diff --git a/vsftpd-3.0.3-address_space_limit.patch b/vsftpd-3.0.3-address_space_limit.patch new file mode 100644 index 0000000..6eeaead --- /dev/null +++ b/vsftpd-3.0.3-address_space_limit.patch @@ -0,0 +1,57 @@ +Index: vsftpd-3.0.3/main.c +=================================================================== +--- vsftpd-3.0.3.orig/main.c ++++ vsftpd-3.0.3/main.c +@@ -317,7 +317,7 @@ env_init(void) + static void + limits_init(void) + { +- unsigned long limit = VSFTP_AS_LIMIT; ++ unsigned long limit = tunable_address_space_limit ?: VSFTP_AS_LIMIT; + if (tunable_text_userdb_names) + { + /* Turns out, LDAP lookups for lots of userid -> name mappings can really +Index: vsftpd-3.0.3/parseconf.c +=================================================================== +--- vsftpd-3.0.3.orig/parseconf.c ++++ vsftpd-3.0.3/parseconf.c +@@ -138,6 +138,7 @@ parseconf_uint_array[] = + { "delay_successful_login", &tunable_delay_successful_login }, + { "max_login_fails", &tunable_max_login_fails }, + { "chown_upload_mode", &tunable_chown_upload_mode }, ++ { "address_space_limit", &tunable_address_space_limit }, + { 0, 0 } + }; + +Index: vsftpd-3.0.3/tunables.c +=================================================================== +--- vsftpd-3.0.3.orig/tunables.c ++++ vsftpd-3.0.3/tunables.c +@@ -110,6 +110,7 @@ unsigned int tunable_delay_failed_login; + unsigned int tunable_delay_successful_login; + unsigned int tunable_max_login_fails; + unsigned int tunable_chown_upload_mode; ++unsigned int tunable_address_space_limit; + + const char* tunable_secure_chroot_dir; + const char* tunable_ftp_username; +@@ -255,6 +256,7 @@ tunables_load_defaults() + tunable_max_login_fails = 3; + /* -rw------- */ + tunable_chown_upload_mode = 0600; ++ tunable_address_space_limit = 0; /* See main.c:limits_init */ + + install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir); + install_str_setting("ftp", &tunable_ftp_username); +Index: vsftpd-3.0.3/tunables.h +=================================================================== +--- vsftpd-3.0.3.orig/tunables.h ++++ vsftpd-3.0.3/tunables.h +@@ -112,6 +112,7 @@ extern unsigned int tunable_delay_failed + extern unsigned int tunable_delay_successful_login; + extern unsigned int tunable_max_login_fails; + extern unsigned int tunable_chown_upload_mode; ++extern unsigned int tunable_address_space_limit; + + /* String defines */ + extern const char* tunable_secure_chroot_dir; diff --git a/vsftpd.changes b/vsftpd.changes index cbcb0ca..ceb1497 100644 --- a/vsftpd.changes +++ b/vsftpd.changes @@ -1,5 +1,5 @@ ------------------------------------------------------------------- -Thu Sep 7 12:24:26 UTC 2017 - tchvatal@suse.com +Thu Sep 7 12:24:26 UTC 2017 - psimons@suse.com - Add "vsftpd-die-with-session.patch" to fix a bug in vsftpd that would cause SSL protocol errors, aborting the connection, whenever @@ -16,6 +16,14 @@ Thu Sep 7 12:24:26 UTC 2017 - tchvatal@suse.com - Add "vsftpd-append-seek-pipe.patch" to allow the FTP server to append to a file system pipe. [bsc#1048427] +- Add "vsftpd-3.0.3-address_space_limit.patch" to create the new + configuration option "address_space_limit", which determines the + memory limit vsftpd configures for its own process (given in + bytes). The previously hard-coded limit (100 MB) may not be + sufficient for vsftpd servers running with certain PAM modules + enabled, and in such cases administrators may wish to raise the + limit to match their system's requirements. [bsc#1042137] + ------------------------------------------------------------------- Wed Jun 14 11:42:26 UTC 2017 - tchvatal@suse.com diff --git a/vsftpd.spec b/vsftpd.spec index 7f35c30..b0f2703 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -75,6 +75,7 @@ Patch26: vsftpd-3.0.3-build-with-openssl-1.1.patch Patch27: vsftpd-mdtm-in-utc.patch Patch28: vsftpd-die-with-session.patch Patch29: vsftpd-append-seek-pipe.patch +Patch30: vsftpd-3.0.3-address_space_limit.patch BuildRequires: libcap-devel BuildRequires: libopenssl-devel BuildRequires: pam-devel @@ -132,6 +133,7 @@ tests. %patch27 -p1 %patch28 -p1 %patch29 -p1 +%patch30 -p1 %build %define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP