From c1683a2133aca7ef034044b82e6f316bfc708694 Mon Sep 17 00:00:00 2001 From: Jiri Skala Date: Tue, 13 May 2014 13:20:26 +0200 Subject: [PATCH] adds reverse lookup option to vsftpd.conf changes types of uid and gid to uint removes spare patch pasv-addr implements DH cipher gets rid init scirpt subpackage --- vsftpd-3.0.2-dh.patch | 117 +++++++++++++++++ vsftpd-3.0.2-lookup.patch | 85 ++++++++++++ vsftpd-3.0.2-pasv-addr.patch | 24 ---- vsftpd-3.0.2-uint-uidgid.patch | 229 +++++++++++++++++++++++++++++++++ vsftpd.init | 106 --------------- vsftpd.spec | 34 +++-- 6 files changed, 446 insertions(+), 149 deletions(-) create mode 100644 vsftpd-3.0.2-dh.patch create mode 100644 vsftpd-3.0.2-lookup.patch delete mode 100644 vsftpd-3.0.2-pasv-addr.patch create mode 100644 vsftpd-3.0.2-uint-uidgid.patch delete mode 100755 vsftpd.init diff --git a/vsftpd-3.0.2-dh.patch b/vsftpd-3.0.2-dh.patch new file mode 100644 index 0000000..17639a9 --- /dev/null +++ b/vsftpd-3.0.2-dh.patch @@ -0,0 +1,117 @@ +diff -up vsftpd-3.0.2/ssl.c.dh vsftpd-3.0.2/ssl.c +--- vsftpd-3.0.2/ssl.c.dh 2012-04-03 02:23:42.000000000 +0200 ++++ vsftpd-3.0.2/ssl.c 2014-05-13 12:36:26.790953361 +0200 +@@ -28,6 +28,8 @@ + #include + #include + #include ++#include ++#include + #include + #include + +@@ -38,6 +40,7 @@ static void setup_bio_callbacks(); + static long bio_callback( + BIO* p_bio, int oper, const char* p_arg, int argi, long argl, long retval); + static int ssl_verify_callback(int verify_ok, X509_STORE_CTX* p_ctx); ++static DH *ssl_tmp_dh_callback(SSL *ssl, int is_export, int keylength); + static int ssl_cert_digest( + SSL* p_ssl, struct vsf_session* p_sess, struct mystr* p_str); + static void maybe_log_shutdown_state(struct vsf_session* p_sess); +@@ -51,6 +54,36 @@ static int ssl_read_common(struct vsf_se + static int ssl_inited; + static struct mystr debug_str; + ++ ++// Grab DH parameters from OpenSSL; ++// (get_rfc*) for all available primes. ++#define make_get_dh(rfc,size) \ ++static DH *get_dh##size(void) \ ++{ \ ++ DH *dh = DH_new(); \ ++ if (!dh) { \ ++ return NULL; \ ++ } \ ++ dh->p = get_##rfc##_prime_##size(NULL); \ ++ BN_dec2bn(&dh->g, "2"); \ ++ if (!dh->p || !dh->g) { \ ++ DH_free(dh); \ ++ return NULL; \ ++ } \ ++ return dh; \ ++} ++ ++// Prepare DH parameters from 768 to 8192 bits ++make_get_dh(rfc2409, 768) ++make_get_dh(rfc2409, 1024) ++make_get_dh(rfc3526, 1536) ++make_get_dh(rfc3526, 2048) ++make_get_dh(rfc3526, 3072) ++make_get_dh(rfc3526, 4096) ++make_get_dh(rfc3526, 6144) ++make_get_dh(rfc3526, 8192) ++ ++ + void + ssl_init(struct vsf_session* p_sess) + { +@@ -156,6 +189,9 @@ ssl_init(struct vsf_session* p_sess) + /* Ensure cached session doesn't expire */ + SSL_CTX_set_timeout(p_ctx, INT_MAX); + } ++ ++ SSL_CTX_set_tmp_dh_callback(p_ctx, ssl_tmp_dh_callback); ++ + p_sess->p_ssl_ctx = p_ctx; + ssl_inited = 1; + } +@@ -675,6 +711,49 @@ ssl_verify_callback(int verify_ok, X509_ + return 1; + } + ++#define UNUSED(x) ( (void)(x) ) ++ ++static DH * ++ssl_tmp_dh_callback(SSL *ssl, int is_export, int keylength) ++{ ++ DH *dh_tmp=NULL; ++ ++ // strict compiler bypassing ++ UNUSED(ssl); ++ UNUSED(is_export); ++ ++ switch (keylength) { ++ case 768: ++ dh_tmp = get_dh768(); ++ break; ++ case 1024: ++ dh_tmp = get_dh1024(); ++ break; ++ case 1536: ++ dh_tmp = get_dh1536(); ++ break; ++ case 2048: ++ dh_tmp = get_dh2048(); ++ break; ++ case 3072: ++ dh_tmp = get_dh3072(); ++ break; ++ case 4096: ++ dh_tmp = get_dh4096(); ++ break; ++ case 6144: ++ dh_tmp = get_dh6144(); ++ break; ++ case 8192: ++ dh_tmp = get_dh8192(); ++ break; ++ default: ++ dh_tmp = get_dh1024(); ++ break; ++ } ++ return dh_tmp; ++} ++ + void + ssl_add_entropy(struct vsf_session* p_sess) + { diff --git a/vsftpd-3.0.2-lookup.patch b/vsftpd-3.0.2-lookup.patch new file mode 100644 index 0000000..8f5e5a6 --- /dev/null +++ b/vsftpd-3.0.2-lookup.patch @@ -0,0 +1,85 @@ +diff -up vsftpd-3.0.2/parseconf.c.lookup vsftpd-3.0.2/parseconf.c +--- vsftpd-3.0.2/parseconf.c.lookup 2014-04-17 10:01:50.862951491 +0200 ++++ vsftpd-3.0.2/parseconf.c 2014-04-17 10:02:42.343955443 +0200 +@@ -91,6 +91,7 @@ parseconf_bool_array[] = + { "mdtm_write", &tunable_mdtm_write }, + { "lock_upload_files", &tunable_lock_upload_files }, + { "pasv_addr_resolve", &tunable_pasv_addr_resolve }, ++ { "reverse_lookup_enable", &tunable_reverse_lookup_enable }, + { "userlist_log", &tunable_userlist_log }, + { "debug_ssl", &tunable_debug_ssl }, + { "require_cert", &tunable_require_cert }, +diff -up vsftpd-3.0.2/sysdeputil.c.lookup vsftpd-3.0.2/sysdeputil.c +--- vsftpd-3.0.2/sysdeputil.c.lookup 2014-04-17 09:57:02.111933144 +0200 ++++ vsftpd-3.0.2/sysdeputil.c 2014-04-17 10:01:31.069950498 +0200 +@@ -354,12 +354,16 @@ vsf_sysdep_check_auth(struct mystr* p_us + return 0; + } + #ifdef PAM_RHOST +- sin.sin_addr.s_addr = inet_addr(str_getbuf(p_remote_host)); +- host = gethostbyaddr((char*)&sin.sin_addr.s_addr,sizeof(struct in_addr),AF_INET); +- if (host != (struct hostent*)0) +- retval = pam_set_item(s_pamh, PAM_RHOST, host->h_name); +- else ++ if (tunable_reverse_lookup_enable) { ++ sin.sin_addr.s_addr = inet_addr(str_getbuf(p_remote_host)); ++ host = gethostbyaddr((char*)&sin.sin_addr.s_addr,sizeof(struct in_addr),AF_INET); ++ if (host != (struct hostent*)0) ++ retval = pam_set_item(s_pamh, PAM_RHOST, host->h_name); ++ else ++ retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host)); ++ } else { + retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host)); ++ } + if (retval != PAM_SUCCESS) + { + (void) pam_end(s_pamh, retval); +diff -up vsftpd-3.0.2/tunables.c.lookup vsftpd-3.0.2/tunables.c +--- vsftpd-3.0.2/tunables.c.lookup 2014-04-17 10:03:22.766958324 +0200 ++++ vsftpd-3.0.2/tunables.c 2014-04-17 10:04:52.004964675 +0200 +@@ -72,6 +72,7 @@ int tunable_force_anon_data_ssl; + int tunable_mdtm_write; + int tunable_lock_upload_files; + int tunable_pasv_addr_resolve; ++int tunable_reverse_lookup_enable; + int tunable_userlist_log; + int tunable_debug_ssl; + int tunable_require_cert; +@@ -213,6 +214,7 @@ tunables_load_defaults() + tunable_mdtm_write = 1; + tunable_lock_upload_files = 1; + tunable_pasv_addr_resolve = 0; ++ tunable_reverse_lookup_enable = 1; + tunable_userlist_log = 0; + tunable_debug_ssl = 0; + tunable_require_cert = 0; +diff -up vsftpd-3.0.2/tunables.h.lookup vsftpd-3.0.2/tunables.h +--- vsftpd-3.0.2/tunables.h.lookup 2014-04-17 10:03:27.405958676 +0200 ++++ vsftpd-3.0.2/tunables.h 2014-04-17 10:04:22.763963824 +0200 +@@ -73,6 +73,7 @@ extern int tunable_force_anon_data_ssl; + extern int tunable_mdtm_write; /* Allow MDTM to set timestamps */ + extern int tunable_lock_upload_files; /* Lock uploading files */ + extern int tunable_pasv_addr_resolve; /* DNS resolve pasv_addr */ ++extern int tunable_reverse_lookup_enable; /* Get hostname before pam auth */ + extern int tunable_userlist_log; /* Log every failed login attempt */ + extern int tunable_debug_ssl; /* Verbose SSL logging */ + extern int tunable_require_cert; /* SSL client cert required */ +diff -up vsftpd-3.0.2/vsftpd.conf.5.lookup vsftpd-3.0.2/vsftpd.conf.5 +--- vsftpd-3.0.2/vsftpd.conf.5.lookup 2014-04-17 10:05:30.956969003 +0200 ++++ vsftpd-3.0.2/vsftpd.conf.5 2014-04-17 10:06:36.586971828 +0200 +@@ -425,6 +425,15 @@ http://scarybeastsecurity.blogspot.com/2 + + Default: YES + .TP ++.B reverse_lookup_enable ++Set to YES if you want vsftpd to transform the ip address into the hostname, ++before pam authentication. This is useful if you use pam_access including the ++hostname. If you want vsftpd to run on the environment where the reverse lookup ++for some hostname is available and the name server doesn't respond for a while, ++you should set this to NO to avoid a performance issue. ++ ++Default: YES ++.TP + .B run_as_launching_user + Set to YES if you want vsftpd to run as the user which launched vsftpd. This is + useful where root access is not available. MASSIVE WARNING! Do NOT enable this diff --git a/vsftpd-3.0.2-pasv-addr.patch b/vsftpd-3.0.2-pasv-addr.patch deleted file mode 100644 index e91261d..0000000 --- a/vsftpd-3.0.2-pasv-addr.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -up vsftpd-3.0.2/privops.c.pasv-addr vsftpd-3.0.2/privops.c ---- vsftpd-3.0.2/privops.c.pasv-addr 2013-09-03 15:57:47.796756184 +0200 -+++ vsftpd-3.0.2/privops.c 2013-09-03 15:57:58.873752201 +0200 -@@ -160,7 +160,19 @@ vsf_privop_pasv_listen(struct vsf_sessio - p_sess->pasv_listen_fd = vsf_sysutil_get_ipv4_sock(); - } - vsf_sysutil_activate_reuseaddr(p_sess->pasv_listen_fd); -- vsf_sysutil_sockaddr_clone(&s_p_sockaddr, p_sess->p_local_addr); -+ if (tunable_pasv_address != 0) -+ { -+ vsf_sysutil_sockaddr_alloc_ipv4(&s_p_sockaddr); -+ /* Use passive address as specified in configuration */ -+ if (vsf_sysutil_inet_aton(tunable_pasv_address, s_p_sockaddr) == 0) -+ { -+ die("invalid pasv_address"); -+ } -+ } -+ else -+ { -+ vsf_sysutil_sockaddr_clone(&s_p_sockaddr, p_sess->p_local_addr); -+ } - vsf_sysutil_sockaddr_set_port(s_p_sockaddr, the_port); - retval = vsf_sysutil_bind(p_sess->pasv_listen_fd, s_p_sockaddr); - if (!vsf_sysutil_retval_is_error(retval)) diff --git a/vsftpd-3.0.2-uint-uidgid.patch b/vsftpd-3.0.2-uint-uidgid.patch new file mode 100644 index 0000000..fb0d502 --- /dev/null +++ b/vsftpd-3.0.2-uint-uidgid.patch @@ -0,0 +1,229 @@ +diff -up vsftpd-3.0.2/ls.c.uint-uidgid vsftpd-3.0.2/ls.c +--- vsftpd-3.0.2/ls.c.uint-uidgid 2014-04-17 13:47:01.835114063 +0200 ++++ vsftpd-3.0.2/ls.c 2014-04-17 13:47:01.845114063 +0200 +@@ -501,7 +501,7 @@ build_dir_line(struct mystr* p_str, cons + } + else + { +- int uid = vsf_sysutil_statbuf_get_uid(p_stat); ++ unsigned int uid = vsf_sysutil_statbuf_get_uid(p_stat); + struct vsf_sysutil_user* p_user = 0; + if (tunable_text_userdb_names) + { +@@ -526,7 +526,7 @@ build_dir_line(struct mystr* p_str, cons + } + else + { +- int gid = vsf_sysutil_statbuf_get_gid(p_stat); ++ unsigned int gid = vsf_sysutil_statbuf_get_gid(p_stat); + struct vsf_sysutil_group* p_group = 0; + if (tunable_text_userdb_names) + { +diff -up vsftpd-3.0.2/privops.c.uint-uidgid vsftpd-3.0.2/privops.c +--- vsftpd-3.0.2/privops.c.uint-uidgid 2012-09-16 09:21:24.000000000 +0200 ++++ vsftpd-3.0.2/privops.c 2014-04-17 13:48:26.431113895 +0200 +@@ -236,8 +236,7 @@ vsf_privop_do_file_chown(struct vsf_sess + /* Drop it like a hot potato unless it's a regular file owned by + * the the anonymous ftp user + */ +- if (p_sess->anon_upload_chown_uid == -1 || +- !vsf_sysutil_statbuf_is_regfile(s_p_statbuf) || ++ if (!vsf_sysutil_statbuf_is_regfile(s_p_statbuf) || + (vsf_sysutil_statbuf_get_uid(s_p_statbuf) != p_sess->anon_ftp_uid && + vsf_sysutil_statbuf_get_uid(s_p_statbuf) != p_sess->guest_user_uid)) + { +diff -up vsftpd-3.0.2/session.h.uint-uidgid vsftpd-3.0.2/session.h +--- vsftpd-3.0.2/session.h.uint-uidgid 2012-04-05 03:27:19.000000000 +0200 ++++ vsftpd-3.0.2/session.h 2014-04-17 13:47:01.845114063 +0200 +@@ -54,9 +54,9 @@ struct vsf_session + struct mystr_list* p_visited_dir_list; + + /* Details of userids which are interesting to us */ +- int anon_ftp_uid; +- int guest_user_uid; +- int anon_upload_chown_uid; ++ unsigned int anon_ftp_uid; ++ unsigned int guest_user_uid; ++ unsigned int anon_upload_chown_uid; + + /* Things we need to cache before we chroot() */ + struct mystr banned_email_str; +diff -up vsftpd-3.0.2/sysutil.c.uint-uidgid vsftpd-3.0.2/sysutil.c +--- vsftpd-3.0.2/sysutil.c.uint-uidgid 2014-04-17 13:47:01.839114063 +0200 ++++ vsftpd-3.0.2/sysutil.c 2014-04-17 13:47:01.846114063 +0200 +@@ -1454,14 +1454,14 @@ vsf_sysutil_statbuf_get_size(const struc + return p_stat->st_size; + } + +-int ++unsigned int + vsf_sysutil_statbuf_get_uid(const struct vsf_sysutil_statbuf* p_statbuf) + { + const struct stat* p_stat = (const struct stat*) p_statbuf; + return p_stat->st_uid; + } + +-int ++unsigned int + vsf_sysutil_statbuf_get_gid(const struct vsf_sysutil_statbuf* p_statbuf) + { + const struct stat* p_stat = (const struct stat*) p_statbuf; +@@ -1502,7 +1502,7 @@ vsf_sysutil_statbuf_get_sortkey_mtime( + } + + void +-vsf_sysutil_fchown(const int fd, const int uid, const int gid) ++vsf_sysutil_fchown(const int fd, const unsigned int uid, const unsigned int gid) + { + if (fchown(fd, uid, gid) != 0) + { +@@ -2320,13 +2320,9 @@ vsf_sysutil_dns_resolve(struct vsf_sysut + } + + struct vsf_sysutil_user* +-vsf_sysutil_getpwuid(const int uid) ++vsf_sysutil_getpwuid(const unsigned int uid) + { +- if (uid < 0) +- { +- bug("negative uid in vsf_sysutil_getpwuid"); +- } +- return (struct vsf_sysutil_user*) getpwuid((unsigned int) uid); ++ return (struct vsf_sysutil_user*) getpwuid(uid); + } + + struct vsf_sysutil_user* +@@ -2349,14 +2345,14 @@ vsf_sysutil_user_get_homedir(const struc + return p_passwd->pw_dir; + } + +-int ++unsigned int + vsf_sysutil_user_getuid(const struct vsf_sysutil_user* p_user) + { + const struct passwd* p_passwd = (const struct passwd*) p_user; + return p_passwd->pw_uid; + } + +-int ++unsigned int + vsf_sysutil_user_getgid(const struct vsf_sysutil_user* p_user) + { + const struct passwd* p_passwd = (const struct passwd*) p_user; +@@ -2364,13 +2360,9 @@ vsf_sysutil_user_getgid(const struct vsf + } + + struct vsf_sysutil_group* +-vsf_sysutil_getgrgid(const int gid) ++vsf_sysutil_getgrgid(const unsigned int gid) + { +- if (gid < 0) +- { +- die("negative gid in vsf_sysutil_getgrgid"); +- } +- return (struct vsf_sysutil_group*) getgrgid((unsigned int) gid); ++ return (struct vsf_sysutil_group*) getgrgid(gid); + } + + const char* +@@ -2445,25 +2437,17 @@ vsf_sysutil_setgid_numeric(int gid) + } + } + +-int ++unsigned int + vsf_sysutil_geteuid(void) + { +- int retval = geteuid(); +- if (retval < 0) +- { +- die("geteuid"); +- } ++ unsigned int retval = geteuid(); + return retval; + } + +-int ++unsigned int + vsf_sysutil_getegid(void) + { +- int retval = getegid(); +- if (retval < 0) +- { +- die("getegid"); +- } ++ unsigned int retval = getegid(); + return retval; + } + +@@ -2854,7 +2838,7 @@ vsf_sysutil_ftruncate(int fd) + } + } + +-int ++unsigned int + vsf_sysutil_getuid(void) + { + return getuid(); +diff -up vsftpd-3.0.2/sysutil.h.uint-uidgid vsftpd-3.0.2/sysutil.h +--- vsftpd-3.0.2/sysutil.h.uint-uidgid 2014-04-17 13:47:01.827114063 +0200 ++++ vsftpd-3.0.2/sysutil.h 2014-04-17 13:47:01.846114063 +0200 +@@ -129,15 +129,15 @@ const char* vsf_sysutil_statbuf_get_nume + const struct vsf_sysutil_statbuf* p_stat, int use_localtime); + unsigned int vsf_sysutil_statbuf_get_links( + const struct vsf_sysutil_statbuf* p_stat); +-int vsf_sysutil_statbuf_get_uid(const struct vsf_sysutil_statbuf* p_stat); +-int vsf_sysutil_statbuf_get_gid(const struct vsf_sysutil_statbuf* p_stat); ++unsigned int vsf_sysutil_statbuf_get_uid(const struct vsf_sysutil_statbuf* p_stat); ++unsigned int vsf_sysutil_statbuf_get_gid(const struct vsf_sysutil_statbuf* p_stat); + int vsf_sysutil_statbuf_is_readable_other( + const struct vsf_sysutil_statbuf* p_stat); + const char* vsf_sysutil_statbuf_get_sortkey_mtime( + const struct vsf_sysutil_statbuf* p_stat); + + int vsf_sysutil_chmod(const char* p_filename, unsigned int mode); +-void vsf_sysutil_fchown(const int fd, const int uid, const int gid); ++void vsf_sysutil_fchown(const int fd, const unsigned int uid, const unsigned int gid); + void vsf_sysutil_fchmod(const int fd, unsigned int mode); + int vsf_sysutil_readlink(const char* p_filename, char* p_dest, + unsigned int bufsiz); +@@ -290,15 +290,15 @@ int vsf_sysutil_inet_aton( + struct vsf_sysutil_user; + struct vsf_sysutil_group; + +-struct vsf_sysutil_user* vsf_sysutil_getpwuid(const int uid); ++struct vsf_sysutil_user* vsf_sysutil_getpwuid(const unsigned int uid); + struct vsf_sysutil_user* vsf_sysutil_getpwnam(const char* p_user); + const char* vsf_sysutil_user_getname(const struct vsf_sysutil_user* p_user); + const char* vsf_sysutil_user_get_homedir( + const struct vsf_sysutil_user* p_user); +-int vsf_sysutil_user_getuid(const struct vsf_sysutil_user* p_user); +-int vsf_sysutil_user_getgid(const struct vsf_sysutil_user* p_user); ++unsigned int vsf_sysutil_user_getuid(const struct vsf_sysutil_user* p_user); ++unsigned int vsf_sysutil_user_getgid(const struct vsf_sysutil_user* p_user); + +-struct vsf_sysutil_group* vsf_sysutil_getgrgid(const int gid); ++struct vsf_sysutil_group* vsf_sysutil_getgrgid(const unsigned int gid); + const char* vsf_sysutil_group_getname(const struct vsf_sysutil_group* p_group); + + /* More random things */ +@@ -316,7 +316,7 @@ void vsf_sysutil_qsort(void* p_base, uns + char* vsf_sysutil_getenv(const char* p_var); + typedef void (*exitfunc_t)(void); + void vsf_sysutil_set_exit_func(exitfunc_t exitfunc); +-int vsf_sysutil_getuid(void); ++unsigned int vsf_sysutil_getuid(void); + + /* Syslogging (bah) */ + void vsf_sysutil_openlog(int force); +@@ -329,8 +329,8 @@ void vsf_sysutil_setuid(const struct vsf + void vsf_sysutil_setgid(const struct vsf_sysutil_user* p_user); + void vsf_sysutil_setuid_numeric(int uid); + void vsf_sysutil_setgid_numeric(int gid); +-int vsf_sysutil_geteuid(void); +-int vsf_sysutil_getegid(void); ++unsigned int vsf_sysutil_geteuid(void); ++unsigned int vsf_sysutil_getegid(void); + void vsf_sysutil_seteuid(const struct vsf_sysutil_user* p_user); + void vsf_sysutil_setegid(const struct vsf_sysutil_user* p_user); + void vsf_sysutil_seteuid_numeric(int uid); diff --git a/vsftpd.init b/vsftpd.init deleted file mode 100755 index 91c23e9..0000000 --- a/vsftpd.init +++ /dev/null @@ -1,106 +0,0 @@ -#!/bin/bash -# -### BEGIN INIT INFO -# Provides: vsftpd -# Required-Start: $local_fs $network $named $remote_fs $syslog -# Required-Stop: $local_fs $network $named $remote_fs $syslog -# Short-Description: Very Secure Ftp Daemon -# Description: vsftpd is a Very Secure FTP daemon. It was written completely from -# scratch -### END INIT INFO - -# vsftpd This shell script takes care of starting and stopping -# standalone vsftpd. -# -# chkconfig: - 60 50 -# description: Vsftpd is a ftp daemon, which is the program \ -# that answers incoming ftp service requests. -# processname: vsftpd -# config: /etc/vsftpd/vsftpd.conf - -# Source function library. -. /etc/rc.d/init.d/functions - -# Source networking configuration. -. /etc/sysconfig/network - -RETVAL=0 -prog="vsftpd" - -start() { - # Start daemons. - - # Check that networking is up. - [ ${NETWORKING} = "no" ] && exit 1 - - [ -x /usr/sbin/vsftpd ] || exit 1 - - if [ -d /etc/vsftpd ] ; then - CONFS=`ls /etc/vsftpd/*.conf 2>/dev/null` - [ -z "$CONFS" ] && exit 6 - PROC_FAILED=0 - for i in $CONFS; do - site=`basename $i .conf` - echo -n $"Starting $prog for $site: " - daemon /usr/sbin/vsftpd $i - RETVAL=$? - echo - if [ $RETVAL -eq 0 ] && [ ! -f /var/lock/subsys/$prog ]; then - touch /var/lock/subsys/$prog - elif [ $RETVAL -ne 0 ]; then - ps -FC vsftpd | grep "$i" > /dev/null - RETVAL=$? - if [ $PROC_FAILED -eq 0 ] && [ $RETVAL -ne 0 ]; then - PROC_FAILED=1 - fi - fi - done - if [ $RETVAL -eq 0 ] && [ $PROC_FAILED -ne 0 ]; then - RETVAL=1 - fi - else - RETVAL=1 - fi - return $RETVAL -} - -stop() { - # Stop daemons. - echo -n $"Shutting down $prog: " - killproc $prog - RETVAL=$? - echo - [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog - return $RETVAL -} - -# See how we were called. -case "$1" in - start) - start - ;; - stop) - stop - ;; - restart|reload) - stop - start - RETVAL=$? - ;; - condrestart|try-restart|force-reload) - if [ -f /var/lock/subsys/$prog ]; then - stop - start - RETVAL=$? - fi - ;; - status) - status $prog - RETVAL=$? - ;; - *) - echo $"Usage: $0 {start|stop|restart|try-restart|force-reload|status}" - exit 1 -esac - -exit $RETVAL diff --git a/vsftpd.spec b/vsftpd.spec index 53309c0..5bb1096 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -3,7 +3,7 @@ Name: vsftpd Version: 3.0.2 -Release: 7%{?dist} +Release: 8%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -15,7 +15,6 @@ Source1: vsftpd.xinetd Source2: vsftpd.pam Source3: vsftpd.ftpusers Source4: vsftpd.user_list -Source5: vsftpd.init Source6: vsftpd_conf_migrate.sh Source7: vsftpd.service Source8: vsftpd@.service @@ -60,22 +59,14 @@ Patch22: vsftpd-2.3.5-aslim.patch Patch23: vsftpd-3.0.0-tz.patch Patch24: vsftpd-3.0.0-xferlog.patch Patch25: vsftpd-3.0.0-logrotate.patch -Patch26: vsftpd-3.0.2-pasv-addr.patch +Patch26: vsftpd-3.0.2-lookup.patch +Patch27: vsftpd-3.0.2-uint-uidgid.patch +Patch28: vsftpd-3.0.2-dh.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from scratch. -%package sysvinit -Group: System Environment/Daemons -Summary: SysV initscript for vsftpd daemon -Requires: %{name} = %{version}-%{release} -Requires(preun): /sbin/service -Requires(postun): /sbin/service - -%description sysvinit -The vsftpd-sysvinit contains SysV initscritps support. - %prep %setup -q -n %{name}-%{version} cp %{SOURCE1} . @@ -101,7 +92,9 @@ cp %{SOURCE1} . %patch23 -p1 -b .tz %patch24 -p1 -b .xferlog %patch25 -p1 -b .logrotate -%patch26 -p1 -b .pasv-addr +%patch26 -p1 -b .lookup +%patch27 -p1 -b .uint-uidgid +%patch28 -p1 -b .dh %build %ifarch s390x sparcv9 sparc64 @@ -116,7 +109,7 @@ make CFLAGS="$RPM_OPT_FLAGS -fpie -pipe -Wextra -Werror" \ rm -rf $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT%{_sbindir} mkdir -p $RPM_BUILD_ROOT%{_sysconfdir} -mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/{vsftpd,pam.d,logrotate.d,rc.d/init.d} +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/{vsftpd,pam.d,logrotate.d} mkdir -p $RPM_BUILD_ROOT%{_mandir}/man{5,8} mkdir -p $RPM_BUILD_ROOT%{_unitdir} mkdir -p $RPM_BUILD_ROOT%{_generatorsdir} @@ -128,7 +121,6 @@ install -m 644 RedHat/vsftpd.log $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/vsftp install -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/vsftpd install -m 600 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/ftpusers install -m 600 %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/user_list -install -m 755 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/vsftpd install -m 744 %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/vsftpd_conf_migrate.sh install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_unitdir} install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_unitdir} @@ -168,10 +160,14 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man8/vsftpd.* %{_var}/ftp -%files sysvinit -%{_sysconfdir}/rc.d/init.d/vsftpd - %changelog +* Tue May 13 2014 Jiri Skala - 3.0.2-8 +- adds reverse lookup option to vsftpd.conf +- changes types of uid and gid to uint +- removes spare patch pasv-addr +- implements DH cipher +- gets rid init scirpt subpackage + * Tue Sep 10 2013 Jiri Skala - 3.0.2-7 - fixed #1005549 - vsftpd startup broken