From 6c32c8f621b350ec9e1d646cc37e3875cf1482c6b5f10042ecc64f6bfb6a44b8 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Mon, 15 Jan 2007 23:40:43 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/vsftpd?expand=0&rev=1 --- .gitattributes | 23 ++ .gitignore | 1 + README.SUSE | 10 + ready | 0 vsftpd-2.0.4-conf.diff | 259 +++++++++++++++++ vsftpd-2.0.4-dmapi.patch | 14 + vsftpd-2.0.4-enable-ssl.patch | 11 + vsftpd-2.0.4-lib64.diff | 26 ++ vsftpd-2.0.4-nowarn.patch | 10 + vsftpd-2.0.4-xinetd.diff | 33 +++ vsftpd-2.0.5-enable-debuginfo.patch | 11 + vsftpd-2.0.5-utf8-log-names.patch | 106 +++++++ vsftpd-2.0.5-vuser.patch | 7 + vsftpd-2.0.5.tar.bz2 | 3 + vsftpd.changes | 423 ++++++++++++++++++++++++++++ vsftpd.init | 106 +++++++ vsftpd.logrotate | 14 + vsftpd.pam | 14 + vsftpd.spec | 373 ++++++++++++++++++++++++ vsftpd.xml | 89 ++++++ 20 files changed, 1533 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 README.SUSE create mode 100644 ready create mode 100644 vsftpd-2.0.4-conf.diff create mode 100644 vsftpd-2.0.4-dmapi.patch create mode 100644 vsftpd-2.0.4-enable-ssl.patch create mode 100644 vsftpd-2.0.4-lib64.diff create mode 100644 vsftpd-2.0.4-nowarn.patch create mode 100644 vsftpd-2.0.4-xinetd.diff create mode 100644 vsftpd-2.0.5-enable-debuginfo.patch create mode 100644 vsftpd-2.0.5-utf8-log-names.patch create mode 100644 vsftpd-2.0.5-vuser.patch create mode 100644 vsftpd-2.0.5.tar.bz2 create mode 100644 vsftpd.changes create mode 100644 vsftpd.init create mode 100644 vsftpd.logrotate create mode 100644 vsftpd.pam create mode 100644 vsftpd.spec create mode 100644 vsftpd.xml diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..692ec64 --- /dev/null +++ b/README.SUSE @@ -0,0 +1,10 @@ +Starting with 10.1 vsftpd can be configured standalone +or over the xinetd superdeamon. Default is standalone. + +If you want to run it over xinetd make sure the you enable +the service in the xinetd configuration (/etc/xinetd.d/vsftp) +and set the following line in /etc/vsftpd.conf + +listen=NO + +This is needed for vsftpd to over xinetd. diff --git a/ready b/ready new file mode 100644 index 0000000..473a0f4 diff --git a/vsftpd-2.0.4-conf.diff b/vsftpd-2.0.4-conf.diff new file mode 100644 index 0000000..082d4e0 --- /dev/null +++ b/vsftpd-2.0.4-conf.diff @@ -0,0 +1,259 @@ +--- vsftpd.conf ++++ vsftpd.conf +@@ -4,100 +4,214 @@ + # loosens things up a bit, to make the ftp daemon more usable. + # Please see vsftpd.conf.5 for all compiled in defaults. + # ++# If you do not change anything here you will have a minimum setup for an ++# anonymus FTP server. ++# + # READ THIS: This example file is NOT an exhaustive list of vsftpd options. + # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's + # capabilities. ++ ++# General Settings + # +-# Allow anonymous FTP? (Beware - allowed by default if you comment this out). +-anonymous_enable=YES ++# Uncomment this to enable any form of FTP write command. ++# ++#write_enable=YES ++# ++# Activate directory messages - messages given to remote users when they ++# go into a certain directory. ++# ++dirmessage_enable=YES ++# ++# It is recommended that you define on your system a unique user which the ++# ftp server can use as a totally isolated and unprivileged user. ++# ++#nopriv_user=ftpsecure ++# ++# You may fully customise the login banner string: ++# ++#ftpd_banner="Welcome to FOOBAR FTP service." ++# ++# You may activate the "-R" option to the builtin ls. This is disabled by ++# default to avoid remote users being able to cause excessive I/O on large ++# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume ++# the presence of the "-R" option, so there is a strong case for enabling it. ++# ++#ls_recurse_enable=YES ++# ++# You may specify a file of disallowed anonymous e-mail addresses. Apparently ++# useful for combatting certain DoS attacks. ++# ++#deny_email_enable=YES ++# ++# (default follows) ++# ++#banned_email_file=/etc/vsftpd.banned_emails ++# ++# If enabled, all user and group information in ++# directory listings will be displayed as "ftp". + # ++#hide_ids=YES ++ ++# Local FTP user Settings ++# + # Uncomment this to allow local users to log in. +-#local_enable=YES + # +-# Uncomment this to enable any form of FTP write command. +-#write_enable=YES ++#local_enable=YES + # + # Default umask for local users is 077. You may wish to change this to 022, + # if your users expect that (022 is used by most other ftpd's) ++# + #local_umask=022 + # ++# Uncomment to put local users in a chroot() jail in their home directory ++# after login. ++# ++#chroot_local_user=YES ++# ++# You may specify an explicit list of local users to chroot() to their home ++# directory. If chroot_local_user is YES, then this list becomes a list of ++# users to NOT chroot(). ++# ++#chroot_list_enable=YES ++# ++# (default follows) ++# ++#chroot_list_file=/etc/vsftpd.chroot_list ++# ++# The maximum data transfer rate permitted, in bytes per second, for ++# local authenticated users. The default is 0 (unlimited). ++# ++#local_max_rate=7200 ++ ++ ++# Anonymus FTP user Settings ++# ++# Allow anonymous FTP? ++# ++anonymous_enable=YES ++# ++# Anonymous users will only be allowed to download files which are ++# world readable. ++# ++anon_world_readable_only=YES ++# + # Uncomment this to allow the anonymous FTP user to upload files. This only + # has an effect if the above global write enable is activated. Also, you will + # obviously need to create a directory writable by the FTP user. ++# + #anon_upload_enable=YES + # ++# Default umask for anonymus users is 077. You may wish to change this to 022, ++# if your users expect that (022 is used by most other ftpd's) ++# ++#anon_umask=022 ++# + # Uncomment this if you want the anonymous FTP user to be able to create + # new directories. +-#anon_mkdir_write_enable=YES + # +-# Activate directory messages - messages given to remote users when they +-# go into a certain directory. +-dirmessage_enable=YES ++#anon_mkdir_write_enable=YES + # +-# Activate logging of uploads/downloads. +-xferlog_enable=YES ++# Uncomment this to enable anonymus FTP users to perform other write operations ++# like deletion and renaming. + # +-# Make sure PORT transfer connections originate from port 20 (ftp-data). +-connect_from_port_20=YES ++#anon_other_write_enable=YES + # + # If you want, you can arrange for uploaded anonymous files to be owned by + # a different user. Note! Using "root" for uploaded files is not + # recommended! ++# + #chown_uploads=YES + #chown_username=whoever + # ++# The maximum data transfer rate permitted, in bytes per second, for anonymous ++# authenticated users. The default is 0 (unlimited). ++# ++#anon_max_rate=7200 ++ ++ ++# Log Settings ++# ++# Log to the syslog daemon instead of using an logfile. ++# ++syslog_enable=YES ++# ++# Uncomment this to log all FTP requests and responses. ++# ++#log_ftp_protocol=YES ++# ++# Activate logging of uploads/downloads. ++# ++#xferlog_enable=YES ++# + # You may override where the log file goes if you like. The default is shown + # below. +-#xferlog_file=/var/log/vsftpd.log + # +-# If you want, you can have your log file in standard ftpd xferlog format ++#vsftpd_log_file=/var/log/vsftpd.log ++# ++# If you want, you can have your log file in standard ftpd xferlog format. ++# Note: This disables the normal logging unless you enable dual_log_enable below. ++# + #xferlog_std_format=YES + # ++# You may override where the log file goes if you like. The default is shown ++# below. ++# ++#xferlog_file=/var/log/xferlog ++# ++# Enable this to have booth logfiles. Standard xferlog and vsftpd's own style log. ++# ++#dual_log_enable=YES ++# ++# Uncomment this to enable session status information in the system process listing. ++# ++#setproctitle_enable=YES ++ ++# Transfer Settings ++# ++# Make sure PORT transfer connections originate from port 20 (ftp-data). ++# ++connect_from_port_20=YES ++# + # You may change the default value for timing out an idle session. ++# + #idle_session_timeout=600 + # + # You may change the default value for timing out a data connection. +-#data_connection_timeout=120 + # +-# It is recommended that you define on your system a unique user which the +-# ftp server can use as a totally isolated and unprivileged user. +-#nopriv_user=ftpsecure ++#data_connection_timeout=120 + # + # Enable this and the server will recognise asynchronous ABOR requests. Not + # recommended for security (the code is non-trivial). Not enabling it, + # however, may confuse older FTP clients. ++# + #async_abor_enable=YES + # + # By default the server will pretend to allow ASCII mode but in fact ignore + # the request. Turn on the below options to have the server actually do ASCII + # mangling on files when in ASCII mode. +-# Beware that on some FTP servers, ASCII support allows a denial of service +-# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd +-# predicted this attack and has always been safe, reporting the size of the +-# raw file. +-# ASCII mangling is a horrible feature of the protocol. ++# Beware that turning on ascii_download_enable enables malicious remote parties ++# to consume your I/O resources, by issuing the command "SIZE /big/file" in ++# ASCII mode. ++# These ASCII options are split into upload and download because you may wish ++# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking), ++# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be ++# on the client anyway.. ++# + #ascii_upload_enable=YES + #ascii_download_enable=YES + # +-# You may fully customise the login banner string: +-#ftpd_banner=Welcome to blah FTP service. ++# Set to NO if you want to disallow the PASV method of obtaining a data ++# connection. + # +-# You may specify a file of disallowed anonymous e-mail addresses. Apparently +-# useful for combatting certain DoS attacks. +-#deny_email_enable=YES +-# (default follows) +-#banned_email_file=/etc/vsftpd.banned_emails ++#pasv_enable=NO ++ ++# PAM setting. Do NOT change this unless you know what you do! + # +-# You may specify an explicit list of local users to chroot() to their home +-# directory. If chroot_local_user is YES, then this list becomes a list of +-# users to NOT chroot(). +-#chroot_list_enable=YES +-# (default follows) +-#chroot_list_file=/etc/vsftpd.chroot_list ++pam_service_name=vsftpd ++ ++# Set listen=YES if you want vsftpd to run standalone + # +-# You may activate the "-R" option to the builtin ls. This is disabled by +-# default to avoid remote users being able to cause excessive I/O on large +-# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume +-# the presence of the "-R" option, so there is a strong case for enabling it. +-#ls_recurse_enable=YES ++listen=YES + ++# Set to ssl_enable=YES if you want to enable SSL ++ssl_enable=NO diff --git a/vsftpd-2.0.4-dmapi.patch b/vsftpd-2.0.4-dmapi.patch new file mode 100644 index 0000000..6a64d76 --- /dev/null +++ b/vsftpd-2.0.4-dmapi.patch @@ -0,0 +1,14 @@ +--- postlogin.c ++++ postlogin.c +@@ -992,6 +992,11 @@ + { + new_file_fd = str_create_append(p_filename); + } ++ if (new_file_fd >= 0) { ++ vsf_sysutil_fstat(new_file_fd, &s_p_statbuf); ++ if (vsf_sysutil_statbuf_is_regfile(s_p_statbuf)) ++ vsf_sysutil_deactivate_noblock(new_file_fd); ++ } + } + if (vsf_sysutil_retval_is_error(new_file_fd)) + { diff --git a/vsftpd-2.0.4-enable-ssl.patch b/vsftpd-2.0.4-enable-ssl.patch new file mode 100644 index 0000000..a69b541 --- /dev/null +++ b/vsftpd-2.0.4-enable-ssl.patch @@ -0,0 +1,11 @@ +--- builddefs.h ++++ builddefs.h +@@ -3,7 +3,7 @@ + + #undef VSF_BUILD_TCPWRAPPERS + #define VSF_BUILD_PAM +-#undef VSF_BUILD_SSL ++#define VSF_BUILD_SSL + + #endif /* VSF_BUILDDEFS_H */ + diff --git a/vsftpd-2.0.4-lib64.diff b/vsftpd-2.0.4-lib64.diff new file mode 100644 index 0000000..bd485e1 --- /dev/null +++ b/vsftpd-2.0.4-lib64.diff @@ -0,0 +1,26 @@ +--- vsftpd-2.0.4/vsf_findlibs.sh ++++ vsftpd-2.0.4/vsf_findlibs.sh +@@ -13,6 +13,7 @@ + # crypt library. + if find_func pam_start sysdeputil.o; then + locate_library /lib/libpam.so.0 && echo "/lib/libpam.so.0"; ++ locate_library /lib64/libpam.so.0 && echo "/lib64/libpam.so.0"; + locate_library /usr/lib/libpam.so && echo "-lpam"; + # HP-UX ends shared libraries with .sl + locate_library /usr/lib/libpam.sl && echo "-lpam"; +@@ -20,6 +21,7 @@ + locate_library /usr/lib/libpam.a && echo "-lpam"; + else + locate_library /lib/libcrypt.so && echo "-lcrypt"; ++ locate_library /lib64/libcrypt.so && echo "-lcrypt"; + locate_library /usr/lib/libcrypt.so && echo "-lcrypt"; + fi + +@@ -44,6 +46,7 @@ + + # Look for libcap (capabilities) + locate_library /lib/libcap.so.1 && echo "/lib/libcap.so.1"; ++locate_library /lib64/libcap.so.1 && echo "/lib64/libcap.so.1"; + locate_library /usr/lib/libcap.so && echo "-lcap"; + + # Solaris needs this for nanosleep().. diff --git a/vsftpd-2.0.4-nowarn.patch b/vsftpd-2.0.4-nowarn.patch new file mode 100644 index 0000000..3ec12b4 --- /dev/null +++ b/vsftpd-2.0.4-nowarn.patch @@ -0,0 +1,10 @@ +--- vsftpd-2.0.4/sysdeputil.c ++++ vsftpd-2.0.4/sysdeputil.c +@@ -34,6 +34,7 @@ + /* For FreeBSD */ + #include + #include ++#include + + /* Configuration.. here are the possibilities */ + #undef VSF_SYSDEP_HAVE_CAPABILITIES diff --git a/vsftpd-2.0.4-xinetd.diff b/vsftpd-2.0.4-xinetd.diff new file mode 100644 index 0000000..b131946 --- /dev/null +++ b/vsftpd-2.0.4-xinetd.diff @@ -0,0 +1,33 @@ +--- vsftpd-2.0.4/xinetd.d/vsftpd ++++ vsftpd-2.0.4/xinetd.d/vsftpd +@@ -1,18 +1,23 @@ +-# default: on ++# default: off + # description: + # The vsftpd FTP server serves FTP connections. It uses + # normal, unencrypted usernames and passwords for authentication. + # vsftpd is designed to be secure. ++# ++# NOTE: This file contains the configuration for xinetd to start vsftpd. ++# the configuration file for vsftp itself is in /etc/vsftpd.conf ++# + service ftp + { + socket_type = stream ++ protocol = tcp + wait = no + user = root +- server = /usr/local/sbin/vsftpd +-# server_args = +-# log_on_success += DURATION USERID +-# log_on_failure += USERID +- nice = 10 +- disable = no ++ server = /usr/sbin/vsftpd ++# server_args = ++# log_on_success += DURATION USERID ++# log_on_failure += USERID ++# nice = 10 ++ disable = yes + } + diff --git a/vsftpd-2.0.5-enable-debuginfo.patch b/vsftpd-2.0.5-enable-debuginfo.patch new file mode 100644 index 0000000..d2a6efc --- /dev/null +++ b/vsftpd-2.0.5-enable-debuginfo.patch @@ -0,0 +1,11 @@ +--- Makefile ++++ Makefile +@@ -6,7 +6,7 @@ + CFLAGS = -O2 -Wall -W -Wshadow #-pedantic -Werror -Wconversion + + LIBS = `./vsf_findlibs.sh` +-LINK = -Wl,-s ++#LINK = -Wl,-s + + OBJS = main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o \ + tunables.o ftpdataio.o secbuf.o ls.o \ diff --git a/vsftpd-2.0.5-utf8-log-names.patch b/vsftpd-2.0.5-utf8-log-names.patch new file mode 100644 index 0000000..d16217d --- /dev/null +++ b/vsftpd-2.0.5-utf8-log-names.patch @@ -0,0 +1,106 @@ +Index: vsftpd-1.2.1/str.c +=================================================================== +--- vsftpd-1.2.1.orig/str.c ++++ vsftpd-1.2.1/str.c +@@ -27,6 +27,24 @@ static int str_equal_internal(const char + const char* p_buf2, unsigned int buf2_len); + + /* Private functions */ ++static int ++continuation_char(unsigned char str, int* val) ++{ ++ if ((str & 0xc0) != 0x80) /* 10xxxxxx */ ++ return 0; ++ (*val) <<= 6; ++ (*val) |= str & 0x3f; ++ return 1; ++} ++ ++static int ++unicode_valid(int b) ++{ ++ return (b < 0x110000 && ((b & 0xFFFFF800) != 0xD800) ++ && (b < 0xFDD0 || b > 0xFDEF) ++ && (b & 0xFFFE) != 0xFFFE); ++} ++ + static void + s_setbuf(struct mystr* p_str, char* p_newbuf) + { +@@ -153,6 +171,45 @@ str_reserve(struct mystr* p_str, unsigne + } + } + ++int str_is_utf8( const struct mystr* p_str ) ++{ ++ unsigned int i; ++ int min = 0, val = 0; ++ ++ for(i = 0; i < p_str->len; i++) ++ { ++ if( (unsigned char)p_str->p_buf[i] < 128) continue; ++ ++ if((p_str->p_buf[i] & 0xe0) == 0xc0) { /* 110xxxxx */ ++ if((p_str->p_buf[i] & 0x1e) == 0) return 0; ++ i++; ++ if((p_str->p_buf[i] & 0xc0) != 0x80) /* 10xxxxxx */ ++ return 0; ++ } else { ++ if((p_str->p_buf[i] & 0xf0) == 0xe0) { /* 1110xxxx */ ++ min = (1 << 11); ++ val = p_str->p_buf[i] & 0x0f; ++ goto TWO_REMAINING; ++ } else if((p_str->p_buf[i] & 0xf8) == 0xf0) { /* 11110xxx */ ++ min = (1 << 16); ++ val = p_str->p_buf[i] & 0x07; ++ } else { ++ return 0; ++ } ++ i++; ++ if(!continuation_char(p_str->p_buf[i], &val)) return 0; ++TWO_REMAINING: ++ i++; ++ if(!continuation_char(p_str->p_buf[i], &val)) return 0; ++ i++; ++ if(!continuation_char(p_str->p_buf[i], &val)) return 0; ++ if(val < min || !unicode_valid(val)) return 0; ++ } ++ } ++ return 1; ++} ++ ++ + int + str_isempty(const struct mystr* p_str) + { +@@ -648,11 +705,13 @@ void + str_replace_unprintable(struct mystr* p_str, char new_char) + { + unsigned int i; +- for (i=0; i < p_str->len; i++) +- { +- if (!vsf_sysutil_isprint(p_str->p_buf[i])) ++ if( !str_is_utf8( p_str ) ) { ++ for (i=0; i < p_str->len; i++) + { +- p_str->p_buf[i] = new_char; ++ if (!vsf_sysutil_isprint(p_str->p_buf[i])) ++ { ++ p_str->p_buf[i] = new_char; ++ } + } + } + } +Index: vsftpd-1.2.1/str.h +=================================================================== +--- vsftpd-1.2.1.orig/str.h ++++ vsftpd-1.2.1/str.h +@@ -36,6 +36,7 @@ void str_free(struct mystr* p_str); + void str_trunc(struct mystr* p_str, unsigned int trunc_len); + void str_reserve(struct mystr* p_str, unsigned int res_len); + ++int str_is_utf8(const struct mystr* p_str); + int str_isempty(const struct mystr* p_str); + unsigned int str_getlen(const struct mystr* p_str); + const char* str_getbuf(const struct mystr* p_str); + diff --git a/vsftpd-2.0.5-vuser.patch b/vsftpd-2.0.5-vuser.patch new file mode 100644 index 0000000..61a666d --- /dev/null +++ b/vsftpd-2.0.5-vuser.patch @@ -0,0 +1,7 @@ +--- EXAMPLE/VIRTUAL_USERS/vsftpd.pam ++++ EXAMPLE/VIRTUAL_USERS/vsftpd.pam +@@ -1,2 +1,2 @@ +-auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login +-account required /lib/security/pam_userdb.so db=/etc/vsftpd_login ++auth required pam_userdb.so db=/etc/vsftpd_login ++account required pam_userdb.so db=/etc/vsftpd_login diff --git a/vsftpd-2.0.5.tar.bz2 b/vsftpd-2.0.5.tar.bz2 new file mode 100644 index 0000000..0adcbf1 --- /dev/null +++ b/vsftpd-2.0.5.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4b2bc1126b4aa71fb00322646e88228b095e1ce57340c6a34d80fff4d1afb76e +size 116330 diff --git a/vsftpd.changes b/vsftpd.changes new file mode 100644 index 0000000..c6c00ab --- /dev/null +++ b/vsftpd.changes @@ -0,0 +1,423 @@ +------------------------------------------------------------------- +Mon Jan 15 09:21:58 CET 2007 - mskibbe@suse.de + +- fix cryptic symbol in package - description +- build against libcap on suse < 10.1 + +------------------------------------------------------------------- +Fri Jan 12 09:39:24 CET 2007 - mskibbe@suse.de + +- vsftp could not log any file name other then ascii (#229320) + +------------------------------------------------------------------- +Thu Jan 11 09:54:07 CET 2007 - mskibbe@suse.de + +- change path to xml service document (fate #301713) + +------------------------------------------------------------------- +Mon Jan 8 10:31:52 CET 2007 - mskibbe@suse.de + +- fix Bug #230220 - vsftp no debuginfo + +------------------------------------------------------------------- +Mon Jan 8 09:27:36 CET 2007 - mskibbe@suse.de + +- xml document should readable to all (fate #301713) + +------------------------------------------------------------------- +Wed Dec 6 12:03:32 CET 2006 - mskibbe@suse.de + +- add service xml document (fate #301713 ) + +------------------------------------------------------------------- +Mon Oct 23 09:42:05 CEST 2006 - mskibbe@suse.de + +- fix Bug 213894 - vsftpd and pam + +------------------------------------------------------------------- +Mon Sep 4 11:58:26 CEST 2006 - kukuk@suse.de + +- Include common PAM config files, add pam_loginuid.so + +------------------------------------------------------------------- +Fri Jul 14 10:57:58 CEST 2006 - mskibbe@suse.de + +- udpate to version 2.0.5 which + o IE should now show the login dialog again + o configurable login attempt limits and delays were added + o a bad intereaction with DMAPI filesystems was fixed and chained + certs should now work. + +------------------------------------------------------------------- +Fri May 26 11:50:07 CEST 2006 - schwab@suse.de + +- Don't strip binaries. + +------------------------------------------------------------------- +Thu Apr 20 18:03:29 CEST 2006 - hvogel@suse.de + +- revert the rename to vsftp for the xinetd config file. chkconfig + knows on for init and xinetd. So this wasnt a bug but a misusage + of chkconfig + +------------------------------------------------------------------- +Thu Apr 20 16:21:14 CEST 2006 - hvogel@suse.de + +- add support for DMAPI filesystems [#167632] + +------------------------------------------------------------------- +Wed Apr 19 11:13:47 CEST 2006 - hvogel@suse.de + +- rename xinetd config from vsftpd to vsftp to avoid name clashes + in chkconfig [#165745] + +------------------------------------------------------------------- +Thu Feb 16 12:27:53 CET 2006 - hvogel@suse.de + +- enable ssl for real [#151453] + +------------------------------------------------------------------- +Mon Feb 6 14:31:27 CET 2006 - hvogel@suse.de + +- The switch to standalone should not happen in update. + Installed xinetd config file again. The configuration file is + marked as noreplace anyway so if you are updating you will + get a xinetd.d/vsftpd.rpmnew and a vsftpd.conf.rpmnew + and everything is working as before and standalone is only used + for new installations. [#148201] +- redirect standalone parent output to /var/log/rcvsftp.log + so the init script can return properly. + +------------------------------------------------------------------- +Wed Jan 25 21:42:43 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Fri Jan 13 15:08:31 CET 2006 - hvogel@suse.de + +- Make use of Stack Protector +- fix some uninitialized variables + +------------------------------------------------------------------- +Wed Jan 11 12:11:52 CET 2006 - hvogel@suse.de + +- Update to version 2.0.4 including: + + o Add explicit "This FTP server does not allow anonymous logins" + message. + o Add paranoid checks to sysutil.c for large values / lengths. + o Load per-IP config files earlier; allows more settings to be + tuned on a per-IP level. + o regex fix so that {*} correctly matches everything. + o Add optional file locking support via lock_upload_files. + o Apply LDFLAGS patch from Mads Martin Joergensen . + o Add pasv_addr_resolve option to allow pasv_address to get + DNS resolved once at startup. + o Apply patch to fix timezone issues (caused by chroot() + interacting badly with newer glibc versions). + +------------------------------------------------------------------- +Wed Sep 28 18:47:15 CEST 2005 - mmj@suse.de + +- Add init script, and make it standalone + +------------------------------------------------------------------- +Sun Sep 18 12:00:08 CEST 2005 - kukuk@suse.de + +- Add libcap-devel to nfb + +------------------------------------------------------------------- +Tue Aug 9 14:11:06 CEST 2005 - mmj@suse.de + +- Document that /etc/xinet.d/vsftpd is for xinetd conf [#102953] + +------------------------------------------------------------------- +Mon Aug 8 14:39:16 CEST 2005 - uli@suse.de + +- build with -fPIE, not -fpie (fixes s390x) + +------------------------------------------------------------------- +Mon Jun 27 14:09:14 CEST 2005 - ro@suse.de + +- use libcap + +------------------------------------------------------------------- +Fri Jun 17 10:16:13 CEST 2005 - mmj@suse.de + +- Compile with -fpie, link with -pie + +------------------------------------------------------------------- +Tue Apr 19 16:39:52 CEST 2005 - mmj@suse.de + +- Update to 2.0.3 including: + o Document what regex expressions are supported in the man page. + o New settings rsa_private_key_file and dsa_private_key_file to + allow separate files for the certificates and private keys. + o Initial, simple fix for timed out processes not exiting when + SSL is in use. Better fix (which reports timeout to client + properly) to follow. + o Add which setsockopt option failed to die("setsockopt") calls. + o Fix error with IPv4 connections to IPv6 listeners and PORT + type data connections when connect_from_port_20 is set. + o Remove vsf_sysutil_sockaddr_same_family (unused). + o Support protocol 1 (IPv4) in EPRT. + o Add ssl.c to AUDIT. + o Allow config file to use "ssl_ciphers=" to use default + OpenSSL cipher list. + o Allow "EPSV 1" to mean IPv4 EPSV. + o Report dummy IP but correct port with IPv6 / PASV. + o Handle SSL_WANT_READ and SSL_WANT_WRITE retries in SSL_read + and SSL_write; fixes SSL upload failures when data timeouts are + in use with some clients. + o Implicitly disable connect_from_port_20 and chown_uploads + when a non-root user is using run_as_launching_user. + o Add force_anon_logins_ssl and force_anon_data_ssl for a fully + SSL secure anonymous oonly solution (useful when you don't + have root access and a range of acceptable anonymous + passwords as credentials). + o Use SSL BIO callbacks to fix data connection timeout checks; + the checks weren't all occurring promply. + +------------------------------------------------------------------- +Thu Mar 3 09:35:27 CET 2005 - mmj@suse.de + +- Update to 2.0.2 including: + o Emit data transfer status messages (success / failure) + after flushing and waiting for the full data transfer to + reach the client. This should help work around buggy FTP + clients such as FlashFXP, which is known to truncate files + incorrectly. + o Make str_empty actually allocate an empty string. + o Change the ASCII receive code to ONLY rip out \r if it is + just before a \n; someone finally complained about this. + o Enable AIX Large File Support + o Add a couple of FAQ entries. + o Fix time delta code areas to cope with negative deltas, + which will occur if the clock is adjusted backwards. + o Fix "errno" checks to be robust in multiple places; + previously, calls to failing library calls could be made + inbetween the original library call and the "errno" reads. + o Make bandwidth limiter work with SSL data connections. + o Note that the SSL / bandwidth limiter bug fixed a much more + serious bug: SSL data connection dropouts after + data_connection_timeout seconds. + +------------------------------------------------------------------- +Fri Feb 18 10:48:48 CET 2005 - mmj@suse.de + +- Glibc doesn't cache the timezone as much as it used to, so export + the TZ variable after doing chroot. [#49878] + +------------------------------------------------------------------- +Thu Aug 12 11:26:26 CEST 2004 - mmj@suse.de + +- Update to 2.0.1 including: + o Add -lcrypto for the SSL build; needed for some systems + o Oops; fix session bale out if an empty length password is given. + o Fix build on Fedora Core 2 (-lcap cannot seem to find /lib/libcap.so). + o Fix vsftpd.conf.5 man page error in "ssl_sslv3" + o Clarify licensing: I allow linking of my GPL software with the OpenSSL + libraries. + o Fix build where PAM build is enabled but PAM headers are missing. + +------------------------------------------------------------------- +Fri Jul 2 12:35:51 CEST 2004 - mmj@suse.de + +- Update to 2.0.0 including: + o Improve logging (log deletes, renames, chmods, etc. as + requested by users). + o Add no_log_lock to work around Solaris / Veritas locking + hangs. + o Add EPRT, EPSV, PASV and TVFS to FEAT response. + o Implement use of MDTM to set timestamps. + o Recognize FEAT prior to login. + o Add OpenSSL (AUTH TLS / SSL) support for encrypted control + and data connections. + o Increase max size of .message files to 4000 characters + o Add easy builddefs.h ability to disable PAM builds even when + PAM is installed. + o Report vsftpd version in STAT output. + o Add REFS file. + o Change parent<->child socket comms from DGRAM to STREAM for + increased reliability. The main benefit is should the parent + be killed (or crash out) then the child won't block on a + read() that will never return. + o Make str_reserve reserve space for the trailing zero as well, + so we don't cause a reallocation if we exactly fill the buffer. + o Optimize the sending of strings over the parent<->child comms links. + o Improve the build system so tcp_wrappers, PAM and OpenSSL can + be forcibly compiled out. + o Fix vsftpd.conf.5 typos + o If trans_chunk_size is between 1 and 4096, use 4096 rather + than ignoring totally. + o Add SSL / TLS info to SECURITY texts. + o Add README.ssl + o Add documentation for new SSL options to vsftpd.conf.5. + o Add support for CWD ~ + o Fix compile warnings. + +------------------------------------------------------------------- +Sun May 30 01:35:55 CEST 2004 - mmj@suse.de + +- Add logrotate file [#41432] + +------------------------------------------------------------------- +Tue Apr 27 10:15:24 CEST 2004 - mmj@suse.de + +- Update to 1.2.2 including: + o Fix nasty issue resulting in listener instability under + extreme load (root cause was re-entering malloc/free). + o Fix build with modern glibc-2.3 and no libcap on Linux. + o Add initial support for running as the user which launched + vsftpd, i.e. no root needed. Warning - easy to create + insecurity if you use this without knowing what you are + doing. + o For above run-as-launching-user support: make CDUP re-use CWD + code so that deny_file of *..* is useful. + +------------------------------------------------------------------- +Mon Jan 26 14:08:28 CET 2004 - hvogel@suse.de + +- reworked the log part of the conf file patch. + Enabled syslog as default log destination, clarify xferlog + settings. + +------------------------------------------------------------------- +Mon Jan 19 17:53:28 CET 2004 - mmj@suse.de + +- -D_LARGEFILE_SOURCE to get LFS support. Also make sure the + offset bits are set correct. + +------------------------------------------------------------------- +Fri Jan 16 13:31:12 CET 2004 - kukuk@suse.de + +- Add pam-devel to neededforbuild + +------------------------------------------------------------------- +Thu Nov 13 12:55:27 CET 2003 - mmj@suse.de + +- Update to 1.2.1 + +------------------------------------------------------------------- +Wed Oct 15 12:56:23 CEST 2003 - mmj@suse.de + +- Don't build as root + +------------------------------------------------------------------- +Mon Jul 28 15:55:40 CEST 2003 - mmj@suse.de + +- Add EXAMPLE/ and FAQ +- Don't strip explicitly + +------------------------------------------------------------------- +Fri May 30 12:48:45 CEST 2003 - mmj@suse.de + +- Update to vsftpd-1.2.0 including: + · IPv6 support, so drop our patch + · Many bugfixes and tunings + · Build fixes + +------------------------------------------------------------------- +Thu Mar 6 16:34:30 CET 2003 - mmj@suse.de + +- Fix the xinetd conf file [#24774] + +------------------------------------------------------------------- +Fri Feb 7 13:58:51 CET 2003 - kukuk@suse.de + +- Use pam_unix2.so instead of pam_unix.so + +------------------------------------------------------------------- +Fri Jan 24 12:12:52 CET 2003 - mmj@suse.de + +- Correct xinetd conffile + +------------------------------------------------------------------- +Tue Jan 14 13:54:58 CET 2003 - mmj@suse.de + +- Install xinetd.d/vsftpd + +------------------------------------------------------------------- +Sat Oct 26 10:51:03 CEST 2002 - mmj@suse.de + +- Use better configuration defaults, thanks henne. + +------------------------------------------------------------------- +Fri Oct 25 10:17:07 CEST 2002 - mmj@suse.de + +- Add $RPM_OPT_FLAGS to CFLAGS when building + +------------------------------------------------------------------- +Thu Oct 24 14:05:23 CEST 2002 - mmj@suse.de + +- Update to 1.1.2 including: + o Addition of per-IP connection limits in standalone mode. + o Add logging of refused connect due to global or IP connection limits. + o Make connection limit exceeded messages nonblocking. + o Don't exit the listener if fork fails. + +------------------------------------------------------------------- +Tue Oct 8 09:47:55 CEST 2002 - mmj@suse.de + +- Update to 1.1.1 + +------------------------------------------------------------------- +Fri Aug 2 12:32:43 CEST 2002 - mmj@suse.de + +- Update to 1.1.0 + +------------------------------------------------------------------- +Tue Jul 9 12:48:03 CEST 2002 - okir@suse.de + +- Added a patch to get rid of lots of warnings caused by -Wshadow +- Added a patch to implement IPv6 support + +------------------------------------------------------------------- +Tue Apr 30 14:27:53 CEST 2002 - mmj@suse.de + +- And now without detection of pam in /lib/libpam.so.0, which is + bogus. + +------------------------------------------------------------------- +Sun Feb 17 18:14:13 CET 2002 - mmj@suse.de + +- Added a patch to the vsftpd library detection function to make + it build with /usr/lib64. Fixes build on S/390. + +------------------------------------------------------------------- +Tue Feb 12 13:52:01 MET 2002 - mmj@suse.de + +- Remove Requires: ftpdir + +------------------------------------------------------------------- +Mon Feb 4 18:02:20 CET 2002 - choeger@suse.de + +- do not set e(x)ecute bit on textfiles + +------------------------------------------------------------------- +Fri Feb 1 14:33:13 CET 2002 - choeger@suse.de + +- declare config file as %config(noreplace) + +------------------------------------------------------------------- +Thu Jan 17 15:45:11 CET 2002 - mmj@suse.de + +- Update to version 1.0.1 + +------------------------------------------------------------------- +Fri Nov 30 16:25:35 CET 2001 - mmj@suse.de + +- Use /etc/pam.d/vsftpd + +------------------------------------------------------------------- +Tue Nov 13 13:30:42 CET 2001 - mmj@suse.de + +- Updated to version 1.0.0 + +------------------------------------------------------------------- +Mon Oct 22 15:57:40 CEST 2001 - mmj@suse.de + +- Initial package + +------------------------------------------------------------------- diff --git a/vsftpd.init b/vsftpd.init new file mode 100644 index 0000000..e895d34 --- /dev/null +++ b/vsftpd.init @@ -0,0 +1,106 @@ +#! /bin/sh +# Copyright (c) 1995-2005 SUSE Linux GmbH, Nuernberg, Germany. +# All rights reserved. +# +# Author: Mads Martin Joergensen +# +# /etc/init.d/vsftpd +# and its symbolic link +# /usr/sbin/rcvsftpd +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# +### BEGIN INIT INFO +# Provides: ftpd +# Required-Start: $syslog $remote_fs +# Required-Stop: $syslog $remote_fs +# Default-Start: 3 5 +# Default-Stop: 0 1 2 6 +# Short-Description: very secure ftp daemon +### END INIT INFO +# Note on runlevels: +# 0 - halt/poweroff 6 - reboot +# 1 - single user 2 - multiuser without network exported +# 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm) +# +# Note on script names: +# http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html +# A registry has been set up to manage the init script namespace. +# http://www.lanana.org/ +# Please use the names already registered or register one or use a +# vendor prefix. + +VSFTPD_BIN=/usr/sbin/vsftpd +test -x $VSFTPD_BIN || { echo "$VSFTPD_BIN not installed"; + if [ "$1" = "stop" ]; then exit 0; + else exit 5; fi; } + +. /etc/rc.status + +rc_reset + +case "$1" in + start) + echo -n "Starting vsftpd " + /sbin/startproc -l /var/log/rcvsftp.log $VSFTPD_BIN + rc_status -v + ;; + stop) + echo -n "Shutting down vsftpd " + /sbin/killproc -TERM $VSFTPD_BIN + rc_status -v + ;; + try-restart|condrestart) + ## Do a restart only if the service was active before. + ## Note: try-restart is now part of LSB (as of 1.9). + ## RH has a similar command named condrestart. + if test "$1" = "condrestart"; then + echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" + fi + $0 status + if test $? = 0; then + $0 restart + else + rc_reset # Not running is not a failure. + fi + + rc_status + ;; + restart) + $0 stop + $0 start + rc_status + ;; + force-reload) + echo -n "Reload service vsftpd " + /sbin/killproc -HUP $VSFTPD_BIN + rc_status -v + ;; + reload) + echo -n "Reload service vsftpd " + /sbin/killproc -HUP $VSFTPD_BIN + rc_status -v + ;; + status) + echo -n "Checking for service vsftpd " + /sbin/checkproc $VSFTPD_BIN + rc_status -v + ;; + *) + echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}" + exit 1 + ;; +esac +rc_exit diff --git a/vsftpd.logrotate b/vsftpd.logrotate new file mode 100644 index 0000000..323db6c --- /dev/null +++ b/vsftpd.logrotate @@ -0,0 +1,14 @@ +/var/log/vsftpd.log { + compress + dateext + maxage 365 + rotate 99 + size=+1024k + notifempty + missingok + create 600 root root + sharedscripts + postrotate + killall -HUP vsftpd + endscript +} diff --git a/vsftpd.pam b/vsftpd.pam new file mode 100644 index 0000000..1a8d92e --- /dev/null +++ b/vsftpd.pam @@ -0,0 +1,14 @@ +#%PAM-1.0 + +# Uncomment this to achieve what used to be ftpd -A. +# auth required pam_listfile.so item=user sense=allow file=/etc/ftpchroot onerr=fail + +auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed +# Uncomment the following line for anonymous ftp. +#auth sufficient pam_ftp.so +auth required pam_shells.so +auth include common-auth +account include common-account +password include common-password +session required pam_loginuid.so +session include common-session diff --git a/vsftpd.spec b/vsftpd.spec new file mode 100644 index 0000000..78e82b6 --- /dev/null +++ b/vsftpd.spec @@ -0,0 +1,373 @@ +# +# spec file for package vsftpd (Version 2.0.5) +# +# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. +# This file and all modifications and additions to the pristine +# package are under the same license as the package itself. +# +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + +# norootforbuild + +Name: vsftpd +BuildRequires: openssl-devel pam-devel +%if 0%{?suse_version} < 1001 +BuildRequires: libcap +%else +BuildRequires: libcap-devel +%endif +Version: 2.0.5 +Release: 33 +Summary: Very Secure FTP Daemon - Written from Scratch +License: GNU General Public License (GPL) +Group: Productivity/Networking/Ftp/Servers +URL: http://vsftpd.beasts.org +Source: %name-%version.tar.bz2 +Source1: %name.pam +Source2: %name.logrotate +Source3: %name.init +Source4: README.SUSE +Source5: %name.xml +Patch: %name-2.0.4-conf.diff +Patch1: %name-2.0.4-lib64.diff +Patch2: %name-2.0.4-nowarn.patch +Patch3: %name-2.0.4-xinetd.diff +Patch4: %name-2.0.4-enable-ssl.patch +Patch5: %name-2.0.4-dmapi.patch +Patch6: %name-%{version}-vuser.patch +Patch7: %name-%{version}-enable-debuginfo.patch +Patch8: %name-%{version}-utf8-log-names.patch +BuildRoot: %{_tmppath}/%{name}-%{version}-build +Provides: ftp-server +PreReq: %insserv_prereq + +%description +Vsftpd is an FTP server, or dæmon. The "vs" stands for Very Secure. +Obviously this is not a guarantee, but the entire codebase was written +with security in mind, and carefully designed to be resilient to +attack. + +Recent evidence suggests that vsftpd is also extremely fast (and this +is before any explicit performance tuning!). In tests against wu-ftpd, +vsftpd was always faster, supporting over twice as many users in some +tests. + + + +Authors: +-------- + Chris Evans + +%prep +%setup -q +%patch +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 +%patch5 +%patch6 +%patch7 +%patch8 -p1 + +%build +rm -f dummyinc/sys/capability.h +make CFLAGS="$RPM_OPT_FLAGS -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fPIE -fstack-protector" \ + LDFLAGS="-pie" LINK= + +%install +mkdir -p $RPM_BUILD_ROOT/usr/share/empty +cp %SOURCE4 . +install -D -m 755 %name $RPM_BUILD_ROOT/usr/sbin/%name +install -D -m 600 %name.conf $RPM_BUILD_ROOT/etc/%name.conf +install -D -m 600 xinetd.d/%name $RPM_BUILD_ROOT/etc/xinetd.d/%name +install -D -m 644 $RPM_SOURCE_DIR/%name.pam $RPM_BUILD_ROOT/etc/pam.d/%name +install -D -m 644 $RPM_SOURCE_DIR/%name.logrotate $RPM_BUILD_ROOT/etc/logrotate.d/%name +install -D -m 644 %name.conf.5 $RPM_BUILD_ROOT/%_mandir/man5/%name.conf.5 +install -D -m 644 %name.8 $RPM_BUILD_ROOT/%_mandir/man8/%name.8 +install -D -m 755 %SOURCE3 $RPM_BUILD_ROOT/etc/init.d/%name +ln -sf ../../etc/init.d/%name $RPM_BUILD_ROOT/%_prefix/sbin/rc%name +install -d $RPM_BUILD_ROOT/%_datadir/omc/svcinfo.d/ +install -D -m 644 %SOURCE5 $RPM_BUILD_ROOT/%_datadir/omc/svcinfo.d/ + +%preun +%stop_on_removal %name + +%postun +%insserv_cleanup +%restart_on_update %name + +%clean +rm -rf $RPM_BUILD_ROOT + +%files +%defattr(-,root,root) +%dir %_datadir/omc/ +%dir %_datadir/omc/svcinfo.d/ +/usr/sbin/%name +/usr/sbin/rc%name +/etc/init.d/%name +%_datadir/omc/svcinfo.d/vsftpd.xml +%dir /usr/share/empty +%config(noreplace) /etc/xinetd.d/%name +%config(noreplace) /etc/%name.conf +%config /etc/pam.d/%name +%config(noreplace) /etc/logrotate.d/%name +%_mandir/man5/%name.conf.* +%_mandir/man8/%name.* +%doc INSTALL BUGS AUDIT Changelog LICENSE README README.security +%doc REWARD SPEED TODO SECURITY TUNING SIZE FAQ EXAMPLE COPYING +%doc README.SUSE + +%changelog -n vsftpd +* Mon Jan 15 2007 - mskibbe@suse.de +- fix cryptic symbol in package - description +- build against libcap on suse < 10.1 +* Fri Jan 12 2007 - mskibbe@suse.de +- vsftp could not log any file name other then ascii (#229320) +* Thu Jan 11 2007 - mskibbe@suse.de +- change path to xml service document (fate #301713) +* Mon Jan 08 2007 - mskibbe@suse.de +- fix Bug #230220 - vsftp no debuginfo +* Mon Jan 08 2007 - mskibbe@suse.de +- xml document should readable to all (fate #301713) +* Wed Dec 06 2006 - mskibbe@suse.de +- add service xml document (fate #301713 ) +* Mon Oct 23 2006 - mskibbe@suse.de +- fix Bug 213894 - vsftpd and pam +* Mon Sep 04 2006 - kukuk@suse.de +- Include common PAM config files, add pam_loginuid.so +* Fri Jul 14 2006 - mskibbe@suse.de +- udpate to version 2.0.5 which + o IE should now show the login dialog again + o configurable login attempt limits and delays were added + o a bad intereaction with DMAPI filesystems was fixed and chained + certs should now work. +* Fri May 26 2006 - schwab@suse.de +- Don't strip binaries. +* Thu Apr 20 2006 - hvogel@suse.de +- revert the rename to vsftp for the xinetd config file. chkconfig + knows on for init and xinetd. So this wasnt a bug but a misusage + of chkconfig +* Thu Apr 20 2006 - hvogel@suse.de +- add support for DMAPI filesystems [#167632] +* Wed Apr 19 2006 - hvogel@suse.de +- rename xinetd config from vsftpd to vsftp to avoid name clashes + in chkconfig [#165745] +* Thu Feb 16 2006 - hvogel@suse.de +- enable ssl for real [#151453] +* Mon Feb 06 2006 - hvogel@suse.de +- The switch to standalone should not happen in update. + Installed xinetd config file again. The configuration file is + marked as noreplace anyway so if you are updating you will + get a xinetd.d/vsftpd.rpmnew and a vsftpd.conf.rpmnew + and everything is working as before and standalone is only used + for new installations. [#148201] +- redirect standalone parent output to /var/log/rcvsftp.log + so the init script can return properly. +* Wed Jan 25 2006 - mls@suse.de +- converted neededforbuild to BuildRequires +* Fri Jan 13 2006 - hvogel@suse.de +- Make use of Stack Protector +- fix some uninitialized variables +* Wed Jan 11 2006 - hvogel@suse.de +- Update to version 2.0.4 including: + o Add explicit "This FTP server does not allow anonymous logins" + message. + o Add paranoid checks to sysutil.c for large values / lengths. + o Load per-IP config files earlier; allows more settings to be + tuned on a per-IP level. + o regex fix so that {*} correctly matches everything. + o Add optional file locking support via lock_upload_files. + o Apply LDFLAGS patch from Mads Martin Joergensen . + o Add pasv_addr_resolve option to allow pasv_address to get + DNS resolved once at startup. + o Apply patch to fix timezone issues (caused by chroot() + interacting badly with newer glibc versions). +* Wed Sep 28 2005 - mmj@suse.de +- Add init script, and make it standalone +* Sun Sep 18 2005 - kukuk@suse.de +- Add libcap-devel to nfb +* Tue Aug 09 2005 - mmj@suse.de +- Document that /etc/xinet.d/vsftpd is for xinetd conf [#102953] +* Mon Aug 08 2005 - uli@suse.de +- build with -fPIE, not -fpie (fixes s390x) +* Mon Jun 27 2005 - ro@suse.de +- use libcap +* Fri Jun 17 2005 - mmj@suse.de +- Compile with -fpie, link with -pie +* Tue Apr 19 2005 - mmj@suse.de +- Update to 2.0.3 including: + o Document what regex expressions are supported in the man page. + o New settings rsa_private_key_file and dsa_private_key_file to + allow separate files for the certificates and private keys. + o Initial, simple fix for timed out processes not exiting when + SSL is in use. Better fix (which reports timeout to client + properly) to follow. + o Add which setsockopt option failed to die("setsockopt") calls. + o Fix error with IPv4 connections to IPv6 listeners and PORT + type data connections when connect_from_port_20 is set. + o Remove vsf_sysutil_sockaddr_same_family (unused). + o Support protocol 1 (IPv4) in EPRT. + o Add ssl.c to AUDIT. + o Allow config file to use "ssl_ciphers=" to use default + OpenSSL cipher list. + o Allow "EPSV 1" to mean IPv4 EPSV. + o Report dummy IP but correct port with IPv6 / PASV. + o Handle SSL_WANT_READ and SSL_WANT_WRITE retries in SSL_read + and SSL_write; fixes SSL upload failures when data timeouts are + in use with some clients. + o Implicitly disable connect_from_port_20 and chown_uploads + when a non-root user is using run_as_launching_user. + o Add force_anon_logins_ssl and force_anon_data_ssl for a fully + SSL secure anonymous oonly solution (useful when you don't + have root access and a range of acceptable anonymous + passwords as credentials). + o Use SSL BIO callbacks to fix data connection timeout checks; + the checks weren't all occurring promply. +* Thu Mar 03 2005 - mmj@suse.de +- Update to 2.0.2 including: + o Emit data transfer status messages (success / failure) + after flushing and waiting for the full data transfer to + reach the client. This should help work around buggy FTP + clients such as FlashFXP, which is known to truncate files + incorrectly. + o Make str_empty actually allocate an empty string. + o Change the ASCII receive code to ONLY rip out \r if it is + just before a \n; someone finally complained about this. + o Enable AIX Large File Support + o Add a couple of FAQ entries. + o Fix time delta code areas to cope with negative deltas, + which will occur if the clock is adjusted backwards. + o Fix "errno" checks to be robust in multiple places; + previously, calls to failing library calls could be made + inbetween the original library call and the "errno" reads. + o Make bandwidth limiter work with SSL data connections. + o Note that the SSL / bandwidth limiter bug fixed a much more + serious bug: SSL data connection dropouts after + data_connection_timeout seconds. +* Fri Feb 18 2005 - mmj@suse.de +- Glibc doesn't cache the timezone as much as it used to, so export + the TZ variable after doing chroot. [#49878] +* Thu Aug 12 2004 - mmj@suse.de +- Update to 2.0.1 including: + o Add -lcrypto for the SSL build; needed for some systems + o Oops; fix session bale out if an empty length password is given. + o Fix build on Fedora Core 2 (-lcap cannot seem to find /lib/libcap.so). + o Fix vsftpd.conf.5 man page error in "ssl_sslv3" + o Clarify licensing: I allow linking of my GPL software with the OpenSSL + libraries. + o Fix build where PAM build is enabled but PAM headers are missing. +* Fri Jul 02 2004 - mmj@suse.de +- Update to 2.0.0 including: + o Improve logging (log deletes, renames, chmods, etc. as + requested by users). + o Add no_log_lock to work around Solaris / Veritas locking + hangs. + o Add EPRT, EPSV, PASV and TVFS to FEAT response. + o Implement use of MDTM to set timestamps. + o Recognize FEAT prior to login. + o Add OpenSSL (AUTH TLS / SSL) support for encrypted control + and data connections. + o Increase max size of .message files to 4000 characters + o Add easy builddefs.h ability to disable PAM builds even when + PAM is installed. + o Report vsftpd version in STAT output. + o Add REFS file. + o Change parent<->child socket comms from DGRAM to STREAM for + increased reliability. The main benefit is should the parent + be killed (or crash out) then the child won't block on a + read() that will never return. + o Make str_reserve reserve space for the trailing zero as well, + so we don't cause a reallocation if we exactly fill the buffer. + o Optimize the sending of strings over the parent<->child comms links. + o Improve the build system so tcp_wrappers, PAM and OpenSSL can + be forcibly compiled out. + o Fix vsftpd.conf.5 typos + o If trans_chunk_size is between 1 and 4096, use 4096 rather + than ignoring totally. + o Add SSL / TLS info to SECURITY texts. + o Add README.ssl + o Add documentation for new SSL options to vsftpd.conf.5. + o Add support for CWD ~ + o Fix compile warnings. +* Sun May 30 2004 - mmj@suse.de +- Add logrotate file [#41432] +* Tue Apr 27 2004 - mmj@suse.de +- Update to 1.2.2 including: + o Fix nasty issue resulting in listener instability under + extreme load (root cause was re-entering malloc/free). + o Fix build with modern glibc-2.3 and no libcap on Linux. + o Add initial support for running as the user which launched + vsftpd, i.e. no root needed. Warning - easy to create + insecurity if you use this without knowing what you are + doing. + o For above run-as-launching-user support: make CDUP re-use CWD + code so that deny_file of *..* is useful. +* Mon Jan 26 2004 - hvogel@suse.de +- reworked the log part of the conf file patch. + Enabled syslog as default log destination, clarify xferlog + settings. +* Mon Jan 19 2004 - mmj@suse.de +- -D_LARGEFILE_SOURCE to get LFS support. Also make sure the + offset bits are set correct. +* Fri Jan 16 2004 - kukuk@suse.de +- Add pam-devel to neededforbuild +* Thu Nov 13 2003 - mmj@suse.de +- Update to 1.2.1 +* Wed Oct 15 2003 - mmj@suse.de +- Don't build as root +* Mon Jul 28 2003 - mmj@suse.de +- Add EXAMPLE/ and FAQ +- Don't strip explicitly +* Fri May 30 2003 - mmj@suse.de +- Update to vsftpd-1.2.0 including: + · IPv6 support, so drop our patch + · Many bugfixes and tunings + · Build fixes +* Thu Mar 06 2003 - mmj@suse.de +- Fix the xinetd conf file [#24774] +* Fri Feb 07 2003 - kukuk@suse.de +- Use pam_unix2.so instead of pam_unix.so +* Fri Jan 24 2003 - mmj@suse.de +- Correct xinetd conffile +* Tue Jan 14 2003 - mmj@suse.de +- Install xinetd.d/vsftpd +* Sat Oct 26 2002 - mmj@suse.de +- Use better configuration defaults, thanks henne. +* Fri Oct 25 2002 - mmj@suse.de +- Add $RPM_OPT_FLAGS to CFLAGS when building +* Thu Oct 24 2002 - mmj@suse.de +- Update to 1.1.2 including: + o Addition of per-IP connection limits in standalone mode. + o Add logging of refused connect due to global or IP connection limits. + o Make connection limit exceeded messages nonblocking. + o Don't exit the listener if fork fails. +* Tue Oct 08 2002 - mmj@suse.de +- Update to 1.1.1 +* Fri Aug 02 2002 - mmj@suse.de +- Update to 1.1.0 +* Tue Jul 09 2002 - okir@suse.de +- Added a patch to get rid of lots of warnings caused by -Wshadow +- Added a patch to implement IPv6 support +* Tue Apr 30 2002 - mmj@suse.de +- And now without detection of pam in /lib/libpam.so.0, which is + bogus. +* Sun Feb 17 2002 - mmj@suse.de +- Added a patch to the vsftpd library detection function to make + it build with /usr/lib64. Fixes build on S/390. +* Tue Feb 12 2002 - mmj@suse.de +- Remove Requires: ftpdir +* Mon Feb 04 2002 - choeger@suse.de +- do not set e(x)ecute bit on textfiles +* Fri Feb 01 2002 - choeger@suse.de +- declare config file as %%config(noreplace) +* Thu Jan 17 2002 - mmj@suse.de +- Update to version 1.0.1 +* Fri Nov 30 2001 - mmj@suse.de +- Use /etc/pam.d/vsftpd +* Tue Nov 13 2001 - mmj@suse.de +- Updated to version 1.0.0 +* Mon Oct 22 2001 - mmj@suse.de +- Initial package diff --git a/vsftpd.xml b/vsftpd.xml new file mode 100644 index 0000000..ce71171 --- /dev/null +++ b/vsftpd.xml @@ -0,0 +1,89 @@ + + + + + + + vsftpd Server + + + + vsftpd Server + + + + + /usr/sbin/rcvsftpd start + + + /usr/sbin/rcvsftpd restart + + + /usr/sbin/rcvsftpd stop + + + /usr/sbin/rcvsftpd status + + + + vsftpd + /usr/sbin/vsftpd + + + + + + syslog + + + +