Accepting request 950708 from network

Import patches from SLE-12-SP4, SLE-15-SP2, and revert undocumented config file format changes.

OBS-URL: https://build.opensuse.org/request/show/950708
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/vsftpd?expand=0&rev=78

revert-undocumented-config-file-format-changes.patch

@@ -0,0 +1,17 @@
+Index: vsftpd-3.0.5/parseconf.c
+===================================================================
+--- vsftpd-3.0.5.orig/parseconf.c	2022-02-01 20:35:02.703078850 +0100
++++ vsftpd-3.0.5/parseconf.c	2022-02-01 20:35:44.042486850 +0100
+@@ -85,9 +85,9 @@ parseconf_bool_array[] =
+   { "ssl_sslv2", &tunable_sslv2 },
+   { "ssl_sslv3", &tunable_sslv3 },
+   { "ssl_tlsv1", &tunable_tlsv1 },
+-  { "ssl_tlsv11", &tunable_tlsv1_1 },
+-  { "ssl_tlsv12", &tunable_tlsv1_2 },
+-  { "ssl_tlsv13", &tunable_tlsv1_3 },
++  { "ssl_tlsv1_1", &tunable_tlsv1_1 },
++  { "ssl_tlsv1_2", &tunable_tlsv1_2 },
++  { "ssl_tlsv1_3", &tunable_tlsv1_3 },
+   { "tilde_user_enable", &tunable_tilde_user_enable },
+   { "force_anon_logins_ssl", &tunable_force_anon_logins_ssl },
+   { "force_anon_data_ssl", &tunable_force_anon_data_ssl },

use-system-wide-tls-cipher-policy.patch

@@ -0,0 +1,26 @@
+Index: vsftpd-3.0.5/tunables.c
+===================================================================
+--- vsftpd-3.0.5.orig/tunables.c	2022-02-02 10:58:56.589962539 +0100
++++ vsftpd-3.0.5/tunables.c	2022-02-02 11:00:17.600782133 +0100
+@@ -295,7 +295,7 @@ tunables_load_defaults()
+   install_str_setting("/usr/share/ssl/certs/vsftpd.pem",
+                       &tunable_rsa_cert_file);
+   install_str_setting(0, &tunable_dsa_cert_file);
+-  install_str_setting("ECDHE-RSA-AES256-GCM-SHA384", &tunable_ssl_ciphers);
++  install_str_setting("DEFAULT_SUSE", &tunable_ssl_ciphers);
+   install_str_setting(0, &tunable_rsa_private_key_file);
+   install_str_setting(0, &tunable_dsa_private_key_file);
+   install_str_setting(0, &tunable_ca_certs_file);
+Index: vsftpd-3.0.5/vsftpd.conf.5
+===================================================================
+--- vsftpd-3.0.5.orig/vsftpd.conf.5	2022-02-02 10:58:56.589962539 +0100
++++ vsftpd-3.0.5/vsftpd.conf.5	2022-02-02 11:01:58.855306755 +0100
+@@ -1025,7 +1025,7 @@ man page for further details. Note that
+ security precaution as it prevents malicious remote parties forcing a cipher
+ which they have found problems with.
+ 
+-Default: DES-CBC3-SHA
++Default: DEFAULT_SUSE
+ .TP
+ .B ssl_sni_hostname
+ If set, SSL connections will be rejected unless the SNI hostname in the

vsftpd-2.0.4-dmapi.patch

@@ -1,8 +1,8 @@
-Index: postlogin.c
+Index: vsftpd-3.0.5/postlogin.c
 ===================================================================
---- postlogin.c.orig	2012-04-10 16:09:50.440384915 +0200
-+++ postlogin.c	2012-04-10 16:10:01.193753389 +0200
-@@ -1053,6 +1053,11 @@
+--- vsftpd-3.0.5.orig/postlogin.c	2015-07-22 21:03:22.000000000 +0200
++++ vsftpd-3.0.5/postlogin.c	2022-02-01 20:12:02.710908421 +0100
+@@ -1061,6 +1061,11 @@ handle_upload_common(struct vsf_session*
      {
        do_truncate = 1;
      }

vsftpd-2.0.4-enable-ssl.patch

@@ -1,5 +1,7 @@
---- builddefs.h.orig
-+++ builddefs.h
+Index: vsftpd-3.0.5/builddefs.h
+===================================================================
+--- vsftpd-3.0.5.orig/builddefs.h	2021-08-02 09:01:43.000000000 +0200
++++ vsftpd-3.0.5/builddefs.h	2022-02-01 20:12:01.538925293 +0100
 @@ -3,7 +3,7 @@
  
  #undef VSF_BUILD_TCPWRAPPERS

vsftpd-2.0.5-enable-debuginfo.patch

@@ -1,8 +1,8 @@
-Index: Makefile
+Index: vsftpd-3.0.5/Makefile
 ===================================================================
---- Makefile.orig	2012-04-03 09:21:18.000000000 +0200
-+++ Makefile	2012-04-10 16:10:53.545547162 +0200
-@@ -9,7 +9,6 @@
+--- vsftpd-3.0.5.orig/Makefile	2012-09-16 09:27:35.000000000 +0200
++++ vsftpd-3.0.5/Makefile	2022-02-01 20:12:04.538882105 +0100
+@@ -9,7 +9,6 @@ CFLAGS	=	-O2 -fPIE -fstack-protector --p
  	#-pedantic -Wconversion
  
  LIBS	=	`./vsf_findlibs.sh`
@@ -10,7 +10,7 @@ Index: Makefile
  LDFLAGS	=	-fPIE -pie -Wl,-z,relro -Wl,-z,now
  
  OBJS	=	main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o \
-@@ -26,7 +25,7 @@
+@@ -26,7 +25,7 @@ OBJS	=	main.o utility.o prelogin.o ftpcm
  	$(CC) -c $*.c $(CFLAGS) $(IFLAGS)
  
  vsftpd: $(OBJS) 

vsftpd-2.0.5-utf8-log-names.patch

@@ -1,8 +1,8 @@
-Index: str.c
+Index: vsftpd-3.0.5/str.c
 ===================================================================
---- str.c.orig	2012-03-28 17:25:40.000000000 +0200
-+++ str.c	2012-04-10 16:10:59.965767345 +0200
-@@ -27,6 +27,24 @@
+--- vsftpd-3.0.5.orig/str.c	2012-09-16 09:09:06.000000000 +0200
++++ vsftpd-3.0.5/str.c	2022-02-01 20:12:05.458868861 +0100
+@@ -27,6 +27,24 @@ static int str_equal_internal(const char
                                const char* p_buf2, unsigned int buf2_len);
  
  /* Private functions */
@@ -27,7 +27,7 @@ Index: str.c
  static void
  s_setbuf(struct mystr* p_str, char* p_newbuf)
  {
-@@ -181,6 +199,45 @@
+@@ -181,6 +199,45 @@ str_reserve(struct mystr* p_str, unsigne
    p_str->p_buf[res_len - 1] = '\0';
  }
  
@@ -73,29 +73,26 @@ Index: str.c
  int
  str_isempty(const struct mystr* p_str)
  {
-@@ -702,11 +759,13 @@
+@@ -702,6 +759,7 @@ void
  str_replace_unprintable(struct mystr* p_str, char new_char)
  {
    unsigned int i;
--  for (i=0; i < p_str->len; i++)
--  {
--    if (!vsf_sysutil_isprint(p_str->p_buf[i]))
 +  if( !str_is_utf8( p_str ) ) {
-+    for (i=0; i < p_str->len; i++)
-     {
--      p_str->p_buf[i] = new_char;
-+      if (!vsf_sysutil_isprint(p_str->p_buf[i]))
-+      {
-+        p_str->p_buf[i] = new_char;
-+      }
+   for (i=0; i < p_str->len; i++)
+   {
+     if (!vsf_sysutil_isprint(p_str->p_buf[i]))
+@@ -709,5 +767,6 @@ str_replace_unprintable(struct mystr* p_
+       p_str->p_buf[i] = new_char;
      }
    }
++  }
  }
-Index: str.h
+ 
+Index: vsftpd-3.0.5/str.h
 ===================================================================
---- str.h.orig	2008-12-17 06:53:23.000000000 +0100
-+++ str.h	2012-04-10 16:10:59.965767345 +0200
-@@ -36,6 +36,7 @@
+--- vsftpd-3.0.5.orig/str.h	2012-09-16 09:01:52.000000000 +0200
++++ vsftpd-3.0.5/str.h	2022-02-01 20:12:05.458868861 +0100
+@@ -36,6 +36,7 @@ void str_free(struct mystr* p_str);
  void str_trunc(struct mystr* p_str, unsigned int trunc_len);
  void str_reserve(struct mystr* p_str, unsigned int res_len);
  

vsftpd-2.0.5-vuser.patch

@@ -1,5 +1,7 @@
---- EXAMPLE/VIRTUAL_USERS/vsftpd.pam.orig
-+++ EXAMPLE/VIRTUAL_USERS/vsftpd.pam
+Index: vsftpd-3.0.5/EXAMPLE/VIRTUAL_USERS/vsftpd.pam
+===================================================================
+--- vsftpd-3.0.5.orig/EXAMPLE/VIRTUAL_USERS/vsftpd.pam	2008-02-02 02:30:40.000000000 +0100
++++ vsftpd-3.0.5/EXAMPLE/VIRTUAL_USERS/vsftpd.pam	2022-02-01 20:12:03.670894600 +0100
 @@ -1,2 +1,2 @@
 -auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login
 -account required /lib/security/pam_userdb.so db=/etc/vsftpd_login

vsftpd-2.3.5-conf.patch

@@ -1,7 +1,7 @@
-Index: vsftpd.conf
+Index: vsftpd-3.0.5/vsftpd.conf
 ===================================================================
---- vsftpd.conf.orig
-+++ vsftpd.conf
+--- vsftpd-3.0.5.orig/vsftpd.conf	2011-12-17 19:24:40.000000000 +0100
++++ vsftpd-3.0.5/vsftpd.conf	2022-02-01 20:12:06.546853199 +0100
 @@ -4,23 +4,89 @@
  # loosens things up a bit, to make the ftp daemon more usable.
  # Please see vsftpd.conf.5 for all compiled in defaults.

vsftpd-allow-dev-log-socket.patch

@@ -0,0 +1,30 @@
+From: mvyskocil@suse.com
+Subject: enable /dev/log related socket call
+
+Linux-PAM try to open /dev/log, but as socket is not enabled in seccomp
+sandbox, daemon is killed by SIGSYS. Because the attempt is made by process
+with RLIMIT_NOFILE, the correct fix would be to test if we can open a new fd in
+pam. Anyway I would say the risc is small, and other socket syscalls are disabled.
+
+Fixes: https://bugzilla.novell.com/show_bug.cgi?id=786024
+
+Index: vsftpd-3.0.5/seccompsandbox.c
+===================================================================
+--- vsftpd-3.0.5.orig/seccompsandbox.c	2022-02-02 11:03:38.133860169 +0100
++++ vsftpd-3.0.5/seccompsandbox.c	2022-02-02 11:03:38.177859528 +0100
+@@ -366,6 +366,15 @@ seccomp_sandbox_init()
+   {
+     bug("bad state in seccomp_sandbox_init");
+   }
++
++  //this is very probably an attempt to open /dev/log
++  //it fails because process cannot open any file, so it might be safe
++  //socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = -1 EMFILE (Too many open files)
++  allow_nr_3_arg_match(__NR_socket,
++                       1, PF_FILE,
++                       2, SOCK_DGRAM | SOCK_CLOEXEC,
++                       3, 0);
++
+ }
+ 
+ void

vsftpd-enable-sendto-for-prelogin-syslog.patch

@@ -0,0 +1,21 @@
+Enable sendto for syslog logging to /dev/log in prelogin
+
+We write to log from check_limits() and therefore we have to allow
+sendto() for syslog otherwise sandbox will kill the child.
+
+Index: vsftpd-3.0.2/seccompsandbox.c
+===================================================================
+--- vsftpd-3.0.2.orig/seccompsandbox.c
++++ vsftpd-3.0.2/seccompsandbox.c
+@@ -388,6 +388,11 @@ seccomp_sandbox_setup_prelogin(const str
+                        1, PF_FILE,
+                        2, SOCK_DGRAM | SOCK_CLOEXEC,
+                        3, 0);
++  // allow syslog logs from check_limits()
++  if (tunable_syslog_enable)
++  {
++    allow_nr_1_arg_match(__NR_sendto, 6, 0);
++  }
+ 
+ }
+ 

vsftpd-openlog-force.patch

@@ -0,0 +1,18 @@
+Force openlog() to open log immediately iff force!=0.
+Otherwise is log opened on first syslog() call which may be
+after the privileges are dropped and new file descriptors
+cannot be created.
+
+Index: vsftpd-3.0.5/sysutil.c
+===================================================================
+--- vsftpd-3.0.5.orig/sysutil.c	2022-02-01 19:38:36.487789134 +0100
++++ vsftpd-3.0.5/sysutil.c	2022-02-01 19:44:08.787005494 +0100
+@@ -2700,7 +2700,7 @@ vsf_sysutil_openlog(int force)
+ {
+   int facility = LOG_DAEMON;
+   int option = LOG_PID;
+-  if (!force)
++  if (force)
+   {
+     option |= LOG_NDELAY;
+   }

vsftpd-seccomp-getrandom.patch

@@ -0,0 +1,15 @@
+Index: vsftpd-3.0.5/seccompsandbox.c
+===================================================================
+--- vsftpd-3.0.5.orig/seccompsandbox.c	2022-02-01 19:47:13.916340458 +0100
++++ vsftpd-3.0.5/seccompsandbox.c	2022-02-01 19:51:24.196737535 +0100
+@@ -406,6 +406,10 @@ seccomp_sandbox_setup_prelogin(const str
+   {
+     allow_nr_1_arg_match(__NR_recvmsg, 3, 0);
+     allow_nr_2_arg_match(__NR_setsockopt, 2, IPPROTO_TCP, 3, TCP_NODELAY);
++    // called from openssl's RAND_poll which is invoked in FIPS mode when the DRBG is seeded
++    allow_nr(__NR_getrandom);
++    allow_nr_1_arg_mask(__NR_open, 2, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_CLOEXEC);
++    allow_nr(__NR_getuid);
+   }
+   if (tunable_syslog_enable)
+   {

vsftpd-seccomp-ssl.patch

@@ -0,0 +1,15 @@
+SSL initialization calls RAND_load_file() which needs stat() enabled.
+
+Index: vsftpd-3.0.3/seccompsandbox.c
+===================================================================
+--- vsftpd-3.0.3.orig/seccompsandbox.c	2021-12-21 15:33:01.491786690 +0100
++++ vsftpd-3.0.3/seccompsandbox.c	2021-12-21 15:33:01.499786535 +0100
+@@ -559,6 +559,8 @@ seccomp_sandbox_setup_postlogin_broker()
+     allow_nr(__NR_fstat);
+     allow_nr(__NR_fchown);
+     allow_nr_1_arg_match(__NR_recvmsg, 3, 0);
++    // called by RAND_load_file
++    allow_nr(__NR_stat);
+   }
+   if (tunable_syslog_enable)
+   {

vsftpd-seccomp-wait4.patch

@@ -0,0 +1,14 @@
+Broker has to wait for its child.
+
+Index: vsftpd-3.0.2/seccompsandbox.c
+===================================================================
+--- vsftpd-3.0.2.orig/seccompsandbox.c
++++ vsftpd-3.0.2/seccompsandbox.c
+@@ -540,6 +540,7 @@ seccomp_sandbox_setup_postlogin_broker()
+   seccomp_sandbox_setup_base();
+   seccomp_sandbox_setup_data_connections();
+   allow_nr_1_arg_match(__NR_sendmsg, 3, 0);
++  allow_nr(__NR_wait4);
+   if (tunable_chown_uploads)
+   {
+     allow_nr(__NR_fstat);

vsftpd.changes

@@ -1,3 +1,49 @@
+-------------------------------------------------------------------
+Tue Feb  1 18:42:41 UTC 2022 - Peter Simons <psimons@suse.com>
+
+- Add "seccomp-fixes.patch" to fix the syscall architecture offset
+  from 4 to 5, this change was documented in
+  <https://lore.kernel.org/patchwork/patch/554803/>.
+
+- Add "vsftpd-openlog-force.patch" to a logic error in the way the
+  force option for syslog's openlog() call was handled.
+
+- Add "vsftpd-seccomp-getrandom.patch" to fix a seccomp failure in
+  FIPS mode when SSL was enabled. [bsc#1052900]
+
+- Add "vsftpd-seccomp-ssl.patch" to allow stat() to be called,
+  which is required during SSL initialization by RAND_load_file().
+
+- Add "vsftpd-seccomp-wait4.patch" to allow wait4() to be called so
+  that the broker can wait for its child processes. [bsc#1021387]
+
+- Refresh patches to -p1 style so that we can use %autosetup:
+  * vsftpd-2.0.4-dmapi.patch
+  * vsftpd-2.0.4-enable-ssl.patch
+  * vsftpd-2.0.5-enable-debuginfo.patch
+  * vsftpd-2.0.5-utf8-log-names.patch
+  * vsftpd-2.0.5-vuser.patch
+  * vsftpd-2.3.5-conf.patch
+
+- Apply "revert-undocumented-config-file-format-changes.patch" to
+  revert the "ssl_tlsv1_X"-style config file options back to their
+  original spelling. The changes that dropped the underscore from
+  the version numbers in release 3.0.4 breaks existing
+  configurations and it was never documented anywhere -- not in the
+  package's changelog and not in the packages's own man page.
+
+- Apply "use-system-wide-tls-cipher-policy.patch" so that vsftpd
+  follows the system-wide TLS cipher policy "DEFAULT_SUSE" by
+  default. Run the command "openssl ciphers -v DEFAULT_SUSE" to see
+  which ciphers this includes.
+
+- Apply "add vsftpd-allow-dev-log-socket.patch" to allow sendto()
+  syscall when /dev/log support is enabled. [bnc#786024]
+
+- Apply "vsftpd-enable-sendto-for-prelogin-syslog.patch" to allow
+  sendto() to be called from check_limits(), which is necessary for
+  vsftpd to write to the system log.
+
 -------------------------------------------------------------------
 Wed Jan  5 10:21:02 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
 
@@ -22,11 +68,33 @@ Tue Jun 15 07:49:13 AM UTC 2021 - Peter Simons <psimons@suse.com>
   * Close the control connection after 10 unknown commands pre-login.
   * Reject any TLS ALPN advertisement that's not 'ftp'.
   * Add ssl_sni_hostname option to require a match on incoming SNI hostname.
+  * The options "ssl_tlsv1_1", "ssl_tlsv1_2", and "ssl_tlsv1_3"
+    have been renamed to "ssl_tlsv11", "ssl_tlsv12", and
+    "ssl_tlsv13" respectively. Note that the man page has not been
+    updated accordingly.
 
 - Upstream has a new GPG key (7B89011BCAE1CFEA).
 
 - "0001-Introduce-TLSv1.1-and-TLSv1.2-options.patch" is now obsolete.
 
+- "0001-Introduce-TLSv1.3-option.patch" is now obsolete.
+
+- "vsftpd-seccomp-syslog.patch" is now obsolete.
+
+-------------------------------------------------------------------
+Mon Jun 14 14:26:05 UTC 2021 - Peter Simons <psimons@suse.com>
+
+- OpenSSL was updated to version 1.1.1 in SLE-15-SP2, adding
+  support for the TLSv1.3 protocol. As a consequence, some SLE-15
+  applications that link OpenSSL for TLS support -- like vsftpd --,
+  gained the ability to use the newer TLS protocol, which created
+  interoperability problems with FTP clients in some cases. To
+  remedy the situation, "0001-Introduce-TLSv1.3-option.patch" was
+  applied in a forked SLE-15-SP2 version of vsftpd. The patch adds
+  the configuration option "ssl_tlsv1_3" that system administrators
+  can use to disable TLSv1.3 support on their servers.
+  [bsc#1187188]
+
 -------------------------------------------------------------------
 Thu Dec  3 11:20:20 UTC 2020 - Ismail Dönmez <idonmez@suse.com>
 
@@ -105,7 +173,8 @@ Wed Apr 25 06:32:25 UTC 2018 - psimons@suse.com
 
 - vsftpd-enable-syscalls-needed-by-sle15.patch: Enable wait4(),
   sysinfo(), and shutdown() syscalls in seccomp sandbox. These are
-  required for the daemon to work properly on SLE-15. [bsc#1089088]
+  required for the daemon to work properly on SLE-15. [bsc#1089088,
+  bsc#1180314]
 
 -------------------------------------------------------------------
 Tue Apr  3 11:48:08 UTC 2018 - vcizek@suse.com
@@ -206,6 +275,12 @@ Wed Mar 23 10:07:55 UTC 2016 - tchvatal@suse.com
 
 - Require shadow and do not output the error out of useradd
 
+-------------------------------------------------------------------
+Tue Mar 22 14:56:05 UTC 2016 - tchvatal@suse.com
+
+- Fix hang when using seccomp and syslog bnc#971784:
+  * vsftpd-seccomp-syslog.patch
+
 -------------------------------------------------------------------
 Tue Mar 22 14:27:27 UTC 2016 - tchvatal@suse.com
 

vsftpd.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package vsftpd
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -88,6 +88,14 @@ Patch33:        vsftpd-avoid-bogus-ssl-write.patch
 Patch35:        0001-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch
 # PATCH-FIX-UPSTREAM https://bugzilla.suse.com/show_bug.cgi?id=1179553
 Patch36:        seccomp-fixes.patch
+Patch37:        vsftpd-openlog-force.patch
+Patch38:        vsftpd-seccomp-getrandom.patch
+Patch39:        vsftpd-seccomp-ssl.patch
+Patch40:        vsftpd-seccomp-wait4.patch
+Patch41:        revert-undocumented-config-file-format-changes.patch
+Patch42:        use-system-wide-tls-cipher-policy.patch
+Patch43:        vsftpd-allow-dev-log-socket.patch
+Patch44:        vsftpd-enable-sendto-for-prelogin-syslog.patch
 BuildRequires:  libcap-devel
 BuildRequires:  libopenssl-devel
 BuildRequires:  pam-devel
@@ -121,40 +129,7 @@ vsftpd was always faster, supporting over twice as many users in some
 tests.
 
 %prep
-%setup -q
-%patch1 -p1
-%patch3 -p1
-%patch4
-%patch5
-%patch6
-%patch7
-%patch8
-%patch9
-%patch10 -p1
-%patch11 -p1
-%patch13 -p1
-%patch14 -p1
-%patch15 -p1
-%patch16 -p1
-%patch17 -p1
-%patch18 -p1
-%patch19 -p1
-%patch20 -p1
-%patch21 -p1
-%patch22 -p1
-%patch23 -p1
-%patch24 -p1
-%patch25 -p1
-%patch26 -p1
-%patch27 -p1
-%patch28 -p1
-%patch29 -p1
-%patch30 -p1
-%patch31 -p1
-%patch32 -p1
-%patch33 -p1
-%patch35 -p1
-%patch36 -p1
+%autosetup -p1
 
 %build
 %define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP