From f757bccc1c225cc1468eabf59338536082110345 Mon Sep 17 00:00:00 2001 From: Paul Howarth Date: Feb 25 2010 16:40:29 +0000 Subject: - Update to 1.3.3 (see NEWS for list of fixed bugs) - Update PID file location in initscript - Drop upstreamed patches - Upstream distribution now includes mod_exec, so drop unbundled source - New DSO modules: - mod_sftp - mod_sftp_pam - mod_sftp_sql - mod_shaper - mod_sql_passwd - mod_tls_shmcache - Configure script no longer appends "/proftpd" to --localstatedir option - New utility ftpscrub for scrubbing the scoreboard file - Include public key blacklist and Diffie-Hellman parameter files for mod_sftp in %{_sysconfdir} - Remove IdentLookups from config file - disabled by default now --- diff --git a/.cvsignore b/.cvsignore index 0d8f788..1e96af4 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,3 +1,2 @@ -proftpd-1.3.2d.tar.bz2 +proftpd-1.3.3.tar.bz2 proftpd-mod-vroot-0.8.5.tar.gz -proftpd-mod-exec-0.9.6.tar.gz diff --git a/proftpd-1.3.2-parallel-build.patch b/proftpd-1.3.2-parallel-build.patch deleted file mode 100644 index cea1c40..0000000 --- a/proftpd-1.3.2-parallel-build.patch +++ /dev/null @@ -1,20 +0,0 @@ -diff -ru proftpd-1.3.2-orig/Makefile.in proftpd-1.3.2/Makefile.in ---- proftpd-1.3.2-orig/Makefile.in 2008-11-19 04:51:38.000000000 +0100 -+++ proftpd-1.3.2/Makefile.in 2009-02-16 14:28:43.000000000 +0100 -@@ -54,13 +54,13 @@ - proftpd$(EXEEXT): lib src modules dirs locale - $(LIBTOOL) --mode=link --tag=CC $(CC) $(LDFLAGS) $(MAIN_LDFLAGS) -o $@ $(BUILD_PROFTPD_OBJS) $(BUILD_PROFTPD_ARCHIVES) $(LIBS) $(MAIN_LIBS) - --ftpcount$(EXEEXT): utils -+ftpcount$(EXEEXT): lib utils - $(CC) $(LDFLAGS) -o $@ $(BUILD_FTPCOUNT_OBJS) $(UTILS_LIBS) - --ftpdctl$(EXEEXT): src -+ftpdctl$(EXEEXT): lib src - $(CC) $(LDFLAGS) -o $@ $(BUILD_FTPDCTL_OBJS) $(LIBS) - --ftpshut$(EXEEXT): utils -+ftpshut$(EXEEXT): lib utils - $(CC) $(LDFLAGS) -o $@ $(BUILD_FTPSHUT_OBJS) $(UTILS_LIBS) - - ftptop$(EXEEXT): lib utils diff --git a/proftpd-1.3.2a-mlsd.patch b/proftpd-1.3.2a-mlsd.patch deleted file mode 100644 index a8148bc..0000000 --- a/proftpd-1.3.2a-mlsd.patch +++ /dev/null @@ -1,21 +0,0 @@ ---- proftpd-1.3.2a/modules/mod_facts.c.mlsd 2009-04-28 22:17:45.000000000 +0100 -+++ proftpd-1.3.2a/modules/mod_facts.c 2009-09-07 14:17:39.000000000 +0100 -@@ -841,12 +841,13 @@ - return PR_ERROR(cmd); - } - -- /* RFC3659 explicitly does NOT support glob characters. */ -+ /* RFC3659 explicitly does NOT support glob characters. So warn about -+ * this, but let the command continue as is. We don't actually call -+ * glob(3) here, so no expansion will occur. -+ */ - if (strpbrk(decoded_path, "{[*?") != NULL) { -- pr_log_debug(DEBUG2, MOD_FACTS_VERSION ": unable to handle MLSD command: " -- "target '%s' contains glob characters", decoded_path); -- pr_response_add_err(R_550, _("Unable to handle command")); -- return PR_ERROR(cmd); -+ pr_log_debug(DEBUG9, MOD_FACTS_VERSION ": glob characters in MLSD ('%s') " -+ "ignored", decoded_path); - } - - /* Make sure that the given path is actually a directory. */ diff --git a/proftpd.conf b/proftpd.conf index ae04adb..1b9756a 100644 --- a/proftpd.conf +++ b/proftpd.conf @@ -52,6 +52,10 @@ LogFormat auth "%v [%P] %h %t \"%r\" %s" # General database support (http://www.proftpd.org/docs/contrib/mod_sql.html) # LoadModule mod_sql.c # +# Support for base-64 or hex encoded MD5 and SHA1 passwords from SQL tables +# (contrib/mod_sql_passwd.html) +# LoadModule mod_sql_passwd.c +# # Mysql support (requires proftpd-mysql package) # (http://www.proftpd.org/docs/contrib/mod_sql.html) # LoadModule mod_sql_mysql.c @@ -112,10 +116,31 @@ LogFormat auth "%v [%P] %h %t \"%r\" %s" # (http://www.proftpd.org/docs/contrib/mod_rewrite.html) # LoadModule mod_rewrite.c # +# Support for the SSH2, SFTP, and SCP protocols, for secure file transfer over +# an SSH2 connection (http://www.castaglia.org/proftpd/modules/mod_sftp.html) +# LoadModule mod_sftp.c +# +# Use PAM to provide a 'keyboard-interactive' SSH2 authentication method for +# mod_sftp (http://www.castaglia.org/proftpd/modules/mod_sftp_pam.html) +# LoadModule mod_sftp_pam.c +# +# Use SQL (via mod_sql) for looking up authorized SSH2 public keys for user +# and host based authentication +# (http://www.castaglia.org/proftpd/modules/mod_sftp_sql.html) +# LoadModule mod_sftp_sql.c +# +# Provide data transfer rate "shaping" across the entire server +# (http://www.castaglia.org/proftpd/modules/mod_shaper.html) +# LoadModule mod_shaper.c +# # Support for miscellaneous SITE commands such as SITE MKDIR, SITE SYMLINK, # and SITE UTIME (http://www.proftpd.org/docs/contrib/mod_site_misc.html) # LoadModule mod_site_misc.c # +# Provide an external SSL session cache using shared memory +# (contrib/mod_tls_shmcache.html) +# LoadModule mod_tls_shmcache.c +# # Use the /etc/hosts.allow and /etc/hosts.deny files, or other allow/deny # files, for IP-based access control # (http://www.proftpd.org/docs/contrib/mod_wrap.html) @@ -152,6 +177,9 @@ LogFormat auth "%v [%P] %h %t \"%r\" %s" TLSVerifyClient off #TLSRenegotiate ctrl 3600 data 512000 required off timeout 300 TLSLog /var/log/proftpd/tls.log + + TLSSessionCache shm:/file=/var/run/proftpd/sesscache + # Dynamic ban lists (http://www.proftpd.org/docs/contrib/mod_ban.html) @@ -179,9 +207,6 @@ LogFormat auth "%v [%P] %h %t \"%r\" %s" # from being group and world writable Umask 022 - # Don't do ident queries (hangs when the port is filtered) - IdentLookups off - # Allow users to overwrite files and change permissions AllowOverwrite yes diff --git a/proftpd.init b/proftpd.init index 11bb674..f00f790 100755 --- a/proftpd.init +++ b/proftpd.init @@ -12,7 +12,7 @@ # anonymous FTP, and permission-based directory visibility. # processname: proftpd # config: /etc/proftp.conf -# pidfile: /var/run/proftpd.pid +# pidfile: /var/run/proftpd/proftpd.pid ### BEGIN INIT INFO # Provides: proftpd ftpserver diff --git a/proftpd.spec b/proftpd.spec index 32d8dc9..5ca9586 100644 --- a/proftpd.spec +++ b/proftpd.spec @@ -6,12 +6,12 @@ %global pkidir %{_datadir}/ssl %endif -#global prever rc3 +#global prever rc4 %global rpmrel 1 Summary: Flexible, stable and highly-configurable FTP server Name: proftpd -Version: 1.3.2d +Version: 1.3.3 Release: %{?prever:0.}%{rpmrel}%{?prever:.%{prever}}%{?dist} License: GPLv2+ Group: System Environment/Daemons @@ -27,10 +27,7 @@ Source7: proftpd-mod_quotatab_ldap.ldif Source8: proftpd-mod_quotatab_ldap.schema Source9: proftpd.sysconfig Source10: http://www.castaglia.org/proftpd/modules/proftpd-mod-vroot-0.8.5.tar.gz -Source11: http://www.castaglia.org/proftpd/modules/proftpd-mod-exec-0.9.6.tar.gz Patch0: proftpd-1.3.2rc3-nostrip.patch -Patch2: proftpd-1.3.2-parallel-build.patch -Patch3: proftpd-1.3.2a-mlsd.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root Requires(post): /sbin/chkconfig Requires(preun): /sbin/service, /sbin/chkconfig, coreutils, findutils @@ -50,7 +47,6 @@ visibility. This package defaults to the standalone behaviour of ProFTPD, but all the needed scripts to have it run by xinetd instead are included. - %package ldap Summary: Module to add LDAP support to the ProFTPD FTP server Group: System Environment/Daemons @@ -59,7 +55,6 @@ Requires: %{name} = %{version}-%{release} %description ldap Module to add LDAP support to the ProFTPD FTP server. - %package mysql Summary: Module to add MySQL support to the ProFTPD FTP server Group: System Environment/Daemons @@ -68,7 +63,6 @@ Requires: %{name} = %{version}-%{release} %description mysql Module to add MySQL support to the ProFTPD FTP server. - %package postgresql Summary: Module to add PostgreSQL support to the ProFTPD FTP server Group: System Environment/Daemons @@ -77,28 +71,16 @@ Requires: %{name} = %{version}-%{release} %description postgresql Module to add PostgreSQL support to the ProFTPD FTP server. - %prep -%setup -q -n %{name}-%{version}%{?prever} -a 10 -a 11 +%setup -q -n %{name}-%{version}%{?prever} -a 10 # Copy mod_vroot source and documentation into place %{__cp} -p mod_vroot/mod_vroot.c contrib/ %{__cp} -p mod_vroot/mod_vroot.html doc/contrib/ -# Copy mod_exec source and documentation into place -%{__cp} -p mod_exec/mod_exec.c contrib/ -%{__cp} -p mod_exec/mod_exec.html doc/contrib/ - # Don't strip binaries - needed for useful debuginfo %patch0 -p1 -b .nostrip -# Fix parallel build (http://bugs.proftpd.org/3189) -%patch2 -p1 -b .parallel - -# Fix MLSD for directories containing shell metacharacters (#521634) -# (upstream patch) -%patch3 -p1 -b .mlsd - # Avoid documentation name conflicts %{__mv} contrib/README contrib/README.contrib @@ -141,15 +123,16 @@ done %build # Modules to be built as DSO's (excluding mod_ifsession, always specified last) -SMOD1=mod_sql:mod_sql_mysql:mod_sql_postgres +SMOD1=mod_sql:mod_sql_passwd:mod_sql_mysql:mod_sql_postgres SMOD2=mod_quotatab:mod_quotatab_file:mod_quotatab_ldap:mod_quotatab_radius:mod_quotatab_sql SMOD3=mod_ldap:mod_ban:mod_wrap:mod_ctrls_admin:mod_facl:mod_load -SMOD4=mod_radius:mod_ratio:mod_rewrite:mod_site_misc:mod_exec +SMOD4=mod_radius:mod_ratio:mod_rewrite:mod_site_misc:mod_exec:mod_shaper SMOD5=mod_wrap2:mod_wrap2_file:mod_wrap2_sql +SMOD6=mod_sftp:mod_sftp_pam:mod_sftp_sql:mod_tls_shmcache %configure \ --libexecdir="%{_libexecdir}/proftpd" \ - --localstatedir="%{_localstatedir}/run" \ + --localstatedir="%{_localstatedir}/run/proftpd" \ --enable-ctrls \ --enable-dso \ --enable-facl \ @@ -160,7 +143,7 @@ SMOD5=mod_wrap2:mod_wrap2_file:mod_wrap2_sql --with-libraries="%{_libdir}/mysql" \ --with-includes="%{_includedir}/mysql" \ --with-modules=mod_readme:mod_auth_pam:mod_tls:mod_vroot \ - --with-shared=${SMOD1}:${SMOD2}:${SMOD3}:${SMOD4}:${SMOD5}:mod_ifsession + --with-shared=${SMOD1}:${SMOD2}:${SMOD3}:${SMOD4}:${SMOD5}:${SMOD6}:mod_ifsession %{__make} %{?_smp_mflags} @@ -222,6 +205,8 @@ fi %dir %{_localstatedir}/ftp/pub/ %dir %{_localstatedir}/run/proftpd/ %config(noreplace) %{_localstatedir}/ftp/welcome.msg +%config(noreplace) %{_sysconfdir}/blacklist.dat +%config(noreplace) %{_sysconfdir}/dhparams.pem %config(noreplace) %{_sysconfdir}/ftpusers %config(noreplace) %{_sysconfdir}/logrotate.d/proftpd %config(noreplace) %{_sysconfdir}/pam.d/proftpd @@ -234,6 +219,7 @@ fi %{_bindir}/ftptop %{_bindir}/ftpwho %exclude %{_bindir}/prxs +%{_sbindir}/ftpscrub %{_sbindir}/ftpshut %{_sbindir}/in.proftpd %{_sbindir}/proftpd @@ -242,6 +228,7 @@ fi %{_mandir}/man1/ftpwho.1* %{_mandir}/man5/xferlog.5* %{_mandir}/man8/ftpdctl.8* +%{_mandir}/man8/ftpscrub.8* %{_mandir}/man8/ftpshut.8* %{_mandir}/man8/proftpd.8* %exclude %{_includedir}/proftpd/ @@ -260,8 +247,14 @@ fi %{_libexecdir}/proftpd/mod_radius.so %{_libexecdir}/proftpd/mod_ratio.so %{_libexecdir}/proftpd/mod_rewrite.so +%{_libexecdir}/proftpd/mod_sftp.so +%{_libexecdir}/proftpd/mod_sftp_pam.so +%{_libexecdir}/proftpd/mod_sftp_sql.so +%{_libexecdir}/proftpd/mod_shaper.so %{_libexecdir}/proftpd/mod_site_misc.so %{_libexecdir}/proftpd/mod_sql.so +%{_libexecdir}/proftpd/mod_sql_passwd.so +%{_libexecdir}/proftpd/mod_tls_shmcache.so %{_libexecdir}/proftpd/mod_wrap.so %{_libexecdir}/proftpd/mod_wrap2.so %{_libexecdir}/proftpd/mod_wrap2_file.so @@ -286,6 +279,24 @@ fi %{_libexecdir}/proftpd/mod_sql_postgres.so %changelog +* Thu Feb 25 2010 Paul Howarth 1.3.3-1 +- Update to 1.3.3 (see NEWS for list of fixed bugs) +- Update PID file location in initscript +- Drop upstreamed patches +- Upstream distribution now includes mod_exec, so drop unbundled source +- New DSO modules: + - mod_sftp + - mod_sftp_pam + - mod_sftp_sql + - mod_shaper + - mod_sql_passwd + - mod_tls_shmcache +- Configure script no longer appends "/proftpd" to --localstatedir option +- New utility ftpscrub for scrubbing the scoreboard file +- Include public key blacklist and Diffie-Hellman parameter files for mod_sftp + in %%{_sysconfdir} +- Remove IdentLookups from config file - disabled by default now + * Mon Feb 15 2010 Paul Howarth 1.3.2d-1 - Update to 1.3.2d, addressing the following issues: - mod_tls doesn't compile with pre-0.9.7 openssl (bug 3358) diff --git a/sources b/sources index c00dcf5..8c32d6d 100644 --- a/sources +++ b/sources @@ -1,3 +1,2 @@ -0941935e30199a3f22f7225fe76bc489 proftpd-1.3.2d.tar.bz2 +3951244f1940f0a40e8af142a9cf67fe proftpd-1.3.3.tar.bz2 139fc328c43a9afbe290ec787713096b proftpd-mod-vroot-0.8.5.tar.gz -dfcaf605f116c29d7b4771a9b02f509b proftpd-mod-exec-0.9.6.tar.gz