|
|
cf2e6e6 |
from Config import *
|
|
|
cf2e6e6 |
|
|
|
cf2e6e6 |
# Technical terms spelled correctly
|
|
|
039bf80 |
addFilter("spelling-error %description -l en_US customizable -> ")
|
|
|
039bf80 |
addFilter("spelling-error %description -l en_US passwd -> ")
|
|
|
039bf80 |
addFilter("spelling-error %description -l en_US systemd -> ")
|
|
|
039bf80 |
addFilter("spelling-error %description -l en_US virtualhost -> ")
|
|
|
039bf80 |
addFilter("spelling-error %description -l en_US xinetd -> ")
|
|
|
cf2e6e6 |
|
|
|
c3a54ec |
# Proftpd allows specification of ciphers; mod_tls.conf specifies system default
|
|
|
039bf80 |
addFilter("crypto-policy-non-compliance-openssl /usr/sbin/proftpd SSL_CTX_set_cipher_list")
|
|
|
cf2e6e6 |
|
|
|
cf2e6e6 |
# All FTP daemons provide this
|
|
|
039bf80 |
addFilter("unversioned-explicit-provides ftpserver")
|
|
|
cf2e6e6 |
|
|
|
cf2e6e6 |
# This is the correct place for tmpfiles snippets
|
|
|
039bf80 |
addFilter("hardcoded-library-path in %{_prefix}/lib/tmpfiles.d")
|
|
|
039bf80 |
addFilter("only-non-binary-in-usr-lib")
|
|
|
cf2e6e6 |
|
|
|
cf2e6e6 |
# These modes are intentional
|
|
|
039bf80 |
addFilter("non-readable /etc/proftpd.conf 640")
|
|
|
c3a54ec |
addFilter("non-readable /etc/proftpd/anonftp.conf 640")
|
|
|
c3a54ec |
addFilter("non-readable /etc/proftpd/mod_ban.conf 640")
|
|
|
c3a54ec |
addFilter("non-readable /etc/proftpd/mod_qos.conf 640")
|
|
|
c3a54ec |
addFilter("non-readable /etc/proftpd/mod_tls.conf 640")
|
|
|
c3a54ec |
addFilter("non-readable /etc/proftpd/modules.conf 640")
|
|
|
039bf80 |
addFilter("non-standard-dir-perm /var/ftp/uploads 331")
|
|
|
039bf80 |
addFilter("non-standard-dir-perm /var/log/proftpd 750")
|
|
|
cf2e6e6 |
|
|
|
cf2e6e6 |
# /var/run/proftpd maintained by tmpfiles snippet too
|
|
|
cf2e6e6 |
# Owning the directories in the package allows the daemon to run immediately after install, with no reboot
|
|
|
039bf80 |
addFilter("dir-or-file-in-var-run /var/run/proftpd")
|
|
|
039bf80 |
addFilter("non-ghost-in-run /run/proftpd")
|
|
|
cf2e6e6 |
|
|
|
cf2e6e6 |
# File should exist but have no default content
|
|
|
039bf80 |
addFilter("zero-length /etc/ftpusers")
|
|
|
cf2e6e6 |
|
|
|
cf2e6e6 |
# Same manpage as proftpd
|
|
|
039bf80 |
addFilter("no-manual-page-for-binary in.proftpd")
|
|
|
cf2e6e6 |
|
|
|
cf2e6e6 |
# This is normal for libtool projects
|
|
|
039bf80 |
addFilter("hidden-file-or-dir /usr/src/debug/proftpd-.*/\.libs")
|
|
|
cf2e6e6 |
|
|
|
cf2e6e6 |
# Upstream does not provide documentation for devel tools/API yet
|
|
|
039bf80 |
addFilter("no-documentation")
|
|
|
039bf80 |
addFilter("no-manual-page-for-binary prxs")
|
|
|
039bf80 |
|
|
|
039bf80 |
# https://github.com/proftpd/proftpd/pull/493
|
|
|
039bf80 |
# https://github.com/proftpd/proftpd/commit/75ed08ffe309b75b78dfcdeb4164d88ced4b0888
|
|
|
c3a54ec |
# These should be fixed in 1.3.7
|
|
|
039bf80 |
addFilter("incorrect-fsf-address /usr/src/debug/proftpd-.*/modules/mod_geoip.c")
|
|
|
039bf80 |
addFilter("incorrect-fsf-address /usr/include/proftpd/ident.h")
|
|
|
039bf80 |
addFilter("incorrect-fsf-address /usr/include/proftpd/utf8.h")
|
|
|
039bf80 |
addFilter("incorrect-fsf-address /usr/include/proftpd/lastlog.h")
|
|
|
039bf80 |
|