rpms/vsftpd
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Build against OpenSSL 1.1, redefine VSFTP_COMMAND_FD to 1

Browse Source 
Build against OpenSSL 1.1.
Redefine VSFTP_COMMAND_FD to 1 to get errors generated during
startup picked up by systemd.

Resolves: rhbz#1443055
This commit is contained in:
Ondřej Lysoněk 2017-09-05 15:27:42 +02:00
parent c0e8f38e23
commit 255e73ec9e
3 changed files with 113 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch Normal file
View File

@ -0,0 +1,74 @@
From 6c8dd87f311e411bcb1c72c1c780497881a5621c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek@redhat.com>
Date: Mon, 4 Sep 2017 11:32:03 +0200
Subject: [PATCH 35/35] Modify DH enablement patch to build with OpenSSL 1.1
---
ssl.c | 41 ++++++++++++++++++++++++++++++++++++++---
1 file changed, 38 insertions(+), 3 deletions(-)
diff --git a/ssl.c b/ssl.c
index ba8a613..09ec96a 100644
--- a/ssl.c
+++ b/ssl.c
@@ -88,19 +88,54 @@ static struct mystr debug_str;
}
#endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+ /* If the fields p and g in d are NULL, the corresponding input
+ * parameters MUST be non-NULL. q may remain NULL.
+ */
+ if ((dh->p == NULL && p == NULL)
+ || (dh->g == NULL && g == NULL))
+ return 0;
+
+ if (p != NULL) {
+ BN_free(dh->p);
+ dh->p = p;
+ }
+ if (q != NULL) {
+ BN_free(dh->q);
+ dh->q = q;
+ }
+ if (g != NULL) {
+ BN_free(dh->g);
+ dh->g = g;
+ }
+
+ if (q != NULL) {
+ dh->length = BN_num_bits(q);
+ }
+
+ return 1;
+}
+#endif
+
#if !defined(DH_get_dh)
// Grab DH parameters
DH *
DH_get_dh(int size)
{
+ BIGNUM *g = NULL;
+ BIGNUM *p = NULL;
DH *dh = DH_new();
if (!dh) {
return NULL;
}
- dh->p = DH_get_prime(match_dh_bits(size));
- BN_dec2bn(&dh->g, "2");
- if (!dh->p || !dh->g)
+ p = DH_get_prime(match_dh_bits(size));
+ BN_dec2bn(&g, "2");
+ if (!p || !g || !DH_set0_pqg(dh, p, NULL, g))
{
+ BN_free(g);
+ BN_free(p);
DH_free(dh);
return NULL;
}
--
2.9.5

29
0036-Redefine-VSFTP_COMMAND_FD-to-1.patch Normal file
View File

@ -0,0 +1,29 @@
From 18e0ab25a0d66088728b506cf64f5545637eda26 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek@redhat.com>
Date: Tue, 5 Sep 2017 14:26:08 +0200
Subject: [PATCH 36/36] Redefine VSFTP_COMMAND_FD to 1
Redefine VSFTP_COMMAND_FD to 1 (stdout) so that error messages generated
during startup are picked up by systemd.
Resolves: rhbz#1443055
---
defs.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/defs.h b/defs.h
index bde3232..315f0f0 100644
--- a/defs.h
+++ b/defs.h
@@ -3,7 +3,7 @@
#define VSFTP_DEFAULT_CONFIG "/etc/vsftpd/vsftpd.conf"
-#define VSFTP_COMMAND_FD 0
+#define VSFTP_COMMAND_FD 1
#define VSFTP_PASSWORD_MAX 128
#define VSFTP_USERNAME_MAX 128
--
2.9.5

12
vsftpd.spec
View File

@ -2,7 +2,7 @@
Name: vsftpd Name: vsftpd
Version: 3.0.3 Version: 3.0.3
Release: 7%{?dist} Release: 8%{?dist}
Summary: Very Secure Ftp Daemon Summary: Very Secure Ftp Daemon
Group: System Environment/Daemons Group: System Environment/Daemons
@ -22,7 +22,7 @@ Source10: vsftpd-generator
BuildRequires: pam-devel BuildRequires: pam-devel
BuildRequires: libcap-devel BuildRequires: libcap-devel
BuildRequires: compat-openssl10-devel BuildRequires: openssl-devel
BuildRequires: systemd BuildRequires: systemd
BuildRequires: tcp_wrappers-devel BuildRequires: tcp_wrappers-devel
BuildRequires: git BuildRequires: git
@ -63,6 +63,8 @@ Patch31: 0031-Fix-question-mark-wildcard-withing-a-file-name.patch
Patch32: 0032-Propagate-errors-from-nfs-with-quota-to-client.patch Patch32: 0032-Propagate-errors-from-nfs-with-quota-to-client.patch
Patch33: 0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch Patch33: 0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch
Patch34: 0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch Patch34: 0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch
Patch35: 0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch
Patch36: 0036-Redefine-VSFTP_COMMAND_FD-to-1.patch
%description %description
vsftpd is a Very Secure FTP daemon. It was written completely from vsftpd is a Very Secure FTP daemon. It was written completely from
@ -132,6 +134,12 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub
%{_var}/ftp %{_var}/ftp
%changelog %changelog
* Tue Sep 05 2017 Ondřej Lysoněk <olysonek@redhat.com> - 3.0.3-8
- Build against OpenSSL 1.1
- Redefine VSFTP_COMMAND_FD to 1 to get errors generated during
- startup picked up by systemd
- Resolves: rhbz#1443055
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.3-7 * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.3-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild