![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at Thu May 19 10:26:54 CEST 2011. -------- New Changes file: --- /dev/null 2010-08-26 16:28:41.000000000 +0200 +++ /mounts/work_src_done/STABLE/proftpd/proftpd.changes 2011-04-29 13:21:05.000000000 +0200 @@ -0,0 +1,246 @@ +------------------------------------------------------------------- +Fri Apr 29 11:18:55 UTC 2011 - chris@computersalat.de + +- push to Factory + o fix changelog (not in sequence) + o fix license (GPL -> GPLv2+) + o remove Author from description + o remove obsolete extra source proftpd.conf + +------------------------------------------------------------------- +Fri Apr 8 22:08:55 UTC 2011 - chris@computersalat.de + +- update to 1.3.3e + + Display messages work properly again. + + Fixes plaintext command injection vulnerability in FTPS implementation + (i.e. mod_tls). See http://bugs.proftpd.org/show_bug.cgi?id=3624 for + details. + + Fixes CVE-2011-1137 (badly formed SSH messages cause DoS). See + http://bugs.proftpd.org/show_bug.cgi?id=3586 for details. + + Performance improvements, especially during server startup/restarts. + +------------------------------------------------------------------- +Sun Jan 30 20:40:10 UTC 2011 - chris@computersalat.de + +- update to 1.3.3d + + Fixed sql_prepare_where() buffer overflow (Bug#3536) + + Fixed CPU spike when handling .ftpaccess files. + + Fixed handling of SFTP uploads when compression is used. + +------------------------------------------------------------------- +Fri Oct 22 23:26:10 UTC 2010 - mseben@gmail.com + +- update to 1.3.3c + + Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925) + + Fixed directory traversal bug in mod_site_misc + + Fixed SQLite authentications using "SQLAuthType Backend" + +------------------------------------------------------------------- +Fri Oct 22 17:49:06 UTC 2010 - chris@computersalat.de + +- clenaup spec +- fix doc pkg + o should not provide pkgconfig + +------------------------------------------------------------------- +Fri Oct 15 14:13:43 UTC 2010 - chris@computersalat.de + +- update to 1.3.3b + + Fixed SFTP directory listing bug + + Avoid corrupting utmpx databases on FreeBSD + + Avoid null pointer dereferences during data transfers + + Fixed "AuthAliasOnly on" anonymous logins +- rpmlint: no-pkg-config-provides + o add BuildReq pkg-config +- removed changes from spec + +------------------------------------------------------------------- +Wed Jul 7 14:17:45 UTC 2010 - chris@computersalat.de + +- update to 1.3.3a + + Added Japanese translation + + Many mod_sftp bugfixes + + Fixed SSL_shutdown() errors caused by OpenSSL 0.9.8m and later + + Fixed handling of utmp/utmpx format changes on FreeBSD +- rpmlint: self-obsoletion + +------------------------------------------------------------------- +Wed May 5 14:01:02 UTC 2010 - mseben@novell.com + +- fix build : dir-or-file-in-var-run badness : /var/run/proftpd dir + is marked as ghost and it is created in init script now + +------------------------------------------------------------------- +Fri Apr 9 15:44:32 UTC 2010 - mseben@novell.com + +- added ncurses-devel to buildrequires to fix ftptop message : "no + curses or ncurses library on this system" + +------------------------------------------------------------------- +Fri Feb 26 16:01:47 UTC 2010 - chris@computersalat.de + +- added info for "STABLE" versions only + +------------------------------------------------------------------- +Thu Feb 25 00:14:20 UTC 2010 - chris@computersalat.de + +- update to 1.3.3 + o Fixed mod_ban whitelisting using mod_ifsession. + o Fixed per-user/group/class "HideFiles none" configurations. + - 1.3.3rc4 + o Fixed mod_tls compilation using OpenSSL installations older + than 0.9.7. + o Fixed mod_sftp compilation on AIX. + o Fixed RADIUS authentication on 64-bit platforms + o Fixed memory leak in SCP downloads. + o New configuration directives + SQLPasswordUserSalt + The SQLPasswordUserSalt directive can be used to configure + per-user salt data to be added to the encrypted password + for a user. The salt can be the user name, or it can be + the result of a SQL query. More information can be found in + doc/contrib/mod_sql_passwd.html#SQLPasswordUserSalt. + +------------------------------------------------------------------- +Wed Feb 10 16:10:32 CET 2010 - diego.ercolani@gmail.com + +- update to 1.3.3rc3 +- try to be compatible with osc :-) + +------------------------------------------------------------------- +Sun Dec 20 19:39:10 UTC 2009 - chris@computersalat.de + +- update to 1.3.2c + o Bug and regression fixes. +- removed obsolete CVE patch + +------------------------------------------------------------------- +Mon Oct 26 12:35:29 UTC 2009 - mseben@novell.com + +- fixed CVE-2009-3639 : mod_tls security issue (bnc#549740) + +------------------------------------------------------------------- +Wed Sep 16 18:17:04 UTC 2009 - alexandre@exatati.com.br + +- Update tarball to its upstream version without + bzipped patch; +- Removed blank spaces at enf of lines on spec file; +- Replaced tab characters on spec file. + +------------------------------------------------------------------- +Wed Sep 16 11:20:20 UTC 2009 - chris@computersalat.de + +- update to 1.3.2 (1.3.2a) + o many bugfixes, read ChangeLog or NEWS + o include 1.3.2a upstream patch + o removed old patches + * proftpd-1.3.1-umode_t.patch + * proftpd-1.3.1-O_CREAT.patch + * proftpd-1.3.1-libcap.patch + * proftpd-1.3.1-CVE-2009-0542.patch + * proftpd-1.3.1-CVE-2009-0543.patch + o reworked basic.conf.patch +- spec mods + o removed ^#----- + o removed {rel} + o clean + * rm -rf RPM_BUILD_ROOT + o added sub sqlite +- fixed deps + o BuildRequires: sqlite3-devel unixODBC-devel +- rpmlint + o description-shorter-than-summary + o source-or-patch-not-bzipped proftpd-1.3.2a.patch + +------------------------------------------------------------------- +Tue Jul 7 22:21:50 CEST 2009 - chris@computersalat.de + +- added proftpd.passwd + o it is an initial passwd for virtuser and + anonymous login works well with it :) + +------------------------------------------------------------------- +Mon Jul 6 22:16:46 CEST 2009 - chris@computersalat.de + +- added ftpasswd.patch +- rework of basic.conf patch +- removed README.AIX + +------------------------------------------------------------------- +Thu Apr 16 01:54:23 CEST 2009 - chris@computersalat.de + +- added basic.conf patch +- added dist.patch + o fix for xinetd, logrotate, pam +- some more subpackages + o ldap, mysql, pgsql, radius +- added ftpasswd for simple virtuser support +- added auth DIR /etc/proftpd/auth + o passwd for virtuser +- added conf.d DIR /etc/proftpd/conf.d + o configs for inclusion +- added log DIR /var/log/proftpd +- beautify init file +- beautify spec file + +------------------------------------------------------------------- +Wed Feb 18 10:40:55 CET 2009 - mseben@suse.cz + +- added proftpd.conf with uploads section + +------------------------------------------------------------------- +Fri Feb 13 16:55:01 CET 2009 - mseben@suse.cz + +- fixed sql injection vulnerability which allows remote attackers + to execute arbitrary SQL commands via a "%" character + CVE-2009-0542.patch (bnc#475316) +- fixed vulnerability which allows remote attackers to bypass SQL ++++ 49 more lines (skipped) ++++ between /dev/null ++++ and /mounts/work_src_done/STABLE/proftpd/proftpd.changes calling whatdependson for head-i586 New: ---- proftpd-1.3.1-ftpasswd.patch proftpd-1.3.2a-basic.conf.patch proftpd-1.3.3-dist.patch proftpd-1.3.3-strip.patch proftpd-1.3.3e.tar.bz2 proftpd.changes proftpd.init proftpd.passwd proftpd.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ proftpd.spec ++++++ # # spec file for package proftpd # # Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: proftpd Summary: Highly configurable GPL-licensed FTP server software # Please save your time and do not update to "rc" versions. # We only accept updates for "STABLE" Versions Version: 1.3.3e Release: 1 License: GPLv2+ Group: Productivity/Networking/Ftp/Servers AutoReqProv: on Url: http://www.proftpd.org/ Source: ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.bz2 Source1: %{name}.init Source2: %{name}.passwd #PATCH-FIX-UPSTREAM CVE-2009-3639 fix mod_tls security issue (bnc#549740) Patch100: %{name}-1.3.3-dist.patch Patch101: %{name}-1.3.2a-basic.conf.patch Patch102: %{name}-1.3.1-ftpasswd.patch Patch103: %{name}-1.3.3-strip.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: krb5-devel BuildRequires: libacl-devel BuildRequires: libattr-devel BuildRequires: mysql-devel BuildRequires: ncurses-devel BuildRequires: openldap2-devel BuildRequires: openssl-devel BuildRequires: pam-devel BuildRequires: pkg-config BuildRequires: postgresql-devel BuildRequires: sqlite3-devel BuildRequires: tcpd-devel BuildRequires: unixODBC-devel Requires: logrotate %description ProFTPD is a highly configurable FTP daemon for Unix and Unix-like operating systems. See the README.ports file for more details about the platforms on which ProFTPD in known or thought to build and run. %package ldap Summary: LDAP Module for ProFTPD Group: Productivity/Networking/Ftp/Servers Requires: %{name} = %{version} %description ldap This is the LDAP Module for ProFTPD %package mysql Summary: MySQL Module for ProFTPD Group: Productivity/Networking/Ftp/Servers Requires: %{name} = %{version} %description mysql This is the MySQL Module for ProFTPD %package pgsql Summary: PostgreSQL Module for ProFTPD Group: Productivity/Networking/Ftp/Servers Requires: %{name} = %{version} %description pgsql This is the PostgreSQL Module for ProFTPD %package radius Summary: Radius Module for ProFTPD Group: Productivity/Networking/Ftp/Servers Requires: %{name} = %{version} %description radius This is the Radius Module for ProFTPD %package sqlite Summary: SQLite Module for ProFTPD Group: Productivity/Networking/Ftp/Servers Requires: %{name} = %{version} %description sqlite This is the SQLite Module for ProFTPD %package devel Summary: Development files for ProFTPD Group: Development/Libraries/C and C++ Requires: %{name} = %{version} %description devel This package contains Development files for ProFTPD %package doc Summary: Documentation for ProFTPD Group: Documentation/HTML Requires: %{name} = %{version} %description doc Here are Documentation for ProFTPD %prep %setup -q %{__rm} README.AIX %patch100 -p1 %patch101 -p1 %patch102 -p1 %patch103 -p1 %build PROFTPD_SHARED_MODS="$(for spec_mod in mod_load $(find contrib -name mod_\*.c); do echo "$(basename ${spec_mod%%.c})"; done | tr '\n' ':' | sed -e 's|:$||')" export CFLAGS="$RPM_OPT_FLAGS -DLDAP_DEPRECATED" export CXXFLAGS="$CFLAGS" %configure \ --bindir=%{_sbindir} \ --libexecdir=%{_libdir}/%{name} \ --sysconfdir=%{_sysconfdir}/%{name} \ --localstatedir=%{_localstatedir}/run/%{name} \ --enable-sendfile \ --enable-ipv6 \ --enable-ctrls \ --enable-facl \ --enable-dso \ --with-includes="%{_includedir}/mysql:%{_includedir}/pgsql" \ --with-shared="${PROFTPD_SHARED_MODS}" %{__make} %{?_smp_mflags} %install %makeinstall INSTALL_USER=`id -un` INSTALL_GROUP=`id -gn` %{__install} -D -m 0644 contrib/dist/rpm/ftp.pamd $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/%{name} %{__install} -D -m 0644 contrib/dist/rpm/xinetd $RPM_BUILD_ROOT%{_sysconfdir}/xinetd.d/%{name} %{__install} -D -m 0644 contrib/dist/rpm/%{name}.logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/%{name} %{__install} -D -m 0755 %{S:1} $RPM_BUILD_ROOT%{_sysconfdir}/init.d/%{name} %{__ln_s} -f %{_sysconfdir}/init.d/%{name} $RPM_BUILD_ROOT%{_sbindir}/rc%{name} # %{__rm} -fv $RPM_BUILD_ROOT%{_libdir}/%{name}/*.{a,la} # install ftpasswd %{__install} -D -m 0755 contrib/ftpasswd $RPM_BUILD_ROOT%{_sbindir}/ # some needed dirs %{__install} -d $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/{conf.d,auth} %{__install} -m 0644 %{S:2} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/auth/passwd %{__install} -d -m 0750 $RPM_BUILD_ROOT/var/log/%{name} %pre # on `rpm -ivh` PARAM is 1 # on `rpm -Uvh` PARAM is 2 #if [ "$1" = "1" ]; then %preun # on `rpm -e` PARAM is 0 %stop_on_removal proftpd %post # on `rpm -ivh` PARAM is 1 # on `rpm -Uvh` PARAM is 2 if [ "$1" = "1" ]; then #%{__sed} -i "s,\(.*disable.*=\ \)no,\1yes," %{_sysconfdir}/xinetd.d/%{name} %{__sed} -i -e "s/@HOST@/$(hostname -s)/" %{_sysconfdir}/%{name}/%{name}.conf fi %{fillup_and_insserv -f proftpd} %postun # on `rpm -e` PARAM is 0 if [ "$1" = "0" ]; then %{insserv_cleanup} fi %restart_on_update proftpd %clean %{__rm} -rf %{buildroot} %files %defattr(-,root,root,-) %doc COPYING CREDITS ChangeLog INSTALL NEWS README* RELEASE_NOTES %doc contrib/README.* #%doc contrib/xferstats.holger-preiss* #%doc contrib/ftpasswd contrib/ftpquota %doc sample-configurations/*.conf %dir %attr(0755,root,root) %{_sysconfdir}/%{name}/ %dir %attr(0750,ftp,ftp) %{_sysconfdir}/%{name}/auth/ %config(noreplace) %attr(0644,root,ftp) %{_sysconfdir}/%{name}/auth/passwd %dir %attr(0755,root,root) %{_sysconfdir}/%{name}/conf.d %config(noreplace) %attr(0640,root,root) %{_sysconfdir}/%{name}/%{name}.conf %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %config(noreplace) %{_sysconfdir}/pam.d/%{name} %config(noreplace) %{_sysconfdir}/xinetd.d/%{name} %config(noreplace) %{_sysconfdir}/%{name}/blacklist.dat %config(noreplace) %{_sysconfdir}/%{name}/dhparams.pem %{_sysconfdir}/init.d/%{name} %dir %attr(0750,ftp,ftp) %{_localstatedir}/log/%{name} %ghost %{_localstatedir}/run/%{name} %{_sbindir}/* %{_mandir}/man?/* %dir %attr(0755,root,root) %{_libdir}/%{name}/ %{_libdir}/%{name}/*.so %exclude %{_libdir}/%{name}/mod_ldap.so %exclude %{_libdir}/%{name}/mod_sql_mysql.so %exclude %{_libdir}/%{name}/mod_sql_postgres.so %exclude %{_libdir}/%{name}/mod_radius.so %exclude %{_libdir}/%{name}/mod_sql_sqlite.so %files ldap %defattr(-,root,root,-) %{_libdir}/%{name}/mod_ldap.so %files mysql %defattr(-,root,root,-) %{_libdir}/%{name}/mod_sql_mysql.so %files pgsql %defattr(-,root,root,-) %{_libdir}/%{name}/mod_sql_postgres.so %files radius %defattr(-,root,root,-) %{_libdir}/%{name}/mod_radius.so %files sqlite %defattr(-,root,root,-) %{_libdir}/%{name}/mod_sql_sqlite.so %files devel %defattr(-,root,root,-) %{_includedir}/%{name} %{_libdir}/pkgconfig/%{name}.pc %files doc %defattr(-,root,root,-) %doc doc/*.html doc/contrib doc/howto doc/modules %changelog ++++++ proftpd-1.3.1-ftpasswd.patch ++++++ diff -ruN proftpd-1.3.1-orig/contrib/ftpasswd proftpd-1.3.1/contrib/ftpasswd --- proftpd-1.3.1-orig/contrib/ftpasswd 2004-10-07 21:17:58.000000000 +0000 +++ proftpd-1.3.1/contrib/ftpasswd 2008-11-03 14:11:33.159343152 +0000 @@ -34,8 +34,8 @@ $Getopt::Long::auto_abbrev = 0; my $program = basename($0); -my $default_passwd_file = "./ftpd.passwd"; -my $default_group_file = "./ftpd.group"; +my $default_passwd_file = "/etc/proftpd/auth/passwd"; +my $default_group_file = "/etc/proftpd/auth/group"; my $shell_file = "/etc/shells"; my $default_cracklib_dict = "/usr/lib/cracklib_dict"; my $cracklib_dict; @@ -882,6 +882,46 @@ --version Displays the version of $program. +Creating Files + +The ftpasswd program can create and update files for both AuthUserFile and + AuthGroupFile. When it is used for the first time, the program will create + the necessary file. If that file already exists, ftpasswd will update it + with the new information. + +ftpasswd must first know what type of file to create. Use either the + --passwd option (for handling AuthUserFiles), or the --group option + (for handling AuthGroupFiles); this is required. + +When creating an AuthUserFile, the following options are also + required: --name, --uid, --home, and --shell. + This information is required by proftpd to authenticate a user. The optional + parameters for an AuthUserFile include --gid + (defaults to the given --uid argument when not provided) + and --gecos (not used by proftpd at all). For example: + + ftpasswd --passwd --name=bob --uid=1001 --home=/home/bob --shell=/bin/false + +creates an account for user bob. + +To create a file with a name or location other than the default + (which, for --passwd mode is /etc/proftpd/auth/passwd), use the --file option. + +For example, to create the alternate password file in /usr/local/etc/ftpd/passwd: + + ftpasswd --passwd --file=/usr/local/etc/ftpd/passwd --name=bob --uid=1001 \ + --home=/home/bob --shell=/bin/false + +For AuthGroupFiles, use --group: + + ftpasswd --group --name=group-name --gid=group-id --member=user-member1 \ + --member=user-member2 ... --member=user-memberN + +The most common change to these files is made to AuthUserFiles, to change + a user's password. The --change-password option was provided just for this scenario: + + ftpasswd --passwd --name=user --change-password + END_OF_USAGE exit 0; ++++++ proftpd-1.3.2a-basic.conf.patch ++++++ diff -ruN proftpd-1.3.2a-orig/sample-configurations/basic.conf proftpd-1.3.2a/sample-configurations/basic.conf --- proftpd-1.3.2a-orig/sample-configurations/basic.conf 2008-01-21 18:44:06.000000000 +0100 +++ proftpd-1.3.2a/sample-configurations/basic.conf 2009-09-16 13:39:34.000000000 +0200 @@ -3,19 +3,29 @@ # and a single anonymous login. It assumes that you have a user/group # "nobody" and "ftp" for normal operation and anon. -ServerName "ProFTPD Default Installation" -ServerType standalone -DefaultServer on +ServerName "ProFTPD on @HOST@" +ServerType standalone +DefaultServer on # Port 21 is the standard FTP port. -Port 21 +Port 21 + +# FireWall PortRange for PASV +PassivePorts 40000 40999 + +# Set DebugLevel to values between 0 and 9 +# default is 0 +DebugLevel 0 + +# SystemLog -- Redirect syslogging to a file +SystemLog /var/log/proftpd/proftpd.log # Don't use IPv6 support by default. -UseIPv6 off +UseIPv6 off # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. -Umask 022 +Umask 022 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections @@ -23,43 +33,190 @@ # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd). -MaxInstances 30 +MaxInstances 30 # Set the user and group under which the server will run. -User nobody -Group nogroup - -# To cause every FTP user to be "jailed" (chrooted) into their home -# directory, uncomment this line. -#DefaultRoot ~ +User ftp +Group ftp -# Normally, we want files to be overwriteable. -AllowOverwrite on +# Some logging formats +LogFormat default "%h %l %u %t \"%r\" %s %b" +LogFormat auth "%v [%P] %h %t \"%r\" %s" +LogFormat write "%h %l %u %t \"%r\" %s %b" + +# ------------------------------ +# Global Settings +# ------------------------------ +<Global> + + # ------------------------------ + # Login + # ------------------------------ + + ServerIdent on "FTP server ready" + DeferWelcome on + #DisplayConnect /etc/proftpd/msg + + IdentLookups off + UseFtpUsers off + RequireValidShell off + + TimeoutLogin 60 + MaxLoginAttempts 3 + #MaxClientsPerHost none + #MaxClientsPerUser 1 "Only one connection at a time." + + # ------------------------------ + # Authentication + # ------------------------------ + + ### PAM Authentication + # AuthPAM: default: on + AuthPAM off + + # changed AuthPAMConfig file + AuthPAMConfig proftpd + ### PAM Authentication + + AuthUserFile /etc/proftpd/auth/passwd + AuthGroupFile /etc/group + + ### order of auth modules + #AuthOrder mod_auth_unix.c mod_auth_file.c + AuthOrder mod_auth_file.c + + # ------------------------------ + # Post-Login + # ------------------------------ + + DisplayLogin welcome.msg + DisplayChdir .message + AllowOverride off + + TimeoutIdle 600 + TimeoutNoTransfer 900 + TimeoutStalled 300 + TimeoutSession 3600 + + # ------------------------------ + # Session + # ------------------------------ + + # To cause every FTP user to be "jailed" (chrooted) into their home + # directory, uncomment this line. + DefaultRoot ~ web,!users + + DenyFilter \*.*/ + ListOptions "-A +R" strict + UseGlobbing off + + ShowSymlinks on + TimesGMT on + + # ------------------------------ + # Up- & Download + # ------------------------------ + + # having to delete before uploading is a pain ;) + AllowOverwrite on + AllowRetrieveRestart on + HiddenStores on + DeleteAbortedStores on + #AllowStoreRestart off # is contrary to "DeleteAbortedStores" + + # ------------------------------ + # Logging + # ------------------------------ + + WtmpLog off + TransferLog /var/log/proftpd/xferlog + + # Record all logins + ExtendedLog /var/log/proftpd/auth.log AUTH auth + + # Logging file/dir access + ExtendedLog /var/log/proftpd/access.log WRITE,READ write + + # Paranoia logging level.... + ExtendedLog /var/log/proftpd/paranoid.log ALL default + + # SQLLogFile + #SQLLogFile /var/log/proftpd/SQL.log +</Global> # Bar use of SITE CHMOD by default <Limit SITE_CHMOD> DenyAll </Limit> +##### +# Include other confs +#Include /etc/proftpd/conf.d/*.conf + +##### + +# ------------------------------ +# Anonymous Settings +# ------------------------------ # A basic anonymous configuration, no upload directories. If you do not # want anonymous users, simply delete this entire <Anonymous> section. <Anonymous ~ftp> - User ftp - Group ftp - - # We want clients to be able to login with "anonymous" as well as "ftp" - UserAlias anonymous ftp - - # Limit the maximum number of anonymous logins - MaxClients 10 - - # We want 'welcome.msg' displayed at login, and '.message' displayed - # in each newly chdired directory. - DisplayLogin welcome.msg - DisplayChdir .message - - # Limit WRITE everywhere in the anonymous chroot - <Limit WRITE> - DenyAll - </Limit> + # Limit LOGIN + #<Limit LOGIN> + # Order Allow,Deny + # Allow from .examples.net,113.141.114.1 + # Deny from All + #</Limit> + + # Limit WRITE everywhere in the anonymous chroot + <Limit WRITE> + DenyAll + </Limit> + + # LoginPasswordPrompt -- Configure to display the passwort prompt or not + LoginPasswordPrompt off + + # DirFakeMode -- Hide real file/directory permissions + DirFakeMode 0640 + + # DirFakeUser -- Hide real file/directory owner + DirFakeUser On + + # DirFakeGroup -- Hide real file/directory group + DirFakeGroup On + + # We want clients to be able to login with "anonymous" as well as "ftp" + UserAlias anonymous ftp + + # Limit the maximum number of anonymous logins + MaxClients 10 + #MaxRetrieveFileSize 512 Mb + + # Limit Up/Downloads to 255 K/sec + #TransferRate APPE,RETR,STOR,STOU 255 + + # We want 'welcome.msg' displayed at login, and '.message' displayed + # in each newly chdired directory. + DisplayLogin welcome.msg + DisplayChdir .message + + #<Directory pub> + # <Limit ALL> + # Order Allow,Deny + # Allow from .examples.net,113.141.114.1 + # Deny from All + # </Limit> + #</Directory> + + # An upload directory that allows storing files but not retrieving + # or creating directories. + #<Directory uploads/*> + # <Limit READ> + DenyAll + # </Limit> + # <Limit STOR> + AllowAll + # </Limit> + #</Directory> </Anonymous> + ++++++ proftpd-1.3.3-dist.patch ++++++ diff -Nur proftpd-1.3.3rc3.orig/contrib/dist/rpm/ftp.pamd proftpd-1.3.3rc3/contrib/dist/rpm/ftp.pamd --- proftpd-1.3.3rc3.orig/contrib/dist/rpm/ftp.pamd 2007-10-04 04:25:03.000000000 +0200 +++ proftpd-1.3.3rc3/contrib/dist/rpm/ftp.pamd 2010-02-09 14:40:29.198747815 +0100 @@ -1,6 +1,7 @@ #%PAM-1.0 + auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed -auth required pam_unix.so shadow nullok +#auth required pam_unix.so shadow nullok # If this is enabled, anonymous logins will fail because the 'ftp' user does # not have a "valid" shell, as listed in /etc/shells. @@ -11,5 +12,8 @@ # #auth required pam_shells.so -account required pam_unix.so -session required pam_unix.so +auth required pam_unix2.so +auth required pam_shells.so +account required pam_unix2.so +password required pam_unix2.so +session required pam_unix2.so diff -Nur proftpd-1.3.3rc3.orig/contrib/dist/rpm/proftpd.logrotate proftpd-1.3.3rc3/contrib/dist/rpm/proftpd.logrotate --- proftpd-1.3.3rc3.orig/contrib/dist/rpm/proftpd.logrotate 2009-05-27 18:14:24.000000000 +0200 +++ proftpd-1.3.3rc3/contrib/dist/rpm/proftpd.logrotate 2010-02-09 14:41:59.734217959 +0100 @@ -1,7 +1,31 @@ -/var/log/xferlog { - missingok - notifempty - postrotate - kill -HUP `cat /var/run/proftpd.pid 2>/dev/null` 2>/dev/null || true - endscript -} +/var/log/proftpd/xferlog /var/log/proftpd/proftpd.log { + compress + dateext + maxage 365 + rotate 99 + size=+4096k + notifempty + missingok + create 640 root root + sharedscripts + postrotate + /etc/init.d/proftpd reload + #/etc/init.d/xinetd reload + endscript + } + +#/var/log/proftpd/access.log /var/log/proftpd/auth.log /var/log/proftpd/paranoid.log { +# compress +# dateext +# maxage 365 +# rotate 99 +# size=+4096k +# notifempty +# missingok +# create 640 root root +# sharedscripts +# postrotate +# /etc/init.d/proftpd reload +# #/etc/init.d/xinetd reload +# endscript +#} diff -Nur proftpd-1.3.3rc3.orig/contrib/dist/rpm/xinetd proftpd-1.3.3rc3/contrib/dist/rpm/xinetd --- proftpd-1.3.3rc3.orig/contrib/dist/rpm/xinetd 2003-08-28 02:33:27.000000000 +0200 +++ proftpd-1.3.3rc3/contrib/dist/rpm/xinetd 2010-02-09 14:40:29.198747815 +0100 @@ -2,11 +2,15 @@ # description: The ProFTPD FTP server service ftp { - flags = REUSE socket_type = stream + protocol = tcp wait = no +# bind = IP + instances = 30 user = root server = /usr/sbin/proftpd - log_on_failure += USERID - disable = no + log_on_success += PID HOST USERID EXIT DURATION + log_on_failure += HOST USERID ATTEMPT +# nice = 10 + disable = yes } I file proftpd-1.3.3rc3.orig/.ltmain.sh.rej.swp e proftpd-1.3.3rc3/.ltmain.sh.rej.swp sono diversi ++++++ proftpd-1.3.3-strip.patch ++++++ diff -Nur proftpd-1.3.3rc3.orig/ltmain.sh proftpd-1.3.3rc3/ltmain.sh --- proftpd-1.3.3rc3.orig/ltmain.sh 2009-11-17 19:26:43.000000000 +0100 +++ proftpd-1.3.3rc3/ltmain.sh 2010-02-11 13:37:15.000000000 +0100 @@ -2056,7 +2056,10 @@ ;; esac if test -n "$tstripme" && test -n "$striplib"; then - func_show_eval "$striplib $destdir/$realname" 'exit $?' + #func_show_eval "$striplib $destdir/$realname" 'exit $?' + echo "strip patch" + func_quote_for_expand "$striplib $destdir/$realname" + func_echo $func_quote_for_expand_result fi if test "$#" -gt 0; then ++++++ proftpd.init ++++++ #! /bin/sh # Copyright (c) 1995-2004 SUSE Linux AG, Nuernberg, Germany. # All rights reserved. # # Author: Kurt Garloff # Please send feedback to http://www.suse.de/feedback/ # # /etc/init.d/proftpd # and its symbolic link # /(usr/)sbin/rcproftpd # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # ### BEGIN INIT INFO # Provides: proftpd # Required-Start: $syslog $remote_fs # Should-Start: $time ypbind sendmail # Required-Stop: $syslog $remote_fs # Should-Stop: $time ypbind sendmail # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: ProFTPD daemon # Description: Start ProFTPD to allow XY and provide YZ ### END INIT INFO # # Note on runlevels: # 0 - halt/poweroff 6 - reboot # 1 - single user 2 - multiuser without network exported # 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm) # # Note on script names: # http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html # A registry has been set up to manage the init script namespace. # http://www.lanana.org/ # Please use the names already registered or register one or use a # vendor prefix. # Check for missing binaries (stale symlinks should not happen) # Note: Special treatment of stop for LSB conformance PROFTPD_BIN=/usr/sbin/proftpd test -x $PROFTPD_BIN || { echo "$PROFTPD_BIN not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } PROFTPD_RUNDIR=/var/run/proftpd # Check for existence of needed config file and read it #PROFTPD_CONFIG=/etc/sysconfig/proftpd #test -r $PROFTPD_CONFIG || { echo "$PROFTPD_CONFIG not existing"; # if [ "$1" = "stop" ]; then exit 0; # else exit 6; fi; } # # Read config #. $PROFTPD_CONFIG # Source LSB init functions # providing start_daemon, killproc, pidofproc, # log_success_msg, log_failure_msg and log_warning_msg. # This is currently not used by UnitedLinux based distributions and # not needed for init scripts for UnitedLinux only. If it is used, # the functions from rc.status should not be sourced or used. #. /lib/lsb/init-functions # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v be verbose in local rc status and clear it afterwards # rc_status -v -r ditto and clear both the local and overall rc status # rc_status -s display "skipped" and exit with status 3 # rc_status -u display "unused" and exit with status 3 # rc_failed set local and overall rc status to failed # rc_failed <num> set local and overall rc status to <num> # rc_reset clear both the local and overall rc status # rc_exit exit appropriate to overall rc status # rc_active checks whether a service is activated by symlinks . /etc/rc.status # Reset status of this service rc_reset # Return values acc. to LSB for all commands but status: # 0 - success # 1 - generic or unspecified error # 2 - invalid or excess argument(s) # 3 - unimplemented feature (e.g. "reload") # 4 - user had insufficient privileges # 5 - program is not installed # 6 - program is not configured # 7 - program is not running # 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl) # # Note that starting an already running service, stopping # or restarting a not-running service as well as the restart # with force-reload (in case signaling is not supported) are # considered a success. case "$1" in start) if [ ! -d $PROFTPD_RUNDIR ]; then mkdir -p $PROFTPD_RUNDIR fi echo -n "Starting proftpd " ## Start daemon with startproc(8). If this fails ## the return value is set appropriately by startproc. /sbin/startproc $PROFTPD_BIN # Remember status and be verbose rc_status -v ;; stop) echo -n "Shutting down proftpd " ## Stop daemon with killproc(8) and if this fails ## killproc sets the return value according to LSB. /sbin/killproc -TERM $PROFTPD_BIN # Remember status and be verbose rc_status -v ;; try-restart|condrestart) ## Do a restart only if the service was active before. ## Note: try-restart is now part of LSB (as of 1.9). ## RH has a similar command named condrestart. if test "$1" = "condrestart"; then echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" fi $0 status if test $? = 0; then $0 restart else rc_reset # Not running is not a failure. fi # Remember status and be quiet rc_status ;; restart) ## Stop the service and regardless of whether it was ## running or not, start it again. $0 stop $0 start # Remember status and be quiet rc_status ;; force-reload) echo -n "Reload service proftpd " ## Signal the daemon to reload its config. Most daemons ## do this on signal 1 (SIGHUP). ## If it does not support it, restart the service if it ## is running. # if it supports it: /sbin/killproc -HUP $PROFTPD_BIN #touch /var/run/proftpd.pid # Remember status and be verbose rc_status -v ## Otherwise: #$0 try-restart #rc_status ;; reload) echo -n "Reload service proftpd " ## Like force-reload, but if daemon does not support ## signaling, do nothing (!) # If it supports signaling: /sbin/killproc -HUP $PROFTPD_BIN #touch /var/run/proftpd.pid # Remember status and be verbose rc_status -v ## Otherwise if it does not support reload: #rc_failed 3 #rc_status -v ;; status) echo -n "Checking for service proftpd " ## Check status with checkproc(8), if process is running ## checkproc will return with exit status 0. # Return value is slightly different for the status command: # 0 - service up and running # 1 - service dead, but /var/run/ pid file exists # 2 - service dead, but /var/lock/ lock file exists # 3 - service not running (unused) # 4 - service status unknown :-( # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) # NOTE: checkproc returns LSB compliant status values. /sbin/checkproc $PROFTPD_BIN # NOTE: rc_status knows that we called this init script with # "status" option and adapts its messages accordingly. # Remember status and be verbose rc_status -v ;; probe) ## Optional: Probe for the necessity of a reload, print out the ## argument to this init script which is required for a reload. ## Note: probe is not (yet) part of LSB (as of 1.9) test /etc/proftpd/proftpd.conf -nt $PROFTPD_RUNDIR/proftpd.pid && echo reload ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" exit 1 ;; esac rc_exit ++++++ proftpd.passwd ++++++ ftp:$1$Qirpijna$Z9ocX/jIH/kpBppMFyI451:49:49::/srv/ftp:/bin/false ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@hilbert.suse.de