package ftpd-ssl
tags 368420 patch
thanks
Hi,
Attached is a patch that I think implements the necessary changes. It
keeps a combined file, but moves it to /etc/ftpd-ssl.
It is supposed to handle upgrades in the following way.
1) If /etc/ssl/certs/ftpd.pem still exists then it moves it to the new
location. If not it creates it in the same way.
2) If there is an exisiting entry in the inetd config it removes the old
version and adds the new one with the necessary options. I'm not sure
how well this bit works. I have tested a couple of combinations, and it
appears to do the right thing.
James
--
James Westby
[EMAIL PROTECTED]
http://jameswestby.net/
diff -u linux-ftpd-ssl-0.17.18+0.3/debian/changelog
linux-ftpd-ssl-0.17.18+0.3/debian/changelog
--- linux-ftpd-ssl-0.17.18+0.3/debian/changelog
+++ linux-ftpd-ssl-0.17.18+0.3/debian/changelog
@@ -1,3 +1,10 @@
+linux-ftpd-ssl (0.17.18+0.3-5.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Move the certificate file to /etc/ftpd-ssl. (Closes: #368420)
+
+ -- James Westby <[EMAIL PROTECTED]> Tue, 27 Jun 2006 01:24:11 +0100
+
linux-ftpd-ssl (0.17.18+0.3-5) unstable; urgency=high
* applied security patch for CVE-2005-3524. (Closes: #339074)
diff -u linux-ftpd-ssl-0.17.18+0.3/debian/postinst
linux-ftpd-ssl-0.17.18+0.3/debian/postinst
--- linux-ftpd-ssl-0.17.18+0.3/debian/postinst
+++ linux-ftpd-ssl-0.17.18+0.3/debian/postinst
@@ -1,12 +1,15 @@
#!/bin/sh -e
# $Id: postinst,v 1.7 2003/06/21 02:31:44 herbert Exp $
+FTPENTRY="ftp stream tcp nowait root /usr/sbin/tcpd
/usr/sbin/in.ftpd -z cert=/etc/ftpd-ssl/ftpd.pem -z key=/etc/ftpd-ssl/ftpd.pem"
if grep -q '[[:blank:]]/usr/sbin/in\.ftpd\>' /etc/inetd.conf; then
- if ! grep -q '^ftp\>' /etc/inetd.conf; then
+ if ! grep -q '[[:blank:]]/usr/sbin/in\.ftpd\>' /etc/inetd.conf | grep -q
'etc/ftpd-ssl'; then
+ update-inetd --pattern '/usr/sbin/in\.ftpd' --remove '*/usr/sbin/in\.ftpd*'
+ update-inetd --group STANDARD --add "$FTPENTRY"
+ elif ! grep -q '^ftp\>' /etc/inetd.conf; then
update-inetd --pattern '/usr/sbin/in\.ftpd' --enable ftp
fi
else
- FTPENTRY="ftp stream tcp nowait root /usr/sbin/tcpd
/usr/sbin/in.ftpd"
if grep -q '^ftp\>' /etc/inetd.conf; then
update-inetd --group STANDARD --add "## $FTPENTRY"
else
@@ -14,12 +17,19 @@
fi
fi
-cd /etc/ssl/certs
+
PATH=$PATH:/usr/bin/ssl
-if [ -f ftpd.pem ]
+if [ -f /etc/ssl/certs/ftpd.pem ]
+then
+ echo "Moving ftpd.pem to /etc/ftpd-ssl"
+ mv /etc/ssl/certs/ftpd.pem /etc/ftpd-ssl
+ # remove old cert hash - don't care if it fails
+ rm -f `openssl x509 -noout -hash < /etc/ftpd-ssl/ftpd.pem`.0 || true
+elif [ -f /etc/ftpd-ssl/ftpd.pem ]
then
- echo "You already have /etc/ssl/certs/ftpd.pem"
+ echo "You already have /etc/ftpd-ssl/ftpd.pem"
else
+ cd /etc/ftpd-ssl
HOSTNAME=`hostname -s`
DOMAINNAME=`hostname -d`
openssl req -new -x509 -nodes -out ftpd.pem -keyout ftpd.pem > /dev/null
2>&1 <<+
@@ -33,9 +43,9 @@
+
# req -new -x509 -nodes -out ftpd.pem -keyout ftpd.pem
- ln -sf ftpd.pem `openssl x509 -noout -hash < ftpd.pem`.0
+# ln -sf ftpd.pem `openssl x509 -noout -hash < ftpd.pem`.0
# chmod 644 ftpd.pem
fi
-chmod 0600 /etc/ssl/certs/ftpd.pem
+chmod 0600 /etc/ftpd-ssl/ftpd.pem
#DEBHELPER#
diff -u linux-ftpd-ssl-0.17.18+0.3/debian/postrm
linux-ftpd-ssl-0.17.18+0.3/debian/postrm
--- linux-ftpd-ssl-0.17.18+0.3/debian/postrm
+++ linux-ftpd-ssl-0.17.18+0.3/debian/postrm
@@ -2,13 +2,12 @@
# $Id: postrm,v 1.1 1999/04/16 07:00:28 herbert Exp $
if [ "$1" = remove -o "$1" = purge ]; then
- update-inetd --remove "ftp stream tcp nowait root
/usr/sbin/tcpd /usr/sbin/in.ftpd"
+ update-inetd --remove "ftp stream tcp nowait root
/usr/sbin/tcpd /usr/sbin/in.ftpd -z cert=/etc/ftpd-ssl/ftpd.pem -z
key=/etc/ftpd-ssl/ftpd.pem"
fi
if [ "$1" = purge ]; then
- cd /etc/ssl/certs
+ cd /etc/ftpd-ssl
PATH=$PATH:/usr/bin/ssl
- rm -f `openssl x509 -noout -hash < ftpd.pem`.0
rm -f ftpd.pem
fi
only in patch2:
unchanged:
--- linux-ftpd-ssl-0.17.18+0.3.orig/debian/dirs
+++ linux-ftpd-ssl-0.17.18+0.3/debian/dirs
@@ -2,3 +2,4 @@
usr/share/man/man5
usr/share/man/man8
usr/sbin
+etc/ftpd-ssl
