[proftpd] Harden build, remove old cruft
Paul Howarth
pghmcfc at fedoraproject.org
Fri Apr 13 15:20:23 UTC 2012
commit 1b40612d2a66f6bc055f658d682ba00f5f7abea6
Author: Paul Howarth <paul at city-fan.org>
Date: Fri Apr 13 16:18:34 2012 +0100
Harden build, remove old cruft
- Do hardened (PIE) builds where possible
- Drop %defattr, redundant since rpm 4.4
- Always look for TLS certs in /etc/pki/tls/certs
proftpd.conf | 4 ++--
proftpd.spec | 31 ++++++++++++-------------------
2 files changed, 14 insertions(+), 21 deletions(-)
---
diff --git a/proftpd.conf b/proftpd.conf
index b61c5c2..357def8 100644
--- a/proftpd.conf
+++ b/proftpd.conf
@@ -293,8 +293,8 @@ ControlsLog /var/log/proftpd/controls.log
<IfDefine TLS>
TLSEngine on
TLSRequired on
- TLSRSACertificateFile @PKIDIR@/certs/proftpd.pem
- TLSRSACertificateKeyFile @PKIDIR@/certs/proftpd.pem
+ TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem
+ TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem
TLSCipherSuite ALL:!ADH:!DES
TLSOptions NoCertRequest
TLSVerifyClient off
diff --git a/proftpd.spec b/proftpd.spec
index 52493b1..61d72bd 100644
--- a/proftpd.spec
+++ b/proftpd.spec
@@ -22,14 +22,6 @@
%global rundir_tmpfs 1
%endif
-# Use certs in %%{_sysconfdir}/pki/tls/certs if available (FC4, RHEL5 onwards)
-%global use_pki %(if [ -d %{_sysconfdir}/pki/tls/certs ]; then echo 1; else echo 0; fi)
-%if %{use_pki}
-%global pkidir %{_sysconfdir}/pki/tls
-%else
-%global pkidir %{_datadir}/ssl
-%endif
-
# For PCRE support we need pcre >= 7.0, not available in EL prior to EL-6
%if 0%{?rhel} > 5 || 0%{?fedora}
%global use_pcre 1
@@ -40,8 +32,11 @@
%global have_libmemcached 1
%endif
+# Do a hardened build where possible
+%define _hardened_build 1
+
#global prever rc3
-%global rpmrel 7
+%global rpmrel 8
Summary: Flexible, stable and highly-configurable FTP server
Name: proftpd
@@ -217,6 +212,9 @@ cp -p mod_vroot/t/modules/mod_vroot.t tests/t/modules/
cp -p mod_geoip/mod_geoip.c contrib/
cp -p mod_geoip/mod_geoip.html doc/contrib/
+# Copy default config file into place
+cp -p %{SOURCE1} proftpd.conf
+
# Use my_make_scrambled_password rather than the deprecated
# make_scrambled_password, which isn't exported from Fedora's MySQL
# in F-15 onwards (#718327, upstream bug 3669)
@@ -307,10 +305,6 @@ cp -p mod_geoip/mod_geoip.html doc/contrib/
# Avoid documentation name conflicts
mv contrib/README contrib/README.contrib
-# Set up directory names in config file
-sed -e 's#@PKIDIR@#%{pkidir}#g' \
- %{SOURCE1} > proftpd.conf
-
# If we don't have libmemcached support, remove the mod_tls_memcache
# snippet from the config file
%if 0%{!?have_libmemcached:1}
@@ -496,7 +490,6 @@ else
fi
%files -f proftpd.lang
-%defattr(-,root,root,-)
%doc COPYING CREDITS ChangeLog NEWS README
%doc README.DSO README.modules README.IPv6 README.PAM
%doc README.capabilities README.classes README.controls README.facl
@@ -571,27 +564,22 @@ fi
%attr(750, root, root) %dir %{_localstatedir}/log/proftpd/
%files devel
-%defattr(-,root,root)
%{_bindir}/prxs
%{_includedir}/proftpd/
%{_libdir}/pkgconfig/proftpd.pc
%files ldap
-%defattr(-,root,root,-)
%doc README.LDAP contrib/mod_quotatab_ldap.ldif contrib/mod_quotatab_ldap.schema
%{_libexecdir}/proftpd/mod_ldap.so
%{_libexecdir}/proftpd/mod_quotatab_ldap.so
%files mysql
-%defattr(-,root,root,-)
%{_libexecdir}/proftpd/mod_sql_mysql.so
%files postgresql
-%defattr(-,root,root,-)
%{_libexecdir}/proftpd/mod_sql_postgres.so
%files utils
-%defattr(-,root,root,-)
%doc contrib/xferstats.holger-preiss
%{_bindir}/ftpasswd
%{_bindir}/ftpcount
@@ -607,6 +595,11 @@ fi
%{_mandir}/man1/ftpwho.1*
%changelog
+* Fri Apr 13 2012 Paul Howarth <paul at city-fan.org> 1.3.4a-8
+- Do hardened (PIE) builds where possible
+- Drop %%defattr, redundant since rpm 4.4
+- Always look for TLS certs in /etc/pki/tls/certs
+
* Mon Mar 12 2012 Paul Howarth <paul at city-fan.org> 1.3.4a-7
- Tweak logrotate script for systemd compatibility (#802178)
- Fix leaked file descriptors for log files (as per bug 3751)
More information about the scm-commits
mailing list