- updated to 1.0.48

diff --git a/pure-ftpd-allauth.patch b/pure-ftpd-allauth.patch
index b95f2e5799eb2dd37334667590b1057464c877af..7a56b985afc3460895d92dc203325e9e4be8092a 100644 (file)
--- a/pure-ftpd-allauth.patch
+++ b/pure-ftpd-allauth.patch
@@ -15,6 +15,6 @@
          crypto_md5++;
          crypto_sha1++;
 +        crypto_plain++;
-     } else if (strcasecmp(crypto, PASSWD_SQL_ARGON2)) {
+     } else if (strcasecmp(crypto, PASSWD_SQL_ARGON2) == 0) {
          crypto_argon2++;
      } else if (strcasecmp(crypto, PASSWD_SQL_SCRYPT) == 0) {

diff --git a/pure-ftpd-config.patch b/pure-ftpd-config.patch
index 0ad2991c84a71827f97ab5121901d78c6af9d940..de464721eaff2935166c26d582f03cbe925f71f4 100644 (file)
--- a/pure-ftpd-config.patch
+++ b/pure-ftpd-config.patch
@@ -4,8 +4,8 @@
  # instead of command-line options, please run the
  # following command :
  #
--# @prefix@/sbin/pure-ftpd @sysconfdir@/etc/pure-ftpd.conf
-+# @prefix@/sbin/pure-ftpd @sysconfdir@/etc/ftpd/pure-ftpd.conf
+-# @sbindir@/sbin/pure-ftpd @sysconfdir@/pure-ftpd.conf
++# @sbindir@/sbin/pure-ftpd @sysconfdir@/ftpd/pure-ftpd.conf
  #
  # Online documentation:
  # https://www.pureftpd.org/project/pure-ftpd/doc
@@ -54,12 +54,14 @@
  
  
  
-@@ -430,7 +431,7 @@ CustomerProof                yes
- 
- # Certificate file, for TLS
+@@ -430,8 +431,8 @@ CustomerProof                yes
+ # CertFile is for a cert+key bundle, CertFileAndKey for separate files.
+ # Use only one of these.
  
 -# CertFile                     /etc/ssl/private/pure-ftpd.pem
+-# CertFileAndKey               "/etc/pure-ftpd.pem" "/etc/pure-ftpd.key"
 +# CertFile                     /etc/ftpd/ssl/private/pure-ftpd.pem
++# CertFileAndKey               "/etc/ftpd/ssl/pure-ftpd.pem" "/etc/ftpd/ssl/pure-ftpd.key"
  
  
  

diff --git a/pure-ftpd.spec b/pure-ftpd.spec
index 2106ce0feb064c71c4c7c3259c25f7d06c0e430f..58077730cba948dabdd425e2db2552d80179a5dd 100644 (file)
--- a/pure-ftpd.spec
+++ b/pure-ftpd.spec
@@ -9,16 +9,16 @@
 %bcond_without tls             # disable SSL/TLS support
 %bcond_without cap             # disable capabilities
 
-%define        rel     7
+%define        rel     1
 Summary:       Small, fast and secure FTP server
 Summary(pl.UTF-8):     Mały, szybki i bezpieczny serwer FTP
 Name:          pure-ftpd
-Version:       1.0.47
+Version:       1.0.48
 Release:       %{rel}%{?with_extra:extra}
 License:       BSD-like%{?with_extra:, GLPv2 for pure-config due to libcfg+ license}
 Group:         Daemons
 Source0:       http://download.pureftpd.org/pub/pure-ftpd/releases/%{name}-%{version}.tar.bz2
-# Source0-md5: a41fa531c0d21bd3416dd524d75495ae
+# Source0-md5: 4538d563fb4cbe755767c91b14ed2fd2
 Source1:       %{name}.pamd
 Source2:       %{name}.init
 Source3:       %{name}.sysconfig
@@ -32,11 +32,9 @@ Patch2:              %{name}-pure-pw_passwd.patch
 Patch3:                %{name}-mysql_config.patch
 # from Fedora
 Patch4:                0003-Allow-having-both-options-and-config-file-on-command.patch
-Patch5:                tls.patch
-Patch6:                sni.patch
-Patch7:                audit_cap.patch
-Patch8:                %{name}-apparmor.patch
-Patch9:                %{name}-mysql-utf8.patch
+Patch5:                audit_cap.patch
+Patch6:                %{name}-apparmor.patch
+Patch7:                %{name}-mysql-utf8.patch
 URL:           http://www.pureftpd.org/
 %{?with_extra:BuildRequires:   autoconf}
 %{?with_extra:BuildRequires:   automake}
@@ -115,8 +113,6 @@ Ten pakiet zawiera schemat Pure-FTPd pureftpd.schema dla openldapa.
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
-%patch8 -p1
-%patch9 -p1
 
 %{?with_extra:%patch2 -p1}
 
@@ -234,7 +230,7 @@ exit 0
 
 %files
 %defattr(644,root,root,755)
-%doc AUTHORS ChangeLog CONTACT COPYING FAQ HISTORY NEWS README* THANKS pure*.conf pureftpd.schema
+%doc AUTHORS ChangeLog COPYING FAQ HISTORY NEWS README* THANKS pure*.conf pureftpd.schema
 %attr(755,root,root) %{_bindir}/*
 %attr(755,root,root) %{_sbindir}/*
 %attr(754,root,root) /etc/rc.d/init.d/%{name}

diff --git a/sni.patch b/sni.patch
deleted file mode 100644 (file)
index 60912e1..0000000
--- a/sni.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-commit d2906ca519ecc9fb864eb7005809982322137964
-Author: Frank Denis <github@pureftpd.org>
-Date:   Fri Mar 15 13:12:04 2019 +0100
-
-    Add tlsext servername callback
-
-diff --git a/src/tls.c b/src/tls.c
-index e4bddb2..f34617b 100644
---- a/src/tls.c
-+++ b/src/tls.c
-@@ -219,6 +219,18 @@ static void tls_init_cache(void)
-     SSL_CTX_set_timeout(tls_ctx, 60 * 60L);
- }
- 
-+static int ssl_servername_cb(SSL *cnx, int *al, void *arg)
-+{
-+    const char *servername;
-+
-+    if ((servername = SSL_get_servername(cnx, TLSEXT_NAMETYPE_host_name))
-+        == NULL) {
-+        logfile(LOG_INFO, "SNI: [%s]", servername);
-+        return SSL_TLSEXT_ERR_NOACK;
-+    }
-+    return SSL_TLSEXT_ERR_OK;
-+}
-+
- # ifdef DISABLE_SSL_RENEGOTIATION
- static void ssl_info_cb(const SSL *cnx, int where, int ret)
- {
-@@ -348,6 +360,7 @@ int tls_init_library(void)
-     SSL_CTX_set_options(tls_ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
- #  endif
-     SSL_CTX_set_info_callback(tls_ctx, ssl_info_cb);
-+    SSL_CTX_set_tlsext_servername_callback(tls_ctx, ssl_servername_cb);
- # endif
-     SSL_CTX_set_verify_depth(tls_ctx, 6);
-     if (ssl_verify_client_cert) {
-commit 1d110dd103d306ce14c17320a03d6c324ef2db9c
-Author: Frank Denis <github@pureftpd.org>
-Date:   Fri Mar 15 13:45:14 2019 +0100
-
-    Don't log a NULL name :)
-
-diff --git a/src/tls.c b/src/tls.c
-index f34617b..6078dd7 100644
---- a/src/tls.c
-+++ b/src/tls.c
-@@ -225,9 +225,10 @@ static int ssl_servername_cb(SSL *cnx, int *al, void *arg)
- 
-     if ((servername = SSL_get_servername(cnx, TLSEXT_NAMETYPE_host_name))
-         == NULL) {
--        logfile(LOG_INFO, "SNI: [%s]", servername);
-         return SSL_TLSEXT_ERR_NOACK;
-     }
-+    logfile(LOG_INFO, "SNI: [%s]", servername);
-+
-     return SSL_TLSEXT_ERR_OK;
- }
- 
-commit f0659f8357952c0a95cd62c938bd6c9852cd78f9
-Author: Frank Denis <github@pureftpd.org>
-Date:   Fri Mar 15 14:14:15 2019 +0100
-
-    Reject empty names
-
-diff --git a/src/tls.c b/src/tls.c
-index 6078dd7..a992473 100644
---- a/src/tls.c
-+++ b/src/tls.c
-@@ -224,7 +224,7 @@ static int ssl_servername_cb(SSL *cnx, int *al, void *arg)
-     const char *servername;
- 
-     if ((servername = SSL_get_servername(cnx, TLSEXT_NAMETYPE_host_name))
--        == NULL) {
-+        == NULL || *servername == 0) {
-         return SSL_TLSEXT_ERR_NOACK;
-     }
-     logfile(LOG_INFO, "SNI: [%s]", servername);

diff --git a/tls.patch b/tls.patch
deleted file mode 100644 (file)
index 615fb96..0000000
--- a/tls.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-commit 4a495c61ce22c893aed5ee57f6ce0b43c3be59ad
-Author: Frank Denis <github@pureftpd.org>
-Date:   Wed Sep 19 23:53:45 2018 +0200
-
-    TLS1.3 compatibility
-    
-    Fixes #94
-
-diff --git a/src/tls.c b/src/tls.c
-index c693d3b..f383ed9 100644
---- a/src/tls.c
-+++ b/src/tls.c
-@@ -228,7 +228,16 @@ static void ssl_info_cb(const SSL *cnx, int where, int ret)
-     if ((where & SSL_CB_HANDSHAKE_START) != 0) {
-         if ((cnx == tls_cnx && tls_cnx_handshook != 0) ||
-             (cnx == tls_data_cnx && tls_data_cnx_handshook != 0)) {
--            die(400, LOG_ERR, "TLS renegociation");
-+            const SSL_CIPHER *cipher;
-+            const char *cipher_version;
-+            if ((cipher = SSL_get_current_cipher(cnx)) == NULL ||
-+                (cipher_version = SSL_CIPHER_get_version(cipher)) == NULL) {
-+                die(400, LOG_ERR, "No cipher");
-+            }
-+            if (strcmp(cipher_version, "TLSv1.3") != 0) {
-+                die(400, LOG_ERR, "TLS renegociation");
-+                return;
-+            }
-         }
-         return;
-     }
-@@ -264,10 +273,10 @@ int tls_init_library(void)
-     OpenSSL_add_all_algorithms();
- # else
-     OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS |
--                   OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
-+                     OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
-     OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
--                      OPENSSL_INIT_ADD_ALL_DIGESTS |
--                      OPENSSL_INIT_LOAD_CONFIG, NULL);
-+                        OPENSSL_INIT_ADD_ALL_DIGESTS |
-+                        OPENSSL_INIT_LOAD_CONFIG, NULL);
- # endif
-     while (RAND_status() == 0) {
-         rnd = zrand();
-commit aa68b2d620ef0c83c7f52213c7e6093722b0b8bd
-Author: Frank Denis <github@pureftpd.org>
-Date:   Wed Oct 24 19:19:26 2018 +0200
-
-    Disable TLSv1_1
-
-diff --git a/src/tls.c b/src/tls.c
-index f383ed9..c4e2a1b 100644
---- a/src/tls.c
-+++ b/src/tls.c
-@@ -297,7 +297,7 @@ int tls_init_library(void)
-     SSL_CTX_set_options(tls_ctx, SSL_OP_NO_TLSv1);
- # endif
- # ifdef SSL_OP_NO_TLSv1_1
--    SSL_CTX_clear_options(tls_ctx, SSL_OP_NO_TLSv1_1);
-+    SSL_CTX_set_options(tls_ctx, SSL_OP_NO_TLSv1_1);
- # endif
- # ifdef SSL_OP_NO_TLSv1_2
-     SSL_CTX_clear_options(tls_ctx, SSL_OP_NO_TLSv1_2);