From 3572541ce72558ae0e3483b540478b0e5c2d3cad Mon Sep 17 00:00:00 2001 From: Martin Nagy Date: Fri, 16 Jan 2009 17:23:12 +0000 Subject: [PATCH] - update to latest upstream release - cleanup the spec file - drop patches fixed upstream: vsftpd-1.0.1-missingok.patch vsftpd-1.2.1-nonrootconf.patch vsftpd-2.0.1-tcp_wrappers.patch vsftpd-2.0.2-signal.patch vsftpd-2.0.3-daemonize_fds.patch vsftpd-2.0.5-correct_comments.patch vsftpd-2.0.5-pasv_dot.patch vsftpd-2.0.5-write_race.patch vsftpd-2.0.5-fix_unique.patch vsftpd-2.0.5-uname_size.patch vsftpd-2.0.5-bind_denied.patch vsftpd-2.0.5-pam_end.patch vsftpd-2.0.5-underscore_uname.patch vsftpd-2.0.6-listen.patch - join all configuration patches into one: vsftpd-1.1.3-rh.patch vsftpd-1.2.1-conffile.patch vsftpd-2.0.1-dir.patch vsftpd-2.0.1-server_args.patch vsftpd-2.0.3-background.patch vsftpd-2.0.5-default_ipv6.patch vsftpd-2.0.5-add_ipv6_option.patch vsftpd-2.0.5-man.patch --- .cvsignore | 2 +- sources | 2 +- vsftpd-1.0.1-missingok.patch | 8 - vsftpd-1.1.3-rh.patch | 38 -- vsftpd-1.2.1-conffile.patch | 110 ----- vsftpd-1.2.1-nonrootconf.patch | 77 ---- vsftpd-2.0.1-build_ssl.patch | 12 - vsftpd-2.0.1-dir.patch | 160 ------- vsftpd-2.0.1-server_args.patch | 11 - vsftpd-2.0.1-tcp_wrappers.patch | 29 -- vsftpd-2.0.2-signal.patch | 41 -- vsftpd-2.0.3-background.patch | 22 - vsftpd-2.0.3-daemonize_fds.patch | 70 ---- vsftpd-2.0.3-pam_hostname.patch | 37 -- vsftpd-2.0.5-add_ipv6_option.patch | 16 - vsftpd-2.0.5-bind_denied.patch | 39 -- vsftpd-2.0.5-correct_comments.patch | 37 -- vsftpd-2.0.5-default_ipv6.patch | 8 - vsftpd-2.0.5-fix_unique.patch | 16 - vsftpd-2.0.5-man.patch | 65 --- vsftpd-2.0.5-pam_end.patch | 81 ---- vsftpd-2.0.5-pasv_dot.patch | 11 - vsftpd-2.0.5-uname_size.patch | 11 - vsftpd-2.0.5-underscore_uname.patch | 12 - vsftpd-2.0.5-write_race.patch | 68 --- vsftpd-2.0.6-listen.patch | 24 -- vsftpd-2.1.0-build_ssl.patch | 12 + vsftpd-2.1.0-configuration.patch | 395 ++++++++++++++++++ ...-filter.patch => vsftpd-2.1.0-filter.patch | 36 +- ....5.1-libs.patch => vsftpd-2.1.0-libs.patch | 8 +- vsftpd-2.1.0-pam_hostname.patch | 57 +++ vsftpd-2.1.0-tcp_wrappers.patch | 12 + ...g.patch => vsftpd-2.1.0-userlist_log.patch | 136 +++--- vsftpd-2.1.0-warnings.patch | 12 + vsftpd.spec | 164 ++++---- 35 files changed, 668 insertions(+), 1171 deletions(-) delete mode 100644 vsftpd-1.0.1-missingok.patch delete mode 100644 vsftpd-1.1.3-rh.patch delete mode 100644 vsftpd-1.2.1-conffile.patch delete mode 100644 vsftpd-1.2.1-nonrootconf.patch delete mode 100644 vsftpd-2.0.1-build_ssl.patch delete mode 100644 vsftpd-2.0.1-dir.patch delete mode 100644 vsftpd-2.0.1-server_args.patch delete mode 100644 vsftpd-2.0.1-tcp_wrappers.patch delete mode 100644 vsftpd-2.0.2-signal.patch delete mode 100644 vsftpd-2.0.3-background.patch delete mode 100644 vsftpd-2.0.3-daemonize_fds.patch delete mode 100644 vsftpd-2.0.3-pam_hostname.patch delete mode 100644 vsftpd-2.0.5-add_ipv6_option.patch delete mode 100644 vsftpd-2.0.5-bind_denied.patch delete mode 100644 vsftpd-2.0.5-correct_comments.patch delete mode 100644 vsftpd-2.0.5-default_ipv6.patch delete mode 100644 vsftpd-2.0.5-fix_unique.patch delete mode 100644 vsftpd-2.0.5-man.patch delete mode 100644 vsftpd-2.0.5-pam_end.patch delete mode 100644 vsftpd-2.0.5-pasv_dot.patch delete mode 100644 vsftpd-2.0.5-uname_size.patch delete mode 100644 vsftpd-2.0.5-underscore_uname.patch delete mode 100644 vsftpd-2.0.5-write_race.patch delete mode 100644 vsftpd-2.0.6-listen.patch create mode 100644 vsftpd-2.1.0-build_ssl.patch create mode 100644 vsftpd-2.1.0-configuration.patch rename vsftpd-2.0.4-filter.patch => vsftpd-2.1.0-filter.patch (63%) rename vsftpd-1.5.1-libs.patch => vsftpd-2.1.0-libs.patch (50%) create mode 100644 vsftpd-2.1.0-pam_hostname.patch create mode 100644 vsftpd-2.1.0-tcp_wrappers.patch rename vsftpd-2.0.6-userlist_log.patch => vsftpd-2.1.0-userlist_log.patch (58%) create mode 100644 vsftpd-2.1.0-warnings.patch diff --git a/.cvsignore b/.cvsignore index 5ef9b30..a47a7a6 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -vsftpd-2.0.7.tar.gz +vsftpd-2.1.0pre3.tar.gz diff --git a/sources b/sources index 037700a..4e482d2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -3e39cb7b0bee306ad7df8e3552e15297 vsftpd-2.0.7.tar.gz +6e968036b3575253f384e06f7b4ddd57 vsftpd-2.1.0pre3.tar.gz diff --git a/vsftpd-1.0.1-missingok.patch b/vsftpd-1.0.1-missingok.patch deleted file mode 100644 index ca5276b..0000000 --- a/vsftpd-1.0.1-missingok.patch +++ /dev/null @@ -1,8 +0,0 @@ ---- vsftpd-1.0.1/RedHat/vsftpd.log.checkfile Thu Feb 28 12:34:34 2002 -+++ vsftpd-1.0.1/RedHat/vsftpd.log Thu Feb 28 12:35:03 2002 -@@ -1,4 +1,5 @@ - /var/log/vsftpd.log { - # ftpd doesn't handle SIGHUP properly - nocompress -+ missingok - } diff --git a/vsftpd-1.1.3-rh.patch b/vsftpd-1.1.3-rh.patch deleted file mode 100644 index 9774f9a..0000000 --- a/vsftpd-1.1.3-rh.patch +++ /dev/null @@ -1,38 +0,0 @@ ---- vsftpd-1.0.1/vsftpd.conf.rh Mon Jul 30 17:51:07 2001 -+++ vsftpd-1.0.1/vsftpd.conf Wed Nov 28 14:38:36 2001 -@@ -7,14 +7,14 @@ - anonymous_enable=YES - # - # Uncomment this to allow local users to log in. --#local_enable=YES -+local_enable=YES - # - # Uncomment this to enable any form of FTP write command. --#write_enable=YES -+write_enable=YES - # - # Default umask for local users is 077. You may wish to change this to 022, - # if your users expect that (022 is used by most other ftpd's) --#local_umask=022 -+local_umask=022 - # - # Uncomment this to allow the anonymous FTP user to upload files. This only - # has an effect if the above global write enable is activated. Also, you will -@@ -46,7 +46,7 @@ - #xferlog_file=/var/log/vsftpd.log - # - # If you want, you can have your log file in standard ftpd xferlog format --#xferlog_std_format=YES -+xferlog_std_format=YES - # - # You may change the default value for timing out an idle session. - #idle_session_timeout=600 -@@ -98,3 +98,8 @@ - # the presence of the "-R" option, so there is a strong case for enabling it. - #ls_recurse_enable=YES - -+pam_service_name=vsftpd -+userlist_enable=YES -+#enable for standalone mode -+listen=YES -+tcp_wrappers=YES diff --git a/vsftpd-1.2.1-conffile.patch b/vsftpd-1.2.1-conffile.patch deleted file mode 100644 index 2e6d672..0000000 --- a/vsftpd-1.2.1-conffile.patch +++ /dev/null @@ -1,110 +0,0 @@ ---- vsftpd-1.2.1/FAQ.foo 2004-05-03 18:06:26.051315979 -0400 -+++ vsftpd-1.2.1/FAQ 2004-05-03 18:08:27.168746928 -0400 -@@ -33,7 +33,7 @@ - Q) Help! Local users cannot log in. - A) There are various possible problems. - A1) By default, vsftpd disables any logins other than anonymous logins. Put --local_enable=YES in your /etc/vsftpd.conf to allow local users to log in. -+local_enable=YES in your /etc/vsftpd/vsftpd.conf to allow local users to log in. - A2) vsftpd tries to link with PAM. (Run "ldd vsftpd" and look for libpam to - find out whether this has happened or not). If vsftpd links with PAM, then - you will need to have a PAM file installed for the vsftpd service. There is -@@ -45,12 +45,12 @@ - A4) If you are not using PAM, then vsftpd will do its own check for a valid - user shell in /etc/shells. You may need to disable this if you use an invalid - shell to disable logins other than FTP logins. Put check_shell=NO in your --/etc/vsftpd.conf. -+/etc/vsftpd/vsftpd.conf. - - Q) Help! Uploads or other write commands give me "500 Unknown command.". - A) By default, write commands, including uploads and new directories, are - disabled. This is a security measure. To enable writes, put write_enable=YES --in your /etc/vsftpd.conf. -+in your /etc/vsftpd/vsftpd.conf. - - Q) Help! What are the security implications referred to in the - "chroot_local_user" option? -@@ -86,7 +86,7 @@ - mode. Use "listen_address=x.x.x.x" to set the virtual IP. - - Q) Help! Does vsftpd support virtual users? --A) Yes, via PAM integration. Set "guest_enable=YES" in /etc/vsftpd.conf. This -+A) Yes, via PAM integration. Set "guest_enable=YES" in /etc/vsftpd/vsftpd.conf. This - has the effect of mapping every non-anonymous successful login to the local - username specified in "guest_username". Then, use PAM and (e.g.) its pam_userdb - module to provide authentication against an external (i.e. non-/etc/passwd) ---- vsftpd-1.2.1/defs.h.foo 2004-05-03 18:06:29.771837724 -0400 -+++ vsftpd-1.2.1/defs.h 2004-05-03 18:07:51.356350436 -0400 -@@ -1,7 +1,7 @@ - #ifndef VSF_DEFS_H - #define VSF_DEFS_H - --#define VSFTP_DEFAULT_CONFIG "/etc/vsftpd.conf" -+#define VSFTP_DEFAULT_CONFIG "/etc/vsftpd/vsftpd.conf" - - #define VSFTP_COMMAND_FD 0 - ---- vsftpd-1.2.1/INSTALL.foo 2004-05-03 18:06:33.061414865 -0400 -+++ vsftpd-1.2.1/INSTALL 2004-05-03 18:08:57.133895056 -0400 -@@ -63,7 +63,7 @@ - vsftpd can run standalone or via an inetd (such as inetd or xinetd). You will - typically get more control running vsftpd from an inetd. But first we will run - it without, so we can check things are going well so far. --Edit /etc/vsftpd.conf, and add this line at the bottom: -+Edit /etc/vsftpd/vsftpd.conf, and add this line at the bottom: - - listen=YES - -@@ -135,11 +135,11 @@ - Step 7) Customize your configuration - - As well as the above three pre-requisites, you are recommended to install a --config file. The default location for the config file is /etc/vsftpd.conf. -+config file. The default location for the config file is /etc/vsftpd/vsftpd.conf. - There is a sample vsftpd.conf in the distribution tarball. You probably want --to copy that to /etc/vsftpd.conf as a basis for modification, i.e.: -+to copy that to /etc/vsftpd/vsftpd.conf as a basis for modification, i.e.: - --cp vsftpd.conf /etc -+cp vsftpd.conf /etc/vsftpd/ - - The default configuration allows neither local user logins nor anonymous - uploads. You may wish to change these defaults. ---- vsftpd-1.2.1/vsftpd.8.foo 2004-05-03 18:06:40.593446659 -0400 -+++ vsftpd-1.2.1/vsftpd.8 2004-05-03 18:09:04.438956026 -0400 -@@ -21,7 +21,7 @@ - recommended. It is activated by setting - .Pa listen=YES - in --.Pa /etc/vsftpd.conf . -+.Pa /etc/vsftpd/vsftpd.conf . - Direct execution of the - .Nm vsftpd - binary will then launch the FTP service ready for immediate client connections. -@@ -29,6 +29,6 @@ - An optional - .Op configuration file - may be given on the command line. The default configuration file is --.Pa /etc/vsftpd.conf . -+.Pa /etc/vsftpd/vsftpd.conf . - .Sh SEE ALSO - .Xr vsftpd.conf 5 ---- vsftpd-1.2.1/vsftpd.conf.foo 2004-05-03 18:06:55.217566800 -0400 -+++ vsftpd-1.2.1/vsftpd.conf 2004-05-03 18:09:28.049920952 -0400 -@@ -1,4 +1,4 @@ --# Example config file /etc/vsftpd.conf -+# Example config file /etc/vsftpd/vsftpd.conf - # - # The default compiled in settings are fairly paranoid. This sample file - # loosens things up a bit, to make the ftp daemon more usable. ---- vsftpd-1.2.1/vsftpd.conf.5.foo 2004-05-03 18:07:06.184157099 -0400 -+++ vsftpd-1.2.1/vsftpd.conf.5 2004-05-03 18:09:20.649872192 -0400 -@@ -4,7 +4,7 @@ - .SH DESCRIPTION - vsftpd.conf may be used to control various aspects of vsftpd's behaviour. By - default, vsftpd looks for this file at the location --.BR /etc/vsftpd.conf . -+.BR /etc/vsftpd/vsftpd.conf . - However, you may override this by specifying a command line argument to - vsftpd. The command line argument is the pathname of the configuration file - for vsftpd. This behaviour is useful because you may wish to use an advanced diff --git a/vsftpd-1.2.1-nonrootconf.patch b/vsftpd-1.2.1-nonrootconf.patch deleted file mode 100644 index 4eaf381..0000000 --- a/vsftpd-1.2.1-nonrootconf.patch +++ /dev/null @@ -1,77 +0,0 @@ -diff -up vsftpd-2.0.6/parseconf.c.nonrootconf vsftpd-2.0.6/parseconf.c ---- vsftpd-2.0.6/parseconf.c.nonrootconf 2008-02-12 05:53:32.000000000 +0100 -+++ vsftpd-2.0.6/parseconf.c 2008-07-01 12:28:12.000000000 +0200 -@@ -15,6 +15,7 @@ - #include "defs.h" - #include "sysutil.h" - #include "utility.h" -+#include "sysstr.h" - - static const char* s_p_saved_filename; - static int s_strings_copied; -@@ -182,6 +183,8 @@ vsf_parseconf_load_file(const char* p_fi - struct mystr config_file_str = INIT_MYSTR; - struct mystr config_setting_str = INIT_MYSTR; - struct mystr config_value_str = INIT_MYSTR; -+ struct vsf_sysutil_statbuf* p_statbuf = 0; -+ - unsigned int str_pos = 0; - int retval; - if (!p_filename) -@@ -210,7 +213,9 @@ vsf_parseconf_load_file(const char* p_fi - copy_string_settings(); - } - retval = str_fileread(&config_file_str, p_filename, VSFTP_CONF_FILE_MAX); -- if (vsf_sysutil_retval_is_error(retval)) -+ (int)vsf_sysutil_stat(p_filename, &p_statbuf); -+ /* Security - die unless the conf file is owned by root */ -+ if (vsf_sysutil_retval_is_error(retval) || vsf_sysutil_statbuf_get_uid(p_statbuf) != VSFTP_ROOT_UID) - { - if (errs_fatal) - { -@@ -221,6 +226,7 @@ vsf_parseconf_load_file(const char* p_fi - return; - } - } -+ vsf_sysutil_free(p_statbuf); - while (str_getline(&config_file_str, &config_setting_str, &str_pos)) - { - if (str_isempty(&config_setting_str) || -diff -up vsftpd-2.0.6/twoprocess.c.nonrootconf vsftpd-2.0.6/twoprocess.c ---- vsftpd-2.0.6/twoprocess.c.nonrootconf 2008-02-12 04:18:34.000000000 +0100 -+++ vsftpd-2.0.6/twoprocess.c 2008-07-01 12:21:28.000000000 +0200 -@@ -423,11 +423,17 @@ handle_per_user_config(const struct myst - str_append_char(&filename_str, '/'); - str_append_str(&filename_str, p_user_str); - retval = str_stat(&filename_str, &p_statbuf); -- /* Security - ignore unless owned by root */ -- if (!vsf_sysutil_retval_is_error(retval) && -- vsf_sysutil_statbuf_get_uid(p_statbuf) == VSFTP_ROOT_UID) -+ /* Security - die unless owned by root */ -+ if (!vsf_sysutil_retval_is_error(retval)) - { -- vsf_parseconf_load_file(str_getbuf(&filename_str), 1); -+ if (vsf_sysutil_statbuf_get_uid(p_statbuf) == VSFTP_ROOT_UID) -+ { -+ vsf_parseconf_load_file(str_getbuf(&filename_str), 1); -+ } -+ else -+ { -+ die("reading non-root config file"); -+ } - } - str_free(&filename_str); - vsf_sysutil_free(p_statbuf); -diff -up vsftpd-2.0.6/vsftpd.8.nonrootconf vsftpd-2.0.6/vsftpd.8 ---- vsftpd-2.0.6/vsftpd.8.nonrootconf 2008-07-01 12:21:28.000000000 +0200 -+++ vsftpd-2.0.6/vsftpd.8 2008-07-01 12:21:28.000000000 +0200 -@@ -28,7 +28,8 @@ binary will then launch the FTP service - .Sh OPTIONS - An optional - .Op configuration file --may be given on the command line. The default configuration file is -+may be given on the command line. This configuration files has to be owned by -+root. The default configuration file is - .Pa /etc/vsftpd/vsftpd.conf . - .Sh SEE ALSO - .Xr vsftpd.conf 5 diff --git a/vsftpd-2.0.1-build_ssl.patch b/vsftpd-2.0.1-build_ssl.patch deleted file mode 100644 index 23e1589..0000000 --- a/vsftpd-2.0.1-build_ssl.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up vsftpd-2.0.6/builddefs.h.build_ssl vsftpd-2.0.6/builddefs.h ---- vsftpd-2.0.6/builddefs.h.build_ssl 2008-09-08 23:28:16.000000000 -0400 -+++ vsftpd-2.0.6/builddefs.h 2008-09-08 23:29:04.000000000 -0400 -@@ -3,7 +3,7 @@ - - #define VSF_BUILD_TCPWRAPPERS - #define VSF_BUILD_PAM --#undef VSF_BUILD_SSL -+#define VSF_BUILD_SSL - - #endif /* VSF_BUILDDEFS_H */ - diff --git a/vsftpd-2.0.1-dir.patch b/vsftpd-2.0.1-dir.patch deleted file mode 100644 index 495647d..0000000 --- a/vsftpd-2.0.1-dir.patch +++ /dev/null @@ -1,160 +0,0 @@ ---- vsftpd-2.0.1/README.dir 2004-07-02 02:34:35.000000000 +0200 -+++ vsftpd-2.0.1/README 2004-11-11 12:33:02.114458576 +0100 -@@ -35,3 +35,8 @@ - Various example configurations are discussed in the EXAMPLE directory. - Frequently asked questions are tackled in the FAQ file. - -+Important Note -+============== -+The location of configuration files was changed to /etc/vsftpd/. If you want -+to migrate your old conf files from /etc (files vsftpd.xxxx.rpmsave) use -+/etc/vsfptd/vsftpd_conf_migrate.sh ---- vsftpd-2.0.1/EXAMPLE/INTERNET_SITE_NOINETD/README.dir 2002-11-09 17:07:09.000000000 +0100 -+++ vsftpd-2.0.1/EXAMPLE/INTERNET_SITE_NOINETD/README 2004-11-11 12:26:59.331609952 +0100 -@@ -17,7 +17,7 @@ - - To use this example config: - --1) Copy the vsftpd.conf file in this directory to /etc/vsftpd.conf. -+1) Copy the vsftpd.conf file in this directory to /etc/vsftpd/vsftpd.conf. - - 2) Start up vsftpd, e.g. - vsftpd & -@@ -51,5 +51,5 @@ - listen_address=192.168.1.2 - - And launch vsftpd with a specific config file like this: --vsftpd /etc/vsftpd.conf.site1 & -+vsftpd /etc/vsftpd/vsftpd.conf.site1 & - ---- vsftpd-2.0.1/EXAMPLE/INTERNET_SITE/vsftpd.xinetd.dir 2002-07-31 00:57:21.000000000 +0200 -+++ vsftpd-2.0.1/EXAMPLE/INTERNET_SITE/vsftpd.xinetd 2004-11-11 12:26:59.331609952 +0100 -@@ -9,7 +9,7 @@ - per_source = 5 - instances = 200 - no_access = 192.168.1.3 -- banner_fail = /etc/vsftpd.busy_banner -+ banner_fail = /etc/vsftpd/busy_banner - log_on_success += PID HOST DURATION - log_on_failure += HOST - } ---- vsftpd-2.0.1/EXAMPLE/VIRTUAL_USERS/vsftpd.pam.dir 2002-07-30 20:36:38.000000000 +0200 -+++ vsftpd-2.0.1/EXAMPLE/VIRTUAL_USERS/vsftpd.pam 2004-11-11 12:26:59.377602960 +0100 -@@ -1,2 +1,2 @@ --auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login --account required /lib/security/pam_userdb.so db=/etc/vsftpd_login -+auth required /lib/security/pam_userdb.so db=/etc/vsftpd/login -+account required /lib/security/pam_userdb.so db=/etc/vsftpd/login ---- vsftpd-2.0.1/EXAMPLE/VIRTUAL_USERS/README.dir 2003-11-05 01:27:48.000000000 +0100 -+++ vsftpd-2.0.1/EXAMPLE/VIRTUAL_USERS/README 2004-11-11 12:26:59.377602960 +0100 -@@ -15,7 +15,7 @@ - "fred" with password "bar". - Whilst logged in as root, create the actual database file like this: - --db_load -T -t hash -f logins.txt /etc/vsftpd_login.db -+db_load -T -t hash -f logins.txt /etc/vsftpd/login.db - (Requires the Berkeley db program installed). - NOTE: Many systems have multiple versions of "db" installed, so you may - need to use e.g. db3_load for correct operation. This is known to affect -@@ -23,10 +23,10 @@ - database to be a specific db version (often db3, whereas db4 may be installed - on your system). - --This will create /etc/vsftpd_login.db. Obviously, you may want to make sure -+This will create /etc/vsftpd/login.db. Obviously, you may want to make sure - the permissions are restricted: - --chmod 600 /etc/vsftpd_login.db -+chmod 600 /etc/vsftpd/login.db - - For more information on maintaing your login database, look around for - documentation on "Berkeley DB", e.g. -@@ -37,8 +37,8 @@ - - See the example file vsftpd.pam. It contains two lines: - --auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login --account required /lib/security/pam_userdb.so db=/etc/vsftpd_login -+auth required /lib/security/pam_userdb.so db=/etc/vsftpd/login -+account required /lib/security/pam_userdb.so db=/etc/vsftpd/login - - This tells PAM to authenticate users using our new database. Copy this PAM - file to the PAM directory - typically /etc/pam.d/ -@@ -105,9 +105,9 @@ - These put a port range on passive FTP incoming requests - very useful if - you are configuring a firewall. - --Copy the example vsftpd.conf file to /etc: -+Copy the example vsftpd.conf file to /etc/vsftpd: - --cp vsftpd.conf /etc/ -+cp vsftpd.conf /etc/vsftpd/ - - - Step 5) Start up vsftpd. ---- vsftpd-2.0.1/EXAMPLE/PER_IP_CONFIG/README.dir 2002-11-09 17:16:12.000000000 +0100 -+++ vsftpd-2.0.1/EXAMPLE/PER_IP_CONFIG/README 2004-11-11 12:26:59.377602960 +0100 -@@ -20,7 +20,7 @@ - - Let's have a look at the example: - --vsftpd: 192.168.1.3: setenv VSFTPD_LOAD_CONF /etc/vsftpd_tcp_wrap.conf -+vsftpd: 192.168.1.3: setenv VSFTPD_LOAD_CONF /etc/vsftpd/tcp_wrap.conf - vsftpd: 192.168.1.4: DENY - - The first line: ---- vsftpd-2.0.1/EXAMPLE/PER_IP_CONFIG/hosts.allow.dir 2002-11-09 17:04:24.000000000 +0100 -+++ vsftpd-2.0.1/EXAMPLE/PER_IP_CONFIG/hosts.allow 2004-11-11 12:26:59.378602808 +0100 -@@ -4,6 +4,6 @@ - # by the '/usr/sbin/tcpd' server. - # - --vsftpd: 192.168.1.3: setenv VSFTPD_LOAD_CONF /etc/vsftpd_tcp_wrap.conf -+vsftpd: 192.168.1.3: setenv VSFTPD_LOAD_CONF /etc/vsftpd/tcp_wrap.conf - vsftpd: 192.168.1.4: DENY - ---- vsftpd-2.0.1/tunables.c.dir 2004-07-02 13:26:17.000000000 +0200 -+++ vsftpd-2.0.1/tunables.c 2004-11-11 12:26:59.378602808 +0100 -@@ -95,11 +95,11 @@ - const char* tunable_message_file = ".message"; - const char* tunable_nopriv_user = "nobody"; - const char* tunable_ftpd_banner = 0; --const char* tunable_banned_email_file = "/etc/vsftpd.banned_emails"; --const char* tunable_chroot_list_file = "/etc/vsftpd.chroot_list"; -+const char* tunable_banned_email_file = "/etc/vsftpd/banned_emails"; -+const char* tunable_chroot_list_file = "/etc/vsftpd/chroot_list"; - const char* tunable_pam_service_name = "ftp"; - const char* tunable_guest_username = "ftp"; --const char* tunable_userlist_file = "/etc/vsftpd.user_list"; -+const char* tunable_userlist_file = "/etc/vsftpd/user_list"; - const char* tunable_anon_root = 0; - const char* tunable_local_root = 0; - const char* tunable_banner_file = 0; -@@ -111,7 +111,7 @@ - const char* tunable_hide_file = 0; - const char* tunable_deny_file = 0; - const char* tunable_user_sub_token = 0; --const char* tunable_email_password_file = "/etc/vsftpd.email_passwords"; -+const char* tunable_email_password_file = "/etc/vsftpd/email_passwords"; - const char* tunable_rsa_cert_file = "/usr/share/ssl/certs/vsftpd.pem"; - const char* tunable_dsa_cert_file = 0; - const char* tunable_ssl_ciphers = "DES-CBC3-SHA"; ---- vsftpd-2.0.1/vsftpd.conf.dir 2004-11-11 12:26:59.231625152 +0100 -+++ vsftpd-2.0.1/vsftpd.conf 2004-11-11 12:26:59.380602504 +0100 -@@ -88,14 +88,14 @@ - # useful for combatting certain DoS attacks. - #deny_email_enable=YES - # (default follows) --#banned_email_file=/etc/vsftpd.banned_emails -+#banned_email_file=/etc/vsftpd/banned_emails - # - # You may specify an explicit list of local users to chroot() to their home - # directory. If chroot_local_user is YES, then this list becomes a list of - # users to NOT chroot(). - #chroot_list_enable=YES - # (default follows) --#chroot_list_file=/etc/vsftpd.chroot_list -+#chroot_list_file=/etc/vsftpd/chroot_list - # - # You may activate the "-R" option to the builtin ls. This is disabled by - # default to avoid remote users being able to cause excessive I/O on large diff --git a/vsftpd-2.0.1-server_args.patch b/vsftpd-2.0.1-server_args.patch deleted file mode 100644 index 670f2df..0000000 --- a/vsftpd-2.0.1-server_args.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- vsftpd-2.0.1/xinetd.d/vsftpd.server_args 2001-10-11 21:40:17.000000000 +0200 -+++ vsftpd-2.0.1/xinetd.d/vsftpd 2004-10-01 14:52:28.171052120 +0200 -@@ -9,7 +9,7 @@ - wait = no - user = root - server = /usr/local/sbin/vsftpd --# server_args = -+ server_args = /etc/vsftpd/vsftpd.conf - # log_on_success += DURATION USERID - # log_on_failure += USERID - nice = 10 diff --git a/vsftpd-2.0.1-tcp_wrappers.patch b/vsftpd-2.0.1-tcp_wrappers.patch deleted file mode 100644 index 97cfc12..0000000 --- a/vsftpd-2.0.1-tcp_wrappers.patch +++ /dev/null @@ -1,29 +0,0 @@ ---- vsftpd-1.2.0/tcpwrap.c.tcp_wrappers2 2003-01-13 20:55:21.000000000 -0500 -+++ vsftpd-1.2.0/tcpwrap.c 2003-06-24 21:36:04.000000000 -0400 -@@ -31,12 +31,15 @@ - vsf_tcp_wrapper_ok(int remote_fd) - { - struct request_info req; -+ openlog("vsftpd", LOG_PID, LOG_FTP); - request_init(&req, RQ_DAEMON, "vsftpd", RQ_FILE, remote_fd, 0); - fromhost(&req); - if (!hosts_access(&req)) - { -+ closelog(); - return 0; - } -+ closelog(); - return 1; - } - ---- vsftpd-work/builddefs.h.tcp_wrappers 2004-08-20 09:57:08.000000000 +0200 -+++ vsftpd-work/builddefs.h 2004-08-20 10:09:11.619830424 +0200 -@@ -1,7 +1,7 @@ - #ifndef VSF_BUILDDEFS_H - #define VSF_BUILDDEFS_H - --#undef VSF_BUILD_TCPWRAPPERS -+#define VSF_BUILD_TCPWRAPPERS - #define VSF_BUILD_PAM - #undef VSF_BUILD_SSL - diff --git a/vsftpd-2.0.2-signal.patch b/vsftpd-2.0.2-signal.patch deleted file mode 100644 index e7e41c8..0000000 --- a/vsftpd-2.0.2-signal.patch +++ /dev/null @@ -1,41 +0,0 @@ ---- vsftpd-2.0.2/standalone.c.signal 2004-07-02 13:25:37.000000000 +0200 -+++ vsftpd-2.0.2/standalone.c 2005-03-14 09:37:12.937643960 +0100 -@@ -134,12 +134,8 @@ - void* p_raw_addr; - int new_child; - int new_client_sock; -- vsf_sysutil_unblock_sig(kVSFSysUtilSigCHLD); -- vsf_sysutil_unblock_sig(kVSFSysUtilSigHUP); - new_client_sock = vsf_sysutil_accept_timeout( - listen_sock, p_accept_addr, 0); -- vsf_sysutil_block_sig(kVSFSysUtilSigCHLD); -- vsf_sysutil_block_sig(kVSFSysUtilSigHUP); - if (vsf_sysutil_retval_is_error(new_client_sock)) - { - continue; ---- vsftpd-2.0.2/sysutil.c.signal 2005-03-03 00:48:02.000000000 +0100 -+++ vsftpd-2.0.2/sysutil.c 2005-03-14 09:41:34.992805520 +0100 -@@ -1623,7 +1623,11 @@ - timeout.tv_usec = 0; - do - { -+ vsf_sysutil_unblock_sig(kVSFSysUtilSigCHLD); -+ vsf_sysutil_unblock_sig(kVSFSysUtilSigHUP); - retval = select(fd + 1, &accept_fdset, NULL, NULL, &timeout); -+ vsf_sysutil_block_sig(kVSFSysUtilSigCHLD); -+ vsf_sysutil_block_sig(kVSFSysUtilSigHUP); - saved_errno = errno; - vsf_sysutil_check_pending_actions(kVSFSysUtilUnknown, 0, 0); - } while (retval < 0 && saved_errno == EINTR); -@@ -1633,7 +1637,11 @@ - return -1; - } - } -+ vsf_sysutil_unblock_sig(kVSFSysUtilSigCHLD); -+ vsf_sysutil_unblock_sig(kVSFSysUtilSigHUP); - retval = accept(fd, &remote_addr.u.u_sockaddr, &socklen); -+ vsf_sysutil_block_sig(kVSFSysUtilSigCHLD); -+ vsf_sysutil_block_sig(kVSFSysUtilSigHUP); - vsf_sysutil_check_pending_actions(kVSFSysUtilUnknown, 0, 0); - if (retval < 0) - { diff --git a/vsftpd-2.0.3-background.patch b/vsftpd-2.0.3-background.patch deleted file mode 100644 index e56f794..0000000 --- a/vsftpd-2.0.3-background.patch +++ /dev/null @@ -1,22 +0,0 @@ ---- vsftpd-2.0.3/tunables.c.background 2005-06-30 09:51:51.000000000 +0200 -+++ vsftpd-2.0.3/tunables.c 2005-06-30 09:57:29.000000000 +0200 -@@ -49,7 +49,7 @@ - int tunable_listen_ipv6 = 0; - int tunable_dual_log_enable = 0; - int tunable_syslog_enable = 0; --int tunable_background = 0; -+int tunable_background = 1; - int tunable_virtual_use_local_privs = 0; - int tunable_session_support = 0; - int tunable_download_enable = 1; ---- vsftpd-2.0.3/vsftpd.conf.5.background 2005-06-30 09:51:51.000000000 +0200 -+++ vsftpd-2.0.3/vsftpd.conf.5 2005-06-30 09:58:28.000000000 +0200 -@@ -108,7 +108,7 @@ - the listener process. i.e. control will immediately be returned to the shell - which launched vsftpd. - --Default: NO -+Default: YES - .TP - .B check_shell - Note! This option only has an effect for non-PAM builds of vsftpd. If disabled, diff --git a/vsftpd-2.0.3-daemonize_fds.patch b/vsftpd-2.0.3-daemonize_fds.patch deleted file mode 100644 index fcb2b43..0000000 --- a/vsftpd-2.0.3-daemonize_fds.patch +++ /dev/null @@ -1,70 +0,0 @@ -diff -up vsftpd-2.0.6/standalone.c.fds vsftpd-2.0.6/standalone.c ---- vsftpd-2.0.6/standalone.c.fds 2008-09-08 23:29:23.000000000 -0400 -+++ vsftpd-2.0.6/standalone.c 2008-09-08 23:30:16.000000000 -0400 -@@ -57,6 +57,7 @@ vsf_standalone_main(void) - vsf_sysutil_close_failok(1); - vsf_sysutil_close_failok(2); - vsf_sysutil_make_session_leader(); -+ vsf_sysutil_reopen_standard_fds(); - } - if (tunable_listen) - { -diff -up vsftpd-2.0.6/sysutil.c.fds vsftpd-2.0.6/sysutil.c ---- vsftpd-2.0.6/sysutil.c.fds 2008-09-08 23:29:23.000000000 -0400 -+++ vsftpd-2.0.6/sysutil.c 2008-09-08 23:32:26.000000000 -0400 -@@ -2457,6 +2457,44 @@ vsf_sysutil_make_session_leader(void) - } - - void -+vsf_sysutil_reopen_standard_fds(void) -+{ -+ /* This reopens STDIN, STDOUT and STDERR to /dev/null */ -+ -+ int fd; -+ -+ if ( (fd = open("/dev/null", O_RDWR, 0)) == -1 ) -+ { -+ goto error; -+ } -+ -+ if ( dup2(fd, STDIN_FILENO) == -1 ) -+ { -+ goto error; -+ } -+ -+ if ( dup2(fd, STDOUT_FILENO) == -1 ) -+ { -+ goto error; -+ } -+ -+ if ( dup2(fd, STDERR_FILENO) == -1 ) -+ { -+ goto error; -+ } -+ -+ if ( fd > 2 ) -+ { -+ (void) close(fd); -+ } -+ -+ return; -+ -+error: -+ die("reopening standard file descriptors to /dev/null failed"); -+} -+ -+void - vsf_sysutil_tzset(void) - { - int retval; -diff -up vsftpd-2.0.6/sysutil.h.fds vsftpd-2.0.6/sysutil.h ---- vsftpd-2.0.6/sysutil.h.fds 2008-02-01 20:30:39.000000000 -0500 -+++ vsftpd-2.0.6/sysutil.h 2008-09-08 23:29:24.000000000 -0400 -@@ -293,6 +293,7 @@ unsigned char vsf_sysutil_get_random_byt - unsigned int vsf_sysutil_get_umask(void); - void vsf_sysutil_set_umask(unsigned int umask); - void vsf_sysutil_make_session_leader(void); -+void vsf_sysutil_reopen_standard_fds(void); - void vsf_sysutil_tzset(void); - const char* vsf_sysutil_get_current_date(void); - void vsf_sysutil_qsort(void* p_base, unsigned int num_elem, diff --git a/vsftpd-2.0.3-pam_hostname.patch b/vsftpd-2.0.3-pam_hostname.patch deleted file mode 100644 index 228104a..0000000 --- a/vsftpd-2.0.3-pam_hostname.patch +++ /dev/null @@ -1,37 +0,0 @@ ---- vsftpd-2.0.3/sysdeputil.c.old 2004-09-14 03:18:54.000000000 +0200 -+++ vsftpd-2.0.3/sysdeputil.c 2005-09-09 12:09:10.000000000 +0200 -@@ -16,6 +17,9 @@ - #include "tunables.h" - #include "builddefs.h" - -+/* For gethostbyaddr, inet_addr */ -+#include -+ - /* For Linux, this adds nothing :-) */ - #include "port/porting_junk.h" - -@@ -284,6 +288,10 @@ - const struct mystr* p_remote_host) - { - int retval; -+#ifdef PAM_RHOST -+ struct sockaddr_in sin; -+ struct hostent *host; -+#endif - struct pam_conv the_conv = - { - &pam_conv_func, -@@ -302,7 +310,12 @@ - return 0; - } - #ifdef PAM_RHOST -- retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host)); -+ sin.sin_addr.s_addr = inet_addr(str_getbuf(p_remote_host)); -+ host = gethostbyaddr((char*)&sin.sin_addr.s_addr,sizeof(struct in_addr),AF_INET); -+ if (host != (struct hostent*)0) -+ retval = pam_set_item(s_pamh, PAM_RHOST, host->h_name); -+ else -+ retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host)); - if (retval != PAM_SUCCESS) - { - (void) pam_end(s_pamh, 0); diff --git a/vsftpd-2.0.5-add_ipv6_option.patch b/vsftpd-2.0.5-add_ipv6_option.patch deleted file mode 100644 index a6ad504..0000000 --- a/vsftpd-2.0.5-add_ipv6_option.patch +++ /dev/null @@ -1,16 +0,0 @@ ---- vsftpd-2.0.5/vsftpd.conf.old 2006-08-01 13:56:18.000000000 +0200 -+++ vsftpd-2.0.5/vsftpd.conf 2006-08-01 13:59:15.000000000 +0200 -@@ -103,7 +103,11 @@ - - pam_service_name=vsftpd - userlist_enable=YES --#enable for standalone mode -+# When enabled, vsftpd runs in standalone mode, but listen only to IPv6 sockets. -+# This directive cannot be used in conjunction with the listen directive. -+# Make sure, that one of listen options are commited -+# enable for standalone mode - listen=YES --listen_ipv6=YES -+#listen_ipv6=YES -+ - tcp_wrappers=YES diff --git a/vsftpd-2.0.5-bind_denied.patch b/vsftpd-2.0.5-bind_denied.patch deleted file mode 100644 index ee0d9f3..0000000 --- a/vsftpd-2.0.5-bind_denied.patch +++ /dev/null @@ -1,39 +0,0 @@ -diff -up vsftpd-2.0.7/postlogin.c.bind_denied vsftpd-2.0.7/postlogin.c ---- vsftpd-2.0.7/postlogin.c.bind_denied 2008-07-29 21:51:09.000000000 -0400 -+++ vsftpd-2.0.7/postlogin.c 2008-09-08 23:39:28.000000000 -0400 -@@ -574,7 +574,8 @@ handle_pasv(struct vsf_session* p_sess, - break; - } - } -- if (vsf_sysutil_get_error() == kVSFSysUtilErrADDRINUSE) -+ if ( (vsf_sysutil_get_error() == kVSFSysUtilErrADDRINUSE) || -+ (vsf_sysutil_get_error() == kVSFSysUtilErrEACCES) ) - { - continue; - } -diff -up vsftpd-2.0.7/sysutil.c.bind_denied vsftpd-2.0.7/sysutil.c ---- vsftpd-2.0.7/sysutil.c.bind_denied 2008-09-08 23:38:10.000000000 -0400 -+++ vsftpd-2.0.7/sysutil.c 2008-09-08 23:38:10.000000000 -0400 -@@ -1561,6 +1561,9 @@ vsf_sysutil_get_error(void) - case EOPNOTSUPP: - retval = kVSFSysUtilErrOPNOTSUPP; - break; -+ case EACCES: -+ retval = kVSFSysUtilErrEACCES; -+ break; - } - return retval; - } -diff -up vsftpd-2.0.7/sysutil.h.bind_denied vsftpd-2.0.7/sysutil.h ---- vsftpd-2.0.7/sysutil.h.bind_denied 2008-09-08 23:38:10.000000000 -0400 -+++ vsftpd-2.0.7/sysutil.h 2008-09-08 23:38:10.000000000 -0400 -@@ -16,7 +16,8 @@ enum EVSFSysUtilError - kVSFSysUtilErrNOSYS, - kVSFSysUtilErrINTR, - kVSFSysUtilErrINVAL, -- kVSFSysUtilErrOPNOTSUPP -+ kVSFSysUtilErrOPNOTSUPP, -+ kVSFSysUtilErrEACCES - }; - enum EVSFSysUtilError vsf_sysutil_get_error(void); - diff --git a/vsftpd-2.0.5-correct_comments.patch b/vsftpd-2.0.5-correct_comments.patch deleted file mode 100644 index 56c037d..0000000 --- a/vsftpd-2.0.5-correct_comments.patch +++ /dev/null @@ -1,37 +0,0 @@ ---- vsftpd-2.0.5/vsftpd.conf.comments 2007-07-10 16:12:51.000000000 +0200 -+++ vsftpd-2.0.5/vsftpd.conf 2007-07-10 16:15:18.000000000 +0200 -@@ -50,7 +50,8 @@ - # below. - #xferlog_file=/var/log/vsftpd.log - # --# If you want, you can have your log file in standard ftpd xferlog format -+# If you want, you can have your log file in standard ftpd xferlog format. -+# Note that the default log file location is /var/log/xferlog in this case. - xferlog_std_format=YES - # - # You may change the default value for timing out an idle session. -@@ -100,14 +101,17 @@ - # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume - # the presence of the "-R" option, so there is a strong case for enabling it. - #ls_recurse_enable=YES -- --pam_service_name=vsftpd --userlist_enable=YES --# When enabled, vsftpd runs in standalone mode, but listen only to IPv6 sockets. --# This directive cannot be used in conjunction with the listen directive. --# Make sure, that one of listen options are commited --# enable for standalone mode -+# -+# When "listen" directive is enabled, vsftpd runs in standalone mode and -+# listens on IPv4 sockets. This directive cannot be used in conjunction -+# with the listen_ipv6 directive. - listen=YES -+# -+# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6 -+# sockets, you must run two copies of vsftpd whith two configuration files. -+# Make sure, that one of the listen options is commented !! - #listen_ipv6=YES - -+pam_service_name=vsftpd -+userlist_enable=YES - tcp_wrappers=YES diff --git a/vsftpd-2.0.5-default_ipv6.patch b/vsftpd-2.0.5-default_ipv6.patch deleted file mode 100644 index f1bc300..0000000 --- a/vsftpd-2.0.5-default_ipv6.patch +++ /dev/null @@ -1,8 +0,0 @@ ---- vsftpd-2.0.5/vsftpd.conf.ipv6 2006-07-12 15:34:13.000000000 +0200 -+++ vsftpd-2.0.5/vsftpd.conf 2006-07-17 11:16:10.000000000 +0200 -@@ -105,4 +105,5 @@ - userlist_enable=YES - #enable for standalone mode - listen=YES -+listen_ipv6=YES - tcp_wrappers=YES diff --git a/vsftpd-2.0.5-fix_unique.patch b/vsftpd-2.0.5-fix_unique.patch deleted file mode 100644 index 3afadbd..0000000 --- a/vsftpd-2.0.5-fix_unique.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff -up vsftpd-2.0.5/postlogin.c.fix_unique vsftpd-2.0.5/postlogin.c ---- vsftpd-2.0.5/postlogin.c.fix_unique 2007-11-30 11:16:10.000000000 +0100 -+++ vsftpd-2.0.5/postlogin.c 2007-11-30 11:23:57.000000000 +0100 -@@ -1701,6 +1701,12 @@ get_unique_filename(struct mystr* p_outs - static struct vsf_sysutil_statbuf* s_p_statbuf; - unsigned int suffix = 1; - int retval; -+ retval = str_stat(p_base_str, &s_p_statbuf); -+ if (vsf_sysutil_retval_is_error(retval)) -+ { -+ str_copy(p_outstr, p_base_str); -+ return; -+ } - while (1) - { - str_copy(p_outstr, p_base_str); diff --git a/vsftpd-2.0.5-man.patch b/vsftpd-2.0.5-man.patch deleted file mode 100644 index 875e221..0000000 --- a/vsftpd-2.0.5-man.patch +++ /dev/null @@ -1,65 +0,0 @@ ---- vsftpd-2.0.5/vsftpd.conf.5.old 2006-08-22 10:53:57.000000000 +0200 -+++ vsftpd-2.0.5/vsftpd.conf.5 2006-08-22 10:57:24.000000000 +0200 -@@ -138,7 +138,7 @@ - different if chroot_local_user is set to YES. In this case, the list becomes - a list of users which are NOT to be placed in a chroot() jail. - By default, the file containing this list is --/etc/vsftpd.chroot_list, but you may override this with the -+/etc/vsftpd/chroot_list, but you may override this with the - .BR chroot_list_file - setting. - -@@ -166,7 +166,7 @@ - .B deny_email_enable - If activated, you may provide a list of anonymous password e-mail responses - which cause login to be denied. By default, the file containing this list is --/etc/vsftpd.banned_emails, but you may override this with the -+/etc/vsftpd/banned_emails, but you may override this with the - .BR banned_email_file - setting. - -@@ -396,7 +396,7 @@ - file specified by the - .BR email_password_file - setting. The file format is one password per line, no extra whitespace. The --default filename is /etc/vsftpd.email_passwords. -+default filename is /etc/vsftpd/email_passwords. - - Default: NO - .TP -@@ -691,7 +691,7 @@ - .BR deny_email_enable - is enabled. - --Default: /etc/vsftpd.banned_emails -+Default: /etc/vsftpd/banned_emails - .TP - .B banner_file - This option is the name of a file containing text to display when someone -@@ -720,7 +720,7 @@ - is enabled, then the list file becomes a list of users to NOT place in a - chroot() jail. - --Default: /etc/vsftpd.chroot_list -+Default: /etc/vsftpd/chroot_list - .TP - .B cmds_allowed - This options specifies a comma separated list of allowed FTP commands (post -@@ -772,7 +772,7 @@ - .BR secure_email_list_enable - setting. - --Default: /etc/vsftpd.email_passwords -+Default: /etc/vsftpd/email_passwords - .TP - .B ftp_username - This is the name of the user we use for handling anonymous FTP. The home -@@ -934,7 +934,7 @@ - .BR userlist_enable - option is active. - --Default: /etc/vsftpd.user_list -+Default: /etc/vsftpd/user_list - .TP - .B vsftpd_log_file - This option is the name of the file to which we write the vsftpd style diff --git a/vsftpd-2.0.5-pam_end.patch b/vsftpd-2.0.5-pam_end.patch deleted file mode 100644 index 9b4f70e..0000000 --- a/vsftpd-2.0.5-pam_end.patch +++ /dev/null @@ -1,81 +0,0 @@ -diff -up vsftpd-2.0.5/sysdeputil.c.pam_end vsftpd-2.0.5/sysdeputil.c ---- vsftpd-2.0.5/sysdeputil.c.pam_end 2007-11-02 15:53:20.000000000 +0100 -+++ vsftpd-2.0.5/sysdeputil.c 2007-11-08 13:49:44.000000000 +0100 -@@ -320,7 +320,7 @@ vsf_sysdep_check_auth(const struct mystr - retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host)); - if (retval != PAM_SUCCESS) - { -- (void) pam_end(s_pamh, 0); -+ (void) pam_end(s_pamh, retval); - s_pamh = 0; - return 0; - } -@@ -329,7 +329,7 @@ vsf_sysdep_check_auth(const struct mystr - retval = pam_set_item(s_pamh, PAM_TTY, "ftp"); - if (retval != PAM_SUCCESS) - { -- (void) pam_end(s_pamh, 0); -+ (void) pam_end(s_pamh, retval); - s_pamh = 0; - return 0; - } -@@ -338,7 +338,7 @@ vsf_sysdep_check_auth(const struct mystr - retval = pam_set_item(s_pamh, PAM_RUSER, str_getbuf(p_user_str)); - if (retval != PAM_SUCCESS) - { -- (void) pam_end(s_pamh, 0); -+ (void) pam_end(s_pamh, retval); - s_pamh = 0; - return 0; - } -@@ -346,28 +346,28 @@ vsf_sysdep_check_auth(const struct mystr - retval = pam_authenticate(s_pamh, 0); - if (retval != PAM_SUCCESS) - { -- (void) pam_end(s_pamh, 0); -+ (void) pam_end(s_pamh, retval); - s_pamh = 0; - return 0; - } - retval = pam_acct_mgmt(s_pamh, 0); - if (retval != PAM_SUCCESS) - { -- (void) pam_end(s_pamh, 0); -+ (void) pam_end(s_pamh, retval); - s_pamh = 0; - return 0; - } - retval = pam_setcred(s_pamh, PAM_ESTABLISH_CRED); - if (retval != PAM_SUCCESS) - { -- (void) pam_end(s_pamh, 0); -+ (void) pam_end(s_pamh, retval); - s_pamh = 0; - return 0; - } - if (!tunable_session_support) - { - /* You're in already! */ -- (void) pam_end(s_pamh, 0); -+ (void) pam_end(s_pamh, retval); - s_pamh = 0; - return 1; - } -@@ -378,7 +378,7 @@ vsf_sysdep_check_auth(const struct mystr - { - vsf_remove_uwtmp(); - (void) pam_setcred(s_pamh, PAM_DELETE_CRED); -- (void) pam_end(s_pamh, 0); -+ (void) pam_end(s_pamh, retval); - s_pamh = 0; - return 0; - } -@@ -399,7 +399,7 @@ vsf_auth_shutdown(void) - } - (void) pam_close_session(s_pamh, 0); - (void) pam_setcred(s_pamh, PAM_DELETE_CRED); -- (void) pam_end(s_pamh, 0); -+ (void) pam_end(s_pamh, PAM_SUCCESS); - s_pamh = 0; - vsf_remove_uwtmp(); - } diff --git a/vsftpd-2.0.5-pasv_dot.patch b/vsftpd-2.0.5-pasv_dot.patch deleted file mode 100644 index 8b5bcbe..0000000 --- a/vsftpd-2.0.5-pasv_dot.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- vsftpd-2.0.5/postlogin.c.old 2007-06-29 11:32:01.000000000 +0200 -+++ vsftpd-2.0.5/postlogin.c 2007-06-29 11:32:13.000000000 +0200 -@@ -607,7 +607,7 @@ - str_append_ulong(&s_pasv_res_str, the_port >> 8); - str_append_text(&s_pasv_res_str, ","); - str_append_ulong(&s_pasv_res_str, the_port & 255); -- str_append_text(&s_pasv_res_str, ")"); -+ str_append_text(&s_pasv_res_str, ")."); - vsf_cmdio_write_str(p_sess, FTP_PASVOK, &s_pasv_res_str); - } - diff --git a/vsftpd-2.0.5-uname_size.patch b/vsftpd-2.0.5-uname_size.patch deleted file mode 100644 index 727664c..0000000 --- a/vsftpd-2.0.5-uname_size.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- vsftpd-2.0.5/defs.h.uname_size 2007-04-13 15:15:54.000000000 +1000 -+++ vsftpd-2.0.5/defs.h 2007-04-13 15:19:14.000000000 +1000 -@@ -6,7 +6,7 @@ - #define VSFTP_COMMAND_FD 0 - - #define VSFTP_PASSWORD_MAX 128 --#define VSFTP_USERNAME_MAX 32 -+#define VSFTP_USERNAME_MAX 128 - #define VSFTP_MAX_COMMAND_LINE 4096 - #define VSFTP_DATA_BUFSIZE 65536 - #define VSFTP_DIR_BUFSIZE 16384 diff --git a/vsftpd-2.0.5-underscore_uname.patch b/vsftpd-2.0.5-underscore_uname.patch deleted file mode 100644 index 020c6e4..0000000 --- a/vsftpd-2.0.5-underscore_uname.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up vsftpd-2.0.5/sysutil.c.underscore_uname vsftpd-2.0.5/sysutil.c ---- vsftpd-2.0.5/sysutil.c.underscore_uname 2007-11-30 13:14:50.000000000 +0100 -+++ vsftpd-2.0.5/sysutil.c 2007-11-30 13:12:25.000000000 +0100 -@@ -905,7 +905,7 @@ vsf_sysutil_isprint(int the_char) - int - vsf_sysutil_isalnum(int the_char) - { -- return isalnum(the_char); -+ return isalnum(the_char) || the_char == '_' || the_char == '.'; - } - - int diff --git a/vsftpd-2.0.5-write_race.patch b/vsftpd-2.0.5-write_race.patch deleted file mode 100644 index c3ffab4..0000000 --- a/vsftpd-2.0.5-write_race.patch +++ /dev/null @@ -1,68 +0,0 @@ -diff -up vsftpd-2.0.7/postlogin.c.write_race vsftpd-2.0.7/postlogin.c ---- vsftpd-2.0.7/postlogin.c.write_race 2008-09-08 23:39:58.000000000 -0400 -+++ vsftpd-2.0.7/postlogin.c 2008-09-08 23:47:27.000000000 -0400 -@@ -982,6 +982,7 @@ handle_upload_common(struct vsf_session* - struct vsf_transfer_ret trans_ret; - int new_file_fd; - int remote_fd; -+ int truncit = 0; - int success = 0; - int created = 0; - filesize_t offset = p_sess->restart_pos; -@@ -1018,7 +1019,15 @@ handle_upload_common(struct vsf_session* - /* For non-anonymous, allow open() to overwrite or append existing files */ - if (!is_append && offset == 0) - { -- new_file_fd = str_create_overwrite(p_filename); -+ if (tunable_lock_upload_files) -+ { -+ new_file_fd = str_create_append(p_filename); -+ truncit = 1; -+ } -+ else -+ { -+ new_file_fd = str_create_overwrite(p_filename); -+ } - } - else - { -@@ -1056,6 +1065,11 @@ handle_upload_common(struct vsf_session* - if (tunable_lock_upload_files) - { - vsf_sysutil_lock_file_write(new_file_fd); -+ if (truncit) -+ { -+ vsf_sysutil_truncate(new_file_fd, 0); -+ vsf_sysutil_lseek_to(new_file_fd, 0); -+ } - } - if (!is_append && offset != 0) - { -diff -up vsftpd-2.0.7/sysutil.c.write_race vsftpd-2.0.7/sysutil.c ---- vsftpd-2.0.7/sysutil.c.write_race 2008-09-08 23:39:58.000000000 -0400 -+++ vsftpd-2.0.7/sysutil.c 2008-09-08 23:39:58.000000000 -0400 -@@ -1200,6 +1200,12 @@ vsf_sysutil_close_failok(int fd) - } - - int -+vsf_sysutil_truncate(int fd, filesize_t length) -+{ -+ return ftruncate(fd, length); -+} -+ -+int - vsf_sysutil_unlink(const char* p_dead) - { - return unlink(p_dead); -diff -up vsftpd-2.0.7/sysutil.h.write_race vsftpd-2.0.7/sysutil.h ---- vsftpd-2.0.7/sysutil.h.write_race 2008-09-08 23:39:58.000000000 -0400 -+++ vsftpd-2.0.7/sysutil.h 2008-09-08 23:39:58.000000000 -0400 -@@ -91,6 +91,8 @@ void vsf_sysutil_close(int fd); - int vsf_sysutil_close_failok(int fd); - int vsf_sysutil_unlink(const char* p_dead); - int vsf_sysutil_write_access(const char* p_filename); -+/* Trucate after open */ -+int vsf_sysutil_truncate(int fd, filesize_t length); - - /* Reading and writing */ - void vsf_sysutil_lseek_to(const int fd, filesize_t seek_pos); diff --git a/vsftpd-2.0.6-listen.patch b/vsftpd-2.0.6-listen.patch deleted file mode 100644 index d2d6706..0000000 --- a/vsftpd-2.0.6-listen.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -up vsftpd-2.0.6/tunables.c.listen vsftpd-2.0.6/tunables.c ---- vsftpd-2.0.6/tunables.c.listen 2008-03-31 22:28:07.000000000 +0200 -+++ vsftpd-2.0.6/tunables.c 2008-03-31 22:28:25.000000000 +0200 -@@ -39,7 +39,7 @@ int tunable_userlist_deny = 1; - int tunable_use_localtime = 0; - int tunable_check_shell = 1; - int tunable_hide_ids = 0; --int tunable_listen = 0; -+int tunable_listen = 1; - int tunable_port_promiscuous = 0; - int tunable_passwd_chroot_enable = 0; - int tunable_no_anon_password = 0; -diff -up vsftpd-2.0.6/vsftpd.conf.5.listen vsftpd-2.0.6/vsftpd.conf.5 ---- vsftpd-2.0.6/vsftpd.conf.5.listen 2008-03-31 22:38:00.000000000 +0200 -+++ vsftpd-2.0.6/vsftpd.conf.5 2008-03-31 22:38:24.000000000 +0200 -@@ -265,7 +265,7 @@ not be run from an inetd of some kind. I - run once directly. vsftpd itself will then take care of listening for and - handling incoming connections. - --Default: NO -+Default: YES - .TP - .B listen_ipv6 - Like the listen parameter, except vsftpd will listen on an IPv6 socket instead diff --git a/vsftpd-2.1.0-build_ssl.patch b/vsftpd-2.1.0-build_ssl.patch new file mode 100644 index 0000000..e2ca633 --- /dev/null +++ b/vsftpd-2.1.0-build_ssl.patch @@ -0,0 +1,12 @@ +diff -up vsftpd-2.1.0/builddefs.h.build_ssl vsftpd-2.1.0/builddefs.h +--- vsftpd-2.1.0/builddefs.h.build_ssl 2009-01-08 18:49:33.000000000 +0100 ++++ vsftpd-2.1.0/builddefs.h 2009-01-08 18:49:41.000000000 +0100 +@@ -3,7 +3,7 @@ + + #undef VSF_BUILD_TCPWRAPPERS + #define VSF_BUILD_PAM +-#undef VSF_BUILD_SSL ++#define VSF_BUILD_SSL + + #endif /* VSF_BUILDDEFS_H */ + diff --git a/vsftpd-2.1.0-configuration.patch b/vsftpd-2.1.0-configuration.patch new file mode 100644 index 0000000..8e3b715 --- /dev/null +++ b/vsftpd-2.1.0-configuration.patch @@ -0,0 +1,395 @@ +diff -up vsftpd-2.1.0/defs.h.configuration vsftpd-2.1.0/defs.h +--- vsftpd-2.1.0/defs.h.configuration 2009-01-08 18:01:13.000000000 +0100 ++++ vsftpd-2.1.0/defs.h 2009-01-08 18:01:23.000000000 +0100 +@@ -1,7 +1,7 @@ + #ifndef VSF_DEFS_H + #define VSF_DEFS_H + +-#define VSFTP_DEFAULT_CONFIG "/etc/vsftpd.conf" ++#define VSFTP_DEFAULT_CONFIG "/etc/vsftpd/vsftpd.conf" + + #define VSFTP_COMMAND_FD 0 + +diff -up vsftpd-2.1.0/EXAMPLE/INTERNET_SITE_NOINETD/README.configuration vsftpd-2.1.0/EXAMPLE/INTERNET_SITE_NOINETD/README +--- vsftpd-2.1.0/EXAMPLE/INTERNET_SITE_NOINETD/README.configuration 2009-01-08 18:17:07.000000000 +0100 ++++ vsftpd-2.1.0/EXAMPLE/INTERNET_SITE_NOINETD/README 2009-01-08 18:15:07.000000000 +0100 +@@ -17,7 +17,7 @@ even per-connect-IP configurability. + + To use this example config: + +-1) Copy the vsftpd.conf file in this directory to /etc/vsftpd.conf. ++1) Copy the vsftpd.conf file in this directory to /etc/vsftpd/vsftpd.conf. + + 2) Start up vsftpd, e.g. + vsftpd & +@@ -51,5 +51,5 @@ in the vsftpd.conf: + listen_address=192.168.1.2 + + And launch vsftpd with a specific config file like this: +-vsftpd /etc/vsftpd.conf.site1 & ++vsftpd /etc/vsftpd/vsftpd.conf.site1 & + +diff -up vsftpd-2.1.0/EXAMPLE/INTERNET_SITE/README.configuration vsftpd-2.1.0/EXAMPLE/INTERNET_SITE/README +--- vsftpd-2.1.0/EXAMPLE/INTERNET_SITE/README.configuration 2009-01-08 18:15:29.000000000 +0100 ++++ vsftpd-2.1.0/EXAMPLE/INTERNET_SITE/README 2009-01-08 18:16:13.000000000 +0100 +@@ -41,13 +41,13 @@ no_access = 192.168.1.3 + As an example of how to ban certain sites from connecting, 192.168.1.3 will + be denied access. + +-banner_fail = /etc/vsftpd.busy_banner ++banner_fail = /etc/vsftpd/busy_banner + + This is the file to display to users if the connection is refused for whatever + reason (too many users, IP banned). + + Example of how to populate it: +-echo "421 Server busy, please try later." > /etc/vsftpd.busy_banner ++echo "421 Server busy, please try later." > /etc/vsftpd/busy_banner + + log_on_success += PID HOST DURATION + log_on_failure += HOST +@@ -62,7 +62,7 @@ Step 2) Set up your vsftpd configuration + + An example file is supplied. Install it like this: + +-cp vsftpd.conf /etc ++cp vsftpd.conf /etc/vsftpd + + Let's example the contents of the file: + +diff -up vsftpd-2.1.0/EXAMPLE/PER_IP_CONFIG/README.configuration vsftpd-2.1.0/EXAMPLE/PER_IP_CONFIG/README +--- vsftpd-2.1.0/EXAMPLE/PER_IP_CONFIG/README.configuration 2009-01-08 18:19:14.000000000 +0100 ++++ vsftpd-2.1.0/EXAMPLE/PER_IP_CONFIG/README 2009-01-08 18:19:35.000000000 +0100 +@@ -20,12 +20,12 @@ directory: hosts.allow. It lives at /etc + + Let's have a look at the example: + +-vsftpd: 192.168.1.3: setenv VSFTPD_LOAD_CONF /etc/vsftpd_tcp_wrap.conf ++vsftpd: 192.168.1.3: setenv VSFTPD_LOAD_CONF /etc/vsftpd/tcp_wrap.conf + vsftpd: 192.168.1.4: DENY + + The first line: + If a client connects from 192.168.1.3, then vsftpd will apply the vsftpd +-config file /etc/vsftpd_tcp_wrap.conf to the session! These settings are ++config file /etc/vsftpd/tcp_wrap.conf to the session! These settings are + applied ON TOP of the default vsftpd.conf. + This is obviously very powerful. You might use this to apply different + access restrictions for some IPs (e.g. the ability to upload). +diff -up vsftpd-2.1.0/EXAMPLE/VIRTUAL_USERS/README.configuration vsftpd-2.1.0/EXAMPLE/VIRTUAL_USERS/README +--- vsftpd-2.1.0/EXAMPLE/VIRTUAL_USERS/README.configuration 2009-01-08 18:18:04.000000000 +0100 ++++ vsftpd-2.1.0/EXAMPLE/VIRTUAL_USERS/README 2009-01-08 18:18:53.000000000 +0100 +@@ -15,7 +15,7 @@ See example file "logins.txt" - this spe + "fred" with password "bar". + Whilst logged in as root, create the actual database file like this: + +-db_load -T -t hash -f logins.txt /etc/vsftpd_login.db ++db_load -T -t hash -f logins.txt /etc/vsftpd/login.db + (Requires the Berkeley db program installed). + NOTE: Many systems have multiple versions of "db" installed, so you may + need to use e.g. db3_load for correct operation. This is known to affect +@@ -23,10 +23,10 @@ some Debian systems. The core issue is t + database to be a specific db version (often db3, whereas db4 may be installed + on your system). + +-This will create /etc/vsftpd_login.db. Obviously, you may want to make sure ++This will create /etc/vsftpd/login.db. Obviously, you may want to make sure + the permissions are restricted: + +-chmod 600 /etc/vsftpd_login.db ++chmod 600 /etc/vsftpd/login.db + + For more information on maintaing your login database, look around for + documentation on "Berkeley DB", e.g. +@@ -37,8 +37,8 @@ Step 2) Create a PAM file which uses you + + See the example file vsftpd.pam. It contains two lines: + +-auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login +-account required /lib/security/pam_userdb.so db=/etc/vsftpd_login ++auth required /lib/security/pam_userdb.so db=/etc/vsftpd/login ++account required /lib/security/pam_userdb.so db=/etc/vsftpd/login + + This tells PAM to authenticate users using our new database. Copy this PAM + file to the PAM directory - typically /etc/pam.d/ +@@ -108,9 +108,9 @@ pasv_max_port=30999 + These put a port range on passive FTP incoming requests - very useful if + you are configuring a firewall. + +-Copy the example vsftpd.conf file to /etc: ++Copy the example vsftpd.conf file to /etc/vsftpd: + +-cp vsftpd.conf /etc/ ++cp vsftpd.conf /etc/vsftpd/ + + + Step 5) Start up vsftpd. +diff -up vsftpd-2.1.0/FAQ.configuration vsftpd-2.1.0/FAQ +--- vsftpd-2.1.0/FAQ.configuration 2009-01-08 17:58:39.000000000 +0100 ++++ vsftpd-2.1.0/FAQ 2009-01-08 18:01:04.000000000 +0100 +@@ -34,7 +34,7 @@ needs this user to run bits of itself wi + Q) Help! Local users cannot log in. + A) There are various possible problems. + A1) By default, vsftpd disables any logins other than anonymous logins. Put +-local_enable=YES in your /etc/vsftpd.conf to allow local users to log in. ++local_enable=YES in your /etc/vsftpd/vsftpd.conf to allow local users to log in. + A2) vsftpd tries to link with PAM. (Run "ldd vsftpd" and look for libpam to + find out whether this has happened or not). If vsftpd links with PAM, then + you will need to have a PAM file installed for the vsftpd service. There is +@@ -46,12 +46,12 @@ system have a "shadow.h" file in the inc + A4) If you are not using PAM, then vsftpd will do its own check for a valid + user shell in /etc/shells. You may need to disable this if you use an invalid + shell to disable logins other than FTP logins. Put check_shell=NO in your +-/etc/vsftpd.conf. ++/etc/vsftpd/vsftpd.conf. + + Q) Help! Uploads or other write commands give me "500 Unknown command.". + A) By default, write commands, including uploads and new directories, are + disabled. This is a security measure. To enable writes, put write_enable=YES +-in your /etc/vsftpd.conf. ++in your /etc/vsftpd/vsftpd.conf. + + Q) Help! What are the security implications referred to in the + "chroot_local_user" option? +@@ -87,7 +87,7 @@ A2) Alternatively, run as many copies as + mode. Use "listen_address=x.x.x.x" to set the virtual IP. + + Q) Help! Does vsftpd support virtual users? +-A) Yes, via PAM integration. Set "guest_enable=YES" in /etc/vsftpd.conf. This ++A) Yes, via PAM integration. Set "guest_enable=YES" in /etc/vsftpd/vsftpd.conf. This + has the effect of mapping every non-anonymous successful login to the local + username specified in "guest_username". Then, use PAM and (e.g.) its pam_userdb + module to provide authentication against an external (i.e. non-/etc/passwd) +diff -up vsftpd-2.1.0/INSTALL.configuration vsftpd-2.1.0/INSTALL +--- vsftpd-2.1.0/INSTALL.configuration 2009-01-08 18:01:36.000000000 +0100 ++++ vsftpd-2.1.0/INSTALL 2009-01-08 18:03:30.000000000 +0100 +@@ -56,14 +56,14 @@ cp vsftpd.8 /usr/local/man/man8 + + "make install" doesn't copy the sample config file. It is recommended you + do this: +-cp vsftpd.conf /etc ++cp vsftpd.conf /etc/vsftpd + + Step 4) Smoke test (without an inetd). + + vsftpd can run standalone or via an inetd (such as inetd or xinetd). You will + typically get more control running vsftpd from an inetd. But first we will run + it without, so we can check things are going well so far. +-Edit /etc/vsftpd.conf, and add this line at the bottom: ++Edit /etc/vsftpd/vsftpd.conf, and add this line at the bottom: + + listen=YES + +@@ -135,11 +135,11 @@ cp RedHat/vsftpd.pam /etc/pam.d/ftp + Step 7) Customize your configuration + + As well as the above three pre-requisites, you are recommended to install a +-config file. The default location for the config file is /etc/vsftpd.conf. ++config file. The default location for the config file is /etc/vsftpd/vsftpd.conf. + There is a sample vsftpd.conf in the distribution tarball. You probably want +-to copy that to /etc/vsftpd.conf as a basis for modification, i.e.: ++to copy that to /etc/vsftpd/vsftpd.conf as a basis for modification, i.e.: + +-cp vsftpd.conf /etc ++cp vsftpd.conf /etc/vsftpd + + The default configuration allows neither local user logins nor anonymous + uploads. You may wish to change these defaults. +diff -up vsftpd-2.1.0/README.configuration vsftpd-2.1.0/README +--- vsftpd-2.1.0/README.configuration 2009-01-08 18:13:37.000000000 +0100 ++++ vsftpd-2.1.0/README 2009-01-08 18:14:21.000000000 +0100 +@@ -37,3 +37,8 @@ All configuration options are documented + Various example configurations are discussed in the EXAMPLE directory. + Frequently asked questions are tackled in the FAQ file. + ++Important Note ++============== ++The location of configuration files was changed to /etc/vsftpd/. If you want ++to migrate your old conf files from /etc (files vsftpd.xxxx.rpmsave) use ++/etc/vsfptd/vsftpd_conf_migrate.sh +diff -up vsftpd-2.1.0/tunables.c.configuration vsftpd-2.1.0/tunables.c +--- vsftpd-2.1.0/tunables.c.configuration 2009-01-08 18:20:05.000000000 +0100 ++++ vsftpd-2.1.0/tunables.c 2009-01-08 18:22:13.000000000 +0100 +@@ -184,7 +184,7 @@ tunables_load_defaults() + tunable_listen_ipv6 = 0; + tunable_dual_log_enable = 0; + tunable_syslog_enable = 0; +- tunable_background = 0; ++ tunable_background = 1; + tunable_virtual_use_local_privs = 0; + tunable_session_support = 0; + tunable_download_enable = 1; +@@ -250,11 +250,11 @@ tunables_load_defaults() + install_str_setting(".message", &tunable_message_file); + install_str_setting("nobody", &tunable_nopriv_user); + install_str_setting(0, &tunable_ftpd_banner); +- install_str_setting("/etc/vsftpd.banned_emails", &tunable_banned_email_file); +- install_str_setting("/etc/vsftpd.chroot_list", &tunable_chroot_list_file); ++ install_str_setting("/etc/vsftpd/banned_emails", &tunable_banned_email_file); ++ install_str_setting("/etc/vsftpd/chroot_list", &tunable_chroot_list_file); + install_str_setting("ftp", &tunable_pam_service_name); + install_str_setting("ftp", &tunable_guest_username); +- install_str_setting("/etc/vsftpd.user_list", &tunable_userlist_file); ++ install_str_setting("/etc/vsftpd/user_list", &tunable_userlist_file); + install_str_setting(0, &tunable_anon_root); + install_str_setting(0, &tunable_local_root); + install_str_setting(0, &tunable_banner_file); +@@ -267,7 +267,7 @@ tunables_load_defaults() + install_str_setting(0, &tunable_hide_file); + install_str_setting(0, &tunable_deny_file); + install_str_setting(0, &tunable_user_sub_token); +- install_str_setting("/etc/vsftpd.email_passwords", ++ install_str_setting("/etc/vsftpd/email_passwords", + &tunable_email_password_file); + install_str_setting("/usr/share/ssl/certs/vsftpd.pem", + &tunable_rsa_cert_file); +diff -up vsftpd-2.1.0/vsftpd.8.configuration vsftpd-2.1.0/vsftpd.8 +--- vsftpd-2.1.0/vsftpd.8.configuration 2009-01-08 18:03:47.000000000 +0100 ++++ vsftpd-2.1.0/vsftpd.8 2009-01-08 18:04:02.000000000 +0100 +@@ -21,7 +21,7 @@ itself will listen on the network. This + recommended. It is activated by setting + .Pa listen=YES + in +-.Pa /etc/vsftpd.conf . ++.Pa /etc/vsftpd/vsftpd.conf . + Direct execution of the + .Nm vsftpd + binary will then launch the FTP service ready for immediate client connections. +@@ -30,6 +30,6 @@ An optional + .Op configuration file + may be given on the command line. This file must be owned as root if running as + root. The default configuration file is +-.Pa /etc/vsftpd.conf . ++.Pa /etc/vsftpd/vsftpd.conf . + .Sh SEE ALSO + .Xr vsftpd.conf 5 +diff -up vsftpd-2.1.0/vsftpd.conf.5.configuration vsftpd-2.1.0/vsftpd.conf.5 +--- vsftpd-2.1.0/vsftpd.conf.5.configuration 2009-01-08 18:04:53.000000000 +0100 ++++ vsftpd-2.1.0/vsftpd.conf.5 2009-01-08 18:29:33.000000000 +0100 +@@ -4,7 +4,7 @@ vsftpd.conf \- config file for vsftpd + .SH DESCRIPTION + vsftpd.conf may be used to control various aspects of vsftpd's behaviour. By + default, vsftpd looks for this file at the location +-.BR /etc/vsftpd.conf . ++.BR /etc/vsftpd/vsftpd.conf . + However, you may override this by specifying a command line argument to + vsftpd. The command line argument is the pathname of the configuration file + for vsftpd. This behaviour is useful because you may wish to use an advanced +@@ -110,7 +110,7 @@ When enabled, and vsftpd is started in " + the listener process. i.e. control will immediately be returned to the shell + which launched vsftpd. + +-Default: NO ++Default: YES + .TP + .B check_shell + Note! This option only has an effect for non-PAM builds of vsftpd. If disabled, +@@ -138,7 +138,7 @@ chroot() jail in their home directory up + different if chroot_local_user is set to YES. In this case, the list becomes + a list of users which are NOT to be placed in a chroot() jail. + By default, the file containing this list is +-/etc/vsftpd.chroot_list, but you may override this with the ++/etc/vsftpd/chroot_list, but you may override this with the + .BR chroot_list_file + setting. + +@@ -177,7 +177,7 @@ Default: NO + .B deny_email_enable + If activated, you may provide a list of anonymous password e-mail responses + which cause login to be denied. By default, the file containing this list is +-/etc/vsftpd.banned_emails, but you may override this with the ++/etc/vsftpd/banned_emails, but you may override this with the + .BR banned_email_file + setting. + +@@ -430,7 +430,7 @@ anonymous logins are prevented unless th + file specified by the + .BR email_password_file + setting. The file format is one password per line, no extra whitespace. The +-default filename is /etc/vsftpd.email_passwords. ++default filename is /etc/vsftpd/email_passwords. + + Default: NO + .TP +@@ -761,7 +761,7 @@ passwords which are not permitted. This + .BR deny_email_enable + is enabled. + +-Default: /etc/vsftpd.banned_emails ++Default: /etc/vsftpd/banned_emails + .TP + .B banner_file + This option is the name of a file containing text to display when someone +@@ -798,7 +798,7 @@ is enabled. If the option + is enabled, then the list file becomes a list of users to NOT place in a + chroot() jail. + +-Default: /etc/vsftpd.chroot_list ++Default: /etvsftpd.confc/vsftpd.chroot_list + .TP + .B cmds_allowed + This options specifies a comma separated list of allowed FTP commands (post +@@ -859,7 +859,7 @@ This option can be used to provide an al + .BR secure_email_list_enable + setting. + +-Default: /etc/vsftpd.email_passwords ++Default: /etc/vsftpd/email_passwords + .TP + .B ftp_username + This is the name of the user we use for handling anonymous FTP. The home +@@ -982,10 +982,10 @@ the manual page, on a per-user basis. Us + with an example. If you set + .BR user_config_dir + to be +-.BR /etc/vsftpd_user_conf ++.BR /etc/vsftpd/user_conf + and then log on as the user "chris", then vsftpd will apply the settings in + the file +-.BR /etc/vsftpd_user_conf/chris ++.BR /etc/vsftpd/user_conf/chris + for the duration of the session. The format of this file is as detailed in + this manual page! PLEASE NOTE that not all settings are effective on a + per-user basis. For example, many settings only prior to the user's session +@@ -1021,7 +1021,7 @@ This option is the name of the file load + .BR userlist_enable + option is active. + +-Default: /etc/vsftpd.user_list ++Default: /etc/vsftpd/user_list + .TP + .B vsftpd_log_file + This option is the name of the file to which we write the vsftpd style +diff -up vsftpd-2.1.0/vsftpd.conf.configuration vsftpd-2.1.0/vsftpd.conf +--- vsftpd-2.1.0/vsftpd.conf.configuration 2009-01-08 17:54:33.000000000 +0100 ++++ vsftpd-2.1.0/vsftpd.conf 2009-01-08 18:20:55.000000000 +0100 +@@ -1,4 +1,4 @@ +-# Example config file /etc/vsftpd.conf ++# Example config file /etc/vsftpd/vsftpd.conf + # + # The default compiled in settings are fairly paranoid. This sample file + # loosens things up a bit, to make the ftp daemon more usable. +@@ -87,14 +87,14 @@ connect_from_port_20=YES + # useful for combatting certain DoS attacks. + #deny_email_enable=YES + # (default follows) +-#banned_email_file=/etc/vsftpd.banned_emails ++#banned_email_file=/etc/vsftpd/banned_emails + # + # You may specify an explicit list of local users to chroot() to their home + # directory. If chroot_local_user is YES, then this list becomes a list of + # users to NOT chroot(). + #chroot_list_enable=YES + # (default follows) +-#chroot_list_file=/etc/vsftpd.chroot_list ++#chroot_list_file=/etc/vsftpd/chroot_list + # + # You may activate the "-R" option to the builtin ls. This is disabled by + # default to avoid remote users being able to cause excessive I/O on large +@@ -111,3 +111,7 @@ listen=YES + # sockets, you must run two copies of vsftpd whith two configuration files. + # Make sure, that one of the listen options is commented !! + #listen_ipv6=YES ++ ++pam_service_name=vsftpd ++userlist_enable=YES ++tcp_wrappers=YES diff --git a/vsftpd-2.0.4-filter.patch b/vsftpd-2.1.0-filter.patch similarity index 63% rename from vsftpd-2.0.4-filter.patch rename to vsftpd-2.1.0-filter.patch index d536f8c..fe049fa 100644 --- a/vsftpd-2.0.4-filter.patch +++ b/vsftpd-2.1.0-filter.patch @@ -1,6 +1,7 @@ ---- vsftpd-2.0.4/ls.c.orig 2005-05-23 23:55:00.000000000 +0200 -+++ vsftpd-2.0.4/ls.c 2006-07-11 01:02:21.000000000 +0200 -@@ -239,9 +239,31 @@ +diff -up vsftpd-2.1.0/ls.c.filter vsftpd-2.1.0/ls.c +--- vsftpd-2.1.0/ls.c.filter 2008-02-02 02:30:41.000000000 +0100 ++++ vsftpd-2.1.0/ls.c 2009-01-08 19:31:15.000000000 +0100 +@@ -239,9 +239,31 @@ vsf_filename_passes_filter(const struct int ret = 0; char last_token = 0; int must_match_at_current_pos = 1; @@ -34,20 +35,10 @@ while (!str_isempty(&filter_remain_str)) { static struct mystr s_match_needed_str; ---- vsftpd-2.0.4/str.h.orig 2004-06-04 18:35:00.000000000 +0200 -+++ vsftpd-2.0.4/str.h 2006-07-11 00:59:59.000000000 +0200 -@@ -96,6 +96,8 @@ - int str_contains_space(const struct mystr* p_str); - int str_contains_unprintable(const struct mystr* p_str); - void str_replace_unprintable(struct mystr* p_str, char new_char); -+void str_basename (struct mystr* d_str, const struct mystr* path); -+ - int str_atoi(const struct mystr* p_str); - filesize_t str_a_to_filesize_t(const struct mystr* p_str); - unsigned int str_octal_to_uint(const struct mystr* p_str); ---- vsftpd-2.0.4/str.c.orig 2004-07-12 19:58:39.000000000 +0200 -+++ vsftpd-2.0.4/str.c 2006-07-11 00:59:59.000000000 +0200 -@@ -662,3 +662,14 @@ +diff -up vsftpd-2.1.0/str.c.filter vsftpd-2.1.0/str.c +--- vsftpd-2.1.0/str.c.filter 2008-12-17 06:54:16.000000000 +0100 ++++ vsftpd-2.1.0/str.c 2009-01-08 19:31:15.000000000 +0100 +@@ -680,3 +680,14 @@ str_replace_unprintable(struct mystr* p_ } } @@ -62,3 +53,14 @@ + if (str_isempty(d_str)) + str_copy (d_str, path); +} +diff -up vsftpd-2.1.0/str.h.filter vsftpd-2.1.0/str.h +--- vsftpd-2.1.0/str.h.filter 2008-12-17 06:53:23.000000000 +0100 ++++ vsftpd-2.1.0/str.h 2009-01-08 19:32:14.000000000 +0100 +@@ -100,6 +100,7 @@ void str_replace_unprintable(struct myst + int str_atoi(const struct mystr* p_str); + filesize_t str_a_to_filesize_t(const struct mystr* p_str); + unsigned int str_octal_to_uint(const struct mystr* p_str); ++void str_basename (struct mystr* d_str, const struct mystr* path); + + /* PURPOSE: Extract a line of text (delimited by \n or EOF) from a string + * buffer, starting at character position 'p_pos'. The extracted line will diff --git a/vsftpd-1.5.1-libs.patch b/vsftpd-2.1.0-libs.patch similarity index 50% rename from vsftpd-1.5.1-libs.patch rename to vsftpd-2.1.0-libs.patch index 702ca18..4fcae6e 100644 --- a/vsftpd-1.5.1-libs.patch +++ b/vsftpd-2.1.0-libs.patch @@ -1,11 +1,11 @@ ---- vsftpd-1.2.1/Makefile.rh1 2003-11-25 15:58:11.000000000 +0100 -+++ vsftpd-1.2.1/Makefile 2003-11-25 15:58:33.000000000 +0100 -@@ -5,7 +5,8 @@ +diff -up vsftpd-2.1.0/Makefile.libs vsftpd-2.1.0/Makefile +--- vsftpd-2.1.0/Makefile.libs 2009-01-08 18:55:39.000000000 +0100 ++++ vsftpd-2.1.0/Makefile 2009-01-08 18:55:57.000000000 +0100 +@@ -5,7 +5,7 @@ IFLAGS = -idirafter dummyinc #CFLAGS = -g CFLAGS = -O2 -Wall -W -Wshadow #-pedantic -Werror -Wconversion -LIBS = `./vsf_findlibs.sh` -+#LIBS = `./vsf_findlibs.sh` +LIBS = -lwrap -lnsl -lpam -lcap -ldl LINK = -Wl,-s diff --git a/vsftpd-2.1.0-pam_hostname.patch b/vsftpd-2.1.0-pam_hostname.patch new file mode 100644 index 0000000..3d15920 --- /dev/null +++ b/vsftpd-2.1.0-pam_hostname.patch @@ -0,0 +1,57 @@ +diff -up vsftpd-2.1.0/sysdeputil.c.pam_hostname vsftpd-2.1.0/sysdeputil.c +--- vsftpd-2.1.0/sysdeputil.c.pam_hostname 2008-12-17 22:40:56.000000000 +0100 ++++ vsftpd-2.1.0/sysdeputil.c 2009-01-15 15:38:14.000000000 +0100 +@@ -16,6 +16,10 @@ + #include "tunables.h" + #include "builddefs.h" + ++/* For gethostbyaddr, inet_addr */ ++#include ++#include ++ + /* For Linux, this adds nothing :-) */ + #include "port/porting_junk.h" + +@@ -296,6 +300,10 @@ vsf_sysdep_check_auth(const struct mystr + const struct mystr* p_remote_host) + { + int retval; ++#ifdef PAM_RHOST ++ struct sockaddr_in sin; ++ struct hostent *host; ++#endif + struct pam_conv the_conv = + { + &pam_conv_func, +@@ -314,7 +322,12 @@ vsf_sysdep_check_auth(const struct mystr + return 0; + } + #ifdef PAM_RHOST +- retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host)); ++ sin.sin_addr.s_addr = inet_addr(str_getbuf(p_remote_host)); ++ host = gethostbyaddr((char*)&sin.sin_addr.s_addr,sizeof(struct in_addr),AF_INET); ++ if (host != (struct hostent*)0) ++ retval = pam_set_item(s_pamh, PAM_RHOST, host->h_name); ++ else ++ retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host)); + if (retval != PAM_SUCCESS) + { + (void) pam_end(s_pamh, retval); +@@ -516,7 +529,7 @@ vsf_sysdep_has_capabilities(void) + } + return s_runtime_has_caps; + } +- ++ + #ifndef VSF_SYSDEP_HAVE_LIBCAP + static int + do_checkcap(void) +@@ -1038,7 +1051,7 @@ vsf_sysutil_recv_fd(const int sock_fd) + msg.msg_flags = 0; + /* In case something goes wrong, set the fd to -1 before the syscall */ + p_fd = (int*)CMSG_DATA(CMSG_FIRSTHDR(&msg)); +- *p_fd = -1; ++ *p_fd = -1; + retval = recvmsg(sock_fd, &msg, 0); + if (retval != 1) + { diff --git a/vsftpd-2.1.0-tcp_wrappers.patch b/vsftpd-2.1.0-tcp_wrappers.patch new file mode 100644 index 0000000..dc0bbce --- /dev/null +++ b/vsftpd-2.1.0-tcp_wrappers.patch @@ -0,0 +1,12 @@ +diff -up vsftpd-2.1.0/builddefs.h.tcp_wrappers vsftpd-2.1.0/builddefs.h +--- vsftpd-2.1.0/builddefs.h.tcp_wrappers 2009-01-08 18:52:46.000000000 +0100 ++++ vsftpd-2.1.0/builddefs.h 2009-01-08 18:52:56.000000000 +0100 +@@ -1,7 +1,7 @@ + #ifndef VSF_BUILDDEFS_H + #define VSF_BUILDDEFS_H + +-#undef VSF_BUILD_TCPWRAPPERS ++#define VSF_BUILD_TCPWRAPPERS + #define VSF_BUILD_PAM + #define VSF_BUILD_SSL + diff --git a/vsftpd-2.0.6-userlist_log.patch b/vsftpd-2.1.0-userlist_log.patch similarity index 58% rename from vsftpd-2.0.6-userlist_log.patch rename to vsftpd-2.1.0-userlist_log.patch index 57924c5..f1235fc 100644 --- a/vsftpd-2.0.6-userlist_log.patch +++ b/vsftpd-2.1.0-userlist_log.patch @@ -1,18 +1,44 @@ -diff -up vsftpd-2.0.6/tunables.c.userlist_log vsftpd-2.0.6/tunables.c ---- vsftpd-2.0.6/tunables.c.userlist_log 2008-02-22 12:49:36.000000000 +0100 -+++ vsftpd-2.0.6/tunables.c 2008-02-22 12:56:49.000000000 +0100 -@@ -71,6 +71,7 @@ int tunable_force_anon_data_ssl = 0; - int tunable_mdtm_write = 1; - int tunable_lock_upload_files = 1; - int tunable_pasv_addr_resolve = 0; -+int tunable_userlist_log = 0; - int tunable_debug_ssl = 0; - int tunable_require_cert = 0; - int tunable_validate_cert = 0; -diff -up vsftpd-2.0.6/parseconf.c.userlist_log vsftpd-2.0.6/parseconf.c ---- vsftpd-2.0.6/parseconf.c.userlist_log 2008-02-22 12:49:36.000000000 +0100 -+++ vsftpd-2.0.6/parseconf.c 2008-02-22 12:58:19.000000000 +0100 -@@ -100,6 +100,7 @@ parseconf_bool_array[] = +diff -up vsftpd-2.1.0/logging.c.userlist_log vsftpd-2.1.0/logging.c +--- vsftpd-2.1.0/logging.c.userlist_log 2008-12-17 20:56:45.000000000 +0100 ++++ vsftpd-2.1.0/logging.c 2009-01-08 19:33:29.000000000 +0100 +@@ -95,6 +95,13 @@ vsf_log_line(struct vsf_session* p_sess, + vsf_log_common(p_sess, 1, what, p_str); + } + ++void ++vsf_log_failed_line(struct vsf_session* p_sess, enum EVSFLogEntryType what, ++ struct mystr* p_str) ++{ ++ vsf_log_common(p_sess, 0, what, p_str); ++} ++ + int + vsf_log_entry_pending(struct vsf_session* p_sess) + { +diff -up vsftpd-2.1.0/logging.h.userlist_log vsftpd-2.1.0/logging.h +--- vsftpd-2.1.0/logging.h.userlist_log 2008-07-30 03:29:21.000000000 +0200 ++++ vsftpd-2.1.0/logging.h 2009-01-08 19:33:29.000000000 +0100 +@@ -80,5 +80,16 @@ void vsf_log_do_log(struct vsf_session* + void vsf_log_line(struct vsf_session* p_sess, enum EVSFLogEntryType what, + struct mystr* p_str); + ++/* vsf_log_failed_line() ++ * PURPOSE ++ * Same as vsf_log_line(), except that it logs the line as failed operation. ++ * PARAMETERS ++ * p_sess - the current session object ++ * what - the type of operation to log ++ * p_str - the string to log ++ */ ++void vsf_log_failed_line(struct vsf_session* p_sess, enum EVSFLogEntryType what, ++ struct mystr* p_str); ++ + #endif /* VSF_LOGGING_H */ + +diff -up vsftpd-2.1.0/parseconf.c.userlist_log vsftpd-2.1.0/parseconf.c +--- vsftpd-2.1.0/parseconf.c.userlist_log 2008-12-18 07:21:41.000000000 +0100 ++++ vsftpd-2.1.0/parseconf.c 2009-01-08 19:33:29.000000000 +0100 +@@ -96,6 +96,7 @@ parseconf_bool_array[] = { "mdtm_write", &tunable_mdtm_write }, { "lock_upload_files", &tunable_lock_upload_files }, { "pasv_addr_resolve", &tunable_pasv_addr_resolve }, @@ -20,10 +46,10 @@ diff -up vsftpd-2.0.6/parseconf.c.userlist_log vsftpd-2.0.6/parseconf.c { "debug_ssl", &tunable_debug_ssl }, { "require_cert", &tunable_require_cert }, { "validate_cert", &tunable_validate_cert }, -diff -up vsftpd-2.0.6/prelogin.c.userlist_log vsftpd-2.0.6/prelogin.c ---- vsftpd-2.0.6/prelogin.c.userlist_log 2008-02-12 04:57:07.000000000 +0100 -+++ vsftpd-2.0.6/prelogin.c 2008-02-22 12:49:36.000000000 +0100 -@@ -194,6 +194,20 @@ handle_user_command(struct vsf_session* +diff -up vsftpd-2.1.0/prelogin.c.userlist_log vsftpd-2.1.0/prelogin.c +--- vsftpd-2.1.0/prelogin.c.userlist_log 2008-12-04 05:03:27.000000000 +0100 ++++ vsftpd-2.1.0/prelogin.c 2009-01-08 19:33:29.000000000 +0100 +@@ -216,6 +216,20 @@ handle_user_command(struct vsf_session* (!located && !tunable_userlist_deny)) { vsf_cmdio_write(p_sess, FTP_LOGINERR, "Permission denied."); @@ -44,10 +70,29 @@ diff -up vsftpd-2.0.6/prelogin.c.userlist_log vsftpd-2.0.6/prelogin.c str_empty(&p_sess->user_str); return; } -diff -up vsftpd-2.0.6/tunables.h.userlist_log vsftpd-2.0.6/tunables.h ---- vsftpd-2.0.6/tunables.h.userlist_log 2008-02-12 05:52:49.000000000 +0100 -+++ vsftpd-2.0.6/tunables.h 2008-02-22 12:59:01.000000000 +0100 -@@ -67,6 +67,7 @@ extern int tunable_force_anon_data_ssl; +diff -up vsftpd-2.1.0/tunables.c.userlist_log vsftpd-2.1.0/tunables.c +--- vsftpd-2.1.0/tunables.c.userlist_log 2009-01-08 19:33:28.000000000 +0100 ++++ vsftpd-2.1.0/tunables.c 2009-01-08 19:35:00.000000000 +0100 +@@ -72,6 +72,7 @@ int tunable_force_anon_data_ssl; + int tunable_mdtm_write; + int tunable_lock_upload_files; + int tunable_pasv_addr_resolve; ++int tunable_userlist_log; + int tunable_debug_ssl; + int tunable_require_cert; + int tunable_validate_cert; +@@ -206,6 +207,7 @@ tunables_load_defaults() + tunable_mdtm_write = 1; + tunable_lock_upload_files = 1; + tunable_pasv_addr_resolve = 0; ++ tunable_userlist_log = 0; + tunable_debug_ssl = 0; + tunable_require_cert = 0; + tunable_validate_cert = 0; +diff -up vsftpd-2.1.0/tunables.h.userlist_log vsftpd-2.1.0/tunables.h +--- vsftpd-2.1.0/tunables.h.userlist_log 2008-12-17 06:47:11.000000000 +0100 ++++ vsftpd-2.1.0/tunables.h 2009-01-08 19:33:29.000000000 +0100 +@@ -73,6 +73,7 @@ extern int tunable_force_anon_data_ssl; extern int tunable_mdtm_write; /* Allow MDTM to set timestamps */ extern int tunable_lock_upload_files; /* Lock uploading files */ extern int tunable_pasv_addr_resolve; /* DNS resolve pasv_addr */ @@ -55,30 +100,10 @@ diff -up vsftpd-2.0.6/tunables.h.userlist_log vsftpd-2.0.6/tunables.h extern int tunable_debug_ssl; /* Verbose SSL logging */ extern int tunable_require_cert; /* SSL client cert required */ extern int tunable_validate_cert; /* SSL certs must be valid */ -diff -up vsftpd-2.0.6/logging.h.userlist_log vsftpd-2.0.6/logging.h ---- vsftpd-2.0.6/logging.h.userlist_log 2008-02-08 02:29:59.000000000 +0100 -+++ vsftpd-2.0.6/logging.h 2008-02-22 12:49:36.000000000 +0100 -@@ -80,5 +80,16 @@ void vsf_log_do_log(struct vsf_session* - void vsf_log_line(struct vsf_session* p_sess, enum EVSFLogEntryType what, - struct mystr* p_str); - -+/* vsf_log_failed_line() -+ * PURPOSE -+ * Same as vsf_log_line(), except that it logs the line as failed operation. -+ * PARAMETERS -+ * p_sess - the current session object -+ * what - the type of operation to log -+ * p_str - the string to log -+ */ -+void vsf_log_failed_line(struct vsf_session* p_sess, enum EVSFLogEntryType what, -+ struct mystr* p_str); -+ - #endif /* VSF_LOGGING_H */ - -diff -up vsftpd-2.0.6/vsftpd.conf.5.userlist_log vsftpd-2.0.6/vsftpd.conf.5 ---- vsftpd-2.0.6/vsftpd.conf.5.userlist_log 2008-02-22 12:49:36.000000000 +0100 -+++ vsftpd-2.0.6/vsftpd.conf.5 2008-02-22 12:49:36.000000000 +0100 -@@ -541,6 +541,14 @@ Self-signed certs do not constitute OK v +diff -up vsftpd-2.1.0/vsftpd.conf.5.userlist_log vsftpd-2.1.0/vsftpd.conf.5 +--- vsftpd-2.1.0/vsftpd.conf.5.userlist_log 2009-01-08 19:33:28.000000000 +0100 ++++ vsftpd-2.1.0/vsftpd.conf.5 2009-01-08 19:33:29.000000000 +0100 +@@ -585,6 +585,14 @@ Self-signed certs do not constitute OK v Default: NO .TP @@ -93,20 +118,3 @@ diff -up vsftpd-2.0.6/vsftpd.conf.5.userlist_log vsftpd-2.0.6/vsftpd.conf.5 .B virtual_use_local_privs If enabled, virtual users will use the same privileges as local users. By default, virtual users will use the same privileges as anonymous users, which -diff -up vsftpd-2.0.6/logging.c.userlist_log vsftpd-2.0.6/logging.c ---- vsftpd-2.0.6/logging.c.userlist_log 2008-02-08 02:30:40.000000000 +0100 -+++ vsftpd-2.0.6/logging.c 2008-02-22 12:49:36.000000000 +0100 -@@ -95,6 +95,13 @@ vsf_log_line(struct vsf_session* p_sess, - vsf_log_common(p_sess, 1, what, p_str); - } - -+void -+vsf_log_failed_line(struct vsf_session* p_sess, enum EVSFLogEntryType what, -+ struct mystr* p_str) -+{ -+ vsf_log_common(p_sess, 0, what, p_str); -+} -+ - int - vsf_log_entry_pending(struct vsf_session* p_sess) - { diff --git a/vsftpd-2.1.0-warnings.patch b/vsftpd-2.1.0-warnings.patch new file mode 100644 index 0000000..ceae5c5 --- /dev/null +++ b/vsftpd-2.1.0-warnings.patch @@ -0,0 +1,12 @@ +diff -up vsftpd-2.1.0/ptracesandbox.c.warnings vsftpd-2.1.0/ptracesandbox.c +--- vsftpd-2.1.0/ptracesandbox.c.warnings 2009-01-15 15:31:26.000000000 +0100 ++++ vsftpd-2.1.0/ptracesandbox.c 2009-01-15 15:32:56.000000000 +0100 +@@ -1146,6 +1146,7 @@ int + ptrace_sandbox_run_processes(struct pt_sandbox* p_sandbox) + { + (void) p_sandbox; ++ return -1; + } + + void +diff -up vsftpd-2.1.0/sysdeputil.c.warnings vsftpd-2.1.0/sysdeputil.c diff --git a/vsftpd.spec b/vsftpd.spec index ce403b0..7fd747b 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -1,115 +1,86 @@ %{!?tcp_wrappers:%define tcp_wrappers 1} -Summary: Very Secure Ftp Daemon Name: vsftpd -Version: 2.0.7 -Release: 1%{?dist} +Version: 2.1.0 +Release: 0.1.pre3%{?dist} +Summary: Very Secure Ftp Daemon + +Group: System Environment/Daemons # OpenSSL link exception License: GPLv2 with exceptions -Group: System Environment/Daemons URL: http://vsftpd.beasts.org/ -Source: ftp://vsftpd.beasts.org/users/cevans/%{name}-%{version}.tar.gz +Source0: ftp://vsftpd.beasts.org/users/cevans/%{name}-%{version}pre3.tar.gz Source1: vsftpd.xinetd Source2: vsftpd.pam Source3: vsftpd.ftpusers Source4: vsftpd.user_list Source5: vsftpd.init Source6: vsftpd_conf_migrate.sh -Patch1: vsftpd-1.1.3-rh.patch -Patch2: vsftpd-1.0.1-missingok.patch -Patch3: vsftpd-2.0.1-tcp_wrappers.patch -Patch4: vsftpd-1.5.1-libs.patch -Patch5: vsftpd-2.0.2-signal.patch -Patch6: vsftpd-1.2.1-conffile.patch -Patch7: vsftpd-2.0.1-build_ssl.patch -Patch8: vsftpd-2.0.1-server_args.patch -Patch9: vsftpd-2.0.1-dir.patch -Patch11: vsftpd-1.2.1-nonrootconf.patch -Patch13: vsftpd-2.0.3-background.patch -Patch14: vsftpd-2.0.3-daemonize_fds.patch -Patch17: vsftpd-2.0.3-pam_hostname.patch -Patch18: vsftpd-close-std-fds.patch -Patch19: vsftpd-2.0.5-default_ipv6.patch -Patch20: vsftpd-2.0.5-add_ipv6_option.patch -Patch21: vsftpd-2.0.5-correct_comments.patch -Patch22: vsftpd-2.0.5-man.patch -Patch23: vsftpd-2.0.4-filter.patch -Patch26: vsftpd-2.0.5-bind_denied.patch -Patch29: vsftpd-2.0.5-pasv_dot.patch -Patch30: vsftpd-2.0.5-pam_end.patch -Patch31: vsftpd-2.0.5-write_race.patch -Patch32: vsftpd-2.0.5-fix_unique.patch -Patch34: vsftpd-2.0.5-underscore_uname.patch -Patch35: vsftpd-2.0.5-uname_size.patch -Patch36: vsftpd-2.0.5-greedy.patch -Patch37: vsftpd-2.0.6-userlist_log.patch -Patch38: vsftpd-2.0.6-listen.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +BuildRequires: pam-devel +BuildRequires: libcap-devel +BuildRequires: openssl-devel %if %{tcp_wrappers} BuildRequires: tcp_wrappers-devel %endif -BuildRequires: pam-devel -Requires: /%{_lib}/security/pam_loginuid.so -BuildRequires: libcap-devel -BuildRequires: openssl-devel -Requires: libcap -# for -fpie -BuildRequires: gcc > 3.2.3-13, binutils > 2.14.90.0.4-24, glibc-devel >= 2.3.2-45 + Requires: logrotate Requires (preun): /sbin/chkconfig Requires (preun): /sbin/service Requires (post): /sbin/chkconfig -#Obsoletes: anonftp -#Provides: ftpserver + +# Build patches +Patch1: vsftpd-2.1.0-libs.patch +Patch2: vsftpd-2.1.0-build_ssl.patch +Patch3: vsftpd-2.1.0-tcp_wrappers.patch + +# Use /etc/vsftpd/ instead of /etc/ +Patch4: vsftpd-2.1.0-configuration.patch + +# These need review +Patch5: vsftpd-2.1.0-pam_hostname.patch +Patch6: vsftpd-close-std-fds.patch +Patch7: vsftpd-2.1.0-filter.patch +Patch8: vsftpd-2.0.5-greedy.patch +Patch9: vsftpd-2.1.0-userlist_log.patch + +# Sent upstream on 2009-01-16 via email +Patch10: vsftpd-2.1.0-warnings.patch + %description vsftpd is a Very Secure FTP daemon. It was written completely from scratch. + %prep %setup -q -n %{name}-%{version} -%patch1 -p1 -b .rh -%patch2 -p1 -b .mok +cp %{SOURCE1} . + +%patch1 -p1 -b .libs +%patch2 -p1 -b .build_ssl %if %{tcp_wrappers} %patch3 -p1 -b .tcp_wrappers %endif -%patch4 -p1 -b .libs -cp %{SOURCE1} . -%patch5 -p1 -b .signal -%patch6 -p1 -%patch7 -p1 -b .build_ssl -%patch8 -p1 -b .server_args -%patch9 -p1 -b .dir -%patch11 -p1 -b .nonrootconf -%patch13 -p1 -b .background -%patch14 -p1 -b .fds -%patch17 -p1 -b .old-pam -%patch18 -p1 -b .close-fds -%patch19 -p1 -b .ipv6 -%patch20 -p1 -b .ipv6opt -%patch21 -p1 -b .comments -%patch22 -p1 -b .manp -%patch23 -p1 -b .filter -%patch26 -p1 -b .bind_denied -%patch29 -p1 -b .pasv_dot -%patch30 -p1 -b .pam_end -%patch31 -p1 -b .write_race -%patch32 -p1 -b .fix_unique -%patch34 -p1 -b .underscore_uname -%patch35 -p1 -b .uname_size -%patch36 -p1 -b .greedy -%patch37 -p1 -b .userlist_log -%patch38 -p1 -b .listen +%patch4 -p1 -b .configuration +%patch5 -p1 -b .pam_hostname +%patch6 -p1 -b .close_fds +%patch7 -p1 -b .filter +%patch8 -p1 -b .greedy +%patch9 -p1 -b .userlist_log +%patch10 -p1 -b .warnings + %build %ifarch s390x sparcv9 sparc64 -make CFLAGS="$RPM_OPT_FLAGS -fPIE -pipe" \ +make CFLAGS="$RPM_OPT_FLAGS -fPIE -pipe -Wextra -Werror" \ %else -make CFLAGS="$RPM_OPT_FLAGS -fpie -pipe" \ +make CFLAGS="$RPM_OPT_FLAGS -fpie -pipe -Wextra -Werror" \ %endif - LINK="-pie -lssl" \ - %{?_smp_mflags} + LINK="-pie -lssl" %{?_smp_mflags} + %install rm -rf $RPM_BUILD_ROOT @@ -130,13 +101,16 @@ install -m 744 %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/vsftpd_conf_migra mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub + %clean rm -rf $RPM_BUILD_ROOT + %post /sbin/chkconfig --add vsftpd #/usr/sbin/usermod -d /var/ftp ftp >/dev/null 2>&1 || : + %preun if [ $1 = 0 ]; then /sbin/service vsftpd stop > /dev/null 2>&1 @@ -145,10 +119,9 @@ fi %files -%defattr(-,root,root) +%defattr(-,root,root,-) %{_sbindir}/vsftpd %{_sysconfdir}/rc.d/init.d/vsftpd -#%config(noreplace) /etc/vsftpd.* %dir %{_sysconfdir}/vsftpd %config(noreplace) %{_sysconfdir}/vsftpd/* %config(noreplace) %{_sysconfdir}/pam.d/vsftpd @@ -158,7 +131,36 @@ fi %{_mandir}/man8/vsftpd.* %{_var}/ftp + %changelog +* Fri Jan 16 2009 Martin Nagy - 2.1.0-0.1.pre3 +- update to latest upstream release +- cleanup the spec file +- drop patches fixed upstream: + vsftpd-1.0.1-missingok.patch + vsftpd-1.2.1-nonrootconf.patch + vsftpd-2.0.1-tcp_wrappers.patch + vsftpd-2.0.2-signal.patch + vsftpd-2.0.3-daemonize_fds.patch + vsftpd-2.0.5-correct_comments.patch + vsftpd-2.0.5-pasv_dot.patch + vsftpd-2.0.5-write_race.patch + vsftpd-2.0.5-fix_unique.patch + vsftpd-2.0.5-uname_size.patch + vsftpd-2.0.5-bind_denied.patch + vsftpd-2.0.5-pam_end.patch + vsftpd-2.0.5-underscore_uname.patch + vsftpd-2.0.6-listen.patch +- join all configuration patches into one: + vsftpd-1.1.3-rh.patch + vsftpd-1.2.1-conffile.patch + vsftpd-2.0.1-dir.patch + vsftpd-2.0.1-server_args.patch + vsftpd-2.0.3-background.patch + vsftpd-2.0.5-default_ipv6.patch + vsftpd-2.0.5-add_ipv6_option.patch + vsftpd-2.0.5-man.patch + * Mon Sep 8 2008 Tom "spot" Callaway - 2.0.7-1 - fix license tag - update to 2.0.7 @@ -250,10 +252,10 @@ fi * Tue Aug 22 2006 Maros Barabas - 2.0.5-7 - correct paths of configuration files on man pages -* Tue Aug 15 2006 Maros Barabas - 2.0.5-6 +* Tue Aug 15 2006 Maros Barabas - 2.0.5-6 - correct comments -* Tue Aug 08 2006 Maros Barabas - 2.0.5-5 +* Tue Aug 08 2006 Maros Barabas - 2.0.5-5 - option to change listening to IPv6 protocol * Thu Aug 01 2006 Maros Barabas - 2.0.5-4