--- /dev/null
+proftpd-cn
+~~~~~~~~~~
+
+Zabranjen je anonimni FTP pristup.
+
+Proftp-cn generira SSL certifikat proftpd, ukoliko certifikat vec ne
+postoji.
+
+ -- Zoran Dzelajlija <zoran.dzelajlija@carnet.hr> Fri, 26 Oct 2007 19:30:16 +0200
--- /dev/null
+changelog.Debian
\ No newline at end of file
--- /dev/null
+proftpd-cn (2:1.3.0-2) stable; urgency=low
+
+ * ispravno se puni ServerName
+ * globalna aktivacija TLS-a (cp-update blok)
+ * paljenje DelayEngine-a
+ * default je standalone servis (i mijenja originalni debconf unos)
+
+ -- Dinko Korunic <kreator@carnet.hr> Fri, 26 Oct 2007 18:05:48 +0200
+
+proftpd-cn (2:1.3.0-1) stable; urgency=low
+
+ * Nova verzija i backport iz stable, ispravlja niz sigurnosnih propusta:
+ CVE-2005-2390, CVE-2005-4816, CVE-2006-5815, CVE-2006-6170, CVE-2006-6171,
+ CVE-2006-6563, CVE-2007-2165. Na nasu konfiguraciju su primjenjivi:
+ - CVE-2006-5815 sreplace() stack overflow
+ - CVE-2006-6170 mod_tls module tls_x509_name_oneline() buffer overflow
+ * Izmjene proftpd-common.postrm na sustavu da purge istog ne napravi probleme.
+ * Ispravke ovisnosti.
+
+ -- Zoran Dzelajlija <zoran.dzelajlija@carnet.hr> Mon, 14 May 2007 14:15:14 +0200
+
+proftpd-cn (2:1.2.10-4) stable; urgency=low
+
+ * Svjezi backport paketa iz unstable, inacica iz stable-security
+ se segfaulta jer ima samo sigurnosne ispravke, a pregazila je prethodni
+ backport.
+
+ -- Zoran Dzelajlija <jelly+paketi@srce.hr> Wed, 18 Jan 2006 01:59:06 +0100
+
+proftpd-cn (2:1.2.10-3) stable; urgency=low
+
+ * Ime backup datoteke vise nema razmaka.
+
+ -- Zoran Dzelajlija <jelly+paketi@srce.hr> Mon, 29 Aug 2005 17:18:42 +0200
+
+proftpd-cn (2:1.2.10-2) stable; urgency=low
+
+ * Backport Debianovog paketa iz unstable, navodno ispravlja segfaultove
+ (T#: 2005062413000027, T#: 2005082113000011, mozda T#: 2005080913000025).
+ Takodjer ispravlja i dva sitna sigurnosna propusta (CAN-2005-2390, oba):
+
+ - SQLShowInfo format string vulnerability
+ http://bugs.proftpd.org/show_bug.cgi?id=2645
+
+ - ftpshut format string vulnerability
+ http://bugs.proftpd.org/show_bug.cgi?id=2646
+
+ -- Zoran Dzelajlija <jelly+paketi@srce.hr> Sun, 21 Aug 2005 21:19:04 +0200
+
+proftpd-cn (2:1.2.10-1) unstable; urgency=low
+
+ * Ispravka preimenovane opcije LsDefaultOptions.
+
+ -- Zoran Dzelajlija <jelly+paketi@srce.hr> Wed, 22 Dec 2004 15:23:51 +0100
+
+proftpd-cn (2:1.2.9-1) unstable; urgency=low
+
+ * Novo upstream source izdanje
+ * Izdanje za stable distribuciju
+ * Ispravak mnogo source bugova
+ * proftpd-cn vise ne forsira standalone nacin rada,
+ ali i dalje zabranjuje anonimni FTP pristup
+ * Paket generira SSL certifikat za FTP, ukoliko certifikat
+ vec ne postoji
+
+ -- Bozo Juretic <bjuretic@srce.hr> Tue, 27 Apr 2004 11:47:32 +0200
--- /dev/null
+Source: proftpd-cn
+Section: net
+Priority: optional
+Maintainer: Zoran Dzelajlija <zoran.dzelajlija@carnet.hr>
+Build-Depends: debhelper (>= 4)
+Standards-Version: 3.7.2
+
+Package: proftpd-cn
+Architecture: all
+Depends: proftpd (>= 1.3.0-18cn1), openssl, carnet-tools-cn (>= 2.4), debconf (>= 0.5) | debconf-2.0
+Description: Versatile, virtual-hosting FTP daemon
+ A powerful replacement for wu-ftpd, this File Transfer Protocol
+ daemon supports hidden directories, virtual hosts, and per-directory
+ ".ftpaccess" files. It uses a single main configuration file, with a
+ syntax similar to Apache.
+ .
+ Because of the advanced design, anonymous-FTP directories can have
+ an arbitrary internal structure (bin, lib, etc, and special files are
+ not needed). Advanced features like multiple password files and
+ upload/download ratios are also supported.
+ .
+ More information can be found at http://www.proftpd.org/.
+ .
+ This package depends on the basic installation of proftpd with PAM
+ authentication, and does a bit of configuration munging.
--- /dev/null
+changelog.CARNet
+README.CARNet
--- /dev/null
+#!/bin/sh
+# postinst script for proftpd-cn
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <postinst> `configure' <most-recently-configured-version>
+# * <old-postinst> `abort-upgrade' <new version>
+# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+# <new-version>
+# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+# <failed-install-package> <version> `removing'
+# <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+#
+
+case "$1" in
+ configure|reconfigure)
+ # continue below
+ ;;
+
+ *)
+ exit 0
+ ;;
+esac
+
+# created: 2002-11-15 Bozo Juretic <bjuretic@srce.hr>
+# last update: 2007-05-14 Zoran Dzelajlija <zoran.dzelajlija@carnet.hr>
+# last update: 2007-10-27 Dinko Korunic <kreator@carnet.hr>
+
+# Source debconf library.
+. /usr/share/debconf/confmodule
+
+# Import CN toolsa
+. /usr/share/carnet-tools/functions.sh
+
+FTP_CONF=/etc/proftpd/proftpd.conf
+FTP_TMP=`mktemp /etc/proftpd/proftpd.conf.XXXXXX`
+FTP_OLD=/var/backups/proftpd.conf.bak
+SSL_CERT=/etc/ssl/certs/ftpd-rsa.pem
+SSL_KEY=/etc/ssl/certs/ftpd-rsa-key.pem
+
+# Backup stare konfiguracije
+cp_backup_conffile $FTP_CONF
+cp -p $FTP_CONF $FTP_TMP
+
+# Onemogucavanje Anonymous ftp pristupa
+disable_anonymous()
+{
+ if grep -qi "^<Anonymous" $FTP_TMP; then
+ echo "CN: Anonymous access has been disabled in $FTP_CONF."
+ # Brisanje Anonymous linija
+ sed -n -i -e '/<Anonymous /,/\/Anon/!p' $FTP_TMP
+ fi
+}
+
+# Popravi razne stvari u confu
+fix_conf()
+{
+ if [ -f $FTP_TMP ]; then
+ # Stare list opcije
+ sed -i -e 's/lsdefaultoptions/ListOptions/i' $FTP_TMP
+
+ # Stari tcpwin
+ sed -i -e "s/tcpreceivewindow/SocketOptions rcvbuf/i" \
+ -e "s/tcpsendwindow/SocketOptions sndbuf/i" $FTP_TMP
+
+ # Scoreboard
+ sed -i -e "s/\(scoreboardpath.*\)/#\n#ScoreboardPath is deprecated in 1.2.9, use ScoreboardFile instead\n#\1\n#\n#ScoreboardFile\t\/var\/run\/proftpd\/proftpd.scoreboard\n#/i" $FTP_TMP
+
+ # Ubaci pravi hostname
+ CARNET_HOSTNAME=`hostname`
+ CARNET_DOMAINNAME=`hostname --domain`
+ sed -i -e "s/^ServerName.*\"Debian\"/ServerName \"$CARNET_HOSTNAME.$CARNET_DOMAINNAME\"/i" $FTP_TMP
+
+ # Upali DelayEngine
+ sed -i -e 's/^#.*DelayEngine.*/DelayEngine on/i' $FTP_TMP
+
+ # Omoguci da bude standalone servis
+ sed -i -e 's/^\(ServerType.*\)inetd/\1standalone/' $FTP_TMP
+ update-inetd --disable ftp || true
+ db_set shared/proftpd/inetd_or_standalone "standalone"
+ db_go || true
+ db_stop
+ fi
+}
+
+# Dodaj TLS konfiguraciju ako je potrebna
+add_tls()
+{
+ if [ -f $FTP_TMP ]; then
+ cp-update proftpd-cn $FTP_TMP <<EOF
+<IfModule mod_tls.c>
+ TLSEngine on
+
+ # Are clients required to use FTP over TLS when talking to this server?
+ TLSRequired off
+
+ # Server's certificate
+ TLSRSACertificateFile $SSL_CERT
+ TLSRSACertificateKeyFile $SSL_KEY
+
+ # CA the server trusts
+ #TLSCACertificateFile /etc/ftpd/root.cert.pem
+
+ # Authenticate clients that want to use FTP over TLS?
+ TLSVerifyClient off
+
+ # Allow SSL/TLS renegotiations when the client requests them, but
+ # do not force the renegotations. Some clients do not support
+ # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
+ # clients will close the data connection, or there will be a timeout
+ # on an idle data connection.
+ TLSRenegotiate required off
+</IfModule>
+EOF
+ fi
+}
+
+# include za slucaj da sistemac nije prihvatio izmjene od Debiana
+include_modules()
+{
+ if [ -f $FTP_TMP ] ; then
+ if ! egrep -qi "^[[:space:]]*Include.*/etc/proftpd/modules.conf" $FTP_TMP ; then
+ printf "#\n# Includes required DSO modules. This is mandatory in proftpd 1.3\n#\nInclude\t/etc/proftpd/modules.conf\n\n" >$FTP_TMP.tmp.$$
+ cat $FTP_TMP >>$FTP_TMP.tmp.$$
+ mv -f $FTP_TMP.tmp.$$ $FTP_TMP
+ fi
+ fi
+}
+
+# Generiranje SSL certifikata
+make_ssl_cert()
+{
+ if [ ! -f $SSL_CERT ] ; then
+ cd $(dirname $SSL_CERT)
+ echo "CN: Generating SSL certificate ... "
+ openssl req -new -x509 -days 365 -nodes -out $(basename $SSL_CERT) -keyout $(basename $SSL_KEY)
+ echo "CN: Self-signed SSL certificate generated in $SSL_CERT."
+ echo "CN: Please note that the certificate will expire in one year."
+ fi
+}
+
+# purge starog proftpd-common paketa bi napravio rusvaj
+defuse_old_postrm()
+{
+ if [ -f /var/lib/dpkg/info/proftpd-common.postrm ]; then
+ cp_check_and_sed '^[^#]*(update-rc.d|update-inetd|/var/run/proftpd)' \
+ '/update-rc.d/d; /update-inetd/d; /var\/run\/proftpd/d' \
+ /var/lib/dpkg/info/proftpd-common.postrm || true
+ fi
+}
+
+defuse_old_postrm
+disable_anonymous
+fix_conf
+add_tls
+include_modules
+make_ssl_cert
+
+if [ -z "$2" ]; then
+ echo "CN: Proftpd-cn is configured with disabled anonymous FTP access,"
+ echo "CN: for the security reasons."
+fi
+
+if ! cmp -s $FTP_TMP $FTP_CONF; then
+ echo "CN: Original configuration file is saved in $FTP_OLD."
+ cp_mv $FTP_TMP $FTP_CONF
+else
+ rm -f $FTP_TMP
+fi
+
+echo "CN: Restarting proftpd ..."
+
+if [ -x /usr/sbin/invoke-rc.d ]; then
+ invoke-rc.d proftpd restart
+else
+ /etc/init.d/proftpd restart
+fi
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
--- /dev/null
+#!/bin/sh
+# postrm script for proftpd-cn
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <postrm> `remove'
+# * <postrm> `purge'
+# * <old-postrm> `upgrade' <new-version>
+# * <new-postrm> `failed-upgrade' <old-version>
+# * <new-postrm> `abort-install'
+# * <new-postrm> `abort-install' <old-version>
+# * <new-postrm> `abort-upgrade' <old-version>
+# * <disappearer's-postrm> `disappear' <r>overwrit>r> <new-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+case "$1" in
+ purge)
+ # continue below
+ ;;
+
+ *)
+ exit 0
+ ;;
+esac
+
+# import CN-functions
+. /usr/share/carnet-tools/functions.sh
+
+# remove our block
+if [ -e /etc/proftpd/proftpd.conf ]; then
+ cp-update -r proftpd-cn /etc/proftpd/proftpd.conf
+fi
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
--- /dev/null
+#!/usr/bin/make -f
+# Sample debian/rules that uses debhelper.
+# This file is public domain software, originally written by Joey Hess.
+#
+# This version is for packages that are architecture independent.
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+build: build-stamp
+build-stamp:
+ dh_testdir
+
+ # Add here commands to compile the package.
+ #$(MAKE)
+
+ touch build-stamp
+
+clean:
+ dh_testdir
+ dh_testroot
+ rm -f build-stamp
+
+ # Add here commands to clean up after the build process.
+ #-$(MAKE) clean
+ #-$(MAKE) distclean
+
+ dh_clean
+
+install: build
+ dh_testdir
+ dh_testroot
+ dh_clean -k
+ dh_installdirs
+
+ # Add here commands to install the package into debian/<packagename>.
+ #$(MAKE) prefix=`pwd`/debian/`dh_listpackages`/usr install
+
+# Build architecture-independent files here.
+binary-indep: build install
+ dh_testdir
+ dh_testroot
+ dh_installchangelogs
+ dh_installdocs
+ dh_installexamples
+# dh_installmenu
+# dh_installdebconf
+# dh_installlogrotate
+# dh_installemacsen
+# dh_installcatalogs
+# dh_installpam
+# dh_installmime
+ dh_installinit
+# dh_installcron
+# dh_installinfo
+# dh_undocumented
+ dh_installman
+ dh_link
+ dh_compress
+ dh_fixperms
+# dh_perl
+# dh_python
+ dh_installdeb
+ dh_gencontrol
+ dh_md5sums
+ dh_builddeb
+
+# Build architecture-dependent files here.
+binary-arch: build install
+# We have nothing to do by default.
+
+binary: binary-indep binary-arch
+.PHONY: build clean binary-indep binary-arch binary install
projects / proftpd-cn.git / commitdiff