From cdcb87f6cc562059ab471b4abd1d47d33b755134 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= Date: Thu, 28 Mar 2019 09:59:01 +0100 Subject: [PATCH] - rel 5; FEAT UTF8 is enough, so drop fake OPTS UTF-8 support. Raise capabilities to allow access to authd/certd socket owner by other uid/gid --- pure-ftpd.init | 2 -- pure-ftpd.spec | 5 ++--- utf8.patch | 45 --------------------------------------------- 3 files changed, 2 insertions(+), 50 deletions(-) delete mode 100644 utf8.patch diff --git a/pure-ftpd.init b/pure-ftpd.init index d032e8a..e92e050 100644 --- a/pure-ftpd.init +++ b/pure-ftpd.init @@ -50,7 +50,6 @@ start() { daemon /usr/sbin/pure-authd --uid 326 --gid 326 --pid /var/run/pure-authd.pid \ --run "$PURE_AUTH_SCRIPT" --socket "$PURE_AUTH_SOCKET" --daemonize RETVAL=$? - [ $RETVAL -eq 0 ] && chown root:root "$PURE_AUTH_SOCKET" && chmod 600 "$PURE_AUTH_SOCKET" fi if [ $RETVAL -eq 0 -a -x "$PURE_CERT_SCRIPT" ]; then PURE_CERT=yes @@ -65,7 +64,6 @@ start() { daemon /usr/sbin/pure-certd --uid 335 --gid 335 --pid /var/run/pure-certd.pid \ --run "$PURE_CERT_SCRIPT" --socket "$PURE_CERT_SOCKET" --daemonize RETVAL=$? - [ $RETVAL -eq 0 ] && chown root:root "$PURE_CERT_SOCKET" && chmod 600 "$PURE_CERT_SOCKET" fi if [ $RETVAL -eq 0 ]; then msg_starting pure-ftpd diff --git a/pure-ftpd.spec b/pure-ftpd.spec index 015d32a..73acd4a 100644 --- a/pure-ftpd.spec +++ b/pure-ftpd.spec @@ -9,7 +9,7 @@ %bcond_without tls # disable SSL/TLS support %bcond_without cap # disable capabilities -%define rel 4 +%define rel 5 Summary: Small, fast and secure FTP server Summary(pl.UTF-8): Mały, szybki i bezpieczny serwer FTP Name: pure-ftpd @@ -35,8 +35,7 @@ Patch4: 0003-Allow-having-both-options-and-config-file-on-command.patch Patch6: %{name}-apparmor.patch Patch7: %{name}-mysql-utf8.patch -# ressurect minimal RFC2640 support, assumes fs handles utf8 -Patch8: utf8.patch +Patch8: caps.patch URL: http://www.pureftpd.org/ %{?with_extra:BuildRequires: autoconf} %{?with_extra:BuildRequires: automake} diff --git a/utf8.patch b/utf8.patch deleted file mode 100644 index a246e9f..0000000 --- a/utf8.patch +++ /dev/null @@ -1,45 +0,0 @@ -diff --git a/src/ftpd.c b/src/ftpd.c -index 0d5030c..7029d72 100644 ---- a/src/ftpd.c -+++ b/src/ftpd.c -@@ -3565,14 +3565,16 @@ void dofeat(void) - # define FEAT_ESTP CRLF " ESTP" - # endif - -- char feat[] = FEAT FEAT_DEBUG FEAT_TLS FEAT_TVFS FEAT_ESTA FEAT_PASV FEAT_ESTP; -+# define FEAT_UTF8 CRLF " UTF8" -+ -+ char feat[] = FEAT FEAT_DEBUG FEAT_TLS FEAT_UTF8 FEAT_TVFS FEAT_ESTA FEAT_PASV FEAT_ESTP; - - if (disallow_passive != 0) { -- feat[sizeof FEAT FEAT_DEBUG FEAT_TLS FEAT_TVFS FEAT_ESTA] = 0; -+ feat[sizeof FEAT FEAT_DEBUG FEAT_TLS FEAT_UTF8 FEAT_TVFS FEAT_ESTA] = 0; - } - # ifndef MINIMAL - else if (STORAGE_FAMILY(force_passive_ip) != 0) { -- feat[sizeof FEAT FEAT_DEBUG FEAT_TLS FEAT_TVFS FEAT_ESTA FEAT_PASV] = 0; -+ feat[sizeof FEAT FEAT_DEBUG FEAT_TLS FEAT_UTF8 FEAT_TVFS FEAT_ESTA FEAT_PASV] = 0; - } - # endif - addreply_noformat(0, feat); -@@ -4639,7 +4641,20 @@ void doopts(char *args) - cmdopts++; - (void) cmdopts; - } -+ if (strncasecmp("utf8 ", args, 5) == 0 || -+ strncasecmp("utf-8 ", args, 6) == 0) { -+ if (cmdopts == NULL || *cmdopts == 0) { -+ addreply_noformat(501, "OPTS UTF8: " MSG_MISSING_ARG); -+ } else if (strncasecmp(cmdopts, "on", sizeof "on" - 1U) == 0) { -+ addreply_noformat(200, "OK, UTF-8 enabled"); -+ } else if (strncasecmp(cmdopts, "off", sizeof "off" - 1U)) { -+ addreply_noformat(200, "OK, UTF-8 disabled"); -+ } else { -+ addreply_noformat(502, MSG_UNKNOWN_COMMAND); -+ } -+ return; -+ } - if (strncasecmp("mlst ", args, 5) == 0) { - addreply_noformat(200, " MLST OPTS " - "type;size;sizd;modify;UNIX.mode;UNIX.uid;" - -- 2.43.0