Hello community, here is the log from the commit of package proftpd.3821 for openSUSE:13.1:Update checked in at 2015-06-11 13:39:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/proftpd.3821 (Old) and /work/SRC/openSUSE:13.1:Update/.proftpd.3821.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "proftpd.3821" Changes: -------- New Changes file: --- /dev/null 2015-05-15 19:41:08.266053825 +0200 +++ /work/SRC/openSUSE:13.1:Update/.proftpd.3821.new/proftpd.changes 2015-06-11 13:39:02.000000000 +0200 @@ -0,0 +1,439 @@ +------------------------------------------------------------------- +Mon Jun 1 21:33:40 UTC 2015 - [email protected] + +- fix for boo#927290 (CVE-2015-3306) +- update to 1.3.5a: + See http://www.proftpd.org/docs/NEWS-1.3.5a +- rebase patches + * proftpd-ftpasswd.patch + * proftpd-no_BuildDate.patch +- remove gpg-offline dependency +- fix permissions on passwd file + * unable to use world-readable AuthUserFile '.../passwd' (perms 0644): + * 0644 -> 0440 + +------------------------------------------------------------------- +Mon Sep 1 22:04:02 UTC 2014 - [email protected] + +- ProFTPD 1.3.5 + * Added support for SHA-256, SHA-512 password hashes to the ftpasswd tool + * New Modules + mod_geoip, mod_log_forensic, mod_rlimit, mod_snmp, mod_dnsbl + * mod_sftp now supports ECC, ECDSA, ECDH + * Improved FIPS support in mod_sftp. + * mod_sftp module now honors the MaxStoreFileSize directive. + * Many new and changed configuration directives +- update proftpd-no_BuildDate.patch + +------------------------------------------------------------------- +Mon Sep 1 19:00:57 UTC 2014 - [email protected] + +- proftpd 1.3.4e: + Multiple other backported fix from the 1.3.5 branch. + See http://www.proftpd.org/docs/NEWS-1.3.4e +- The fix for the mod_sftp/mod_sftp_pam memory allocation + (CVE-2013-4359) contained in this release was previously patched + into the package. +- adjust proftpd-no_BuildDate.patch for context changes +- remove proftpd-sftp-kbdint-max-responses-bug3973.patch, upstream + +------------------------------------------------------------------- +Tue Mar 25 19:56:04 UTC 2014 - [email protected] + +- Remove tcpd-devel from buildRequires and mod_wrap. + support for tcp_wrappers style /etc/hosts.* is provided + by mod_wrap2_file instead, the latter does not require tcpd. + +------------------------------------------------------------------- +Mon Mar 17 18:38:53 UTC 2014 - [email protected] + +- fix for bnc#844183 + * proftpd fails to start due to missing /run/proftpd +- add own tmpfiles.d file + * proftpd.tmpfile + +------------------------------------------------------------------- +Thu Oct 3 20:48:44 UTC 2013 - [email protected] + +- update to 1.3.4d + * Fixed broken build when using --disable-ipv6 configure option + * Fixed mod_sql "SQLAuthType Backend" MySQL issues +- fix for bnc#843444 (CVE-2013-4359) + * http://bugs.proftpd.org/show_bug.cgi?id=3973 + * add proftpd-sftp-kbdint-max-responses-bug3973.patch + +------------------------------------------------------------------- +Mon Jul 29 01:12:53 UTC 2013 - [email protected] + +- Improve systemd service file +- use upstream tmpfiles.d file. related to [bnc#811793] +- Use /run instead of /var/run + +------------------------------------------------------------------- +Wed May 1 20:35:19 UTC 2013 - [email protected] + +- update to 1.3.4c + * Added Spanish translation. + * Fixed several mod_sftp issues, including SFTPPassPhraseProvider, + handling of symlinks for REALPATH requests, and response code logging. + * Fixed symlink race for creating directories when UserOwner is in effect. + * Increased performance of FTP directory listings. +- rebase and rename patches (remove version string) + * proftpd-1.3.4a-dist.patch -> proftpd-dist.patch + * proftpd-1.3.4a-ftpasswd.patch -> proftpd-ftpasswd.patch + * proftpd-1.3.4a-strip.patch -> proftpd-strip.patch + +------------------------------------------------------------------- +Fri Feb 8 00:19:19 UTC 2013 - [email protected] + +- fix proftpd.conf (rebase basic.conf patch) + * IdentLookups is now a seperate module + <IfModule mod_ident.c> IdentLookups on/off </IfModule> + is needed and module is not built cause crrodriguez disabled it. + +------------------------------------------------------------------- +Thu Nov 29 19:03:00 CET 2012 - [email protected] + +- Verify GPG signature. + +------------------------------------------------------------------- +Fri Nov 2 15:15:25 UTC 2012 - [email protected] + +- fix for bnc#787884 + (https://bugzilla.novell.com/show_bug.cgi?id=787884) + * added extra Source proftpd.conf.tmpfile + +------------------------------------------------------------------- +Thu Aug 30 17:33:30 UTC 2012 - [email protected] + +- Disable ident lookups, this protocol is totally obsolete + and dangerous. (add --disable-ident) +- Fix debug info generation ( add --disable-strip) + +------------------------------------------------------------------- +Wed Aug 29 21:51:49 UTC 2012 - [email protected] + +- Add systemd unit + +------------------------------------------------------------------- +Tue Aug 14 11:11:28 UTC 2012 - [email protected] + +- update to 1.3.4b + + Fixed mod_ldap segfault on login when LDAPUsers with no filters used. + + Fixed sporadic SFTP upload issues for large files. + + Fixed SSH2 handling for some clients (e.g. OpenVMS). + + New FactsOptions directive; see doc/modules/mod_facts.html#FactsOptions + + Fixed build errors on Tru64, AIX, Cygwin. +- add Source Signatuire (.asc) file +- add noBuildDate patch +- add lang pkg + * --enable-nls +- add configure option + * --enable-openssl, --with-lastlog + +------------------------------------------------------------------- +Mon Dec 12 15:00:18 UTC 2011 - [email protected] + +- update to 1.3.4a + + Fixed mod_load/mod_wrap2 build issues. +- 1.3.4 + + New "NoEmptyFragments" TLSOption added; see the TLSOptions documentation + for details. + + Improved configure script for cross-compiling. + + Reworked the proftpd.spec RPM file + + Fixed mod_sql_mysql "Alarm clock" bug on FreeBSD. + + New "IgnoreSFTPSetTimes" SFTPOption added; see the SFTPOptions + documentation for details. + + Fixed response pool use-after-free issue. +- for more info please see the RELEASE_NOTES file +- reworked patches + * now p0 patches + +------------------------------------------------------------------- +Fri Nov 18 14:56:41 UTC 2011 - [email protected] + +- fix for bnc#731347 + * no (hostname -s) in post section + * reworked basic conf patch + +------------------------------------------------------------------- +Fri Nov 11 13:13:57 UTC 2011 - [email protected] + +- fix changelog + * RELEASE_NOTES-1.3.3g is lacking of important info +- fix for CVE-2011-4130 (bnc#729830) + * https://bugzilla.novell.com/show_bug.cgi?id=729830 + (upstream) http://bugs.proftpd.org/show_bug.cgi?id=3711 + => fixed with version 1.3.3g + +------------------------------------------------------------------- +Thu Nov 10 09:39:36 UTC 2011 - [email protected] + +- update to 1.3.3g + (http://www.proftpd.org/docs/RELEASE_NOTES-1.3.3g) + + New "NoEmptyFragments" TLSOption added; see the TLSOptions documentation + for details. + + Fixed mod_sql_mysql "Alarm clock" bug on FreeBSD. + (http://www.proftpd.org/docs/NEWS-1.3.3g) + - Bug 3702 - ProFTPD with mod_sql_mysql dies of "Alarm clock" on FreeBSD. + - Bug 3704 - Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST attacks. + To disable this countermeasure, which may cause interoperability issues + with some clients, use the NoEmptyFragments TLSOption. + - Bug 3711 - Response pool use-after-free memory corruption error. + +------------------------------------------------------------------- +Tue Oct 4 22:03:10 UTC 2011 - [email protected] + +- update to 1.3.3f + + Fixes segfault if mod_sql_mysql and "SQLAuthenticate groupsetfast" + configuration used. + + Fixes mod_wrap syslog level (regression from Bug#3317). + + Fixes mod_ifsession segfault if regular expression patterns used in + a <VirtualHost> section. + +------------------------------------------------------------------- +Fri Apr 29 11:18:55 UTC 2011 - [email protected] + +- push to Factory ++++ 242 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:13.1:Update/.proftpd.3821.new/proftpd.changes New: ---- proftpd-1.3.5a.tar.gz proftpd-1.3.5a.tar.gz.asc proftpd-basic.conf.patch proftpd-dist.patch proftpd-ftpasswd.patch proftpd-no_BuildDate.patch proftpd-sftp-kbdint-max-responses-bug3973.patch proftpd-strip.patch proftpd.changes proftpd.init proftpd.keyring proftpd.passwd proftpd.service proftpd.spec proftpd.tmpfile ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ proftpd.spec ++++++ # # spec file for package proftpd # # Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: proftpd Summary: Highly configurable GPL-licensed FTP server software License: GPL-2.0+ Group: Productivity/Networking/Ftp/Servers # Please save your time and do not update to "rc" versions. # We only accept updates for "STABLE" Versions Version: 1.3.5a Release: 0 Url: http://www.proftpd.org/ Source0: ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz Source1: ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz.asc Source11: %{name}.init Source12: %{name}.passwd Source13: %{name}.service Source14: %{name}.tmpfile Source15: %{name}.keyring #PATCH-FIX-openSUSE: pam, logrotate, xinet Patch100: %{name}-dist.patch #PATCH-FIX-openSUSE: provide a useful default config Patch101: %{name}-basic.conf.patch #PATCH-FIX: provide more info on usage ;) Patch102: %{name}-ftpasswd.patch #PATCH-FIX: fix strip Patch103: %{name}-strip.patch #PATCH-FIX-openSUSE: file-contains-date-and-time Patch104: %{name}-no_BuildDate.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build #BuildRequires: gpg-offline BuildRequires: krb5-devel BuildRequires: libacl-devel BuildRequires: libattr-devel #BuildRequires: libmemcached-devel BuildRequires: libGeoIP-devel BuildRequires: mysql-devel BuildRequires: ncurses-devel BuildRequires: openldap2-devel BuildRequires: openssl-devel BuildRequires: pam-devel BuildRequires: pkg-config BuildRequires: postgresql-devel BuildRequires: sqlite3-devel BuildRequires: unixODBC-devel Requires: logrotate %if 0%{?lang_package:1} > 0 Recommends: %{name}-lang %endif %if 0%{?suse_version} >= 1210 BuildRequires: systemd %{?systemd_requires} %define has_systemd 1 %endif %description ProFTPD is a highly configurable FTP daemon for Unix and Unix-like operating systems. See the README.ports file for more details about the platforms on which ProFTPD in known or thought to build and run. %{?lang_package} %package devel Summary: Development files for ProFTPD Group: Development/Libraries/C and C++ Requires: %{name} = %{version} %description devel This package contains Development files for ProFTPD %package ldap Summary: LDAP Module for ProFTPD Group: Productivity/Networking/Ftp/Servers Requires: %{name} = %{version} %description ldap This is the LDAP Module for ProFTPD %package mysql Summary: MySQL Module for ProFTPD Group: Productivity/Networking/Ftp/Servers Requires: %{name} = %{version} %description mysql This is the MySQL Module for ProFTPD %package pgsql Summary: PostgreSQL Module for ProFTPD Group: Productivity/Networking/Ftp/Servers Requires: %{name} = %{version} %description pgsql This is the PostgreSQL Module for ProFTPD %package radius Summary: Radius Module for ProFTPD Group: Productivity/Networking/Ftp/Servers Requires: %{name} = %{version} %description radius This is the Radius Module for ProFTPD %package sqlite Summary: SQLite Module for ProFTPD Group: Productivity/Networking/Ftp/Servers Requires: %{name} = %{version} %description sqlite This is the SQLite Module for ProFTPD %package doc Summary: Documentation for ProFTPD Group: Documentation/HTML Requires: %{name} = %{version} %description doc Here are Documentation for ProFTPD %prep #gpg_verify %{S:1} %setup -q %{__rm} README.AIX %patch100 %patch101 %patch102 %patch103 %patch104 %build rm contrib/mod_wrap.c PROFTPD_SHARED_MODS="$(for spec_mod in $(find contrib -name mod_\*.c); do echo "$(basename ${spec_mod%%.c})"; done | tr '\n' ':' | sed -e 's|:$||')" export CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -DLDAP_DEPRECATED" export CXXFLAGS="$CFLAGS" %configure --disable-static --with-pic \ --bindir=%{_sbindir} \ --libexecdir=%{_libdir}/%{name} \ --sysconfdir=%{_sysconfdir}/%{name} \ %if 0%{?has_systemd} --localstatedir=/run/%{name} \ %else --localstatedir=%{_localstatedir}/run/%{name} \ %endif --enable-sendfile \ --enable-ctrls \ --enable-dso \ --enable-facl \ --enable-ipv6 \ --enable-nls \ --enable-openssl \ --with-lastlog \ --with-includes="%{_includedir}/mysql:%{_includedir}/pgsql" \ --with-shared="${PROFTPD_SHARED_MODS}" \ --disable-ident \ --disable-strip # --enable-memcache \ %{__make} %{?_smp_mflags} %install %makeinstall INSTALL_USER=`id -un` INSTALL_GROUP=`id -gn` %{__install} -D -m 0644 contrib/dist/rpm/ftp.pamd $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/%{name} %{__install} -D -m 0644 contrib/dist/rpm/xinetd $RPM_BUILD_ROOT%{_sysconfdir}/xinetd.d/%{name} %{__install} -D -m 0644 contrib/dist/rpm/%{name}.logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/%{name} %{__install} -D -m 0755 %{S:11} $RPM_BUILD_ROOT%{_sysconfdir}/init.d/%{name} %{__ln_s} -f %{_sysconfdir}/init.d/%{name} $RPM_BUILD_ROOT%{_sbindir}/rc%{name} # %{__rm} -fv $RPM_BUILD_ROOT%{_libdir}/%{name}/*.{a,la} # install ftpasswd %{__install} -D -m 0755 contrib/ftpasswd $RPM_BUILD_ROOT%{_sbindir}/ # some needed dirs %{__install} -d $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/{conf.d,auth} %{__install} -m 0440 %{S:12} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/auth/passwd %{__install} -d -m 0750 $RPM_BUILD_ROOT/var/log/%{name} %if 0%{?has_systemd} %{__install} -D -m 0644 %{S:13} %{buildroot}%{_unitdir}/%{name}.service # systemd need to create a tmp dir: /run/proftpd %{__install} -D -m 0644 %{S:14} %{buildroot}%{_prefix}/lib/tmpfiles.d/%{name}.conf %endif %find_lang %{name} %pre # on `rpm -ivh` PARAM is 1 # on `rpm -Uvh` PARAM is 2 #if [ "$1" = "1" ]; then %if 0%{?has_systemd} %service_add_pre %{name}.service %endif %preun # on `rpm -e` PARAM is 0 %stop_on_removal proftpd %if 0%{?has_systemd} %service_del_preun %{name}.service %endif %post # on `rpm -ivh` PARAM is 1 # on `rpm -Uvh` PARAM is 2 %if 0%{?has_systemd} %service_add_post %{name}.service %{__install} -d /run/%{name} %else %{fillup_and_insserv -f proftpd} %{__install} -d %{_localstatedir}/run/%{name} %endif %postun # on `rpm -e` PARAM is 0 if [ "$1" = "0" ]; then %{insserv_cleanup} fi %restart_on_update proftpd %if 0%{?has_systemd} %service_del_postun %{name}.service %endif %clean %{__rm} -rf %{buildroot} %if 0%{?lang_package:1} > 0 %files lang -f %{name}.lang %if 0%{?sles_version} == 11 %defattr(-,root,root,-) %dir %{_datadir}/locale/bg_BG %dir %{_datadir}/locale/bg_BG/LC_MESSAGES %dir %{_datadir}/locale/ja_JP %dir %{_datadir}/locale/ja_JP/LC_MESSAGES %dir %{_datadir}/locale/ko_KR %dir %{_datadir}/locale/ko_KR/LC_MESSAGES %endif %files %else %files -f %{name}.lang %endif %defattr(-,root,root,-) %doc COPYING CREDITS ChangeLog NEWS README* RELEASE_NOTES %doc contrib/README.* #%doc contrib/xferstats.holger-preiss* #%doc contrib/ftpasswd contrib/ftpquota %doc sample-configurations/*.conf %dir %attr(0755,root,root) %{_sysconfdir}/%{name}/ %dir %attr(0750,ftp,ftp) %{_sysconfdir}/%{name}/auth/ %config(noreplace) %attr(0440,root,ftp) %{_sysconfdir}/%{name}/auth/passwd %dir %attr(0755,root,root) %{_sysconfdir}/%{name}/conf.d %config(noreplace) %attr(0640,root,root) %{_sysconfdir}/%{name}/%{name}.conf %{_sysconfdir}/%{name}/PROFTPD-MIB.txt %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %config(noreplace) %{_sysconfdir}/pam.d/%{name} %config(noreplace) %{_sysconfdir}/xinetd.d/%{name} %config(noreplace) %{_sysconfdir}/%{name}/blacklist.dat %config(noreplace) %{_sysconfdir}/%{name}/dhparams.pem %{_sysconfdir}/init.d/%{name} %dir %attr(0750,ftp,ftp) %{_localstatedir}/log/%{name} %{_sbindir}/* %{_mandir}/man?/* %dir %attr(0755,root,root) %{_libdir}/%{name}/ %{_libdir}/%{name}/*.so %exclude %{_libdir}/%{name}/mod_ldap.so %exclude %{_libdir}/%{name}/mod_sql_mysql.so %exclude %{_libdir}/%{name}/mod_sql_postgres.so %exclude %{_libdir}/%{name}/mod_radius.so %exclude %{_libdir}/%{name}/mod_sql_sqlite.so %if 0%{?has_systemd} %{_unitdir}/%{name}.service %{_prefix}/lib/tmpfiles.d/%{name}.conf %ghost %dir /run/%{name} %endif %files devel %defattr(-,root,root,-) %{_includedir}/%{name} %{_libdir}/pkgconfig/%{name}.pc %files ldap %defattr(-,root,root,-) %{_libdir}/%{name}/mod_ldap.so %files mysql %defattr(-,root,root,-) %{_libdir}/%{name}/mod_sql_mysql.so %files pgsql %defattr(-,root,root,-) %{_libdir}/%{name}/mod_sql_postgres.so %files radius %defattr(-,root,root,-) %{_libdir}/%{name}/mod_radius.so %files sqlite %defattr(-,root,root,-) %{_libdir}/%{name}/mod_sql_sqlite.so %files doc %defattr(-,root,root,-) %doc doc/*.html doc/contrib doc/howto doc/modules %changelog ++++++ proftpd-basic.conf.patch ++++++ Index: sample-configurations/basic.conf =================================================================== --- sample-configurations/basic.conf.orig +++ sample-configurations/basic.conf @@ -3,19 +3,29 @@ # and a single anonymous login. It assumes that you have a user/group # "nobody" and "ftp" for normal operation and anon. -ServerName "ProFTPD Default Installation" -ServerType standalone -DefaultServer on +ServerName "ProFTPD" +ServerType standalone +DefaultServer on # Port 21 is the standard FTP port. -Port 21 +Port 21 + +# FireWall PortRange for PASV +PassivePorts 40000 40999 + +# Set DebugLevel to values between 0 and 9 +# default is 0 +DebugLevel 0 + +# SystemLog -- Redirect syslogging to a file +SystemLog /var/log/proftpd/proftpd.log # Don't use IPv6 support by default. -UseIPv6 off +UseIPv6 off # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. -Umask 022 +Umask 022 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections @@ -23,43 +33,192 @@ Umask 022 # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd). -MaxInstances 30 +MaxInstances 30 # Set the user and group under which the server will run. -User nobody -Group nogroup - -# To cause every FTP user to be "jailed" (chrooted) into their home -# directory, uncomment this line. -#DefaultRoot ~ +User ftp +Group ftp -# Normally, we want files to be overwriteable. -AllowOverwrite on +# Some logging formats +LogFormat default "%h %l %u %t \"%r\" %s %b" +LogFormat auth "%v [%P] %h %t \"%r\" %s" +LogFormat write "%h %l %u %t \"%r\" %s %b" + +# ------------------------------ +# Global Settings +# ------------------------------ +<Global> + + # ------------------------------ + # Login + # ------------------------------ + + ServerIdent on "FTP server ready" + DeferWelcome on + #DisplayConnect /etc/proftpd/msg + + <IfModule mod_ident.c> + IdentLookups off + </IfModule> + UseFtpUsers off + RequireValidShell off + + TimeoutLogin 60 + MaxLoginAttempts 3 + #MaxClientsPerHost none + #MaxClientsPerUser 1 "Only one connection at a time." + + # ------------------------------ + # Authentication + # ------------------------------ + + ### PAM Authentication + # AuthPAM: default: on + AuthPAM off + + # changed AuthPAMConfig file + AuthPAMConfig proftpd + ### PAM Authentication + + AuthUserFile /etc/proftpd/auth/passwd + AuthGroupFile /etc/group + + ### order of auth modules + #AuthOrder mod_auth_unix.c mod_auth_file.c + AuthOrder mod_auth_file.c + + # ------------------------------ + # Post-Login + # ------------------------------ + + DisplayLogin welcome.msg + DisplayChdir .message + AllowOverride off + + TimeoutIdle 600 + TimeoutNoTransfer 900 + TimeoutStalled 300 + TimeoutSession 3600 + + # ------------------------------ + # Session + # ------------------------------ + + # To cause every FTP user to be "jailed" (chrooted) into their home + # directory, uncomment this line. + DefaultRoot ~ web,!users + + DenyFilter \*.*/ + ListOptions "-A +R" strict + UseGlobbing off + + ShowSymlinks on + TimesGMT on + + # ------------------------------ + # Up- & Download + # ------------------------------ + + # having to delete before uploading is a pain ;) + AllowOverwrite on + AllowRetrieveRestart on + HiddenStores on + DeleteAbortedStores on + #AllowStoreRestart off # is contrary to "DeleteAbortedStores" + + # ------------------------------ + # Logging + # ------------------------------ + + WtmpLog off + TransferLog /var/log/proftpd/xferlog + + # Record all logins + ExtendedLog /var/log/proftpd/auth.log AUTH auth + + # Logging file/dir access + ExtendedLog /var/log/proftpd/access.log WRITE,READ write + + # Paranoia logging level.... + ExtendedLog /var/log/proftpd/paranoid.log ALL default + + # SQLLogFile + #SQLLogFile /var/log/proftpd/SQL.log +</Global> # Bar use of SITE CHMOD by default <Limit SITE_CHMOD> DenyAll </Limit> +##### +# Include other confs +#Include /etc/proftpd/conf.d/*.conf + +##### + +# ------------------------------ +# Anonymous Settings +# ------------------------------ # A basic anonymous configuration, no upload directories. If you do not # want anonymous users, simply delete this entire <Anonymous> section. <Anonymous ~ftp> - User ftp - Group ftp - - # We want clients to be able to login with "anonymous" as well as "ftp" - UserAlias anonymous ftp - - # Limit the maximum number of anonymous logins - MaxClients 10 - - # We want 'welcome.msg' displayed at login, and '.message' displayed - # in each newly chdired directory. - DisplayLogin welcome.msg - DisplayChdir .message - - # Limit WRITE everywhere in the anonymous chroot - <Limit WRITE> - DenyAll - </Limit> + # Limit LOGIN + #<Limit LOGIN> + # Order Allow,Deny + # Allow from .examples.net,113.141.114.1 + # Deny from All + #</Limit> + + # Limit WRITE everywhere in the anonymous chroot + <Limit WRITE> + DenyAll + </Limit> + + # LoginPasswordPrompt -- Configure to display the passwort prompt or not + LoginPasswordPrompt off + + # DirFakeMode -- Hide real file/directory permissions + DirFakeMode 0640 + + # DirFakeUser -- Hide real file/directory owner + DirFakeUser On + + # DirFakeGroup -- Hide real file/directory group + DirFakeGroup On + + # We want clients to be able to login with "anonymous" as well as "ftp" + UserAlias anonymous ftp + + # Limit the maximum number of anonymous logins + MaxClients 10 + #MaxRetrieveFileSize 512 Mb + + # Limit Up/Downloads to 255 K/sec + #TransferRate APPE,RETR,STOR,STOU 255 + + # We want 'welcome.msg' displayed at login, and '.message' displayed + # in each newly chdired directory. + DisplayLogin welcome.msg + DisplayChdir .message + + #<Directory pub> + # <Limit ALL> + # Order Allow,Deny + # Allow from .examples.net,113.141.114.1 + # Deny from All + # </Limit> + #</Directory> + + # An upload directory that allows storing files but not retrieving + # or creating directories. + #<Directory uploads/*> + # <Limit READ> + DenyAll + # </Limit> + # <Limit STOR> + AllowAll + # </Limit> + #</Directory> </Anonymous> + ++++++ proftpd-dist.patch ++++++ Index: contrib/dist/rpm/ftp.pamd =================================================================== --- contrib/dist/rpm/ftp.pamd.orig +++ contrib/dist/rpm/ftp.pamd @@ -1,6 +1,7 @@ #%PAM-1.0 + auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed -auth required pam_unix.so shadow nullok +#auth required pam_unix.so shadow nullok # If this is enabled, anonymous logins will fail because the 'ftp' user does # not have a "valid" shell, as listed in /etc/shells. @@ -11,5 +12,8 @@ auth required pam_unix.so shadow n # #auth required pam_shells.so -account required pam_unix.so -session required pam_unix.so +auth required pam_unix2.so +auth required pam_shells.so +account required pam_unix2.so +password required pam_unix2.so +session required pam_unix2.so Index: contrib/dist/rpm/proftpd.logrotate =================================================================== --- contrib/dist/rpm/proftpd.logrotate.orig +++ contrib/dist/rpm/proftpd.logrotate @@ -1,10 +1,16 @@ -/var/log/proftpd/*.log /var/log/xferlog { +/var/log/proftpd/xferlog /var/log/proftpd/*.log { compress - missingok + dateext + maxage 365 + rotate 99 + size=+4096k notifempty + missingok + create 640 root root sharedscripts postrotate - test -f /var/lock/subsys/proftpd && /usr/bin/killall -HUP proftpd || : + /etc/init.d/proftpd reload + #/etc/init.d/xinetd reload endscript } Index: contrib/dist/rpm/xinetd =================================================================== --- contrib/dist/rpm/xinetd.orig +++ contrib/dist/rpm/xinetd @@ -2,13 +2,15 @@ # description: The ProFTPD FTP server service ftp { - flags = REUSE socket_type = stream + protocol = tcp wait = no +# bind = IP + instances = 30 user = root server = /usr/sbin/in.proftpd - log_on_success += DURATION - log_on_failure += USERID - nice = 10 + log_on_success += PID HOST USERID EXIT DURATION + log_on_failure += HOST USERID ATTEMPT +# nice = 10 disable = yes } ++++++ proftpd-ftpasswd.patch ++++++ Index: contrib/ftpasswd =================================================================== --- contrib/ftpasswd.orig +++ contrib/ftpasswd @@ -34,8 +34,8 @@ use Getopt::Long; $Getopt::Long::auto_abbrev = 0; my $program = basename($0); -my $default_passwd_file = "./ftpd.passwd"; -my $default_group_file = "./ftpd.group"; +my $default_passwd_file = "/etc/proftpd/auth/passwd"; +my $default_group_file = "/etc/proftpd/auth/group"; my $shell_file = "/etc/shells"; my $default_cracklib_dict = "/usr/lib/cracklib_dict"; my $cracklib_dict; @@ -1074,6 +1074,46 @@ usage: $program [--help] [--hash|--group --version Displays the version of $program. +Creating Files + +The ftpasswd program can create and update files for both AuthUserFile and + AuthGroupFile. When it is used for the first time, the program will create + the necessary file. If that file already exists, ftpasswd will update it + with the new information. + +ftpasswd must first know what type of file to create. Use either the + --passwd option (for handling AuthUserFiles), or the --group option + (for handling AuthGroupFiles); this is required. + +When creating an AuthUserFile, the following options are also + required: --name, --uid, --home, and --shell. + This information is required by proftpd to authenticate a user. The optional + parameters for an AuthUserFile include --gid + (defaults to the given --uid argument when not provided) + and --gecos (not used by proftpd at all). For example: + + ftpasswd --passwd --name=bob --uid=1001 --home=/home/bob --shell=/bin/false + +creates an account for user bob. + +To create a file with a name or location other than the default + (which, for --passwd mode is /etc/proftpd/auth/passwd), use the --file option. + +For example, to create the alternate password file in /usr/local/etc/ftpd/passwd: + + ftpasswd --passwd --file=/usr/local/etc/ftpd/passwd --name=bob --uid=1001 \ + --home=/home/bob --shell=/bin/false + +For AuthGroupFiles, use --group: + + ftpasswd --group --name=group-name --gid=group-id --member=user-member1 \ + --member=user-member2 ... --member=user-memberN + +The most common change to these files is made to AuthUserFiles, to change + a user's password. The --change-password option was provided just for this scenario: + + ftpasswd --passwd --name=user --change-password + END_OF_USAGE exit 0; ++++++ proftpd-no_BuildDate.patch ++++++ --- Makefile.in | 14 ++++++-------- contrib/mod_snmp/db.c | 2 +- include/version.h | 2 -- src/main.c | 6 ++---- 4 files changed, 9 insertions(+), 15 deletions(-) Index: Makefile.in =================================================================== --- Makefile.in.orig +++ Makefile.in @@ -24,28 +24,26 @@ BUILD_BIN=proftpd$(EXEEXT) ftpcount$(EXE all: $(BUILD_BIN) -include/buildstamp.h: - echo \#define BUILD_STAMP \"`date +"%a %b %e %Y %H:%M:%S %Z"`\" > include/buildstamp.h dummy: -lib: include/buildstamp.h dummy +lib: dummy cd lib/ && $(MAKE) lib -src: include/buildstamp.h dummy +src: dummy cd src/ && $(MAKE) src -modules: include/buildstamp.h dummy +modules: dummy cd modules/ && $(MAKE) static test -z "$(SHARED_MODULE_OBJS)" -a -z "$(SHARED_MODULE_DIRS)" || (cd modules/ && $(MAKE) shared) -utils: include/buildstamp.h dummy +utils: dummy cd utils/ && $(MAKE) utils -locale: include/buildstamp.h dummy +locale: dummy test -z "$(ENABLE_NLS)" || (cd locale/ && $(MAKE) locale) -dirs: include/buildstamp.h dummy +dirs: dummy @dirs="$(DIRS)"; \ for dir in $$dirs; do \ if [ -d "$$dir" ]; then cd $$dir/ && $(MAKE); fi; \ Index: contrib/mod_snmp/db.c =================================================================== --- contrib/mod_snmp/db.c.orig +++ contrib/mod_snmp/db.c @@ -1122,7 +1122,7 @@ int snmp_db_get_value(pool *p, unsigned return 0; case SNMP_DB_DAEMON_F_VERSION: - *str_value = "ProFTPD Version " PROFTPD_VERSION_TEXT " (built at " BUILD_STAMP ")"; + *str_value = "ProFTPD Version " PROFTPD_VERSION_TEXT; *str_valuelen = strlen(*str_value); pr_trace_msg(trace_channel, 19, Index: include/version.h =================================================================== --- include/version.h.orig +++ include/version.h @@ -1,5 +1,3 @@ -#include "buildstamp.h" - /* Application version (in various forms) */ #define PROFTPD_VERSION_NUMBER 0x0001030507 #define PROFTPD_VERSION_TEXT "1.3.5a" Index: src/main.c =================================================================== --- src/main.c.orig +++ src/main.c @@ -2426,8 +2426,8 @@ static void standalone_main(void) { init_bindings(); - pr_log_pri(PR_LOG_NOTICE, "ProFTPD %s (built %s) standalone mode STARTUP", - PROFTPD_VERSION_TEXT " " PR_STATUS, BUILD_STAMP); + pr_log_pri(PR_LOG_NOTICE, "ProFTPD %s standalone mode STARTUP", + PROFTPD_VERSION_TEXT " " PR_STATUS); pr_pidfile_write(); daemon_loop(); @@ -2482,7 +2482,6 @@ static void show_settings(void) { printf("%s", " Platform: " PR_PLATFORM " [unknown]\n"); #endif /* !HAVE_UNAME */ - printf("%s", " Built: " BUILD_STAMP "\n"); printf("%s", " Built With:\n configure " PR_BUILD_OPTS "\n\n"); printf("%s", " CFLAGS: " PR_BUILD_CFLAGS "\n"); @@ -3000,7 +2999,6 @@ int main(int argc, char *argv[], char ** printf("ProFTPD Version: %s", PROFTPD_VERSION_TEXT " " PR_STATUS "\n"); printf(" Scoreboard Version: %08x\n", PR_SCOREBOARD_VERSION); - printf(" Built: %s\n\n", BUILD_STAMP); modules_list(PR_MODULES_LIST_FL_SHOW_VERSION); exit(0); ++++++ proftpd-sftp-kbdint-max-responses-bug3973.patch ++++++ Index: contrib/mod_sftp_pam.c =================================================================== --- contrib/mod_sftp_pam.c.orig +++ contrib/mod_sftp_pam.c @@ -197,22 +197,13 @@ static int sftppam_converse(int nmsgs, P return PAM_CONV_ERR; } - if (sftp_kbdint_recv_response(sftppam_driver.driver_pool, &recvd_count, - &recvd_responses) < 0) { + if (sftp_kbdint_recv_response(sftppam_driver.driver_pool, list->nelts, + &recvd_count, &recvd_responses) < 0) { pr_trace_msg(trace_channel, 3, "error receiving keyboard-interactive responses: %s", strerror(errno)); return PAM_CONV_ERR; } - /* Make sure that the count of responses matches the challenge count. */ - if (recvd_count != list->nelts) { - (void) pr_log_writefile(sftp_logfd, MOD_SFTP_PAM_VERSION, - "sent %d %s, but received %u %s", nmsgs, - list->nelts != 1 ? "challenges" : "challenge", recvd_count, - recvd_count != 1 ? "responses" : "response"); - return PAM_CONV_ERR; - } - res = calloc(nmsgs, sizeof(struct pam_response)); if (res == NULL) { pr_log_pri(PR_LOG_CRIT, "Out of memory!"); Index: contrib/mod_sftp/kbdint.c =================================================================== --- contrib/mod_sftp/kbdint.c.orig +++ contrib/mod_sftp/kbdint.c @@ -1,6 +1,6 @@ /* * ProFTPD - mod_sftp keyboard-interactive driver mgmt - * Copyright (c) 2008-2009 TJ Saunders + * Copyright (c) 2008-2013 TJ Saunders * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -31,6 +31,8 @@ #include "utf8.h" #include "kbdint.h" +#define SFTP_KBDINT_MAX_RESPONSES 500 + struct kbdint_driver { struct kbdint_driver *next, *prev; @@ -252,8 +254,8 @@ int sftp_kbdint_send_challenge(const cha return res; } -int sftp_kbdint_recv_response(pool *p, unsigned int *count, - const char ***responses) { +int sftp_kbdint_recv_response(pool *p, unsigned int expected_count, + unsigned int *rcvd_count, const char ***responses) { register unsigned int i; char *buf; cmd_rec *cmd; @@ -264,7 +266,7 @@ int sftp_kbdint_recv_response(pool *p, u int res; if (p == NULL || - count == NULL || + rcvd_count == NULL || responses == NULL) { errno = EINVAL; return -1; @@ -299,6 +301,29 @@ int sftp_kbdint_recv_response(pool *p, u resp_count = sftp_msg_read_int(pkt->pool, &buf, &buflen); + /* Ensure that the number of responses sent by the client is the same + * as the number of challenges sent, lest a malicious client attempt to + * trick us into allocating too much memory (Bug#3973). + */ + if (resp_count != expected_count) { + (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION, + "sent %lu %s, but received %lu %s", (unsigned long) expected_count, + expected_count != 1 ? "challenges" : "challenge", + (unsigned long) resp_count, resp_count != 1 ? "responses" : "response"); + destroy_pool(pkt->pool); + errno = EPERM; + return -1; + } + + if (resp_count > SFTP_KBDINT_MAX_RESPONSES) { + (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION, + "received too many responses (%lu > max %lu), rejecting", + (unsigned long) resp_count, (unsigned long) SFTP_KBDINT_MAX_RESPONSES); + destroy_pool(pkt->pool); + errno = EPERM; + return -1; + } + list = make_array(p, resp_count, sizeof(char *)); for (i = 0; i < resp_count; i++) { char *resp; @@ -307,7 +332,7 @@ int sftp_kbdint_recv_response(pool *p, u *((char **) push_array(list)) = pstrdup(p, sftp_utf8_decode_str(p, resp)); } - *count = (unsigned int) resp_count; + *rcvd_count = (unsigned int) resp_count; *responses = ((const char **) list->elts); return 0; } Index: contrib/mod_sftp/mod_sftp.h.in =================================================================== --- contrib/mod_sftp/mod_sftp.h.in.orig +++ contrib/mod_sftp/mod_sftp.h.in @@ -1,6 +1,6 @@ /* * ProFTPD - mod_sftp - * Copyright (c) 2008-2011 TJ Saunders + * Copyright (c) 2008-2013 TJ Saunders * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -174,7 +174,8 @@ int sftp_kbdint_register_driver(const ch int sftp_kbdint_unregister_driver(const char *name); int sftp_kbdint_send_challenge(const char *, const char *, unsigned int, sftp_kbdint_challenge_t *); -int sftp_kbdint_recv_response(pool *, unsigned int *, const char ***); +int sftp_kbdint_recv_response(pool *, unsigned int, unsigned int *, + const char ***); /* API for modules that which to register keystores, for the * SFTPAuthorizedHostKeys and SFTPAuthorizedUserKeys directives. ++++++ proftpd-strip.patch ++++++ Index: ltmain.sh =================================================================== --- ltmain.sh.orig +++ ltmain.sh @@ -2056,7 +2056,10 @@ func_mode_install () ;; esac if test -n "$tstripme" && test -n "$striplib"; then - func_show_eval "$striplib $destdir/$realname" 'exit $?' + #func_show_eval "$striplib $destdir/$realname" 'exit $?' + echo "strip patch" + func_quote_for_expand "$striplib $destdir/$realname" + func_echo $func_quote_for_expand_result fi if test "$#" -gt 0; then ++++++ proftpd.init ++++++ #! /bin/sh # Copyright (c) 1995-2004 SUSE Linux AG, Nuernberg, Germany. # All rights reserved. # # Author: Kurt Garloff # Please send feedback to http://www.suse.de/feedback/ # # /etc/init.d/proftpd # and its symbolic link # /(usr/)sbin/rcproftpd # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # ### BEGIN INIT INFO # Provides: proftpd # Required-Start: $syslog $remote_fs # Should-Start: $time ypbind sendmail # Required-Stop: $syslog $remote_fs # Should-Stop: $time ypbind sendmail # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: ProFTPD daemon # Description: Start ProFTPD to allow XY and provide YZ ### END INIT INFO # # Note on runlevels: # 0 - halt/poweroff 6 - reboot # 1 - single user 2 - multiuser without network exported # 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm) # # Note on script names: # http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html # A registry has been set up to manage the init script namespace. # http://www.lanana.org/ # Please use the names already registered or register one or use a # vendor prefix. # Check for missing binaries (stale symlinks should not happen) # Note: Special treatment of stop for LSB conformance PROFTPD_BIN=/usr/sbin/proftpd test -x $PROFTPD_BIN || { echo "$PROFTPD_BIN not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } PROFTPD_RUNDIR=/var/run/proftpd # Check for existence of needed config file and read it #PROFTPD_CONFIG=/etc/sysconfig/proftpd #test -r $PROFTPD_CONFIG || { echo "$PROFTPD_CONFIG not existing"; # if [ "$1" = "stop" ]; then exit 0; # else exit 6; fi; } # # Read config #. $PROFTPD_CONFIG # Source LSB init functions # providing start_daemon, killproc, pidofproc, # log_success_msg, log_failure_msg and log_warning_msg. # This is currently not used by UnitedLinux based distributions and # not needed for init scripts for UnitedLinux only. If it is used, # the functions from rc.status should not be sourced or used. #. /lib/lsb/init-functions # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v be verbose in local rc status and clear it afterwards # rc_status -v -r ditto and clear both the local and overall rc status # rc_status -s display "skipped" and exit with status 3 # rc_status -u display "unused" and exit with status 3 # rc_failed set local and overall rc status to failed # rc_failed <num> set local and overall rc status to <num> # rc_reset clear both the local and overall rc status # rc_exit exit appropriate to overall rc status # rc_active checks whether a service is activated by symlinks . /etc/rc.status # Reset status of this service rc_reset # Return values acc. to LSB for all commands but status: # 0 - success # 1 - generic or unspecified error # 2 - invalid or excess argument(s) # 3 - unimplemented feature (e.g. "reload") # 4 - user had insufficient privileges # 5 - program is not installed # 6 - program is not configured # 7 - program is not running # 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl) # # Note that starting an already running service, stopping # or restarting a not-running service as well as the restart # with force-reload (in case signaling is not supported) are # considered a success. case "$1" in start) if [ ! -d $PROFTPD_RUNDIR ]; then mkdir -p $PROFTPD_RUNDIR fi echo -n "Starting proftpd " ## Start daemon with startproc(8). If this fails ## the return value is set appropriately by startproc. /sbin/startproc $PROFTPD_BIN # Remember status and be verbose rc_status -v ;; stop) echo -n "Shutting down proftpd " ## Stop daemon with killproc(8) and if this fails ## killproc sets the return value according to LSB. /sbin/killproc -TERM $PROFTPD_BIN # Remember status and be verbose rc_status -v ;; try-restart|condrestart) ## Do a restart only if the service was active before. ## Note: try-restart is now part of LSB (as of 1.9). ## RH has a similar command named condrestart. if test "$1" = "condrestart"; then echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" fi $0 status if test $? = 0; then $0 restart else rc_reset # Not running is not a failure. fi # Remember status and be quiet rc_status ;; restart) ## Stop the service and regardless of whether it was ## running or not, start it again. $0 stop $0 start # Remember status and be quiet rc_status ;; force-reload) echo -n "Reload service proftpd " ## Signal the daemon to reload its config. Most daemons ## do this on signal 1 (SIGHUP). ## If it does not support it, restart the service if it ## is running. # if it supports it: /sbin/killproc -HUP $PROFTPD_BIN #touch /var/run/proftpd.pid # Remember status and be verbose rc_status -v ## Otherwise: #$0 try-restart #rc_status ;; reload) echo -n "Reload service proftpd " ## Like force-reload, but if daemon does not support ## signaling, do nothing (!) # If it supports signaling: /sbin/killproc -HUP $PROFTPD_BIN #touch /var/run/proftpd.pid # Remember status and be verbose rc_status -v ## Otherwise if it does not support reload: #rc_failed 3 #rc_status -v ;; status) echo -n "Checking for service proftpd " ## Check status with checkproc(8), if process is running ## checkproc will return with exit status 0. # Return value is slightly different for the status command: # 0 - service up and running # 1 - service dead, but /var/run/ pid file exists # 2 - service dead, but /var/lock/ lock file exists # 3 - service not running (unused) # 4 - service status unknown :-( # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) # NOTE: checkproc returns LSB compliant status values. /sbin/checkproc $PROFTPD_BIN # NOTE: rc_status knows that we called this init script with # "status" option and adapts its messages accordingly. # Remember status and be verbose rc_status -v ;; probe) ## Optional: Probe for the necessity of a reload, print out the ## argument to this init script which is required for a reload. ## Note: probe is not (yet) part of LSB (as of 1.9) test /etc/proftpd/proftpd.conf -nt $PROFTPD_RUNDIR/proftpd.pid && echo reload ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" exit 1 ;; esac rc_exit ++++++ proftpd.keyring ++++++ pub 1024D/A511976A 2002-05-12 uid TJ Saunders <[email protected]> sub 2048g/8C26F9DE 2002-05-12 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.19 (GNU/Linux) mQGiBDze4PkRBADtl8nbLuIgZkIdl6fUj9/LOBXGrtP5B8cTgDjBlURronHtLzkQ oHqNS8zmh5gmg8F6EMnCy6tqTGlQ3OylhY2u8fBUFJZk0RpaGYka0SI+hkNn/Hmu GLXs4+5RKIuL1lp1DFv2L2S+Qp3xFs0vYJsrdi7nRhM1/LqN9S0pr2/i9QCg/5bD AMS9qiVZvd7E0464cWWUXDsD/2z7fwPUFD23bHGSpifSl8jOqUuOWf5lhJqXLpHZ TnSsO+rOi5dXdB1fPwgvwFnv7akFStTpXaRq1XdB33/QTwWNO3DBXKe8VkBivXTY nWHLiktQwoY06Ws6r2cYxfgRhoHBSQFR/e1OhURaV8d0nSZsISrUyOREAYFUZT0L s0jHBADcNSLHoehRf69mBEh3SMk+hiNse8r0VTcE6aJ5AISE6famDQw9cQh8gdmf R5LrN/QbF4qQ2jWrfzhkVB6oslyghk3KCncFMnmT/4QpPVfSeTon3yM0Sz9Gtr2Q YRp6Qhy7RgnoJ35bMaleww18WKOJtS840PRikboy5XFXt14gvbQeVEogU2F1bmRl cnMgPHRqQGNhc3RhZ2xpYS5vcmc+iFYEEBECAA4FAjze4PkECwMBAgIZAQASCRC3 jok/pRGXagdlR1BHAAEB4EMAoL0MfmR26WnBxfQAUFD1bMnSO95EAKC1jnqqe9Xq TPTsGWOZwNGc13nTmLkCDQQ83uD7EAgA9kJXtwh/CBdyorrWqULzBej5UxE5T7bx brlLOCDaAadWoxTpj0BV89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJP PT2N286Z4VeSWc39uK50T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrU GvC/RgBYK+X0iP1YTknbzSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVb GI2Ou1WMuF040zT9fBdXQ6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcp esqVDNmWn6vQClCbAkbTCD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwACAgf+ORAr y8LE18PVKiJk9/bpZ+LzSQ/kgNKDjqRsqT8HOFjToIpbbY1lOBErEr7OedJGK3ra g1q8vD+kNK4MZdNcEeIcaMG7TnArOJ4zNZzKBQQzZp8hdv8heirfhJtb5MdFO2MI N2+I9OoeUXNX1GVxYQJkuHpvsbqbZ6P2bRYwPUmnSAy6y2yy3ZmTZDD6ItaUaTIA JbT8myTljeO4vz80nWldpUZfVtwkCRczjL7GYvwGbg1DZ45ND1pq9Kp5jqybevYw d2a/7es+PgWQxy6qRFW3j95lm9Dd7ha29trziinxZ5GevUgyPIcs5SCQUG+cb5Yb VUpLxGrHLKoW/mdBCYhOBBgRAgAGBQI83uD7ABIJELeOiT+lEZdqB2VHUEcAAQE1 CwCdGzQx8HHoe2O+tc3ymntAdNl7kLYAoNN0gN75bS/ZWBrKrLR0ne6JAdkO =X5Db -----END PGP PUBLIC KEY BLOCK----- ++++++ proftpd.passwd ++++++ ftp:$1$Qirpijna$Z9ocX/jIH/kpBppMFyI451:49:49::/srv/ftp:/bin/false ++++++ proftpd.service ++++++ [Unit] Description=ProFTPd FTP server After=systemd-user-sessions.service network.target nss-lookup.target local-fs.target remote-fs.target [Service] ExecStart=/usr/sbin/proftpd --nodaemon ExecReload=/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target ++++++ proftpd.tmpfile ++++++ # proFTPD needs a DIR d /run/proftpd 0755 root root -
