From 9683b36f713878529beba846b764c4b4463ecf7c Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Aug 14 2017 13:46:59 +0000 Subject: Rebase to 1.0.46 --- diff --git a/.gitignore b/.gitignore index 63a8518..52988ca 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ pure-ftpd-1.0.29.tar.bz2 /pure-ftpd-1.0.39.tar.bz2 /pure-ftpd-1.0.40.tar.bz2 /pure-ftpd-1.0.42.tar.bz2 +/pure-ftpd-1.0.46.tar.bz2 diff --git a/0001-modify-pam.patch b/0001-modify-pam.patch new file mode 100644 index 0000000..094a5d1 --- /dev/null +++ b/0001-modify-pam.patch @@ -0,0 +1,34 @@ +From 0cabf3b8b952c6117d575360f793ba63fb53c7ba Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 12 Jul 2017 12:09:38 +0200 +Subject: [PATCH 1/2] modify pam + +--- + pam/pure-ftpd | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/pam/pure-ftpd b/pam/pure-ftpd +index 6611b87..ece8733 100644 +--- a/pam/pure-ftpd ++++ b/pam/pure-ftpd +@@ -4,12 +4,13 @@ + # Install it in /etc/pam.d/pure-ftpd or add to /etc/pam.conf + + auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed ++auth include password-auth + auth required pam_shells.so + auth required pam_nologin.so + +-account required pam_stack.so service=system-auth ++account include password-auth + +-password required pam_stack.so service=system-auth +- +-session required pam_stack.so service=system-auth ++password include password-auth + ++session required pam_loginuid.so ++session include password-auth +-- +2.13.0 + diff --git a/0002-fedora-specific-config-file.patch b/0002-fedora-specific-config-file.patch new file mode 100644 index 0000000..8244501 --- /dev/null +++ b/0002-fedora-specific-config-file.patch @@ -0,0 +1,126 @@ +From 7298eae83f798f572e33bce5cc5f0a43fabdf9ad Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 12 Jul 2017 13:17:05 +0200 +Subject: [PATCH] fedora specific config file + +--- + pure-ftpd.conf.in | 31 +++++++++++++++++-------------- + 1 file changed, 17 insertions(+), 14 deletions(-) + +diff --git a/pure-ftpd.conf.in b/pure-ftpd.conf.in +index fbaf9b4..b02617d 100644 +--- a/pure-ftpd.conf.in ++++ b/pure-ftpd.conf.in +@@ -9,7 +9,7 @@ + # instead of command-line options, please run the + # following command : + # +-# @prefix@/sbin/pure-ftpd @sysconfdir@/etc/pure-ftpd.conf ++# @sbindir@/pure-ftpd @sysconfdir@/pure-ftpd.conf + # + # Online documentation: + # https://www.pureftpd.org/project/pure-ftpd/doc +@@ -106,34 +106,34 @@ MaxIdleTime 15 + + # LDAP configuration file (see README.LDAP) + +-# LDAPConfigFile /etc/pureftpd-ldap.conf ++# LDAPConfigFile @sysconfigdir@/pureftpd-ldap.conf + + + + # MySQL configuration file (see README.MySQL) + +-# MySQLConfigFile /etc/pureftpd-mysql.conf ++# MySQLConfigFile @sysconfigdir@/pureftpd-mysql.conf + + + # PostgreSQL configuration file (see README.PGSQL) + +-# PGSQLConfigFile /etc/pureftpd-pgsql.conf ++# PGSQLConfigFile @sysconfigdir@/pureftpd-pgsql.conf + + + # PureDB user database (see README.Virtual-Users) + +-# PureDB /etc/pureftpd.pdb ++# PureDB @sysconfigdir@/pureftpd.pdb + + + # Path to pure-authd socket (see README.Authentication-Modules) + +-# ExtAuth /var/run/ftpd.sock ++# ExtAuth @localstatedir@/run/ftpd.sock + + + + # If you want to enable PAM authentication, uncomment the following line + +-# PAMAuthentication yes ++PAMAuthentication yes + + + +@@ -236,9 +236,12 @@ Umask 133:022 + + # Minimum UID for an authenticated user to log in. + +-MinUID 100 ++MinUID 1000 + ++# Do not use the /etc/ftpusers file to disable accounts. We're already ++# using MinUID to block users with uid < 1000 + ++UseFtpUsers no + + # Allow FXP transfers for authenticated users. + +@@ -275,7 +278,7 @@ AutoRename no + + # Prevent anonymous users from uploading new files (no = upload is allowed) + +-AnonymousCantUpload no ++AnonymousCantUpload yes + + + +@@ -299,21 +302,21 @@ AnonymousCantUpload no + # fw.c9x.org - jedi [13/Apr/2017:19:36:39] "GET /ftp/linux.tar.bz2" 200 21809338 + # This log file can then be processed by common HTTP traffic analyzers. + +-# AltLog clf:/var/log/pureftpd.log ++AltLog clf:@localstatedir@/log/pureftpd.log + + + + # Create an additional log file with transfers logged in a format optimized + # for statistic reports. + +-# AltLog stats:/var/log/pureftpd.log ++# AltLog stats:@localstatedir@/log/pureftpd.log + + + + # Create an additional log file with transfers logged in the standard W3C + # format (compatible with many HTTP log analyzers) + +-# AltLog w3c:/var/log/pureftpd.log ++# AltLog w3c:@localstatedir@/log/pureftpd.log + + + +@@ -344,9 +347,9 @@ AnonymousCantUpload no + + + # If your pure-ftpd has been compiled with standalone support, you can change +-# the location of the pid file. The default is /var/run/pure-ftpd.pid ++# the location of the pid file. The default is @localstatedir@/run/pure-ftpd.pid + +-# PIDFile /var/run/pure-ftpd.pid ++#PIDFile @localstatedir@/run/pure-ftpd.pid + + + +-- +2.13.0 + diff --git a/pure-ftpd-1.0.35-config.patch b/pure-ftpd-1.0.35-config.patch deleted file mode 100644 index 845379e..0000000 --- a/pure-ftpd-1.0.35-config.patch +++ /dev/null @@ -1,115 +0,0 @@ -diff -up ./configuration-file/pure-ftpd.conf.in.config ./configuration-file/pure-ftpd.conf.in ---- ./configuration-file/pure-ftpd.conf.in.config 2009-11-20 14:15:01.000000000 +0100 -+++ ./configuration-file/pure-ftpd.conf.in 2009-12-04 22:09:21.461504212 +0100 -@@ -9,7 +9,7 @@ - # instead of command-line options, please run the - # following command : - # --# @prefix@/sbin/pure-config.pl @prefix@/etc/pure-ftpd.conf -+# @sbindir@/pure-config.pl @sysconfdir@/pure-ftpd.conf - # - # Please don't forget to have a look at documentation at - # http://www.pureftpd.org/documentation.shtml for a complete list of -@@ -107,34 +107,34 @@ MaxIdleTime 15 - - # LDAP configuration file (see README.LDAP) - --# LDAPConfigFile /etc/pureftpd-ldap.conf -+# LDAPConfigFile @sysconfdir@/pureftpd-ldap.conf - - - - # MySQL configuration file (see README.MySQL) - --# MySQLConfigFile /etc/pureftpd-mysql.conf -+# MySQLConfigFile @sysconfdir@/pureftpd-mysql.conf - - - # Postgres configuration file (see README.PGSQL) - --# PGSQLConfigFile /etc/pureftpd-pgsql.conf -+# PGSQLConfigFile @sysconfdir@/pureftpd-pgsql.conf - - - # PureDB user database (see README.Virtual-Users) - --# PureDB /etc/pureftpd.pdb -+# PureDB @sysconfdir@/pureftpd.pdb - - - # Path to pure-authd socket (see README.Authentication-Modules) - --# ExtAuth /var/run/ftpd.sock -+# ExtAuth @localstatedir@/run/ftpd.sock - - - - # If you want to enable PAM authentication, uncomment the following line - --# PAMAuthentication yes -+PAMAuthentication yes - - - -@@ -237,7 +237,14 @@ Umask 133:022 - - # Minimum UID for an authenticated user to log in. - --MinUID 100 -+MinUID 1000 -+ -+ -+ -+# Do not use the /etc/ftpusers file to disable accounts. We're already -+# using MinUID to block users with uid < 1000 -+ -+UseFtpUsers no - - - -@@ -276,7 +283,7 @@ AutoRename no - - # Disallow anonymous users to upload new files (no = upload is allowed) - --AnonymousCantUpload no -+AnonymousCantUpload yes - - - -@@ -301,21 +308,21 @@ AnonymousCantUpload no - # fw.c9x.org - jedi [13/Dec/1975:19:36:39] "GET /ftp/linux.tar.bz2" 200 21809338 - # This log file can then be processed by www traffic analyzers. - --# AltLog clf:/var/log/pureftpd.log -+AltLog clf:@localstatedir@/log/pureftpd.log - - - - # Create an additional log file with transfers logged in a format optimized - # for statistic reports. - --# AltLog stats:/var/log/pureftpd.log -+# AltLog stats:@localstatedir@/log/pureftpd.log - - - - # Create an additional log file with transfers logged in the standard W3C - # format (compatible with most commercial log analyzers) - --# AltLog w3c:/var/log/pureftpd.log -+# AltLog w3c:@localstatedir@/log/pureftpd.log - - - -@@ -346,9 +353,9 @@ AnonymousCantUpload no - - - # If your pure-ftpd has been compiled with standalone support, you can change --# the location of the pid file. The default is /var/run/pure-ftpd.pid -+# the location of the pid file. The default is @localstatedir@/run/pure-ftpd.pid - --#PIDFile /var/run/pure-ftpd.pid -+#PIDFile @localstatedir@/run/pure-ftpd.pid - - - diff --git a/pure-ftpd-1.0.40-paminclude.patch b/pure-ftpd-1.0.40-paminclude.patch deleted file mode 100644 index 83bcf70..0000000 --- a/pure-ftpd-1.0.40-paminclude.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -Naur pure-ftpd-1.0.40.orig/pam/pure-ftpd pure-ftpd-1.0.40/pam/pure-ftpd ---- pure-ftpd-1.0.40.orig/pam/pure-ftpd 2015-06-13 12:26:37.000000000 +0200 -+++ pure-ftpd-1.0.40/pam/pure-ftpd 2015-06-01 16:36:31.000000000 +0200 -@@ -4,12 +4,14 @@ - # Install it in /etc/pam.d/pure-ftpd or add to /etc/pam.conf - - auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed -+auth include password-auth - auth required pam_shells.so - auth required pam_nologin.so - --account required pam_stack.so service=system-auth -+account include password-auth - --password required pam_stack.so service=system-auth -+password include password-auth - --session required pam_stack.so service=system-auth -+session required pam_loginuid.so -+session include password-auth - diff --git a/pure-ftpd.service b/pure-ftpd.service index e0b3dba..c26bfb6 100644 --- a/pure-ftpd.service +++ b/pure-ftpd.service @@ -5,7 +5,7 @@ After=syslog.target network.target [Service] Type=forking PIDFile=/var/run/pure-ftpd.pid -ExecStart=/usr/sbin/pure-config.pl /etc/pure-ftpd/pure-ftpd.conf --daemonize +ExecStart=/usr/sbin/pure-ftpd /etc/pure-ftpd/pure-ftpd.conf --daemonize [Install] WantedBy=multi-user.target diff --git a/pure-ftpd.spec b/pure-ftpd.spec index 2e3b8ad..4029a2e 100644 --- a/pure-ftpd.spec +++ b/pure-ftpd.spec @@ -1,6 +1,6 @@ Name: pure-ftpd -Version: 1.0.42 -Release: 7%{?dist} +Version: 1.0.46 +Release: 1%{?dist} Summary: Lightweight, fast and secure FTP server Group: System Environment/Daemons @@ -14,17 +14,18 @@ Source4: pure-ftpd.pure-ftpwho.pam Source5: pure-ftpd.pure-ftpwho.consoleapp Source6: pure-ftpd.README.SELinux Source7: pure-ftpd.pureftpd.te -Patch0: pure-ftpd-1.0.35-config.patch -Patch1: pure-ftpd-1.0.40-paminclude.patch +Patch0: 0001-modify-pam.patch +Patch1: 0002-fedora-specific-config-file.patch Provides: ftpserver -BuildRequires: pam-devel, perl-interpreter, perl-generators, python, libcap-devel +BuildRequires: pam-devel, libcap-devel %{!?_without_ldap:BuildRequires: openldap-devel} %{!?_without_mysql:BuildRequires: mysql-devel} %{!?_without_pgsql:BuildRequires: postgresql-devel} %{!?_without_tls:BuildRequires: openssl-devel} BuildRequires: checkpolicy, selinux-policy-devel BuildRequires: systemd-units +BuildRequires: git Requires(post): systemd-sysv Requires(post): systemd-units Requires(preun): systemd-units @@ -65,9 +66,7 @@ Pure-FTPd to be protected in the same way other FTP servers are in Fedora %prep -%setup -q -%patch0 -p0 -b .config -%patch1 -p1 -b .paminclude +%autosetup -S git install -pm 644 %{SOURCE6} README.SELinux mkdir selinux cp -p %{SOURCE7} selinux/pureftpd.te @@ -78,7 +77,6 @@ cp -p %{SOURCE7} selinux/pureftpd.te --sysconfdir=%{_sysconfdir}/%{name} \ --with-capabilities \ --with-sendfile \ - --with-cork \ --with-paranoidmsg \ --with-altlog \ --with-puredb \ @@ -103,11 +101,10 @@ cp -p %{SOURCE7} selinux/pureftpd.te --with-rfc2640 \ --without-bonjour \ -make %{?_smp_mflags} - +%make_build %install -make install DESTDIR=$RPM_BUILD_ROOT +%make_install install -d -m 755 $RPM_BUILD_ROOT%{_mandir}/man8 install -d -m 755 $RPM_BUILD_ROOT%{_sbindir} @@ -117,9 +114,7 @@ install -d -m 755 $RPM_BUILD_ROOT%{_localstatedir}/ftp %{!?_without_tls:install -d -m 700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/%{name}} # Conf -install -p -m 755 configuration-file/pure-config.pl $RPM_BUILD_ROOT%{_sbindir} -install -p -m 644 configuration-file/pure-ftpd.conf $RPM_BUILD_ROOT%{_sysconfdir}/%{name} -install -p -m 755 configuration-file/pure-config.py $RPM_BUILD_ROOT%{_sbindir} +install -p -m 644 pure-ftpd.conf $RPM_BUILD_ROOT%{_sysconfdir}/%{name} install -p -m 644 pureftpd-ldap.conf $RPM_BUILD_ROOT%{_sysconfdir}/%{name} install -p -m 644 pureftpd-mysql.conf $RPM_BUILD_ROOT%{_sysconfdir}/%{name} install -p -m 644 pureftpd-pgsql.conf $RPM_BUILD_ROOT%{_sysconfdir}/%{name} @@ -157,13 +152,19 @@ install -p -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/security/console.apps ln -s consolehelper $RPM_BUILD_ROOT%{_bindir}/pure-ftpwho # SELinux support -cd selinux +pushd selinux echo "%{_sbindir}/pure-ftpd system_u:object_r:ftpd_exec_t:s0" > pureftpd.fc echo '%{_localstatedir}/log/pureftpd.log system_u:object_r:xferlog_t:s0' >> pureftpd.fc touch pureftpd.if make -f %{_datadir}/selinux/devel/Makefile install -p -m 644 -D pureftpd.pp $RPM_BUILD_ROOT%{_datadir}/selinux/packages/%{name}/pureftpd.pp +popd +# Docs +install -d -m 755 $RPM_BUILD_ROOT%{_docdir}/%{name} +rm -f README.{MacOS-X,Windows} +install -p -m 644 README.* $RPM_BUILD_ROOT%{_docdir}/%{name} +install -p -m 644 pureftpd.schema $RPM_BUILD_ROOT%{_docdir}/%{name} %post %systemd_post pure-ftpd.service @@ -171,7 +172,7 @@ install -p -m 644 -D pureftpd.pp $RPM_BUILD_ROOT%{_datadir}/selinux/packages/%{n %if 0%{!?_without_tls:1} # TLS Certificate if [ ! -f %{_sysconfdir}/pki/%{name}/%{name}.pem ]; then - %{_sysconfdir}/pki/tls/certs/make-dummy-cert \ + %{_bindir}/make-dummy-cert \ %{_sysconfdir}/pki/%{name}/%{name}.pem fi %endif @@ -219,9 +220,9 @@ fi %files %doc FAQ THANKS AUTHORS CONTACT HISTORY NEWS %doc README README.Authentication-Modules README.Configuration-File -%doc README.Contrib README.Donations README.LDAP README.MySQL +%doc README.Donations README.LDAP README.MySQL README.SELinux %doc README.PGSQL README.TLS README.Virtual-Users -%doc contrib/pure-vpopauth.pl pureftpd.schema contrib/pure-stat.pl +%doc pureftpd.schema %{_bindir}/pure-* %{_sbindir}/pure-* %{_unitdir}/%{name}.service @@ -242,6 +243,9 @@ fi %changelog +* Mon Aug 14 2017 Martin Sehnoutka - 1.0.46-1 +- Rebase to 1.0.46 + * Thu Aug 03 2017 Fedora Release Engineering - 1.0.42-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild diff --git a/sources b/sources index f3bc784..d223bc2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -4022f38939f6a112b18c1a43dee552c1 pure-ftpd-1.0.42.tar.bz2 +SHA512 (pure-ftpd-1.0.46.tar.bz2) = e44c1842e6f101f4d7dd42617392f3d54ff58d68608f6a3bc5e612fc89bfd1da6935215a7e87c0d2bbd9fc9f0fa31a40ceb764fd67428dfdd8c5454e0d64e0ab