Upgrading Proftpd from 1.3.3a to 1.3.3g on Debian Squeeze


As the current version of Proftpd has some important security problems and as Debian does not provide an updated package yet, the best way to patch Proftpd is to download the updated sources and create your own debian package.

To do this we need to first install some needed packages:
apt-get install autotools-dev fakeroot dh-make build-essential

Then we get the latest 1.3.3 release (currently 1.3.3g) from the proftpd servers (I noticed that 1.3.4 has some dependancies that cannot be easily resolved on Squeeze, so it's better to stay with 1.3.3):
cd /tmp/
wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.3g.tar.gz
tar -xvpf proftpd-1.3.3g.tar.gz
cd proftpd-1.3.3g

In order to create a package you need some files, as the changelog a rules file etc. Use the following command to create them:
dh_make -f ../proftpd-1.3.3g.tar.gz
It's important to pass the original tar gz file as parameter as shown above.

Choose single binary as package type and hit enter. Then you should edit the changelog file in the subfolder debian/ and add your name, e-mail address and version information.

Next we need to check if we need to add some configuration flags. You can have an overview over available flags using
./configure –help

You can than add your flags in the following way into the rules file (also in the debian subfolder):
DEB_CONFIGURE_EXTRA_FLAGS += –enable-openssl –enable-auth-pam  –enable-autoshadow –enable-ctrls –enable-facl –enable-cap –enable-dso –with-shared=mod_auth_pam:mod_facl:mod_ctrls:mod_tls:mod_auth_unix:mod_auth_file:
mod_dso:mod_site:mod_sql::mod_sql_mysql
Which flags to use depends on your system, this is just an example.

Now let's build the .deb package:
dpkg-buildpackage -rfakeroot -us -uc

You should have an output similar to this at the end of the process:
……
dpkg-deb: building package `proftpd' in `../proftpd_1.3.3g-1_amd64.deb'.
 dpkg-genchanges  >../proftpd_1.3.3g-1_amd64.changes
dpkg-genchanges: including full source code in upload
 dpkg-source –after-build proftpd-1.3.3g
dpkg-buildpackage: full upload (original source is included)

Now let's install the package indicated above:
dpkg -i proftpd_1.3.3g-1_amd64.deb