packages/proftpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

回退 'Pull Request !29 : Update to 1.3.8b for fix CVE-2023-51713,CVE-2023-48795'

Browse Source
This commit is contained in:
caodongxia 2023-12-27 01:36:40 +00:00 committed by Gitee
parent 75d563debe
commit 7e83baef12
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
11 changed files with 291 additions and 162 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
CVE-2021-46854.patch Normal file
View File

@ -0,0 +1,43 @@
From 10a227b4d50e0a2cd2faf87926f58d865da44e43 Mon Sep 17 00:00:00 2001
From: Chris Hofstaedtler <chris.hofstaedtler@deduktiva.com>
Date: Tue, 3 Aug 2021 21:53:28 +0200
Subject: [PATCH] mod_radius: copy _only_ the password
---
contrib/mod_radius.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/contrib/mod_radius.c b/contrib/mod_radius.c
index 5092ca5e05..028c364ffd 100644
--- a/contrib/mod_radius.c
+++ b/contrib/mod_radius.c
@@ -2324,21 +2324,26 @@ static void radius_add_passwd(radius_packet_t *packet, unsigned char type,
pwlen = strlen((const char *) passwd);
+ /* Clear the buffers. */
+ memset(pwhash, '\0', sizeof(pwhash));
+
if (pwlen == 0) {
pwlen = RADIUS_PASSWD_LEN;
} if ((pwlen & (RADIUS_PASSWD_LEN - 1)) != 0) {
+ /* pwlen is not a multiple of RADIUS_PASSWD_LEN, need to prepare a proper buffer */
+ memcpy(pwhash, passwd, pwlen);
/* Round up the length. */
pwlen += (RADIUS_PASSWD_LEN - 1);
/* Truncate the length, as necessary. */
pwlen &= ~(RADIUS_PASSWD_LEN - 1);
+ } else {
+ /* pwlen is a multiple of RADIUS_PASSWD_LEN, we can just use it. */
+ memcpy(pwhash, passwd, pwlen);
}
- /* Clear the buffers. */
- memset(pwhash, '\0', sizeof(pwhash));
- memcpy(pwhash, passwd, pwlen);
/* Find the password attribute. */
attrib = radius_get_attrib(packet, RADIUS_PASSWORD);

4
modules.conf
View File

@ -171,10 +171,6 @@ LoadModule mod_vroot.c
LoadModule mod_qos.c
</IfDefine>
# Attempt to generate a unique ID for every FTP session
# (http://www.proftpd.org/docs/contrib/mod_unique_id.html)
# LoadModule mod_unique_id.c
#
# Provide a flexible way of specifying that certain configuration directives
# only apply to certain sessions, based on credentials such as connection
# class, user, or group membership

4
proftpd-1.3.8-shellbang.patch → proftpd-1.3.7-shellbang.patch
View File

@ -4,7 +4,7 @@
-#!/usr/bin/env perl
+#!/usr/bin/perl
# ---------------------------------------------------------------------------
# Copyright (C) 2000-2021 TJ Saunders <tj@castaglia.org>
# Copyright (C) 2000-2020 TJ Saunders <tj@castaglia.org>
#
--- contrib/ftpmail
+++ contrib/ftpmail
@ -37,4 +37,4 @@
+#!/usr/bin/perl
# ---------------------------------------------------------------------------
# Copyright (C) 2008-2020 TJ Saunders <tj@castaglia.org>
# Copyright (C) 2008-2012 TJ Saunders <tj@castaglia.org>

120
proftpd-1.3.7a-check-api.patch Normal file
View File

@ -0,0 +1,120 @@
--- tests/api/env.c
+++ tests/api/env.c
@@ -61,11 +61,11 @@ START_TEST (env_get_test) {
pr_env_unset(p, key);
res = pr_env_get(p, key);
- fail_unless(res == NULL);
+ fail_unless(res == NULL, "Unexpectedly found foo in environment");
/* XXX PATH should always be set in the environment, right? */
res = pr_env_get(p, "PATH");
- fail_unless(res != NULL);
+ fail_unless(res != NULL, "Failed to find PATH in environment");
#else
res = pr_env_get(p, key);
--- tests/api/sets.c
+++ tests/api/sets.c
@@ -97,20 +97,20 @@ START_TEST (set_create_test) {
fail_unless(errno == EPERM, "Failed to set errno to EPERM");
res = xaset_create(p, NULL);
- fail_unless(res != NULL);
+ fail_unless(res != NULL, "Failed with valid pool and NULL compare item");
fail_unless(res->pool == p, "Expected %p, got %p", p, res->pool);
permanent_pool = make_sub_pool(p);
res = xaset_create(NULL, NULL);
- fail_unless(res != NULL);
+ fail_unless(res != NULL, "Failed to handle null arguments");
fail_unless(res->pool == permanent_pool, "Expected %p, got %p",
permanent_pool, res->pool);
fail_unless(res->xas_compare == NULL, "Expected NULL, got %p",
res->xas_compare);
res = xaset_create(p, (XASET_COMPARE) item_cmp);
- fail_unless(res != NULL);
+ fail_unless(res != NULL, "Failed with valid pool and compare items");
fail_unless(res->pool == p, "Expected %p, got %p", p, res->pool);
fail_unless(res->xas_compare == (XASET_COMPARE) item_cmp,
"Expected %p, got %p", item_cmp, res->xas_compare);
@@ -355,12 +355,12 @@ START_TEST (set_remove_test) {
fail_unless(res == 0, "Failed to add item2");
member = (xasetmember_t *) item1;
- fail_unless(member->next == NULL);
- fail_unless(member->prev != NULL);
+ fail_unless(member->next == NULL, "Next pointer is not NULL");
+ fail_unless(member->prev != NULL, "Previous pointer is NULL");
member = (xasetmember_t *) item2;
- fail_unless(member->next != NULL);
- fail_unless(member->prev == NULL);
+ fail_unless(member->next != NULL, "Next pointer is NULL");
+ fail_unless(member->prev == NULL, "Previous pointer is not NULL");
member = set->xas_list;
fail_unless(member == (xasetmember_t *) item2,
@@ -371,8 +371,8 @@ START_TEST (set_remove_test) {
strerror(errno));
member = (xasetmember_t *) item2;
- fail_unless(member->next == NULL);
- fail_unless(member->prev == NULL);
+ fail_unless(member->next == NULL, "Next pointer is not NULL");
+ fail_unless(member->prev == NULL, "Previous pointer is not NULL");
member = set->xas_list;
fail_unless(member == (xasetmember_t *) item1,
@@ -383,8 +383,8 @@ START_TEST (set_remove_test) {
strerror(errno));
member = (xasetmember_t *) item1;
- fail_unless(member->next == NULL);
- fail_unless(member->prev == NULL);
+ fail_unless(member->next == NULL, "Next pointer is not NULL");
+ fail_unless(member->prev == NULL, "Previous pointer is not NULL");
member = set->xas_list;
fail_unless(member == NULL, "Expected list to be empty, got %p", member);
--- tests/api/str.c
+++ tests/api/str.c
@@ -1539,10 +1539,10 @@ START_TEST (uid2str_test) {
const char *res;
res = pr_uid2str(NULL, (uid_t) 1);
- fail_unless(strcmp(res, "1") == 0);
+ fail_unless(strcmp(res, "1") == 0, "Failed to handle uid of 1");
res = pr_uid2str(NULL, (uid_t) -1);
- fail_unless(strcmp(res, "-1") == 0);
+ fail_unless(strcmp(res, "-1") == 0, "Failed to handle uid of -1");
}
END_TEST
@@ -1550,10 +1550,10 @@ START_TEST (gid2str_test) {
const char *res;
res = pr_gid2str(NULL, (gid_t) 1);
- fail_unless(strcmp(res, "1") == 0);
+ fail_unless(strcmp(res, "1") == 0, "Failed to handle gid of 1");
res = pr_gid2str(NULL, (gid_t) -1);
- fail_unless(strcmp(res, "-1") == 0);
+ fail_unless(strcmp(res, "-1") == 0, "Failed to handle gid of -1");
}
END_TEST
--- tests/api/timers.c
+++ tests/api/timers.c
@@ -157,7 +157,7 @@ START_TEST (timer_remove_test) {
int res;
res = pr_timer_remove(0, NULL);
- fail_unless(res == 0);
+ fail_unless(res == 0, "Non-zero response for removal with timer ID 0");
res = pr_timer_add(1, 0, NULL, timers_test_cb, "test");
fail_unless(res == 0, "Failed to add timer (%d): %s", res, strerror(errno));

84
proftpd-1.3.7a-fix-environment-sensitive-tests-failure.patch Normal file
View File

@ -0,0 +1,84 @@
diff -ruNa proftpd-1.3.7a/tests/api/netacl.c proftpd-1.3.7a-fix/tests/api/netacl.c
--- proftpd-1.3.7a/tests/api/netacl.c 2020-07-22 01:25:51.000000000 +0800
+++ proftpd-1.3.7a-fix/tests/api/netacl.c 2021-01-13 14:44:00.679322360 +0800
@@ -773,8 +773,10 @@
res = pr_netacl_match(acl, addr);
if (getenv("TRAVIS") == NULL) {
- fail_unless(res == 1, "Failed to positively match ACL to addr: %s",
- strerror(errno));
+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
+ fail_unless(res == 1, "Failed to positively match ACL to addr: %s",
+ strerror(errno));
+ }
}
if (!have_localdomain) {
@@ -790,8 +790,10 @@
res = pr_netacl_match(acl, addr);
if (getenv("TRAVIS") == NULL) {
- fail_unless(res == -1, "Failed to negatively match ACL to addr: %s",
- strerror(errno));
+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
+ fail_unless(res == -1, "Failed to negatively match ACL to addr: %s",
+ strerror(errno));
+ }
}
acl_str = "!www.google.com";
@@ -816,8 +816,10 @@
res = pr_netacl_match(acl, addr);
if (getenv("TRAVIS") == NULL) {
- fail_unless(res == 1, "Failed to positively match ACL to addr: %s",
- strerror(errno));
+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
+ fail_unless(res == 1, "Failed to positively match ACL to addr: %s",
+ strerror(errno));
+ }
}
if (!have_localdomain) {
@@ -833,8 +835,10 @@
res = pr_netacl_match(acl, addr);
if (getenv("TRAVIS") == NULL) {
- fail_unless(res == -1, "Failed to negatively match ACL to addr: %s",
- strerror(errno));
+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
+ fail_unless(res == -1, "Failed to negatively match ACL to addr: %s",
+ strerror(errno));
+ }
}
acl_str = "!www.g*g.com";
diff -ruNa proftpd-1.3.7a/tests/api/netaddr.c proftpd-1.3.7a-fix/tests/api/netaddr.c
--- proftpd-1.3.7a/tests/api/netaddr.c 2021-01-13 14:30:47.467322360 +0800
+++ proftpd-1.3.7a-fix/tests/api/netaddr.c 2021-01-13 14:42:45.851322360 +0800
@@ -417,7 +417,9 @@
res = pr_netaddr_fnmatch(addr, "LOCAL*", flags);
if (getenv("TRAVIS") == NULL) {
/* This test is sensitive the environment. */
- fail_unless(res == TRUE, "Expected TRUE, got %d", res);
+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
+ fail_unless(res == TRUE, "Expected TRUE, got %d", res);
+ }
}
flags = PR_NETADDR_MATCH_IP;
@@ -879,9 +881,11 @@
*/
if (getenv("TRAVIS") == NULL) {
/* This test is sensitive the environment. */
- fail_unless(strcmp(res, "localhost") == 0 ||
- strcmp(res, "localhost.localdomain") == 0,
- "Expected '%s', got '%s'", "localhost or localhost.localdomain", res);
+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
+ fail_unless(strcmp(res, "localhost") == 0 ||
+ strcmp(res, "localhost.localdomain") == 0,
+ "Expected '%s', got '%s'", "localhost or localhost.localdomain", res);
+ }
}
}
END_TEST

22
proftpd-1.3.7a-netaddr-test.patch Normal file
View File

@ -0,0 +1,22 @@
--- tests/api/netaddr.c
+++ tests/api/netaddr.c
@@ -135,7 +135,8 @@ START_TEST (netaddr_get_addr_test) {
res = pr_netaddr_get_addr(p, name, NULL);
fail_unless(res == NULL, "Unexpected got address for '%s'", name);
- fail_unless(errno == ENOENT, "Expected ENOENT (%d), got %s (%d)", ENOENT,
+ fail_unless(errno == ENOENT || errno == EAGAIN,
+ "Expected ENOENT (%d) or EAGAIN (%d), got %s (%d)", ENOENT, EAGAIN,
strerror(errno), errno);
name = "localhost";
@@ -190,7 +191,8 @@ START_TEST (netaddr_get_addr_test) {
res = pr_netaddr_get_addr(p, name, NULL);
fail_unless(res == NULL, "Resolved '%s' unexpectedly", name);
- fail_unless(errno == ENOENT, "Expected ENOENT (%d), got %s (%d)", ENOENT,
+ fail_unless(errno == ENOENT || errno == EAGAIN,
+ "Expected ENOENT (%d) or EAGAIN (%d), got %s (%d)", ENOENT, EAGAIN,
strerror(errno), errno);
#if defined(PR_USE_IPV6)

BIN
proftpd-1.3.8b.tar.gz → proftpd-1.3.7a.tar.gz
View File

Binary file not shown.

105
proftpd-1.3.8-fix-environment-sensitive-tests-failure.patch
View File

@ -1,105 +0,0 @@
From cb0e408e8b82fa8c198d9dd95e5818d8431e9fd5 Mon Sep 17 00:00:00 2001
From: chen-jan <chen_aka_jan@163.com>
Date: Tue, 11 Apr 2023 16:55:34 +0800
Subject: [PATCH] proftpd-1.3.8-fix-environment-sensitive-tests-failure
---
tests/api/netacl.c | 8 ++++++++
tests/api/netaddr.c | 6 ++++++
2 files changed, 14 insertions(+)
diff --git a/tests/api/netacl.c b/tests/api/netacl.c
index e4b0431..b91ecdb 100644
--- a/tests/api/netacl.c
+++ b/tests/api/netacl.c
@@ -775,8 +775,10 @@ START_TEST (netacl_match_test) {
res = pr_netacl_match(acl, addr);
if (getenv("CI") == NULL &&
getenv("TRAVIS") == NULL) {
+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
ck_assert_msg(res == 1, "Failed to positively match ACL to addr: %s",
strerror(errno));
+ }
}
if (!have_localdomain) {
@@ -793,8 +795,10 @@ START_TEST (netacl_match_test) {
res = pr_netacl_match(acl, addr);
if (getenv("CI") == NULL &&
getenv("TRAVIS") == NULL) {
+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
ck_assert_msg(res == -1, "Failed to negatively match ACL to addr: %s",
strerror(errno));
+ }
}
acl_str = "!www.google.com";
@@ -820,8 +824,10 @@ START_TEST (netacl_match_test) {
res = pr_netacl_match(acl, addr);
if (getenv("CI") == NULL &&
getenv("TRAVIS") == NULL) {
+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
ck_assert_msg(res == 1, "Failed to positively match ACL to addr: %s",
strerror(errno));
+ }
}
if (!have_localdomain) {
@@ -838,8 +844,10 @@ START_TEST (netacl_match_test) {
res = pr_netacl_match(acl, addr);
if (getenv("CI") == NULL &&
getenv("TRAVIS") == NULL) {
+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
ck_assert_msg(res == -1, "Failed to negatively match ACL to addr: %s",
strerror(errno));
+ }
}
acl_str = "!www.g*g.com";
diff --git a/tests/api/netaddr.c b/tests/api/netaddr.c
index e79b06c..b7dbeaf 100644
--- a/tests/api/netaddr.c
+++ b/tests/api/netaddr.c
@@ -424,8 +424,10 @@ START_TEST (netaddr_fnmatch_test) {
res = pr_netaddr_fnmatch(addr, "LOCAL*", flags);
if (getenv("CI") == NULL &&
getenv("TRAVIS") == NULL) {
+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
/* This test is sensitive the environment. */
ck_assert_msg(res == TRUE, "Expected TRUE, got %d", res);
+ }
}
flags = PR_NETADDR_MATCH_IP;
@@ -887,10 +889,12 @@ START_TEST (netaddr_get_dnsstr_test) {
*/
if (getenv("CI") == NULL &&
getenv("TRAVIS") == NULL) {
+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
/* This test is sensitive the environment. */
ck_assert_msg(strcmp(res, "localhost") == 0 ||
strcmp(res, "localhost.localdomain") == 0,
"Expected '%s', got '%s'", "localhost or localhost.localdomain", res);
+ }
}
}
END_TEST
@@ -1011,6 +1015,7 @@ START_TEST (netaddr_get_dnsstr_ipv6_test) {
*/
if (getenv("CI") == NULL &&
getenv("TRAVIS") == NULL) {
+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) {
ck_assert_msg(strcmp(res, "localhost") == 0 ||
strcmp(res, "localhost.localdomain") == 0 ||
strcmp(res, "localhost6") == 0 ||
@@ -1019,6 +1024,7 @@ START_TEST (netaddr_get_dnsstr_ipv6_test) {
strcmp(res, "ip6-loopback") == 0 ||
strcmp(res, ip) == 0,
"Expected '%s', got '%s'", "localhost, localhost.localdomain et al", res);
+ }
}
}
END_TEST
--
2.39.1

71
proftpd.spec
View File

@ -13,16 +13,14 @@
# Do a hardened build where possible
%global _hardened_build 1
# Dynamic modules contain references to symbols in main daemon, so we need to disable linker checks for undefined symbols
# Dynamic modules contain references to symbols in main dæmon, so we need to disable linker checks for undefined symbols
%undefine _strict_symbol_defs_build
%global mod_vroot_version 0.9.11
%global vendor %{?_vendor:%{_vendor}}%{!?_vendor:openEuler}
%global mod_vroot_version 0.9.5
Name: proftpd
Version: 1.3.8b
Release: 1
Version: 1.3.7a
Release: 2
Summary: Flexible, stable and highly-configurable FTP server
License: GPLv2+
URL: http://www.proftpd.org/
@ -38,13 +36,16 @@ Source8: proftpd-welcome.msg
Source9: proftpd.sysconfig
Source10: http://github.com/Castaglia/proftpd-mod_vroot/archive/v%{mod_vroot_version}.tar.gz
Patch1: proftpd-1.3.8-shellbang.patch
Patch1: proftpd-1.3.7-shellbang.patch
Patch2: proftpd.conf-no-memcached.patch
Patch3: proftpd-1.3.4rc1-mod_vroot-test.patch
Patch4: proftpd-1.3.6-no-mod-wrap.patch
Patch5: proftpd-1.3.6-no-mod-geoip.patch
Patch6: proftpd-1.3.7rc3-logging-not-systemd.patch
Patch8: proftpd-1.3.8-fix-environment-sensitive-tests-failure.patch
Patch7: proftpd-1.3.7a-check-api.patch
Patch8: proftpd-1.3.7a-netaddr-test.patch
Patch9: proftpd-1.3.7a-fix-environment-sensitive-tests-failure.patch
Patch10: CVE-2021-46854.patch
BuildRequires: coreutils
BuildRequires: gcc
@ -58,21 +59,13 @@ BuildRequires: openldap-devel
BuildRequires: openssl-devel
BuildRequires: pam-devel
BuildRequires: pcre-devel >= 7.0
BuildRequires: perl-generators
BuildRequires: perl-interpreter
BuildRequires: pkgconfig
%if %{?vendor:1}0
BuildRequires: postgresql-devel
%endif
BuildRequires: sed
BuildRequires: sqlite-devel
BuildRequires: tar
BuildRequires: zlib-devel
BuildRequires: chrpath
BuildRequires: libidn2-devel
BuildRequires: libmemcached-devel >= 0.41
BuildRequires: pcre2-devel >= 10.30
BuildRequires: tcp_wrappers-devel
# Test suite requirements
BuildRequires: check-devel
@ -141,15 +134,9 @@ Requires: openssl-devel
Requires: pam-devel
Requires: pcre-devel
Requires: pkgconfig
%if %{?vendor:1}0
Requires: postgresql-devel
%endif
Requires: sqlite-devel
Requires: zlib-devel
Requires: libmemcached-devel >= 0.41
Requires: pcre2-devel >= 10.30
Requires: tcp_wrappers-devel
%description devel
This package is required to build additional modules for ProFTPD.
@ -168,14 +155,12 @@ Requires: %{name} = %{version}-%{release}
%description mysql
Module to add MySQL support to the ProFTPD FTP server.
%if %{?vendor:1}0
%package postgresql
Summary: Module to add PostgreSQL support to the ProFTPD FTP server
Requires: %{name} = %{version}-%{release}
%description postgresql
Module to add PostgreSQL support to the ProFTPD FTP server.
%endif
%package sqlite
Summary: Module to add SQLite support to the ProFTPD FTP server
@ -189,9 +174,6 @@ Summary: ProFTPD - Additional utilities
Requires: %{name} = %{version}-%{release}
Requires: perl-interpreter
BuildRequires: perl(Crypt::Cracklib)
Requires: perl(Crypt::Cracklib)
%description utils
This package contains additional utilities for monitoring and configuring the
ProFTPD server:
@ -249,7 +231,15 @@ sed -i -e '/killall/s/test.*/systemctl reload proftpd.service/' \
%patch6
%endif
%patch8 -p1
# Handle changed API in check 0.15
# https://bugzilla.redhat.com/show_bug.cgi?id=1850198
%patch7
# getaddrinfo() can return EAGAIN in netaddr api test
# https://github.com/proftpd/proftpd/pull/1075
%patch8
%patch9 -p1
%patch10 -p1
# Avoid docfile dependencies
chmod -c -x contrib/xferstats.holger-preiss
@ -262,24 +252,17 @@ find doc/ contrib/ -name '*.orig' -delete
%build
# Modules to be built as DSO's (excluding mod_ifsession, always specified last)
%if %{?vendor:1}0
SMOD1=mod_sql:mod_sql_passwd:mod_sql_mysql:mod_sql_postgres:mod_sql_sqlite
%else
SMOD1=mod_sql:mod_sql_passwd:mod_sql_mysql:mod_sql_sqlite
%endif
SMOD2=mod_quotatab:mod_quotatab_file:mod_quotatab_ldap:mod_quotatab_radius:mod_quotatab_sql
SMOD3=mod_ldap:mod_ban:mod_ctrls_admin:mod_facl:mod_load:mod_vroot
SMOD4=mod_radius:mod_ratio:mod_rewrite:mod_site_misc:mod_exec:mod_shaper
SMOD5=mod_wrap2:mod_wrap2_file:mod_wrap2_sql:mod_copy:mod_deflate:mod_ifversion:mod_qos
SMOD6=mod_sftp:mod_sftp_pam:mod_sftp_sql:mod_tls_shmcache
SMOD7=mod_unique_id
%configure \
--libexecdir="%{_libexecdir}/proftpd" \
--localstatedir="%{rundir}/proftpd" \
--disable-strip \
--enable-memcache \
--enable-pcre2 \
--enable-ctrls \
--enable-dso \
--enable-facl \
@ -293,7 +276,7 @@ SMOD7=mod_unique_id
--with-libraries="%{_libdir}/%{mysql_lib}" \
--with-includes="%{_includedir}/mysql" \
--with-modules=mod_readme:mod_auth_pam:mod_tls \
--with-shared=${SMOD1}:${SMOD2}:${SMOD3}:${SMOD4}:${SMOD5}:${SMOD6}:${SMOD7}:mod_ifsession
--with-shared=${SMOD1}:${SMOD2}:${SMOD3}:${SMOD4}:${SMOD5}:${SMOD6}:mod_ifsession
%make_build
%install
@ -334,11 +317,6 @@ install -p -m 644 contrib/dist/rpm/proftpd-tmpfs.conf \
%{buildroot}%{_prefix}/lib/tmpfiles.d/proftpd.conf
%endif
chrpath -d %{buildroot}%{_sbindir}/proftpd
mkdir -p %{buildroot}/etc/ld.so.conf.d
echo "%{_libdir}" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf
# Find translations
%find_lang proftpd
@ -348,7 +326,7 @@ echo "%{_libdir}" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf
ln ftpdctl tests/
make check
%else
#API tests should always be OK
# API tests should always be OK
export HOSTNAME=`cat /etc/hosts | grep 127.0.0.1 | head -1| awk '{print $2}'`
if ! make -C tests api-tests; then
# Diagnostics to report upstream
@ -378,7 +356,6 @@ if [ $1 -eq 1 ]; then
fi
done
fi
/sbin/ldconfig
%preun
if [ $1 -eq 0 ]; then
@ -409,7 +386,6 @@ else
service xinetd reload &>/dev/null || :
%endif
fi
/sbin/ldconfig
%files -f proftpd.lang
%if 0%{?_licensedir:1}
@ -439,7 +415,6 @@ fi
%config(noreplace) %{_sysconfdir}/proftpd/mod_qos.conf
%config(noreplace) %{_sysconfdir}/proftpd/mod_tls.conf
%config(noreplace) %{_sysconfdir}/sysconfig/proftpd
%config(noreplace) /etc/ld.so.conf.d/*
%if %{use_systemd}
%{_unitdir}/proftpd.service
%{_unitdir}/proftpd.socket
@ -471,7 +446,6 @@ fi
%{_libexecdir}/proftpd/mod_facl.so
%{_libexecdir}/proftpd/mod_ifsession.so
%{_libexecdir}/proftpd/mod_ifversion.so
%{_libexecdir}/proftpd/mod_unique_id.so
%{_libexecdir}/proftpd/mod_load.so
%{_libexecdir}/proftpd/mod_qos.so
%{_libexecdir}/proftpd/mod_quotatab.so
@ -511,10 +485,8 @@ fi
%files mysql
%{_libexecdir}/proftpd/mod_sql_mysql.so
%if %{?vendor:1}0
%files postgresql
%{_libexecdir}/proftpd/mod_sql_postgres.so
%endif
%files sqlite
%{_libexecdir}/proftpd/mod_sql_sqlite.so
@ -535,9 +507,6 @@ fi
%{_mandir}/man1/ftpwho.1*
%changelog
* Tue Dec 26 2023 wangkai <13474090681@163.com> - 1.3.8b-1
- Update to 1.3.8b for fix CVE-2023-51713,CVE-2023-48795
* Thu Dec 01 2022 jiangpeng <jiangpeng01@ncti-gba.cn> - 1.3.7a-2
- Fix CVE-2021-46854

BIN
v0.9.11.tar.gz
View File

Binary file not shown.

BIN
v0.9.5.tar.gz Normal file
View File

Binary file not shown.