Accepting request 950708 from network

Import patches from SLE-12-SP4, SLE-15-SP2, and revert undocumented config file format changes. OBS-URL: https://build.opensuse.org/request/show/950708 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/vsftpd?expand=0&rev=78
2022-02-03 22:15:47 +00:00 · 2022-02-03 22:15:47 +00:00 · 21ce65e1ee
commit 21ce65e1ee
parent 5963417d82 65b6ad2a94
16 changed files with 279 additions and 72 deletions
--- a/revert-undocumented-config-file-format-changes.patch
+++ b/revert-undocumented-config-file-format-changes.patch
@ -0,0 +1,17 @@
 Index: vsftpd-3.0.5/parseconf.c
 ===================================================================
 --- vsftpd-3.0.5.orig/parseconf.c	2022-02-01 20:35:02.703078850 +0100
 +++ vsftpd-3.0.5/parseconf.c	2022-02-01 20:35:44.042486850 +0100
@@ -85,9 +85,9 @@ parseconf_bool_array[] =
   { "ssl_sslv2", &tunable_sslv2 },
   { "ssl_sslv3", &tunable_sslv3 },
   { "ssl_tlsv1", &tunable_tlsv1 },
 -  { "ssl_tlsv11", &tunable_tlsv1_1 },
 -  { "ssl_tlsv12", &tunable_tlsv1_2 },
 -  { "ssl_tlsv13", &tunable_tlsv1_3 },
 +  { "ssl_tlsv1_1", &tunable_tlsv1_1 },
 +  { "ssl_tlsv1_2", &tunable_tlsv1_2 },
 +  { "ssl_tlsv1_3", &tunable_tlsv1_3 },
   { "tilde_user_enable", &tunable_tilde_user_enable },
   { "force_anon_logins_ssl", &tunable_force_anon_logins_ssl },
   { "force_anon_data_ssl", &tunable_force_anon_data_ssl },
--- a/use-system-wide-tls-cipher-policy.patch
+++ b/use-system-wide-tls-cipher-policy.patch
@ -0,0 +1,26 @@
 Index: vsftpd-3.0.5/tunables.c
 ===================================================================
 --- vsftpd-3.0.5.orig/tunables.c	2022-02-02 10:58:56.589962539 +0100
 +++ vsftpd-3.0.5/tunables.c	2022-02-02 11:00:17.600782133 +0100
@@ -295,7 +295,7 @@ tunables_load_defaults()
   install_str_setting("/usr/share/ssl/certs/vsftpd.pem",
                       &tunable_rsa_cert_file);
   install_str_setting(0, &tunable_dsa_cert_file);
 -  install_str_setting("ECDHE-RSA-AES256-GCM-SHA384", &tunable_ssl_ciphers);
 +  install_str_setting("DEFAULT_SUSE", &tunable_ssl_ciphers);
   install_str_setting(0, &tunable_rsa_private_key_file);
   install_str_setting(0, &tunable_dsa_private_key_file);
   install_str_setting(0, &tunable_ca_certs_file);
 Index: vsftpd-3.0.5/vsftpd.conf.5
 ===================================================================
 --- vsftpd-3.0.5.orig/vsftpd.conf.5	2022-02-02 10:58:56.589962539 +0100
 +++ vsftpd-3.0.5/vsftpd.conf.5	2022-02-02 11:01:58.855306755 +0100
@@ -1025,7 +1025,7 @@ man page for further details. Note that
 security precaution as it prevents malicious remote parties forcing a cipher
 which they have found problems with.
 -Default: DES-CBC3-SHA
 +Default: DEFAULT_SUSE
 .TP
 .B ssl_sni_hostname
 If set, SSL connections will be rejected unless the SNI hostname in the
--- a/vsftpd-2.0.4-dmapi.patch
+++ b/vsftpd-2.0.4-dmapi.patch
@ -1,8 +1,8 @@
-Index: postlogin.c
+Index: vsftpd-3.0.5/postlogin.c
 ===================================================================
--- postlogin.c.orig	2012-04-10 16:09:50.440384915 +0200
+--- vsftpd-3.0.5.orig/postlogin.c	2015-07-22 21:03:22.000000000 +0200
-+++ postlogin.c	2012-04-10 16:10:01.193753389 +0200
+++ vsftpd-3.0.5/postlogin.c	2022-02-01 20:12:02.710908421 +0100
-@@ -1053,6 +1053,11 @@
+@@ -1061,6 +1061,11 @@ handle_upload_common(struct vsf_session*
     {
       do_truncate = 1;
     }
--- a/vsftpd-2.0.4-enable-ssl.patch
+++ b/vsftpd-2.0.4-enable-ssl.patch
@ -1,5 +1,7 @@
--- builddefs.h.orig
+Index: vsftpd-3.0.5/builddefs.h
-+++ builddefs.h
+===================================================================
 --- vsftpd-3.0.5.orig/builddefs.h	2021-08-02 09:01:43.000000000 +0200
 +++ vsftpd-3.0.5/builddefs.h	2022-02-01 20:12:01.538925293 +0100
@@ -3,7 +3,7 @@
 #undef VSF_BUILD_TCPWRAPPERS
--- a/vsftpd-2.0.5-enable-debuginfo.patch
+++ b/vsftpd-2.0.5-enable-debuginfo.patch
@ -1,8 +1,8 @@
-Index: Makefile
+Index: vsftpd-3.0.5/Makefile
 ===================================================================
--- Makefile.orig	2012-04-03 09:21:18.000000000 +0200
+--- vsftpd-3.0.5.orig/Makefile	2012-09-16 09:27:35.000000000 +0200
-+++ Makefile	2012-04-10 16:10:53.545547162 +0200
+++ vsftpd-3.0.5/Makefile	2022-02-01 20:12:04.538882105 +0100
-@@ -9,7 +9,6 @@
+@@ -9,7 +9,6 @@ CFLAGS	=	-O2 -fPIE -fstack-protector --p
 	#-pedantic -Wconversion
 LIBS	=	`./vsf_findlibs.sh`
@ -10,7 +10,7 @@ Index: Makefile
 LDFLAGS	=	-fPIE -pie -Wl,-z,relro -Wl,-z,now
 OBJS	=	main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o \
-@@ -26,7 +25,7 @@
+@@ -26,7 +25,7 @@ OBJS	=	main.o utility.o prelogin.o ftpcm
 	$(CC) -c $*.c $(CFLAGS) $(IFLAGS)
 vsftpd: $(OBJS) 
--- a/vsftpd-2.0.5-utf8-log-names.patch
+++ b/vsftpd-2.0.5-utf8-log-names.patch
@ -1,8 +1,8 @@
-Index: str.c
+Index: vsftpd-3.0.5/str.c
 ===================================================================
--- str.c.orig	2012-03-28 17:25:40.000000000 +0200
+--- vsftpd-3.0.5.orig/str.c	2012-09-16 09:09:06.000000000 +0200
-+++ str.c	2012-04-10 16:10:59.965767345 +0200
+++ vsftpd-3.0.5/str.c	2022-02-01 20:12:05.458868861 +0100
-@@ -27,6 +27,24 @@
+@@ -27,6 +27,24 @@ static int str_equal_internal(const char
                               const char* p_buf2, unsigned int buf2_len);
 /* Private functions */
@ -27,7 +27,7 @@ Index: str.c
 static void
 s_setbuf(struct mystr* p_str, char* p_newbuf)
 {
-@@ -181,6 +199,45 @@
+@@ -181,6 +199,45 @@ str_reserve(struct mystr* p_str, unsigne
   p_str->p_buf[res_len - 1] = '\0';
 }
@ -73,29 +73,26 @@ Index: str.c
 int
 str_isempty(const struct mystr* p_str)
 {
-@@ -702,11 +759,13 @@
+@@ -702,6 +759,7 @@ void
 str_replace_unprintable(struct mystr* p_str, char new_char)
 {
   unsigned int i;
 -  for (i=0; i < p_str->len; i++)
 -  {
 -    if (!vsf_sysutil_isprint(p_str->p_buf[i]))
 +  if( !str_is_utf8( p_str ) ) {
-+    for (i=0; i < p_str->len; i++)
+   for (i=0; i < p_str->len; i++)
   {
-      p_str->p_buf[i] = new_char;
+     if (!vsf_sysutil_isprint(p_str->p_buf[i]))
-+      if (!vsf_sysutil_isprint(p_str->p_buf[i]))
+@@ -709,5 +767,6 @@ str_replace_unprintable(struct mystr* p_
-+      {
+       p_str->p_buf[i] = new_char;
-+        p_str->p_buf[i] = new_char;
+     }
   }
 +  }
 }
-   }
+ 
- }
+Index: vsftpd-3.0.5/str.h
 Index: str.h
 ===================================================================
--- str.h.orig	2008-12-17 06:53:23.000000000 +0100
+--- vsftpd-3.0.5.orig/str.h	2012-09-16 09:01:52.000000000 +0200
-+++ str.h	2012-04-10 16:10:59.965767345 +0200
+++ vsftpd-3.0.5/str.h	2022-02-01 20:12:05.458868861 +0100
-@@ -36,6 +36,7 @@
+@@ -36,6 +36,7 @@ void str_free(struct mystr* p_str);
 void str_trunc(struct mystr* p_str, unsigned int trunc_len);
 void str_reserve(struct mystr* p_str, unsigned int res_len);
--- a/vsftpd-2.0.5-vuser.patch
+++ b/vsftpd-2.0.5-vuser.patch
@ -1,5 +1,7 @@
--- EXAMPLE/VIRTUAL_USERS/vsftpd.pam.orig
+Index: vsftpd-3.0.5/EXAMPLE/VIRTUAL_USERS/vsftpd.pam
-+++ EXAMPLE/VIRTUAL_USERS/vsftpd.pam
+===================================================================
 --- vsftpd-3.0.5.orig/EXAMPLE/VIRTUAL_USERS/vsftpd.pam	2008-02-02 02:30:40.000000000 +0100
 +++ vsftpd-3.0.5/EXAMPLE/VIRTUAL_USERS/vsftpd.pam	2022-02-01 20:12:03.670894600 +0100
@@ -1,2 +1,2 @@
 -auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login
 -account required /lib/security/pam_userdb.so db=/etc/vsftpd_login
--- a/vsftpd-2.3.5-conf.patch
+++ b/vsftpd-2.3.5-conf.patch
@ -1,7 +1,7 @@
-Index: vsftpd.conf
+Index: vsftpd-3.0.5/vsftpd.conf
 ===================================================================
--- vsftpd.conf.orig
+--- vsftpd-3.0.5.orig/vsftpd.conf	2011-12-17 19:24:40.000000000 +0100
-+++ vsftpd.conf
+++ vsftpd-3.0.5/vsftpd.conf	2022-02-01 20:12:06.546853199 +0100
@@ -4,23 +4,89 @@
 # loosens things up a bit, to make the ftp daemon more usable.
 # Please see vsftpd.conf.5 for all compiled in defaults.
--- a/vsftpd-allow-dev-log-socket.patch
+++ b/vsftpd-allow-dev-log-socket.patch
@ -0,0 +1,30 @@
 From: mvyskocil@suse.com
 Subject: enable /dev/log related socket call
 Linux-PAM try to open /dev/log, but as socket is not enabled in seccomp
 sandbox, daemon is killed by SIGSYS. Because the attempt is made by process
 with RLIMIT_NOFILE, the correct fix would be to test if we can open a new fd in
 pam. Anyway I would say the risc is small, and other socket syscalls are disabled.
 Fixes: https://bugzilla.novell.com/show_bug.cgi?id=786024
 Index: vsftpd-3.0.5/seccompsandbox.c
 ===================================================================
 --- vsftpd-3.0.5.orig/seccompsandbox.c	2022-02-02 11:03:38.133860169 +0100
 +++ vsftpd-3.0.5/seccompsandbox.c	2022-02-02 11:03:38.177859528 +0100
@@ -366,6 +366,15 @@ seccomp_sandbox_init()
   {
     bug("bad state in seccomp_sandbox_init");
   }
 +
 +  //this is very probably an attempt to open /dev/log
 +  //it fails because process cannot open any file, so it might be safe
 +  //socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = -1 EMFILE (Too many open files)
 +  allow_nr_3_arg_match(__NR_socket,
 +                       1, PF_FILE,
 +                       2, SOCK_DGRAM | SOCK_CLOEXEC,
 +                       3, 0);
 +
 }
 void
--- a/vsftpd-enable-sendto-for-prelogin-syslog.patch
+++ b/vsftpd-enable-sendto-for-prelogin-syslog.patch
@ -0,0 +1,21 @@
 Enable sendto for syslog logging to /dev/log in prelogin
 We write to log from check_limits() and therefore we have to allow
 sendto() for syslog otherwise sandbox will kill the child.
 Index: vsftpd-3.0.2/seccompsandbox.c
 ===================================================================
 --- vsftpd-3.0.2.orig/seccompsandbox.c
 +++ vsftpd-3.0.2/seccompsandbox.c
@@ -388,6 +388,11 @@ seccomp_sandbox_setup_prelogin(const str
                        1, PF_FILE,
                        2, SOCK_DGRAM | SOCK_CLOEXEC,
                        3, 0);
 +  // allow syslog logs from check_limits()
 +  if (tunable_syslog_enable)
 +  {
 +    allow_nr_1_arg_match(__NR_sendto, 6, 0);
 +  }
 }
--- a/vsftpd-openlog-force.patch
+++ b/vsftpd-openlog-force.patch
@ -0,0 +1,18 @@
 Force openlog() to open log immediately iff force!=0.
 Otherwise is log opened on first syslog() call which may be
 after the privileges are dropped and new file descriptors
 cannot be created.
 Index: vsftpd-3.0.5/sysutil.c
 ===================================================================
 --- vsftpd-3.0.5.orig/sysutil.c	2022-02-01 19:38:36.487789134 +0100
 +++ vsftpd-3.0.5/sysutil.c	2022-02-01 19:44:08.787005494 +0100
@@ -2700,7 +2700,7 @@ vsf_sysutil_openlog(int force)
 {
   int facility = LOG_DAEMON;
   int option = LOG_PID;
 -  if (!force)
 +  if (force)
   {
     option |= LOG_NDELAY;
   }
--- a/vsftpd-seccomp-getrandom.patch
+++ b/vsftpd-seccomp-getrandom.patch
@ -0,0 +1,15 @@
 Index: vsftpd-3.0.5/seccompsandbox.c
 ===================================================================
 --- vsftpd-3.0.5.orig/seccompsandbox.c	2022-02-01 19:47:13.916340458 +0100
 +++ vsftpd-3.0.5/seccompsandbox.c	2022-02-01 19:51:24.196737535 +0100
@@ -406,6 +406,10 @@ seccomp_sandbox_setup_prelogin(const str
   {
     allow_nr_1_arg_match(__NR_recvmsg, 3, 0);
     allow_nr_2_arg_match(__NR_setsockopt, 2, IPPROTO_TCP, 3, TCP_NODELAY);
 +    // called from openssl's RAND_poll which is invoked in FIPS mode when the DRBG is seeded
 +    allow_nr(__NR_getrandom);
 +    allow_nr_1_arg_mask(__NR_open, 2, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_CLOEXEC);
 +    allow_nr(__NR_getuid);
   }
   if (tunable_syslog_enable)
   {
--- a/vsftpd-seccomp-ssl.patch
+++ b/vsftpd-seccomp-ssl.patch
@ -0,0 +1,15 @@
 SSL initialization calls RAND_load_file() which needs stat() enabled.
 Index: vsftpd-3.0.3/seccompsandbox.c
 ===================================================================
 --- vsftpd-3.0.3.orig/seccompsandbox.c	2021-12-21 15:33:01.491786690 +0100
 +++ vsftpd-3.0.3/seccompsandbox.c	2021-12-21 15:33:01.499786535 +0100
@@ -559,6 +559,8 @@ seccomp_sandbox_setup_postlogin_broker()
     allow_nr(__NR_fstat);
     allow_nr(__NR_fchown);
     allow_nr_1_arg_match(__NR_recvmsg, 3, 0);
 +    // called by RAND_load_file
 +    allow_nr(__NR_stat);
   }
   if (tunable_syslog_enable)
   {
--- a/vsftpd-seccomp-wait4.patch
+++ b/vsftpd-seccomp-wait4.patch
@ -0,0 +1,14 @@
 Broker has to wait for its child.
 Index: vsftpd-3.0.2/seccompsandbox.c
 ===================================================================
 --- vsftpd-3.0.2.orig/seccompsandbox.c
 +++ vsftpd-3.0.2/seccompsandbox.c
@@ -540,6 +540,7 @@ seccomp_sandbox_setup_postlogin_broker()
   seccomp_sandbox_setup_base();
   seccomp_sandbox_setup_data_connections();
   allow_nr_1_arg_match(__NR_sendmsg, 3, 0);
 +  allow_nr(__NR_wait4);
   if (tunable_chown_uploads)
   {
     allow_nr(__NR_fstat);
--- a/vsftpd.changes
+++ b/vsftpd.changes
@ -1,3 +1,49 @@
 -------------------------------------------------------------------
 Tue Feb  1 18:42:41 UTC 2022 - Peter Simons <psimons@suse.com>
 - Add "seccomp-fixes.patch" to fix the syscall architecture offset
  from 4 to 5, this change was documented in
  <https://lore.kernel.org/patchwork/patch/554803/>.
 - Add "vsftpd-openlog-force.patch" to a logic error in the way the
  force option for syslog's openlog() call was handled.
 - Add "vsftpd-seccomp-getrandom.patch" to fix a seccomp failure in
  FIPS mode when SSL was enabled. [bsc#1052900]
 - Add "vsftpd-seccomp-ssl.patch" to allow stat() to be called,
  which is required during SSL initialization by RAND_load_file().
 - Add "vsftpd-seccomp-wait4.patch" to allow wait4() to be called so
  that the broker can wait for its child processes. [bsc#1021387]
 - Refresh patches to -p1 style so that we can use %autosetup:
  * vsftpd-2.0.4-dmapi.patch
  * vsftpd-2.0.4-enable-ssl.patch
  * vsftpd-2.0.5-enable-debuginfo.patch
  * vsftpd-2.0.5-utf8-log-names.patch
  * vsftpd-2.0.5-vuser.patch
  * vsftpd-2.3.5-conf.patch
 - Apply "revert-undocumented-config-file-format-changes.patch" to
  revert the "ssl_tlsv1_X"-style config file options back to their
  original spelling. The changes that dropped the underscore from
  the version numbers in release 3.0.4 breaks existing
  configurations and it was never documented anywhere -- not in the
  package's changelog and not in the packages's own man page.
 - Apply "use-system-wide-tls-cipher-policy.patch" so that vsftpd
  follows the system-wide TLS cipher policy "DEFAULT_SUSE" by
  default. Run the command "openssl ciphers -v DEFAULT_SUSE" to see
  which ciphers this includes.
 - Apply "add vsftpd-allow-dev-log-socket.patch" to allow sendto()
  syscall when /dev/log support is enabled. [bnc#786024]
 - Apply "vsftpd-enable-sendto-for-prelogin-syslog.patch" to allow
  sendto() to be called from check_limits(), which is necessary for
  vsftpd to write to the system log.
 -------------------------------------------------------------------
 Wed Jan  5 10:21:02 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
@ -22,11 +68,33 @@ Tue Jun 15 07:49:13 AM UTC 2021 - Peter Simons <psimons@suse.com>
  * Close the control connection after 10 unknown commands pre-login.
  * Reject any TLS ALPN advertisement that's not 'ftp'.
  * Add ssl_sni_hostname option to require a match on incoming SNI hostname.
  * The options "ssl_tlsv1_1", "ssl_tlsv1_2", and "ssl_tlsv1_3"
    have been renamed to "ssl_tlsv11", "ssl_tlsv12", and
    "ssl_tlsv13" respectively. Note that the man page has not been
    updated accordingly.
 - Upstream has a new GPG key (7B89011BCAE1CFEA).
 - "0001-Introduce-TLSv1.1-and-TLSv1.2-options.patch" is now obsolete.
 - "0001-Introduce-TLSv1.3-option.patch" is now obsolete.
 - "vsftpd-seccomp-syslog.patch" is now obsolete.
 -------------------------------------------------------------------
 Mon Jun 14 14:26:05 UTC 2021 - Peter Simons <psimons@suse.com>
 - OpenSSL was updated to version 1.1.1 in SLE-15-SP2, adding
  support for the TLSv1.3 protocol. As a consequence, some SLE-15
  applications that link OpenSSL for TLS support -- like vsftpd --,
  gained the ability to use the newer TLS protocol, which created
  interoperability problems with FTP clients in some cases. To
  remedy the situation, "0001-Introduce-TLSv1.3-option.patch" was
  applied in a forked SLE-15-SP2 version of vsftpd. The patch adds
  the configuration option "ssl_tlsv1_3" that system administrators
  can use to disable TLSv1.3 support on their servers.
  [bsc#1187188]
 -------------------------------------------------------------------
 Thu Dec  3 11:20:20 UTC 2020 - Ismail Dönmez <idonmez@suse.com>
@ -105,7 +173,8 @@ Wed Apr 25 06:32:25 UTC 2018 - psimons@suse.com
 - vsftpd-enable-syscalls-needed-by-sle15.patch: Enable wait4(),
  sysinfo(), and shutdown() syscalls in seccomp sandbox. These are
-  required for the daemon to work properly on SLE-15. [bsc#1089088]
+  required for the daemon to work properly on SLE-15. [bsc#1089088,
  bsc#1180314]
 -------------------------------------------------------------------
 Tue Apr  3 11:48:08 UTC 2018 - vcizek@suse.com
@ -206,6 +275,12 @@ Wed Mar 23 10:07:55 UTC 2016 - tchvatal@suse.com
 - Require shadow and do not output the error out of useradd
 -------------------------------------------------------------------
 Tue Mar 22 14:56:05 UTC 2016 - tchvatal@suse.com
 - Fix hang when using seccomp and syslog bnc#971784:
  * vsftpd-seccomp-syslog.patch
 -------------------------------------------------------------------
 Tue Mar 22 14:27:27 UTC 2016 - tchvatal@suse.com
--- a/vsftpd.spec
+++ b/vsftpd.spec
@ -1,7 +1,7 @@
 #
 # spec file for package vsftpd
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -88,6 +88,14 @@ Patch33:        vsftpd-avoid-bogus-ssl-write.patch
 Patch35:        0001-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch
 # PATCH-FIX-UPSTREAM https://bugzilla.suse.com/show_bug.cgi?id=1179553
 Patch36:        seccomp-fixes.patch
 Patch37:        vsftpd-openlog-force.patch
 Patch38:        vsftpd-seccomp-getrandom.patch
 Patch39:        vsftpd-seccomp-ssl.patch
 Patch40:        vsftpd-seccomp-wait4.patch
 Patch41:        revert-undocumented-config-file-format-changes.patch
 Patch42:        use-system-wide-tls-cipher-policy.patch
 Patch43:        vsftpd-allow-dev-log-socket.patch
 Patch44:        vsftpd-enable-sendto-for-prelogin-syslog.patch
 BuildRequires:  libcap-devel
 BuildRequires:  libopenssl-devel
 BuildRequires:  pam-devel
@ -121,40 +129,7 @@ vsftpd was always faster, supporting over twice as many users in some
 tests.
 %prep
-%setup -q
+%autosetup -p1
 %patch1 -p1
 %patch3 -p1
 %patch4
 %patch5
 %patch6
 %patch7
 %patch8
 %patch9
 %patch10 -p1
 %patch11 -p1
 %patch13 -p1
 %patch14 -p1
 %patch15 -p1
 %patch16 -p1
 %patch17 -p1
 %patch18 -p1
 %patch19 -p1
 %patch20 -p1
 %patch21 -p1
 %patch22 -p1
 %patch23 -p1
 %patch24 -p1
 %patch25 -p1
 %patch26 -p1
 %patch27 -p1
 %patch28 -p1
 %patch29 -p1
 %patch30 -p1
 %patch31 -p1
 %patch32 -p1
 %patch33 -p1
 %patch35 -p1
 %patch36 -p1
 %build
 %define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP