rc3/config.h.in.mypasswd323 proftpd-1.3.4rc3/config.h.in
+--- proftpd-1.3.4rc3/config.h.in.mypasswd323 2011-03-15 05:27:45.000000000 +0000
++++ proftpd-1.3.4rc3/config.h.in 2011-10-06 15:39:35.000000000 +0100
+@@ -384,6 +384,9 @@
+ /* Define if you have the munlockall function. */
+ #undef HAVE_MUNLOCKALL
+
++/* Define if you have the MySQL make_scrambled_password_323 function. */
++#undef HAVE_MYSQL_MAKE_SCRAMBLED_PASSWORD_323
++
+ /* Define if you have the nl_langinfo function. */
+ #undef HAVE_NL_LANGINFO
+
+diff -up proftpd-1.3.4rc3/configure.mypasswd323 proftpd-1.3.4rc3/configure
+--- proftpd-1.3.4rc3/configure.mypasswd323 2011-08-12 18:46:06.000000000 +0100
++++ proftpd-1.3.4rc3/configure 2011-10-06 15:40:37.000000000 +0100
+@@ -32634,7 +32634,9 @@ my_static_modules=`echo "$ac_static_modu
+ my_shared_modules=`echo "$ac_shared_modules" | sed -e 's/\.la//g'`;
+ all_modules="$my_core_modules $my_static_modules $my_shared_modules";
+
++pr_use_mysql="no"
+ pr_use_openssl="no"
++pr_use_postgres="no"
+
+ { echo "$as_me:$LINENO: checking for duplicate module build requests" >&5
+ echo $ECHO_N "checking for duplicate module build requests... $ECHO_C" >&6; }
+@@ -32667,6 +32669,8 @@ echo "$as_me: error: duplicate build req
+ done
+
+ if test x"$i" = x"mod_sql_mysql"; then
++ pr_use_mysql="yes"
++
+ if test x"$my_config" != xno; then
+ if `$my_config --version 2>/dev/null 1>&2`; then
+ # mysql_config --include gives path WITH -I prefix
+@@ -32689,6 +32693,8 @@ echo "$as_me: error: duplicate build req
+ fi
+
+ elif test x"$i" = x"mod_sql_postgres"; then
++ pr_use_postgres="yes"
++
+ if test x"$pg_config" != xno; then
+ if `$pg_config 2>/dev/null 1>&2`; then
+ # pg_config --includedir gives path, no -I prefix
+@@ -32709,6 +32715,96 @@ done
+ { echo "$as_me:$LINENO: result: no" >&5
+ echo "${ECHO_T}no" >&6; }
+
++if test x"$pr_use_mysql" = xyes; then
++ # Check for other MySQL-specific functionality here
++ saved_ldflags="$LDFLAGS"
++ saved_libs="$LIBS"
++ saved_cppflags="$CPPFLAGS"
++
++ LIBS=`echo "$LIBS" | sed -e 's/-lsupp//g'`;
++
++ { echo "$as_me:$LINENO: checking for MySQL's make_scrambled_password_323" >&5
++echo $ECHO_N "checking for MySQL's make_scrambled_password_323... $ECHO_C" >&6; }
++
++ # fiddle with CPPFLAGS, LDFLAGS
++ CPPFLAGS="$CPPFLAGS $ac_build_addl_includes"
++ LDFLAGS="$LDFLAGS -lm -lmysqlclient -lz"
++ LIBS="$LIBS $c_build_addl_libdirs"
++
++ cat >conftest.$ac_ext <<_ACEOF
++/* confdefs.h. */
++_ACEOF
++cat confdefs.h >>conftest.$ac_ext
++cat >>conftest.$ac_ext <<_ACEOF
++/* end confdefs.h. */
++
++ #ifdef HAVE_STDLIB_H
++ # include <stdlib.h>
++ #endif
++ #ifdef HAVE_SYS_TYPES_H
++ # include <sys/types.h>
++ #endif
++ #include <mysql.h>
++
++int
++main ()
++{
++
++ char input[32];
++ char *output = NULL;
++ (void) make_scrambled_password_323(input, output);
++
++ ;
++ return 0;
++}
++_ACEOF
++rm -f conftest.$ac_objext conftest$ac_exeext
++if { (ac_try="$ac_link"
++case "(($ac_try" in
++ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
++ *) ac_try_echo=$ac_try;;
++esac
++eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
++ (eval "$ac_link") 2>conftest.er1
++ ac_status=$?
++ grep -v '^ *+' conftest.er1 >conftest.err
++ rm -f conftest.er1
++ cat conftest.err >&5
++ echo "$as_me:$LINENO: \$? = $ac_status" >&5
++ (exit $ac_status); } && {
++ test -z "$ac_c_werror_flag" ||
++ test ! -s conftest.err
++ } && test -s conftest$ac_exeext &&
++ $as_test_x conftest$ac_exeext; then
++
++ { echo "$as_me:$LINENO: result: yes" >&5
++echo "${ECHO_T}yes" >&6; }
++
++cat >>confdefs.h <<\_ACEOF
++#define HAVE_MYSQL_MAKE_SCRAMBLED_PASSWORD_323 1
++_ACEOF
++
++
++else
++ echo "$as_me: failed program was:" >&5
++sed 's/^/| /' conftest.$ac_ext >&5
++
++
++ { echo "$as_me:$LINENO: result: no" >&5
++echo "${ECHO_T}no" >&6; }
++
++
++fi
++
++rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
++ conftest$ac_exeext conftest.$ac_ext
++
++ # restore CPPFLAGS, LDFLAGS
++ CPPFLAGS="$saved_cppflags"
++ LDFLAGS="$saved_ldflags"
++ LIBS="$saved_libs"
++fi
++
+ if test x"$pr_use_openssl" = xyes; then
+
+ cat >>confdefs.h <<\_ACEOF
+diff -up proftpd-1.3.4rc3/contrib/mod_sql_mysql.c.mypasswd323 proftpd-1.3.4rc3/contrib/mod_sql_mysql.c
+--- proftpd-1.3.4rc3/contrib/mod_sql_mysql.c.mypasswd323 2011-05-23 21:56:40.000000000 +0100
++++ proftpd-1.3.4rc3/contrib/mod_sql_mysql.c 2011-10-06 15:39:35.000000000 +0100
+@@ -1485,7 +1485,7 @@ MODRET cmd_checkauth(cmd_rec * cmd) {
+
+ if (!success) {
+
+-#if MYSQL_VERSION_ID >= 40101
++#ifdef HAVE_MYSQL_MAKE_SCRAMBLED_PASSWORD_323
+ /* Try to work around MySQL's stupid handling of password length
+ * changes in 4.1, and the stupidity and whining of admins who
+ * cannot deal with those changes.
+@@ -1495,12 +1495,14 @@ MODRET cmd_checkauth(cmd_rec * cmd) {
+
+ sql_log(DEBUG_FUNC, "%s",
+ "checking again using deprecated legacy MySQL password algorithm");
++ sql_log(DEBUG_FUNC, "%s",
++ "warning: support for this legacy MySQ-3.xL password algorithm will be dropped from MySQL in the future");
+ success = !strcmp(scrambled, c_hash);
+ if (!success)
+ sql_log(DEBUG_FUNC, "%s", "password mismatch");
+ #else
+ sql_log(DEBUG_FUNC, "%s", "password mismatch");
+-#endif
++#endif /* No MySQL make_scrambled_password_323() function */
+ }
+
+ sql_log(DEBUG_FUNC, "%s", "exiting \tmysql cmd_checkauth");
diff --git a/proftpd-1.3.4rc3-mysql-password.patch b/proftpd-1.3.4rc3-mysql-password.patch
index 1134f52..08156e0 100644
--- a/proftpd-1.3.4rc3-mysql-password.patch
+++ b/proftpd-1.3.4rc3-mysql-password.patch
@@ -23,16 +23,3 @@ http://bugzilla.redhat.com/718327
#endif
success = !strcmp(scrambled, c_hash);
-@@ -1491,7 +1497,12 @@
- * cannot deal with those changes.
- */
- memset(scrambled, '\0', sizeof(scrambled));
-+
-+# if MYSQL_VERSION_ID >= 50501
-+ my_make_scrambled_password_323(scrambled, c_clear, strlen(c_clear));
-+# else
- make_scrambled_password_323(scrambled, c_clear);
-+# endif /* MySQL 5.5 and later */
-
- sql_log(DEBUG_FUNC, "%s",
- "checking again using deprecated legacy MySQL password algorithm");
diff --git a/proftpd.spec b/proftpd.spec
index 65e12e6..4d8e961 100644
--- a/proftpd.spec
+++ b/proftpd.spec
@@ -41,7 +41,7 @@
%endif
%global prever rc3
-%global rpmrel 14
+%global rpmrel 15
Summary: Flexible, stable and highly-configurable FTP server
Name: proftpd
@@ -68,6 +68,7 @@ Source12: proftpd-tmpfs.conf
# not fall foul of the rules against library bundling
Source13: http://search.cpan.org/CPAN/authors/id/C/CL/CLEMBURG/Test-Unit-0.14.tar.gz
Source14: proftpd.service
+Patch0: proftpd-1.3.4rc3-make-scrambled-password-323-bug3669.patch
Patch1: proftpd-1.3.4rc3-mysql-password.patch
Patch2: proftpd.conf-no-memcached.patch
Patch4: proftpd-1.3.4rc1-mod_vroot-test.patch
@@ -160,8 +161,13 @@ cp -p mod_vroot/t/modules/mod_vroot.t tests/t/modules/
cp -p mod_geoip/mod_geoip.c contrib/
cp -p mod_geoip/mod_geoip.html doc/contrib/
-# Don't use deprecated symbols removed from Fedora's MySQL
-# (#718327, upstream bug 3669)
+# Upstream patch to not try make_scrambled_password_323 if the function
+# isn't exported from the MySQL library (upstream bug 3669)
+%patch0 -p1 -b .mypasswd323
+
+# Use my_make_scrambled_password rather than the deprecated
+# make_scrambled_password, which isn't exported from Fedora's MySQL
+# in F-15 onwards (#718327, upstream bug 3669)
%patch1 -p1 -b .mypasswd
# If we're running the full test suite, include the mod_vroot test
@@ -461,6 +467,11 @@ fi
%{_libexecdir}/proftpd/mod_sql_postgres.so
%changelog
+* Thu Oct 6 2011 Paul Howarth <paul at city-fan.org> 1.3.4-0.15.rc3
+- Add upstream patch to not try make_scrambled_password_323 if the MySQL
+ library doesn't export it (#718327, upstream bug 3669); this removes support
+ for password hashes generated on MySQL prior to 4.1
+
* Thu Sep 29 2011 Paul Howarth <paul at city-fan.org> 1.3.4-0.14.rc3
- Update to 1.3.4rc3 (see NEWS and RELEASE_NOTES for full details)
- The mod_ldap configuration directives have changed to a simplified version;
More information about the scm-commits
mailing list