diff --git a/CVE-2021-46854.patch b/CVE-2021-46854.patch new file mode 100644 index 0000000..b1a9995 --- /dev/null +++ b/CVE-2021-46854.patch @@ -0,0 +1,43 @@ +From 10a227b4d50e0a2cd2faf87926f58d865da44e43 Mon Sep 17 00:00:00 2001 +From: Chris Hofstaedtler +Date: Tue, 3 Aug 2021 21:53:28 +0200 +Subject: [PATCH] mod_radius: copy _only_ the password + +--- + contrib/mod_radius.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/contrib/mod_radius.c b/contrib/mod_radius.c +index 5092ca5e05..028c364ffd 100644 +--- a/contrib/mod_radius.c ++++ b/contrib/mod_radius.c +@@ -2324,21 +2324,26 @@ static void radius_add_passwd(radius_packet_t *packet, unsigned char type, + + pwlen = strlen((const char *) passwd); + ++ /* Clear the buffers. */ ++ memset(pwhash, '\0', sizeof(pwhash)); ++ + if (pwlen == 0) { + pwlen = RADIUS_PASSWD_LEN; + + } if ((pwlen & (RADIUS_PASSWD_LEN - 1)) != 0) { ++ /* pwlen is not a multiple of RADIUS_PASSWD_LEN, need to prepare a proper buffer */ ++ memcpy(pwhash, passwd, pwlen); + + /* Round up the length. */ + pwlen += (RADIUS_PASSWD_LEN - 1); + + /* Truncate the length, as necessary. */ + pwlen &= ~(RADIUS_PASSWD_LEN - 1); ++ } else { ++ /* pwlen is a multiple of RADIUS_PASSWD_LEN, we can just use it. */ ++ memcpy(pwhash, passwd, pwlen); + } + +- /* Clear the buffers. */ +- memset(pwhash, '\0', sizeof(pwhash)); +- memcpy(pwhash, passwd, pwlen); + + /* Find the password attribute. */ + attrib = radius_get_attrib(packet, RADIUS_PASSWORD); diff --git a/modules.conf b/modules.conf index 3e343ae..87d8b32 100644 --- a/modules.conf +++ b/modules.conf @@ -171,10 +171,6 @@ LoadModule mod_vroot.c LoadModule mod_qos.c -# Attempt to generate a unique ID for every FTP session -# (http://www.proftpd.org/docs/contrib/mod_unique_id.html) -# LoadModule mod_unique_id.c -# # Provide a flexible way of specifying that certain configuration directives # only apply to certain sessions, based on credentials such as connection # class, user, or group membership diff --git a/proftpd-1.3.8-shellbang.patch b/proftpd-1.3.7-shellbang.patch similarity index 90% rename from proftpd-1.3.8-shellbang.patch rename to proftpd-1.3.7-shellbang.patch index e076282..d328c78 100644 --- a/proftpd-1.3.8-shellbang.patch +++ b/proftpd-1.3.7-shellbang.patch @@ -4,7 +4,7 @@ -#!/usr/bin/env perl +#!/usr/bin/perl # --------------------------------------------------------------------------- - # Copyright (C) 2000-2021 TJ Saunders + # Copyright (C) 2000-2020 TJ Saunders # --- contrib/ftpmail +++ contrib/ftpmail @@ -37,4 +37,4 @@ +#!/usr/bin/perl # --------------------------------------------------------------------------- - # Copyright (C) 2008-2020 TJ Saunders + # Copyright (C) 2008-2012 TJ Saunders diff --git a/proftpd-1.3.7a-check-api.patch b/proftpd-1.3.7a-check-api.patch new file mode 100644 index 0000000..ffe29f6 --- /dev/null +++ b/proftpd-1.3.7a-check-api.patch @@ -0,0 +1,120 @@ +--- tests/api/env.c ++++ tests/api/env.c +@@ -61,11 +61,11 @@ START_TEST (env_get_test) { + pr_env_unset(p, key); + + res = pr_env_get(p, key); +- fail_unless(res == NULL); ++ fail_unless(res == NULL, "Unexpectedly found foo in environment"); + + /* XXX PATH should always be set in the environment, right? */ + res = pr_env_get(p, "PATH"); +- fail_unless(res != NULL); ++ fail_unless(res != NULL, "Failed to find PATH in environment"); + + #else + res = pr_env_get(p, key); +--- tests/api/sets.c ++++ tests/api/sets.c +@@ -97,20 +97,20 @@ START_TEST (set_create_test) { + fail_unless(errno == EPERM, "Failed to set errno to EPERM"); + + res = xaset_create(p, NULL); +- fail_unless(res != NULL); ++ fail_unless(res != NULL, "Failed with valid pool and NULL compare item"); + fail_unless(res->pool == p, "Expected %p, got %p", p, res->pool); + + permanent_pool = make_sub_pool(p); + + res = xaset_create(NULL, NULL); +- fail_unless(res != NULL); ++ fail_unless(res != NULL, "Failed to handle null arguments"); + fail_unless(res->pool == permanent_pool, "Expected %p, got %p", + permanent_pool, res->pool); + fail_unless(res->xas_compare == NULL, "Expected NULL, got %p", + res->xas_compare); + + res = xaset_create(p, (XASET_COMPARE) item_cmp); +- fail_unless(res != NULL); ++ fail_unless(res != NULL, "Failed with valid pool and compare items"); + fail_unless(res->pool == p, "Expected %p, got %p", p, res->pool); + fail_unless(res->xas_compare == (XASET_COMPARE) item_cmp, + "Expected %p, got %p", item_cmp, res->xas_compare); +@@ -355,12 +355,12 @@ START_TEST (set_remove_test) { + fail_unless(res == 0, "Failed to add item2"); + + member = (xasetmember_t *) item1; +- fail_unless(member->next == NULL); +- fail_unless(member->prev != NULL); ++ fail_unless(member->next == NULL, "Next pointer is not NULL"); ++ fail_unless(member->prev != NULL, "Previous pointer is NULL"); + + member = (xasetmember_t *) item2; +- fail_unless(member->next != NULL); +- fail_unless(member->prev == NULL); ++ fail_unless(member->next != NULL, "Next pointer is NULL"); ++ fail_unless(member->prev == NULL, "Previous pointer is not NULL"); + + member = set->xas_list; + fail_unless(member == (xasetmember_t *) item2, +@@ -371,8 +371,8 @@ START_TEST (set_remove_test) { + strerror(errno)); + + member = (xasetmember_t *) item2; +- fail_unless(member->next == NULL); +- fail_unless(member->prev == NULL); ++ fail_unless(member->next == NULL, "Next pointer is not NULL"); ++ fail_unless(member->prev == NULL, "Previous pointer is not NULL"); + + member = set->xas_list; + fail_unless(member == (xasetmember_t *) item1, +@@ -383,8 +383,8 @@ START_TEST (set_remove_test) { + strerror(errno)); + + member = (xasetmember_t *) item1; +- fail_unless(member->next == NULL); +- fail_unless(member->prev == NULL); ++ fail_unless(member->next == NULL, "Next pointer is not NULL"); ++ fail_unless(member->prev == NULL, "Previous pointer is not NULL"); + + member = set->xas_list; + fail_unless(member == NULL, "Expected list to be empty, got %p", member); +--- tests/api/str.c ++++ tests/api/str.c +@@ -1539,10 +1539,10 @@ START_TEST (uid2str_test) { + const char *res; + + res = pr_uid2str(NULL, (uid_t) 1); +- fail_unless(strcmp(res, "1") == 0); ++ fail_unless(strcmp(res, "1") == 0, "Failed to handle uid of 1"); + + res = pr_uid2str(NULL, (uid_t) -1); +- fail_unless(strcmp(res, "-1") == 0); ++ fail_unless(strcmp(res, "-1") == 0, "Failed to handle uid of -1"); + } + END_TEST + +@@ -1550,10 +1550,10 @@ START_TEST (gid2str_test) { + const char *res; + + res = pr_gid2str(NULL, (gid_t) 1); +- fail_unless(strcmp(res, "1") == 0); ++ fail_unless(strcmp(res, "1") == 0, "Failed to handle gid of 1"); + + res = pr_gid2str(NULL, (gid_t) -1); +- fail_unless(strcmp(res, "-1") == 0); ++ fail_unless(strcmp(res, "-1") == 0, "Failed to handle gid of -1"); + } + END_TEST + +--- tests/api/timers.c ++++ tests/api/timers.c +@@ -157,7 +157,7 @@ START_TEST (timer_remove_test) { + int res; + + res = pr_timer_remove(0, NULL); +- fail_unless(res == 0); ++ fail_unless(res == 0, "Non-zero response for removal with timer ID 0"); + + res = pr_timer_add(1, 0, NULL, timers_test_cb, "test"); + fail_unless(res == 0, "Failed to add timer (%d): %s", res, strerror(errno)); diff --git a/proftpd-1.3.7a-fix-environment-sensitive-tests-failure.patch b/proftpd-1.3.7a-fix-environment-sensitive-tests-failure.patch new file mode 100644 index 0000000..34933bf --- /dev/null +++ b/proftpd-1.3.7a-fix-environment-sensitive-tests-failure.patch @@ -0,0 +1,84 @@ +diff -ruNa proftpd-1.3.7a/tests/api/netacl.c proftpd-1.3.7a-fix/tests/api/netacl.c +--- proftpd-1.3.7a/tests/api/netacl.c 2020-07-22 01:25:51.000000000 +0800 ++++ proftpd-1.3.7a-fix/tests/api/netacl.c 2021-01-13 14:44:00.679322360 +0800 +@@ -773,8 +773,10 @@ + + res = pr_netacl_match(acl, addr); + if (getenv("TRAVIS") == NULL) { +- fail_unless(res == 1, "Failed to positively match ACL to addr: %s", +- strerror(errno)); ++ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) { ++ fail_unless(res == 1, "Failed to positively match ACL to addr: %s", ++ strerror(errno)); ++ } + } + + if (!have_localdomain) { +@@ -790,8 +790,10 @@ + + res = pr_netacl_match(acl, addr); + if (getenv("TRAVIS") == NULL) { +- fail_unless(res == -1, "Failed to negatively match ACL to addr: %s", +- strerror(errno)); ++ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) { ++ fail_unless(res == -1, "Failed to negatively match ACL to addr: %s", ++ strerror(errno)); ++ } + } + + acl_str = "!www.google.com"; +@@ -816,8 +816,10 @@ + + res = pr_netacl_match(acl, addr); + if (getenv("TRAVIS") == NULL) { +- fail_unless(res == 1, "Failed to positively match ACL to addr: %s", +- strerror(errno)); ++ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) { ++ fail_unless(res == 1, "Failed to positively match ACL to addr: %s", ++ strerror(errno)); ++ } + } + + if (!have_localdomain) { +@@ -833,8 +835,10 @@ + + res = pr_netacl_match(acl, addr); + if (getenv("TRAVIS") == NULL) { +- fail_unless(res == -1, "Failed to negatively match ACL to addr: %s", +- strerror(errno)); ++ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) { ++ fail_unless(res == -1, "Failed to negatively match ACL to addr: %s", ++ strerror(errno)); ++ } + } + + acl_str = "!www.g*g.com"; +diff -ruNa proftpd-1.3.7a/tests/api/netaddr.c proftpd-1.3.7a-fix/tests/api/netaddr.c +--- proftpd-1.3.7a/tests/api/netaddr.c 2021-01-13 14:30:47.467322360 +0800 ++++ proftpd-1.3.7a-fix/tests/api/netaddr.c 2021-01-13 14:42:45.851322360 +0800 +@@ -417,7 +417,9 @@ + res = pr_netaddr_fnmatch(addr, "LOCAL*", flags); + if (getenv("TRAVIS") == NULL) { + /* This test is sensitive the environment. */ +- fail_unless(res == TRUE, "Expected TRUE, got %d", res); ++ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) { ++ fail_unless(res == TRUE, "Expected TRUE, got %d", res); ++ } + } + + flags = PR_NETADDR_MATCH_IP; +@@ -879,9 +881,11 @@ + */ + if (getenv("TRAVIS") == NULL) { + /* This test is sensitive the environment. */ +- fail_unless(strcmp(res, "localhost") == 0 || +- strcmp(res, "localhost.localdomain") == 0, +- "Expected '%s', got '%s'", "localhost or localhost.localdomain", res); ++ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) { ++ fail_unless(strcmp(res, "localhost") == 0 || ++ strcmp(res, "localhost.localdomain") == 0, ++ "Expected '%s', got '%s'", "localhost or localhost.localdomain", res); ++ } + } + } + END_TEST diff --git a/proftpd-1.3.7a-netaddr-test.patch b/proftpd-1.3.7a-netaddr-test.patch new file mode 100644 index 0000000..95a7d42 --- /dev/null +++ b/proftpd-1.3.7a-netaddr-test.patch @@ -0,0 +1,22 @@ +--- tests/api/netaddr.c ++++ tests/api/netaddr.c +@@ -135,7 +135,8 @@ START_TEST (netaddr_get_addr_test) { + + res = pr_netaddr_get_addr(p, name, NULL); + fail_unless(res == NULL, "Unexpected got address for '%s'", name); +- fail_unless(errno == ENOENT, "Expected ENOENT (%d), got %s (%d)", ENOENT, ++ fail_unless(errno == ENOENT || errno == EAGAIN, ++ "Expected ENOENT (%d) or EAGAIN (%d), got %s (%d)", ENOENT, EAGAIN, + strerror(errno), errno); + + name = "localhost"; +@@ -190,7 +191,8 @@ START_TEST (netaddr_get_addr_test) { + + res = pr_netaddr_get_addr(p, name, NULL); + fail_unless(res == NULL, "Resolved '%s' unexpectedly", name); +- fail_unless(errno == ENOENT, "Expected ENOENT (%d), got %s (%d)", ENOENT, ++ fail_unless(errno == ENOENT || errno == EAGAIN, ++ "Expected ENOENT (%d) or EAGAIN (%d), got %s (%d)", ENOENT, EAGAIN, + strerror(errno), errno); + + #if defined(PR_USE_IPV6) diff --git a/proftpd-1.3.8b.tar.gz b/proftpd-1.3.7a.tar.gz similarity index 67% rename from proftpd-1.3.8b.tar.gz rename to proftpd-1.3.7a.tar.gz index f40ee8b..cb7b454 100644 Binary files a/proftpd-1.3.8b.tar.gz and b/proftpd-1.3.7a.tar.gz differ diff --git a/proftpd-1.3.8-fix-environment-sensitive-tests-failure.patch b/proftpd-1.3.8-fix-environment-sensitive-tests-failure.patch deleted file mode 100644 index 5620f80..0000000 --- a/proftpd-1.3.8-fix-environment-sensitive-tests-failure.patch +++ /dev/null @@ -1,105 +0,0 @@ -From cb0e408e8b82fa8c198d9dd95e5818d8431e9fd5 Mon Sep 17 00:00:00 2001 -From: chen-jan -Date: Tue, 11 Apr 2023 16:55:34 +0800 -Subject: [PATCH] proftpd-1.3.8-fix-environment-sensitive-tests-failure - ---- - tests/api/netacl.c | 8 ++++++++ - tests/api/netaddr.c | 6 ++++++ - 2 files changed, 14 insertions(+) - -diff --git a/tests/api/netacl.c b/tests/api/netacl.c -index e4b0431..b91ecdb 100644 ---- a/tests/api/netacl.c -+++ b/tests/api/netacl.c -@@ -775,8 +775,10 @@ START_TEST (netacl_match_test) { - res = pr_netacl_match(acl, addr); - if (getenv("CI") == NULL && - getenv("TRAVIS") == NULL) { -+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) { - ck_assert_msg(res == 1, "Failed to positively match ACL to addr: %s", - strerror(errno)); -+ } - } - - if (!have_localdomain) { -@@ -793,8 +795,10 @@ START_TEST (netacl_match_test) { - res = pr_netacl_match(acl, addr); - if (getenv("CI") == NULL && - getenv("TRAVIS") == NULL) { -+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) { - ck_assert_msg(res == -1, "Failed to negatively match ACL to addr: %s", - strerror(errno)); -+ } - } - - acl_str = "!www.google.com"; -@@ -820,8 +824,10 @@ START_TEST (netacl_match_test) { - res = pr_netacl_match(acl, addr); - if (getenv("CI") == NULL && - getenv("TRAVIS") == NULL) { -+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) { - ck_assert_msg(res == 1, "Failed to positively match ACL to addr: %s", - strerror(errno)); -+ } - } - - if (!have_localdomain) { -@@ -838,8 +844,10 @@ START_TEST (netacl_match_test) { - res = pr_netacl_match(acl, addr); - if (getenv("CI") == NULL && - getenv("TRAVIS") == NULL) { -+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) { - ck_assert_msg(res == -1, "Failed to negatively match ACL to addr: %s", - strerror(errno)); -+ } - } - - acl_str = "!www.g*g.com"; -diff --git a/tests/api/netaddr.c b/tests/api/netaddr.c -index e79b06c..b7dbeaf 100644 ---- a/tests/api/netaddr.c -+++ b/tests/api/netaddr.c -@@ -424,8 +424,10 @@ START_TEST (netaddr_fnmatch_test) { - res = pr_netaddr_fnmatch(addr, "LOCAL*", flags); - if (getenv("CI") == NULL && - getenv("TRAVIS") == NULL) { -+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) { - /* This test is sensitive the environment. */ - ck_assert_msg(res == TRUE, "Expected TRUE, got %d", res); -+ } - } - - flags = PR_NETADDR_MATCH_IP; -@@ -887,10 +889,12 @@ START_TEST (netaddr_get_dnsstr_test) { - */ - if (getenv("CI") == NULL && - getenv("TRAVIS") == NULL) { -+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) { - /* This test is sensitive the environment. */ - ck_assert_msg(strcmp(res, "localhost") == 0 || - strcmp(res, "localhost.localdomain") == 0, - "Expected '%s', got '%s'", "localhost or localhost.localdomain", res); -+ } - } - } - END_TEST -@@ -1011,6 +1015,7 @@ START_TEST (netaddr_get_dnsstr_ipv6_test) { - */ - if (getenv("CI") == NULL && - getenv("TRAVIS") == NULL) { -+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) { - ck_assert_msg(strcmp(res, "localhost") == 0 || - strcmp(res, "localhost.localdomain") == 0 || - strcmp(res, "localhost6") == 0 || -@@ -1019,6 +1024,7 @@ START_TEST (netaddr_get_dnsstr_ipv6_test) { - strcmp(res, "ip6-loopback") == 0 || - strcmp(res, ip) == 0, - "Expected '%s', got '%s'", "localhost, localhost.localdomain et al", res); -+ } - } - } - END_TEST --- -2.39.1 - diff --git a/proftpd.spec b/proftpd.spec index af403be..af7ac36 100644 --- a/proftpd.spec +++ b/proftpd.spec @@ -13,16 +13,14 @@ # Do a hardened build where possible %global _hardened_build 1 -# Dynamic modules contain references to symbols in main daemon, so we need to disable linker checks for undefined symbols +# Dynamic modules contain references to symbols in main dæmon, so we need to disable linker checks for undefined symbols %undefine _strict_symbol_defs_build -%global mod_vroot_version 0.9.11 - -%global vendor %{?_vendor:%{_vendor}}%{!?_vendor:openEuler} +%global mod_vroot_version 0.9.5 Name: proftpd -Version: 1.3.8b -Release: 1 +Version: 1.3.7a +Release: 2 Summary: Flexible, stable and highly-configurable FTP server License: GPLv2+ URL: http://www.proftpd.org/ @@ -38,13 +36,16 @@ Source8: proftpd-welcome.msg Source9: proftpd.sysconfig Source10: http://github.com/Castaglia/proftpd-mod_vroot/archive/v%{mod_vroot_version}.tar.gz -Patch1: proftpd-1.3.8-shellbang.patch +Patch1: proftpd-1.3.7-shellbang.patch Patch2: proftpd.conf-no-memcached.patch Patch3: proftpd-1.3.4rc1-mod_vroot-test.patch Patch4: proftpd-1.3.6-no-mod-wrap.patch Patch5: proftpd-1.3.6-no-mod-geoip.patch Patch6: proftpd-1.3.7rc3-logging-not-systemd.patch -Patch8: proftpd-1.3.8-fix-environment-sensitive-tests-failure.patch +Patch7: proftpd-1.3.7a-check-api.patch +Patch8: proftpd-1.3.7a-netaddr-test.patch +Patch9: proftpd-1.3.7a-fix-environment-sensitive-tests-failure.patch +Patch10: CVE-2021-46854.patch BuildRequires: coreutils BuildRequires: gcc @@ -58,21 +59,13 @@ BuildRequires: openldap-devel BuildRequires: openssl-devel BuildRequires: pam-devel BuildRequires: pcre-devel >= 7.0 -BuildRequires: perl-generators BuildRequires: perl-interpreter BuildRequires: pkgconfig -%if %{?vendor:1}0 BuildRequires: postgresql-devel -%endif BuildRequires: sed BuildRequires: sqlite-devel BuildRequires: tar BuildRequires: zlib-devel -BuildRequires: chrpath -BuildRequires: libidn2-devel -BuildRequires: libmemcached-devel >= 0.41 -BuildRequires: pcre2-devel >= 10.30 -BuildRequires: tcp_wrappers-devel # Test suite requirements BuildRequires: check-devel @@ -141,15 +134,9 @@ Requires: openssl-devel Requires: pam-devel Requires: pcre-devel Requires: pkgconfig -%if %{?vendor:1}0 Requires: postgresql-devel -%endif Requires: sqlite-devel Requires: zlib-devel -Requires: libmemcached-devel >= 0.41 -Requires: pcre2-devel >= 10.30 -Requires: tcp_wrappers-devel - %description devel This package is required to build additional modules for ProFTPD. @@ -168,14 +155,12 @@ Requires: %{name} = %{version}-%{release} %description mysql Module to add MySQL support to the ProFTPD FTP server. -%if %{?vendor:1}0 %package postgresql Summary: Module to add PostgreSQL support to the ProFTPD FTP server Requires: %{name} = %{version}-%{release} %description postgresql Module to add PostgreSQL support to the ProFTPD FTP server. -%endif %package sqlite Summary: Module to add SQLite support to the ProFTPD FTP server @@ -189,9 +174,6 @@ Summary: ProFTPD - Additional utilities Requires: %{name} = %{version}-%{release} Requires: perl-interpreter -BuildRequires: perl(Crypt::Cracklib) -Requires: perl(Crypt::Cracklib) - %description utils This package contains additional utilities for monitoring and configuring the ProFTPD server: @@ -249,7 +231,15 @@ sed -i -e '/killall/s/test.*/systemctl reload proftpd.service/' \ %patch6 %endif -%patch8 -p1 +# Handle changed API in check 0.15 +# https://bugzilla.redhat.com/show_bug.cgi?id=1850198 +%patch7 + +# getaddrinfo() can return EAGAIN in netaddr api test +# https://github.com/proftpd/proftpd/pull/1075 +%patch8 +%patch9 -p1 +%patch10 -p1 # Avoid docfile dependencies chmod -c -x contrib/xferstats.holger-preiss @@ -262,24 +252,17 @@ find doc/ contrib/ -name '*.orig' -delete %build # Modules to be built as DSO's (excluding mod_ifsession, always specified last) -%if %{?vendor:1}0 SMOD1=mod_sql:mod_sql_passwd:mod_sql_mysql:mod_sql_postgres:mod_sql_sqlite -%else -SMOD1=mod_sql:mod_sql_passwd:mod_sql_mysql:mod_sql_sqlite -%endif SMOD2=mod_quotatab:mod_quotatab_file:mod_quotatab_ldap:mod_quotatab_radius:mod_quotatab_sql SMOD3=mod_ldap:mod_ban:mod_ctrls_admin:mod_facl:mod_load:mod_vroot SMOD4=mod_radius:mod_ratio:mod_rewrite:mod_site_misc:mod_exec:mod_shaper SMOD5=mod_wrap2:mod_wrap2_file:mod_wrap2_sql:mod_copy:mod_deflate:mod_ifversion:mod_qos SMOD6=mod_sftp:mod_sftp_pam:mod_sftp_sql:mod_tls_shmcache -SMOD7=mod_unique_id %configure \ --libexecdir="%{_libexecdir}/proftpd" \ --localstatedir="%{rundir}/proftpd" \ --disable-strip \ - --enable-memcache \ - --enable-pcre2 \ --enable-ctrls \ --enable-dso \ --enable-facl \ @@ -293,7 +276,7 @@ SMOD7=mod_unique_id --with-libraries="%{_libdir}/%{mysql_lib}" \ --with-includes="%{_includedir}/mysql" \ --with-modules=mod_readme:mod_auth_pam:mod_tls \ - --with-shared=${SMOD1}:${SMOD2}:${SMOD3}:${SMOD4}:${SMOD5}:${SMOD6}:${SMOD7}:mod_ifsession + --with-shared=${SMOD1}:${SMOD2}:${SMOD3}:${SMOD4}:${SMOD5}:${SMOD6}:mod_ifsession %make_build %install @@ -334,11 +317,6 @@ install -p -m 644 contrib/dist/rpm/proftpd-tmpfs.conf \ %{buildroot}%{_prefix}/lib/tmpfiles.d/proftpd.conf %endif -chrpath -d %{buildroot}%{_sbindir}/proftpd - -mkdir -p %{buildroot}/etc/ld.so.conf.d -echo "%{_libdir}" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf - # Find translations %find_lang proftpd @@ -348,7 +326,7 @@ echo "%{_libdir}" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf ln ftpdctl tests/ make check %else -#API tests should always be OK +# API tests should always be OK export HOSTNAME=`cat /etc/hosts | grep 127.0.0.1 | head -1| awk '{print $2}'` if ! make -C tests api-tests; then # Diagnostics to report upstream @@ -378,7 +356,6 @@ if [ $1 -eq 1 ]; then fi done fi -/sbin/ldconfig %preun if [ $1 -eq 0 ]; then @@ -409,7 +386,6 @@ else service xinetd reload &>/dev/null || : %endif fi -/sbin/ldconfig %files -f proftpd.lang %if 0%{?_licensedir:1} @@ -439,7 +415,6 @@ fi %config(noreplace) %{_sysconfdir}/proftpd/mod_qos.conf %config(noreplace) %{_sysconfdir}/proftpd/mod_tls.conf %config(noreplace) %{_sysconfdir}/sysconfig/proftpd -%config(noreplace) /etc/ld.so.conf.d/* %if %{use_systemd} %{_unitdir}/proftpd.service %{_unitdir}/proftpd.socket @@ -471,7 +446,6 @@ fi %{_libexecdir}/proftpd/mod_facl.so %{_libexecdir}/proftpd/mod_ifsession.so %{_libexecdir}/proftpd/mod_ifversion.so -%{_libexecdir}/proftpd/mod_unique_id.so %{_libexecdir}/proftpd/mod_load.so %{_libexecdir}/proftpd/mod_qos.so %{_libexecdir}/proftpd/mod_quotatab.so @@ -511,10 +485,8 @@ fi %files mysql %{_libexecdir}/proftpd/mod_sql_mysql.so -%if %{?vendor:1}0 %files postgresql %{_libexecdir}/proftpd/mod_sql_postgres.so -%endif %files sqlite %{_libexecdir}/proftpd/mod_sql_sqlite.so @@ -535,9 +507,6 @@ fi %{_mandir}/man1/ftpwho.1* %changelog -* Tue Dec 26 2023 wangkai <13474090681@163.com> - 1.3.8b-1 -- Update to 1.3.8b for fix CVE-2023-51713,CVE-2023-48795 - * Thu Dec 01 2022 jiangpeng - 1.3.7a-2 - Fix CVE-2021-46854 diff --git a/v0.9.11.tar.gz b/v0.9.11.tar.gz deleted file mode 100644 index e811e19..0000000 Binary files a/v0.9.11.tar.gz and /dev/null differ diff --git a/v0.9.5.tar.gz b/v0.9.5.tar.gz new file mode 100644 index 0000000..9bd3b76 Binary files /dev/null and b/v0.9.5.tar.gz differ