SHA256
1
0
forked from pool/vsftpd

Accepting request 235383 from network

- Cleanup with spec-cleaner
- Remove conditions about init files as we do not build for < 12.1
  anyway.
- Update the README.SUSE file to describe more the listen option.

- Add socket service for vsftpd to avoid the need for xinetd here.

- Add comment about listen variables for xinetd configuration.
  Fixes bnc#872221.
- Add default configuration as arg to xinetd started vsftpd.
- Updated patch:
  * vsftpd-2.0.4-xinetd.diff

OBS-URL: https://build.opensuse.org/request/show/235383
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/vsftpd?expand=0&rev=43
This commit is contained in:
Stephan Kulow 2014-05-27 10:03:19 +00:00 committed by Git OBS Bridge
commit fa0b1f8c7e
7 changed files with 101 additions and 198 deletions

View File

@ -4,4 +4,9 @@ compatibility, default /etc/vsftpd.conf in SUSE contains
listen=NO listen=NO
listen_ipv6=YES listen_ipv6=YES
so no changes for xinetd (/etc/xinetd.d/vsftp) are needed by default. if you plan to use xinetd (/etc/xinetd.d/vsftp) you don't need to change
anything by default, but if you have ipv6 available you have to set
listen_ipv6=NO too in order for xinetd to work.
Alternatively you can also use systemd socket service that listens on
port 21 and starts the server like xinetd would. This service does
not require you to change ANY variable in the /etc/vsftpd.conf.

View File

@ -1,6 +1,7 @@
--- xinetd.d/vsftpd.orig diff -urN vsftpd-3.0.2.old/xinetd.d/vsftpd vsftpd-3.0.2/xinetd.d/vsftpd
+++ xinetd.d/vsftpd --- vsftpd-3.0.2.old/xinetd.d/vsftpd 2014-05-26 14:38:40.717042497 +0200
@@ -1,18 +1,23 @@ +++ vsftpd-3.0.2/xinetd.d/vsftpd 2014-05-26 14:41:23.753049249 +0200
@@ -1,18 +1,26 @@
-# default: on -# default: on
+# default: off +# default: off
# description: # description:
@ -10,6 +11,9 @@
+# +#
+# NOTE: This file contains the configuration for xinetd to start vsftpd. +# NOTE: This file contains the configuration for xinetd to start vsftpd.
+# the configuration file for vsftp itself is in /etc/vsftpd.conf +# the configuration file for vsftp itself is in /etc/vsftpd.conf
+#
+# NOTE: Remember to set both listen and listen_ipv6 to NO in /etc/vsftpd.conf
+# in order to have working xinetd connection.
+# +#
service ftp service ftp
{ {
@ -24,7 +28,7 @@
- nice = 10 - nice = 10
- disable = no - disable = no
+ server = /usr/sbin/vsftpd + server = /usr/sbin/vsftpd
+# server_args = + server_args = /etc/vsftpd.conf
+# log_on_success += DURATION USERID +# log_on_success += DURATION USERID
+# log_on_failure += USERID +# log_on_failure += USERID
+# nice = 10 +# nice = 10

View File

@ -1,3 +1,25 @@
-------------------------------------------------------------------
Mon May 26 13:13:44 UTC 2014 - tchvatal@suse.com
- Cleanup with spec-cleaner
- Remove conditions about init files as we do not build for < 12.1
anyway.
- Update the README.SUSE file to describe more the listen option.
-------------------------------------------------------------------
Mon May 26 12:52:56 UTC 2014 - tchvatal@suse.com
- Add socket service for vsftpd to avoid the need for xinetd here.
-------------------------------------------------------------------
Mon May 26 12:42:21 UTC 2014 - tchvatal@suse.com
- Add comment about listen variables for xinetd configuration.
Fixes bnc#872221.
- Add default configuration as arg to xinetd started vsftpd.
- Updated patch:
* vsftpd-2.0.4-xinetd.diff
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Apr 10 12:56:03 UTC 2014 - tchvatal@suse.com Thu Apr 10 12:56:03 UTC 2014 - tchvatal@suse.com

View File

@ -1,107 +0,0 @@
#! /bin/sh
# Copyright (c) 1995-2005 SUSE Linux GmbH, Nuernberg, Germany.
# All rights reserved.
#
# Author: Mads Martin Joergensen
#
# /etc/init.d/vsftpd
# and its symbolic link
# /usr/sbin/rcvsftpd
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
### BEGIN INIT INFO
# Provides: ftpd
# Required-Start: $local_fs $remote_fs $syslog network-remotefs
# Required-Stop: $local_fs $remote_fs $syslog network-remotefs
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Description: very secure ftp daemon
# Short-Description: very secure ftp daemon
### END INIT INFO
# Note on runlevels:
# 0 - halt/poweroff 6 - reboot
# 1 - single user 2 - multiuser without network exported
# 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm)
#
# Note on script names:
# http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html
# A registry has been set up to manage the init script namespace.
# http://www.lanana.org/
# Please use the names already registered or register one or use a
# vendor prefix.
VSFTPD_BIN=/usr/sbin/vsftpd
test -x $VSFTPD_BIN || { echo "$VSFTPD_BIN not installed";
if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi; }
. /etc/rc.status
rc_reset
case "$1" in
start)
echo -n "Starting vsftpd "
/sbin/startproc -l /var/log/rcvsftp.log $VSFTPD_BIN
rc_status -v
;;
stop)
echo -n "Shutting down vsftpd "
/sbin/killproc -TERM $VSFTPD_BIN
rc_status -v
;;
try-restart|condrestart)
## Do a restart only if the service was active before.
## Note: try-restart is now part of LSB (as of 1.9).
## RH has a similar command named condrestart.
if test "$1" = "condrestart"; then
echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
fi
$0 status
if test $? = 0; then
$0 restart
else
rc_reset # Not running is not a failure.
fi
rc_status
;;
restart)
$0 stop
$0 start
rc_status
;;
force-reload)
echo -n "Reload service vsftpd "
/sbin/killproc -HUP $VSFTPD_BIN
rc_status -v
;;
reload)
echo -n "Reload service vsftpd "
/sbin/killproc -HUP $VSFTPD_BIN
rc_status -v
;;
status)
echo -n "Checking for service vsftpd "
/sbin/checkproc $VSFTPD_BIN
rc_status -v
;;
*)
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}"
exit 1
;;
esac
rc_exit

9
vsftpd.socket Normal file
View File

@ -0,0 +1,9 @@
[Unit]
Conflicts=vsftpd.service
[Socket]
ListenStream=21
Accept=yes
[Install]
WantedBy=sockets.target

View File

@ -16,19 +16,7 @@
# #
%global with_sysvinit 0
%if 0%{?suse_version} < 1310
%global with_sysvinit 1
%endif
Name: vsftpd Name: vsftpd
BuildRequires: gpg-offline
BuildRequires: libcap-devel
BuildRequires: openssl-devel
BuildRequires: pam-devel
%if 0%{?suse_version} > 1140
BuildRequires: systemd
%endif
Version: 3.0.2 Version: 3.0.2
Release: 0 Release: 0
Summary: Very Secure FTP Daemon - Written from Scratch Summary: Very Secure FTP Daemon - Written from Scratch
@ -36,14 +24,15 @@ License: SUSE-GPL-2.0-with-openssl-exception
Group: Productivity/Networking/Ftp/Servers Group: Productivity/Networking/Ftp/Servers
Url: https://security.appspot.com/vsftpd.html Url: https://security.appspot.com/vsftpd.html
Source0: https://security.appspot.com/downloads/%{name}-%{version}.tar.gz Source0: https://security.appspot.com/downloads/%{name}-%{version}.tar.gz
Source1: %name.pam Source1: %{name}.pam
Source2: %name.logrotate Source2: %{name}.logrotate
Source3: %name.init
Source4: README.SUSE Source4: README.SUSE
Source5: %name.xml Source5: %{name}.xml
Source6: %name.firewall Source6: %{name}.firewall
Source7: vsftpd.service Source7: vsftpd.service
Source9: %name.keyring Source8: vsftpd@.service
Source9: %{name}.keyring
Source10: vsftpd.socket
Source1000: https://security.appspot.com/downloads/%{name}-%{version}.tar.gz.asc Source1000: https://security.appspot.com/downloads/%{name}-%{version}.tar.gz.asc
Patch1: vsftpd-2.0.4-lib64.diff Patch1: vsftpd-2.0.4-lib64.diff
Patch3: vsftpd-2.0.4-xinetd.diff Patch3: vsftpd-2.0.4-xinetd.diff
@ -67,11 +56,16 @@ Patch15: vsftpd-enable-dev-log-sendto.patch
Patch16: vsftpd-root-squashed-chroot.patch Patch16: vsftpd-root-squashed-chroot.patch
#PATCH-FIX-UPSTREAM: bnc#870122 #PATCH-FIX-UPSTREAM: bnc#870122
Patch17: vsftpd-enable-gettimeofday-sec.patch Patch17: vsftpd-enable-gettimeofday-sec.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: gpg-offline
Provides: ftp-server BuildRequires: libcap-devel
Requires(pre): %insserv_prereq /usr/sbin/useradd BuildRequires: openssl-devel
%{?systemd_requires} BuildRequires: pam-devel
BuildRequires: systemd
Requires: logrotate Requires: logrotate
Requires(pre): %{_sbindir}/useradd
Provides: ftp-server
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%{?systemd_requires}
%description %description
Vsftpd is an FTP server, or daemon. The "vs" stands for Very Secure. Vsftpd is an FTP server, or daemon. The "vs" stands for Very Secure.
@ -88,7 +82,7 @@ tests.
%gpg_verify %{S:1000} %gpg_verify %{S:1000}
%setup -q %setup -q
%patch1 %patch1
%patch3 %patch3 -p1
%patch4 %patch4
%patch5 %patch5
%patch6 %patch6
@ -105,90 +99,58 @@ tests.
%patch17 -p1 %patch17 -p1
%build %build
%define seccomp_opts %{nil}
%if 0%{?suse_version} > 1030
%define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP %define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP
%endif
rm -f dummyinc/sys/capability.h rm -f dummyinc/sys/capability.h
make CFLAGS="$RPM_OPT_FLAGS -DOPENSSL_NO_SSL_INTERN -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fPIE -fstack-protector --param=ssp-buffer-size=4 %{seccomp_opts}" \ make CFLAGS="%{optflags} -DOPENSSL_NO_SSL_INTERN -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fPIE -fstack-protector --param=ssp-buffer-size=4 %{seccomp_opts}" \
LDFLAGS="-fPIE -pie -Wl,-z,relro -Wl,-z,now" LINK= LDFLAGS="-fPIE -pie -Wl,-z,relro -Wl,-z,now" LINK=
%install %install
mkdir -p $RPM_BUILD_ROOT/usr/share/empty mkdir -p %{buildroot}%{_datadir}/empty
cp %SOURCE4 . cp %{SOURCE4} .
install -D -m 755 %name $RPM_BUILD_ROOT/usr/sbin/%name install -D -m 755 %{name} %{buildroot}%{_sbindir}/%{name}
install -D -m 600 %name.conf $RPM_BUILD_ROOT/etc/%name.conf install -D -m 600 %{name}.conf %{buildroot}%{_sysconfdir}/%{name}.conf
install -D -m 600 xinetd.d/%name $RPM_BUILD_ROOT/etc/xinetd.d/%name install -D -m 600 xinetd.d/%{name} %{buildroot}%{_sysconfdir}/xinetd.d/%{name}
install -D -m 644 $RPM_SOURCE_DIR/%name.pam $RPM_BUILD_ROOT/etc/pam.d/%name install -D -m 644 $RPM_SOURCE_DIR/%{name}.pam %{buildroot}%{_sysconfdir}/pam.d/%{name}
install -D -m 644 $RPM_SOURCE_DIR/%name.logrotate $RPM_BUILD_ROOT/etc/logrotate.d/%name install -D -m 644 $RPM_SOURCE_DIR/%{name}.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
install -D -m 644 %name.conf.5 $RPM_BUILD_ROOT/%_mandir/man5/%name.conf.5 install -D -m 644 %{name}.conf.5 %{buildroot}/%{_mandir}/man5/%{name}.conf.5
install -D -m 644 %name.8 $RPM_BUILD_ROOT/%_mandir/man8/%name.8 install -D -m 644 %{name}.8 %{buildroot}/%{_mandir}/man8/%{name}.8
%if %{with_sysvinit} ln -sf service %{buildroot}/%{_sbindir}/rc%{name}
install -D -m 755 %SOURCE3 $RPM_BUILD_ROOT/etc/init.d/%name install -D -m 0644 %{SOURCE7} %{buildroot}/%{_unitdir}/%{name}.service
ln -sf ../../etc/init.d/%name $RPM_BUILD_ROOT/%_prefix/sbin/rc%name install -D -m 0644 %{SOURCE8} %{buildroot}/%{_unitdir}/%{name}@.service
%else install -D -m 0644 %{SOURCE10} %{buildroot}/%{_unitdir}/%{name}.socket
ln -sf service $RPM_BUILD_ROOT/%{_prefix}/sbin/rc%{name} install -d %{buildroot}/%{_datadir}/omc/svcinfo.d/
%endif install -D -m 644 %{SOURCE5} %{buildroot}/%{_datadir}/omc/svcinfo.d/
install -d $RPM_BUILD_ROOT/%_datadir/omc/svcinfo.d/ install -d %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/
install -D -m 644 %SOURCE5 $RPM_BUILD_ROOT/%_datadir/omc/svcinfo.d/ install -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
install -d $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/
install -m 644 %{S:6} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
%if 0%{?suse_version} > 1140
install -D -m 0644 %SOURCE7 %{buildroot}/%{_unitdir}/%{name}.service
%endif
%pre %pre
/usr/sbin/useradd -r -g nogroup -s /bin/false -c "Secure FTP User" -d /var/lib/empty ftpsecure 2> /dev/null || : %{_sbindir}/useradd -r -g nogroup -s /bin/false -c "Secure FTP User" -d %{_localstatedir}/lib/empty ftpsecure 2> /dev/null || :
%if 0%{?suse_version} > 1140
%service_add_pre %{name}.service %service_add_pre %{name}.service
%endif
%preun %preun
if [ -e /etc/init.d/%{name} ]; then
%stop_on_removal %name
fi
%if 0%{?suse_version} > 1140
%service_del_preun %{name}.service %service_del_preun %{name}.service
%endif
%post %post
%if %{with_sysvinit}
%{fillup_and_insserv -f %{name}}
%endif
%if 0%{?suse_version} > 1140
%service_add_post %{name}.service %service_add_post %{name}.service
%endif
%postun %postun
%if %{with_sysvinit}
%insserv_cleanup
%restart_on_update %name
%endif
%if 0%{?suse_version} > 1140
%service_del_postun %{name}.service %service_del_postun %{name}.service
%endif
%files %files
%defattr(-,root,root) %defattr(-,root,root)
%if 0%{?suse_version} > 1140
%{_unitdir}/%{name}.service %{_unitdir}/%{name}.service
%endif %{_unitdir}/%{name}.socket
/usr/sbin/%name %{_unitdir}/%{name}@.service
/usr/sbin/rc%name %{_sbindir}/%{name}
%if %{with_sysvinit} %{_sbindir}/rc%{name}
%config /etc/init.d/%name %{_datadir}/omc/svcinfo.d/vsftpd.xml
%endif %dir %{_datadir}/empty
%_datadir/omc/svcinfo.d/vsftpd.xml %config(noreplace) %{_sysconfdir}/xinetd.d/%{name}
%dir /usr/share/empty %config(noreplace) %{_sysconfdir}/%{name}.conf
%config(noreplace) /etc/xinetd.d/%name %config %{_sysconfdir}/pam.d/%{name}
%config(noreplace) /etc/%name.conf %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%config /etc/pam.d/%name %{_mandir}/man5/%{name}.conf.*
%config(noreplace) /etc/logrotate.d/%name %{_mandir}/man8/%{name}.*
%_mandir/man5/%name.conf.*
%_mandir/man8/%name.*
%doc BUGS AUDIT Changelog LICENSE README README.security %doc BUGS AUDIT Changelog LICENSE README README.security
%doc REWARD SPEED TODO SECURITY TUNING SIZE FAQ EXAMPLE COPYING %doc REWARD SPEED TODO SECURITY TUNING SIZE FAQ EXAMPLE COPYING
%doc README.SUSE %doc README.SUSE

8
vsftpd@.service Normal file
View File

@ -0,0 +1,8 @@
[Unit]
Description=Very Secure FTP Daemon
[Service]
Type=simple
ExecStart=/usr/sbin/vsftpd /etc/vsftpd.conf -obackground=NO -olisten=NO -olisten_ipv6=NO
StandardInput=socket
SuccessExitStatus=2