Accepting request 113215 from network

- update to upstream 3.0.0:
  * Make listen mode the default.
  * Fix missing "const" in ssl.c
  * Add seccompsandbox.c to support a seccomp filter sandbox; works against
    Ubuntu 12.04 ABI.
  * Rearrange ftppolicy.c a bit so the syscall list is easily comparable with
    seccompsandbox.c
  * Rename deprecated "sandbox" to "ptrace_sandbox".
  * Add a few more state checks to the privileged helper processes.
  * Add tunable "seccomp_sandbox", default on.
  * Use hardened build flags.
  * Retry creating a PASV socket upon port reuse race between bind() and
    listen(), patch from Ralph Wuerthner <ralph.wuerthner@de.ibm.com>.
  * Don't die() if recv() indicates a closed remote connection. Problem report
    on a Windows client from Herbert van den Bergh,
    <herbert.van.den.bergh@oracle.com>.
  * Add new config setting "allow_writeable_chroot" to help people in a bit of
    a spot with the v2.3.5 defensive change. Only applies to non-anonymous.
  * Remove a couple of fixed things from BUGS.
  * strlen() trunction fix -- no particular impact.
  * Apply some tidyups from mmoufid@yorku.ca.
  * Fix delete_failed_uploads if there is a timeout. Report from Alejandro
    Hernández Hdez <aalejandrohdez@gmail.com>.
  * Fix other data channel bugs such as failure to log failure upon timeout.
  * Use exit codes a bit more consistently.
  * Fix bad interaction between SSL and trans_chunk_size.
  * Redo data timeout to fire properly for SSL sessions.
  * Redo idle timeout to fire properly for SSL sessions.
  * Make sure PROT_EXEC isn't allowed, thanks to Will Drewry for noticing.
  * Use 10 minutes as a max linger time just in case an alarm gets lost.

OBS-URL: https://build.opensuse.org/request/show/113215
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/vsftpd?expand=0&rev=29

README.SUSE

@@ -1,10 +1,7 @@
-Starting with 10.1 vsftpd can be configured standalone
-or over the xinetd superdeamon. Default is standalone.
-
-If you want to run it over xinetd make sure the you enable
-the service in the xinetd configuration (/etc/xinetd.d/vsftp)
-and set the following line in /etc/vsftpd.conf
+vsftpd-3.0.0 made the listen mode default. In order to maintain backward
+compatibility, default /etc/vsftpd.conf in SUSE contains
 
 listen=NO
+listen_ipv6=YES
 
-This is needed for vsftpd to over xinetd.
+so no changes for xinetd (/etc/xinetd.d/vsftp) are needed by default.

vsftpd-2.0.4-dmapi.patch

@@ -1,6 +1,8 @@
---- postlogin.c.orig
-+++ postlogin.c
-@@ -1036,6 +1036,11 @@ handle_upload_common(struct vsf_session*
+Index: postlogin.c
+===================================================================
+--- postlogin.c.orig	2012-04-10 16:09:50.440384915 +0200
++++ postlogin.c	2012-04-10 16:10:01.193753389 +0200
+@@ -1053,6 +1053,11 @@
      {
        do_truncate = 1;
      }

vsftpd-2.0.4-lib64.diff

@@ -1,18 +1,20 @@
---- vsf_findlibs.sh.orig
-+++ vsf_findlibs.sh
-@@ -14,6 +14,7 @@ fi
+Index: vsf_findlibs.sh
+===================================================================
+--- vsf_findlibs.sh.orig	2012-04-10 16:09:50.571389404 +0200
++++ vsf_findlibs.sh	2012-04-10 16:09:53.709496934 +0200
+@@ -14,6 +14,7 @@
  # crypt library.
  if find_func pam_start sysdeputil.o; then
    locate_library /lib/libpam.so.0 && echo "/lib/libpam.so.0";
 +  locate_library /lib64/libpam.so.0 && echo "/lib64/libpam.so.0";
    locate_library /usr/lib/libpam.so && echo "-lpam";
    locate_library /usr/lib64/libpam.so && echo "-lpam";
-   # HP-UX ends shared libraries with .sl
-@@ -22,6 +23,7 @@ if find_func pam_start sysdeputil.o; the
+   locate_library /lib/x86_64-linux-gnu/libpam.so.0 && echo "-lpam";
+@@ -23,6 +24,7 @@
    locate_library /usr/lib/libpam.a && echo "-lpam";
  else
    locate_library /lib/libcrypt.so && echo "-lcrypt";
 +  locate_library /lib64/libcrypt.so && echo "-lcrypt";
    locate_library /usr/lib/libcrypt.so && echo "-lcrypt";
    locate_library /usr/lib64/libcrypt.so && echo "-lcrypt";
- fi
+   locate_library /lib/x86_64-linux-gnu/libcrypt.so && echo "-lcrypt";

vsftpd-2.0.5-enable-debuginfo.patch

@@ -1,11 +1,21 @@
---- Makefile.orig
-+++ Makefile
-@@ -6,7 +6,7 @@ IFLAGS  = -idirafter dummyinc
- CFLAGS	=	-O2 -Wall -W -Wshadow #-pedantic -Werror -Wconversion
+Index: Makefile
+===================================================================
+--- Makefile.orig	2012-04-03 09:21:18.000000000 +0200
++++ Makefile	2012-04-10 16:10:53.545547162 +0200
+@@ -9,7 +9,6 @@
+ 	#-pedantic -Wconversion
  
  LIBS	=	`./vsf_findlibs.sh`
 -LINK	=	-Wl,-s
-+#LINK	=	-Wl,-s
+ LDFLAGS	=	-fPIE -pie -Wl,-z,relro -Wl,-z,now
  
  OBJS	=	main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o \
- 		tunables.o ftpdataio.o secbuf.o ls.o \
+@@ -26,7 +25,7 @@
+ 	$(CC) -c $*.c $(CFLAGS) $(IFLAGS)
+ 
+ vsftpd: $(OBJS) 
+-	$(CC) -o vsftpd $(OBJS) $(LINK) $(LDFLAGS) $(LIBS)
++	$(CC) -o vsftpd $(OBJS) $(LDFLAGS) $(LIBS)
+ 
+ install:
+ 	if [ -x /usr/local/sbin ]; then \

vsftpd-2.0.5-utf8-log-names.patch

@@ -1,6 +1,8 @@
---- str.c.orig
-+++ str.c
-@@ -27,6 +27,24 @@ static int str_equal_internal(const char
+Index: str.c
+===================================================================
+--- str.c.orig	2012-03-28 17:25:40.000000000 +0200
++++ str.c	2012-04-10 16:10:59.965767345 +0200
+@@ -27,6 +27,24 @@
                                const char* p_buf2, unsigned int buf2_len);
  
  /* Private functions */
@@ -25,7 +27,7 @@
  static void
  s_setbuf(struct mystr* p_str, char* p_newbuf)
  {
-@@ -158,6 +176,45 @@ str_reserve(struct mystr* p_str, unsigne
+@@ -181,6 +199,45 @@
    p_str->p_buf[res_len - 1] = '\0';
  }
  
@@ -71,7 +73,7 @@
  int
  str_isempty(const struct mystr* p_str)
  {
-@@ -671,11 +728,13 @@ void
+@@ -702,11 +759,13 @@
  str_replace_unprintable(struct mystr* p_str, char new_char)
  {
    unsigned int i;
@@ -89,9 +91,11 @@
      }
    }
  }
---- str.h.orig
-+++ str.h
-@@ -36,6 +36,7 @@ void str_free(struct mystr* p_str);
+Index: str.h
+===================================================================
+--- str.h.orig	2008-12-17 06:53:23.000000000 +0100
++++ str.h	2012-04-10 16:10:59.965767345 +0200
+@@ -36,6 +36,7 @@
  void str_trunc(struct mystr* p_str, unsigned int trunc_len);
  void str_reserve(struct mystr* p_str, unsigned int res_len);
  

vsftpd-2.3.5-conf.patch

@@ -1,7 +1,7 @@
 Index: vsftpd.conf
 ===================================================================
---- vsftpd.conf.orig	2011-12-17 18:24:40.000000000 +0000
-+++ vsftpd.conf	2011-12-23 17:16:43.000000000 +0000
+--- vsftpd.conf.orig	2011-12-17 19:24:40.000000000 +0100
++++ vsftpd.conf	2012-04-11 10:19:06.192238657 +0200
 @@ -4,23 +4,89 @@
  # loosens things up a bit, to make the ftp daemon more usable.
  # Please see vsftpd.conf.5 for all compiled in defaults.
@@ -98,7 +98,7 @@ Index: vsftpd.conf
  # Uncomment this to allow the anonymous FTP user to upload files. This only
  # has an effect if the above global write enable is activated. Also, you will
  # obviously need to create a directory writable by the FTP user.
-@@ -30,15 +96,9 @@ anonymous_enable=YES
+@@ -30,15 +96,9 @@
  # new directories.
  #anon_mkdir_write_enable=YES
  #
@@ -117,7 +117,7 @@ Index: vsftpd.conf
  #
  # If you want, you can arrange for uploaded anonymous files to be owned by
  # a different user. Note! Using "root" for uploaded files is not
-@@ -46,24 +106,51 @@ connect_from_port_20=YES
+@@ -46,24 +106,51 @@
  #chown_uploads=YES
  #chown_username=whoever
  #
@@ -174,7 +174,7 @@ Index: vsftpd.conf
  # Enable this and the server will recognise asynchronous ABOR requests. Not
  # recommended for security (the code is non-trivial). Not enabling it,
  # however, may confuse older FTP clients.
-@@ -77,41 +164,29 @@ connect_from_port_20=YES
+@@ -77,41 +164,29 @@
  # predicted this attack and has always been safe, reporting the size of the
  # raw file.
  # ASCII mangling is a horrible feature of the protocol.
@@ -217,7 +217,7 @@ Index: vsftpd.conf
  # listens on IPv4 sockets. This directive cannot be used in conjunction
  # with the listen_ipv6 directive.
 -listen=YES
-+#listen=YES
++listen=NO
  #
  # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
  # sockets, you must run two copies of vsftpd with two configuration files.

vsftpd-2.3.5.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d87ee2987df8f03e1dbe294905f7907b2798deb89c67ca965f6e2f60879e54f1
-size 187691

vsftpd-3.0.0-turn-seccomp-sandbox-off.patch

@@ -0,0 +1,13 @@
+Index: vsftpd-3.0.0/tunables.c
+===================================================================
+--- vsftpd-3.0.0.orig/tunables.c	2012-04-05 00:29:50.000000000 +0200
++++ vsftpd-3.0.0/tunables.c	2012-04-11 13:50:39.538712522 +0200
+@@ -226,7 +226,7 @@
+   tunable_isolate_network = 1;
+   tunable_ftp_enable = 1;
+   tunable_http_enable = 0;
+-  tunable_seccomp_sandbox = 1;
++  tunable_seccomp_sandbox = 0;
+   tunable_allow_writeable_chroot = 0;
+ 
+   tunable_accept_timeout = 60;

vsftpd-3.0.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ef70205dcd0c7f03b008b9578fb44c0cbe31e66daab8cfafb9904747c17fc2a8
+size 193166

vsftpd.changes

@@ -1,3 +1,54 @@
+-------------------------------------------------------------------
+Tue Apr 10 14:13:12 UTC 2012 - mvyskocil@suse.cz
+
+- update to upstream 3.0.0:
+  * Make listen mode the default.
+  * Fix missing "const" in ssl.c
+  * Add seccompsandbox.c to support a seccomp filter sandbox; works against
+    Ubuntu 12.04 ABI.
+  * Rearrange ftppolicy.c a bit so the syscall list is easily comparable with
+    seccompsandbox.c
+  * Rename deprecated "sandbox" to "ptrace_sandbox".
+  * Add a few more state checks to the privileged helper processes.
+  * Add tunable "seccomp_sandbox", default on.
+  * Use hardened build flags.
+  * Retry creating a PASV socket upon port reuse race between bind() and
+    listen(), patch from Ralph Wuerthner <ralph.wuerthner@de.ibm.com>.
+  * Don't die() if recv() indicates a closed remote connection. Problem report
+    on a Windows client from Herbert van den Bergh,
+    <herbert.van.den.bergh@oracle.com>.
+  * Add new config setting "allow_writeable_chroot" to help people in a bit of
+    a spot with the v2.3.5 defensive change. Only applies to non-anonymous.
+  * Remove a couple of fixed things from BUGS.
+  * strlen() trunction fix -- no particular impact.
+  * Apply some tidyups from mmoufid@yorku.ca.
+  * Fix delete_failed_uploads if there is a timeout. Report from Alejandro
+    Hernández Hdez <aalejandrohdez@gmail.com>.
+  * Fix other data channel bugs such as failure to log failure upon timeout.
+  * Use exit codes a bit more consistently.
+  * Fix bad interaction between SSL and trans_chunk_size.
+  * Redo data timeout to fire properly for SSL sessions.
+  * Redo idle timeout to fire properly for SSL sessions.
+  * Make sure PROT_EXEC isn't allowed, thanks to Will Drewry for noticing.
+  * Use 10 minutes as a max linger time just in case an alarm gets lost.
+  * Change PR_SET_NO_NEW_PRIVS define, from Kees Cook.
+  * Add AES128-SHA to default SSL cipher suites for FileZilla compatibility.
+    Unfortunately the default vsftpd SSL confiuration still doesn't fully work with
+    FileZilla, because FileZilla has a data connection security problem: no client
+    certificate presentation and no session reuse. At least the error message is
+    now very clear.
+  * Add restart_syscall to seccomp policy. Triggers reliably if you strace whilst
+    a data transfer is in progress.
+  * Fix delete_failed_uploads for anonymous sessions.
+  * Don't listen for urgent data if the control connection is SSL, due to possible
+    protocol synchronization issues.
+- SUSE specific changes:
+  * turn off the listen mode (listen=NO) by default and change README.SUSE
+  * merge new hardended flags for build and linking
+  * fix the wrong Type=forking from systemd service file
+  * turn off the seccomp_sandbox off by default as SUSE kernel does not support
+    it (yet)
+
 -------------------------------------------------------------------
 Tue Feb 21 10:51:51 UTC 2012 - mvyskocil@suse.cz
 

vsftpd.service

@@ -3,7 +3,6 @@ Description=Vsftpd ftp daemon
 After=network.target
 
 [Service]
-Type=forking
 ExecStart=/usr/sbin/vsftpd /etc/vsftpd.conf
 
 [Install]

vsftpd.spec

@@ -27,7 +27,7 @@ BuildRequires:  libcap-devel
 %if 0%{?suse_version} > 1140
 BuildRequires:  systemd
 %endif
-Version:        2.3.5
+Version:        3.0.0
 Release:        0
 Summary:        Very Secure FTP Daemon - Written from Scratch
 License:        GPL-2.0+
@@ -49,6 +49,9 @@ Patch6:         vsftpd-2.0.5-vuser.patch
 Patch7:         vsftpd-2.0.5-enable-debuginfo.patch
 Patch8:         vsftpd-2.0.5-utf8-log-names.patch
 Patch9:         vsftpd-2.3.5-conf.patch
+#PATCH-FIX-OPENSUSE: turn the seccomp_sanbox feature off by default
+# revert it when seccomp feature will be in suse/vanilla kernel
+Patch10:        vsftpd-3.0.0-turn-seccomp-sandbox-off.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Provides:       ftp-server
 PreReq:         %insserv_prereq /usr/sbin/useradd
@@ -76,11 +79,12 @@ tests.
 %patch7
 %patch8
 %patch9
+%patch10 -p1
 
 %build
 rm -f dummyinc/sys/capability.h
-make CFLAGS="$RPM_OPT_FLAGS -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fPIE -fstack-protector" \
-     LDFLAGS="-pie" LINK=
+make CFLAGS="$RPM_OPT_FLAGS -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fPIE -fstack-protector --param=ssp-buffer-size=4" \
+     LDFLAGS="-fPIE -pie -Wl,-z,relro -Wl,-z,now" LINK=
 
 %install
 mkdir -p $RPM_BUILD_ROOT/usr/share/empty