pool/vsftpd
SHA256
12
0
Fork 1
Code Issues Pull Requests Activity
Files
e15069f3f5605667ec0e987ced0268a98c586ca542ab272ef3f0cd3f70ed263d
vsftpd/vsftpd.spec
Tomáš Chvátal 7cbe902ddd - Version bump to 3.0.3: 
* Increase VSFTP_AS_LIMIT to 200MB; various reports.
  * Make the PWD response more RFC compliant; report from Barry Kelly
    <barry@modeltwozero.com>.
  * Remove the trailing period from EPSV response to work around BT Internet
    issues; report from Tim Bishop <tdb@mirrorservice.org>.
  * Fix syslog_enable issues vs. seccomp filtering. Report from Michal Vyskocil
    <mvyskocil@suse.cz>. At least, syslogging seems to work on my Fedora now.
  * Allow gettimeofday() in the seccomp sandbox. I can't repro failures, but I
    probably have a different distro / libc / etc. and there are multiple reports.
  * Some kernels support PR_SET_NO_NEW_PRIVS but not PR_SET_SECCOMP, so handle
    this case gracefully. Report from Vasily Averin <vvs@odin.com>.
  * List the TLS1.2 cipher AES128-GCM-SHA256 as first preference by default.
  * Make some compile-time SSL defaults (such as correct client shutdown
    handling) stricter.
  * Disable Nagle algorithm during SSL data connection shutdown, to avoid 200ms
    delays. From Tim Kosse <tim.kosse@filezilla-project.org>.
  * Kill the FTP session if we see HTTP protocol commands, to avoid
    cross-protocol attacks. A report from Jann Horn <jann@thejh.net>.
  * Kill the FTP session if we see session re-use failure. A report from
    Tim Kosse <tim.kosse@filezilla-project.org>.
  * Enable ECDHE, Tim Kosse <tim.kosse@filezilla-project.org>.
  * Default cipher list is now just ECDHE-RSA-AES256-GCM-SHA384.
  * Minor SSL logging improvements.
  * Un-default tunable_strict_ssl_write_shutdown again. We still have
    tunable_strict_ssl_read_eof defaulted now, which is the important one to prove
    upload integrity.
- Drop patch vsftpd-allow-dev-log-socket.patch should be included
  upstream, se above bullet with mvyskocil's email

OBS-URL: https://build.opensuse.org/package/show/network/vsftpd?expand=0&rev=89
2015-09-08 11:05:12 +00:00

167 lines
6.1 KiB
RPMSpec
Raw Blame History

#
# spec file for package vsftpd
#
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: vsftpd
Version: 3.0.3
Release: 0
Summary: Very Secure FTP Daemon - Written from Scratch
License: SUSE-GPL-2.0-with-openssl-exception
Group: Productivity/Networking/Ftp/Servers
Url: https://security.appspot.com/vsftpd.html
Source0: https://security.appspot.com/downloads/%{name}-%{version}.tar.gz
Source1: %{name}.pam
Source2: %{name}.logrotate
Source4: README.SUSE
Source5: %{name}.xml
Source6: %{name}.firewall
Source7: vsftpd.service
Source8: vsftpd@.service
Source9: %{name}.keyring
Source10: vsftpd.socket
Source1000: https://security.appspot.com/downloads/%{name}-%{version}.tar.gz.asc
Patch1: vsftpd-2.0.4-lib64.diff
Patch3: vsftpd-2.0.4-xinetd.diff
Patch4: vsftpd-2.0.4-enable-ssl.patch
Patch5: vsftpd-2.0.4-dmapi.patch
Patch6: vsftpd-2.0.5-vuser.patch
Patch7: vsftpd-2.0.5-enable-debuginfo.patch
Patch8: vsftpd-2.0.5-utf8-log-names.patch
Patch9: vsftpd-2.3.5-conf.patch
Patch10: vsftpd-3.0.0_gnu_source_defines.patch
Patch11: vsftpd-3.0.0-optional-seccomp.patch
#PATCH-FIX-OPENSUSE: bnc#786024, second issue with pam_login_acct
Patch13: vsftpd-drop-newpid-from-clone.patch
#PATCH-FIX-OPENSUSE: bnc#812406
Patch14: vsftpd-enable-fcntl-f_setfl.patch
#PATCH-FIX-OPENSUSE: bnc#812406
Patch15: vsftpd-enable-dev-log-sendto.patch
#PATCH-FEATURE-SUSE: FATE#311051, call chroot with user credentials to enable nsf with squash_root option
Patch16: vsftpd-root-squashed-chroot.patch
#PATCH-FIX-UPSTREAM: bnc#870122
Patch17: vsftpd-enable-gettimeofday-sec.patch
#PATCH-FIX-UPSTREAM: bnc#890469 fix broken syscall on s390
Patch18: vsftpd-3.0.2-s390.patch
#PATCH-FIX-UPSTREAM: bnc#900326 deny_file filtering acts weirdly (19-22)
Patch19: vsftpd-2.1.0-filter.patch
Patch20: vsftpd-2.2.0-wildchar.patch
Patch21: vsftpd-2.3.4-sqb.patch
Patch22: vsftpd-path-normalize.patch
BuildRequires: libcap-devel
BuildRequires: openssl-devel
BuildRequires: pam-devel
BuildRequires: systemd
Requires: logrotate
Requires(pre): %{_sbindir}/useradd
Provides: ftp-server
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%{?systemd_requires}
%description
Vsftpd is an FTP server, or daemon. The "vs" stands for Very Secure.
Obviously this is not a guarantee, but the entire codebase was written
with security in mind, and carefully designed to be resilient to
attack.
Recent evidence suggests that vsftpd is also extremely fast (and this
is before any explicit performance tuning!). In tests against wu-ftpd,
vsftpd was always faster, supporting over twice as many users in some
tests.
%prep
%setup -q
%patch1
%patch3 -p1
%patch4
%patch5
%patch6
%patch7
%patch8
%patch9
%patch10 -p1
%patch11 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
%build
%define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP
rm -f dummyinc/sys/capability.h
make CFLAGS="%{optflags} -DOPENSSL_NO_SSL_INTERN -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fPIE -fstack-protector --param=ssp-buffer-size=4 %{seccomp_opts}" \
LDFLAGS="-fPIE -pie -Wl,-z,relro -Wl,-z,now" LINK=
%install
mkdir -p %{buildroot}%{_datadir}/empty
cp %{SOURCE4} .
install -D -m 755 %{name} %{buildroot}%{_sbindir}/%{name}
install -D -m 600 %{name}.conf %{buildroot}%{_sysconfdir}/%{name}.conf
install -D -m 600 xinetd.d/%{name} %{buildroot}%{_sysconfdir}/xinetd.d/%{name}
install -D -m 644 $RPM_SOURCE_DIR/%{name}.pam %{buildroot}%{_sysconfdir}/pam.d/%{name}
install -D -m 644 $RPM_SOURCE_DIR/%{name}.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
install -D -m 644 %{name}.conf.5 %{buildroot}/%{_mandir}/man5/%{name}.conf.5
install -D -m 644 %{name}.8 %{buildroot}/%{_mandir}/man8/%{name}.8
ln -sf service %{buildroot}/%{_sbindir}/rc%{name}
install -D -m 0644 %{SOURCE7} %{buildroot}/%{_unitdir}/%{name}.service
install -D -m 0644 %{SOURCE8} %{buildroot}/%{_unitdir}/%{name}@.service
install -D -m 0644 %{SOURCE10} %{buildroot}/%{_unitdir}/%{name}.socket
install -d %{buildroot}/%{_datadir}/omc/svcinfo.d/
install -D -m 644 %{SOURCE5} %{buildroot}/%{_datadir}/omc/svcinfo.d/
install -d %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/
install -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
%pre
%{_sbindir}/useradd -r -g nogroup -s /bin/false -c "Secure FTP User" -d %{_localstatedir}/lib/empty ftpsecure 2> /dev/null || :
%service_add_pre %{name}.service %{name}@.service %{name}.socket
%preun
%service_del_preun %{name}.service %{name}@.service %{name}.socket
%post
%service_add_post %{name}.service %{name}@.service %{name}.socket
%postun
%service_del_postun %{name}.service %{name}@.service %{name}.socket
%files
%defattr(-,root,root)
%{_unitdir}/%{name}.service
%{_unitdir}/%{name}.socket
%{_unitdir}/%{name}@.service
%{_sbindir}/%{name}
%{_sbindir}/rc%{name}
%{_datadir}/omc/svcinfo.d/vsftpd.xml
%dir %{_datadir}/empty
%config(noreplace) %{_sysconfdir}/xinetd.d/%{name}
%config(noreplace) %{_sysconfdir}/%{name}.conf
%config %{_sysconfdir}/pam.d/%{name}
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%{_mandir}/man5/%{name}.conf.*
%{_mandir}/man8/%{name}.*
%doc BUGS AUDIT Changelog LICENSE README README.security
%doc REWARD SPEED TODO SECURITY TUNING SIZE FAQ EXAMPLE COPYING
%doc README.SUSE
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
%changelog
Reference in New Issue View Git Blame Copy Permalink