rpm/vsftpd
SHA256
1
0
Fork 0
forked from pool/vsftpd
Code Pull Requests Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/vsftpd?expand=0&rev=1

Browse Source
This commit is contained in:
OBS User unknown 2007-01-15 23:40:43 +00:00 committed by Git OBS Bridge
commit 6c32c8f621
20 changed files with 1533 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

10
README.SUSE Normal file
View File

@ -0,0 +1,10 @@
Starting with 10.1 vsftpd can be configured standalone
or over the xinetd superdeamon. Default is standalone.
If you want to run it over xinetd make sure the you enable
the service in the xinetd configuration (/etc/xinetd.d/vsftp)
and set the following line in /etc/vsftpd.conf
listen=NO
This is needed for vsftpd to over xinetd.

0
ready Normal file
View File

259
vsftpd-2.0.4-conf.diff Normal file
View File

@ -0,0 +1,259 @@
--- vsftpd.conf
+++ vsftpd.conf
@@ -4,100 +4,214 @@
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
+# If you do not change anything here you will have a minimum setup for an
+# anonymus FTP server.
+#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
+
+# General Settings
#
-# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
-anonymous_enable=YES
+# Uncomment this to enable any form of FTP write command.
+#
+#write_enable=YES
+#
+# Activate directory messages - messages given to remote users when they
+# go into a certain directory.
+#
+dirmessage_enable=YES
+#
+# It is recommended that you define on your system a unique user which the
+# ftp server can use as a totally isolated and unprivileged user.
+#
+#nopriv_user=ftpsecure
+#
+# You may fully customise the login banner string:
+#
+#ftpd_banner="Welcome to FOOBAR FTP service."
+#
+# You may activate the "-R" option to the builtin ls. This is disabled by
+# default to avoid remote users being able to cause excessive I/O on large
+# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
+# the presence of the "-R" option, so there is a strong case for enabling it.
+#
+#ls_recurse_enable=YES
+#
+# You may specify a file of disallowed anonymous e-mail addresses. Apparently
+# useful for combatting certain DoS attacks.
+#
+#deny_email_enable=YES
+#
+# (default follows)
+#
+#banned_email_file=/etc/vsftpd.banned_emails
+#
+# If enabled, all user and group information in
+# directory listings will be displayed as "ftp".
#
+#hide_ids=YES
+
+# Local FTP user Settings
+#
# Uncomment this to allow local users to log in.
-#local_enable=YES
#
-# Uncomment this to enable any form of FTP write command.
-#write_enable=YES
+#local_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
+#
#local_umask=022
#
+# Uncomment to put local users in a chroot() jail in their home directory
+# after login.
+#
+#chroot_local_user=YES
+#
+# You may specify an explicit list of local users to chroot() to their home
+# directory. If chroot_local_user is YES, then this list becomes a list of
+# users to NOT chroot().
+#
+#chroot_list_enable=YES
+#
+# (default follows)
+#
+#chroot_list_file=/etc/vsftpd.chroot_list
+#
+# The maximum data transfer rate permitted, in bytes per second, for
+# local authenticated users. The default is 0 (unlimited).
+#
+#local_max_rate=7200
+
+
+# Anonymus FTP user Settings
+#
+# Allow anonymous FTP?
+#
+anonymous_enable=YES
+#
+# Anonymous users will only be allowed to download files which are
+# world readable.
+#
+anon_world_readable_only=YES
+#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
+#
#anon_upload_enable=YES
#
+# Default umask for anonymus users is 077. You may wish to change this to 022,
+# if your users expect that (022 is used by most other ftpd's)
+#
+#anon_umask=022
+#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
-#anon_mkdir_write_enable=YES
#
-# Activate directory messages - messages given to remote users when they
-# go into a certain directory.
-dirmessage_enable=YES
+#anon_mkdir_write_enable=YES
#
-# Activate logging of uploads/downloads.
-xferlog_enable=YES
+# Uncomment this to enable anonymus FTP users to perform other write operations
+# like deletion and renaming.
#
-# Make sure PORT transfer connections originate from port 20 (ftp-data).
-connect_from_port_20=YES
+#anon_other_write_enable=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
+#
#chown_uploads=YES
#chown_username=whoever
#
+# The maximum data transfer rate permitted, in bytes per second, for anonymous
+# authenticated users. The default is 0 (unlimited).
+#
+#anon_max_rate=7200
+
+
+# Log Settings
+#
+# Log to the syslog daemon instead of using an logfile.
+#
+syslog_enable=YES
+#
+# Uncomment this to log all FTP requests and responses.
+#
+#log_ftp_protocol=YES
+#
+# Activate logging of uploads/downloads.
+#
+#xferlog_enable=YES
+#
# You may override where the log file goes if you like. The default is shown
# below.
-#xferlog_file=/var/log/vsftpd.log
#
-# If you want, you can have your log file in standard ftpd xferlog format
+#vsftpd_log_file=/var/log/vsftpd.log
+#
+# If you want, you can have your log file in standard ftpd xferlog format.
+# Note: This disables the normal logging unless you enable dual_log_enable below.
+#
#xferlog_std_format=YES
#
+# You may override where the log file goes if you like. The default is shown
+# below.
+#
+#xferlog_file=/var/log/xferlog
+#
+# Enable this to have booth logfiles. Standard xferlog and vsftpd's own style log.
+#
+#dual_log_enable=YES
+#
+# Uncomment this to enable session status information in the system process listing.
+#
+#setproctitle_enable=YES
+
+# Transfer Settings
+#
+# Make sure PORT transfer connections originate from port 20 (ftp-data).
+#
+connect_from_port_20=YES
+#
# You may change the default value for timing out an idle session.
+#
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
-#data_connection_timeout=120
#
-# It is recommended that you define on your system a unique user which the
-# ftp server can use as a totally isolated and unprivileged user.
-#nopriv_user=ftpsecure
+#data_connection_timeout=120
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
+#
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
-# Beware that on some FTP servers, ASCII support allows a denial of service
-# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
-# predicted this attack and has always been safe, reporting the size of the
-# raw file.
-# ASCII mangling is a horrible feature of the protocol.
+# Beware that turning on ascii_download_enable enables malicious remote parties
+# to consume your I/O resources, by issuing the command "SIZE /big/file" in
+# ASCII mode.
+# These ASCII options are split into upload and download because you may wish
+# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
+# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
+# on the client anyway..
+#
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
-# You may fully customise the login banner string:
-#ftpd_banner=Welcome to blah FTP service.
+# Set to NO if you want to disallow the PASV method of obtaining a data
+# connection.
#
-# You may specify a file of disallowed anonymous e-mail addresses. Apparently
-# useful for combatting certain DoS attacks.
-#deny_email_enable=YES
-# (default follows)
-#banned_email_file=/etc/vsftpd.banned_emails
+#pasv_enable=NO
+
+# PAM setting. Do NOT change this unless you know what you do!
#
-# You may specify an explicit list of local users to chroot() to their home
-# directory. If chroot_local_user is YES, then this list becomes a list of
-# users to NOT chroot().
-#chroot_list_enable=YES
-# (default follows)
-#chroot_list_file=/etc/vsftpd.chroot_list
+pam_service_name=vsftpd
+
+# Set listen=YES if you want vsftpd to run standalone
#
-# You may activate the "-R" option to the builtin ls. This is disabled by
-# default to avoid remote users being able to cause excessive I/O on large
-# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
-# the presence of the "-R" option, so there is a strong case for enabling it.
-#ls_recurse_enable=YES
+listen=YES
+# Set to ssl_enable=YES if you want to enable SSL
+ssl_enable=NO

14
vsftpd-2.0.4-dmapi.patch Normal file
View File

@ -0,0 +1,14 @@
--- postlogin.c
+++ postlogin.c
@@ -992,6 +992,11 @@
{
new_file_fd = str_create_append(p_filename);
}
+ if (new_file_fd >= 0) {
+ vsf_sysutil_fstat(new_file_fd, &s_p_statbuf);
+ if (vsf_sysutil_statbuf_is_regfile(s_p_statbuf))
+ vsf_sysutil_deactivate_noblock(new_file_fd);
+ }
}
if (vsf_sysutil_retval_is_error(new_file_fd))
{

11
vsftpd-2.0.4-enable-ssl.patch Normal file
View File

@ -0,0 +1,11 @@
--- builddefs.h
+++ builddefs.h
@@ -3,7 +3,7 @@
#undef VSF_BUILD_TCPWRAPPERS
#define VSF_BUILD_PAM
-#undef VSF_BUILD_SSL
+#define VSF_BUILD_SSL
#endif /* VSF_BUILDDEFS_H */

26
vsftpd-2.0.4-lib64.diff Normal file
View File

@ -0,0 +1,26 @@
--- vsftpd-2.0.4/vsf_findlibs.sh
+++ vsftpd-2.0.4/vsf_findlibs.sh
@@ -13,6 +13,7 @@
# crypt library.
if find_func pam_start sysdeputil.o; then
locate_library /lib/libpam.so.0 && echo "/lib/libpam.so.0";
+ locate_library /lib64/libpam.so.0 && echo "/lib64/libpam.so.0";
locate_library /usr/lib/libpam.so && echo "-lpam";
# HP-UX ends shared libraries with .sl
locate_library /usr/lib/libpam.sl && echo "-lpam";
@@ -20,6 +21,7 @@
locate_library /usr/lib/libpam.a && echo "-lpam";
else
locate_library /lib/libcrypt.so && echo "-lcrypt";
+ locate_library /lib64/libcrypt.so && echo "-lcrypt";
locate_library /usr/lib/libcrypt.so && echo "-lcrypt";
fi
@@ -44,6 +46,7 @@
# Look for libcap (capabilities)
locate_library /lib/libcap.so.1 && echo "/lib/libcap.so.1";
+locate_library /lib64/libcap.so.1 && echo "/lib64/libcap.so.1";
locate_library /usr/lib/libcap.so && echo "-lcap";
# Solaris needs this for nanosleep()..

10
vsftpd-2.0.4-nowarn.patch Normal file
View File

@ -0,0 +1,10 @@
--- vsftpd-2.0.4/sysdeputil.c
+++ vsftpd-2.0.4/sysdeputil.c
@@ -34,6 +34,7 @@
/* For FreeBSD */
#include <sys/param.h>
#include <sys/uio.h>
+#include <crypt.h>
/* Configuration.. here are the possibilities */
#undef VSF_SYSDEP_HAVE_CAPABILITIES

33
vsftpd-2.0.4-xinetd.diff Normal file
View File

@ -0,0 +1,33 @@
--- vsftpd-2.0.4/xinetd.d/vsftpd
+++ vsftpd-2.0.4/xinetd.d/vsftpd
@@ -1,18 +1,23 @@
-# default: on
+# default: off
# description:
# The vsftpd FTP server serves FTP connections. It uses
# normal, unencrypted usernames and passwords for authentication.
# vsftpd is designed to be secure.
+#
+# NOTE: This file contains the configuration for xinetd to start vsftpd.
+# the configuration file for vsftp itself is in /etc/vsftpd.conf
+#
service ftp
{
socket_type = stream
+ protocol = tcp
wait = no
user = root
- server = /usr/local/sbin/vsftpd
-# server_args =
-# log_on_success += DURATION USERID
-# log_on_failure += USERID
- nice = 10
- disable = no
+ server = /usr/sbin/vsftpd
+# server_args =
+# log_on_success += DURATION USERID
+# log_on_failure += USERID
+# nice = 10
+ disable = yes
}

11
vsftpd-2.0.5-enable-debuginfo.patch Normal file
View File

@ -0,0 +1,11 @@
--- Makefile
+++ Makefile
@@ -6,7 +6,7 @@
CFLAGS = -O2 -Wall -W -Wshadow #-pedantic -Werror -Wconversion
LIBS = `./vsf_findlibs.sh`
-LINK = -Wl,-s
+#LINK = -Wl,-s
OBJS = main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o \
tunables.o ftpdataio.o secbuf.o ls.o \

106
vsftpd-2.0.5-utf8-log-names.patch Normal file
View File

@ -0,0 +1,106 @@
Index: vsftpd-1.2.1/str.c
===================================================================
--- vsftpd-1.2.1.orig/str.c
+++ vsftpd-1.2.1/str.c
@@ -27,6 +27,24 @@ static int str_equal_internal(const char
const char* p_buf2, unsigned int buf2_len);
/* Private functions */
+static int
+continuation_char(unsigned char str, int* val)
+{
+ if ((str & 0xc0) != 0x80) /* 10xxxxxx */
+ return 0;
+ (*val) <<= 6;
+ (*val) |= str & 0x3f;
+ return 1;
+}
+
+static int
+unicode_valid(int b)
+{
+ return (b < 0x110000 && ((b & 0xFFFFF800) != 0xD800)
+ && (b < 0xFDD0 || b > 0xFDEF)
+ && (b & 0xFFFE) != 0xFFFE);
+}
+
static void
s_setbuf(struct mystr* p_str, char* p_newbuf)
{
@@ -153,6 +171,45 @@ str_reserve(struct mystr* p_str, unsigne
}
}
+int str_is_utf8( const struct mystr* p_str )
+{
+ unsigned int i;
+ int min = 0, val = 0;
+
+ for(i = 0; i < p_str->len; i++)
+ {
+ if( (unsigned char)p_str->p_buf[i] < 128) continue;
+
+ if((p_str->p_buf[i] & 0xe0) == 0xc0) { /* 110xxxxx */
+ if((p_str->p_buf[i] & 0x1e) == 0) return 0;
+ i++;
+ if((p_str->p_buf[i] & 0xc0) != 0x80) /* 10xxxxxx */
+ return 0;
+ } else {
+ if((p_str->p_buf[i] & 0xf0) == 0xe0) { /* 1110xxxx */
+ min = (1 << 11);
+ val = p_str->p_buf[i] & 0x0f;
+ goto TWO_REMAINING;
+ } else if((p_str->p_buf[i] & 0xf8) == 0xf0) { /* 11110xxx */
+ min = (1 << 16);
+ val = p_str->p_buf[i] & 0x07;
+ } else {
+ return 0;
+ }
+ i++;
+ if(!continuation_char(p_str->p_buf[i], &val)) return 0;
+TWO_REMAINING:
+ i++;
+ if(!continuation_char(p_str->p_buf[i], &val)) return 0;
+ i++;
+ if(!continuation_char(p_str->p_buf[i], &val)) return 0;
+ if(val < min || !unicode_valid(val)) return 0;
+ }
+ }
+ return 1;
+}
+
+
int
str_isempty(const struct mystr* p_str)
{
@@ -648,11 +705,13 @@ void
str_replace_unprintable(struct mystr* p_str, char new_char)
{
unsigned int i;
- for (i=0; i < p_str->len; i++)
- {
- if (!vsf_sysutil_isprint(p_str->p_buf[i]))
+ if( !str_is_utf8( p_str ) ) {
+ for (i=0; i < p_str->len; i++)
{
- p_str->p_buf[i] = new_char;
+ if (!vsf_sysutil_isprint(p_str->p_buf[i]))
+ {
+ p_str->p_buf[i] = new_char;
+ }
}
}
}
Index: vsftpd-1.2.1/str.h
===================================================================
--- vsftpd-1.2.1.orig/str.h
+++ vsftpd-1.2.1/str.h
@@ -36,6 +36,7 @@ void str_free(struct mystr* p_str);
void str_trunc(struct mystr* p_str, unsigned int trunc_len);
void str_reserve(struct mystr* p_str, unsigned int res_len);
+int str_is_utf8(const struct mystr* p_str);
int str_isempty(const struct mystr* p_str);
unsigned int str_getlen(const struct mystr* p_str);
const char* str_getbuf(const struct mystr* p_str);

7
vsftpd-2.0.5-vuser.patch Normal file
View File

@ -0,0 +1,7 @@
--- EXAMPLE/VIRTUAL_USERS/vsftpd.pam
+++ EXAMPLE/VIRTUAL_USERS/vsftpd.pam
@@ -1,2 +1,2 @@
-auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login
-account required /lib/security/pam_userdb.so db=/etc/vsftpd_login
+auth required pam_userdb.so db=/etc/vsftpd_login
+account required pam_userdb.so db=/etc/vsftpd_login

3
vsftpd-2.0.5.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4b2bc1126b4aa71fb00322646e88228b095e1ce57340c6a34d80fff4d1afb76e
size 116330

423
vsftpd.changes Normal file
View File

@ -0,0 +1,423 @@
-------------------------------------------------------------------
Mon Jan 15 09:21:58 CET 2007 - mskibbe@suse.de
- fix cryptic symbol in package - description
- build against libcap on suse < 10.1
-------------------------------------------------------------------
Fri Jan 12 09:39:24 CET 2007 - mskibbe@suse.de
- vsftp could not log any file name other then ascii (#229320)
-------------------------------------------------------------------
Thu Jan 11 09:54:07 CET 2007 - mskibbe@suse.de
- change path to xml service document (fate #301713)
-------------------------------------------------------------------
Mon Jan 8 10:31:52 CET 2007 - mskibbe@suse.de
- fix Bug #230220 - vsftp no debuginfo
-------------------------------------------------------------------
Mon Jan 8 09:27:36 CET 2007 - mskibbe@suse.de
- xml document should readable to all (fate #301713)
-------------------------------------------------------------------
Wed Dec 6 12:03:32 CET 2006 - mskibbe@suse.de
- add service xml document (fate #301713 )
-------------------------------------------------------------------
Mon Oct 23 09:42:05 CEST 2006 - mskibbe@suse.de
- fix Bug 213894 - vsftpd and pam
-------------------------------------------------------------------
Mon Sep 4 11:58:26 CEST 2006 - kukuk@suse.de
- Include common PAM config files, add pam_loginuid.so
-------------------------------------------------------------------
Fri Jul 14 10:57:58 CEST 2006 - mskibbe@suse.de
- udpate to version 2.0.5 which
o IE should now show the login dialog again
o configurable login attempt limits and delays were added
o a bad intereaction with DMAPI filesystems was fixed and chained
certs should now work.
-------------------------------------------------------------------
Fri May 26 11:50:07 CEST 2006 - schwab@suse.de
- Don't strip binaries.
-------------------------------------------------------------------
Thu Apr 20 18:03:29 CEST 2006 - hvogel@suse.de
- revert the rename to vsftp for the xinetd config file. chkconfig
knows on for init and xinetd. So this wasnt a bug but a misusage
of chkconfig
-------------------------------------------------------------------
Thu Apr 20 16:21:14 CEST 2006 - hvogel@suse.de
- add support for DMAPI filesystems [#167632]
-------------------------------------------------------------------
Wed Apr 19 11:13:47 CEST 2006 - hvogel@suse.de
- rename xinetd config from vsftpd to vsftp to avoid name clashes
in chkconfig [#165745]
-------------------------------------------------------------------
Thu Feb 16 12:27:53 CET 2006 - hvogel@suse.de
- enable ssl for real [#151453]
-------------------------------------------------------------------
Mon Feb 6 14:31:27 CET 2006 - hvogel@suse.de
- The switch to standalone should not happen in update.
Installed xinetd config file again. The configuration file is
marked as noreplace anyway so if you are updating you will
get a xinetd.d/vsftpd.rpmnew and a vsftpd.conf.rpmnew
and everything is working as before and standalone is only used
for new installations. [#148201]
- redirect standalone parent output to /var/log/rcvsftp.log
so the init script can return properly.
-------------------------------------------------------------------
Wed Jan 25 21:42:43 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Fri Jan 13 15:08:31 CET 2006 - hvogel@suse.de
- Make use of Stack Protector
- fix some uninitialized variables
-------------------------------------------------------------------
Wed Jan 11 12:11:52 CET 2006 - hvogel@suse.de
- Update to version 2.0.4 including:
o Add explicit "This FTP server does not allow anonymous logins"
message.
o Add paranoid checks to sysutil.c for large values / lengths.
o Load per-IP config files earlier; allows more settings to be
tuned on a per-IP level.
o regex fix so that {*} correctly matches everything.
o Add optional file locking support via lock_upload_files.
o Apply LDFLAGS patch from Mads Martin Joergensen <mmj@suse.de>.
o Add pasv_addr_resolve option to allow pasv_address to get
DNS resolved once at startup.
o Apply patch to fix timezone issues (caused by chroot()
interacting badly with newer glibc versions).
-------------------------------------------------------------------
Wed Sep 28 18:47:15 CEST 2005 - mmj@suse.de
- Add init script, and make it standalone
-------------------------------------------------------------------
Sun Sep 18 12:00:08 CEST 2005 - kukuk@suse.de
- Add libcap-devel to nfb
-------------------------------------------------------------------
Tue Aug 9 14:11:06 CEST 2005 - mmj@suse.de
- Document that /etc/xinet.d/vsftpd is for xinetd conf [#102953]
-------------------------------------------------------------------
Mon Aug 8 14:39:16 CEST 2005 - uli@suse.de
- build with -fPIE, not -fpie (fixes s390x)
-------------------------------------------------------------------
Mon Jun 27 14:09:14 CEST 2005 - ro@suse.de
- use libcap
-------------------------------------------------------------------
Fri Jun 17 10:16:13 CEST 2005 - mmj@suse.de
- Compile with -fpie, link with -pie
-------------------------------------------------------------------
Tue Apr 19 16:39:52 CEST 2005 - mmj@suse.de
- Update to 2.0.3 including:
o Document what regex expressions are supported in the man page.
o New settings rsa_private_key_file and dsa_private_key_file to
allow separate files for the certificates and private keys.
o Initial, simple fix for timed out processes not exiting when
SSL is in use. Better fix (which reports timeout to client
properly) to follow.
o Add which setsockopt option failed to die("setsockopt") calls.
o Fix error with IPv4 connections to IPv6 listeners and PORT
type data connections when connect_from_port_20 is set.
o Remove vsf_sysutil_sockaddr_same_family (unused).
o Support protocol 1 (IPv4) in EPRT.
o Add ssl.c to AUDIT.
o Allow config file to use "ssl_ciphers=" to use default
OpenSSL cipher list.
o Allow "EPSV 1" to mean IPv4 EPSV.
o Report dummy IP but correct port with IPv6 / PASV.
o Handle SSL_WANT_READ and SSL_WANT_WRITE retries in SSL_read
and SSL_write; fixes SSL upload failures when data timeouts are
in use with some clients.
o Implicitly disable connect_from_port_20 and chown_uploads
when a non-root user is using run_as_launching_user.
o Add force_anon_logins_ssl and force_anon_data_ssl for a fully
SSL secure anonymous oonly solution (useful when you don't
have root access and a range of acceptable anonymous
passwords as credentials).
o Use SSL BIO callbacks to fix data connection timeout checks;
the checks weren't all occurring promply.
-------------------------------------------------------------------
Thu Mar 3 09:35:27 CET 2005 - mmj@suse.de
- Update to 2.0.2 including:
o Emit data transfer status messages (success / failure)
after flushing and waiting for the full data transfer to
reach the client. This should help work around buggy FTP
clients such as FlashFXP, which is known to truncate files
incorrectly.
o Make str_empty actually allocate an empty string.
o Change the ASCII receive code to ONLY rip out \r if it is
just before a \n; someone finally complained about this.
o Enable AIX Large File Support
o Add a couple of FAQ entries.
o Fix time delta code areas to cope with negative deltas,
which will occur if the clock is adjusted backwards.
o Fix "errno" checks to be robust in multiple places;
previously, calls to failing library calls could be made
inbetween the original library call and the "errno" reads.
o Make bandwidth limiter work with SSL data connections.
o Note that the SSL / bandwidth limiter bug fixed a much more
serious bug: SSL data connection dropouts after
data_connection_timeout seconds.
-------------------------------------------------------------------
Fri Feb 18 10:48:48 CET 2005 - mmj@suse.de
- Glibc doesn't cache the timezone as much as it used to, so export
the TZ variable after doing chroot. [#49878]
-------------------------------------------------------------------
Thu Aug 12 11:26:26 CEST 2004 - mmj@suse.de
- Update to 2.0.1 including:
o Add -lcrypto for the SSL build; needed for some systems
o Oops; fix session bale out if an empty length password is given.
o Fix build on Fedora Core 2 (-lcap cannot seem to find /lib/libcap.so).
o Fix vsftpd.conf.5 man page error in "ssl_sslv3"
o Clarify licensing: I allow linking of my GPL software with the OpenSSL
libraries.
o Fix build where PAM build is enabled but PAM headers are missing.
-------------------------------------------------------------------
Fri Jul 2 12:35:51 CEST 2004 - mmj@suse.de
- Update to 2.0.0 including:
o Improve logging (log deletes, renames, chmods, etc. as
requested by users).
o Add no_log_lock to work around Solaris / Veritas locking
hangs.
o Add EPRT, EPSV, PASV and TVFS to FEAT response.
o Implement use of MDTM to set timestamps.
o Recognize FEAT prior to login.
o Add OpenSSL (AUTH TLS / SSL) support for encrypted control
and data connections.
o Increase max size of .message files to 4000 characters
o Add easy builddefs.h ability to disable PAM builds even when
PAM is installed.
o Report vsftpd version in STAT output.
o Add REFS file.
o Change parent<->child socket comms from DGRAM to STREAM for
increased reliability. The main benefit is should the parent
be killed (or crash out) then the child won't block on a
read() that will never return.
o Make str_reserve reserve space for the trailing zero as well,
so we don't cause a reallocation if we exactly fill the buffer.
o Optimize the sending of strings over the parent<->child comms links.
o Improve the build system so tcp_wrappers, PAM and OpenSSL can
be forcibly compiled out.
o Fix vsftpd.conf.5 typos
o If trans_chunk_size is between 1 and 4096, use 4096 rather
than ignoring totally.
o Add SSL / TLS info to SECURITY texts.
o Add README.ssl
o Add documentation for new SSL options to vsftpd.conf.5.
o Add support for CWD ~
o Fix compile warnings.
-------------------------------------------------------------------
Sun May 30 01:35:55 CEST 2004 - mmj@suse.de
- Add logrotate file [#41432]
-------------------------------------------------------------------
Tue Apr 27 10:15:24 CEST 2004 - mmj@suse.de
- Update to 1.2.2 including:
o Fix nasty issue resulting in listener instability under
extreme load (root cause was re-entering malloc/free).
o Fix build with modern glibc-2.3 and no libcap on Linux.
o Add initial support for running as the user which launched
vsftpd, i.e. no root needed. Warning - easy to create
insecurity if you use this without knowing what you are
doing.
o For above run-as-launching-user support: make CDUP re-use CWD
code so that deny_file of *..* is useful.
-------------------------------------------------------------------
Mon Jan 26 14:08:28 CET 2004 - hvogel@suse.de
- reworked the log part of the conf file patch.
Enabled syslog as default log destination, clarify xferlog
settings.
-------------------------------------------------------------------
Mon Jan 19 17:53:28 CET 2004 - mmj@suse.de
- -D_LARGEFILE_SOURCE to get LFS support. Also make sure the
offset bits are set correct.
-------------------------------------------------------------------
Fri Jan 16 13:31:12 CET 2004 - kukuk@suse.de
- Add pam-devel to neededforbuild
-------------------------------------------------------------------
Thu Nov 13 12:55:27 CET 2003 - mmj@suse.de
- Update to 1.2.1
-------------------------------------------------------------------
Wed Oct 15 12:56:23 CEST 2003 - mmj@suse.de
- Don't build as root
-------------------------------------------------------------------
Mon Jul 28 15:55:40 CEST 2003 - mmj@suse.de
- Add EXAMPLE/ and FAQ
- Don't strip explicitly
-------------------------------------------------------------------
Fri May 30 12:48:45 CEST 2003 - mmj@suse.de
- Update to vsftpd-1.2.0 including:
· IPv6 support, so drop our patch
· Many bugfixes and tunings
· Build fixes
-------------------------------------------------------------------
Thu Mar 6 16:34:30 CET 2003 - mmj@suse.de
- Fix the xinetd conf file [#24774]
-------------------------------------------------------------------
Fri Feb 7 13:58:51 CET 2003 - kukuk@suse.de
- Use pam_unix2.so instead of pam_unix.so
-------------------------------------------------------------------
Fri Jan 24 12:12:52 CET 2003 - mmj@suse.de
- Correct xinetd conffile
-------------------------------------------------------------------
Tue Jan 14 13:54:58 CET 2003 - mmj@suse.de
- Install xinetd.d/vsftpd
-------------------------------------------------------------------
Sat Oct 26 10:51:03 CEST 2002 - mmj@suse.de
- Use better configuration defaults, thanks henne.
-------------------------------------------------------------------
Fri Oct 25 10:17:07 CEST 2002 - mmj@suse.de
- Add $RPM_OPT_FLAGS to CFLAGS when building
-------------------------------------------------------------------
Thu Oct 24 14:05:23 CEST 2002 - mmj@suse.de
- Update to 1.1.2 including:
o Addition of per-IP connection limits in standalone mode.
o Add logging of refused connect due to global or IP connection limits.
o Make connection limit exceeded messages nonblocking.
o Don't exit the listener if fork fails.
-------------------------------------------------------------------
Tue Oct 8 09:47:55 CEST 2002 - mmj@suse.de
- Update to 1.1.1
-------------------------------------------------------------------
Fri Aug 2 12:32:43 CEST 2002 - mmj@suse.de
- Update to 1.1.0
-------------------------------------------------------------------
Tue Jul 9 12:48:03 CEST 2002 - okir@suse.de
- Added a patch to get rid of lots of warnings caused by -Wshadow
- Added a patch to implement IPv6 support
-------------------------------------------------------------------
Tue Apr 30 14:27:53 CEST 2002 - mmj@suse.de
- And now without detection of pam in /lib/libpam.so.0, which is
bogus.
-------------------------------------------------------------------
Sun Feb 17 18:14:13 CET 2002 - mmj@suse.de
- Added a patch to the vsftpd library detection function to make
it build with /usr/lib64. Fixes build on S/390.
-------------------------------------------------------------------
Tue Feb 12 13:52:01 MET 2002 - mmj@suse.de
- Remove Requires: ftpdir
-------------------------------------------------------------------
Mon Feb 4 18:02:20 CET 2002 - choeger@suse.de
- do not set e(x)ecute bit on textfiles
-------------------------------------------------------------------
Fri Feb 1 14:33:13 CET 2002 - choeger@suse.de
- declare config file as %config(noreplace)
-------------------------------------------------------------------
Thu Jan 17 15:45:11 CET 2002 - mmj@suse.de
- Update to version 1.0.1
-------------------------------------------------------------------
Fri Nov 30 16:25:35 CET 2001 - mmj@suse.de
- Use /etc/pam.d/vsftpd
-------------------------------------------------------------------
Tue Nov 13 13:30:42 CET 2001 - mmj@suse.de
- Updated to version 1.0.0
-------------------------------------------------------------------
Mon Oct 22 15:57:40 CEST 2001 - mmj@suse.de
- Initial package
-------------------------------------------------------------------

106
vsftpd.init Normal file
View File

@ -0,0 +1,106 @@
#! /bin/sh
# Copyright (c) 1995-2005 SUSE Linux GmbH, Nuernberg, Germany.
# All rights reserved.
#
# Author: Mads Martin Joergensen
#
# /etc/init.d/vsftpd
# and its symbolic link
# /usr/sbin/rcvsftpd
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
### BEGIN INIT INFO
# Provides: ftpd
# Required-Start: $syslog $remote_fs
# Required-Stop: $syslog $remote_fs
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: very secure ftp daemon
### END INIT INFO
# Note on runlevels:
# 0 - halt/poweroff 6 - reboot
# 1 - single user 2 - multiuser without network exported
# 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm)
#
# Note on script names:
# http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html
# A registry has been set up to manage the init script namespace.
# http://www.lanana.org/
# Please use the names already registered or register one or use a
# vendor prefix.
VSFTPD_BIN=/usr/sbin/vsftpd
test -x $VSFTPD_BIN || { echo "$VSFTPD_BIN not installed";
if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi; }
. /etc/rc.status
rc_reset
case "$1" in
start)
echo -n "Starting vsftpd "
/sbin/startproc -l /var/log/rcvsftp.log $VSFTPD_BIN
rc_status -v
;;
stop)
echo -n "Shutting down vsftpd "
/sbin/killproc -TERM $VSFTPD_BIN
rc_status -v
;;
try-restart|condrestart)
## Do a restart only if the service was active before.
## Note: try-restart is now part of LSB (as of 1.9).
## RH has a similar command named condrestart.
if test "$1" = "condrestart"; then
echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
fi
$0 status
if test $? = 0; then
$0 restart
else
rc_reset # Not running is not a failure.
fi
rc_status
;;
restart)
$0 stop
$0 start
rc_status
;;
force-reload)
echo -n "Reload service vsftpd "
/sbin/killproc -HUP $VSFTPD_BIN
rc_status -v
;;
reload)
echo -n "Reload service vsftpd "
/sbin/killproc -HUP $VSFTPD_BIN
rc_status -v
;;
status)
echo -n "Checking for service vsftpd "
/sbin/checkproc $VSFTPD_BIN
rc_status -v
;;
*)
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}"
exit 1
;;
esac
rc_exit

14
vsftpd.logrotate Normal file
View File

@ -0,0 +1,14 @@
/var/log/vsftpd.log {
compress
dateext
maxage 365
rotate 99
size=+1024k
notifempty
missingok
create 600 root root
sharedscripts
postrotate
killall -HUP vsftpd
endscript
}

14
vsftpd.pam Normal file
View File

@ -0,0 +1,14 @@
#%PAM-1.0
# Uncomment this to achieve what used to be ftpd -A.
# auth required pam_listfile.so item=user sense=allow file=/etc/ftpchroot onerr=fail
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
# Uncomment the following line for anonymous ftp.
#auth sufficient pam_ftp.so
auth required pam_shells.so
auth include common-auth
account include common-account
password include common-password
session required pam_loginuid.so
session include common-session

373
vsftpd.spec Normal file
View File

@ -0,0 +1,373 @@
#
# spec file for package vsftpd (Version 2.0.5)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
Name: vsftpd
BuildRequires: openssl-devel pam-devel
%if 0%{?suse_version} < 1001
BuildRequires: libcap
%else
BuildRequires: libcap-devel
%endif
Version: 2.0.5
Release: 33
Summary: Very Secure FTP Daemon - Written from Scratch
License: GNU General Public License (GPL)
Group: Productivity/Networking/Ftp/Servers
URL: http://vsftpd.beasts.org
Source: %name-%version.tar.bz2
Source1: %name.pam
Source2: %name.logrotate
Source3: %name.init
Source4: README.SUSE
Source5: %name.xml
Patch: %name-2.0.4-conf.diff
Patch1: %name-2.0.4-lib64.diff
Patch2: %name-2.0.4-nowarn.patch
Patch3: %name-2.0.4-xinetd.diff
Patch4: %name-2.0.4-enable-ssl.patch
Patch5: %name-2.0.4-dmapi.patch
Patch6: %name-%{version}-vuser.patch
Patch7: %name-%{version}-enable-debuginfo.patch
Patch8: %name-%{version}-utf8-log-names.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Provides: ftp-server
PreReq: %insserv_prereq
%description
Vsftpd is an FTP server, or dæmon. The "vs" stands for Very Secure.
Obviously this is not a guarantee, but the entire codebase was written
with security in mind, and carefully designed to be resilient to
attack.
Recent evidence suggests that vsftpd is also extremely fast (and this
is before any explicit performance tuning!). In tests against wu-ftpd,
vsftpd was always faster, supporting over twice as many users in some
tests.
Authors:
--------
Chris Evans <chris@scary.beasts.org>
%prep
%setup -q
%patch
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4
%patch5
%patch6
%patch7
%patch8 -p1
%build
rm -f dummyinc/sys/capability.h
make CFLAGS="$RPM_OPT_FLAGS -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fPIE -fstack-protector" \
LDFLAGS="-pie" LINK=
%install
mkdir -p $RPM_BUILD_ROOT/usr/share/empty
cp %SOURCE4 .
install -D -m 755 %name $RPM_BUILD_ROOT/usr/sbin/%name
install -D -m 600 %name.conf $RPM_BUILD_ROOT/etc/%name.conf
install -D -m 600 xinetd.d/%name $RPM_BUILD_ROOT/etc/xinetd.d/%name
install -D -m 644 $RPM_SOURCE_DIR/%name.pam $RPM_BUILD_ROOT/etc/pam.d/%name
install -D -m 644 $RPM_SOURCE_DIR/%name.logrotate $RPM_BUILD_ROOT/etc/logrotate.d/%name
install -D -m 644 %name.conf.5 $RPM_BUILD_ROOT/%_mandir/man5/%name.conf.5
install -D -m 644 %name.8 $RPM_BUILD_ROOT/%_mandir/man8/%name.8
install -D -m 755 %SOURCE3 $RPM_BUILD_ROOT/etc/init.d/%name
ln -sf ../../etc/init.d/%name $RPM_BUILD_ROOT/%_prefix/sbin/rc%name
install -d $RPM_BUILD_ROOT/%_datadir/omc/svcinfo.d/
install -D -m 644 %SOURCE5 $RPM_BUILD_ROOT/%_datadir/omc/svcinfo.d/
%preun
%stop_on_removal %name
%postun
%insserv_cleanup
%restart_on_update %name
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root)
%dir %_datadir/omc/
%dir %_datadir/omc/svcinfo.d/
/usr/sbin/%name
/usr/sbin/rc%name
/etc/init.d/%name
%_datadir/omc/svcinfo.d/vsftpd.xml
%dir /usr/share/empty
%config(noreplace) /etc/xinetd.d/%name
%config(noreplace) /etc/%name.conf
%config /etc/pam.d/%name
%config(noreplace) /etc/logrotate.d/%name
%_mandir/man5/%name.conf.*
%_mandir/man8/%name.*
%doc INSTALL BUGS AUDIT Changelog LICENSE README README.security
%doc REWARD SPEED TODO SECURITY TUNING SIZE FAQ EXAMPLE COPYING
%doc README.SUSE
%changelog -n vsftpd
* Mon Jan 15 2007 - mskibbe@suse.de
- fix cryptic symbol in package - description
- build against libcap on suse < 10.1
* Fri Jan 12 2007 - mskibbe@suse.de
- vsftp could not log any file name other then ascii (#229320)
* Thu Jan 11 2007 - mskibbe@suse.de
- change path to xml service document (fate #301713)
* Mon Jan 08 2007 - mskibbe@suse.de
- fix Bug #230220 - vsftp no debuginfo
* Mon Jan 08 2007 - mskibbe@suse.de
- xml document should readable to all (fate #301713)
* Wed Dec 06 2006 - mskibbe@suse.de
- add service xml document (fate #301713 )
* Mon Oct 23 2006 - mskibbe@suse.de
- fix Bug 213894 - vsftpd and pam
* Mon Sep 04 2006 - kukuk@suse.de
- Include common PAM config files, add pam_loginuid.so
* Fri Jul 14 2006 - mskibbe@suse.de
- udpate to version 2.0.5 which
o IE should now show the login dialog again
o configurable login attempt limits and delays were added
o a bad intereaction with DMAPI filesystems was fixed and chained
certs should now work.
* Fri May 26 2006 - schwab@suse.de
- Don't strip binaries.
* Thu Apr 20 2006 - hvogel@suse.de
- revert the rename to vsftp for the xinetd config file. chkconfig
knows on for init and xinetd. So this wasnt a bug but a misusage
of chkconfig
* Thu Apr 20 2006 - hvogel@suse.de
- add support for DMAPI filesystems [#167632]
* Wed Apr 19 2006 - hvogel@suse.de
- rename xinetd config from vsftpd to vsftp to avoid name clashes
in chkconfig [#165745]
* Thu Feb 16 2006 - hvogel@suse.de
- enable ssl for real [#151453]
* Mon Feb 06 2006 - hvogel@suse.de
- The switch to standalone should not happen in update.
Installed xinetd config file again. The configuration file is
marked as noreplace anyway so if you are updating you will
get a xinetd.d/vsftpd.rpmnew and a vsftpd.conf.rpmnew
and everything is working as before and standalone is only used
for new installations. [#148201]
- redirect standalone parent output to /var/log/rcvsftp.log
so the init script can return properly.
* Wed Jan 25 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
* Fri Jan 13 2006 - hvogel@suse.de
- Make use of Stack Protector
- fix some uninitialized variables
* Wed Jan 11 2006 - hvogel@suse.de
- Update to version 2.0.4 including:
o Add explicit "This FTP server does not allow anonymous logins"
message.
o Add paranoid checks to sysutil.c for large values / lengths.
o Load per-IP config files earlier; allows more settings to be
tuned on a per-IP level.
o regex fix so that {*} correctly matches everything.
o Add optional file locking support via lock_upload_files.
o Apply LDFLAGS patch from Mads Martin Joergensen <mmj@suse.de>.
o Add pasv_addr_resolve option to allow pasv_address to get
DNS resolved once at startup.
o Apply patch to fix timezone issues (caused by chroot()
interacting badly with newer glibc versions).
* Wed Sep 28 2005 - mmj@suse.de
- Add init script, and make it standalone
* Sun Sep 18 2005 - kukuk@suse.de
- Add libcap-devel to nfb
* Tue Aug 09 2005 - mmj@suse.de
- Document that /etc/xinet.d/vsftpd is for xinetd conf [#102953]
* Mon Aug 08 2005 - uli@suse.de
- build with -fPIE, not -fpie (fixes s390x)
* Mon Jun 27 2005 - ro@suse.de
- use libcap
* Fri Jun 17 2005 - mmj@suse.de
- Compile with -fpie, link with -pie
* Tue Apr 19 2005 - mmj@suse.de
- Update to 2.0.3 including:
o Document what regex expressions are supported in the man page.
o New settings rsa_private_key_file and dsa_private_key_file to
allow separate files for the certificates and private keys.
o Initial, simple fix for timed out processes not exiting when
SSL is in use. Better fix (which reports timeout to client
properly) to follow.
o Add which setsockopt option failed to die("setsockopt") calls.
o Fix error with IPv4 connections to IPv6 listeners and PORT
type data connections when connect_from_port_20 is set.
o Remove vsf_sysutil_sockaddr_same_family (unused).
o Support protocol 1 (IPv4) in EPRT.
o Add ssl.c to AUDIT.
o Allow config file to use "ssl_ciphers=" to use default
OpenSSL cipher list.
o Allow "EPSV 1" to mean IPv4 EPSV.
o Report dummy IP but correct port with IPv6 / PASV.
o Handle SSL_WANT_READ and SSL_WANT_WRITE retries in SSL_read
and SSL_write; fixes SSL upload failures when data timeouts are
in use with some clients.
o Implicitly disable connect_from_port_20 and chown_uploads
when a non-root user is using run_as_launching_user.
o Add force_anon_logins_ssl and force_anon_data_ssl for a fully
SSL secure anonymous oonly solution (useful when you don't
have root access and a range of acceptable anonymous
passwords as credentials).
o Use SSL BIO callbacks to fix data connection timeout checks;
the checks weren't all occurring promply.
* Thu Mar 03 2005 - mmj@suse.de
- Update to 2.0.2 including:
o Emit data transfer status messages (success / failure)
after flushing and waiting for the full data transfer to
reach the client. This should help work around buggy FTP
clients such as FlashFXP, which is known to truncate files
incorrectly.
o Make str_empty actually allocate an empty string.
o Change the ASCII receive code to ONLY rip out \r if it is
just before a \n; someone finally complained about this.
o Enable AIX Large File Support
o Add a couple of FAQ entries.
o Fix time delta code areas to cope with negative deltas,
which will occur if the clock is adjusted backwards.
o Fix "errno" checks to be robust in multiple places;
previously, calls to failing library calls could be made
inbetween the original library call and the "errno" reads.
o Make bandwidth limiter work with SSL data connections.
o Note that the SSL / bandwidth limiter bug fixed a much more
serious bug: SSL data connection dropouts after
data_connection_timeout seconds.
* Fri Feb 18 2005 - mmj@suse.de
- Glibc doesn't cache the timezone as much as it used to, so export
the TZ variable after doing chroot. [#49878]
* Thu Aug 12 2004 - mmj@suse.de
- Update to 2.0.1 including:
o Add -lcrypto for the SSL build; needed for some systems
o Oops; fix session bale out if an empty length password is given.
o Fix build on Fedora Core 2 (-lcap cannot seem to find /lib/libcap.so).
o Fix vsftpd.conf.5 man page error in "ssl_sslv3"
o Clarify licensing: I allow linking of my GPL software with the OpenSSL
libraries.
o Fix build where PAM build is enabled but PAM headers are missing.
* Fri Jul 02 2004 - mmj@suse.de
- Update to 2.0.0 including:
o Improve logging (log deletes, renames, chmods, etc. as
requested by users).
o Add no_log_lock to work around Solaris / Veritas locking
hangs.
o Add EPRT, EPSV, PASV and TVFS to FEAT response.
o Implement use of MDTM to set timestamps.
o Recognize FEAT prior to login.
o Add OpenSSL (AUTH TLS / SSL) support for encrypted control
and data connections.
o Increase max size of .message files to 4000 characters
o Add easy builddefs.h ability to disable PAM builds even when
PAM is installed.
o Report vsftpd version in STAT output.
o Add REFS file.
o Change parent<->child socket comms from DGRAM to STREAM for
increased reliability. The main benefit is should the parent
be killed (or crash out) then the child won't block on a
read() that will never return.
o Make str_reserve reserve space for the trailing zero as well,
so we don't cause a reallocation if we exactly fill the buffer.
o Optimize the sending of strings over the parent<->child comms links.
o Improve the build system so tcp_wrappers, PAM and OpenSSL can
be forcibly compiled out.
o Fix vsftpd.conf.5 typos
o If trans_chunk_size is between 1 and 4096, use 4096 rather
than ignoring totally.
o Add SSL / TLS info to SECURITY texts.
o Add README.ssl
o Add documentation for new SSL options to vsftpd.conf.5.
o Add support for CWD ~
o Fix compile warnings.
* Sun May 30 2004 - mmj@suse.de
- Add logrotate file [#41432]
* Tue Apr 27 2004 - mmj@suse.de
- Update to 1.2.2 including:
o Fix nasty issue resulting in listener instability under
extreme load (root cause was re-entering malloc/free).
o Fix build with modern glibc-2.3 and no libcap on Linux.
o Add initial support for running as the user which launched
vsftpd, i.e. no root needed. Warning - easy to create
insecurity if you use this without knowing what you are
doing.
o For above run-as-launching-user support: make CDUP re-use CWD
code so that deny_file of *..* is useful.
* Mon Jan 26 2004 - hvogel@suse.de
- reworked the log part of the conf file patch.
Enabled syslog as default log destination, clarify xferlog
settings.
* Mon Jan 19 2004 - mmj@suse.de
- -D_LARGEFILE_SOURCE to get LFS support. Also make sure the
offset bits are set correct.
* Fri Jan 16 2004 - kukuk@suse.de
- Add pam-devel to neededforbuild
* Thu Nov 13 2003 - mmj@suse.de
- Update to 1.2.1
* Wed Oct 15 2003 - mmj@suse.de
- Don't build as root
* Mon Jul 28 2003 - mmj@suse.de
- Add EXAMPLE/ and FAQ
- Don't strip explicitly
* Fri May 30 2003 - mmj@suse.de
- Update to vsftpd-1.2.0 including:
· IPv6 support, so drop our patch
· Many bugfixes and tunings
· Build fixes
* Thu Mar 06 2003 - mmj@suse.de
- Fix the xinetd conf file [#24774]
* Fri Feb 07 2003 - kukuk@suse.de
- Use pam_unix2.so instead of pam_unix.so
* Fri Jan 24 2003 - mmj@suse.de
- Correct xinetd conffile
* Tue Jan 14 2003 - mmj@suse.de
- Install xinetd.d/vsftpd
* Sat Oct 26 2002 - mmj@suse.de
- Use better configuration defaults, thanks henne.
* Fri Oct 25 2002 - mmj@suse.de
- Add $RPM_OPT_FLAGS to CFLAGS when building
* Thu Oct 24 2002 - mmj@suse.de
- Update to 1.1.2 including:
o Addition of per-IP connection limits in standalone mode.
o Add logging of refused connect due to global or IP connection limits.
o Make connection limit exceeded messages nonblocking.
o Don't exit the listener if fork fails.
* Tue Oct 08 2002 - mmj@suse.de
- Update to 1.1.1
* Fri Aug 02 2002 - mmj@suse.de
- Update to 1.1.0
* Tue Jul 09 2002 - okir@suse.de
- Added a patch to get rid of lots of warnings caused by -Wshadow
- Added a patch to implement IPv6 support
* Tue Apr 30 2002 - mmj@suse.de
- And now without detection of pam in /lib/libpam.so.0, which is
bogus.
* Sun Feb 17 2002 - mmj@suse.de
- Added a patch to the vsftpd library detection function to make
it build with /usr/lib64. Fixes build on S/390.
* Tue Feb 12 2002 - mmj@suse.de
- Remove Requires: ftpdir
* Mon Feb 04 2002 - choeger@suse.de
- do not set e(x)ecute bit on textfiles
* Fri Feb 01 2002 - choeger@suse.de
- declare config file as %%config(noreplace)
* Thu Jan 17 2002 - mmj@suse.de
- Update to version 1.0.1
* Fri Nov 30 2001 - mmj@suse.de
- Use /etc/pam.d/vsftpd
* Tue Nov 13 2001 - mmj@suse.de
- Updated to version 1.0.0
* Mon Oct 22 2001 - mmj@suse.de
- Initial package

89
vsftpd.xml Normal file
View File

@ -0,0 +1,89 @@
<?xml version="1.0"?>
<!--
Copyright (c) 2006 Novell, Inc. All rights reserved.
Service Description XML Document for vsftpd.
This file should be placed in /etc/omc/svcinfo.d
Note: The name of the service is the name of this file without the .xml
file extension.
-->
<serviceDescription version="1.0">
<!-- Caption for display purposes -->
<caption>vsftpd Server</caption>
<!-- Description of this service -->
<description>
vsftpd Server
</description>
<!--
The startCommand tag specifies the command line that will be
invoked to start the service. The return code from this command
must be as follows:
0 - success
1 - generic or unspecified error
2 - invalid or excess argument(s)
3 - unimplemented feature (e.g. "reload")
4 - user had insufficient privileges
5 - program is not installed
6 - program is not configured
7 - program is not running
-->
<startCommand>/usr/sbin/rcvsftpd start</startCommand>
<!--
The reStartCommand tag specifies the command line that will be
invoked to restart the service. The return code from this command
must be as specified in the startCommand tag.
-->
<reStartCommand>/usr/sbin/rcvsftpd restart</reStartCommand>
<!--
The stopCommand tag specifies the command line that will be
invoked to stop the service. The return code from this command
must be as specified in the startCommand tag.
-->
<stopCommand>/usr/sbin/rcvsftpd stop</stopCommand>
<!--
The statusCommand specifies the command line that can be run
that will report on the status of the service. The return code
from this command line should be as follows:
0 - service up and running
1 - service dead, but /var/run/ pid file exists
2 - service dead, but /var/lock/ lock file exists
3 - service not running (unused)
4 - service status unknown :-(
-->
<statusCommand>/usr/sbin/rcvsftpd status</statusCommand>
<!--
The processInformation tag allows the XML Service provider to
identify the processes that belong to the service. This allows
the ServiceProcess associations to be instrumented.
If the process_information tag is not specifed, the will be no
ServiceProcess association for the service.
-->
<processInformation>
<name>vsftpd</name>
<modulePath>/usr/sbin/vsftpd</modulePath>
</processInformation>
<!--
Define the services that this service has a dependency on.
There must be a corresponding Service Description XML file
for the antecedent service in the /etc/omc/svcinfo.d directory.
-->
<dependsOn>
<serviceName>syslog</serviceName>
</dependsOn>
</serviceDescription>