From 09c09a59c9fafc0fda6632018b856c0e1c1cbefd Mon Sep 17 00:00:00 2001 From: Jiri Skala Date: Tue, 15 Nov 2011 13:34:41 +0100 Subject: [PATCH] fixes #753365 - multiple issues with vsftpd's systemd unit removes exclusivity between listen and listen_ipv6 BZ#450853 ls wildchars supports square brackets --- vsftpd-2.2.2-v6only.patch | 44 ------ vsftpd-2.3.4-noexclusive.patch | 13 ++ vsftpd-2.3.4-sd.patch | 22 ++- vsftpd-2.3.4-sqb.patch | 264 +++++++++++++++++++++++++++++++++ vsftpd.spec | 25 ++-- 5 files changed, 301 insertions(+), 67 deletions(-) delete mode 100644 vsftpd-2.2.2-v6only.patch create mode 100644 vsftpd-2.3.4-noexclusive.patch create mode 100644 vsftpd-2.3.4-sqb.patch diff --git a/vsftpd-2.2.2-v6only.patch b/vsftpd-2.2.2-v6only.patch deleted file mode 100644 index f0931e2..0000000 --- a/vsftpd-2.2.2-v6only.patch +++ /dev/null @@ -1,44 +0,0 @@ -diff -up vsftpd-2.2.2/standalone.c.v6only vsftpd-2.2.2/standalone.c ---- vsftpd-2.2.2/standalone.c.v6only 2010-05-14 16:09:38.181388723 +0200 -+++ vsftpd-2.2.2/standalone.c 2010-05-14 16:09:38.207398800 +0200 -@@ -77,6 +77,7 @@ vsf_standalone_main(void) - else - { - listen_sock = vsf_sysutil_get_ipv6_sock(); -+ vsf_sysutil_v6only(listen_sock); - } - vsf_sysutil_activate_reuseaddr(listen_sock); - -diff -up vsftpd-2.2.2/sysutil.c.v6only vsftpd-2.2.2/sysutil.c ---- vsftpd-2.2.2/sysutil.c.v6only 2010-05-17 09:09:59.848587511 +0200 -+++ vsftpd-2.2.2/sysutil.c 2010-05-17 09:11:04.965806472 +0200 -@@ -649,6 +649,18 @@ vsf_sysutil_wait_get_exitcode(const stru - status = ((struct vsf_sysutil_wait_retval*) p_waitret)->exit_status; - return WEXITSTATUS(status); - } -+ -+void -+vsf_sysutil_v6only(int fd) -+{ -+ int v6only = 1; -+ int retval = setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &v6only, -+ sizeof(v6only)); -+ if (retval != 0) -+ { -+ die("setsockopt: ipv6_v6only"); -+ } -+} - - void - vsf_sysutil_activate_keepalive(int fd) -diff -up vsftpd-2.2.2/sysutil.h.v6only vsftpd-2.2.2/sysutil.h ---- vsftpd-2.2.2/sysutil.h.v6only 2010-05-17 09:10:04.021567360 +0200 -+++ vsftpd-2.2.2/sysutil.h 2010-05-17 09:11:24.343557618 +0200 -@@ -264,6 +264,7 @@ int vsf_sysutil_connect_timeout(int fd, - void vsf_sysutil_dns_resolve(struct vsf_sysutil_sockaddr** p_sockptr, - const char* p_name); - /* Option setting on sockets */ -+void vsf_sysutil_v6only(int fd); - void vsf_sysutil_activate_keepalive(int fd); - void vsf_sysutil_set_iptos_throughput(int fd); - void vsf_sysutil_activate_reuseaddr(int fd); diff --git a/vsftpd-2.3.4-noexclusive.patch b/vsftpd-2.3.4-noexclusive.patch new file mode 100644 index 0000000..4a088d3 --- /dev/null +++ b/vsftpd-2.3.4-noexclusive.patch @@ -0,0 +1,13 @@ +diff -up vsftpd-2.3.4/vsftpd.conf.5.noexclusive vsftpd-2.3.4/vsftpd.conf.5 +--- vsftpd-2.3.4/vsftpd.conf.5.noexclusive 2011-11-15 12:56:01.777161200 +0100 ++++ vsftpd-2.3.4/vsftpd.conf.5 2011-11-15 12:59:22.037565778 +0100 +@@ -284,8 +284,7 @@ Default: NO + .TP + .B listen_ipv6 + Like the listen parameter, except vsftpd will listen on an IPv6 socket instead +-of an IPv4 one. This parameter and the listen parameter are mutually +-exclusive. ++of an IPv4 one. + + Default: NO + .TP diff --git a/vsftpd-2.3.4-sd.patch b/vsftpd-2.3.4-sd.patch index 5ee2ff8..c54aca2 100644 --- a/vsftpd-2.3.4-sd.patch +++ b/vsftpd-2.3.4-sd.patch @@ -1,38 +1,34 @@ diff -up vsftpd-2.3.4/vsftpd.8.sd vsftpd-2.3.4/vsftpd.8 ---- vsftpd-2.3.4/vsftpd.8.sd 2011-08-03 11:02:30.509291451 +0200 -+++ vsftpd-2.3.4/vsftpd.8 2011-08-03 15:50:00.024014865 +0200 +--- vsftpd-2.3.4/vsftpd.8.sd 2011-11-14 15:22:50.363265369 +0100 ++++ vsftpd-2.3.4/vsftpd.8 2011-11-15 08:32:55.270895429 +0100 @@ -25,6 +25,8 @@ in Direct execution of the .Nm vsftpd binary will then launch the FTP service ready for immediate client connections. +.Pp -+Systemd changes the vsftpd start-up. When the SysV initscript attempts to start one instance of the vsftpd daemon for each of /etc/vsftpd/*.conf file, each configuration file requires a correct symbolic link to the vsftpd@.service file.The name of the symbolic link must contain the name of the configuration file. See systemd.unit(5) for details. Each instance of the vsftpd daemon is started separately. See systemd.unit(5). ++Systemd changes the vsftpd start-up. When the SysV initscript attempts to start one instance of the vsftpd daemon for each of /etc/vsftpd/*.conf file, each configuration file requires a proper unit file. Each instance of the vsftpd daemon is started separately. See systemd.unit(5). .Sh OPTIONS An optional configuration file or files -@@ -55,6 +57,11 @@ the "ftpd_banner" setting is set to "bla +@@ -55,6 +57,9 @@ the "ftpd_banner" setting is set to "bla setting and any identical setting that was in the config file. .Sh FILES .Pa /etc/vsftpd/vsftpd.conf +.Pp -+.Pa /lib/systemd/system/vsftpd@.conf -+.Pp -+.Pa /lib/systemd/system/vsftpd@vsftpd.conf ++.Pa /lib/systemd/system/vsftpd.service .Sh SEE ALSO .Xr vsftpd.conf 5 +.Xr systemd.unit 5 .end diff -up vsftpd-2.3.4/vsftpd.conf.5.sd vsftpd-2.3.4/vsftpd.conf.5 ---- vsftpd-2.3.4/vsftpd.conf.5.sd 2011-08-03 11:02:37.480372306 +0200 -+++ vsftpd-2.3.4/vsftpd.conf.5 2011-08-03 15:50:29.435371891 +0200 -@@ -13,6 +13,11 @@ inetd such as +--- vsftpd-2.3.4/vsftpd.conf.5.sd 2011-11-14 15:22:50.546267713 +0100 ++++ vsftpd-2.3.4/vsftpd.conf.5 2011-11-15 08:48:42.872580090 +0100 +@@ -13,6 +13,9 @@ inetd such as to launch vsftpd with different configuration files on a per virtual host basis. +Systemd changes the vsftpd daemon start-up. Each configuration file -+requires a correct symbolic link to the vsftpd@.service file. The name -+of the symbolic link must contain the name of the configuration file. -+See systemd.unit(5) for details. ++requires a proper unit file that can be obtained by cloning and modifying default vsftpd.service. This additional unit file should be placed to /etc/systemd/system. See systemd.unit(5) for details. + .SH FORMAT The format of vsftpd.conf is very simple. Each line is either a comment or diff --git a/vsftpd-2.3.4-sqb.patch b/vsftpd-2.3.4-sqb.patch new file mode 100644 index 0000000..5bf8fce --- /dev/null +++ b/vsftpd-2.3.4-sqb.patch @@ -0,0 +1,264 @@ +diff -up vsftpd-2.3.4/ls.c.sqb vsftpd-2.3.4/ls.c +--- vsftpd-2.3.4/ls.c.sqb 2011-09-13 10:37:05.222089078 +0200 ++++ vsftpd-2.3.4/ls.c 2011-09-13 10:59:19.550508941 +0200 +@@ -245,7 +245,7 @@ vsf_filename_passes_filter(const struct + int ret = 0; + char last_token = 0; + int must_match_at_current_pos = 1; +- ++ int matched = 0; + + str_copy(&filter_remain_str, p_filter_str); + +@@ -275,7 +275,7 @@ vsf_filename_passes_filter(const struct + static struct mystr s_match_needed_str; + /* Locate next special token */ + struct str_locate_result locate_result = +- str_locate_chars(&filter_remain_str, "*?{"); ++ str_locate_chars(&filter_remain_str, "*?{["); + (*iters)++; + /* Isolate text leading up to token (if any) - needs to be matched */ + if (locate_result.found) +@@ -293,94 +293,170 @@ vsf_filename_passes_filter(const struct + str_empty(&filter_remain_str); + last_token = 0; + } +- if (!str_isempty(&s_match_needed_str)) +- { +- /* Need to match something.. could be a match which has to start at +- * current position, or we could allow it to start anywhere +- */ +- unsigned int indexx; +- locate_result = str_locate_str(&name_remain_str, &s_match_needed_str); +- if (!locate_result.found) +- { +- /* Fail */ +- goto out; +- } +- indexx = locate_result.index; +- if (must_match_at_current_pos && indexx > 0) +- { +- goto out; +- } +- if (!must_match_at_current_pos && last_token == 0) +- { +- struct mystr last_str = INIT_MYSTR; +- str_mid_to_end(&name_remain_str, &last_str, +- str_getlen(&name_remain_str) - str_getlen(&s_match_needed_str)); +- locate_result = str_locate_str(&last_str, &s_match_needed_str); +- str_free(&last_str); + +- if (locate_result.found) ++ matched = 0; ++ do { ++ if (!str_isempty(&s_match_needed_str)) ++ { ++ if (!matched) ++ { ++ matched = 1; ++ } ++ /* Need to match something.. could be a match which has to start at ++ * current position, or we could allow it to start anywhere ++ */ ++ unsigned int indexx; ++ locate_result = str_locate_str(&name_remain_str, &s_match_needed_str); ++ if (!locate_result.found) ++ { ++ /* Fail */ ++ goto out; ++ } ++ indexx = locate_result.index; ++ if (must_match_at_current_pos && indexx > 0) + { +- ret = 1; ++ goto out; + } +- goto out; ++ if (!must_match_at_current_pos && last_token == 0) ++ { ++ struct mystr last_str = INIT_MYSTR; ++ str_mid_to_end(&name_remain_str, &last_str, ++ str_getlen(&name_remain_str) - str_getlen(&s_match_needed_str)); ++ locate_result = str_locate_str(&last_str, &s_match_needed_str); ++ str_free(&last_str); ++ ++ if (locate_result.found) ++ { ++ ret = 1; ++ } ++ goto out; ++ } ++ /* Chop matched string out of remainder */ ++ str_mid_to_end(&name_remain_str, &temp_str, ++ indexx + str_getlen(&s_match_needed_str)); ++ str_copy(&name_remain_str, &temp_str); + } +- /* Chop matched string out of remainder */ +- str_mid_to_end(&name_remain_str, &temp_str, +- indexx + str_getlen(&s_match_needed_str)); +- str_copy(&name_remain_str, &temp_str); +- } +- if (last_token == '?') +- { +- if (str_isempty(&name_remain_str)) ++ if (last_token == '?') + { +- goto out; ++ if (str_isempty(&name_remain_str)) ++ { ++ goto out; ++ } ++ str_right(&name_remain_str, &temp_str, str_getlen(&name_remain_str) - 1); ++ str_copy(&name_remain_str, &temp_str); ++ must_match_at_current_pos = 1; + } +- str_right(&name_remain_str, &temp_str, str_getlen(&name_remain_str) - 1); +- str_copy(&name_remain_str, &temp_str); +- must_match_at_current_pos = 1; +- } +- else if (last_token == '{') +- { +- struct str_locate_result end_brace = +- str_locate_char(&filter_remain_str, '}'); +- must_match_at_current_pos = 1; +- if (end_brace.found) ++ else if (last_token == '{') + { +- str_split_char(&filter_remain_str, &temp_str, '}'); +- str_copy(&brace_list_str, &filter_remain_str); +- str_copy(&filter_remain_str, &temp_str); +- str_split_char(&brace_list_str, &temp_str, ','); +- while (!str_isempty(&brace_list_str)) +- { +- str_copy(&new_filter_str, &brace_list_str); +- str_append_str(&new_filter_str, &filter_remain_str); +- if (vsf_filename_passes_filter(&name_remain_str, &new_filter_str, +- iters)) ++ struct str_locate_result end_brace = ++ str_locate_char(&filter_remain_str, '}'); ++ must_match_at_current_pos = 1; ++ if (end_brace.found) ++ { ++ str_split_char(&filter_remain_str, &temp_str, '}'); ++ str_copy(&brace_list_str, &filter_remain_str); ++ str_copy(&filter_remain_str, &temp_str); ++ str_split_char(&brace_list_str, &temp_str, ','); ++ while (!str_isempty(&brace_list_str)) + { +- ret = 1; +- goto out; ++ str_empty(&new_filter_str); ++ if (!matched) ++ { ++ str_append_char(&new_filter_str, '*'); ++ } ++ str_append_str(&new_filter_str, &brace_list_str); ++ str_append_str(&new_filter_str, &filter_remain_str); ++ if (vsf_filename_passes_filter(&name_remain_str, &new_filter_str, ++ iters)) ++ { ++ ret = 1; ++ goto out; ++ } ++ str_copy(&brace_list_str, &temp_str); ++ str_split_char(&brace_list_str, &temp_str, ','); + } +- str_copy(&brace_list_str, &temp_str); +- str_split_char(&brace_list_str, &temp_str, ','); ++ goto out; ++ } ++ else if (str_isempty(&name_remain_str) || ++ str_get_char_at(&name_remain_str, 0) != '{') ++ { ++ goto out; ++ } ++ else ++ { ++ str_right(&name_remain_str, &temp_str, ++ str_getlen(&name_remain_str) - 1); ++ str_copy(&name_remain_str, &temp_str); + } +- goto out; + } +- else if (str_isempty(&name_remain_str) || +- str_get_char_at(&name_remain_str, 0) != '{') ++ else if (last_token == '[') + { +- goto out; ++ struct str_locate_result end_sqb = ++ str_locate_char(&filter_remain_str, ']'); ++ must_match_at_current_pos = 1; ++ if (end_sqb.found) ++ { ++ unsigned int cur_pos; ++ char stch, ench; ++ const char *p_brace; ++ ++ str_split_char(&filter_remain_str, &temp_str, ']'); ++ str_copy(&brace_list_str, &filter_remain_str); ++ str_copy(&filter_remain_str, &temp_str); ++ p_brace = str_getbuf(&brace_list_str); ++ for (cur_pos = 0; cur_pos < str_getlen(&brace_list_str);) ++ { ++ stch = p_brace[cur_pos]; ++ // char vers. range ++ if (cur_pos + 2 < str_getlen(&brace_list_str) && ++ p_brace[cur_pos+1] == '-') ++ { ++ ench = p_brace[cur_pos+2]; ++ cur_pos += 3; ++ } ++ else ++ { ++ ench = stch; ++ cur_pos++; ++ } ++ // expand char[s] ++ for (;stch <= ench && !str_isempty(&brace_list_str); stch++) ++ { ++ str_empty(&new_filter_str); ++ if (!matched) ++ { ++ str_append_char(&new_filter_str, '*'); ++ } ++ str_append_char(&new_filter_str, stch); ++ str_append_str(&new_filter_str, &filter_remain_str); ++ if (vsf_filename_passes_filter(&name_remain_str, &new_filter_str, ++ iters)) ++ { ++ ret = 1; ++ goto out; ++ } ++ } ++ } ++ goto out; ++ } ++ else if (str_isempty(&name_remain_str) || ++ str_get_char_at(&name_remain_str, 0) != '[') ++ { ++ goto out; ++ } ++ else ++ { ++ str_right(&name_remain_str, &temp_str, ++ str_getlen(&name_remain_str) - 1); ++ str_copy(&name_remain_str, &temp_str); ++ } + } + else + { +- str_right(&name_remain_str, &temp_str, +- str_getlen(&name_remain_str) - 1); +- str_copy(&name_remain_str, &temp_str); ++ must_match_at_current_pos = 0; + } +- } +- else +- { +- must_match_at_current_pos = 0; +- } ++ } while (locate_result.found && ++ str_getlen(&name_remain_str) > 0 && last_token != '*'); + } + /* Any incoming string left means no match unless we ended on the correct + * type of wildcard. diff --git a/vsftpd.spec b/vsftpd.spec index 3b796b9..0f600b6 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 2.3.4 -Release: 5%{?dist} +Release: 6%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -16,7 +16,7 @@ Source3: vsftpd.ftpusers Source4: vsftpd.user_list Source5: vsftpd.init Source6: vsftpd_conf_migrate.sh -Source7: vsftpd@.service +Source7: vsftpd.service BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -51,9 +51,10 @@ Patch13: vsftpd-2.2.0-openssl.patch Patch14: vsftpd-2.2.0-wildchar.patch Patch16: vsftpd-2.2.2-clone.patch -Patch17: vsftpd-2.2.2-v6only.patch Patch18: vsftpd-2.3.4-tout.patch Patch19: vsftpd-2.3.4-sd.patch +Patch20: vsftpd-2.3.4-sqb.patch +Patch21: vsftpd-2.3.4-noexclusive.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -88,9 +89,10 @@ cp %{SOURCE1} . %patch13 -p1 -b .openssl %patch14 -p1 -b .wildchar %patch16 -p1 -b .clone -%patch17 -p1 -b .v6only %patch18 -p1 -b .tout %patch19 -p1 -b .sd +%patch20 -p1 -b .sqb +%patch21 -p1 -b .noexclusive %build %ifarch s390x sparcv9 sparc64 @@ -119,7 +121,6 @@ install -m 600 %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/user_list install -m 755 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/vsftpd install -m 744 %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/vsftpd_conf_migrate.sh install -m 644 %{SOURCE7} $RPM_BUILD_ROOT/lib/systemd/system/ -ln -s /lib/systemd/system/vsftpd@.service $RPM_BUILD_ROOT/lib/systemd/system/vsftpd@vsftpd.service mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub @@ -131,8 +132,8 @@ rm -rf $RPM_BUILD_ROOT %preun if [ $1 = 0 ]; then - /bin/systemctl disable vsftpd@vsftpd.service > /dev/null 2>&1 || : - /bin/systemctl stop vsftpd@vsftpd.service > /dev/null 2>&1 || : + /bin/systemctl disable vsftpd.service > /dev/null 2>&1 || : + /bin/systemctl stop vsftpd.service > /dev/null 2>&1 || : fi %postun @@ -140,15 +141,14 @@ fi %triggerun -- %{name} < 2.3.4-5 /sbin/chkconfig --del vsftpd >/dev/null 2>&1 || : - /bin/systemctl try-restart vsftpd@vsftpd.service >/dev/null 2>&1 || : + /bin/systemctl try-restart vsftpd.service >/dev/null 2>&1 || : %triggerpostun -n %{name}-sysvinit -- %{name} < 2.3.4-5 /sbin/chkconfig --add vsftpd >/dev/null 2>&1 || : %files %defattr(-,root,root,-) -/lib/systemd/system/vsftpd@.service -/lib/systemd/system/vsftpd@vsftpd.service +/lib/systemd/system/vsftpd.service %{_sbindir}/vsftpd %dir %{_sysconfdir}/vsftpd %{_sysconfdir}/vsftpd/vsftpd_conf_migrate.sh @@ -167,6 +167,11 @@ fi %{_sysconfdir}/rc.d/init.d/vsftpd %changelog +* Tue Nov 15 2011 Jiri Skala - 2.3.4-6 +- fixes #753365 - multiple issues with vsftpd's systemd unit +- removes exclusivity between listen and listen_ipv6 BZ#450853 +- ls wildchars supports square brackets + * Wed Aug 03 2011 Jiri Skala - 2.3.4-5 - fixes #719434 - Provide native systemd unit file - moving SysV initscript into subpackage