[packages/pure-ftpd] - rel 2; use upstream parameter for ssl cert file

arekm arekm at pld-linux.org
Thu Jul 2 13:48:13 CEST 2015


commit 993feb8b7efd05f1c8b5421e3f964fe186289d0e
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Thu Jul 2 13:48:08 2015 +0200

    - rel 2; use upstream parameter for ssl cert file

 pure-ftpd-path_to_ssl_cert_in_config.patch | 236 +++++++++--------------------
 pure-ftpd.spec                             |   5 +-
 2 files changed, 77 insertions(+), 164 deletions(-)
---
diff --git a/pure-ftpd.spec b/pure-ftpd.spec
index ba5d73f..5e94734 100644
--- a/pure-ftpd.spec
+++ b/pure-ftpd.spec
@@ -9,7 +9,7 @@
 %bcond_without	tls		# disable SSL/TLS support
 %bcond_without	cap		# disable capabilities
 
-%define	rel	1
+%define	rel	2
 Summary:	Small, fast and secure FTP server
 Summary(pl.UTF-8):	Mały, szybki i bezpieczny serwer FTP
 Name:		pure-ftpd
@@ -206,9 +206,10 @@ if [ "$1" = "0" ]; then
 	%service -q ldap restart
 fi
 
-%triggerpostun -- %{name} < 1.0.40-1
+%triggerpostun -- %{name} < 1.0.41-2
 %{?with_mysql:sed -i -e 's#MYSQLCrypt[\t ]\+all#MYSQLCrypt    any#gi' $RPM_BUILD_ROOT%{_sysconfdir}/pureftpd-mysql.conf}
 %{?with_pgsql:sed -i -e 's#PgSQLCrypt[\t ]\+all#PgSQLCrypt    any#gi' $RPM_BUILD_ROOT%{_sysconfdir}/pureftpd-pgsql.conf}
+sed -i -e 's#SSLCertFile#CertFile#gi' $RPM_BUILD_ROOT%{_sysconfdir}/pureftpd.conf
 exit 0
 
 %files
diff --git a/pure-ftpd-path_to_ssl_cert_in_config.patch b/pure-ftpd-path_to_ssl_cert_in_config.patch
index ec77d5f..2a136c2 100644
--- a/pure-ftpd-path_to_ssl_cert_in_config.patch
+++ b/pure-ftpd-path_to_ssl_cert_in_config.patch
@@ -1,170 +1,82 @@
-diff -Nur b/configuration-file/pure-config.pl.in n/configuration-file/pure-config.pl.in
---- b/configuration-file/pure-config.pl.in	2004-02-29 12:17:00.000000000 +0100
-+++ n/configuration-file/pure-config.pl.in	2004-09-15 17:02:28.545013000 +0200
-@@ -57,6 +57,7 @@
- 	TrustedIP		=> "-V",
- 	AltLog			=> "-O",
- 	PIDFile			=> "-g",
-+	SSLCertFile		=> "-7",
+commit 659d4e968a2204395c7e1757dade46f9dfc95960
+Author: Frank Denis <github at pureftpd.org>
+Date:   Sat Jun 27 16:11:56 2015 +0200
+
+    DEFAULT_CERT_FILE -> TLS_CERTIFICATE_FILE
+
+diff --git a/src/ftpd.h b/src/ftpd.h
+index 039bed4..717c3da 100644
+--- a/src/ftpd.h
++++ b/src/ftpd.h
+@@ -418,8 +418,8 @@ extern int opt_a, opt_C, opt_d, opt_F, opt_l, opt_R;
+ # ifndef TLS_CONFDIR
+ #  define TLS_CONFDIR "/etc/ssl/private"
+ # endif
+-# ifndef DEFAULT_CERT_FILE
+-#  define DEFAULT_CERT_FILE TLS_CONFDIR "/pure-ftpd.pem"
++# ifndef TLS_CERTIFICATE_FILE
++#  define TLS_CERTIFICATE_FILE TLS_CONFDIR "/pure-ftpd.pem"
+ # endif
+ # ifndef TLS_DHPARAMS_FILE
+ #  define TLS_DHPARAMS_FILE TLS_CONFDIR "/pure-ftpd-dhparams.pem"
+diff --git a/src/globals.h b/src/globals.h
+index 833cfa2..e0c1d30 100644
+--- a/src/globals.h
++++ b/src/globals.h
+@@ -166,7 +166,7 @@ GLOBAL0(int data_protection_level);
+ GLOBAL(const char *tlsciphersuite, TLS_DEFAULT_CIPHER_SUITE);
+ GLOBAL0(signed char ssl_disabled);
+ GLOBAL0(signed char ssl_verify_client_cert);
+-GLOBAL(const char *cert_file, DEFAULT_CERT_FILE);
++GLOBAL(const char *cert_file, TLS_CERTIFICATE_FILE);
+ #endif
+ 
+ GLOBAL0(char *atomic_prefix);
+
+commit 32bffd1ce2670279ebc9aac0386a6d223b1119b6
+Author: Frank Denis <github at pureftpd.org>
+Date:   Fri Jun 26 19:02:37 2015 +0200
+
+    Add CertFile to the configuration files wrappers
+
+diff --git a/configuration-file/pure-config.pl.in b/configuration-file/pure-config.pl.in
+index 498af50..ea675c8 100644
+--- a/configuration-file/pure-config.pl.in
++++ b/configuration-file/pure-config.pl.in
+@@ -60,6 +60,7 @@ my %string_switch_for = (
+         AltLog                  => "-O",
+         PIDFile                 => "-g",
+         TLSCipherSuite          => "-J",
++        CertFile                => "-2",
  );
  
  my %numeric_switch_for = (
-diff -Nur b/configuration-file/pure-config.py.in n/configuration-file/pure-config.py.in
---- b/configuration-file/pure-config.py.in	2004-02-29 12:17:14.000000000 +0100
-+++ n/configuration-file/pure-config.py.in	2004-09-15 17:02:28.546012000 +0200
-@@ -55,6 +55,7 @@
- option_tuple = (
-     ["IPV4Only[\s]+yes",                   "-4"                  ],
-     ["IPV6Only[\s]+yes",                   "-6"                  ],    
-+    ["SSLCertFile\s+(\S+)",                "-7", None            ],
-     ["ChrootEveryone[\s]+yes",             "-A"                  ],
-     ["TrustedGID[\s]+([\d]+)",             "-a", None            ],
-     ["BrokenClientsCompatibility[\s]+yes", "-b"                  ],
-diff -Nur b/configuration-file/pure-ftpd.conf.in n/configuration-file/pure-ftpd.conf.in
---- b/configuration-file/pure-ftpd.conf.in	2004-09-15 17:03:04.281580000 +0200
-+++ n/configuration-file/pure-ftpd.conf.in	2004-09-15 17:02:28.547012000 +0200
-@@ -420,7 +420,13 @@
- # 3) Only compatible clients will log in.
- 
- # TLS                      1
--
-+
-+# Path to SSL certificate file. This is non-standard addition
-+# and it might disappear in the future. If not present
-+# default is /var/lib/openssl/certs/ftpd.pem for PLD.
-+#
-+# SSLCertFile	/etc/ssl/private/pure-ftpd.pem
-+#	
- 
+diff --git a/configuration-file/pure-config.py.in b/configuration-file/pure-config.py.in
+index 9a4943c..c458a20 100644
+--- a/configuration-file/pure-config.py.in
++++ b/configuration-file/pure-config.py.in
+@@ -114,6 +114,7 @@ option_tuple = (
+     ["PIDFile\s+(\S+)",                    "-g", None            ],
+     ["TLSCipherSuite\s+(\S+)",             "-J", None            ],
+     ["PerUserLimits\s+([:0-9]+)",          "-y", None            ],
++    ["CertFile\s+(\S+)",                   "-2", None            ],
+     ["TLS\s+(\d)",                         "-Y", None            ])
  
- # Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
-diff -Nur b/man/pure-ftpd.8 n/man/pure-ftpd.8
---- b/man/pure-ftpd.8	2004-02-29 21:10:06.000000000 +0100
-+++ n/man/pure-ftpd.8	2004-09-15 17:02:28.548012000 +0200
-@@ -9,7 +9,7 @@
- pure\-ftpd \- simple File Transfer Protocol server
+ for option in option_tuple:
+diff --git a/configuration-file/pure-ftpd.conf.in b/configuration-file/pure-ftpd.conf.in
+index 74d1fb1..8591906 100644
+--- a/configuration-file/pure-ftpd.conf.in
++++ b/configuration-file/pure-ftpd.conf.in
+@@ -434,6 +434,12 @@ CustomerProof              yes
  
- .SH "SYNOPSIS"
--.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z]
-+.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-7 certificate file] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z]
  
- .br
- Alternative style :
-@@ -22,6 +22,8 @@
- .br
- \-6 \-\-ipv6only
- .br
-+\-7 \-\-sslcertfile
-+.br
- \-a \-\-trustedgid
- .br
- \-A \-\-chrooteveryone
-@@ -157,6 +159,9 @@
- .B \-6
- Listen only to IPv6 connections.
- .TP
-+.B \-7 SSL certificate file
-+Path to SSL certificate file. If option \-7 is not present default value is /var/lib/openssl/certs/ftpd.pem for PLD. This is non\-standard addition. It might disappear in the future and meaning of \-7 option is not guaranted.
-+.TP
- .B \-a gid
- Regular users will be chrooted to their home directories, unless
- they belong to the specified gid. Note that root is always trusted,
-diff -Nur b/src/ftpd.c n/src/ftpd.c
---- b/src/ftpd.c	2004-09-15 18:05:29.951069216 +0200
-+++ n/src/ftpd.c	2004-09-15 18:03:14.172710664 +0200
-@@ -4830,7 +4830,7 @@
-     int fodder;
-     int bypass_ipv6 = 0;
-     struct passwd *pw;
--
-+    
- #ifdef PROBE_RANDOM_AT_RUNTIME
-     pw_zrand_probe();
- #endif    
-@@ -5097,6 +5097,15 @@
-                 enforce_tls_auth > 2) {
-                 die(421, LOG_ERR, MSG_CONF_ERR ": TLS");
-             }
-+    	    if (!tlscert_file) 
-+                if ((tlscert_file = strdup(TLS_CERTIFICATE_FILE)) == NULL)
-+                    die_mem();
-+            break;
-+        }
-+    	case '7': {
-+            free(tlscert_file);
-+            if ((tlscert_file = strdup(optarg)) == NULL)
-+                die_mem();
-             break;
-         }
- #endif
-diff -Nur b/src/ftpd_p.h n/src/ftpd_p.h
---- b/src/ftpd_p.h	2004-02-29 22:49:28.000000000 +0100
-+++ n/src/ftpd_p.h	2004-09-15 17:02:28.561010000 +0200
-@@ -101,6 +101,7 @@
- #endif
- #ifdef WITH_TLS
-     "Y:"
-+    "7:"
- #endif    
-     "zZ";
  
-@@ -180,6 +181,7 @@
- # endif
- # ifdef WITH_TLS
-     { "tls", 1, NULL, 'Y' },
-+    { "sslcertfile", 1, NULL, '7'},
- # endif
-     { "allowdotfiles", 0, NULL, 'z' },
-     { "customerproof", 0, NULL, 'Z' },
-diff -Nur b/src/globals.h n/src/globals.h
---- b/src/globals.h	2004-02-29 22:49:28.000000000 +0100
-+++ n/src/globals.h	2004-09-15 17:02:28.561010000 +0200
-@@ -167,6 +167,7 @@
- 
- #ifdef WITH_TLS
- GLOBAL0(signed char enforce_tls_auth);
-+GLOBAL0(char *tlscert_file);
- #endif
- 
- GLOBAL0(char *atomic_prefix);
-diff -Nur b/src/tls.c n/src/tls.c
---- b/src/tls.c	2004-02-29 22:49:27.000000000 +0100
-+++ n/src/tls.c	2004-09-15 17:02:28.562010000 +0200
-@@ -9,11 +9,12 @@
- # include "tls.h"
- # include "ftpwho-update.h"
- # include "messages.h"
-+# include "globals.h"
- 
- static void tls_error(void) 
- {
-     logfile(LOG_ERR, "SSL/TLS [%s]: %s", 
--            TLS_CERTIFICATE_FILE,
-+            tlscert_file,
-             ERR_error_string(ERR_get_error(), NULL));
-     _EXIT(EXIT_FAILURE);
- }
-@@ -23,7 +24,7 @@
-     DH *dh;
-     BIO *bio;
++# Certificate file, for TLS
++
++# CertFile                 /etc/ssl/private/pure-ftpd.pem
++
++
++
+ # Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
+ # By default, both IPv4 and IPv6 are enabled.
  
--    if ((bio = BIO_new_file(TLS_CERTIFICATE_FILE, "r")) == NULL) {
-+    if ((bio = BIO_new_file(tlscert_file, "r")) == NULL) {
-         return -1;
-     }
-     if ((dh = PEM_read_bio_DHparams(bio, NULL, NULL
-@@ -65,11 +66,11 @@
-     tls_init_cache();
-     SSL_CTX_set_options(tls_ctx, SSL_OP_ALL);    
-     if (SSL_CTX_use_certificate_chain_file
--        (tls_ctx, TLS_CERTIFICATE_FILE) != 1) {
-+        (tls_ctx, tlscert_file) != 1) {
-         die(421, LOG_ERR,
--            MSG_FILE_DOESNT_EXIST ": [%s]", TLS_CERTIFICATE_FILE);
-+            MSG_FILE_DOESNT_EXIST ": [%s]", tlscert_file);
-     }
--    if (SSL_CTX_use_PrivateKey_file(tls_ctx, TLS_CERTIFICATE_FILE,
-+    if (SSL_CTX_use_PrivateKey_file(tls_ctx, tlscert_file,
-                                     SSL_FILETYPE_PEM) != 1) {
-         tls_error();
-     }
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/pure-ftpd.git/commitdiff/993feb8b7efd05f1c8b5421e3f964fe186289d0e



More information about the pld-cvs-commit mailing list