diff --git a/vsftpd-path-normalize.patch b/vsftpd-path-normalize.patch new file mode 100644 index 0000000..855d66c --- /dev/null +++ b/vsftpd-path-normalize.patch @@ -0,0 +1,93 @@ +Index: vsftpd-3.0.2/ls.c +=================================================================== +--- vsftpd-3.0.2.orig/ls.c ++++ vsftpd-3.0.2/ls.c +@@ -121,7 +121,10 @@ vsf_ls_populate_dir_list(struct mystr_li + if (!str_isempty(p_filter_str)) + { + unsigned int iters = 0; +- if (!vsf_filename_passes_filter(&s_next_filename_str, p_filter_str, ++ struct mystr normalize_filename_str; ++ str_copy(&normalize_filename_str, &s_next_filename_str); ++ str_normalize_filepath(&normalize_filename_str); ++ if (!vsf_filename_passes_filter(&normalize_filename_str, p_filter_str, + &iters)) + { + continue; +Index: vsftpd-3.0.2/str.c +=================================================================== +--- vsftpd-3.0.2.orig/str.c ++++ vsftpd-3.0.2/str.c +@@ -16,6 +16,12 @@ + #define PRIVATE_HANDS_OFF_alloc_bytes alloc_bytes + #include "str.h" + ++/* normalize filepath */ ++#include ++#include ++#include ++#include ++ + /* Ick. Its for die() */ + #include "utility.h" + #include "sysutil.h" +@@ -781,3 +787,47 @@ str_basename (struct mystr* d_str, const + if (str_isempty(d_str)) + str_copy (d_str, path); + } ++ ++void ++str_normalize_filepath(struct mystr* filepath) ++{ ++ char *path; ++ char *normdir; ++ char *dir; ++ char *filename; ++ static struct mystr tmp; ++ ++ /* normalize filepath */ ++ path = str_strdup(filepath); ++ char *ch1 = strdup(path); ++ char *ch2 = strdup(path); ++ /* we split dir/file as realpath /home/REGEXP is NULL so we need dir ++ * dir only to function correctly, later on we need to glue back the ++ * file if there is some ++ */ ++ dir = dirname(ch1); ++ filename = basename(ch2); ++ normdir = realpath(dir, NULL); ++ if (normdir == NULL) ++ { ++ goto out; ++ } ++ str_alloc_text(&tmp, normdir); ++ unsigned int len = str_getlen(&tmp); ++ if (str_get_char_at(&tmp, len - 1) != '/') ++ { ++ str_append_char(&tmp, '/'); ++ } ++ /* / is special it ends in both dirname and basename so ignore it here */ ++ if (strcmp(filename, "/") != 0) ++ { ++ str_append_text(&tmp, filename); ++ } ++ str_copy(filepath, &tmp); ++out: ++ free(normdir); ++ free(path); ++ free(ch1); ++ free(ch2); ++ str_free(&tmp); ++} +Index: vsftpd-3.0.2/str.h +=================================================================== +--- vsftpd-3.0.2.orig/str.h ++++ vsftpd-3.0.2/str.h +@@ -102,6 +102,7 @@ int str_atoi(const struct mystr* p_str); + filesize_t str_a_to_filesize_t(const struct mystr* p_str); + unsigned int str_octal_to_uint(const struct mystr* p_str); + void str_basename (struct mystr* d_str, const struct mystr* path); ++void str_normalize_filepath(struct mystr* filepath); + + /* PURPOSE: Extract a line of text (delimited by \n or EOF) from a string + * buffer, starting at character position 'p_pos'. The extracted line will diff --git a/vsftpd.changes b/vsftpd.changes index 5d6dcaa..d9bb242 100644 --- a/vsftpd.changes +++ b/vsftpd.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Mar 23 20:13:51 UTC 2015 - tchvatal@suse.com + +- Add back patch attempting to fix bnc#900326 bnc#915522 and + bnc#922538: + * vsftpd-path-normalize.patch + ------------------------------------------------------------------- Mon Mar 23 20:08:19 UTC 2015 - tchvatal@suse.com diff --git a/vsftpd.spec b/vsftpd.spec index d73975e..8114bee 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -58,10 +58,11 @@ Patch16: vsftpd-root-squashed-chroot.patch Patch17: vsftpd-enable-gettimeofday-sec.patch #PATCH-FIX-UPSTREAM: bnc#890469 fix broken syscall on s390 Patch18: vsftpd-3.0.2-s390.patch -#PATCH-FIX-UPSTREAM: bnc#900326 deny_file filtering acts weirdly +#PATCH-FIX-UPSTREAM: bnc#900326 deny_file filtering acts weirdly (19-22) Patch19: vsftpd-2.1.0-filter.patch Patch20: vsftpd-2.2.0-wildchar.patch Patch21: vsftpd-2.3.4-sqb.patch +Patch22: vsftpd-path-normalize.patch BuildRequires: libcap-devel BuildRequires: openssl-devel BuildRequires: pam-devel @@ -105,6 +106,7 @@ tests. %patch19 -p1 %patch20 -p1 %patch21 -p1 +%patch22 -p1 %build %define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP