nuke insecure proftpd port. ok'd by maint.
This commit is contained in:
parent
001e0de728
commit
7de6073ffa
@ -1,65 +0,0 @@
|
||||
# $OpenBSD: Makefile,v 1.15 1999/10/27 22:54:42 brad Exp $
|
||||
# $FreeBSD: Makefile,v 1.7 1999/02/12 21:55:04 obrien Exp $
|
||||
|
||||
DISTNAME= proftpd-1.2.0pre9
|
||||
PKGNAME= proftpd-1.2.0
|
||||
CATEGORIES= net
|
||||
MASTER_SITES= ftp://ftp.tos.net/pub/proftpd/ \
|
||||
|
||||
NEED_VERSION= 1.73
|
||||
|
||||
# If you remove that BROKEN line, the port will build.
|
||||
#
|
||||
# But there have been a series of holes and exploits posted recently,
|
||||
# so using proftpd is a sure way to let yourself be vulnerable.
|
||||
#
|
||||
# It is recommended that you don't use proftpd for now,
|
||||
# unless you're really sure you know what you are doing.
|
||||
#
|
||||
BROKEN= "Needs a security audit. Use at your own risk"
|
||||
|
||||
MAINTAINER= brad@openbsd.org
|
||||
|
||||
USE_GMAKE= yes
|
||||
GNU_CONFIGURE= yes
|
||||
CONFIGURE_ARGS= --localstatedir="/var/run" \
|
||||
--with-modules="mod_ratio:mod_readme"
|
||||
|
||||
post-configure:
|
||||
@${MV} ${WRKSRC}/src/proftpd.8 ${WRKSRC}/src/proftpd.8.pre_sed
|
||||
@${SED} -e 's:/usr/sbin/proftpd:${PREFIX}/libexec/proftpd:' \
|
||||
-e 's:/usr/sbin:${PREFIX}/sbin:' \
|
||||
-e 's:/usr/bin:${PREFIX}/bin:' \
|
||||
-e 's:/var/run:/var/run/proftpd:' \
|
||||
< ${WRKSRC}/src/proftpd.8.pre_sed > ${WRKSRC}/src/proftpd.8
|
||||
@${MV} ${WRKSRC}/src/ftpshut.8 ${WRKSRC}/src/ftpshut.8.pre_sed
|
||||
@${SED} -e 's:/usr/sbin:${PREFIX}/sbin:' \
|
||||
-e 's:/etc:/var/run:' \
|
||||
-e 's:/var/run:/var/run/proftpd:' \
|
||||
< ${WRKSRC}/src/ftpshut.8.pre_sed > ${WRKSRC}/src/ftpshut.8
|
||||
@${MV} ${WRKSRC}/src/ftpcount.1 ${WRKSRC}/src/ftpcount.1.pre_sed
|
||||
@${SED} -e 's:/usr/bin:${PREFIX}/bin:' \
|
||||
-e 's:/var/run:/var/run/proftpd:' \
|
||||
< ${WRKSRC}/src/ftpcount.1.pre_sed > ${WRKSRC}/src/ftpcount.1
|
||||
@${MV} ${WRKSRC}/src/ftpwho.1 ${WRKSRC}/src/ftpwho.1.pre_sed
|
||||
@${SED} -e 's:/usr/bin:${PREFIX}/bin:' \
|
||||
-e 's:/var/run:/var/run/proftpd:' \
|
||||
< ${WRKSRC}/src/ftpwho.1.pre_sed > ${WRKSRC}/src/ftpwho.1
|
||||
|
||||
do-install:
|
||||
@${MKDIR} ${PREFIX}/lib/proftpd
|
||||
${INSTALL_PROGRAM} ${WRKSRC}/ftpcount ${PREFIX}/bin
|
||||
${INSTALL_PROGRAM} ${WRKSRC}/ftpwho ${PREFIX}/bin
|
||||
${INSTALL_PROGRAM} ${WRKSRC}/proftpd ${PREFIX}/libexec
|
||||
${INSTALL_PROGRAM} ${WRKSRC}/ftpshut ${PREFIX}/sbin
|
||||
${INSTALL_MAN} ${WRKSRC}/src/ftpcount.1 ${PREFIX}/man/man1
|
||||
${INSTALL_MAN} ${WRKSRC}/src/ftpwho.1 ${PREFIX}/man/man1
|
||||
${INSTALL_MAN} ${WRKSRC}/src/xferlog.5 ${PREFIX}/man/man5
|
||||
${INSTALL_MAN} ${WRKSRC}/src/ftpshut.8 ${PREFIX}/man/man8
|
||||
${INSTALL_MAN} ${WRKSRC}/src/proftpd.8 ${PREFIX}/man/man8
|
||||
${INSTALL_DATA} ${WRKSRC}/sample-configurations/basic.conf ${PREFIX}/lib/proftpd/proftpd.conf.sample
|
||||
|
||||
post-install:
|
||||
@PKG_PREFIX="${PREFIX}" ${SH} ${PKGDIR}/INSTALL ${DISTNAME} POST-INSTALL
|
||||
|
||||
.include <bsd.port.mk>
|
@ -1,3 +0,0 @@
|
||||
MD5 (proftpd-1.2.0pre9.tar.gz) = 0ad6feb4b59b29240632b77ffc303b14
|
||||
RMD160 (proftpd-1.2.0pre9.tar.gz) = eeb3dc4de8920380e18737a8489abaee90a2a701
|
||||
SHA1 (proftpd-1.2.0pre9.tar.gz) = c291e48e20aedfac640bc242c2b48a063f9f060a
|
@ -1,69 +0,0 @@
|
||||
--- sample-configurations/basic.conf.orig Sat Oct 17 22:24:41 1998
|
||||
+++ sample-configurations/basic.conf Fri Mar 12 10:00:16 1999
|
||||
@@ -1,3 +1,8 @@
|
||||
+#
|
||||
+# To have more informations about Proftpd configuration
|
||||
+# look at : http://www.proftpd.org/
|
||||
+#
|
||||
+
|
||||
# This is a basic ProFTPD configuration file (rename it to
|
||||
# 'proftpd.conf' for actual use. It establishes a single server
|
||||
# and a single anonymous login. It assumes that you have a user/group
|
||||
@@ -30,24 +35,37 @@
|
||||
AllowOverwrite on
|
||||
</Directory>
|
||||
|
||||
-# A basic anonymous configuration, no upload directories.
|
||||
-<Anonymous ~ftp>
|
||||
- User ftp
|
||||
- Group ftp
|
||||
- # We want clients to be able to login with "anonymous" as well as "ftp"
|
||||
- UserAlias anonymous ftp
|
||||
-
|
||||
- # Limit the maximum number of anonymous logins
|
||||
- MaxClients 10
|
||||
-
|
||||
- # We want 'welcome.msg' displayed at login, and '.message' displayed
|
||||
- # in each newly chdired directory.
|
||||
- DisplayLogin welcome.msg
|
||||
- DisplayFirstChdir .message
|
||||
-
|
||||
- # Limit WRITE everywhere in the anonymous chroot
|
||||
- <Limit WRITE>
|
||||
- DenyAll
|
||||
- </Limit>
|
||||
+#########################################################################
|
||||
+# #
|
||||
+# Uncomment lines with only one # to allow basic anonymous access #
|
||||
+# #
|
||||
+#########################################################################
|
||||
+
|
||||
+### A basic anonymous configuration, no upload directories.
|
||||
+# <Anonymous ~ftp>
|
||||
+# User ftp
|
||||
+# Group ftp
|
||||
+ ### We want clients to be able to login with "anonymous" as well as "ftp"
|
||||
+ # UserAlias anonymous ftp
|
||||
+
|
||||
+ ### Limit the maximum number of anonymous logins
|
||||
+ # MaxClients 10
|
||||
+
|
||||
+ ### It is wise when making an 'ftp' user that you either block its
|
||||
+ ### ability to login either via /etc/login.access or my giving it
|
||||
+ ### an invalid shell.
|
||||
+ ### Uncomment this if the 'ftp' user you made has an invalid shell
|
||||
+
|
||||
+ # RequireValidShell off
|
||||
+
|
||||
+ ### We want 'welcome.msg' displayed at login, and '.message' displayed
|
||||
+ ### in each newly chdired directory.
|
||||
+ # DisplayLogin welcome.msg
|
||||
+ # DisplayFirstChdir .message
|
||||
+
|
||||
+ ### Limit WRITE everywhere in the anonymous chroot
|
||||
+ # <Limit WRITE>
|
||||
+ # DenyAll
|
||||
+ # </Limit>
|
||||
|
||||
-</Anonymous>
|
||||
+# </Anonymous>
|
@ -1,29 +0,0 @@
|
||||
--- src/log.c.orig Sun Oct 10 23:13:13 1999
|
||||
+++ src/log.c Wed Oct 27 17:29:28 1999
|
||||
@@ -46,7 +46,7 @@
|
||||
static int syslog_discard = FALSE;
|
||||
static int logstderr = TRUE;
|
||||
static int debug_level = DEBUG0; /* Default is no debug logging */
|
||||
-static int facility = LOG_DAEMON;
|
||||
+static int facility = LOG_FTP;
|
||||
static int set_facility = -1;
|
||||
static char *syslog_fn = NULL;
|
||||
static char *syslog_hostname;
|
||||
@@ -772,7 +772,7 @@
|
||||
log(priority, facility, buf);
|
||||
}
|
||||
|
||||
-/* Like log_pri(), but sends the log entry in the LOG_AUTHPRIV
|
||||
+/* Like log_pri(), but sends the log entry in the LOG_FTP
|
||||
* facility (presumable it doesn't need to be seen by everyone
|
||||
*/
|
||||
|
||||
@@ -787,7 +787,7 @@
|
||||
|
||||
buf[sizeof(buf) - 1] = '\0';
|
||||
|
||||
- log(priority, LOG_AUTHPRIV, buf);
|
||||
+ log(priority, LOG_FTP, buf);
|
||||
}
|
||||
|
||||
/* Disable logging to stderr, should be done right before forking
|
@ -1,50 +0,0 @@
|
||||
--- modules/mod_auth.c.orig Sat Oct 23 01:18:49 1999
|
||||
+++ modules/mod_auth.c Wed Oct 27 17:36:14 1999
|
||||
@@ -70,7 +70,7 @@
|
||||
"closing control connection.",
|
||||
TimeoutLogin);
|
||||
|
||||
- main_exit((void*) LOG_NOTICE, "FTP login timed out, disconnected.",
|
||||
+ main_exit((void*) LOG_INFO, "FTP login timed out, disconnected.",
|
||||
(void*) 0, NULL);
|
||||
|
||||
/* should never be reached */
|
||||
@@ -784,9 +784,9 @@
|
||||
resolve_anonymous_dirs(c->subset);
|
||||
|
||||
if(c)
|
||||
- log_auth(LOG_NOTICE, "ANON %s: Login successful.", origuser);
|
||||
+ log_auth(LOG_INFO, "ANON %s: Login successful.", origuser);
|
||||
else
|
||||
- log_auth(LOG_NOTICE,"USER %s: Login successful.", origuser);
|
||||
+ log_auth(LOG_INFO,"USER %s: Login successful.", origuser);
|
||||
|
||||
/* Write the login to wtmp. This must be done here because we won't
|
||||
* have access after we give up root. This can result in falsified
|
||||
@@ -1146,7 +1146,7 @@
|
||||
"Too many users in your class, "
|
||||
"please try again later.");
|
||||
|
||||
- log_auth(LOG_NOTICE, "Connection refused (max clients for class %s).",
|
||||
+ log_auth(LOG_INFO, "Connection refused (max clients for class %s).",
|
||||
session.class->name);
|
||||
|
||||
end_login(0);
|
||||
@@ -1179,7 +1179,7 @@
|
||||
send_response(R_530,"%s",
|
||||
sreplace(cmd->tmp_pool,maxstr,"%m",maxn,NULL));
|
||||
|
||||
- log_auth(LOG_NOTICE, "Connection refused (max clients per host %d).",
|
||||
+ log_auth(LOG_INFO, "Connection refused (max clients per host %d).",
|
||||
max);
|
||||
|
||||
end_login(0);
|
||||
@@ -1203,7 +1203,7 @@
|
||||
if(cur >= max) {
|
||||
send_response(R_530, "%s",
|
||||
sreplace(cmd->tmp_pool, maxstr, "%m", maxn, NULL));
|
||||
- log_auth(LOG_NOTICE, "Connection refused (max clients %d).", max);
|
||||
+ log_auth(LOG_INFO, "Connection refused (max clients %d).", max);
|
||||
end_login(0);
|
||||
}
|
||||
|
@ -1,15 +0,0 @@
|
||||
--- src/proftpd.8.orig Sun Feb 21 23:13:30 1999
|
||||
+++ src/proftpd.8 Sun Feb 21 23:14:10 1999
|
||||
@@ -21,6 +21,12 @@
|
||||
may be invoked by the Internet "super-server" inetd(8) each time a
|
||||
connection to the FTP service is made, or alternatively it can be run as a
|
||||
stand-alone daemon.
|
||||
+.br
|
||||
+.PP
|
||||
+Each successful and failed ftp(1) session is logged using syslog with a
|
||||
+facility of LOG_FTP. Note: LOG_FTP messages are not displayed
|
||||
+by syslogd(8) by default, and may have to be enabled in syslogd(8)'s
|
||||
+configuration file.
|
||||
|
||||
When
|
||||
.B proftpd
|
@ -1 +0,0 @@
|
||||
highly configurable ftp daemon
|
@ -1,27 +0,0 @@
|
||||
# $OpenBSD: DEINSTALL,v 1.2 1999/10/27 22:54:43 brad Exp $
|
||||
#
|
||||
# proftpd de-installation
|
||||
|
||||
set -e
|
||||
PATH=/bin:/usr/bin:/sbin:/usr/sbin
|
||||
PREFIX=${PKG_PREFIX:-/usr/local}
|
||||
CONFIG_FILE=/etc/proftpd.conf
|
||||
|
||||
rm -rf /var/run/proftpd
|
||||
|
||||
if [ -f ${CONFIG_FILE} ]; then
|
||||
echo
|
||||
echo "+---------------"
|
||||
echo "| To completely deinstall the $1 package you need to perform"
|
||||
echo "| this step as root:"
|
||||
echo "|"
|
||||
echo "| rm -f ${CONFIG_FILE}"
|
||||
echo "| rm -rf /var/run/proftpd"
|
||||
echo "|"
|
||||
echo "| Do not do this if you plan on re-installing $1"
|
||||
echo "| at some future time."
|
||||
echo "+---------------"
|
||||
echo
|
||||
fi
|
||||
|
||||
exit 0
|
@ -1,10 +0,0 @@
|
||||
ProFTPD is a highly configurable ftp daemon for unix
|
||||
and unix-like operating systems. ProFTPD is designed
|
||||
to be somewhat of a "drop-in" replacement for wu-ftpd.
|
||||
|
||||
Full online documentation is available at
|
||||
http://www.proftpd.org/, including a server
|
||||
configuration directive reference manual.
|
||||
|
||||
- Stephane Legrand
|
||||
stephane@lituus.fr
|
@ -1,70 +0,0 @@
|
||||
#!/bin/sh
|
||||
# $OpenBSD: INSTALL,v 1.1 1999/04/27 19:34:42 brad Exp $
|
||||
#
|
||||
# Pre/post-installation setup of proftpd
|
||||
|
||||
# exit on errors, use a sane path and install prefix
|
||||
#
|
||||
set -e
|
||||
PATH=/bin:/usr/bin:/sbin:/usr/sbin
|
||||
PREFIX=${PKG_PREFIX:-/usr/local}
|
||||
CONFIG_FILE=/etc/proftpd.conf
|
||||
|
||||
mkdir -p /var/run/proftpd
|
||||
|
||||
# Function: tell the user what s/he needs to do to use the port just installed
|
||||
#
|
||||
do_notice()
|
||||
{
|
||||
echo
|
||||
echo "+---------------"
|
||||
echo "| The existing $1 configuration file, ${CONFIG_FILE},"
|
||||
echo "| has NOT been changed. You may want to compare it to the"
|
||||
echo "| current sample file, ${PREFIX}/lib/proftpd/proftpd.conf.sample,"
|
||||
echo "| and update your configuration as needed."
|
||||
echo "+---------------"
|
||||
echo
|
||||
}
|
||||
|
||||
# Function: install the system proftpd.conf from the sample
|
||||
#
|
||||
do_install()
|
||||
{
|
||||
cp ${PREFIX}/lib/proftpd/proftpd.conf.sample ${CONFIG_FILE}
|
||||
echo
|
||||
echo "+---------------"
|
||||
echo "| The $1 configuration file, ${CONFIG_FILE},"
|
||||
echo "| has been installed. Please view this file and change"
|
||||
echo "| the configuration to meet your needs"
|
||||
echo "+---------------"
|
||||
echo
|
||||
|
||||
}
|
||||
|
||||
# verify proper execution
|
||||
#
|
||||
if [ $# -ne 2 ]; then
|
||||
echo "usage: $0 distname { PRE-INSTALL | POST-INSTALL }" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Verify/process the command
|
||||
#
|
||||
case $2 in
|
||||
PRE-INSTALL)
|
||||
: nothing to pre-install for this port
|
||||
;;
|
||||
POST-INSTALL)
|
||||
if [ -f $CONFIG_FILE ]; then
|
||||
do_notice $1
|
||||
else
|
||||
do_install $1
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
echo "usage: $0 distname { PRE-INSTALL | POST-INSTALL }" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
@ -1,11 +0,0 @@
|
||||
bin/ftpcount
|
||||
bin/ftpwho
|
||||
lib/proftpd/proftpd.conf.sample
|
||||
libexec/proftpd
|
||||
sbin/ftpshut
|
||||
man/man1/ftpcount.1
|
||||
man/man1/ftpwho.1
|
||||
man/man5/xferlog.5
|
||||
man/man8/proftpd.8
|
||||
man/man8/ftpshut.8
|
||||
@dirrm lib/proftpd
|
Loading…
Reference in New Issue
Block a user