commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2020-06-07 21:37:42 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new.3606 (New) Package is "proftpd" Sun Jun 7 21:37:42 2020 rev:40 rq:812077 version:1.3.6d Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2020-02-25 16:05:55.768455730 +0100 +++ /work/SRC/openSUSE:Factory/.proftpd.new.3606/proftpd.changes 2020-06-07 21:38:14.345435028 +0200 @@ -1,0 +2,17 @@ +Fri Jun 5 11:02:29 UTC 2020 - ch...@computersalat.de + +- update to 1.3.6d + * Issue 857 - Fixed regression in the handling of `%{env:...}` configuration +variables when the environment variable is not present. + * Issue 940 - Second LIST of the same symlink shows different results. + * Issue 959 - FTPS uploads using TLSv1.3 are likely to fail unexpectedly. + * Issue 980 - mod_sftp sends broken response when CREATETIME attribute is +requested. + * Bug 4398 - Handle zero-length SFTP WRITE requests without error. + * Issue 1018 - PidFile should not be world-writable. + * Issue 1014 - TLSv1.3 handshake fails due to missing session ticket key on +some systems. + * Issue 1023 - Lowercased FTP commands not properly identified. +- rebase proftpd-no_BuildDate.patch + +--- Old: proftpd-1.3.6c.tar.gz proftpd-1.3.6c.tar.gz.asc New: proftpd-1.3.6d.tar.gz proftpd-1.3.6d.tar.gz.asc Other differences: -- ++ proftpd.spec ++ --- /var/tmp/diff_new_pack.CN4xV8/_old 2020-06-07 21:38:16.529441951 +0200 +++ /var/tmp/diff_new_pack.CN4xV8/_new 2020-06-07 21:38:16.533441963 +0200 @@ -22,7 +22,7 @@ # We only accept updates for "STABLE" Versions License:GPL-2.0-or-later Group: Productivity/Networking/Ftp/Servers -Version:1.3.6c +Version:1.3.6d Release:0 URL:http://www.proftpd.org/ Source0:ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz ++ proftpd-1.3.6c.tar.gz -> proftpd-1.3.6d.tar.gz ++ /work/SRC/openSUSE:Factory/proftpd/proftpd-1.3.6c.tar.gz /work/SRC/openSUSE:Factory/.proftpd.new.3606/proftpd-1.3.6d.tar.gz differ: char 26, line 1 ++ proftpd-no_BuildDate.patch ++ --- /var/tmp/diff_new_pack.CN4xV8/_old 2020-06-07 21:38:16.609442204 +0200 +++ /var/tmp/diff_new_pack.CN4xV8/_new 2020-06-07 21:38:16.609442204 +0200 @@ -65,8 +65,8 @@ -#include "buildstamp.h" - /* Application version (in various forms) */ - #define PROFTPD_VERSION_NUMBER0x0001030608 - #define PROFTPD_VERSION_TEXT "1.3.6c" + #define PROFTPD_VERSION_NUMBER0x0001030609 + #define PROFTPD_VERSION_TEXT "1.3.6d" Index: src/main.c === --- src/main.c.orig
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2020-02-25 16:05:25 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new.26092 (New) Package is "proftpd" Tue Feb 25 16:05:25 2020 rev:39 rq:778858 version:1.3.6c Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2020-02-03 11:14:35.301883447 +0100 +++ /work/SRC/openSUSE:Factory/.proftpd.new.26092/proftpd.changes 2020-02-25 16:05:55.768455730 +0100 @@ -1,0 +2,18 @@ +Mon Feb 24 17:06:07 UTC 2020 - ch...@computersalat.de + +- fix for boo#1164572 (CVE-2020-9272, gh#902) +- fix for boo#1164574 (CVE-2020-9273, gh#903) +- update to 1.3.6c + * Fixed regression in directory listing latency (Issue #863). + * Detect OpenSSH-specific formatted SFTPHostKeys, and log hint for +converting them to supported format. + * Fixed use-after-free vulnerability during data transfers (Issue #903). + * Fixed out-of-bounds read in mod_cap by updating the bundled libcap +(Issue #902). +- remove obsolete proftpd-tls-crls-issue859.patch +- rebase patches + * proftpd-ftpasswd.patch + * proftpd-no_BuildDate.patch + * proftpd_env-script-interpreter.patch + +--- Old: proftpd-1.3.6b.tar.gz proftpd-1.3.6b.tar.gz.asc proftpd-tls-crls-issue859.patch New: proftpd-1.3.6c.tar.gz proftpd-1.3.6c.tar.gz.asc Other differences: -- ++ proftpd.spec ++ --- /var/tmp/diff_new_pack.0vDl7H/_old 2020-02-25 16:05:57.448459246 +0100 +++ /var/tmp/diff_new_pack.0vDl7H/_new 2020-02-25 16:05:57.452459255 +0100 @@ -22,7 +22,7 @@ # We only accept updates for "STABLE" Versions License:GPL-2.0-or-later Group: Productivity/Networking/Ftp/Servers -Version:1.3.6b +Version:1.3.6c Release:0 URL:http://www.proftpd.org/ Source0:ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz @@ -47,8 +47,6 @@ Patch104: %{name}-no_BuildDate.patch #RPMLINT-FIX-openSUSE: env-script-interpreter Patch105: %{name}_env-script-interpreter.patch -#PATCH-FIX-UPSTREAM: (CVE-2019-19269, CVE-2019-19270) -Patch200: %{name}-tls-crls-issue859.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build #BuildRequires: gpg-offline BuildRequires: fdupes @@ -157,8 +155,6 @@ %patch104 %patch105 -%patch200 -p1 - %build rm contrib/mod_wrap.c rm contrib/mod_geoip.c ++ proftpd-1.3.6b.tar.gz -> proftpd-1.3.6c.tar.gz ++ /work/SRC/openSUSE:Factory/proftpd/proftpd-1.3.6b.tar.gz /work/SRC/openSUSE:Factory/.proftpd.new.26092/proftpd-1.3.6c.tar.gz differ: char 17, line 1 ++ proftpd-ftpasswd.patch ++ --- /var/tmp/diff_new_pack.0vDl7H/_old 2020-02-25 16:05:57.496459347 +0100 +++ /var/tmp/diff_new_pack.0vDl7H/_new 2020-02-25 16:05:57.496459347 +0100 @@ -13,7 +13,7 @@ my $shell_file = "/etc/shells"; my $default_cracklib_dict = "/usr/lib/cracklib_dict"; my $cracklib_dict; -@@ -1109,6 +1109,46 @@ usage: $program [--help] [--hash|--group +@@ -1128,6 +1128,46 @@ usage: $program [--help] [--hash|--group --version Displays the version of $program. ++ proftpd-no_BuildDate.patch ++ --- /var/tmp/diff_new_pack.0vDl7H/_old 2020-02-25 16:05:57.520459396 +0100 +++ /var/tmp/diff_new_pack.0vDl7H/_new 2020-02-25 16:05:57.520459396 +0100 @@ -65,13 +65,13 @@ -#include "buildstamp.h" - /* Application version (in various forms) */ - #define PROFTPD_VERSION_NUMBER0x0001030607 - #define PROFTPD_VERSION_TEXT "1.3.6b" + #define PROFTPD_VERSION_NUMBER0x0001030608 + #define PROFTPD_VERSION_TEXT "1.3.6c" Index: src/main.c === --- src/main.c.orig +++ src/main.c -@@ -1891,8 +1891,8 @@ static void standalone_main(void) { +@@ -1893,8 +1893,8 @@ static void standalone_main(void) { init_bindings(); @@ -82,7 +82,7 @@ if (pr_pidfile_write() < 0) { fprintf(stderr, "error opening PidFile '%s': %s\n", pr_pidfile_get(), -@@ -1952,7 +1952,6 @@ static void show_settings(void) { +@@ -1954,7 +1954,6 @@ static void show_settings(void) { printf("%s", " Platform: " PR_PLATFORM " [unknown]\n"); #endif /* !HAVE_UNAME */ @@ -90,7 +90,7 @@ printf("%s", " Built With:\nconfigure " PR_BUILD_OPTS "\n\n"); printf("%s", " CFLAGS: " PR_BUILD_CFLAGS "\n"); -@@ -2532,7 +2531,6 @@ int main(int argc, char *argv[], char ** +@@ -2534,7 +2533,6 @@ int main(int argc, char *argv[], char ** printf("ProFTPD Version: %s", PROFTPD_VERSION_TEXT " " PR_STATUS "\n"); printf(" Scoreboard Version: %08x\n", PR_SCOR
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2020-02-03 11:14:29 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new.26092 (New) Package is "proftpd" Mon Feb 3 11:14:29 2020 rev:38 rq:769276 version:1.3.6b Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2019-12-29 15:50:18.759193068 +0100 +++ /work/SRC/openSUSE:Factory/.proftpd.new.26092/proftpd.changes 2020-02-03 11:14:35.301883447 +0100 @@ -1,0 +2,6 @@ +Sat Feb 1 17:25:05 UTC 2020 - ch...@computersalat.de + +- cleanup tls.template + * remove deprecated NoCertRequest from TLSOptions + +--- Other differences: -- ++ proftpd.spec ++ --- /var/tmp/diff_new_pack.hTUzmI/_old 2020-02-03 11:14:36.201883902 +0100 +++ /var/tmp/diff_new_pack.hTUzmI/_new 2020-02-03 11:14:36.205883904 +0100 @@ -1,7 +1,7 @@ # # spec file for package proftpd # -# Copyright (c) 2019 SUSE LLC +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++ proftpd-tls.template ++ --- /var/tmp/diff_new_pack.hTUzmI/_old 2020-02-03 11:14:36.257883931 +0100 +++ /var/tmp/diff_new_pack.hTUzmI/_new 2020-02-03 11:14:36.257883931 +0100 @@ -7,19 +7,19 @@ -TLSEngine on -TLSLog /var/log/proftpd/tls.log +TLSEngine on +TLSLog /var/log/proftpd/tls.log # Support both SSLv3 and TLSv1, but they should not be used # (known to be weak) -TLSProtocolTLSv1.1 TLSv1.2 +TLSProtocol TLSv1.1 TLSv1.2 # Are clients required to use FTP over TLS when talking to this server? -TLSRequiredoff +TLSRequired off # Server's RSA certificate -TLSRSACertificateFile /etc/proftpd/ssl/proftpd.cert.pem -TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key.pem +TLSRSACertificateFile /etc/proftpd/ssl/proftpd.cert.pem +TLSRSACertificateKeyFile/etc/proftpd/ssl/proftpd.key.pem # CA (or CA chain) to verify client certs #TLSCACertificateFile/etc/proftpd/ssl/proftpd.cacert.pem @@ -28,15 +28,15 @@ TLSCertificateChainFile /etc/proftpd/ssl/proftpd.cacert.pem # Authenticate clients that want to use FTP over TLS? -TLSVerifyClientoff +TLSVerifyClient off # Allow SSL/TLS renegotiations when the client requests them, but # do not force the renegotations. Some clients do not support # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these # clients will close the data connection, or there will be a timeout # on an idle data connection. -TLSRenegotiate none +TLSRenegotiate none # Should Server request a Clients Certificate and send valid CA list ? -TLSOptions NoCertRequest NoSessionReuseRequired +TLSOptions NoSessionReuseRequired
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2019-12-29 15:49:58 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new.6675 (New) Package is "proftpd" Sun Dec 29 15:49:58 2019 rev:37 rq:759879 version:1.3.6b Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2019-11-10 22:52:56.394451604 +0100 +++ /work/SRC/openSUSE:Factory/.proftpd.new.6675/proftpd.changes 2019-12-29 15:50:18.759193068 +0100 @@ -1,0 +2,13 @@ +Sat Dec 28 20:45:30 UTC 2019 - ch...@computersalat.de + +- fix changes file + * add missing info about boo#1155834 + * add missing info about boo#1154600 +- fix for boo#1156210 + * GeoIP has been discontinued by Maxmind + * remove module build for geoip +see https://support.maxmind.com/geolite-legacy-discontinuation-notice/ +- fix for boo#1157803 (CVE-2019-19269), boo#1157798 (CVE-2019-19270) + * add upstream patch proftpd-tls-crls-issue859.patch + +--- @@ -3,0 +17 @@ +- fix for boo#1154600 (CVE-2019-18217, gh#846) @@ -21,2 +35,3 @@ -- Add missing Requires(pre): group(ftp) for Leap 15 and Tumbleweed -- Add missing Requires(pre): user(ftp) for Leap 15 and Tumbleweed +- fix for boo#1155834 + * Add missing Requires(pre): group(ftp) for Leap 15 and Tumbleweed + * Add missing Requires(pre): user(ftp) for Leap 15 and Tumbleweed New: proftpd-tls-crls-issue859.patch Other differences: -- ++ proftpd.spec ++ --- /var/tmp/diff_new_pack.b4EVLz/_old 2019-12-29 15:50:20.847194020 +0100 +++ /var/tmp/diff_new_pack.b4EVLz/_new 2019-12-29 15:50:20.851194022 +0100 @@ -1,7 +1,7 @@ # # spec file for package proftpd # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,7 +24,7 @@ Group: Productivity/Networking/Ftp/Servers Version:1.3.6b Release:0 -Url:http://www.proftpd.org/ +URL:http://www.proftpd.org/ Source0:ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz Source1: ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz.asc Source11: %{name}.init @@ -47,6 +47,8 @@ Patch104: %{name}-no_BuildDate.patch #RPMLINT-FIX-openSUSE: env-script-interpreter Patch105: %{name}_env-script-interpreter.patch +#PATCH-FIX-UPSTREAM: (CVE-2019-19269, CVE-2019-19270) +Patch200: %{name}-tls-crls-issue859.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build #BuildRequires: gpg-offline BuildRequires: fdupes @@ -54,7 +56,7 @@ BuildRequires: libacl-devel BuildRequires: libattr-devel #BuildRequires: libmemcached-devel -BuildRequires: libGeoIP-devel +#BuildRequires: libGeoIP-devel BuildRequires: mysql-devel BuildRequires: ncurses-devel BuildRequires: openldap2-devel @@ -155,8 +157,11 @@ %patch104 %patch105 +%patch200 -p1 + %build rm contrib/mod_wrap.c +rm contrib/mod_geoip.c PROFTPD_SHARED_MODS="$(for spec_mod in $(find contrib -name mod_\*.c|sort); do echo "$(basename ${spec_mod%%.c})"; done | tr '\n' ':' | sed -e 's|:$||')" export CFLAGS="%{optflags} -D_GNU_SOURCE -DLDAP_DEPRECATED" export CXXFLAGS="$CFLAGS" ++ proftpd-tls-crls-issue859.patch ++ commit 81cc5dce4fc0285629a1b08a07a109af10c208dd Author: TJ Saunders Date: Sun Nov 24 14:03:54 2019 -0800 Issue #859, #861: Fix handling of CRL lookups by properly using issuer for lookups, and guarding against null pointers. (CVE-2019-19269, CVE-2019-19270) diff --git a/contrib/mod_tls.c b/contrib/mod_tls.c index 4b74cf989..0e08b0399 100644 --- a/contrib/mod_tls.c +++ b/contrib/mod_tls.c @@ -9777,10 +9777,10 @@ static int tls_verify_crl(int ok, X509_STORE_CTX *ctx) { #if OPENSSL_VERSION_NUMBER >= 0x1010L && \ !defined(HAVE_LIBRESSL) - crls = X509_STORE_CTX_get1_crls(store_ctx, subject); + crls = X509_STORE_CTX_get1_crls(store_ctx, issuer); #elif OPENSSL_VERSION_NUMBER >= 0x1000L && \ !defined(HAVE_LIBRESSL) - crls = X509_STORE_get1_crls(store_ctx, subject); + crls = X509_STORE_get1_crls(store_ctx, issuer); #else /* Your OpenSSL is before 1.0.0. You really need to upgrade. */ crls = NULL; @@ -9799,6 +9799,9 @@ static int tls_verify_crl(int ok, X509_STORE_CTX *ctx) { ASN1_INTEGER *sn; revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), j); +if (revoked == NULL) { + continue; +} #if OPENSSL_VERSION_NUMBER >= 0x1010L && \ !defined(HAVE_LIBRESSL) sn = X509_REVOKED_ge
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2019-11-10 22:52:46 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new.2990 (New) Package is "proftpd" Sun Nov 10 22:52:46 2019 rev:36 rq:747209 version:1.3.6b Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2019-11-04 17:15:55.552871323 +0100 +++ /work/SRC/openSUSE:Factory/.proftpd.new.2990/proftpd.changes 2019-11-10 22:52:56.394451604 +0100 @@ -1,0 +2,17 @@ +Sun Nov 3 22:25:28 UTC 2019 - ch...@computersalat.de + +- update to 1.3.6b + * Fixed pre-authentication remote denial-of-service issue (Issue #846). + * Backported fix for building mod_sql_mysql using MySQL 8 (Issue #824). +- update to 1.3.6a + * Fixed symlink navigation (Bug#4332). + * Fixed building of mod_sftp using OpenSSL 1.1.x releases (Issue#674). + * Fixed SITE COPY honoring of restrictions (Bug#4372). + * Fixed segfault on login when using mod_sftp + mod_sftp_pam (Issue#656). + * Fixed restarts when using mod_facl as a static module +- remove obsolete proftpd-CVE-2019-12815.patch + * included in 1.3.6a (Bug#4372) +- add proftpd_env-script-interpreter.patch + * RPMLINT fix for env-script-interpreter (Badness: 9) + +--- Old: proftpd-1.3.6.tar.gz proftpd-1.3.6.tar.gz.asc proftpd-CVE-2019-12815.patch New: proftpd-1.3.6b.tar.gz proftpd-1.3.6b.tar.gz.asc proftpd_env-script-interpreter.patch Other differences: -- ++ proftpd.spec ++ --- /var/tmp/diff_new_pack.75JFsn/_old 2019-11-10 22:52:58.838456767 +0100 +++ /var/tmp/diff_new_pack.75JFsn/_new 2019-11-10 22:52:58.874456844 +0100 @@ -22,7 +22,7 @@ # We only accept updates for "STABLE" Versions License:GPL-2.0-or-later Group: Productivity/Networking/Ftp/Servers -Version:1.3.6 +Version:1.3.6b Release:0 Url:http://www.proftpd.org/ Source0:ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz @@ -45,8 +45,8 @@ Patch103: %{name}-strip.patch #PATCH-FIX-openSUSE: file-contains-date-and-time Patch104: %{name}-no_BuildDate.patch -#PATCH-CVE-Backport: CVE-2019-12815 (bpo#4372) -Patch106: %{name}-CVE-2019-12815.patch +#RPMLINT-FIX-openSUSE: env-script-interpreter +Patch105: %{name}_env-script-interpreter.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build #BuildRequires: gpg-offline BuildRequires: fdupes @@ -153,7 +153,7 @@ %patch102 %patch103 %patch104 -%patch106 +%patch105 %build rm contrib/mod_wrap.c ++ proftpd-1.3.6.tar.gz -> proftpd-1.3.6b.tar.gz ++ /work/SRC/openSUSE:Factory/proftpd/proftpd-1.3.6.tar.gz /work/SRC/openSUSE:Factory/.proftpd.new.2990/proftpd-1.3.6b.tar.gz differ: char 12, line 1 ++ proftpd-no_BuildDate.patch ++ --- /var/tmp/diff_new_pack.75JFsn/_old 2019-11-10 22:52:59.774458744 +0100 +++ /var/tmp/diff_new_pack.75JFsn/_new 2019-11-10 22:52:59.790458778 +0100 @@ -65,13 +65,13 @@ -#include "buildstamp.h" - /* Application version (in various forms) */ - #define PROFTPD_VERSION_NUMBER0x0001030605 - #define PROFTPD_VERSION_TEXT "1.3.6" + #define PROFTPD_VERSION_NUMBER0x0001030607 + #define PROFTPD_VERSION_TEXT "1.3.6b" Index: src/main.c === --- src/main.c.orig +++ src/main.c -@@ -1883,8 +1883,8 @@ static void standalone_main(void) { +@@ -1891,8 +1891,8 @@ static void standalone_main(void) { init_bindings(); @@ -82,7 +82,7 @@ if (pr_pidfile_write() < 0) { fprintf(stderr, "error opening PidFile '%s': %s\n", pr_pidfile_get(), -@@ -1944,7 +1944,6 @@ static void show_settings(void) { +@@ -1952,7 +1952,6 @@ static void show_settings(void) { printf("%s", " Platform: " PR_PLATFORM " [unknown]\n"); #endif /* !HAVE_UNAME */ @@ -90,7 +90,7 @@ printf("%s", " Built With:\nconfigure " PR_BUILD_OPTS "\n\n"); printf("%s", " CFLAGS: " PR_BUILD_CFLAGS "\n"); -@@ -2523,7 +2522,6 @@ int main(int argc, char *argv[], char ** +@@ -2532,7 +2531,6 @@ int main(int argc, char *argv[], char ** printf("ProFTPD Version: %s", PROFTPD_VERSION_TEXT " " PR_STATUS "\n"); printf(" Scoreboard Version: %08x\n", PR_SCOREBOARD_VERSION); ++ proftpd_env-script-interpreter.patch ++ Index: contrib/ftpasswd === --- contrib/ftpasswd.orig +++ contrib/ftpasswd @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/bin/perl # --- # Copyright (C) 2000-201
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2019-11-04 17:15:40 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new.2990 (New) Package is "proftpd" Mon Nov 4 17:15:40 2019 rev:35 rq:745042 version:1.3.6 Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2019-10-07 14:14:28.186831560 +0200 +++ /work/SRC/openSUSE:Factory/.proftpd.new.2990/proftpd.changes 2019-11-04 17:15:55.552871323 +0100 @@ -1,0 +2,6 @@ +Sat Nov 2 18:12:51 UTC 2019 - Martin Hauke + +- Add missing Requires(pre): group(ftp) for Leap 15 and Tumbleweed +- Add missing Requires(pre): user(ftp) for Leap 15 and Tumbleweed + +--- @@ -4,0 +11,12 @@ + +--- +Fri Aug 2 14:52:48 UTC 2019 - ch...@computersalat.de + +- fix for boo#1142281 (CVE-2019-12815, bpo#4372) + arbitrary file copy in mod_copy allows for remote code execution + and information disclosure without authentication +- add patch + * proftpd-CVE-2019-12815.patch +taken from: +- http://bugs.proftpd.org/show_bug.cgi?id=4372 +- https://github.com/proftpd/proftpd/commit/a73dbfe3b61459e7c2806d5162b12f0957990cb3 New: proftpd-CVE-2019-12815.patch Other differences: -- ++ proftpd.spec ++ --- /var/tmp/diff_new_pack.5AnolL/_old 2019-11-04 17:15:56.548872387 +0100 +++ /var/tmp/diff_new_pack.5AnolL/_new 2019-11-04 17:15:56.556872396 +0100 @@ -45,6 +45,8 @@ Patch103: %{name}-strip.patch #PATCH-FIX-openSUSE: file-contains-date-and-time Patch104: %{name}-no_BuildDate.patch +#PATCH-CVE-Backport: CVE-2019-12815 (bpo#4372) +Patch106: %{name}-CVE-2019-12815.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build #BuildRequires: gpg-offline BuildRequires: fdupes @@ -63,7 +65,6 @@ BuildRequires: unixODBC-devel BuildRequires: pkgconfig(libssl) < 1.1 Requires: logrotate - %if 0%{?lang_package:1} > 0 Recommends: %{name}-lang %endif @@ -75,6 +76,10 @@ %else Requires(pre): %insserv_prereq %endif +%if 0%{?suse_version} >= 1330 +Requires(pre): group(ftp) +Requires(pre): user(ftp) +%endif %description ProFTPD is a configurable FTP daemon for Unix and Unix-like @@ -148,6 +153,7 @@ %patch102 %patch103 %patch104 +%patch106 %build rm contrib/mod_wrap.c ++ proftpd-CVE-2019-12815.patch ++ Fix for CVE-2019-12815 http://bugs.proftpd.org/show_bug.cgi?id=4372 https://github.com/proftpd/proftpd/commit/a73dbfe3b61459e7c2806d5162b12f0957990cb3 Index: contrib/mod_copy.c === --- contrib/mod_copy.c.orig +++ contrib/mod_copy.c @@ -1,7 +1,7 @@ /* * ProFTPD: mod_copy -- a module supporting copying of files on the server * without transferring the data to the client and back - * Copyright (c) 2009-2016 TJ Saunders + * Copyright (c) 2009-2019 TJ Saunders * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -657,7 +657,7 @@ MODRET copy_copy(cmd_rec *cmd) { MODRET copy_cpfr(cmd_rec *cmd) { register unsigned int i; int res; - char *path = ""; + char *cmd_name, *path = ""; unsigned char *authenticated = NULL; if (copy_engine == FALSE) { @@ -705,6 +705,21 @@ MODRET copy_cpfr(cmd_rec *cmd) { path = pstrcat(cmd->tmp_pool, path, *path ? " " : "", decoded_path, NULL); } + cmd_name = cmd->argv[0]; + pr_cmd_set_name(cmd, "SITE_CPFR"); + if (!dir_check(cmd->tmp_pool, cmd, G_READ, path, NULL)) { +int xerrno = EPERM; + +pr_cmd_set_name(cmd, cmd_name); +pr_response_add_err(R_550, "%s: %s", (char *) cmd->argv[3], + strerror(xerrno)); + +pr_cmd_set_errno(cmd, xerrno); +errno = xerrno; +return PR_ERROR(cmd); + } + pr_cmd_set_name(cmd, cmd_name); + res = pr_filter_allow_path(CURRENT_CONF, path); switch (res) { case 0: @@ -758,6 +773,7 @@ MODRET copy_cpfr(cmd_rec *cmd) { MODRET copy_cpto(cmd_rec *cmd) { register unsigned int i; const char *from, *to = ""; + char *cmd_name; unsigned char *authenticated = NULL; if (copy_engine == FALSE) { @@ -816,6 +832,20 @@ MODRET copy_cpto(cmd_rec *cmd) { to = dir_canonical_vpath(cmd->tmp_pool, to); + cmd_name = cmd->argv[0]; + pr_cmd_set_name(cmd, "SITE_CPTO"); + if (!dir_check(cmd->tmp_pool, cmd, G_WRITE, to, NULL)) { +int xerrno = EPERM; + +pr_cmd_set_name(cmd, cmd_name); +pr_response_add_err(R_550, "%s: %s", to, strerror(xerrno)); + +pr_cmd_set_errno(cmd, xerrno); +errno = xerrno; +return PR_ERROR(cmd);
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2019-10-07 13:49:13 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new.2352 (New) Package is "proftpd" Mon Oct 7 13:49:13 2019 rev:34 rq:735622 version:1.3.6 Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2019-07-02 10:39:13.634657724 +0200 +++ /work/SRC/openSUSE:Factory/.proftpd.new.2352/proftpd.changes 2019-10-07 14:14:28.186831560 +0200 @@ -1,0 +2,5 @@ +Wed Oct 2 15:01:11 UTC 2019 - Bernhard Wiedemann + +- Update proftpd-dist.patch to use pam_keyinit.so (boo#1144056) + +--- Other differences: -- ++ proftpd-dist.patch ++ --- /var/tmp/diff_new_pack.jDpUSs/_old 2019-10-07 14:14:28.942829485 +0200 +++ /var/tmp/diff_new_pack.jDpUSs/_new 2019-10-07 14:14:28.942829485 +0200 @@ -11,7 +11,7 @@ # If this is enabled, anonymous logins will fail because the 'ftp' user does # not have a "valid" shell, as listed in /etc/shells. -@@ -11,5 +12,8 @@ auth required pam_unix.so shadow n +@@ -11,5 +12,9 @@ auth required pam_unix.so shadow n # #auth required pam_shells.so @@ -22,6 +22,7 @@ +account required pam_unix2.so +password required pam_unix2.so +session required pam_unix2.so ++session optional pam_keyinit.so revoke Index: contrib/dist/rpm/proftpd.logrotate === --- contrib/dist/rpm/proftpd.logrotate.orig
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2019-07-02 10:39:12 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new.4615 (New) Package is "proftpd" Tue Jul 2 10:39:12 2019 rev:33 rq:712870 version:1.3.6 Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2019-05-27 08:38:12.287075198 +0200 +++ /work/SRC/openSUSE:Factory/.proftpd.new.4615/proftpd.changes 2019-07-02 10:39:13.634657724 +0200 @@ -1,0 +2,6 @@ +Mon Jul 1 13:50:01 UTC 2019 - ch...@computersalat.de + +- update changes file + * add missing info about bugzilla 1113041 + +--- @@ -5 +11 @@ - to build with. + to build with. (fix for boo#1113041) Other differences: --
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2019-05-27 08:38:07 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new.5148 (New) Package is "proftpd" Mon May 27 08:38:07 2019 rev:32 rq:705245 version:1.3.6 Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2018-07-18 22:53:41.715009585 +0200 +++ /work/SRC/openSUSE:Factory/.proftpd.new.5148/proftpd.changes 2019-05-27 08:38:12.287075198 +0200 @@ -1,0 +2,66 @@ +Tue Mar 26 11:35:53 UTC 2019 - Jan Engelhardt + +- Fix the Factory build: select the appropriate OpenSSL version + to build with. + +--- +Wed Mar 20 18:46:47 UTC 2019 - Jan Engelhardt + +- Reduce hard dependency on systemd to only that which is + necessary for building and installation. +- Modernize RPM macro use (%make_install, %tmpfiles_create). +- Strip emphasis from description and trim other platform mentions. + +--- +Wed Jul 11 08:05:29 UTC 2018 - ch...@computersalat.de + +- update to 1.3.6 + * Support for using Redis for caching, logging; see the doc/howto/Redis.html +documentation. + * Fixed mod_sql_postgres SSL support (Issue #415). + * Support building against LibreSSL instead of OpenSSL (Issue #361). + * Better support on AIX for login restraictions (Bug #4285). + * TimeoutLogin (and other timeouts) were not working properly for SFTP +connections (Bug#4299). + * Handling of the SIGILL and SIGINT signals, by the daemon process, now causes +the child processes to be terminated as well (Issue #461). + * RPM .spec file naming changed to conform to Fedora guidelines. + * Fix for "AllowChrootSymlinks off" checking each component for symlinks +(CVE-2017-7418). + -New Modules: + * mod_redis, mod_tls_redis, mod_wrap2_redis + With Redis now supported as a caching mechanism, similar to Memcache, + there are now Redis-using modules: mod_redis (for configuring the Redis + connection information), mod_tls_redis (for caching SSL sessions and + OCSP information using Redis), and mod_wrap2_redis (for using ACLs stored + in Redis). + -Changed Modules: + * mod_ban + The mod_ban module's BanCache directive can now use Redis-based caching; + see doc/contrib/mod_ban.html#BanCache. + -New Configuration Directives + * SQLPasswordArgon2, SQLPasswordScrypt + The key lengths for Argon2 and Scrypt-based passwords are now configurable + via these new directives; previously, the key length had been hardcoded + to be 32 bytes, which is not interoperable with all other implementations + (Issue #454). + -Changed Configuration Directives + * AllowChrootSymlinks + When "AllowChrootSymlinks off" was used, only the last portion of the + DefaultRoot path would be checked to see if it was a symlink. Now, + each component of the DefaultRoot path will be checked to see if it is + a symlink when "AllowChrootSymlinks off" is used. + * Include + The Include directive can now be used within a section, e.g.: + + Include /path/to/allowed.txt + DenyAll + + -API Changes + * A new JSON API has been added, for use by third-party modules. +- remove obsolete proftpd_include-in-limit-section.patch +- rebase patches + * proftpd-ftpasswd.patch + * proftpd-no_BuildDate.patch + +--- Old: proftpd-1.3.5e.tar.gz proftpd-1.3.5e.tar.gz.asc proftpd_include-in-limit-section.patch New: proftpd-1.3.6.tar.gz proftpd-1.3.6.tar.gz.asc Other differences: -- ++ proftpd.spec ++ --- /var/tmp/diff_new_pack.DYVWrX/_old 2019-05-27 08:38:13.839074594 +0200 +++ /var/tmp/diff_new_pack.DYVWrX/_new 2019-05-27 08:38:13.839074594 +0200 @@ -1,7 +1,7 @@ # # spec file for package proftpd # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,17 +12,17 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: proftpd -Summary:Highly configurable GPL-licensed FTP server software +Summary:Configurable GPL-licensed FTP server software # Please save your time and do not update to
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2018-07-18 22:53:31 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new (New) Package is "proftpd" Wed Jul 18 22:53:31 2018 rev:31 rq:621886 version:1.3.5e Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2017-07-21 22:50:42.317674287 +0200 +++ /work/SRC/openSUSE:Factory/.proftpd.new/proftpd.changes 2018-07-18 22:53:41.715009585 +0200 @@ -1,0 +2,15 @@ +Tue Jul 10 11:57:58 UTC 2018 - ch...@computersalat.de + +- update to 1.3.5e + * Fixed SFTP issue with umac...@openssh.com digest/MAC. + * Fixed regression with mod_sftp rekeying. + * Backported fix for "AllowChrootSymlinks off" checking each component +for symlinks (CVE-2017-7418). +- remove obsolete patch + * proftpd-AllowChrootSymlinks.patch (now included) +- rebase patches + * proftpd-dist.patch + * proftpd-no_BuildDate.patch + * proftpd_include-in-limit-section.patch + +--- Old: proftpd-1.3.5d.tar.gz proftpd-1.3.5d.tar.gz.asc proftpd-AllowChrootSymlinks.patch New: proftpd-1.3.5e.tar.gz proftpd-1.3.5e.tar.gz.asc Other differences: -- ++ proftpd.spec ++ --- /var/tmp/diff_new_pack.qQs1U9/_old 2018-07-18 22:53:42.719006256 +0200 +++ /var/tmp/diff_new_pack.qQs1U9/_new 2018-07-18 22:53:42.719006256 +0200 @@ -1,7 +1,7 @@ # # spec file for package proftpd # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,9 +20,9 @@ Summary:Highly configurable GPL-licensed FTP server software # Please save your time and do not update to "rc" versions. # We only accept updates for "STABLE" Versions -License:GPL-2.0+ +License:GPL-2.0-or-later Group: Productivity/Networking/Ftp/Servers -Version:1.3.5d +Version:1.3.5e Release:0 Url:http://www.proftpd.org/ Source0:ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz @@ -35,10 +35,6 @@ Source16: %{name}-tls.template Source17: %{name}-limit.template Source18: %{name}-ssl.README -#PATCH-FIX-UPSTREAM (CVE-2017-7418): -# AllowChrootSymlinks not enforced by replacing a path component with a symbolic link -### github commit: ecff21e0d0e84f35c299ef91d7fda088e516d4ed -Patch0: %{name}-AllowChrootSymlinks.patch #PATCH-FIX-openSUSE: pam, logrotate, xinet Patch100: %{name}-dist.patch #PATCH-FIX-openSUSE: provide a useful default config @@ -53,6 +49,7 @@ Patch105: %{name}_include-in-limit-section.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build #BuildRequires: gpg-offline +BuildRequires: fdupes BuildRequires: krb5-devel BuildRequires: libacl-devel BuildRequires: libattr-devel @@ -148,7 +145,6 @@ #gpg_verify %{S:1} %setup -q rm README.AIX -%patch0 -p1 # %patch100 %patch101 @@ -210,12 +206,14 @@ install -D -m 0644 %{S:13} %{buildroot}%{_unitdir}/%{name}.service ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rc%{name} # systemd need to create a tmp dir: /run/proftpd -install -D -m 0644 %{S:14} %{buildroot}%{_prefix}/lib/tmpfiles.d/%{name}.conf +install -D -m 0644 %{S:14} %{buildroot}%{_tmpfilesdir}/%{name}.conf %else #SysVinit install -D -m 0755 %{S:11} %{buildroot}/%{_sysconfdir}/init.d/%{name} ln -sf %{_sysconfdir}/init.d/%{name} %{buildroot}/%{_sbindir}/rc%{name} %endif +%fdupes -s %{buildroot}%{_sysconfdir}/%{name} + %find_lang %{name} %pre @@ -233,7 +231,7 @@ %post %if 0%{?has_systemd} %service_add_post %{name}.service -/usr/bin/systemd-tmpfiles --create %{name}.conf || : +%tmpfiles_create %{_tmpfilesdir}/%{name}.conf || : %else %{fillup_and_insserv -f proftpd} install -d %{_localstatedir}/run/%{name} @@ -266,8 +264,6 @@ %defattr(-,root,root) %doc COPYING CREDITS ChangeLog NEWS README* RELEASE_NOTES %doc contrib/README.* -#%doc contrib/xferstats.holger-preiss* -#%doc contrib/ftpasswd contrib/ftpquota %doc sample-configurations/*.conf %dir %attr(0755,root,root) %{_sysconfdir}/%{name}/ %dir %attr(0750,ftp,ftp) %{_sysconfdir}/%{name}/auth/ @@ -278,14 +274,14 @@ %dir %attr(0755,root,root) %{_sysconfdir}/%{name}/includes/ %config %{_sysconfdir}/%{name}/includes/limit.template %config(noreplace) %attr(0640,root,root) %{_sysconfdir}/%{name}/%{name}.conf -%{_sysconfdir}/%{name}/PROFTPD-MIB.txt +%config %{_sysconfdir}/%{name}/PROFTPD-MIB.txt %dir %attr(0700,ftp,ftp) %{_sysconfdir}/%{name}/ssl/ %config %{_sys
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2017-07-21 22:50:41 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new (New) Package is "proftpd" Fri Jul 21 22:50:41 2017 rev:30 rq:511756 version:1.3.5d Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2017-06-20 09:41:00.322907538 +0200 +++ /work/SRC/openSUSE:Factory/.proftpd.new/proftpd.changes 2017-07-21 22:50:42.317674287 +0200 @@ -1,0 +2,5 @@ +Fri Jul 21 04:43:44 UTC 2017 - bwiedem...@suse.com + +- Sort SHARED_MODS list to fix build compare (boo#1041090) + +--- Other differences: -- ++ proftpd.spec ++ --- /var/tmp/diff_new_pack.XBWtsZ/_old 2017-07-21 22:50:43.553499959 +0200 +++ /var/tmp/diff_new_pack.XBWtsZ/_new 2017-07-21 22:50:43.557499394 +0200 @@ -159,7 +159,7 @@ %build rm contrib/mod_wrap.c -PROFTPD_SHARED_MODS="$(for spec_mod in $(find contrib -name mod_\*.c); do echo "$(basename ${spec_mod%%.c})"; done | tr '\n' ':' | sed -e 's|:$||')" +PROFTPD_SHARED_MODS="$(for spec_mod in $(find contrib -name mod_\*.c|sort); do echo "$(basename ${spec_mod%%.c})"; done | tr '\n' ':' | sed -e 's|:$||')" export CFLAGS="%{optflags} -D_GNU_SOURCE -DLDAP_DEPRECATED" export CXXFLAGS="$CFLAGS" %configure --disable-static \
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2017-06-20 09:40:59 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new (New) Package is "proftpd" Tue Jun 20 09:40:59 2017 rev:29 rq:504771 version:1.3.5d Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2017-04-12 18:19:03.517841216 +0200 +++ /work/SRC/openSUSE:Factory/.proftpd.new/proftpd.changes 2017-06-20 09:41:00.322907538 +0200 @@ -1,0 +2,5 @@ +Fri Jun 16 08:28:42 UTC 2017 - nmou...@suse.com + +- Removed xinetd service + +--- Other differences: -- ++ proftpd.spec ++ --- /var/tmp/diff_new_pack.DJzrj9/_old 2017-06-20 09:41:02.226639124 +0200 +++ /var/tmp/diff_new_pack.DJzrj9/_new 2017-06-20 09:41:02.230638560 +0200 @@ -18,10 +18,10 @@ Name: proftpd Summary:Highly configurable GPL-licensed FTP server software -License:GPL-2.0+ -Group: Productivity/Networking/Ftp/Servers # Please save your time and do not update to "rc" versions. # We only accept updates for "STABLE" Versions +License:GPL-2.0+ +Group: Productivity/Networking/Ftp/Servers Version:1.3.5d Release:0 Url:http://www.proftpd.org/ @@ -190,7 +190,6 @@ %install %makeinstall INSTALL_USER=`id -un` INSTALL_GROUP=`id -gn` install -D -m 0644 contrib/dist/rpm/ftp.pamd %{buildroot}/%{_sysconfdir}/pam.d/%{name} -install -D -m 0644 contrib/dist/rpm/xinetd %{buildroot}/%{_sysconfdir}/xinetd.d/%{name} install -D -m 0644 contrib/dist/rpm/%{name}.logrotate %{buildroot}/%{_sysconfdir}/logrotate.d/%{name} # rm -fv %{buildroot}/%{_libdir}/%{name}/*.{a,la} @@ -284,7 +283,6 @@ %config %{_sysconfdir}/%{name}/ssl/README %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %config(noreplace) %{_sysconfdir}/pam.d/%{name} -%config(noreplace) %{_sysconfdir}/xinetd.d/%{name} %config(noreplace) %{_sysconfdir}/%{name}/blacklist.dat %config(noreplace) %{_sysconfdir}/%{name}/dhparams.pem %dir %attr(0750,ftp,ftp) %{_localstatedir}/log/%{name}
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2017-04-12 17:35:38 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new (New) Package is "proftpd" Wed Apr 12 17:35:38 2017 rev:28 rq:486641 version:1.3.5d Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2017-04-06 11:03:14.794286322 +0200 +++ /work/SRC/openSUSE:Factory/.proftpd.new/proftpd.changes 2017-04-12 18:19:03.517841216 +0200 @@ -1,0 +2,13 @@ +Fri Apr 7 20:49:37 UTC 2017 - ch...@computersalat.de + +- fix for boo#1032443 (CVE-2017-7418) + * AllowChrootSymlinks not enforced by replacing a path component +with a symbolic link + * add upstream commit (ecff21e0d0e84f35c299ef91d7fda088e516d4ed) +as proftpd-AllowChrootSymlinks.patch +- fix proftpd-tls.template + * reduce TLS protocols to TLSv1.1 and TLSv1.2 + * disable TLSCACertificateFile + * add TLSCertificateChainFile + +--- New: proftpd-AllowChrootSymlinks.patch Other differences: -- ++ proftpd.spec ++ --- /var/tmp/diff_new_pack.FlhgXE/_old 2017-04-12 18:19:04.693674949 +0200 +++ /var/tmp/diff_new_pack.FlhgXE/_new 2017-04-12 18:19:04.697674383 +0200 @@ -18,10 +18,10 @@ Name: proftpd Summary:Highly configurable GPL-licensed FTP server software -# Please save your time and do not update to "rc" versions. -# We only accept updates for "STABLE" Versions License:GPL-2.0+ Group: Productivity/Networking/Ftp/Servers +# Please save your time and do not update to "rc" versions. +# We only accept updates for "STABLE" Versions Version:1.3.5d Release:0 Url:http://www.proftpd.org/ @@ -35,6 +35,10 @@ Source16: %{name}-tls.template Source17: %{name}-limit.template Source18: %{name}-ssl.README +#PATCH-FIX-UPSTREAM (CVE-2017-7418): +# AllowChrootSymlinks not enforced by replacing a path component with a symbolic link +### github commit: ecff21e0d0e84f35c299ef91d7fda088e516d4ed +Patch0: %{name}-AllowChrootSymlinks.patch #PATCH-FIX-openSUSE: pam, logrotate, xinet Patch100: %{name}-dist.patch #PATCH-FIX-openSUSE: provide a useful default config @@ -144,6 +148,8 @@ #gpg_verify %{S:1} %setup -q rm README.AIX +%patch0 -p1 +# %patch100 %patch101 %patch102 ++ proftpd-AllowChrootSymlinks.patch ++ commit ecff21e0d0e84f35c299ef91d7fda088e516d4ed Author: TJ Saunders Date: Mon Mar 6 08:31:29 2017 -0800 Backporting recursive handling of DefaultRoot path, when AllowChrootSymlinks is off, to 1.3.5 branch. (CVE-2017-7418) diff --git a/modules/mod_auth.c b/modules/mod_auth.c index 386576162..410215979 100644 --- a/modules/mod_auth.c +++ b/modules/mod_auth.c @@ -2,7 +2,7 @@ * ProFTPD - FTP server daemon * Copyright (c) 1997, 1998 Public Flood Software * Copyright (c) 1999, 2000 MacGyver aka Habeeb J. Dihu - * Copyright (c) 2001-2016 The ProFTPD Project team + * Copyright (c) 2001-2017 The ProFTPD Project team * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -688,9 +688,66 @@ static char *get_default_chdir(pool *p, xaset_t *conf) { return dir; } -/* Determine if the user (non-anon) needs a default root dir other than /. - */ +static int is_symlink_path(pool *p, const char *path, size_t pathlen) { + int res, xerrno = 0; + struct stat st; + char *ptr; + + if (pathlen == 0) { +return 0; + } + + pr_fs_clear_cache(); + res = pr_fsio_lstat(path, &st); + if (res < 0) { +xerrno = errno; + +pr_log_pri(PR_LOG_WARNING, "error: unable to check %s: %s", path, + strerror(xerrno)); + +errno = xerrno; +return -1; + } + if (S_ISLNK(st.st_mode)) { +errno = EPERM; +return -1; + } + + /* To handle the case where a component further up the path might be a + * symlink (which lstat(2) will NOT handle), we walk the path backwards, + * calling ourselves recursively. + */ + + ptr = strrchr(path, '/'); + if (ptr != NULL) { +char *new_path; +size_t new_pathlen; + +pr_signals_handle(); + +new_pathlen = ptr - path; + +/* Make sure our pointer actually changed position. */ +if (new_pathlen == pathlen) { + return 0; +} + +new_path = pstrndup(p, path, new_pathlen); + +pr_log_debug(DEBUG10, + "AllowChrootSymlink: path '%s' not a symlink, checking '%s'", path, + new_path); +res = is_symlink_path(p, new_path, new_pathlen); +if (res < 0) { + return -1; +} + } + + return 0; +} + +/* Determine if the user (non-anon) needs a default root dir
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2017-04-06 11:03:03 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new (New) Package is "proftpd" Thu Apr 6 11:03:03 2017 rev:27 rq:485216 version:1.3.5d Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2017-03-12 20:02:26.778947859 +0100 +++ /work/SRC/openSUSE:Factory/.proftpd.new/proftpd.changes 2017-04-06 11:03:14.794286322 +0200 @@ -1,0 +2,7 @@ +Thu Mar 23 15:05:22 UTC 2017 - jeng...@inai.de + +- Remove --with-pic, there are no static libs. +- Replace %__-type macro indirections. +- Replace old $RPM shell vars by macros. + +--- Other differences: -- ++ proftpd.spec ++ --- /var/tmp/diff_new_pack.F9FP8q/_old 2017-04-06 11:03:16.226083958 +0200 +++ /var/tmp/diff_new_pack.F9FP8q/_new 2017-04-06 11:03:16.230083393 +0200 @@ -18,10 +18,10 @@ Name: proftpd Summary:Highly configurable GPL-licensed FTP server software -License:GPL-2.0+ -Group: Productivity/Networking/Ftp/Servers # Please save your time and do not update to "rc" versions. # We only accept updates for "STABLE" Versions +License:GPL-2.0+ +Group: Productivity/Networking/Ftp/Servers Version:1.3.5d Release:0 Url:http://www.proftpd.org/ @@ -143,7 +143,7 @@ %prep #gpg_verify %{S:1} %setup -q -%{__rm} README.AIX +rm README.AIX %patch100 %patch101 %patch102 @@ -154,9 +154,9 @@ %build rm contrib/mod_wrap.c PROFTPD_SHARED_MODS="$(for spec_mod in $(find contrib -name mod_\*.c); do echo "$(basename ${spec_mod%%.c})"; done | tr '\n' ':' | sed -e 's|:$||')" -export CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -DLDAP_DEPRECATED" +export CFLAGS="%{optflags} -D_GNU_SOURCE -DLDAP_DEPRECATED" export CXXFLAGS="$CFLAGS" -%configure --disable-static --with-pic \ +%configure --disable-static \ --bindir=%{_sbindir} \ --libexecdir=%{_libdir}/%{name} \ --sysconfdir=%{_sysconfdir}/%{name} \ @@ -179,36 +179,36 @@ --disable-strip #--enable-memcache \ -%{__make} %{?_smp_mflags} +make %{?_smp_mflags} %install %makeinstall INSTALL_USER=`id -un` INSTALL_GROUP=`id -gn` -%{__install} -D -m 0644 contrib/dist/rpm/ftp.pamd $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/%{name} -%{__install} -D -m 0644 contrib/dist/rpm/xinetd $RPM_BUILD_ROOT%{_sysconfdir}/xinetd.d/%{name} -%{__install} -D -m 0644 contrib/dist/rpm/%{name}.logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/%{name} +install -D -m 0644 contrib/dist/rpm/ftp.pamd %{buildroot}/%{_sysconfdir}/pam.d/%{name} +install -D -m 0644 contrib/dist/rpm/xinetd %{buildroot}/%{_sysconfdir}/xinetd.d/%{name} +install -D -m 0644 contrib/dist/rpm/%{name}.logrotate %{buildroot}/%{_sysconfdir}/logrotate.d/%{name} # -%{__rm} -fv $RPM_BUILD_ROOT%{_libdir}/%{name}/*.{a,la} +rm -fv %{buildroot}/%{_libdir}/%{name}/*.{a,la} # install ftpasswd -%{__install} -D -m 0755 contrib/ftpasswd $RPM_BUILD_ROOT%{_sbindir}/ +install -D -m 0755 contrib/ftpasswd %{buildroot}/%{_sbindir}/ # some needed dirs -%{__install} -D -m 0440 %{S:12} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/auth/passwd -%{__install} -D -m 0644 %{S:16} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/conf.d/tls.template -%{__install} -D -m 0644 %{S:18} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/conf.d/README -%{__install} -D -m 0644 %{S:17} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/includes/limit.template -%{__install} -D -m 0644 %{S:18} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/ssl/README -%{__install} -d -m 0750 $RPM_BUILD_ROOT/var/log/%{name} +install -D -m 0440 %{S:12} %{buildroot}/%{_sysconfdir}/%{name}/auth/passwd +install -D -m 0644 %{S:16} %{buildroot}/%{_sysconfdir}/%{name}/conf.d/tls.template +install -D -m 0644 %{S:18} %{buildroot}/%{_sysconfdir}/%{name}/conf.d/README +install -D -m 0644 %{S:17} %{buildroot}/%{_sysconfdir}/%{name}/includes/limit.template +install -D -m 0644 %{S:18} %{buildroot}/%{_sysconfdir}/%{name}/ssl/README +install -d -m 0750 %{buildroot}/var/log/%{name} # systemd vs SysVinit %if 0%{?has_systemd} -%{__install} -D -m 0644 %{S:13} %{buildroot}%{_unitdir}/%{name}.service -%{__ln_s} -f %{_sbindir}/service $RPM_BUILD_ROOT%{_sbindir}/rc%{name} +install -D -m 0644 %{S:13} %{buildroot}%{_unitdir}/%{name}.service +ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rc%{name} # systemd need to create a tmp dir: /run/proftpd -%{__install} -D -m 0644 %{S:14} %{buildroot}%{_prefix}/lib/tmpfiles.d/%{name}.conf +install -D -m 0644 %{S:14} %{buildroot}%{_prefix}/lib/tmpfiles.d/%{name}.conf %else #SysVinit -%{__install} -D -m 0755 %{S:11} $RPM_BUILD_ROOT%{_sysconfdir}/
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2017-03-12 20:02:25 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new (New) Package is "proftpd" Sun Mar 12 20:02:25 2017 rev:26 rq:477364 version:1.3.5d Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2017-02-09 11:16:13.333930979 +0100 +++ /work/SRC/openSUSE:Factory/.proftpd.new/proftpd.changes 2017-03-12 20:02:26.778947859 +0100 @@ -1,0 +2,9 @@ +Mon Mar 6 22:32:07 UTC 2017 - ch...@computersalat.de + +- fix and update proftpd-basic.conf.patch +- add some sample config and templates for tls + * proftpd-tls.template + * proftpd-limit.conf + * proftpd-ssl.README + +--- New: proftpd-limit.template proftpd-ssl.README proftpd-tls.template Other differences: -- ++ proftpd.spec ++ --- /var/tmp/diff_new_pack.imK9OP/_old 2017-03-12 20:02:29.474566428 +0100 +++ /var/tmp/diff_new_pack.imK9OP/_new 2017-03-12 20:02:29.474566428 +0100 @@ -32,6 +32,9 @@ Source13: %{name}.service Source14: %{name}.tmpfile Source15: %{name}.keyring +Source16: %{name}-tls.template +Source17: %{name}-limit.template +Source18: %{name}-ssl.README #PATCH-FIX-openSUSE: pam, logrotate, xinet Patch100: %{name}-dist.patch #PATCH-FIX-openSUSE: provide a useful default config @@ -190,8 +193,11 @@ %{__install} -D -m 0755 contrib/ftpasswd $RPM_BUILD_ROOT%{_sbindir}/ # some needed dirs -%{__install} -d $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/{conf.d,auth} -%{__install} -m 0440 %{S:12} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/auth/passwd +%{__install} -D -m 0440 %{S:12} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/auth/passwd +%{__install} -D -m 0644 %{S:16} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/conf.d/tls.template +%{__install} -D -m 0644 %{S:18} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/conf.d/README +%{__install} -D -m 0644 %{S:17} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/includes/limit.template +%{__install} -D -m 0644 %{S:18} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/ssl/README %{__install} -d -m 0750 $RPM_BUILD_ROOT/var/log/%{name} # systemd vs SysVinit @@ -261,9 +267,15 @@ %dir %attr(0755,root,root) %{_sysconfdir}/%{name}/ %dir %attr(0750,ftp,ftp) %{_sysconfdir}/%{name}/auth/ %config(noreplace) %attr(0440,root,ftp) %{_sysconfdir}/%{name}/auth/passwd -%dir %attr(0755,root,root) %{_sysconfdir}/%{name}/conf.d +%dir %attr(0755,root,root) %{_sysconfdir}/%{name}/conf.d/ +%config %{_sysconfdir}/%{name}/conf.d/tls.template +%config %{_sysconfdir}/%{name}/conf.d/README +%dir %attr(0755,root,root) %{_sysconfdir}/%{name}/includes/ +%config %{_sysconfdir}/%{name}/includes/limit.template %config(noreplace) %attr(0640,root,root) %{_sysconfdir}/%{name}/%{name}.conf %{_sysconfdir}/%{name}/PROFTPD-MIB.txt +%dir %attr(0700,ftp,ftp) %{_sysconfdir}/%{name}/ssl/ +%config %{_sysconfdir}/%{name}/ssl/README %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %config(noreplace) %{_sysconfdir}/pam.d/%{name} %config(noreplace) %{_sysconfdir}/xinetd.d/%{name} ++ proftpd-basic.conf.patch ++ --- /var/tmp/diff_new_pack.imK9OP/_old 2017-03-12 20:02:29.514560768 +0100 +++ /var/tmp/diff_new_pack.imK9OP/_new 2017-03-12 20:02:29.518560203 +0100 @@ -38,7 +38,7 @@ # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections -@@ -23,43 +33,192 @@ Umask 022 +@@ -23,43 +33,210 @@ Umask 022 # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd). @@ -170,7 +170,7 @@ +# -+# Include other confs ++# Include other confs, e.g. tls.conf +#Include /etc/proftpd/conf.d/*.conf + +# @@ -206,6 +206,14 @@ + # Deny from All + # + ++ ## or 'Include' a limit file with rules ++ ## include one file and use more than once ;) ++ # ++ # Order Allow,Deny ++ # Include /etc/proftpd/includes/limit.conf ++ # Deny from All ++ # ++ + # Limit WRITE everywhere in the anonymous chroot + + DenyAll @@ -246,14 +254,24 @@ + # + # + ++ ## or 'Include' a limit file with rules ++ ## include one file and use more than once ;) ++ # ++ # ++ # Order Allow,Deny ++ # Include /etc/proftpd/includes/limit.conf ++ # Deny from All ++ # ++ # ++ + # An upload directory that allows storing files but not retrieving
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2017-02-09 11:16:12 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new (New) Package is "proftpd" Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2017-01-24 10:34:07.904185019 +0100 +++ /work/SRC/openSUSE:Factory/.proftpd.new/proftpd.changes 2017-02-09 11:16:13.333930979 +0100 @@ -1,0 +2,7 @@ +Sun Feb 5 20:03:18 UTC 2017 - ch...@computersalat.de + +- backport upstream feature + * include-in-limit-section (gh#410) + * add proftpd_include-in-limit-section.patch + +--- New: proftpd_include-in-limit-section.patch Other differences: -- ++ proftpd.spec ++ --- /var/tmp/diff_new_pack.0Ghd3i/_old 2017-02-09 11:16:14.425776762 +0100 +++ /var/tmp/diff_new_pack.0Ghd3i/_new 2017-02-09 11:16:14.433775631 +0100 @@ -42,6 +42,8 @@ Patch103: %{name}-strip.patch #PATCH-FIX-openSUSE: file-contains-date-and-time Patch104: %{name}-no_BuildDate.patch +#PATCH-Feature-back-port: include-in-limit-section +Patch105: %{name}_include-in-limit-section.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build #BuildRequires: gpg-offline BuildRequires: krb5-devel @@ -144,6 +146,7 @@ %patch102 %patch103 %patch104 +%patch105 %build rm contrib/mod_wrap.c ++ proftpd_include-in-limit-section.patch ++ Index: RELEASE_NOTES === --- RELEASE_NOTES.orig +++ RELEASE_NOTES @@ -12,6 +12,16 @@ ChangeLog files. + Fixed regression where all normal FTP users were handled as anonymous users. + + Changed Configuration Directives + +Include + The Include directive can now be used within a section, e.g.: + + + Include /path/to/allowed.txt + DenyAll + + 1.3.5c - Index: doc/modules/mod_core.html === --- doc/modules/mod_core.html.orig +++ doc/modules/mod_core.html @@ -510,7 +510,7 @@ See also: Hid Include Syntax: Include path|pattern Default: None -Context: server config,, , , +Context: server config, , , , , Module: mod_core Compatibility: 1.2.10rc1 and later Index: modules/mod_core.c === --- modules/mod_core.c.orig +++ modules/mod_core.c @@ -334,7 +334,7 @@ MODRET add_include(cmd_rec *cmd) { int res; CHECK_ARGS(cmd, 1); - CHECK_CONF(cmd, CONF_ROOT|CONF_VIRTUAL|CONF_ANON|CONF_GLOBAL|CONF_DIR); + CHECK_CONF(cmd, CONF_ROOT|CONF_VIRTUAL|CONF_ANON|CONF_GLOBAL|CONF_LIMIT|CONF_DIR); /* Make sure the given path is a valid path. */
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2017-01-24 10:34:05 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new (New) Package is "proftpd" Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2016-05-14 12:23:47.0 +0200 +++ /work/SRC/openSUSE:Factory/.proftpd.new/proftpd.changes 2017-01-24 10:34:07.904185019 +0100 @@ -1,0 +2,26 @@ +Tue Jan 17 19:53:55 UTC 2017 - ch...@computersalat.de + +- update to 1.3.5d + * gh#4283 - All FTP logins treated as anonymous logins again. This is a + regression of gh#3307. + +--- +Sun Jan 15 21:01:43 UTC 2017 - ch...@computersalat.de + +- update to 1.3.5c + * SSH rekey during authentication can cause issues with clients. + * Recursive SCP uploads of multiple directories not handled properly. + * LIST returns different results for file, depending on path syntax. + * "AuthAliasOnly on" in server config breaks anonymous logins. + * CapabilitiesEngine directive not honored for / +sections. + * Support OpenSSL 1.1.x API. + * Memory leak when mod_facl is used. +-rebase proftpd-no_BuildDate.patch + +--- +Sat Aug 27 22:42:48 UTC 2016 - ch...@computersalat.de + +- fix systemd vs SysVinit + +--- Old: proftpd-1.3.5b.tar.gz proftpd-1.3.5b.tar.gz.asc New: proftpd-1.3.5d.tar.gz proftpd-1.3.5d.tar.gz.asc Other differences: -- ++ proftpd.spec ++ --- /var/tmp/diff_new_pack.WEmtt5/_old 2017-01-24 10:34:09.435967850 +0100 +++ /var/tmp/diff_new_pack.WEmtt5/_new 2017-01-24 10:34:09.439967282 +0100 @@ -1,7 +1,7 @@ # # spec file for package proftpd # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ Group: Productivity/Networking/Ftp/Servers # Please save your time and do not update to "rc" versions. # We only accept updates for "STABLE" Versions -Version:1.3.5b +Version:1.3.5d Release:0 Url:http://www.proftpd.org/ Source0:ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz @@ -68,6 +68,8 @@ BuildRequires: systemd %{?systemd_requires} %define has_systemd 1 +%else +Requires(pre): %insserv_prereq %endif %description @@ -178,8 +180,6 @@ %{__install} -D -m 0644 contrib/dist/rpm/ftp.pamd $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/%{name} %{__install} -D -m 0644 contrib/dist/rpm/xinetd $RPM_BUILD_ROOT%{_sysconfdir}/xinetd.d/%{name} %{__install} -D -m 0644 contrib/dist/rpm/%{name}.logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/%{name} -%{__install} -D -m 0755 %{S:11} $RPM_BUILD_ROOT%{_sysconfdir}/init.d/%{name} -%{__ln_s} -f %{_sysconfdir}/init.d/%{name} $RPM_BUILD_ROOT%{_sbindir}/rc%{name} # %{__rm} -fv $RPM_BUILD_ROOT%{_libdir}/%{name}/*.{a,la} @@ -191,33 +191,32 @@ %{__install} -m 0440 %{S:12} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/auth/passwd %{__install} -d -m 0750 $RPM_BUILD_ROOT/var/log/%{name} +# systemd vs SysVinit %if 0%{?has_systemd} %{__install} -D -m 0644 %{S:13} %{buildroot}%{_unitdir}/%{name}.service +%{__ln_s} -f %{_sbindir}/service $RPM_BUILD_ROOT%{_sbindir}/rc%{name} # systemd need to create a tmp dir: /run/proftpd %{__install} -D -m 0644 %{S:14} %{buildroot}%{_prefix}/lib/tmpfiles.d/%{name}.conf +%else #SysVinit +%{__install} -D -m 0755 %{S:11} $RPM_BUILD_ROOT%{_sysconfdir}/init.d/%{name} +%{__ln_s} -f %{_sysconfdir}/init.d/%{name} $RPM_BUILD_ROOT%{_sbindir}/rc%{name} %endif %find_lang %{name} %pre -# on `rpm -ivh` PARAM is 1 -# on `rpm -Uvh` PARAM is 2 -#if [ "$1" = "1" ]; then %if 0%{?has_systemd} %service_add_pre %{name}.service %endif %preun -# on `rpm -e` PARAM is 0 -%stop_on_removal proftpd - %if 0%{?has_systemd} %service_del_preun %{name}.service +%else +%stop_on_removal %{name} %endif %post -# on `rpm -ivh` PARAM is 1 -# on `rpm -Uvh` PARAM is 2 %if 0%{?has_systemd} %service_add_post %{name}.service /usr/bin/systemd-tmpfiles --create %{name}.conf || : @@ -227,14 +226,11 @@ %endif %postun -# on `rpm -e` PARAM is 0 -if [ "$1" = "0" ]; then - %{insserv_cleanup} -fi -%restart_on_update proftpd - %if 0%{?has_systemd} %service_del_postun %{name}.service +%else +%restart_on_update %{name} +%{insserv_cleanup} %endif %if 0%{?lang_package:1} > 0 @@ -270,7 +266,6 @@ %config(noreplace) %{_sysconfdir}/xinetd.d/%
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2016-05-14 12:23:46 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new (New) Package is "proftpd" Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2016-05-11 16:37:34.0 +0200 +++ /work/SRC/openSUSE:Factory/.proftpd.new/proftpd.changes 2016-05-14 12:23:47.0 +0200 @@ -1,0 +2,6 @@ +Sun May 8 22:05:07 UTC 2016 - jeng...@inai.de + +- Remove redundant spec sections +- Ensure systemd-tmpfiles is called for the provied config file + +--- Other differences: -- ++ proftpd.spec ++ --- /var/tmp/diff_new_pack.7NHkrO/_old 2016-05-14 12:23:48.0 +0200 +++ /var/tmp/diff_new_pack.7NHkrO/_new 2016-05-14 12:23:48.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package proftpd # -# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -220,8 +220,7 @@ # on `rpm -Uvh` PARAM is 2 %if 0%{?has_systemd} %service_add_post %{name}.service - -%{__install} -d /run/%{name} +/usr/bin/systemd-tmpfiles --create %{name}.conf || : %else %{fillup_and_insserv -f proftpd} %{__install} -d %{_localstatedir}/run/%{name} @@ -238,13 +237,10 @@ %service_del_postun %{name}.service %endif -%clean -%{__rm} -rf %{buildroot} - %if 0%{?lang_package:1} > 0 %files lang -f %{name}.lang %if 0%{?sles_version} == 11 -%defattr(-,root,root,-) +%defattr(-,root,root) %dir %{_datadir}/locale/bg_BG %dir %{_datadir}/locale/bg_BG/LC_MESSAGES %dir %{_datadir}/locale/ja_JP @@ -257,7 +253,7 @@ %else %files -f %{name}.lang %endif -%defattr(-,root,root,-) +%defattr(-,root,root) %doc COPYING CREDITS ChangeLog NEWS README* RELEASE_NOTES %doc contrib/README.* #%doc contrib/xferstats.holger-preiss* @@ -292,32 +288,32 @@ %endif %files devel -%defattr(-,root,root,-) +%defattr(-,root,root) %{_includedir}/%{name} %{_libdir}/pkgconfig/%{name}.pc %files ldap -%defattr(-,root,root,-) +%defattr(-,root,root) %{_libdir}/%{name}/mod_ldap.so %files mysql -%defattr(-,root,root,-) +%defattr(-,root,root) %{_libdir}/%{name}/mod_sql_mysql.so %files pgsql -%defattr(-,root,root,-) +%defattr(-,root,root) %{_libdir}/%{name}/mod_sql_postgres.so %files radius -%defattr(-,root,root,-) +%defattr(-,root,root) %{_libdir}/%{name}/mod_radius.so %files sqlite -%defattr(-,root,root,-) +%defattr(-,root,root) %{_libdir}/%{name}/mod_sql_sqlite.so %files doc -%defattr(-,root,root,-) +%defattr(-,root,root) %doc doc/*.html doc/contrib doc/howto doc/modules %changelog
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2016-05-11 16:37:32 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new (New) Package is "proftpd" Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2015-06-02 10:07:42.0 +0200 +++ /work/SRC/openSUSE:Factory/.proftpd.new/proftpd.changes 2016-05-11 16:37:34.0 +0200 @@ -1,0 +2,11 @@ +Sun May 8 19:25:45 UTC 2016 - ch...@computersalat.de + +- fix for boo#970890 (CVE-2016-3125) +- update to 1.3.5b: + http://www.proftpd.org/docs/RELEASE_NOTES-1.3.5b + * SSH RSA hostkeys smaller than 2048 bits now work properly. + * MLSD response lines are now properly CRLF terminated. + * Fixed selection of DH groups from TLSDHParamFile. +- rebase proftpd-no_BuildDate.patch + +--- Old: proftpd-1.3.5a.tar.gz proftpd-1.3.5a.tar.gz.asc New: proftpd-1.3.5b.tar.gz proftpd-1.3.5b.tar.gz.asc Other differences: -- ++ proftpd.spec ++ --- /var/tmp/diff_new_pack.bski5d/_old 2016-05-11 16:37:36.0 +0200 +++ /var/tmp/diff_new_pack.bski5d/_new 2016-05-11 16:37:36.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package proftpd # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ Group: Productivity/Networking/Ftp/Servers # Please save your time and do not update to "rc" versions. # We only accept updates for "STABLE" Versions -Version:1.3.5a +Version:1.3.5b Release:0 Url:http://www.proftpd.org/ Source0:ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz ++ proftpd-1.3.5a.tar.gz -> proftpd-1.3.5b.tar.gz ++ /work/SRC/openSUSE:Factory/proftpd/proftpd-1.3.5a.tar.gz /work/SRC/openSUSE:Factory/.proftpd.new/proftpd-1.3.5b.tar.gz differ: char 13, line 1 ++ proftpd-no_BuildDate.patch ++ --- /var/tmp/diff_new_pack.bski5d/_old 2016-05-11 16:37:36.0 +0200 +++ /var/tmp/diff_new_pack.bski5d/_new 2016-05-11 16:37:36.0 +0200 @@ -65,13 +65,13 @@ -#include "buildstamp.h" - /* Application version (in various forms) */ - #define PROFTPD_VERSION_NUMBER0x0001030507 - #define PROFTPD_VERSION_TEXT "1.3.5a" + #define PROFTPD_VERSION_NUMBER0x0001030508 + #define PROFTPD_VERSION_TEXT "1.3.5b" Index: src/main.c === --- src/main.c.orig +++ src/main.c -@@ -2426,8 +2426,8 @@ static void standalone_main(void) { +@@ -2435,8 +2435,8 @@ static void standalone_main(void) { init_bindings(); @@ -82,7 +82,7 @@ pr_pidfile_write(); daemon_loop(); -@@ -2482,7 +2482,6 @@ static void show_settings(void) { +@@ -2491,7 +2491,6 @@ static void show_settings(void) { printf("%s", " Platform: " PR_PLATFORM " [unknown]\n"); #endif /* !HAVE_UNAME */ @@ -90,7 +90,7 @@ printf("%s", " Built With:\nconfigure " PR_BUILD_OPTS "\n\n"); printf("%s", " CFLAGS: " PR_BUILD_CFLAGS "\n"); -@@ -3000,7 +2999,6 @@ int main(int argc, char *argv[], char ** +@@ -3009,7 +3008,6 @@ int main(int argc, char *argv[], char ** printf("ProFTPD Version: %s", PROFTPD_VERSION_TEXT " " PR_STATUS "\n"); printf(" Scoreboard Version: %08x\n", PR_SCOREBOARD_VERSION);
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2015-06-02 10:07:40 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new (New) Package is "proftpd" Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2014-09-03 20:48:29.0 +0200 +++ /work/SRC/openSUSE:Factory/.proftpd.new/proftpd.changes 2015-06-02 10:07:42.0 +0200 @@ -1,0 +2,14 @@ +Sun May 31 18:54:45 UTC 2015 - ch...@computersalat.de + +- fix for boo#927290 (CVE-2015-3306) +- update to 1.3.5a: + See http://www.proftpd.org/docs/NEWS-1.3.5a +- rebase patches + * proftpd-ftpasswd.patch + * proftpd-no_BuildDate.patch +- remove gpg-offline dependency +- fix permissions on passwd file + * unable to use world-readable AuthUserFile '.../passwd' (perms 0644): + * 0644 -> 0440 + +--- Old: proftpd-1.3.5.tar.gz proftpd-1.3.5.tar.gz.asc New: proftpd-1.3.5a.tar.gz proftpd-1.3.5a.tar.gz.asc Other differences: -- ++ proftpd.spec ++ --- /var/tmp/diff_new_pack.UvFclE/_old 2015-06-02 10:07:43.0 +0200 +++ /var/tmp/diff_new_pack.UvFclE/_new 2015-06-02 10:07:43.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package proftpd # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ Group: Productivity/Networking/Ftp/Servers # Please save your time and do not update to "rc" versions. # We only accept updates for "STABLE" Versions -Version:1.3.5 +Version:1.3.5a Release:0 Url:http://www.proftpd.org/ Source0:ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz @@ -43,7 +43,7 @@ #PATCH-FIX-openSUSE: file-contains-date-and-time Patch104: %{name}-no_BuildDate.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: gpg-offline +#BuildRequires: gpg-offline BuildRequires: krb5-devel BuildRequires: libacl-devel BuildRequires: libattr-devel @@ -134,14 +134,14 @@ Here are Documentation for ProFTPD %prep -%gpg_verify %{S:1} +#gpg_verify %{S:1} %setup -q %{__rm} README.AIX %patch100 %patch101 %patch102 %patch103 -%patch104 -p1 +%patch104 %build rm contrib/mod_wrap.c @@ -188,7 +188,7 @@ # some needed dirs %{__install} -d $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/{conf.d,auth} -%{__install} -m 0644 %{S:12} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/auth/passwd +%{__install} -m 0440 %{S:12} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/auth/passwd %{__install} -d -m 0750 $RPM_BUILD_ROOT/var/log/%{name} %if 0%{?has_systemd} @@ -265,7 +265,7 @@ %doc sample-configurations/*.conf %dir %attr(0755,root,root) %{_sysconfdir}/%{name}/ %dir %attr(0750,ftp,ftp) %{_sysconfdir}/%{name}/auth/ -%config(noreplace) %attr(0644,root,ftp) %{_sysconfdir}/%{name}/auth/passwd +%config(noreplace) %attr(0440,root,ftp) %{_sysconfdir}/%{name}/auth/passwd %dir %attr(0755,root,root) %{_sysconfdir}/%{name}/conf.d %config(noreplace) %attr(0640,root,root) %{_sysconfdir}/%{name}/%{name}.conf %{_sysconfdir}/%{name}/PROFTPD-MIB.txt ++ proftpd-1.3.5.tar.gz -> proftpd-1.3.5a.tar.gz ++ /work/SRC/openSUSE:Factory/proftpd/proftpd-1.3.5.tar.gz /work/SRC/openSUSE:Factory/.proftpd.new/proftpd-1.3.5a.tar.gz differ: char 5, line 1 ++ proftpd-ftpasswd.patch ++ --- /var/tmp/diff_new_pack.UvFclE/_old 2015-06-02 10:07:43.0 +0200 +++ /var/tmp/diff_new_pack.UvFclE/_new 2015-06-02 10:07:43.0 +0200 @@ -2,7 +2,7 @@ === --- contrib/ftpasswd.orig +++ contrib/ftpasswd -@@ -33,8 +33,8 @@ use Getopt::Long; +@@ -34,8 +34,8 @@ use Getopt::Long; $Getopt::Long::auto_abbrev = 0; my $program = basename($0); @@ -13,7 +13,7 @@ my $shell_file = "/etc/shells"; my $default_cracklib_dict = "/usr/lib/cracklib_dict"; my $cracklib_dict; -@@ -921,6 +921,46 @@ usage: $program [--help] [--hash|--group +@@ -1074,6 +1074,46 @@ usage: $program [--help] [--hash|--group --version Displays the version of $program. ++ proftpd-no_BuildDate.patch ++ --- /var/tmp/diff_new_pack.UvFclE/_old 2015-06-02 10:07:43.0 +0200 +++ /var/tmp/diff_new_pack.UvFclE/_new 2015-06-02 10:07:43.0 +0200 @@ -5,10 +5,10 @@ src/main.c|6 ++ 4 files changed, 9 insertions(+), 15 deletions(-) -Index: proftpd-1.3.5/Makefile.in +Index: Makefile.in ==
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2014-09-03 18:23:05 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new (New) Package is "proftpd" Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2014-03-26 16:41:45.0 +0100 +++ /work/SRC/openSUSE:Factory/.proftpd.new/proftpd.changes 2014-09-03 20:48:29.0 +0200 @@ -1,0 +2,25 @@ +Mon Sep 1 22:04:02 UTC 2014 - andreas.stie...@gmx.de + +- ProFTPD 1.3.5 + * Added support for SHA-256, SHA-512 password hashes to the ftpasswd tool + * New Modules +mod_geoip, mod_log_forensic, mod_rlimit, mod_snmp, mod_dnsbl + * mod_sftp now supports ECC, ECDSA, ECDH + * Improved FIPS support in mod_sftp. + * mod_sftp module now honors the MaxStoreFileSize directive. + * Many new and changed configuration directives +- update proftpd-no_BuildDate.patch + +--- +Mon Sep 1 19:00:57 UTC 2014 - andreas.stie...@gmx.de + +- proftpd 1.3.4e: + Multiple other backported fix from the 1.3.5 branch. + See http://www.proftpd.org/docs/NEWS-1.3.4e +- The fix for the mod_sftp/mod_sftp_pam memory allocation + (CVE-2013-4359) contained in this release was previously patched + into the package. +- adjust proftpd-no_BuildDate.patch for context changes +- remove proftpd-sftp-kbdint-max-responses-bug3973.patch, upstream + +--- Old: proftpd-1.3.4d.tar.gz proftpd-1.3.4d.tar.gz.asc proftpd-sftp-kbdint-max-responses-bug3973.patch New: proftpd-1.3.5.tar.gz proftpd-1.3.5.tar.gz.asc Other differences: -- ++ proftpd.spec ++ --- /var/tmp/diff_new_pack.by2cy6/_old 2014-09-03 20:48:32.0 +0200 +++ /var/tmp/diff_new_pack.by2cy6/_new 2014-09-03 20:48:32.0 +0200 @@ -22,7 +22,7 @@ Group: Productivity/Networking/Ftp/Servers # Please save your time and do not update to "rc" versions. # We only accept updates for "STABLE" Versions -Version:1.3.4d +Version:1.3.5 Release:0 Url:http://www.proftpd.org/ Source0:ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz @@ -42,14 +42,13 @@ Patch103: %{name}-strip.patch #PATCH-FIX-openSUSE: file-contains-date-and-time Patch104: %{name}-no_BuildDate.patch -# PATCH-FIX-upstream: sftp-kbdint-max-responses-bug3973 -Patch105: %{name}-sftp-kbdint-max-responses-bug3973.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: gpg-offline BuildRequires: krb5-devel BuildRequires: libacl-devel BuildRequires: libattr-devel #BuildRequires: libmemcached-devel +BuildRequires: libGeoIP-devel BuildRequires: mysql-devel BuildRequires: ncurses-devel BuildRequires: openldap2-devel @@ -142,8 +141,7 @@ %patch101 %patch102 %patch103 -%patch104 -%patch105 +%patch104 -p1 %build rm contrib/mod_wrap.c @@ -260,7 +258,7 @@ %files -f %{name}.lang %endif %defattr(-,root,root,-) -%doc COPYING CREDITS ChangeLog INSTALL NEWS README* RELEASE_NOTES +%doc COPYING CREDITS ChangeLog NEWS README* RELEASE_NOTES %doc contrib/README.* #%doc contrib/xferstats.holger-preiss* #%doc contrib/ftpasswd contrib/ftpquota @@ -270,6 +268,7 @@ %config(noreplace) %attr(0644,root,ftp) %{_sysconfdir}/%{name}/auth/passwd %dir %attr(0755,root,root) %{_sysconfdir}/%{name}/conf.d %config(noreplace) %attr(0640,root,root) %{_sysconfdir}/%{name}/%{name}.conf +%{_sysconfdir}/%{name}/PROFTPD-MIB.txt %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %config(noreplace) %{_sysconfdir}/pam.d/%{name} %config(noreplace) %{_sysconfdir}/xinetd.d/%{name} ++ proftpd-1.3.4d.tar.gz -> proftpd-1.3.5.tar.gz ++ /work/SRC/openSUSE:Factory/proftpd/proftpd-1.3.4d.tar.gz /work/SRC/openSUSE:Factory/.proftpd.new/proftpd-1.3.5.tar.gz differ: char 5, line 1 ++ proftpd-no_BuildDate.patch ++ --- /var/tmp/diff_new_pack.by2cy6/_old 2014-09-03 20:48:32.0 +0200 +++ /var/tmp/diff_new_pack.by2cy6/_new 2014-09-03 20:48:32.0 +0200 @@ -1,38 +1,14 @@ -Index: src/main.c +--- + Makefile.in | 14 ++ + contrib/mod_snmp/db.c |2 +- + include/version.h |2 -- + src/main.c|6 ++ + 4 files changed, 9 insertions(+), 15 deletions(-) + +Index: proftpd-1.3.5/Makefile.in === src/main.c.orig -+++ src/main.c -@@ -2703,8 +2703,8 @@ static void standalone_main(void) { - - init_bindings(); - -- pr_log_pri(PR_LOG_NOTICE, "ProFTPD %s (built %s) standalone mode STARTUP", --PROFTPD_VERSION_TEXT " " PR_STATUS, BUILD_STAMP);
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2014-03-26 16:41:44 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new (New) Package is "proftpd" Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2014-03-18 14:52:08.0 +0100 +++ /work/SRC/openSUSE:Factory/.proftpd.new/proftpd.changes 2014-03-26 16:41:45.0 +0100 @@ -1,0 +2,7 @@ +Tue Mar 25 19:56:04 UTC 2014 - crrodrig...@opensuse.org + +- Remove tcpd-devel from buildRequires and mod_wrap. + support for tcp_wrappers style /etc/hosts.* is provided + by mod_wrap2_file instead, the latter does not require tcpd. + +--- Other differences: -- ++ proftpd.spec ++ --- /var/tmp/diff_new_pack.Uqwkqc/_old 2014-03-26 16:41:46.0 +0100 +++ /var/tmp/diff_new_pack.Uqwkqc/_new 2014-03-26 16:41:46.0 +0100 @@ -58,7 +58,6 @@ BuildRequires: pkg-config BuildRequires: postgresql-devel BuildRequires: sqlite3-devel -BuildRequires: tcpd-devel BuildRequires: unixODBC-devel Requires: logrotate @@ -147,6 +146,7 @@ %patch105 %build +rm contrib/mod_wrap.c PROFTPD_SHARED_MODS="$(for spec_mod in $(find contrib -name mod_\*.c); do echo "$(basename ${spec_mod%%.c})"; done | tr '\n' ':' | sed -e 's|:$||')" export CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -DLDAP_DEPRECATED" export CXXFLAGS="$CFLAGS" -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2014-03-18 14:52:07 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new (New) Package is "proftpd" Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2013-10-04 10:27:41.0 +0200 +++ /work/SRC/openSUSE:Factory/.proftpd.new/proftpd.changes 2014-03-18 14:52:08.0 +0100 @@ -1,0 +2,8 @@ +Mon Mar 17 18:38:53 UTC 2014 - ch...@computersalat.de + +- fix for bnc#844183 + * proftpd fails to start due to missing /run/proftpd +- add own tmpfiles.d file + * proftpd.tmpfile + +--- New: proftpd.tmpfile Other differences: -- ++ proftpd.spec ++ --- /var/tmp/diff_new_pack.viCweD/_old 2014-03-18 14:52:09.0 +0100 +++ /var/tmp/diff_new_pack.viCweD/_new 2014-03-18 14:52:09.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package proftpd # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -30,6 +30,7 @@ Source11: %{name}.init Source12: %{name}.passwd Source13: %{name}.service +Source14: %{name}.tmpfile Source15: %{name}.keyring #PATCH-FIX-openSUSE: pam, logrotate, xinet Patch100: %{name}-dist.patch @@ -194,8 +195,8 @@ %if 0%{?has_systemd} %{__install} -D -m 0644 %{S:13} %{buildroot}%{_unitdir}/%{name}.service -# systemd need to create a tmp dir: /var/run/proftpd -install -D -m 0644 contrib/dist/rpm/proftpd-tmpfs.conf %{buildroot}%{_prefix}/lib/tmpfiles.d/proftpd.conf +# systemd need to create a tmp dir: /run/proftpd +%{__install} -D -m 0644 %{S:14} %{buildroot}%{_prefix}/lib/tmpfiles.d/%{name}.conf %endif %find_lang %{name} @@ -219,14 +220,13 @@ %post # on `rpm -ivh` PARAM is 1 # on `rpm -Uvh` PARAM is 2 -#if [ "$1" = "1" ]; then -# #%{__sed} -i "s,\(.*disable.*=\ \)no,\1yes," %{_sysconfdir}/xinetd.d/%{name} -# %{__sed} -i -e "s/@HOST@/$(hostname -s)/" %{_sysconfdir}/%{name}/%{name}.conf -#fi -%{fillup_and_insserv -f proftpd} - %if 0%{?has_systemd} %service_add_post %{name}.service + +%{__install} -d /run/%{name} +%else +%{fillup_and_insserv -f proftpd} +%{__install} -d %{_localstatedir}/run/%{name} %endif %postun @@ -277,9 +277,6 @@ %config(noreplace) %{_sysconfdir}/%{name}/dhparams.pem %{_sysconfdir}/init.d/%{name} %dir %attr(0750,ftp,ftp) %{_localstatedir}/log/%{name} -%if ! 0%{?has_systemd} -%ghost %{_localstatedir}/run/%{name} -%endif %{_sbindir}/* %{_mandir}/man?/* %dir %attr(0755,root,root) %{_libdir}/%{name}/ @@ -291,7 +288,8 @@ %exclude %{_libdir}/%{name}/mod_sql_sqlite.so %if 0%{?has_systemd} %{_unitdir}/%{name}.service -%{_prefix}/lib/tmpfiles.d/proftpd.conf +%{_prefix}/lib/tmpfiles.d/%{name}.conf +%ghost %dir /run/%{name} %endif %files devel ++ proftpd.tmpfile ++ # proFTPD needs a DIR d /run/proftpd 0755 root root - -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2013-10-04 10:27:40 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new (New) Package is "proftpd" Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2013-08-05 20:50:57.0 +0200 +++ /work/SRC/openSUSE:Factory/.proftpd.new/proftpd.changes 2013-10-04 10:27:41.0 +0200 @@ -1,0 +2,10 @@ +Thu Oct 3 20:48:44 UTC 2013 - ch...@computersalat.de + +- update to 1.3.4d + * Fixed broken build when using --disable-ipv6 configure option + * Fixed mod_sql "SQLAuthType Backend" MySQL issues +- fix for bnc#843444 (CVE-2013-4359) + * http://bugs.proftpd.org/show_bug.cgi?id=3973 + * add proftpd-sftp-kbdint-max-responses-bug3973.patch + +--- Old: proftpd-1.3.4c.tar.gz proftpd-1.3.4c.tar.gz.asc New: proftpd-1.3.4d.tar.gz proftpd-1.3.4d.tar.gz.asc proftpd-sftp-kbdint-max-responses-bug3973.patch Other differences: -- ++ proftpd.spec ++ --- /var/tmp/diff_new_pack.VOKOf7/_old 2013-10-04 10:27:42.0 +0200 +++ /var/tmp/diff_new_pack.VOKOf7/_new 2013-10-04 10:27:42.0 +0200 @@ -22,7 +22,7 @@ Group: Productivity/Networking/Ftp/Servers # Please save your time and do not update to "rc" versions. # We only accept updates for "STABLE" Versions -Version:1.3.4c +Version:1.3.4d Release:0 Url:http://www.proftpd.org/ Source0:ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz @@ -41,6 +41,8 @@ Patch103: %{name}-strip.patch #PATCH-FIX-openSUSE: file-contains-date-and-time Patch104: %{name}-no_BuildDate.patch +# PATCH-FIX-upstream: sftp-kbdint-max-responses-bug3973 +Patch105: %{name}-sftp-kbdint-max-responses-bug3973.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: gpg-offline BuildRequires: krb5-devel @@ -141,6 +143,7 @@ %patch102 %patch103 %patch104 +%patch105 %build PROFTPD_SHARED_MODS="$(for spec_mod in $(find contrib -name mod_\*.c); do echo "$(basename ${spec_mod%%.c})"; done | tr '\n' ':' | sed -e 's|:$||')" ++ proftpd-1.3.4c.tar.gz -> proftpd-1.3.4d.tar.gz ++ /work/SRC/openSUSE:Factory/proftpd/proftpd-1.3.4c.tar.gz /work/SRC/openSUSE:Factory/.proftpd.new/proftpd-1.3.4d.tar.gz differ: char 5, line 1 ++ proftpd-no_BuildDate.patch ++ --- /var/tmp/diff_new_pack.VOKOf7/_old 2013-10-04 10:27:42.0 +0200 +++ /var/tmp/diff_new_pack.VOKOf7/_new 2013-10-04 10:27:42.0 +0200 @@ -76,5 +76,5 @@ -#include "buildstamp.h" - /* Application version (in various forms) */ - #define PROFTPD_VERSION_NUMBER0x0001030407 - #define PROFTPD_VERSION_TEXT "1.3.4c" + #define PROFTPD_VERSION_NUMBER0x0001030408 + #define PROFTPD_VERSION_TEXT "1.3.4d" ++ proftpd-sftp-kbdint-max-responses-bug3973.patch ++ Index: contrib/mod_sftp_pam.c === --- contrib/mod_sftp_pam.c.orig +++ contrib/mod_sftp_pam.c @@ -197,22 +197,13 @@ static int sftppam_converse(int nmsgs, P return PAM_CONV_ERR; } - if (sftp_kbdint_recv_response(sftppam_driver.driver_pool, &recvd_count, - &recvd_responses) < 0) { + if (sftp_kbdint_recv_response(sftppam_driver.driver_pool, list->nelts, + &recvd_count, &recvd_responses) < 0) { pr_trace_msg(trace_channel, 3, "error receiving keyboard-interactive responses: %s", strerror(errno)); return PAM_CONV_ERR; } - /* Make sure that the count of responses matches the challenge count. */ - if (recvd_count != list->nelts) { -(void) pr_log_writefile(sftp_logfd, MOD_SFTP_PAM_VERSION, - "sent %d %s, but received %u %s", nmsgs, - list->nelts != 1 ? "challenges" : "challenge", recvd_count, - recvd_count != 1 ? "responses" : "response"); -return PAM_CONV_ERR; - } - res = calloc(nmsgs, sizeof(struct pam_response)); if (res == NULL) { pr_log_pri(PR_LOG_CRIT, "Out of memory!"); Index: contrib/mod_sftp/kbdint.c === --- contrib/mod_sftp/kbdint.c.orig +++ contrib/mod_sftp/kbdint.c @@ -1,6 +1,6 @@ /* * ProFTPD - mod_sftp keyboard-interactive driver mgmt - * Copyright (c) 2008-2009 TJ Saunders + * Copyright (c) 2008-2013 TJ Saunders * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -31,6 +31,8 @@ #include "utf8.h" #include "kbdint.h" +#define SFTP_KBDINT_MAX_RESPONSES 500 + struct kbdint_driver { st
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2013-08-05 20:50:56 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new (New) Package is "proftpd" Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2013-05-02 11:31:49.0 +0200 +++ /work/SRC/openSUSE:Factory/.proftpd.new/proftpd.changes 2013-08-05 20:50:57.0 +0200 @@ -1,0 +2,7 @@ +Mon Jul 29 01:12:53 UTC 2013 - crrodrig...@opensuse.org + +- Improve systemd service file +- use upstream tmpfiles.d file. related to [bnc#811793] +- Use /run instead of /var/run + +--- Old: proftpd.conf.tmpfile Other differences: -- ++ proftpd.spec ++ --- /var/tmp/diff_new_pack.DOj92o/_old 2013-08-05 20:50:58.0 +0200 +++ /var/tmp/diff_new_pack.DOj92o/_new 2013-08-05 20:50:58.0 +0200 @@ -30,7 +30,6 @@ Source11: %{name}.init Source12: %{name}.passwd Source13: %{name}.service -Source14: %{name}.conf.tmpfile Source15: %{name}.keyring #PATCH-FIX-openSUSE: pam, logrotate, xinet Patch100: %{name}-dist.patch @@ -151,7 +150,11 @@ --bindir=%{_sbindir} \ --libexecdir=%{_libdir}/%{name} \ --sysconfdir=%{_sysconfdir}/%{name} \ +%if 0%{?has_systemd} +--localstatedir=/run/%{name} \ +%else --localstatedir=%{_localstatedir}/run/%{name} \ +%endif --enable-sendfile \ --enable-ctrls \ --enable-dso \ @@ -189,7 +192,7 @@ %if 0%{?has_systemd} %{__install} -D -m 0644 %{S:13} %{buildroot}%{_unitdir}/%{name}.service # systemd need to create a tmp dir: /var/run/proftpd -%{__install} -D -m 0644 %{S:14} %{buildroot}%{_sysconfdir}/tmpfiles.d/%{name}.conf +install -D -m 0644 contrib/dist/rpm/proftpd-tmpfs.conf %{buildroot}%{_prefix}/lib/tmpfiles.d/proftpd.conf %endif %find_lang %{name} @@ -271,7 +274,9 @@ %config(noreplace) %{_sysconfdir}/%{name}/dhparams.pem %{_sysconfdir}/init.d/%{name} %dir %attr(0750,ftp,ftp) %{_localstatedir}/log/%{name} +%if ! 0%{?has_systemd} %ghost %{_localstatedir}/run/%{name} +%endif %{_sbindir}/* %{_mandir}/man?/* %dir %attr(0755,root,root) %{_libdir}/%{name}/ @@ -283,7 +288,7 @@ %exclude %{_libdir}/%{name}/mod_sql_sqlite.so %if 0%{?has_systemd} %{_unitdir}/%{name}.service -%config %{_sysconfdir}/tmpfiles.d/%{name}.conf +%{_prefix}/lib/tmpfiles.d/proftpd.conf %endif %files devel ++ proftpd.service ++ --- /var/tmp/diff_new_pack.DOj92o/_old 2013-08-05 20:50:58.0 +0200 +++ /var/tmp/diff_new_pack.DOj92o/_new 2013-08-05 20:50:58.0 +0200 @@ -1,6 +1,6 @@ [Unit] Description=ProFTPd FTP server -After=network.target remote-fs.target +After=systemd-user-sessions.service network.target nss-lookup.target local-fs.target remote-fs.target [Service] ExecStart=/usr/sbin/proftpd --nodaemon -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2013-05-02 11:31:47 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new (New) Package is "proftpd" Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2012-12-21 14:57:01.0 +0100 +++ /work/SRC/openSUSE:Factory/.proftpd.new/proftpd.changes 2013-05-02 11:31:49.0 +0200 @@ -1,0 +2,22 @@ +Wed May 1 20:35:19 UTC 2013 - ch...@computersalat.de + +- update to 1.3.4c + * Added Spanish translation. + * Fixed several mod_sftp issues, including SFTPPassPhraseProvider, +handling of symlinks for REALPATH requests, and response code logging. + * Fixed symlink race for creating directories when UserOwner is in effect. + * Increased performance of FTP directory listings. +- rebase and rename patches (remove version string) + * proftpd-1.3.4a-dist.patch -> proftpd-dist.patch + * proftpd-1.3.4a-ftpasswd.patch -> proftpd-ftpasswd.patch + * proftpd-1.3.4a-strip.patch -> proftpd-strip.patch + +--- +Fri Feb 8 00:19:19 UTC 2013 - ch...@computersalat.de + +- fix proftpd.conf (rebase basic.conf patch) + * IdentLookups is now a seperate module + IdentLookups on/off +is needed and module is not built cause crrodriguez disabled it. + +--- Old: proftpd-1.3.4a-basic.conf.patch proftpd-1.3.4a-dist.patch proftpd-1.3.4a-ftpasswd.patch proftpd-1.3.4a-strip.patch proftpd-1.3.4b.tar.gz proftpd-1.3.4b.tar.gz.asc New: proftpd-1.3.4c.tar.gz proftpd-1.3.4c.tar.gz.asc proftpd-basic.conf.patch proftpd-dist.patch proftpd-ftpasswd.patch proftpd-strip.patch Other differences: -- ++ proftpd.spec ++ --- /var/tmp/diff_new_pack.uTzSSn/_old 2013-05-02 11:31:52.0 +0200 +++ /var/tmp/diff_new_pack.uTzSSn/_new 2013-05-02 11:31:52.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package proftpd # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ Group: Productivity/Networking/Ftp/Servers # Please save your time and do not update to "rc" versions. # We only accept updates for "STABLE" Versions -Version:1.3.4b +Version:1.3.4c Release:0 Url:http://www.proftpd.org/ Source0:ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz @@ -33,13 +33,13 @@ Source14: %{name}.conf.tmpfile Source15: %{name}.keyring #PATCH-FIX-openSUSE: pam, logrotate, xinet -Patch100: %{name}-1.3.4a-dist.patch +Patch100: %{name}-dist.patch #PATCH-FIX-openSUSE: provide a useful default config -Patch101: %{name}-1.3.4a-basic.conf.patch +Patch101: %{name}-basic.conf.patch #PATCH-FIX: provide more info on usage ;) -Patch102: %{name}-1.3.4a-ftpasswd.patch +Patch102: %{name}-ftpasswd.patch #PATCH-FIX: fix strip -Patch103: %{name}-1.3.4a-strip.patch +Patch103: %{name}-strip.patch #PATCH-FIX-openSUSE: file-contains-date-and-time Patch104: %{name}-no_BuildDate.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build ++ proftpd-1.3.4b.tar.gz -> proftpd-1.3.4c.tar.gz ++ /work/SRC/openSUSE:Factory/proftpd/proftpd-1.3.4b.tar.gz /work/SRC/openSUSE:Factory/.proftpd.new/proftpd-1.3.4c.tar.gz differ: char 5, line 1 ++ proftpd-basic.conf.patch ++ Index: sample-configurations/basic.conf === --- sample-configurations/basic.conf.orig +++ sample-configurations/basic.conf @@ -3,19 +3,29 @@ # and a single anonymous login. It assumes that you have a user/group # "nobody" and "ftp" for normal operation and anon. -ServerName "ProFTPD Default Installation" -ServerType standalone -DefaultServer on +ServerName "ProFTPD" +ServerType standalone +DefaultServer on # Port 21 is the standard FTP port. -Port 21 +Port 21 + +# FireWall PortRange for PASV +PassivePorts 4 40999 + +# Set DebugLevel to values between 0 and 9 +# default is 0 +DebugLevel 0 + +# SystemLog -- Redirect syslogging to a file +SystemLog /var/log/proftpd/proftpd.log # Don't use IPv6 support by default. -UseIPv6off +UseIPv6
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2012-12-21 14:57:00 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new (New) Package is "proftpd", Maintainer is "" Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2012-09-01 21:58:21.0 +0200 +++ /work/SRC/openSUSE:Factory/.proftpd.new/proftpd.changes 2012-12-21 14:57:01.0 +0100 @@ -1,0 +2,12 @@ +Thu Nov 29 19:03:00 CET 2012 - sbra...@suse.cz + +- Verify GPG signature. + +--- +Fri Nov 2 15:15:25 UTC 2012 - ch...@computersalat.de + +- fix for bnc#787884 + (https://bugzilla.novell.com/show_bug.cgi?id=787884) + * added extra Source proftpd.conf.tmpfile + +--- New: proftpd.conf.tmpfile proftpd.keyring Other differences: -- ++ proftpd.spec ++ --- /var/tmp/diff_new_pack.tXpBCB/_old 2012-12-21 14:57:03.0 +0100 +++ /var/tmp/diff_new_pack.tXpBCB/_new 2012-12-21 14:57:03.0 +0100 @@ -30,6 +30,8 @@ Source11: %{name}.init Source12: %{name}.passwd Source13: %{name}.service +Source14: %{name}.conf.tmpfile +Source15: %{name}.keyring #PATCH-FIX-openSUSE: pam, logrotate, xinet Patch100: %{name}-1.3.4a-dist.patch #PATCH-FIX-openSUSE: provide a useful default config @@ -41,6 +43,7 @@ #PATCH-FIX-openSUSE: file-contains-date-and-time Patch104: %{name}-no_BuildDate.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: gpg-offline BuildRequires: krb5-devel BuildRequires: libacl-devel BuildRequires: libattr-devel @@ -131,6 +134,7 @@ Here are Documentation for ProFTPD %prep +%gpg_verify %{S:1} %setup -q %{__rm} README.AIX %patch100 @@ -184,6 +188,8 @@ %if 0%{?has_systemd} %{__install} -D -m 0644 %{S:13} %{buildroot}%{_unitdir}/%{name}.service +# systemd need to create a tmp dir: /var/run/proftpd +%{__install} -D -m 0644 %{S:14} %{buildroot}%{_sysconfdir}/tmpfiles.d/%{name}.conf %endif %find_lang %{name} @@ -277,6 +283,7 @@ %exclude %{_libdir}/%{name}/mod_sql_sqlite.so %if 0%{?has_systemd} %{_unitdir}/%{name}.service +%config %{_sysconfdir}/tmpfiles.d/%{name}.conf %endif %files devel ++ proftpd.conf.tmpfile ++ d /var/run/proftpd0755 root root ~ - ++ proftpd.keyring ++ pub 1024D/A511976A 2002-05-12 uid TJ Saunders sub 2048g/8C26F9DE 2002-05-12 -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v2.0.19 (GNU/Linux) mQGiBDze4PkRBADtl8nbLuIgZkIdl6fUj9/LOBXGrtP5B8cTgDjBlURronHtLzkQ oHqNS8zmh5gmg8F6EMnCy6tqTGlQ3OylhY2u8fBUFJZk0RpaGYka0SI+hkNn/Hmu GLXs4+5RKIuL1lp1DFv2L2S+Qp3xFs0vYJsrdi7nRhM1/LqN9S0pr2/i9QCg/5bD AMS9qiVZvd7E0464cWWUXDsD/2z7fwPUFD23bHGSpifSl8jOqUuOWf5lhJqXLpHZ TnSsO+rOi5dXdB1fPwgvwFnv7akFStTpXaRq1XdB33/QTwWNO3DBXKe8VkBivXTY nWHLiktQwoY06Ws6r2cYxfgRhoHBSQFR/e1OhURaV8d0nSZsISrUyOREAYFUZT0L s0jHBADcNSLHoehRf69mBEh3SMk+hiNse8r0VTcE6aJ5AISE6famDQw9cQh8gdmf R5LrN/QbF4qQ2jWrfzhkVB6oslyghk3KCncFMnmT/4QpPVfSeTon3yM0Sz9Gtr2Q YRp6Qhy7RgnoJ35bMaleww18WKOJtS840PRikboy5XFXt14gvbQeVEogU2F1bmRl cnMgPHRqQGNhc3RhZ2xpYS5vcmc+iFYEEBECAA4FAjze4PkECwMBAgIZAQASCRC3 jok/pRGXagdlR1BHAAEB4EMAoL0MfmR26WnBxfQAUFD1bMnSO95EAKC1jnqqe9Xq TPTsGWOZwNGc13nTmLkCDQQ83uD7EAgA9kJXtwh/CBdyorrWqULzBej5UxE5T7bx brlLOCDaAadWoxTpj0BV89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJP PT2N286Z4VeSWc39uK50T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrU GvC/RgBYK+X0iP1YTknbzSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVb GI2Ou1WMuF040zT9fBdXQ6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcp esqVDNmWn6vQClCbAkbTCD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwACAgf+ORAr y8LE18PVKiJk9/bpZ+LzSQ/kgNKDjqRsqT8HOFjToIpbbY1lOBErEr7OedJGK3ra g1q8vD+kNK4MZdNcEeIcaMG7TnArOJ4zNZzKBQQzZp8hdv8heirfhJtb5MdFO2MI N2+I9OoeUXNX1GVxYQJkuHpvsbqbZ6P2bRYwPUmnSAy6y2yy3ZmTZDD6ItaUaTIA JbT8myTljeO4vz80nWldpUZfVtwkCRczjL7GYvwGbg1DZ45ND1pq9Kp5jqybevYw d2a/7es+PgWQxy6qRFW3j95lm9Dd7ha29trziinxZ5GevUgyPIcs5SCQUG+cb5Yb VUpLxGrHLKoW/mdBCYhOBBgRAgAGBQI83uD7ABIJELeOiT+lEZdqB2VHUEcAAQE1 CwCdGzQx8HHoe2O+tc3ymntAdNl7kLYAoNN0gN75bS/ZWBrKrLR0ne6JAdkO =X5Db -END PGP PUBLIC KEY BLOCK- -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2012-09-01 21:58:19 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new (New) Package is "proftpd", Maintainer is "" Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2012-08-15 11:20:40.0 +0200 +++ /work/SRC/openSUSE:Factory/.proftpd.new/proftpd.changes 2012-09-01 21:58:21.0 +0200 @@ -1,0 +2,12 @@ +Thu Aug 30 17:33:30 UTC 2012 - crrodrig...@opensuse.org + +- Disable ident lookups, this protocol is totally obsolete + and dangerous. (add --disable-ident) +- Fix debug info generation ( add --disable-strip) + +--- +Wed Aug 29 21:51:49 UTC 2012 - crrodrig...@opensuse.org + +- Add systemd unit + +--- New: proftpd.service Other differences: -- ++ proftpd.spec ++ --- /var/tmp/diff_new_pack.iwwArm/_old 2012-09-01 21:58:22.0 +0200 +++ /var/tmp/diff_new_pack.iwwArm/_new 2012-09-01 21:58:22.0 +0200 @@ -29,6 +29,7 @@ Source1: ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz.asc Source11: %{name}.init Source12: %{name}.passwd +Source13: %{name}.service #PATCH-FIX-openSUSE: pam, logrotate, xinet Patch100: %{name}-1.3.4a-dist.patch #PATCH-FIX-openSUSE: provide a useful default config @@ -60,6 +61,12 @@ Recommends: %{name}-lang %endif +%if 0%{?suse_version} >= 1210 +BuildRequires: systemd +%{?systemd_requires} +%define has_systemd 1 +%endif + %description ProFTPD is a highly configurable FTP daemon for Unix and Unix-like operating systems. See the README.ports file for more details about @@ -134,9 +141,9 @@ %build PROFTPD_SHARED_MODS="$(for spec_mod in $(find contrib -name mod_\*.c); do echo "$(basename ${spec_mod%%.c})"; done | tr '\n' ':' | sed -e 's|:$||')" -export CFLAGS="$RPM_OPT_FLAGS -DLDAP_DEPRECATED" +export CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -DLDAP_DEPRECATED" export CXXFLAGS="$CFLAGS" -%configure \ +%configure --disable-static --with-pic \ --bindir=%{_sbindir} \ --libexecdir=%{_libdir}/%{name} \ --sysconfdir=%{_sysconfdir}/%{name} \ @@ -150,7 +157,9 @@ --enable-openssl \ --with-lastlog \ --with-includes="%{_includedir}/mysql:%{_includedir}/pgsql" \ ---with-shared="${PROFTPD_SHARED_MODS}" +--with-shared="${PROFTPD_SHARED_MODS}" \ +--disable-ident \ +--disable-strip #--enable-memcache \ %{__make} %{?_smp_mflags} @@ -173,17 +182,28 @@ %{__install} -m 0644 %{S:12} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/auth/passwd %{__install} -d -m 0750 $RPM_BUILD_ROOT/var/log/%{name} +%if 0%{?has_systemd} +%{__install} -D -m 0644 %{S:13} %{buildroot}%{_unitdir}/%{name}.service +%endif + %find_lang %{name} %pre # on `rpm -ivh` PARAM is 1 # on `rpm -Uvh` PARAM is 2 #if [ "$1" = "1" ]; then +%if 0%{?has_systemd} +%service_add_pre %{name}.service +%endif %preun # on `rpm -e` PARAM is 0 %stop_on_removal proftpd +%if 0%{?has_systemd} +%service_del_preun %{name}.service +%endif + %post # on `rpm -ivh` PARAM is 1 # on `rpm -Uvh` PARAM is 2 @@ -193,6 +213,10 @@ #fi %{fillup_and_insserv -f proftpd} +%if 0%{?has_systemd} +%service_add_post %{name}.service +%endif + %postun # on `rpm -e` PARAM is 0 if [ "$1" = "0" ]; then @@ -200,6 +224,10 @@ fi %restart_on_update proftpd +%if 0%{?has_systemd} +%service_del_postun %{name}.service +%endif + %clean %{__rm} -rf %{buildroot} @@ -247,6 +275,9 @@ %exclude %{_libdir}/%{name}/mod_sql_postgres.so %exclude %{_libdir}/%{name}/mod_radius.so %exclude %{_libdir}/%{name}/mod_sql_sqlite.so +%if 0%{?has_systemd} +%{_unitdir}/%{name}.service +%endif %files devel %defattr(-,root,root,-) ++ proftpd.service ++ [Unit] Description=ProFTPd FTP server After=network.target remote-fs.target [Service] ExecStart=/usr/sbin/proftpd --nodaemon ExecReload=/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2012-08-15 11:20:38 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new (New) Package is "proftpd", Maintainer is "" Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2012-02-10 17:19:01.0 +0100 +++ /work/SRC/openSUSE:Factory/.proftpd.new/proftpd.changes 2012-08-15 11:20:40.0 +0200 @@ -1,0 +2,16 @@ +Tue Aug 14 11:11:28 UTC 2012 - ch...@computersalat.de + +- update to 1.3.4b + + Fixed mod_ldap segfault on login when LDAPUsers with no filters used. + + Fixed sporadic SFTP upload issues for large files. + + Fixed SSH2 handling for some clients (e.g. OpenVMS). + + New FactsOptions directive; see doc/modules/mod_facts.html#FactsOptions + + Fixed build errors on Tru64, AIX, Cygwin. +- add Source Signatuire (.asc) file +- add noBuildDate patch +- add lang pkg + * --enable-nls +- add configure option + * --enable-openssl, --with-lastlog + +--- Old: proftpd-1.3.4a.tar.bz2 New: proftpd-1.3.4b.tar.gz proftpd-1.3.4b.tar.gz.asc proftpd-no_BuildDate.patch Other differences: -- ++ proftpd.spec ++ --- /var/tmp/diff_new_pack.VS7E64/_old 2012-08-15 11:20:42.0 +0200 +++ /var/tmp/diff_new_pack.VS7E64/_new 2012-08-15 11:20:42.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package proftpd # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,18 +15,20 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + Name: proftpd Summary:Highly configurable GPL-licensed FTP server software License:GPL-2.0+ Group: Productivity/Networking/Ftp/Servers # Please save your time and do not update to "rc" versions. # We only accept updates for "STABLE" Versions -Version:1.3.4a +Version:1.3.4b Release:0 Url:http://www.proftpd.org/ -Source: ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.bz2 -Source1:%{name}.init -Source2:%{name}.passwd +Source0:ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz +Source1: ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz.asc +Source11: %{name}.init +Source12: %{name}.passwd #PATCH-FIX-openSUSE: pam, logrotate, xinet Patch100: %{name}-1.3.4a-dist.patch #PATCH-FIX-openSUSE: provide a useful default config @@ -35,10 +37,13 @@ Patch102: %{name}-1.3.4a-ftpasswd.patch #PATCH-FIX: fix strip Patch103: %{name}-1.3.4a-strip.patch +#PATCH-FIX-openSUSE: file-contains-date-and-time +Patch104: %{name}-no_BuildDate.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: krb5-devel BuildRequires: libacl-devel BuildRequires: libattr-devel +#BuildRequires: libmemcached-devel BuildRequires: mysql-devel BuildRequires: ncurses-devel BuildRequires: openldap2-devel @@ -51,11 +56,25 @@ BuildRequires: unixODBC-devel Requires: logrotate +%if 0%{?lang_package:1} > 0 +Recommends: %{name}-lang +%endif + %description ProFTPD is a highly configurable FTP daemon for Unix and Unix-like operating systems. See the README.ports file for more details about the platforms on which ProFTPD in known or thought to build and run. +%{?lang_package} + +%package devel +Summary:Development files for ProFTPD +Group: Development/Libraries/C and C++ +Requires: %{name} = %{version} + +%description devel +This package contains Development files for ProFTPD + %package ldap Summary:LDAP Module for ProFTPD Group: Productivity/Networking/Ftp/Servers @@ -96,14 +115,6 @@ %description sqlite This is the SQLite Module for ProFTPD -%package devel -Summary:Development files for ProFTPD -Group: Development/Libraries/C and C++ -Requires: %{name} = %{version} - -%description devel -This package contains Development files for ProFTPD - %package doc Summary:Documentation for ProFTPD Group: Documentation/HTML @@ -119,6 +130,7 @@ %patch101 %patch102 %patch103 +%patch104 %build PROFTPD_SHARED_MODS="$(for spec_mod in $(find contrib -name mod_\*.c); do echo "$(basename ${spec_mod%%.c})"; done | tr '\n' ':' | sed -e 's|:$||')" @@ -130,13 +142,17 @@ --sysconfdir=%{_sysconfdir}/%{name} \ --localstatedir=%{_localstatedir}/run/%{nam
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2012-02-10 17:18:57 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new (New) Package is "proftpd", Maintainer is "" Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2011-11-14 14:41:15.0 +0100 +++ /work/SRC/openSUSE:Factory/.proftpd.new/proftpd.changes 2012-02-10 17:19:01.0 +0100 @@ -1,0 +2,25 @@ +Mon Dec 12 15:00:18 UTC 2011 - ch...@computersalat.de + +- update to 1.3.4a + + Fixed mod_load/mod_wrap2 build issues. +- 1.3.4 + + New "NoEmptyFragments" TLSOption added; see the TLSOptions documentation +for details. + + Improved configure script for cross-compiling. + + Reworked the proftpd.spec RPM file + + Fixed mod_sql_mysql "Alarm clock" bug on FreeBSD. + + New "IgnoreSFTPSetTimes" SFTPOption added; see the SFTPOptions +documentation for details. + + Fixed response pool use-after-free issue. +- for more info please see the RELEASE_NOTES file +- reworked patches + * now p0 patches + +--- +Fri Nov 18 14:56:41 UTC 2011 - ch...@computersalat.de + +- fix for bnc#731347 + * no (hostname -s) in post section + * reworked basic conf patch + +--- Old: proftpd-1.3.1-ftpasswd.patch proftpd-1.3.2a-basic.conf.patch proftpd-1.3.3-dist.patch proftpd-1.3.3-strip.patch proftpd-1.3.3g.tar.bz2 New: proftpd-1.3.4a-basic.conf.patch proftpd-1.3.4a-dist.patch proftpd-1.3.4a-ftpasswd.patch proftpd-1.3.4a-strip.patch proftpd-1.3.4a.tar.bz2 Other differences: -- ++ proftpd.spec ++ --- /var/tmp/diff_new_pack.HHpBgs/_old 2012-02-10 17:19:02.0 +0100 +++ /var/tmp/diff_new_pack.HHpBgs/_new 2012-02-10 17:19:02.0 +0100 @@ -15,26 +15,26 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # - - Name: proftpd Summary:Highly configurable GPL-licensed FTP server software +License:GPL-2.0+ +Group: Productivity/Networking/Ftp/Servers # Please save your time and do not update to "rc" versions. # We only accept updates for "STABLE" Versions -Version:1.3.3g -Release:1 -License:GPLv2+ -Group: Productivity/Networking/Ftp/Servers -AutoReqProv:on +Version:1.3.4a +Release:0 Url:http://www.proftpd.org/ Source: ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.bz2 Source1:%{name}.init Source2:%{name}.passwd -#PATCH-FIX-UPSTREAM CVE-2009-3639 fix mod_tls security issue (bnc#549740) -Patch100: %{name}-1.3.3-dist.patch -Patch101: %{name}-1.3.2a-basic.conf.patch -Patch102: %{name}-1.3.1-ftpasswd.patch -Patch103: %{name}-1.3.3-strip.patch +#PATCH-FIX-openSUSE: pam, logrotate, xinet +Patch100: %{name}-1.3.4a-dist.patch +#PATCH-FIX-openSUSE: provide a useful default config +Patch101: %{name}-1.3.4a-basic.conf.patch +#PATCH-FIX: provide more info on usage ;) +Patch102: %{name}-1.3.4a-ftpasswd.patch +#PATCH-FIX: fix strip +Patch103: %{name}-1.3.4a-strip.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: krb5-devel BuildRequires: libacl-devel @@ -57,7 +57,6 @@ the platforms on which ProFTPD in known or thought to build and run. %package ldap - Summary:LDAP Module for ProFTPD Group: Productivity/Networking/Ftp/Servers Requires: %{name} = %{version} @@ -66,7 +65,6 @@ This is the LDAP Module for ProFTPD %package mysql - Summary:MySQL Module for ProFTPD Group: Productivity/Networking/Ftp/Servers Requires: %{name} = %{version} @@ -75,7 +73,6 @@ This is the MySQL Module for ProFTPD %package pgsql - Summary:PostgreSQL Module for ProFTPD Group: Productivity/Networking/Ftp/Servers Requires: %{name} = %{version} @@ -84,7 +81,6 @@ This is the PostgreSQL Module for ProFTPD %package radius - Summary:Radius Module for ProFTPD Group: Productivity/Networking/Ftp/Servers Requires: %{name} = %{version} @@ -93,7 +89,6 @@ This is the Radius Module for ProFTPD %package sqlite - Summary:SQLite Module for ProFTPD Group: Productivity/Networking/Ftp/Servers Requires: %{name} = %{version} @@ -102,7 +97,6 @@ This is the SQLite Module for ProFTPD %package devel - Summary:Development files for ProFTPD Group: Development/Libraries/C and C++ Requires: %{name} = %{version} @@ -111,7 +105,6 @@ This package contains Development files for ProFTPD %pack
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2011-11-14 14:41:12 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new (New) Package is "proftpd", Maintainer is "" Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2011-11-10 16:03:40.0 +0100 +++ /work/SRC/openSUSE:Factory/.proftpd.new/proftpd.changes 2011-11-14 14:41:15.0 +0100 @@ -1,0 +2,10 @@ +Fri Nov 11 13:13:57 UTC 2011 - ch...@computersalat.de + +- fix changelog + * RELEASE_NOTES-1.3.3g is lacking of important info +- fix for CVE-2011-4130 (bnc#729830) + * https://bugzilla.novell.com/show_bug.cgi?id=729830 +(upstream) http://bugs.proftpd.org/show_bug.cgi?id=3711 + => fixed with version 1.3.3g + +--- @@ -4,0 +15 @@ + (http://www.proftpd.org/docs/RELEASE_NOTES-1.3.3g) @@ -7,0 +19,6 @@ + (http://www.proftpd.org/docs/NEWS-1.3.3g) + - Bug 3702 - ProFTPD with mod_sql_mysql dies of "Alarm clock" on FreeBSD. + - Bug 3704 - Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST attacks. +To disable this countermeasure, which may cause interoperability issues +with some clients, use the NoEmptyFragments TLSOption. + - Bug 3711 - Response pool use-after-free memory corruption error. Other differences: -- -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2011-11-10 16:03:35 Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new (New) Package is "proftpd", Maintainer is "" Changes: --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2011-10-05 17:47:23.0 +0200 +++ /work/SRC/openSUSE:Factory/.proftpd.new/proftpd.changes 2011-11-10 16:03:40.0 +0100 @@ -1,0 +2,8 @@ +Thu Nov 10 09:39:36 UTC 2011 - ch...@computersalat.de + +- update to 1.3.3g + + New "NoEmptyFragments" TLSOption added; see the TLSOptions documentation +for details. + + Fixed mod_sql_mysql "Alarm clock" bug on FreeBSD. + +--- Old: proftpd-1.3.3f.tar.bz2 New: proftpd-1.3.3g.tar.bz2 Other differences: -- ++ proftpd.spec ++ --- /var/tmp/diff_new_pack.larYA9/_old 2011-11-10 16:03:42.0 +0100 +++ /var/tmp/diff_new_pack.larYA9/_new 2011-11-10 16:03:42.0 +0100 @@ -21,7 +21,7 @@ Summary:Highly configurable GPL-licensed FTP server software # Please save your time and do not update to "rc" versions. # We only accept updates for "STABLE" Versions -Version:1.3.3f +Version:1.3.3g Release:1 License:GPLv2+ Group: Productivity/Networking/Ftp/Servers -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at Wed Oct 5 17:47:21 CEST 2011. --- openSUSE:Factory/proftpd/proftpd.changes2011-09-23 12:41:58.0 +0200 +++ /mounts/work_src_done/STABLE/proftpd/proftpd.changes2011-10-05 00:10:05.0 +0200 @@ -1,0 +2,10 @@ +Tue Oct 4 22:03:10 UTC 2011 - ch...@computersalat.de + +- update to 1.3.3f + + Fixes segfault if mod_sql_mysql and "SQLAuthenticate groupsetfast" +configuration used. + + Fixes mod_wrap syslog level (regression from Bug#3317). + + Fixes mod_ifsession segfault if regular expression patterns used in +a section. + +--- calling whatdependson for head-i586 Old: proftpd-1.3.3e.tar.bz2 New: proftpd-1.3.3f.tar.bz2 Other differences: -- ++ proftpd.spec ++ --- /var/tmp/diff_new_pack.FhJehh/_old 2011-10-05 17:47:05.0 +0200 +++ /var/tmp/diff_new_pack.FhJehh/_new 2011-10-05 17:47:05.0 +0200 @@ -21,7 +21,7 @@ Summary:Highly configurable GPL-licensed FTP server software # Please save your time and do not update to "rc" versions. # We only accept updates for "STABLE" Versions -Version:1.3.3e +Version:1.3.3f Release:1 License:GPLv2+ Group: Productivity/Networking/Ftp/Servers ++ proftpd-1.3.3e.tar.bz2 -> proftpd-1.3.3f.tar.bz2 ++ 5410 lines of diff (skipped) continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit proftpd for openSUSE:Factory
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at Thu May 19 10:26:54 CEST 2011. New Changes file: --- /dev/null 2010-08-26 16:28:41.0 +0200 +++ /mounts/work_src_done/STABLE/proftpd/proftpd.changes2011-04-29 13:21:05.0 +0200 @@ -0,0 +1,246 @@ +--- +Fri Apr 29 11:18:55 UTC 2011 - ch...@computersalat.de + +- push to Factory + o fix changelog (not in sequence) + o fix license (GPL -> GPLv2+) + o remove Author from description + o remove obsolete extra source proftpd.conf + +--- +Fri Apr 8 22:08:55 UTC 2011 - ch...@computersalat.de + +- update to 1.3.3e + + Display messages work properly again. + + Fixes plaintext command injection vulnerability in FTPS implementation +(i.e. mod_tls). See http://bugs.proftpd.org/show_bug.cgi?id=3624 for +details. + + Fixes CVE-2011-1137 (badly formed SSH messages cause DoS). See +http://bugs.proftpd.org/show_bug.cgi?id=3586 for details. + + Performance improvements, especially during server startup/restarts. + +--- +Sun Jan 30 20:40:10 UTC 2011 - ch...@computersalat.de + +- update to 1.3.3d + + Fixed sql_prepare_where() buffer overflow (Bug#3536) + + Fixed CPU spike when handling .ftpaccess files. + + Fixed handling of SFTP uploads when compression is used. + +--- +Fri Oct 22 23:26:10 UTC 2010 - mse...@gmail.com + +- update to 1.3.3c + + Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925) + + Fixed directory traversal bug in mod_site_misc + + Fixed SQLite authentications using "SQLAuthType Backend" + +--- +Fri Oct 22 17:49:06 UTC 2010 - ch...@computersalat.de + +- clenaup spec +- fix doc pkg + o should not provide pkgconfig + +--- +Fri Oct 15 14:13:43 UTC 2010 - ch...@computersalat.de + +- update to 1.3.3b + + Fixed SFTP directory listing bug + + Avoid corrupting utmpx databases on FreeBSD + + Avoid null pointer dereferences during data transfers + + Fixed "AuthAliasOnly on" anonymous logins +- rpmlint: no-pkg-config-provides + o add BuildReq pkg-config +- removed changes from spec + +--- +Wed Jul 7 14:17:45 UTC 2010 - ch...@computersalat.de + +- update to 1.3.3a + + Added Japanese translation + + Many mod_sftp bugfixes + + Fixed SSL_shutdown() errors caused by OpenSSL 0.9.8m and later + + Fixed handling of utmp/utmpx format changes on FreeBSD +- rpmlint: self-obsoletion + +--- +Wed May 5 14:01:02 UTC 2010 - mse...@novell.com + +- fix build : dir-or-file-in-var-run badness : /var/run/proftpd dir + is marked as ghost and it is created in init script now + +--- +Fri Apr 9 15:44:32 UTC 2010 - mse...@novell.com + +- added ncurses-devel to buildrequires to fix ftptop message : "no + curses or ncurses library on this system" + +--- +Fri Feb 26 16:01:47 UTC 2010 - ch...@computersalat.de + +- added info for "STABLE" versions only + +--- +Thu Feb 25 00:14:20 UTC 2010 - ch...@computersalat.de + +- update to 1.3.3 +o Fixed mod_ban whitelisting using mod_ifsession. +o Fixed per-user/group/class "HideFiles none" configurations. + - 1.3.3rc4 +o Fixed mod_tls compilation using OpenSSL installations older + than 0.9.7. +o Fixed mod_sftp compilation on AIX. +o Fixed RADIUS authentication on 64-bit platforms +o Fixed memory leak in SCP downloads. +o New configuration directives + SQLPasswordUserSalt +The SQLPasswordUserSalt directive can be used to configure +per-user salt data to be added to the encrypted password +for a user. The salt can be the user name, or it can be +the result of a SQL query. More information can be found in +doc/contrib/mod_sql_passwd.html#SQLPasswordUserSalt. + +--- +Wed Feb 10 16:10:32 CET 2010 - diego.ercol...@gmail.com + +- update to 1.3.3rc3 +- try to be compatible with osc :-) + +--- +Sun Dec 20 19:39:10 UTC 2009 - ch...@computersalat.de + +- update to 1.3.2c + o Bug and regression fixes. +- removed obsolete CVE patch + +--- +Mon Oct 26 12:35:29 UTC 2009 - mse...@novell.com + +- fixed CVE-2009-3639 : mod_tls security issue (bnc#549740) + +-