pool/proftpd
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix for boo#1233997 (CVE-2024-48651)

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/network/proftpd?expand=0&rev=104
This commit is contained in:
Marcus Meissner 2025-01-10 13:13:12 +00:00 committed by Git OBS Bridge
commit 2b9228d5c4
23 changed files with 2203 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

23
harden_proftpd.service.patch Normal file
View File

@ -0,0 +1,23 @@
Index: contrib/dist/rpm/proftpd.service
===================================================================
--- contrib/dist/rpm/proftpd.service.orig
+++ contrib/dist/rpm/proftpd.service
@@ -4,6 +4,18 @@ Wants=network-online.target
After=network-online.target nss-lookup.target local-fs.target remote-fs.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type = simple
Environment = PROFTPD_OPTIONS=
EnvironmentFile = -/etc/sysconfig/proftpd

3
proftpd-1.3.8b.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:183ab7c6107de271a2959ff268f55c9b6c76b2cf0029e6584fccc019686601e0
size 19752808

7
proftpd-1.3.8b.tar.gz.asc Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iEYEABECAAYFAmWCcGMACgkQt46JP6URl2rOOACgqd6poiniUeOej3gVoE4ZHA1Z
PKgAoKgsyi9zqoilnOtZJKfzWw4BJ546
=GIJC
-----END PGP SIGNATURE-----

3
proftpd-1.3.8c.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2a48f2ca338456e750d2373bf671025ed799e04e0baa16c7bb8dbfd67d8734d2
size 19751847

6
proftpd-1.3.8c.tar.gz.asc Normal file
View File

@ -0,0 +1,6 @@
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQRpfmhNFmjWloQoQFy3jok/pRGXagUCZ1nafgAKCRC3jok/pRGX
arsZAKDP6Vk4oWO9BB0TbMnNNe1TRZwjOwCdH+pBD7f0WDsf6cO4D9oF6iqNgvY=
=YGOJ
-----END PGP SIGNATURE-----

275
proftpd-basic.conf.patch Normal file
View File

@ -0,0 +1,275 @@
Index: sample-configurations/basic.conf
===================================================================
--- sample-configurations/basic.conf.orig
+++ sample-configurations/basic.conf
@@ -3,19 +3,29 @@
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
-ServerName "ProFTPD Default Installation"
-ServerType standalone
-DefaultServer on
+ServerName "ProFTPD"
+ServerType standalone
+DefaultServer on
# Port 21 is the standard FTP port.
-Port 21
+Port 21
+
+# FireWall PortRange for PASV
+PassivePorts 40000 40999
+
+# Set DebugLevel to values between 0 and 9
+# default is 0
+DebugLevel 0
+
+# SystemLog -- Redirect syslogging to a file
+SystemLog /var/log/proftpd/proftpd.log
# Don't use IPv6 support by default.
-UseIPv6 off
+UseIPv6 off
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
-Umask 022
+Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
@@ -23,43 +33,207 @@ Umask 022
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
-MaxInstances 30
+MaxInstances 30
# Set the user and group under which the server will run.
-User nobody
-Group nogroup
-
-# To cause every FTP user to be "jailed" (chrooted) into their home
-# directory, uncomment this line.
-#DefaultRoot ~
+User ftp
+Group ftp
-# Normally, we want files to be overwriteable.
-AllowOverwrite on
+# Some logging formats
+LogFormat default "%h %l %u %t \"%r\" %s %b"
+LogFormat auth "%v [%P] %h %t \"%r\" %s"
+LogFormat write "%h %l %u %t \"%r\" %s %b"
+
+# ------------------------------
+# Global Settings
+# ------------------------------
+<Global>
+
+ # ------------------------------
+ # Login
+ # ------------------------------
+
+ ServerIdent on "FTP server ready"
+ DeferWelcome on
+ #DisplayConnect /etc/proftpd/msg
+
+ <IfModule mod_ident.c>
+ IdentLookups off
+ </IfModule>
+ UseFtpUsers off
+ RequireValidShell off
+
+ TimeoutLogin 60
+ MaxLoginAttempts 3
+ #MaxClientsPerHost none
+ #MaxClientsPerUser 1 "Only one connection at a time."
+
+ # ------------------------------
+ # Authentication
+ # ------------------------------
+
+ ### PAM Authentication
+ # AuthPAM: default: on
+ AuthPAM off
+
+ # changed AuthPAMConfig file
+ AuthPAMConfig proftpd
+ ### PAM Authentication
+
+ AuthUserFile /etc/proftpd/auth/passwd
+ AuthGroupFile /etc/group
+
+ ### order of auth modules
+ #AuthOrder mod_auth_unix.c mod_auth_file.c
+ AuthOrder mod_auth_file.c
+
+ # ------------------------------
+ # Post-Login
+ # ------------------------------
+
+ DisplayLogin welcome.msg
+ DisplayChdir .message
+ AllowOverride off
+
+ TimeoutIdle 600
+ TimeoutNoTransfer 900
+ TimeoutStalled 300
+ TimeoutSession 3600
+
+ # ------------------------------
+ # Session
+ # ------------------------------
+
+ # To cause every FTP user to be "jailed" (chrooted) into their home
+ # directory, uncomment this line.
+ DefaultRoot ~ web,!users
+
+ DenyFilter \*.*/
+ ListOptions "-A +R" strict
+ UseGlobbing off
+
+ ShowSymlinks on
+ TimesGMT on
+
+ # ------------------------------
+ # Up- & Download
+ # ------------------------------
+
+ # having to delete before uploading is a pain ;)
+ AllowOverwrite on
+ AllowRetrieveRestart on
+ HiddenStores on
+ DeleteAbortedStores on
+ #AllowStoreRestart off # is contrary to "DeleteAbortedStores"
+
+ # ------------------------------
+ # Logging
+ # ------------------------------
+
+ WtmpLog off
+ TransferLog /var/log/proftpd/xferlog
+
+ # Record all logins
+ ExtendedLog /var/log/proftpd/auth.log AUTH auth
+
+ # Logging file/dir access
+ ExtendedLog /var/log/proftpd/access.log WRITE,READ write
+
+ # Paranoia logging level....
+ ExtendedLog /var/log/proftpd/paranoid.log ALL default
+
+ # SQLLogFile
+ #SQLLogFile /var/log/proftpd/SQL.log
+</Global>
# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
DenyAll
</Limit>
+#####
+# Include other confs, e.g. tls.conf
+#Include /etc/proftpd/conf.d/*.conf
+
+#####
+
+# ------------------------------
+# Anonymous Settings
+# ------------------------------
# A basic anonymous configuration, no upload directories. If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
<Anonymous ~ftp>
- User ftp
- Group ftp
-
- # We want clients to be able to login with "anonymous" as well as "ftp"
- UserAlias anonymous ftp
-
- # Limit the maximum number of anonymous logins
- MaxClients 10
-
- # We want 'welcome.msg' displayed at login, and '.message' displayed
- # in each newly chdired directory.
- DisplayLogin welcome.msg
- DisplayChdir .message
-
- # Limit WRITE everywhere in the anonymous chroot
- <Limit WRITE>
- DenyAll
- </Limit>
+ # Limit LOGIN
+ #<Limit LOGIN>
+ # Order Allow,Deny
+ # Allow from .examples.net,113.141.114.1
+ # Deny from All
+ #</Limit>
+
+ ## or 'Include' a limit file with rules
+ ## include one file and use more than once ;)
+ #<Limit LOGIN>
+ # Order Allow,Deny
+ # Include /etc/proftpd/includes/limit.conf
+ # Deny from All
+ #</Limit>
+
+ # Limit WRITE everywhere in the anonymous chroot
+ <Limit WRITE>
+ DenyAll
+ </Limit>
+
+ # DirFakeMode -- Hide real file/directory permissions
+ DirFakeMode 0640
+
+ # DirFakeUser -- Hide real file/directory owner
+ DirFakeUser On
+
+ # DirFakeGroup -- Hide real file/directory group
+ DirFakeGroup On
+
+ # We want clients to be able to login with "anonymous" as well as "ftp"
+ UserAlias anonymous ftp
+
+ # Limit the maximum number of anonymous logins
+ MaxClients 10
+ #MaxRetrieveFileSize 512 Mb
+
+ # Limit Up/Downloads to 255 K/sec
+ #TransferRate APPE,RETR,STOR,STOU 255
+
+ # We want 'welcome.msg' displayed at login, and '.message' displayed
+ # in each newly chdired directory.
+ DisplayLogin welcome.msg
+ DisplayChdir .message
+
+ #<Directory pub>
+ # <Limit ALL>
+ # Order Allow,Deny
+ # Allow from .examples.net,113.141.114.1
+ # Deny from All
+ # </Limit>
+ #</Directory>
+
+ ## or 'Include' a limit file with rules
+ ## include one file and use more than once ;)
+ #<Directory pub>
+ # <Limit ALL>
+ # Order Allow,Deny
+ # Include /etc/proftpd/includes/limit.conf
+ # Deny from All
+ # </Limit>
+ #</Directory>
+
+ # An upload directory that allows storing files but not retrieving
+ # or creating directories.
+ #<Directory uploads/*>
+ # <Limit READ>
+ # DenyAll
+ # </Limit>
+ # <Limit STOR>
+ # AllowAll
+ # </Limit>
+ #</Directory>
</Anonymous>
+

77
proftpd-dist.patch Normal file
View File

@ -0,0 +1,77 @@
Index: contrib/dist/rpm/ftp.pamd
===================================================================
--- contrib/dist/rpm/ftp.pamd.orig
+++ contrib/dist/rpm/ftp.pamd
@@ -1,6 +1,7 @@
#%PAM-1.0
+
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
-auth required pam_unix.so shadow nullok
+#auth required pam_unix.so shadow nullok
# If this is enabled, anonymous logins will fail because the 'ftp' user does
# not have a "valid" shell, as listed in /etc/shells.
@@ -11,5 +12,9 @@ auth required pam_unix.so shadow n
#
#auth required pam_shells.so
-account required pam_unix.so
-session required pam_unix.so
+auth required pam_unix2.so
+auth required pam_shells.so
+account required pam_unix2.so
+password required pam_unix2.so
+session required pam_unix2.so
+session optional pam_keyinit.so revoke
Index: contrib/dist/rpm/proftpd.logrotate
===================================================================
--- contrib/dist/rpm/proftpd.logrotate.orig
+++ contrib/dist/rpm/proftpd.logrotate
@@ -1,10 +1,15 @@
-/var/log/proftpd/*.log /var/log/xferlog {
+/var/log/proftpd/xferlog /var/log/proftpd/*.log {
compress
- missingok
+ dateext
+ maxage 365
+ rotate 99
+ size=+4096k
notifempty
+ missingok
+ create 640 root root
sharedscripts
postrotate
- test -f /var/lock/subsys/proftpd && /usr/bin/killall -HUP proftpd || :
+ /usr/sbin/rcproftpd reload
endscript
}
Index: contrib/dist/rpm/xinetd
===================================================================
--- contrib/dist/rpm/xinetd.orig
+++ contrib/dist/rpm/xinetd
@@ -2,13 +2,15 @@
# description: The ProFTPD FTP server
service ftp
{
- flags = REUSE
- socket_type = stream
- wait = no
- user = root
- server = /usr/sbin/in.proftpd
- log_on_success += DURATION
- log_on_failure += USERID
- nice = 10
- disable = yes
+ socket_type = stream
+ protocol = tcp
+ wait = no
+# bind = IP
+ instances = 30
+ user = root
+ server = /usr/sbin/in.proftpd
+ log_on_success += PID HOST USERID EXIT DURATION
+ log_on_failure += HOST USERID ATTEMPT
+# nice = 10
+ disable = yes
}

62
proftpd-ftpasswd.patch Normal file
View File

@ -0,0 +1,62 @@
Index: contrib/ftpasswd
===================================================================
--- contrib/ftpasswd.orig
+++ contrib/ftpasswd
@@ -32,8 +32,8 @@ use Getopt::Long;
$Getopt::Long::auto_abbrev = 0;
my $program = basename($0);
-my $default_passwd_file = "./ftpd.passwd";
-my $default_group_file = "./ftpd.group";
+my $default_passwd_file = "/etc/proftpd/auth/passwd";
+my $default_group_file = "/etc/proftpd/auth/group";
my $shell_file = "/etc/shells";
my $default_cracklib_dict = "/usr/lib/cracklib_dict";
my $cracklib_dict;
@@ -1218,6 +1218,46 @@ usage: $program [--help] [--hash|--group
--version
Displays the version of $program.
+Creating Files
+
+The ftpasswd program can create and update files for both AuthUserFile and
+ AuthGroupFile. When it is used for the first time, the program will create
+ the necessary file. If that file already exists, ftpasswd will update it
+ with the new information.
+
+ftpasswd must first know what type of file to create. Use either the
+ --passwd option (for handling AuthUserFiles), or the --group option
+ (for handling AuthGroupFiles); this is required.
+
+When creating an AuthUserFile, the following options are also
+ required: --name, --uid, --home, and --shell.
+ This information is required by proftpd to authenticate a user. The optional
+ parameters for an AuthUserFile include --gid
+ (defaults to the given --uid argument when not provided)
+ and --gecos (not used by proftpd at all). For example:
+
+ ftpasswd --passwd --name=bob --uid=1001 --home=/home/bob --shell=/bin/false
+
+creates an account for user bob.
+
+To create a file with a name or location other than the default
+ (which, for --passwd mode is /etc/proftpd/auth/passwd), use the --file option.
+
+For example, to create the alternate password file in /usr/local/etc/ftpd/passwd:
+
+ ftpasswd --passwd --file=/usr/local/etc/ftpd/passwd --name=bob --uid=1001 \
+ --home=/home/bob --shell=/bin/false
+
+For AuthGroupFiles, use --group:
+
+ ftpasswd --group --name=group-name --gid=group-id --member=user-member1 \
+ --member=user-member2 ... --member=user-memberN
+
+The most common change to these files is made to AuthUserFiles, to change
+ a user's password. The --change-password option was provided just for this scenario:
+
+ ftpasswd --passwd --name=user --change-password
+
END_OF_USAGE
exit 0;

6
proftpd-limit.template Normal file
View File

@ -0,0 +1,6 @@
### when you use spaces as separator then you can use it also with apache ;)
### just some examples
Allow from localhost 127.0.0.1 ::1
Allow from 1.2.3.4 5.6.7.8
Allow from .example.com .test.org
Allow from 2.3.4.5 11:22:33:44::/64

103
proftpd-no_BuildDate.patch Normal file
View File

@ -0,0 +1,103 @@
---
Makefile.in | 14 ++++++--------
contrib/mod_snmp/db.c | 2 +-
include/version.h | 2 --
src/main.c | 6 ++----
4 files changed, 9 insertions(+), 15 deletions(-)
Index: contrib/mod_snmp/db.c
===================================================================
--- contrib/mod_snmp/db.c.orig
+++ contrib/mod_snmp/db.c
@@ -1122,7 +1122,7 @@ int snmp_db_get_value(pool *p, unsigned
return 0;
case SNMP_DB_DAEMON_F_VERSION:
- *str_value = "ProFTPD Version " PROFTPD_VERSION_TEXT " (built at " BUILD_STAMP ")";
+ *str_value = "ProFTPD Version " PROFTPD_VERSION_TEXT;
*str_valuelen = strlen(*str_value);
pr_trace_msg(trace_channel, 19,
Index: src/main.c
===================================================================
--- src/main.c.orig
+++ src/main.c
@@ -1989,8 +1989,8 @@ static void standalone_main(void) {
exit(1);
}
- pr_log_pri(PR_LOG_NOTICE, "ProFTPD %s (built %s) standalone mode STARTUP",
- PROFTPD_VERSION_TEXT " " PR_STATUS, BUILD_STAMP);
+ pr_log_pri(PR_LOG_NOTICE, "ProFTPD %s standalone mode STARTUP",
+ PROFTPD_VERSION_TEXT " " PR_STATUS);
daemon_loop();
}
@@ -2145,7 +2145,6 @@ static void show_settings(void) {
show_os_release();
- printf("%s", " Built: " BUILD_STAMP "\n");
printf("%s", " Built With:\n configure " PR_BUILD_OPTS "\n\n");
printf("%s", " CFLAGS: " PR_BUILD_CFLAGS "\n");
@@ -2742,7 +2741,6 @@ int main(int argc, char *argv[], char **
if (show_version >= 2) {
printf("ProFTPD Version: %s", PROFTPD_VERSION_TEXT " " PR_STATUS "\n");
printf(" Scoreboard Version: %08x\n", PR_SCOREBOARD_VERSION);
- printf(" Built: %s\n\n", BUILD_STAMP);
modules_list2(NULL, PR_MODULES_LIST_FL_SHOW_VERSION);
Index: Makefile.in
===================================================================
--- Makefile.in.orig
+++ Makefile.in
@@ -47,17 +47,17 @@ include/buildstamp.h:
dummy:
-lib: include/buildstamp.h dummy
+lib: dummy
cd lib/ && $(MAKE) lib
-src: include/buildstamp.h dummy
+src: dummy
cd src/ && $(MAKE) src
-modules: include/buildstamp.h dummy
+modules: dummy
cd modules/ && $(MAKE) static
test -z "$(SHARED_MODULE_OBJS)" -a -z "$(SHARED_MODULE_DIRS)" || (cd modules/ && $(MAKE) shared)
-utils: include/buildstamp.h dummy
+utils: dummy
cd utils/ && $(MAKE) utils
clang-tidy:
@@ -66,10 +66,10 @@ clang-tidy:
-cd modules/ && $(MAKE) clang-tidy
# cd utils/ && $(MAKE) clang-tidy
-locale: include/buildstamp.h dummy
+locale: dummy
test -z "$(ENABLE_NLS)" || (cd locale/ && $(MAKE) locale)
-dirs: include/buildstamp.h dummy
+dirs: dummy
@dirs="$(DIRS)"; \
for dir in $$dirs; do \
if [ -d "$$dir" ]; then cd $$dir/ && $(MAKE); fi; \
Index: include/version.h
===================================================================
--- include/version.h.orig
+++ include/version.h
@@ -25,8 +25,6 @@
#ifndef PR_VERSION_H
#define PR_VERSION_H
-#include "buildstamp.h"
-
/* Application version (in various forms) */
#define PROFTPD_VERSION_NUMBER 0x0001030808
#define PROFTPD_VERSION_TEXT "1.3.8c"

16
proftpd-ssl.README Normal file
View File

@ -0,0 +1,16 @@
Place your CA.crt, crt and key file here and create sysmlinks like following ...
ssl
├── proftpd.cacert.pem -> CA.crt
├── proftpd.cert.pem -> wildcard.example.com.crt
├── proftpd.key.pem -> wildcard.example.com.pem
├── CA.crt
├── wildcard.example.com.crt
└── wildcard.example.com.pem
then:
copy conf.d/tls.template to conf.d/tls.conf
finally:
uncomment '#Include /etc/proftpd/conf.d/*.conf' in proftp.conf

16
proftpd-strip.patch Normal file
View File

@ -0,0 +1,16 @@
Index: ltmain.sh
===================================================================
--- ltmain.sh.orig
+++ ltmain.sh
@@ -2056,7 +2056,10 @@ func_mode_install ()
;;
esac
if test -n "$tstripme" && test -n "$striplib"; then
- func_show_eval "$striplib $destdir/$realname" 'exit $?'
+ #func_show_eval "$striplib $destdir/$realname" 'exit $?'
+ echo "strip patch"
+ func_quote_for_expand "$striplib $destdir/$realname"
+ func_echo $func_quote_for_expand_result
fi
if test "$#" -gt 0; then

42
proftpd-tls.template Normal file
View File

@ -0,0 +1,42 @@
###############################################################################
# http://www.proftpd.org/docs/contrib/mod_tls.html
###############################################################################
<IfModule mod_dso.c>
# If mod_tls was built as a shared/DSO module, load it
LoadModule mod_tls.c
</IfModule>
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
# Support both SSLv3 and TLSv1, but they should not be used
# (known to be weak)
TLSProtocol TLSv1.1 TLSv1.2
# Are clients required to use FTP over TLS when talking to this server?
TLSRequired off
# Server's RSA certificate
TLSRSACertificateFile /etc/proftpd/ssl/proftpd.cert.pem
TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key.pem
# CA (or CA chain) to verify client certs
#TLSCACertificateFile /etc/proftpd/ssl/proftpd.cacert.pem
# CA (or CA chain) to verify certification path of server cert
TLSCertificateChainFile /etc/proftpd/ssl/proftpd.cacert.pem
# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotations. Some clients do not support
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
# clients will close the data connection, or there will be a timeout
# on an idle data connection.
TLSRenegotiate none
# Should Server request a Clients Certificate and send valid CA list ?
TLSOptions NoSessionReuseRequired
</IfModule>

839
proftpd.changes Normal file
View File

@ -0,0 +1,839 @@
-------------------------------------------------------------------
Thu Jan 9 17:25:19 UTC 2025 - chris@computersalat.de
- 1.3.8c - Released 11-Dec-2024
fix for boo#1233997 (CVE-2024-48651)
* http://proftpd.org/docs/NEWS-1.3.8c
gh#1830 - Supplemental group inheritance grants unintended access to GID 0
due to lack of supplemental groups from mod_sql
https://github.com/proftpd/proftpd/issues/1830
- rebase patch
* proftpd-no_BuildDate.patch
-------------------------------------------------------------------
Thu Feb 29 14:45:47 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN.
-------------------------------------------------------------------
Wed Jan 3 14:44:02 UTC 2024 - chris@computersalat.de
- Update changes file
* add missing boo#1218144 (CVE-2023-48795) info
* add missing CVE-2023-51713 info
-------------------------------------------------------------------
Wed Dec 27 21:52:11 UTC 2023 - chris@computersalat.de
- 1.3.8b - Released 19-Dec-2023
fix for boo#1218144 (CVE-2023-48795)
* http://proftpd.org/docs/NEWS-1.3.8b
* Implemented mitigations for "Terrapin" SSH attack (CVE-2023-48795).
- rebase patch
* proftpd-no_BuildDate.patch
-------------------------------------------------------------------
Thu Nov 2 16:24:34 UTC 2023 - chris@computersalat.de
- 1.3.8a - Released 08-Oct-2023
fix for boo#1218344 (CVE-2023-51713):
gh#1683 - Out-of-bounds buffer read when handling FTP commands.
https://github.com/proftpd/proftpd/issues/1683
* http://proftpd.org/docs/NEWS-1.3.8a
* Fixed builds when using OpenSSL 3.x
-------------------------------------------------------------------
Wed Jan 25 21:05:11 UTC 2023 - chris@computersalat.de
- 1.3.7f - Released 04-Dec-2022
* Issue 1533 - mod_tls module unexpectedly allows TLS handshake after
authentication in some configurations.
* Bug 4491 - unable to verify signed data: signature type 'rsa-sha2-512' does
not match publickey algorithm 'ssh-rsa'.
-------------------------------------------------------------------
Mon Jan 16 10:43:46 UTC 2023 - Stefan Schubert <schubi@suse.com>
- Migration of PAM settings to /usr/lib/pam.d.
-------------------------------------------------------------------
Thu Sep 1 19:28:50 UTC 2022 - chris@computersalat.de
- Update proftpd-basic.conf.patch
* remove obsolete config option, LoginPasswordPrompt
- rework proftpd-dist.patch
-------------------------------------------------------------------
Tue Aug 9 16:37:52 UTC 2022 - chris@computersalat.de
- 1.3.7e - Released 23-Jul-2022
* Issue 1448 - Ensure that mod_sftp algorithms work properly with OpenSSL 3.x.
- 1.3.7d - Released 23-Apr-2022
* Issue 1321 - Crash with long lines in AuthGroupFile due to large realloc(3).
* Issue 1325 - NLST does not behave consistently for relative paths.
* Issue 1346 - Implement AllowForeignAddress class matching for passive data
transfers.
* Bug 4467 - DeleteAbortedStores removes successfully transferred files
unexpectedly.
* Issue 1401 - Keepalive socket options should be set using IPPROTO_TCP, not
SOL_SOCKET.
* Issue 1402 - TCP keepalive SocketOptions should apply to control as well as
data connection.
* Issue 1396 - ProFTPD always uses the same PassivePorts port for first
transfer.
* Issue 1369 - Name-based virtual hosts not working as expected after upgrade
from 1.3.7a to 1.3.7b.
- rebase proftpd-no_BuildDate.patch
-------------------------------------------------------------------
Sun Mar 27 13:17:21 UTC 2022 - chris@computersalat.de
- fix deps for SLES
-------------------------------------------------------------------
Sat Mar 26 16:41:02 UTC 2022 - chris@computersalat.de
- remove configure --disable-static
-------------------------------------------------------------------
Tue Mar 1 18:37:02 UTC 2022 - chris@computersalat.de
- Update to version 1.3.7c:
* http://proftpd.org/docs/NEWS-1.3.7c
* http://proftpd.org/docs/RELEASE_NOTES-1.3.7c
- Update patches
* harden_proftpd.service.patch
* proftpd-ftpasswd.patch
* proftpd-no_BuildDate.patch
* proftpd.spec
* proftpd_env-script-interpreter.patch
-------------------------------------------------------------------
Wed Oct 20 13:16:36 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_proftpd.service.patch
Modified:
* proftpd.service
-------------------------------------------------------------------
Thu Nov 19 14:16:47 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 1.3.6e:
+ Invalid SCP command leads to null pointer dereference.
- Do not limit to openSSL < 1.1: proftpd has had support for
openSSL 1.1 sice version 1.3.6a.
- Rebase proftpd-no_BuildDate.patch.
-------------------------------------------------------------------
Fri Jun 5 11:02:29 UTC 2020 - chris@computersalat.de
- update to 1.3.6d
* Issue 857 - Fixed regression in the handling of `%{env:...}` configuration
variables when the environment variable is not present.
* Issue 940 - Second LIST of the same symlink shows different results.
* Issue 959 - FTPS uploads using TLSv1.3 are likely to fail unexpectedly.
* Issue 980 - mod_sftp sends broken response when CREATETIME attribute is
requested.
* Bug 4398 - Handle zero-length SFTP WRITE requests without error.
* Issue 1018 - PidFile should not be world-writable.
* Issue 1014 - TLSv1.3 handshake fails due to missing session ticket key on
some systems.
* Issue 1023 - Lowercased FTP commands not properly identified.
- rebase proftpd-no_BuildDate.patch
-------------------------------------------------------------------
Mon Feb 24 17:06:07 UTC 2020 - chris@computersalat.de
- fix for boo#1164572 (CVE-2020-9272, gh#902)
- fix for boo#1164574 (CVE-2020-9273, gh#903)
- update to 1.3.6c
* Fixed regression in directory listing latency (Issue #863).
* Detect OpenSSH-specific formatted SFTPHostKeys, and log hint for
converting them to supported format.
* Fixed use-after-free vulnerability during data transfers (Issue #903).
* Fixed out-of-bounds read in mod_cap by updating the bundled libcap
(Issue #902).
- remove obsolete proftpd-tls-crls-issue859.patch
- rebase patches
* proftpd-ftpasswd.patch
* proftpd-no_BuildDate.patch
* proftpd_env-script-interpreter.patch
-------------------------------------------------------------------
Sat Feb 1 17:25:05 UTC 2020 - chris@computersalat.de
- cleanup tls.template
* remove deprecated NoCertRequest from TLSOptions
-------------------------------------------------------------------
Sat Dec 28 20:45:30 UTC 2019 - chris@computersalat.de
- fix changes file
* add missing info about boo#1155834
* add missing info about boo#1154600
- fix for boo#1156210
* GeoIP has been discontinued by Maxmind
* remove module build for geoip
see https://support.maxmind.com/geolite-legacy-discontinuation-notice/
- fix for boo#1157803 (CVE-2019-19269), boo#1157798 (CVE-2019-19270)
* add upstream patch proftpd-tls-crls-issue859.patch
-------------------------------------------------------------------
Sun Nov 3 22:25:28 UTC 2019 - chris@computersalat.de
- fix for boo#1154600 (CVE-2019-18217, gh#846)
- update to 1.3.6b
* Fixed pre-authentication remote denial-of-service issue (Issue #846).
* Backported fix for building mod_sql_mysql using MySQL 8 (Issue #824).
- update to 1.3.6a
* Fixed symlink navigation (Bug#4332).
* Fixed building of mod_sftp using OpenSSL 1.1.x releases (Issue#674).
* Fixed SITE COPY honoring of <Limit> restrictions (Bug#4372).
* Fixed segfault on login when using mod_sftp + mod_sftp_pam (Issue#656).
* Fixed restarts when using mod_facl as a static module
- remove obsolete proftpd-CVE-2019-12815.patch
* included in 1.3.6a (Bug#4372)
- add proftpd_env-script-interpreter.patch
* RPMLINT fix for env-script-interpreter (Badness: 9)
-------------------------------------------------------------------
Sat Nov 2 18:12:51 UTC 2019 - Martin Hauke <mardnh@gmx.de>
- fix for boo#1155834
* Add missing Requires(pre): group(ftp) for Leap 15 and Tumbleweed
* Add missing Requires(pre): user(ftp) for Leap 15 and Tumbleweed
-------------------------------------------------------------------
Wed Oct 2 15:01:11 UTC 2019 - Bernhard Wiedemann <bwiedemann@suse.com>
- Update proftpd-dist.patch to use pam_keyinit.so (boo#1144056)
-------------------------------------------------------------------
Fri Aug 2 14:52:48 UTC 2019 - chris@computersalat.de
- fix for boo#1142281 (CVE-2019-12815, bpo#4372)
arbitrary file copy in mod_copy allows for remote code execution
and information disclosure without authentication
- add patch
* proftpd-CVE-2019-12815.patch
taken from:
- http://bugs.proftpd.org/show_bug.cgi?id=4372
- https://github.com/proftpd/proftpd/commit/a73dbfe3b61459e7c2806d5162b12f0957990cb3
-------------------------------------------------------------------
Mon Jul 1 13:50:01 UTC 2019 - chris@computersalat.de
- update changes file
* add missing info about bugzilla 1113041
-------------------------------------------------------------------
Tue Mar 26 11:35:53 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Fix the Factory build: select the appropriate OpenSSL version
to build with. (fix for boo#1113041)
-------------------------------------------------------------------
Wed Mar 20 18:46:47 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Reduce hard dependency on systemd to only that which is
necessary for building and installation.
- Modernize RPM macro use (%make_install, %tmpfiles_create).
- Strip emphasis from description and trim other platform mentions.
-------------------------------------------------------------------
Wed Jul 11 08:05:29 UTC 2018 - chris@computersalat.de
- update to 1.3.6
* Support for using Redis for caching, logging; see the doc/howto/Redis.html
documentation.
* Fixed mod_sql_postgres SSL support (Issue #415).
* Support building against LibreSSL instead of OpenSSL (Issue #361).
* Better support on AIX for login restraictions (Bug #4285).
* TimeoutLogin (and other timeouts) were not working properly for SFTP
connections (Bug#4299).
* Handling of the SIGILL and SIGINT signals, by the daemon process, now causes
the child processes to be terminated as well (Issue #461).
* RPM .spec file naming changed to conform to Fedora guidelines.
* Fix for "AllowChrootSymlinks off" checking each component for symlinks
(CVE-2017-7418).
-New Modules:
* mod_redis, mod_tls_redis, mod_wrap2_redis
With Redis now supported as a caching mechanism, similar to Memcache,
there are now Redis-using modules: mod_redis (for configuring the Redis
connection information), mod_tls_redis (for caching SSL sessions and
OCSP information using Redis), and mod_wrap2_redis (for using ACLs stored
in Redis).
-Changed Modules:
* mod_ban
The mod_ban module's BanCache directive can now use Redis-based caching;
see doc/contrib/mod_ban.html#BanCache.
-New Configuration Directives
* SQLPasswordArgon2, SQLPasswordScrypt
The key lengths for Argon2 and Scrypt-based passwords are now configurable
via these new directives; previously, the key length had been hardcoded
to be 32 bytes, which is not interoperable with all other implementations
(Issue #454).
-Changed Configuration Directives
* AllowChrootSymlinks
When "AllowChrootSymlinks off" was used, only the last portion of the
DefaultRoot path would be checked to see if it was a symlink. Now,
each component of the DefaultRoot path will be checked to see if it is
a symlink when "AllowChrootSymlinks off" is used.
* Include
The Include directive can now be used within a <Limit> section, e.g.:
<Limit LOGIN>
Include /path/to/allowed.txt
DenyAll
</Limit>
-API Changes
* A new JSON API has been added, for use by third-party modules.
- remove obsolete proftpd_include-in-limit-section.patch
- rebase patches
* proftpd-ftpasswd.patch
* proftpd-no_BuildDate.patch
-------------------------------------------------------------------
Tue Jul 10 11:57:58 UTC 2018 - chris@computersalat.de
- update to 1.3.5e
* Fixed SFTP issue with umac-64@openssh.com digest/MAC.
* Fixed regression with mod_sftp rekeying.
* Backported fix for "AllowChrootSymlinks off" checking each component
for symlinks (CVE-2017-7418).
- remove obsolete patch
* proftpd-AllowChrootSymlinks.patch (now included)
- rebase patches
* proftpd-dist.patch
* proftpd-no_BuildDate.patch
* proftpd_include-in-limit-section.patch
-------------------------------------------------------------------
Fri Jul 21 04:43:44 UTC 2017 - bwiedemann@suse.com
- Sort SHARED_MODS list to fix build compare (boo#1041090)
-------------------------------------------------------------------
Fri Jun 16 08:28:42 UTC 2017 - nmoudra@suse.com
- Removed xinetd service
-------------------------------------------------------------------
Fri Apr 7 20:49:37 UTC 2017 - chris@computersalat.de
- fix for boo#1032443 (CVE-2017-7418)
* AllowChrootSymlinks not enforced by replacing a path component
with a symbolic link
* add upstream commit (ecff21e0d0e84f35c299ef91d7fda088e516d4ed)
as proftpd-AllowChrootSymlinks.patch
- fix proftpd-tls.template
* reduce TLS protocols to TLSv1.1 and TLSv1.2
* disable TLSCACertificateFile
* add TLSCertificateChainFile
-------------------------------------------------------------------
Thu Mar 23 15:05:22 UTC 2017 - jengelh@inai.de
- Remove --with-pic, there are no static libs.
- Replace %__-type macro indirections.
- Replace old $RPM shell vars by macros.
-------------------------------------------------------------------
Mon Mar 6 22:32:07 UTC 2017 - chris@computersalat.de
- fix and update proftpd-basic.conf.patch
- add some sample config and templates for tls
* proftpd-tls.template
* proftpd-limit.conf
* proftpd-ssl.README
-------------------------------------------------------------------
Sun Feb 5 20:03:18 UTC 2017 - chris@computersalat.de
- backport upstream feature
* include-in-limit-section (gh#410)
* add proftpd_include-in-limit-section.patch
-------------------------------------------------------------------
Tue Jan 17 19:53:55 UTC 2017 - chris@computersalat.de
- update to 1.3.5d
* gh#4283 - All FTP logins treated as anonymous logins again. This is a
regression of gh#3307.
-------------------------------------------------------------------
Sun Jan 15 21:01:43 UTC 2017 - chris@computersalat.de
- update to 1.3.5c
* SSH rekey during authentication can cause issues with clients.
* Recursive SCP uploads of multiple directories not handled properly.
* LIST returns different results for file, depending on path syntax.
* "AuthAliasOnly on" in server config breaks anonymous logins.
* CapabilitiesEngine directive not honored for <IfUser>/<IfGroup>
sections.
* Support OpenSSL 1.1.x API.
* Memory leak when mod_facl is used.
-rebase proftpd-no_BuildDate.patch
-------------------------------------------------------------------
Sat Aug 27 22:42:48 UTC 2016 - chris@computersalat.de
- fix systemd vs SysVinit
-------------------------------------------------------------------
Sun May 8 22:05:07 UTC 2016 - jengelh@inai.de
- Remove redundant spec sections
- Ensure systemd-tmpfiles is called for the provied config file
-------------------------------------------------------------------
Sun May 8 19:25:45 UTC 2016 - chris@computersalat.de
- fix for boo#970890 (CVE-2016-3125)
- update to 1.3.5b:
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.5b
* SSH RSA hostkeys smaller than 2048 bits now work properly.
* MLSD response lines are now properly CRLF terminated.
* Fixed selection of DH groups from TLSDHParamFile.
- rebase proftpd-no_BuildDate.patch
-------------------------------------------------------------------
Sun May 31 18:54:45 UTC 2015 - chris@computersalat.de
- fix for boo#927290 (CVE-2015-3306)
- update to 1.3.5a:
See http://www.proftpd.org/docs/NEWS-1.3.5a
- rebase patches
* proftpd-ftpasswd.patch
* proftpd-no_BuildDate.patch
- remove gpg-offline dependency
- fix permissions on passwd file
* unable to use world-readable AuthUserFile '.../passwd' (perms 0644):
* 0644 -> 0440
-------------------------------------------------------------------
Mon Sep 1 22:04:02 UTC 2014 - andreas.stieger@gmx.de
- ProFTPD 1.3.5
* Added support for SHA-256, SHA-512 password hashes to the ftpasswd tool
* New Modules
mod_geoip, mod_log_forensic, mod_rlimit, mod_snmp, mod_dnsbl
* mod_sftp now supports ECC, ECDSA, ECDH
* Improved FIPS support in mod_sftp.
* mod_sftp module now honors the MaxStoreFileSize directive.
* Many new and changed configuration directives
- update proftpd-no_BuildDate.patch
-------------------------------------------------------------------
Mon Sep 1 19:00:57 UTC 2014 - andreas.stieger@gmx.de
- proftpd 1.3.4e:
Multiple other backported fix from the 1.3.5 branch.
See http://www.proftpd.org/docs/NEWS-1.3.4e
- The fix for the mod_sftp/mod_sftp_pam memory allocation
(CVE-2013-4359) contained in this release was previously patched
into the package.
- adjust proftpd-no_BuildDate.patch for context changes
- remove proftpd-sftp-kbdint-max-responses-bug3973.patch, upstream
-------------------------------------------------------------------
Tue Mar 25 19:56:04 UTC 2014 - crrodriguez@opensuse.org
- Remove tcpd-devel from buildRequires and mod_wrap.
support for tcp_wrappers style /etc/hosts.* is provided
by mod_wrap2_file instead, the latter does not require tcpd.
-------------------------------------------------------------------
Mon Mar 17 18:38:53 UTC 2014 - chris@computersalat.de
- fix for bnc#844183
* proftpd fails to start due to missing /run/proftpd
- add own tmpfiles.d file
* proftpd.tmpfile
-------------------------------------------------------------------
Thu Oct 3 20:48:44 UTC 2013 - chris@computersalat.de
- update to 1.3.4d
* Fixed broken build when using --disable-ipv6 configure option
* Fixed mod_sql "SQLAuthType Backend" MySQL issues
- fix for bnc#843444 (CVE-2013-4359)
* http://bugs.proftpd.org/show_bug.cgi?id=3973
* add proftpd-sftp-kbdint-max-responses-bug3973.patch
-------------------------------------------------------------------
Mon Jul 29 01:12:53 UTC 2013 - crrodriguez@opensuse.org
- Improve systemd service file
- use upstream tmpfiles.d file. related to [bnc#811793]
- Use /run instead of /var/run
-------------------------------------------------------------------
Wed May 1 20:35:19 UTC 2013 - chris@computersalat.de
- update to 1.3.4c
* Added Spanish translation.
* Fixed several mod_sftp issues, including SFTPPassPhraseProvider,
handling of symlinks for REALPATH requests, and response code logging.
* Fixed symlink race for creating directories when UserOwner is in effect.
* Increased performance of FTP directory listings.
- rebase and rename patches (remove version string)
* proftpd-1.3.4a-dist.patch -> proftpd-dist.patch
* proftpd-1.3.4a-ftpasswd.patch -> proftpd-ftpasswd.patch
* proftpd-1.3.4a-strip.patch -> proftpd-strip.patch
-------------------------------------------------------------------
Fri Feb 8 00:19:19 UTC 2013 - chris@computersalat.de
- fix proftpd.conf (rebase basic.conf patch)
* IdentLookups is now a seperate module
<IfModule mod_ident.c> IdentLookups on/off </IfModule>
is needed and module is not built cause crrodriguez disabled it.
-------------------------------------------------------------------
Thu Nov 29 19:03:00 CET 2012 - sbrabec@suse.cz
- Verify GPG signature.
-------------------------------------------------------------------
Fri Nov 2 15:15:25 UTC 2012 - chris@computersalat.de
- fix for bnc#787884
(https://bugzilla.novell.com/show_bug.cgi?id=787884)
* added extra Source proftpd.conf.tmpfile
-------------------------------------------------------------------
Thu Aug 30 17:33:30 UTC 2012 - crrodriguez@opensuse.org
- Disable ident lookups, this protocol is totally obsolete
and dangerous. (add --disable-ident)
- Fix debug info generation ( add --disable-strip)
-------------------------------------------------------------------
Wed Aug 29 21:51:49 UTC 2012 - crrodriguez@opensuse.org
- Add systemd unit
-------------------------------------------------------------------
Tue Aug 14 11:11:28 UTC 2012 - chris@computersalat.de
- update to 1.3.4b
+ Fixed mod_ldap segfault on login when LDAPUsers with no filters used.
+ Fixed sporadic SFTP upload issues for large files.
+ Fixed SSH2 handling for some clients (e.g. OpenVMS).
+ New FactsOptions directive; see doc/modules/mod_facts.html#FactsOptions
+ Fixed build errors on Tru64, AIX, Cygwin.
- add Source Signatuire (.asc) file
- add noBuildDate patch
- add lang pkg
* --enable-nls
- add configure option
* --enable-openssl, --with-lastlog
-------------------------------------------------------------------
Mon Dec 12 15:00:18 UTC 2011 - chris@computersalat.de
- update to 1.3.4a
+ Fixed mod_load/mod_wrap2 build issues.
- 1.3.4
+ New "NoEmptyFragments" TLSOption added; see the TLSOptions documentation
for details.
+ Improved configure script for cross-compiling.
+ Reworked the proftpd.spec RPM file
+ Fixed mod_sql_mysql "Alarm clock" bug on FreeBSD.
+ New "IgnoreSFTPSetTimes" SFTPOption added; see the SFTPOptions
documentation for details.
+ Fixed response pool use-after-free issue.
- for more info please see the RELEASE_NOTES file
- reworked patches
* now p0 patches
-------------------------------------------------------------------
Fri Nov 18 14:56:41 UTC 2011 - chris@computersalat.de
- fix for bnc#731347
* no (hostname -s) in post section
* reworked basic conf patch
-------------------------------------------------------------------
Fri Nov 11 13:13:57 UTC 2011 - chris@computersalat.de
- fix changelog
* RELEASE_NOTES-1.3.3g is lacking of important info
- fix for CVE-2011-4130 (bnc#729830)
* https://bugzilla.novell.com/show_bug.cgi?id=729830
(upstream) http://bugs.proftpd.org/show_bug.cgi?id=3711
=> fixed with version 1.3.3g
-------------------------------------------------------------------
Thu Nov 10 09:39:36 UTC 2011 - chris@computersalat.de
- update to 1.3.3g
(http://www.proftpd.org/docs/RELEASE_NOTES-1.3.3g)
+ New "NoEmptyFragments" TLSOption added; see the TLSOptions documentation
for details.
+ Fixed mod_sql_mysql "Alarm clock" bug on FreeBSD.
(http://www.proftpd.org/docs/NEWS-1.3.3g)
- Bug 3702 - ProFTPD with mod_sql_mysql dies of "Alarm clock" on FreeBSD.
- Bug 3704 - Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST attacks.
To disable this countermeasure, which may cause interoperability issues
with some clients, use the NoEmptyFragments TLSOption.
- Bug 3711 - Response pool use-after-free memory corruption error.
-------------------------------------------------------------------
Tue Oct 4 22:03:10 UTC 2011 - chris@computersalat.de
- update to 1.3.3f
+ Fixes segfault if mod_sql_mysql and "SQLAuthenticate groupsetfast"
configuration used.
+ Fixes mod_wrap syslog level (regression from Bug#3317).
+ Fixes mod_ifsession segfault if regular expression patterns used in
a <VirtualHost> section.
-------------------------------------------------------------------
Fri Apr 29 11:18:55 UTC 2011 - chris@computersalat.de
- push to Factory
o fix changelog (not in sequence)
o fix license (GPL -> GPLv2+)
o remove Author from description
o remove obsolete extra source proftpd.conf
-------------------------------------------------------------------
Fri Apr 8 22:08:55 UTC 2011 - chris@computersalat.de
- update to 1.3.3e
+ Display messages work properly again.
+ Fixes plaintext command injection vulnerability in FTPS implementation
(i.e. mod_tls). See http://bugs.proftpd.org/show_bug.cgi?id=3624 for
details.
+ Fixes CVE-2011-1137 (badly formed SSH messages cause DoS). See
http://bugs.proftpd.org/show_bug.cgi?id=3586 for details.
+ Performance improvements, especially during server startup/restarts.
-------------------------------------------------------------------
Sun Jan 30 20:40:10 UTC 2011 - chris@computersalat.de
- update to 1.3.3d
+ Fixed sql_prepare_where() buffer overflow (Bug#3536)
+ Fixed CPU spike when handling .ftpaccess files.
+ Fixed handling of SFTP uploads when compression is used.
-------------------------------------------------------------------
Fri Oct 22 23:26:10 UTC 2010 - mseben@gmail.com
- update to 1.3.3c
+ Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925)
+ Fixed directory traversal bug in mod_site_misc
+ Fixed SQLite authentications using "SQLAuthType Backend"
-------------------------------------------------------------------
Fri Oct 22 17:49:06 UTC 2010 - chris@computersalat.de
- clenaup spec
- fix doc pkg
o should not provide pkgconfig
-------------------------------------------------------------------
Fri Oct 15 14:13:43 UTC 2010 - chris@computersalat.de
- update to 1.3.3b
+ Fixed SFTP directory listing bug
+ Avoid corrupting utmpx databases on FreeBSD
+ Avoid null pointer dereferences during data transfers
+ Fixed "AuthAliasOnly on" anonymous logins
- rpmlint: no-pkg-config-provides
o add BuildReq pkg-config
- removed changes from spec
-------------------------------------------------------------------
Wed Jul 7 14:17:45 UTC 2010 - chris@computersalat.de
- update to 1.3.3a
+ Added Japanese translation
+ Many mod_sftp bugfixes
+ Fixed SSL_shutdown() errors caused by OpenSSL 0.9.8m and later
+ Fixed handling of utmp/utmpx format changes on FreeBSD
- rpmlint: self-obsoletion
-------------------------------------------------------------------
Wed May 5 14:01:02 UTC 2010 - mseben@novell.com
- fix build : dir-or-file-in-var-run badness : /var/run/proftpd dir
is marked as ghost and it is created in init script now
-------------------------------------------------------------------
Fri Apr 9 15:44:32 UTC 2010 - mseben@novell.com
- added ncurses-devel to buildrequires to fix ftptop message : "no
curses or ncurses library on this system"
-------------------------------------------------------------------
Fri Feb 26 16:01:47 UTC 2010 - chris@computersalat.de
- added info for "STABLE" versions only
-------------------------------------------------------------------
Thu Feb 25 00:14:20 UTC 2010 - chris@computersalat.de
- update to 1.3.3
o Fixed mod_ban whitelisting using mod_ifsession.
o Fixed per-user/group/class "HideFiles none" configurations.
- 1.3.3rc4
o Fixed mod_tls compilation using OpenSSL installations older
than 0.9.7.
o Fixed mod_sftp compilation on AIX.
o Fixed RADIUS authentication on 64-bit platforms
o Fixed memory leak in SCP downloads.
o New configuration directives
SQLPasswordUserSalt
The SQLPasswordUserSalt directive can be used to configure
per-user salt data to be added to the encrypted password
for a user. The salt can be the user name, or it can be
the result of a SQL query. More information can be found in
doc/contrib/mod_sql_passwd.html#SQLPasswordUserSalt.
-------------------------------------------------------------------
Wed Feb 10 16:10:32 CET 2010 - diego.ercolani@gmail.com
- update to 1.3.3rc3
- try to be compatible with osc :-)
-------------------------------------------------------------------
Sun Dec 20 19:39:10 UTC 2009 - chris@computersalat.de
- update to 1.3.2c
o Bug and regression fixes.
- removed obsolete CVE patch
-------------------------------------------------------------------
Mon Oct 26 12:35:29 UTC 2009 - mseben@novell.com
- fixed CVE-2009-3639 : mod_tls security issue (bnc#549740)
-------------------------------------------------------------------
Wed Sep 16 18:17:04 UTC 2009 - alexandre@exatati.com.br
- Update tarball to its upstream version without
bzipped patch;
- Removed blank spaces at enf of lines on spec file;
- Replaced tab characters on spec file.
-------------------------------------------------------------------
Wed Sep 16 11:20:20 UTC 2009 - chris@computersalat.de
- update to 1.3.2 (1.3.2a)
o many bugfixes, read ChangeLog or NEWS
o include 1.3.2a upstream patch
o removed old patches
* proftpd-1.3.1-umode_t.patch
* proftpd-1.3.1-O_CREAT.patch
* proftpd-1.3.1-libcap.patch
* proftpd-1.3.1-CVE-2009-0542.patch
* proftpd-1.3.1-CVE-2009-0543.patch
o reworked basic.conf.patch
- spec mods
o removed ^#-----
o removed {rel}
o clean
* rm -rf RPM_BUILD_ROOT
o added sub sqlite
- fixed deps
o BuildRequires: sqlite3-devel unixODBC-devel
- rpmlint
o description-shorter-than-summary
o source-or-patch-not-bzipped proftpd-1.3.2a.patch
-------------------------------------------------------------------
Tue Jul 7 22:21:50 CEST 2009 - chris@computersalat.de
- added proftpd.passwd
o it is an initial passwd for virtuser and
anonymous login works well with it :)
-------------------------------------------------------------------
Mon Jul 6 22:16:46 CEST 2009 - chris@computersalat.de
- added ftpasswd.patch
- rework of basic.conf patch
- removed README.AIX
-------------------------------------------------------------------
Thu Apr 16 01:54:23 CEST 2009 - chris@computersalat.de
- added basic.conf patch
- added dist.patch
o fix for xinetd, logrotate, pam
- some more subpackages
o ldap, mysql, pgsql, radius
- added ftpasswd for simple virtuser support
- added auth DIR /etc/proftpd/auth
o passwd for virtuser
- added conf.d DIR /etc/proftpd/conf.d
o configs for inclusion
- added log DIR /var/log/proftpd
- beautify init file
- beautify spec file
-------------------------------------------------------------------
Wed Feb 18 10:40:55 CET 2009 - mseben@suse.cz
- added proftpd.conf with uploads section
-------------------------------------------------------------------
Fri Feb 13 16:55:01 CET 2009 - mseben@suse.cz
- fixed sql injection vulnerability which allows remote attackers
to execute arbitrary SQL commands via a "%" character
CVE-2009-0542.patch (bnc#475316)
- fixed vulnerability which allows remote attackers to bypass SQL
injection protection mechanisms via invalid, encoded multibyte
characters CVE-2009-0543.patch (bnc#475316)
-------------------------------------------------------------------
Mon Jan 26 14:19:45 CET 2009 - mseben@suse.cz
- splitted HTML doc to proftpd-doc
- added %post and %postun macro to spec
-------------------------------------------------------------------
Thu Jan 22 13:58:33 CET 2009 - mseben@suse.cz
- fixed missing third argument in open function (*-O_CREAT.patch)
- disabled striping libraries (*-no_strip.patch)
- fixed configure script (*-umode_t.patch)
- added -DLDAP_DEPRECATED to CFLAGS because of deprecated ldap_init
function
- disabled contrib scripts for now
- fixed handling _LINUX_CAPABILITY_VERSION on newer linux kernel.
(proftpd-*-libcap.patch)
-------------------------------------------------------------------
Wed Aug 20 12:43:56 CEST 2008 - mrueckert@suse.de
- disabled debugging stuff for now
-------------------------------------------------------------------
Fri Oct 19 11:58:42 CEST 2007 - mrueckert@suse.de
- enabled missing modules (mod_ban,mod_wrap2*,mod_quota_radius)
and replaced the hardcoded value for --with-shared with a
dynamically generated list
-------------------------------------------------------------------
Sat Oct 6 03:42:39 CEST 2007 - mrueckert@suse.de
- update to 1.3.1:
Many bugfixes and new features like dynamic blacklisting of
clients, improved SQL handling, and quotas.
- added --enable-devel=coredump,nodaemon,nofork
- added devel subpackage for the headers
-------------------------------------------------------------------
Wed Nov 29 04:11:44 CET 2006 - mrueckert@suse.de
- update to 1.3.0a:
fixes a remote code execution. CVE-2006-5815
(http://bugs.proftpd.org/show_bug.cgi?id=2858)

222
proftpd.init Normal file
View File

@ -0,0 +1,222 @@
#! /bin/sh
# Copyright (c) 1995-2004 SUSE Linux AG, Nuernberg, Germany.
# All rights reserved.
#
# Author: Kurt Garloff
# Please send feedback to http://www.suse.de/feedback/
#
# /etc/init.d/proftpd
# and its symbolic link
# /(usr/)sbin/rcproftpd
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
### BEGIN INIT INFO
# Provides: proftpd
# Required-Start: $syslog $remote_fs
# Should-Start: $time ypbind sendmail
# Required-Stop: $syslog $remote_fs
# Should-Stop: $time ypbind sendmail
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: ProFTPD daemon
# Description: Start ProFTPD to allow XY and provide YZ
### END INIT INFO
#
# Note on runlevels:
# 0 - halt/poweroff 6 - reboot
# 1 - single user 2 - multiuser without network exported
# 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm)
#
# Note on script names:
# http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html
# A registry has been set up to manage the init script namespace.
# http://www.lanana.org/
# Please use the names already registered or register one or use a
# vendor prefix.
# Check for missing binaries (stale symlinks should not happen)
# Note: Special treatment of stop for LSB conformance
PROFTPD_BIN=/usr/sbin/proftpd
test -x $PROFTPD_BIN || { echo "$PROFTPD_BIN not installed";
if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi; }
PROFTPD_RUNDIR=/var/run/proftpd
# Check for existence of needed config file and read it
#PROFTPD_CONFIG=/etc/sysconfig/proftpd
#test -r $PROFTPD_CONFIG || { echo "$PROFTPD_CONFIG not existing";
# if [ "$1" = "stop" ]; then exit 0;
# else exit 6; fi; }
#
# Read config
#. $PROFTPD_CONFIG
# Source LSB init functions
# providing start_daemon, killproc, pidofproc,
# log_success_msg, log_failure_msg and log_warning_msg.
# This is currently not used by UnitedLinux based distributions and
# not needed for init scripts for UnitedLinux only. If it is used,
# the functions from rc.status should not be sourced or used.
#. /lib/lsb/init-functions
# Shell functions sourced from /etc/rc.status:
# rc_check check and set local and overall rc status
# rc_status check and set local and overall rc status
# rc_status -v be verbose in local rc status and clear it afterwards
# rc_status -v -r ditto and clear both the local and overall rc status
# rc_status -s display "skipped" and exit with status 3
# rc_status -u display "unused" and exit with status 3
# rc_failed set local and overall rc status to failed
# rc_failed <num> set local and overall rc status to <num>
# rc_reset clear both the local and overall rc status
# rc_exit exit appropriate to overall rc status
# rc_active checks whether a service is activated by symlinks
. /etc/rc.status
# Reset status of this service
rc_reset
# Return values acc. to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - user had insufficient privileges
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
# 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl)
#
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signaling is not supported) are
# considered a success.
case "$1" in
start)
if [ ! -d $PROFTPD_RUNDIR ]; then
mkdir -p $PROFTPD_RUNDIR
fi
echo -n "Starting proftpd "
## Start daemon with startproc(8). If this fails
## the return value is set appropriately by startproc.
/sbin/startproc $PROFTPD_BIN
# Remember status and be verbose
rc_status -v
;;
stop)
echo -n "Shutting down proftpd "
## Stop daemon with killproc(8) and if this fails
## killproc sets the return value according to LSB.
/sbin/killproc -TERM $PROFTPD_BIN
# Remember status and be verbose
rc_status -v
;;
try-restart|condrestart)
## Do a restart only if the service was active before.
## Note: try-restart is now part of LSB (as of 1.9).
## RH has a similar command named condrestart.
if test "$1" = "condrestart"; then
echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
fi
$0 status
if test $? = 0; then
$0 restart
else
rc_reset # Not running is not a failure.
fi
# Remember status and be quiet
rc_status
;;
restart)
## Stop the service and regardless of whether it was
## running or not, start it again.
$0 stop
$0 start
# Remember status and be quiet
rc_status
;;
force-reload)
echo -n "Reload service proftpd "
## Signal the daemon to reload its config. Most daemons
## do this on signal 1 (SIGHUP).
## If it does not support it, restart the service if it
## is running.
# if it supports it:
/sbin/killproc -HUP $PROFTPD_BIN
#touch /var/run/proftpd.pid
# Remember status and be verbose
rc_status -v
## Otherwise:
#$0 try-restart
#rc_status
;;
reload)
echo -n "Reload service proftpd "
## Like force-reload, but if daemon does not support
## signaling, do nothing (!)
# If it supports signaling:
/sbin/killproc -HUP $PROFTPD_BIN
#touch /var/run/proftpd.pid
# Remember status and be verbose
rc_status -v
## Otherwise if it does not support reload:
#rc_failed 3
#rc_status -v
;;
status)
echo -n "Checking for service proftpd "
## Check status with checkproc(8), if process is running
## checkproc will return with exit status 0.
# Return value is slightly different for the status command:
# 0 - service up and running
# 1 - service dead, but /var/run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running (unused)
# 4 - service status unknown :-(
# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
# NOTE: checkproc returns LSB compliant status values.
/sbin/checkproc $PROFTPD_BIN
# NOTE: rc_status knows that we called this init script with
# "status" option and adapts its messages accordingly.
# Remember status and be verbose
rc_status -v
;;
probe)
## Optional: Probe for the necessity of a reload, print out the
## argument to this init script which is required for a reload.
## Note: probe is not (yet) part of LSB (as of 1.9)
test /etc/proftpd/proftpd.conf -nt $PROFTPD_RUNDIR/proftpd.pid && echo reload
;;
*)
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
exit 1
;;
esac
rc_exit

33
proftpd.keyring Normal file
View File

@ -0,0 +1,33 @@
pub 1024D/A511976A 2002-05-12
uid TJ Saunders <tj@castaglia.org>
sub 2048g/8C26F9DE 2002-05-12
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.19 (GNU/Linux)
mQGiBDze4PkRBADtl8nbLuIgZkIdl6fUj9/LOBXGrtP5B8cTgDjBlURronHtLzkQ
oHqNS8zmh5gmg8F6EMnCy6tqTGlQ3OylhY2u8fBUFJZk0RpaGYka0SI+hkNn/Hmu
GLXs4+5RKIuL1lp1DFv2L2S+Qp3xFs0vYJsrdi7nRhM1/LqN9S0pr2/i9QCg/5bD
AMS9qiVZvd7E0464cWWUXDsD/2z7fwPUFD23bHGSpifSl8jOqUuOWf5lhJqXLpHZ
TnSsO+rOi5dXdB1fPwgvwFnv7akFStTpXaRq1XdB33/QTwWNO3DBXKe8VkBivXTY
nWHLiktQwoY06Ws6r2cYxfgRhoHBSQFR/e1OhURaV8d0nSZsISrUyOREAYFUZT0L
s0jHBADcNSLHoehRf69mBEh3SMk+hiNse8r0VTcE6aJ5AISE6famDQw9cQh8gdmf
R5LrN/QbF4qQ2jWrfzhkVB6oslyghk3KCncFMnmT/4QpPVfSeTon3yM0Sz9Gtr2Q
YRp6Qhy7RgnoJ35bMaleww18WKOJtS840PRikboy5XFXt14gvbQeVEogU2F1bmRl
cnMgPHRqQGNhc3RhZ2xpYS5vcmc+iFYEEBECAA4FAjze4PkECwMBAgIZAQASCRC3
jok/pRGXagdlR1BHAAEB4EMAoL0MfmR26WnBxfQAUFD1bMnSO95EAKC1jnqqe9Xq
TPTsGWOZwNGc13nTmLkCDQQ83uD7EAgA9kJXtwh/CBdyorrWqULzBej5UxE5T7bx
brlLOCDaAadWoxTpj0BV89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJP
PT2N286Z4VeSWc39uK50T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrU
GvC/RgBYK+X0iP1YTknbzSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVb
GI2Ou1WMuF040zT9fBdXQ6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcp
esqVDNmWn6vQClCbAkbTCD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwACAgf+ORAr
y8LE18PVKiJk9/bpZ+LzSQ/kgNKDjqRsqT8HOFjToIpbbY1lOBErEr7OedJGK3ra
g1q8vD+kNK4MZdNcEeIcaMG7TnArOJ4zNZzKBQQzZp8hdv8heirfhJtb5MdFO2MI
N2+I9OoeUXNX1GVxYQJkuHpvsbqbZ6P2bRYwPUmnSAy6y2yy3ZmTZDD6ItaUaTIA
JbT8myTljeO4vz80nWldpUZfVtwkCRczjL7GYvwGbg1DZ45ND1pq9Kp5jqybevYw
d2a/7es+PgWQxy6qRFW3j95lm9Dd7ha29trziinxZ5GevUgyPIcs5SCQUG+cb5Yb
VUpLxGrHLKoW/mdBCYhOBBgRAgAGBQI83uD7ABIJELeOiT+lEZdqB2VHUEcAAQE1
CwCdGzQx8HHoe2O+tc3ymntAdNl7kLYAoNN0gN75bS/ZWBrKrLR0ne6JAdkO
=X5Db
-----END PGP PUBLIC KEY BLOCK-----

1
proftpd.passwd Normal file
View File

@ -0,0 +1 @@
ftp:$1$Qirpijna$Z9ocX/jIH/kpBppMFyI451:49:49::/srv/ftp:/bin/false

22
proftpd.service Normal file
View File

@ -0,0 +1,22 @@
[Unit]
Description=ProFTPd FTP server
After=systemd-user-sessions.service network.target nss-lookup.target local-fs.target remote-fs.target
[Service]
# added automatically, for details please see
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
ProtectSystem=full
PrivateDevices=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
RestrictRealtime=true
# end of automatic additions
ExecStart=/usr/sbin/proftpd --nodaemon
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target

381
proftpd.spec Normal file
View File

@ -0,0 +1,381 @@
#
# spec file for package proftpd
#
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define with_redis 1
%define with_sodium 1
%if 0%{?suse_version} == 1315 || 0%{?suse_version} == 1500
%define with_redis 0
%endif
%if 0%{?suse_version} == 1315
%define with_sodium 0
%endif
Name: proftpd
Summary: Configurable GPL-licensed FTP server software
# Please save your time and do not update to "rc" versions.
# We only accept updates for "STABLE" Versions
License: GPL-2.0-or-later
Group: Productivity/Networking/Ftp/Servers
Version: 1.3.8c
Release: 0
URL: http://www.proftpd.org/
Source0: ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz
Source1: ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz.asc
Source11: %{name}.init
Source12: %{name}.passwd
Source13: %{name}.service
Source14: %{name}.tmpfile
Source15: %{name}.keyring
Source16: %{name}-tls.template
Source17: %{name}-limit.template
Source18: %{name}-ssl.README
#PATCH-FIX-openSUSE: pam, logrotate, xinet
Patch100: %{name}-dist.patch
#PATCH-FIX-openSUSE: provide a useful default config
Patch101: %{name}-basic.conf.patch
#PATCH-FIX: provide more info on usage ;)
Patch102: %{name}-ftpasswd.patch
#PATCH-FIX: fix strip
Patch103: %{name}-strip.patch
#PATCH-FIX-openSUSE: file-contains-date-and-time
Patch104: %{name}-no_BuildDate.patch
#RPMLINT-FIX-openSUSE: env-script-interpreter
Patch105: %{name}_env-script-interpreter.patch
#openSUSE:Security_Features#Systemd_hardening_effort
Patch106: harden_proftpd.service.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
#BuildRequires: gpg-offline
BuildRequires: cyrus-sasl-devel
BuildRequires: fdupes
BuildRequires: gcc-c++
%if 0%{?with_redis}
BuildRequires: hiredis-devel
%endif
BuildRequires: krb5-devel
BuildRequires: libacl-devel
BuildRequires: libattr-devel
BuildRequires: libmemcached-devel
#BuildRequires: libGeoIP-devel
BuildRequires: libmysqld-devel
%if 0%{?with_sodium}
BuildRequires: libsodium-devel
%endif
BuildRequires: ncurses-devel
BuildRequires: openldap2-devel
BuildRequires: pam-devel
BuildRequires: pcre-devel
BuildRequires: pkg-config
BuildRequires: postgresql-devel
BuildRequires: sqlite3-devel
BuildRequires: unixODBC-devel
BuildRequires: pkgconfig(libssl)
Requires: logrotate
%if 0%{?lang_package:1} > 0
Recommends: %{name}-lang
%endif
%if 0%{?suse_version} >= 1210
BuildRequires: systemd-rpm-macros
%{?systemd_ordering}
%define has_systemd 1
%else
Requires(pre): %insserv_prereq
%endif
%if 0%{?suse_version} >= 1330
Requires(pre): group(ftp)
Requires(pre): user(ftp)
%endif
%description
ProFTPD is a configurable FTP daemon for Unix and Unix-like
operating systems.
%{?lang_package}
%package devel
Summary: Development files for ProFTPD
Group: Development/Libraries/C and C++
Requires: %{name} = %{version}
%description devel
This package contains Development files for ProFTPD
%package ldap
Summary: LDAP Module for ProFTPD
Group: Productivity/Networking/Ftp/Servers
Requires: %{name} = %{version}
%description ldap
This is the LDAP Module for ProFTPD
%package mysql
Summary: MySQL Module for ProFTPD
Group: Productivity/Networking/Ftp/Servers
Requires: %{name} = %{version}
%description mysql
This is the MySQL Module for ProFTPD
%package pgsql
Summary: PostgreSQL Module for ProFTPD
Group: Productivity/Networking/Ftp/Servers
Requires: %{name} = %{version}
%description pgsql
This is the PostgreSQL Module for ProFTPD
%package radius
Summary: Radius Module for ProFTPD
Group: Productivity/Networking/Ftp/Servers
Requires: %{name} = %{version}
%description radius
This is the Radius Module for ProFTPD
%package sqlite
Summary: SQLite Module for ProFTPD
Group: Productivity/Networking/Ftp/Servers
Requires: %{name} = %{version}
%description sqlite
This is the SQLite Module for ProFTPD
%package doc
Summary: Documentation for ProFTPD
Group: Documentation/HTML
Requires: %{name} = %{version}
%description doc
Here are Documentation for ProFTPD
%prep
%autosetup -p0
rm README.AIX README.cygwin README.FreeBSD README.Solaris2.5x README.Unixware
%build
rm contrib/mod_wrap.c
rm contrib/mod_geoip.c
PROFTPD_SHARED_MODS="$(for spec_mod in $(find contrib -name mod_\*.c|sort); do echo "$(basename ${spec_mod%%.c})"; done | tr '\n' ':' | sed -e 's|:$||')"
export CFLAGS="%{optflags} -D_GNU_SOURCE -DLDAP_DEPRECATED"
export CXXFLAGS="$CFLAGS"
%configure \
--bindir=%{_sbindir} \
--libexecdir=%{_libdir}/%{name} \
--sysconfdir=%{_sysconfdir}/%{name} \
%if 0%{?has_systemd}
--localstatedir=/run/%{name} \
%else
--localstatedir=%{_localstatedir}/run/%{name} \
%endif
--enable-sendfile \
--enable-ctrls \
--enable-dso \
--enable-facl \
--enable-ipv6 \
--enable-memcache \
--enable-nls \
--enable-openssl \
--enable-pcre \
%if 0%{?with_redis}
--enable-redis \
%endif
--enable-shadow \
--with-lastlog \
--with-includes="%{_includedir}/mysql:%{_includedir}/pgsql" \
--with-shared="${PROFTPD_SHARED_MODS}" \
--disable-ident \
--disable-strip
# --enable-memcache \
# --enable-pcre \
# --enable-redis \
# --enable-shadow \
make %{?_smp_mflags}
%install
%make_install INSTALL_USER=`id -un` INSTALL_GROUP=`id -gn`
%if 0%{?suse_version} > 1500
mkdir -p %{buildroot}%{_pam_vendordir}
install -D -m 0644 contrib/dist/rpm/ftp.pamd %{buildroot}/%{_pam_vendordir}/%{name}
%else
install -D -m 0644 contrib/dist/rpm/ftp.pamd %{buildroot}/%{_sysconfdir}/pam.d/%{name}
%endif
install -D -m 0644 contrib/dist/rpm/%{name}.logrotate %{buildroot}/%{_sysconfdir}/logrotate.d/%{name}
#
rm -fv %{buildroot}/%{_libdir}/%{name}/*.{a,la}
# install ftpasswd
install -D -m 0755 contrib/ftpasswd %{buildroot}/%{_sbindir}/
# some needed dirs
install -D -m 0440 %{S:12} %{buildroot}/%{_sysconfdir}/%{name}/auth/passwd
install -D -m 0644 %{S:16} %{buildroot}/%{_sysconfdir}/%{name}/conf.d/tls.template
install -D -m 0644 %{S:18} %{buildroot}/%{_sysconfdir}/%{name}/conf.d/README
install -D -m 0644 %{S:17} %{buildroot}/%{_sysconfdir}/%{name}/includes/limit.template
install -D -m 0644 %{S:18} %{buildroot}/%{_sysconfdir}/%{name}/ssl/README
install -d -m 0750 %{buildroot}/var/log/%{name}
# systemd vs SysVinit
%if 0%{?has_systemd}
install -D -m 0644 %{S:13} %{buildroot}%{_unitdir}/%{name}.service
ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rc%{name}
# systemd need to create a tmp dir: /run/proftpd
install -D -m 0644 %{S:14} %{buildroot}%{_tmpfilesdir}/%{name}.conf
%else #SysVinit
install -D -m 0755 %{S:11} %{buildroot}/%{_sysconfdir}/init.d/%{name}
ln -sf %{_sysconfdir}/init.d/%{name} %{buildroot}/%{_sbindir}/rc%{name}
%endif
%fdupes -s %{buildroot}%{_sysconfdir}/%{name}
%find_lang %{name}
%pre
%if 0%{?has_systemd}
%service_add_pre %{name}.service
%endif
%if 0%{?suse_version} > 1500
# Prepare for migration to /usr/lib; save any old .rpmsave
for i in pam.d/proftpd ; do
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||:
done
%posttrans
# Migration to /usr/lib, restore just created .rpmsave
for i in pam.d/proftpd ; do
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||:
done
%endif
%preun
%if 0%{?has_systemd}
%service_del_preun %{name}.service
%else
%stop_on_removal %{name}
%endif
%post
%if 0%{?has_systemd}
%service_add_post %{name}.service
%tmpfiles_create %{_tmpfilesdir}/%{name}.conf
%else
%{fillup_and_insserv -f proftpd}
install -d %{_localstatedir}/run/%{name}
%endif
%postun
%if 0%{?has_systemd}
%service_del_postun %{name}.service
%else
%restart_on_update %{name}
%{insserv_cleanup}
%endif
%if 0%{?lang_package:1} > 0
%files lang -f %{name}.lang
%if 0%{?sles_version} == 11
%defattr(-,root,root)
%dir %{_datadir}/locale/bg_BG
%dir %{_datadir}/locale/bg_BG/LC_MESSAGES
%dir %{_datadir}/locale/ja_JP
%dir %{_datadir}/locale/ja_JP/LC_MESSAGES
%dir %{_datadir}/locale/ko_KR
%dir %{_datadir}/locale/ko_KR/LC_MESSAGES
%endif
%files
%else
%files -f %{name}.lang
%endif
%defattr(-,root,root)
%license COPYING
%doc CREDITS NEWS README* RELEASE_NOTES
%doc contrib/README.*
%doc sample-configurations/*.conf
%dir %attr(0755,root,root) %{_sysconfdir}/%{name}/
%dir %attr(0750,ftp,ftp) %{_sysconfdir}/%{name}/auth/
%config(noreplace) %attr(0440,root,ftp) %{_sysconfdir}/%{name}/auth/passwd
%dir %attr(0755,root,root) %{_sysconfdir}/%{name}/conf.d/
%config %{_sysconfdir}/%{name}/conf.d/tls.template
%config %{_sysconfdir}/%{name}/conf.d/README
%dir %attr(0755,root,root) %{_sysconfdir}/%{name}/includes/
%config %{_sysconfdir}/%{name}/includes/limit.template
%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/%{name}/%{name}.conf
%config %{_sysconfdir}/%{name}/PROFTPD-MIB.txt
%dir %attr(0700,ftp,ftp) %{_sysconfdir}/%{name}/ssl/
%config %{_sysconfdir}/%{name}/ssl/README
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%if 0%{?suse_version} > 1500
%{_pam_vendordir}/%{name}
%else
%config(noreplace) %{_sysconfdir}/pam.d/%{name}
%endif
%config(noreplace) %{_sysconfdir}/%{name}/blacklist.dat
%config(noreplace) %{_sysconfdir}/%{name}/dhparams.pem
%dir %attr(0750,root,root) %{_localstatedir}/log/%{name}
%{_sbindir}/*
%{_mandir}/man?/*
%dir %attr(0755,root,root) %{_libdir}/%{name}/
%{_libdir}/%{name}/*.so
%exclude %{_libdir}/%{name}/mod_ldap.so
%exclude %{_libdir}/%{name}/mod_sql_mysql.so
%exclude %{_libdir}/%{name}/mod_sql_postgres.so
%exclude %{_libdir}/%{name}/mod_radius.so
%exclude %{_libdir}/%{name}/mod_sql_sqlite.so
%if 0%{?has_systemd}
%{_unitdir}/%{name}.service
%{_tmpfilesdir}/%{name}.conf
%ghost %dir /run/%{name}
%else
%{_sysconfdir}/init.d/%{name}
%endif
%files devel
%defattr(-,root,root)
%{_includedir}/%{name}
%{_libdir}/pkgconfig/%{name}.pc
%files ldap
%defattr(-,root,root)
%{_libdir}/%{name}/mod_ldap.so
%files mysql
%defattr(-,root,root)
%{_libdir}/%{name}/mod_sql_mysql.so
%files pgsql
%defattr(-,root,root)
%{_libdir}/%{name}/mod_sql_postgres.so
%files radius
%defattr(-,root,root)
%{_libdir}/%{name}/mod_radius.so
%files sqlite
%defattr(-,root,root)
%{_libdir}/%{name}/mod_sql_sqlite.so
%files doc
%defattr(-,root,root)
%doc doc/*.html doc/contrib doc/howto doc/modules
%changelog

2
proftpd.tmpfile Normal file
View File

@ -0,0 +1,2 @@
# proFTPD needs a DIR
d /run/proftpd 0755 root root -

40
proftpd_env-script-interpreter.patch Normal file
View File

@ -0,0 +1,40 @@
Index: contrib/ftpasswd
===================================================================
--- contrib/ftpasswd.orig
+++ contrib/ftpasswd
@@ -1,4 +1,4 @@
-#!/usr/bin/env perl
+#!/usr/bin/perl
# ---------------------------------------------------------------------------
# Copyright (C) 2000-2021 TJ Saunders <tj@castaglia.org>
#
Index: contrib/ftpmail
===================================================================
--- contrib/ftpmail.orig
+++ contrib/ftpmail
@@ -1,4 +1,4 @@
-#!/usr/bin/env perl
+#!/usr/bin/perl
# ---------------------------------------------------------------------------
# Copyright (C) 2008-2017 TJ Saunders <tj@castaglia.org>
#
Index: contrib/ftpquota
===================================================================
--- contrib/ftpquota.orig
+++ contrib/ftpquota
@@ -1,4 +1,4 @@
-#!/usr/bin/env perl
+#!/usr/bin/perl
# -------------------------------------------------------------------------
# Copyright (C) 2000-2017 TJ Saunders <tj@castaglia.org>
#
Index: src/prxs.in
===================================================================
--- src/prxs.in.orig
+++ src/prxs.in
@@ -1,4 +1,4 @@
-#!/usr/bin/env perl
+#!/usr/bin/perl
# ---------------------------------------------------------------------------
# Copyright (C) 2008-2020 TJ Saunders <tj@castaglia.org>