From cf83fc9250e71b33c9b6fedaaec044e347fc85be132ae1d67ab3eacb70397174 Mon Sep 17 00:00:00 2001 From: Michal Vyskocil Date: Wed, 11 Apr 2012 12:03:42 +0000 Subject: [PATCH] =?UTF-8?q?-=20update=20to=20upstream=203.0.0:=20=20=20*?= =?UTF-8?q?=20Make=20listen=20mode=20the=20default.=20=20=20*=20Fix=20miss?= =?UTF-8?q?ing=20"const"=20in=20ssl.c=20=20=20*=20Add=20seccompsandbox.c?= =?UTF-8?q?=20to=20support=20a=20seccomp=20filter=20sandbox;=20works=20aga?= =?UTF-8?q?inst=20=20=20=20=20Ubuntu=2012.04=20ABI.=20=20=20*=20Rearrange?= =?UTF-8?q?=20ftppolicy.c=20a=20bit=20so=20the=20syscall=20list=20is=20eas?= =?UTF-8?q?ily=20comparable=20with=20=20=20=20=20seccompsandbox.c=20=20=20?= =?UTF-8?q?*=20Rename=20deprecated=20"sandbox"=20to=20"ptrace=5Fsandbox".?= =?UTF-8?q?=20=20=20*=20Add=20a=20few=20more=20state=20checks=20to=20the?= =?UTF-8?q?=20privileged=20helper=20processes.=20=20=20*=20Add=20tunable?= =?UTF-8?q?=20"seccomp=5Fsandbox",=20default=20on.=20=20=20*=20Use=20harde?= =?UTF-8?q?ned=20build=20flags.=20=20=20*=20Retry=20creating=20a=20PASV=20?= =?UTF-8?q?socket=20upon=20port=20reuse=20race=20between=20bind()=20and=20?= =?UTF-8?q?=20=20=20=20listen(),=20patch=20from=20Ralph=20Wuerthner=20.=20=20=20*=20Don't=20die()=20if=20recv?= =?UTF-8?q?()=20indicates=20a=20closed=20remote=20connection.=20Problem=20?= =?UTF-8?q?report=20=20=20=20=20on=20a=20Windows=20client=20from=20Herbert?= =?UTF-8?q?=20van=20den=20Bergh,=20=20=20=20=20.=20=20=20*=20Add=20new=20config=20setting=20"allow=5Fwr?= =?UTF-8?q?iteable=5Fchroot"=20to=20help=20people=20in=20a=20bit=20of=20?= =?UTF-8?q?=20=20=20=20a=20spot=20with=20the=20v2.3.5=20defensive=20change?= =?UTF-8?q?.=20Only=20applies=20to=20non-anonymous.=20=20=20*=20Remove=20a?= =?UTF-8?q?=20couple=20of=20fixed=20things=20from=20BUGS.=20=20=20*=20strl?= =?UTF-8?q?en()=20trunction=20fix=20--=20no=20particular=20impact.=20=20?= =?UTF-8?q?=20*=20Apply=20some=20tidyups=20from=20mmoufid@yorku.ca.=20=20?= =?UTF-8?q?=20*=20Fix=20delete=5Ffailed=5Fuploads=20if=20there=20is=20a=20?= =?UTF-8?q?timeout.=20Report=20from=20Alejandro=20=20=20=20=20Hern=C3=A1nd?= =?UTF-8?q?ez=20Hdez=20.=20=20=20*=20Fix=20other?= =?UTF-8?q?=20data=20channel=20bugs=20such=20as=20failure=20to=20log=20fai?= =?UTF-8?q?lure=20upon=20timeout.=20=20=20*=20Use=20exit=20codes=20a=20bit?= =?UTF-8?q?=20more=20consistently.=20=20=20*=20Fix=20bad=20interaction=20b?= =?UTF-8?q?etween=20SSL=20and=20trans=5Fchunk=5Fsize.=20=20=20*=20Redo=20d?= =?UTF-8?q?ata=20timeout=20to=20fire=20properly=20for=20SSL=20sessions.=20?= =?UTF-8?q?=20=20*=20Redo=20idle=20timeout=20to=20fire=20properly=20for=20?= =?UTF-8?q?SSL=20sessions.=20=20=20*=20Make=20sure=20PROT=5FEXEC=20isn't?= =?UTF-8?q?=20allowed,=20thanks=20to=20Will=20Drewry=20for=20noticing.=20?= =?UTF-8?q?=20=20*=20Use=2010=20minutes=20as=20a=20max=20linger=20time=20j?= =?UTF-8?q?ust=20in=20case=20an=20alarm=20gets=20lost.=20=20=20*=20Change?= =?UTF-8?q?=20PR=5FSET=5FNO=5FNEW=5FPRIVS=20define,=20from=20Kees=20Cook.?= =?UTF-8?q?=20=20=20*=20Add=20AES128-SHA=20to=20default=20SSL=20cipher=20s?= =?UTF-8?q?uites=20for=20FileZilla=20compatibility.=20=20=20=20=20Unfortun?= =?UTF-8?q?ately=20the=20default=20vsftpd=20SSL=20confiuration=20still=20d?= =?UTF-8?q?oesn't=20fully=20work=20with=20=20=20=20=20FileZilla,=20because?= =?UTF-8?q?=20FileZilla=20has=20a=20data=20connection=20security=20problem?= =?UTF-8?q?:=20no=20client=20=20=20=20=20certificate=20presentation=20and?= =?UTF-8?q?=20no=20session=20reuse.=20At=20least=20the=20error=20message?= =?UTF-8?q?=20is=20=20=20=20=20now=20very=20clear.=20=20=20*=20Add=20resta?= =?UTF-8?q?rt=5Fsyscall=20to=20seccomp=20policy.=20Triggers=20reliably=20i?= =?UTF-8?q?f=20you=20strace=20whilst=20=20=20=20=20a=20data=20transfer=20i?= =?UTF-8?q?s=20in=20progress.=20=20=20*=20Fix=20delete=5Ffailed=5Fuploads?= =?UTF-8?q?=20for=20anonymous=20sessions.=20=20=20*=20Don't=20listen=20for?= =?UTF-8?q?=20urgent=20data=20if=20the=20control=20connection=20is=20SSL,?= =?UTF-8?q?=20due=20to=20possible=20=20=20=20=20protocol=20synchronization?= =?UTF-8?q?=20issues.=20-=20SUSE=20specific=20changes:=20=20=20*=20turn=20?= =?UTF-8?q?off=20the=20listen=20mode=20(listen=3DNO)=20by=20default=20and?= =?UTF-8?q?=20change=20README.SUSE=20=20=20*=20merge=20new=20hardended=20f?= =?UTF-8?q?lags=20for=20build=20and=20linking=20=20=20*=20fix=20the=20wron?= =?UTF-8?q?g=20Type=3Dforking=20from=20systemd=20service=20file=20=20=20*?= =?UTF-8?q?=20turn=20off=20the=20seccomp=5Fsandbox=20off=20by=20default=20?= =?UTF-8?q?as=20SUSE=20kernel=20does=20not=20support=20=20=20=20=20it=20(y?= =?UTF-8?q?et)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OBS-URL: https://build.opensuse.org/package/show/network/vsftpd?expand=0&rev=38 --- README.SUSE | 11 ++--- vsftpd-2.0.4-dmapi.patch | 8 ++-- vsftpd-2.0.4-lib64.diff | 14 +++--- vsftpd-2.0.5-enable-debuginfo.patch | 22 ++++++--- vsftpd-2.0.5-utf8-log-names.patch | 20 ++++---- vsftpd-2.3.5-conf.patch | 12 ++--- vsftpd-2.3.5.tar.gz | 3 -- vsftpd-3.0.0-turn-seccomp-sandbox-off.patch | 13 ++++++ vsftpd-3.0.0.tar.gz | 3 ++ vsftpd.changes | 51 +++++++++++++++++++++ vsftpd.service | 1 - vsftpd.spec | 10 ++-- 12 files changed, 125 insertions(+), 43 deletions(-) delete mode 100644 vsftpd-2.3.5.tar.gz create mode 100644 vsftpd-3.0.0-turn-seccomp-sandbox-off.patch create mode 100644 vsftpd-3.0.0.tar.gz diff --git a/README.SUSE b/README.SUSE index 692ec64..ad7cfaf 100644 --- a/README.SUSE +++ b/README.SUSE @@ -1,10 +1,7 @@ -Starting with 10.1 vsftpd can be configured standalone -or over the xinetd superdeamon. Default is standalone. - -If you want to run it over xinetd make sure the you enable -the service in the xinetd configuration (/etc/xinetd.d/vsftp) -and set the following line in /etc/vsftpd.conf +vsftpd-3.0.0 made the listen mode default. In order to maintain backward +compatibility, default /etc/vsftpd.conf in SUSE contains listen=NO +listen_ipv6=YES -This is needed for vsftpd to over xinetd. +so no changes for xinetd (/etc/xinetd.d/vsftp) are needed by default. diff --git a/vsftpd-2.0.4-dmapi.patch b/vsftpd-2.0.4-dmapi.patch index 9c0e8db..4f9cf86 100644 --- a/vsftpd-2.0.4-dmapi.patch +++ b/vsftpd-2.0.4-dmapi.patch @@ -1,6 +1,8 @@ ---- postlogin.c.orig -+++ postlogin.c -@@ -1036,6 +1036,11 @@ handle_upload_common(struct vsf_session* +Index: postlogin.c +=================================================================== +--- postlogin.c.orig 2012-04-10 16:09:50.440384915 +0200 ++++ postlogin.c 2012-04-10 16:10:01.193753389 +0200 +@@ -1053,6 +1053,11 @@ { do_truncate = 1; } diff --git a/vsftpd-2.0.4-lib64.diff b/vsftpd-2.0.4-lib64.diff index f5203fb..0a57fec 100644 --- a/vsftpd-2.0.4-lib64.diff +++ b/vsftpd-2.0.4-lib64.diff @@ -1,18 +1,20 @@ ---- vsf_findlibs.sh.orig -+++ vsf_findlibs.sh -@@ -14,6 +14,7 @@ fi +Index: vsf_findlibs.sh +=================================================================== +--- vsf_findlibs.sh.orig 2012-04-10 16:09:50.571389404 +0200 ++++ vsf_findlibs.sh 2012-04-10 16:09:53.709496934 +0200 +@@ -14,6 +14,7 @@ # crypt library. if find_func pam_start sysdeputil.o; then locate_library /lib/libpam.so.0 && echo "/lib/libpam.so.0"; + locate_library /lib64/libpam.so.0 && echo "/lib64/libpam.so.0"; locate_library /usr/lib/libpam.so && echo "-lpam"; locate_library /usr/lib64/libpam.so && echo "-lpam"; - # HP-UX ends shared libraries with .sl -@@ -22,6 +23,7 @@ if find_func pam_start sysdeputil.o; the + locate_library /lib/x86_64-linux-gnu/libpam.so.0 && echo "-lpam"; +@@ -23,6 +24,7 @@ locate_library /usr/lib/libpam.a && echo "-lpam"; else locate_library /lib/libcrypt.so && echo "-lcrypt"; + locate_library /lib64/libcrypt.so && echo "-lcrypt"; locate_library /usr/lib/libcrypt.so && echo "-lcrypt"; locate_library /usr/lib64/libcrypt.so && echo "-lcrypt"; - fi + locate_library /lib/x86_64-linux-gnu/libcrypt.so && echo "-lcrypt"; diff --git a/vsftpd-2.0.5-enable-debuginfo.patch b/vsftpd-2.0.5-enable-debuginfo.patch index e5929e0..89b7d7f 100644 --- a/vsftpd-2.0.5-enable-debuginfo.patch +++ b/vsftpd-2.0.5-enable-debuginfo.patch @@ -1,11 +1,21 @@ ---- Makefile.orig -+++ Makefile -@@ -6,7 +6,7 @@ IFLAGS = -idirafter dummyinc - CFLAGS = -O2 -Wall -W -Wshadow #-pedantic -Werror -Wconversion +Index: Makefile +=================================================================== +--- Makefile.orig 2012-04-03 09:21:18.000000000 +0200 ++++ Makefile 2012-04-10 16:10:53.545547162 +0200 +@@ -9,7 +9,6 @@ + #-pedantic -Wconversion LIBS = `./vsf_findlibs.sh` -LINK = -Wl,-s -+#LINK = -Wl,-s + LDFLAGS = -fPIE -pie -Wl,-z,relro -Wl,-z,now OBJS = main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o \ - tunables.o ftpdataio.o secbuf.o ls.o \ +@@ -26,7 +25,7 @@ + $(CC) -c $*.c $(CFLAGS) $(IFLAGS) + + vsftpd: $(OBJS) +- $(CC) -o vsftpd $(OBJS) $(LINK) $(LDFLAGS) $(LIBS) ++ $(CC) -o vsftpd $(OBJS) $(LDFLAGS) $(LIBS) + + install: + if [ -x /usr/local/sbin ]; then \ diff --git a/vsftpd-2.0.5-utf8-log-names.patch b/vsftpd-2.0.5-utf8-log-names.patch index 8a0be09..cc6e549 100644 --- a/vsftpd-2.0.5-utf8-log-names.patch +++ b/vsftpd-2.0.5-utf8-log-names.patch @@ -1,6 +1,8 @@ ---- str.c.orig -+++ str.c -@@ -27,6 +27,24 @@ static int str_equal_internal(const char +Index: str.c +=================================================================== +--- str.c.orig 2012-03-28 17:25:40.000000000 +0200 ++++ str.c 2012-04-10 16:10:59.965767345 +0200 +@@ -27,6 +27,24 @@ const char* p_buf2, unsigned int buf2_len); /* Private functions */ @@ -25,7 +27,7 @@ static void s_setbuf(struct mystr* p_str, char* p_newbuf) { -@@ -158,6 +176,45 @@ str_reserve(struct mystr* p_str, unsigne +@@ -181,6 +199,45 @@ p_str->p_buf[res_len - 1] = '\0'; } @@ -71,7 +73,7 @@ int str_isempty(const struct mystr* p_str) { -@@ -671,11 +728,13 @@ void +@@ -702,11 +759,13 @@ str_replace_unprintable(struct mystr* p_str, char new_char) { unsigned int i; @@ -89,9 +91,11 @@ } } } ---- str.h.orig -+++ str.h -@@ -36,6 +36,7 @@ void str_free(struct mystr* p_str); +Index: str.h +=================================================================== +--- str.h.orig 2008-12-17 06:53:23.000000000 +0100 ++++ str.h 2012-04-10 16:10:59.965767345 +0200 +@@ -36,6 +36,7 @@ void str_trunc(struct mystr* p_str, unsigned int trunc_len); void str_reserve(struct mystr* p_str, unsigned int res_len); diff --git a/vsftpd-2.3.5-conf.patch b/vsftpd-2.3.5-conf.patch index 453f2f8..880af54 100644 --- a/vsftpd-2.3.5-conf.patch +++ b/vsftpd-2.3.5-conf.patch @@ -1,7 +1,7 @@ Index: vsftpd.conf =================================================================== ---- vsftpd.conf.orig 2011-12-17 18:24:40.000000000 +0000 -+++ vsftpd.conf 2011-12-23 17:16:43.000000000 +0000 +--- vsftpd.conf.orig 2011-12-17 19:24:40.000000000 +0100 ++++ vsftpd.conf 2012-04-11 10:19:06.192238657 +0200 @@ -4,23 +4,89 @@ # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. @@ -98,7 +98,7 @@ Index: vsftpd.conf # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. -@@ -30,15 +96,9 @@ anonymous_enable=YES +@@ -30,15 +96,9 @@ # new directories. #anon_mkdir_write_enable=YES # @@ -117,7 +117,7 @@ Index: vsftpd.conf # # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using "root" for uploaded files is not -@@ -46,24 +106,51 @@ connect_from_port_20=YES +@@ -46,24 +106,51 @@ #chown_uploads=YES #chown_username=whoever # @@ -174,7 +174,7 @@ Index: vsftpd.conf # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. -@@ -77,41 +164,29 @@ connect_from_port_20=YES +@@ -77,41 +164,29 @@ # predicted this attack and has always been safe, reporting the size of the # raw file. # ASCII mangling is a horrible feature of the protocol. @@ -217,7 +217,7 @@ Index: vsftpd.conf # listens on IPv4 sockets. This directive cannot be used in conjunction # with the listen_ipv6 directive. -listen=YES -+#listen=YES ++listen=NO # # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6 # sockets, you must run two copies of vsftpd with two configuration files. diff --git a/vsftpd-2.3.5.tar.gz b/vsftpd-2.3.5.tar.gz deleted file mode 100644 index 9b1c6e8..0000000 --- a/vsftpd-2.3.5.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d87ee2987df8f03e1dbe294905f7907b2798deb89c67ca965f6e2f60879e54f1 -size 187691 diff --git a/vsftpd-3.0.0-turn-seccomp-sandbox-off.patch b/vsftpd-3.0.0-turn-seccomp-sandbox-off.patch new file mode 100644 index 0000000..e9b9bb9 --- /dev/null +++ b/vsftpd-3.0.0-turn-seccomp-sandbox-off.patch @@ -0,0 +1,13 @@ +Index: vsftpd-3.0.0/tunables.c +=================================================================== +--- vsftpd-3.0.0.orig/tunables.c 2012-04-05 00:29:50.000000000 +0200 ++++ vsftpd-3.0.0/tunables.c 2012-04-11 13:50:39.538712522 +0200 +@@ -226,7 +226,7 @@ + tunable_isolate_network = 1; + tunable_ftp_enable = 1; + tunable_http_enable = 0; +- tunable_seccomp_sandbox = 1; ++ tunable_seccomp_sandbox = 0; + tunable_allow_writeable_chroot = 0; + + tunable_accept_timeout = 60; diff --git a/vsftpd-3.0.0.tar.gz b/vsftpd-3.0.0.tar.gz new file mode 100644 index 0000000..3a5b878 --- /dev/null +++ b/vsftpd-3.0.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ef70205dcd0c7f03b008b9578fb44c0cbe31e66daab8cfafb9904747c17fc2a8 +size 193166 diff --git a/vsftpd.changes b/vsftpd.changes index ba6a623..a273bfb 100644 --- a/vsftpd.changes +++ b/vsftpd.changes @@ -1,3 +1,54 @@ +------------------------------------------------------------------- +Tue Apr 10 14:13:12 UTC 2012 - mvyskocil@suse.cz + +- update to upstream 3.0.0: + * Make listen mode the default. + * Fix missing "const" in ssl.c + * Add seccompsandbox.c to support a seccomp filter sandbox; works against + Ubuntu 12.04 ABI. + * Rearrange ftppolicy.c a bit so the syscall list is easily comparable with + seccompsandbox.c + * Rename deprecated "sandbox" to "ptrace_sandbox". + * Add a few more state checks to the privileged helper processes. + * Add tunable "seccomp_sandbox", default on. + * Use hardened build flags. + * Retry creating a PASV socket upon port reuse race between bind() and + listen(), patch from Ralph Wuerthner . + * Don't die() if recv() indicates a closed remote connection. Problem report + on a Windows client from Herbert van den Bergh, + . + * Add new config setting "allow_writeable_chroot" to help people in a bit of + a spot with the v2.3.5 defensive change. Only applies to non-anonymous. + * Remove a couple of fixed things from BUGS. + * strlen() trunction fix -- no particular impact. + * Apply some tidyups from mmoufid@yorku.ca. + * Fix delete_failed_uploads if there is a timeout. Report from Alejandro + Hernández Hdez . + * Fix other data channel bugs such as failure to log failure upon timeout. + * Use exit codes a bit more consistently. + * Fix bad interaction between SSL and trans_chunk_size. + * Redo data timeout to fire properly for SSL sessions. + * Redo idle timeout to fire properly for SSL sessions. + * Make sure PROT_EXEC isn't allowed, thanks to Will Drewry for noticing. + * Use 10 minutes as a max linger time just in case an alarm gets lost. + * Change PR_SET_NO_NEW_PRIVS define, from Kees Cook. + * Add AES128-SHA to default SSL cipher suites for FileZilla compatibility. + Unfortunately the default vsftpd SSL confiuration still doesn't fully work with + FileZilla, because FileZilla has a data connection security problem: no client + certificate presentation and no session reuse. At least the error message is + now very clear. + * Add restart_syscall to seccomp policy. Triggers reliably if you strace whilst + a data transfer is in progress. + * Fix delete_failed_uploads for anonymous sessions. + * Don't listen for urgent data if the control connection is SSL, due to possible + protocol synchronization issues. +- SUSE specific changes: + * turn off the listen mode (listen=NO) by default and change README.SUSE + * merge new hardended flags for build and linking + * fix the wrong Type=forking from systemd service file + * turn off the seccomp_sandbox off by default as SUSE kernel does not support + it (yet) + ------------------------------------------------------------------- Tue Feb 21 10:51:51 UTC 2012 - mvyskocil@suse.cz diff --git a/vsftpd.service b/vsftpd.service index 070459f..2e6ec0f 100644 --- a/vsftpd.service +++ b/vsftpd.service @@ -3,7 +3,6 @@ Description=Vsftpd ftp daemon After=network.target [Service] -Type=forking ExecStart=/usr/sbin/vsftpd /etc/vsftpd.conf [Install] diff --git a/vsftpd.spec b/vsftpd.spec index f70e18a..e9bfecb 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -27,7 +27,7 @@ BuildRequires: libcap-devel %if 0%{?suse_version} > 1140 BuildRequires: systemd %endif -Version: 2.3.5 +Version: 3.0.0 Release: 0 Summary: Very Secure FTP Daemon - Written from Scratch License: GPL-2.0+ @@ -49,6 +49,9 @@ Patch6: vsftpd-2.0.5-vuser.patch Patch7: vsftpd-2.0.5-enable-debuginfo.patch Patch8: vsftpd-2.0.5-utf8-log-names.patch Patch9: vsftpd-2.3.5-conf.patch +#PATCH-FIX-OPENSUSE: turn the seccomp_sanbox feature off by default +# revert it when seccomp feature will be in suse/vanilla kernel +Patch10: vsftpd-3.0.0-turn-seccomp-sandbox-off.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Provides: ftp-server PreReq: %insserv_prereq /usr/sbin/useradd @@ -76,11 +79,12 @@ tests. %patch7 %patch8 %patch9 +%patch10 -p1 %build rm -f dummyinc/sys/capability.h -make CFLAGS="$RPM_OPT_FLAGS -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fPIE -fstack-protector" \ - LDFLAGS="-pie" LINK= +make CFLAGS="$RPM_OPT_FLAGS -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fPIE -fstack-protector --param=ssp-buffer-size=4" \ + LDFLAGS="-fPIE -pie -Wl,-z,relro -Wl,-z,now" LINK= %install mkdir -p $RPM_BUILD_ROOT/usr/share/empty