From nobody@FreeBSD.org  Tue Mar  8 23:06:36 2011
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C12A5106566B
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  8 Mar 2011 23:06:36 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id AFF1E8FC21
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  8 Mar 2011 23:06:36 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p28N6abQ035470
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 8 Mar 2011 23:06:36 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id p28N6aku035469;
	Tue, 8 Mar 2011 23:06:36 GMT
	(envelope-from nobody)
Message-Id: <201103082306.p28N6aku035469@red.freebsd.org>
Date: Tue, 8 Mar 2011 23:06:36 GMT
From: Zhihao Yuan <lichray@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: ftp/pure-ftpd updated with a STARTTLS flaw fixed
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         155386
>Category:       ports
>Synopsis:       ftp/pure-ftpd updated with a STARTTLS flaw fixed
>Confidential:   no
>Severity:       non-critical
>Priority:       high
>Responsible:    garga
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Mar 08 23:10:06 UTC 2011
>Closed-Date:    Tue May 10 13:52:42 UTC 2011
>Last-Modified:  Tue May 10 14:00:18 UTC 2011
>Originator:     Zhihao Yuan
>Release:        FreeBSD 8.2-STABLE
>Organization:
Northern Illinois University
>Environment:
FreeBSD compaq.yuetime 8.2-STABLE FreeBSD 8.2-STABLE #0: Tue Mar  8 01:53:40 CST 2011     root@compaq.yuetime:/usr/obj/usr/src/sys/HOUKAGO  amd64
>Description:
Pure-FTPd 1.0.30 has been released.
http://www.pureftpd.org/project/pure-ftpd/news
Note this: 
 * Fix a STARTTLS flaw similar to Postfixs CVE-2011-0411. If youre using TLS, upgrading is recommended.
>How-To-Repeat:

>Fix:
Just updated it to the latest release.

Patch attached with submission follows:

diff -rupN pure-ftpd.orig/Makefile pure-ftpd/Makefile
--- pure-ftpd.orig/Makefile	2011-03-08 16:58:47.404514232 -0600
+++ pure-ftpd/Makefile	2011-03-08 16:55:13.652067727 -0600
@@ -6,8 +6,8 @@
 #
 
 PORTNAME=	pure-ftpd
-PORTVERSION=	1.0.29
-PORTREVISION=	1
+PORTVERSION=	1.0.30
+#PORTREVISION=	1
 CATEGORIES=	ftp ipv6
 MASTER_SITES=	http://download.pureftpd.org/pub/pure-ftpd/releases/ \
 		ftp://ftp.pureftpd.org/pub/pure-ftpd/releases/ \
diff -rupN pure-ftpd.orig/distinfo pure-ftpd/distinfo
--- pure-ftpd.orig/distinfo	2011-03-08 16:58:47.404514232 -0600
+++ pure-ftpd/distinfo	2011-03-08 16:57:38.391767247 -0600
@@ -1,2 +1,2 @@
-SHA256 (pure-ftpd-1.0.29.tar.bz2) = b9217802d2674c0471fc43004565d4630e0938ca8530c3a1b73361d405259f5f
-SIZE (pure-ftpd-1.0.29.tar.bz2) = 466867
+SHA256 (pure-ftpd-1.0.30.tar.bz2) = 9b85cf5f6290f6cbed18ede22862922a8701c691abee78b15e9aa40da63de0fe
+SIZE (pure-ftpd-1.0.30.tar.bz2) = 475402


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->garga 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Tue Mar 8 23:10:16 UTC 2011 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=155386 

From: Zhihao Yuan <lichray@gmail.com>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/155386: ftp/pure-ftpd updated with a STARTTLS flaw fixed
Date: Thu, 14 Apr 2011 02:19:53 -0500

 Excuse me? It's already a timeout...
 
 -- 
 Zhihao Yuan
 The best way to predict the future is to invent it.

From: Zhihao Yuan <lichray@gmail.com>
To: bug-followup@FreeBSD.org, lichray@gmail.com, garga@FreeBSD.org
Cc:  
Subject: Re: ports/155386: ftp/pure-ftpd updated with a STARTTLS flaw fixed
Date: Fri, 6 May 2011 20:47:17 -0500

 --R3G7APHDIzY6R/pk
 Content-Type: multipart/mixed; boundary="82I3+IH0IqGh5yIs"
 Content-Disposition: inline
 
 
 --82I3+IH0IqGh5yIs
 Content-Type: text/plain; charset=iso-8859-1
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 pure-ftpd was updated to 1.0.32. A new patch is included. The recent 3
 updates make no changes to pkg-plist.
 
 --=20
 Zhihao Yuan, nickname lichray
 The best way to predict the future is to invent it.
 --------------------------------------------------
 let focus =3D 'computing' in here:
 http://let-in.blogspot.com
 (let (me Program!)):
 http://lichray.blogspot.com
 
 --82I3+IH0IqGh5yIs
 Content-Type: text/x-diff; charset=iso-8859-1
 Content-Disposition: attachment; filename="pure-ftpd-1.0.32.patch"
 Content-Transfer-Encoding: quoted-printable
 
 diff -ruN --exclude=3DCVS /usr/ports/ftp/pure-ftpd.orig/Makefile /usr/ports=
 /ftp/pure-ftpd/Makefile
 --- /usr/ports/ftp/pure-ftpd.orig/Makefile	2011-03-08 16:58:47.404514232 -0=
 600
 +++ /usr/ports/ftp/pure-ftpd/Makefile	2011-05-06 20:18:21.749259925 -0500
 @@ -6,8 +6,8 @@
  #
 =20
  PORTNAME=3D	pure-ftpd
 -PORTVERSION=3D	1.0.29
 -PORTREVISION=3D	1
 +PORTVERSION=3D	1.0.32
 +PORTREVISION=3D	0
  CATEGORIES=3D	ftp ipv6
  MASTER_SITES=3D	http://download.pureftpd.org/pub/pure-ftpd/releases/ \
  		ftp://ftp.pureftpd.org/pub/pure-ftpd/releases/ \
 diff -ruN --exclude=3DCVS /usr/ports/ftp/pure-ftpd.orig/distinfo /usr/ports=
 /ftp/pure-ftpd/distinfo
 --- /usr/ports/ftp/pure-ftpd.orig/distinfo	2011-03-08 16:58:47.404514232 -0=
 600
 +++ /usr/ports/ftp/pure-ftpd/distinfo	1969-12-31 18:00:00.000000000 -0600
 @@ -1,2 +0,0 @@
 -SHA256 (pure-ftpd-1.0.29.tar.bz2) =3D b9217802d2674c0471fc43004565d4630e09=
 38ca8530c3a1b73361d405259f5f
 -SIZE (pure-ftpd-1.0.29.tar.bz2) =3D 466867
 
 --82I3+IH0IqGh5yIs--
 
 --R3G7APHDIzY6R/pk
 Content-Type: application/pgp-signature
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.17 (FreeBSD)
 
 iQEcBAEBAgAGBQJNxKSlAAoJEDM1qsGtFE5ZIXkH/2I2QFdUd0kHsr7reQWU4Uct
 1yHjjgapBPZ71c9j6FMLhIXivr2ick38FZsn4FcZeB0ORXZqUXJhj/Q1h6JNxbjk
 tolqQkQf1islH0slGPgoQxal21HQLEQpsiRmttmSQ/aH89SN0SOdXWcXbZUwTEdj
 e2HZSvVLqwOXbNmOQNqFW8E1Kyh/CqQs8VPJcFlTf9nr1MLQlebGpkTHp0xJiHv+
 0XgSg378IhHHQyo7kRYSpbK7bYjkGfht9SzoVMlZsmKKrrqGILZ9478vr3x4rPlx
 FuzlB5S4cBnZMnp9zNOE7byLEGgKRXcDrjRXZ7Fr1erEV0YLatEdep5JPCLkgOc=
 =ZC6F
 -----END PGP SIGNATURE-----
 
 --R3G7APHDIzY6R/pk--
State-Changed-From-To: open->closed 
State-Changed-By: garga 
State-Changed-When: Tue May 10 13:52:41 UTC 2011 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=155386 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/155386: commit references a PR
Date: Tue, 10 May 2011 13:50:32 +0000 (UTC)

 garga       2011-05-10 13:50:23 UTC
 
   FreeBSD ports repository
 
   Modified files:
     ftp/pure-ftpd        Makefile distinfo 
   Log:
   - Update to 1.0.32
   
   PR:             ports/155386
   Submitted by:   Zhihao Yuan <lichray@gmail.com>
   Security:       CVE-2011-1575
   
   Revision  Changes    Path
   1.77      +1 -2      ports/ftp/pure-ftpd/Makefile
   1.50      +2 -2      ports/ftp/pure-ftpd/distinfo
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
