commit 973699dc56d54556d71c11555ad9510a7699dc1d Author: Adrian Schröter Date: Fri Dec 22 13:21:38 2023 +0100 Sync from SUSE:ALP:Source:Standard:1.0 vsftpd revision 2da05debc592f7936f2ab5233a1d8112 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..fecc750 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/0001-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch b/0001-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch new file mode 100644 index 0000000..cc7d1a8 --- /dev/null +++ b/0001-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch @@ -0,0 +1,29 @@ +From 9cba9e81aa96e1d64ae2eaaf88330e09dadfce79 Mon Sep 17 00:00:00 2001 +From: =?utf8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Fri, 5 Jan 2018 09:40:09 +0100 +Subject: [PATCH 01/27] Fix default value of strict_ssl_read_eof in man page + +--- + vsftpd.conf.5 | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index a5abeb2..43b0435 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -574,10 +574,9 @@ Default: YES + .B strict_ssl_read_eof + If enabled, SSL data uploads are required to terminate via SSL, not an + EOF on the socket. This option is required to be sure that an attacker did +-not terminate an upload prematurely with a faked TCP FIN. Unfortunately, it +-is not enabled by default because so few clients get it right. (New in v2.0.7). ++not terminate an upload prematurely with a faked TCP FIN. (New in v2.0.7). + +-Default: NO ++Default: YES + .TP + .B strict_ssl_write_shutdown + If enabled, SSL data downloads are required to terminate via SSL, not an +-- +2.40.1 + diff --git a/0001-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch b/0001-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch new file mode 100644 index 0000000..52f38d1 --- /dev/null +++ b/0001-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch @@ -0,0 +1,31 @@ +From 1c280a0b04e58ec63ce9ab5eb8d0ffe5ebbae115 Mon Sep 17 00:00:00 2001 +From: =?utf8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Thu, 21 Dec 2017 14:29:25 +0100 +Subject: [PATCH] When handling FEAT command, check ssl_tlsv1_1 and ssl_tlsv1_2 + +Send 'AUTH SSL' in reply to the FEAT command when the ssl_tlsv1_1 +or ssl_tlsv1_2 configuration option is enabled. + +The patch was written by Martin Sehnoutka. + +Resolves: rhbz#1432054 +--- + features.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/features.c b/features.c +index 1212980..d024366 100644 +--- a/features.c ++++ b/features.c +@@ -22,7 +22,7 @@ handle_feat(struct vsf_session* p_sess) + { + vsf_cmdio_write_raw(p_sess, " AUTH SSL\r\n"); + } +- if (tunable_tlsv1) ++ if (tunable_tlsv1 || tunable_tlsv1_1 || tunable_tlsv1_2) + { + vsf_cmdio_write_raw(p_sess, " AUTH TLS\r\n"); + } +-- +2.29.0 + diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..6712b76 --- /dev/null +++ b/README.SUSE @@ -0,0 +1,12 @@ +vsftpd-3.0.0 made the listen mode default. In order to maintain backward +compatibility, default /etc/vsftpd.conf in SUSE contains + +listen=NO +listen_ipv6=YES + +if you plan to use xinetd (/etc/xinetd.d/vsftp) you don't need to change +anything by default, but if you have ipv6 available you have to set +listen_ipv6=NO too in order for xinetd to work. +Alternatively you can also use systemd socket service that listens on +port 21 and starts the server like xinetd would. This service does +not require you to change ANY variable in the /etc/vsftpd.conf. diff --git a/disable-tls13-to-support-older-openssl-versions.patch b/disable-tls13-to-support-older-openssl-versions.patch new file mode 100644 index 0000000..c37b6ac --- /dev/null +++ b/disable-tls13-to-support-older-openssl-versions.patch @@ -0,0 +1,14 @@ +Index: vsftpd-3.0.5/ssl.c +=================================================================== +--- vsftpd-3.0.5.orig/ssl.c ++++ vsftpd-3.0.5/ssl.c +@@ -95,7 +95,9 @@ ssl_init(struct vsf_session* p_sess) + } + if (!tunable_tlsv1_3) + { ++#ifdef SSL_OP_NO_TLSv1_3 + options |= SSL_OP_NO_TLSv1_3; ++#endif + } + SSL_CTX_set_options(p_ctx, options); + if (tunable_rsa_cert_file) diff --git a/revert-undocumented-config-file-format-changes.patch b/revert-undocumented-config-file-format-changes.patch new file mode 100644 index 0000000..80cc6dc --- /dev/null +++ b/revert-undocumented-config-file-format-changes.patch @@ -0,0 +1,17 @@ +Index: vsftpd-3.0.5/parseconf.c +=================================================================== +--- vsftpd-3.0.5.orig/parseconf.c 2022-02-01 20:35:02.703078850 +0100 ++++ vsftpd-3.0.5/parseconf.c 2022-02-01 20:35:44.042486850 +0100 +@@ -85,9 +85,9 @@ parseconf_bool_array[] = + { "ssl_sslv2", &tunable_sslv2 }, + { "ssl_sslv3", &tunable_sslv3 }, + { "ssl_tlsv1", &tunable_tlsv1 }, +- { "ssl_tlsv11", &tunable_tlsv1_1 }, +- { "ssl_tlsv12", &tunable_tlsv1_2 }, +- { "ssl_tlsv13", &tunable_tlsv1_3 }, ++ { "ssl_tlsv1_1", &tunable_tlsv1_1 }, ++ { "ssl_tlsv1_2", &tunable_tlsv1_2 }, ++ { "ssl_tlsv1_3", &tunable_tlsv1_3 }, + { "tilde_user_enable", &tunable_tilde_user_enable }, + { "force_anon_logins_ssl", &tunable_force_anon_logins_ssl }, + { "force_anon_data_ssl", &tunable_force_anon_data_ssl }, diff --git a/seccomp-fixes.patch b/seccomp-fixes.patch new file mode 100644 index 0000000..c98b9c6 --- /dev/null +++ b/seccomp-fixes.patch @@ -0,0 +1,43 @@ +Index: vsftpd-3.0.4/seccompsandbox.c +=================================================================== +--- vsftpd-3.0.4.orig/seccompsandbox.c 2021-06-15 08:06:29.165512830 +0000 ++++ vsftpd-3.0.4/seccompsandbox.c 2021-06-15 08:06:42.778484808 +0000 +@@ -18,6 +18,7 @@ + #include "utility.h" + + #include ++#include + + #include + #include +@@ -63,6 +64,7 @@ + + #define kMaxSyscalls 100 + ++//#define DEBUG_SIGSYS + #ifdef DEBUG_SIGSYS + + #include +@@ -71,7 +73,10 @@ + void + handle_sigsys(int sig) + { +- (void) sig; ++ char str[21]; ++ snprintf(str, 21, "Rejected syscall %d", sig); ++ ++ die(str); + } + #endif + +@@ -586,8 +591,8 @@ seccomp_sandbox_lockdown() + p_filter->code = BPF_LD+BPF_W+BPF_ABS; + p_filter->jt = 0; + p_filter->jf = 0; +- /* Offset 4 for syscall architecture. */ +- p_filter->k = 4; ++ /* Offset 5 for syscall architecture. */ ++ p_filter->k = 5; + p_filter++; + p_filter->code = BPF_JMP+BPF_JEQ+BPF_K; + p_filter->jt = 1; diff --git a/use-system-wide-tls-cipher-policy.patch b/use-system-wide-tls-cipher-policy.patch new file mode 100644 index 0000000..8ae80d0 --- /dev/null +++ b/use-system-wide-tls-cipher-policy.patch @@ -0,0 +1,26 @@ +Index: vsftpd-3.0.5/tunables.c +=================================================================== +--- vsftpd-3.0.5.orig/tunables.c 2022-02-02 10:58:56.589962539 +0100 ++++ vsftpd-3.0.5/tunables.c 2022-02-02 11:00:17.600782133 +0100 +@@ -295,7 +295,7 @@ tunables_load_defaults() + install_str_setting("/usr/share/ssl/certs/vsftpd.pem", + &tunable_rsa_cert_file); + install_str_setting(0, &tunable_dsa_cert_file); +- install_str_setting("ECDHE-RSA-AES256-GCM-SHA384", &tunable_ssl_ciphers); ++ install_str_setting("DEFAULT_SUSE", &tunable_ssl_ciphers); + install_str_setting(0, &tunable_rsa_private_key_file); + install_str_setting(0, &tunable_dsa_private_key_file); + install_str_setting(0, &tunable_ca_certs_file); +Index: vsftpd-3.0.5/vsftpd.conf.5 +=================================================================== +--- vsftpd-3.0.5.orig/vsftpd.conf.5 2022-02-02 10:58:56.589962539 +0100 ++++ vsftpd-3.0.5/vsftpd.conf.5 2022-02-02 11:01:58.855306755 +0100 +@@ -1025,7 +1025,7 @@ man page for further details. Note that + security precaution as it prevents malicious remote parties forcing a cipher + which they have found problems with. + +-Default: DES-CBC3-SHA ++Default: DEFAULT_SUSE + .TP + .B ssl_sni_hostname + If set, SSL connections will be rejected unless the SNI hostname in the diff --git a/vsftpd-2.0.4-dmapi.patch b/vsftpd-2.0.4-dmapi.patch new file mode 100644 index 0000000..808c99f --- /dev/null +++ b/vsftpd-2.0.4-dmapi.patch @@ -0,0 +1,16 @@ +Index: vsftpd-3.0.5/postlogin.c +=================================================================== +--- vsftpd-3.0.5.orig/postlogin.c 2015-07-22 21:03:22.000000000 +0200 ++++ vsftpd-3.0.5/postlogin.c 2022-02-01 20:12:02.710908421 +0100 +@@ -1061,6 +1061,11 @@ handle_upload_common(struct vsf_session* + { + do_truncate = 1; + } ++ if (new_file_fd >= 0) { ++ vsf_sysutil_fstat(new_file_fd, &s_p_statbuf); ++ if (vsf_sysutil_statbuf_is_regfile(s_p_statbuf)) ++ vsf_sysutil_deactivate_noblock(new_file_fd); ++ } + } + if (vsf_sysutil_retval_is_error(new_file_fd)) + { diff --git a/vsftpd-2.0.4-enable-ssl.patch b/vsftpd-2.0.4-enable-ssl.patch new file mode 100644 index 0000000..14bf274 --- /dev/null +++ b/vsftpd-2.0.4-enable-ssl.patch @@ -0,0 +1,13 @@ +Index: vsftpd-3.0.5/builddefs.h +=================================================================== +--- vsftpd-3.0.5.orig/builddefs.h 2021-08-02 09:01:43.000000000 +0200 ++++ vsftpd-3.0.5/builddefs.h 2022-02-01 20:12:01.538925293 +0100 +@@ -3,7 +3,7 @@ + + #undef VSF_BUILD_TCPWRAPPERS + #define VSF_BUILD_PAM +-#undef VSF_BUILD_SSL ++#define VSF_BUILD_SSL + + #endif /* VSF_BUILDDEFS_H */ + diff --git a/vsftpd-2.0.4-lib64.diff b/vsftpd-2.0.4-lib64.diff new file mode 100644 index 0000000..d6d46e4 --- /dev/null +++ b/vsftpd-2.0.4-lib64.diff @@ -0,0 +1,28 @@ +Index: vsftpd-3.0.4/vsf_findlibs.sh +=================================================================== +--- vsftpd-3.0.4.orig/vsf_findlibs.sh 2021-05-18 07:14:35.000000000 +0000 ++++ vsftpd-3.0.4/vsf_findlibs.sh 2021-06-29 09:24:32.833223756 +0000 +@@ -14,6 +14,7 @@ fi + # crypt library. + if find_func pam_start sysdeputil.o; then + locate_library /lib/libpam.so.0 && echo "/lib/libpam.so.0"; ++ locate_library /lib64/libpam.so.0 && echo "/lib64/libpam.so.0"; + locate_library /usr/lib/libpam.so && echo "-lpam"; + locate_library /usr/lib64/libpam.so && echo "-lpam"; + locate_library /lib/x86_64-linux-gnu/libpam.so.0 && echo "-lpam"; +@@ -23,6 +24,7 @@ if find_func pam_start sysdeputil.o; the + locate_library /usr/lib/libpam.a && echo "-lpam"; + else + locate_library /lib/libcrypt.so && echo "-lcrypt"; ++ locate_library /lib64/libcrypt.so && echo "-lcrypt"; + locate_library /usr/lib/libcrypt.so && echo "-lcrypt"; + locate_library /usr/lib64/libcrypt.so && echo "-lcrypt"; + locate_library /lib/x86_64-linux-gnu/libcrypt.so && echo "-lcrypt"; +@@ -52,6 +54,7 @@ locate_library /usr/lib/libsec.sl && ech + # /usr/bin/ld: cannot find -lcap + # If the libcap-devel package isn't installed. + locate_library /usr/lib/libcap.so && echo "-lcap"; ++locate_library /usr/lib64/libcap.so && echo "-lcap"; + locate_library /lib/libcap.so && echo "-lcap"; + locate_library /lib64/libcap.so && echo "-lcap"; + diff --git a/vsftpd-2.0.4-xinetd.diff b/vsftpd-2.0.4-xinetd.diff new file mode 100644 index 0000000..ccaae86 --- /dev/null +++ b/vsftpd-2.0.4-xinetd.diff @@ -0,0 +1,37 @@ +diff -urN vsftpd-3.0.2.old/xinetd.d/vsftpd vsftpd-3.0.2/xinetd.d/vsftpd +--- vsftpd-3.0.2.old/xinetd.d/vsftpd 2014-05-26 14:38:40.717042497 +0200 ++++ vsftpd-3.0.2/xinetd.d/vsftpd 2014-05-26 14:41:23.753049249 +0200 +@@ -1,18 +1,26 @@ +-# default: on ++# default: off + # description: + # The vsftpd FTP server serves FTP connections. It uses + # normal, unencrypted usernames and passwords for authentication. + # vsftpd is designed to be secure. ++# ++# NOTE: This file contains the configuration for xinetd to start vsftpd. ++# the configuration file for vsftp itself is in /etc/vsftpd.conf ++# ++# NOTE: Remember to set both listen and listen_ipv6 to NO in /etc/vsftpd.conf ++# in order to have working xinetd connection. ++# + service ftp + { + socket_type = stream ++ protocol = tcp + wait = no + user = root +- server = /usr/local/sbin/vsftpd +-# server_args = +-# log_on_success += DURATION USERID +-# log_on_failure += USERID +- nice = 10 +- disable = no ++ server = /usr/sbin/vsftpd ++ server_args = /etc/vsftpd.conf ++# log_on_success += DURATION USERID ++# log_on_failure += USERID ++# nice = 10 ++ disable = yes + } + diff --git a/vsftpd-2.0.5-enable-debuginfo.patch b/vsftpd-2.0.5-enable-debuginfo.patch new file mode 100644 index 0000000..e155b46 --- /dev/null +++ b/vsftpd-2.0.5-enable-debuginfo.patch @@ -0,0 +1,21 @@ +Index: vsftpd-3.0.5/Makefile +=================================================================== +--- vsftpd-3.0.5.orig/Makefile 2012-09-16 09:27:35.000000000 +0200 ++++ vsftpd-3.0.5/Makefile 2022-02-01 20:12:04.538882105 +0100 +@@ -9,7 +9,6 @@ CFLAGS = -O2 -fPIE -fstack-protector --p + #-pedantic -Wconversion + + LIBS = `./vsf_findlibs.sh` +-LINK = -Wl,-s + LDFLAGS = -fPIE -pie -Wl,-z,relro -Wl,-z,now + + OBJS = main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o \ +@@ -26,7 +25,7 @@ OBJS = main.o utility.o prelogin.o ftpcm + $(CC) -c $*.c $(CFLAGS) $(IFLAGS) + + vsftpd: $(OBJS) +- $(CC) -o vsftpd $(OBJS) $(LINK) $(LDFLAGS) $(LIBS) ++ $(CC) -o vsftpd $(OBJS) $(LDFLAGS) $(LIBS) + + install: + if [ -x /usr/local/sbin ]; then \ diff --git a/vsftpd-2.0.5-utf8-log-names.patch b/vsftpd-2.0.5-utf8-log-names.patch new file mode 100644 index 0000000..08a27e9 --- /dev/null +++ b/vsftpd-2.0.5-utf8-log-names.patch @@ -0,0 +1,102 @@ +Index: vsftpd-3.0.5/str.c +=================================================================== +--- vsftpd-3.0.5.orig/str.c 2012-09-16 09:09:06.000000000 +0200 ++++ vsftpd-3.0.5/str.c 2022-02-01 20:12:05.458868861 +0100 +@@ -27,6 +27,24 @@ static int str_equal_internal(const char + const char* p_buf2, unsigned int buf2_len); + + /* Private functions */ ++static int ++continuation_char(unsigned char str, int* val) ++{ ++ if ((str & 0xc0) != 0x80) /* 10xxxxxx */ ++ return 0; ++ (*val) <<= 6; ++ (*val) |= str & 0x3f; ++ return 1; ++} ++ ++static int ++unicode_valid(int b) ++{ ++ return (b < 0x110000 && ((b & 0xFFFFF800) != 0xD800) ++ && (b < 0xFDD0 || b > 0xFDEF) ++ && (b & 0xFFFE) != 0xFFFE); ++} ++ + static void + s_setbuf(struct mystr* p_str, char* p_newbuf) + { +@@ -181,6 +199,45 @@ str_reserve(struct mystr* p_str, unsigne + p_str->p_buf[res_len - 1] = '\0'; + } + ++int str_is_utf8( const struct mystr* p_str ) ++{ ++ unsigned int i; ++ int min = 0, val = 0; ++ ++ for(i = 0; i < p_str->len; i++) ++ { ++ if( (unsigned char)p_str->p_buf[i] < 128) continue; ++ ++ if((p_str->p_buf[i] & 0xe0) == 0xc0) { /* 110xxxxx */ ++ if((p_str->p_buf[i] & 0x1e) == 0) return 0; ++ i++; ++ if((p_str->p_buf[i] & 0xc0) != 0x80) /* 10xxxxxx */ ++ return 0; ++ } else { ++ if((p_str->p_buf[i] & 0xf0) == 0xe0) { /* 1110xxxx */ ++ min = (1 << 11); ++ val = p_str->p_buf[i] & 0x0f; ++ goto TWO_REMAINING; ++ } else if((p_str->p_buf[i] & 0xf8) == 0xf0) { /* 11110xxx */ ++ min = (1 << 16); ++ val = p_str->p_buf[i] & 0x07; ++ } else { ++ return 0; ++ } ++ i++; ++ if(!continuation_char(p_str->p_buf[i], &val)) return 0; ++TWO_REMAINING: ++ i++; ++ if(!continuation_char(p_str->p_buf[i], &val)) return 0; ++ i++; ++ if(!continuation_char(p_str->p_buf[i], &val)) return 0; ++ if(val < min || !unicode_valid(val)) return 0; ++ } ++ } ++ return 1; ++} ++ ++ + int + str_isempty(const struct mystr* p_str) + { +@@ -702,6 +759,7 @@ void + str_replace_unprintable(struct mystr* p_str, char new_char) + { + unsigned int i; ++ if( !str_is_utf8( p_str ) ) { + for (i=0; i < p_str->len; i++) + { + if (!vsf_sysutil_isprint(p_str->p_buf[i])) +@@ -709,5 +767,6 @@ str_replace_unprintable(struct mystr* p_ + p_str->p_buf[i] = new_char; + } + } ++ } + } + +Index: vsftpd-3.0.5/str.h +=================================================================== +--- vsftpd-3.0.5.orig/str.h 2012-09-16 09:01:52.000000000 +0200 ++++ vsftpd-3.0.5/str.h 2022-02-01 20:12:05.458868861 +0100 +@@ -36,6 +36,7 @@ void str_free(struct mystr* p_str); + void str_trunc(struct mystr* p_str, unsigned int trunc_len); + void str_reserve(struct mystr* p_str, unsigned int res_len); + ++int str_is_utf8(const struct mystr* p_str); + int str_isempty(const struct mystr* p_str); + unsigned int str_getlen(const struct mystr* p_str); + const char* str_getbuf(const struct mystr* p_str); diff --git a/vsftpd-2.0.5-vuser.patch b/vsftpd-2.0.5-vuser.patch new file mode 100644 index 0000000..1172be8 --- /dev/null +++ b/vsftpd-2.0.5-vuser.patch @@ -0,0 +1,9 @@ +Index: vsftpd-3.0.5/EXAMPLE/VIRTUAL_USERS/vsftpd.pam +=================================================================== +--- vsftpd-3.0.5.orig/EXAMPLE/VIRTUAL_USERS/vsftpd.pam 2008-02-02 02:30:40.000000000 +0100 ++++ vsftpd-3.0.5/EXAMPLE/VIRTUAL_USERS/vsftpd.pam 2022-02-01 20:12:03.670894600 +0100 +@@ -1,2 +1,2 @@ +-auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login +-account required /lib/security/pam_userdb.so db=/etc/vsftpd_login ++auth required pam_userdb.so db=/etc/vsftpd_login ++account required pam_userdb.so db=/etc/vsftpd_login diff --git a/vsftpd-2.1.0-filter.patch b/vsftpd-2.1.0-filter.patch new file mode 100644 index 0000000..26b6489 --- /dev/null +++ b/vsftpd-2.1.0-filter.patch @@ -0,0 +1,66 @@ +diff -up vsftpd-2.1.0/ls.c.filter vsftpd-2.1.0/ls.c +--- vsftpd-2.1.0/ls.c.filter 2008-02-02 02:30:41.000000000 +0100 ++++ vsftpd-2.1.0/ls.c 2009-01-08 19:31:15.000000000 +0100 +@@ -239,9 +239,31 @@ vsf_filename_passes_filter(const struct + int ret = 0; + char last_token = 0; + int must_match_at_current_pos = 1; ++ ++ + str_copy(&filter_remain_str, p_filter_str); +- str_copy(&name_remain_str, p_filename_str); +- ++ ++ if (!str_isempty (&filter_remain_str) && !str_isempty(p_filename_str)) { ++ if (str_get_char_at(p_filter_str, 0) == '/') { ++ if (str_get_char_at(p_filename_str, 0) != '/') { ++ str_getcwd (&name_remain_str); ++ ++ if (str_getlen(&name_remain_str) > 1) /* cwd != root dir */ ++ str_append_char (&name_remain_str, '/'); ++ ++ str_append_str (&name_remain_str, p_filename_str); ++ } ++ else ++ str_copy (&name_remain_str, p_filename_str); ++ } else { ++ if (str_get_char_at(p_filter_str, 0) != '{') ++ str_basename (&name_remain_str, p_filename_str); ++ else ++ str_copy (&name_remain_str, p_filename_str); ++ } ++ } else ++ str_copy(&name_remain_str, p_filename_str); ++ + while (!str_isempty(&filter_remain_str) && *iters < VSFTP_MATCHITERS_MAX) + { + static struct mystr s_match_needed_str; +diff -up vsftpd-2.1.0/str.c.filter vsftpd-2.1.0/str.c +--- vsftpd-2.1.0/str.c.filter 2008-12-17 06:54:16.000000000 +0100 ++++ vsftpd-2.1.0/str.c 2009-01-08 19:31:15.000000000 +0100 +@@ -680,3 +680,14 @@ str_replace_unprintable(struct mystr* p_ + } + } + ++void ++str_basename (struct mystr* d_str, const struct mystr* path) ++{ ++ static struct mystr tmp; ++ ++ str_copy (&tmp, path); ++ str_split_char_reverse(&tmp, d_str, '/'); ++ ++ if (str_isempty(d_str)) ++ str_copy (d_str, path); ++} +diff -up vsftpd-2.1.0/str.h.filter vsftpd-2.1.0/str.h +--- vsftpd-2.1.0/str.h.filter 2008-12-17 06:53:23.000000000 +0100 ++++ vsftpd-2.1.0/str.h 2009-01-08 19:32:14.000000000 +0100 +@@ -100,6 +100,7 @@ void str_replace_unprintable(struct myst + int str_atoi(const struct mystr* p_str); + filesize_t str_a_to_filesize_t(const struct mystr* p_str); + unsigned int str_octal_to_uint(const struct mystr* p_str); ++void str_basename (struct mystr* d_str, const struct mystr* path); + + /* PURPOSE: Extract a line of text (delimited by \n or EOF) from a string + * buffer, starting at character position 'p_pos'. The extracted line will diff --git a/vsftpd-2.2.0-wildchar.patch b/vsftpd-2.2.0-wildchar.patch new file mode 100644 index 0000000..ca8480e --- /dev/null +++ b/vsftpd-2.2.0-wildchar.patch @@ -0,0 +1,24 @@ +diff -up vsftpd-2.3.2/ls.c.tmp vsftpd-2.3.2/ls.c +--- vsftpd-2.3.2/ls.c.tmp 2010-08-20 13:18:54.397583558 +0200 ++++ vsftpd-2.3.2/ls.c 2010-08-20 13:14:59.047831385 +0200 +@@ -305,6 +305,20 @@ vsf_filename_passes_filter(const struct + { + goto out; + } ++ if (!must_match_at_current_pos && last_token == 0) ++ { ++ struct mystr last_str = INIT_MYSTR; ++ str_mid_to_end(&name_remain_str, &last_str, ++ str_getlen(&name_remain_str) - str_getlen(&s_match_needed_str)); ++ locate_result = str_locate_str(&last_str, &s_match_needed_str); ++ str_free(&last_str); ++ ++ if (locate_result.found) ++ { ++ ret = 1; ++ } ++ goto out; ++ } + /* Chop matched string out of remainder */ + str_mid_to_end(&name_remain_str, &temp_str, + indexx + str_getlen(&s_match_needed_str)); diff --git a/vsftpd-2.3.4-sqb.patch b/vsftpd-2.3.4-sqb.patch new file mode 100644 index 0000000..834d763 --- /dev/null +++ b/vsftpd-2.3.4-sqb.patch @@ -0,0 +1,128 @@ +Index: vsftpd-2.0.7/ls.c +=================================================================== +--- vsftpd-2.0.7.orig/ls.c ++++ vsftpd-2.0.7/ls.c +@@ -243,7 +243,7 @@ vsf_filename_passes_filter(const struct + int ret = 0; + char last_token = 0; + int must_match_at_current_pos = 1; +- ++ int matched = 0; + + str_copy(&filter_remain_str, p_filter_str); + +@@ -273,7 +273,7 @@ vsf_filename_passes_filter(const struct + static struct mystr s_match_needed_str; + /* Locate next special token */ + struct str_locate_result locate_result = +- str_locate_chars(&filter_remain_str, "*?{"); ++ str_locate_chars(&filter_remain_str, "*?{["); + (*iters)++; + /* Isolate text leading up to token (if any) - needs to be matched */ + if (locate_result.found) +@@ -291,8 +291,14 @@ vsf_filename_passes_filter(const struct + str_empty(&filter_remain_str); + last_token = 0; + } ++ ++ matched = 0; + if (!str_isempty(&s_match_needed_str)) + { ++ if (!matched) ++ { ++ matched = 1; ++ } + /* Need to match something.. could be a match which has to start at + * current position, or we could allow it to start anywhere + */ +@@ -344,13 +350,20 @@ vsf_filename_passes_filter(const struct + must_match_at_current_pos = 1; + if (end_brace.found) + { ++ int entire = (*iters == 1 && last_token == '{'); ++ + str_split_char(&filter_remain_str, &temp_str, '}'); + str_copy(&brace_list_str, &filter_remain_str); + str_copy(&filter_remain_str, &temp_str); + str_split_char(&brace_list_str, &temp_str, ','); + while (!str_isempty(&brace_list_str)) + { +- str_copy(&new_filter_str, &brace_list_str); ++ str_empty(&new_filter_str); ++ if (!matched && !entire) ++ { ++ str_append_char(&new_filter_str, '*'); ++ } ++ str_append_str(&new_filter_str, &brace_list_str); + str_append_str(&new_filter_str, &filter_remain_str); + if (vsf_filename_passes_filter(&name_remain_str, &new_filter_str, + iters)) +@@ -368,6 +381,68 @@ vsf_filename_passes_filter(const struct + { + goto out; + } ++ else ++ { ++ str_right(&name_remain_str, &temp_str, ++ str_getlen(&name_remain_str) - 1); ++ str_copy(&name_remain_str, &temp_str); ++ } ++ } ++ else if (last_token == '[') ++ { ++ struct str_locate_result end_sqb = ++ str_locate_char(&filter_remain_str, ']'); ++ must_match_at_current_pos = 1; ++ if (end_sqb.found) ++ { ++ unsigned int cur_pos; ++ char stch, ench; ++ const char *p_brace; ++ ++ str_split_char(&filter_remain_str, &temp_str, ']'); ++ str_copy(&brace_list_str, &filter_remain_str); ++ str_copy(&filter_remain_str, &temp_str); ++ p_brace = str_getbuf(&brace_list_str); ++ for (cur_pos = 0; cur_pos < str_getlen(&brace_list_str);) ++ { ++ stch = p_brace[cur_pos]; ++ // char vers. range ++ if (cur_pos + 2 < str_getlen(&brace_list_str) && ++ p_brace[cur_pos+1] == '-') ++ { ++ ench = p_brace[cur_pos+2]; ++ cur_pos += 3; ++ } ++ else ++ { ++ ench = stch; ++ cur_pos++; ++ } ++ // expand char[s] ++ for (;stch <= ench && !str_isempty(&brace_list_str); stch++) ++ { ++ str_empty(&new_filter_str); ++ if (!matched) ++ { ++ str_append_char(&new_filter_str, '*'); ++ } ++ str_append_char(&new_filter_str, stch); ++ str_append_str(&new_filter_str, &filter_remain_str); ++ if (vsf_filename_passes_filter(&name_remain_str, &new_filter_str, ++ iters)) ++ { ++ ret = 1; ++ goto out; ++ } ++ } ++ } ++ goto out; ++ } ++ else if (str_isempty(&name_remain_str) || ++ str_get_char_at(&name_remain_str, 0) != '[') ++ { ++ goto out; ++ } + else + { + str_right(&name_remain_str, &temp_str, diff --git a/vsftpd-2.3.5-conf.patch b/vsftpd-2.3.5-conf.patch new file mode 100644 index 0000000..7f4dae1 --- /dev/null +++ b/vsftpd-2.3.5-conf.patch @@ -0,0 +1,250 @@ +Index: vsftpd-3.0.5/vsftpd.conf +=================================================================== +--- vsftpd-3.0.5.orig/vsftpd.conf 2011-12-17 19:24:40.000000000 +0100 ++++ vsftpd-3.0.5/vsftpd.conf 2022-02-01 20:12:06.546853199 +0100 +@@ -4,23 +4,89 @@ + # loosens things up a bit, to make the ftp daemon more usable. + # Please see vsftpd.conf.5 for all compiled in defaults. + # ++# If you do not change anything here you will have a minimum setup for an ++# anonymus FTP server. ++# + # READ THIS: This example file is NOT an exhaustive list of vsftpd options. + # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's + # capabilities. + # +-# Allow anonymous FTP? (Beware - allowed by default if you comment this out). +-anonymous_enable=YES +-# +-# Uncomment this to allow local users to log in. +-#local_enable=YES ++# ################ ++# General Settings ++# ################ + # + # Uncomment this to enable any form of FTP write command. +-#write_enable=YES ++write_enable=NO ++# ++# Activate directory messages - messages given to remote users when they ++# go into a certain directory. ++dirmessage_enable=YES ++# ++# It is recommended that you define on your system a unique user which the ++# ftp server can use as a totally isolated and unprivileged user. ++nopriv_user=ftpsecure ++# ++# You may fully customise the login banner string: ++#ftpd_banner=Welcome to blah FTP service. ++# ++# You may activate the "-R" option to the builtin ls. This is disabled by ++# default to avoid remote users being able to cause excessive I/O on large ++# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume ++# the presence of the "-R" option, so there is a strong case for enabling it. ++#ls_recurse_enable=YES ++# ++# You may specify a file of disallowed anonymous e-mail addresses. Apparently ++# useful for combatting certain DoS attacks. ++#deny_email_enable=YES ++# (default follows) ++#banned_email_file=/etc/vsftpd.banned_emails ++# ++# If enabled, all user and group information in ++# directory listings will be displayed as "ftp". ++#hide_ids=YES ++# ++# ####################### ++# Local FTP user Settings ++# ####################### ++# ++# Uncomment this to allow local users to log in. ++local_enable=YES + # + # Default umask for local users is 077. You may wish to change this to 022, + # if your users expect that (022 is used by most other ftpd's) + #local_umask=022 + # ++# You may specify an explicit list of local users to chroot() to their home ++# directory. If chroot_local_user is YES, then this list becomes a list of ++# users to NOT chroot(). ++#chroot_local_user=YES ++#chroot_list_enable=YES ++# (default follows) ++#chroot_list_file=/etc/vsftpd.chroot_list ++# ++# The maximum data transfer rate permitted, in bytes per second, for ++# local authenticated users. The default is 0 (unlimited). ++#local_max_rate=7200 ++# ++# ########################## ++# Anonymus FTP user Settings ++# ########################## ++# ++# Allow anonymous FTP? (Beware - allowed by default if you comment this out). ++anonymous_enable=YES ++# ++# The maximum data transfer rate permitted, in bytes per second, for anonymous ++# authenticated users. The default is 0 (unlimited). ++#anon_max_rate=7200 ++# ++# Anonymous users will only be allowed to download files which are ++# world readable. ++anon_world_readable_only=YES ++# ++# Default umask for anonymus users is 077. You may wish to change this to 022, ++# if your users expect that (022 is used by most other ftpd's) ++#anon_umask=022 ++# + # Uncomment this to allow the anonymous FTP user to upload files. This only + # has an effect if the above global write enable is activated. Also, you will + # obviously need to create a directory writable by the FTP user. +@@ -30,15 +96,9 @@ anonymous_enable=YES + # new directories. + #anon_mkdir_write_enable=YES + # +-# Activate directory messages - messages given to remote users when they +-# go into a certain directory. +-dirmessage_enable=YES +-# +-# Activate logging of uploads/downloads. +-xferlog_enable=YES +-# +-# Make sure PORT transfer connections originate from port 20 (ftp-data). +-connect_from_port_20=YES ++# Uncomment this to enable anonymus FTP users to perform other write operations ++# like deletion and renaming. ++#anon_other_write_enable=YES + # + # If you want, you can arrange for uploaded anonymous files to be owned by + # a different user. Note! Using "root" for uploaded files is not +@@ -46,24 +106,51 @@ connect_from_port_20=YES + #chown_uploads=YES + #chown_username=whoever + # ++# ############ ++# Log Settings ++# ############ ++# ++# Log to the syslog daemon instead of using an logfile. ++syslog_enable=YES ++# ++# Uncomment this to log all FTP requests and responses. ++#log_ftp_protocol=YES ++# ++# Activate logging of uploads/downloads. ++#xferlog_enable=YES ++# + # You may override where the log file goes if you like. The default is shown + # below. +-#xferlog_file=/var/log/vsftpd.log ++# ++#vsftpd_log_file=/var/log/vsftpd.log + # + # If you want, you can have your log file in standard ftpd xferlog format. + # Note that the default log file location is /var/log/xferlog in this case. + #xferlog_std_format=YES + # ++# You may override where the log file goes if you like. The default is shown ++# below. ++#xferlog_file=/var/log/vsftpd.log ++# ++# Enable this to have booth logfiles. Standard xferlog and vsftpd's own style log. ++#dual_log_enable=YES ++# ++# Uncomment this to enable session status information in the system process listing. ++#setproctitle_enable=YES ++# ++# ################# ++# Transfer Settings ++# ################# ++# ++# Make sure PORT transfer connections originate from port 20 (ftp-data). ++connect_from_port_20=YES ++# + # You may change the default value for timing out an idle session. + #idle_session_timeout=600 + # + # You may change the default value for timing out a data connection. + #data_connection_timeout=120 + # +-# It is recommended that you define on your system a unique user which the +-# ftp server can use as a totally isolated and unprivileged user. +-#nopriv_user=ftpsecure +-# + # Enable this and the server will recognise asynchronous ABOR requests. Not + # recommended for security (the code is non-trivial). Not enabling it, + # however, may confuse older FTP clients. +@@ -77,41 +164,46 @@ connect_from_port_20=YES + # predicted this attack and has always been safe, reporting the size of the + # raw file. + # ASCII mangling is a horrible feature of the protocol. +-#ascii_upload_enable=YES ++ascii_upload_enable=YES + #ascii_download_enable=YES + # +-# You may fully customise the login banner string: +-#ftpd_banner=Welcome to blah FTP service. +-# +-# You may specify a file of disallowed anonymous e-mail addresses. Apparently +-# useful for combatting certain DoS attacks. +-#deny_email_enable=YES +-# (default follows) +-#banned_email_file=/etc/vsftpd.banned_emails +-# +-# You may specify an explicit list of local users to chroot() to their home +-# directory. If chroot_local_user is YES, then this list becomes a list of +-# users to NOT chroot(). +-# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that +-# the user does not have write access to the top level directory within the +-# chroot) +-#chroot_local_user=YES +-#chroot_list_enable=YES +-# (default follows) +-#chroot_list_file=/etc/vsftpd.chroot_list ++# Set to NO if you want to disallow the PASV method of obtaining a data ++# connection. ++#pasv_enable=NO + # +-# You may activate the "-R" option to the builtin ls. This is disabled by +-# default to avoid remote users being able to cause excessive I/O on large +-# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume +-# the presence of the "-R" option, so there is a strong case for enabling it. +-#ls_recurse_enable=YES ++# PAM setting. Do NOT change this unless you know what you do! ++pam_service_name=vsftpd + # + # When "listen" directive is enabled, vsftpd runs in standalone mode and + # listens on IPv4 sockets. This directive cannot be used in conjunction + # with the listen_ipv6 directive. +-listen=YES ++listen=NO + # + # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6 + # sockets, you must run two copies of vsftpd with two configuration files. + # Make sure, that one of the listen options is commented !! +-#listen_ipv6=YES ++listen_ipv6=YES ++# ++# Set to ssl_enable=YES if you want to enable SSL ++ssl_enable=NO ++# ++# Limit passive ports to this range to assis firewalling ++pasv_min_port=30000 ++pasv_max_port=30100 ++ ++### security features that are incompatible with some other settings. ### ++ ++# isolate_network ensures the vsftpd subprocess is started in own network ++# namespace (see CLONE_NEWNET in clone(2)). It however disables the ++# authentication methods needs the network access (LDAP, NIS, ...). ++#isolate_network=NO ++ ++# seccomp_sanbox add an aditional security layer limiting the number of a ++# syscalls can be performed via vsftpd. However it might happen that a ++# whitelist don't allow a legitimate call (usually indirectly triggered by ++# third-party library like pam, or openssl) and the process is being killed by kernel. ++# ++# Therefor if your server dies on common situations (file download, upload), ++# uncomment following line and don't forget to open bug at ++# https://bugzilla.novell.com ++#seccomp_sandbox=NO diff --git a/vsftpd-3.0.0-optional-seccomp.patch b/vsftpd-3.0.0-optional-seccomp.patch new file mode 100644 index 0000000..8f97814 --- /dev/null +++ b/vsftpd-3.0.0-optional-seccomp.patch @@ -0,0 +1,11 @@ +--- vsftpd-3.0.0/seccompsandbox.c 2012-04-04 18:41:51.000000000 -0400 ++++ vsftpd-3.0.0+/seccompsandbox.c 2012-04-23 06:06:00.000000000 -0400 +@@ -10,7 +10,7 @@ + + #include "seccompsandbox.h" + +-#if defined(__linux__) && defined(__x86_64__) ++#if defined(__linux__) && defined(__x86_64__) && defined(USE_SECCOMP) + + #include "session.h" + #include "sysutil.h" diff --git a/vsftpd-3.0.0_gnu_source_defines.patch b/vsftpd-3.0.0_gnu_source_defines.patch new file mode 100644 index 0000000..f9418fd --- /dev/null +++ b/vsftpd-3.0.0_gnu_source_defines.patch @@ -0,0 +1,13 @@ +diff -aur vsftpd-3.0.0/sysdeputil.c vsftpd-3.0.0+/sysdeputil.c +--- vsftpd-3.0.0/sysdeputil.c 2010-03-25 23:25:33.000000000 -0400 ++++ vsftpd-3.0.0+/sysdeputil.c 2012-04-23 04:39:39.000000000 -0400 +@@ -60,7 +60,9 @@ + #define VSF_SYSDEP_HAVE_LIBCAP + #define VSF_SYSDEP_HAVE_UTMPX + ++#ifndef __USE_GNU + #define __USE_GNU ++#endif + #include + + /* BEGIN config */ diff --git a/vsftpd-3.0.2-fix-chown-uploads.patch b/vsftpd-3.0.2-fix-chown-uploads.patch new file mode 100644 index 0000000..9cdeca5 --- /dev/null +++ b/vsftpd-3.0.2-fix-chown-uploads.patch @@ -0,0 +1,28 @@ +Index: vsftpd-3.0.2/seccompsandbox.c +=================================================================== +--- vsftpd-3.0.2.orig/seccompsandbox.c ++++ vsftpd-3.0.2/seccompsandbox.c +@@ -475,6 +475,10 @@ seccomp_sandbox_setup_postlogin(const st + /* Need to send file descriptors to privileged broker. */ + allow_nr_1_arg_match(__NR_sendmsg, 3, 0); + } ++ if (is_anon && tunable_chown_uploads) ++ { ++ allow_nr(__NR_fchmod); ++ } + } + + if (tunable_syslog_enable) +@@ -538,6 +542,12 @@ seccomp_sandbox_setup_postlogin_broker() + seccomp_sandbox_setup_base(); + seccomp_sandbox_setup_data_connections(); + allow_nr_1_arg_match(__NR_sendmsg, 3, 0); ++ if (tunable_chown_uploads) ++ { ++ allow_nr(__NR_fstat); ++ allow_nr(__NR_fchown); ++ allow_nr_1_arg_match(__NR_recvmsg, 3, 0); ++ } + } + + void diff --git a/vsftpd-3.0.2-s390.patch b/vsftpd-3.0.2-s390.patch new file mode 100644 index 0000000..48a7d08 --- /dev/null +++ b/vsftpd-3.0.2-s390.patch @@ -0,0 +1,13 @@ +Index: vsftpd-3.0.2/sysdeputil.c +=================================================================== +--- vsftpd-3.0.2.orig/sysdeputil.c 2014-08-21 16:12:59.845872489 +0200 ++++ vsftpd-3.0.2/sysdeputil.c 2014-08-21 16:14:59.641431931 +0200 +@@ -66,7 +66,7 @@ + #include + + /* BEGIN config */ +-#if defined(__linux__) ++#if defined(__linux__) && !defined(__s390__) + #include + #include + #define VSF_SYSDEP_HAVE_LINUX_CLONE diff --git a/vsftpd-3.0.2-wnohang.patch b/vsftpd-3.0.2-wnohang.patch new file mode 100644 index 0000000..99fff5c --- /dev/null +++ b/vsftpd-3.0.2-wnohang.patch @@ -0,0 +1,59 @@ +--- vsftpd-3.0.2/sysutil.c.wnohang 2015-08-03 07:35:33.619620425 +0200 ++++ vsftpd-3.0.2/sysutil.c 2015-08-03 07:35:33.626620480 +0200 +@@ -608,13 +608,13 @@ vsf_sysutil_exit(int exit_code) + } + + struct vsf_sysutil_wait_retval +-vsf_sysutil_wait(void) ++vsf_sysutil_wait(int hang) + { + struct vsf_sysutil_wait_retval retval; + vsf_sysutil_memclr(&retval, sizeof(retval)); + while (1) + { +- int sys_ret = wait(&retval.exit_status); ++ int sys_ret = waitpid(-1, &retval.exit_status, hang ? 0 : WNOHANG); + if (sys_ret < 0 && errno == EINTR) + { + vsf_sysutil_check_pending_actions(kVSFSysUtilUnknown, 0, 0); +--- vsftpd-3.0.2/sysutil.h.wnohang 2015-08-03 07:35:33.610620354 +0200 ++++ vsftpd-3.0.2/sysutil.h 2015-08-03 07:35:33.626620480 +0200 +@@ -176,7 +176,7 @@ struct vsf_sysutil_wait_retval + int PRIVATE_HANDS_OFF_syscall_retval; + int PRIVATE_HANDS_OFF_exit_status; + }; +-struct vsf_sysutil_wait_retval vsf_sysutil_wait(void); ++struct vsf_sysutil_wait_retval vsf_sysutil_wait(int hang); + int vsf_sysutil_wait_reap_one(void); + int vsf_sysutil_wait_get_retval( + const struct vsf_sysutil_wait_retval* p_waitret); +--- vsftpd-3.0.2/twoprocess.c.wnohang 2012-09-16 09:15:49.000000000 +0200 ++++ vsftpd-3.0.2/twoprocess.c 2015-08-03 07:35:33.626620480 +0200 +@@ -47,8 +47,17 @@ static void + handle_sigchld(void* duff) + { + +- struct vsf_sysutil_wait_retval wait_retval = vsf_sysutil_wait(); ++ struct vsf_sysutil_wait_retval wait_retval = vsf_sysutil_wait(0); + (void) duff; ++ if (!vsf_sysutil_wait_get_exitcode(&wait_retval) && ++ !vsf_sysutil_wait_get_retval(&wait_retval)) ++ /* There was nobody to wait for, possibly caused by underlying library ++ * which created a new process through fork()/vfork() and already picked ++ * it up, e.g. by pam_exec.so or integrity check routines for libraries ++ * when FIPS mode is on (nss freebl), which can lead to calling prelink ++ * if the prelink package is installed. ++ */ ++ return; + /* Child died, so we'll do the same! Report it as an error unless the child + * exited normally with zero exit code + */ +@@ -390,7 +399,7 @@ common_do_login(struct vsf_session* p_se + priv_sock_send_result(p_sess->parent_fd, PRIV_SOCK_RESULT_OK); + if (!p_sess->control_use_ssl) + { +- (void) vsf_sysutil_wait(); ++ (void) vsf_sysutil_wait(1); + } + else + { diff --git a/vsftpd-3.0.3-address_space_limit.patch b/vsftpd-3.0.3-address_space_limit.patch new file mode 100644 index 0000000..77e6002 --- /dev/null +++ b/vsftpd-3.0.3-address_space_limit.patch @@ -0,0 +1,81 @@ +Index: vsftpd-3.0.2/main.c +=================================================================== +--- vsftpd-3.0.2.orig/main.c 2018-06-28 15:45:11.373254606 +0000 ++++ vsftpd-3.0.2/main.c 2018-06-28 15:45:16.700973780 +0000 +@@ -320,7 +320,7 @@ env_init(void) + static void + limits_init(void) + { +- unsigned long limit = VSFTP_AS_LIMIT; ++ unsigned long limit = tunable_address_space_limit ?: VSFTP_AS_LIMIT; + if (tunable_text_userdb_names) + { + /* Turns out, LDAP lookups for lots of userid -> name mappings can really +Index: vsftpd-3.0.2/parseconf.c +=================================================================== +--- vsftpd-3.0.2.orig/parseconf.c 2018-06-28 15:45:11.373254606 +0000 ++++ vsftpd-3.0.2/parseconf.c 2018-06-28 15:45:16.700973780 +0000 +@@ -138,6 +138,7 @@ parseconf_uint_array[] = + { "delay_successful_login", &tunable_delay_successful_login }, + { "max_login_fails", &tunable_max_login_fails }, + { "chown_upload_mode", &tunable_chown_upload_mode }, ++ { "address_space_limit", &tunable_address_space_limit }, + { 0, 0 } + }; + +Index: vsftpd-3.0.2/tunables.c +=================================================================== +--- vsftpd-3.0.2.orig/tunables.c 2018-06-28 15:45:11.373254606 +0000 ++++ vsftpd-3.0.2/tunables.c 2018-06-28 15:45:16.700973780 +0000 +@@ -110,6 +110,7 @@ unsigned int tunable_delay_failed_login; + unsigned int tunable_delay_successful_login; + unsigned int tunable_max_login_fails; + unsigned int tunable_chown_upload_mode; ++unsigned int tunable_address_space_limit; + + const char* tunable_secure_chroot_dir; + const char* tunable_ftp_username; +@@ -255,6 +256,7 @@ tunables_load_defaults() + tunable_max_login_fails = 3; + /* -rw------- */ + tunable_chown_upload_mode = 0600; ++ tunable_address_space_limit = 0; /* See main.c:limits_init */ + + install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir); + install_str_setting("ftp", &tunable_ftp_username); +Index: vsftpd-3.0.2/tunables.h +=================================================================== +--- vsftpd-3.0.2.orig/tunables.h 2018-06-28 15:45:11.373254606 +0000 ++++ vsftpd-3.0.2/tunables.h 2018-06-28 15:45:16.700973780 +0000 +@@ -112,6 +112,7 @@ extern unsigned int tunable_delay_failed + extern unsigned int tunable_delay_successful_login; + extern unsigned int tunable_max_login_fails; + extern unsigned int tunable_chown_upload_mode; ++extern unsigned int tunable_address_space_limit; + + /* String defines */ + extern const char* tunable_secure_chroot_dir; +Index: vsftpd-3.0.2/vsftpd.conf.5 +=================================================================== +--- vsftpd-3.0.2.orig/vsftpd.conf.5 2018-06-28 15:45:06.882648441 +0000 ++++ vsftpd-3.0.2/vsftpd.conf.5 2018-06-28 15:55:42.806639732 +0000 +@@ -639,6 +639,19 @@ The timeout, in seconds, for a remote cl + a PASV style data connection. + + Default: 60 ++ ++.TP ++.B address_space_limit ++Set the amount of memory vsftpd can use (in bytes). This limit exists so that ++attackers cannot exploit any potential bugs in the server that might result in ++vsftpd allocating huge amounts of memory that would affect the host system ++negatively, e.g. causing thrashing or killing random processes due to Linux's ++OOM system. If the value is configured too low, vsftpd will fail with "out of ++memory" errors during normal operations. Oftentimes, this occurs inside of the ++PAM stack on systems that have many memory-intensive PAM modules enabled. ++ ++Default: 104857600 (100MB) ++ + .TP + .B anon_max_rate + The maximum data transfer rate permitted, in bytes per second, for anonymous diff --git a/vsftpd-3.0.3-build-with-openssl-1.1.patch b/vsftpd-3.0.3-build-with-openssl-1.1.patch new file mode 100644 index 0000000..5d31aaa --- /dev/null +++ b/vsftpd-3.0.3-build-with-openssl-1.1.patch @@ -0,0 +1,13 @@ +Index: vsftpd-3.0.4/vsf_findlibs.sh +=================================================================== +--- vsftpd-3.0.4.orig/vsf_findlibs.sh 2021-06-15 07:58:45.004475824 +0000 ++++ vsftpd-3.0.4/vsf_findlibs.sh 2021-06-15 07:59:59.039320940 +0000 +@@ -69,7 +69,7 @@ locate_library /usr/shlib/librt.so && ec + locate_library /usr/lib/libsendfile.so && echo "-lsendfile"; + + # OpenSSL +-if find_func SSL_library_init ssl.o; then ++if find_func SSL_CTX_new ssl.o; then + echo "-lssl -lcrypto"; + elif find_func SSL_new ssl.o; then + echo "-lssl -lcrypto"; diff --git a/vsftpd-3.0.5.tar.gz b/vsftpd-3.0.5.tar.gz new file mode 100644 index 0000000..99411a8 --- /dev/null +++ b/vsftpd-3.0.5.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:26b602ae454b0ba6d99ef44a09b6b9e0dfa7f67228106736df1f278c70bc91d3 +size 197778 diff --git a/vsftpd-3.0.5.tar.gz.asc b/vsftpd-3.0.5.tar.gz.asc new file mode 100644 index 0000000..405af7c --- /dev/null +++ b/vsftpd-3.0.5.tar.gz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- + +iQJKBAABCAA0FiEEZ6KrT0H5lywh9r9me4kBG8rhz+oFAmEHmVAWHHNjYXJ5YmVh +c3RzQGdtYWlsLmNvbQAKCRB7iQEbyuHP6ulCEACeXHUCc3nHICqIMZ6kginHRwTP +vVlfMkGCYNRXc8c0Dw1oC02G0L2Zh5ZqQ4unkEN5tUeI3chRAQJ8LpQHrdWxT+3d +DIT7t3k8NkJDEkLps/gxdGdHoxv0I/6E/BE4UmbsRGH+FI7r/HOcG37Z7pqcEdWm +aU0WS9mdr7EuQdyUPJikIXZ8xyAmUg2BruZKJSu44jOK2oiTK1OX3NDkAuFhFNFe +AKU7lduHHYMeNaPtejt9FpCQ8knbf3XhCtqdNo6Ye15Gk2H4/8zjYCAvjTIZu5wX +YdaSaREfa8k7xbWKrLY6UQPbpsgDeW2mAtYwW7E7Rz/+Slq+LgnWiAXNliWe1Ko3 +G9qJ0AueUw6sa3/YQllfmfFer7ayU/Delg20Evffhrt9YPWvv6hErOoeadLCuZtH +s0MjL1LgWAEMPvb1fpY4+qx2LJEwCh31/ezdkw7oxu+OpNbcowTp5aM8KCLkn8Hj +7EIflvE4alFwK2FKaPhFL16egw0vpNCSlVUPD9XwIcTRUvPqhfri4agOXBX6bses +M7U8yJgQsHQF0RMQvFNdhoCC3fSLwAH/gHWHjPchuhXlZjZQJnti5Nttzel4jcCb +DuES/mnQVHKoiW9cTuMa8K64C70yHksJYgndSm56zSDTyNxMZQKX2Rt7JLQZTAPU +XUu2PDcK9KmF+5ltbg== +=puYU +-----END PGP SIGNATURE----- diff --git a/vsftpd-allow-dev-log-socket.patch b/vsftpd-allow-dev-log-socket.patch new file mode 100644 index 0000000..3f73f8a --- /dev/null +++ b/vsftpd-allow-dev-log-socket.patch @@ -0,0 +1,30 @@ +From: mvyskocil@suse.com +Subject: enable /dev/log related socket call + +Linux-PAM try to open /dev/log, but as socket is not enabled in seccomp +sandbox, daemon is killed by SIGSYS. Because the attempt is made by process +with RLIMIT_NOFILE, the correct fix would be to test if we can open a new fd in +pam. Anyway I would say the risc is small, and other socket syscalls are disabled. + +Fixes: https://bugzilla.novell.com/show_bug.cgi?id=786024 + +Index: vsftpd-3.0.5/seccompsandbox.c +=================================================================== +--- vsftpd-3.0.5.orig/seccompsandbox.c 2022-02-02 11:03:38.133860169 +0100 ++++ vsftpd-3.0.5/seccompsandbox.c 2022-02-02 11:03:38.177859528 +0100 +@@ -366,6 +366,15 @@ seccomp_sandbox_init() + { + bug("bad state in seccomp_sandbox_init"); + } ++ ++ //this is very probably an attempt to open /dev/log ++ //it fails because process cannot open any file, so it might be safe ++ //socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = -1 EMFILE (Too many open files) ++ allow_nr_3_arg_match(__NR_socket, ++ 1, PF_FILE, ++ 2, SOCK_DGRAM | SOCK_CLOEXEC, ++ 3, 0); ++ + } + + void diff --git a/vsftpd-append-seek-pipe.patch b/vsftpd-append-seek-pipe.patch new file mode 100644 index 0000000..c980b80 --- /dev/null +++ b/vsftpd-append-seek-pipe.patch @@ -0,0 +1,14 @@ +Index: vsftpd-3.0.2/sysutil.c +=================================================================== +--- vsftpd-3.0.2.orig/sysutil.c ++++ vsftpd-3.0.2/sysutil.c +@@ -490,7 +490,8 @@ vsf_sysutil_lseek_end(const int fd) + { + filesize_t retval; + retval = lseek(fd, 0, SEEK_END); +- if (retval < 0) ++ /* Ignore ESPIPE to allow append to fifos */ ++ if (retval < 0 && errno != ESPIPE) + { + die("lseek"); + } diff --git a/vsftpd-avoid-bogus-ssl-write.patch b/vsftpd-avoid-bogus-ssl-write.patch new file mode 100644 index 0000000..5fcf2df --- /dev/null +++ b/vsftpd-avoid-bogus-ssl-write.patch @@ -0,0 +1,19 @@ +Index: vsftpd-3.0.2/utility.c +=================================================================== +--- vsftpd-3.0.2.orig/utility.c ++++ vsftpd-3.0.2/utility.c +@@ -104,11 +104,13 @@ bug(const char* p_text) + { + if (s_p_sess->ssl_slave_active) + { ++ /* Write error through ssl_slave process */ + priv_sock_send_cmd(s_p_sess->ssl_consumer_fd, PRIV_SOCK_WRITE_USER_RESP); + priv_sock_send_buf(s_p_sess->ssl_consumer_fd, text_buffer, text_len); + } +- else ++ else if (s_p_sess->p_control_ssl) + { ++ /* From ssl_slave write the message directly */ + (void)ssl_write(s_p_sess->p_control_ssl, text_buffer, text_len); + } + } diff --git a/vsftpd-die-with-session.patch b/vsftpd-die-with-session.patch new file mode 100644 index 0000000..34649d3 --- /dev/null +++ b/vsftpd-die-with-session.patch @@ -0,0 +1,155 @@ +Index: vsftpd-3.0.2/main.c +=================================================================== +--- vsftpd-3.0.2.orig/main.c ++++ vsftpd-3.0.2/main.c +@@ -155,6 +155,9 @@ main(int argc, const char* argv[]) + the_session.num_clients = ret.num_children; + the_session.num_this_ip = ret.num_this_ip; + } ++ ++ die_init(&the_session); ++ + if (tunable_tcp_wrappers) + { + the_session.tcp_wrapper_ok = vsf_tcp_wrapper_ok(VSFTP_COMMAND_FD); +Index: vsftpd-3.0.2/utility.c +=================================================================== +--- vsftpd-3.0.2.orig/utility.c ++++ vsftpd-3.0.2/utility.c +@@ -9,9 +9,22 @@ + #include "sysutil.h" + #include "str.h" + #include "defs.h" ++#include "session.h" ++#include "tunables.h" ++#include "privsock.h" ++#include "ssl.h" ++#include + + #define DIE_DEBUG + ++static struct vsf_session *s_p_sess = NULL; ++ ++void ++die_init(struct vsf_session *p_sess) ++{ ++ s_p_sess = p_sess; ++} ++ + void + die(const char* p_text) + { +@@ -40,12 +53,70 @@ die2(const char* p_text1, const char* p_ + void + bug(const char* p_text) + { ++ /* Detect calls caused by failed logging from bug() itself ++ * to prevent infinite loops */ ++ static int s_in_bug = 0; ++ const unsigned int buffer_size = 256; ++ char text_buffer[buffer_size]; ++ unsigned int text_len; ++ ++ if (s_in_bug) ++ return; ++ ++ s_in_bug = 1; ++ ++ if (s_p_sess) ++ { ++ /* Try to write the message to logs */ ++ if (s_p_sess->vsftpd_log_fd != -1) ++ { ++ snprintf(text_buffer, buffer_size, ++ "%s vsftpd [pid %d]: \"%s\" from \"%s\": %s", ++ vsf_sysutil_get_current_date(), vsf_sysutil_getpid(), ++ str_getbuf(&s_p_sess->user_str), ++ str_getbuf(&s_p_sess->remote_ip_str), p_text); ++ text_len = vsf_sysutil_strlen(text_buffer); ++ vsf_sysutil_write_loop(s_p_sess->vsftpd_log_fd, text_buffer, text_len); ++ } ++ ++ if (tunable_syslog_enable) ++ { ++ snprintf(text_buffer, buffer_size, "\"%s\" from \"%s\": %s", ++ str_getbuf(&s_p_sess->user_str), ++ str_getbuf(&s_p_sess->remote_ip_str), p_text); ++ vsf_sysutil_syslog(text_buffer, 1); ++ } ++ } ++ else ++ { ++ /* dummy logging before the system is fully set up */ ++ if (tunable_syslog_enable) ++ { ++ vsf_sysutil_syslog(p_text, 1); ++ } ++ } ++ ++ snprintf(text_buffer, buffer_size, "500 OOPS: %s\r\n", p_text); ++ text_len = vsf_sysutil_strlen(text_buffer); ++ + /* Rats. Try and write the reason to the network for diagnostics */ +- vsf_sysutil_activate_noblock(VSFTP_COMMAND_FD); +- (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, "500 OOPS: ", 10); +- (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, p_text, +- vsf_sysutil_strlen(p_text)); +- (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, "\r\n", 2); ++ if (s_p_sess && s_p_sess->control_use_ssl) ++ { ++ if (s_p_sess->ssl_slave_active) ++ { ++ priv_sock_send_cmd(s_p_sess->ssl_consumer_fd, PRIV_SOCK_WRITE_USER_RESP); ++ priv_sock_send_buf(s_p_sess->ssl_consumer_fd, text_buffer, text_len); ++ } ++ else ++ { ++ (void)ssl_write(s_p_sess->p_control_ssl, text_buffer, text_len); ++ } ++ } ++ else ++ { ++ vsf_sysutil_activate_noblock(VSFTP_COMMAND_FD); ++ (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, text_buffer, text_len); ++ } + vsf_sysutil_exit(2); + } + +Index: vsftpd-3.0.2/utility.h +=================================================================== +--- vsftpd-3.0.2.orig/utility.h ++++ vsftpd-3.0.2/utility.h +@@ -2,6 +2,18 @@ + #define VSF_UTILITY_H + + struct mystr; ++struct vsf_session; ++ ++/* die_init ++ * PURPOSE ++ * Initialize static pointer to vsf_session used for ++ * logging and SSL support used by die() and bug(). ++ * If not set (or set to NULL) only dummy write ++ * to VSFTP_COMMAND_FD will be done. ++ * PARAMETERS ++ * p_sess - pointer to vsf_session or NULL ++ */ ++void die_init(struct vsf_session *p_sess); + + /* die() + * PURPOSE +Index: vsftpd-3.0.2/seccompsandbox.c +=================================================================== +--- vsftpd-3.0.2.orig/seccompsandbox.c ++++ vsftpd-3.0.2/seccompsandbox.c +@@ -556,6 +556,10 @@ seccomp_sandbox_setup_postlogin_broker() + allow_nr(__NR_fchown); + allow_nr_1_arg_match(__NR_recvmsg, 3, 0); + } ++ if (tunable_syslog_enable) ++ { ++ allow_nr_1_arg_match(__NR_sendto, 6, 0); ++ } + } + + void diff --git a/vsftpd-drop-newpid-from-clone.patch b/vsftpd-drop-newpid-from-clone.patch new file mode 100644 index 0000000..61c930c --- /dev/null +++ b/vsftpd-drop-newpid-from-clone.patch @@ -0,0 +1,35 @@ +From: Michal Vyskocil +Subject: Drop CLONE_NEWPID from clone call + +Kernel autid system prohibits the processes created with CLONE_NEWPID, so an +attempt to log into ftp server ends with + +audit_log_acct_message() failed: Operation not permitted + +https://bugzilla.novell.com/show_bug.cgi?id=786024#c38 + +identified-by: Tony Jones +fixes: bnc#786024 + +Index: vsftpd-3.0.2/sysdeputil.c +=================================================================== +--- vsftpd-3.0.2.orig/sysdeputil.c ++++ vsftpd-3.0.2/sysdeputil.c +@@ -1272,7 +1272,7 @@ vsf_sysutil_fork_isolate_all_failok() + if (cloneflags_work) + { + int ret = syscall(__NR_clone, +- CLONE_NEWPID | CLONE_NEWIPC | CLONE_NEWNET | SIGCHLD, ++ CLONE_NEWIPC | CLONE_NEWNET | SIGCHLD, + NULL); + if (ret != -1 || (errno != EINVAL && errno != EPERM)) + { +@@ -1295,7 +1295,7 @@ vsf_sysutil_fork_isolate_failok() + static int cloneflags_work = 1; + if (cloneflags_work) + { +- int ret = syscall(__NR_clone, CLONE_NEWPID | CLONE_NEWIPC | SIGCHLD, NULL); ++ int ret = syscall(__NR_clone, CLONE_NEWIPC | SIGCHLD, NULL); + if (ret != -1 || (errno != EINVAL && errno != EPERM)) + { + if (ret == 0) diff --git a/vsftpd-enable-dev-log-sendto.patch b/vsftpd-enable-dev-log-sendto.patch new file mode 100644 index 0000000..64bf999 --- /dev/null +++ b/vsftpd-enable-dev-log-sendto.patch @@ -0,0 +1,33 @@ +From: mvyskocil@suse.com +Subject: enable sendto to /dev/log + +vsftpd is killed once a file is downloaded and it try to log the success to +/dev/log. This patch enables a sendto on fd 4, in a case the syslog logging is +enabled. + +Fixes: https://bugzilla.novell.com/show_bug.cgi?id=812406 + +--- + seccompsandbox.c | 17 +++++++++++++++-- + 1 file changed, 15 insertions(+), 2 deletions(-) + +Index: vsftpd-3.0.2/seccompsandbox.c +=================================================================== +--- vsftpd-3.0.2.orig/seccompsandbox.c ++++ vsftpd-3.0.2/seccompsandbox.c +@@ -503,6 +501,15 @@ seccomp_sandbox_setup_postlogin(const st + allow_nr(__NR_chmod); + } + } ++ ++ /* ++ * MV: this enables logging to the syslog - the vsf_log_do_log are in postlogin.c and privops.c, but hopefully this is enough ++ */ ++ if (tunable_syslog_enable) ++ { ++ allow_nr_1_arg_mask(__NR_sendto, 1, 4); ++ } ++ + } + + void diff --git a/vsftpd-enable-fcntl-f_setfl.patch b/vsftpd-enable-fcntl-f_setfl.patch new file mode 100644 index 0000000..81d8a15 --- /dev/null +++ b/vsftpd-enable-fcntl-f_setfl.patch @@ -0,0 +1,44 @@ +From: Michal Vyskocil +Subject: Enable fcntl F_SETFL + +The fcntl with F_SETFL is called from various parts of a vsftpd code, thus add +it unconditionally to seccomp sandbox. I've failed to limit it more, however +most arguments of F_SETFL are ignored on Linux and the remaining set seems to be +safe. + +fixes: bnc#786024 + +--- + seccompsandbox.c | 22 ++++++++++++++++++++++ + 5 files changed, 45 insertions(+), 6 deletions(-) + +Index: vsftpd-3.0.2/seccompsandbox.c +=================================================================== +--- vsftpd-3.0.2.orig/seccompsandbox.c ++++ vsftpd-3.0.2/seccompsandbox.c +@@ -306,6 +306,25 @@ seccomp_sandbox_setup_base() + + /* Always need to be able to exit ! */ + allow_nr(__NR_exit_group); ++ ++ /* ++ * MV: this is needed for ++ * vsf_sysutil_activate_noblock ++ * vsf_sysutil_deactivate_noblock ++ * ++ * both called from various places (like all those die, bug in utilities), ++ * so lets enable it by default ++ */ ++ allow_nr_1_arg_match(__NR_fcntl, 2, F_GETFL); ++ allow_nr_1_arg_match(__NR_fcntl, 2, F_SETFL); ++ ++ /* ++ * MV: this form have newer worked, neither with O_RDWR, O_RDWR|O_NONBLOCK ++ * however fcntl(2) says that most of arguments to fcntl are ignored on Linux ++ * thus this might be safe to do ++ */ ++ //allow_nr_2_arg_match(__NR_fcntl, 2, F_SETFL, 3, O_RDWR); ++ + } + + void diff --git a/vsftpd-enable-gettimeofday-sec.patch b/vsftpd-enable-gettimeofday-sec.patch new file mode 100644 index 0000000..126e329 --- /dev/null +++ b/vsftpd-enable-gettimeofday-sec.patch @@ -0,0 +1,18 @@ +diff -urN vsftpd-3.0.2/seccompsandbox.c vsftpd-3.0.2.new/seccompsandbox.c +--- vsftpd-3.0.2/seccompsandbox.c 2012-09-18 08:52:30.000000000 +0200 ++++ vsftpd-3.0.2.new/seccompsandbox.c 2014-04-10 14:55:30.855607231 +0200 +@@ -303,6 +303,14 @@ + allow_nr(__NR_rt_sigreturn); /* Used to handle SIGPIPE. */ + allow_nr(__NR_restart_syscall); + allow_nr(__NR_close); ++ ++ /* ++ * Calls to alarm and date ++ * Seems to be some part of the logging ++ * wrt bnc#870122 ++ */ ++ allow_nr(__NR_alarm); ++ allow_nr(__NR_gettimeofday); + + /* Always need to be able to exit ! */ + allow_nr(__NR_exit_group); diff --git a/vsftpd-enable-sendto-for-prelogin-syslog.patch b/vsftpd-enable-sendto-for-prelogin-syslog.patch new file mode 100644 index 0000000..7aeb2d3 --- /dev/null +++ b/vsftpd-enable-sendto-for-prelogin-syslog.patch @@ -0,0 +1,21 @@ +Enable sendto for syslog logging to /dev/log in prelogin + +We write to log from check_limits() and therefore we have to allow +sendto() for syslog otherwise sandbox will kill the child. + +Index: vsftpd-3.0.2/seccompsandbox.c +=================================================================== +--- vsftpd-3.0.2.orig/seccompsandbox.c ++++ vsftpd-3.0.2/seccompsandbox.c +@@ -388,6 +388,11 @@ seccomp_sandbox_setup_prelogin(const str + 1, PF_FILE, + 2, SOCK_DGRAM | SOCK_CLOEXEC, + 3, 0); ++ // allow syslog logs from check_limits() ++ if (tunable_syslog_enable) ++ { ++ allow_nr_1_arg_match(__NR_sendto, 6, 0); ++ } + + } + diff --git a/vsftpd-enable-syscalls-needed-by-sle15.patch b/vsftpd-enable-syscalls-needed-by-sle15.patch new file mode 100644 index 0000000..fdbb788 --- /dev/null +++ b/vsftpd-enable-syscalls-needed-by-sle15.patch @@ -0,0 +1,18 @@ +Index: vsftpd-3.0.3/seccompsandbox.c +=================================================================== +--- vsftpd-3.0.3.orig/seccompsandbox.c 2018-04-25 06:34:52.154728803 +0000 ++++ vsftpd-3.0.3/seccompsandbox.c 2018-04-25 06:37:43.071314942 +0000 +@@ -306,6 +306,13 @@ seccomp_sandbox_setup_base() + allow_nr(__NR_restart_syscall); + allow_nr(__NR_close); + ++ /* Required on SLE-15 because of changes in 3rd party libraries. ++ * Reported in bsc#1089088. ++ */ ++ allow_nr(__NR_wait4); ++ allow_nr(__NR_sysinfo); ++ allow_nr(__NR_shutdown); ++ + /* + * Calls to alarm and date + * Seems to be some part of the logging diff --git a/vsftpd-ls-memleak.patch b/vsftpd-ls-memleak.patch new file mode 100644 index 0000000..77a6df6 --- /dev/null +++ b/vsftpd-ls-memleak.patch @@ -0,0 +1,11 @@ +Index: vsftpd-2.0.7/ls.c +=================================================================== +--- vsftpd-2.0.7.orig/ls.c ++++ vsftpd-2.0.7/ls.c +@@ -558,5 +559,6 @@ build_dir_line(struct mystr* p_str, cons + /* Filename */ + str_append_str(p_str, p_filename_str); + str_append_text(p_str, "\r\n"); ++ str_free(&s_tmp_str); + } + diff --git a/vsftpd-mdtm-in-utc.patch b/vsftpd-mdtm-in-utc.patch new file mode 100644 index 0000000..22e480b --- /dev/null +++ b/vsftpd-mdtm-in-utc.patch @@ -0,0 +1,41 @@ +Index: vsftpd-3.0.2/postlogin.c +=================================================================== +--- vsftpd-3.0.2.orig/postlogin.c 2017-04-06 12:40:37.413294178 +0200 ++++ vsftpd-3.0.2/postlogin.c 2017-04-06 12:40:37.610294876 +0200 +@@ -1639,7 +1639,7 @@ handle_mdtm(struct vsf_session* p_sess) + else + { + retval = vsf_sysutil_setmodtime( +- str_getbuf(&p_sess->ftp_arg_str), modtime, tunable_use_localtime); ++ str_getbuf(&p_sess->ftp_arg_str), modtime, 0); + if (retval != 0) + { + vsf_cmdio_write(p_sess, FTP_FILEFAIL, +@@ -1664,7 +1664,7 @@ handle_mdtm(struct vsf_session* p_sess) + static struct mystr s_mdtm_res_str; + str_alloc_text(&s_mdtm_res_str, + vsf_sysutil_statbuf_get_numeric_date( +- s_p_statbuf, tunable_use_localtime)); ++ s_p_statbuf, 0)); + vsf_cmdio_write_str(p_sess, FTP_MDTMOK, &s_mdtm_res_str); + } + } +Index: vsftpd-3.0.2/vsftpd.conf.5 +=================================================================== +--- vsftpd-3.0.2.orig/vsftpd.conf.5 2017-04-06 12:40:37.496294472 +0200 ++++ vsftpd-3.0.2/vsftpd.conf.5 2017-04-06 12:41:50.271557442 +0200 +@@ -556,9 +556,11 @@ may be found within the _current_ chroot + Default: NO + .TP + .B use_localtime +-If enabled, vsftpd will display directory listings with the time in your +-local time zone. The default is to display GMT. The times returned by the +-MDTM FTP command are also affected by this option. ++If enabled, vsftpd will display directory listings with the time in your local ++time zone. The default is to display GMT. Note that this setting will NOT ++affect the times returned by the MDTM FTP command in this version of the ++daemon. This behavior deviates from the upstream version, which violated ++RFC3659 and subsequently caused problems with popular FTP clients. + + Default: NO + .TP diff --git a/vsftpd-openlog-force.patch b/vsftpd-openlog-force.patch new file mode 100644 index 0000000..f6f7189 --- /dev/null +++ b/vsftpd-openlog-force.patch @@ -0,0 +1,18 @@ +Force openlog() to open log immediately iff force!=0. +Otherwise is log opened on first syslog() call which may be +after the privileges are dropped and new file descriptors +cannot be created. + +Index: vsftpd-3.0.5/sysutil.c +=================================================================== +--- vsftpd-3.0.5.orig/sysutil.c 2022-02-01 19:38:36.487789134 +0100 ++++ vsftpd-3.0.5/sysutil.c 2022-02-01 19:44:08.787005494 +0100 +@@ -2700,7 +2700,7 @@ vsf_sysutil_openlog(int force) + { + int facility = LOG_DAEMON; + int option = LOG_PID; +- if (!force) ++ if (force) + { + option |= LOG_NDELAY; + } diff --git a/vsftpd-path-normalize.patch b/vsftpd-path-normalize.patch new file mode 100644 index 0000000..9a4a65b --- /dev/null +++ b/vsftpd-path-normalize.patch @@ -0,0 +1,171 @@ +Index: vsftpd-3.0.2/str.c +=================================================================== +--- vsftpd-3.0.2.orig/str.c ++++ vsftpd-3.0.2/str.c +@@ -16,6 +16,12 @@ + #define PRIVATE_HANDS_OFF_alloc_bytes alloc_bytes + #include "str.h" + ++/* normalize filepath */ ++#include ++#include ++#include ++#include ++ + /* Ick. Its for die() */ + #include "utility.h" + #include "sysutil.h" +@@ -781,3 +787,60 @@ str_basename (struct mystr* d_str, const + if (str_isempty(d_str)) + str_copy (d_str, path); + } ++ ++void ++str_normalize_filepath(struct mystr* filepath) ++{ ++ char *path; ++ char *normdir; ++ char *dir; ++ char *filename; ++ static struct mystr tmp; ++ ++ /* normalize filepath */ ++ path = str_strdup(filepath); ++ if (path == NULL) ++ { ++ return; ++ } ++ char *ch1 = strdup(path); ++ char *ch2 = strdup(path); ++ if (ch1 == NULL || ch2 == NULL) ++ { ++ goto out; ++ } ++ /* we split dir/file as realpath /home/REGEXP is NULL so we need dir ++ * dir only to function correctly, later on we need to glue back the ++ * file if there is some ++ */ ++ dir = dirname(ch1); ++ filename = basename(ch2); ++ normdir = realpath(dir, NULL); ++ if (normdir == NULL) ++ { ++ goto out; ++ } ++ str_alloc_text(&tmp, normdir); ++ unsigned int len = str_getlen(&tmp); ++ if (str_get_char_at(&tmp, len - 1) != '/') ++ { ++ str_append_char(&tmp, '/'); ++ } ++ /* / is special it ends in both dirname and basename so ignore it here */ ++ if (strcmp(filename, "/") != 0) ++ { ++ str_append_text(&tmp, filename); ++ } ++ /* TODO: here we should run one more stat to determine if the whole thing ++ * is a directory and append trailing / (ie. /home -> /home/). ++ * This will make the deny_file=/home/ work contrary to currently ++ * needed /home. ++ */ ++ str_copy(filepath, &tmp); ++ free(normdir); ++ str_free(&tmp); ++out: ++ free(path); ++ free(ch1); ++ free(ch2); ++} +Index: vsftpd-3.0.2/str.h +=================================================================== +--- vsftpd-3.0.2.orig/str.h ++++ vsftpd-3.0.2/str.h +@@ -102,6 +102,7 @@ int str_atoi(const struct mystr* p_str); + filesize_t str_a_to_filesize_t(const struct mystr* p_str); + unsigned int str_octal_to_uint(const struct mystr* p_str); + void str_basename (struct mystr* d_str, const struct mystr* path); ++void str_normalize_filepath(struct mystr* filepath); + + /* PURPOSE: Extract a line of text (delimited by \n or EOF) from a string + * buffer, starting at character position 'p_pos'. The extracted line will +Index: vsftpd-3.0.2/ls.c +=================================================================== +--- vsftpd-3.0.2.orig/ls.c ++++ vsftpd-3.0.2/ls.c +@@ -117,11 +117,13 @@ vsf_ls_populate_dir_list(struct mystr_li + { + continue; + } ++ str_copy(&s_next_path_and_filename_str, &normalised_base_dir_str); ++ str_append_str(&s_next_path_and_filename_str, &s_next_filename_str); + /* If we have an ls option which is a filter, apply it */ + if (!str_isempty(p_filter_str)) + { + unsigned int iters = 0; +- if (!vsf_filename_passes_filter(&s_next_filename_str, p_filter_str, ++ if (!vsf_filename_passes_filter(&s_next_path_and_filename_str, p_filter_str, + &iters)) + { + continue; +@@ -130,8 +132,6 @@ vsf_ls_populate_dir_list(struct mystr_li + /* Calculate the full path (relative to CWD) for lstat() and + * output purposes + */ +- str_copy(&s_next_path_and_filename_str, &normalised_base_dir_str); +- str_append_str(&s_next_path_and_filename_str, &s_next_filename_str); + if (do_stat) + { + /* lstat() the file. Of course there's a race condition - the +@@ -239,6 +239,7 @@ vsf_filename_passes_filter(const struct + * for /a/?/c will not. + */ + struct mystr filter_remain_str = INIT_MYSTR; ++ struct mystr basic_name_str = INIT_MYSTR; + struct mystr name_remain_str = INIT_MYSTR; + struct mystr temp_str = INIT_MYSTR; + struct mystr brace_list_str = INIT_MYSTR; +@@ -249,27 +250,29 @@ vsf_filename_passes_filter(const struct + int matched = 0; + + str_copy(&filter_remain_str, p_filter_str); ++ str_copy(&basic_name_str, p_filename_str); ++ str_normalize_filepath(&basic_name_str); + +- if (!str_isempty (&filter_remain_str) && !str_isempty(p_filename_str)) { ++ if (!str_isempty (&filter_remain_str) && !str_isempty(&basic_name_str)) { + if (str_get_char_at(p_filter_str, 0) == '/') { +- if (str_get_char_at(p_filename_str, 0) != '/') { ++ if (str_get_char_at(&basic_name_str, 0) != '/') { + str_getcwd (&name_remain_str); + + if (str_getlen(&name_remain_str) > 1) /* cwd != root dir */ + str_append_char (&name_remain_str, '/'); + +- str_append_str (&name_remain_str, p_filename_str); ++ str_append_str (&name_remain_str, &basic_name_str); + } + else +- str_copy (&name_remain_str, p_filename_str); ++ str_copy (&name_remain_str, &basic_name_str); + } else { + if (str_get_char_at(p_filter_str, 0) != '{') +- str_basename (&name_remain_str, p_filename_str); ++ str_basename (&name_remain_str, &basic_name_str); + else +- str_copy (&name_remain_str, p_filename_str); ++ str_copy (&name_remain_str, &basic_name_str); + } + } else +- str_copy(&name_remain_str, p_filename_str); ++ str_copy(&name_remain_str, &basic_name_str); + + while (!str_isempty(&filter_remain_str) && *iters < VSFTP_MATCHITERS_MAX) + { +@@ -475,6 +475,7 @@ vsf_filename_passes_filter(const struct + } + out: + str_free(&filter_remain_str); ++ str_free(&basic_name_str); + str_free(&name_remain_str); + str_free(&temp_str); + str_free(&brace_list_str); diff --git a/vsftpd-root-squashed-chroot.patch b/vsftpd-root-squashed-chroot.patch new file mode 100644 index 0000000..c85d217 --- /dev/null +++ b/vsftpd-root-squashed-chroot.patch @@ -0,0 +1,112 @@ +--- + parseconf.c | 1 + + secutil.c | 6 ++++-- + secutil.h | 2 ++ + tunables.c | 2 ++ + tunables.h | 1 + + twoprocess.c | 6 ++++++ + vsftpd.conf | 4 ++++ + vsftpd.conf.5 | 7 +++++++ + 8 files changed, 27 insertions(+), 2 deletions(-) + +Index: vsftpd-3.0.2/tunables.c +=================================================================== +--- vsftpd-3.0.2.orig/tunables.c ++++ vsftpd-3.0.2/tunables.c +@@ -88,6 +88,7 @@ int tunable_ftp_enable; + int tunable_http_enable; + int tunable_seccomp_sandbox; + int tunable_allow_writeable_chroot; ++int tunable_allow_root_squashed_chroot; + + unsigned int tunable_accept_timeout; + unsigned int tunable_connect_timeout; +@@ -228,6 +229,7 @@ tunables_load_defaults() + tunable_http_enable = 0; + tunable_seccomp_sandbox = 1; + tunable_allow_writeable_chroot = 0; ++ tunable_allow_root_squashed_chroot = 0; + + tunable_accept_timeout = 60; + tunable_connect_timeout = 60; +Index: vsftpd-3.0.2/tunables.h +=================================================================== +--- vsftpd-3.0.2.orig/tunables.h ++++ vsftpd-3.0.2/tunables.h +@@ -89,6 +89,7 @@ extern int tunable_ftp_enable; + extern int tunable_http_enable; /* Allow HTTP protocol */ + extern int tunable_seccomp_sandbox; /* seccomp filter sandbox */ + extern int tunable_allow_writeable_chroot; /* Allow misconfiguration */ ++extern int tunable_allow_root_squashed_chroot;/* Allow chroot on squashed root nfs */ + + /* Integer/numeric defines */ + extern unsigned int tunable_accept_timeout; +Index: vsftpd-3.0.2/parseconf.c +=================================================================== +--- vsftpd-3.0.2.orig/parseconf.c ++++ vsftpd-3.0.2/parseconf.c +@@ -107,6 +107,7 @@ parseconf_bool_array[] = + { "http_enable", &tunable_http_enable }, + { "seccomp_sandbox", &tunable_seccomp_sandbox }, + { "allow_writeable_chroot", &tunable_allow_writeable_chroot }, ++ { "allow_root_squashed_chroot", &tunable_allow_root_squashed_chroot }, + { 0, 0 } + }; + +Index: vsftpd-3.0.2/twoprocess.c +=================================================================== +--- vsftpd-3.0.2.orig/twoprocess.c ++++ vsftpd-3.0.2/twoprocess.c +@@ -164,6 +164,9 @@ drop_all_privs(void) + { + str_alloc_text(&dir_str, tunable_secure_chroot_dir); + } ++ if (tunable_allow_root_squashed_chroot) { ++ option |= VSF_SECUTIL_OPTION_CHANGE_EUID; ++ } + /* Be kind: give good error message if the secure dir is missing */ + { + struct vsf_sysutil_statbuf* p_statbuf = 0; +@@ -453,6 +456,9 @@ common_do_login(struct vsf_session* p_se + { + secutil_option |= VSF_SECUTIL_OPTION_ALLOW_WRITEABLE_ROOT; + } ++ if (do_chroot && tunable_allow_root_squashed_chroot) { ++ secutil_option |= VSF_SECUTIL_OPTION_CHANGE_EUID; ++ } + calculate_chdir_dir(was_anon, &userdir_str, &chroot_str, &chdir_str, + p_user_str, p_orig_user_str); + vsf_secutil_change_credentials(p_user_str, &userdir_str, &chroot_str, +Index: vsftpd-3.0.2/vsftpd.conf.5 +=================================================================== +--- vsftpd-3.0.2.orig/vsftpd.conf.5 ++++ vsftpd-3.0.2/vsftpd.conf.5 +@@ -42,6 +42,13 @@ connections. + + Default: NO + .TP ++.B allow_root_squashed_chroot ++If set to YES, chroot is called with non-root credentials. This enabled chroot ++on squashed nfs. This option is applied only if chroot is performed, otherwise ++ignored. ++ ++Default: NO ++.TP + .B anon_mkdir_write_enable + If set to YES, anonymous users will be permitted to create new directories + under certain conditions. For this to work, the option +Index: vsftpd-3.0.2/vsftpd.conf +=================================================================== +--- vsftpd-3.0.2.orig/vsftpd.conf ++++ vsftpd-3.0.2/vsftpd.conf +@@ -64,6 +64,10 @@ local_enable=YES + # (default follows) + #chroot_list_file=/etc/vsftpd.chroot_list + # ++# Performs chroot with original (non-root) credentials. This is usefull on nfs with squash_root, ++# where root becomes nobody and would need -x access. ++#allow_root_squashed_chroot=YES ++# + # The maximum data transfer rate permitted, in bytes per second, for + # local authenticated users. The default is 0 (unlimited). + #local_max_rate=7200 diff --git a/vsftpd-seccomp-getrandom.patch b/vsftpd-seccomp-getrandom.patch new file mode 100644 index 0000000..725c659 --- /dev/null +++ b/vsftpd-seccomp-getrandom.patch @@ -0,0 +1,15 @@ +Index: vsftpd-3.0.5/seccompsandbox.c +=================================================================== +--- vsftpd-3.0.5.orig/seccompsandbox.c 2022-02-01 19:47:13.916340458 +0100 ++++ vsftpd-3.0.5/seccompsandbox.c 2022-02-01 19:51:24.196737535 +0100 +@@ -406,6 +406,10 @@ seccomp_sandbox_setup_prelogin(const str + { + allow_nr_1_arg_match(__NR_recvmsg, 3, 0); + allow_nr_2_arg_match(__NR_setsockopt, 2, IPPROTO_TCP, 3, TCP_NODELAY); ++ // called from openssl's RAND_poll which is invoked in FIPS mode when the DRBG is seeded ++ allow_nr(__NR_getrandom); ++ allow_nr_1_arg_mask(__NR_open, 2, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_CLOEXEC); ++ allow_nr(__NR_getuid); + } + if (tunable_syslog_enable) + { diff --git a/vsftpd-seccomp-ssl.patch b/vsftpd-seccomp-ssl.patch new file mode 100644 index 0000000..e921e34 --- /dev/null +++ b/vsftpd-seccomp-ssl.patch @@ -0,0 +1,15 @@ +SSL initialization calls RAND_load_file() which needs stat() enabled. + +Index: vsftpd-3.0.3/seccompsandbox.c +=================================================================== +--- vsftpd-3.0.3.orig/seccompsandbox.c 2021-12-21 15:33:01.491786690 +0100 ++++ vsftpd-3.0.3/seccompsandbox.c 2021-12-21 15:33:01.499786535 +0100 +@@ -559,6 +559,8 @@ seccomp_sandbox_setup_postlogin_broker() + allow_nr(__NR_fstat); + allow_nr(__NR_fchown); + allow_nr_1_arg_match(__NR_recvmsg, 3, 0); ++ // called by RAND_load_file ++ allow_nr(__NR_stat); + } + if (tunable_syslog_enable) + { diff --git a/vsftpd-seccomp-wait4.patch b/vsftpd-seccomp-wait4.patch new file mode 100644 index 0000000..5f91bf5 --- /dev/null +++ b/vsftpd-seccomp-wait4.patch @@ -0,0 +1,14 @@ +Broker has to wait for its child. + +Index: vsftpd-3.0.2/seccompsandbox.c +=================================================================== +--- vsftpd-3.0.2.orig/seccompsandbox.c ++++ vsftpd-3.0.2/seccompsandbox.c +@@ -540,6 +540,7 @@ seccomp_sandbox_setup_postlogin_broker() + seccomp_sandbox_setup_base(); + seccomp_sandbox_setup_data_connections(); + allow_nr_1_arg_match(__NR_sendmsg, 3, 0); ++ allow_nr(__NR_wait4); + if (tunable_chown_uploads) + { + allow_nr(__NR_fstat); diff --git a/vsftpd-support-dsa-only-setups.patch b/vsftpd-support-dsa-only-setups.patch new file mode 100644 index 0000000..09796b4 --- /dev/null +++ b/vsftpd-support-dsa-only-setups.patch @@ -0,0 +1,18 @@ +Index: vsftpd-3.0.3/vsftpd.conf +=================================================================== +--- vsftpd-3.0.3.orig/vsftpd.conf 2018-06-21 11:01:12.125258812 +0000 ++++ vsftpd-3.0.3/vsftpd.conf 2018-06-21 11:04:43.355979116 +0000 +@@ -188,8 +188,12 @@ listen=NO + # Make sure, that one of the listen options is commented !! + listen_ipv6=YES + # +-# Set to ssl_enable=YES if you want to enable SSL ++# Set "ssl_enable=YES" to enable SSL support and configure the location of ++# your local certificate (RSA, DSA, or both). Note that vsftpd won't start ++# if either of the "xxx_cert_file" options sets a path that doesn't exist. + ssl_enable=NO ++rsa_cert_file= ++dsa_cert_file= + # + # Limit passive ports to this range to assis firewalling + pasv_min_port=30000 diff --git a/vsftpd-use-system-wide-crypto-policy.patch b/vsftpd-use-system-wide-crypto-policy.patch new file mode 100644 index 0000000..9d9087b --- /dev/null +++ b/vsftpd-use-system-wide-crypto-policy.patch @@ -0,0 +1,30 @@ +Index: vsftpd-3.0.5/tunables.c +=================================================================== +--- vsftpd-3.0.5.orig/tunables.c ++++ vsftpd-3.0.5/tunables.c +@@ -295,7 +295,7 @@ tunables_load_defaults() + install_str_setting("/usr/share/ssl/certs/vsftpd.pem", + &tunable_rsa_cert_file); + install_str_setting(0, &tunable_dsa_cert_file); +- install_str_setting("DEFAULT_SUSE", &tunable_ssl_ciphers); ++ install_str_setting("PROFILE=SYSTEM", &tunable_ssl_ciphers); + install_str_setting(0, &tunable_rsa_private_key_file); + install_str_setting(0, &tunable_dsa_private_key_file); + install_str_setting(0, &tunable_ca_certs_file); +Index: vsftpd-3.0.5/vsftpd.conf.5 +=================================================================== +--- vsftpd-3.0.5.orig/vsftpd.conf.5 ++++ vsftpd-3.0.5/vsftpd.conf.5 +@@ -1024,7 +1024,11 @@ man page for further details. Note that + security precaution as it prevents malicious remote parties forcing a cipher + which they have found problems with. + +-Default: DEFAULT_SUSE ++By default, the system-wide crypto policy is used. See ++.BR update-crypto-policies(8) ++for further details. ++ ++Default: PROFILE=SYSTEM + .TP + .B ssl_sni_hostname + If set, SSL connections will be rejected unless the SNI hostname in the diff --git a/vsftpd.changes b/vsftpd.changes new file mode 100644 index 0000000..ec7994e --- /dev/null +++ b/vsftpd.changes @@ -0,0 +1,1334 @@ +------------------------------------------------------------------- +Wed Oct 4 08:00:40 UTC 2023 - Thorsten Kukuk + +- Add vsftpd.ftpusers, the netcfg one is not maintained, outdated + and will be removed. +- vsftpd.pam: use own copy of ftpusers. + +------------------------------------------------------------------- +Tue Sep 26 09:20:33 UTC 2023 - Pedro Monreal + +- Enable crypto-policies support: [bsc#1211301] + * Add vsftpd-use-system-wide-crypto-policy.patch + +------------------------------------------------------------------- +Fri Aug 25 15:06:06 UTC 2023 - Thorsten Kukuk + +- Use pam macros to install pam config in /usr/lib/pam.d +- Adjust vsftpd.pam to include postlogin config (replace wtmp with + wtmpdb for Y2038 [jsc#3144]) + +------------------------------------------------------------------- +Mon Jun 19 06:25:26 UTC 2023 - Peter Simons + +- Apply "0001-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch" + to fix the documentation of the strict_ssl_read_eof option. The + documentation says option would be disabled by default, but it is + in fact enabled. [bsc#1200075] + +------------------------------------------------------------------- +Tue Jan 3 16:12:32 UTC 2023 - David Anes + +- Use valid separator for logrotate config file. [bsc#1192179] + +------------------------------------------------------------------- +Fri Sep 16 06:18:26 UTC 2022 - Peter Simons + +- systemd versions prior to 244 do not support the ProtectXYZ + directives we use in our vsftpd.service file and log warnings + every time the daemon starts, which confuses our users. We avoid + this issue by removing the unsupported options from the service + file when installing on a distribution that comes with such an + older version of systemd. [bsc#1196918] + +------------------------------------------------------------------- +Thu Sep 15 11:00:54 UTC 2022 - Stefan Schubert + +- Migration to /usr/etc: Saving user changed configuration files + in /etc and restoring them while an RPM update. + +------------------------------------------------------------------- +Thu Aug 25 08:23:08 UTC 2022 - Peter Simons + +- Apply "disable-tls13-to-support-older-openssl-versions.patch" + when building on SLE-15. This is necessary, because openssl_1_1 + on that codestream is version 1.1.0 rather than 1.1.1 and that + older version has no TLSv1.3 support. [bsc#1187686] + +------------------------------------------------------------------- +Wed Jun 29 13:53:16 UTC 2022 - Stefan Schubert + +- When building on Tumbleweed, move logrotate files from user + specific directory /etc/logrotate.d to vendor specific directory + /usr/etc/logrotate.d. Builds on other codestreams still use the + original location. + +------------------------------------------------------------------- +Tue Mar 3 16:44:28 UTC 2022 - Peter Simons + +- Use rpm conditional to build against the proper OpenSSL version + on all distributions. This allows us to update vsftpd in all + maintained SLE codestreams to the current Factory version and + mitigate the newly discovered ALPACA attack. [jsc#SLE-24275, + jsc#PM-3322, bsc#1187686] + +------------------------------------------------------------------- +Tue Feb 1 18:42:41 UTC 2022 - Peter Simons + +- Add "seccomp-fixes.patch" to fix the syscall architecture offset + from 4 to 5, this change was documented in + . + +- Add "vsftpd-openlog-force.patch" to a logic error in the way the + force option for syslog's openlog() call was handled. + +- Add "vsftpd-seccomp-getrandom.patch" to fix a seccomp failure in + FIPS mode when SSL was enabled. [bsc#1052900] + +- Add "vsftpd-seccomp-ssl.patch" to allow stat() to be called, + which is required during SSL initialization by RAND_load_file(). + +- Add "vsftpd-seccomp-wait4.patch" to allow wait4() to be called so + that the broker can wait for its child processes. [bsc#1021387] + +- Refresh patches to -p1 style so that we can use %autosetup: + * vsftpd-2.0.4-dmapi.patch + * vsftpd-2.0.4-enable-ssl.patch + * vsftpd-2.0.5-enable-debuginfo.patch + * vsftpd-2.0.5-utf8-log-names.patch + * vsftpd-2.0.5-vuser.patch + * vsftpd-2.3.5-conf.patch + +- Apply "revert-undocumented-config-file-format-changes.patch" to + revert the "ssl_tlsv1_X"-style config file options back to their + original spelling. The changes that dropped the underscore from + the version numbers in release 3.0.4 breaks existing + configurations and it was never documented anywhere -- not in the + package's changelog and not in the packages's own man page. + +- Apply "use-system-wide-tls-cipher-policy.patch" so that vsftpd + follows the system-wide TLS cipher policy "DEFAULT_SUSE" by + default. Run the command "openssl ciphers -v DEFAULT_SUSE" to see + which ciphers this includes. + +- Apply "vsftpd-allow-dev-log-socket.patch" to allow sendto() + syscall when /dev/log support is enabled. [bnc#786024] + +- Apply "vsftpd-enable-sendto-for-prelogin-syslog.patch" to allow + sendto() to be called from check_limits(), which is necessary for + vsftpd to write to the system log. + +------------------------------------------------------------------- +Wed Jan 5 10:21:02 UTC 2022 - Johannes Segitz + +- Added hardening to systemd service(s) (bsc#1181400). Modified: + * vsftpd.service + +------------------------------------------------------------------- +Fri Sep 10 13:15:44 UTC 2021 - Fabian Vogt + +- Update to version 3.0.5: + * Fix ALPN callback to correctly select the 'ftp' string if present. + Works with FileZilla-3.55.0. + * Fix a couple of seccomp policy issues with Fedora 34. + +------------------------------------------------------------------- +Tue Jun 15 07:49:13 AM UTC 2021 - Peter Simons + +- Update to version 3.0.4. + * Fix runtime SIGSYS crashes (seccomp sandbox policy tweaks). + * Reject HTTP verbs pre-login. + * Disable TLS prior to v1.2 by default. + * Close the control connection after 10 unknown commands pre-login. + * Reject any TLS ALPN advertisement that's not 'ftp'. + * Add ssl_sni_hostname option to require a match on incoming SNI hostname. + * The options "ssl_tlsv1_1", "ssl_tlsv1_2", and "ssl_tlsv1_3" + have been renamed to "ssl_tlsv11", "ssl_tlsv12", and + "ssl_tlsv13" respectively. Note that the man page has not been + updated accordingly. + +- Upstream has a new GPG key (7B89011BCAE1CFEA). + +- "0001-Introduce-TLSv1.1-and-TLSv1.2-options.patch" is now obsolete. + +- "0001-Introduce-TLSv1.3-option.patch" is now obsolete. + +- "vsftpd-seccomp-syslog.patch" is now obsolete. + +------------------------------------------------------------------- +Mon Jun 14 14:26:05 UTC 2021 - Peter Simons + +- OpenSSL was updated to version 1.1.1 in SLE-15-SP2, adding + support for the TLSv1.3 protocol. As a consequence, some SLE-15 + applications that link OpenSSL for TLS support -- like vsftpd --, + gained the ability to use the newer TLS protocol, which created + interoperability problems with FTP clients in some cases. To + remedy the situation, "0001-Introduce-TLSv1.3-option.patch" was + applied in a forked SLE-15-SP2 version of vsftpd. The patch adds + the configuration option "ssl_tlsv1_3" that system administrators + can use to disable TLSv1.3 support on their servers. + [bsc#1187188] + +------------------------------------------------------------------- +Thu Dec 3 11:20:20 UTC 2020 - Ismail Dönmez + +- Add seccomp-fixes.patch to allow getdents64 syscall in seccomp + sandbox, fixes bsc#1179553 + Also in the same patch, fix the architecture offset from 4 to 5, + this change was documented in https://lore.kernel.org/patchwork/patch/554803/ + +------------------------------------------------------------------- +Fri Nov 13 09:49:06 AM UTC 2020 - psimons@suse.com + +- Apply "0001-Introduce-TLSv1.1-and-TLSv1.2-options.patch" and + "0001-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch", + which add the "ssl_tlsv1_1" and "ssl_tlsv1_2" options to the + configuration file. Both options default to true. [SLE-4182] + +------------------------------------------------------------------- +Wed Aug 19 09:46:05 UTC 2020 - Dominique Leuenberger + +- Use %{_prefix}/lib instead of misused %{_libexecdir}. + +------------------------------------------------------------------- +Thu Dec 5 14:04:59 UTC 2019 - Josef Möllers + +- Add pam_keyinit.so to PAM config file. + [vsftpd.pam, bsc#1144062] + +------------------------------------------------------------------- +Tue Jun 18 15:37:38 UTC 2019 - Peter Simons + +- Apply "vsftpd-avoid-bogus-ssl-write.patch" to fix a segmentation + fault that occurred while trying to write to an invalid TLS + context. [bsc#1125951] + +------------------------------------------------------------------- +Wed Jun 12 14:16:40 UTC 2019 - Dominique Leuenberger + +- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to + shortcut the build queues by allowing usage of systemd-mini + +------------------------------------------------------------------- +Tue Oct 23 22:05:43 UTC 2018 - Christian Boltz + +- firewall-macros should be BuildRequires, not Requires(post) + (the macro gets expanded during package build) + +------------------------------------------------------------------- +Thu Jun 28 15:57:13 UTC 2018 - psimons@suse.com + +- Extend "vsftpd-3.0.3-address_space_limit.patch" to mention the + new 'address_space_limit' option in the installed vsftpd.conf(5) + man page. [bsc#1075060] + +------------------------------------------------------------------- +Thu Jun 21 11:06:33 UTC 2018 - psimons@suse.com + +- Apply "vsftpd-support-dsa-only-setups.patch" to disable the + problematic default setting for rsa_cert_file. Upstream + initializes that value to "/usr/share/ssl/certs/vsftpd.pem" and + vsftpd won't start up if that file does not exist (or if it does + not contain an RSA certificate). Therefore, users who copy a DSA + certificate into that location or properly configure a DSA + certificate via dsa_cert_file without explicitly disabling the + RSA certificate won't be able to start vsftpd. [bsc#975538] + +------------------------------------------------------------------- +Wed May 16 15:25:02 UTC 2018 - psimons@suse.com + +- Don't start/stop parameterized systemd units in pre/post actions. + These units cannot be used without an explicit parameter and + attempts to do so lead to a confusing "failed to try-restart" + error message. [bsc#1093179, bsc#1010177] + +------------------------------------------------------------------- +Wed Apr 25 06:32:25 UTC 2018 - psimons@suse.com + +- vsftpd-enable-syscalls-needed-by-sle15.patch: Enable wait4(), + sysinfo(), and shutdown() syscalls in seccomp sandbox. These are + required for the daemon to work properly on SLE-15. [bsc#1089088, + bsc#1180314] + +------------------------------------------------------------------- +Tue Apr 3 11:48:08 UTC 2018 - vcizek@suse.com + +- Add firewalld service file (bsc#1083705) + +------------------------------------------------------------------- +Wed Dec 13 09:41:39 UTC 2017 - tchvatal@suse.com + +- Make sure to also require group nobody and user ftp bsc#1070653 + +------------------------------------------------------------------- +Thu Sep 7 12:24:26 UTC 2017 - psimons@suse.com + +- Add "vsftpd-die-with-session.patch" to fix a bug in vsftpd that + would cause SSL protocol errors, aborting the connection, whenever + system errors occurred that were supposed to be non-fatal. + [bsc#1044292] + +- Add "vsftpd-mdtm-in-utc.patch" to fix interoperability issue with + various ftp clients that arose when vsftpd is configured with + option "use_localtime=YES". Basically, it's fine to use local time + stamps in directory listings, but responding to MDTM commands with + any time zone other than UTC directly violates RFC3659 and leads + FTP clients to misinterpret the file's time stamp. [bsc#1024961] + +- Add "vsftpd-append-seek-pipe.patch" to allow the FTP server to + append to a file system pipe. [bsc#1048427] + +- Add "vsftpd-3.0.3-address_space_limit.patch" to create the new + configuration option "address_space_limit", which determines the + memory limit vsftpd configures for its own process (given in + bytes). The previously hard-coded limit (100 MB) may not be + sufficient for vsftpd servers running with certain PAM modules + enabled, and in such cases administrators may wish to raise the + limit to match their system's requirements. [bsc#1042137] + +- Don't rely on the vsf_findlibs.sh script to figure out the list + of libraries the build needs to link. The script is wildly + unreliable and it's hard to predict what results it will produce. + Also, the results it *does* produce are invisble in the build + log. We stumbled across this issue when vsftpd suddendly had + build failures on i586 platforms because the script decided to + try and link "-lnsl" even though the library was neither + installed nor required. + +- Drop the explicit specification of the LDFLAGS and LINK variables + from the call to make. The value of LDFLAGS we passed is the + default anyway and giving LINK has no effect since it's not used + anywhere in the Makefile. + +------------------------------------------------------------------- +Wed Jun 14 11:42:26 UTC 2017 - tchvatal@suse.com + +- Conditionally install xinetd service only on older releases + * On current distributions we support the same functionality + via systemd socket activation + +------------------------------------------------------------------- +Mon Jun 12 17:57:38 UTC 2017 - daniel.molkentin@suse.com + +- Fix build against OpenSSL 1.1. Remove lock on 1.0.x libs + adds vsftpd-3.0.3-build-with-openssl-1.1.patch + (bsc#1042673) + +------------------------------------------------------------------- +Wed May 31 15:02:14 UTC 2017 - psimons@suse.com + +- Explicitly depend on OpenSSL version 1.0.x since vsftpd doesn't + compile against the API provided by newer versions. + +------------------------------------------------------------------- +Tue May 2 14:20:06 CEST 2017 - kukuk@suse.de + +- Adjust to new system user/group RPMs + +------------------------------------------------------------------- +Mon Sep 19 11:39:04 UTC 2016 - psimons@suse.com + +- Add vsftpd-3.0.2-fix-chown-uploads.patch to fix a bug in vsftpd + where files uploaded by an anonymous user could not be chown()ed + to the desired UID as specified in the daemon's configuration + file. [bnc#996370] + +------------------------------------------------------------------- +Wed Aug 31 17:21:04 UTC 2016 - dimstar@opensuse.org + +- Extend vsftpd-2.0.4-lib64.diff to also find libcap.so.* in + /usr/lib64. + +------------------------------------------------------------------- +Fri Aug 5 11:27:39 UTC 2016 - tchvatal@suse.com + +- Do not bother with omc xml configs, useless nowdays + +------------------------------------------------------------------- +Wed Mar 23 10:07:55 UTC 2016 - tchvatal@suse.com + +- Require shadow and do not output the error out of useradd + +------------------------------------------------------------------- +Tue Mar 22 14:56:05 UTC 2016 - tchvatal@suse.com + +- Fix hang when using seccomp and syslog bnc#971784: + * vsftpd-seccomp-syslog.patch + +------------------------------------------------------------------- +Tue Mar 22 14:27:27 UTC 2016 - tchvatal@suse.com + +- Fix user creation to not report error when user alredy exist + bnc#972169 + +------------------------------------------------------------------- +Mon Mar 21 12:53:59 UTC 2016 - tchvatal@suse.com + +- Fix bnc#970982 hanging on pam_exec in pam.d + * Add patch vsftpd-3.0.2-wnohang.patch + +------------------------------------------------------------------- +Thu Mar 10 18:15:03 UTC 2016 - jcejka@suse.com + +- Fix memory leaks in ls.c bnc#968138 + * Add patch vsftpd-ls-memleak.patch + * Update patch vsftpd-path-normalize.patch +- Fix wildcard ? matching bnc#969411 + * Update patch vsftpd-2.3.4-sqb.patch + +------------------------------------------------------------------- +Mon Sep 21 11:34:46 UTC 2015 - tchvatal@suse.com + +- Clean-up the init.d support to be bit more readable and add missing dep + +------------------------------------------------------------------- +Mon Sep 21 11:14:59 UTC 2015 - joop.boonen@opensuse.org + +- Brought back additional systemv support so it also builds for SLES 10 and 11 + +------------------------------------------------------------------- +Tue Sep 8 10:57:55 UTC 2015 - tchvatal@suse.com + +- Version bump to 3.0.3: + * Increase VSFTP_AS_LIMIT to 200MB; various reports. + * Make the PWD response more RFC compliant; report from Barry Kelly + . + * Remove the trailing period from EPSV response to work around BT Internet + issues; report from Tim Bishop . + * Fix syslog_enable issues vs. seccomp filtering. Report from Michal Vyskocil + . At least, syslogging seems to work on my Fedora now. + * Allow gettimeofday() in the seccomp sandbox. I can't repro failures, but I + probably have a different distro / libc / etc. and there are multiple reports. + * Some kernels support PR_SET_NO_NEW_PRIVS but not PR_SET_SECCOMP, so handle + this case gracefully. Report from Vasily Averin . + * List the TLS1.2 cipher AES128-GCM-SHA256 as first preference by default. + * Make some compile-time SSL defaults (such as correct client shutdown + handling) stricter. + * Disable Nagle algorithm during SSL data connection shutdown, to avoid 200ms + delays. From Tim Kosse . + * Kill the FTP session if we see HTTP protocol commands, to avoid + cross-protocol attacks. A report from Jann Horn . + * Kill the FTP session if we see session re-use failure. A report from + Tim Kosse . + * Enable ECDHE, Tim Kosse . + * Default cipher list is now just ECDHE-RSA-AES256-GCM-SHA384. + * Minor SSL logging improvements. + * Un-default tunable_strict_ssl_write_shutdown again. We still have + tunable_strict_ssl_read_eof defaulted now, which is the important one to prove + upload integrity. +- Drop patch vsftpd-allow-dev-log-socket.patch should be included + upstream, se above bullet with mvyskocil's email + +------------------------------------------------------------------- +Tue Jun 23 08:51:32 UTC 2015 - tchvatal@suse.com + +- Fix logrotate script to not fail when vsftpd is not running, + bnc#935279 + +------------------------------------------------------------------- +Fri Apr 17 16:35:14 UTC 2015 - tchvatal@suse.com + +- Fix hide_file option wrt bnc#927612: + * vsftpd-path-normalize.patch + +------------------------------------------------------------------- +Sun Apr 5 10:25:50 UTC 2015 - tchvatal@suse.com + +- bnc#925963 stat is sometimes run on wrong path and results with + ENOENT, ensure we sent both dir+file to filter verification: + * vsftpd-path-normalize.patch + +------------------------------------------------------------------- +Wed Mar 25 10:08:03 UTC 2015 - tchvatal@suse.com + +- Update patch bit more for sanity checks. Done by rsassu@suse.de: + * vsftpd-path-normalize.patch + +------------------------------------------------------------------- +Mon Mar 23 20:13:51 UTC 2015 - tchvatal@suse.com + +- Add back patch attempting to fix bnc#900326 bnc#915522 and + bnc#922538: + * vsftpd-path-normalize.patch + +------------------------------------------------------------------- +Mon Mar 23 20:08:19 UTC 2015 - tchvatal@suse.com + +- Reset filter patch to match fedora, my work will be restarted + in one-off patch to make the changes stand out. Add rest of + RH filtering patches: + * vsftpd-2.2.0-wildchar.patch + * vsftpd-2.3.4-sqb.patch + * vsftpd-2.1.0-filter.patch + +------------------------------------------------------------------- +Mon Mar 23 19:56:11 UTC 2015 - tchvatal@suse.com + +- Work on the filter patch and split out the normalisation of the + path to separate str function, currently commented out so I + avoid huge diffing. + * vsftpd-2.1.0-filter.patch + +------------------------------------------------------------------- +Fri Feb 20 12:13:42 UTC 2015 - tchvatal@suse.com + +- Add service calls for other unit files too +- Udate filter patch to work as expected: + * vsftpd-2.1.0-filter.patch + +------------------------------------------------------------------- +Fri Jan 2 10:32:53 UTC 2015 - tchvatal@suse.com + +- Try to fix deny_file parsing to do more what is expected. Taken + from fedora. bnc#900326 bnc#915522 CVE-2015-1419 + * vsftpd-2.1.0-filter.patch + +------------------------------------------------------------------- +Fri Nov 14 09:19:22 UTC 2014 - dimstar@opensuse.org + +- No longer perform gpg validation; osc source_validator does it + implicit: + + Drop gpg-offline BuildRequires. + + No longer execute gpg_verify. + +------------------------------------------------------------------- +Thu Aug 21 14:21:51 UTC 2014 - jmatejek@suse.com + +- force using fork() instead of clone() on s390 - fixes bnc#890469 + * vsftpd-3.0.2-s390.patch + +------------------------------------------------------------------- +Mon May 26 13:13:44 UTC 2014 - tchvatal@suse.com + +- Cleanup with spec-cleaner +- Remove conditions about init files as we do not build for < 12.1 + anyway. +- Update the README.SUSE file to describe more the listen option. + +------------------------------------------------------------------- +Mon May 26 12:52:56 UTC 2014 - tchvatal@suse.com + +- Add socket service for vsftpd to avoid the need for xinetd here. + +------------------------------------------------------------------- +Mon May 26 12:42:21 UTC 2014 - tchvatal@suse.com + +- Add comment about listen variables for xinetd configuration. + Fixes bnc#872221. +- Add default configuration as arg to xinetd started vsftpd. +- Updated patch: + * vsftpd-2.0.4-xinetd.diff + +------------------------------------------------------------------- +Thu Apr 10 12:56:03 UTC 2014 - tchvatal@suse.com + +- Move the enabling of timeofday and alarm one level deeper to + be sure it is whitelisted everytime. + Also should possibly fix bnc#872215. + +- Updated patch: + * vsftpd-enable-gettimeofday-sec.patch + +------------------------------------------------------------------- +Thu Apr 10 12:06:25 UTC 2014 - tchvatal@suse.com + +- Remove forking from service type as it hangs in endless loop. + +------------------------------------------------------------------- +Wed Apr 2 07:47:05 UTC 2014 - tchvatal@suse.com + +- Fix warning about dangling symlink on rcvsftpd from rpmlint and + remove also clean section while at it. + +------------------------------------------------------------------- +Wed Apr 2 07:35:27 UTC 2014 - tchvatal@suse.com + +- Add patch to allow gettimeofday and alarm calls with seccomp + enabled. bnc#870122 +- Added patch: + * vsftpd-enable-gettimeofday-sec.patch + +------------------------------------------------------------------- +Tue Apr 1 07:17:50 UTC 2014 - tchvatal@suse.com + +- Specify that the service type is forking + +------------------------------------------------------------------- +Mon Jan 27 13:04:19 UTC 2014 - mvyskocil@suse.com + +- changed license to SUSE-GPL-2.0-with-openssl-exception + * suggested by legal team + +------------------------------------------------------------------- +Tue Jan 21 11:00:13 UTC 2014 - mvyskocil@suse.com + +- add allow_root_squashed_chroot option to enable chroot on nsf + mounted with squash_root option (fate#311051) + * vsftpd-root-squashed-chroot.patch + +------------------------------------------------------------------- +Sat Jul 20 21:23:31 UTC 2013 - crrodriguez@opensuse.org + +- build with OPENSSL_NO_SSL_INTERN this hides internal struct + members or functions that if changed in future openssl versions + will break the ABI of the calling applications. + +------------------------------------------------------------------- +Thu Apr 4 08:35:40 UTC 2013 - mvyskocil@suse.com + +- add vsftpd-enable-dev-log-sendto.patch (bnc#812406#c1) + * this enabled a sendto on /dev/log socket when syslog is enabled +- provide more verbose explanation about isolate_network and seccomp_sanbox in + config file template +- don't install init file on openSUSE 13.1+ +- drop a build support for SL 10 and older + +------------------------------------------------------------------- +Fri Mar 29 13:15:46 UTC 2013 - mvyskocil@suse.com + +- add vsftpd-drop-newpid-from-clone.patch (bnc#786024#c38) + * drop CLONE_NEWPID from clone to enable audit system +- add vsftpd-enable-fcntl-f_setfl.patch (bnc#812406) + * unconditionally enable F_SETFL patch - might be safe to do + +------------------------------------------------------------------- +Thu Feb 28 16:02:17 UTC 2013 - lnussel@suse.de + +- add isolate_network and seccomp_sandbox options to template to make them + easier to find (bnc#786024) + +------------------------------------------------------------------- +Thu Feb 28 13:30:07 UTC 2013 - mvyskocil@suse.com + +- add vsftpd-allow-dev-log-socket.patch (bnc#786024) + * whitelist /dev/log related socket syscall + +------------------------------------------------------------------- +Tue Nov 20 17:19:03 CET 2012 - sbrabec@suse.cz + +- Verify GPG signature. + +------------------------------------------------------------------- +Tue Nov 20 09:21:17 UTC 2012 - dimstar@opensuse.org + +- Fix useradd invocation: -o is useless without -u and newer + versions of pwdutils/shadowutils fail on this now. + +------------------------------------------------------------------- +Mon Oct 22 13:38:57 UTC 2012 - mvyskocil@suse.com + +- update to 3.0.2 (bnc#786024) + * Fix some seccomp related build errors on certain CentOS and Debian versions. + * Seccomp filter sandbox: missing munmap() -- oops. Did you know that qsort() + opens and maps /proc/meminfo but only for larger item counts? + * Seccomp filter sandbox: deny socket() gracefully for text_userdb_names. + * Fix various NULL crashes with nonsensical config settings. Noted by Tianyin + Xu . + * Force cast to unsigned char in is* char functions. + * Fix harmless integer issues in strlist.c. + * Started on a (possibly ill-advised?) crusade to compile cleanly with + Wconversion. Decided to suspend the effort half-way through. + * One more seccomp policy fix: mremap (denied). + * Support STOU with no filename, uses a STOU. prefix. + +------------------------------------------------------------------- +Fri Aug 24 07:07:55 UTC 2012 - mvyskocil@suse.cz + +- make seccomp sandbox enabled by default + * dropped vsftpd-3.0.0-turn-seccomp-sandbox-off.patch + +------------------------------------------------------------------- +Mon Apr 23 10:38:40 UTC 2012 - brian@aljex.com + +- fix building on 11.4 x86_64 and lower + * fix where, when, & how __USE_GNU gets #defined + * make seccomp optional and disable it on 10.3 and lower + +------------------------------------------------------------------- +Tue Apr 10 14:13:12 UTC 2012 - mvyskocil@suse.cz + +- update to upstream 3.0.0: + * Make listen mode the default. + * Fix missing "const" in ssl.c + * Add seccompsandbox.c to support a seccomp filter sandbox; works against + Ubuntu 12.04 ABI. + * Rearrange ftppolicy.c a bit so the syscall list is easily comparable with + seccompsandbox.c + * Rename deprecated "sandbox" to "ptrace_sandbox". + * Add a few more state checks to the privileged helper processes. + * Add tunable "seccomp_sandbox", default on. + * Use hardened build flags. + * Retry creating a PASV socket upon port reuse race between bind() and + listen(), patch from Ralph Wuerthner . + * Don't die() if recv() indicates a closed remote connection. Problem report + on a Windows client from Herbert van den Bergh, + . + * Add new config setting "allow_writeable_chroot" to help people in a bit of + a spot with the v2.3.5 defensive change. Only applies to non-anonymous. + * Remove a couple of fixed things from BUGS. + * strlen() trunction fix -- no particular impact. + * Apply some tidyups from mmoufid@yorku.ca. + * Fix delete_failed_uploads if there is a timeout. Report from Alejandro + Hernández Hdez . + * Fix other data channel bugs such as failure to log failure upon timeout. + * Use exit codes a bit more consistently. + * Fix bad interaction between SSL and trans_chunk_size. + * Redo data timeout to fire properly for SSL sessions. + * Redo idle timeout to fire properly for SSL sessions. + * Make sure PROT_EXEC isn't allowed, thanks to Will Drewry for noticing. + * Use 10 minutes as a max linger time just in case an alarm gets lost. + * Change PR_SET_NO_NEW_PRIVS define, from Kees Cook. + * Add AES128-SHA to default SSL cipher suites for FileZilla compatibility. + Unfortunately the default vsftpd SSL confiuration still doesn't fully work with + FileZilla, because FileZilla has a data connection security problem: no client + certificate presentation and no session reuse. At least the error message is + now very clear. + * Add restart_syscall to seccomp policy. Triggers reliably if you strace whilst + a data transfer is in progress. + * Fix delete_failed_uploads for anonymous sessions. + * Don't listen for urgent data if the control connection is SSL, due to possible + protocol synchronization issues. +- SUSE specific changes: + * turn off the listen mode (listen=NO) by default and change README.SUSE + * merge new hardended flags for build and linking + * fix the wrong Type=forking from systemd service file + * turn off the seccomp_sandbox off by default as SUSE kernel does not support + it (yet) + +------------------------------------------------------------------- +Tue Feb 21 10:51:51 UTC 2012 - mvyskocil@suse.cz + +- follow Systemd Packaging guidelines + http://en.opensuse.org/openSUSE:Systemd_packaging_guidelines +- add $local_fs and $remote_fs to init script + +------------------------------------------------------------------- +Wed Feb 15 16:41:15 UTC 2012 - mvyskocil@suse.cz + +- use the original tarball, because the bz2 repacking madness disables + gpg --verify +- revert a part oc changes utf converting + +------------------------------------------------------------------- +Fri Dec 23 17:48:04 UTC 2011 - andreas.stieger@gmx.de + +- update to upstream 2.3.5: + * Try and force glibc to cache zoneinfo files in an attempt to work around + glibc parsing vulnerability. Thanks to Kingcope. + * Only report CHMOD in SITE HELP if it's enabled. Thanks to Martin Schwenke + . + * Some simple fixes and cleanups from Thorsten Brehm . + * Only advertise "AUTH SSL" if one of SSLv2, SSLv3 is enabled. Thanks to + steve willing . + * Handle connect() failures properly. Thanks to Takayuki Nagata + . + * Add stronger checks for the configuration error of running with a + writeable root directory inside a chroot(). This may bite people who + carelessly turned on chroot_local_user but such is life. +- convert .changes file to unicode +- refresh vsftpd-2.0.4-conf.diff to vsftpd-2.3.5-conf.patch +- name patches explicitly without macro as per recommendations +- remove INSTALL file from binary package +- update license to GPL-2.0+ +- mark /etc/sysconfig/SuSEfirewall2/services/vsftpd as config file + +------------------------------------------------------------------- +Sat Nov 26 16:31:20 UTC 2011 - crrodriguez@opensuse.org + +- fis copy/paste error in previous change + +------------------------------------------------------------------- +Fri Nov 25 22:14:14 UTC 2011 - crrodriguez@opensuse.org + +- Add systemd unit + +------------------------------------------------------------------- +Thu Sep 22 11:17:04 UTC 2011 - mvyskocil@suse.cz + +- fix bnc#713588 - bogus logrotate config for vsftpd + call /sbin/killproc -HUP /usr/sbin/vsftpd like init script +- change the url and service file to the new location at + security.appspot.com/vsftpd + +------------------------------------------------------------------- +Fri Feb 25 01:37:38 UTC 2011 - crrodriguez@opensuse.org + +- Update to 2.3.4 +- Avoid consuming excessive CPU when matching filenames to patterns. Thanks to +Maksymilian Arciemowicz . +- Some bugfixes from Raphaël Rigo -- good bugs but +no apparent security impact. + +------------------------------------------------------------------- +Tue Sep 21 16:31:39 UTC 2010 - cristian.rodriguez@opensuse.org + +- Update to version 2.3.2 +- Fix silly regression re: log files being overwritten from the start. +- Rename a few file-open functions to make it clearer what they do + +------------------------------------------------------------------- +Tue Aug 10 04:55:16 UTC 2010 - cristian.rodriguez@opensuse.org + +- Update to 2.3.0 +- Add extremely simply HTTP support. It's very experimental, ignorant of HTTP +protocol and headers, and likely has all sorts of other issues. The use case +it might satisfy is if you need to serve simple static unathenticated content +with large levels of paranoia. +- Fix port_promiscuous breakage. +- Minor FAQ update. +- Use a larger address space limit if using text_userdb_names=YES +- Always use CLONE_NEWNET if possible when in HTTP mode. +- Change REST + STOR so that it's possible to overwrite part of file without +truncating it. +- Boot the session if we see a USER where encryption was required. May prevent +the transmission of plaintext passwords by buggy clients. +- Fix failure to transmit a large ASCII file over SSL, if it contains \n -> \r\n +fixups. + + +------------------------------------------------------------------- +Tue May 25 13:05:30 UTC 2010 - cristian.rodriguez@opensuse.org + +- $remote_fs --> network-remotefs + +------------------------------------------------------------------- +Sun Feb 21 19:28:29 UTC 2010 - mseben@novell.com + +- updated to version 2.2.2 + * Change "File receive OK." to "Transfer complete." to placate some broken + clients. Thanks Holger Kiehl . + * Fix erroneous "child died" upon FTP client connect, when under load. Awesome + thanks to Holger Kiehl for running diagnostic tests on + his live server. + * Boot the session if an overly long line is encountered. +- see Changelog file for changes in 2.1.0, 2.1.1, 2.1.2 and 2.2.0 releases +- deprecated use-ipv6-scope-id.patch,libcap2-fix.diff,write_race.patch + nowarn.patch + +------------------------------------------------------------------- +Thu Jan 28 10:42:31 UTC 2010 - mseben@novell.com + +- added use-ipv6-scope-id.patch to fix connection issues with + ipv6-link local address (bnc#574366) + +------------------------------------------------------------------- +Wed Jan 20 14:13:49 UTC 2010 - coolo@novell.com + +- fix typo in the package description - and remove authors + +------------------------------------------------------------------- +Mon Sep 15 14:52:05 CEST 2008 - hvogel@suse.de + +- limit port range for passv to 30000:30100 to assist firewalling + [bnc#420671] + +------------------------------------------------------------------- +Mon Sep 8 15:30:43 CEST 2008 - hvogel@suse.de + +- version 2.0.7 + * Fix man page typo + * Enhance logging for debug_ssl + * Shutdown the SSL data connections properly + * Add option to enforce proper SSL shutdown on uploads + * Add option to delete failed uploads +- limit port range for passv to 1024:2024 to assist firewalling + [bnc#420671] + +------------------------------------------------------------------- +Wed Jun 11 12:44:25 CEST 2008 - hvogel@suse.de + +- Fix simultaneous ftp put of the same file [bnc#361559, bnc#273454] +- dont die on EADDRINUSE but try again [bnc#395899] + +------------------------------------------------------------------- +Fri May 2 10:08:03 CEST 2008 - tiwai@suse.de + +- fix the link with libcap2 + +------------------------------------------------------------------- +Wed Apr 30 11:58:17 CEST 2008 - hvogel@suse.de + +- Make the unpriv bits run as ftpsecure and not as nobody + [bnc#384776] + +------------------------------------------------------------------- +Tue Apr 1 16:23:57 CEST 2008 - mkoenig@suse.de + +- remove dir /usr/share/omc/svcinfo.d as it is provided now + by filesystem + +------------------------------------------------------------------- +Tue Mar 11 20:56:47 CET 2008 - crrodriguez@suse.de + +- version 2.0.6 +- Fix delay_failed_login typo. Oops. +- Patch the getcwd and readlink sysutil helpers to reflect that they wouldn't +like a 0-sized buf. No caller is affected. Thanks Ilja van Sprundel +. +- Allow a (fake) reauth as the same user as the logged in user. Should resolve +.NET related report from Sabo Jim . +- Tweak from Lucian Adrian Grijincu to take +unnecessary port calculations out of a loop. +- Fix byte I/O accounting in the error path of do_file_send_rwloop, thanks to +. +- Don't log FireFox's attempts to RETR directories! Reported by +Nixdorf, Tim . +- Fix STOU sending the same 150 status line twice - oops! Reported by +. +- Fix xferlog format for virtual (guest) users, reported by Andy Fletcher +. +- Fix bug with empty user list file and userlist_deny=NO. Reported by +Marcin Zawadzki/GlobalVanet.com . +- Pretend we have proper UTF8 support and respond positively to OPTS UTF8 ON. +Thanks Stanislav Maslovski . +- Add control over the file permissions used in the chown()ing of anonymous +uploads: chown_upload_mode (default 0600 as before). Suggestion from +An Pham . +- Do a retry getting the active ftp socket in vsf_privop_get_ftp_port_sock(); +should help buggy Solaris systems. Reported by Michael Masterson +. +- Add debug_ssl option to dump out some SSL connection details. +- Use code 522, not 521, to indicate that the server requires an encrypted +data connection. Still does not seem to coax lftp to retry :( +- Recognize OPTS pre-login. +- A whole ton of SSL improvements, including ability to force requirement of +a client cert; data and control channel client cert cross checking. Ability +to require fully valid / authentic client certs. No cert-based auth yet. + +------------------------------------------------------------------- +Tue Mar 27 14:45:11 CEST 2007 - mskibbe@suse.de + +- change path to firewall script (#247352) + +------------------------------------------------------------------- +Fri Mar 2 10:34:33 CET 2007 - mskibbe@suse.de + +- change path to firewall script (#247352) + +------------------------------------------------------------------- +Wed Feb 28 08:46:47 CET 2007 - mskibbe@suse.de + +- vsftpd - Support for FATE #300687: Ports for SuSEfirewall added + via packages (#246932) + +------------------------------------------------------------------- +Mon Jan 15 09:21:58 CET 2007 - mskibbe@suse.de + +- fix cryptic symbol in package - description +- build against libcap on suse < 10.1 + +------------------------------------------------------------------- +Fri Jan 12 09:39:24 CET 2007 - mskibbe@suse.de + +- vsftp could not log any file name other then ascii (#229320) + +------------------------------------------------------------------- +Thu Jan 11 09:54:07 CET 2007 - mskibbe@suse.de + +- change path to xml service document (fate #301713) + +------------------------------------------------------------------- +Mon Jan 8 10:31:52 CET 2007 - mskibbe@suse.de + +- fix Bug #230220 - vsftp no debuginfo + +------------------------------------------------------------------- +Mon Jan 8 09:27:36 CET 2007 - mskibbe@suse.de + +- xml document should readable to all (fate #301713) + +------------------------------------------------------------------- +Wed Dec 6 12:03:32 CET 2006 - mskibbe@suse.de + +- add service xml document (fate #301713 ) + +------------------------------------------------------------------- +Mon Oct 23 09:42:05 CEST 2006 - mskibbe@suse.de + +- fix Bug 213894 - vsftpd and pam + +------------------------------------------------------------------- +Mon Sep 4 11:58:26 CEST 2006 - kukuk@suse.de + +- Include common PAM config files, add pam_loginuid.so + +------------------------------------------------------------------- +Fri Jul 14 10:57:58 CEST 2006 - mskibbe@suse.de + +- udpate to version 2.0.5 which + o IE should now show the login dialog again + o configurable login attempt limits and delays were added + o a bad intereaction with DMAPI filesystems was fixed and chained + certs should now work. + +------------------------------------------------------------------- +Fri May 26 11:50:07 CEST 2006 - schwab@suse.de + +- Don't strip binaries. + +------------------------------------------------------------------- +Thu Apr 20 18:03:29 CEST 2006 - hvogel@suse.de + +- revert the rename to vsftp for the xinetd config file. chkconfig + knows on for init and xinetd. So this wasnt a bug but a misusage + of chkconfig + +------------------------------------------------------------------- +Thu Apr 20 16:21:14 CEST 2006 - hvogel@suse.de + +- add support for DMAPI filesystems [#167632] + +------------------------------------------------------------------- +Wed Apr 19 11:13:47 CEST 2006 - hvogel@suse.de + +- rename xinetd config from vsftpd to vsftp to avoid name clashes + in chkconfig [#165745] + +------------------------------------------------------------------- +Thu Feb 16 12:27:53 CET 2006 - hvogel@suse.de + +- enable ssl for real [#151453] + +------------------------------------------------------------------- +Mon Feb 6 14:31:27 CET 2006 - hvogel@suse.de + +- The switch to standalone should not happen in update. + Installed xinetd config file again. The configuration file is + marked as noreplace anyway so if you are updating you will + get a xinetd.d/vsftpd.rpmnew and a vsftpd.conf.rpmnew + and everything is working as before and standalone is only used + for new installations. [#148201] +- redirect standalone parent output to /var/log/rcvsftp.log + so the init script can return properly. + +------------------------------------------------------------------- +Wed Jan 25 21:42:43 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Fri Jan 13 15:08:31 CET 2006 - hvogel@suse.de + +- Make use of Stack Protector +- fix some uninitialized variables + +------------------------------------------------------------------- +Wed Jan 11 12:11:52 CET 2006 - hvogel@suse.de + +- Update to version 2.0.4 including: + + o Add explicit "This FTP server does not allow anonymous logins" + message. + o Add paranoid checks to sysutil.c for large values / lengths. + o Load per-IP config files earlier; allows more settings to be + tuned on a per-IP level. + o regex fix so that {*} correctly matches everything. + o Add optional file locking support via lock_upload_files. + o Apply LDFLAGS patch from Mads Martin Joergensen . + o Add pasv_addr_resolve option to allow pasv_address to get + DNS resolved once at startup. + o Apply patch to fix timezone issues (caused by chroot() + interacting badly with newer glibc versions). + +------------------------------------------------------------------- +Wed Sep 28 18:47:15 CEST 2005 - mmj@suse.de + +- Add init script, and make it standalone + +------------------------------------------------------------------- +Sun Sep 18 12:00:08 CEST 2005 - kukuk@suse.de + +- Add libcap-devel to nfb + +------------------------------------------------------------------- +Tue Aug 9 14:11:06 CEST 2005 - mmj@suse.de + +- Document that /etc/xinet.d/vsftpd is for xinetd conf [#102953] + +------------------------------------------------------------------- +Mon Aug 8 14:39:16 CEST 2005 - uli@suse.de + +- build with -fPIE, not -fpie (fixes s390x) + +------------------------------------------------------------------- +Mon Jun 27 14:09:14 CEST 2005 - ro@suse.de + +- use libcap + +------------------------------------------------------------------- +Fri Jun 17 10:16:13 CEST 2005 - mmj@suse.de + +- Compile with -fpie, link with -pie + +------------------------------------------------------------------- +Tue Apr 19 16:39:52 CEST 2005 - mmj@suse.de + +- Update to 2.0.3 including: + o Document what regex expressions are supported in the man page. + o New settings rsa_private_key_file and dsa_private_key_file to + allow separate files for the certificates and private keys. + o Initial, simple fix for timed out processes not exiting when + SSL is in use. Better fix (which reports timeout to client + properly) to follow. + o Add which setsockopt option failed to die("setsockopt") calls. + o Fix error with IPv4 connections to IPv6 listeners and PORT + type data connections when connect_from_port_20 is set. + o Remove vsf_sysutil_sockaddr_same_family (unused). + o Support protocol 1 (IPv4) in EPRT. + o Add ssl.c to AUDIT. + o Allow config file to use "ssl_ciphers=" to use default + OpenSSL cipher list. + o Allow "EPSV 1" to mean IPv4 EPSV. + o Report dummy IP but correct port with IPv6 / PASV. + o Handle SSL_WANT_READ and SSL_WANT_WRITE retries in SSL_read + and SSL_write; fixes SSL upload failures when data timeouts are + in use with some clients. + o Implicitly disable connect_from_port_20 and chown_uploads + when a non-root user is using run_as_launching_user. + o Add force_anon_logins_ssl and force_anon_data_ssl for a fully + SSL secure anonymous oonly solution (useful when you don't + have root access and a range of acceptable anonymous + passwords as credentials). + o Use SSL BIO callbacks to fix data connection timeout checks; + the checks weren't all occurring promply. + +------------------------------------------------------------------- +Thu Mar 3 09:35:27 CET 2005 - mmj@suse.de + +- Update to 2.0.2 including: + o Emit data transfer status messages (success / failure) + after flushing and waiting for the full data transfer to + reach the client. This should help work around buggy FTP + clients such as FlashFXP, which is known to truncate files + incorrectly. + o Make str_empty actually allocate an empty string. + o Change the ASCII receive code to ONLY rip out \r if it is + just before a \n; someone finally complained about this. + o Enable AIX Large File Support + o Add a couple of FAQ entries. + o Fix time delta code areas to cope with negative deltas, + which will occur if the clock is adjusted backwards. + o Fix "errno" checks to be robust in multiple places; + previously, calls to failing library calls could be made + inbetween the original library call and the "errno" reads. + o Make bandwidth limiter work with SSL data connections. + o Note that the SSL / bandwidth limiter bug fixed a much more + serious bug: SSL data connection dropouts after + data_connection_timeout seconds. + +------------------------------------------------------------------- +Fri Feb 18 10:48:48 CET 2005 - mmj@suse.de + +- Glibc doesn't cache the timezone as much as it used to, so export + the TZ variable after doing chroot. [#49878] + +------------------------------------------------------------------- +Thu Aug 12 11:26:26 CEST 2004 - mmj@suse.de + +- Update to 2.0.1 including: + o Add -lcrypto for the SSL build; needed for some systems + o Oops; fix session bale out if an empty length password is given. + o Fix build on Fedora Core 2 (-lcap cannot seem to find /lib/libcap.so). + o Fix vsftpd.conf.5 man page error in "ssl_sslv3" + o Clarify licensing: I allow linking of my GPL software with the OpenSSL + libraries. + o Fix build where PAM build is enabled but PAM headers are missing. + +------------------------------------------------------------------- +Fri Jul 2 12:35:51 CEST 2004 - mmj@suse.de + +- Update to 2.0.0 including: + o Improve logging (log deletes, renames, chmods, etc. as + requested by users). + o Add no_log_lock to work around Solaris / Veritas locking + hangs. + o Add EPRT, EPSV, PASV and TVFS to FEAT response. + o Implement use of MDTM to set timestamps. + o Recognize FEAT prior to login. + o Add OpenSSL (AUTH TLS / SSL) support for encrypted control + and data connections. + o Increase max size of .message files to 4000 characters + o Add easy builddefs.h ability to disable PAM builds even when + PAM is installed. + o Report vsftpd version in STAT output. + o Add REFS file. + o Change parent<->child socket comms from DGRAM to STREAM for + increased reliability. The main benefit is should the parent + be killed (or crash out) then the child won't block on a + read() that will never return. + o Make str_reserve reserve space for the trailing zero as well, + so we don't cause a reallocation if we exactly fill the buffer. + o Optimize the sending of strings over the parent<->child comms links. + o Improve the build system so tcp_wrappers, PAM and OpenSSL can + be forcibly compiled out. + o Fix vsftpd.conf.5 typos + o If trans_chunk_size is between 1 and 4096, use 4096 rather + than ignoring totally. + o Add SSL / TLS info to SECURITY texts. + o Add README.ssl + o Add documentation for new SSL options to vsftpd.conf.5. + o Add support for CWD ~ + o Fix compile warnings. + +------------------------------------------------------------------- +Sun May 30 01:35:55 CEST 2004 - mmj@suse.de + +- Add logrotate file [#41432] + +------------------------------------------------------------------- +Tue Apr 27 10:15:24 CEST 2004 - mmj@suse.de + +- Update to 1.2.2 including: + o Fix nasty issue resulting in listener instability under + extreme load (root cause was re-entering malloc/free). + o Fix build with modern glibc-2.3 and no libcap on Linux. + o Add initial support for running as the user which launched + vsftpd, i.e. no root needed. Warning - easy to create + insecurity if you use this without knowing what you are + doing. + o For above run-as-launching-user support: make CDUP re-use CWD + code so that deny_file of *..* is useful. + +------------------------------------------------------------------- +Mon Jan 26 14:08:28 CET 2004 - hvogel@suse.de + +- reworked the log part of the conf file patch. + Enabled syslog as default log destination, clarify xferlog + settings. + +------------------------------------------------------------------- +Mon Jan 19 17:53:28 CET 2004 - mmj@suse.de + +- -D_LARGEFILE_SOURCE to get LFS support. Also make sure the + offset bits are set correct. + +------------------------------------------------------------------- +Fri Jan 16 13:31:12 CET 2004 - kukuk@suse.de + +- Add pam-devel to neededforbuild + +------------------------------------------------------------------- +Thu Nov 13 12:55:27 CET 2003 - mmj@suse.de + +- Update to 1.2.1 + +------------------------------------------------------------------- +Wed Oct 15 12:56:23 CEST 2003 - mmj@suse.de + +- Don't build as root + +------------------------------------------------------------------- +Mon Jul 28 15:55:40 CEST 2003 - mmj@suse.de + +- Add EXAMPLE/ and FAQ +- Don't strip explicitly + +------------------------------------------------------------------- +Fri May 30 12:48:45 CEST 2003 - mmj@suse.de + +- Update to vsftpd-1.2.0 including: + ˇ IPv6 support, so drop our patch + ˇ Many bugfixes and tunings + ˇ Build fixes + +------------------------------------------------------------------- +Thu Mar 6 16:34:30 CET 2003 - mmj@suse.de + +- Fix the xinetd conf file [#24774] + +------------------------------------------------------------------- +Fri Feb 7 13:58:51 CET 2003 - kukuk@suse.de + +- Use pam_unix2.so instead of pam_unix.so + +------------------------------------------------------------------- +Fri Jan 24 12:12:52 CET 2003 - mmj@suse.de + +- Correct xinetd conffile + +------------------------------------------------------------------- +Tue Jan 14 13:54:58 CET 2003 - mmj@suse.de + +- Install xinetd.d/vsftpd + +------------------------------------------------------------------- +Sat Oct 26 10:51:03 CEST 2002 - mmj@suse.de + +- Use better configuration defaults, thanks henne. + +------------------------------------------------------------------- +Fri Oct 25 10:17:07 CEST 2002 - mmj@suse.de + +- Add $RPM_OPT_FLAGS to CFLAGS when building + +------------------------------------------------------------------- +Thu Oct 24 14:05:23 CEST 2002 - mmj@suse.de + +- Update to 1.1.2 including: + o Addition of per-IP connection limits in standalone mode. + o Add logging of refused connect due to global or IP connection limits. + o Make connection limit exceeded messages nonblocking. + o Don't exit the listener if fork fails. + +------------------------------------------------------------------- +Tue Oct 8 09:47:55 CEST 2002 - mmj@suse.de + +- Update to 1.1.1 + +------------------------------------------------------------------- +Fri Aug 2 12:32:43 CEST 2002 - mmj@suse.de + +- Update to 1.1.0 + +------------------------------------------------------------------- +Tue Jul 9 12:48:03 CEST 2002 - okir@suse.de + +- Added a patch to get rid of lots of warnings caused by -Wshadow +- Added a patch to implement IPv6 support + +------------------------------------------------------------------- +Tue Apr 30 14:27:53 CEST 2002 - mmj@suse.de + +- And now without detection of pam in /lib/libpam.so.0, which is + bogus. + +------------------------------------------------------------------- +Sun Feb 17 18:14:13 CET 2002 - mmj@suse.de + +- Added a patch to the vsftpd library detection function to make + it build with /usr/lib64. Fixes build on S/390. + +------------------------------------------------------------------- +Tue Feb 12 13:52:01 MET 2002 - mmj@suse.de + +- Remove Requires: ftpdir + +------------------------------------------------------------------- +Mon Feb 4 18:02:20 CET 2002 - choeger@suse.de + +- do not set e(x)ecute bit on textfiles + +------------------------------------------------------------------- +Fri Feb 1 14:33:13 CET 2002 - choeger@suse.de + +- declare config file as %config(noreplace) + +------------------------------------------------------------------- +Thu Jan 17 15:45:11 CET 2002 - mmj@suse.de + +- Update to version 1.0.1 + +------------------------------------------------------------------- +Fri Nov 30 16:25:35 CET 2001 - mmj@suse.de + +- Use /etc/pam.d/vsftpd + +------------------------------------------------------------------- +Tue Nov 13 13:30:42 CET 2001 - mmj@suse.de + +- Updated to version 1.0.0 + +------------------------------------------------------------------- +Mon Oct 22 15:57:40 CEST 2001 - mmj@suse.de + +- Initial package diff --git a/vsftpd.firewall b/vsftpd.firewall new file mode 100644 index 0000000..2d926ef --- /dev/null +++ b/vsftpd.firewall @@ -0,0 +1,17 @@ +## Name: vsftpd Server +## Description: Opens ports for vsftpd Server. + +# space separated list of allowed TCP ports +TCP="ftp 30000:30100" + +# space separated list of allowed UDP ports +UDP="" + +# space separated list of allowed RPC services +RPC="" + +# space separated list of allowed IP protocols +IP="" + +# space separated list of allowed UDP broadcast ports +BROADCAST="" diff --git a/vsftpd.firewalld b/vsftpd.firewalld new file mode 100644 index 0000000..fd543b7 --- /dev/null +++ b/vsftpd.firewalld @@ -0,0 +1,8 @@ + + + vsftpd ports + vsftpd ports for both active and passive connections + + + + diff --git a/vsftpd.ftpusers b/vsftpd.ftpusers new file mode 100644 index 0000000..ef73f0a --- /dev/null +++ b/vsftpd.ftpusers @@ -0,0 +1,16 @@ +# +# ftpusers This file describes the names of the users that may +# _*NOT*_ log into the system via the FTP server. +# This usually includes "root", "uucp", "news" and the +# like, because those users have too much power to be +# allowed to do "just" FTP... +# +adm +bin +daemon +games +mail +news +nobody +root +uucp diff --git a/vsftpd.init b/vsftpd.init new file mode 100644 index 0000000..e69035a --- /dev/null +++ b/vsftpd.init @@ -0,0 +1,107 @@ +#! /bin/sh +# Copyright (c) 1995-2005 SUSE Linux GmbH, Nuernberg, Germany. +# All rights reserved. +# +# Author: Mads Martin Joergensen +# +# /etc/init.d/vsftpd +# and its symbolic link +# /usr/sbin/rcvsftpd +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# +### BEGIN INIT INFO +# Provides: ftpd +# Required-Start: $local_fs $remote_fs $syslog network-remotefs +# Required-Stop: $local_fs $remote_fs $syslog network-remotefs +# Default-Start: 3 5 +# Default-Stop: 0 1 2 6 +# Description: very secure ftp daemon +# Short-Description: very secure ftp daemon +### END INIT INFO +# Note on runlevels: +# 0 - halt/poweroff 6 - reboot +# 1 - single user 2 - multiuser without network exported +# 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm) +# +# Note on script names: +# http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html +# A registry has been set up to manage the init script namespace. +# http://www.lanana.org/ +# Please use the names already registered or register one or use a +# vendor prefix. + +VSFTPD_BIN=/usr/sbin/vsftpd +test -x $VSFTPD_BIN || { echo "$VSFTPD_BIN not installed"; + if [ "$1" = "stop" ]; then exit 0; + else exit 5; fi; } + +. /etc/rc.status + +rc_reset + +case "$1" in + start) + echo -n "Starting vsftpd " + /sbin/startproc -l /var/log/rcvsftp.log $VSFTPD_BIN + rc_status -v + ;; + stop) + echo -n "Shutting down vsftpd " + /sbin/killproc -TERM $VSFTPD_BIN + rc_status -v + ;; + try-restart|condrestart) + ## Do a restart only if the service was active before. + ## Note: try-restart is now part of LSB (as of 1.9). + ## RH has a similar command named condrestart. + if test "$1" = "condrestart"; then + echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" + fi + $0 status + if test $? = 0; then + $0 restart + else + rc_reset # Not running is not a failure. + fi + + rc_status + ;; + restart) + $0 stop + $0 start + rc_status + ;; + force-reload) + echo -n "Reload service vsftpd " + /sbin/killproc -HUP $VSFTPD_BIN + rc_status -v + ;; + reload) + echo -n "Reload service vsftpd " + /sbin/killproc -HUP $VSFTPD_BIN + rc_status -v + ;; + status) + echo -n "Checking for service vsftpd " + /sbin/checkproc $VSFTPD_BIN + rc_status -v + ;; + *) + echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}" + exit 1 + ;; +esac +rc_exit diff --git a/vsftpd.keyring b/vsftpd.keyring new file mode 100644 index 0000000..38317c7 --- /dev/null +++ b/vsftpd.keyring @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGCyyncBEADCkx7Uh4mO2Q590LFi7gCh+Ivm1MqsK+pBXmIiIMBPFLMKqmji +boJiJFu4QcB/ZJZOLVBKKwbQfN/7IeulNkrvMhnu+jJizz0hUDDLQjuoScx53+MW +zwIPhI7OAJ6kurlHo0b1wvNnJD5ENmwxrOTYL5bHxut/05a+uTaruPFQPNOMYMzs +rOvIZrzv0lcW/8ZL4tAFvlkogfiGNC9Vfxy4Px8lyVhhfiVzVY3+UNJMM69n6QAt +kUH07xpV+vn7I3lD4dZM96zFnrXuQhwJba3fbCY9vFN0NDRVdF3tYl2xwJhXMJtM +jtQ1Tw9ykRMPsLlaiow0/uW3mYrTYjDP12VxukCEg6a240mhT4jAVA4cSoOCdGBJ +AZCQk5SLbr/MwikggUyS9Fu3d10WKUSyQFS8NWQGHpaFSIIp3T/dGTe6fprhXzFo +vvLv26OCFNvn4vTHz4lMzZZJjYLNtlcriJoSPCCe8/fI9BmgARmFxiKgY5ENQOrY +cZUJJ3sHre52aqCETgz+w8j5o/cAU8iizlYxYsJK/Y+QXlVIzyV8oQGm/jvXhrhi +CgB4xx96cthfolv2Lj+Dz90d/MYKB3suX38Q1ZNhxCZjIcoE+dcn+uGHUqzm4sot +gN37P1Xfijn15L2cHoV1itasVlOc92HrEUEaBWpB6QXF6nEYkkgA2agnMwARAQAB +tCNDaHJpcyBFdmFucyA8c2NhcnliZWFzdHNAZ21haWwuY29tPokCVAQTAQgAPhYh +BGeiq09B+ZcsIfa/ZnuJARvK4c/qBQJgssp3AhsDBQkSzAMABQsJCAcCBhUKCQgL +AgQWAgMBAh4BAheAAAoJEHuJARvK4c/qW6QP/2dZFkqxQl7hGJizaGIMCHXV1R2G +0r1S3GyVSRZEUWuVvv2UMjxYx6DZhhoaTGRNi0gXVrTVL3FG8yBfLN2LQQCSXK4k +eee8FIXSp1LhwciAJKN+Z5nc0i7R6Qy6cIvc82DO6Y4FaMJZoO5lWbl1WjEYO/oN +NJAp7U3J+BWYKTzIB+Nh2vaapzj2XrNB6dh3ry2nj7yZmerPquYtXsuNRfi/c/Z0 +2t+TiSEFZW83/NZFGbDhhzWB19TMFM5oUpSBH6Yw02ASseaZBRBK0gLhfKGEnf2W +KgrwcGd41kMxia6UsrXiG3ZjDR+gF/sed93ZdLWpyYxN4DinirCt/+i1/L5RWCSg +Xus1SviMmnTfhB7WB+WfrIauLpPZOZhdLc3vSBdBmOZ6+p0qLQC2eK2rehM6kQzw +nd9vmCtws2l5HGsBngrBEIkXsPVSVZKEUB8xH57nbIzn7igsUgrTBdz8K61oMaAu +iEZzRJ35P81B3uJqZyqjkONm/1J9d081V2aiASJw/vfiAEkjpws488ZWkg9FFSFJ +VqvAUu6p/g152GP+vatqFT1sH8zxXLLrwGlcktZFNfTYSnscQ9NU/L761anjrgM4 +Oi7ks4jLq91vwvxW9E9TNyuMUJj85412xPIwx1o1+fKGwzi1d+01uQ73aPmp6Z4l +idE6tmV5wVSuMGSCuQINBGCyyncBEADIM7Z+1GxMvEtKRyWukfL5w8C4Bqid6M7N +yCCs8bT1lunc7/weiNCOFigZDfAaSoFQpVe22YZABeWD/wO0iY9x+wOwpnsGhmC9 +7H/c0+g4IT7fKkaNVMbvUGfo9dWrXD2gtFzZJruMnPbj0HeFqSHvkGbMM7dLyMlF +K295F901iFvvfw7jSQyVGVS97i7swXj9F/O13jedIbh+3TWdkKk/YqmMsETjkcOe +UvmY7P7pTKEpdimvY2I1B8PsBJkyjdZA8G+eiG1STa0+Vj4yVtMJodKJDJbY6+y7 +M9hajCdUTplLWTbxzPMo54KjTOzyLVT7mfugUlS7WQWrVWVtvScJsvaec95+p/Bx +UdJVwylVjQrxJxI8Bk2yrIgu7/rj+uYGV5+TNKjJWFkQw0YDJ1NkcvVjU7WIwNCl +X6s5s/tuX+yzUA+DBSHx0WuqtGWYaFgXeO/pWPidc8ovYFVIAr3QB76AeEL3ZJj3 +ttN5jk96zOlaVxOOlEC6zX5TJ7Z+aQHBPq8RN/G8o99sOdx5QuKqvhHe8673eIMY +CWPgNSSMJ/7I5IBLsIfIv2UWgLPPHS8s/HTwPacU0/L4pahh553uAhC4QP7BPkYw +p4KXGasR3v9YxuSa33IraJALC6eF2t3L0CLUMzsc0pgLCmGqzskbrP8p0daBjFCS +KofV+jOiQQARAQABiQI8BBgBCAAmFiEEZ6KrT0H5lywh9r9me4kBG8rhz+oFAmCy +yncCGwwFCRLMAwAACgkQe4kBG8rhz+qDNRAAsG3lta/eQ+yWTHCXxXYfw94jm/bx +XFUcvSOwjO+vB5tCt8Q0JmxoZ6PDD/bkcGSDz8FHjhxiIGYKPQiyu7jeZDAijBzu +MLf3yGuubM6SUoXB1olkTbs9DTSFdTPqbM8eYn14CVHk19w/in/Oe11BD0I7D4Qg +bkjIAkIKf01AxbcLFKOMihqhSEIEeqP70DIP8hT3arefk2wgEKG108SOzCPD1YQ7 +sEkYX2lRXjqBefHmIGLVllF3v+jUHYFIVz62i/OVMBHXF0D9Qn39cE5e94VdRZIf +0hdizes1w48o9DxVSs+5TTtuLfFtsY+22OqZZ1cxXrdNUBCB4XEllrDdu58Qr7No +fpDPDB4AVatWkpB288C/USl1UJgvhuvZs1AKChi9egfoMJczkZMvgQeiKagQkyeb +l/W7vT3wX4R2WvcM4n6rlPkvRNvO+jw9owSDWuF+6iB0DWEpv5hMjPEfTBv0sYTH +T/sOcV7vKV9Q6JsQwvfOagI9OAkXbxbjpbQgk/jlaaz/9+5wIy2vvW69Nh7ZfFNO +RU1GhwNbghLwbHF7rrGvpwlV9hwpaMYcplvkW9bMgjPGpwxecE1zDdhO8Zq9QXyb +dvDqRPNAqsWd/LwwqRpG36/YI4f5Pdv38W9/HoXlqj9+Uaa/TyDl9TIlBCYcnrzM +SEfMQy8pH/YWOBk= +=QcZC +-----END PGP PUBLIC KEY BLOCK----- diff --git a/vsftpd.logrotate b/vsftpd.logrotate new file mode 100644 index 0000000..7fa09b9 --- /dev/null +++ b/vsftpd.logrotate @@ -0,0 +1,14 @@ +/var/log/vsftpd.log { + compress + dateext + maxage 365 + rotate 99 + size +1024k + notifempty + missingok + create 600 root root + sharedscripts + postrotate + pgrep vsftpd && killall -HUP vsftpd || exit 0 + endscript +} diff --git a/vsftpd.pam b/vsftpd.pam new file mode 100644 index 0000000..0b7fe7b --- /dev/null +++ b/vsftpd.pam @@ -0,0 +1,16 @@ +#%PAM-1.0 + +# Uncomment this to achieve what used to be ftpd -A. +# auth required pam_listfile.so item=user sense=allow file=/etc/ftpchroot onerr=fail + +auth required pam_listfile.so item=user sense=deny file=/etc/vftpd/ftpusers onerr=succeed +# Uncomment the following line for anonymous ftp. +#auth sufficient pam_ftp.so +auth required pam_shells.so +auth include common-auth +account include common-account +password include common-password +session required pam_keyinit.so force revoke +session required pam_loginuid.so +session include common-session +session include postlogin-session diff --git a/vsftpd.service b/vsftpd.service new file mode 100644 index 0000000..a13d299 --- /dev/null +++ b/vsftpd.service @@ -0,0 +1,20 @@ +[Unit] +Description=Vsftpd ftp daemon +After=network.target + +[Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions +ExecStart=/usr/sbin/vsftpd /etc/vsftpd.conf + +[Install] +WantedBy=multi-user.target diff --git a/vsftpd.socket b/vsftpd.socket new file mode 100644 index 0000000..cdc0d33 --- /dev/null +++ b/vsftpd.socket @@ -0,0 +1,9 @@ +[Unit] +Conflicts=vsftpd.service + +[Socket] +ListenStream=21 +Accept=yes + +[Install] +WantedBy=sockets.target diff --git a/vsftpd.spec b/vsftpd.spec new file mode 100644 index 0000000..cf7f6b5 --- /dev/null +++ b/vsftpd.spec @@ -0,0 +1,322 @@ +# +# spec file for package vsftpd +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%if 0%{?suse_version} > 1210 +%global with_systemd 1 +%else +%global with_systemd 0 +%endif +%if 0%{?suse_version} >= 1500 +%define use_firewalld 1 +%else +%define use_firewalld 0 +%endif +Name: vsftpd +Version: 3.0.5 +Release: 0 +Summary: Very Secure FTP Daemon - Written from Scratch +License: SUSE-GPL-2.0-with-openssl-exception +Group: Productivity/Networking/Ftp/Servers +URL: https://security.appspot.com/vsftpd.html +Source0: https://security.appspot.com/downloads/%{name}-%{version}.tar.gz +Source1: %{name}.pam +Source2: %{name}.logrotate +Source3: %{name}.init +Source4: README.SUSE +Source5: %{name}.ftpusers +Source6: %{name}.firewall +Source7: vsftpd.service +Source8: vsftpd@.service +Source9: %{name}.keyring +Source10: vsftpd.socket +Source11: %{name}.firewalld +Source1000: https://security.appspot.com/downloads/%{name}-%{version}.tar.gz.asc +Patch1: vsftpd-2.0.4-lib64.diff +Patch3: vsftpd-2.0.4-xinetd.diff +Patch4: vsftpd-2.0.4-enable-ssl.patch +Patch5: vsftpd-2.0.4-dmapi.patch +Patch6: vsftpd-2.0.5-vuser.patch +Patch7: vsftpd-2.0.5-enable-debuginfo.patch +Patch8: vsftpd-2.0.5-utf8-log-names.patch +Patch9: vsftpd-2.3.5-conf.patch +Patch10: vsftpd-3.0.0_gnu_source_defines.patch +Patch11: vsftpd-3.0.0-optional-seccomp.patch +#PATCH-FIX-OPENSUSE: bnc#786024, second issue with pam_login_acct +Patch13: vsftpd-drop-newpid-from-clone.patch +#PATCH-FIX-OPENSUSE: bnc#812406 +Patch14: vsftpd-enable-fcntl-f_setfl.patch +#PATCH-FIX-OPENSUSE: bnc#812406 +Patch15: vsftpd-enable-dev-log-sendto.patch +#PATCH-FEATURE-SUSE: FATE#311051, call chroot with user credentials to enable nsf with squash_root option +Patch16: vsftpd-root-squashed-chroot.patch +#PATCH-FIX-UPSTREAM: bnc#870122 +Patch17: vsftpd-enable-gettimeofday-sec.patch +#PATCH-FIX-UPSTREAM: bnc#890469 fix broken syscall on s390 +Patch18: vsftpd-3.0.2-s390.patch +#PATCH-FIX-UPSTREAM: bnc#900326 deny_file filtering acts weirdly (19-22) +Patch19: vsftpd-2.1.0-filter.patch +Patch20: vsftpd-2.2.0-wildchar.patch +Patch21: vsftpd-2.3.4-sqb.patch +Patch22: vsftpd-path-normalize.patch +Patch23: vsftpd-ls-memleak.patch +#PATCH-FIX-UPSTREAM: bnc#970982 +Patch24: vsftpd-3.0.2-wnohang.patch +Patch25: vsftpd-3.0.2-fix-chown-uploads.patch +#FIX-FIX-OPENSUSE: bsc#1042673 +Patch26: vsftpd-3.0.3-build-with-openssl-1.1.patch +Patch27: vsftpd-mdtm-in-utc.patch +Patch28: vsftpd-die-with-session.patch +Patch29: vsftpd-append-seek-pipe.patch +Patch30: vsftpd-3.0.3-address_space_limit.patch +Patch31: vsftpd-enable-syscalls-needed-by-sle15.patch +Patch32: vsftpd-support-dsa-only-setups.patch +Patch33: vsftpd-avoid-bogus-ssl-write.patch +Patch35: 0001-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch +# PATCH-FIX-UPSTREAM https://bugzilla.suse.com/show_bug.cgi?id=1179553 +Patch36: seccomp-fixes.patch +Patch37: vsftpd-openlog-force.patch +Patch38: vsftpd-seccomp-getrandom.patch +Patch39: vsftpd-seccomp-ssl.patch +Patch40: vsftpd-seccomp-wait4.patch +Patch41: revert-undocumented-config-file-format-changes.patch +Patch42: use-system-wide-tls-cipher-policy.patch +Patch43: vsftpd-allow-dev-log-socket.patch +Patch44: vsftpd-enable-sendto-for-prelogin-syslog.patch +Patch45: disable-tls13-to-support-older-openssl-versions.patch +Patch46: 0001-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch +#PATCH-FIX-OPENSUSE bsc#1211301 Enable crypto-policies support +Patch47: vsftpd-use-system-wide-crypto-policy.patch +BuildRequires: libcap-devel +%if 0%{?suse_version} == 1315 +BuildRequires: libopenssl-1_1-devel >= 1.1.1 +%else +%if 0%{?sle_version} == 150000 +BuildRequires: libopenssl-1_1-devel >= 1.1.0 +%else +BuildRequires: libopenssl-devel >= 1.1.1 +%endif +%endif +BuildRequires: pam-devel +Requires: logrotate +Requires(pre): shadow +Provides: ftp-server +%if %{use_firewalld} +BuildRequires: firewall-macros +%endif +%if 0%{?suse_version} >= 1330 +Requires: group(nobody) +Requires: user(ftp) +Requires(pre): group(nobody) +%endif +%if %{with_systemd} +BuildRequires: pkgconfig(systemd) +%{?systemd_requires} +%else +Requires(post): %insserv_prereq +%endif + +%description +Vsftpd is an FTP server, or daemon. The "vs" stands for Very Secure. +Obviously this is not a guarantee, but the entire codebase was written +with security in mind, and carefully designed to be resilient to +attack. + +Recent evidence suggests that vsftpd is also extremely fast (and this +is before any explicit performance tuning!). In tests against wu-ftpd, +vsftpd was always faster, supporting over twice as many users in some +tests. + +%prep +%setup -q +%patch1 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%patch13 -p1 +%patch14 -p1 +%patch15 -p1 +%patch16 -p1 +%patch17 -p1 +%patch18 -p1 +%patch19 -p1 +%patch20 -p1 +%patch21 -p1 +%patch22 -p1 +%patch23 -p1 +%patch24 -p1 +%patch25 -p1 +%patch26 -p1 +%patch27 -p1 +%patch28 -p1 +%patch29 -p1 +%patch30 -p1 +%patch31 -p1 +%patch32 -p1 +%patch33 -p1 +%patch35 -p1 +%patch36 -p1 +%patch37 -p1 +%patch38 -p1 +%patch39 -p1 +%patch40 -p1 +%patch41 -p1 +%patch42 -p1 +%patch43 -p1 +%patch44 -p1 +%if 0%{?sle_version} == 150000 +%patch45 -p1 +%endif +%patch46 -p1 +%patch47 -p1 + +%build +%define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP +rm dummyinc/sys/capability.h vsf_findlibs.sh +make CFLAGS="%{optflags} -DOPENSSL_NO_SSL_INTERN -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fPIE -fstack-protector --param=ssp-buffer-size=4 %{seccomp_opts}" \ + LIBS="-lpam -lcap -lssl -lcrypto" + +%install +mkdir -p %{buildroot}%{_datadir}/empty +cp %{SOURCE4} . +install -D -m 755 %{name} %{buildroot}%{_sbindir}/%{name} +install -D -m 600 %{name}.conf %{buildroot}%{_sysconfdir}/%{name}.conf +%if 0%{?suse_version} < 1330 +install -D -m 600 xinetd.d/%{name} %{buildroot}%{_sysconfdir}/xinetd.d/%{name} +%endif +install -D -m 644 $RPM_SOURCE_DIR/%{name}.pam %{buildroot}%{_pam_vendordir}/%{name} +install -D -m 600 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/ftpusers +%if 0%{?suse_version} > 1500 +mkdir -p %{buildroot}%{_distconfdir}/logrotate.d +install -D -m 644 $RPM_SOURCE_DIR/%{name}.logrotate %{buildroot}%{_distconfdir}/logrotate.d/%{name} +%else +install -D -m 644 $RPM_SOURCE_DIR/%{name}.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/%{name} +%endif +install -D -m 644 %{name}.conf.5 %{buildroot}/%{_mandir}/man5/%{name}.conf.5 +install -D -m 644 %{name}.8 %{buildroot}/%{_mandir}/man8/%{name}.8 +%if %{with_systemd} +ln -sf service %{buildroot}/%{_sbindir}/rc%{name} +install -D -m 0644 %{SOURCE7} %{buildroot}/%{_unitdir}/%{name}.service +%if 0%{?sle_version} && 0%{?sle_version} < 150300 +sed -r -i '/^(Protect(Home|Hostname|KernelLogs|Clock|KernelTunables|KernelModules|ControlGroups)|RestrictRealtime|PrivateMounts)=/d' %{buildroot}/%{_unitdir}/%{name}.service +%endif +install -D -m 0644 %{SOURCE8} %{buildroot}/%{_unitdir}/%{name}@.service +install -D -m 0644 %{SOURCE10} %{buildroot}/%{_unitdir}/%{name}.socket +%else +install -D -m 755 %{SOURCE3} %{buildroot}%{_initddir}/%{name} +ln -sf %{_initddir}/%{name} %{buildroot}/%{_sbindir}/rc%{name} +%endif +# install firewall information file +%if %{use_firewalld} +install -D -m 644 %{SOURCE11} %{buildroot}%{_prefix}/lib/firewalld/services/%{name}.xml +%else +install -d %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/ +install -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name} +%endif + +%pre +getent passwd ftpsecure >/dev/null || useradd -r -g nobody -s /bin/false -c "Secure FTP User" -d %{_localstatedir}/lib/empty ftpsecure +%if %{with_systemd} +%service_add_pre %{name}.service %{name}.socket +%endif +%if 0%{?suse_version} > 1500 +# Prepare for migration to /usr/etc; save any old .rpmsave +for i in logrotate.d/%{name} ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: +done +%endif + +%if 0%{?suse_version} > 1500 +%posttrans +# Migration to /usr/etc, restore just created .rpmsave +for i in logrotate.d/%{name} ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: +done +%endif + +%preun +%if %{with_systemd} +%service_del_preun %{name}.service %{name}.socket +%else +%stop_on_removal %{name} +%endif + +%post +%if %{with_systemd} +%service_add_post %{name}.service %{name}.socket +%else +%insserv_cleanup +%restart_on_update %{name} +%endif +%if %{use_firewalld} +%{firewalld_reload} +%endif + +%postun +%if %{with_systemd} +%service_del_postun %{name}.service %{name}.socket +%else +%insserv_cleanup +%restart_on_update %{name} +%endif + +%files +%if %{with_systemd} +%{_unitdir}/%{name}.service +%{_unitdir}/%{name}.socket +%{_unitdir}/%{name}@.service +%else +%{_initddir}/%{name} +%endif +%{_sbindir}/%{name} +%{_sbindir}/rc%{name} +%dir %{_datadir}/empty +%if 0%{?suse_version} < 1330 +%config(noreplace) %{_sysconfdir}/xinetd.d/%{name} +%endif +%config(noreplace) %{_sysconfdir}/%{name}.conf +%if 0%{?suse_version} > 1500 +%config %{_pam_vendordir}/%{name} +%{_distconfdir}/logrotate.d/%{name} +%else +%config %{_pam_sysconfdir}/pam.d/%{name} +%config(noreplace) %{_sysconfdir}/logrotate.d/%{name} +%endif +%dir %{_sysconfdir}/vsftpd +%config %{_sysconfdir}/vsftpd/ftpusers +%{_mandir}/man5/%{name}.conf.* +%{_mandir}/man8/%{name}.* +%license LICENSE +%doc BUGS AUDIT Changelog README README.security +%license COPYING +%doc REWARD SPEED TODO SECURITY TUNING SIZE FAQ EXAMPLE +%doc README.SUSE +%if %{use_firewalld} +%dir %{_prefix}/lib/firewalld +%dir %{_prefix}/lib/firewalld/services +%{_prefix}/lib/firewalld/services/%{name}.xml +%else +%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name} +%endif + +%changelog diff --git a/vsftpd@.service b/vsftpd@.service new file mode 100644 index 0000000..01f9c83 --- /dev/null +++ b/vsftpd@.service @@ -0,0 +1,8 @@ +[Unit] +Description=Very Secure FTP Daemon + +[Service] +Type=simple +ExecStart=/usr/sbin/vsftpd /etc/vsftpd.conf -obackground=NO -olisten=NO -olisten_ipv6=NO +StandardInput=socket +SuccessExitStatus=2