[packages/pure-ftpd] - rel 2; use upstream parameter for ssl cert file
arekm
arekm at pld-linux.org
Thu Jul 2 13:48:13 CEST 2015
commit 993feb8b7efd05f1c8b5421e3f964fe186289d0e
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Thu Jul 2 13:48:08 2015 +0200
- rel 2; use upstream parameter for ssl cert file
pure-ftpd-path_to_ssl_cert_in_config.patch | 236 +++++++++--------------------
pure-ftpd.spec | 5 +-
2 files changed, 77 insertions(+), 164 deletions(-)
---
diff --git a/pure-ftpd.spec b/pure-ftpd.spec
index ba5d73f..5e94734 100644
--- a/pure-ftpd.spec
+++ b/pure-ftpd.spec
@@ -9,7 +9,7 @@
%bcond_without tls # disable SSL/TLS support
%bcond_without cap # disable capabilities
-%define rel 1
+%define rel 2
Summary: Small, fast and secure FTP server
Summary(pl.UTF-8): Mały, szybki i bezpieczny serwer FTP
Name: pure-ftpd
@@ -206,9 +206,10 @@ if [ "$1" = "0" ]; then
%service -q ldap restart
fi
-%triggerpostun -- %{name} < 1.0.40-1
+%triggerpostun -- %{name} < 1.0.41-2
%{?with_mysql:sed -i -e 's#MYSQLCrypt[\t ]\+all#MYSQLCrypt any#gi' $RPM_BUILD_ROOT%{_sysconfdir}/pureftpd-mysql.conf}
%{?with_pgsql:sed -i -e 's#PgSQLCrypt[\t ]\+all#PgSQLCrypt any#gi' $RPM_BUILD_ROOT%{_sysconfdir}/pureftpd-pgsql.conf}
+sed -i -e 's#SSLCertFile#CertFile#gi' $RPM_BUILD_ROOT%{_sysconfdir}/pureftpd.conf
exit 0
%files
diff --git a/pure-ftpd-path_to_ssl_cert_in_config.patch b/pure-ftpd-path_to_ssl_cert_in_config.patch
index ec77d5f..2a136c2 100644
--- a/pure-ftpd-path_to_ssl_cert_in_config.patch
+++ b/pure-ftpd-path_to_ssl_cert_in_config.patch
@@ -1,170 +1,82 @@
-diff -Nur b/configuration-file/pure-config.pl.in n/configuration-file/pure-config.pl.in
---- b/configuration-file/pure-config.pl.in 2004-02-29 12:17:00.000000000 +0100
-+++ n/configuration-file/pure-config.pl.in 2004-09-15 17:02:28.545013000 +0200
-@@ -57,6 +57,7 @@
- TrustedIP => "-V",
- AltLog => "-O",
- PIDFile => "-g",
-+ SSLCertFile => "-7",
+commit 659d4e968a2204395c7e1757dade46f9dfc95960
+Author: Frank Denis <github at pureftpd.org>
+Date: Sat Jun 27 16:11:56 2015 +0200
+
+ DEFAULT_CERT_FILE -> TLS_CERTIFICATE_FILE
+
+diff --git a/src/ftpd.h b/src/ftpd.h
+index 039bed4..717c3da 100644
+--- a/src/ftpd.h
++++ b/src/ftpd.h
+@@ -418,8 +418,8 @@ extern int opt_a, opt_C, opt_d, opt_F, opt_l, opt_R;
+ # ifndef TLS_CONFDIR
+ # define TLS_CONFDIR "/etc/ssl/private"
+ # endif
+-# ifndef DEFAULT_CERT_FILE
+-# define DEFAULT_CERT_FILE TLS_CONFDIR "/pure-ftpd.pem"
++# ifndef TLS_CERTIFICATE_FILE
++# define TLS_CERTIFICATE_FILE TLS_CONFDIR "/pure-ftpd.pem"
+ # endif
+ # ifndef TLS_DHPARAMS_FILE
+ # define TLS_DHPARAMS_FILE TLS_CONFDIR "/pure-ftpd-dhparams.pem"
+diff --git a/src/globals.h b/src/globals.h
+index 833cfa2..e0c1d30 100644
+--- a/src/globals.h
++++ b/src/globals.h
+@@ -166,7 +166,7 @@ GLOBAL0(int data_protection_level);
+ GLOBAL(const char *tlsciphersuite, TLS_DEFAULT_CIPHER_SUITE);
+ GLOBAL0(signed char ssl_disabled);
+ GLOBAL0(signed char ssl_verify_client_cert);
+-GLOBAL(const char *cert_file, DEFAULT_CERT_FILE);
++GLOBAL(const char *cert_file, TLS_CERTIFICATE_FILE);
+ #endif
+
+ GLOBAL0(char *atomic_prefix);
+
+commit 32bffd1ce2670279ebc9aac0386a6d223b1119b6
+Author: Frank Denis <github at pureftpd.org>
+Date: Fri Jun 26 19:02:37 2015 +0200
+
+ Add CertFile to the configuration files wrappers
+
+diff --git a/configuration-file/pure-config.pl.in b/configuration-file/pure-config.pl.in
+index 498af50..ea675c8 100644
+--- a/configuration-file/pure-config.pl.in
++++ b/configuration-file/pure-config.pl.in
+@@ -60,6 +60,7 @@ my %string_switch_for = (
+ AltLog => "-O",
+ PIDFile => "-g",
+ TLSCipherSuite => "-J",
++ CertFile => "-2",
);
my %numeric_switch_for = (
-diff -Nur b/configuration-file/pure-config.py.in n/configuration-file/pure-config.py.in
---- b/configuration-file/pure-config.py.in 2004-02-29 12:17:14.000000000 +0100
-+++ n/configuration-file/pure-config.py.in 2004-09-15 17:02:28.546012000 +0200
-@@ -55,6 +55,7 @@
- option_tuple = (
- ["IPV4Only[\s]+yes", "-4" ],
- ["IPV6Only[\s]+yes", "-6" ],
-+ ["SSLCertFile\s+(\S+)", "-7", None ],
- ["ChrootEveryone[\s]+yes", "-A" ],
- ["TrustedGID[\s]+([\d]+)", "-a", None ],
- ["BrokenClientsCompatibility[\s]+yes", "-b" ],
-diff -Nur b/configuration-file/pure-ftpd.conf.in n/configuration-file/pure-ftpd.conf.in
---- b/configuration-file/pure-ftpd.conf.in 2004-09-15 17:03:04.281580000 +0200
-+++ n/configuration-file/pure-ftpd.conf.in 2004-09-15 17:02:28.547012000 +0200
-@@ -420,7 +420,13 @@
- # 3) Only compatible clients will log in.
-
- # TLS 1
--
-+
-+# Path to SSL certificate file. This is non-standard addition
-+# and it might disappear in the future. If not present
-+# default is /var/lib/openssl/certs/ftpd.pem for PLD.
-+#
-+# SSLCertFile /etc/ssl/private/pure-ftpd.pem
-+#
-
+diff --git a/configuration-file/pure-config.py.in b/configuration-file/pure-config.py.in
+index 9a4943c..c458a20 100644
+--- a/configuration-file/pure-config.py.in
++++ b/configuration-file/pure-config.py.in
+@@ -114,6 +114,7 @@ option_tuple = (
+ ["PIDFile\s+(\S+)", "-g", None ],
+ ["TLSCipherSuite\s+(\S+)", "-J", None ],
+ ["PerUserLimits\s+([:0-9]+)", "-y", None ],
++ ["CertFile\s+(\S+)", "-2", None ],
+ ["TLS\s+(\d)", "-Y", None ])
- # Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
-diff -Nur b/man/pure-ftpd.8 n/man/pure-ftpd.8
---- b/man/pure-ftpd.8 2004-02-29 21:10:06.000000000 +0100
-+++ n/man/pure-ftpd.8 2004-09-15 17:02:28.548012000 +0200
-@@ -9,7 +9,7 @@
- pure\-ftpd \- simple File Transfer Protocol server
+ for option in option_tuple:
+diff --git a/configuration-file/pure-ftpd.conf.in b/configuration-file/pure-ftpd.conf.in
+index 74d1fb1..8591906 100644
+--- a/configuration-file/pure-ftpd.conf.in
++++ b/configuration-file/pure-ftpd.conf.in
+@@ -434,6 +434,12 @@ CustomerProof yes
- .SH "SYNOPSIS"
--.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z]
-+.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-7 certificate file] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z]
- .br
- Alternative style :
-@@ -22,6 +22,8 @@
- .br
- \-6 \-\-ipv6only
- .br
-+\-7 \-\-sslcertfile
-+.br
- \-a \-\-trustedgid
- .br
- \-A \-\-chrooteveryone
-@@ -157,6 +159,9 @@
- .B \-6
- Listen only to IPv6 connections.
- .TP
-+.B \-7 SSL certificate file
-+Path to SSL certificate file. If option \-7 is not present default value is /var/lib/openssl/certs/ftpd.pem for PLD. This is non\-standard addition. It might disappear in the future and meaning of \-7 option is not guaranted.
-+.TP
- .B \-a gid
- Regular users will be chrooted to their home directories, unless
- they belong to the specified gid. Note that root is always trusted,
-diff -Nur b/src/ftpd.c n/src/ftpd.c
---- b/src/ftpd.c 2004-09-15 18:05:29.951069216 +0200
-+++ n/src/ftpd.c 2004-09-15 18:03:14.172710664 +0200
-@@ -4830,7 +4830,7 @@
- int fodder;
- int bypass_ipv6 = 0;
- struct passwd *pw;
--
-+
- #ifdef PROBE_RANDOM_AT_RUNTIME
- pw_zrand_probe();
- #endif
-@@ -5097,6 +5097,15 @@
- enforce_tls_auth > 2) {
- die(421, LOG_ERR, MSG_CONF_ERR ": TLS");
- }
-+ if (!tlscert_file)
-+ if ((tlscert_file = strdup(TLS_CERTIFICATE_FILE)) == NULL)
-+ die_mem();
-+ break;
-+ }
-+ case '7': {
-+ free(tlscert_file);
-+ if ((tlscert_file = strdup(optarg)) == NULL)
-+ die_mem();
- break;
- }
- #endif
-diff -Nur b/src/ftpd_p.h n/src/ftpd_p.h
---- b/src/ftpd_p.h 2004-02-29 22:49:28.000000000 +0100
-+++ n/src/ftpd_p.h 2004-09-15 17:02:28.561010000 +0200
-@@ -101,6 +101,7 @@
- #endif
- #ifdef WITH_TLS
- "Y:"
-+ "7:"
- #endif
- "zZ";
-@@ -180,6 +181,7 @@
- # endif
- # ifdef WITH_TLS
- { "tls", 1, NULL, 'Y' },
-+ { "sslcertfile", 1, NULL, '7'},
- # endif
- { "allowdotfiles", 0, NULL, 'z' },
- { "customerproof", 0, NULL, 'Z' },
-diff -Nur b/src/globals.h n/src/globals.h
---- b/src/globals.h 2004-02-29 22:49:28.000000000 +0100
-+++ n/src/globals.h 2004-09-15 17:02:28.561010000 +0200
-@@ -167,6 +167,7 @@
-
- #ifdef WITH_TLS
- GLOBAL0(signed char enforce_tls_auth);
-+GLOBAL0(char *tlscert_file);
- #endif
-
- GLOBAL0(char *atomic_prefix);
-diff -Nur b/src/tls.c n/src/tls.c
---- b/src/tls.c 2004-02-29 22:49:27.000000000 +0100
-+++ n/src/tls.c 2004-09-15 17:02:28.562010000 +0200
-@@ -9,11 +9,12 @@
- # include "tls.h"
- # include "ftpwho-update.h"
- # include "messages.h"
-+# include "globals.h"
-
- static void tls_error(void)
- {
- logfile(LOG_ERR, "SSL/TLS [%s]: %s",
-- TLS_CERTIFICATE_FILE,
-+ tlscert_file,
- ERR_error_string(ERR_get_error(), NULL));
- _EXIT(EXIT_FAILURE);
- }
-@@ -23,7 +24,7 @@
- DH *dh;
- BIO *bio;
++# Certificate file, for TLS
++
++# CertFile /etc/ssl/private/pure-ftpd.pem
++
++
++
+ # Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
+ # By default, both IPv4 and IPv6 are enabled.
-- if ((bio = BIO_new_file(TLS_CERTIFICATE_FILE, "r")) == NULL) {
-+ if ((bio = BIO_new_file(tlscert_file, "r")) == NULL) {
- return -1;
- }
- if ((dh = PEM_read_bio_DHparams(bio, NULL, NULL
-@@ -65,11 +66,11 @@
- tls_init_cache();
- SSL_CTX_set_options(tls_ctx, SSL_OP_ALL);
- if (SSL_CTX_use_certificate_chain_file
-- (tls_ctx, TLS_CERTIFICATE_FILE) != 1) {
-+ (tls_ctx, tlscert_file) != 1) {
- die(421, LOG_ERR,
-- MSG_FILE_DOESNT_EXIST ": [%s]", TLS_CERTIFICATE_FILE);
-+ MSG_FILE_DOESNT_EXIST ": [%s]", tlscert_file);
- }
-- if (SSL_CTX_use_PrivateKey_file(tls_ctx, TLS_CERTIFICATE_FILE,
-+ if (SSL_CTX_use_PrivateKey_file(tls_ctx, tlscert_file,
- SSL_FILETYPE_PEM) != 1) {
- tls_error();
- }
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/pure-ftpd.git/commitdiff/993feb8b7efd05f1c8b5421e3f964fe186289d0e
More information about the pld-cvs-commit
mailing list