pool/proftpd
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 66590 from openSUSE:Factory:Contrib

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/66590
OBS-URL: https://build.opensuse.org/package/show/network/proftpd?expand=0&rev=1
This commit is contained in:
Pavol Rusnak 2011-04-26 13:09:12 +00:00 committed by Git OBS Bridge
commit d1373698e2
12 changed files with 1246 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

61
proftpd-1.3.1-ftpasswd.patch Normal file
View File

@ -0,0 +1,61 @@
diff -ruN proftpd-1.3.1-orig/contrib/ftpasswd proftpd-1.3.1/contrib/ftpasswd
--- proftpd-1.3.1-orig/contrib/ftpasswd 2004-10-07 21:17:58.000000000 +0000
+++ proftpd-1.3.1/contrib/ftpasswd 2008-11-03 14:11:33.159343152 +0000
@@ -34,8 +34,8 @@
$Getopt::Long::auto_abbrev = 0;
my $program = basename($0);
-my $default_passwd_file = "./ftpd.passwd";
-my $default_group_file = "./ftpd.group";
+my $default_passwd_file = "/etc/proftpd/auth/passwd";
+my $default_group_file = "/etc/proftpd/auth/group";
my $shell_file = "/etc/shells";
my $default_cracklib_dict = "/usr/lib/cracklib_dict";
my $cracklib_dict;
@@ -882,6 +882,46 @@
--version
Displays the version of $program.
+Creating Files
+
+The ftpasswd program can create and update files for both AuthUserFile and
+ AuthGroupFile. When it is used for the first time, the program will create
+ the necessary file. If that file already exists, ftpasswd will update it
+ with the new information.
+
+ftpasswd must first know what type of file to create. Use either the
+ --passwd option (for handling AuthUserFiles), or the --group option
+ (for handling AuthGroupFiles); this is required.
+
+When creating an AuthUserFile, the following options are also
+ required: --name, --uid, --home, and --shell.
+ This information is required by proftpd to authenticate a user. The optional
+ parameters for an AuthUserFile include --gid
+ (defaults to the given --uid argument when not provided)
+ and --gecos (not used by proftpd at all). For example:
+
+ ftpasswd --passwd --name=bob --uid=1001 --home=/home/bob --shell=/bin/false
+
+creates an account for user bob.
+
+To create a file with a name or location other than the default
+ (which, for --passwd mode is /etc/proftpd/auth/passwd), use the --file option.
+
+For example, to create the alternate password file in /usr/local/etc/ftpd/passwd:
+
+ ftpasswd --passwd --file=/usr/local/etc/ftpd/passwd --name=bob --uid=1001 \
+ --home=/home/bob --shell=/bin/false
+
+For AuthGroupFiles, use --group:
+
+ ftpasswd --group --name=group-name --gid=group-id --member=user-member1 \
+ --member=user-member2 ... --member=user-memberN
+
+The most common change to these files is made to AuthUserFiles, to change
+ a user's password. The --change-password option was provided just for this scenario:
+
+ ftpasswd --passwd --name=user --change-password
+
END_OF_USAGE
exit 0;

257
proftpd-1.3.2a-basic.conf.patch Normal file
View File

@ -0,0 +1,257 @@
diff -ruN proftpd-1.3.2a-orig/sample-configurations/basic.conf proftpd-1.3.2a/sample-configurations/basic.conf
--- proftpd-1.3.2a-orig/sample-configurations/basic.conf 2008-01-21 18:44:06.000000000 +0100
+++ proftpd-1.3.2a/sample-configurations/basic.conf 2009-09-16 13:39:34.000000000 +0200
@@ -3,19 +3,29 @@
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
-ServerName "ProFTPD Default Installation"
-ServerType standalone
-DefaultServer on
+ServerName "ProFTPD on @HOST@"
+ServerType standalone
+DefaultServer on
# Port 21 is the standard FTP port.
-Port 21
+Port 21
+
+# FireWall PortRange for PASV
+PassivePorts 40000 40999
+
+# Set DebugLevel to values between 0 and 9
+# default is 0
+DebugLevel 0
+
+# SystemLog -- Redirect syslogging to a file
+SystemLog /var/log/proftpd/proftpd.log
# Don't use IPv6 support by default.
-UseIPv6 off
+UseIPv6 off
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
-Umask 022
+Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
@@ -23,43 +33,190 @@
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
-MaxInstances 30
+MaxInstances 30
# Set the user and group under which the server will run.
-User nobody
-Group nogroup
-
-# To cause every FTP user to be "jailed" (chrooted) into their home
-# directory, uncomment this line.
-#DefaultRoot ~
+User ftp
+Group ftp
-# Normally, we want files to be overwriteable.
-AllowOverwrite on
+# Some logging formats
+LogFormat default "%h %l %u %t \"%r\" %s %b"
+LogFormat auth "%v [%P] %h %t \"%r\" %s"
+LogFormat write "%h %l %u %t \"%r\" %s %b"
+
+# ------------------------------
+# Global Settings
+# ------------------------------
+<Global>
+
+ # ------------------------------
+ # Login
+ # ------------------------------
+
+ ServerIdent on "FTP server ready"
+ DeferWelcome on
+ #DisplayConnect /etc/proftpd/msg
+
+ IdentLookups off
+ UseFtpUsers off
+ RequireValidShell off
+
+ TimeoutLogin 60
+ MaxLoginAttempts 3
+ #MaxClientsPerHost none
+ #MaxClientsPerUser 1 "Only one connection at a time."
+
+ # ------------------------------
+ # Authentication
+ # ------------------------------
+
+ ### PAM Authentication
+ # AuthPAM: default: on
+ AuthPAM off
+
+ # changed AuthPAMConfig file
+ AuthPAMConfig proftpd
+ ### PAM Authentication
+
+ AuthUserFile /etc/proftpd/auth/passwd
+ AuthGroupFile /etc/group
+
+ ### order of auth modules
+ #AuthOrder mod_auth_unix.c mod_auth_file.c
+ AuthOrder mod_auth_file.c
+
+ # ------------------------------
+ # Post-Login
+ # ------------------------------
+
+ DisplayLogin welcome.msg
+ DisplayChdir .message
+ AllowOverride off
+
+ TimeoutIdle 600
+ TimeoutNoTransfer 900
+ TimeoutStalled 300
+ TimeoutSession 3600
+
+ # ------------------------------
+ # Session
+ # ------------------------------
+
+ # To cause every FTP user to be "jailed" (chrooted) into their home
+ # directory, uncomment this line.
+ DefaultRoot ~ web,!users
+
+ DenyFilter \*.*/
+ ListOptions "-A +R" strict
+ UseGlobbing off
+
+ ShowSymlinks on
+ TimesGMT on
+
+ # ------------------------------
+ # Up- & Download
+ # ------------------------------
+
+ # having to delete before uploading is a pain ;)
+ AllowOverwrite on
+ AllowRetrieveRestart on
+ HiddenStores on
+ DeleteAbortedStores on
+ #AllowStoreRestart off # is contrary to "DeleteAbortedStores"
+
+ # ------------------------------
+ # Logging
+ # ------------------------------
+
+ WtmpLog off
+ TransferLog /var/log/proftpd/xferlog
+
+ # Record all logins
+ ExtendedLog /var/log/proftpd/auth.log AUTH auth
+
+ # Logging file/dir access
+ ExtendedLog /var/log/proftpd/access.log WRITE,READ write
+
+ # Paranoia logging level....
+ ExtendedLog /var/log/proftpd/paranoid.log ALL default
+
+ # SQLLogFile
+ #SQLLogFile /var/log/proftpd/SQL.log
+</Global>
# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
DenyAll
</Limit>
+#####
+# Include other confs
+#Include /etc/proftpd/conf.d/*.conf
+
+#####
+
+# ------------------------------
+# Anonymous Settings
+# ------------------------------
# A basic anonymous configuration, no upload directories. If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
<Anonymous ~ftp>
- User ftp
- Group ftp
-
- # We want clients to be able to login with "anonymous" as well as "ftp"
- UserAlias anonymous ftp
-
- # Limit the maximum number of anonymous logins
- MaxClients 10
-
- # We want 'welcome.msg' displayed at login, and '.message' displayed
- # in each newly chdired directory.
- DisplayLogin welcome.msg
- DisplayChdir .message
-
- # Limit WRITE everywhere in the anonymous chroot
- <Limit WRITE>
- DenyAll
- </Limit>
+ # Limit LOGIN
+ #<Limit LOGIN>
+ # Order Allow,Deny
+ # Allow from .examples.net,113.141.114.1
+ # Deny from All
+ #</Limit>
+
+ # Limit WRITE everywhere in the anonymous chroot
+ <Limit WRITE>
+ DenyAll
+ </Limit>
+
+ # LoginPasswordPrompt -- Configure to display the passwort prompt or not
+ LoginPasswordPrompt off
+
+ # DirFakeMode -- Hide real file/directory permissions
+ DirFakeMode 0640
+
+ # DirFakeUser -- Hide real file/directory owner
+ DirFakeUser On
+
+ # DirFakeGroup -- Hide real file/directory group
+ DirFakeGroup On
+
+ # We want clients to be able to login with "anonymous" as well as "ftp"
+ UserAlias anonymous ftp
+
+ # Limit the maximum number of anonymous logins
+ MaxClients 10
+ #MaxRetrieveFileSize 512 Mb
+
+ # Limit Up/Downloads to 255 K/sec
+ #TransferRate APPE,RETR,STOR,STOU 255
+
+ # We want 'welcome.msg' displayed at login, and '.message' displayed
+ # in each newly chdired directory.
+ DisplayLogin welcome.msg
+ DisplayChdir .message
+
+ #<Directory pub>
+ # <Limit ALL>
+ # Order Allow,Deny
+ # Allow from .examples.net,113.141.114.1
+ # Deny from All
+ # </Limit>
+ #</Directory>
+
+ # An upload directory that allows storing files but not retrieving
+ # or creating directories.
+ #<Directory uploads/*>
+ # <Limit READ>
+ DenyAll
+ # </Limit>
+ # <Limit STOR>
+ AllowAll
+ # </Limit>
+ #</Directory>
</Anonymous>
+

88
proftpd-1.3.3-dist.patch Normal file
View File

@ -0,0 +1,88 @@
diff -Nur proftpd-1.3.3rc3.orig/contrib/dist/rpm/ftp.pamd proftpd-1.3.3rc3/contrib/dist/rpm/ftp.pamd
--- proftpd-1.3.3rc3.orig/contrib/dist/rpm/ftp.pamd 2007-10-04 04:25:03.000000000 +0200
+++ proftpd-1.3.3rc3/contrib/dist/rpm/ftp.pamd 2010-02-09 14:40:29.198747815 +0100
@@ -1,6 +1,7 @@
#%PAM-1.0
+
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
-auth required pam_unix.so shadow nullok
+#auth required pam_unix.so shadow nullok
# If this is enabled, anonymous logins will fail because the 'ftp' user does
# not have a "valid" shell, as listed in /etc/shells.
@@ -11,5 +12,8 @@
#
#auth required pam_shells.so
-account required pam_unix.so
-session required pam_unix.so
+auth required pam_unix2.so
+auth required pam_shells.so
+account required pam_unix2.so
+password required pam_unix2.so
+session required pam_unix2.so
diff -Nur proftpd-1.3.3rc3.orig/contrib/dist/rpm/proftpd.logrotate proftpd-1.3.3rc3/contrib/dist/rpm/proftpd.logrotate
--- proftpd-1.3.3rc3.orig/contrib/dist/rpm/proftpd.logrotate 2009-05-27 18:14:24.000000000 +0200
+++ proftpd-1.3.3rc3/contrib/dist/rpm/proftpd.logrotate 2010-02-09 14:41:59.734217959 +0100
@@ -1,7 +1,31 @@
-/var/log/xferlog {
- missingok
- notifempty
- postrotate
- kill -HUP `cat /var/run/proftpd.pid 2>/dev/null` 2>/dev/null || true
- endscript
-}
+/var/log/proftpd/xferlog /var/log/proftpd/proftpd.log {
+ compress
+ dateext
+ maxage 365
+ rotate 99
+ size=+4096k
+ notifempty
+ missingok
+ create 640 root root
+ sharedscripts
+ postrotate
+ /etc/init.d/proftpd reload
+ #/etc/init.d/xinetd reload
+ endscript
+ }
+
+#/var/log/proftpd/access.log /var/log/proftpd/auth.log /var/log/proftpd/paranoid.log {
+# compress
+# dateext
+# maxage 365
+# rotate 99
+# size=+4096k
+# notifempty
+# missingok
+# create 640 root root
+# sharedscripts
+# postrotate
+# /etc/init.d/proftpd reload
+# #/etc/init.d/xinetd reload
+# endscript
+#}
diff -Nur proftpd-1.3.3rc3.orig/contrib/dist/rpm/xinetd proftpd-1.3.3rc3/contrib/dist/rpm/xinetd
--- proftpd-1.3.3rc3.orig/contrib/dist/rpm/xinetd 2003-08-28 02:33:27.000000000 +0200
+++ proftpd-1.3.3rc3/contrib/dist/rpm/xinetd 2010-02-09 14:40:29.198747815 +0100
@@ -2,11 +2,15 @@
# description: The ProFTPD FTP server
service ftp
{
- flags = REUSE
socket_type = stream
+ protocol = tcp
wait = no
+# bind = IP
+ instances = 30
user = root
server = /usr/sbin/proftpd
- log_on_failure += USERID
- disable = no
+ log_on_success += PID HOST USERID EXIT DURATION
+ log_on_failure += HOST USERID ATTEMPT
+# nice = 10
+ disable = yes
}
I file proftpd-1.3.3rc3.orig/.ltmain.sh.rej.swp e proftpd-1.3.3rc3/.ltmain.sh.rej.swp sono diversi

15
proftpd-1.3.3-strip.patch Normal file
View File

@ -0,0 +1,15 @@
diff -Nur proftpd-1.3.3rc3.orig/ltmain.sh proftpd-1.3.3rc3/ltmain.sh
--- proftpd-1.3.3rc3.orig/ltmain.sh 2009-11-17 19:26:43.000000000 +0100
+++ proftpd-1.3.3rc3/ltmain.sh 2010-02-11 13:37:15.000000000 +0100
@@ -2056,7 +2056,10 @@
;;
esac
if test -n "$tstripme" && test -n "$striplib"; then
- func_show_eval "$striplib $destdir/$realname" 'exit $?'
+ #func_show_eval "$striplib $destdir/$realname" 'exit $?'
+ echo "strip patch"
+ func_quote_for_expand "$striplib $destdir/$realname"
+ func_echo $func_quote_for_expand_result
fi
if test "$#" -gt 0; then

3
proftpd-1.3.3e.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f6c65fe9fea6577ac309f4e9e36c80def271fa5c91c4053fb0758824506127b6
size 4180369

237
proftpd.changes Normal file
View File

@ -0,0 +1,237 @@
-------------------------------------------------------------------
Fri Apr 8 22:08:55 UTC 2011 - chris@computersalat.de
- update to 1.3.3e
+ Display messages work properly again.
+ Fixes plaintext command injection vulnerability in FTPS implementation
(i.e. mod_tls). See http://bugs.proftpd.org/show_bug.cgi?id=3624 for
details.
+ Fixes CVE-2011-1137 (badly formed SSH messages cause DoS). See
http://bugs.proftpd.org/show_bug.cgi?id=3586 for details.
+ Performance improvements, especially during server startup/restarts.
-------------------------------------------------------------------
Sun Jan 30 20:40:10 UTC 2011 - chris@computersalat.de
- update to 1.3.3d
+ Fixed sql_prepare_where() buffer overflow (Bug#3536)
+ Fixed CPU spike when handling .ftpaccess files.
+ Fixed handling of SFTP uploads when compression is used.
-------------------------------------------------------------------
Fri Oct 22 03:26:10 UTC 2010 - mseben@gmail.com
- update to 1.3.3c
+ Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925)
+ Fixed directory traversal bug in mod_site_misc
+ Fixed SQLite authentications using "SQLAuthType Backend"
-------------------------------------------------------------------
Fri Oct 22 17:49:06 UTC 2010 - chris@computersalat.de
- clenaup spec
- fix doc pkg
o should not provide pkgconfig
-------------------------------------------------------------------
Fri Oct 15 14:13:43 UTC 2010 - chris@computersalat.de
- update to 1.3.3b
+ Fixed SFTP directory listing bug
+ Avoid corrupting utmpx databases on FreeBSD
+ Avoid null pointer dereferences during data transfers
+ Fixed "AuthAliasOnly on" anonymous logins
- rpmlint: no-pkg-config-provides
o add BuildReq pkg-config
- removed changes from spec
-------------------------------------------------------------------
Wed Jul 7 14:17:45 UTC 2010 - chris@computersalat.de
- update to 1.3.3a
+ Added Japanese translation
+ Many mod_sftp bugfixes
+ Fixed SSL_shutdown() errors caused by OpenSSL 0.9.8m and later
+ Fixed handling of utmp/utmpx format changes on FreeBSD
- rpmlint: self-obsoletion
-------------------------------------------------------------------
Wed May 5 14:01:02 UTC 2010 - mseben@novell.com
- fix build : dir-or-file-in-var-run badness : /var/run/proftpd dir
is marked as ghost and it is created in init script now
-------------------------------------------------------------------
Fri Apr 9 15:44:32 UTC 2010 - mseben@novell.com
- added ncurses-devel to buildrequires to fix ftptop message : "no
curses or ncurses library on this system"
-------------------------------------------------------------------
Fri Feb 26 16:01:47 UTC 2010 - chris@computersalat.de
- added info for "STABLE" versions only
-------------------------------------------------------------------
Thu Feb 25 00:14:20 UTC 2010 - chris@computersalat.de
- update to 1.3.3
o Fixed mod_ban whitelisting using mod_ifsession.
o Fixed per-user/group/class "HideFiles none" configurations.
- 1.3.3rc4
o Fixed mod_tls compilation using OpenSSL installations older
than 0.9.7.
o Fixed mod_sftp compilation on AIX.
o Fixed RADIUS authentication on 64-bit platforms
o Fixed memory leak in SCP downloads.
o New configuration directives
SQLPasswordUserSalt
The SQLPasswordUserSalt directive can be used to configure
per-user salt data to be added to the encrypted password
for a user. The salt can be the user name, or it can be
the result of a SQL query. More information can be found in
doc/contrib/mod_sql_passwd.html#SQLPasswordUserSalt.
-------------------------------------------------------------------
Wed Feb 10 16:10:32 CET 2010 - diego.ercolani@gmail.com
- update to 1.3.3rc3
- try to be compatible with osc :-)
-------------------------------------------------------------------
Sun Dec 20 19:39:10 UTC 2009 - chris@computersalat.de
- update to 1.3.2c
o Bug and regression fixes.
- removed obsolete CVE patch
-------------------------------------------------------------------
Mon Oct 26 12:35:29 UTC 2009 - mseben@novell.com
- fixed CVE-2009-3639 : mod_tls security issue (bnc#549740)
-------------------------------------------------------------------
Wed Sep 16 18:17:04 UTC 2009 - alexandre@exatati.com.br
- Update tarball to its upstream version without
bzipped patch;
- Removed blank spaces at enf of lines on spec file;
- Replaced tab characters on spec file.
-------------------------------------------------------------------
Wed Sep 16 11:20:20 UTC 2009 - chris@computersalat.de
- update to 1.3.2 (1.3.2a)
o many bugfixes, read ChangeLog or NEWS
o include 1.3.2a upstream patch
o removed old patches
* proftpd-1.3.1-umode_t.patch
* proftpd-1.3.1-O_CREAT.patch
* proftpd-1.3.1-libcap.patch
* proftpd-1.3.1-CVE-2009-0542.patch
* proftpd-1.3.1-CVE-2009-0543.patch
o reworked basic.conf.patch
- spec mods
o removed ^#-----
o removed {rel}
o clean
* rm -rf RPM_BUILD_ROOT
o added sub sqlite
- fixed deps
o BuildRequires: sqlite3-devel unixODBC-devel
- rpmlint
o description-shorter-than-summary
o source-or-patch-not-bzipped proftpd-1.3.2a.patch
-------------------------------------------------------------------
Tue Jul 7 22:21:50 CEST 2009 - chris@computersalat.de
- added proftpd.passwd
o it is an initial passwd for virtuser and
anonymous login works well with it :)
-------------------------------------------------------------------
Mon Jul 6 22:16:46 CEST 2009 - chris@computersalat.de
- added ftpasswd.patch
- rework of basic.conf patch
- removed README.AIX
-------------------------------------------------------------------
Thu Apr 16 01:54:23 CEST 2009 - chris@computersalat.de
- added basic.conf patch
- added dist.patch
o fix for xinetd, logrotate, pam
- some more subpackages
o ldap, mysql, pgsql, radius
- added ftpasswd for simple virtuser support
- added auth DIR /etc/proftpd/auth
o passwd for virtuser
- added conf.d DIR /etc/proftpd/conf.d
o configs for inclusion
- added log DIR /var/log/proftpd
- beautify init file
- beautify spec file
-------------------------------------------------------------------
Wed Feb 18 10:40:55 CET 2009 - mseben@suse.cz
- added proftpd.conf with uploads section
-------------------------------------------------------------------
Fri Feb 13 16:55:01 CET 2009 - mseben@suse.cz
- fixed sql injection vulnerability which allows remote attackers
to execute arbitrary SQL commands via a "%" character
CVE-2009-0542.patch (bnc#475316)
- fixed vulnerability which allows remote attackers to bypass SQL
injection protection mechanisms via invalid, encoded multibyte
characters CVE-2009-0543.patch (bnc#475316)
-------------------------------------------------------------------
Mon Jan 26 14:19:45 CET 2009 - mseben@suse.cz
- splitted HTML doc to proftpd-doc
- added %post and %postun macro to spec
-------------------------------------------------------------------
Thu Jan 22 13:58:33 CET 2009 - mseben@suse.cz
- fixed missing third argument in open function (*-O_CREAT.patch)
- disabled striping libraries (*-no_strip.patch)
- fixed configure script (*-umode_t.patch)
- added -DLDAP_DEPRECATED to CFLAGS because of deprecated ldap_init
function
- disabled contrib scripts for now
- fixed handling _LINUX_CAPABILITY_VERSION on newer linux kernel.
(proftpd-*-libcap.patch)
-------------------------------------------------------------------
Wed Aug 20 12:43:56 CEST 2008 - mrueckert@suse.de
- disabled debugging stuff for now
-------------------------------------------------------------------
Fri Oct 19 11:58:42 CEST 2007 - mrueckert@suse.de
- enabled missing modules (mod_ban,mod_wrap2*,mod_quota_radius)
and replaced the hardcoded value for --with-shared with a
dynamically generated list
-------------------------------------------------------------------
Sat Oct 6 03:42:39 CEST 2007 - mrueckert@suse.de
- update to 1.3.1:
Many bugfixes and new features like dynamic blacklisting of
clients, improved SQL handling, and quotas.
- added --enable-devel=coredump,nodaemon,nofork
- added devel subpackage for the headers
-------------------------------------------------------------------
Wed Nov 29 04:11:44 CET 2006 - mrueckert@suse.de
- update to 1.3.0a:
fixes a remote code execution. CVE-2006-5815
(http://bugs.proftpd.org/show_bug.cgi?id=2858)

71
proftpd.conf Normal file
View File

@ -0,0 +1,71 @@
# This sample configuration file illustrates configuring two
# anonymous directories, and a guest (same thing as anonymous but
# requires a valid password to login)
ServerName "ProFTPD Anonymous Server"
ServerType standalone
DefaultServer on
# Port 21 is the standard FTP port.
Port 21
# If you don't want normal users logging in at all, uncomment this
# next section
#<Limit LOGIN>
# DenyAll
#</Limit>
# Set the user and group that the server normally runs at.
User nobody
Group nogroup
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Set the maximum number of seconds a data connection is allowed
# to "stall" before being aborted.
TimeoutStalled 300
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayChdir .message
# Our "basic" anonymous configuration
<Anonymous ~ftp>
# Allow logins if they are disabled above.
<Limit LOGIN>
AllowAll
</Limit>
# Maximum clients with message
MaxClients 5 "Sorry, max %m users -- try again later"
User ftp
Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>
# An upload directory that allows storing files but not retrieving
# or creating directories.
#<Directory uploads/*>
#<Limit READ>
# DenyAll
#</Limit>
#
#<Limit STOR>
# AllowAll
#</Limit>
#</Directory>
</Anonymous>

222
proftpd.init Normal file
View File

@ -0,0 +1,222 @@
#! /bin/sh
# Copyright (c) 1995-2004 SUSE Linux AG, Nuernberg, Germany.
# All rights reserved.
#
# Author: Kurt Garloff
# Please send feedback to http://www.suse.de/feedback/
#
# /etc/init.d/proftpd
# and its symbolic link
# /(usr/)sbin/rcproftpd
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
### BEGIN INIT INFO
# Provides: proftpd
# Required-Start: $syslog $remote_fs
# Should-Start: $time ypbind sendmail
# Required-Stop: $syslog $remote_fs
# Should-Stop: $time ypbind sendmail
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: ProFTPD daemon
# Description: Start ProFTPD to allow XY and provide YZ
### END INIT INFO
#
# Note on runlevels:
# 0 - halt/poweroff 6 - reboot
# 1 - single user 2 - multiuser without network exported
# 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm)
#
# Note on script names:
# http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html
# A registry has been set up to manage the init script namespace.
# http://www.lanana.org/
# Please use the names already registered or register one or use a
# vendor prefix.
# Check for missing binaries (stale symlinks should not happen)
# Note: Special treatment of stop for LSB conformance
PROFTPD_BIN=/usr/sbin/proftpd
test -x $PROFTPD_BIN || { echo "$PROFTPD_BIN not installed";
if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi; }
PROFTPD_RUNDIR=/var/run/proftpd
# Check for existence of needed config file and read it
#PROFTPD_CONFIG=/etc/sysconfig/proftpd
#test -r $PROFTPD_CONFIG || { echo "$PROFTPD_CONFIG not existing";
# if [ "$1" = "stop" ]; then exit 0;
# else exit 6; fi; }
#
# Read config
#. $PROFTPD_CONFIG
# Source LSB init functions
# providing start_daemon, killproc, pidofproc,
# log_success_msg, log_failure_msg and log_warning_msg.
# This is currently not used by UnitedLinux based distributions and
# not needed for init scripts for UnitedLinux only. If it is used,
# the functions from rc.status should not be sourced or used.
#. /lib/lsb/init-functions
# Shell functions sourced from /etc/rc.status:
# rc_check check and set local and overall rc status
# rc_status check and set local and overall rc status
# rc_status -v be verbose in local rc status and clear it afterwards
# rc_status -v -r ditto and clear both the local and overall rc status
# rc_status -s display "skipped" and exit with status 3
# rc_status -u display "unused" and exit with status 3
# rc_failed set local and overall rc status to failed
# rc_failed <num> set local and overall rc status to <num>
# rc_reset clear both the local and overall rc status
# rc_exit exit appropriate to overall rc status
# rc_active checks whether a service is activated by symlinks
. /etc/rc.status
# Reset status of this service
rc_reset
# Return values acc. to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - user had insufficient privileges
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
# 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl)
#
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signaling is not supported) are
# considered a success.
case "$1" in
start)
if [ ! -d $PROFTPD_RUNDIR ]; then
mkdir -p $PROFTPD_RUNDIR
fi
echo -n "Starting proftpd "
## Start daemon with startproc(8). If this fails
## the return value is set appropriately by startproc.
/sbin/startproc $PROFTPD_BIN
# Remember status and be verbose
rc_status -v
;;
stop)
echo -n "Shutting down proftpd "
## Stop daemon with killproc(8) and if this fails
## killproc sets the return value according to LSB.
/sbin/killproc -TERM $PROFTPD_BIN
# Remember status and be verbose
rc_status -v
;;
try-restart|condrestart)
## Do a restart only if the service was active before.
## Note: try-restart is now part of LSB (as of 1.9).
## RH has a similar command named condrestart.
if test "$1" = "condrestart"; then
echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
fi
$0 status
if test $? = 0; then
$0 restart
else
rc_reset # Not running is not a failure.
fi
# Remember status and be quiet
rc_status
;;
restart)
## Stop the service and regardless of whether it was
## running or not, start it again.
$0 stop
$0 start
# Remember status and be quiet
rc_status
;;
force-reload)
echo -n "Reload service proftpd "
## Signal the daemon to reload its config. Most daemons
## do this on signal 1 (SIGHUP).
## If it does not support it, restart the service if it
## is running.
# if it supports it:
/sbin/killproc -HUP $PROFTPD_BIN
#touch /var/run/proftpd.pid
# Remember status and be verbose
rc_status -v
## Otherwise:
#$0 try-restart
#rc_status
;;
reload)
echo -n "Reload service proftpd "
## Like force-reload, but if daemon does not support
## signaling, do nothing (!)
# If it supports signaling:
/sbin/killproc -HUP $PROFTPD_BIN
#touch /var/run/proftpd.pid
# Remember status and be verbose
rc_status -v
## Otherwise if it does not support reload:
#rc_failed 3
#rc_status -v
;;
status)
echo -n "Checking for service proftpd "
## Check status with checkproc(8), if process is running
## checkproc will return with exit status 0.
# Return value is slightly different for the status command:
# 0 - service up and running
# 1 - service dead, but /var/run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running (unused)
# 4 - service status unknown :-(
# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
# NOTE: checkproc returns LSB compliant status values.
/sbin/checkproc $PROFTPD_BIN
# NOTE: rc_status knows that we called this init script with
# "status" option and adapts its messages accordingly.
# Remember status and be verbose
rc_status -v
;;
probe)
## Optional: Probe for the necessity of a reload, print out the
## argument to this init script which is required for a reload.
## Note: probe is not (yet) part of LSB (as of 1.9)
test /etc/proftpd/proftpd.conf -nt $PROFTPD_RUNDIR/proftpd.pid && echo reload
;;
*)
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
exit 1
;;
esac
rc_exit

1
proftpd.passwd Normal file
View File

@ -0,0 +1 @@
ftp:$1$Qirpijna$Z9ocX/jIH/kpBppMFyI451:49:49::/srv/ftp:/bin/false

267
proftpd.spec Normal file
View File

@ -0,0 +1,267 @@
#
# spec file for package proftpd
#
# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: proftpd
Summary: Highly configurable GPL-licensed FTP server software
# Please save your time and do not update to "rc" versions.
# We only accept updates for "STABLE" Versions
Version: 1.3.3e
Release: 1
License: GPL
Group: Productivity/Networking/Ftp/Servers
Autoreqprov: on
Url: http://www.proftpd.org/
Source: ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.bz2
Source1: %{name}.init
Source2: %{name}.passwd
#PATCH-FIX-UPSTREAM CVE-2009-3639 fix mod_tls security issue (bnc#549740)
Patch100: %{name}-1.3.3-dist.patch
Patch101: %{name}-1.3.2a-basic.conf.patch
Patch102: %{name}-1.3.1-ftpasswd.patch
Patch103: %{name}-1.3.3-strip.patch
#
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: pkg-config
BuildRequires: krb5-devel libacl-devel libattr-devel mysql-devel
BuildRequires: openldap2-devel openssl-devel pam-devel postgresql-devel
BuildRequires: sqlite3-devel unixODBC-devel
BuildRequires: tcpd-devel ncurses-devel
Requires: logrotate
%description
ProFTPD is a highly configurable FTP daemon for Unix and Unix-like
operating systems. See the README.ports file for more details about
the platforms on which ProFTPD in known or thought to build and run.
Authors:
Jesse Sipprell <jss@inflicted.net>
Original proftpd author and former project co-maintainer
Habeeb J. Dihu <macgyver@tos.net>
Original mod_pam author and former project co-maintainer
Mark Lowes <hamster@vom.org.uk>
Head documentation hacker and webmaster
TJ Saunders <tj@castaglia.org>
ProFTPD developer, current maintainer
John Morrissey <jwm@horde.net>
ProFTPD developer
Charles Seeger <seeger@cise.ufl.edu>
ProFTPD developer
Daniel Roesen <droesen@entire-systems.com>
RPM packaging maintainer
Andrew Houghton <aah@acm.org>
SQL support maintainer
%package ldap
Summary: LDAP Module for ProFTPD
Group: Productivity/Networking/Ftp/Servers
Requires: %{name} = %{version}
%description ldap
This is the LDAP Module for ProFTPD
%package mysql
Summary: MySQL Module for ProFTPD
Group: Productivity/Networking/Ftp/Servers
Requires: %{name} = %{version}
%description mysql
This is the MySQL Module for ProFTPD
%package pgsql
Summary: PostgreSQL Module for ProFTPD
Group: Productivity/Networking/Ftp/Servers
Requires: %{name} = %{version}
%description pgsql
This is the PostgreSQL Module for ProFTPD
%package radius
Summary: Radius Module for ProFTPD
Group: Productivity/Networking/Ftp/Servers
Requires: %{name} = %{version}
%description radius
This is the Radius Module for ProFTPD
%package sqlite
Summary: SQLite Module for ProFTPD
Group: Productivity/Networking/Ftp/Servers
Requires: %{name} = %{version}
%description sqlite
This is the SQLite Module for ProFTPD
%package devel
Summary: Development files for ProFTPD
Group: Development/Libraries/C and C++
Requires: %{name} = %{version}
%description devel
This package contains Development files for ProFTPD
%package doc
Summary: Documentation for ProFTPD
Group: Documentation/HTML
Requires: %{name} = %{version}
%description doc
Here are Documentation for ProFTPD
%prep
%setup -q
%{__rm} README.AIX
%patch100 -p1
%patch101 -p1
%patch102 -p1
%patch103 -p1
%build
PROFTPD_SHARED_MODS="$(for spec_mod in mod_load $(find contrib -name mod_\*.c); do echo "$(basename ${spec_mod%%.c})"; done | tr '\n' ':' | sed -e 's|:$||')"
export CFLAGS="$RPM_OPT_FLAGS -DLDAP_DEPRECATED"
export CXXFLAGS="$CFLAGS"
%configure \
--bindir=%{_sbindir} \
--libexecdir=%{_libdir}/%{name} \
--sysconfdir=%{_sysconfdir}/%{name} \
--localstatedir=%{_localstatedir}/run/%{name} \
--enable-sendfile \
--enable-ipv6 \
--enable-ctrls \
--enable-facl \
--enable-dso \
--with-includes="%{_includedir}/mysql:%{_includedir}/pgsql" \
--with-shared="${PROFTPD_SHARED_MODS}"
%{__make} %{?_smp_mflags}
%install
%makeinstall INSTALL_USER=`id -un` INSTALL_GROUP=`id -gn`
%{__install} -D -m 0644 contrib/dist/rpm/ftp.pamd $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/%{name}
%{__install} -D -m 0644 contrib/dist/rpm/xinetd $RPM_BUILD_ROOT%{_sysconfdir}/xinetd.d/%{name}
%{__install} -D -m 0644 contrib/dist/rpm/%{name}.logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/%{name}
%{__install} -D -m 0755 %{S:1} $RPM_BUILD_ROOT%{_sysconfdir}/init.d/%{name}
%{__ln_s} -f %{_sysconfdir}/init.d/%{name} $RPM_BUILD_ROOT%{_sbindir}/rc%{name}
#
%{__rm} -fv $RPM_BUILD_ROOT%{_libdir}/%{name}/*.{a,la}
# install ftpasswd
%{__install} -D -m 0755 contrib/ftpasswd $RPM_BUILD_ROOT%{_sbindir}/
# some needed dirs
%{__install} -d $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/{conf.d,auth}
%{__install} -m 0644 %{S:2} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/auth/passwd
%{__install} -d -m 0750 $RPM_BUILD_ROOT/var/log/%{name}
%pre
# on `rpm -ivh` PARAM is 1
# on `rpm -Uvh` PARAM is 2
#if [ "$1" = "1" ]; then
%preun
# on `rpm -e` PARAM is 0
%stop_on_removal proftpd
%post
# on `rpm -ivh` PARAM is 1
# on `rpm -Uvh` PARAM is 2
if [ "$1" = "1" ]; then
#%{__sed} -i "s,\(.*disable.*=\ \)no,\1yes," %{_sysconfdir}/xinetd.d/%{name}
%{__sed} -i -e "s/@HOST@/$(hostname -s)/" %{_sysconfdir}/%{name}/%{name}.conf
fi
%{fillup_and_insserv -f proftpd}
%postun
# on `rpm -e` PARAM is 0
if [ "$1" = "0" ]; then
%{insserv_cleanup}
fi
%restart_on_update proftpd
%clean
%{__rm} -rf %{buildroot}
%files
%defattr(-,root,root,-)
%doc COPYING CREDITS ChangeLog INSTALL NEWS README* RELEASE_NOTES
%doc contrib/README.*
#%doc contrib/xferstats.holger-preiss*
#%doc contrib/ftpasswd contrib/ftpquota
%doc sample-configurations/*.conf
%dir %attr(0755,root,root) %{_sysconfdir}/%{name}/
%dir %attr(0750,ftp,ftp) %{_sysconfdir}/%{name}/auth/
%config(noreplace) %attr(0644,root,ftp) %{_sysconfdir}/%{name}/auth/passwd
%dir %attr(0755,root,root) %{_sysconfdir}/%{name}/conf.d
%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/%{name}/%{name}.conf
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%config(noreplace) %{_sysconfdir}/pam.d/%{name}
%config(noreplace) %{_sysconfdir}/xinetd.d/%{name}
%config(noreplace) %{_sysconfdir}/%{name}/blacklist.dat
%config(noreplace) %{_sysconfdir}/%{name}/dhparams.pem
%{_sysconfdir}/init.d/%{name}
%dir %attr(0750,ftp,ftp) %{_localstatedir}/log/%{name}
%ghost %{_localstatedir}/run/%{name}
%{_sbindir}/*
%{_mandir}/man?/*
%dir %attr(0755,root,root) %{_libdir}/%{name}/
%{_libdir}/%{name}/*.so
%exclude %{_libdir}/%{name}/mod_ldap.so
%exclude %{_libdir}/%{name}/mod_sql_mysql.so
%exclude %{_libdir}/%{name}/mod_sql_postgres.so
%exclude %{_libdir}/%{name}/mod_radius.so
%exclude %{_libdir}/%{name}/mod_sql_sqlite.so
%files ldap
%defattr(-,root,root,-)
%{_libdir}/%{name}/mod_ldap.so
%files mysql
%defattr(-,root,root,-)
%{_libdir}/%{name}/mod_sql_mysql.so
%files pgsql
%defattr(-,root,root,-)
%{_libdir}/%{name}/mod_sql_postgres.so
%files radius
%defattr(-,root,root,-)
%{_libdir}/%{name}/mod_radius.so
%files sqlite
%defattr(-,root,root,-)
%{_libdir}/%{name}/mod_sql_sqlite.so
%files devel
%defattr(-,root,root,-)
%{_includedir}/%{name}
%{_libdir}/pkgconfig/%{name}.pc
%files doc
%defattr(-,root,root,-)
%doc doc/*.html doc/contrib doc/howto doc/modules
%changelog