diff --git a/.gitignore b/.gitignore index 19f281d..8f3eef9 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ -/proftpd-1.3.3c.tar.bz2 +/proftpd-1.3.3d.tar.bz2 /proftpd-mod-geoip-0.2.tar.gz -/proftpd-mod-vroot-0.8.5.tar.gz +/proftpd-mod-vroot-0.9.tar.gz diff --git a/proftpd-tmpfs.conf b/proftpd-tmpfs.conf new file mode 100644 index 0000000..df49dff --- /dev/null +++ b/proftpd-tmpfs.conf @@ -0,0 +1 @@ +d /var/run/proftpd diff --git a/proftpd.conf b/proftpd.conf index 3bf6127..736f610 100644 --- a/proftpd.conf +++ b/proftpd.conf @@ -15,7 +15,7 @@ DefaultServer on # work at session-end time (http://bugzilla.redhat.com/477120) VRootEngine on DefaultRoot ~ !adm -VRootAlias etc/security/pam_env.conf /etc/security/pam_env.conf +VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf # Use pam to authenticate (default) and be authoritative AuthPAMConfig proftpd @@ -105,7 +105,7 @@ LogFormat auth "%v [%P] %h %t \"%r\" %s" # LoadModule mod_facl.c # # Support for using the GeoIP library to look up geographical information on -# the connecting client and usng that to set access controls for the server +# the connecting client and using that to set access controls for the server # (http://www.castaglia.org/proftpd/modules/mod_geoip.html) # LoadModule mod_geoip.c # diff --git a/proftpd.init b/proftpd.init old mode 100755 new mode 100644 index f00f790..868720a --- a/proftpd.init +++ b/proftpd.init @@ -18,6 +18,7 @@ # Provides: proftpd ftpserver # Required-Start: $local_fs $network $named $remote_fs # Required-Stop: $local_fs $network $named $remote_fs +# Default-Stop: 0 1 6 # Short-Description: ProFTPd FTP Server # Description: ProFTPd is an enhanced FTP server with a focus towards # simplicity, security, and ease of configuration. diff --git a/proftpd.spec b/proftpd.spec index 73aa1e3..92d42f9 100644 --- a/proftpd.spec +++ b/proftpd.spec @@ -11,7 +11,7 @@ Summary: Flexible, stable and highly-configurable FTP server Name: proftpd -Version: 1.3.3c +Version: 1.3.3d Release: %{?prever:0.}%{rpmrel}%{?prever:.%{prever}}%{?dist} License: GPLv2+ Group: System Environment/Daemons @@ -26,13 +26,18 @@ Source6: proftpd.pam Source7: proftpd-mod_quotatab_ldap.ldif Source8: proftpd-mod_quotatab_ldap.schema Source9: proftpd.sysconfig -Source10: http://www.castaglia.org/proftpd/modules/proftpd-mod-vroot-0.8.5.tar.gz +Source10: http://www.castaglia.org/proftpd/modules/proftpd-mod-vroot-0.9.tar.gz Source11: http://www.castaglia.org/proftpd/modules/proftpd-mod-geoip-0.2.tar.gz +Source12: proftpd-tmpfs.conf Patch0: proftpd-1.3.2rc3-nostrip.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root Requires(post): /sbin/chkconfig Requires(preun): /sbin/service, /sbin/chkconfig, coreutils, findutils Requires(postun): /sbin/service +# Need systemd-units for ownership of /etc/tmpfiles.d directory +%if 0%{?fedora} > 14 +Requires: systemd-units +%endif BuildRequires: pam-devel, ncurses-devel, pkgconfig, gettext, zlib-devel BuildRequires: openssl-devel, libacl-devel, libcap-devel, /usr/include/tcpd.h BuildRequires: openldap-devel, mysql-devel, postgresql-devel, GeoIP-devel @@ -168,6 +173,13 @@ SMOD6=mod_sftp:mod_sftp_pam:mod_sftp_sql:mod_tls_shmcache %{__mkdir_p} %{buildroot}%{_localstatedir}/{ftp/{pub,uploads},log/proftpd} /bin/touch %{buildroot}%{_sysconfdir}/ftpusers +# Make sure /var/run/proftpd exists at boot time for systems +# with /var/run on tmpfs (#656675) +%if 0%{?fedora} > 14 +%{__install} -d -m 755 %{buildroot}%{_sysconfdir}/tmpfiles.d +%{__install} -p -m 644 %{SOURCE12} %{buildroot}%{_sysconfdir}/tmpfiles.d/proftpd.conf +%endif + # Find translations %find_lang proftpd @@ -219,6 +231,9 @@ fi %config(noreplace) %{_sysconfdir}/sysconfig/proftpd %config(noreplace) %{_sysconfdir}/xinetd.d/xproftpd %{_sysconfdir}/rc.d/init.d/proftpd +%if 0%{?fedora} > 14 +%{_sysconfdir}/tmpfiles.d/proftpd.conf +%endif %{_bindir}/ftpcount %{_bindir}/ftpdctl %{_bindir}/ftptop @@ -285,9 +300,25 @@ fi %{_libexecdir}/proftpd/mod_sql_postgres.so %changelog +* Mon Dec 20 2010 Paul Howarth 1.3.3d-1 +- Update to 1.3.3d + - Fixed sql_prepare_where() buffer overflow (bug 3536) + - Fixed CPU spike when handling .ftpaccess files + - Fixed handling of SFTP uploads when compression is used + +* Fri Dec 10 2010 Paul Howarth 1.3.3c-3 +- Update mod_vroot to 0.9 (improvements to alias handling) +- Note that the previous default configuration is broken by this change; see + the new VRootAlias line in proftpd.conf +- Add Default-Stop LSB keyword in initscript (for runlevels 0, 1, and 6) + +* Wed Dec 1 2010 Paul Howarth 1.3.3c-2 +- Add /etc/tmpfiles.d/proftpd.conf for builds on Fedora 15 onwards to + support running with /var/run on tmpfs (#656675) + * Mon Nov 1 2010 Paul Howarth 1.3.3c-1 - Update to 1.3.3c (#647965) - - Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925) + - Fixed Telnet IAC stack overflow vulnerability (CVE-2010-4221) - Fixed directory traversal bug in mod_site_misc (CVE-2010-3867) - Fixed SQLite authentications using "SQLAuthType Backend" - New DSO module: mod_geoip diff --git a/sources b/sources index ffbc64c..f5f4bf4 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -8571bd78874b557e98480ed48e2df1d2 proftpd-1.3.3c.tar.bz2 +69650e91e05b3a10fa3ac54ee261679b proftpd-1.3.3d.tar.bz2 6242218c0c98efbab8076ec3bc9fd4d5 proftpd-mod-geoip-0.2.tar.gz -139fc328c43a9afbe290ec787713096b proftpd-mod-vroot-0.8.5.tar.gz +181669582a2cf5d54f0df15a4d83eae6 proftpd-mod-vroot-0.9.tar.gz