diff --git a/.gitignore b/.gitignore index 911e184..9273359 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,9 @@ -# master/f19/f18/f17 +# master/el7 +/proftpd-1.3.5.tar.gz +/proftpd-mod-geoip-0.3.tar.gz +/proftpd-mod-vroot-0.9.2.tar.gz +/Test-Unit-0.14.tar.gz +# f20/f19 /proftpd-1.3.4d.tar.gz /proftpd-mod-geoip-0.3.tar.gz /proftpd-mod-vroot-0.9.2.tar.gz @@ -11,3 +16,4 @@ /proftpd-1.3.3g.tar.bz2 /proftpd-mod-geoip-0.2.tar.gz /proftpd-mod-vroot-0.8.5.tar.gz +/proftpd-1.3.5.tar.gz diff --git a/proftpd-1.3.4a-bug3720.patch b/proftpd-1.3.4a-bug3720.patch deleted file mode 100644 index d6fe638..0000000 --- a/proftpd-1.3.4a-bug3720.patch +++ /dev/null @@ -1,160 +0,0 @@ -Index: contrib/mod_deflate.c -=================================================================== -RCS file: /cvsroot/proftp/proftpd/contrib/mod_deflate.c,v -retrieving revision 1.8 -diff -u -r1.8 mod_deflate.c ---- contrib/mod_deflate.c 10 Jun 2011 02:57:35 -0000 1.8 -+++ contrib/mod_deflate.c 23 Nov 2011 17:58:21 -0000 -@@ -898,7 +898,7 @@ - - pr_signals_block(); - PRIVS_ROOT -- res = pr_log_openfile(c->argv[0], &deflate_logfd, 0640); -+ res = pr_log_openfile(c->argv[0], &deflate_logfd, PR_LOG_SYSTEM_MODE); - PRIVS_RELINQUISH - pr_signals_unblock(); - -Index: contrib/mod_exec.c -=================================================================== -RCS file: /cvsroot/proftp/proftpd/contrib/mod_exec.c,v -retrieving revision 1.20 -diff -u -r1.20 mod_exec.c ---- contrib/mod_exec.c 24 Sep 2011 06:44:36 -0000 1.20 -+++ contrib/mod_exec.c 23 Nov 2011 17:58:21 -0000 -@@ -192,7 +192,7 @@ - - pr_signals_block(); - PRIVS_ROOT -- res = pr_log_openfile(exec_logname, &exec_logfd, 0640); -+ res = pr_log_openfile(exec_logname, &exec_logfd, PR_LOG_SYSTEM_MODE); - PRIVS_RELINQUISH - pr_signals_unblock(); - -Index: contrib/mod_quotatab.c -=================================================================== -RCS file: /cvsroot/proftp/proftpd/contrib/mod_quotatab.c,v -retrieving revision 1.76 -diff -u -r1.76 mod_quotatab.c ---- contrib/mod_quotatab.c 26 May 2011 23:14:01 -0000 1.76 -+++ contrib/mod_quotatab.c 23 Nov 2011 17:58:21 -0000 -@@ -429,7 +429,7 @@ - - pr_signals_block(); - PRIVS_ROOT -- res = pr_log_openfile(quota_logname, "a_logfd, 0640); -+ res = pr_log_openfile(quota_logname, "a_logfd, PR_LOG_SYSTEM_MODE); - PRIVS_RELINQUISH - pr_signals_unblock(); - -Index: contrib/mod_radius.c -=================================================================== -RCS file: /cvsroot/proftp/proftpd/contrib/mod_radius.c,v -retrieving revision 1.66 -diff -u -r1.66 mod_radius.c ---- contrib/mod_radius.c 16 Aug 2011 16:13:02 -0000 1.66 -+++ contrib/mod_radius.c 23 Nov 2011 17:58:21 -0000 -@@ -1825,7 +1825,7 @@ - - pr_signals_block(); - PRIVS_ROOT -- res = pr_log_openfile(radius_logname, &radius_logfd, 0640); -+ res = pr_log_openfile(radius_logname, &radius_logfd, PR_LOG_SYSTEM_MODE); - PRIVS_RELINQUISH - pr_signals_unblock(); - -Index: contrib/mod_sql.c -=================================================================== -RCS file: /cvsroot/proftp/proftpd/contrib/mod_sql.c,v -retrieving revision 1.218 -diff -u -r1.218 mod_sql.c ---- contrib/mod_sql.c 4 Oct 2011 05:27:18 -0000 1.218 -+++ contrib/mod_sql.c 23 Nov 2011 17:58:22 -0000 -@@ -5383,7 +5383,7 @@ - - pr_signals_block(); - PRIVS_ROOT -- res = pr_log_openfile(sql_logfile, &sql_logfd, 0640); -+ res = pr_log_openfile(sql_logfile, &sql_logfd, PR_LOG_SYSTEM_MODE); - PRIVS_RELINQUISH - pr_signals_unblock(); - -Index: contrib/mod_tls.c -=================================================================== -RCS file: /cvsroot/proftp/proftpd/contrib/mod_tls.c,v -retrieving revision 1.264 -diff -u -r1.264 mod_tls.c ---- contrib/mod_tls.c 19 Nov 2011 02:54:13 -0000 1.264 -+++ contrib/mod_tls.c 23 Nov 2011 17:58:22 -0000 -@@ -6152,7 +6152,7 @@ - - pr_signals_block(); - PRIVS_ROOT -- res = pr_log_openfile(tls_logname, &tls_logfd, 0600); -+ res = pr_log_openfile(tls_logname, &tls_logfd, PR_LOG_SYSTEM_MODE); - PRIVS_RELINQUISH - pr_signals_unblock(); - -Index: contrib/mod_sftp/mod_sftp.c -=================================================================== -RCS file: /cvsroot/proftp/proftpd/contrib/mod_sftp/mod_sftp.c,v -retrieving revision 1.61 -diff -u -r1.61 mod_sftp.c ---- contrib/mod_sftp/mod_sftp.c 12 Oct 2011 17:15:56 -0000 1.61 -+++ contrib/mod_sftp/mod_sftp.c 23 Nov 2011 17:58:22 -0000 -@@ -1675,7 +1675,7 @@ - - pr_signals_block(); - PRIVS_ROOT -- res = pr_log_openfile(sftp_logname, &sftp_logfd, 0600); -+ res = pr_log_openfile(sftp_logname, &sftp_logfd, PR_LOG_SYSTEM_MODE); - PRIVS_RELINQUISH - pr_signals_unblock(); - -Index: contrib/mod_wrap2/mod_wrap2.c -=================================================================== -RCS file: /cvsroot/proftp/proftpd/contrib/mod_wrap2/mod_wrap2.c,v -retrieving revision 1.39 -diff -u -r1.39 mod_wrap2.c ---- contrib/mod_wrap2/mod_wrap2.c 6 Nov 2011 21:56:12 -0000 1.39 -+++ contrib/mod_wrap2/mod_wrap2.c 23 Nov 2011 17:58:22 -0000 -@@ -150,7 +150,7 @@ - - pr_signals_block(); - PRIVS_ROOT -- res = pr_log_openfile(wrap2_logname, &wrap2_logfd, 0640); -+ res = pr_log_openfile(wrap2_logname, &wrap2_logfd, PR_LOG_SYSTEM_MODE); - PRIVS_RELINQUISH - pr_signals_unblock(); - -Index: modules/mod_ctrls.c -=================================================================== -RCS file: /cvsroot/proftp/proftpd/modules/mod_ctrls.c,v -retrieving revision 1.51 -diff -u -r1.51 mod_ctrls.c ---- modules/mod_ctrls.c 17 Nov 2011 23:40:28 -0000 1.51 -+++ modules/mod_ctrls.c 23 Nov 2011 17:58:22 -0000 -@@ -110,7 +110,7 @@ - return 0; - - PRIVS_ROOT -- res = pr_log_openfile(ctrls_logname, &logfd, 0640); -+ res = pr_log_openfile(ctrls_logname, &logfd, PR_LOG_SYSTEM_MODE); - PRIVS_RELINQUISH - - if (res == 0) { -Index: modules/mod_memcache.c -=================================================================== -RCS file: /cvsroot/proftp/proftpd/modules/mod_memcache.c,v -retrieving revision 1.15 -diff -u -r1.15 mod_memcache.c ---- modules/mod_memcache.c 23 May 2011 21:11:56 -0000 1.15 -+++ modules/mod_memcache.c 23 Nov 2011 17:58:22 -0000 -@@ -347,7 +347,7 @@ - - pr_signals_block(); - PRIVS_ROOT -- res = pr_log_openfile(path, &memcache_logfd, 0600); -+ res = pr_log_openfile(path, &memcache_logfd, PR_LOG_SYSTEM_MODE); - PRIVS_RELINQUISH - pr_signals_unblock(); - diff --git a/proftpd-1.3.4a-bug3745.patch b/proftpd-1.3.4a-bug3745.patch deleted file mode 100644 index 18ba9a4..0000000 --- a/proftpd-1.3.4a-bug3745.patch +++ /dev/null @@ -1,35 +0,0 @@ -Index: modules/mod_core.c -=================================================================== -RCS file: /cvsroot/proftp/proftpd/modules/mod_core.c,v -retrieving revision 1.420 -diff -u -r1.420 mod_core.c ---- modules/mod_core.c 5 Feb 2012 18:08:56 -0000 1.420 -+++ modules/mod_core.c 5 Feb 2012 18:24:16 -0000 -@@ -3587,6 +3587,27 @@ - } - - if (pr_netaddr_get_family(session.c->local_addr) == pr_netaddr_get_family(session.c->remote_addr)) { -+ -+#ifdef PR_USE_IPV6 -+ if (pr_netaddr_use_ipv6()) { -+ /* Make sure that the family is NOT IPv6, even though the family of the -+ * local and remote ends match. The PASV command cannot be used for -+ * IPv6 addresses (Bug#3745). -+ */ -+ if (pr_netaddr_get_family(session.c->local_addr) == AF_INET6) { -+ int xerrno = EPERM; -+ -+ pr_log_debug(DEBUG0, -+ "Unable to handle PASV for IPv6 address '%s', rejecting command", -+ pr_netaddr_get_ipstr(session.c->local_addr)); -+ pr_response_add_err(R_501, "%s: %s", cmd->argv[0], strerror(xerrno)); -+ -+ errno = xerrno; -+ return PR_ERROR(cmd); -+ } -+ } -+#endif /* PR_USE_IPV6 */ -+ - bind_addr = session.c->local_addr; - - } else { diff --git a/proftpd-1.3.4a-bug3746.patch b/proftpd-1.3.4a-bug3746.patch deleted file mode 100644 index d023cd7..0000000 --- a/proftpd-1.3.4a-bug3746.patch +++ /dev/null @@ -1,157 +0,0 @@ -Index: modules/mod_ls.c -=================================================================== -RCS file: /cvsroot/proftp/proftpd/modules/mod_ls.c,v -retrieving revision 1.192 -diff -u -r1.192 mod_ls.c ---- modules/mod_ls.c 1 Feb 2012 22:03:50 -0000 1.192 -+++ modules/mod_ls.c 1 Feb 2012 23:13:14 -0000 -@@ -54,8 +54,10 @@ - #endif - #define LS_SENDLINE_FL_FLUSH 0x0001 - --static unsigned long list_flags = 0; - #define LS_FL_NO_ERROR_IF_ABSENT 0x0001 -+#define LS_FL_LIST_ONLY 0x0002 -+#define LS_FL_NLST_ONLY 0x0004 -+static unsigned long list_flags = 0; - - static unsigned char list_strict_opts = FALSE; - static char *list_options = NULL; -@@ -2273,15 +2275,28 @@ - config_rec *c = NULL; - - tmp = get_param_ptr(TOPLEVEL_CONF, "ShowSymlinks", FALSE); -- if (tmp != NULL) -+ if (tmp != NULL) { - list_show_symlinks = *tmp; -+ } - - list_strict_opts = FALSE; -- - list_nfiles.max = list_ndirs.max = list_ndepth.max = 0; - - c = find_config(CURRENT_CONF, CONF_PARAM, "ListOptions", FALSE); -- if (c != NULL) { -+ while (c != NULL) { -+ pr_signals_handle(); -+ -+ list_flags = *((unsigned long *) c->argv[5]); -+ -+ /* Make sure that this ListOptions can be applied to the LIST command. -+ * If not, keep looking for other applicable ListOptions. -+ */ -+ if (list_flags & LS_FL_NLST_ONLY) { -+ pr_log_debug(DEBUG10, "%s: skipping NLSTOnly ListOptions", cmd->argv[0]); -+ c = find_config_next(c, c->next, CONF_PARAM, "ListOptions", FALSE); -+ continue; -+ } -+ - list_options = c->argv[0]; - list_strict_opts = *((unsigned char *) c->argv[1]); - -@@ -2299,7 +2314,7 @@ - list_nfiles.max = *((unsigned int *) c->argv[3]); - list_ndirs.max = *((unsigned int *) c->argv[4]); - -- list_flags = *((unsigned long *) c->argv[5]); -+ break; - } - - fakeuser = get_param_ptr(CURRENT_CONF, "DirFakeUser", FALSE); -@@ -2440,7 +2455,26 @@ - list_ndepth.max = list_nfiles.max = list_ndirs.max = 0; - - c = find_config(CURRENT_CONF, CONF_PARAM, "ListOptions", FALSE); -- if (c != NULL) { -+ while (c != NULL) { -+ pr_signals_handle(); -+ -+ list_flags = *((unsigned long *) c->argv[5]); -+ -+ /* Make sure that this ListOptions can be applied to the STAT command. -+ * If not, keep looking for other applicable ListOptions. -+ */ -+ if (list_flags & LS_FL_LIST_ONLY) { -+ pr_log_debug(DEBUG10, "%s: skipping LISTOnly ListOptions", cmd->argv[0]); -+ c = find_config_next(c, c->next, CONF_PARAM, "ListOptions", FALSE); -+ continue; -+ } -+ -+ if (list_flags & LS_FL_NLST_ONLY) { -+ pr_log_debug(DEBUG10, "%s: skipping NLSTOnly ListOptions", cmd->argv[0]); -+ c = find_config_next(c, c->next, CONF_PARAM, "ListOptions", FALSE); -+ continue; -+ } -+ - list_options = c->argv[0]; - list_strict_opts = *((unsigned char *) c->argv[1]); - -@@ -2458,7 +2492,7 @@ - list_nfiles.max = *((unsigned int *) c->argv[3]); - list_ndirs.max = *((unsigned int *) c->argv[4]); - -- list_flags = *((unsigned long *) c->argv[5]); -+ break; - } - - fakeuser = get_param_ptr(CURRENT_CONF, "DirFakeUser", FALSE); -@@ -2535,7 +2569,20 @@ - pr_fs_decode_path(cmd->tmp_pool, cmd->arg); - - c = find_config(CURRENT_CONF, CONF_PARAM, "ListOptions", FALSE); -- if (c != NULL) { -+ while (c != NULL) { -+ pr_signals_handle(); -+ -+ list_flags = *((unsigned long *) c->argv[5]); -+ -+ /* Make sure that this ListOptions can be applied to the NLST command. -+ * If not, keep looking for other applicable ListOptions. -+ */ -+ if (list_flags & LS_FL_LIST_ONLY) { -+ pr_log_debug(DEBUG10, "%s: skipping LISTOnly ListOptions", cmd->argv[0]); -+ c = find_config_next(c, c->next, CONF_PARAM, "ListOptions", FALSE); -+ continue; -+ } -+ - list_options = c->argv[0]; - list_strict_opts = *((unsigned char *) c->argv[1]); - -@@ -2554,6 +2601,8 @@ - list_ndirs.max = *((unsigned int *) c->argv[4]); - - list_flags = *((unsigned long *) c->argv[5]); -+ -+ break; - } - - /* Clear the listing option flags. */ -@@ -3019,7 +3068,6 @@ - - /* The default flags */ - c->argv[5] = pcalloc(c->pool, sizeof(unsigned long)); -- *((unsigned int *) c->argv[5]) = 0; - - /* Check for, and handle, optional arguments. */ - if (cmd->argc-1 >= 2) { -@@ -3060,6 +3108,12 @@ - - *((unsigned int *) c->argv[4]) = maxdirs; - -+ } else if (strcasecmp(cmd->argv[i], "LISTOnly") == 0) { -+ flags |= LS_FL_LIST_ONLY; -+ -+ } else if (strcasecmp(cmd->argv[i], "NLSTOnly") == 0) { -+ flags |= LS_FL_NLST_ONLY; -+ - } else if (strcasecmp(cmd->argv[i], "NoErrorIfAbsent") == 0) { - flags |= LS_FL_NO_ERROR_IF_ABSENT; - -@@ -3071,7 +3125,6 @@ - } - - *((unsigned long *) c->argv[5]) = flags; -- - return PR_HANDLED(cmd); - } - diff --git a/proftpd-1.3.4c-bug3744.patch b/proftpd-1.3.4c-bug3744.patch deleted file mode 100644 index c9079e1..0000000 --- a/proftpd-1.3.4c-bug3744.patch +++ /dev/null @@ -1,327 +0,0 @@ ---- modules/mod_ls.c -+++ modules/mod_ls.c -@@ -81,6 +81,7 @@ static struct list_limit_rec list_nfiles - - /* ls options */ - static int -+ opt_1 = 0, - opt_a = 0, - opt_A = 0, - opt_B = 0, -@@ -419,7 +420,6 @@ static int listfile(cmd_rec *cmd, pool * - p = cmd->tmp_pool; - - if (pr_fsio_lstat(name, &st) == 0) { -- - char *display_name = NULL; - - suffix[0] = suffix[1] = '\0'; -@@ -531,21 +531,24 @@ static int listfile(cmd_rec *cmd, pool * - break; - } - -- if (list_times_gmt) -+ if (list_times_gmt) { - t = pr_gmtime(p, (time_t *) &sort_time); -- else -+ -+ } else { - t = pr_localtime(p, (time_t *) &sort_time); -+ } - - if (opt_F) { -- if (S_ISLNK(st.st_mode)) -+ if (S_ISLNK(st.st_mode)) { - suffix[0] = '@'; - -- else if (S_ISDIR(st.st_mode)) { -+ } else if (S_ISDIR(st.st_mode)) { - suffix[0] = '/'; - rval = 1; - -- } else if (st.st_mode & 0111) -+ } else if (st.st_mode & 0111) { - suffix[0] = '*'; -+ } - } - - if (opt_l) { -@@ -614,32 +617,38 @@ static int listfile(cmd_rec *cmd, pool * - m[2] = (mode & S_IWUSR) ? 'w' : '-'; - m[1] = (mode & S_IRUSR) ? 'r' : '-'; - -- if (ls_curtime - sort_time > 180 * 24 * 60 * 60) -+ if (ls_curtime - sort_time > 180 * 24 * 60 * 60) { - snprintf(timeline, sizeof(timeline), "%5d", t->tm_year+1900); - -- else -+ } else { - snprintf(timeline, sizeof(timeline), "%02d:%02d", t->tm_hour, - t->tm_min); -+ } - - ls_fmt_filesize(s, sizeof(s), st.st_size); - -- if (!opt_n) { -- -- /* Format nameline using user/group names. */ -- snprintf(nameline, sizeof(nameline)-1, -- "%s %3d %-8s %-8s %s %s %2d %s %s", m, (int) st.st_nlink, -- MAP_UID(st.st_uid), MAP_GID(st.st_gid), s, -- months[t->tm_mon], t->tm_mday, timeline, -+ if (opt_1) { -+ /* One file per line, with no info other than the file name. Easy. */ -+ snprintf(nameline, sizeof(nameline)-1, "%s", - pr_fs_encode_path(cmd->tmp_pool, display_name)); - - } else { -- -- /* Format nameline using user/group IDs. */ -- snprintf(nameline, sizeof(nameline)-1, -- "%s %3d %-8u %-8u %s %s %2d %s %s", m, (int) st.st_nlink, -- (unsigned) st.st_uid, (unsigned) st.st_gid, s, -- months[t->tm_mon], t->tm_mday, timeline, -- pr_fs_encode_path(cmd->tmp_pool, name)); -+ if (!opt_n) { -+ /* Format nameline using user/group names. */ -+ snprintf(nameline, sizeof(nameline)-1, -+ "%s %3d %-8s %-8s %s %s %2d %s %s", m, (int) st.st_nlink, -+ MAP_UID(st.st_uid), MAP_GID(st.st_gid), s, -+ months[t->tm_mon], t->tm_mday, timeline, -+ pr_fs_encode_path(cmd->tmp_pool, display_name)); -+ -+ } else { -+ /* Format nameline using user/group IDs. */ -+ snprintf(nameline, sizeof(nameline)-1, -+ "%s %3d %-8u %-8u %s %s %2d %s %s", m, (int) st.st_nlink, -+ (unsigned) st.st_uid, (unsigned) st.st_gid, s, -+ months[t->tm_mon], t->tm_mday, timeline, -+ pr_fs_encode_path(cmd->tmp_pool, name)); -+ } - } - - nameline[sizeof(nameline)-1] = '\0'; -@@ -649,40 +658,45 @@ static int listfile(cmd_rec *cmd, pool * - - suffix[0] = '\0'; - if (opt_F && pr_fsio_stat(name, &st) == 0) { -- if (S_ISLNK(st.st_mode)) -+ if (S_ISLNK(st.st_mode)) { - suffix[0] = '@'; - -- else if (S_ISDIR(st.st_mode)) -+ } else if (S_ISDIR(st.st_mode)) { - suffix[0] = '/'; - -- else if (st.st_mode & 0111) -+ } else if (st.st_mode & 0111) { - suffix[0] = '*'; -+ } - } - - if (!opt_L && list_show_symlinks) { -- if (sizeof(nameline) - strlen(nameline) > 4) -+ if (sizeof(nameline) - strlen(nameline) > 4) { - snprintf(buf, sizeof(nameline) - strlen(nameline) - 4, - " -> %s", l); -- else -+ } else { - pr_log_pri(PR_LOG_NOTICE, "notice: symlink '%s' yields an " - "excessive string, ignoring", name); -+ } - } - - nameline[sizeof(nameline)-1] = '\0'; - } - -- if (opt_STAT) -+ if (opt_STAT) { - pr_response_add(R_211, "%s%s", nameline, suffix); -- else -+ -+ } else { - addfile(cmd, nameline, suffix, sort_time, st.st_size); -+ } - } - - } else { - if (S_ISREG(st.st_mode) || - S_ISDIR(st.st_mode) || -- S_ISLNK(st.st_mode)) -+ S_ISLNK(st.st_mode)) { - addfile(cmd, pr_fs_encode_path(cmd->tmp_pool, name), suffix, - sort_time, st.st_size); -+ } - } - } - -@@ -1340,6 +1354,7 @@ static void parse_list_opts(char **opt, - switch (**opt) { - case '1': - if (strcmp(session.curr_cmd, C_STAT) != 0) { -+ opt_1 = 1; - opt_l = opt_C = 0; - } - break; -@@ -1392,6 +1407,7 @@ static void parse_list_opts(char **opt, - if (strcmp(session.curr_cmd, C_NLST) != 0) { - opt_l = 1; - opt_C = 0; -+ opt_1 = 0; - } - break; - -@@ -1460,7 +1476,7 @@ static void parse_list_opts(char **opt, - while ((*opt)++ && isalnum((int) **opt)) { - switch (**opt) { - case '1': -- opt_l = opt_C = 0; -+ opt_1 = opt_l = opt_C = 0; - break; - - case 'A': -@@ -1609,8 +1625,8 @@ static int dolist(cmd_rec *cmd, const ch - ls_curtime = time(NULL); - - if (clearflags) { -- opt_A = opt_a = opt_B = opt_C = opt_d = opt_F = opt_h = opt_n = opt_r = -- opt_R = opt_S = opt_t = opt_STAT = opt_L = 0; -+ opt_1 = opt_A = opt_a = opt_B = opt_C = opt_d = opt_F = opt_h = opt_n = -+ opt_r = opt_R = opt_S = opt_t = opt_STAT = opt_L = 0; - } - - if (have_options(cmd, arg)) { -@@ -1745,7 +1761,6 @@ static int dolist(cmd_rec *cmd, const ch - skiparg = TRUE; - - } else { -- - skiparg = FALSE; - - if (use_globbing && -@@ -1987,6 +2002,10 @@ static int nlstfile(cmd_rec *cmd, const - return -1; - } - -+ /* XXX Note that "NLST " was sent, we might be receiving paths -+ * here, not just file names. And that is not what dir_hide_file() is -+ * expecting. -+ */ - if (dir_hide_file(file)) - return 1; - -@@ -2012,6 +2031,25 @@ static int nlstfile(cmd_rec *cmd, const - } - #endif /* PR_USE_NLS */ - -+ if (opt_1) { -+ char *ptr; -+ -+ /* If the -1 option is configured, we want to make sure that we only -+ * display a file, not a path. And it's possible that we given a path -+ * here. -+ */ -+ ptr = strrchr(display_name, '/'); -+ if (ptr != NULL) { -+ size_t display_namelen; -+ -+ display_namelen = strlen(display_name); -+ if (display_namelen > 1) { -+ /* Make sure that we handle a possible display_name of '/' properly. */ -+ display_name = ptr + 1; -+ } -+ } -+ } -+ - /* Be sure to flush the output */ - res = sendline(0, "%s\r\n", pr_fs_encode_path(cmd->tmp_pool, display_name)); - if (res < 0) -@@ -2140,8 +2178,16 @@ static int nlstdir(cmd_rec *cmd, const c - continue; - - if (!curdir) { -- char *str = pr_fs_encode_path(cmd->tmp_pool, -- pdircat(cmd->tmp_pool, dir, p, NULL)); -+ char *str = NULL; -+ -+ if (opt_1) { -+ /* Send just the file name, not the path. */ -+ str = pr_fs_encode_path(cmd->tmp_pool, p); -+ -+ } else { -+ str = pr_fs_encode_path(cmd->tmp_pool, -+ pdircat(cmd->tmp_pool, dir, p, NULL)); -+ } - - if (sendline(0, "%s\r\n", str) < 0) { - count = -1; -@@ -2246,26 +2292,32 @@ MODRET genericlist(cmd_rec *cmd) { - fakeuser = get_param_ptr(CURRENT_CONF, "DirFakeUser", FALSE); - - /* Check for a configured "logged in user" DirFakeUser. */ -- if (fakeuser && strcmp(fakeuser, "~") == 0) -+ if (fakeuser != NULL && -+ strcmp(fakeuser, "~") == 0) { - fakeuser = session.user; -+ } - - fakegroup = get_param_ptr(CURRENT_CONF, "DirFakeGroup", FALSE); - - /* Check for a configured "logged in user" DirFakeGroup. */ -- if (fakegroup && strcmp(fakegroup, "~") == 0) -+ if (fakegroup != NULL && -+ strcmp(fakegroup, "~") == 0) { - fakegroup = session.group; -+ } - - fake_mode = get_param_ptr(CURRENT_CONF, "DirFakeMode", FALSE); - if (fake_mode) { - fakemode = *fake_mode; - have_fake_mode = TRUE; - -- } else -+ } else { - have_fake_mode = FALSE; -+ } - - tmp = get_param_ptr(TOPLEVEL_CONF, "TimesGMT", FALSE); -- if (tmp != NULL) -+ if (tmp != NULL) { - list_times_gmt = *tmp; -+ } - - res = dolist(cmd, pr_fs_decode_path(cmd->tmp_pool, cmd->arg), TRUE); - -@@ -2273,8 +2325,9 @@ MODRET genericlist(cmd_rec *cmd) { - pr_data_abort(0, 0); - res = -1; - -- } else if (session.sf_flags & SF_XFER) -+ } else if (session.sf_flags & SF_XFER) { - ls_done(cmd); -+ } - - opt_l = 0; - -@@ -2457,8 +2510,9 @@ MODRET ls_nlst(cmd_rec *cmd) { - list_nfiles.logged = list_ndirs.logged = list_ndepth.logged = FALSE; - - tmp = get_param_ptr(TOPLEVEL_CONF, "ShowSymlinks", FALSE); -- if (tmp != NULL) -+ if (tmp != NULL) { - list_show_symlinks = *tmp; -+ } - - target = cmd->argc == 1 ? "." : - pr_fs_decode_path(cmd->tmp_pool, cmd->arg); -@@ -2486,8 +2540,8 @@ MODRET ls_nlst(cmd_rec *cmd) { - } - - /* Clear the listing option flags. */ -- opt_A = opt_a = opt_B = opt_C = opt_d = opt_F = opt_n = opt_r = opt_R = -- opt_S = opt_t = opt_STAT = opt_L = 0; -+ opt_1 = opt_A = opt_a = opt_B = opt_C = opt_d = opt_F = opt_n = opt_r = -+ opt_R = opt_S = opt_t = opt_STAT = opt_L = 0; - - if (have_options(cmd, target)) { - if (!list_strict_opts) { diff --git a/proftpd-1.3.4d-bug3973.patch b/proftpd-1.3.4d-bug3973.patch deleted file mode 100644 index 6013fd6..0000000 --- a/proftpd-1.3.4d-bug3973.patch +++ /dev/null @@ -1,152 +0,0 @@ ---- contrib/mod_sftp_pam.c 2013/02/26 23:14:19 1.10.2.3 -+++ contrib/mod_sftp_pam.c 2013/09/14 06:57:00 1.10.2.4 -@@ -26,7 +26,7 @@ - * This is mod_sftp_pam, contrib software for proftpd 1.3.x and above. - * For more information contact TJ Saunders . - * -- * $Id: mod_sftp_pam.c,v 1.10.2.3 2013/02/26 23:14:19 castaglia Exp $ -+ * $Id: mod_sftp_pam.c,v 1.10.2.4 2013/09/14 06:57:00 castaglia Exp $ - * $Libraries: -lpam $ - */ - -@@ -197,22 +197,13 @@ - return PAM_CONV_ERR; - } - -- if (sftp_kbdint_recv_response(sftppam_driver.driver_pool, &recvd_count, -- &recvd_responses) < 0) { -+ if (sftp_kbdint_recv_response(sftppam_driver.driver_pool, list->nelts, -+ &recvd_count, &recvd_responses) < 0) { - pr_trace_msg(trace_channel, 3, - "error receiving keyboard-interactive responses: %s", strerror(errno)); - return PAM_CONV_ERR; - } - -- /* Make sure that the count of responses matches the challenge count. */ -- if (recvd_count != list->nelts) { -- (void) pr_log_writefile(sftp_logfd, MOD_SFTP_PAM_VERSION, -- "sent %d %s, but received %u %s", nmsgs, -- list->nelts != 1 ? "challenges" : "challenge", recvd_count, -- recvd_count != 1 ? "responses" : "response"); -- return PAM_CONV_ERR; -- } -- - res = calloc(nmsgs, sizeof(struct pam_response)); - if (res == NULL) { - pr_log_pri(PR_LOG_CRIT, "Out of memory!"); ---- contrib/mod_sftp/kbdint.c 2011/05/23 21:03:12 1.4 -+++ contrib/mod_sftp/kbdint.c 2013/09/14 06:57:00 1.4.2.1 -@@ -1,6 +1,6 @@ - /* - * ProFTPD - mod_sftp keyboard-interactive driver mgmt -- * Copyright (c) 2008-2009 TJ Saunders -+ * Copyright (c) 2008-2013 TJ Saunders - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by -@@ -21,7 +21,7 @@ - * resulting executable, without including the source code for OpenSSL in the - * source distribution. - * -- * $Id: kbdint.c,v 1.4 2011/05/23 21:03:12 castaglia Exp $ -+ * $Id: kbdint.c,v 1.4.2.1 2013/09/14 06:57:00 castaglia Exp $ - */ - - #include "mod_sftp.h" -@@ -31,6 +31,8 @@ - #include "utf8.h" - #include "kbdint.h" - -+#define SFTP_KBDINT_MAX_RESPONSES 500 -+ - struct kbdint_driver { - struct kbdint_driver *next, *prev; - -@@ -252,8 +254,8 @@ - return res; - } - --int sftp_kbdint_recv_response(pool *p, unsigned int *count, -- const char ***responses) { -+int sftp_kbdint_recv_response(pool *p, unsigned int expected_count, -+ unsigned int *rcvd_count, const char ***responses) { - register unsigned int i; - char *buf; - cmd_rec *cmd; -@@ -264,7 +266,7 @@ - int res; - - if (p == NULL || -- count == NULL || -+ rcvd_count == NULL || - responses == NULL) { - errno = EINVAL; - return -1; -@@ -299,6 +301,29 @@ - - resp_count = sftp_msg_read_int(pkt->pool, &buf, &buflen); - -+ /* Ensure that the number of responses sent by the client is the same -+ * as the number of challenges sent, lest a malicious client attempt to -+ * trick us into allocating too much memory (Bug#3973). -+ */ -+ if (resp_count != expected_count) { -+ (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION, -+ "sent %lu %s, but received %lu %s", (unsigned long) expected_count, -+ expected_count != 1 ? "challenges" : "challenge", -+ (unsigned long) resp_count, resp_count != 1 ? "responses" : "response"); -+ destroy_pool(pkt->pool); -+ errno = EPERM; -+ return -1; -+ } -+ -+ if (resp_count > SFTP_KBDINT_MAX_RESPONSES) { -+ (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION, -+ "received too many responses (%lu > max %lu), rejecting", -+ (unsigned long) resp_count, (unsigned long) SFTP_KBDINT_MAX_RESPONSES); -+ destroy_pool(pkt->pool); -+ errno = EPERM; -+ return -1; -+ } -+ - list = make_array(p, resp_count, sizeof(char *)); - for (i = 0; i < resp_count; i++) { - char *resp; -@@ -307,7 +332,7 @@ - *((char **) push_array(list)) = pstrdup(p, sftp_utf8_decode_str(p, resp)); - } - -- *count = (unsigned int) resp_count; -+ *rcvd_count = (unsigned int) resp_count; - *responses = ((const char **) list->elts); - return 0; - } ---- contrib/mod_sftp/mod_sftp.h.in 2011/10/12 17:15:56 1.22 -+++ contrib/mod_sftp/mod_sftp.h.in 2013/09/14 06:57:00 1.22.2.1 -@@ -1,6 +1,6 @@ - /* - * ProFTPD - mod_sftp -- * Copyright (c) 2008-2011 TJ Saunders -+ * Copyright (c) 2008-2013 TJ Saunders - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by -@@ -21,7 +21,7 @@ - * resulting executable, without including the source code for OpenSSL in the - * source distribution. - * -- * $Id: mod_sftp.h.in,v 1.22 2011/10/12 17:15:56 castaglia Exp $ -+ * $Id: mod_sftp.h.in,v 1.22.2.1 2013/09/14 06:57:00 castaglia Exp $ - */ - - #ifndef MOD_SFTP_H -@@ -174,7 +174,8 @@ - int sftp_kbdint_unregister_driver(const char *name); - int sftp_kbdint_send_challenge(const char *, const char *, unsigned int, - sftp_kbdint_challenge_t *); --int sftp_kbdint_recv_response(pool *, unsigned int *, const char ***); -+int sftp_kbdint_recv_response(pool *, unsigned int, unsigned int *, -+ const char ***); - - /* API for modules that which to register keystores, for the - * SFTPAuthorizedHostKeys and SFTPAuthorizedUserKeys directives. diff --git a/proftpd-1.3.4d-bz1044586.patch b/proftpd-1.3.4d-bz1044586.patch deleted file mode 100644 index 2fca8db..0000000 --- a/proftpd-1.3.4d-bz1044586.patch +++ /dev/null @@ -1,348 +0,0 @@ ---- contrib/mod_sftp/cipher.c -+++ contrib/mod_sftp/cipher.c -@@ -70,6 +70,9 @@ static size_t cipher_blockszs[2] = { - SFTP_CIPHER_DEFAULT_BLOCK_SZ, - }; - -+/* Buffer size for reading/writing keys */ -+#define SFTP_CIPHER_BUFSZ 1536 -+ - static unsigned int read_cipher_idx = 0; - static unsigned int write_cipher_idx = 0; - -@@ -369,7 +372,7 @@ int sftp_cipher_set_read_key(pool *p, co - */ - EVP_CIPHER_CTX_init(cipher_ctx); - -- bufsz = buflen = 1024; -+ bufsz = buflen = SFTP_CIPHER_BUFSZ; - ptr = buf = sftp_msg_getbuf(p, bufsz); - - /* Need to use SSH2-style format of K for the IV and key. */ -@@ -530,7 +533,7 @@ int sftp_cipher_set_write_key(pool *p, c - */ - EVP_CIPHER_CTX_init(cipher_ctx); - -- bufsz = buflen = 1024; -+ bufsz = buflen = SFTP_CIPHER_BUFSZ; - ptr = buf = sftp_msg_getbuf(p, bufsz); - - /* Need to use SSH2-style format of K for the IV and key. */ ---- contrib/mod_sftp/dhparams.pem -+++ contrib/mod_sftp/dhparams.pem -@@ -5,131 +5,142 @@ - # - # The file was generated using the following OpenSSL command: - # --# openssl dhparam -outform PEM -2|-5 1024|1536|2048|3072|4096 >> dhparams.pem -+# openssl dhparam -outform PEM -2|-5 1024|1536|2048|4096|6144|8192 >> dhparams.pem - # - # Note that these DH parameters should be refreshed every so often (e.g. --# every few years). These parameters were last updated on 2008-09-07. -+# every few years). These parameters were last updated on 2013-01-14. - -+# 1024-bit DH group params - -----BEGIN DH PARAMETERS----- --MIGHAoGBAL1klKb7HRp8xd5Q/bg8V3ZwqUg3IHtYt8Wj3gnWqvNYoWvfm29E7XTd --Quxo6gbqELBhjvHjZL3LRcvoG+fkXvtni5AW/3cImU2V1NOu6r6GqZTPmbMx0S/2 --XN0fij5kELsXN0GWhMnd+//3seg2qxqeSDvuAPo6s5mP/i61nIFLAgEC -------END DH PARAMETERS----- -------BEGIN DH PARAMETERS----- --MIIBCAKCAQEAlWOEyCrWQg2fe22ZF/Uhjjl+kOBRkfsGz+ClmJqZ25V8OSv6gkFS --UjOQ50n7L2yP1qyVxeez63dP18IFtqAZMCUav/BbMgt1LooHDmjCIkU7kJVp9r/b --0lpawVygzrfhf8X+0CqoZ0AOr++jl6x/k2vTpJbWhbGI04ZC9LFDB4tg9o8MLuK4 --0EPjsyfNtq+MbcuZXe6N0fxC1UB1ioBEzS4jVyfB0mqwcXOUxCLh4ejtXX/IL46Q --RjRR3P52AdO+L+0CRRQhrYyf4bllkDhHs82V5xdQ/a7+ZRbsvHDb9JDFTZhexMhw --Y/tSBQ8blmE50dioe6VlYkGLA+e7vqaJIwIBAg== -------END DH PARAMETERS----- -------BEGIN DH PARAMETERS----- --MIHHAoHBALOPItPXrqsiUjPIuJJp6VujphDhwZm4ppzhANDLc0kvphQQ4/QqbNZd --G2QLKzC7R/HPX0JWsYk0sbqnxQ3sc22M8qzlSWNDQv7yaFRGTKmLWDQIyfTM7EnI --oGCP5uKBcRgkFnBtrNMTD2vCCXWb/7CZvMGEYFK+GNIvGGAnGzuwlM4ZpaOXnW5v --oDFCoeKip3lhrrQ/VXPfqYs2wVTrEtBrFUmqBmQ9U3R+sNOrx03Fjne2EuwCxhxn --/YoKL/FV1wIBBQ== -------END DH PARAMETERS----- -------BEGIN DH PARAMETERS----- --MIGHAoGBAJTimNd8/geU7EhynM43DgfsK16oJF7NZWIUUdRc704eKwaCaqEYKyYz --aA7NMBTT8HEpLHvmBK7KOzY9nn7J4Po+Y8HoV5UUpl23WtwePceaTZ2S7oDkXnLy --JLK9oAQOOsJeNnvSYSs9k263MPoHWyh67VqATWwrsnH0YiXdUU4LAgEF -------END DH PARAMETERS----- -------BEGIN DH PARAMETERS----- --MIGHAoGBAK9UWSbL+3jV2SPvE28dK11Evdi9813vfTV49TS1xCGRhHMQKFmpCHQP --GIa/kbrONOkJ7WbRVQHuohN3K6XOzBDlvBLx59pOL5KWE0KX5y5tiCbpksyJ6jnL --84yi95u/zHiWQi9eAbFI8K40sR7KC0YXq1gqBTW04o4DT6746LqjAgEC -------END DH PARAMETERS----- -------BEGIN DH PARAMETERS----- --MIHHAoHBANwf0HdsXC5BkFrUv80XYQl84eZIRbcllfBU466t2DNWw6kDl9ArsTYo --LVhoAbws1SSqtQWtlDNg+cJ9SWIFRKS8RrNoHzacJvWH1utJFwtNtOYdnOSnyxzt --caQwSH4pKm1S+4TwMHG1js1n9IcNEkADa0VHTsEZWhGvMYqZ9LsRsTf167lYvJ5B --GVJnN8RxThkRUl23iE2Wa/5I9lNQeAVb9BAVZCMw9p/1/IWkAzC2571TGQE6oXfR --hAMNXHDHKwIBAg== -------END DH PARAMETERS----- -------BEGIN DH PARAMETERS----- --MIGHAoGBAJVRHDXca5zLOiUtl8dCD56IoIlppP6jmF2WAeE11GapRy9IT7LhdZTl --Ku1ZB/vnBL3sRsRjksgv7gWH5Zqo4kVWmsDDqErWW0b7z7WpvP3KpS5nMYGnT86C --nGVzE2/kOtdtul+QAhTDzdbm+kHhjHoH5OX0STto0GB2uXbHkWB7AgEC -------END DH PARAMETERS----- -------BEGIN DH PARAMETERS----- --MIHHAoHBAOQWHYV1Q6nICm4gcSthgCvEnatBfN/sZpC3vQD6rc6Dp1R9WhiVdKML --kRABgYwKSP/+xq37Qs0uyFz2ir3EPxk5u/Rkx76770KqFBM7hx5MuMeivK3Qw9qo --6tkbco7K0ZE7YGCgyy4b++rhfhyNhbI3qprxN1h4WPxouFXYjyXNVZq9mFe0gbPD --0xA7yHzsJvU6gQ/RuhChhqCiirjmfnuSE7ej0fdW2hXIzwThnz7AiAqP0VNQiHBd --/K9hLRGqmwIBAg== -------END DH PARAMETERS----- -------BEGIN DH PARAMETERS----- --MIGHAoGBAJ5fowbgIsajHjtkHicf1EpLP/OoYoexGHWvKEB9KdoXNKSTXmSYcagP --gm3axwtp7CbmpzcNipc8MfIMQEozkwsvsy/h5fgVIxfeKvPaA9oA8PCwZ8kIVzaf --vkVxPWRu+Azd0I+DULJuEwBqUDd4cJE1WQ2BFIdaH5nz7X2ATPePAgEF -------END DH PARAMETERS----- -------BEGIN DH PARAMETERS----- --MIIBCAKCAQEA8tUOZyM0dTIj0ehiRUeX5Y5S/BNl2HLbQHxcYtb/vpDM58ebADuC --xSESbYcjAxBXbppWZOlDFP5VWr/fTd+5357MQvlFMZM32GLUidrF82Ur9u/GN3jX --w1Z3TO7tOiIp2uxXbRvlJhUE0O+/G+pvnQsmbS0aBFDmZdd+u7HBa/3LIAlbBpdg --aPiEgbXM5E52F5BK/5L47KKAzSLCgH7YxVFyWgKXicryMgJ3Kh0+gMVTBF+9iw6/ --n5Eam0m8f9bry2mE3Gi8ROebIHNYCa+JaUytLPD/kXRAbU5lUXp7eE2DO90+OhJa --wjEMoNGY1OTbNLaXg3WkhF2PPxQoTSTfAwIBAg== -------END DH PARAMETERS----- -------BEGIN DH PARAMETERS----- --MIICCAKCAgEAiWDATfwSP6kPZTeSaLlu4IV5gW1nsutKK1l/CQVbNHxDFtt/JeIT --cppatvo239b0bfgVApt1+i5SY+z0LeU+1RG2s3pgaASeCYz0CxogYEF2/v7Byrtx --HOtNu9qeJH2mR2m0pZsV3ob6wtIXAbGI/JQkbuLTmsa90pLr8kJZ6vHk3N+71ZWG --ndHwYn4iM23bFo4gQ92qgBMfeLrfCDaHvTdKNpIEyPLTLiSwSq+TuOPApGJ3s7qV --pV3vx51QcCQN7EjMt5i2yjIHJwxI3ivRsGCQPgphHy1mfNoY9e3OrDX6fvhKaaPV --r7EUc2uF1Qd74no9pUsco5NZqC+vNc9pqIRuV0WP68L2VyIxZDxaWsS4F01w7JAT --syfswu3IwlNUdk4EAE8JaVviqhTCfdYgJ6j4N7xvpOm03tJycbLcDmNKSuVWvKx7 --9r51Wjc4ItRG+MCdKGMzQ8SJlN/ZK2Xb78E2WDVYoaai2VCbdx/rbT3kIGEckYIU --l81rNYVFiYTw3Zo/+kh5IUPYs83OplMf4YUixc+jDRXELbR4hLeV/5teyl6qC7RY --abbrBvvDqw1wj8IeVm5Cf6SJGXX6inFTRzsRMmv/UgnYUg44Ysw7iRfgP81uXfWb --3St3OxGYsfZf5sgDTvWD27UFOndAlQS4iZGvX9t+zT8h0/EBBh/+U6MCAQU= -------END DH PARAMETERS----- -------BEGIN DH PARAMETERS----- --MIGHAoGBANX1fgb+NbhP/B1UBb2K5uj1+26LXi3+ng2SRUQJiNQT12OhzEPnIiCV --F3VTbFjmp9gd8ReJNAMzImSS1XVw9iMYClsRxkctygprYe0oi+Wx8xb1sAaJmnxQ --Oz4pwKBbaz2/pwykVkSYO+/3Fcgb176FFbwdzM9icXLb5IkpgKpDAgEC -------END DH PARAMETERS----- -------BEGIN DH PARAMETERS----- --MIIDCAKCAwEAjkFOPge0h7o3ogiTDJgkwk85Xwkqd+kFM1NVy4HFZXUcPH2B+f2X --rwrhuzGbDNURS0QCtVsTdJSMY4qfNhYZBeHi8bpfZSZ93KivUJaSi1E3hF+8mJey --MC7Byi0rYdZSORd2n7oomqMNR/CIMBSgct05+CHbmnNWi1fqsnfdsjESV8b/Gu+4 --oJP6mdazE0jOjOcX1o0/fiQVQDM8+krSbvOA/DXabUAEU5n4X1bO909aUIJL9M99 --aAUN8w11uAy50elGgu2y/A+Ap7kgrCgQ4A2/OyRmq5+MBgILIq7L7HWxA72wKc5Q --iNNBLjSySFmUf8kT4yo1PpO8j5kSqJT5KXG8Q8FxvECww5vuKC4mNA1E13ITnDgf --qcG1KfIT1hTW1GXSoqYQfO4kVmUk5AnKK6K4eUFVZkZWE2Kys17YsYepG6TKxCU6 --xBwcivDoKqr0NQ/8NLerdNOurDj7myurWsh7l9RJIDSuTCHOPysy+5xvE1upQBSh --BxtRXKL6cQ3yTqo4Tqg6hrYACcNatXyPBbF1B0dF7uQ1O+Qjdrg4WHF296T4YKTF --aa73jb+x/DAMXUejLVDb6Oi6wapYVUZtLIgY9ezToPNnTtMISNISNesZZGb166Dj --+k9InPD60Yk0wjQge2CRAUrlMOrOuSpUkYLXPzqQT7wYTZLuxXdpJXqdjrcg6ru+ --e95vBSluapMezMtRF0ZBZSPq9NuKez37gqB4XuxYWyXK1Zt6ler8U5WO6iEPsotF --h69pKvuTYbtP20SF2nZYDxbHgGjXugnjI6rD6plYih97Y5Nak6IvuYA3F+FAtpXr --kS3qbDBKIsPkNtyXOaUuQY0PZZRzl1+0upSdkmewyAz3qoC5dzb19xBfHrvpwUjc --kBhmkYzole3dUQuxVU1Eu+zlq0VPedOAJdhZs7BDDnOWRZwd14teo6hhxuleT8Of --fA1zSuozB/YNpGxdtYt5XMO3kNR4gNsurDz/5JWxRaz21QxpFVodZmy5WHeddj79 --aMXQhuG1qpc7AgEC -------END DH PARAMETERS----- -------BEGIN DH PARAMETERS----- --MIIECAKCBAEA2uLCDvJnPy9O5w9VnUJWlXlo6/bUZbYSCqgsUUHU3ZUyWZV00M/h --SFECq78SvsqeVpdDqLkaiq667AsmXUkIcZIfPfp/lgwsxcPjOICQItxYWqs6OauO --QmY9OTeIXzEt+XSoGIW7r6mJcPFbs2CGI5VOMcdCDeIAQC3PP66ZHjwnifqjpmPK --6fXCa9imq35EE5SAc+zBgf2Tv14TR5T0sHzViMxVSo2tAyTu5vmZJebZk2S9Kj4M --CotC7Hv+Xj7zO1gxQns3ourbaRfPh/C6uQgBNBOBbVcCYHSbzuGYn0B4xm7et6c0 --3rXFLpf7x0kka0sG/6PMLYI7qCztqVa/e3SupG1S69CsY+UiwKUxjZlPYz4DelHT --IfJ0Anz6qQqSkdr4b8HcSL0X4OCAci1xpC/9OW1Tx4iW2fXr8TYIhY1+aE63ARyn --qpWFfWhE8usd61UyHeVjHWgugYhjHAUgW/2iGS1O8gZz7tcuq20IuOvWennbvRgq --8j9QyRIgNcoSj41Y8Tm89pOxFHkuU6UeQ9B7sgMjCi2g3baehKKGVRbH+SC2SVm7 --yKEAcyx4fKKlNkOxivX4gVAo8GtEWguVIo0e/bqBDqf8L+PyGdbbJ7E+oiJ00hiS --UU+go6WBwrrbgxwvbZBFQb4RDZukYe89kmwIV0cmLd4CUWkg04ABH1C39AoGvfAh --e5oFk+1omSQNMDKVlW4EZ8C9ZiaC89R1DNijk4SWkNQJKl6R3DSy++Papsh+b3tb --Ct/OujxcuuNeURy5P526IAZ+5aOq9WYwHrcfGGgp19Mq/f1M4JGvHd7C7+T4PHLL --Vulu3OubOT3Le1q7c0gzw43hlGj0dAImvJYOdQymHBmQYmMgRjVSYHkZQLXkLhAR --v2dGQnlA91AMLu8/WLgzilPORSbTf2zFujVbbRdXlBoQA5bj8A/aQCaHfZFV313z --c5VgfwwGFx56NH7wRmVaIu6yTnCLro1mBv4/grH/KZa88+gYhbOFtlkkPVmnr+dA --mexO24xVLOY+AU6Pqxae6NBT+FCbGPNM6xb0L4UMnD3hLbKf9+S1u5uCeNYtFtXx --PYkwp42MMM5sXRcEOFncEoEf+g0EckYceV2SlyqLpxGYg1fT74gp6AooBPAtHAko --5QuqvQqf8IwnP5iHYOGkuzPSVyTgknK0nRYvipC2T+3zlBBHj/vSwCQvXSY/zym4 --572KJXxdoBT9ZYjW5m9pKb636Ai2bh0tnAVbyZRuDWP5v/MbBs7lXYh+dNLhLkpu --vWvGa6JMHp5GYlfSgpD0JZhu93/RshPc6GgizJyHbgKvDNzHyYUzSZQ7PzSKU83O --f4pMJdYHvuGVdOJG7nwIYouX8t/zYxQzOwIBBQ== -+MIGHAoGBALbvOMiSzkUDxrpE0v150A1+hi9R0xSbwk2nyGBHznfZtvi3prJWIZwS -+5WPTZI9QCUCGIfGt8xfVrzzzfmruEFUZK9Tz27mR+7dPiet3c51niPIOrBlUCeTB -+Kz/urIJMeUcoUcDSbIeajAyLfwkWvLP44i/n7fDW9rsuzef6Eq+bAgEC -+-----END DH PARAMETERS----- -+-----BEGIN DH PARAMETERS----- -+MIGHAoGBAM5hpw0SGB0LHC0hN3Cp2rwnRPQtgvywaj1Ju3odzswLaxYriqQODBCH -+psywSpi5WAU2R/WUITW5VWLHlI7HpCJwNXG9s9GmHTelCGvBEd/c63jJlL6VjyOe -+M2OW+RDONoNFTXXVMmPayuUq3vfWFPGcSRZg5CI+d4Xma4eRPRxbAgEF -+-----END DH PARAMETERS----- -+-----BEGIN DH PARAMETERS----- -+MIGHAoGBAKP/HXSZf3Pbpczrl3tvL9L5g+vWsoBQWFA0PglX/RUV7wd/hgiRdcJG -+MXktBIkBDxtdKZM5JKu8d99e5Lmbw6puluLF1lA8ZJ/lcIhojnDWQZ8bFBXx2DJ9 -+DpDMMX/htR8u+cnPxeKDw2gnKjuN39Ku+1IdBLYSl9iu4GEwk9rDAgEC -+-----END DH PARAMETERS----- -+-----BEGIN DH PARAMETERS----- -+MIGHAoGBAMLOI4dbum16dz3CVufbtZ/90kC92QElRU2yfEwQdxsufkcYd+uEPgfx -+vD0PCMdCl2zAHfMjMtGCrb+8pTiO2eaC/4/wd6z0LUciawZo/dSE3n7S+D51ZH1I -+IN1OyvIhMMBq+DyujB6t9jUlrpXriXdcvmv78R83uT6TwwhFtRXnAgEF -+-----END DH PARAMETERS----- -+-----BEGIN DH PARAMETERS----- -+MIGHAoGBAO7i+5IQHjs6tHh5LXAwvD3XXgxyE6j7e1KWmgHDFg6GeEo2UZLu07Zt -+Ynu9srvka3KsnzdDEqtQgZk9C1aRMpqYoy0DFptVHNFjyhydIwB23Eh5a5xmpCzg -+X4yDC+2ADrU2PC0M+T8FuAOWvd3VBBrnm3msoRBRy26IKBAeDi5jAgEC -+-----END DH PARAMETERS----- -+-----BEGIN DH PARAMETERS----- -+MIGHAoGBAIBl4JEof+IcUS/j+PnkmeYNLUtGwi/PrQ4xv5Q3V0aiy/qIOX8yYFIA -+gwBidaoqPkG0CAAYO9o8gvFhHfJHd8B296mYybSHSGI2G6TVP3xdZYNmqG1lAqd/ -+Vqmj+CvmkYsgacDVD6P8yOLrF6gzBb9PxVNOFqPhNX/0yOXBr6YTAgEF -+-----END DH PARAMETERS----- -+ -+# 1536-bit DH group params -+-----BEGIN DH PARAMETERS----- -+MIHHAoHBAJkp+TbtcuMfeImd5XIA7pKwGjtrcVtNpRXB4wlRbpJpbGGQcyCe65MJ -+Kmxs8sndPv1S19fTH+3Fcp9jl7JmChHs+TcWqIpvmrBFRZ/5N2bf2fgimi7hSWWF -+JwFdb9zpxUNWbAcNnR/jZdqQ61wweyUT0sfGPH+0xNRbtc1Ct1E95o4+7Os82Lh1 -+TKokivVwwBf9m2vmCFEXDTgW0bLLqNRH1CQ8juEiw6i/zabmkutPPhKN0uxA7j75 -++eMc/DVzlwIBBQ== -+-----END DH PARAMETERS----- -+-----BEGIN DH PARAMETERS----- -+MIHHAoHBAKhfKa4EANC76yzSGF+/8UKQnSzjhMDyqOmWlrvb66CTe4T6gTtpECkm -+8KDmxuN3HrlXgkEQoMh4rgazpx3UG0z8T6aqQXFZmAVMK/Yp++9H/EzJhTyntJ31 -+hz3QqkoZgznvKx2vF+Gmx7C4imd+EIi7b/Lz/yw1P3wIGt1t3rznudc46BfPbRMf -+7sEQ20na5PEY5XwX3V9u2X61HM4YGto9XuNVL3uU70bxW6pceFBzdzVEadnXaJyW -+00bevXWw2wIBAg== -+-----END DH PARAMETERS----- -+-----BEGIN DH PARAMETERS----- -+MIHHAoHBANdeoQj9jcGLATPLTqI4vpKMgqJ5fuOe+8yiVVTmDGuNzDL7lDj5JMSF -+lrpG99IPVb6Cy+kSAyO/PBbTkj9nPzls42GKmABjb3PHYiDIBcYq4xfP7Z/PEH9J -+YIT/9PQVqVRFPHnzdZcXtaS3H6ve6npiwvgwPCNz7s7MX9C153XF99T0qCA8L/a+ -+KsnKD2aaqsxi/6Njr7sBly9l6qre70lONzeOLzcwQSRq9l2pjSMEekJPY6E3yPPy -+MA4GLMlaKwIBAg== -+-----END DH PARAMETERS----- -+ -+# 2048-bit DH group params -+-----BEGIN DH PARAMETERS----- -+MIIBCAKCAQEA6Y/KjtYFfcVooSk1p2pvVbqttLQNsMIC5t9GSyWlfCBoFPqffXsm -+XVkXuy3k8zAjrdL3rGx5/+c5wlYfVAzz/q3rUR+mFEPQKgkvHKUFy0ubG0Wp/dBI -+KZ+vkK+CK0NToKAdXv8G3TfCefw9dI/Nzy2j/wxlUFapFwnZocPXUlgQd52mdCsX -+ACqZ5imBZcNQzwcEKTr2jen2l+NE2CKs8nJFVwcSlsFPqEB+7Yh1GwZik1wmBxrT -+PwPMrTk1u9CqttF7aTZBHjn++e4TkqrQs1J04s0LjdvzNVaEcUfPPiTH+68KpMwj -+NcAuMC6BV3L42Cald1HocD18s07VPcqiUwIBAg== -+-----END DH PARAMETERS----- -+-----BEGIN DH PARAMETERS----- -+MIIBCAKCAQEAo+GoaemZ9KjBgLgwGZuObOQ/hQSoK1Aka/fPoSk3ECokqb0KeeI4 -+Ai8YVup6WIJigf//UTZFgHXENUsJM3sSTKHe5l7LtQIkb2oPQFfzTpp2OOMceRkK -+eXpgDYBct0T0KDAJXV4uB+l6PZfL4cOLfSMNCKTg2ptGGLbbqYPLd7LNwudpe1wO -+0KB1GFEkB2ZEPTIkQx2W1ia5EHta5zlXRqa962Rbo1t5fdiM3whVTqlgKNNC5/zv -+wH7vHqyJyqVOKQyjXPsT95iBTo1GsXRz8oLXchrTybs7yfilve1eTCnQKfiZHqKw -+50XSRbAiSV8ephW8mbwCOLthruMKT7GDTwIBBQ== -+-----END DH PARAMETERS----- -+ -+# 4096-bit DH group params -+-----BEGIN DH PARAMETERS----- -+MIICCAKCAgEAnlCYvstlmd2VCDwdI8u0khgNwpuGmjPv17RSGCnSjx6DjuYeOqGn -+AqOjSEyDuoNx8KC6mZF5HKBoQ+nDeJ3O4y4NnZj1MaEFViu3a7XXu6Ff/fLB2nl+ -+E1ryt9vk6d9GNgOF+JfB40SYsPnfX0FHd/MqJh4KQbkWoPzgfK4bgxNZUmdtFxbP -+9jO0t08nEoBGAL6a6nx7AN/mSgdOh/CEjNP7xKGTuNLv0Lq3FAAJ4e0PDjFYb9TI -+KRcwVIYpqt/DmN1+hCQ8O9GaC8gs99Gqyi4G6Iowq7oMqV8KRNdTNnfD1t3SjupE -+xFTUeBw5FiB/44Vwjiahz0PJVQggrAUadqCrqOi1k/C7z/UpwOvpBVz5162p633H -+XntMUzmi0JoomT+nR5je6wlJnpcvOeIn21rLOwkXDWmzrb1J7KYxnEa0F3fEck4P -+V9L/dICTCBiTSq9bQGjCy6Mtc0pbW8AkhpoBtmJGhsB0+t6J5nLrleD68ePPEC1e -+4kRPc3cJJPIvbMNxXPCYwjsP+AQcbxYvOlPPyDeWNj7AWQjMIAEOpBw76itfy7JP -+o+Wz5EkpUtvK9Zqo4E8719U9R0aIVhsn+DX5l5Z8XKU8wZjUwK/Fg2tIVq8tXi7/ -+WuXBUe8mHU+7bUQR1GRgBaLYiOERkNS87MPtbQ4I/pmfx63HIfOj67sCAQI= -+-----END DH PARAMETERS----- -+ -+# 6144-bit DH group params -+-----BEGIN DH PARAMETERS----- -+MIIDCAKCAwEA7WbPJRW6ZqHQQo6DFNV/exYBDYXTgHI8sOtX4ZsmckeLnn4MNWDx -+rHymGA6EJqz7Iu3tlPqrZnAe/mOXJZVnWMdDrXaqufXCWA1GA1nOBsX2zjEAA4Yr -+kOtE2JyNQ647gVWkZlAPNB1f0Tt4wuR2jvzMYmV+mcMfxurBoOhki7SibHs2UEvb -+iFwJQM11b5W5NRQZpKnIpU6hWPGZMkSIBX7sIoMX9y/a0BVFqAXS8rLgmWh5RcQu -+WqZPyZWHh+ctKaR3YPHyxX1kKUdFMxZVwXmnDJJeeT7NiNZd5OSJ5Z26XBoZufED -+kzvpWigSJmMmfKXaGcxExrizRSBjjAPhc784yXZcnwR2nJB3svvuCnbfO6aoIbVF -+78FtqXFiKd75mGTrPTdgfQH3OdjTaFZUp5JScpCfNwtDaWtvbgQ5x8dfxHcu/7CL -+W9SeEvlCOwWiFvd0BkE4kRElUIzzLh0ufHHEhywkVGZIicL1qz+eeeTX8V6FmdRC -+u2xHK5VtT2/yTMtDA48J5H7YTrSOiC+kgmaud5EAhxMidg4QqJa8jZYJIZpvwsEw -+AC3mUv36RkJIhuePybaoa1U1TwSWwGg2dHqidQ6gXv0t+AXxxicKFBiKKMN7DxKo -+DgA5asnrUv4Z/bfMU4yGgU3gkiJ7Sczra5N6UEJhCBScBbCI+KUXSsWpeZd2dwim -+ELxyC2Da7wIYqJhe9KYRXOoauRUy+LMBzwbKQ7nS2Abw5zON5ANlR/KJJ4H+D19+ -+LN7WDc1Z8SoF59wbboAmNKjTuUV3Whh0GZuxnd88Fw7DoSWIMe++DoxIvdCRwrFz -+Ra/20ZCi99N96IX4r0WocACIG4ukPUInsup2qxMS7757gzcabD2T24irn9N9aJDf -+BefKcId/iJBFRK/loSOXT4jcyTWQqID+spA9VhIcuGEBir21R29fU9fActctWOby -+URKTuULh6Wqaf46B4suoL8jmvtyEJIwZ6zzD7mWLKv1665UD9SbKciKoy2CQ+AfC -+wnKl1+O4DPcbAgEC -+-----END DH PARAMETERS----- -+ -+# 8192-bit DH group params -+-----BEGIN DH PARAMETERS----- -+MIIECAKCBAEAxcFcwEBebGISxZbtnocUuiv8Z5GoFb1fi3szRz1y1j6Hwe8mTzVM -+oKeZ5QvXE8ZWk5Alnw1phfe7yDZan4BVqJ7U00w+jaUy5Y8Tmo34uSTTRX61dpYS -+vBZsSTUEkteqWBbVQRz4l1NQ9eTVXchGAJeL9JzlUFZQbwUXfQPf95wg7y56jcqK -+fYjqQWZZgpsxFyn/MFOq7+HQeLYGqRbA1wnKkKTF8ERH16PjChsnjA1i6rH5Tb9C -+k0rpIYkZGj2pPoiNoWBEiJagYbt7XjnMGX8UPsQW8ImzoW+JIGUAHCzFZSnFp5eE -+ZCL7Q7T8Z3/9RAxHhDUh8bxhWsd9K1pGZ9XYCF4b4TKBsc6GCCmhApgbcTE3/BOO -+qLc0tu3sl75GU3wGMpiw97J8SO4LIgMKH5f+g30YBYXPY7z1Msytf6lVKrC8Lzxi -+h69nckj9QjtPY4lYHH0q7K3bq4yuQob4EPF9WBrMzWw2roH6Jv8clc9gDcqzqBkk -+zn2pKDlR2rFQ955O8A1/yjLIc21T+JwmpYYF7agRZcertzHipyoRkTfS08yQQJjg -+cKovqCueVqBNZQvogJKzJRIs5YNQX7i25bH/4JPOG1YIiV7AQ41FQLItbsnB6qS+ -+U/AzGLH/hd+y2fYsHFCLdNIbsvpmPiyEwJBMCtJ6YDSu3CqMhg4YddR0X9UszIhV -+6wo/IhjNJur5AxYmVANjTyVgP48wDGwZN1V6KyCSYLjQk/tt/PY2CybRAON2ac8B -+ud5RN0PT7vJcw6EiE5gv/IB5dNIllhqAcjBx/lbbc08uwjN+5LN/MWCIy2CyZCOz -+wj3Pzqvl9QfFSFLTKFXMzxQcCKNrBmQL0t0n4X2YAD4ZJPiT/sRYQ8twXpmtKcmr -+reXQdxuphB5XRfkawT7yJBVWKAxYiVWRfAqNHs8gjt967YK7nV7Xt0wwb+r9N79/ -+rYqJFtXiGV/Z8/pUfCSAUoe79NftuzV7AH9C2gMOo7iP6uOeevv7oAlOnjpoOcRl -+UnHTC4mZU5JvOF3Nbu/KRvwbX4B+mqq+O47OQm3tvNoACejMYihMlT48G2wgB5bb -+0QJ8BxmgpLL4P+K1tZsvu0V5oRHkQ10QTFFsPddwGA+8Vw74dYXT+41RQBNpWgP+ -+j/zRPUAXCl3FPQ/Hj7hMnBHPQc0HWaQF7XvQzAsWj8EtvyiqZoR4mIkGHOxGCV79 -+/2Ko2JCsWLqo3y9dwX09Pf2pPhBUeX1GWfCTZGEerLch/I3Cihf9JQHQ03H6gMRM -+FSRogNR62d2YmBjZM/xwWdBjpLdWNLuPRnYnbwJXs30R/oQY55iRdZdjvwPQl2uR -+9ubWhepIOmE7t5+1o0JiA3x1TX82NHwsGwIBAg== - -----END DH PARAMETERS----- ---- contrib/mod_sftp/kex.c -+++ contrib/mod_sftp/kex.c -@@ -2007,7 +2007,7 @@ static int write_dh_reply(struct ssh2_pa - } - - /* XXX Is this large enough? Too large? */ -- buflen = bufsz = 4096; -+ buflen = bufsz = 8192; - ptr = buf = palloc(pkt->pool, bufsz); - - sftp_msg_write_byte(&buf, &buflen, SFTP_SSH2_MSG_KEX_DH_REPLY); -@@ -2385,7 +2385,7 @@ static int write_dh_gex_group(struct ssh - } - - /* XXX Is this large enough? Too large? */ -- buflen = bufsz = 1024; -+ buflen = bufsz = 2048; - ptr = buf = palloc(pkt->pool, bufsz); - - sftp_msg_write_byte(&buf, &buflen, SFTP_SSH2_MSG_KEX_DH_GEX_GROUP); ---- contrib/mod_sftp/mac.c -+++ contrib/mod_sftp/mac.c -@@ -69,6 +69,9 @@ static HMAC_CTX write_ctxs[2]; - - static size_t mac_blockszs[2] = { 0, 0 }; - -+/* Buffer size for reading/writing keys */ -+#define SFTP_MAC_BUFSZ 1536 -+ - static unsigned int read_mac_idx = 0; - static unsigned int write_mac_idx = 0; - -@@ -374,7 +377,7 @@ int sftp_mac_set_read_key(pool *p, const - mac = &(read_macs[read_mac_idx]); - mac_ctx = &(read_ctxs[read_mac_idx]); - -- bufsz = buflen = 1024; -+ bufsz = buflen = SFTP_MAC_BUFSZ; - ptr = buf = sftp_msg_getbuf(p, bufsz); - - /* Need to use SSH2-style format of K for the key. */ -@@ -579,7 +582,7 @@ int sftp_mac_set_write_key(pool *p, cons - mac = &(write_macs[write_mac_idx]); - mac_ctx = &(write_ctxs[write_mac_idx]); - -- bufsz = buflen = 1024; -+ bufsz = buflen = SFTP_MAC_BUFSZ; - ptr = buf = sftp_msg_getbuf(p, bufsz); - - /* Need to use SSH2-style format of K for the key. */ diff --git a/proftpd-sftp-dh7680-bug4002.patch b/proftpd-sftp-dh7680-bug4002.patch deleted file mode 100644 index f528f48..0000000 --- a/proftpd-sftp-dh7680-bug4002.patch +++ /dev/null @@ -1,68 +0,0 @@ -Index: contrib/mod_sftp/dhparams.pem -=================================================================== -RCS file: /cvsroot/proftp/proftpd/contrib/mod_sftp/dhparams.pem,v -retrieving revision 1.2 -diff -u -r1.2 dhparams.pem ---- contrib/mod_sftp/dhparams.pem 14 Jan 2013 22:19:05 -0000 1.2 -+++ contrib/mod_sftp/dhparams.pem 20 Dec 2013 18:09:45 -0000 -@@ -5,7 +5,7 @@ - # - # The file was generated using the following OpenSSL command: - # --# openssl dhparam -outform PEM -2|-5 1024|1536|2048|4096|6144|8192 >> dhparams.pem -+# openssl dhparam -outform PEM -2|-5 1024|1536|2048|3072|4096|6144|7680|8192 >> dhparams.pem - # - # Note that these DH parameters should be refreshed every so often (e.g. - # every few years). These parameters were last updated on 2013-01-14. -@@ -83,6 +83,19 @@ - 50XSRbAiSV8ephW8mbwCOLthruMKT7GDTwIBBQ== - -----END DH PARAMETERS----- - -+# 3072-bit DH group params -+-----BEGIN DH PARAMETERS----- -+MIIBiAKCAYEA0kEgFEhmtqWiDoykb2ptlZQ3hcB6MP5Bd1mDDjG38j1MFWV6Uaj8 -+T4y3tGUntQ0H/OJ8GEueL9OS9q2NU67GJ/XjtoXDVmZOdzYwN3Lr52/RnwLdUCH9 -+MZjbXJYoqDJyXSHIFd40fRUkzZRYN6HZTkDad6wsoBgibe3gRvEzp7nBIJlDZy85 -+9hmLJHJNGqgIpOTbX9AUNGVSAHEINx6kKX0c1/Kc5nhCytqRdYLnwqeryMdlZ4N0 -+qlG8KJum0A8mEpgvUM5D0BLTbjkKgOoORsfrhzykqfxUrv+Pwcb/6UBbPSR99OSZ -+nFBlP3xSTl1WucWNmeZ3o2lZF4H/WosuoiVsPtO3aKYiLEhRxJiQOrMzVnSOdTR7 -+d3Sg8a+ufSyccCCjOHssRKk//qoiUpN5R53/lxpUrfl+cJXGuvp+4EM+mfRDKCo7 -+FTTaU2QFkF9A7dddwsABZQeqcADVN7T6L8/AIF66mwH7nvaJeNenTUqZTR+i8Doe -+V/QbD1cYDtHzAgEC -+-----END DH PARAMETERS----- -+ - # 4096-bit DH group params - -----BEGIN DH PARAMETERS----- - MIICCAKCAgEAnlCYvstlmd2VCDwdI8u0khgNwpuGmjPv17RSGCnSjx6DjuYeOqGn -@@ -119,6 +132,31 @@ - wnKl1+O4DPcbAgEC - -----END DH PARAMETERS----- - -+# 7680-bit DH group params -+-----BEGIN DH PARAMETERS----- -+MIIDyAKCA8EAmMxFUnXytlC9fIDwSgeG9cM+nqvPDufhOvzVwXXyKutq2rT+b8Iq -+A/rTbvRLro1XpJedzS83HNfsHeCfKC6L5vMAT2rkOSAVjQCBs9/HfdzDXtU6QEqG -+GDW6psiGNkgCahNKVxw1+kgKdnQc5sSKsK0iFXGdXFdaebWYN2yRFH8O+yWC/TQk -+BVc3c6d+Bo1H7VTRJkKz6duL/GRmFVdznhTU8yx+oydfOAjkxNsMaX+/cuTbqcUN -+LJm/g1tKVSw+1mvY9f4q1/B+hV8QxpbfcN8nYrye1+dmAPj/x+T1rfFVXMfQP4Ok -+p0IKom5Esc7e5LZsGqngRl9e6gXgDM+hMX6w7XU/bvaKugBKTNj8PAugIFrsrybR -+voB1bQynUEId1/q7c9soEicwEbGEiZ26LyaPHenAm1j8940Bp63SgiCfuCoEJAda -+A9DWq9idP4eKECFTlt6j3UPs45if3SfkWf6KleZAO8e1LHSkLuRaZpHPzLaZ6zbE -+bA8m8rdOhkbTkTNfVbEa0jTI8Ag4cq5LrMFSiPLRVVQadQzepBB0pv7F4UsqQwzU -+b7FEwBm5xWQG+AlOugc1kZdgcSMdu4C2BhaKOe3xH1SfwEHZSxz3yKtxGcdIcSD3 -+RTUQdX0/Yjj8Ia9asC+pZmbS2MGPehQdIvUmWMGeQkwLXz7bBVFBuOei8hkPnRwJ -+ItihKSkZB0fk2olVmYzJwY4VOnfL1EWk6jKbndYBsJE0h/J3lO/xmMGaVmPhINQE -+0kJipmRpqT9sEmghCmYTH5pjymnuOXEIDuAjjNxsaAAuGF9h2jlnAHQimQq3Kch1 -+Hwlkb6R2T1XSizA838oLvqmyLOhYzHVVCnqq6DG9W7AAdaouL4tjNFNs9afsR3KG -+H71IiS9+rv7u0m0dYrdRmpx6iXAIASTwhld2IFDyiUPeLYL2Jt9WPHdSA0aySF+7 -+z/ntskV5soDIlUYQDZeKLuk2Lw+AMEbNgifCm7bLARm/fI9+c+IaBLE+e+zm+puO -+UHYcWy75NQG8zT2RICuHvvIUkHhgtIDk7K/1AscCDVCgMTYtwMF16nJe+6Omn8TT -+iQQZp76zZoTqjTRDLC9NszXxuewCi8JuklDyubPrqLTeM32bCZwjibPzL/O2NsGY -+0N7AbX7nnBKrAhibA9wdBJpQUrjT2SfEZGHYPA0U24Cm8JKBRu6WHdGH97gwH9bY -+ST5JTdXGPimZanmzidsGqLla4VxWGx+BWMLwXQtLaypHGfDFXHVpMY9KROGmtzsD -+OcXDR4ullYdbAgEC -+-----END DH PARAMETERS----- -+ - # 8192-bit DH group params - -----BEGIN DH PARAMETERS----- - MIIECAKCBAEAxcFcwEBebGISxZbtnocUuiv8Z5GoFb1fi3szRz1y1j6Hwe8mTzVM diff --git a/proftpd.spec b/proftpd.spec index e19aed9..c772ee5 100644 --- a/proftpd.spec +++ b/proftpd.spec @@ -22,8 +22,8 @@ %global rundir_tmpfs 1 %endif -# Support systemd presets from Fedora 18 onwards -%if 0%{?fedora} > 17 +# Support systemd presets from Fedora 18, RHEL 7 +%if 0%{?fedora} > 17 || 0%{?rhel} > 6 %global preset_support 1 %endif @@ -41,11 +41,11 @@ %define _hardened_build 1 #global prever rc3 -%global rpmrel 5 +%global rpmrel 1 Summary: Flexible, stable and highly-configurable FTP server Name: proftpd -Version: 1.3.4d +Version: 1.3.5 Release: %{?prever:0.}%{rpmrel}%{?prever:.%{prever}}%{?dist} License: GPLv2+ Group: System Environment/Daemons @@ -62,23 +62,14 @@ Source11: http://www.castaglia.org/proftpd/modules/proftpd-mod-geoip-0.3.tar.gz # (they are disabled by default); it is not included as part of the built package and should therefore # not fall foul of the rules against library bundling Source13: http://search.cpan.org/CPAN/authors/id/C/CL/CLEMBURG/Test-Unit-0.14.tar.gz -Patch1: cap-setuid-bug3945.patch Patch2: proftpd.conf-no-memcached.patch Patch4: proftpd-1.3.4rc1-mod_vroot-test.patch Patch5: proftpd-1.3.4-utf8.patch -Patch14: proftpd-1.3.4a-bug3720.patch -Patch23: proftpd-1.3.4c-bug3744.patch -Patch24: proftpd-1.3.4a-bug3745.patch -Patch25: proftpd-1.3.4a-bug3746.patch Patch27: proftpd-mod-vroot-0.9.2-bug3841.patch -Patch28: proftpd-1.3.4d-bug3973.patch -Patch29: proftpd-1.3.4d-bz1044586.patch -Patch30: proftpd-sftp-dh7680-bug4002.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root Requires(preun): coreutils, findutils %if %{use_systemd} BuildRequires: systemd-units -Requires(pre): systemd-sysv, /sbin/chkconfig Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units @@ -215,41 +206,10 @@ cp -p %{SOURCE1} proftpd.conf # Fix character encoding in docs %patch5 -p1 -b .utf8 -# Fix spurious log messages at session close -# http://bugs.proftpd.org/show_bug.cgi?id=3945 -%patch1 - -# Various module logfile permissions are 0600 instead of 0640 -# http://bugs.proftpd.org/show_bug.cgi?id=3720 -%patch14 -p0 - -# Support ls(1) -1 option for LIST command -# http://bugs.proftpd.org/show_bug.cgi?id=3744 -%patch23 -p0 - -# Reject PASV command if no IPv4 address available -# http://bugs.proftpd.org/show_bug.cgi?id=3745 -%patch24 -p0 - -# Support applying ListOptions only to NLST or to LIST commands -# http://bugs.proftpd.org/show_bug.cgi?id=3746 -%patch25 -p0 - # Fix possible symlink race when applying UserOwner to newly created directory # http://bugs.proftpd.org/show_bug.cgi?id=3841 %patch27 -# Fix mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication -# http://bugs.proftpd.org/show_bug.cgi?id=3973 -%patch28 - -# Fix support for 8192-bit DH parameters (#1044586) -%patch29 - -# Add 3072-bit and 7680-bit DH parameters -# http://bugs.proftpd.org/show_bug.cgi?id=4002 -%patch30 - # Avoid documentation name conflicts mv contrib/README contrib/README.contrib @@ -274,17 +234,6 @@ chmod -x contrib/xferstats.holger-preiss if [ ! -f /etc/pam.d/password-auth ]; then sed -i -e s/password-auth/system-auth/ contrib/dist/rpm/proftpd.pam fi -# The "include" syntax used in our PAM configuration file was introduced in -# PAM 0.78 and is therefore supported in FC-5 and EL-5 onwards; older -# distributions such as EL-4 (PAM 0.77) need to fall back to using the -# now-deprecated pam_stack module. Since the pam-devel package doesn't -# include a pkgconfig file from which we could check the version number, we -# instead check for the absence of the file /etc/pam.d/config-util, which is -# present in all PAM packages from 0.80 onwards and acts as a useful -# indicator of the need to fall back to pam_stack. -[ ! -f /etc/pam.d/config-util ] && sed -i -e \ - 's/include[[:space:]]*system-auth/required'\ \ \ \ \ 'pam_stack.so service=system-auth/' \ - contrib/dist/rpm/proftpd.pam # Remove bogus exec permissions from source files chmod -c -x include/tpl.h lib/tpl.c @@ -377,15 +326,6 @@ fi %clean rm -rf %{buildroot} -%if %{use_systemd} -%pre -# SysV-to-systemd migration -if [ $1 -gt 1 -a ! -e %{_unitdir}/proftpd.service -a -e %{_sysconfdir}/rc.d/init.d/proftpd ]; then - /usr/bin/systemd-sysv-convert --save proftpd &>/dev/null - /sbin/chkconfig --del proftpd &>/dev/null || : -fi -%endif - %post %if %{use_systemd} /bin/systemctl daemon-reload &>/dev/null || : @@ -471,6 +411,7 @@ fi %{_sbindir}/ftpshut %{_sbindir}/in.proftpd %{_sbindir}/proftpd +%{_mandir}/man5/proftpd.conf.5* %{_mandir}/man5/xferlog.5* %{_mandir}/man8/ftpdctl.8* %{_mandir}/man8/ftpscrub.8* @@ -546,6 +487,12 @@ fi %{_mandir}/man1/ftpwho.1* %changelog +* Fri May 16 2014 Paul Howarth 1.3.5-1 +- Update to 1.3.5 (see NEWS for details) +- Drop upstreamed patches +- Drop sysv-to-systemd migration script +- No longer need to support pam_stack + * Fri Dec 20 2013 Paul Howarth 1.3.4d-5 - Fix support for 8192-bit DH parameters (#1044586) - Add 3072-bit and 7680-bit DH parameters (upstream bug 4002) diff --git a/sources b/sources index 2149f04..3054b9a 100644 --- a/sources +++ b/sources @@ -1,4 +1 @@ -13c6fd7ce320886adc371c81a3e23f07 proftpd-1.3.4d.tar.gz -cc0e479406436e474ca7d59994fa73bb proftpd-mod-geoip-0.3.tar.gz -6db495b25e9da2ba0c901e7c44e119bc proftpd-mod-vroot-0.9.2.tar.gz -ad574713bcd00f62883ff2f9a84eec1f Test-Unit-0.14.tar.gz +aff1bff40e675244d72c4667f203e5bb proftpd-1.3.5.tar.gz