[proftpd] Update to 1.3.4
Paul Howarth
pghmcfc at fedoraproject.org
Thu Nov 10 19:34:15 UTC 2011
commit 6769e3d8f249b0e0e7ae6a495d7129aaa9295264
Author: Paul Howarth <paul at city-fan.org>
Date: Thu Nov 10 19:32:05 2011 +0000
Update to 1.3.4
- New upstream release 1.3.4, addressing the following bugs since 1.3.4rc3:
- ProFTPD with mod_sql_mysql dies of "Alarm clock" on FreeBSD (bug 3702)
- mod_sql_mysql.so: undefined symbol: make_scrambled_password with MySQL 5.5
on Fedora (bug 3669)
- PQescapeStringConn() needs a better check (bug 3192)
- Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST attacks (bug 3704);
to disable this countermeasure, which may cause interoperability issues
with some clients, use the NoEmptyFragments TLSOption
- Support SFTPOption for ignoring requests to modify timestamps (bug 3706)
- RPM build on CentOS 5.5 (64bit): "File not found by glob" (bug 3640)
- Response pool use-after-free memory corruption error
(bug 3711, #752812, ZDI-CAN-1420, CVE-2011-4130)
- Drop upstream patch for make_scrambled_password_323
- Use upstream SysV initscript rather than our own
- Use upstream systemd service file rather than our own
- Use upstream PAM configuration rather than our own
- Use upstream logrotate configuration rather than our own
- Use upstream tempfiles configuration rather than our own
- Use upstream xinetd configuration rather than our own
.gitignore | 7 +-
proftpd-1.3.4-utf8.patch | 20 ++
proftpd-1.3.4-xinetd-typo.patch | 8 +
....4rc3-make-scrambled-password-323-bug3669.patch | 253 --------------------
proftpd-tmpfs.conf | 1 -
proftpd-xinetd | 14 -
proftpd.init | 101 --------
proftpd.logrotate | 10 -
proftpd.pam | 8 -
proftpd.service | 12 -
proftpd.spec | 78 ++++---
sources | 2 +-
12 files changed, 79 insertions(+), 435 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 4fe5aa7..9702fb4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,14 +1,13 @@
# master/f15/f16
-/proftpd-1.3.4rc3.tar.bz2
+/proftpd-1.3.4.tar.bz2
/proftpd-mod-geoip-0.3.tar.gz
/proftpd-mod-vroot-0.9.2.tar.gz
/Test-Unit-0.14.tar.gz
# el6
-/proftpd-1.3.3f.tar.bz2
+/proftpd-1.3.3g.tar.bz2
/proftpd-mod-geoip-0.2.tar.gz
/proftpd-mod-vroot-0.9.2.tar.gz
# f14/el5/el4
-/proftpd-1.3.3f.tar.bz2
+/proftpd-1.3.3g.tar.bz2
/proftpd-mod-geoip-0.2.tar.gz
/proftpd-mod-vroot-0.8.5.tar.gz
-/proftpd-1.3.4rc3.tar.bz2
diff --git a/proftpd-1.3.4-utf8.patch b/proftpd-1.3.4-utf8.patch
new file mode 100644
index 0000000..4fb8270
--- /dev/null
+++ b/proftpd-1.3.4-utf8.patch
@@ -0,0 +1,20 @@
+--- proftpd-1.3.4/ChangeLog 2011-11-09 22:37:36.000000000 +0000
++++ proftpd-1.3.4/ChangeLog.utf-8 2011-11-10 13:39:17.351759244 +0000
+@@ -15906,7 +15906,7 @@
+ 2009-03-13 08:55 castaglia
+
+ * src/inet.c:
+- Jesús Alastruey pointed out there was an off-by-one bug in the
++ Jesús Alastruey pointed out there was an off-by-one bug in the
+ handling of the PassivePorts port selection code. The highest
+ port number was not being properly shuffled.
+
+@@ -27877,7 +27877,7 @@
+ 2005-06-08 09:21 castaglia
+
+ * doc/howto/SQL.html:
+- Grégoire COLBERT contributed a snippet of PHP code that can be
++ Grégoire COLBERT contributed a snippet of PHP code that can be
+ used to generate base64-encoded MD5-digested password strings,
+ suitable for use by mod_sql.
+
diff --git a/proftpd-1.3.4-xinetd-typo.patch b/proftpd-1.3.4-xinetd-typo.patch
new file mode 100644
index 0000000..c8ab3ce
--- /dev/null
+++ b/proftpd-1.3.4-xinetd-typo.patch
@@ -0,0 +1,8 @@
+--- proftpd-1.3.4/contrib/dist/rpm/xinetd
++++ proftpd-1.3.4/contrib/dist/rpm/xinetd
+@@ -1,4 +1,4 @@
+-# default: on
++# default: off
+ # description: The ProFTPD FTP server
+ service ftp
+ {
diff --git a/proftpd.spec b/proftpd.spec
index 4d8e961..7ba4af8 100644
--- a/proftpd.spec
+++ b/proftpd.spec
@@ -40,8 +40,8 @@
%global have_libmemcached 1
%endif
-%global prever rc3
-%global rpmrel 15
+#global prever rc3
+%global rpmrel 1
Summary: Flexible, stable and highly-configurable FTP server
Name: proftpd
@@ -52,26 +52,21 @@ Group: System Environment/Daemons
URL: http://www.proftpd.org/
Source0: ftp://ftp.proftpd.org/distrib/source/proftpd-%{version}%{?prever}.tar.bz2
Source1: proftpd.conf
-Source2: proftpd.init
-Source3: proftpd-xinetd
-Source4: proftpd.logrotate
Source5: proftpd-welcome.msg
-Source6: proftpd.pam
Source9: proftpd.sysconfig
Source10: http://www.castaglia.org/proftpd/modules/proftpd-mod-vroot-0.9.2.tar.gz
Source11: http://www.castaglia.org/proftpd/modules/proftpd-mod-geoip-0.3.tar.gz
-Source12: proftpd-tmpfs.conf
# The integration tests require perl(Test::Unit) 0.14, which is the latest release on CPAN
# However, the version in Fedora is 0.25 from sourceforge, which is incompatible with the test suite,
# so we bundle version 0.14 here, purely for use during builds with the integration tests enabled
# (they are disabled by default); it is not included as part of the built package and should therefore
# not fall foul of the rules against library bundling
Source13: http://search.cpan.org/CPAN/authors/id/C/CL/CLEMBURG/Test-Unit-0.14.tar.gz
-Source14: proftpd.service
-Patch0: proftpd-1.3.4rc3-make-scrambled-password-323-bug3669.patch
Patch1: proftpd-1.3.4rc3-mysql-password.patch
Patch2: proftpd.conf-no-memcached.patch
+Patch3: proftpd-1.3.4-xinetd-typo.patch
Patch4: proftpd-1.3.4rc1-mod_vroot-test.patch
+Patch5: proftpd-1.3.4-utf8.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
Requires(preun): coreutils, findutils
%if %{use_systemd}
@@ -161,18 +156,23 @@ cp -p mod_vroot/t/modules/mod_vroot.t tests/t/modules/
cp -p mod_geoip/mod_geoip.c contrib/
cp -p mod_geoip/mod_geoip.html doc/contrib/
-# Upstream patch to not try make_scrambled_password_323 if the function
-# isn't exported from the MySQL library (upstream bug 3669)
-%patch0 -p1 -b .mypasswd323
+# Allow conf.h to find config.h (upstream bug 3127)
+ln -s ../config.h include/config.h
# Use my_make_scrambled_password rather than the deprecated
# make_scrambled_password, which isn't exported from Fedora's MySQL
# in F-15 onwards (#718327, upstream bug 3669)
%patch1 -p1 -b .mypasswd
+# Fix typo in upstream xinetd configuration
+%patch3 -p1 -b .xinetd
+
# If we're running the full test suite, include the mod_vroot test
%patch4 -p1 -b .test_vroot
+# Fix character encoding in docs
+%patch5 -p1 -b .utf8
+
# Avoid documentation name conflicts
mv contrib/README contrib/README.contrib
@@ -192,9 +192,8 @@ chmod -x contrib/xferstats.holger-preiss
# PAM Configuration:
# Default PAM configuration file uses password-auth common config;
# revert to system-auth if password-auth is not available
-cp -p %{SOURCE6} .
if [ ! -f /etc/pam.d/password-auth ]; then
- sed -i -e s/password-auth/system-auth/ proftpd.pam
+ sed -i -e s/password-auth/system-auth/ contrib/dist/rpm/proftpd.pam
fi
# The "include" syntax used in our PAM configuration file was introduced in
# PAM 0.78 and is therefore supported in FC-5 and EL-5 onwards; older
@@ -206,17 +205,7 @@ fi
# indicator of the need to fall back to pam_stack.
[ ! -f /etc/pam.d/config-util ] && sed -i -e \
's/include[[:space:]]*system-auth/required'\ \ \ \ \ 'pam_stack.so service=system-auth/' \
- proftpd.pam
-
-# Fix character encoding in docs
-for f in ChangeLog; do
- iconv -f iso-8859-1 -t utf-8 < ${f} > ${f}.utf-8
- mv -f ${f}.utf-8 ${f}
-done
-
-# Copy in the tmpfiles config and insert the appropriate run directory
-cp -p %{SOURCE12} .
-sed -i -e 's|@RUNDIR@|%{rundir}|' proftpd-tmpfs.conf
+ contrib/dist/rpm/proftpd.pam
# Remove bogus exec permissions from source files
chmod -c -x include/tpl.h lib/tpl.c
@@ -259,14 +248,19 @@ make install DESTDIR=%{buildroot} \
INSTALL_USER=`id -un` \
INSTALL_GROUP=`id -gn`
install -D -p -m 640 proftpd.conf %{buildroot}%{_sysconfdir}/proftpd.conf
-install -D -p -m 644 proftpd.pam %{buildroot}%{_sysconfdir}/pam.d/proftpd
+install -D -p -m 644 contrib/dist/rpm/proftpd.pam \
+ %{buildroot}%{_sysconfdir}/pam.d/proftpd
%if %{use_systemd}
-install -D -p -m 644 %{SOURCE14} %{buildroot}%{_unitdir}/proftpd.service
+install -D -p -m 644 contrib/dist/rpm/proftpd.service \
+ %{buildroot}%{_unitdir}/proftpd.service
%else
-install -D -p -m 755 %{SOURCE2} %{buildroot}%{_sysconfdir}/rc.d/init.d/proftpd
+install -D -p -m 755 contrib/dist/rpm/proftpd.init.d \
+ %{buildroot}%{_sysconfdir}/rc.d/init.d/proftpd
%endif
-install -D -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/xinetd.d/xproftpd
-install -D -p -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/logrotate.d/proftpd
+install -D -p -m 644 contrib/dist/rpm/xinetd \
+ %{buildroot}%{_sysconfdir}/xinetd.d/xproftpd
+install -D -p -m 644 contrib/dist/rpm/proftpd.logrotate \
+ %{buildroot}%{_sysconfdir}/logrotate.d/proftpd
install -D -p -m 644 %{SOURCE5} %{buildroot}%{_localstatedir}/ftp/welcome.msg
install -D -p -m 644 %{SOURCE9} %{buildroot}%{_sysconfdir}/sysconfig/proftpd
mkdir -p %{buildroot}%{_localstatedir}/{ftp/{pub,uploads},log/proftpd}
@@ -275,7 +269,8 @@ touch %{buildroot}%{_sysconfdir}/ftpusers
# Make sure %%{rundir}/proftpd exists at boot time for systems where it's on tmpfs (#656675)
%if 0%{?rundir_tmpfs:1}
install -d -m 755 %{buildroot}%{_sysconfdir}/tmpfiles.d
-install -p -m 644 proftpd-tmpfs.conf %{buildroot}%{_sysconfdir}/tmpfiles.d/proftpd.conf
+install -p -m 644 contrib/dist/rpm/proftpd-tmpfs.conf \
+ %{buildroot}%{_sysconfdir}/tmpfiles.d/proftpd.conf
%endif
# Find translations
@@ -467,6 +462,27 @@ fi
%{_libexecdir}/proftpd/mod_sql_postgres.so
%changelog
+* Thu Nov 10 2011 Paul Howarth <paul at city-fan.org> 1.3.4-1
+- Update to 1.3.4, addressing the following bugs since 1.3.4rc3:
+ - ProFTPD with mod_sql_mysql dies of "Alarm clock" on FreeBSD (bug 3702)
+ - mod_sql_mysql.so: undefined symbol: make_scrambled_password with MySQL 5.5
+ on Fedora (bug 3669)
+ - PQescapeStringConn() needs a better check (bug 3192)
+ - Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST attacks (bug 3704);
+ to disable this countermeasure, which may cause interoperability issues
+ with some clients, use the NoEmptyFragments TLSOption
+ - Support SFTPOption for ignoring requests to modify timestamps (bug 3706)
+ - RPM build on CentOS 5.5 (64bit): "File not found by glob" (bug 3640)
+ - Response pool use-after-free memory corruption error
+ (bug 3711, #752812, ZDI-CAN-1420, CVE-2011-4130)
+- Drop upstream patch for make_scrambled_password_323
+- Use upstream SysV initscript rather than our own
+- Use upstream systemd service file rather than our own
+- Use upstream PAM configuration rather than our own
+- Use upstream logrotate configuration rather than our own
+- Use upstream tempfiles configuration rather than our own
+- Use upstream xinetd configuration rather than our own
+
* Thu Oct 6 2011 Paul Howarth <paul at city-fan.org> 1.3.4-0.15.rc3
- Add upstream patch to not try make_scrambled_password_323 if the MySQL
library doesn't export it (#718327, upstream bug 3669); this removes support
diff --git a/sources b/sources
index 8c793a4..59cb65a 100644
--- a/sources
+++ b/sources
@@ -1,4 +1,4 @@
-5e9b2cb1f0c7e27aa7f02e5966e9d3d5 proftpd-1.3.4rc3.tar.bz2
+7734142c7fa7212ab9f188a617a4be87 proftpd-1.3.4.tar.bz2
cc0e479406436e474ca7d59994fa73bb proftpd-mod-geoip-0.3.tar.gz
6db495b25e9da2ba0c901e7c44e119bc proftpd-mod-vroot-0.9.2.tar.gz
ad574713bcd00f62883ff2f9a84eec1f Test-Unit-0.14.tar.gz
More information about the scm-commits
mailing list