From 6769e3d8f249b0e0e7ae6a495d7129aaa9295264 Mon Sep 17 00:00:00 2001 From: Paul Howarth Date: Nov 10 2011 19:32:05 +0000 Subject: Update to 1.3.4 - New upstream release 1.3.4, addressing the following bugs since 1.3.4rc3: - ProFTPD with mod_sql_mysql dies of "Alarm clock" on FreeBSD (bug 3702) - mod_sql_mysql.so: undefined symbol: make_scrambled_password with MySQL 5.5 on Fedora (bug 3669) - PQescapeStringConn() needs a better check (bug 3192) - Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST attacks (bug 3704); to disable this countermeasure, which may cause interoperability issues with some clients, use the NoEmptyFragments TLSOption - Support SFTPOption for ignoring requests to modify timestamps (bug 3706) - RPM build on CentOS 5.5 (64bit): "File not found by glob" (bug 3640) - Response pool use-after-free memory corruption error (bug 3711, #752812, ZDI-CAN-1420, CVE-2011-4130) - Drop upstream patch for make_scrambled_password_323 - Use upstream SysV initscript rather than our own - Use upstream systemd service file rather than our own - Use upstream PAM configuration rather than our own - Use upstream logrotate configuration rather than our own - Use upstream tempfiles configuration rather than our own - Use upstream xinetd configuration rather than our own --- diff --git a/.gitignore b/.gitignore index 4fe5aa7..9702fb4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,14 +1,13 @@ # master/f15/f16 -/proftpd-1.3.4rc3.tar.bz2 +/proftpd-1.3.4.tar.bz2 /proftpd-mod-geoip-0.3.tar.gz /proftpd-mod-vroot-0.9.2.tar.gz /Test-Unit-0.14.tar.gz # el6 -/proftpd-1.3.3f.tar.bz2 +/proftpd-1.3.3g.tar.bz2 /proftpd-mod-geoip-0.2.tar.gz /proftpd-mod-vroot-0.9.2.tar.gz # f14/el5/el4 -/proftpd-1.3.3f.tar.bz2 +/proftpd-1.3.3g.tar.bz2 /proftpd-mod-geoip-0.2.tar.gz /proftpd-mod-vroot-0.8.5.tar.gz -/proftpd-1.3.4rc3.tar.bz2 diff --git a/proftpd-1.3.4-utf8.patch b/proftpd-1.3.4-utf8.patch new file mode 100644 index 0000000..4fb8270 --- /dev/null +++ b/proftpd-1.3.4-utf8.patch @@ -0,0 +1,20 @@ +--- proftpd-1.3.4/ChangeLog 2011-11-09 22:37:36.000000000 +0000 ++++ proftpd-1.3.4/ChangeLog.utf-8 2011-11-10 13:39:17.351759244 +0000 +@@ -15906,7 +15906,7 @@ + 2009-03-13 08:55 castaglia + + * src/inet.c: +- Jes�s Alastruey pointed out there was an off-by-one bug in the ++ Jesús Alastruey pointed out there was an off-by-one bug in the + handling of the PassivePorts port selection code. The highest + port number was not being properly shuffled. + +@@ -27877,7 +27877,7 @@ + 2005-06-08 09:21 castaglia + + * doc/howto/SQL.html: +- Gr�goire COLBERT contributed a snippet of PHP code that can be ++ Grégoire COLBERT contributed a snippet of PHP code that can be + used to generate base64-encoded MD5-digested password strings, + suitable for use by mod_sql. + diff --git a/proftpd-1.3.4-xinetd-typo.patch b/proftpd-1.3.4-xinetd-typo.patch new file mode 100644 index 0000000..c8ab3ce --- /dev/null +++ b/proftpd-1.3.4-xinetd-typo.patch @@ -0,0 +1,8 @@ +--- proftpd-1.3.4/contrib/dist/rpm/xinetd ++++ proftpd-1.3.4/contrib/dist/rpm/xinetd +@@ -1,4 +1,4 @@ +-# default: on ++# default: off + # description: The ProFTPD FTP server + service ftp + { diff --git a/proftpd-1.3.4rc3-make-scrambled-password-323-bug3669.patch b/proftpd-1.3.4rc3-make-scrambled-password-323-bug3669.patch deleted file mode 100644 index b4b0696..0000000 --- a/proftpd-1.3.4rc3-make-scrambled-password-323-bug3669.patch +++ /dev/null @@ -1,253 +0,0 @@ -diff -up proftpd-1.3.4rc3/configure.in.mypasswd323 proftpd-1.3.4rc3/configure.in ---- proftpd-1.3.4rc3/configure.in.mypasswd323 2011-08-12 18:41:43.000000000 +0100 -+++ proftpd-1.3.4rc3/configure.in 2011-10-06 15:39:35.000000000 +0100 -@@ -2179,7 +2179,9 @@ my_static_modules=`echo "$ac_static_modu - my_shared_modules=`echo "$ac_shared_modules" | sed -e 's/\.la//g'`; - all_modules="$my_core_modules $my_static_modules $my_shared_modules"; - -+pr_use_mysql="no" - pr_use_openssl="no" -+pr_use_postgres="no" - - AC_MSG_CHECKING([for duplicate module build requests]) - for i in $all_modules; do -@@ -2211,6 +2213,8 @@ for i in $all_modules; do - dnl Use database-specific config scripts, if we can. Note that - dnl these will cause problems for cross-compiles! - if test x"$i" = x"mod_sql_mysql"; then -+ pr_use_mysql="yes" -+ - if test x"$my_config" != xno; then - if `$my_config --version 2>/dev/null 1>&2`; then - # mysql_config --include gives path WITH -I prefix -@@ -2233,6 +2237,8 @@ for i in $all_modules; do - fi - - elif test x"$i" = x"mod_sql_postgres"; then -+ pr_use_postgres="yes" -+ - if test x"$pg_config" != xno; then - if `$pg_config 2>/dev/null 1>&2`; then - # pg_config --includedir gives path, no -I prefix -@@ -2252,6 +2258,52 @@ for i in $all_modules; do - done - AC_MSG_RESULT([no]) - -+if test x"$pr_use_mysql" = xyes; then -+ # Check for other MySQL-specific functionality here -+ saved_ldflags="$LDFLAGS" -+ saved_libs="$LIBS" -+ saved_cppflags="$CPPFLAGS" -+ -+ dnl Splice out -lsupp, since that library hasn't been built yet -+ LIBS=`echo "$LIBS" | sed -e 's/-lsupp//g'`; -+ -+ AC_MSG_CHECKING([for MySQL's make_scrambled_password_323]) -+ -+ # fiddle with CPPFLAGS, LDFLAGS -+ CPPFLAGS="$CPPFLAGS $ac_build_addl_includes" -+ LDFLAGS="$LDFLAGS -lm -lmysqlclient -lz" -+ LIBS="$LIBS $c_build_addl_libdirs" -+ -+ AC_TRY_LINK( -+ [ -+ #ifdef HAVE_STDLIB_H -+ # include -+ #endif -+ #ifdef HAVE_SYS_TYPES_H -+ # include -+ #endif -+ #include -+ ], -+ [ -+ char input[32]; -+ char *output = NULL; -+ (void) make_scrambled_password_323(input, output); -+ ], -+ [ -+ AC_MSG_RESULT(yes) -+ AC_DEFINE(HAVE_MYSQL_MAKE_SCRAMBLED_PASSWORD_323, 1, [Define if you have MySQL's make_scrambled_password_323]) -+ ], -+ [ -+ AC_MSG_RESULT(no) -+ ] -+ ) -+ -+ # restore CPPFLAGS, LDFLAGS -+ CPPFLAGS="$saved_cppflags" -+ LDFLAGS="$saved_ldflags" -+ LIBS="$saved_libs" -+fi -+ - if test x"$pr_use_openssl" = xyes; then - AC_DEFINE(PR_USE_OPENSSL, 1, [Define if using OpenSSL support.]) - ac_build_addl_libs="$ac_build_addl_libs -lssl -lcrypto" -diff -up proftpd-1.3.4rc3/config.h.in.mypasswd323 proftpd-1.3.4rc3/config.h.in ---- proftpd-1.3.4rc3/config.h.in.mypasswd323 2011-03-15 05:27:45.000000000 +0000 -+++ proftpd-1.3.4rc3/config.h.in 2011-10-06 15:39:35.000000000 +0100 -@@ -384,6 +384,9 @@ - /* Define if you have the munlockall function. */ - #undef HAVE_MUNLOCKALL - -+/* Define if you have the MySQL make_scrambled_password_323 function. */ -+#undef HAVE_MYSQL_MAKE_SCRAMBLED_PASSWORD_323 -+ - /* Define if you have the nl_langinfo function. */ - #undef HAVE_NL_LANGINFO - -diff -up proftpd-1.3.4rc3/configure.mypasswd323 proftpd-1.3.4rc3/configure ---- proftpd-1.3.4rc3/configure.mypasswd323 2011-08-12 18:46:06.000000000 +0100 -+++ proftpd-1.3.4rc3/configure 2011-10-06 15:40:37.000000000 +0100 -@@ -32634,7 +32634,9 @@ my_static_modules=`echo "$ac_static_modu - my_shared_modules=`echo "$ac_shared_modules" | sed -e 's/\.la//g'`; - all_modules="$my_core_modules $my_static_modules $my_shared_modules"; - -+pr_use_mysql="no" - pr_use_openssl="no" -+pr_use_postgres="no" - - { echo "$as_me:$LINENO: checking for duplicate module build requests" >&5 - echo $ECHO_N "checking for duplicate module build requests... $ECHO_C" >&6; } -@@ -32667,6 +32669,8 @@ echo "$as_me: error: duplicate build req - done - - if test x"$i" = x"mod_sql_mysql"; then -+ pr_use_mysql="yes" -+ - if test x"$my_config" != xno; then - if `$my_config --version 2>/dev/null 1>&2`; then - # mysql_config --include gives path WITH -I prefix -@@ -32689,6 +32693,8 @@ echo "$as_me: error: duplicate build req - fi - - elif test x"$i" = x"mod_sql_postgres"; then -+ pr_use_postgres="yes" -+ - if test x"$pg_config" != xno; then - if `$pg_config 2>/dev/null 1>&2`; then - # pg_config --includedir gives path, no -I prefix -@@ -32709,6 +32715,96 @@ done - { echo "$as_me:$LINENO: result: no" >&5 - echo "${ECHO_T}no" >&6; } - -+if test x"$pr_use_mysql" = xyes; then -+ # Check for other MySQL-specific functionality here -+ saved_ldflags="$LDFLAGS" -+ saved_libs="$LIBS" -+ saved_cppflags="$CPPFLAGS" -+ -+ LIBS=`echo "$LIBS" | sed -e 's/-lsupp//g'`; -+ -+ { echo "$as_me:$LINENO: checking for MySQL's make_scrambled_password_323" >&5 -+echo $ECHO_N "checking for MySQL's make_scrambled_password_323... $ECHO_C" >&6; } -+ -+ # fiddle with CPPFLAGS, LDFLAGS -+ CPPFLAGS="$CPPFLAGS $ac_build_addl_includes" -+ LDFLAGS="$LDFLAGS -lm -lmysqlclient -lz" -+ LIBS="$LIBS $c_build_addl_libdirs" -+ -+ cat >conftest.$ac_ext <<_ACEOF -+/* confdefs.h. */ -+_ACEOF -+cat confdefs.h >>conftest.$ac_ext -+cat >>conftest.$ac_ext <<_ACEOF -+/* end confdefs.h. */ -+ -+ #ifdef HAVE_STDLIB_H -+ # include -+ #endif -+ #ifdef HAVE_SYS_TYPES_H -+ # include -+ #endif -+ #include -+ -+int -+main () -+{ -+ -+ char input[32]; -+ char *output = NULL; -+ (void) make_scrambled_password_323(input, output); -+ -+ ; -+ return 0; -+} -+_ACEOF -+rm -f conftest.$ac_objext conftest$ac_exeext -+if { (ac_try="$ac_link" -+case "(($ac_try" in -+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; -+ *) ac_try_echo=$ac_try;; -+esac -+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 -+ (eval "$ac_link") 2>conftest.er1 -+ ac_status=$? -+ grep -v '^ *+' conftest.er1 >conftest.err -+ rm -f conftest.er1 -+ cat conftest.err >&5 -+ echo "$as_me:$LINENO: \$? = $ac_status" >&5 -+ (exit $ac_status); } && { -+ test -z "$ac_c_werror_flag" || -+ test ! -s conftest.err -+ } && test -s conftest$ac_exeext && -+ $as_test_x conftest$ac_exeext; then -+ -+ { echo "$as_me:$LINENO: result: yes" >&5 -+echo "${ECHO_T}yes" >&6; } -+ -+cat >>confdefs.h <<\_ACEOF -+#define HAVE_MYSQL_MAKE_SCRAMBLED_PASSWORD_323 1 -+_ACEOF -+ -+ -+else -+ echo "$as_me: failed program was:" >&5 -+sed 's/^/| /' conftest.$ac_ext >&5 -+ -+ -+ { echo "$as_me:$LINENO: result: no" >&5 -+echo "${ECHO_T}no" >&6; } -+ -+ -+fi -+ -+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ -+ conftest$ac_exeext conftest.$ac_ext -+ -+ # restore CPPFLAGS, LDFLAGS -+ CPPFLAGS="$saved_cppflags" -+ LDFLAGS="$saved_ldflags" -+ LIBS="$saved_libs" -+fi -+ - if test x"$pr_use_openssl" = xyes; then - - cat >>confdefs.h <<\_ACEOF -diff -up proftpd-1.3.4rc3/contrib/mod_sql_mysql.c.mypasswd323 proftpd-1.3.4rc3/contrib/mod_sql_mysql.c ---- proftpd-1.3.4rc3/contrib/mod_sql_mysql.c.mypasswd323 2011-05-23 21:56:40.000000000 +0100 -+++ proftpd-1.3.4rc3/contrib/mod_sql_mysql.c 2011-10-06 15:39:35.000000000 +0100 -@@ -1485,7 +1485,7 @@ MODRET cmd_checkauth(cmd_rec * cmd) { - - if (!success) { - --#if MYSQL_VERSION_ID >= 40101 -+#ifdef HAVE_MYSQL_MAKE_SCRAMBLED_PASSWORD_323 - /* Try to work around MySQL's stupid handling of password length - * changes in 4.1, and the stupidity and whining of admins who - * cannot deal with those changes. -@@ -1495,12 +1495,14 @@ MODRET cmd_checkauth(cmd_rec * cmd) { - - sql_log(DEBUG_FUNC, "%s", - "checking again using deprecated legacy MySQL password algorithm"); -+ sql_log(DEBUG_FUNC, "%s", -+ "warning: support for this legacy MySQ-3.xL password algorithm will be dropped from MySQL in the future"); - success = !strcmp(scrambled, c_hash); - if (!success) - sql_log(DEBUG_FUNC, "%s", "password mismatch"); - #else - sql_log(DEBUG_FUNC, "%s", "password mismatch"); --#endif -+#endif /* No MySQL make_scrambled_password_323() function */ - } - - sql_log(DEBUG_FUNC, "%s", "exiting \tmysql cmd_checkauth"); diff --git a/proftpd-tmpfs.conf b/proftpd-tmpfs.conf deleted file mode 100644 index a665223..0000000 --- a/proftpd-tmpfs.conf +++ /dev/null @@ -1 +0,0 @@ -d @RUNDIR@/proftpd diff --git a/proftpd-xinetd b/proftpd-xinetd deleted file mode 100644 index fa24aee..0000000 --- a/proftpd-xinetd +++ /dev/null @@ -1,14 +0,0 @@ -# default: off -# description: The ProFTPD FTP server serves FTP connections. It uses \ -# normal, unencrypted usernames and passwords for authentication. -service ftp -{ - socket_type = stream - wait = no - user = root - server = /usr/sbin/in.proftpd - log_on_success += DURATION USERID - log_on_failure += USERID - nice = 10 - disable = yes -} diff --git a/proftpd.init b/proftpd.init deleted file mode 100644 index b4052b9..0000000 --- a/proftpd.init +++ /dev/null @@ -1,101 +0,0 @@ -#!/bin/sh -# -# proftpd This shell script takes care of starting and stopping -# proftpd. -# -# chkconfig: - 80 30 -# description: ProFTPd is an enhanced FTP server with a focus towards \ -# simplicity, security, and ease of configuration. \ -# It features a very Apache-like configuration syntax, \ -# and a highly customizable server infrastructure, \ -# including support for multiple 'virtual' FTP servers, \ -# anonymous FTP, and permission-based directory visibility. -# processname: proftpd -# config: /etc/proftpd.conf -# pidfile: /var/run/proftpd/proftpd.pid - -### BEGIN INIT INFO -# Provides: proftpd ftpserver -# Required-Start: $local_fs $network $named $remote_fs -# Required-Stop: $local_fs $network $named $remote_fs -# Default-Stop: 0 1 6 -# Short-Description: ProFTPd FTP Server -# Description: ProFTPd is an enhanced FTP server with a focus towards -# simplicity, security, and ease of configuration. -# It features a very Apache-like configuration syntax, -# and a highly customizable server infrastructure, -# including support for multiple 'virtual' FTP servers, -# anonymous FTP, and permission-based directory visibility. -### END INIT INFO - -# Source function library. -. /etc/rc.d/init.d/functions - -# Source networking configuration. -. /etc/sysconfig/network - -# Source ProFTPD configuration. -PROFTPD_OPTIONS="" -if [ -f /etc/sysconfig/proftpd ]; then - . /etc/sysconfig/proftpd -fi - -# Check that networking is up. -[ ${NETWORKING} = "no" ] && exit 1 - -[ -x /usr/sbin/proftpd ] || exit 5 - -RETVAL=0 - -prog="proftpd" - -start() { - echo -n $"Starting $prog: " - daemon proftpd $PROFTPD_OPTIONS 2>/dev/null - RETVAL=$? - echo - [ $RETVAL -eq 0 ] && touch /var/lock/subsys/proftpd -} - -stop() { - echo -n $"Shutting down $prog: " - killproc proftpd - RETVAL=$? - echo - [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/proftpd -} - -# See how we were called. -case "$1" in - start) - start - ;; - stop) - stop - ;; - status) - status proftpd - RETVAL=$? - ;; - restart) - stop - start - ;; - try-restart|condrestart) - if [ -f /var/lock/subsys/proftpd ]; then - stop - start - fi - ;; - reload|force-reload) - echo -n $"Re-reading $prog configuration: " - killproc proftpd -HUP - RETVAL=$? - echo - ;; - *) - echo "Usage: $prog {start|stop|restart|try-restart|reload|status}" - exit 2 -esac - -exit $RETVAL diff --git a/proftpd.logrotate b/proftpd.logrotate deleted file mode 100644 index 22cc420..0000000 --- a/proftpd.logrotate +++ /dev/null @@ -1,10 +0,0 @@ -/var/log/proftpd/*.log /var/log/xferlog { - compress - missingok - notifempty - sharedscripts - postrotate - test -f /var/lock/subsys/proftpd && /usr/bin/killall -HUP proftpd || : - endscript -} - diff --git a/proftpd.pam b/proftpd.pam deleted file mode 100644 index c0c05db..0000000 --- a/proftpd.pam +++ /dev/null @@ -1,8 +0,0 @@ -#%PAM-1.0 -session optional pam_keyinit.so force revoke -auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed -auth required pam_shells.so -auth include password-auth -account include password-auth -session required pam_loginuid.so -session include password-auth diff --git a/proftpd.service b/proftpd.service deleted file mode 100644 index 6751890..0000000 --- a/proftpd.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=ProFTPD FTP Server -After=syslog.target network.target nss-lookup.target local-fs.target remote-fs.target - -[Service] -Type=forking -EnvironmentFile=/etc/sysconfig/proftpd -ExecStart=/usr/sbin/proftpd $PROFTPD_OPTIONS -ExecReload=/bin/kill -HUP $MAINPID - -[Install] -WantedBy=multi-user.target diff --git a/proftpd.spec b/proftpd.spec index 4d8e961..7ba4af8 100644 --- a/proftpd.spec +++ b/proftpd.spec @@ -40,8 +40,8 @@ %global have_libmemcached 1 %endif -%global prever rc3 -%global rpmrel 15 +#global prever rc3 +%global rpmrel 1 Summary: Flexible, stable and highly-configurable FTP server Name: proftpd @@ -52,26 +52,21 @@ Group: System Environment/Daemons URL: http://www.proftpd.org/ Source0: ftp://ftp.proftpd.org/distrib/source/proftpd-%{version}%{?prever}.tar.bz2 Source1: proftpd.conf -Source2: proftpd.init -Source3: proftpd-xinetd -Source4: proftpd.logrotate Source5: proftpd-welcome.msg -Source6: proftpd.pam Source9: proftpd.sysconfig Source10: http://www.castaglia.org/proftpd/modules/proftpd-mod-vroot-0.9.2.tar.gz Source11: http://www.castaglia.org/proftpd/modules/proftpd-mod-geoip-0.3.tar.gz -Source12: proftpd-tmpfs.conf # The integration tests require perl(Test::Unit) 0.14, which is the latest release on CPAN # However, the version in Fedora is 0.25 from sourceforge, which is incompatible with the test suite, # so we bundle version 0.14 here, purely for use during builds with the integration tests enabled # (they are disabled by default); it is not included as part of the built package and should therefore # not fall foul of the rules against library bundling Source13: http://search.cpan.org/CPAN/authors/id/C/CL/CLEMBURG/Test-Unit-0.14.tar.gz -Source14: proftpd.service -Patch0: proftpd-1.3.4rc3-make-scrambled-password-323-bug3669.patch Patch1: proftpd-1.3.4rc3-mysql-password.patch Patch2: proftpd.conf-no-memcached.patch +Patch3: proftpd-1.3.4-xinetd-typo.patch Patch4: proftpd-1.3.4rc1-mod_vroot-test.patch +Patch5: proftpd-1.3.4-utf8.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root Requires(preun): coreutils, findutils %if %{use_systemd} @@ -161,18 +156,23 @@ cp -p mod_vroot/t/modules/mod_vroot.t tests/t/modules/ cp -p mod_geoip/mod_geoip.c contrib/ cp -p mod_geoip/mod_geoip.html doc/contrib/ -# Upstream patch to not try make_scrambled_password_323 if the function -# isn't exported from the MySQL library (upstream bug 3669) -%patch0 -p1 -b .mypasswd323 +# Allow conf.h to find config.h (upstream bug 3127) +ln -s ../config.h include/config.h # Use my_make_scrambled_password rather than the deprecated # make_scrambled_password, which isn't exported from Fedora's MySQL # in F-15 onwards (#718327, upstream bug 3669) %patch1 -p1 -b .mypasswd +# Fix typo in upstream xinetd configuration +%patch3 -p1 -b .xinetd + # If we're running the full test suite, include the mod_vroot test %patch4 -p1 -b .test_vroot +# Fix character encoding in docs +%patch5 -p1 -b .utf8 + # Avoid documentation name conflicts mv contrib/README contrib/README.contrib @@ -192,9 +192,8 @@ chmod -x contrib/xferstats.holger-preiss # PAM Configuration: # Default PAM configuration file uses password-auth common config; # revert to system-auth if password-auth is not available -cp -p %{SOURCE6} . if [ ! -f /etc/pam.d/password-auth ]; then - sed -i -e s/password-auth/system-auth/ proftpd.pam + sed -i -e s/password-auth/system-auth/ contrib/dist/rpm/proftpd.pam fi # The "include" syntax used in our PAM configuration file was introduced in # PAM 0.78 and is therefore supported in FC-5 and EL-5 onwards; older @@ -206,17 +205,7 @@ fi # indicator of the need to fall back to pam_stack. [ ! -f /etc/pam.d/config-util ] && sed -i -e \ 's/include[[:space:]]*system-auth/required'\ \ \ \ \ 'pam_stack.so service=system-auth/' \ - proftpd.pam - -# Fix character encoding in docs -for f in ChangeLog; do - iconv -f iso-8859-1 -t utf-8 < ${f} > ${f}.utf-8 - mv -f ${f}.utf-8 ${f} -done - -# Copy in the tmpfiles config and insert the appropriate run directory -cp -p %{SOURCE12} . -sed -i -e 's|@RUNDIR@|%{rundir}|' proftpd-tmpfs.conf + contrib/dist/rpm/proftpd.pam # Remove bogus exec permissions from source files chmod -c -x include/tpl.h lib/tpl.c @@ -259,14 +248,19 @@ make install DESTDIR=%{buildroot} \ INSTALL_USER=`id -un` \ INSTALL_GROUP=`id -gn` install -D -p -m 640 proftpd.conf %{buildroot}%{_sysconfdir}/proftpd.conf -install -D -p -m 644 proftpd.pam %{buildroot}%{_sysconfdir}/pam.d/proftpd +install -D -p -m 644 contrib/dist/rpm/proftpd.pam \ + %{buildroot}%{_sysconfdir}/pam.d/proftpd %if %{use_systemd} -install -D -p -m 644 %{SOURCE14} %{buildroot}%{_unitdir}/proftpd.service +install -D -p -m 644 contrib/dist/rpm/proftpd.service \ + %{buildroot}%{_unitdir}/proftpd.service %else -install -D -p -m 755 %{SOURCE2} %{buildroot}%{_sysconfdir}/rc.d/init.d/proftpd +install -D -p -m 755 contrib/dist/rpm/proftpd.init.d \ + %{buildroot}%{_sysconfdir}/rc.d/init.d/proftpd %endif -install -D -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/xinetd.d/xproftpd -install -D -p -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/logrotate.d/proftpd +install -D -p -m 644 contrib/dist/rpm/xinetd \ + %{buildroot}%{_sysconfdir}/xinetd.d/xproftpd +install -D -p -m 644 contrib/dist/rpm/proftpd.logrotate \ + %{buildroot}%{_sysconfdir}/logrotate.d/proftpd install -D -p -m 644 %{SOURCE5} %{buildroot}%{_localstatedir}/ftp/welcome.msg install -D -p -m 644 %{SOURCE9} %{buildroot}%{_sysconfdir}/sysconfig/proftpd mkdir -p %{buildroot}%{_localstatedir}/{ftp/{pub,uploads},log/proftpd} @@ -275,7 +269,8 @@ touch %{buildroot}%{_sysconfdir}/ftpusers # Make sure %%{rundir}/proftpd exists at boot time for systems where it's on tmpfs (#656675) %if 0%{?rundir_tmpfs:1} install -d -m 755 %{buildroot}%{_sysconfdir}/tmpfiles.d -install -p -m 644 proftpd-tmpfs.conf %{buildroot}%{_sysconfdir}/tmpfiles.d/proftpd.conf +install -p -m 644 contrib/dist/rpm/proftpd-tmpfs.conf \ + %{buildroot}%{_sysconfdir}/tmpfiles.d/proftpd.conf %endif # Find translations @@ -467,6 +462,27 @@ fi %{_libexecdir}/proftpd/mod_sql_postgres.so %changelog +* Thu Nov 10 2011 Paul Howarth 1.3.4-1 +- Update to 1.3.4, addressing the following bugs since 1.3.4rc3: + - ProFTPD with mod_sql_mysql dies of "Alarm clock" on FreeBSD (bug 3702) + - mod_sql_mysql.so: undefined symbol: make_scrambled_password with MySQL 5.5 + on Fedora (bug 3669) + - PQescapeStringConn() needs a better check (bug 3192) + - Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST attacks (bug 3704); + to disable this countermeasure, which may cause interoperability issues + with some clients, use the NoEmptyFragments TLSOption + - Support SFTPOption for ignoring requests to modify timestamps (bug 3706) + - RPM build on CentOS 5.5 (64bit): "File not found by glob" (bug 3640) + - Response pool use-after-free memory corruption error + (bug 3711, #752812, ZDI-CAN-1420, CVE-2011-4130) +- Drop upstream patch for make_scrambled_password_323 +- Use upstream SysV initscript rather than our own +- Use upstream systemd service file rather than our own +- Use upstream PAM configuration rather than our own +- Use upstream logrotate configuration rather than our own +- Use upstream tempfiles configuration rather than our own +- Use upstream xinetd configuration rather than our own + * Thu Oct 6 2011 Paul Howarth 1.3.4-0.15.rc3 - Add upstream patch to not try make_scrambled_password_323 if the MySQL library doesn't export it (#718327, upstream bug 3669); this removes support diff --git a/sources b/sources index 8c793a4..59cb65a 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -5e9b2cb1f0c7e27aa7f02e5966e9d3d5 proftpd-1.3.4rc3.tar.bz2 +7734142c7fa7212ab9f188a617a4be87 proftpd-1.3.4.tar.bz2 cc0e479406436e474ca7d59994fa73bb proftpd-mod-geoip-0.3.tar.gz 6db495b25e9da2ba0c901e7c44e119bc proftpd-mod-vroot-0.9.2.tar.gz ad574713bcd00f62883ff2f9a84eec1f Test-Unit-0.14.tar.gz