pool/pure-ftpd
SHA256
6
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/network/pure-ftpd?expand=0&rev=78

Browse Source
This commit is contained in:
Dirk Mueller 2021-05-01 18:28:48 +00:00 committed by Git OBS Bridge
commit 2a9ee9cdd7
18 changed files with 1994 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

116
pure-ftpd-1.0.20_config.patch Normal file
View File

@ -0,0 +1,116 @@
Index: pure-ftpd.conf.in
===================================================================
--- pure-ftpd.conf.in.orig
+++ pure-ftpd.conf.in
@@ -37,19 +37,20 @@ BrokenClientsCompatibility no
# Maximum number of simultaneous users
-MaxClientsNumber 50
+MaxClientsNumber 10
-# Run as a background process
+# Run as a background process, do not change as systemd needs this to be
+# foreground
-Daemonize yes
+Daemonize no
# Maximum number of simultaneous clients with the same IP address
-MaxClientsPerIP 8
+MaxClientsPerIP 3
@@ -59,6 +60,9 @@ MaxClientsPerIP 8
VerboseLog no
+# Allow dot-files
+AllowDotFiles yes
+
# List dot-files even when the client doesn't send "-a".
@@ -68,7 +72,7 @@ DisplayDotFiles yes
# Disallow authenticated users - Act only as a public FTP server.
-AnonymousOnly no
+AnonymousOnly yes
@@ -106,23 +110,23 @@ MaxIdleTime 15
# LDAP configuration file (see README.LDAP)
-# LDAPConfigFile /etc/pureftpd-ldap.conf
+# LDAPConfigFile /etc/pure-ftpd/pureftpd-ldap.conf
# MySQL configuration file (see README.MySQL)
-# MySQLConfigFile /etc/pureftpd-mysql.conf
+# MySQLConfigFile /etc/pure-ftpd/pureftpd-mysql.conf
# PostgreSQL configuration file (see README.PGSQL)
-# PGSQLConfigFile /etc/pureftpd-pgsql.conf
+# PGSQLConfigFile /etc/pure-ftpd/pureftpd-pgsql.conf
# PureDB user database (see README.Virtual-Users)
-# PureDB /etc/pureftpd.pdb
+# PureDB /etc/pure-ftpd/pureftpd.pdb
# Path to pure-authd socket (see README.Authentication-Modules)
@@ -133,7 +137,7 @@ MaxIdleTime 15
# If you want to enable PAM authentication, uncomment the following line
-# PAMAuthentication yes
+PAMAuthentication yes
@@ -176,7 +180,7 @@ MaxLoad 4
# Port range for passive connections - keep it as broad as possible.
-# PassivePortRange 30000 50000
+PassivePortRange 30000 30100
Index: pureftpd-mysql.conf
===================================================================
--- pureftpd-mysql.conf.orig
+++ pureftpd-mysql.conf
@@ -23,13 +23,13 @@ MYSQLSocket /var/run/mysqld/mysqld.s
# Mandatory : user to bind the server as.
-
-MYSQLUser root
+# using the Database root user is always a bad idea.
+MYSQLUser ftpd
# Mandatory : user password. You must have a password.
-
-MYSQLPassword rootpw
+# using the Database root user is always a bad idea.
+MYSQLPassword ftpdpassword
# Mandatory : database to open.

31
pure-ftpd-1.0.20_doc.patch Normal file
View File

@ -0,0 +1,31 @@
only in patch2:
unchanged:
================================================================================
Index: README.Configuration-File
===================================================================
--- README.Configuration-File.orig
+++ README.Configuration-File
@@ -8,12 +8,12 @@ For example, the '-H' switch is recommen
To enable this feature, just add it right after the executable name:
- /usr/local/sbin/pure-ftpd -H
+ /usr/sbin/pure-ftpd -H
Long options are also supported. This is equivalent to the previous
command:
- /usr/local/sbin/pure-ftpd --dontresolve
+ /usr/sbin/pure-ftpd --dontresolve
As an alternative to command-line switches, Pure-FTPd can use a
configuration file. The set of supported features is the same no
@@ -25,7 +25,7 @@ the package installation prefix.
Tweak it according to your needs, and start the server using that file:
- /usr/local/sbin/pure-ftpd /etc/pure-ftpd.conf
+ /usr/sbin/pure-ftpd /etc/pure-ftpd.conf
Note the absence of switches. In order to avoid confusion, either a
configuration file or a set of command-line switches can be used.

13
pure-ftpd-1.0.20_virtualhosts.patch Normal file
View File

@ -0,0 +1,13 @@
Index: src/ftpd.h
===================================================================
--- src/ftpd.h.orig 2012-04-10 13:13:50.081787071 +0200
+++ src/ftpd.h 2012-04-10 13:15:02.434306712 +0200
@@ -411,7 +411,7 @@
#endif
#ifndef VHOST_PATH
-# define VHOST_PATH CONFDIR "/pure-ftpd"
+# define VHOST_PATH CONFDIR "/vhosts"
#endif
#ifdef WITH_TLS

114
pure-ftpd-1.0.32-default_tcp_sedrcv_buffer_size.patch Normal file
View File

@ -0,0 +1,114 @@
Index: configure
===================================================================
--- configure.orig 2012-04-10 13:11:53.944741960 +0200
+++ configure 2012-04-10 13:12:09.310277199 +0200
@@ -12650,107 +12650,12 @@
$as_echo "no" >&6; }
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking default TCP send buffer size" >&5
-$as_echo_n "checking default TCP send buffer size... " >&6; }
-if test "$cross_compiling" = yes; then :
- CONF_TCP_SO_SNDBUF=65536
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-#include <stdio.h>
-#ifdef STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-# include <stdlib.h>
-# endif
-#endif
-#ifdef HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-int main(void)
-{
- int fd,val=0,len=sizeof(int);
- if ((fd = socket(PF_INET, SOCK_STREAM, 0)) < 0) return 1;
- if (getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &val, &len) < 0) return 1;
- if (val <= 0) return 1;
- fprintf (fopen("conftestval", "w"), "%d\n", val);
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_run "$LINENO"; then :
- CONF_TCP_SO_SNDBUF=`cat conftestval`
-else
- CONF_TCP_SO_SNDBUF=65536
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
- conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CONF_TCP_SO_SNDBUF" >&5
-$as_echo "$CONF_TCP_SO_SNDBUF" >&6; }
-
-
cat >>confdefs.h <<_ACEOF
-#define CONF_TCP_SO_SNDBUF $CONF_TCP_SO_SNDBUF
+#define CONF_TCP_SO_SNDBUF 65536
_ACEOF
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking default TCP receive buffer size" >&5
-$as_echo_n "checking default TCP receive buffer size... " >&6; }
-if test "$cross_compiling" = yes; then :
- CONF_TCP_SO_RCVBUF=65536
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-#include <stdio.h>
-#ifdef STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-# include <stdlib.h>
-# endif
-#endif
-#ifdef HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-int main(void)
-{
- int fd,val=0,len=sizeof(int);
- if ((fd = socket(PF_INET, SOCK_STREAM, 0)) < 0) return 1;
- if (getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &val, &len) < 0) return 1;
- if (val <= 0) return 1;
- fprintf (fopen("conftestval", "w"), "%d\n", val);
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_run "$LINENO"; then :
- CONF_TCP_SO_RCVBUF=`cat conftestval`
-else
- CONF_TCP_SO_RCVBUF=65536
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
- conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CONF_TCP_SO_RCVBUF" >&5
-$as_echo "$CONF_TCP_SO_RCVBUF" >&6; }
-
-
cat >>confdefs.h <<_ACEOF
-#define CONF_TCP_SO_RCVBUF $CONF_TCP_SO_RCVBUF
+#define CONF_TCP_SO_RCVBUF 65536
_ACEOF

14
pure-ftpd-1.0.36-cap-audit-control.patch Normal file
View File

@ -0,0 +1,14 @@
Index: pure-ftpd-1.0.36/src/caps_p.h
===================================================================
--- pure-ftpd-1.0.36.orig/src/caps_p.h
+++ pure-ftpd-1.0.36/src/caps_p.h
@@ -7,7 +7,8 @@
# endif
cap_value_t cap_keep_startup[] = {
-# if defined(USE_PAM) && defined(CAP_AUDIT_WRITE)
+# if defined(USE_PAM) && defined(CAP_AUDIT_CONTROL) && defined(CAP_AUDIT_WRITE)
+ CAP_AUDIT_CONTROL,
CAP_AUDIT_WRITE,
# endif
CAP_SETGID,

3
pure-ftpd-1.0.49.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:8a727dfef810f275fba3eb6099760d4f8a0bdeae2c1197d0d5bfeb8c1b2f61b6
size 487958

4
pure-ftpd-1.0.49.tar.bz2.minisig Normal file
View File

@ -0,0 +1,4 @@
untrusted comment: signature from minisign secret key
RWQf6LRCGA9i53jbtkymhF4h2cC4NwgcDPxMLwbbhQpd+MxuhP9fq63KtlLE99n1OoP2l4pdNwopuh/B6dXVy5+kPRwsx5AyxA8=
trusted comment: timestamp:1554289403 file:pure-ftpd-1.0.49.tar.bz2
3H/r3tHgNMKLhBn9DRGOJ/vUDhe1ZF33iAfMnNI/D28ApGcmalgyac/TtBiYP+R1h+8prBTo1QIpp4acRr0VDA==

20
pure-ftpd-1.0.49_ftpwho_path.patch Normal file
View File

@ -0,0 +1,20 @@
--- src/ftpwho-update.h 2019-03-25 16:48:42.000000000 +0100
+++ src/ftpwho-update.h 2020-04-27 16:07:03.449049599 +0200
@@ -26,6 +26,9 @@
volatile off_t download_total_size;
volatile off_t download_current_size;
char account[MAX_USER_LENGTH + 1U];
+#ifdef PATH_MAX
+ char filename[PATH_MAX];
+#else
#if defined(__OpenBSD__)
char filename[1024];
#else
@@ -39,6 +42,7 @@
char filename[1024];
# endif
#endif
+#endif
} FTPWhoEntry;
int ftpwho_initwho(void);

61
pure-ftpd-apparmor.patch Normal file
View File

@ -0,0 +1,61 @@
Index: pure-ftpd-1.0.20-sles/AppArmor/README.AppArmor
===================================================================
--- /dev/null
+++ pure-ftpd-1.0.20-sles/AppArmor/README.AppArmor
@@ -0,0 +1,13 @@
+
+---------------------- Using the AppArmor profile ----------------------
+
+Make sure that AppArmor is installed and enabled.
+
+To utilize the security provided by AppArmor, ensure that the supplied
+AppArmor profile (the file 'usr.sbin.pure-ftpd') for Pure-FTPd is present in
+the '/etc/apparmor.d/' directory. If it is not present, copy it from
+the '/usr/share/doc/packages/pure-ftpd/' directory.
+
+This profile takes care of most of the typical use cases. You can use
+YaST->Novell AppArmor to fine-tune the profile for your specific needs.
+
Index: pure-ftpd-1.0.20-sles/AppArmor/usr.sbin.pure-ftpd
===================================================================
--- /dev/null
+++ pure-ftpd-1.0.20-sles/AppArmor/usr.sbin.pure-ftpd
@@ -0,0 +1,38 @@
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2006 Novell, Inc.
+#
+# ------------------------------------------------------------------
+
+#include <tunables/global>
+
+/usr/sbin/pure-ftpd {
+ #include <abstractions/base>
+ #include <abstractions/nameservice>
+ #include <abstractions/authentication>
+ #include <abstractions/user-tmp>
+
+ capability net_bind_service,
+ capability setgid,
+ capability setuid,
+ capability sys_chroot,
+
+ / r,
+ /etc/ftpusers r,
+ /etc/pure-ftpd/* r,
+ /etc/shells r,
+ /etc/ssl/private/pure-ftpd.pem r,
+ /proc/*/loginuid w,
+ /proc/loadavg r,
+ /proc/net/tcp* r,
+ /usr/sbin/pure-ftpd mr,
+
+ /var/run/pure-ftpd rw,
+ /var/run/pure-ftpd.pid w,
+ /var/run/pure-ftpd/client-* rw,
+
+ @{HOMEDIRS}* r,
+ @{HOME}/** rwl,
+ @{HOME}/.k5login r,
+}

181
pure-ftpd-malloc-limit.patch Normal file
View File

@ -0,0 +1,181 @@
diff -Nur pure-ftpd-1.0.49.orig/man/pure-ftpd.8.in pure-ftpd-1.0.49/man/pure-ftpd.8.in
--- pure-ftpd-1.0.49.orig/man/pure-ftpd.8.in 2019-03-25 16:48:42.000000000 +0100
+++ pure-ftpd-1.0.49/man/pure-ftpd.8.in 2020-04-27 16:36:01.574470331 +0200
@@ -9,7 +9,7 @@
pure\-ftpd \- simple File Transfer Protocol server
.SH "SYNOPSIS"
-.B pure\-ftpd [\-0] [\-1] [\-2 cert_file[,key_file]] [\-3 certd_socket] [\-4] [\-6] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-J ciphers] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v bonjour name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z]
+.B pure\-ftpd [\-0] [\-1] [\-2 cert_file[,key_file]] [\-3 certd_socket] [\-4] [\-6] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-J ciphers] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth:[:maxmemory]] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v bonjour name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z]
.br
Alternative style:
@@ -337,11 +337,12 @@
.I README.MySQL
files for info about the built\-in LDAP and SQL directory support.
.TP
-.B \-L max files:max depth
+.B \-L max files:max depth[:max memory limit]
Avoid denial\-of\-service attacks by limiting the number of displayed files
-in a 'ls' and the maximum depth of a recursive 'ls'. Defaults are 2000:5
-(2000 files displayed for a single 'ls' and walk through 5 subdirectories
-max).
+in a 'ls', the maximum depth of a recursive 'ls' and optional memory limit
+for globbing in kilobytes. Defaults are 2000:5:512 (2000 files displayed
+for a single 'ls', walk through 5 subdirectories max and limit allocated
+memory for evaluation wildcard characters by 'ls' to 524288 bytes).
.TP
.B \-m load
Do not allow anonymous users to download files if the load is above
diff -Nur pure-ftpd-1.0.49.orig/src/bsd-glob.c pure-ftpd-1.0.49/src/bsd-glob.c
--- pure-ftpd-1.0.49.orig/src/bsd-glob.c 2019-04-02 16:00:39.000000000 +0200
+++ pure-ftpd-1.0.49/src/bsd-glob.c 2020-04-27 16:33:21.997238426 +0200
@@ -107,9 +107,6 @@
#define M_SET META('[')
#define ismeta(c) (((c)&M_QUOTE) != 0)
-#ifndef GLOB_LIMIT_MALLOC
-# define GLOB_LIMIT_MALLOC 65536
-#endif
#ifndef GLOB_MAX_STARS
# define GLOB_MAX_STARS 3
#endif
@@ -160,7 +157,7 @@
static int
glob_(const char *pattern, int flags, int (*errfunc)(const char *, int),
- glob_t *pglob, unsigned long maxfiles, int maxdepth)
+ glob_t *pglob, unsigned long maxfiles, int maxdepth, unsigned long maxmemory)
{
const unsigned char *patnext;
int c;
@@ -172,6 +169,7 @@
}
pglob->gl_maxdepth = maxdepth;
pglob->gl_maxfiles = maxfiles;
+ pglob->gl_maxmemory = maxmemory;
patnext = (unsigned char *) pattern;
if (!(flags & GLOB_APPEND)) {
pglob->gl_pathc = 0;
@@ -226,15 +224,15 @@
glob(const char *pattern, int flags, int (*errfunc) (const char *, int),
glob_t * pglob)
{
- return glob_(pattern, flags, errfunc, pglob, (unsigned long) -1, 0);
+ return glob_(pattern, flags, errfunc, pglob, (unsigned long) -1, 0, GLOB_LIMIT_MALLOC);
}
int
sglob(char *pattern, int flags, int (*errfunc) (const char *, int),
- glob_t * pglob, unsigned long maxfiles, int maxdepth)
+ glob_t * pglob, unsigned long maxfiles, int maxdepth, unsigned long maxmemory)
{
simplify(pattern);
- return glob_(pattern, flags, errfunc, pglob, maxfiles, maxdepth);
+ return glob_(pattern, flags, errfunc, pglob, maxfiles, maxdepth, maxmemory);
}
/*
@@ -766,7 +764,7 @@
statv[pglob->gl_offs + pglob->gl_pathc] = NULL;
} else {
limitp->glim_malloc += sizeof(**statv);
- if (limitp->glim_malloc >= GLOB_LIMIT_MALLOC) {
+ if (limitp->glim_malloc >= pglob->gl_maxmemory) {
errno = 0;
return GLOB_NOSPACE;
}
@@ -793,7 +791,7 @@
}
pathv[pglob->gl_offs + pglob->gl_pathc] = NULL;
- if ((newn * sizeof(*pathv)) + limitp->glim_malloc > GLOB_LIMIT_MALLOC) {
+ if ((newn * sizeof(*pathv)) + limitp->glim_malloc > pglob->gl_maxmemory) {
errno = 0;
return GLOB_NOSPACE;
}
diff -Nur pure-ftpd-1.0.49.orig/src/bsd-glob.h pure-ftpd-1.0.49/src/bsd-glob.h
--- pure-ftpd-1.0.49.orig/src/bsd-glob.h 2018-09-19 23:53:05.000000000 +0200
+++ pure-ftpd-1.0.49/src/bsd-glob.h 2020-04-27 16:33:22.001238457 +0200
@@ -38,6 +38,7 @@
typedef struct {
unsigned long gl_maxfiles; /* Maximum number of results */
int gl_maxdepth; /* Maximum depth */
+ unsigned long gl_maxmemory; /* Maximum memory allocated */
int gl_pathc; /* Count of total paths so far. */
int gl_matchc; /* Count of paths matching pattern. */
int gl_offs; /* Reserved at beginning of gl_pathv. */
@@ -84,14 +85,14 @@
#ifdef DISABLE_GLOBBING
# define glob(A, B, C, D) (GLOB_NOSYS)
-# define sglob(A, B, C, D, E, F) (GLOB_NOSYS)
+# define sglob(A, B, C, D, E, F, G) (GLOB_NOSYS)
# define globfree(A) (void) 0
#else
# ifndef USELESS_FOR_PUREFTPD
int glob(const char *, int, int (*)(const char *, int), glob_t *);
# endif
int sglob(char *, int, int (*)(const char *, int),
- glob_t *, unsigned long, int);
+ glob_t *, unsigned long, int, unsigned long);
void globfree(glob_t *);
#endif
diff -Nur pure-ftpd-1.0.49.orig/src/ftpd.c pure-ftpd-1.0.49/src/ftpd.c
--- pure-ftpd-1.0.49.orig/src/ftpd.c 2019-04-02 16:00:40.000000000 +0200
+++ pure-ftpd-1.0.49/src/ftpd.c 2020-04-27 16:33:22.001238457 +0200
@@ -5923,11 +5923,14 @@
}
case 'L': {
int ret;
+ unsigned int tmp_glob_memory;
- ret = sscanf(optarg, "%u:%u", &max_ls_files, &max_ls_depth);
- if (ret != 2 ||
- max_ls_files < 1U || max_ls_depth < 1U) {
+ ret = sscanf(optarg, "%u:%u:%u", &max_ls_files, &max_ls_depth, &tmp_glob_memory);
+ if (ret < 2 || ret > 3 ||
+ max_ls_files < 1U || max_ls_depth < 1U || tmp_glob_memory < 1U) {
die(421, LOG_ERR, MSG_CONF_ERR ": " MSG_ILLEGAL_LS_LIMITS ": %s" , optarg);
+ } else if (ret == 3) {
+ max_glob_memory = tmp_glob_memory * 1024;
}
break;
}
diff -Nur pure-ftpd-1.0.49.orig/src/ftpd.h pure-ftpd-1.0.49/src/ftpd.h
--- pure-ftpd-1.0.49.orig/src/ftpd.h 2019-03-25 16:48:42.000000000 +0100
+++ pure-ftpd-1.0.49/src/ftpd.h 2020-04-27 16:33:22.001238457 +0200
@@ -541,6 +541,9 @@
#ifndef DEFAULT_MAX_LS_DEPTH
# define DEFAULT_MAX_LS_DEPTH 5U
#endif
+#ifndef GLOB_LIMIT_MALLOC
+# define GLOB_LIMIT_MALLOC 524288U /* Memory limit for globbing */
+#endif
#ifndef GLOB_TIMEOUT
# define GLOB_TIMEOUT 17 /* Max user time for a 'ls' to complete */
#endif
diff -Nur pure-ftpd-1.0.49.orig/src/globals.h pure-ftpd-1.0.49/src/globals.h
--- pure-ftpd-1.0.49.orig/src/globals.h 2019-03-25 17:58:02.000000000 +0100
+++ pure-ftpd-1.0.49/src/globals.h 2020-04-27 16:33:22.001238457 +0200
@@ -77,6 +77,7 @@
GLOBAL0(int allow_anon_mkdir);
GLOBAL(unsigned int max_ls_files, DEFAULT_MAX_LS_FILES);
GLOBAL(unsigned int max_ls_depth, DEFAULT_MAX_LS_DEPTH);
+GLOBAL(unsigned int max_glob_memory, GLOB_LIMIT_MALLOC);
GLOBAL0(char *fortunes_file);
GLOBAL0(char host[NI_MAXHOST]);
GLOBAL0(int replycode);
diff -Nur pure-ftpd-1.0.49.orig/src/ls.c pure-ftpd-1.0.49/src/ls.c
--- pure-ftpd-1.0.49.orig/src/ls.c 2019-04-02 16:00:40.000000000 +0200
+++ pure-ftpd-1.0.49/src/ls.c 2020-04-27 16:33:22.001238457 +0200
@@ -857,7 +857,7 @@
memset(&g, 0, sizeof g);
a = sglob(arg,
opt_a ? (GLOB_PERIOD | GLOB_LIMIT) : GLOB_LIMIT,
- NULL, &g, max_ls_files + 2, max_ls_depth * 2);
+ NULL, &g, max_ls_files + 2, max_ls_depth * 2, max_glob_memory);
alarm(0);
if (a == 0) {
char **path;

909
pure-ftpd.changes Normal file
View File

@ -0,0 +1,909 @@
-------------------------------------------------------------------
Wed May 6 08:51:02 UTC 2020 - Peter Simons <psimons@suse.com>
- Update to version 1.0.49.
* Refresh pure-ftpd-1.0.20_ftpwho_path.patch to
pure-ftpd-1.0.49_ftpwho_path.patch.
-------------------------------------------------------------------
Tue Mar 17 01:03:27 UTC 2020 - Max Lin <mlin@suse.com>
- BuildRequires postgresql-server-devel on Leap version >= 15.2
-------------------------------------------------------------------
Thu Dec 5 14:01:48 UTC 2019 - Josef Möllers <josef.moellers@suse.com>
- Add pam_keyinit.so to PAM config file.
[pure-ftpd.pamd, bsc#1144058]
-------------------------------------------------------------------
Fri Jul 26 12:11:28 UTC 2019 - matthias.gerstner@suse.com
- removal of version checks for outdated distributions
-------------------------------------------------------------------
Thu Jul 25 13:14:55 UTC 2019 - matthias.gerstner@suse.com
- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by
firewalld, see [1].
[1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html
-------------------------------------------------------------------
Tue Jun 18 15:04:39 UTC 2019 - Peter Simons <psimons@suse.com>
- Add missing run-time dependency on system-user-ftp to ensure that
user exits. [boo#1136997]
- Processed the spec file with spec-cleaner version 1.1.3.
-------------------------------------------------------------------
Tue Apr 9 06:52:55 UTC 2019 - Christophe Giboudeaux <christophe@krop.fr>
- Add the missing build dependency for Tumbleweed.
-------------------------------------------------------------------
Fri Mar 1 17:09:05 UTC 2019 - psimons@suse.com
- Apply "pure-ftpd-malloc-limit.patch" to add a configuration
option that sets the process memory limit used by "ls" for
globbing. The value can be specified as optional third argument
to "-L" (or LimitRecursion in config file). Because it's
optional, the old configuration files will still work without
change with new binaries and update will be smooth. This change
allows sites that store an extremely large set of files inside a
single directory to tune their installation so that the "ls"
command in that directory will succeed without exceeding the ftpd
process memory limit. [bsc#1119187]
-------------------------------------------------------------------
Sun Feb 18 05:45:16 UTC 2018 - avindra@opensuse.org
- Version update to 1.0.47:
* If TLS was only enabled on the control channel (-Y 1), the STAT
command would send its output as other directory listing
commands, breaking the TLS stream. This has been fixed.
* The system user “_ftp” can be used as an alternative to “ftp”
for anonymous sessions.
* Compatibility with libsodium > 1.0.12 was added (including
minimal mode).
* The prefix for Argon2-hashed passwords in LDAP has been changed
to “{argon2}” (from “{argon2i}”). Ditto for MySQL and
PostgreSQL: the authentication method is now called “argon2”
instead of “argon2i”, and includes both Argon2i and Argon2id.
- use https for main site and source download
- switch to bz2 tarball (smaller)
-------------------------------------------------------------------
Thu Jun 15 08:40:15 UTC 2017 - tchvatal@suse.com
- Version update to 1.0.46:
* Fix build with openssl-1.1
* The Perl and Python wrappers are gone
* TLS v1.0 sessions are now refused
* Unmaintained contributions have been removed
* File globbing could take up to `GLOB_TIMEOUT` seconds
(17 seconds by default) when matching some patterns, no matter what the
configured recursion level was.
- Refresh patches:
* pure-ftpd-1.0.20_config.patch
* pure-ftpd-1.0.20_doc.patch
- Drop patch pure-ftpd-1.0.32-portrange.patch
* The upstream no longer provide pure-config.pl/py scripts for launching
* This also means the initscript and service were tweaked to reflect this
- Disable xinetd on systemd having versions where we can stick to socket
based services instead
* By default it does not make sense to have this service socket activated
tho so leave it to user to provide this
-------------------------------------------------------------------
Wed Jun 14 11:32:59 UTC 2017 - psimons@suse.com
- Fix broken pure-ftpd.init script. We cannot use startproc to run
/usr/sbin/pure-config.pl, because the utility assumes that the
name of that executable matches the name of the started process,
which it does not in our case. Furthermore, the start script will
write a status message to stdout, so we don't have to do it in
the init script. [bsc#1042690]
-------------------------------------------------------------------
Sat May 27 12:12:01 UTC 2017 - psimons@suse.com
- Fix build on SUSE:SLE-11, which doesn't define the RPM variable
%{_initddir}, so we have to use %{_sysconfdir}/init.d instead.
-------------------------------------------------------------------
Fri May 19 13:32:57 UTC 2017 - psimons@suse.com
- pure-ftpd-apparmor.patch: Add an AppArmor profile (based on the
one from SLE11).
- The Factory version of pure-ftp will replace the older package in
SLE-11 as per fate#321125. That update brings the following
changes:
* These patches have been updated and renamed in the process:
* pure-ftpd-1.0.22-default_tcp_sedrcv_buffer_size.patch is now
in pure-ftpd-1.0.32-default_tcp_sedrcv_buffer_size.patch.
* pure-ftpd-1.0.21-portrange.patch is now in
pure-ftpd-1.0.32-portrange.patch.
* pure-ftpd-1.0.32-cap-audit-write.patch is now in
pure-ftpd-1.0.36-cap-audit-control.patch.
* These patches are obsolete now and have been removed:
* 0001-Act-like-a-server-even-in-TLS-mode-when-in-active-mo.patch
* 0002-Init-a-TLS-data-session-after-having-sent-the-go-ahe.patch
* 0003-add-opt_a-to-donlist.patch
* 0004-support-stat-over-tls.patch
* 0005-speedup-TLS-listing.patch
* pure-ftpd-1.0.20_config_minuid.patch
* pure-ftpd-1.0.22-fix-listing-if-directory-has-white-space-in-it.patch
* pure-ftpd-1.0.22-flush-cmd-after-tls.patch
* pure-ftpd-1.0.22-oes-bugfix-1.patch
* pure-ftpd-1.0.22-oes-bugfix-2.patch
* pure-ftpd-1.0.22-oes-bugfix.patch
* pure-ftpd-1.0.22-oes-disable-ascii.patch
* pure-ftpd-1.0.22-oes_remote_server.patch
* pure-ftpd-1.0.22-wait-on-tls-handshake.patch
* pure-ftpd-allow-crypto-settings.patch
* pure-ftpd-remove-gpl-code.patch
-------------------------------------------------------------------
Fri Aug 5 11:32:12 UTC 2016 - tchvatal@suse.com
- Kill omc xml file useless nowdays
- Version update to 1.0.43:
* -J switch has been fixed
* openBSD compat changes
* Passwords are now hashed using Argon2i, default for puredb accounts now
-------------------------------------------------------------------
Tue May 10 21:36:36 UTC 2016 - wr@rosenauer.org
- fix systemd unit file so the service actually starts (boo#872430)
-------------------------------------------------------------------
Thu Apr 14 12:41:54 UTC 2016 - tchvatal@suse.com
- Add -fvisibility=hidden for bnc#971980
-------------------------------------------------------------------
Sat Jan 16 13:41:42 UTC 2016 - mpluskal@suse.com
- Add gpg signature
-------------------------------------------------------------------
Fri Jan 8 10:58:04 UTC 2016 - tchvatal@suse.com
- Version update to 1.0.42:
- Compilation fix for OpenBSD and Bitrig when Pure-FTPd is not
compiled with libsodium.
- The connection is now dropped if HTTP commands are received.
- LDAP force_default_gid and force_default_uid now work as documented.
- The ONLY_ACCEPT_REUSED_SSL_SESSIONS switch (introduced in Pure-FTPd
1.0.22 circa 2009, but disabled back then due to client compatibility
concerns) is now on by default, except in broken clients compatibility mode.
- libmariadb is looked for in addition to libmysqlclient
- MySQL: my_make_scrambled_password() is not always an exported
symbol any more, so pure-ftpd now ships a reimplementation.
- openssl/ec.h is not available on some Linux distributions that
disable EC in OpenSSL. This is being tested by autoconf.
- New command-line switch: -2/--certfile= to set the path to the
certificate file when using TLS.
- Support for TCP_FASTOPEN added on Linux
- The LDAP configuration file didn't allow a default gid without also
defining a default uid. This is no longer the case.
- OpenBSD's glob() left the glob_t structure uninitialized if the
pattern was larger than PATH_MAX, causing globfree() to free() an
unwanted pointer. The bug was introduced in Pure-FTPd 1.0.34.
- Refresh patch:
* pure-ftpd-1.0.20_config.patch
-------------------------------------------------------------------
Fri Jun 5 08:38:25 UTC 2015 - tchvatal@suse.com
- Reenable sle11 builds I need for testing.
-------------------------------------------------------------------
Fri Jun 5 07:51:32 UTC 2015 - tchvatal@suse.com
- Remove gpg/keyring, not provided now by upstream
- Cleanup with spec-cleaner
- Update to latest upstream 1.0.39:
* Explicitly include openssl/ec.h for OpenSSL 0.9.8 (CentOS 5)
* Retry if SSL_shutdown() returns -1 and SSL_ERROR_WANT_(READ|WRITE)
* The default cipher suite is now
ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SH
* TLS forward secrecy support was added. DH parameters are loaded from
TLS_DHPARAMS_FILE, if present. ECDH is also supported - Default curve
is prime256v1 (TLS_DEFAULT_ECDH_CURVE). The best curve is automatically
selected when using LibreSSL.
* scrypt hashed passwords can be used in the MySQL, PostgreSQL and
LDAP backends.
* The -C: prefix can be added to the cipher suite in order to make valid
client certificates mandatory. This is no longer a compile-time option.
* The Clear Command Channel (CCC) command is now supported.
* pure-config.py is compatible with Python 3.
* SSL (v2, v3) is refused by default.
* The PureDB backend supports the scrypt function in order to hash
passwords. This is the preferred algorithm, but requires the presence
of libsodium.
* DES-hashed passwords are not supported any more.
* LDAP uid and gid values can over overridden in the LDAP configuration file.
* RC4 was killed.
- Refreshed patches:
* pure-ftpd-1.0.20_config.patch
* pure-ftpd-1.0.20_doc.patch
* pure-ftpd-1.0.20_ftpwho_path.patch
-------------------------------------------------------------------
Wed Apr 9 17:04:26 UTC 2014 - crrodriguez@opensuse.org
- Remove all init scripts but keep the rc link working.
-------------------------------------------------------------------
Wed Jan 23 08:43:56 UTC 2013 - mvyskocil@suse.com
- fix bnc#789833: pure-ftpd login failes
* pure-ftpd-1.0.36-cap-audit-control.patch
- remove oes related patches have never used at openSUSE
* pure-ftpd-1.0.20-oes_remote_server.patch
* pure-ftpd-1.0.22-oes-bugfix-534424.patch
- change old PreReq to Requires(pre)
- add version to pureftpd symbol
-------------------------------------------------------------------
Thu Nov 29 19:06:23 CET 2012 - sbrabec@suse.cz
- Verify GPG signature.
-------------------------------------------------------------------
Wed Aug 29 07:14:29 UTC 2012 - mvyskocil@suse.cz
- add gpg signature file for easier verification
-------------------------------------------------------------------
Wed Aug 29 04:33:03 UTC 2012 - crrodriguez@opensuse.org
- systemd: Do not fork in the background
-------------------------------------------------------------------
Fri Apr 20 11:55:23 UTC 2012 - highwaystar.ru@gmail.com
- spec file: fixed pure-ftpd.service file installation
-------------------------------------------------------------------
Tue Apr 10 11:39:50 UTC 2012 - mvyskocil@suse.cz
- update to 1.0.36 :
- Sync built-in glob(3) code with OpenBSD-current, and remove code we
don't use instead of ifdef'ing it.
- Repair checkproc() on Linux when support for capabitilies is
compiled in. Reported by Eric Gouyer.
- Don't read /dev/*random every time we need a value. Just use
arc4random() everywhere and seed it before we possibly chroot().
- Add support for MFMT, with the same code as SITE UTIME.
- Support 2-arguments SITE UTIME.
- LDAP: Add LDAPDefaultHomeDirectory, suggested by Landry Breuil.
- Add SSL_OP_NO_SSLv3 to SSL options if the list of ciphers is
prefixed by -S: , needed by Brad.
- Use more paranoid compiler options whenever possible, and preliminary
uncluttering of the autoconf script.
- Try to cache locale-related data at startup after tzset(), rather
than during a session.
- Fix quota computation after rename() overwrites an existing file.
Reported by Hiramoto Koujo, thanks!
- Improved autoconf detection of -fstack-protector and -fPIE
- If 10 digits are not enough to print the size of a file in an
ls-like output, bump the max number of digits to 18. This adds support for
files up to 1 exabyte.
- Don't display dot files (except . and ..) if dot_read_ok is 0 in
donlist() - but not in sglob() yet. This change is purely cosmetic. There are
many ways to figure out if a file exists.
- document bnc#756306: pure-ftpd umask setting not working properly
* /etc/pure-ftpd/pure-ftpd.conf contains a note about a side-effect of pam_umask
- add native pure-ftpd.service for systemd-powered systems
- use the same way how to start the daemon in sysvinit script and put
$remote_fs dependency
usr/sbin/pure-config.pl /etc/pure-ftpd/pure-ftpd.conf --daemonize
-------------------------------------------------------------------
Wed Jun 22 08:31:38 UTC 2011 - mvyskocil@suse.cz
- fix bnc#700611 - pure-ftpd fails with pam
* pure-ftpd-1.0.32-cap-audit-write.patch
-------------------------------------------------------------------
Fri May 27 22:23:06 UTC 2011 - alexandre@exatati.com.br
- Update to 1.0.32:
- Support SHA1 password hashing in MySQL and PostgreSQL backends
- Support for braces expansion in directory listings has been
disabled - Cf. CVE-2011-0418
- Aditional changes FROM 1.0.31:
- Introduce --tlsciphersuite (-J) to set the list of allowed ciphers,
thanks to Todd Rinaldo.
- The -F switch has been documented in the built-in help.
- Shell-like escaping is now partially handled when emulating the "ls"
command.
- Use my_make_scrambled_password() instead of make_scrambled_password().
Suggested by Arkadiusz Miskiewicz.
- Refresh and fix patch for [bnc#407363]:
- old: patch pure-ftpd-1.0.22-default_tcp_sedrcv_buffer_size.patch
- new: patch pure-ftpd-1.0.32-default_tcp_sedrcv_buffer_size.patch
- Refresh PassivePortRange patch:
- old: pure-ftpd-1.0.21-portrange.patch
- new: pure-ftpd-1.0.32-portrange.patch
-------------------------------------------------------------------
Mon Apr 11 11:56:20 UTC 2011 - mvyskocil@suse.cz
- update to 1.0.30
* pure-quotacheck can now work with a large number of files.
* OPTS UTF-8 is now an alias to OPTS UTF8.
* Fix a STARTTLS flaw similar to Postfixs CVE-2011-0411. If youre using
TLS, upgrading is recommended.
* Provide ANSI-compliant MySQL configuration example.
* Fix some issues with man pages.
-------------------------------------------------------------------
Thu Oct 7 13:29:41 UTC 2010 - mvyskocil@suse.cz
- add pure-ftpd-1.0.22-oes-bugfix-534424.patch for tracking OES patches
- use macro with_oes to determine if OES patches might be applied or not
-------------------------------------------------------------------
Tue Sep 14 18:24:00 UTC 2010 - cristian.rodriguez@opensuse.org
- Use with-rfc2640 [bnc#638626]
-------------------------------------------------------------------
Tue Jul 20 15:32:37 UTC 2010 - cristian.rodriguez@opensuse.org
- add missing buildRequires on libcap-devel
-------------------------------------------------------------------
Tue May 25 13:10:33 UTC 2010 - cristian.rodriguez@opensuse.org
- $remote_fs --> network-remotefs
-------------------------------------------------------------------
Fri May 14 18:34:37 UTC 2010 - alexandre@exatati.com.br
- Added "--with-virtualchroot" option;
- Spec file cleaned with spec-cleaner;
- updated to version 1.0.29:
- max_dlmap_size was size_t instead off_t, causing misalignment while
downloading > 4 Gb files on a 32-bits arch.
- pread() vs lseek()+read() was a useless optimization, since pread()
doesn't change the file position and further reads weren't going through
plain read() calls.
- iconv_fd_* should be initialized by (iconv_t) -1 as we test them upon
exit. Fixes segfaults on glibc.
- pure-uploadscript tries to reach the pipe during 30 seconds instead of 10.
- changes in version 1.0.28:
- FTPD_PAM_SERVICE_NAME can be defined in order to change the PAM service
name.
- When an upload gets renamed (--autorename), send the new name to the
uploadscript instead of the original one.
- The ALLO command now checks for the actual disk space in addition to the
virtal quota.
- Work around OSX broken poll()
- After an atomic resumed upload, don't append the previous file size to the
quota.
- Always accept OPTS UTF8 ON, but refuse OPTS UTF8 OFF if client_charset is
UTF8.
- Fix AUTHD_ENCRYPTED
- Reset the CWD failures counter after a successful directory has been
created. It avoids spurious disconnections with ncftp.
- Support for iPhone has been moved to another branch.
- Fix crash with PostgreSQL.
-------------------------------------------------------------------
Fri Feb 12 15:27:50 UTC 2010 - mseben@novell.com
- updated to version 1.0.27:
- Have pureftpd_shutdown() shut the server down even if a client is
connected on iPhone.
- Allow users with no quota to delete .pureftpd-upload-* files.
- Unbreak ipv6 support, reported by Brad Smith.
- Disable SSLv3 renegotiation if an old SSL library is used. If you really
want to re-enable SSLv3 renegotiation, even with a recent library, you can
always define ACCEPT_SSL_RENEGOTIATION.
- changes in version 1.0.26:
- Fix incompatibilities with Cyberduck when TLS is enabled.
- Don't TLS_accept() immediately after accept(). Reply on the connection
socket first, so that clients don't have to wait before knowing that they
can actually use TLS. It avoids lags with LFTP and hangs with Cyberduck.
- Properly change the process name on Linux when the -S option is used, by
Margus Kaidja.
- Unbreak authentication of non-chrooted users. Thanks to Juergen Daubert
for the bug report.
- changes in version 1.0.25:
- Show symlinks as symlinks in MLSD, except when the broken client
compatibility mode is turned on and links are not dangling (just like the
old LIST and NLIST commands). Reported by Mime Cuvalo.
- More gcc 2 compatibility, thanks to Todd Rinaldo.
- Properly handle custom paths in man pages. Thanks to Scott Haneda and
Mathieu Parisot.
- Have $localstatedir default to /var as it used to be unless
--localstatedir=... is explicitely passed to ./configure
- Use @VERSION@ in man pages.
- --without-pam disables PAM on OSX and iPhone.
- Allow cross-compilation.
- Experimental iPhone target.
- Change the way it links, building a library first.
- Don't use mmap() any more for downloads. It's too slow.
- Don't use hard-coded paths in order to find MySQL and PostgreSQL
libraries and header files. Use mysql_config and pg_config instead.
Suggested by John Alberts.
- Log the DELE command similar to the RETR and STOR commands. Suggested by
Martin Fuxa.
- The primary group gets cached so that it's always displayed in directory
listings.
- Avoid a client process to burn CPU in an infinite loop if the command
channel gets disconnected before the data channel. Reported by Thomas Min
and Margus Kaidja.
- Restore the traditional behavior of a download restarting at the end of a
file. For some weird reasons, some clients still insist on doing that. Don't
send a 55x return code, just let them download... nothing.
- Documentation updates.
- changes in version 1.0.24:
- Refuse empty passwords in LDAP bind mode. Reported by Henning Brauer.
- The package can now be compiled with gcc 2.
- changes in version 1.0.23:
- LDAP: accept "enabled" as a correct value for FTPStatus as it used to be.
- More useful error logging for OpenSSL errors.
- Don't read certificates twice.
- Fix compilation on Solaris with privsep, thanks to Ritesh Patel.
- Don't replace : (as in IPv6 addresses) in host names. Thanks to Tero Pelander.
- Add SUP top AUXILIARY to LDAP schema, suggested by Zhang Huangbin.
- Don't ignore dot files even if -D is not supplied with the MLSD command.
- Deinline code
- Throttling more reliable
- STAT is now working over TLS
- DH keys for ephemeral key exchange are now handled
- Fix libiconv checking
- The column was missing in the PassivePortRange comment (thanks to Igor Alexadrov)
- LDAP authentication through binding is now possible in addition to
passwords. This allows for the FTP server to run with an unprivileged LDAP
account. It also adds a warning if auth method password is used and doesn't find
a userPassword attribute. This usually indicates that the LDAP bind DN
cannot read the attributes, because it doesn't have sufficient privileges.
Contributed by Wilco Baan Hofman.
- Perform charset conversions on directory names. Issue spotted by Xianghu Zhao.
- Almost a complete rewrite of the upload, download and TLS code for more
reliability
- Seemlessly handle ABOR without any SIGURG
- Try to immediately handle any kind of disconnection
- Use poll() rather than select() as much as possible
- Distinguish aborted (even the hard way) and completed download and upload
operations in log files
- Minor corrections to he French messages
- Don't use atomic uploads unless --notruncate or --autorename have been
enabled
- Take care of removing .pureftpd-upload-* files in every possible case
- List up to 10000 files per directory per default instead of 2000
- Don't mess with TCP_NOPUSH, as it interferes with OpenSSL
- New compile-time option: --with-implicittls in order to build a FTPS-only
server
- ./configure --localstatedir can now be used in order to avoid storing the
scoreboard and other dynamic files in /var/run/
- Quota handling reworked (easier, and way more reliable)
- RNTO support even when quota are enabled.
- A bunch of return codes were fixed to be more RFC-conformant.
- ALLO command is now actually checking if an upload can occur without
blowing the quota.
- Don't change the TCP window size. Admins should do this as part of their
system configuration.
- Privsep is now enabled by default. Use --without-privsep to disable.
- --without-banner is gone. If you have a cookie file (-F), the default
banner won't be displayed.
- Compile with PAM by default on OSX.
- Switch the privsep process to _pure-ftpd or pure-ftpd when no privileged
call is actually necessary. Since only the effective uid chances, it's not
brutally useful yet, but it paves the way for forthcoming changes.
- Install man pages with local paths instead of hard-coded ones.
-------------------------------------------------------------------
Tue Jan 12 10:23:12 UTC 2010 - mseben@novell.com
- modified portrange.patch - for PassivePortRange option in pure-ftpd.conf
we could use now also syntax without colon (bnc#547578)
- merged config.patch with config_minuid.patch
-------------------------------------------------------------------
Fri Jun 5 13:38:32 CEST 2009 - coolo@novell.com
- fix build
-------------------------------------------------------------------
Mon May 25 13:52:55 CEST 2009 - hvogel@suse.de
- Update to version 1.0.22
- New catalan translation
- TLS support for LDAP
- Fix usage of MySQL 5 stored procedures
- Compatibility with newer OpenLDAP versions
- Don't hang up during uploads if we get any other command than QUIT and
ABORT.
- SITE UTIME reads UTC time
- A space is needed for inline content in response to the MLST command.
- Time zone issues should be fixed for good. We have to redefine TZ,
tzset() is not enough on Linux when we are in a chroot environment.
- Correctly respond to FEAT without removing extra features when passive
mode is disabled. Thanks to upb.
- Better process name change setup for Linux.
- Auto-created home directories are now created with mode 0777 (and
directory umask is applied), per common request. It's very important to
double check your umask.
- Extend gid / uid to 10 digits in ls output. Extend file size as well.
- Brazilian portuguese translation was updated.
- Fix SecureFX compatibility.
- Use PQescapeStringConn() for PostgreSQL instead of hand-made escaping.
- Don't respond to server that an upload succeeded before the temporary
file has been renamed.
- TLS support on data channels
- Use sendfile() on recent Solaris versions in place of sendfilev().
- Don't use a deprecated interface for Bonjour registration.
- Tell authentication handlers if the connection is encrypted or not,
through a new AUTHD_ENCRYPTED environment variable.
- Create all directories, not only the basement when on-demand directory
creation is enabled and the user's home directory looks like /basement/./user.
- Fixed error reporting when TLS support was compiled in, but TLS wasn't
enabled on the current session
- Log full path on file deletion
- Handle "ftp" and "anonymous" like normal accounts (with passwords) if -E
(no anonymous logins) is specified. Thanks to Arkadiusz Miskiewicz.
- Sleep before answering a password failure, not the other way round
- In broken mode, show symlinks as their real target. It can have side
effects, don't forget that broken mode is... broken mode.
- Respect aliasing rules for sockaddr_storage usage.
- Privsep is enabled by default in the installation GUI.
- --with-everything now includes privsep.
- update: fix compilation with gcc 2.x
-------------------------------------------------------------------
Thu Jan 15 13:00:31 CET 2009 - hvogel@suse.de
- Move PassivePortRange to numparic_switch_for [bnc#465954]
-------------------------------------------------------------------
Mon Sep 15 14:50:54 CEST 2008 - hvogel@suse.de
- limit port range for passv to 30000:30100 to assist firewalling
[bnc#420671]
-------------------------------------------------------------------
Mon Jul 21 16:34:26 CEST 2008 - hvogel@suse.de
- do not use tcp send/receive buffer optimization. Might lead to
strange side effects when allocating too much stack. [bnc#407363]
-------------------------------------------------------------------
Tue Apr 1 16:19:13 CEST 2008 - mkoenig@suse.de
- remove dir /usr/share/omc/svcinfo.d as it is provided now
by filesystem
-------------------------------------------------------------------
Thu Mar 20 15:42:03 CET 2008 - hvogel@suse.de
- Fix ldap schema [bnc:368864]
- add Short-Description to init script
-------------------------------------------------------------------
Tue Mar 27 14:53:53 CEST 2007 - mskibbe@suse.de
- change path to firewall script (#247352)
-------------------------------------------------------------------
Fri Mar 2 08:38:24 CET 2007 - mskibbe@suse.de
- change path to firewall script (#247352)
-------------------------------------------------------------------
Wed Feb 28 08:54:05 CET 2007 - mskibbe@suse.de
- pure-ftpd - Support for FATE #300687: Ports for SuSEfirewall
added via packages (#246931)
-------------------------------------------------------------------
Thu Jan 11 09:55:19 CET 2007 - mskibbe@suse.de
- change path to xml service document (fate #301713)
-------------------------------------------------------------------
Wed Dec 6 12:48:34 CET 2006 - mskibbe@suse.de
- add service xml document (fate #301713 )
-------------------------------------------------------------------
Wed Sep 6 14:36:48 CEST 2006 - mskibbe@suse.de
- fix bug Bug 203798 - Restarting the ftp server using the
"rcpure-ftpd stop/start" doesn't stop/kill the existing
client-server instances
-------------------------------------------------------------------
Mon Sep 4 11:15:57 CEST 2006 - kukuk@suse.de
- Add pam_loginuid.so to session management
-------------------------------------------------------------------
Thu Aug 31 07:59:18 CEST 2006 - mskibbe@suse.de
- update to version 1.0.21 which
o includes patch pure-ftpd-1.0.20-abort-transfer.patch
o Rendezvous has been renamed Bonjour
o The old PAM sample has been removed
o -F option added to pure-pw
o MAX_USER_LENGTH has been bumped to 127 due to popular demand
o pam/* can now be used if security/* doesn't exist
o simplify() simplifies paths ending by /. and /..
o Experimental support for RFC2640 (UTF-8 filename encoding)
o The LDAP schema has been changed: FTPStatus should be a boolean
o OPTS MLST has been implemented
o SITE UTIME has been implemented
o TCP_CORK is on by default again. A new configure switch,
--without-cork, can disable it
o Correctly format %c and %% in fakesprintf()
o The connection socket is now created with the Nagle algorithm
disabled. It was the trick to dramatically improve performance
when transfering a lot of small files
o Use CLIENT_MULTI_STATEMENTS while connecting to a MySQL server
-------------------------------------------------------------------
Mon Aug 21 21:31:34 CEST 2006 - kukuk@suse.de
- Reorder auth section of PAM config file to make sure all modules
will always be evaluated.
-------------------------------------------------------------------
Mon Apr 10 17:04:23 CEST 2006 - mrueckert@suse.de
- added pure-ftpd-1.0.20_config_minuid.patch:
* configuration-file/pure-ftpd.conf.in: our ftp user has uid 40.
if you want to map virtual users to this uid they would be
blocked from login.
- added pure-ftpd-1.0.20_ftpwho_path.patch:
* src/ftpwho-update.h: PAGE_SIZE is a function on
glibc-2.4/kernel-2.6.16 on ppc64. use PATH_MAX for the filename
member of the FTPWhoEntry_ struct
-------------------------------------------------------------------
Wed Jan 25 21:40:41 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Mon Jan 16 16:40:55 CET 2006 - hvogel@suse.de
- Patch from Patrick Gosling to handle transfer aborts during file
upload correctly. [#133452]
-------------------------------------------------------------------
Fri Jan 13 15:05:03 CET 2006 - hvogel@suse.de
- Make use of Stack Protector
-------------------------------------------------------------------
Mon Oct 24 22:06:55 CEST 2005 - mrueckert@suse.de
- cleaned up spec file
- add /etc/pure-ftpd/vhosts as base dir for virtual servers.
(documentation and code changed accordingly.)
- fixed paths in the documenation
-------------------------------------------------------------------
Thu Oct 13 12:48:35 CEST 2005 - hvogel@suse.de
- Build with DLDAP_DEPRECATED untill upstream applied one of the
various ldap patches floating around on the sf.net project page
-------------------------------------------------------------------
Wed Aug 24 12:06:08 CEST 2005 - hvogel@suse.de
- disable "funny" ftp messages to be a bit more professional
-------------------------------------------------------------------
Mon Nov 8 17:19:11 CET 2004 - kukuk@suse.de
- Use common-* PAM config files for pure-ftpd PAM configuration
-------------------------------------------------------------------
Thu Aug 12 12:40:48 CEST 2004 - mmj@suse.de
- Use --with-diraliases
-------------------------------------------------------------------
Thu Aug 12 10:48:44 CEST 2004 - mmj@suse.de
- Update to 1.0.20 which fixes compatibility issues.
-------------------------------------------------------------------
Wed Jun 23 20:38:56 CEST 2004 - mmj@suse.de
- Update to 1.0.19 including:
o Real disk space is no more shown.
o A possible denial of service when too many users were connected
should be fixed.
-------------------------------------------------------------------
Tue Mar 2 23:22:41 CET 2004 - mmj@suse.de
- Reflect in the configuration file that /etc/pure-ftpd/ now is a
place to keep all the pure-ftpd configuration files.
-------------------------------------------------------------------
Tue Mar 2 22:42:02 CET 2004 - mmj@suse.de
- Move configuration file when updating
- Fix initscript to use /etc/pure-ftpd/pure-ftpd.conf [#35196]
- Update to 1.0.18 including:
o UTF-8 characters are now supported in file names [#34829]
o Buglets were fixed in the documentation.
o Two new translations were added : hungarian and catalan
o The server now uses distinct IPv4 and IPv6 to listen to both
protocols on all operating systems. A new switch, -6, forces the
server to only listen to IPv6.
o W3C and CLF alternative log formats are now more standard
conformant.
o Pure-FTPd can now produce WU-FTPd (xferlog) compatible log files.
o Support for Rendezvous was added on MacOS X.
o Support for Apple / GNUStep plist data output was added to
pure-ftpwho.
-------------------------------------------------------------------
Fri Feb 27 18:27:16 CET 2004 - mmj@suse.de
- Enable mysql and postgresql support, since they provide very
good functionality with only tiny extra dependencies
- Compile with --with-nonalnum to support non alphanumeric chars
-------------------------------------------------------------------
Fri Jan 16 13:26:06 CET 2004 - kukuk@suse.de
- Add pam-devel to neededforbuild
-------------------------------------------------------------------
Thu Dec 4 14:10:58 CET 2003 - mmj@suse.de
- Update to pure-ftpd v. 1.0.17a
-------------------------------------------------------------------
Wed Oct 15 12:59:03 CEST 2003 - mmj@suse.de
- Don't build as root
-------------------------------------------------------------------
Tue Aug 12 10:55:04 CEST 2003 - mmj@suse.de
- Update to 1.0.16, with SSL/TLS support and many bugfixes
- Use new macros for stop/restart of services on rpm update/removal
-------------------------------------------------------------------
Sun Jul 27 11:19:20 CEST 2003 - mmj@suse.de
- Support system quotas
-------------------------------------------------------------------
Tue Jun 17 13:09:47 CEST 2003 - mmj@suse.de
- Update to version 1.0.15:
- A turkish translation has been added.
- Various functional and portability fixes have been made to the
handling of upload scripts, to the pure-pw command and to the
automatic creation of home directories.
- Accounts in a puredb database can now be quickly listed.
- The anonymous FTP directory can now be overriden on the Windows
port (using a WIN32_ANON_DIR environment variable).
- The default banner has been stripped down to look more
professionnal.
- Transfer speed on BSD systems has been improved.
- The license of the whole package has changed from GPL to a
simplified BSD license.
-------------------------------------------------------------------
Thu May 15 12:41:00 CEST 2003 - mmj@suse.de
- Allow dot-files in general, but prohibit writing of them [#26897]
-------------------------------------------------------------------
Wed Apr 30 12:42:52 CEST 2003 - mmj@suse.de
- Apply the detach patch elsewhere to not break xinetd
- Add note to the xinetd conffile about the xinetd behaviour
- Rearrange the specfile a bit
-------------------------------------------------------------------
Thu Mar 6 16:33:14 CET 2003 - mmj@suse.de
- Fix the xinetd configuration file
-------------------------------------------------------------------
Fri Feb 28 15:32:38 CET 2003 - mmj@suse.de
- Add note to README.LDAP about use_ldap in the pam config
-------------------------------------------------------------------
Fri Jan 31 14:33:01 CET 2003 - mmj@suse.de
- Update to 1.0.14 and add a xinetd configuration file just in case
the user wants to use it with xinetd. Default behaviour is still
standalone.
-------------------------------------------------------------------
Mon Jan 20 20:42:56 CET 2003 - mmj@suse.de
- Added patch to detach from fd 0, 1 and 2 [#22836]
-------------------------------------------------------------------
Wed Nov 27 14:02:07 CET 2002 - mmj@suse.de
- Update to 1.0.13a which is a minor feature/bugfix-release
-------------------------------------------------------------------
Sat Oct 5 02:34:37 CEST 2002 - ckm@suse.de
- Changed default config file to only allow ro anonymous logins,
and tightened security in case writing is enabled.
-------------------------------------------------------------------
Sat Aug 3 15:16:27 CEST 2002 - kukuk@suse.de
- Remove symlinks in postinstall script
- Add PreRequires for insserv
-------------------------------------------------------------------
Thu Jul 4 16:59:51 CEST 2002 - kukuk@suse.de
- Update to version 1.0.12 (per-user limits)
-------------------------------------------------------------------
Fri Apr 26 16:27:00 CEST 2002 - kukuk@suse.de
- Update to version 1.0.11 (minor bug fixes, better LDAP support)
-------------------------------------------------------------------
Mon Mar 11 09:48:02 CET 2002 - kukuk@suse.de
- Fix permissions
-------------------------------------------------------------------
Sat Feb 16 21:15:14 CET 2002 - kukuk@suse.de
- Fix print arguments [Bug #13389]
-------------------------------------------------------------------
Mon Feb 11 18:12:54 CET 2002 - ro@suse.de
- flgs in perl-config parser is an array
-------------------------------------------------------------------
Thu Jan 24 20:51:42 CET 2002 - kukuk@suse.de
- Update to version 1.0.8
- Compile with LDAP support
-------------------------------------------------------------------
Thu Nov 29 18:22:20 CET 2001 - kukuk@suse.de
- Add pam config file
- Cleanup example config file
-------------------------------------------------------------------
Thu Nov 22 17:09:45 CET 2001 - kukuk@suse.de
- Update to 1.0.3 (rename and quota fixes)
-------------------------------------------------------------------
Thu Nov 1 10:51:40 CET 2001 - kukuk@suse.de
- Initial release of a secure ftp server with LFS

116
pure-ftpd.init Normal file
View File

@ -0,0 +1,116 @@
#! /bin/sh
# Copyright (c) 2001, 2002 SuSE GmbH Nuernberg, Germany.
#
# Author: Thorsten Kukuk <feedback@suse.de>
#
# /etc/init.d/pure-ftpd
#
# and symbolic its link
#
# /usr/sbin/rcpure-ftpd
#
# System startup script for the pure ftp daemon
#
### BEGIN INIT INFO
# Provides: pure-ftpd
# Required-Start: network-remotefs $syslog $remote_fs
# Required-Stop: network-remotefs $syslog $remote_fs
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: Start pure-ftpd ftp server.
# Description: Start pure-ftpd ftp server.
### END INIT INFO
FTPD_BIN=/usr/sbin/pure-ftpd
test -x $FTPD_BIN || exit 5
# Shell functions sourced from /etc/rc.status:
# rc_check check and set local and overall rc status
# rc_status check and set local and overall rc status
# rc_status -v ditto but be verbose in local rc status
# rc_status -v -r ditto and clear the local rc status
# rc_failed set local and overall rc status to failed
# rc_failed <num> set local and overall rc status to <num><num>
# rc_reset clear local rc status (overall remains)
# rc_exit exit appropriate to overall rc status
. /etc/rc.status
# First reset status of this service
rc_reset
# Return values acc. to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
#
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signalling is not supported) are
# considered a success.
case "$1" in
start)
$FTPD_BIN /etc/pure-ftpd/pure-ftpd.conf --daemonize
rc_status -v
;;
stop)
echo -n "Shutting down pure-ftpd"
killproc -G -TERM $FTPD_BIN
rc_status -v
;;
try-restart)
$0 status >/dev/null && $0 restart
rc_status
;;
restart)
## Stop the service and regardless of whether it was
## running or not, start it again.
$0 stop
$0 start
rc_status
;;
force-reload)
## Signal the daemon to reload its config. Most daemons
## do this on signal 1 (SIGHUP).
## If it does not support it, restart.
echo -n "Reload service pure-ftpd"
$0 stop && $0 start
rc_status
;;
reload)
## Like force-reload, but if daemon does not support
## signalling, do nothing (!)
echo -n "Reload service pure-ftpd"
rc_failed 3
rc_status -v
;;
status)
echo -n "Checking for pure-ftpd: "
## Check status with checkproc(8), if process is running
## checkproc will return with exit status 0.
# Status has a slightly different for the status command:
# 0 - service running
# 1 - service dead, but /var/run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running
# NOTE: checkproc returns LSB compliant status values.
checkproc $FTPD_BIN
rc_status -v
;;
probe)
test /etc/pure-ftpd/pure-ftpd.conf -nt /var/run/pure-ftpd.pid && \
echo restart
;;
*)
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
exit 1
;;
esac
rc_exit

177
pure-ftpd.keyring Normal file
View File

@ -0,0 +1,177 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2
mQINBFTZ0A8BEAD2/BeYhJpEJDADNuOz5EO8E0SIj5VeQdb9WLh6tBe37KrJJy7+
FBFnsd/ahfsqoLmr/IUE3+ZejNJ6QVozUKUAbds1LnKh8ejX/QegMrtgb+F2Zs83
8ju4k6GtWquW5OmiG7+b5t8R/oHlPs/1nHbk7jkQqLkYAYswRmKld1rqrrLFV8fH
SAsnTkgeNxpX8W4MJR22yEwxb/k9grQTxnKHHkjJInoP6VnGRR+wmXL/7xeyUg6r
EVmTaqEoZA2LiSaxaJ1c8+5c7oJ3zSBUveJA587KsCp56xUKcwm2IFJnC34WiBDn
KOLB7lNxIT3BnnzabF2m+5602qWRbyMME2YZmcISQzjiVKt8O62qmKfFr5u9B8Tx
iYpSOal9HvZqih8C7u/SKeGzbONfbmmJgFuA15LVwt7I5Xx7565+kWeoDgKPlfrL
7zPrCQqS1a75MB+W/fOHhCRJ3IqFc+dT1F4hb8AAKWrERVq27LEJzmxXH36kMbB+
eQg336JlS6TmqelVFb15PgtcFh972jJK8u/vpHY0EBPij5chjYQ2nCBmFLT5O4UZ
Y4Gm8Z3QLFG1EeOiz+uRdNfchxwfLkjng1UhKXSq5yuOAAeMaNoYFtCf1hAHG6tx
vWyIijRxUd5c8cDZsKMuLQ34O6DuvPZyeCy6q8BTfW18miMMhIH0QTS9MwARAQAB
tCFGcmFuayBEZW5pcyA8Z2l0aHViQHB1cmVmdHBkLm9yZz6IRgQQEQgABgUCVNnR
HAAKCRCSa8UXHN6kOfywAJ0XnUHJzBG8ymQU95rViLf8HUQ6zQCglP1p97fNCc6V
wi4EUHOl05Ox5xSJAjYEEwEIACACGwMCHgECF4AFAlTZ0WkECwkIBwUVCgkICwUW
AgMBAAAKCRAhBiequnCf4bJSEACNpfrkZcJqH4kh6Px9nFAzTtjZ+7kX3FSMPRCL
U5nVOiisfZ5IBT92N5VMJC0BT+mkIUCchwVOUBqp/Z/JPPoxD3Iky+4XG07mNGEb
s9JqfWyfK67qhsU62bqILyFZ7cJ59R74AG7tdxyrvtyji2A5lqqLFTX9GvBox49d
GQ7jQz0FW1+jVg3rPoy3XlLMVSlGR5TgtwokQkhyc2dxtYDvUFO/C0ABQiCAzuxj
u8T46m7xF57MrOX9dji1weDagZSGphHcs7VfgsCGQTPTYusrT5xIVs0x8x8IveaD
WvgLaVJYBkWI2LTEfacQqlZK6ZcK8IQOHW0juxy4l0CKwOexdf+S8CkUeHuyBoZ0
6WaFvIa/MqoOAAFQmaq+WgfNiziQDD+mZQu5EG/f2MRmMOFcH+qgmPCMO+DLyC+c
FtM0r/6KwXjbR3j9Gfzs8d1FygNnITRJRFm2fXtCGQV4HI/yQ3yvHtFU6r9SLRy5
tmZLwm8oVXxEfCPABz5388JF71hXgynjDvK2pKg3jUN4eAXoggQlR6RLFHSFkht6
AjtYLsvf4cTCUdsgFoivt+bAnGW64E0zdKEHqUTLmd+J4iAStI1Ie7dTObATDYMR
ACHioyX+uAxLnTc/sVIHpOTfgV8e4a8rlQt7Ncuh+Ns7Toz7aRz1VMPfIFqb+Ve0
ESwbNIkCNgQTAQgAIAUCVNnQqwIbAwQLCQgHBRUKCQgLBRYCAwEAAh4BAheAAAoJ
ECEGJ6q6cJ/hgqQQAJRxOYPse56eok0qMn7VCXfgHkm8n0wZlD7NxzVsC/iHQRik
cto0+/UAWaDXE3LiY/RAHS7hkIgVqgumnaYgDcXmA0lXj1sDheMSlM+YUUR09+/U
8vIyCDyhqBmQ5rOd76d3Ys2ow3t7V0xEzAyqMrr6l47PM3ScccwmPU4WqpFl24wm
jXYlbwlocIEuUzEEeJ83ojeD4PBVbSLICYcN64xhwLZ1/ji6GMh1aNkB/lQwocjz
LLbWIz7cgimbqLMBV41PEDvtXYldBOOujsnQ6ejjSD1HStDaaNCqrMy6IuI1AZ4b
CkOv2AF/RcPNX0CQpouZH/hDNl/tr766w/tgUVI9BiC9ol4jcuLW1TXoJbeU5Ps+
QEp5bhyt+t03Eej1gR0btRxOjgqkTF3TdR7sjWzhgALG+MXRsOQ33HK0IhmYs2LQ
sIelwpmiDLV5Kd+mxzSD3Nv82GyElwCvvFrUaGibu1SXbPaj0oJPcuL8Mgan1NrP
T0c7uR8J2it3hsAXf3azexUb0k8q+ysGxakbvlTrv4IM6LI1RBN22BUYco29pUTP
K2BRGoVZKyty+kfkUlETyjm5z/D17a9XGi5MAyJIAKrPnc+vKn2CLX1S6xfg9zbM
+k9wflJIdEXHNrQfEMyl9OxNQDAKbpayYpCKaShCQpwlATSWifZdlm/2KnE7tCZG
cmFuayBEZW5pcyA8ZnJhbmsuZGVuaXNAY29ycC5vdmguY29tPohGBBARCAAGBQJU
2dEcAAoJEJJrxRcc3qQ565kAn3WoiXELAGWknxHztVcWWmNJBFX9AJ9cVVC2L6OT
OLLWtLSCxbt1LYcwRokCNgQTAQgAIAIbAwIeAQIXgAUCVNnRegQLCQgHBRUKCQgL
BRYCAwEAAAoJECEGJ6q6cJ/h0LgP+wfCw2SCFvD7sFlnmd6oJNP+ddtt+qbxDGXo
UbhrS1N88k6YiFRZQ+Z84ge9RgQXA74xuWlx8g1YBEsqO1rYCGQ4C+Ph+oUO+a3X
k+wmEzINnjCF8CQzZQ3vdXvWmshKzqC2yyeR235WC/BSHsqsr+TRFEmGa68ju8s7
UF8ZQaBzbM0ttUtrc0UqhnS16xV5lH9gBkVbMWIN1pAeJcFRL6MB92Vv5tWjayua
w76vxmwPhu6quUlwxNYNvYBgG5kpBjqMOLHaX1x+SA5F6aI6E3kqxeyurwV6Ty+/
FIns+Awl+IFPey5ctwSOXkizhtqxpMNHAu9resNRjneIjNVTLON1uaxvmPJttMd/
CdTXh+guxDBfH6Vr9nmExy2qbihDJ06Sm874UYtnBZdB7Fi0cNF1DlEZKaZyYaLw
RA/TelI2IaIdkRFLsaFdo144nfceZ2fra2QO83Ow6uShNZzAHU0ZVEKLVt/VJqCL
6hts7vhKuCBcNlpoNOZptRPJf8RMLh4qwtniZadDcM16TpvkyTQUAWH+GvTML0UR
5sLHOtZ7MUaHO/c5UWQWJOmuaWOKgdKLi3iXztGbNNDc9F7wRoObUH7Om/0s5IRy
noO58ofDCmurPDP+10eOQaWtgVz2nFXcFF0qTw4H6L/sXlzbm27HuqEHuYrzpTl/
Njn0chjBiQI2BBMBCAAgBQJU2dB5AhsDBAsJCAcFFQoJCAsFFgIDAQACHgECF4AA
CgkQIQYnqrpwn+GYRBAA0+7ImcxLB3yYSMK0yO59TWaUkiVLNOwBW1GihtIUtx3N
2/P/Fi3eRLU0/2GtzYqCRwKqlluMrN0s8HuOEna1gTmVMqYTYm00CXP15S22xeUh
jH4zJ4wAeUTPTGMnd/fMVwuQzjKuzgh4JUsqomhEubYw5WXVsTa9FtQxLeoTbOUw
o0nRJMvxx4ERMpRsaHP2bfv87wgTquMTLrY1+oOJ3Vsb3L0oYUz4DLIqzSYjqFcn
TmwyjLa5ZptJlf+PsXMFlhwGIHFjoOVUtTkmuorRoWi2In6e2bpVNZ2ECNRh3FZz
1XxvhtQ5fmiZpRMpQFvCqA50ltCzJihqNG0/4Oj1KVnYenRYBbi9wN3Jt5BorUz9
G15QVplnVIIN99uUSdaQkg8MXdQ6lnKRPwt0eE6KuRIDIAsJ08zoZvW3+UsZ6eTn
YW08t9EWYqZcv4AcZFt2HJ6IMijm0C0ffr8cUNS5UAlX2k16jwUzvKO+iaSJNLtY
Wz9OsTW8SWSKsdSPrr8fKNjZLFmJrSSbyxmPkboIsaNo9otqnHmLePMoomrHmyyC
i6FFax3QLbz/22tMWWu39cKm9sEISQQTH6ogN/osKYg+AW9BhdErma1fou+wPtcl
kA5k87WCJ1SsNV6171GoVPsL+cYUSh42UWxTPTu8IwFwH9H+3wJ58Krv2OJI5JW0
LkZyYW5rIERlbmlzIChKZWRpL1NlY3RvciBPbmUpIDxqQHB1cmVmdHBkLm9yZz6I
RgQQEQgABgUCVNnRHAAKCRCSa8UXHN6kOWXzAKCGlk6DvVCqExkBd6OEsaEoOBgH
5ACfcVQaz/FEgCdRsJeLi7xNwZXZ22OJAjYEEwEIACACGwMCHgECF4AFAlTZ0XoE
CwkIBwUVCgkICwUWAgMBAAAKCRAhBiequnCf4ak4EACQm7nJmEs8EjOcNkyvSgn+
kmJJ5rsZQJjh9W4VQoukuVKMhpLELgTahYbxwmgx0yHBbXHXrqtFk91cWlbx4Lmv
6HybbkcEnrj0WMxQ8OLav25CA90HLzQj6AWWuyKdLLvFt2VRKmOtxhgLH2NiONPA
fovVBlr5gIwXJrx2hv81x3NDSjtw1G7k0b3zxxJyyxxdhfMjpIyi5LA8YIytAcCw
zfVhvxgVsku4PEVEJljn6qJHwNcPNbgunrx8mrRf9QZb1D6Lb0sxO9llYMYFD1vB
A228Os9nxJinbj1ww6xHhbsUrhjQ55phFMEVxdp5cQoA/VmpitjbYEOIck7kgZjv
YPePe88BMBiKDCOv+o0U638NoREWlDgvtEP4TpYscBMVbFkcf8A9yTqrxtjgQevw
YlYDvuwio38K29qnvn1AoHyet6tPqUDRyiOFLkh7wuujpiwwBcOrCPOy/5WCdOCq
XygAWa5T6j7pyYdTAY0eASz7F7ZQNCKTG7rzmA4Id8eYHC57f3WCUe59B294KHLl
6KSJ/qro12DtUf2ZHffmjxUn0j5Wn+TdbxdkED04S7CvGPLUTNa9xvZYZetQdVnf
bD4T0IgK8UVXsmJOe0be3UKHj9tsXCvB2RzkRlOHRzoHth8iQRac6cGi9YE8QGRI
a97fvUyyoG4q4GvVbiN5zIkCNgQTAQgAIAUCVNnQDwIbAwQLCQgHBRUKCQgLBRYC
AwEAAh4BAheAAAoJECEGJ6q6cJ/ht+gP/jcG27dq63a8s8NrnxByYCQBW/Q6MdNk
WgfdD4ajMwyPELwk4D1mtcCqnihXoj4NBGhCgtiZZ0gKKTv6fOGKRjf8ZLJBiKy4
vZs6IzM1f6j4QPOPx1Ew6WLPxGuPuUT9ZsMvwpoMU+OrLaSJZMxxB6oHrsRZ5Wc6
+Zxn8Pqtp9Bx1SK1pX04hUjsYI6wpqzInAMlGh4ZlYsadqSUFEtnzMP0T2usoc61
jDzfNgW+vHmD1diIl/Gp7coInp/3k0ovNYMiqwjmMl3WcA8O4Vh1JhE5dM8Eppz7
nkoGbFIHaLjuz40U4T2tHSXDOpy6QXcuTE4man9Wo+WmA2ibzPsAzyZr7W5qo0PM
Rkv6K6Oy0rxB2GFm5+welxD41tt5CwRHu9cdg8QP1lxlf+CgnVs8u0EBAuu5c9/8
UZGSWtTc3wRKRVnO41/uHzhvgeEW3Zypnrc26h4bWGmil1WgaENTHGSM5j1MDy24
Kn7Xoyh+utQALJAuB7V+UCqpDNN4icRos92rpWiQKQm0sXKtyhtmz55cRc3aRXvN
vJAdrpfV2fUh6Xz8tgER19MEUkVRLQMA7ePwEQIjOKl7Pr/b5NozhzpOwr+RRwHl
iXYLnTEV480DG6+Eb55vTEZ2a5Rr1VVgbRW6LgQBNb1yo8M594QLXadGYgc3UvAJ
dnEMmQ5TAk0/tDBGcmFuayBEZW5pcyAoSmVkaS9TZWN0b3IgT25lKSA8cGdwQHB1
cmVmdHBkLm9yZz6JAjkEEwEIACMCGwMECwkIBwUVCgkICwUWAgMBAAIeAQIXgAUC
VNnfeQIZAQAKCRAhBiequnCf4TtuD/9izD9TC84d/1gZJ8hNDZ/TFV5ycN5NtqAx
Y/6i97Pb7unLj0aEAEGOXtJN3mHGL6s32s+dmWhNn+IXygU8c/s5IHTpdyf4EKiu
y/8vGVyV3nGI7N2hpl297I5dwo97M2qfrfCTPX9mnqln1txHUBQkEyX7XZj13VwR
tv1dOGy2ga3iUD9UtqUC23Vkwo3FOv6te7R8xXoXjEvOKWxYyHwAdeh5snKz8ex5
ZDluSUTTkkJHQdJgnPSM5txh4RMhNSXc0kRQDBgcZQvVc/UTAxwPF2z5chtqOZsg
f3jLvwkIVpAbhBfgt3sUJMJcmX2BVWLaiYHebT5uW35xNOgGB79+RynH2/iQFAF/
SmS5Zzz+L0lZHhux+nXqcREBkwItk3n+6uBNgKfLP9U/lj3o8BE6AijUl/xIJmWx
hzrCgPCJGcuRlX24rFiCujkx2696tWokTKQNRXKd59ZI+bd+KCtb4fFecDWaVj8Y
zNDJmVL0PUQp0Ix/Bu63Oa3spN8vOVrkRD5X40JI5uxTNA6tRlczBlcp0NNUeB13
q0h5ya5UWHWbStsoQp1f60Gl0og+aoaKwnV0WNU8o2W+ayUGvltVon6zTEbmgkai
n6hYi1AGuiNTQQ5bhGJxEUGzpei0TwtK/RJmwC6iPiCTge5PPASDJcK2EkgmP+cQ
W5bjf8zvZrQ3RnJhbmsgRGVuaXMgKEplZGkvU2VjdG9yIE9uZSkgPDBkYXlkaWdl
c3RAcHVyZWZ0cGQub3JnPokCNgQTAQgAIAUCVNnSkQIbAwQLCQgHBRUKCQgLBRYC
AwEAAh4BAheAAAoJECEGJ6q6cJ/hakcQAMFpvn+pqPZwqBkQ+K+I60i7ieQKciMU
UNy+Qy/zHiE0TDzQ6bNDqbyiCBphr9fZ+QJ4u7nznJ0C5E1Y9de/VOQU52oZNnw0
tAsZRcrJaUfQO7V+qkDLSMgROHHT4Y1bnmTsCPj3yUpXhRZj0NxEpWys3jRiagUI
jUm6aPajIYcmEWcvxZOJDkMwHV6Wut5D19SlaE7L89fTtn6y4pu0GPKEyPFW4o9A
gfh34R7i5qJXNN/f0uO4RfucoBESuRcI6JksfkNnysfT9+U2akPWcO93t4EvWFBK
0+C1O2cHZrpX7XwmlS5iLl+BlAz2rJjWwFi6ShxMC5Z9GCTtJCMw/tqts3Jc1Jho
HYBnBFMC2+r6ViyeNTLJh5J2YNM5v8huv7GrANI1NcCsXkZR3ksZ4dz2G/r9+pB1
7EVYqj5cMXvTxpiyvafcA9Mkv3ZNi7CWxNYZ1GX8O5deFXYr6y+euzMv9LBt0myF
G/w8R7lZIB1PSxx5XGuM+VZhXO79vrHNPuiHMxVvOhSiPJvqvMy4R3KrioGabpsb
8IxKAG45fddt26mSptXvKRy9200Gum0r/YrDbFt0/Xh3hAe362wZWDmY7zELmC3/
NrdrbvhOMW1GGWa5pUWBsARhVAUaa7SdHl3lL8RYAJ2s8jTV8V4TtzzIgsaQqdHu
/seuHylTzHxbuQINBFTZ0A8BEADJ7/1Bve7wLSMnhvpT2pZoZ9dDUNOyOEc/r4oG
RwMTvLe0GITmDmC2RY9ZjtdX/JXOV9aMVe3SsIfrBzCUN35DpkGxulRkS5kUwD5O
ORrGkXAJ3MzcwmVsNLOH/dsm3PU4eHTUfHVJPdLfrRSLTxpxRxh5o8FGDHO7vATZ
fZf0jYiYqcbh41EdYV0BPkV65YJKFvUvCG4rB8rXeSHDlxs99+3KGJHSS88dQHaT
jBjeJ+asppa4YwSL1dmv0fpsHlAA+yJfCGJ4+fJWpa6dpC5p6CWnC9EfUdmW0oww
XryqYrZst5Kh0ufbwocPNGrAUVq9dPvhGldC51gyim3NVPNPUT9QHNJeuioyo95p
okECg6W9qBxw9LibMfOJKgjpKFnahddsEbLcoGLAHPAiV57ACk4XQ77EE5DF+lio
OMLUicNBC0bTQkGcx/IhOnqvTF2Yo7xuh4/Vsmdi9nnjtGyp9LhAxr6TzC1nBXzo
wsS99sfya/ebKgLdqdA3ARR+XeIyu7ah0GMzcLfIm22xpcM0RU4Kv+YoFfp/avT/
4fG1kIVCcqm48ibsLeJf6E0kymeW2dCAKykv/mP2PW/wQV0c0T/w9S4Wjp3R+NxO
h5hFhktj4VFD591ek0MzquZ6Wk1yoav3/FzGBKr20N6o30RGviy4JhSwMA+63PId
lmFaewARAQABiQIfBBgBCAAJBQJU2dAPAhsMAAoJECEGJ6q6cJ/hglYQALHDtKWA
kc3IA8A1jq094OcovHbdzZgxi/XOv6ISlcGlkiA5cBbW2TYmf36/dVQnQ34VEqIb
Z+hO17ymHVTTuDUSyG0oEXO2PwuD/vZRIZPuppV2JRIpfxjemFwbELw0s9ccPgrM
92OpKtptcYkhxbmaz9D0u+cfryACmyLKWrruSMhIf8AFtb2P6Z87O0ybWNq/ELL/
+cbfs1HZRgdGSauyGf9Rr3pbUTCa34XAkyj0EVnTL9GhIqHgcGADPLHPVK63jzPY
0qU97gmMLiZZXeDPePrare7ar5EenZblxfuFlnrj16OuY0gZdPeARH0+XVW7dE6p
hunk4Jz4IYdY+z6SIIcqlFNL/GD5eQ1J2VLh84uAhHEFjVBKvsSvTdv535WqvEeC
zwyY7qUliMObWb/DVo/hAP88sYIF/qtqa96pQ/iFJzvHEf0U9S72fS+bdX706o6Y
A6lySK3pooTmyzhhFdPtMVhGjdPOTlc8lEE7dhAYc0sR5AtAhHegoEfJePGBrCia
xwo7jr0PpYFbQJIGAXlRXn4aymtuNk5lQTZWQpEtucFIRoVmy799+KfikxuHe/Sf
oimG4fJ9Av4AStGMw194C2y/usHrNMWImlkkQX8fYXzwnxSwxhubGO8lYh/GHDho
oOiFffg1gQksjmdHdCF1jb0yxft3dQRQ+HZRuQINBFTZ0DcBEADWTaBSOHDPU2BQ
jDmCIh9VGl6ImzRO5GdagzPzusuR01Dkp5tpKAmDE6rVWooAKv7V4lCSwc6B8Ide
wsw8eS9/yEoTB3asABQnFGSCNjVv1xBB+5J8J6p+bZItgmQs3xPhl7VJuzO3wVtq
YD71bfzq3fg4ZhCj9APn3Sh0t8fxFJ/FbLyaGBJMYPX09eHqmJPqACxcZur1vVAB
TtFWfyTl83g07sdPuqejUI3MpCnhuRolwHR6UaKX3pLC0Md7GanxQRIboiF+z5ZQ
EMR6T6inDxvNmlak+cfbb2dkVXZP+eYXCoDYXXGwxlqpDRDWzr05qJtmv4AzYG+6
X9doyWvbdkUVQvKMmIfs1X7S4X9hpcDFb78LlztVNgNP5VEOyt97epUNphJm7ncn
hSQrKN5CCeffHn08NmT5HhJGfmnbCAUG3QkhJtAf0vg0vAg0y030uZzeU96xpzu5
cz3/fN7j/Qi2zg8rdOXahdR5fuF4nDE9z0Lc9U/j+1+5z0C/RVMDllAR6n4WITbJ
1de5ujPzg6CrMo3Zfdp4zsb8g+s1Wn33Mds1/kmBGiCIgxYcVRaa4cE7q7ijn2sd
5zUy3dSXoq2lHo0jQpz+tFcU7KdtN2NB/Kri7b7FheleZa+e1kMRkMUJkuSUFfcK
3mM7gN9/QKVKrpH1poYjwx20FVgHtwARAQABiQQ+BBgBCAAJBQJU2dA3AhsCAikJ
ECEGJ6q6cJ/hwV0gBBkBCAAGBQJU2dA3AAoJEGLyW1krb3batY4P/A5ugYnIxG3D
aYVqbI49LqDwePSNHyhcUjNrlIejyPsLXC7YpCbDchr1w5u6BhP7lyJIuUvvvdaW
eaE1fd9R1c6fHuL4qeSEQnFhZOjYrEZomZzf8THoy5yt7OdaZiuVCYaGMpqxExol
Co9bruQansEV2eMFh9pMyLrAcyHOd+7IURqpPi4MGO/8eGimPuWeOlaQBkpTuGul
nVrZUS2czs9MfrTyKwGKNH+9oXR4Nnp2RK6pIYvdHcv+YQrGiUZfq2hGVQ0oIDrT
tIZoU5y0lgF92DyDadakqr5+REJPBYWboUWqJ6V4NMGS3PNqCGBGdCp4SexwYFf4
xe/JSOWT3ZPZtthmwElpCI8DZn8wIRhD7vzV94sHgz31OFC2zr3o7N4r0ExDqxeO
7t6bP+kjqwV0u39t2QcO58GK8nswnkFFfEQipJPsVD7+WFNA6RrVYg638XrnF1vF
tOVTgbAn6Wtj0174+FYz+lBkVHF90lU3AFZ7ygJn7A2v+PuADhL34EBUc7nsfLbY
RWz1tqSyRED6VRbsQCtH6FB8O/BxS+zUVUxcd41FoBgDOzwPRSPYda61OXV8ovLl
8AY2l3BGiLbO1hNDRoxcxG7m+pCZXa8oZeWQjJJjnAVO0pEpiPeWzicL2HRhohHD
uHoe3IuKThR9GTain6Y8n6U4LRYEuS3Z3qQQAPLm50evm+4BmjkJP60Tk2B6EqvR
l1QKoYZmOvZX7F0PRF6IgMzWZ4SS7Y9Se/OmdwYHfV/jF66z6CS1RpgU0/Mk99+y
mP/q25NehOaC9XiLZ7CdMYKaw9YJFlDWmqUVyynQPOqIKFPLBP/Vq9gjenQnTwpo
5nNJlrxh2OVepTH9zTyAEG0uIs7lP8PiBID5waOOQT5MT9h8r4aDnpPqcabKi/Li
0M7iI7cIFrzDqHFUK6QTa+pEPfYb6/H3mOpDiOTKBrGoFt0euZuwwH8/8daDt0Jl
k/5INnXFqohG8y96YV9UKULXSZDufiU2EBdFj+bD80Ow2iD+zKNjY4ar5zuTUff5
BM19chEHJNwSOLyjR0ogENfyfeLorvQM3lunXTzuAMey8nCtFjnjVTQE+mt7RSW0
K73t2aAw0jVwGu9FSpqXa7K8J1/v+Pq5cme5Y+65zFgnvY5ZX2djIvpyGFwq74VY
dLezh1RsKUqtvAf3tgBbEGcV3E+GPuqaO2iQA1XW/i5TgLhesQd7MpRNSJtIgAwl
vVAFrm9aIjq/Y79PphxGHN5GhdJD1OcyjiPXIPPdY3DgVf6kb/Pbm0h4n8PYU2Qd
HQ418wYzcDYwR6pGA2i7H9Ys3mBxBuIBDrI6DA0DKoMOismfvuhYAFBl+SNXQTmC
yaKJ4Th/5TZsY0L3
=r0bJ
-----END PGP PUBLIC KEY BLOCK-----

9
pure-ftpd.pamd Normal file
View File

@ -0,0 +1,9 @@
#%PAM-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required pam_shells.so
auth include common-auth
account include common-account
password include common-password
session required pam_keyinit.so force revoke
session required pam_loginuid.so
session include common-session

10
pure-ftpd.service Normal file
View File

@ -0,0 +1,10 @@
[Unit]
Description=Pure-FTPd FTP server
After=syslog.target network.target
[Service]
ExecStart=/usr/sbin/pure-ftpd /etc/pure-ftpd/pure-ftpd.conf
[Install]
WantedBy=multi-user.target

172
pure-ftpd.spec Normal file
View File

@ -0,0 +1,172 @@
#
# spec file for package pure-ftpd
#
# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: pure-ftpd
Version: 1.0.49
Release: 0
Summary: A Lightweight, Fast, and Secure FTP Server
License: BSD-3-Clause
Group: Productivity/Networking/Ftp/Servers
URL: https://www.pureftpd.org
Source0: https://download.pureftpd.org/pub/%{name}/releases/%{name}-%{version}.tar.bz2
Source1: https://download.pureftpd.org/pub/%{name}/releases/%{name}-%{version}.tar.bz2.minisig
Source2: %{name}.keyring
Source3: %{name}.init
Source4: %{name}.pamd
Source5: %{name}.xinetd
Source8: %{name}.service
# PATCH-FEATURE-OPENSUSE %{name}-1.0.20_config.patch -- Custom service configs.
Patch0: %{name}-1.0.20_config.patch
# PATCH-FEATURE-OPENSUSE %{name}-1.0.20_doc.patch -- Adjust command paths on documentation.
Patch1: %{name}-1.0.20_doc.patch
# PATCH-FEATURE-OPENSUSE %{name}-1.0.20_virtualhosts.patch -- Custom VHOST_PATH on openSUSE.
Patch2: %{name}-1.0.20_virtualhosts.patch
Patch5: %{name}-1.0.49_ftpwho_path.patch
# PATCH-FIX-UPSTREAM %{name}-1.0.32-default_tcp_sedrcv_buffer_size.patch
Patch7: %{name}-1.0.32-default_tcp_sedrcv_buffer_size.patch
# PATCH-FIX-OPENSUSE: bnc#789833
# won't be upstreamed, can be dropped when systemd will be only one init system and kernel get AUDIT_LOGINUID_IMMUTABLE
Patch8: pure-ftpd-1.0.36-cap-audit-control.patch
Patch9: pure-ftpd-apparmor.patch
Patch10: pure-ftpd-malloc-limit.patch
BuildRequires: libcap-devel
BuildRequires: mysql-devel
BuildRequires: openldap2-devel
BuildRequires: pam-devel
BuildRequires: postgresql-devel
Requires(pre): coreutils
Provides: ftp-server
Provides: pureftpd = %{version}-%{release}
%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150200
BuildRequires: postgresql-server-devel
%endif
BuildRequires: pkgconfig(systemd)
%{?systemd_requires}
Requires(pre): user(ftp)
%description
Pure-FTPd is a fast, production-quality, and standard-conforming FTP
server, based-on Troll-FTPd. Unlike other popular FTP servers, it has
no known security flaws, is trivial to set up, and is especially
designed for modern Linux kernels (setfsuid and sendfile capabilities)
. Features include: PAM support, IPv6, chroot()ed home directories,
virtual domains, built-in LS, anti-warez system, bandwidth throttling,
FXP, bounded ports for passive downloads, upload and download ratios,
Apache log files, and more.
%prep
%setup -q
%patch0
%patch1
%patch2
%patch5
%patch7
%patch8 -p1
%patch9 -p2
%patch10 -p1
%build
#CFLAGS="%{optflags} -DLDAP_DEPRECATED -fstack-protector -fvisibility=hidden"
%configure --docdir=%{_docdir}/%{name} \
--with-rfc2640 \
--sysconfdir=%{_sysconfdir}/%{name} \
--with-ldap \
--with-paranoidmsg \
--with-altlog \
--with-virtualhosts \
--with-ftpwho \
--with-mysql \
--with-nonalnum \
--with-pgsql \
--with-cookie \
--with-throttling \
--with-ratios \
--with-uploadscript \
--with-diraliases \
--with-pam \
--with-puredb \
--with-sysquotas \
--with-quotas \
--with-inetd \
--with-tls \
--with-boring \
--with-peruserlimits \
--with-virtualchroot \
--with-extauth
make %{?_smp_mflags}
%install
%make_install
install -dD -m 0755 \
%{buildroot}%{_sysconfdir}/{%{name},%{name}/vhosts,pam.d,openldap/schema}
install -m 0644 pure-ftpd.conf %{buildroot}%{_sysconfdir}/%{name}
install -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/pure-ftpd
install -m 0644 pureftpd.schema %{buildroot}%{_sysconfdir}/openldap/schema/
install -D -m 0644 usr.sbin.pure-ftpd %{buildroot}%{_sysconfdir}/apparmor/profiles/extras/usr.sbin.pure-ftpd
install -D -m0644 %{SOURCE8} %{buildroot}%{_unitdir}/%{name}.service
ln -sf service %{buildroot}%{_sbindir}/rc%{name}
rm %{buildroot}/%{_docdir}/%{name}/README.MacOS-X
rm %{buildroot}/%{_docdir}/%{name}/pureftpd.schema
rm %{buildroot}/%{_docdir}/%{name}/pure-ftpd.conf
%pre
%service_add_pre %{name}.service
%preun
%service_del_preun %{name}.service
%post
if [ -f etc/pure-ftpd.conf ]; then
mv etc/pure-ftpd.conf etc/pure-ftpd/pure-ftpd.conf
fi
%service_add_post %{name}.service
%postun
%service_del_postun %{name}.service
%files
%license COPYING
%doc FAQ AUTHORS NEWS THANKS README
%doc README.Configuration-File HISTORY README.Virtual-Users README.AppArmor
%doc README.LDAP pureftpd-ldap.conf README.MySQL pureftpd-mysql.conf
%doc README.PGSQL pureftpd-pgsql.conf README.TLS
%doc README.Donations README.Authentication-Modules
%{_mandir}/man8/*
%{_bindir}/*
%{_sbindir}/*
%dir %{_sysconfdir}/openldap
%dir %{_sysconfdir}/openldap/schema
%dir %{_sysconfdir}/%{name}
%dir %{_sysconfdir}/%{name}/vhosts
%dir %{_sysconfdir}/apparmor
%dir %{_sysconfdir}/apparmor/profiles
%dir %{_sysconfdir}/apparmor/profiles/extras
%config %{_sysconfdir}/openldap/schema/pureftpd.schema
%config %{_sysconfdir}/pam.d/pure-ftpd
%config(noreplace) %{_sysconfdir}/%{name}/pure-ftpd.conf
%config(noreplace) %{_sysconfdir}/apparmor/profiles/extras/usr.sbin.pure-ftpd
%{_unitdir}/%{name}.service
%changelog

21
pure-ftpd.xinetd Normal file
View File

@ -0,0 +1,21 @@
# default: off
# description: The ftpd server serves FTP connections. It uses normal, \
# unencrypted usernames and passwords for authentication. This ftpd is \
# the pure-ftpd.
# ** NOTE ** when using pure-ftpd from xinetd the arguments to control
# it's behaviour should be added here in this file in the
# "server_args" line since the configuration file
# /etc/pure-ftpd.conf is only for standalone pure-ftpd.
# The command "/usr/sbin/pure-config-args /etc/pure-ftpd.conf"
# will print the arguments needed for behaviour like standalone
# pure-ftpd.
service ftp
{
socket_type = stream
server = /usr/sbin/pure-ftpd
# server_args =
protocol = tcp
user = root
wait = no
disable = yes
}