Accepting request 1285521 from network

Switch to _service, some cleanup (forwarded request 1285520 from computersalat)

OBS-URL: https://build.opensuse.org/request/show/1285521
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/proftpd?expand=0&rev=56

_service

@@ -0,0 +1,18 @@
+<?xml version="1.0" ?>
+<services>
+  <service name="obs_scm" mode="manual">
+    <param name="url">https://github.com/proftpd/proftpd.git</param>
+    <param name="scm">git</param>
+    <param name="revision">v1.3.9</param>
+    <param name="versionformat">@PARENT_TAG@</param>
+    <param name="versionrewrite-pattern">v(.*)</param>
+    <param name="exclude">.git</param>
+    <param name="changesgenerate">disable</param>
+  </service>
+  <service name="set_version" mode="buildtime"/>
+  <service name="tar" mode="buildtime"/>
+  <service name="recompress" mode="buildtime">
+    <param name="file">*.tar</param>
+    <param name="compression">xz</param>
+  </service>
+</services>

harden_proftpd.service.patch

@@ -18,6 +18,6 @@ Index: contrib/dist/rpm/proftpd.service
 +ProtectControlGroups=true
 +RestrictRealtime=true
 +# end of automatic additions
- Type = simple
+ Type = forking
  Environment = PROFTPD_OPTIONS=
  EnvironmentFile = -/etc/sysconfig/proftpd

proftpd-1.3.8b.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:183ab7c6107de271a2959ff268f55c9b6c76b2cf0029e6584fccc019686601e0
-size 19752808

proftpd-1.3.8b.tar.gz.asc

@@ -1,7 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Comment: GPGTools - https://gpgtools.org
-
-iEYEABECAAYFAmWCcGMACgkQt46JP6URl2rOOACgqd6poiniUeOej3gVoE4ZHA1Z
-PKgAoKgsyi9zqoilnOtZJKfzWw4BJ546
-=GIJC
------END PGP SIGNATURE-----

proftpd-1.3.9.obscpio

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b7e555e8f87ce1eb5ee0e6002e62f68b6d78206cb284a36328ead4262cb653c7
+size 54485518

proftpd.changes

@@ -1,3 +1,66 @@
+-------------------------------------------------------------------
+Fri Jun 13 13:11:39 UTC 2025 - chris@computersalat.de
+
+- switch to _service file
+  * Add _service
+  * Remove proftpd-1.3.9.tar.gz
+  * Remove proftpd-1.3.9.tar.gz.asc
+- rename patches
+  * proftpd-basic.conf.patch -> proftpd_basic.conf.patch
+  * proftpd-dist.patch -> proftpd_dist.patch
+  * proftpd-ftpasswd.patch -> proftpd_ftpasswd.patch
+  * proftpd-no_BuildDate.patch -> proftpd_no-BuildDate.patch
+  * proftpd-strip.patch -> proftpd_strip.patch
+- Update proftpd.service file
+- cleanup spec
+  * Remove SysVinit stuff
+- Remove proftpd.init file
+
+-------------------------------------------------------------------
+Fri Jun 13 09:46:29 UTC 2025 - chris@computersalat.de
+
+- 1.3.9 - Released 14-Mar-2025
+  * http://proftpd.org/docs/NEWS-1.3.9
+- rebase patches
+  * harden_proftpd.service.patch
+  * proftpd-no_BuildDate.patch
+
+-------------------------------------------------------------------
+Thu Jun 12 12:51:04 UTC 2025 - chris@computersalat.de
+
+- 1.3.8d - Released 14-Mar-2025
+  * http://proftpd.org/docs/NEWS-1.3.8d
+- rebase patch
+  * proftpd-no_BuildDate.patch
+- remove obsolete patch
+  * proftpd-null_pointer.patch
+
+-------------------------------------------------------------------
+Fri Mar 14 15:16:10 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- build with pcre2
+
+-------------------------------------------------------------------
+Thu Feb 20 09:05:57 UTC 2025 - chris@computersalat.de
+
+- fix for boo#1236889 (CVE-2024-57392)
+  https://github.com/proftpd/proftpd/issues/1866
+  Some of the fuzzing tests submitted in the advisory ran into existing null
+  pointer dereferences (not buffer overflows); let's correct them.
+- Add proftpd-null_pointer.patch
+
+-------------------------------------------------------------------
+Thu Jan  9 17:25:19 UTC 2025 - chris@computersalat.de
+
+- 1.3.8c - Released 11-Dec-2024
+  fix for boo#1233997 (CVE-2024-48651)
+  * http://proftpd.org/docs/NEWS-1.3.8c
+    gh#1830 - Supplemental group inheritance grants unintended access to GID 0
+    due to lack of supplemental groups from mod_sql
+    https://github.com/proftpd/proftpd/issues/1830
+- rebase patch
+  * proftpd-no_BuildDate.patch
+
 -------------------------------------------------------------------
 Thu Feb 29 14:45:47 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
 

proftpd.init

@@ -1,222 +0,0 @@
-#! /bin/sh
-# Copyright (c) 1995-2004 SUSE Linux AG, Nuernberg, Germany.
-# All rights reserved.
-#
-# Author: Kurt Garloff
-# Please send feedback to http://www.suse.de/feedback/
-#
-# /etc/init.d/proftpd
-#   and its symbolic link
-# /(usr/)sbin/rcproftpd
-#
-#    This program is free software; you can redistribute it and/or modify 
-#    it under the terms of the GNU General Public License as published by 
-#    the Free Software Foundation; either version 2 of the License, or 
-#    (at your option) any later version. 
-# 
-#    This program is distributed in the hope that it will be useful, 
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of 
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the 
-#    GNU General Public License for more details. 
-# 
-#    You should have received a copy of the GNU General Public License 
-#    along with this program; if not, write to the Free Software 
-#    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-#
-### BEGIN INIT INFO
-# Provides:          proftpd
-# Required-Start:    $syslog $remote_fs
-# Should-Start:      $time ypbind sendmail
-# Required-Stop:     $syslog $remote_fs
-# Should-Stop:       $time ypbind sendmail
-# Default-Start:     3 5
-# Default-Stop:      0 1 2 6
-# Short-Description: ProFTPD daemon
-# Description:       Start ProFTPD to allow XY and provide YZ
-### END INIT INFO
-#
-# Note on runlevels:
-# 0 - halt/poweroff 			6 - reboot
-# 1 - single user			2 - multiuser without network exported
-# 3 - multiuser w/ network (text mode)  5 - multiuser w/ network and X11 (xdm)
-# 
-# Note on script names:
-# http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html
-# A registry has been set up to manage the init script namespace.
-# http://www.lanana.org/
-# Please use the names already registered or register one or use a
-# vendor prefix.
-
-
-# Check for missing binaries (stale symlinks should not happen)
-# Note: Special treatment of stop for LSB conformance
-PROFTPD_BIN=/usr/sbin/proftpd
-test -x $PROFTPD_BIN || { echo "$PROFTPD_BIN not installed"; 
-	if [ "$1" = "stop" ]; then exit 0;
-	else exit 5; fi; }
-
-PROFTPD_RUNDIR=/var/run/proftpd
-# Check for existence of needed config file and read it
-#PROFTPD_CONFIG=/etc/sysconfig/proftpd
-#test -r $PROFTPD_CONFIG || { echo "$PROFTPD_CONFIG not existing";
-#	if [ "$1" = "stop" ]; then exit 0;
-#	else exit 6; fi; }
-#
-# Read config	
-#. $PROFTPD_CONFIG
-
-# Source LSB init functions
-# providing start_daemon, killproc, pidofproc, 
-# log_success_msg, log_failure_msg and log_warning_msg.
-# This is currently not used by UnitedLinux based distributions and
-# not needed for init scripts for UnitedLinux only. If it is used,
-# the functions from rc.status should not be sourced or used.
-#. /lib/lsb/init-functions
-
-# Shell functions sourced from /etc/rc.status:
-#      rc_check         check and set local and overall rc status
-#      rc_status        check and set local and overall rc status
-#      rc_status -v     be verbose in local rc status and clear it afterwards
-#      rc_status -v -r  ditto and clear both the local and overall rc status
-#      rc_status -s     display "skipped" and exit with status 3
-#      rc_status -u     display "unused" and exit with status 3
-#      rc_failed        set local and overall rc status to failed
-#      rc_failed <num>  set local and overall rc status to <num>
-#      rc_reset         clear both the local and overall rc status
-#      rc_exit          exit appropriate to overall rc status
-#      rc_active        checks whether a service is activated by symlinks
-. /etc/rc.status
-
-# Reset status of this service
-rc_reset
-
-# Return values acc. to LSB for all commands but status:
-# 0	  - success
-# 1       - generic or unspecified error
-# 2       - invalid or excess argument(s)
-# 3       - unimplemented feature (e.g. "reload")
-# 4       - user had insufficient privileges
-# 5       - program is not installed
-# 6       - program is not configured
-# 7       - program is not running
-# 8--199  - reserved (8--99 LSB, 100--149 distrib, 150--199 appl)
-# 
-# Note that starting an already running service, stopping
-# or restarting a not-running service as well as the restart
-# with force-reload (in case signaling is not supported) are
-# considered a success.
-
-case "$1" in
-    start)
-	if [ ! -d $PROFTPD_RUNDIR ]; then
-		mkdir -p $PROFTPD_RUNDIR  
-	fi
-	echo -n "Starting proftpd "
-	## Start daemon with startproc(8). If this fails
-	## the return value is set appropriately by startproc.
-	/sbin/startproc $PROFTPD_BIN
-
-	# Remember status and be verbose
-	rc_status -v
-	;;
-    stop)
-	echo -n "Shutting down proftpd "
-	## Stop daemon with killproc(8) and if this fails
-	## killproc sets the return value according to LSB.
-	/sbin/killproc -TERM $PROFTPD_BIN
-
-	# Remember status and be verbose
-	rc_status -v
-	;;
-    try-restart|condrestart)
-	## Do a restart only if the service was active before.
-	## Note: try-restart is now part of LSB (as of 1.9).
-	## RH has a similar command named condrestart.
-	if test "$1" = "condrestart"; then
-		echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
-	fi
-	$0 status
-	if test $? = 0; then
-		$0 restart
-	else
-		rc_reset	# Not running is not a failure.
-	fi
-
-	# Remember status and be quiet
-	rc_status
-	;;
-    restart)
-	## Stop the service and regardless of whether it was
-	## running or not, start it again.
-	$0 stop
-	$0 start
-
-	# Remember status and be quiet
-	rc_status
-	;;
-    force-reload)
-	echo -n "Reload service proftpd "
-	## Signal the daemon to reload its config. Most daemons
-	## do this on signal 1 (SIGHUP).
-	## If it does not support it, restart the service if it
-	## is running.
-	# if it supports it:
-	/sbin/killproc -HUP $PROFTPD_BIN
-	#touch /var/run/proftpd.pid
-
-	# Remember status and be verbose
-	rc_status -v
-
-	## Otherwise:
-	#$0 try-restart
-	#rc_status
-	;;
-    reload)
-	echo -n "Reload service proftpd "
-	## Like force-reload, but if daemon does not support
-	## signaling, do nothing (!)
-	# If it supports signaling:
-	/sbin/killproc -HUP $PROFTPD_BIN
-	#touch /var/run/proftpd.pid
-
-	# Remember status and be verbose
-	rc_status -v
-	
-	## Otherwise if it does not support reload:
-	#rc_failed 3
-	#rc_status -v
-	;;
-    status)
-	echo -n "Checking for service proftpd "
-	## Check status with checkproc(8), if process is running
-	## checkproc will return with exit status 0.
-
-	# Return value is slightly different for the status command:
-	# 0 - service up and running
-	# 1 - service dead, but /var/run/  pid  file exists
-	# 2 - service dead, but /var/lock/ lock file exists
-	# 3 - service not running (unused)
-	# 4 - service status unknown :-(
-	# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
-	
-	# NOTE: checkproc returns LSB compliant status values.
-	/sbin/checkproc $PROFTPD_BIN
-	# NOTE: rc_status knows that we called this init script with
-	# "status" option and adapts its messages accordingly.
-
-	# Remember status and be verbose
-	rc_status -v
-	;;
-    probe)
-	## Optional: Probe for the necessity of a reload, print out the
-	## argument to this init script which is required for a reload.
-	## Note: probe is not (yet) part of LSB (as of 1.9)
-
-	test /etc/proftpd/proftpd.conf -nt $PROFTPD_RUNDIR/proftpd.pid && echo reload
-	;;
-    *)
-	echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
-	exit 1
-	;;
-esac
-rc_exit

proftpd.obsinfo

@@ -0,0 +1,4 @@
+name: proftpd
+version: 1.3.9
+mtime: 1741976891
+commit: ae25959adb05ae1d6ebfa1f36bf778c9c34e9410

proftpd.service

@@ -15,7 +15,11 @@ ProtectKernelLogs=true
 ProtectControlGroups=true
 RestrictRealtime=true
 # end of automatic additions 
-ExecStart=/usr/sbin/proftpd --nodaemon
+Type=forking
+Environment=PROFTPD_OPTIONS=
+EnvironmentFile=-/etc/sysconfig/proftpd
+ExecStartPre=/usr/sbin/proftpd --configtest
+ExecStart=/usr/sbin/proftpd $PROFTPD_OPTIONS
 ExecReload=/bin/kill -HUP $MAINPID
 
 [Install]

proftpd.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package proftpd
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,28 +17,21 @@
 
 
 %define with_redis 1
-%define with_sodium 1
 
-%if 0%{?suse_version} == 1315 || 0%{?suse_version} == 1500
+%if 0%{?suse_version} == 1500
 %define with_redis 0
 %endif
 
-%if 0%{?suse_version} == 1315
-%define with_sodium 0
-%endif
-
 Name:           proftpd
 Summary:        Configurable GPL-licensed FTP server software
 # Please save your time and do not update to "rc" versions.
 # We only accept updates for "STABLE" Versions
 License:        GPL-2.0-or-later
 Group:          Productivity/Networking/Ftp/Servers
-Version:        1.3.8b
+Version:        1.3.9
 Release:        0
 URL:            http://www.proftpd.org/
-Source0:        ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz
+Source0:        %{name}-%{version}.tar.xz
-Source1:        ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz.asc
-Source11:       %{name}.init
 Source12:       %{name}.passwd
 Source13:       %{name}.service
 Source14:       %{name}.tmpfile
@@ -47,21 +40,21 @@ Source16:       %{name}-tls.template
 Source17:       %{name}-limit.template
 Source18:       %{name}-ssl.README
 #PATCH-FIX-openSUSE: pam, logrotate, xinet
-Patch100:       %{name}-dist.patch
+Patch100:       %{name}_dist.patch
 #PATCH-FIX-openSUSE: provide a useful default config
-Patch101:       %{name}-basic.conf.patch
+Patch101:       %{name}_basic.conf.patch
 #PATCH-FIX: provide more info on usage ;)
-Patch102:       %{name}-ftpasswd.patch
+Patch102:       %{name}_ftpasswd.patch
 #PATCH-FIX: fix strip
-Patch103:       %{name}-strip.patch
+Patch103:       %{name}_strip.patch
 #PATCH-FIX-openSUSE: file-contains-date-and-time
-Patch104:       %{name}-no_BuildDate.patch
+Patch104:       %{name}_no-BuildDate.patch
 #RPMLINT-FIX-openSUSE: env-script-interpreter
 Patch105:       %{name}_env-script-interpreter.patch
 #openSUSE:Security_Features#Systemd_hardening_effort
 Patch106:       harden_proftpd.service.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-#BuildRequires:  gpg-offline
+#
 BuildRequires:  cyrus-sasl-devel
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
@@ -74,33 +67,26 @@ BuildRequires:  libattr-devel
 BuildRequires:  libmemcached-devel
 #BuildRequires:  libGeoIP-devel
 BuildRequires:  libmysqld-devel
-%if 0%{?with_sodium}
 BuildRequires:  libsodium-devel
-%endif
 BuildRequires:  ncurses-devel
 BuildRequires:  openldap2-devel
 BuildRequires:  pam-devel
-BuildRequires:  pcre-devel
+BuildRequires:  pcre2-devel
 BuildRequires:  pkg-config
 BuildRequires:  postgresql-devel
 BuildRequires:  sqlite3-devel
 BuildRequires:  unixODBC-devel
 BuildRequires:  pkgconfig(libssl)
-Requires:       logrotate
+#
-%if 0%{?lang_package:1} > 0
-Recommends:     %{name}-lang
-%endif
-
-%if 0%{?suse_version} >= 1210
 BuildRequires:  systemd-rpm-macros
 %{?systemd_ordering}
-%define has_systemd 1
+#
-%else
-Requires(pre):  %insserv_prereq
-%endif
-%if 0%{?suse_version} >= 1330
 Requires(pre):  group(ftp)
 Requires(pre):  user(ftp)
+Requires:       logrotate
+
+%if 0%{?lang_package:1} > 0
+Recommends:     %{name}-lang
 %endif
 
 %description
@@ -168,8 +154,6 @@ Here are Documentation for ProFTPD
 %prep
 %autosetup -p0
 
-rm README.AIX README.cygwin README.FreeBSD README.Solaris2.5x README.Unixware
-
 %build
 rm contrib/mod_wrap.c
 rm contrib/mod_geoip.c
@@ -180,11 +164,7 @@ export CXXFLAGS="$CFLAGS"
     --bindir=%{_sbindir} \
     --libexecdir=%{_libdir}/%{name} \
     --sysconfdir=%{_sysconfdir}/%{name} \
-%if 0%{?has_systemd}
     --localstatedir=/run/%{name} \
-%else
-    --localstatedir=%{_localstatedir}/run/%{name} \
-%endif
     --enable-sendfile \
     --enable-ctrls \
     --enable-dso \
@@ -193,7 +173,7 @@ export CXXFLAGS="$CFLAGS"
     --enable-memcache \
     --enable-nls \
     --enable-openssl \
-    --enable-pcre \
+    --enable-pcre2 \
 %if 0%{?with_redis}
     --enable-redis \
 %endif
@@ -204,10 +184,6 @@ export CXXFLAGS="$CFLAGS"
     --disable-ident \
     --disable-strip
 
-#    --enable-memcache \
-#    --enable-pcre \
-#    --enable-redis \
-#    --enable-shadow \
 make %{?_smp_mflags}
 
 %install
@@ -233,25 +209,18 @@ install -D -m 0644 %{S:17} %{buildroot}/%{_sysconfdir}/%{name}/includes/limit.te
 install -D -m 0644 %{S:18} %{buildroot}/%{_sysconfdir}/%{name}/ssl/README
 install -d -m 0750 %{buildroot}/var/log/%{name}
 
-# systemd vs SysVinit
+# systemd
-%if 0%{?has_systemd}
 install -D -m 0644 %{S:13} %{buildroot}%{_unitdir}/%{name}.service
 ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rc%{name}
 # systemd need to create a tmp dir: /run/proftpd
 install -D -m 0644 %{S:14} %{buildroot}%{_tmpfilesdir}/%{name}.conf
-%else #SysVinit
-install -D -m 0755 %{S:11} %{buildroot}/%{_sysconfdir}/init.d/%{name}
-ln -sf %{_sysconfdir}/init.d/%{name} %{buildroot}/%{_sbindir}/rc%{name}
-%endif
 
 %fdupes -s %{buildroot}%{_sysconfdir}/%{name}
 
 %find_lang %{name}
 
 %pre
-%if 0%{?has_systemd}
 %service_add_pre %{name}.service
-%endif
 %if 0%{?suse_version} > 1500
 # Prepare for migration to /usr/lib; save any old .rpmsave
 for i in pam.d/proftpd ; do
@@ -266,28 +235,14 @@ done
 %endif
 
 %preun
-%if 0%{?has_systemd}
 %service_del_preun %{name}.service
-%else
-%stop_on_removal %{name}
-%endif
 
 %post
-%if 0%{?has_systemd}
 %service_add_post %{name}.service
 %tmpfiles_create %{_tmpfilesdir}/%{name}.conf
-%else
-%{fillup_and_insserv -f proftpd}
-install -d %{_localstatedir}/run/%{name}
-%endif
 
 %postun
-%if 0%{?has_systemd}
 %service_del_postun %{name}.service
-%else
-%restart_on_update %{name}
-%{insserv_cleanup}
-%endif
 
 %if 0%{?lang_package:1} > 0
 %files lang -f %{name}.lang
@@ -341,13 +296,9 @@ install -d %{_localstatedir}/run/%{name}
 %exclude %{_libdir}/%{name}/mod_sql_postgres.so
 %exclude %{_libdir}/%{name}/mod_radius.so
 %exclude %{_libdir}/%{name}/mod_sql_sqlite.so
-%if 0%{?has_systemd}
 %{_unitdir}/%{name}.service
 %{_tmpfilesdir}/%{name}.conf
 %ghost %dir /run/%{name}
-%else
-%{_sysconfdir}/init.d/%{name}
-%endif
 
 %files devel
 %defattr(-,root,root)

proftpd_no-BuildDate.patch

@@ -22,7 +22,7 @@ Index: src/main.c
 ===================================================================
 --- src/main.c.orig
 +++ src/main.c
-@@ -1989,8 +1989,8 @@ static void standalone_main(void) {
+@@ -1985,8 +1985,8 @@ static void standalone_main(void) {
      exit(1);
    }
  
@@ -33,7 +33,7 @@ Index: src/main.c
  
    daemon_loop();
  }
-@@ -2145,7 +2145,6 @@ static void show_settings(void) {
+@@ -2141,7 +2141,6 @@ static void show_settings(void) {
  
    show_os_release();
  
@@ -41,7 +41,7 @@ Index: src/main.c
    printf("%s", "  Built With:\n    configure " PR_BUILD_OPTS "\n\n");
  
    printf("%s", "  CFLAGS: " PR_BUILD_CFLAGS "\n");
-@@ -2742,7 +2741,6 @@ int main(int argc, char *argv[], char **
+@@ -2738,7 +2737,6 @@ int main(int argc, char *argv[], char **
    if (show_version >= 2) {
      printf("ProFTPD Version: %s", PROFTPD_VERSION_TEXT " " PR_STATUS "\n");
      printf("  Scoreboard Version: %08x\n", PR_SCOREBOARD_VERSION);
@@ -99,5 +99,5 @@ Index: include/version.h
 -#include "buildstamp.h"
 -
  /* Application version (in various forms) */
- #define PROFTPD_VERSION_NUMBER		0x0001030807
+ #define PROFTPD_VERSION_NUMBER		0x0001030904
- #define PROFTPD_VERSION_TEXT		"1.3.8b"
+ #define PROFTPD_VERSION_TEXT		"1.3.9"