Accepting request 477361 from home:computersalat:devel:network

fix and update proftpd-basic.conf.patch, limit include sample, tls sample config OBS-URL: https://build.opensuse.org/request/show/477361 OBS-URL: https://build.opensuse.org/package/show/network/proftpd?expand=0&rev=45
2017-03-06 23:22:35 +00:00 · 2017-03-06 23:22:35 +00:00 · 22772ddef5
commit 22772ddef5
parent 9d1b4648b1
6 changed files with 106 additions and 7 deletions
--- a/proftpd-basic.conf.patch
+++ b/proftpd-basic.conf.patch
@ -38,7 +38,7 @@ Index: sample-configurations/basic.conf
 # To prevent DoS attacks, set the maximum number of child processes
 # to 30.  If you need to allow more than 30 concurrent connections
-@@ -23,43 +33,192 @@ Umask				022
+@@ -23,43 +33,210 @@ Umask				022
 # in standalone mode, in inetd mode you should use an inetd server
 # that allows you to limit maximum number of processes per service
 # (such as xinetd).
@ -170,7 +170,7 @@ Index: sample-configurations/basic.conf
 </Limit>
 +#####
-+# Include other confs
+# Include other confs, e.g. tls.conf
 +#Include			/etc/proftpd/conf.d/*.conf
 +
 +#####
@ -206,6 +206,14 @@ Index: sample-configurations/basic.conf
 +	#	Deny from All
 +	#</Limit>
 +
 +	## or 'Include' a limit file with rules
 +	## include one file and use more than once ;)
 +	#<Limit LOGIN>
 +	#	Order Allow,Deny
 +	#	Include /etc/proftpd/includes/limit.conf
 +	#	Deny from All
 +	#</Limit>
 +
 +	# Limit WRITE everywhere in the anonymous chroot
 +	<Limit WRITE>
 +		DenyAll
@ -246,14 +254,24 @@ Index: sample-configurations/basic.conf
 +	#  </Limit>
 +	#</Directory>
 +
 +	## or 'Include' a limit file with rules
 +	## include one file and use more than once ;)
 +	#<Directory pub>
 +	#  <Limit ALL>
 +	#	Order Allow,Deny
 +	#	Include /etc/proftpd/includes/limit.conf
 +	#	Deny from All
 +	#  </Limit>
 +	#</Directory>
 +
 +	# An upload directory that allows storing files but not retrieving
 +	# or creating directories.
 +	#<Directory uploads/*>
 +	#  <Limit READ>
-+		DenyAll
+	#	DenyAll
 +	#  </Limit>
 +	#  <Limit STOR>
-+		AllowAll
+	#	AllowAll
 +	#  </Limit>
 +	#</Directory>
 </Anonymous>
--- a/proftpd-limit.template
+++ b/proftpd-limit.template
@ -0,0 +1,6 @@
 ### when you use spaces as separator then you can use it also with apache ;)
 ### just some examples
    Allow from localhost 127.0.0.1 ::1
    Allow from 1.2.3.4 5.6.7.8
    Allow from .example.com .test.org
    Allow from 2.3.4.5 11:22:33:44::/64
--- a/proftpd-ssl.README
+++ b/proftpd-ssl.README
@ -0,0 +1,16 @@
 Place your CA.crt, crt and key file here and create sysmlinks like following ...
 ssl
 ├── proftpd.cacert.pem -> CA.crt
 ├── proftpd.cert.pem -> wildcard.example.com.crt
 ├── proftpd.key.pem -> wildcard.example.com.pem
 ├── CA.crt
 ├── wildcard.example.com.crt
 └── wildcard.example.com.pem
 then:
 copy conf.d/tls.template to conf.d/tls.conf
 finally:
 uncomment '#Include  /etc/proftpd/conf.d/*.conf' in proftp.conf
--- a/proftpd-tls.template
+++ b/proftpd-tls.template
@ -0,0 +1,38 @@
 ###############################################################################
 # http://www.proftpd.org/docs/contrib/mod_tls.html
 ###############################################################################
 <IfModule mod_dso.c>
    # If mod_tls was built as a shared/DSO module, load it
    LoadModule mod_tls.c
 </IfModule>
 <IfModule mod_tls.c>
    TLSEngine                  on
    TLSLog                     /var/log/proftpd/tls.log
    # Support both SSLv3 and TLSv1
    TLSProtocol                SSLv3 TLSv1
    # Are clients required to use FTP over TLS when talking to this server?
    TLSRequired                off
    # Server's RSA certificate
    TLSRSACertificateFile      /etc/proftpd/ssl/proftpd.cert.pem
    TLSRSACertificateKeyFile   /etc/proftpd/ssl/proftpd.key.pem
    # CA (or CA chain) the server trusts
    TLSCACertificateFile        /etc/proftpd/ssl/proftpd.cacert.pem
    # Authenticate clients that want to use FTP over TLS?
    TLSVerifyClient            off
    # Allow SSL/TLS renegotiations when the client requests them, but
    # do not force the renegotations.  Some clients do not support
    # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
    # clients will close the data connection, or there will be a timeout
    # on an idle data connection.
    TLSRenegotiate none
    # Should Server request a Clients Certificate and send valid CA list ?
    TLSOptions                 NoCertRequest NoSessionReuseRequired
 </IfModule>
--- a/proftpd.changes
+++ b/proftpd.changes
@ -1,3 +1,12 @@
 -------------------------------------------------------------------
 Mon Mar  6 22:32:07 UTC 2017 - chris@computersalat.de
 - fix and update proftpd-basic.conf.patch
 - add some sample config and templates for tls
  * proftpd-tls.template
  * proftpd-limit.conf
  * proftpd-ssl.README
 -------------------------------------------------------------------
 Sun Feb  5 20:03:18 UTC 2017 - chris@computersalat.de
--- a/proftpd.spec
+++ b/proftpd.spec
@ -32,6 +32,9 @@ Source12:       %{name}.passwd
 Source13:       %{name}.service
 Source14:       %{name}.tmpfile
 Source15:       %{name}.keyring
 Source16:       %{name}-tls.template
 Source17:       %{name}-limit.template
 Source18:       %{name}-ssl.README
 #PATCH-FIX-openSUSE: pam, logrotate, xinet
 Patch100:       %{name}-dist.patch
 #PATCH-FIX-openSUSE: provide a useful default config
@ -190,8 +193,11 @@ export CXXFLAGS="$CFLAGS"
 %{__install} -D -m 0755 contrib/ftpasswd $RPM_BUILD_ROOT%{_sbindir}/
 # some needed dirs
-%{__install} -d $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/{conf.d,auth}
+%{__install} -D -m 0440 %{S:12} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/auth/passwd
-%{__install} -m 0440 %{S:12} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/auth/passwd
+%{__install} -D -m 0644 %{S:16} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/conf.d/tls.template
 %{__install} -D -m 0644 %{S:18} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/conf.d/README
 %{__install} -D -m 0644 %{S:17} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/includes/limit.template
 %{__install} -D -m 0644 %{S:18} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/ssl/README
 %{__install} -d -m 0750 $RPM_BUILD_ROOT/var/log/%{name}
 # systemd vs SysVinit
@ -261,9 +267,15 @@ export CXXFLAGS="$CFLAGS"
 %dir %attr(0755,root,root) %{_sysconfdir}/%{name}/
 %dir %attr(0750,ftp,ftp) %{_sysconfdir}/%{name}/auth/
 %config(noreplace) %attr(0440,root,ftp) %{_sysconfdir}/%{name}/auth/passwd
-%dir %attr(0755,root,root) %{_sysconfdir}/%{name}/conf.d
+%dir %attr(0755,root,root) %{_sysconfdir}/%{name}/conf.d/
 %config %{_sysconfdir}/%{name}/conf.d/tls.template
 %config %{_sysconfdir}/%{name}/conf.d/README
 %dir %attr(0755,root,root) %{_sysconfdir}/%{name}/includes/
 %config %{_sysconfdir}/%{name}/includes/limit.template
 %config(noreplace) %attr(0640,root,root) %{_sysconfdir}/%{name}/%{name}.conf
 %{_sysconfdir}/%{name}/PROFTPD-MIB.txt
 %dir %attr(0700,ftp,ftp) %{_sysconfdir}/%{name}/ssl/
 %config %{_sysconfdir}/%{name}/ssl/README
 %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
 %config(noreplace) %{_sysconfdir}/pam.d/%{name}
 %config(noreplace) %{_sysconfdir}/xinetd.d/%{name}