commit a3eab6644524d0f966f8fb5e93f8e8916c00ac18 Author: Adam Gołębiowski <ad...@pld-linux.org> Date: Wed Mar 27 08:52:41 2019 +0100
- updated to 1.0.48 pure-ftpd-allauth.patch | 2 +- pure-ftpd-config.patch | 12 ++++---- pure-ftpd.spec | 18 +++++------- sni.patch | 78 ------------------------------------------------- tls.patch | 63 --------------------------------------- 5 files changed, 15 insertions(+), 158 deletions(-) --- diff --git a/pure-ftpd.spec b/pure-ftpd.spec index 2106ce0..5807773 100644 --- a/pure-ftpd.spec +++ b/pure-ftpd.spec @@ -9,16 +9,16 @@ %bcond_without tls # disable SSL/TLS support %bcond_without cap # disable capabilities -%define rel 7 +%define rel 1 Summary: Small, fast and secure FTP server Summary(pl.UTF-8): Mały, szybki i bezpieczny serwer FTP Name: pure-ftpd -Version: 1.0.47 +Version: 1.0.48 Release: %{rel}%{?with_extra:extra} License: BSD-like%{?with_extra:, GLPv2 for pure-config due to libcfg+ license} Group: Daemons Source0: http://download.pureftpd.org/pub/pure-ftpd/releases/%{name}-%{version}.tar.bz2 -# Source0-md5: a41fa531c0d21bd3416dd524d75495ae +# Source0-md5: 4538d563fb4cbe755767c91b14ed2fd2 Source1: %{name}.pamd Source2: %{name}.init Source3: %{name}.sysconfig @@ -32,11 +32,9 @@ Patch2: %{name}-pure-pw_passwd.patch Patch3: %{name}-mysql_config.patch # from Fedora Patch4: 0003-Allow-having-both-options-and-config-file-on-command.patch -Patch5: tls.patch -Patch6: sni.patch -Patch7: audit_cap.patch -Patch8: %{name}-apparmor.patch -Patch9: %{name}-mysql-utf8.patch +Patch5: audit_cap.patch +Patch6: %{name}-apparmor.patch +Patch7: %{name}-mysql-utf8.patch URL: http://www.pureftpd.org/ %{?with_extra:BuildRequires: autoconf} %{?with_extra:BuildRequires: automake} @@ -115,8 +113,6 @@ Ten pakiet zawiera schemat Pure-FTPd pureftpd.schema dla openldapa. %patch5 -p1 %patch6 -p1 %patch7 -p1 -%patch8 -p1 -%patch9 -p1 %{?with_extra:%patch2 -p1} @@ -234,7 +230,7 @@ exit 0 %files %defattr(644,root,root,755) -%doc AUTHORS ChangeLog CONTACT COPYING FAQ HISTORY NEWS README* THANKS pure*.conf pureftpd.schema +%doc AUTHORS ChangeLog COPYING FAQ HISTORY NEWS README* THANKS pure*.conf pureftpd.schema %attr(755,root,root) %{_bindir}/* %attr(755,root,root) %{_sbindir}/* %attr(754,root,root) /etc/rc.d/init.d/%{name} diff --git a/pure-ftpd-allauth.patch b/pure-ftpd-allauth.patch index b95f2e5..7a56b98 100644 --- a/pure-ftpd-allauth.patch +++ b/pure-ftpd-allauth.patch @@ -15,6 +15,6 @@ crypto_md5++; crypto_sha1++; + crypto_plain++; - } else if (strcasecmp(crypto, PASSWD_SQL_ARGON2)) { + } else if (strcasecmp(crypto, PASSWD_SQL_ARGON2) == 0) { crypto_argon2++; } else if (strcasecmp(crypto, PASSWD_SQL_SCRYPT) == 0) { diff --git a/pure-ftpd-config.patch b/pure-ftpd-config.patch index 0ad2991..de46472 100644 --- a/pure-ftpd-config.patch +++ b/pure-ftpd-config.patch @@ -4,8 +4,8 @@ # instead of command-line options, please run the # following command : # --# @prefix@/sbin/pure-ftpd @sysconfdir@/etc/pure-ftpd.conf -+# @prefix@/sbin/pure-ftpd @sysconfdir@/etc/ftpd/pure-ftpd.conf +-# @sbindir@/sbin/pure-ftpd @sysconfdir@/pure-ftpd.conf ++# @sbindir@/sbin/pure-ftpd @sysconfdir@/ftpd/pure-ftpd.conf # # Online documentation: # https://www.pureftpd.org/project/pure-ftpd/doc @@ -54,12 +54,14 @@ -@@ -430,7 +431,7 @@ CustomerProof yes - - # Certificate file, for TLS +@@ -430,8 +431,8 @@ CustomerProof yes + # CertFile is for a cert+key bundle, CertFileAndKey for separate files. + # Use only one of these. -# CertFile /etc/ssl/private/pure-ftpd.pem +-# CertFileAndKey "/etc/pure-ftpd.pem" "/etc/pure-ftpd.key" +# CertFile /etc/ftpd/ssl/private/pure-ftpd.pem ++# CertFileAndKey "/etc/ftpd/ssl/pure-ftpd.pem" "/etc/ftpd/ssl/pure-ftpd.key" diff --git a/sni.patch b/sni.patch deleted file mode 100644 index 60912e1..0000000 --- a/sni.patch +++ /dev/null @@ -1,78 +0,0 @@ -commit d2906ca519ecc9fb864eb7005809982322137964 -Author: Frank Denis <git...@pureftpd.org> -Date: Fri Mar 15 13:12:04 2019 +0100 - - Add tlsext servername callback - -diff --git a/src/tls.c b/src/tls.c -index e4bddb2..f34617b 100644 ---- a/src/tls.c -+++ b/src/tls.c -@@ -219,6 +219,18 @@ static void tls_init_cache(void) - SSL_CTX_set_timeout(tls_ctx, 60 * 60L); - } - -+static int ssl_servername_cb(SSL *cnx, int *al, void *arg) -+{ -+ const char *servername; -+ -+ if ((servername = SSL_get_servername(cnx, TLSEXT_NAMETYPE_host_name)) -+ == NULL) { -+ logfile(LOG_INFO, "SNI: [%s]", servername); -+ return SSL_TLSEXT_ERR_NOACK; -+ } -+ return SSL_TLSEXT_ERR_OK; -+} -+ - # ifdef DISABLE_SSL_RENEGOTIATION - static void ssl_info_cb(const SSL *cnx, int where, int ret) - { -@@ -348,6 +360,7 @@ int tls_init_library(void) - SSL_CTX_set_options(tls_ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION); - # endif - SSL_CTX_set_info_callback(tls_ctx, ssl_info_cb); -+ SSL_CTX_set_tlsext_servername_callback(tls_ctx, ssl_servername_cb); - # endif - SSL_CTX_set_verify_depth(tls_ctx, 6); - if (ssl_verify_client_cert) { -commit 1d110dd103d306ce14c17320a03d6c324ef2db9c -Author: Frank Denis <git...@pureftpd.org> -Date: Fri Mar 15 13:45:14 2019 +0100 - - Don't log a NULL name :) - -diff --git a/src/tls.c b/src/tls.c -index f34617b..6078dd7 100644 ---- a/src/tls.c -+++ b/src/tls.c -@@ -225,9 +225,10 @@ static int ssl_servername_cb(SSL *cnx, int *al, void *arg) - - if ((servername = SSL_get_servername(cnx, TLSEXT_NAMETYPE_host_name)) - == NULL) { -- logfile(LOG_INFO, "SNI: [%s]", servername); - return SSL_TLSEXT_ERR_NOACK; - } -+ logfile(LOG_INFO, "SNI: [%s]", servername); -+ - return SSL_TLSEXT_ERR_OK; - } - -commit f0659f8357952c0a95cd62c938bd6c9852cd78f9 -Author: Frank Denis <git...@pureftpd.org> -Date: Fri Mar 15 14:14:15 2019 +0100 - - Reject empty names - -diff --git a/src/tls.c b/src/tls.c -index 6078dd7..a992473 100644 ---- a/src/tls.c -+++ b/src/tls.c -@@ -224,7 +224,7 @@ static int ssl_servername_cb(SSL *cnx, int *al, void *arg) - const char *servername; - - if ((servername = SSL_get_servername(cnx, TLSEXT_NAMETYPE_host_name)) -- == NULL) { -+ == NULL || *servername == 0) { - return SSL_TLSEXT_ERR_NOACK; - } - logfile(LOG_INFO, "SNI: [%s]", servername); diff --git a/tls.patch b/tls.patch deleted file mode 100644 index 615fb96..0000000 --- a/tls.patch +++ /dev/null @@ -1,63 +0,0 @@ -commit 4a495c61ce22c893aed5ee57f6ce0b43c3be59ad -Author: Frank Denis <git...@pureftpd.org> -Date: Wed Sep 19 23:53:45 2018 +0200 - - TLS1.3 compatibility - - Fixes #94 - -diff --git a/src/tls.c b/src/tls.c -index c693d3b..f383ed9 100644 ---- a/src/tls.c -+++ b/src/tls.c -@@ -228,7 +228,16 @@ static void ssl_info_cb(const SSL *cnx, int where, int ret) - if ((where & SSL_CB_HANDSHAKE_START) != 0) { - if ((cnx == tls_cnx && tls_cnx_handshook != 0) || - (cnx == tls_data_cnx && tls_data_cnx_handshook != 0)) { -- die(400, LOG_ERR, "TLS renegociation"); -+ const SSL_CIPHER *cipher; -+ const char *cipher_version; -+ if ((cipher = SSL_get_current_cipher(cnx)) == NULL || -+ (cipher_version = SSL_CIPHER_get_version(cipher)) == NULL) { -+ die(400, LOG_ERR, "No cipher"); -+ } -+ if (strcmp(cipher_version, "TLSv1.3") != 0) { -+ die(400, LOG_ERR, "TLS renegociation"); -+ return; -+ } - } - return; - } -@@ -264,10 +273,10 @@ int tls_init_library(void) - OpenSSL_add_all_algorithms(); - # else - OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | -- OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); -+ OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); - OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | -- OPENSSL_INIT_ADD_ALL_DIGESTS | -- OPENSSL_INIT_LOAD_CONFIG, NULL); -+ OPENSSL_INIT_ADD_ALL_DIGESTS | -+ OPENSSL_INIT_LOAD_CONFIG, NULL); - # endif - while (RAND_status() == 0) { - rnd = zrand(); -commit aa68b2d620ef0c83c7f52213c7e6093722b0b8bd -Author: Frank Denis <git...@pureftpd.org> -Date: Wed Oct 24 19:19:26 2018 +0200 - - Disable TLSv1_1 - -diff --git a/src/tls.c b/src/tls.c -index f383ed9..c4e2a1b 100644 ---- a/src/tls.c -+++ b/src/tls.c -@@ -297,7 +297,7 @@ int tls_init_library(void) - SSL_CTX_set_options(tls_ctx, SSL_OP_NO_TLSv1); - # endif - # ifdef SSL_OP_NO_TLSv1_1 -- SSL_CTX_clear_options(tls_ctx, SSL_OP_NO_TLSv1_1); -+ SSL_CTX_set_options(tls_ctx, SSL_OP_NO_TLSv1_1); - # endif - # ifdef SSL_OP_NO_TLSv1_2 - SSL_CTX_clear_options(tls_ctx, SSL_OP_NO_TLSv1_2); ================================================================ ---- gitweb: http://git.pld-linux.org/gitweb.cgi/packages/pure-ftpd.git/commitdiff/a3eab6644524d0f966f8fb5e93f8e8916c00ac18 _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit