rpms/vsftpd
6
0
Fork 0
Code Issues Pull Requests Releases Activity

adds reverse lookup option to vsftpd.conf

Browse Source 
changes types of uid and gid to uint
removes spare patch pasv-addr
implements DH cipher
gets rid init scirpt subpackage
This commit is contained in:
Jiri Skala 2014-05-13 13:20:26 +02:00
parent 0c8f66aec4
commit c1683a2133
6 changed files with 446 additions and 149 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

117
vsftpd-3.0.2-dh.patch Normal file
View File

@ -0,0 +1,117 @@
diff -up vsftpd-3.0.2/ssl.c.dh vsftpd-3.0.2/ssl.c
--- vsftpd-3.0.2/ssl.c.dh 2012-04-03 02:23:42.000000000 +0200
+++ vsftpd-3.0.2/ssl.c 2014-05-13 12:36:26.790953361 +0200
@@ -28,6 +28,8 @@
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/bio.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
#include <errno.h>
#include <limits.h>
@@ -38,6 +40,7 @@ static void setup_bio_callbacks();
static long bio_callback(
BIO* p_bio, int oper, const char* p_arg, int argi, long argl, long retval);
static int ssl_verify_callback(int verify_ok, X509_STORE_CTX* p_ctx);
+static DH *ssl_tmp_dh_callback(SSL *ssl, int is_export, int keylength);
static int ssl_cert_digest(
SSL* p_ssl, struct vsf_session* p_sess, struct mystr* p_str);
static void maybe_log_shutdown_state(struct vsf_session* p_sess);
@@ -51,6 +54,36 @@ static int ssl_read_common(struct vsf_se
static int ssl_inited;
static struct mystr debug_str;
+
+// Grab DH parameters from OpenSSL; <openssl/bn.h>
+// (get_rfc*) for all available primes.
+#define make_get_dh(rfc,size) \
+static DH *get_dh##size(void) \
+{ \
+ DH *dh = DH_new(); \
+ if (!dh) { \
+ return NULL; \
+ } \
+ dh->p = get_##rfc##_prime_##size(NULL); \
+ BN_dec2bn(&dh->g, "2"); \
+ if (!dh->p || !dh->g) { \
+ DH_free(dh); \
+ return NULL; \
+ } \
+ return dh; \
+}
+
+// Prepare DH parameters from 768 to 8192 bits
+make_get_dh(rfc2409, 768)
+make_get_dh(rfc2409, 1024)
+make_get_dh(rfc3526, 1536)
+make_get_dh(rfc3526, 2048)
+make_get_dh(rfc3526, 3072)
+make_get_dh(rfc3526, 4096)
+make_get_dh(rfc3526, 6144)
+make_get_dh(rfc3526, 8192)
+
+
void
ssl_init(struct vsf_session* p_sess)
{
@@ -156,6 +189,9 @@ ssl_init(struct vsf_session* p_sess)
/* Ensure cached session doesn't expire */
SSL_CTX_set_timeout(p_ctx, INT_MAX);
}
+
+ SSL_CTX_set_tmp_dh_callback(p_ctx, ssl_tmp_dh_callback);
+
p_sess->p_ssl_ctx = p_ctx;
ssl_inited = 1;
}
@@ -675,6 +711,49 @@ ssl_verify_callback(int verify_ok, X509_
return 1;
}
+#define UNUSED(x) ( (void)(x) )
+
+static DH *
+ssl_tmp_dh_callback(SSL *ssl, int is_export, int keylength)
+{
+ DH *dh_tmp=NULL;
+
+ // strict compiler bypassing
+ UNUSED(ssl);
+ UNUSED(is_export);
+
+ switch (keylength) {
+ case 768:
+ dh_tmp = get_dh768();
+ break;
+ case 1024:
+ dh_tmp = get_dh1024();
+ break;
+ case 1536:
+ dh_tmp = get_dh1536();
+ break;
+ case 2048:
+ dh_tmp = get_dh2048();
+ break;
+ case 3072:
+ dh_tmp = get_dh3072();
+ break;
+ case 4096:
+ dh_tmp = get_dh4096();
+ break;
+ case 6144:
+ dh_tmp = get_dh6144();
+ break;
+ case 8192:
+ dh_tmp = get_dh8192();
+ break;
+ default:
+ dh_tmp = get_dh1024();
+ break;
+ }
+ return dh_tmp;
+}
+
void
ssl_add_entropy(struct vsf_session* p_sess)
{

85
vsftpd-3.0.2-lookup.patch Normal file
View File

@ -0,0 +1,85 @@
diff -up vsftpd-3.0.2/parseconf.c.lookup vsftpd-3.0.2/parseconf.c
--- vsftpd-3.0.2/parseconf.c.lookup 2014-04-17 10:01:50.862951491 +0200
+++ vsftpd-3.0.2/parseconf.c 2014-04-17 10:02:42.343955443 +0200
@@ -91,6 +91,7 @@ parseconf_bool_array[] =
{ "mdtm_write", &tunable_mdtm_write },
{ "lock_upload_files", &tunable_lock_upload_files },
{ "pasv_addr_resolve", &tunable_pasv_addr_resolve },
+ { "reverse_lookup_enable", &tunable_reverse_lookup_enable },
{ "userlist_log", &tunable_userlist_log },
{ "debug_ssl", &tunable_debug_ssl },
{ "require_cert", &tunable_require_cert },
diff -up vsftpd-3.0.2/sysdeputil.c.lookup vsftpd-3.0.2/sysdeputil.c
--- vsftpd-3.0.2/sysdeputil.c.lookup 2014-04-17 09:57:02.111933144 +0200
+++ vsftpd-3.0.2/sysdeputil.c 2014-04-17 10:01:31.069950498 +0200
@@ -354,12 +354,16 @@ vsf_sysdep_check_auth(struct mystr* p_us
return 0;
}
#ifdef PAM_RHOST
- sin.sin_addr.s_addr = inet_addr(str_getbuf(p_remote_host));
- host = gethostbyaddr((char*)&sin.sin_addr.s_addr,sizeof(struct in_addr),AF_INET);
- if (host != (struct hostent*)0)
- retval = pam_set_item(s_pamh, PAM_RHOST, host->h_name);
- else
+ if (tunable_reverse_lookup_enable) {
+ sin.sin_addr.s_addr = inet_addr(str_getbuf(p_remote_host));
+ host = gethostbyaddr((char*)&sin.sin_addr.s_addr,sizeof(struct in_addr),AF_INET);
+ if (host != (struct hostent*)0)
+ retval = pam_set_item(s_pamh, PAM_RHOST, host->h_name);
+ else
+ retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host));
+ } else {
retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host));
+ }
if (retval != PAM_SUCCESS)
{
(void) pam_end(s_pamh, retval);
diff -up vsftpd-3.0.2/tunables.c.lookup vsftpd-3.0.2/tunables.c
--- vsftpd-3.0.2/tunables.c.lookup 2014-04-17 10:03:22.766958324 +0200
+++ vsftpd-3.0.2/tunables.c 2014-04-17 10:04:52.004964675 +0200
@@ -72,6 +72,7 @@ int tunable_force_anon_data_ssl;
int tunable_mdtm_write;
int tunable_lock_upload_files;
int tunable_pasv_addr_resolve;
+int tunable_reverse_lookup_enable;
int tunable_userlist_log;
int tunable_debug_ssl;
int tunable_require_cert;
@@ -213,6 +214,7 @@ tunables_load_defaults()
tunable_mdtm_write = 1;
tunable_lock_upload_files = 1;
tunable_pasv_addr_resolve = 0;
+ tunable_reverse_lookup_enable = 1;
tunable_userlist_log = 0;
tunable_debug_ssl = 0;
tunable_require_cert = 0;
diff -up vsftpd-3.0.2/tunables.h.lookup vsftpd-3.0.2/tunables.h
--- vsftpd-3.0.2/tunables.h.lookup 2014-04-17 10:03:27.405958676 +0200
+++ vsftpd-3.0.2/tunables.h 2014-04-17 10:04:22.763963824 +0200
@@ -73,6 +73,7 @@ extern int tunable_force_anon_data_ssl;
extern int tunable_mdtm_write; /* Allow MDTM to set timestamps */
extern int tunable_lock_upload_files; /* Lock uploading files */
extern int tunable_pasv_addr_resolve; /* DNS resolve pasv_addr */
+extern int tunable_reverse_lookup_enable; /* Get hostname before pam auth */
extern int tunable_userlist_log; /* Log every failed login attempt */
extern int tunable_debug_ssl; /* Verbose SSL logging */
extern int tunable_require_cert; /* SSL client cert required */
diff -up vsftpd-3.0.2/vsftpd.conf.5.lookup vsftpd-3.0.2/vsftpd.conf.5
--- vsftpd-3.0.2/vsftpd.conf.5.lookup 2014-04-17 10:05:30.956969003 +0200
+++ vsftpd-3.0.2/vsftpd.conf.5 2014-04-17 10:06:36.586971828 +0200
@@ -425,6 +425,15 @@ http://scarybeastsecurity.blogspot.com/2
Default: YES
.TP
+.B reverse_lookup_enable
+Set to YES if you want vsftpd to transform the ip address into the hostname,
+before pam authentication. This is useful if you use pam_access including the
+hostname. If you want vsftpd to run on the environment where the reverse lookup
+for some hostname is available and the name server doesn't respond for a while,
+you should set this to NO to avoid a performance issue.
+
+Default: YES
+.TP
.B run_as_launching_user
Set to YES if you want vsftpd to run as the user which launched vsftpd. This is
useful where root access is not available. MASSIVE WARNING! Do NOT enable this

24
vsftpd-3.0.2-pasv-addr.patch
View File

@ -1,24 +0,0 @@
diff -up vsftpd-3.0.2/privops.c.pasv-addr vsftpd-3.0.2/privops.c
--- vsftpd-3.0.2/privops.c.pasv-addr 2013-09-03 15:57:47.796756184 +0200
+++ vsftpd-3.0.2/privops.c 2013-09-03 15:57:58.873752201 +0200
@@ -160,7 +160,19 @@ vsf_privop_pasv_listen(struct vsf_sessio
p_sess->pasv_listen_fd = vsf_sysutil_get_ipv4_sock();
}
vsf_sysutil_activate_reuseaddr(p_sess->pasv_listen_fd);
- vsf_sysutil_sockaddr_clone(&s_p_sockaddr, p_sess->p_local_addr);
+ if (tunable_pasv_address != 0)
+ {
+ vsf_sysutil_sockaddr_alloc_ipv4(&s_p_sockaddr);
+ /* Use passive address as specified in configuration */
+ if (vsf_sysutil_inet_aton(tunable_pasv_address, s_p_sockaddr) == 0)
+ {
+ die("invalid pasv_address");
+ }
+ }
+ else
+ {
+ vsf_sysutil_sockaddr_clone(&s_p_sockaddr, p_sess->p_local_addr);
+ }
vsf_sysutil_sockaddr_set_port(s_p_sockaddr, the_port);
retval = vsf_sysutil_bind(p_sess->pasv_listen_fd, s_p_sockaddr);
if (!vsf_sysutil_retval_is_error(retval))

229
vsftpd-3.0.2-uint-uidgid.patch Normal file
View File

@ -0,0 +1,229 @@
diff -up vsftpd-3.0.2/ls.c.uint-uidgid vsftpd-3.0.2/ls.c
--- vsftpd-3.0.2/ls.c.uint-uidgid 2014-04-17 13:47:01.835114063 +0200
+++ vsftpd-3.0.2/ls.c 2014-04-17 13:47:01.845114063 +0200
@@ -501,7 +501,7 @@ build_dir_line(struct mystr* p_str, cons
}
else
{
- int uid = vsf_sysutil_statbuf_get_uid(p_stat);
+ unsigned int uid = vsf_sysutil_statbuf_get_uid(p_stat);
struct vsf_sysutil_user* p_user = 0;
if (tunable_text_userdb_names)
{
@@ -526,7 +526,7 @@ build_dir_line(struct mystr* p_str, cons
}
else
{
- int gid = vsf_sysutil_statbuf_get_gid(p_stat);
+ unsigned int gid = vsf_sysutil_statbuf_get_gid(p_stat);
struct vsf_sysutil_group* p_group = 0;
if (tunable_text_userdb_names)
{
diff -up vsftpd-3.0.2/privops.c.uint-uidgid vsftpd-3.0.2/privops.c
--- vsftpd-3.0.2/privops.c.uint-uidgid 2012-09-16 09:21:24.000000000 +0200
+++ vsftpd-3.0.2/privops.c 2014-04-17 13:48:26.431113895 +0200
@@ -236,8 +236,7 @@ vsf_privop_do_file_chown(struct vsf_sess
/* Drop it like a hot potato unless it's a regular file owned by
* the the anonymous ftp user
*/
- if (p_sess->anon_upload_chown_uid == -1 ||
- !vsf_sysutil_statbuf_is_regfile(s_p_statbuf) ||
+ if (!vsf_sysutil_statbuf_is_regfile(s_p_statbuf) ||
(vsf_sysutil_statbuf_get_uid(s_p_statbuf) != p_sess->anon_ftp_uid &&
vsf_sysutil_statbuf_get_uid(s_p_statbuf) != p_sess->guest_user_uid))
{
diff -up vsftpd-3.0.2/session.h.uint-uidgid vsftpd-3.0.2/session.h
--- vsftpd-3.0.2/session.h.uint-uidgid 2012-04-05 03:27:19.000000000 +0200
+++ vsftpd-3.0.2/session.h 2014-04-17 13:47:01.845114063 +0200
@@ -54,9 +54,9 @@ struct vsf_session
struct mystr_list* p_visited_dir_list;
/* Details of userids which are interesting to us */
- int anon_ftp_uid;
- int guest_user_uid;
- int anon_upload_chown_uid;
+ unsigned int anon_ftp_uid;
+ unsigned int guest_user_uid;
+ unsigned int anon_upload_chown_uid;
/* Things we need to cache before we chroot() */
struct mystr banned_email_str;
diff -up vsftpd-3.0.2/sysutil.c.uint-uidgid vsftpd-3.0.2/sysutil.c
--- vsftpd-3.0.2/sysutil.c.uint-uidgid 2014-04-17 13:47:01.839114063 +0200
+++ vsftpd-3.0.2/sysutil.c 2014-04-17 13:47:01.846114063 +0200
@@ -1454,14 +1454,14 @@ vsf_sysutil_statbuf_get_size(const struc
return p_stat->st_size;
}
-int
+unsigned int
vsf_sysutil_statbuf_get_uid(const struct vsf_sysutil_statbuf* p_statbuf)
{
const struct stat* p_stat = (const struct stat*) p_statbuf;
return p_stat->st_uid;
}
-int
+unsigned int
vsf_sysutil_statbuf_get_gid(const struct vsf_sysutil_statbuf* p_statbuf)
{
const struct stat* p_stat = (const struct stat*) p_statbuf;
@@ -1502,7 +1502,7 @@ vsf_sysutil_statbuf_get_sortkey_mtime(
}
void
-vsf_sysutil_fchown(const int fd, const int uid, const int gid)
+vsf_sysutil_fchown(const int fd, const unsigned int uid, const unsigned int gid)
{
if (fchown(fd, uid, gid) != 0)
{
@@ -2320,13 +2320,9 @@ vsf_sysutil_dns_resolve(struct vsf_sysut
}
struct vsf_sysutil_user*
-vsf_sysutil_getpwuid(const int uid)
+vsf_sysutil_getpwuid(const unsigned int uid)
{
- if (uid < 0)
- {
- bug("negative uid in vsf_sysutil_getpwuid");
- }
- return (struct vsf_sysutil_user*) getpwuid((unsigned int) uid);
+ return (struct vsf_sysutil_user*) getpwuid(uid);
}
struct vsf_sysutil_user*
@@ -2349,14 +2345,14 @@ vsf_sysutil_user_get_homedir(const struc
return p_passwd->pw_dir;
}
-int
+unsigned int
vsf_sysutil_user_getuid(const struct vsf_sysutil_user* p_user)
{
const struct passwd* p_passwd = (const struct passwd*) p_user;
return p_passwd->pw_uid;
}
-int
+unsigned int
vsf_sysutil_user_getgid(const struct vsf_sysutil_user* p_user)
{
const struct passwd* p_passwd = (const struct passwd*) p_user;
@@ -2364,13 +2360,9 @@ vsf_sysutil_user_getgid(const struct vsf
}
struct vsf_sysutil_group*
-vsf_sysutil_getgrgid(const int gid)
+vsf_sysutil_getgrgid(const unsigned int gid)
{
- if (gid < 0)
- {
- die("negative gid in vsf_sysutil_getgrgid");
- }
- return (struct vsf_sysutil_group*) getgrgid((unsigned int) gid);
+ return (struct vsf_sysutil_group*) getgrgid(gid);
}
const char*
@@ -2445,25 +2437,17 @@ vsf_sysutil_setgid_numeric(int gid)
}
}
-int
+unsigned int
vsf_sysutil_geteuid(void)
{
- int retval = geteuid();
- if (retval < 0)
- {
- die("geteuid");
- }
+ unsigned int retval = geteuid();
return retval;
}
-int
+unsigned int
vsf_sysutil_getegid(void)
{
- int retval = getegid();
- if (retval < 0)
- {
- die("getegid");
- }
+ unsigned int retval = getegid();
return retval;
}
@@ -2854,7 +2838,7 @@ vsf_sysutil_ftruncate(int fd)
}
}
-int
+unsigned int
vsf_sysutil_getuid(void)
{
return getuid();
diff -up vsftpd-3.0.2/sysutil.h.uint-uidgid vsftpd-3.0.2/sysutil.h
--- vsftpd-3.0.2/sysutil.h.uint-uidgid 2014-04-17 13:47:01.827114063 +0200
+++ vsftpd-3.0.2/sysutil.h 2014-04-17 13:47:01.846114063 +0200
@@ -129,15 +129,15 @@ const char* vsf_sysutil_statbuf_get_nume
const struct vsf_sysutil_statbuf* p_stat, int use_localtime);
unsigned int vsf_sysutil_statbuf_get_links(
const struct vsf_sysutil_statbuf* p_stat);
-int vsf_sysutil_statbuf_get_uid(const struct vsf_sysutil_statbuf* p_stat);
-int vsf_sysutil_statbuf_get_gid(const struct vsf_sysutil_statbuf* p_stat);
+unsigned int vsf_sysutil_statbuf_get_uid(const struct vsf_sysutil_statbuf* p_stat);
+unsigned int vsf_sysutil_statbuf_get_gid(const struct vsf_sysutil_statbuf* p_stat);
int vsf_sysutil_statbuf_is_readable_other(
const struct vsf_sysutil_statbuf* p_stat);
const char* vsf_sysutil_statbuf_get_sortkey_mtime(
const struct vsf_sysutil_statbuf* p_stat);
int vsf_sysutil_chmod(const char* p_filename, unsigned int mode);
-void vsf_sysutil_fchown(const int fd, const int uid, const int gid);
+void vsf_sysutil_fchown(const int fd, const unsigned int uid, const unsigned int gid);
void vsf_sysutil_fchmod(const int fd, unsigned int mode);
int vsf_sysutil_readlink(const char* p_filename, char* p_dest,
unsigned int bufsiz);
@@ -290,15 +290,15 @@ int vsf_sysutil_inet_aton(
struct vsf_sysutil_user;
struct vsf_sysutil_group;
-struct vsf_sysutil_user* vsf_sysutil_getpwuid(const int uid);
+struct vsf_sysutil_user* vsf_sysutil_getpwuid(const unsigned int uid);
struct vsf_sysutil_user* vsf_sysutil_getpwnam(const char* p_user);
const char* vsf_sysutil_user_getname(const struct vsf_sysutil_user* p_user);
const char* vsf_sysutil_user_get_homedir(
const struct vsf_sysutil_user* p_user);
-int vsf_sysutil_user_getuid(const struct vsf_sysutil_user* p_user);
-int vsf_sysutil_user_getgid(const struct vsf_sysutil_user* p_user);
+unsigned int vsf_sysutil_user_getuid(const struct vsf_sysutil_user* p_user);
+unsigned int vsf_sysutil_user_getgid(const struct vsf_sysutil_user* p_user);
-struct vsf_sysutil_group* vsf_sysutil_getgrgid(const int gid);
+struct vsf_sysutil_group* vsf_sysutil_getgrgid(const unsigned int gid);
const char* vsf_sysutil_group_getname(const struct vsf_sysutil_group* p_group);
/* More random things */
@@ -316,7 +316,7 @@ void vsf_sysutil_qsort(void* p_base, uns
char* vsf_sysutil_getenv(const char* p_var);
typedef void (*exitfunc_t)(void);
void vsf_sysutil_set_exit_func(exitfunc_t exitfunc);
-int vsf_sysutil_getuid(void);
+unsigned int vsf_sysutil_getuid(void);
/* Syslogging (bah) */
void vsf_sysutil_openlog(int force);
@@ -329,8 +329,8 @@ void vsf_sysutil_setuid(const struct vsf
void vsf_sysutil_setgid(const struct vsf_sysutil_user* p_user);
void vsf_sysutil_setuid_numeric(int uid);
void vsf_sysutil_setgid_numeric(int gid);
-int vsf_sysutil_geteuid(void);
-int vsf_sysutil_getegid(void);
+unsigned int vsf_sysutil_geteuid(void);
+unsigned int vsf_sysutil_getegid(void);
void vsf_sysutil_seteuid(const struct vsf_sysutil_user* p_user);
void vsf_sysutil_setegid(const struct vsf_sysutil_user* p_user);
void vsf_sysutil_seteuid_numeric(int uid);

106
vsftpd.init
View File

@ -1,106 +0,0 @@
#!/bin/bash
#
### BEGIN INIT INFO
# Provides: vsftpd
# Required-Start: $local_fs $network $named $remote_fs $syslog
# Required-Stop: $local_fs $network $named $remote_fs $syslog
# Short-Description: Very Secure Ftp Daemon
# Description: vsftpd is a Very Secure FTP daemon. It was written completely from
# scratch
### END INIT INFO
# vsftpd This shell script takes care of starting and stopping
# standalone vsftpd.
#
# chkconfig: - 60 50
# description: Vsftpd is a ftp daemon, which is the program \
# that answers incoming ftp service requests.
# processname: vsftpd
# config: /etc/vsftpd/vsftpd.conf
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
RETVAL=0
prog="vsftpd"
start() {
# Start daemons.
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 1
[ -x /usr/sbin/vsftpd ] || exit 1
if [ -d /etc/vsftpd ] ; then
CONFS=`ls /etc/vsftpd/*.conf 2>/dev/null`
[ -z "$CONFS" ] && exit 6
PROC_FAILED=0
for i in $CONFS; do
site=`basename $i .conf`
echo -n $"Starting $prog for $site: "
daemon /usr/sbin/vsftpd $i
RETVAL=$?
echo
if [ $RETVAL -eq 0 ] && [ ! -f /var/lock/subsys/$prog ]; then
touch /var/lock/subsys/$prog
elif [ $RETVAL -ne 0 ]; then
ps -FC vsftpd | grep "$i" > /dev/null
RETVAL=$?
if [ $PROC_FAILED -eq 0 ] && [ $RETVAL -ne 0 ]; then
PROC_FAILED=1
fi
fi
done
if [ $RETVAL -eq 0 ] && [ $PROC_FAILED -ne 0 ]; then
RETVAL=1
fi
else
RETVAL=1
fi
return $RETVAL
}
stop() {
# Stop daemons.
echo -n $"Shutting down $prog: "
killproc $prog
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
return $RETVAL
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart|reload)
stop
start
RETVAL=$?
;;
condrestart|try-restart|force-reload)
if [ -f /var/lock/subsys/$prog ]; then
stop
start
RETVAL=$?
fi
;;
status)
status $prog
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart|try-restart|force-reload|status}"
exit 1
esac
exit $RETVAL

34
vsftpd.spec
View File

@ -3,7 +3,7 @@
Name: vsftpd Name: vsftpd
Version: 3.0.2 Version: 3.0.2
Release: 7%{?dist} Release: 8%{?dist}
Summary: Very Secure Ftp Daemon Summary: Very Secure Ftp Daemon
Group: System Environment/Daemons Group: System Environment/Daemons
@ -15,7 +15,6 @@ Source1: vsftpd.xinetd
Source2: vsftpd.pam Source2: vsftpd.pam
Source3: vsftpd.ftpusers Source3: vsftpd.ftpusers
Source4: vsftpd.user_list Source4: vsftpd.user_list
Source5: vsftpd.init
Source6: vsftpd_conf_migrate.sh Source6: vsftpd_conf_migrate.sh
Source7: vsftpd.service Source7: vsftpd.service
Source8: vsftpd@.service Source8: vsftpd@.service
@ -60,22 +59,14 @@ Patch22: vsftpd-2.3.5-aslim.patch
Patch23: vsftpd-3.0.0-tz.patch Patch23: vsftpd-3.0.0-tz.patch
Patch24: vsftpd-3.0.0-xferlog.patch Patch24: vsftpd-3.0.0-xferlog.patch
Patch25: vsftpd-3.0.0-logrotate.patch Patch25: vsftpd-3.0.0-logrotate.patch
Patch26: vsftpd-3.0.2-pasv-addr.patch Patch26: vsftpd-3.0.2-lookup.patch
Patch27: vsftpd-3.0.2-uint-uidgid.patch
Patch28: vsftpd-3.0.2-dh.patch
%description %description
vsftpd is a Very Secure FTP daemon. It was written completely from vsftpd is a Very Secure FTP daemon. It was written completely from
scratch. scratch.
%package sysvinit
Group: System Environment/Daemons
Summary: SysV initscript for vsftpd daemon
Requires: %{name} = %{version}-%{release}
Requires(preun): /sbin/service
Requires(postun): /sbin/service
%description sysvinit
The vsftpd-sysvinit contains SysV initscritps support.
%prep %prep
%setup -q -n %{name}-%{version} %setup -q -n %{name}-%{version}
cp %{SOURCE1} . cp %{SOURCE1} .
@ -101,7 +92,9 @@ cp %{SOURCE1} .
%patch23 -p1 -b .tz %patch23 -p1 -b .tz
%patch24 -p1 -b .xferlog %patch24 -p1 -b .xferlog
%patch25 -p1 -b .logrotate %patch25 -p1 -b .logrotate
%patch26 -p1 -b .pasv-addr %patch26 -p1 -b .lookup
%patch27 -p1 -b .uint-uidgid
%patch28 -p1 -b .dh
%build %build
%ifarch s390x sparcv9 sparc64 %ifarch s390x sparcv9 sparc64
@ -116,7 +109,7 @@ make CFLAGS="$RPM_OPT_FLAGS -fpie -pipe -Wextra -Werror" \
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT%{_sbindir} mkdir -p $RPM_BUILD_ROOT%{_sbindir}
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir} mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/{vsftpd,pam.d,logrotate.d,rc.d/init.d} mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/{vsftpd,pam.d,logrotate.d}
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man{5,8} mkdir -p $RPM_BUILD_ROOT%{_mandir}/man{5,8}
mkdir -p $RPM_BUILD_ROOT%{_unitdir} mkdir -p $RPM_BUILD_ROOT%{_unitdir}
mkdir -p $RPM_BUILD_ROOT%{_generatorsdir} mkdir -p $RPM_BUILD_ROOT%{_generatorsdir}
@ -128,7 +121,6 @@ install -m 644 RedHat/vsftpd.log $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/vsftp
install -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/vsftpd install -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/vsftpd
install -m 600 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/ftpusers install -m 600 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/ftpusers
install -m 600 %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/user_list install -m 600 %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/user_list
install -m 755 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/vsftpd
install -m 744 %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/vsftpd_conf_migrate.sh install -m 744 %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/vsftpd_conf_migrate.sh
install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_unitdir} install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_unitdir}
install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_unitdir} install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_unitdir}
@ -168,10 +160,14 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/vsftpd.* %{_mandir}/man8/vsftpd.*
%{_var}/ftp %{_var}/ftp
%files sysvinit
%{_sysconfdir}/rc.d/init.d/vsftpd
%changelog %changelog
* Tue May 13 2014 Jiri Skala <jskala@redhat.com> - 3.0.2-8
- adds reverse lookup option to vsftpd.conf
- changes types of uid and gid to uint
- removes spare patch pasv-addr
- implements DH cipher
- gets rid init scirpt subpackage
* Tue Sep 10 2013 Jiri Skala <jskala@redhat.com> - 3.0.2-7 * Tue Sep 10 2013 Jiri Skala <jskala@redhat.com> - 3.0.2-7
- fixed #1005549 - vsftpd startup broken - fixed #1005549 - vsftpd startup broken