From 796cd3650fe3bb6559f0fd3f51e9092ba6efc89b Mon Sep 17 00:00:00 2001 From: =?utf8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= Date: Wed, 4 Oct 2017 13:02:18 +0200 Subject: [PATCH] - up to 1.0.46; additionalgid no longer in use; passwd_location was wrong anyway so drop it; main daemon parses config itself now. --- pure-ftpd-additionalgid.patch | 97 --------------------- pure-ftpd-allauth.patch | 21 ++--- pure-ftpd-config.patch | 64 ++++++++------ pure-ftpd-passwd_location.patch | 148 -------------------------------- pure-ftpd.init | 30 ++----- pure-ftpd.spec | 14 ++- 6 files changed, 60 insertions(+), 314 deletions(-) delete mode 100644 pure-ftpd-additionalgid.patch delete mode 100644 pure-ftpd-passwd_location.patch diff --git a/pure-ftpd-additionalgid.patch b/pure-ftpd-additionalgid.patch deleted file mode 100644 index 0eff2c9..0000000 --- a/pure-ftpd-additionalgid.patch +++ /dev/null @@ -1,97 +0,0 @@ -diff -ur pure-ftpd-1.0.21/pure-config/pure-config.h pure-ftpd-1.0.21.new/pure-config/pure-config.h ---- pure-ftpd-1.0.21/pure-config/pure-config.h 2005-06-18 12:39:55.000000000 +0200 -+++ pure-ftpd-1.0.21.new/pure-config/pure-config.h 2009-02-03 15:00:10.358021471 +0100 -@@ -82,6 +82,7 @@ - { NULL, '\0', /* 'I' */ "MaxIdleTime", CFG_STR, (void*) &opt[I], 0 }, - { NULL, '\0', /* 'k' */ "MaxDiskUsage", CFG_STR, (void*) &opt[I], 0 }, - { NULL, '\0', /* 'a' */ "TrustedGID", CFG_STR, (void*) &opt[I], 0 }, -+{ NULL, '\0', /* '2' */ "AdditionalGID", CFG_STR, (void*) &opt[I], 0 }, - { NULL, '\0', /* 'c' */ "MaxClientsNumber", CFG_STR, (void*) &opt[I], 0 }, - { NULL, '\0', /* 'C' */ "MaxClientsPerIP", CFG_STR, (void*) &opt[I], 0 }, - { NULL, '\0', /* 'm' */ "MaxLoad", CFG_STR, (void*) &opt[I], 0 }, -@@ -153,6 +154,7 @@ - { "-I", "--maxidletime=" }, - { "-k", "--maxdiskusage=" }, - { "-a", "--trustedgid=" }, -+ { "-2", "--additionalgid=" }, - { "-c", "--maxclientsnumber=" }, - { "-C", "--maxclientsperip=" }, - { "-m", "--maxload=" }, -diff -ur pure-ftpd-1.0.21/src/ftpd.c pure-ftpd-1.0.21.new/src/ftpd.c ---- pure-ftpd-1.0.21/src/ftpd.c 2009-02-03 15:37:58.538020766 +0100 -+++ pure-ftpd-1.0.21.new/src/ftpd.c 2009-02-03 15:41:41.582021928 +0100 -@@ -1104,7 +1104,10 @@ - { - #ifndef NON_ROOT_FTP - # ifdef HAVE_SETGROUPS -- if (setgroups(1U, &gid) != 0) { -+ gid_t gids[2]; -+ gids[0] = gid; -+ gids[1] = chroot_additionalgid; -+ if (setgroups(want_additionalgid ? 2L : 1L, gids) != 0) { - return -1; - } - # else -@@ -5078,6 +5081,19 @@ - no_truncate = 1; - break; - } -+ case '3': { -+ const char *nptr; -+ char *endptr; -+ -+ nptr = optarg; -+ endptr = NULL; -+ chroot_additionalgid = strtoul(nptr, &endptr, 0); -+ if (!nptr || !*nptr || !endptr || *endptr) { -+ die(421, LOG_ERR, MSG_CONF_ERR ": " MSG_ILLEGAL_TRUSTED_GID " (XXX: additional): %s" , optarg); -+ } -+ want_additionalgid = 1; -+ break; -+ } - case '4': { - bypass_ipv6 = 1; - break; -diff -ur pure-ftpd-1.0.21/src/ftpd_p.h pure-ftpd-1.0.21.new/src/ftpd_p.h ---- pure-ftpd-1.0.21/src/ftpd_p.h 2006-02-06 22:57:21.000000000 +0100 -+++ pure-ftpd-1.0.21.new/src/ftpd_p.h 2009-02-03 15:35:47.946311240 +0100 -@@ -60,7 +60,7 @@ - }; - - static const char *GETOPT_OPTIONS = -- "0146" -+ "013:46" - #ifdef WITH_RFC2640 - "8:9:" - #endif -@@ -115,6 +115,7 @@ static struct option long_options[] = { - # ifdef WITH_TLS - { "certfile", 1, NULL, '2' }, - # endif -+ { "additionalgid", 1, NULL, '3' }, - { "ipv4only", 0, NULL, '4' }, - { "ipv6only", 0, NULL, '6' }, - # ifdef WITH_RFC2640 -diff -ur pure-ftpd-1.0.21/src/globals.h pure-ftpd-1.0.21.new/src/globals.h ---- pure-ftpd-1.0.21/src/globals.h 2006-02-15 09:55:00.000000000 +0100 -+++ pure-ftpd-1.0.21.new/src/globals.h 2009-02-03 15:13:13.234021509 +0100 -@@ -37,6 +37,8 @@ - GLOBAL0(signed char userchroot); /* don't chroot() by default for regular users */ - GLOBAL0(signed char chrooted); /* if we already chroot()ed */ - GLOBAL0(uid_t chroot_trustedgid); -+GLOBAL(int want_additionalgid, 0); -+GLOBAL0(gid_t chroot_additionalgid); - GLOBAL0(signed char broken_client_compat); /* don't enable workarounds by default */ - GLOBAL0(uid_t warez); /* don't guard against warez */ - GLOBAL0(signed char debug); /* don't give debug output */ ---- pure/configuration-file/pure-config.pl.in~ 2009-02-03 15:47:24.346020364 +0100 -+++ pure/configuration-file/pure-config.pl.in 2009-02-03 15:48:34.678184463 +0100 -@@ -65,6 +65,7 @@ - my %numeric_switch_for = ( - MaxIdleTime => "-I", - MaxDiskUsage => "-k", -+ AdditionalGID => "-3", - TrustedGID => "-a", - MaxClientsNumber => "-c", - MaxClientsPerIP => "-C", - diff --git a/pure-ftpd-allauth.patch b/pure-ftpd-allauth.patch index 0c86788..054931d 100644 --- a/pure-ftpd-allauth.patch +++ b/pure-ftpd-allauth.patch @@ -1,20 +1,21 @@ ---- a/src/log_mysql.c~ 2015-07-02 14:57:00.000000000 +0200 -+++ b/src/log_mysql.c 2015-07-02 14:57:43.001711520 +0200 -@@ -438,6 +438,7 @@ void pw_mysql_check(AuthResult * const r +--- a/src/log_mysql.c~ 2017-04-24 16:32:45.000000000 +0200 ++++ b/src/log_mysql.c 2017-10-04 12:42:27.961678871 +0200 +@@ -429,6 +429,7 @@ void pw_mysql_check(AuthResult * const r crypto_mysql++; crypto_md5++; crypto_sha1++; + crypto_plain++; + } else if (strcasecmp(crypto, PASSWD_SQL_ARGON2I) == 0) { + crypto_argon2i++; } else if (strcasecmp(crypto, PASSWD_SQL_SCRYPT) == 0) { - crypto_scrypt++; - } else if (strcasecmp(crypto, PASSWD_SQL_CRYPT) == 0) { ---- a/src/log_pgsql.c~ 2015-07-02 14:57:00.000000000 +0200 -+++ b/src/log_pgsql.c 2015-07-02 14:57:55.612037841 +0200 -@@ -506,6 +506,7 @@ void pw_pgsql_check(AuthResult * const r + +--- a/src/log_pgsql.c~ 2017-04-24 16:32:45.000000000 +0200 ++++ b/src/log_pgsql.c 2017-10-04 12:42:57.562469704 +0200 +@@ -504,6 +504,7 @@ void pw_pgsql_check(AuthResult * const r crypto_crypt++; crypto_md5++; crypto_sha1++; + crypto_plain++; + } else if (strcasecmp(crypto, PASSWD_SQL_ARGON2I) == 0) { + crypto_argon2i++; } else if (strcasecmp(crypto, PASSWD_SQL_SCRYPT) == 0) { - crypto_scrypt++; - } else if (strcasecmp(crypto, PASSWD_SQL_CRYPT) == 0) { diff --git a/pure-ftpd-config.patch b/pure-ftpd-config.patch index 55adfed..0ad2991 100644 --- a/pure-ftpd-config.patch +++ b/pure-ftpd-config.patch @@ -1,51 +1,65 @@ ---- configuration-file/pure-ftpd.conf.in~ 2004-02-29 12:18:57.000000000 +0100 -+++ configuration-file/pure-ftpd.conf.in 2004-04-15 13:35:52.321993376 +0200 -@@ -107,23 +107,23 @@ +--- pure-ftpd.conf.in~ 2017-04-24 16:32:45.000000000 +0200 ++++ pure-ftpd.conf.in 2017-10-04 12:41:06.402833227 +0200 +@@ -9,7 +9,7 @@ + # instead of command-line options, please run the + # following command : + # +-# @prefix@/sbin/pure-ftpd @sysconfdir@/etc/pure-ftpd.conf ++# @prefix@/sbin/pure-ftpd @sysconfdir@/etc/ftpd/pure-ftpd.conf + # + # Online documentation: + # https://www.pureftpd.org/project/pure-ftpd/doc +@@ -106,23 +106,23 @@ MaxIdleTime 15 # LDAP configuration file (see README.LDAP) --# LDAPConfigFile /etc/pureftpd-ldap.conf -+# LDAPConfigFile /etc/ftpd/pureftpd-ldap.conf +-# LDAPConfigFile /etc/pureftpd-ldap.conf ++# LDAPConfigFile /etc/ftpd/pureftpd-ldap.conf # MySQL configuration file (see README.MySQL) --# MySQLConfigFile /etc/pureftpd-mysql.conf -+# MySQLConfigFile /etc/ftpd/pureftpd-mysql.conf +-# MySQLConfigFile /etc/pureftpd-mysql.conf ++# MySQLConfigFile /etc/ftpd/pureftpd-mysql.conf - # Postgres configuration file (see README.PGSQL) + # PostgreSQL configuration file (see README.PGSQL) --# PGSQLConfigFile /etc/pureftpd-pgsql.conf -+# PGSQLConfigFile /etc/ftpd/pureftpd-pgsql.conf +-# PGSQLConfigFile /etc/pureftpd-pgsql.conf ++# PGSQLConfigFile /etc/ftpd/pureftpd-pgsql.conf # PureDB user database (see README.Virtual-Users) --# PureDB /etc/pureftpd.pdb -+# PureDB /etc/ftpd/pureftpd.pdb +-# PureDB /etc/pureftpd.pdb ++# PureDB /etc/ftpd/pureftpd.pdb # Path to pure-authd socket (see README.Authentication-Modules) ---- configuration-file/pure-ftpd.conf.in~ 2004-07-29 22:58:53.000000000 +0200 -+++ configuration-file/pure-ftpd.conf.in 2004-07-29 22:57:25.000000000 +0200 -@@ -276,7 +276,7 @@ +@@ -156,6 +156,7 @@ MaxIdleTime 15 - # Disallow anonymous users to upload new files (no = upload is allowed) + # 'ls' recursion limits. The first argument is the maximum number of + # files to be displayed. The second one is the max subdirectories depth. ++# If LimitRecursion is not present default is 2000 5 --AnonymousCantUpload no -+AnonymousCantUpload yes + LimitRecursion 10000 8 +@@ -275,7 +276,7 @@ AutoRename no + # Prevent anonymous users from uploading new files (no = upload is allowed) ---- configuration-file/pure-ftpd.conf.in 2004-09-15 17:03:04.000000000 +0200 -+++ configuration-file/pure-ftpd.conf.in 2004-11-06 16:55:31.382772400 +0100 -@@ -157,6 +157,7 @@ +-AnonymousCantUpload no ++AnonymousCantUpload yes + + + +@@ -430,7 +431,7 @@ CustomerProof yes + + # Certificate file, for TLS + +-# CertFile /etc/ssl/private/pure-ftpd.pem ++# CertFile /etc/ftpd/ssl/private/pure-ftpd.pem - # 'ls' recursion limits. The first argument is the maximum number of - # files to be displayed. The second one is the max subdirectories depth -+# If LimitRecursion is not present default is 2000 5 - LimitRecursion 2000 8 diff --git a/pure-ftpd-passwd_location.patch b/pure-ftpd-passwd_location.patch deleted file mode 100644 index 88d59ad..0000000 --- a/pure-ftpd-passwd_location.patch +++ /dev/null @@ -1,148 +0,0 @@ ---- ./FAQ.org 2004-07-22 09:37:00.000000000 +0200 -+++ ./FAQ 2008-01-18 10:03:04.000000000 +0100 -@@ -316,25 +316,25 @@ - - - --* Virtual users: /etc/pureftpd.pdb . -+* Virtual users: /etc/ftp/pureftpd.pdb . - ---> I made changes to /etc/pureftpd.passwd but the server doesn't understand -+-> I made changes to /etc/ftp/pureftpd.passwd but the server doesn't understand - them: I can't access any account I just created. - --The server never reads /etc/pureftpd.passwd directly. Instead, it reads --/etc/pureftpd.pdb (or whatever file name you gave after -lpuredb:...) . -+The server never reads /etc/ftp/pureftpd.passwd directly. Instead, it reads -+/etc/ftp/pureftpd.pdb (or whatever file name you gave after -lpuredb:...) . - --This file is a copy of /etc/pureftpd.passwd, but in a binary format, -+This file is a copy of /etc/ftp/pureftpd.passwd, but in a binary format, - optimized for fast lookups. - --After having made a manual change to /etc/pureftpd.passwd, you must rebuild --/etc/pureftpd.pdb with the following commands: -+After having made a manual change to /etc/ftp/pureftpd.passwd, you must rebuild -+/etc/ftp/pureftpd.pdb with the following commands: - - pure-pw mkdb - - If you add/delete/modify user accounts with pure-pw useradd/usermod/userdel/ - passwd, don't forget the '-m' option to automatically rebuild --/etc/pureftpd.pdb and not only update /etc/pureftpd.passwd . -+/etc/ftp/pureftpd.pdb and not only update /etc/ftp/pureftpd.passwd . - - - -@@ -630,7 +630,7 @@ - - Let's start the FTP server: - --/usr/local/sbin/pure-ftpd -lpuredb:/etc/pureftpd.pdb -H -B -+/usr/local/sbin/pure-ftpd -lpuredb:/etc/ftp/pureftpd.pdb -H -B - - Everything should be ok now. - ---- ./README.Virtual-Users.org 2004-02-29 22:49:37.000000000 +0100 -+++ ./README.Virtual-Users 2008-01-18 10:05:10.000000000 +0100 -@@ -101,7 +101,7 @@ - servers. Use per-ip limits instead. - - Ok, "joe" has been created. By default, the list of virtual users is stored --in the /etc/pureftpd.passwd file (you can of course change this with -f -+in the /etc/ftp/pureftpd.passwd file (you can of course change this with -f - ) . - - Let's have a look at its content: -@@ -127,7 +127,7 @@ - - pure-pw usermod joe -n 1000 -N 10 - --Let's have a look at /etc/pureftpd.passwd: -+Let's have a look at /etc/ftp/pureftpd.passwd: - - joe:$1$LX/3.F60$bYdYwsQOYIaWq.Ko.hfI3.:500:101::/home/ftpusers/joe/./::::::1000:10485760:::::: - -@@ -173,7 +173,7 @@ - ------------------------ DISPLAYING INFO ------------------------ - - --To review info about one user, reading the /etc/pureftpd.passwd file is ok, -+To review info about one user, reading the /etc/ftp/pureftpd.passwd file is ok, - but it's not really human-friendly. - - It's why you can use "pure-pw show", whoose syntax is: -@@ -213,22 +213,22 @@ - IMPORTANT: - - You can add, modify and delete users with the previous commands, or by --editing /etc/pureftpd.passwd by hand. But the FTP server won't consider the -+editing /etc/ftp/pureftpd.passwd by hand. But the FTP server won't consider the - changes you make to that file, until you commit them. - - Commiting changes really means that a new file is created from --/etc/pureftpd.passwd (or whatever file name you choose) . That new file is a -+/etc/ftp/pureftpd.passwd (or whatever file name you choose) . That new file is a - PureDB file. It contains exactly the same info than the other file. But in - that file, accounts are sorted and indexed for faster access, even with - thousands of accounts. PureDB files are binary files, don't try to view them - or your terminal will beep like hell. - --Let's create a PureDB file from /etc/pureftpd.passwd. The indexed file will --be called /etc/pureftpd.pdb (as always, choose whatever name you like): -+Let's create a PureDB file from /etc/ftp/pureftpd.passwd. The indexed file will -+be called /etc/ftp/pureftpd.pdb (as always, choose whatever name you like): - - pure-pw mkdb - --this reads /etc/pureftpd.passwd and creates /etc/pureftpd.pdb by default, but -+this reads /etc/ftp/pureftpd.passwd and creates /etc/ftp/pureftpd.pdb by default, but - to read another file, add the pdb file, optionnaly followed by -f - - For instance: -@@ -244,13 +244,13 @@ - - You can also change something to the text passwords file (add users, change - password, delete users, etc) and automatically run --"pure-pw mkdb /etc/pureftpd.pdb" afterwards. To do so, just use the -m -+"pure-pw mkdb /etc/ftp/pureftpd.pdb" afterwards. To do so, just use the -m - switch: - - pure-pw passwd joe -m - - This command will change Joe's password in pureftpd.passwd *and* commit the --change to /etc/pureftpd.pwd . -+change to /etc/ftp/pureftpd.pwd . - - - ------------------------ ENABLING VIRTUAL USERS ------------------------ -@@ -270,7 +270,7 @@ - Let's run the server with automatic creation of home directories and puredb - authentication: - --/usr/local/sbin/pure-ftpd -j -lpuredb:/etc/pureftpd.pdb & -+/usr/local/sbin/pure-ftpd -j -lpuredb:/etc/ftp/pureftpd.pdb & - - Try to 'ftp localhost' and log in as joe. - -@@ -283,7 +283,7 @@ - - Just run it: - -- pure-pwconvert >> /etc/pureftpd.passwd -+ pure-pwconvert >> /etc/ftp/pureftpd.passwd - - - If you do it as a non-privileged user, passwords won't be filled in. If you -@@ -298,9 +298,9 @@ - - If defined, a PURE_PASSWDFILE environment variable can set the default path - to the pureftpd.passwd file. Without this variable, it defaults to --/etc/pureftpd.passwd . -+/etc/ftp/pureftpd.passwd . - - If defined, a PURE_DBFILE environment variable can set the default path - to the pureftpd.pdb file. Without this variable, it defaults to --/etc/pureftpd.pdb . -+/etc/ftp/pureftpd.pdb . - diff --git a/pure-ftpd.init b/pure-ftpd.init index 17cf9ba..a50433a 100644 --- a/pure-ftpd.init +++ b/pure-ftpd.init @@ -18,18 +18,6 @@ PURE_AUTH_SOCKET=/var/run/pure-authd/socket # Get service config [ -f /etc/sysconfig/pure-ftpd ] && . /etc/sysconfig/pure-ftpd -# Check for available parsers -if [ -x /usr/sbin/pure-config ] ; then - CFG=/usr/sbin/pure-config -elif [ -x /usr/sbin/pure-config.pl -a -x /usr/bin/perl ] ; then - CFG=/usr/sbin/pure-config.pl -elif [ -x /usr/sbin/pure-config.py -a -x /usr/bin/python ] ; then - CFG=/usr/sbin/pure-config.py -else - echo 'Error: pure-config{,.pl,.py} not found. Giving up.' - exit 1 -fi - # Check that networking is up. if is_yes "${NETWORKING}"; then if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status ]; then @@ -62,19 +50,11 @@ start() { if [ $RETVAL -eq 0 ]; then msg_starting pure-ftpd rm -f /var/run/pure-ftpd/client* - if [ x"$CFG" = "x/usr/sbin/pure-config" ] ; then - modprobe -s capability > /dev/null 2>&1 - daemon /usr/sbin/pure-ftpd \ - $(/usr/sbin/pure-config -f /etc/ftpd/pureftpd.conf) \ - $([ "$PURE_AUTH" = "yes" ] && echo "-lextauth:$PURE_AUTH_SOCKET") \ - --daemonize - RETVAL=$? - else - daemon $CFG /etc/ftpd/pureftpd.conf \ - $([ "$PURE_AUTH" = "yes" ] && echo "-lextauth:$PURE_AUTH_SOCKET") \ - --daemonize - RETVAL=$? - fi + modprobe -s capability > /dev/null 2>&1 + daemon /usr/sbin/pure-ftpd /etc/ftpd/pureftpd.conf \ + $([ "$PURE_AUTH" = "yes" ] && echo "-lextauth:$PURE_AUTH_SOCKET") \ + --daemonize + RETVAL=$? if [ -n "$UPLOADSCRIPT" ]; then msg_starting pure-uploadscript diff --git a/pure-ftpd.spec b/pure-ftpd.spec index d91d4ef..4e04080 100644 --- a/pure-ftpd.spec +++ b/pure-ftpd.spec @@ -9,16 +9,16 @@ %bcond_without tls # disable SSL/TLS support %bcond_without cap # disable capabilities -%define rel 3 +%define rel 1 Summary: Small, fast and secure FTP server Summary(pl.UTF-8): Mały, szybki i bezpieczny serwer FTP Name: pure-ftpd -Version: 1.0.42 +Version: 1.0.46 Release: %{rel}%{?with_extra:extra} License: BSD-like%{?with_extra:, GLPv2 for pure-config due to libcfg+ license} Group: Daemons Source0: http://download.pureftpd.org/pub/pure-ftpd/releases/%{name}-%{version}.tar.bz2 -# Source0-md5: 4022f38939f6a112b18c1a43dee552c1 +# Source0-md5: efce5529c1f0a39dafdd532c619503f1 Source1: %{name}.pamd Source2: %{name}.init Source3: %{name}.sysconfig @@ -31,8 +31,6 @@ Patch1: %{name}-allauth.patch Patch2: %{name}-pure-pw_passwd.patch Patch3: %{name}-mysql_config.patch -Patch5: %{name}-passwd_location.patch -Patch6: %{name}-additionalgid.patch Patch7: audit_cap.patch Patch8: %{name}-apparmor.patch Patch9: %{name}-mysql-utf8.patch @@ -111,8 +109,6 @@ Ten pakiet zawiera schemat Pure-FTPd pureftpd.schema dla openldapa. %patch1 -p1 %patch3 -p1 -%patch5 -p1 -%patch6 -p1 %patch7 -p1 %patch8 -p1 %patch9 -p1 @@ -175,10 +171,10 @@ cp -p %{SOURCE3} $RPM_BUILD_ROOT/etc/sysconfig/%{name} %{?with_ldap:install pureftpd-ldap.conf $RPM_BUILD_ROOT%{_sysconfdir}/pureftpd-ldap.conf} %{?with_mysql:install pureftpd-mysql.conf $RPM_BUILD_ROOT%{_sysconfdir}/pureftpd-mysql.conf} %{?with_pgsql:install pureftpd-pgsql.conf $RPM_BUILD_ROOT%{_sysconfdir}/pureftpd-pgsql.conf} -cp -p configuration-file/pure-ftpd.conf $RPM_BUILD_ROOT%{_sysconfdir}/pureftpd.conf -%{!?with_extra:install configuration-file/pure-config.pl $RPM_BUILD_ROOT%{_sbindir}} cp -p pureftpd.schema $RPM_BUILD_ROOT%{schemadir}/pureftpd.schema +mv $RPM_BUILD_ROOT%{_sysconfdir}/{pure-ftpd,pureftpd}.conf + touch $RPM_BUILD_ROOT%{_sysconfdir}/{ftpusers,pureftpd-dir-aliases} ln -s vhosts $RPM_BUILD_ROOT%{_sysconfdir}/pure-ftpd -- 2.44.0