From 04364bf0b8f17530e49ab67bee3da331b026eee5b2da3384f717efdbd6c61b88 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= <tchvatal@suse.com>
Date: Mon, 21 Mar 2016 12:54:56 +0000
Subject: [PATCH 1/5] - Fix bnc#970982 hanging on pam_exec in pam.d   * Add
 patch vsftpd-3.0.2-wnohang.patch

OBS-URL: https://build.opensuse.org/package/show/network/vsftpd?expand=0&rev=96
---
 vsftpd-3.0.2-wnohang.patch | 59 ++++++++++++++++++++++++++++++++++++++
 vsftpd.changes             |  6 ++++
 vsftpd.spec                |  3 ++
 3 files changed, 68 insertions(+)
 create mode 100644 vsftpd-3.0.2-wnohang.patch

diff --git a/vsftpd-3.0.2-wnohang.patch b/vsftpd-3.0.2-wnohang.patch
new file mode 100644
index 0000000..d3af04f
--- /dev/null
+++ b/vsftpd-3.0.2-wnohang.patch
@@ -0,0 +1,59 @@
+--- vsftpd-3.0.2/sysutil.c.wnohang	2015-08-03 07:35:33.619620425 +0200
++++ vsftpd-3.0.2/sysutil.c	2015-08-03 07:35:33.626620480 +0200
+@@ -608,13 +608,13 @@ vsf_sysutil_exit(int exit_code)
+ }
+ 
+ struct vsf_sysutil_wait_retval
+-vsf_sysutil_wait(void)
++vsf_sysutil_wait(int hang)
+ {
+   struct vsf_sysutil_wait_retval retval;
+   vsf_sysutil_memclr(&retval, sizeof(retval));
+   while (1)
+   {
+-    int sys_ret = wait(&retval.exit_status);
++    int sys_ret = waitpid(-1, &retval.exit_status, hang ? 0 : WNOHANG);
+     if (sys_ret < 0 && errno == EINTR)
+     {
+       vsf_sysutil_check_pending_actions(kVSFSysUtilUnknown, 0, 0);
+--- vsftpd-3.0.2/sysutil.h.wnohang	2015-08-03 07:35:33.610620354 +0200
++++ vsftpd-3.0.2/sysutil.h	2015-08-03 07:35:33.626620480 +0200
+@@ -176,7 +176,7 @@ struct vsf_sysutil_wait_retval
+   int PRIVATE_HANDS_OFF_syscall_retval;
+   int PRIVATE_HANDS_OFF_exit_status;
+ };
+-struct vsf_sysutil_wait_retval vsf_sysutil_wait(void);
++struct vsf_sysutil_wait_retval vsf_sysutil_wait(int hang);
+ int vsf_sysutil_wait_reap_one(void);
+ int vsf_sysutil_wait_get_retval(
+   const struct vsf_sysutil_wait_retval* p_waitret);
+--- vsftpd-3.0.2/twoprocess.c.wnohang	2012-09-16 09:15:49.000000000 +0200
++++ vsftpd-3.0.2/twoprocess.c	2015-08-03 07:35:33.626620480 +0200
+@@ -47,8 +47,17 @@ static void
+ handle_sigchld(void* duff)
+ {
+ 
+-  struct vsf_sysutil_wait_retval wait_retval = vsf_sysutil_wait();
++  struct vsf_sysutil_wait_retval wait_retval = vsf_sysutil_wait(0);
+   (void) duff;
++  if (!vsf_sysutil_wait_get_exitcode(&wait_retval) &&
++      !vsf_sysutil_wait_get_retval(&wait_retval))
++    /* There was nobody to wait for, possibly caused by underlying library
++     * which created a new process through fork()/vfork() and already picked
++     * it up, e.g. by pam_exec.so or integrity check routines for libraries
++     * when FIPS mode is on (nss freebl), which can lead to calling prelink
++     * if the prelink package is installed.
++     */
++    return;
+   /* Child died, so we'll do the same! Report it as an error unless the child
+    * exited normally with zero exit code
+    */
+@@ -390,7 +399,7 @@ common_do_login(struct vsf_session* p_se
+   priv_sock_send_result(p_sess->parent_fd, PRIV_SOCK_RESULT_OK);
+   if (!p_sess->control_use_ssl)
+   {
+-    (void) vsf_sysutil_wait();
++    (void) vsf_sysutil_wait(1);
+   }
+   else
+   {
diff --git a/vsftpd.changes b/vsftpd.changes
index dcec9c8..1755e51 100644
--- a/vsftpd.changes
+++ b/vsftpd.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Mar 21 12:53:59 UTC 2016 - tchvatal@suse.com
+
+- Fix bnc#970982 hanging on pam_exec in pam.d
+  * Add patch vsftpd-3.0.2-wnohang.patch
+
 -------------------------------------------------------------------
 Thu Mar 10 18:15:03 UTC 2016 - jcejka@suse.com
 
diff --git a/vsftpd.spec b/vsftpd.spec
index ce59dd0..1e4c1b2 100644
--- a/vsftpd.spec
+++ b/vsftpd.spec
@@ -68,6 +68,8 @@ Patch20:        vsftpd-2.2.0-wildchar.patch
 Patch21:        vsftpd-2.3.4-sqb.patch
 Patch22:        vsftpd-path-normalize.patch
 Patch23:        vsftpd-ls-memleak.patch
+#PATCH-FIX-UPSTREAM: bnc#970982
+Patch24:        vsftpd-3.0.2-wnohang.patch
 BuildRequires:  libcap-devel
 BuildRequires:  openssl-devel
 BuildRequires:  pam-devel
@@ -116,6 +118,7 @@ tests.
 %patch21 -p1
 %patch22 -p1
 %patch23 -p1
+%patch24 -p1
 
 %build
 %define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP

From 74d07aeab61a0f675f65dbb2a782017f73719fc01e4c2c20c71d18959ee1abf8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= <tchvatal@suse.com>
Date: Tue, 22 Mar 2016 14:29:23 +0000
Subject: [PATCH 2/5] OBS-URL:
 https://build.opensuse.org/package/show/network/vsftpd?expand=0&rev=97

---
 vsftpd.changes | 6 ++++++
 vsftpd.spec    | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/vsftpd.changes b/vsftpd.changes
index 1755e51..8142a20 100644
--- a/vsftpd.changes
+++ b/vsftpd.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Mar 22 14:27:27 UTC 2016 - tchvatal@suse.com
+
+- Fix user creation to not report error when user alredy exist
+  Spotted during testing of bnc#971784
+
 -------------------------------------------------------------------
 Mon Mar 21 12:53:59 UTC 2016 - tchvatal@suse.com
 
diff --git a/vsftpd.spec b/vsftpd.spec
index 1e4c1b2..68e5dae 100644
--- a/vsftpd.spec
+++ b/vsftpd.spec
@@ -151,7 +151,7 @@ install -d %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/
 install -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
 
 %pre
-%{_sbindir}/useradd -r -g nogroup -s /bin/false -c "Secure FTP User" -d %{_localstatedir}/lib/empty ftpsecure 2> /dev/null || :
+getent passwd ftpsecure >/dev/null || useradd -r -g nogroup -s /bin/false -c "Secure FTP User" -d %{_localstatedir}/lib/empty ftpsecure 2> /dev/null
 %if %{with_systemd}
 %service_add_pre %{name}.service %{name}@.service %{name}.socket
 %endif

From 5378e1f66ec9031bbe477b3738e75826295f306576088a6e4959628010ad4809 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= <tchvatal@suse.com>
Date: Tue, 22 Mar 2016 14:58:51 +0000
Subject: [PATCH 3/5] bnc#972169

OBS-URL: https://build.opensuse.org/package/show/network/vsftpd?expand=0&rev=98
---
 vsftpd.changes | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vsftpd.changes b/vsftpd.changes
index 8142a20..d5f6c5a 100644
--- a/vsftpd.changes
+++ b/vsftpd.changes
@@ -2,7 +2,7 @@
 Tue Mar 22 14:27:27 UTC 2016 - tchvatal@suse.com
 
 - Fix user creation to not report error when user alredy exist
-  Spotted during testing of bnc#971784
+  bnc#972169
 
 -------------------------------------------------------------------
 Mon Mar 21 12:53:59 UTC 2016 - tchvatal@suse.com

From 88812d6821bc2d82da304232ddc1b631d025c6e7b7346b46ac21c86329f529f1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= <tchvatal@suse.com>
Date: Wed, 23 Mar 2016 10:08:13 +0000
Subject: [PATCH 4/5] - Require shadow and do not output the error out of
 useradd

OBS-URL: https://build.opensuse.org/package/show/network/vsftpd?expand=0&rev=99
---
 vsftpd.changes | 5 +++++
 vsftpd.spec    | 4 ++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/vsftpd.changes b/vsftpd.changes
index d5f6c5a..dd87e43 100644
--- a/vsftpd.changes
+++ b/vsftpd.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Wed Mar 23 10:07:55 UTC 2016 - tchvatal@suse.com
+
+- Require shadow and do not output the error out of useradd
+
 -------------------------------------------------------------------
 Tue Mar 22 14:27:27 UTC 2016 - tchvatal@suse.com
 
diff --git a/vsftpd.spec b/vsftpd.spec
index 68e5dae..b91fc26 100644
--- a/vsftpd.spec
+++ b/vsftpd.spec
@@ -74,7 +74,7 @@ BuildRequires:  libcap-devel
 BuildRequires:  openssl-devel
 BuildRequires:  pam-devel
 Requires:       logrotate
-Requires(pre):  %{_sbindir}/useradd
+Requires(pre):  shadow
 Provides:       ftp-server
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %if %{with_systemd}
@@ -151,7 +151,7 @@ install -d %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/
 install -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
 
 %pre
-getent passwd ftpsecure >/dev/null || useradd -r -g nogroup -s /bin/false -c "Secure FTP User" -d %{_localstatedir}/lib/empty ftpsecure 2> /dev/null
+getent passwd ftpsecure >/dev/null || useradd -r -g nogroup -s /bin/false -c "Secure FTP User" -d %{_localstatedir}/lib/empty
 %if %{with_systemd}
 %service_add_pre %{name}.service %{name}@.service %{name}.socket
 %endif

From cb9d86623b9bf14a643370c07ba703987b8b0da3275ccc5fa2a9cb272430e107 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= <tchvatal@suse.com>
Date: Mon, 28 Mar 2016 19:50:09 +0000
Subject: [PATCH 5/5] OBS-URL:
 https://build.opensuse.org/package/show/network/vsftpd?expand=0&rev=100

---
 vsftpd.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vsftpd.spec b/vsftpd.spec
index b91fc26..c82a7ef 100644
--- a/vsftpd.spec
+++ b/vsftpd.spec
@@ -151,7 +151,7 @@ install -d %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/
 install -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
 
 %pre
-getent passwd ftpsecure >/dev/null || useradd -r -g nogroup -s /bin/false -c "Secure FTP User" -d %{_localstatedir}/lib/empty
+getent passwd ftpsecure >/dev/null || useradd -r -g nogroup -s /bin/false -c "Secure FTP User" -d %{_localstatedir}/lib/empty ftpsecure
 %if %{with_systemd}
 %service_add_pre %{name}.service %{name}@.service %{name}.socket
 %endif