From e000aa4ebebacb05a03c64dcb02bbcd1d79da13d Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Thu, 17 Nov 2016 14:35:34 +0100 Subject: [PATCH] Review patches and spec file. --- ...-provided-script-to-locate-libraries.patch | 10 +- ....patch => 0002-Enable-build-with-SSL.patch | 8 +- ...> 0003-Enable-build-with-TCP-Wrapper.patch | 8 +- ...-dir-for-config-files-instead-of-etc.patch | 8 +- ...en-calling-PAM-authentication-module.patch | 13 +- ...err-before-listening-for-incoming-co.patch | 35 ++++ ...> 0007-Make-filename-filters-smarter.patch | 51 ++++-- ...008-Write-denied-logins-into-the-log.patch | 10 +- ...itespaces-when-reading-configuration.patch | 8 +- ...us.patch => 0010-Improve-daemonizing.patch | 9 +- ...-Fix-listing-with-more-than-one-star.patch | 11 +- ...lace-syscall-__NR_clone-.-with-clone.patch | 9 +- ...3-Extend-man-pages-with-systemd-info.patch | 10 +- ...dd-support-for-square-brackets-in-ls.patch | 16 +- ...ch => 0015-Listen-on-IPv6-by-default.patch | 8 +- ...e-VSFTP_AS_LIMIT-from-200UL-to-400UL.patch | 27 +++ ...-an-issue-with-timestamps-during-DST.patch | 20 ++- ...he-default-log-file-in-configuration.patch | 43 +++++ ...troduce-reverse_lookup_enable-option.patch | 11 +- ...d-int-for-uid-and-gid-representation.patch | 12 +- ...-support-for-DHE-based-cipher-suites.patch | 8 +- ...upport-for-EDDHE-based-cipher-suites.patch | 8 +- ...n-for-isolate_-options.-Correct-defa.patch | 14 +- ... 0024-Introduce-new-return-value-450.patch | 12 +- ...> 0025-Improve-local_max_rate-option.patch | 9 +- ...6-Prevent-hanging-in-SIGCHLD-handler.patch | 16 +- ... 0027-Delete-files-when-upload-fails.patch | 22 +-- ...patch => 0028-Fix-man-page-rendering.patch | 10 +- ...9-Fix-segfault-in-config-file-parser.patch | 8 +- ...g-into-syslog-when-enabled-in-config.patch | 8 +- ...on-mark-wildcard-withing-a-file-name.patch | 12 +- ...errors-from-nfs-with-quota-to-client.patch | 31 ++-- ...ntroduce-TLSv1.1-and-TLSv1.2-options.patch | 153 +++++++++++++++++ ...omp-sandbox-because-it-is-too-strict.patch | 12 +- vsftpd-2.3.5-aslim.patch | 12 -- vsftpd-3.0.0-logrotate.patch | 26 --- vsftpd-3.0.0-xferlog.patch | 25 --- vsftpd-close-std-fds.patch | 26 --- vsftpd.spec | 159 +++++++----------- 39 files changed, 537 insertions(+), 361 deletions(-) rename vsftpd-2.1.0-libs.patch => 0001-Don-t-use-the-provided-script-to-locate-libraries.patch (64%) rename vsftpd-2.1.0-build_ssl.patch => 0002-Enable-build-with-SSL.patch (69%) rename vsftpd-2.1.0-tcp_wrappers.patch => 0003-Enable-build-with-TCP-Wrapper.patch (70%) rename vsftpd-2.1.0-configuration.patch => 0004-Use-etc-vsftpd-dir-for-config-files-instead-of-etc.patch (99%) rename vsftpd-2.1.0-pam_hostname.patch => 0005-Use-hostname-when-calling-PAM-authentication-module.patch (81%) create mode 100644 0006-Close-stdin-out-err-before-listening-for-incoming-co.patch rename vsftpd-2.1.0-filter.patch => 0007-Make-filename-filters-smarter.patch (67%) rename vsftpd-2.1.0-userlist_log.patch => 0008-Write-denied-logins-into-the-log.patch (94%) rename vsftpd-2.1.0-trim.patch => 0009-Trim-whitespaces-when-reading-configuration.patch (94%) rename vsftpd-2.1.1-daemonize_plus.patch => 0010-Improve-daemonizing.patch (96%) rename vsftpd-2.2.0-wildchar.patch => 0011-Fix-listing-with-more-than-one-star.patch (77%) rename vsftpd-2.2.2-clone.patch => 0012-Replace-syscall-__NR_clone-.-with-clone.patch (80%) rename vsftpd-2.3.4-sd.patch => 0013-Extend-man-pages-with-systemd-info.patch (92%) rename vsftpd-2.3.4-sqb.patch => 0014-Add-support-for-square-brackets-in-ls.patch (97%) rename vsftpd-2.3.4-listen_ipv6.patch => 0015-Listen-on-IPv6-by-default.patch (91%) create mode 100644 0016-Increase-VSFTP_AS_LIMIT-from-200UL-to-400UL.patch rename vsftpd-3.0.0-tz.patch => 0017-Fix-an-issue-with-timestamps-during-DST.patch (91%) create mode 100644 0018-Change-the-default-log-file-in-configuration.patch rename vsftpd-3.0.2-lookup.patch => 0019-Introduce-reverse_lookup_enable-option.patch (93%) rename vsftpd-3.0.2-uint-uidgid.patch => 0020-Use-unsigned-int-for-uid-and-gid-representation.patch (97%) rename vsftpd-3.0.2-dh.patch => 0021-Introduce-support-for-DHE-based-cipher-suites.patch (97%) rename vsftpd-3.0.2-ecdh.patch => 0022-Introduce-support-for-EDDHE-based-cipher-suites.patch (96%) rename vsftpd-3.0.2-docupd.patch => 0023-Add-documentation-for-isolate_-options.-Correct-defa.patch (85%) rename vsftpd-3.0.2-rc450.patch => 0024-Introduce-new-return-value-450.patch (87%) rename vsftpd-3.0.2-mrate.patch => 0025-Improve-local_max_rate-option.patch (92%) rename vsftpd-3.0.2-wnohang.patch => 0026-Prevent-hanging-in-SIGCHLD-handler.patch (86%) rename vsftpd-3.0.2-del-upl.patch => 0027-Delete-files-when-upload-fails.patch (87%) rename vsftpd-2.2.2-man-pages.patch => 0028-Fix-man-page-rendering.patch (76%) rename vsftpd-2.2.2-blank-chars-overflow.patch => 0029-Fix-segfault-in-config-file-parser.patch (79%) rename vsftpd-2.2.2-syslog.patch => 0030-Fix-logging-into-syslog-when-enabled-in-config.patch (72%) rename vsftpd-2.0.5-fix_qm.patch => 0031-Fix-question-mark-wildcard-withing-a-file-name.patch (68%) rename vsftpd-2.2.2-nfs-fail.patch => 0032-Propagate-errors-from-nfs-with-quota-to-client.patch (81%) create mode 100644 0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch rename vsftpd-3.0.2-seccomp.patch => 0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch (62%) delete mode 100644 vsftpd-2.3.5-aslim.patch delete mode 100644 vsftpd-3.0.0-logrotate.patch delete mode 100644 vsftpd-3.0.0-xferlog.patch delete mode 100644 vsftpd-close-std-fds.patch diff --git a/vsftpd-2.1.0-libs.patch b/0001-Don-t-use-the-provided-script-to-locate-libraries.patch similarity index 64% rename from vsftpd-2.1.0-libs.patch rename to 0001-Don-t-use-the-provided-script-to-locate-libraries.patch index 1bfa426..fdeb69e 100644 --- a/vsftpd-2.1.0-libs.patch +++ b/0001-Don-t-use-the-provided-script-to-locate-libraries.patch @@ -1,8 +1,10 @@ -From e007fc137c6bee2d359af9cfc88cd01fb672cc1e Mon Sep 17 00:00:00 2001 +From 7bd573d76e9c1996ad5a96f0289731a253a24301 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 01/26] Applied vsftpd-2.1.0-libs.patch +Date: Tue, 6 Sep 2016 13:35:51 +0200 +Subject: [PATCH 01/33] Don't use the provided script to locate libraries. +This branch is Fedora (RHEL) specific, so we know what +libraries we have and want to use. --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) @@ -21,5 +23,5 @@ index c63ed1b..98118dc 100644 LDFLAGS = -fPIE -pie -Wl,-z,relro -Wl,-z,now -- -2.5.0 +2.7.4 diff --git a/vsftpd-2.1.0-build_ssl.patch b/0002-Enable-build-with-SSL.patch similarity index 69% rename from vsftpd-2.1.0-build_ssl.patch rename to 0002-Enable-build-with-SSL.patch index ce183b5..41180fa 100644 --- a/vsftpd-2.1.0-build_ssl.patch +++ b/0002-Enable-build-with-SSL.patch @@ -1,7 +1,7 @@ -From 2ee718251d602abf6f4c5bb2fc6d829e32d3f3e1 Mon Sep 17 00:00:00 2001 +From 6fe24bc56694808ac7f8038855883a971967f0fb Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 02/26] Applied vsftpd-2.1.0-build_ssl.patch +Date: Tue, 6 Sep 2016 13:40:53 +0200 +Subject: [PATCH 02/33] Enable build with SSL. --- builddefs.h | 2 +- @@ -21,5 +21,5 @@ index e908352..63cc62b 100644 #endif /* VSF_BUILDDEFS_H */ -- -2.5.0 +2.7.4 diff --git a/vsftpd-2.1.0-tcp_wrappers.patch b/0003-Enable-build-with-TCP-Wrapper.patch similarity index 70% rename from vsftpd-2.1.0-tcp_wrappers.patch rename to 0003-Enable-build-with-TCP-Wrapper.patch index 4fe87d4..baa8881 100644 --- a/vsftpd-2.1.0-tcp_wrappers.patch +++ b/0003-Enable-build-with-TCP-Wrapper.patch @@ -1,7 +1,7 @@ -From 3e01cb1388681f8a956c954570db4fe8ac61d1bc Mon Sep 17 00:00:00 2001 +From 1e0e2b13836d40f5a3f4cb20f2b3ea8204115b51 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 03/26] Applied vsftpd-2.1.0-tcp_wrappers.patch +Date: Tue, 6 Sep 2016 13:42:09 +0200 +Subject: [PATCH 03/33] Enable build with TCP Wrapper --- builddefs.h | 2 +- @@ -21,5 +21,5 @@ index 63cc62b..83de674 100644 #define VSF_BUILD_SSL -- -2.5.0 +2.7.4 diff --git a/vsftpd-2.1.0-configuration.patch b/0004-Use-etc-vsftpd-dir-for-config-files-instead-of-etc.patch similarity index 99% rename from vsftpd-2.1.0-configuration.patch rename to 0004-Use-etc-vsftpd-dir-for-config-files-instead-of-etc.patch index 5675351..4380365 100644 --- a/vsftpd-2.1.0-configuration.patch +++ b/0004-Use-etc-vsftpd-dir-for-config-files-instead-of-etc.patch @@ -1,7 +1,7 @@ -From 4c4dcfaa65c86da78d2cf49f0f4a5c8d63a78d3a Mon Sep 17 00:00:00 2001 +From fff93602a4b252be8d674e27083dde68a7acf038 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 04/26] Applied vsftpd-2.1.0-configuration.patch +Date: Tue, 6 Sep 2016 13:46:03 +0200 +Subject: [PATCH 04/33] Use /etc/vsftpd/ dir for config files instead of /etc. --- EXAMPLE/INTERNET_SITE/README | 6 +++--- @@ -479,5 +479,5 @@ index fcc6022..5e46a2f 100644 .B vsftpd_log_file This option is the name of the file to which we write the vsftpd style -- -2.5.0 +2.7.4 diff --git a/vsftpd-2.1.0-pam_hostname.patch b/0005-Use-hostname-when-calling-PAM-authentication-module.patch similarity index 81% rename from vsftpd-2.1.0-pam_hostname.patch rename to 0005-Use-hostname-when-calling-PAM-authentication-module.patch index f523d30..7d8d7de 100644 --- a/vsftpd-2.1.0-pam_hostname.patch +++ b/0005-Use-hostname-when-calling-PAM-authentication-module.patch @@ -1,8 +1,13 @@ -From fb9754bb10105b6c23d355fd448f55ab94c704b8 Mon Sep 17 00:00:00 2001 +From 08c49b78942d40c99fae8c40e7668aa73e1bd695 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 05/26] Applied vsftpd-2.1.0-pam_hostname.patch +Date: Tue, 6 Sep 2016 15:01:23 +0200 +Subject: [PATCH 05/33] Use hostname when calling PAM authentication module. +Currently the vsftpd passes all logins as IP addresses +into PAM. This prevents administrators from setting up +ACLs based on domain (e.g. .example.com). This patch +enables reverse host lookup and use hostname instead +of address if there is one. --- sysdeputil.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) @@ -66,5 +71,5 @@ index 06f01f4..b2782da 100644 if (retval != 1) { -- -2.5.0 +2.7.4 diff --git a/0006-Close-stdin-out-err-before-listening-for-incoming-co.patch b/0006-Close-stdin-out-err-before-listening-for-incoming-co.patch new file mode 100644 index 0000000..22af9be --- /dev/null +++ b/0006-Close-stdin-out-err-before-listening-for-incoming-co.patch @@ -0,0 +1,35 @@ +From 423cbf4ddca6578b87e0f8a3fc425688cd1ca89c Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Tue, 6 Sep 2016 16:18:39 +0200 +Subject: [PATCH 06/33] Close stdin/out/err before listening for incoming + connections. + +When running vsftpd as a stand-alone FTP daemon, vsftpd +did not close stdin/out/err. This caused the start script +to hang waiting for stdin to close. Before this patch was +applied, one had to hit ctrl+c in order to get shell prompt +back. Correct behavior: +$ /etc/init.d/vsftpd start | tee +Starting vsftpd for vsftpd: [ OK ] +$ +--- + standalone.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/standalone.c b/standalone.c +index ba01ab1..e0f2d5b 100644 +--- a/standalone.c ++++ b/standalone.c +@@ -130,6 +130,9 @@ vsf_standalone_main(void) + die("could not bind listening IPv6 socket"); + } + } ++ vsf_sysutil_close(0); ++ vsf_sysutil_close(1); ++ vsf_sysutil_close(2); + retval = vsf_sysutil_listen(listen_sock, VSFTP_LISTEN_BACKLOG); + if (vsf_sysutil_retval_is_error(retval)) + { +-- +2.7.4 + diff --git a/vsftpd-2.1.0-filter.patch b/0007-Make-filename-filters-smarter.patch similarity index 67% rename from vsftpd-2.1.0-filter.patch rename to 0007-Make-filename-filters-smarter.patch index 5632b62..21c7b78 100644 --- a/vsftpd-2.1.0-filter.patch +++ b/0007-Make-filename-filters-smarter.patch @@ -1,36 +1,56 @@ -From d8f1f584c96d3449265a54fa62c5944b1b7c915c Mon Sep 17 00:00:00 2001 +From 548375b2122f83771dc0b8571f16e5b5adabba98 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 07/26] Applied vsftpd-2.1.0-filter.patch +Date: Wed, 7 Sep 2016 10:04:31 +0200 +Subject: [PATCH 07/33] Make filename filters smarter. +In the original version vsftpd was not able to prevent +users from downloading for instance /etc/passwd by +defining filters such as deny_file=/etc/passwd or /etc* +or passwd. Example of erroneous behavior: +230 Login successful. +Remote system type is UNIX. +Using binary mode to transfer files. +ftp> cd / +250 Directory successfully changed. +ftp> cd /etc +550 Permission denied. +ftp> cd etc +250 Directory successfully changed. +ftp> get passwd +local: passwd remote: passwd +227 Entering Passive Mode (127,0,0,1,99,251) +150 Opening BINARY mode data connection for passwd (2813 bytes). +226 File send OK. +2813 bytes received in 0.00016 seconds (1.7e+04 Kbytes/s) +ftp> quit +221 Goodbye. --- - ls.c | 26 ++++++++++++++++++++++++-- + ls.c | 24 +++++++++++++++++++++++- str.c | 11 +++++++++++ str.h | 1 + - 3 files changed, 36 insertions(+), 2 deletions(-) + 3 files changed, 35 insertions(+), 1 deletion(-) diff --git a/ls.c b/ls.c -index 7e1376d..e9302dd 100644 +index 7e1376d..f489478 100644 --- a/ls.c +++ b/ls.c -@@ -246,9 +246,31 @@ vsf_filename_passes_filter(const struct mystr* p_filename_str, +@@ -246,8 +246,30 @@ vsf_filename_passes_filter(const struct mystr* p_filename_str, int ret = 0; char last_token = 0; int must_match_at_current_pos = 1; -+ -+ ++ ++ str_copy(&filter_remain_str, p_filter_str); - str_copy(&name_remain_str, p_filename_str); -- -+ ++ + if (!str_isempty (&filter_remain_str) && !str_isempty(p_filename_str)) { + if (str_get_char_at(p_filter_str, 0) == '/') { + if (str_get_char_at(p_filename_str, 0) != '/') { + str_getcwd (&name_remain_str); -+ ++ + if (str_getlen(&name_remain_str) > 1) /* cwd != root dir */ + str_append_char (&name_remain_str, '/'); -+ ++ + str_append_str (&name_remain_str, p_filename_str); + } + else @@ -43,10 +63,9 @@ index 7e1376d..e9302dd 100644 + } + } else + str_copy(&name_remain_str, p_filename_str); -+ + while (!str_isempty(&filter_remain_str) && *iters < VSFTP_MATCHITERS_MAX) { - static struct mystr s_match_needed_str; diff --git a/str.c b/str.c index 6596204..ba4b92a 100644 --- a/str.c @@ -79,5 +98,5 @@ index ab0a9a4..3a21b50 100644 /* PURPOSE: Extract a line of text (delimited by \n or EOF) from a string * buffer, starting at character position 'p_pos'. The extracted line will -- -2.5.0 +2.7.4 diff --git a/vsftpd-2.1.0-userlist_log.patch b/0008-Write-denied-logins-into-the-log.patch similarity index 94% rename from vsftpd-2.1.0-userlist_log.patch rename to 0008-Write-denied-logins-into-the-log.patch index b855ca7..7a927ef 100644 --- a/vsftpd-2.1.0-userlist_log.patch +++ b/0008-Write-denied-logins-into-the-log.patch @@ -1,8 +1,10 @@ -From 2f563a92cf4c12d8a37e413ffdc14a7eb4637c03 Mon Sep 17 00:00:00 2001 +From 75c172596aa9e7a9f32062579f7f98783341c924 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 08/26] Applied vsftpd-2.1.0-userlist_log.patch +Date: Wed, 7 Sep 2016 10:17:17 +0200 +Subject: [PATCH 08/33] Write denied logins into the log. +This patch adds a new option 'userlist_log'. If enabled, +every login denial based on the user list will be logged. --- logging.c | 7 +++++++ logging.h | 11 +++++++++++ @@ -141,5 +143,5 @@ index 5e46a2f..9d767b1 100644 If enabled, virtual users will use the same privileges as local users. By default, virtual users will use the same privileges as anonymous users, which -- -2.5.0 +2.7.4 diff --git a/vsftpd-2.1.0-trim.patch b/0009-Trim-whitespaces-when-reading-configuration.patch similarity index 94% rename from vsftpd-2.1.0-trim.patch rename to 0009-Trim-whitespaces-when-reading-configuration.patch index 8de7c1b..6aa8c70 100644 --- a/vsftpd-2.1.0-trim.patch +++ b/0009-Trim-whitespaces-when-reading-configuration.patch @@ -1,7 +1,7 @@ -From aea6f1b484d06c56f636ae5ed7df232d6a94f57a Mon Sep 17 00:00:00 2001 +From d024bc27cee40f21e6a3841266062408c44e56fb Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 09/26] Applied vsftpd-2.1.0-trim.patch +Date: Wed, 7 Sep 2016 10:35:54 +0200 +Subject: [PATCH 09/33] Trim whitespaces when reading configuration. --- parseconf.c | 2 +- @@ -95,5 +95,5 @@ index c34778c..c2ddd15 100644 void vsf_sysutil_memcpy(void* p_dest, const void* p_src, const unsigned int size); -- -2.5.0 +2.7.4 diff --git a/vsftpd-2.1.1-daemonize_plus.patch b/0010-Improve-daemonizing.patch similarity index 96% rename from vsftpd-2.1.1-daemonize_plus.patch rename to 0010-Improve-daemonizing.patch index d9d7e04..366bee6 100644 --- a/vsftpd-2.1.1-daemonize_plus.patch +++ b/0010-Improve-daemonizing.patch @@ -1,8 +1,9 @@ -From 662531f296a0b7341e4e6817e084585a7e7a1d87 Mon Sep 17 00:00:00 2001 +From 569e7078244470ac0fcc2af3947c2735338555ec Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 10/26] Applied vsftpd-2.1.1-daemonize_plus.patch +Date: Wed, 7 Sep 2016 11:29:29 +0200 +Subject: [PATCH 10/33] Improve daemonizing +Init script gets correct return code if binding fails. --- standalone.c | 38 +++++++++++++++++++++++++++++++++++++- sysutil.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ @@ -204,5 +205,5 @@ index c2ddd15..bfc92cb 100644 /* Various string functions */ unsigned int vsf_sysutil_strlen(const char* p_text); -- -2.5.0 +2.7.4 diff --git a/vsftpd-2.2.0-wildchar.patch b/0011-Fix-listing-with-more-than-one-star.patch similarity index 77% rename from vsftpd-2.2.0-wildchar.patch rename to 0011-Fix-listing-with-more-than-one-star.patch index 88c934b..bc56d65 100644 --- a/vsftpd-2.2.0-wildchar.patch +++ b/0011-Fix-listing-with-more-than-one-star.patch @@ -1,14 +1,15 @@ -From 46b1cacac22d4c5f0b7695579860f7ecc28d3efb Mon Sep 17 00:00:00 2001 +From 32e6642640635d7305969f808b5badb706a11bff Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 11/26] Applied vsftpd-2.2.0-wildchar.patch +Date: Wed, 7 Sep 2016 11:36:17 +0200 +Subject: [PATCH 11/33] Fix listing with more than one star '*'. +This is a regression introduced by some previous patch. --- ls.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/ls.c b/ls.c -index e9302dd..92be544 100644 +index f489478..616b2d9 100644 --- a/ls.c +++ b/ls.c @@ -311,6 +311,20 @@ vsf_filename_passes_filter(const struct mystr* p_filename_str, @@ -33,5 +34,5 @@ index e9302dd..92be544 100644 str_mid_to_end(&name_remain_str, &temp_str, indexx + str_getlen(&s_match_needed_str)); -- -2.5.0 +2.7.4 diff --git a/vsftpd-2.2.2-clone.patch b/0012-Replace-syscall-__NR_clone-.-with-clone.patch similarity index 80% rename from vsftpd-2.2.2-clone.patch rename to 0012-Replace-syscall-__NR_clone-.-with-clone.patch index 82b8db7..de7aba4 100644 --- a/vsftpd-2.2.2-clone.patch +++ b/0012-Replace-syscall-__NR_clone-.-with-clone.patch @@ -1,8 +1,9 @@ -From 1220fb187aa6b114ae4877fd74a42979d580d8ef Mon Sep 17 00:00:00 2001 +From 0c3a1123c391995ab46cfde603fa025ff180a819 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 12/26] Applied vsftpd-2.2.2-clone.patch +Date: Wed, 7 Sep 2016 11:43:54 +0200 +Subject: [PATCH 12/33] Replace syscall(__NR_clone ..) with clone () +in order to fix incorrect order of params on s390 arch --- sysdeputil.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) @@ -30,5 +31,5 @@ index b2782da..3bbabaa 100644 { if (ret == 0) -- -2.5.0 +2.7.4 diff --git a/vsftpd-2.3.4-sd.patch b/0013-Extend-man-pages-with-systemd-info.patch similarity index 92% rename from vsftpd-2.3.4-sd.patch rename to 0013-Extend-man-pages-with-systemd-info.patch index bf6ac30..cde58f4 100644 --- a/vsftpd-2.3.4-sd.patch +++ b/0013-Extend-man-pages-with-systemd-info.patch @@ -1,8 +1,10 @@ -From 4b7a6eecf79ee63c21fa27e5f5c22f248824991c Mon Sep 17 00:00:00 2001 +From 813a4bc45d45f4af94c699893cb2d2ba998d5d31 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 13/26] Applied vsftpd-2.3.4-sd.patch +Date: Wed, 7 Sep 2016 11:53:07 +0200 +Subject: [PATCH 13/33] Extend man pages with systemd info. +Man pages now reflect how is vsftpd used as +systemd service. --- vsftpd.8 | 24 ++++++++++++++++++++++++ vsftpd.conf.5 | 18 +++++++++++++++++- @@ -80,5 +82,5 @@ index 9d767b1..0744f85 100644 The format of vsftpd.conf is very simple. Each line is either a comment or a directive. Comment lines start with a # and are ignored. A directive line -- -2.5.0 +2.7.4 diff --git a/vsftpd-2.3.4-sqb.patch b/0014-Add-support-for-square-brackets-in-ls.patch similarity index 97% rename from vsftpd-2.3.4-sqb.patch rename to 0014-Add-support-for-square-brackets-in-ls.patch index 163f247..b53b9ee 100644 --- a/vsftpd-2.3.4-sqb.patch +++ b/0014-Add-support-for-square-brackets-in-ls.patch @@ -1,25 +1,25 @@ -From 9db0f2142b7d456af0a147a53c7555996e90dfd6 Mon Sep 17 00:00:00 2001 +From ba0520650ae7f9f63e48ba9fb3a94297aebe2d0c Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 14/26] Applied vsftpd-2.3.4-sqb.patch +Date: Wed, 7 Sep 2016 14:22:21 +0200 +Subject: [PATCH 14/33] Add support for square brackets in ls. --- ls.c | 222 +++++++++++++++++++++++++++++++++++++++++++++---------------------- 1 file changed, 150 insertions(+), 72 deletions(-) diff --git a/ls.c b/ls.c -index 92be544..0ad7f54 100644 +index 616b2d9..b840136 100644 --- a/ls.c +++ b/ls.c @@ -246,7 +246,7 @@ vsf_filename_passes_filter(const struct mystr* p_filename_str, int ret = 0; char last_token = 0; int must_match_at_current_pos = 1; -- +- + int matched = 0; - + str_copy(&filter_remain_str, p_filter_str); - + @@ -276,7 +276,7 @@ vsf_filename_passes_filter(const struct mystr* p_filename_str, static struct mystr s_match_needed_str; /* Locate next special token */ @@ -273,5 +273,5 @@ index 92be544..0ad7f54 100644 /* Any incoming string left means no match unless we ended on the correct * type of wildcard. -- -2.5.0 +2.7.4 diff --git a/vsftpd-2.3.4-listen_ipv6.patch b/0015-Listen-on-IPv6-by-default.patch similarity index 91% rename from vsftpd-2.3.4-listen_ipv6.patch rename to 0015-Listen-on-IPv6-by-default.patch index ff28cc7..1e7a7f6 100644 --- a/vsftpd-2.3.4-listen_ipv6.patch +++ b/0015-Listen-on-IPv6-by-default.patch @@ -1,7 +1,7 @@ -From d723e42f895f8bbf6888512a772aa549b0a396d9 Mon Sep 17 00:00:00 2001 +From c5daaedf1efe23b397a5950f5503f5cbfac871c8 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 15/26] Applied vsftpd-2.3.4-listen_ipv6.patch +Date: Wed, 7 Sep 2016 14:25:28 +0200 +Subject: [PATCH 15/33] Listen on IPv6 by default. --- vsftpd.conf | 14 +++++++++----- @@ -51,5 +51,5 @@ index 0744f85..72bb86f 100644 Default: NO .TP -- -2.5.0 +2.7.4 diff --git a/0016-Increase-VSFTP_AS_LIMIT-from-200UL-to-400UL.patch b/0016-Increase-VSFTP_AS_LIMIT-from-200UL-to-400UL.patch new file mode 100644 index 0000000..31779c2 --- /dev/null +++ b/0016-Increase-VSFTP_AS_LIMIT-from-200UL-to-400UL.patch @@ -0,0 +1,27 @@ +From 048208a4db5d7164d89ba5d7545e281d0a3472d3 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Wed, 7 Sep 2016 15:35:59 +0200 +Subject: [PATCH 16/33] Increase VSFTP_AS_LIMIT from 200UL to 400UL. + +When using a PAM module to get users from LDAP or database the old +limit was insufficient. +--- + defs.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/defs.h b/defs.h +index ca11eac..bde3232 100644 +--- a/defs.h ++++ b/defs.h +@@ -19,7 +19,7 @@ + /* Must be at least the size of VSFTP_MAX_COMMAND_LINE, VSFTP_DIR_BUFSIZE and + VSFTP_DATA_BUFSIZE*2 */ + #define VSFTP_PRIVSOCK_MAXSTR VSFTP_DATA_BUFSIZE * 2 +-#define VSFTP_AS_LIMIT 200UL * 1024 * 1024 ++#define VSFTP_AS_LIMIT 400UL * 1024 * 1024 + + #endif /* VSF_DEFS_H */ + +-- +2.7.4 + diff --git a/vsftpd-3.0.0-tz.patch b/0017-Fix-an-issue-with-timestamps-during-DST.patch similarity index 91% rename from vsftpd-3.0.0-tz.patch rename to 0017-Fix-an-issue-with-timestamps-during-DST.patch index 827b6c7..ec3af9f 100644 --- a/vsftpd-3.0.0-tz.patch +++ b/0017-Fix-an-issue-with-timestamps-during-DST.patch @@ -1,14 +1,16 @@ -From cc7c4ed98d69230f24a4437db2ba6bee20f4e494 Mon Sep 17 00:00:00 2001 +From 5ec0b86e5c1ff060720b5a6cd1af9d93ec993650 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 16/26] Applied vsftpd-3.0.0-tz.patch +Date: Thu, 29 Sep 2016 11:14:03 +0200 +Subject: [PATCH 17/33] Fix an issue with timestamps during DST. +vsftpd now checks whether a file was uploaded during DST and +adjust the timestamp accordingly. --- sysutil.c | 104 ++++++++++++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 77 insertions(+), 27 deletions(-) diff --git a/sysutil.c b/sysutil.c -index c848356..497d670 100644 +index c848356..2abdd13 100644 --- a/sysutil.c +++ b/sysutil.c @@ -26,8 +26,10 @@ @@ -23,18 +25,18 @@ index c848356..497d670 100644 #include #include #include -@@ -55,6 +57,11 @@ - #include +@@ -56,6 +58,11 @@ #include #include -+ + +#ifndef __USE_GNU + #define __USE_GNU +#endif +#include - ++ /* Private variables to this file */ /* Current umask() */ + static unsigned int s_current_umask; @@ -2574,49 +2581,92 @@ error: die("reopening standard file descriptors to /dev/null failed"); } @@ -155,5 +157,5 @@ index c848356..497d670 100644 s_timezone *= -1; } -- -2.5.0 +2.7.4 diff --git a/0018-Change-the-default-log-file-in-configuration.patch b/0018-Change-the-default-log-file-in-configuration.patch new file mode 100644 index 0000000..990cf90 --- /dev/null +++ b/0018-Change-the-default-log-file-in-configuration.patch @@ -0,0 +1,43 @@ +From 61dac172bdb14c5a37713078828ea8c8f78c7eb6 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 29 Sep 2016 13:53:16 +0200 +Subject: [PATCH 18/33] Change the default log file in configuration. + +Previous "default" value was wrong. +tunables.c:262 => install_str_setting("/var/log/xferlog", +&tunable_xferlog_file); +--- + RedHat/vsftpd.log | 6 ++++++ + vsftpd.conf | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/RedHat/vsftpd.log b/RedHat/vsftpd.log +index d338de8..14731c1 100644 +--- a/RedHat/vsftpd.log ++++ b/RedHat/vsftpd.log +@@ -3,3 +3,9 @@ + nocompress + missingok + } ++ ++/var/log/xferlog { ++ # ftpd doesn't handle SIGHUP properly ++ nocompress ++ missingok ++} +diff --git a/vsftpd.conf b/vsftpd.conf +index ae6c6c9..39d1955 100644 +--- a/vsftpd.conf ++++ b/vsftpd.conf +@@ -50,7 +50,7 @@ connect_from_port_20=YES + # + # You may override where the log file goes if you like. The default is shown + # below. +-#xferlog_file=/var/log/vsftpd.log ++#xferlog_file=/var/log/xferlog + # + # If you want, you can have your log file in standard ftpd xferlog format. + # Note that the default log file location is /var/log/xferlog in this case. +-- +2.7.4 + diff --git a/vsftpd-3.0.2-lookup.patch b/0019-Introduce-reverse_lookup_enable-option.patch similarity index 93% rename from vsftpd-3.0.2-lookup.patch rename to 0019-Introduce-reverse_lookup_enable-option.patch index 553f6c3..dbf01c0 100644 --- a/vsftpd-3.0.2-lookup.patch +++ b/0019-Introduce-reverse_lookup_enable-option.patch @@ -1,8 +1,11 @@ -From 341ecdb33ac371d0efcfe428719fdf627ab253c2 Mon Sep 17 00:00:00 2001 +From 721de88621100f6ed33f1602415bc249f3ed3219 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 19/26] Applied vsftpd-3.0.2-lookup.patch +Date: Thu, 17 Nov 2016 10:22:32 +0100 +Subject: [PATCH 19/33] Introduce reverse_lookup_enable option. +vsftpd can transform IP address into hostname before +PAM authentication. You can disable it to prevent +performance issues. --- parseconf.c | 1 + sysdeputil.c | 14 +++++++++----- @@ -102,5 +105,5 @@ index 72bb86f..fb6324e 100644 Set to YES if you want vsftpd to run as the user which launched vsftpd. This is useful where root access is not available. MASSIVE WARNING! Do NOT enable this -- -2.5.0 +2.7.4 diff --git a/vsftpd-3.0.2-uint-uidgid.patch b/0020-Use-unsigned-int-for-uid-and-gid-representation.patch similarity index 97% rename from vsftpd-3.0.2-uint-uidgid.patch rename to 0020-Use-unsigned-int-for-uid-and-gid-representation.patch index ef87284..f5cd8f0 100644 --- a/vsftpd-3.0.2-uint-uidgid.patch +++ b/0020-Use-unsigned-int-for-uid-and-gid-representation.patch @@ -1,7 +1,7 @@ -From 24a1132cfe48d4c8bd799494ca802c918ac9132b Mon Sep 17 00:00:00 2001 +From dcaaf1e0dd3985e229a87de18b83f301d30b6ce9 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 20/26] Applied vsftpd-3.0.2-uint-uidgid.patch +Date: Thu, 17 Nov 2016 10:31:39 +0100 +Subject: [PATCH 20/33] Use unsigned int for uid and gid representation. --- ls.c | 4 ++-- @@ -12,7 +12,7 @@ Subject: [PATCH 20/26] Applied vsftpd-3.0.2-uint-uidgid.patch 5 files changed, 30 insertions(+), 47 deletions(-) diff --git a/ls.c b/ls.c -index 0ad7f54..f18791d 100644 +index b840136..3c0988c 100644 --- a/ls.c +++ b/ls.c @@ -503,7 +503,7 @@ build_dir_line(struct mystr* p_str, const struct mystr* p_filename_str, @@ -65,7 +65,7 @@ index 27a488f..956bfb7 100644 /* Things we need to cache before we chroot() */ struct mystr banned_email_str; diff --git a/sysutil.c b/sysutil.c -index 497d670..62d833d 100644 +index 2abdd13..9881a66 100644 --- a/sysutil.c +++ b/sysutil.c @@ -1454,14 +1454,14 @@ vsf_sysutil_statbuf_get_size(const struct vsf_sysutil_statbuf* p_statbuf) @@ -246,5 +246,5 @@ index bfc92cb..79b5514 100644 void vsf_sysutil_setegid(const struct vsf_sysutil_user* p_user); void vsf_sysutil_seteuid_numeric(int uid); -- -2.5.0 +2.7.4 diff --git a/vsftpd-3.0.2-dh.patch b/0021-Introduce-support-for-DHE-based-cipher-suites.patch similarity index 97% rename from vsftpd-3.0.2-dh.patch rename to 0021-Introduce-support-for-DHE-based-cipher-suites.patch index 397ad0d..ad7e5ba 100644 --- a/vsftpd-3.0.2-dh.patch +++ b/0021-Introduce-support-for-DHE-based-cipher-suites.patch @@ -1,7 +1,7 @@ -From 1c4cb55ed61ca962a051c7de7cca866af8e2b2fa Mon Sep 17 00:00:00 2001 +From 4eac1dbb5f70a652d31847eec7c28d245f36cdbb Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 21/26] Applied vsftpd-3.0.2-dh.patch +Date: Thu, 17 Nov 2016 10:48:28 +0100 +Subject: [PATCH 21/33] Introduce support for DHE based cipher suites. --- parseconf.c | 1 + @@ -222,5 +222,5 @@ index fb6324e..ff94eca 100644 This option can be used to provide an alternate file for usage by the .BR secure_email_list_enable -- -2.5.0 +2.7.4 diff --git a/vsftpd-3.0.2-ecdh.patch b/0022-Introduce-support-for-EDDHE-based-cipher-suites.patch similarity index 96% rename from vsftpd-3.0.2-ecdh.patch rename to 0022-Introduce-support-for-EDDHE-based-cipher-suites.patch index fa68fb3..b4eb574 100644 --- a/vsftpd-3.0.2-ecdh.patch +++ b/0022-Introduce-support-for-EDDHE-based-cipher-suites.patch @@ -1,7 +1,7 @@ -From 400bd7cd3fc7478a668862cfba4b79e84a5034e9 Mon Sep 17 00:00:00 2001 +From a6d641a0ccba1033587f6faa0e5e6749fa35f5c4 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 22/26] Applied vsftpd-3.0.2-ecdh.patch +Date: Thu, 17 Nov 2016 10:49:22 +0100 +Subject: [PATCH 22/33] Introduce support for EDDHE based cipher suites. --- parseconf.c | 1 + @@ -132,5 +132,5 @@ index ff94eca..e242873 100644 This option can be used to provide an alternate file for usage by the .BR secure_email_list_enable -- -2.5.0 +2.7.4 diff --git a/vsftpd-3.0.2-docupd.patch b/0023-Add-documentation-for-isolate_-options.-Correct-defa.patch similarity index 85% rename from vsftpd-3.0.2-docupd.patch rename to 0023-Add-documentation-for-isolate_-options.-Correct-defa.patch index 612552d..077d261 100644 --- a/vsftpd-3.0.2-docupd.patch +++ b/0023-Add-documentation-for-isolate_-options.-Correct-defa.patch @@ -1,14 +1,16 @@ -From f7fb4f5c91ab132982c78f1b34f7fe1493fd1372 Mon Sep 17 00:00:00 2001 +From 3d02ef3be17f37baf729e786a8f36af4982f70ad Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:46 +0100 -Subject: [PATCH 23/26] Applied vsftpd-3.0.2-docupd.patch +Date: Thu, 17 Nov 2016 10:52:16 +0100 +Subject: [PATCH 23/33] Add documentation for isolate_* options. Correct + default +values of max_clients, max_per_ip. --- vsftpd.conf.5 | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 -index e242873..7a8f130 100644 +index e242873..31d317f 100644 --- a/vsftpd.conf.5 +++ b/vsftpd.conf.5 @@ -652,6 +652,21 @@ change it with the setting @@ -20,7 +22,7 @@ index e242873..7a8f130 100644 +If enabled, use CLONE_NEWNET to isolate the untrusted processes so that +they can't do arbitrary connect() and instead have to ask the privileged +process for sockets ( -+.BR port_promiscuous ++.BR port_promiscuous +have to be disabled). + +Default: YES @@ -57,5 +59,5 @@ index e242873..7a8f130 100644 .B pasv_max_port The maximum port to allocate for PASV style data connections. Can be used to -- -2.5.0 +2.7.4 diff --git a/vsftpd-3.0.2-rc450.patch b/0024-Introduce-new-return-value-450.patch similarity index 87% rename from vsftpd-3.0.2-rc450.patch rename to 0024-Introduce-new-return-value-450.patch index 8435446..f8c7b8c 100644 --- a/vsftpd-3.0.2-rc450.patch +++ b/0024-Introduce-new-return-value-450.patch @@ -1,8 +1,10 @@ -From e8c21dbd87c5e46c246c2d08c1abc84bb649fc02 Mon Sep 17 00:00:00 2001 +From 1d5cdf309387ff92988ab17d746f015d833a4b92 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:46 +0100 -Subject: [PATCH 24/26] Applied vsftpd-3.0.2-rc450.patch +Date: Thu, 17 Nov 2016 11:08:52 +0100 +Subject: [PATCH 24/33] Introduce new return value 450: + *450 Requested file action not taken. + File unavailable (e.g., file busy). --- ftpcodes.h | 1 + postlogin.c | 9 ++++++++- @@ -43,7 +45,7 @@ index bf12970..29958c0 100644 } /* Lock file if required */ diff --git a/sysutil.c b/sysutil.c -index 62d833d..a924edf 100644 +index 9881a66..6d7cb3f 100644 --- a/sysutil.c +++ b/sysutil.c @@ -1632,6 +1632,9 @@ vsf_sysutil_get_error(void) @@ -71,5 +73,5 @@ index 79b5514..c145bdf 100644 enum EVSFSysUtilError vsf_sysutil_get_error(void); -- -2.5.0 +2.7.4 diff --git a/vsftpd-3.0.2-mrate.patch b/0025-Improve-local_max_rate-option.patch similarity index 92% rename from vsftpd-3.0.2-mrate.patch rename to 0025-Improve-local_max_rate-option.patch index a3622a2..3560d87 100644 --- a/vsftpd-3.0.2-mrate.patch +++ b/0025-Improve-local_max_rate-option.patch @@ -1,8 +1,9 @@ -From 4700495a07fe9423c8411a018cde4de413407f42 Mon Sep 17 00:00:00 2001 +From 386db86fe865fb552b1867af4bf4b78dbf9080cf Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Fri, 8 Apr 2016 15:03:16 +0200 -Subject: [PATCH 2/7] vsftpd-3.0.2-mrate +Date: Thu, 17 Nov 2016 12:44:26 +0100 +Subject: [PATCH 25/33] Improve local_max_rate option. +Now it should work as expected. --- ftpdataio.c | 14 +++++++------- main.c | 2 +- @@ -85,5 +86,5 @@ index 956bfb7..3e8fdd5 100644 /* Details of the login */ int is_anonymous; -- -2.5.5 +2.7.4 diff --git a/vsftpd-3.0.2-wnohang.patch b/0026-Prevent-hanging-in-SIGCHLD-handler.patch similarity index 86% rename from vsftpd-3.0.2-wnohang.patch rename to 0026-Prevent-hanging-in-SIGCHLD-handler.patch index a4dd4d1..9b186a8 100644 --- a/vsftpd-3.0.2-wnohang.patch +++ b/0026-Prevent-hanging-in-SIGCHLD-handler.patch @@ -1,8 +1,10 @@ -From 1a14b13a1684f71ecfd5ed94b1aae7541b1a77a8 Mon Sep 17 00:00:00 2001 +From 1e65a0a15f819b8bf1b551bd84f71d0da1f5a00c Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Fri, 8 Apr 2016 15:03:16 +0200 -Subject: [PATCH 3/7] vsftpd-3.0.2-wnohang +Date: Thu, 17 Nov 2016 13:02:27 +0100 +Subject: [PATCH 26/33] Prevent hanging in SIGCHLD handler. +vsftpd can now handle pam_exec.so in pam.d config without hanging +in SIGCHLD handler. --- sysutil.c | 4 ++-- sysutil.h | 2 +- @@ -10,7 +12,7 @@ Subject: [PATCH 3/7] vsftpd-3.0.2-wnohang 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/sysutil.c b/sysutil.c -index 6dfe350..61d9f28 100644 +index 6d7cb3f..099748f 100644 --- a/sysutil.c +++ b/sysutil.c @@ -608,13 +608,13 @@ vsf_sysutil_exit(int exit_code) @@ -30,10 +32,10 @@ index 6dfe350..61d9f28 100644 { vsf_sysutil_check_pending_actions(kVSFSysUtilUnknown, 0, 0); diff --git a/sysutil.h b/sysutil.h -index 26698cd..d341b5d 100644 +index c145bdf..13153cd 100644 --- a/sysutil.h +++ b/sysutil.h -@@ -178,7 +178,7 @@ struct vsf_sysutil_wait_retval +@@ -177,7 +177,7 @@ struct vsf_sysutil_wait_retval int PRIVATE_HANDS_OFF_syscall_retval; int PRIVATE_HANDS_OFF_exit_status; }; @@ -75,5 +77,5 @@ index 33d84dc..b1891e7 100644 else { -- -2.5.5 +2.7.4 diff --git a/vsftpd-3.0.2-del-upl.patch b/0027-Delete-files-when-upload-fails.patch similarity index 87% rename from vsftpd-3.0.2-del-upl.patch rename to 0027-Delete-files-when-upload-fails.patch index e1216a8..98222e1 100644 --- a/vsftpd-3.0.2-del-upl.patch +++ b/0027-Delete-files-when-upload-fails.patch @@ -1,8 +1,10 @@ -From 9be8a4188420bba2075eacf9aea8fa26b6ebdcc5 Mon Sep 17 00:00:00 2001 +From 6224ecc5ac209323baa775880c0602c3fde3590a Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Fri, 8 Apr 2016 15:03:16 +0200 -Subject: [PATCH 4/7] vsftpd-3.0.2-del-upl +Date: Thu, 17 Nov 2016 13:10:41 +0100 +Subject: [PATCH 27/33] Delete files when upload fails. +Previously the uploaded file wasn't removed when the network was +disconnected. Now it is successfully deleted. --- ftpcodes.h | 3 ++- ftpdataio.c | 8 ++++++++ @@ -14,7 +16,7 @@ Subject: [PATCH 4/7] vsftpd-3.0.2-del-upl 7 files changed, 31 insertions(+), 3 deletions(-) diff --git a/ftpcodes.h b/ftpcodes.h -index 3950f92..97801f3 100644 +index 81e25c5..54dfae7 100644 --- a/ftpcodes.h +++ b/ftpcodes.h @@ -15,7 +15,8 @@ @@ -67,10 +69,10 @@ index f1e2f69..f039081 100644 0, INIT_MYSTR, /* Session state */ diff --git a/postlogin.c b/postlogin.c -index 154c16a..8363c9c 100644 +index 29958c0..e473c34 100644 --- a/postlogin.c +++ b/postlogin.c -@@ -358,7 +358,14 @@ process_post_login(struct vsf_session* p_sess) +@@ -356,7 +356,14 @@ process_post_login(struct vsf_session* p_sess) } else if (str_equal_text(&p_sess->ftp_cmd_str, "ALLO")) { @@ -99,7 +101,7 @@ index 3e8fdd5..4eccf46 100644 int is_ascii; struct mystr rnfr_filename_str; diff --git a/sysutil.c b/sysutil.c -index 61d9f28..3c4a337 100644 +index 099748f..42bcdf8 100644 --- a/sysutil.c +++ b/sysutil.c @@ -681,6 +681,16 @@ vsf_sysutil_activate_keepalive(int fd) @@ -120,10 +122,10 @@ index 61d9f28..3c4a337 100644 { int reuseaddr = 1; diff --git a/sysutil.h b/sysutil.h -index d341b5d..be727f5 100644 +index 13153cd..2886bbc 100644 --- a/sysutil.h +++ b/sysutil.h -@@ -267,6 +267,7 @@ void vsf_sysutil_dns_resolve(struct vsf_sysutil_sockaddr** p_sockptr, +@@ -266,6 +266,7 @@ void vsf_sysutil_dns_resolve(struct vsf_sysutil_sockaddr** p_sockptr, const char* p_name); /* Option setting on sockets */ void vsf_sysutil_activate_keepalive(int fd); @@ -132,5 +134,5 @@ index d341b5d..be727f5 100644 void vsf_sysutil_activate_reuseaddr(int fd); void vsf_sysutil_set_nodelay(int fd); -- -2.5.5 +2.7.4 diff --git a/vsftpd-2.2.2-man-pages.patch b/0028-Fix-man-page-rendering.patch similarity index 76% rename from vsftpd-2.2.2-man-pages.patch rename to 0028-Fix-man-page-rendering.patch index d59104a..4d6e5e7 100644 --- a/vsftpd-2.2.2-man-pages.patch +++ b/0028-Fix-man-page-rendering.patch @@ -1,14 +1,14 @@ -From ab49bde79f81a422629210c23ccc83bc4e14ad2a Mon Sep 17 00:00:00 2001 +From ea99be1a7a5973bbe8ed798b65abe5ce3b92f5df Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Fri, 8 Apr 2016 15:03:16 +0200 -Subject: [PATCH 5/7] vsftpd-2.2.2-man-pages +Date: Thu, 17 Nov 2016 13:12:52 +0100 +Subject: [PATCH 28/33] Fix man page rendering. --- vsftpd.conf.5 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 -index 7a8f130..45cd3c0 100644 +index 31d317f..cf1ae34 100644 --- a/vsftpd.conf.5 +++ b/vsftpd.conf.5 @@ -495,7 +495,8 @@ Default: NO @@ -22,5 +22,5 @@ index 7a8f130..45cd3c0 100644 (New in v2.0.7). -- -2.5.5 +2.7.4 diff --git a/vsftpd-2.2.2-blank-chars-overflow.patch b/0029-Fix-segfault-in-config-file-parser.patch similarity index 79% rename from vsftpd-2.2.2-blank-chars-overflow.patch rename to 0029-Fix-segfault-in-config-file-parser.patch index c558db0..899bbd3 100644 --- a/vsftpd-2.2.2-blank-chars-overflow.patch +++ b/0029-Fix-segfault-in-config-file-parser.patch @@ -1,7 +1,7 @@ -From c7cbcc64c824d1a2a60f8d81c26d5c8215463623 Mon Sep 17 00:00:00 2001 +From 34b9e1d10c6be736f1b20be8795c655446f38c5e Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Fri, 8 Apr 2016 15:05:06 +0200 -Subject: [PATCH 6/7] vsftpd-2.2.2-blank-chars-overflow +Date: Thu, 17 Nov 2016 13:14:55 +0100 +Subject: [PATCH 29/33] Fix segfault in config file parser. --- str.c | 2 +- @@ -21,5 +21,5 @@ index 41b27db..82b8ae4 100644 void -- -2.5.5 +2.7.4 diff --git a/vsftpd-2.2.2-syslog.patch b/0030-Fix-logging-into-syslog-when-enabled-in-config.patch similarity index 72% rename from vsftpd-2.2.2-syslog.patch rename to 0030-Fix-logging-into-syslog-when-enabled-in-config.patch index d92cdae..c828c27 100644 --- a/vsftpd-2.2.2-syslog.patch +++ b/0030-Fix-logging-into-syslog-when-enabled-in-config.patch @@ -1,7 +1,7 @@ -From a480a9659fb0cab1c44006f6c06013e6e7f78948 Mon Sep 17 00:00:00 2001 +From 03ff061f18f555d7bec62fa6a597a275b4b3f1c7 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Fri, 8 Apr 2016 15:05:53 +0200 -Subject: [PATCH 7/7] vsftpd-2.2.2-syslog +Date: Thu, 17 Nov 2016 13:18:22 +0100 +Subject: [PATCH 30/33] Fix logging into syslog when enabled in config. --- logging.c | 2 +- @@ -21,5 +21,5 @@ index 99671b4..c4461f7 100644 if (!tunable_xferlog_enable && !tunable_dual_log_enable) { -- -2.5.5 +2.7.4 diff --git a/vsftpd-2.0.5-fix_qm.patch b/0031-Fix-question-mark-wildcard-withing-a-file-name.patch similarity index 68% rename from vsftpd-2.0.5-fix_qm.patch rename to 0031-Fix-question-mark-wildcard-withing-a-file-name.patch index 1890624..457404b 100644 --- a/vsftpd-2.0.5-fix_qm.patch +++ b/0031-Fix-question-mark-wildcard-withing-a-file-name.patch @@ -1,14 +1,16 @@ -From cdcb1c5f660fb4f72b4896f5145a34e9dd158252 Mon Sep 17 00:00:00 2001 +From 0da42468ac9518a544aad57d22d7697d6bdfa969 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 12:00:34 +0100 -Subject: [PATCH 26/26] Applied vsftpd-2.0.5-fix_qm.patch +Date: Thu, 17 Nov 2016 13:25:12 +0100 +Subject: [PATCH 31/33] Fix question mark wildcard withing a file name. +Previously '?' worked only at the end of a file name, now it can +be used anywhere. --- ls.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ls.c b/ls.c -index f18791d..de68c30 100644 +index 3c0988c..35c15c7 100644 --- a/ls.c +++ b/ls.c @@ -459,7 +459,8 @@ vsf_filename_passes_filter(const struct mystr* p_filename_str, @@ -22,5 +24,5 @@ index f18791d..de68c30 100644 /* Any incoming string left means no match unless we ended on the correct * type of wildcard. -- -2.5.0 +2.7.4 diff --git a/vsftpd-2.2.2-nfs-fail.patch b/0032-Propagate-errors-from-nfs-with-quota-to-client.patch similarity index 81% rename from vsftpd-2.2.2-nfs-fail.patch rename to 0032-Propagate-errors-from-nfs-with-quota-to-client.patch index 674a01e..46a60c4 100644 --- a/vsftpd-2.2.2-nfs-fail.patch +++ b/0032-Propagate-errors-from-nfs-with-quota-to-client.patch @@ -1,8 +1,11 @@ -From 1be2ebccc0a5e1040fa9bb5f1cac8040070830df Mon Sep 17 00:00:00 2001 +From aa9cb48373018502ef99a57aad70b69c0c75ff65 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 14:51:29 +0100 -Subject: [PATCH 25/26] Applied vsftpd-2.2.2-nfs-fail.patch +Date: Thu, 17 Nov 2016 13:29:59 +0100 +Subject: [PATCH 32/33] Propagate errors from nfs with quota to client. +vsftpd now checks for errors when closing newly uploaded file and +forward errors to the client (e.g. when file system quota was +exceeded) --- ftpcodes.h | 1 + postlogin.c | 32 ++++++++++++++++++++++++++++++-- @@ -11,10 +14,10 @@ Subject: [PATCH 25/26] Applied vsftpd-2.2.2-nfs-fail.patch 4 files changed, 53 insertions(+), 2 deletions(-) diff --git a/ftpcodes.h b/ftpcodes.h -index 81e25c5..3950f92 100644 +index 54dfae7..97801f3 100644 --- a/ftpcodes.h +++ b/ftpcodes.h -@@ -73,6 +73,7 @@ +@@ -74,6 +74,7 @@ #define FTP_NOHANDLEPROT 536 #define FTP_FILEFAIL 550 #define FTP_NOPERM 550 @@ -23,7 +26,7 @@ index 81e25c5..3950f92 100644 #endif /* VSF_FTPCODES_H */ diff --git a/postlogin.c b/postlogin.c -index 29958c0..154c16a 100644 +index e473c34..8363c9c 100644 --- a/postlogin.c +++ b/postlogin.c @@ -28,6 +28,8 @@ @@ -35,7 +38,7 @@ index 29958c0..154c16a 100644 /* Private local functions */ static void handle_pwd(struct vsf_session* p_sess); static void handle_cwd(struct vsf_session* p_sess); -@@ -1028,8 +1030,10 @@ handle_upload_common(struct vsf_session* p_sess, int is_append, int is_unique) +@@ -1035,8 +1037,10 @@ handle_upload_common(struct vsf_session* p_sess, int is_append, int is_unique) struct vsf_transfer_ret trans_ret; int new_file_fd; int remote_fd; @@ -46,7 +49,7 @@ index 29958c0..154c16a 100644 int do_truncate = 0; filesize_t offset = p_sess->restart_pos; p_sess->restart_pos = 0; -@@ -1142,6 +1146,18 @@ handle_upload_common(struct vsf_session* p_sess, int is_append, int is_unique) +@@ -1149,6 +1153,18 @@ handle_upload_common(struct vsf_session* p_sess, int is_append, int is_unique) trans_ret = vsf_ftpdataio_transfer_file(p_sess, remote_fd, new_file_fd, 1, 0); } @@ -65,7 +68,7 @@ index 29958c0..154c16a 100644 if (vsf_ftpdataio_dispose_transfer_fd(p_sess) != 1 && trans_ret.retval == 0) { trans_ret.retval = -2; -@@ -1154,7 +1170,16 @@ handle_upload_common(struct vsf_session* p_sess, int is_append, int is_unique) +@@ -1161,7 +1177,16 @@ handle_upload_common(struct vsf_session* p_sess, int is_append, int is_unique) } if (trans_ret.retval == -1) { @@ -83,7 +86,7 @@ index 29958c0..154c16a 100644 } else if (trans_ret.retval == -2) { -@@ -1176,7 +1201,10 @@ port_pasv_cleanup_out: +@@ -1183,7 +1208,10 @@ port_pasv_cleanup_out: { str_unlink(p_filename); } @@ -96,10 +99,10 @@ index 29958c0..154c16a 100644 static void diff --git a/sysutil.c b/sysutil.c -index a924edf..6dfe350 100644 +index 42bcdf8..1c0422e 100644 --- a/sysutil.c +++ b/sysutil.c -@@ -1259,6 +1259,27 @@ vsf_sysutil_close(int fd) +@@ -1269,6 +1269,27 @@ vsf_sysutil_close(int fd) } int @@ -128,7 +131,7 @@ index a924edf..6dfe350 100644 { return close(fd); diff --git a/sysutil.h b/sysutil.h -index c145bdf..26698cd 100644 +index 2886bbc..be727f5 100644 --- a/sysutil.h +++ b/sysutil.h @@ -92,6 +92,7 @@ int vsf_sysutil_create_or_open_file_append(const char* p_filename, @@ -140,5 +143,5 @@ index c145bdf..26698cd 100644 int vsf_sysutil_unlink(const char* p_dead); int vsf_sysutil_write_access(const char* p_filename); -- -2.5.0 +2.7.4 diff --git a/0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch b/0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch new file mode 100644 index 0000000..a7254e2 --- /dev/null +++ b/0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch @@ -0,0 +1,153 @@ +From 01bef55a1987700af3d43cdc5f5be88d3843ab85 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 17 Nov 2016 13:36:17 +0100 +Subject: [PATCH 33/33] Introduce TLSv1.1 and TLSv1.2 options. + +Users can now enable a specific version of TLS protocol. +--- + parseconf.c | 2 ++ + ssl.c | 8 ++++++++ + tunables.c | 9 +++++++-- + tunables.h | 2 ++ + vsftpd.conf.5 | 24 ++++++++++++++++++++---- + 5 files changed, 39 insertions(+), 6 deletions(-) + +diff --git a/parseconf.c b/parseconf.c +index a2c715b..33a1349 100644 +--- a/parseconf.c ++++ b/parseconf.c +@@ -85,6 +85,8 @@ parseconf_bool_array[] = + { "ssl_sslv2", &tunable_sslv2 }, + { "ssl_sslv3", &tunable_sslv3 }, + { "ssl_tlsv1", &tunable_tlsv1 }, ++ { "ssl_tlsv1_1", &tunable_tlsv1_1 }, ++ { "ssl_tlsv1_2", &tunable_tlsv1_2 }, + { "tilde_user_enable", &tunable_tilde_user_enable }, + { "force_anon_logins_ssl", &tunable_force_anon_logins_ssl }, + { "force_anon_data_ssl", &tunable_force_anon_data_ssl }, +diff --git a/ssl.c b/ssl.c +index 96bf8ad..ba8a613 100644 +--- a/ssl.c ++++ b/ssl.c +@@ -135,6 +135,14 @@ ssl_init(struct vsf_session* p_sess) + { + options |= SSL_OP_NO_TLSv1; + } ++ if (!tunable_tlsv1_1) ++ { ++ options |= SSL_OP_NO_TLSv1_1; ++ } ++ if (!tunable_tlsv1_2) ++ { ++ options |= SSL_OP_NO_TLSv1_2; ++ } + SSL_CTX_set_options(p_ctx, options); + if (tunable_rsa_cert_file) + { +diff --git a/tunables.c b/tunables.c +index 93f85b1..78f2bcd 100644 +--- a/tunables.c ++++ b/tunables.c +@@ -66,6 +66,8 @@ int tunable_force_local_data_ssl; + int tunable_sslv2; + int tunable_sslv3; + int tunable_tlsv1; ++int tunable_tlsv1_1; ++int tunable_tlsv1_2; + int tunable_tilde_user_enable; + int tunable_force_anon_logins_ssl; + int tunable_force_anon_data_ssl; +@@ -209,7 +211,10 @@ tunables_load_defaults() + tunable_force_local_data_ssl = 1; + tunable_sslv2 = 0; + tunable_sslv3 = 0; ++ /* TLSv1 up to TLSv1.2 is enabled by default */ + tunable_tlsv1 = 1; ++ tunable_tlsv1_1 = 1; ++ tunable_tlsv1_2 = 1; + tunable_tilde_user_enable = 0; + tunable_force_anon_logins_ssl = 0; + tunable_force_anon_data_ssl = 0; +@@ -292,8 +297,8 @@ tunables_load_defaults() + install_str_setting(0, &tunable_dsa_cert_file); + install_str_setting(0, &tunable_dh_param_file); + install_str_setting(0, &tunable_ecdh_param_file); +- install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA", +- &tunable_ssl_ciphers); ++ install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384", ++ &tunable_ssl_ciphers); + install_str_setting(0, &tunable_rsa_private_key_file); + install_str_setting(0, &tunable_dsa_private_key_file); + install_str_setting(0, &tunable_ca_certs_file); +diff --git a/tunables.h b/tunables.h +index 3e2d40c..a466427 100644 +--- a/tunables.h ++++ b/tunables.h +@@ -67,6 +67,8 @@ extern int tunable_force_local_data_ssl; /* Require local data uses SSL */ + extern int tunable_sslv2; /* Allow SSLv2 */ + extern int tunable_sslv3; /* Allow SSLv3 */ + extern int tunable_tlsv1; /* Allow TLSv1 */ ++extern int tunable_tlsv1_1; /* Allow TLSv1.1 */ ++extern int tunable_tlsv1_2; /* Allow TLSv1.2 */ + extern int tunable_tilde_user_enable; /* Support e.g. ~chris */ + extern int tunable_force_anon_logins_ssl; /* Require anon logins use SSL */ + extern int tunable_force_anon_data_ssl; /* Require anon data uses SSL */ +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index cf1ae34..a3d569e 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -506,7 +506,7 @@ Default: YES + Only applies if + .BR ssl_enable + is activated. If enabled, this option will permit SSL v2 protocol connections. +-TLS v1 connections are preferred. ++TLS v1.2 connections are preferred. + + Default: NO + .TP +@@ -514,7 +514,7 @@ Default: NO + Only applies if + .BR ssl_enable + is activated. If enabled, this option will permit SSL v3 protocol connections. +-TLS v1 connections are preferred. ++TLS v1.2 connections are preferred. + + Default: NO + .TP +@@ -522,7 +522,23 @@ Default: NO + Only applies if + .BR ssl_enable + is activated. If enabled, this option will permit TLS v1 protocol connections. +-TLS v1 connections are preferred. ++TLS v1.2 connections are preferred. ++ ++Default: YES ++.TP ++.B ssl_tlsv1_1 ++Only applies if ++.BR ssl_enable ++is activated. If enabled, this option will permit TLS v1.1 protocol connections. ++TLS v1.2 connections are preferred. ++ ++Default: YES ++.TP ++.B ssl_tlsv1_2 ++Only applies if ++.BR ssl_enable ++is activated. If enabled, this option will permit TLS v1.2 protocol connections. ++TLS v1.2 connections are preferred. + + Default: YES + .TP +@@ -1044,7 +1060,7 @@ man page for further details. Note that restricting ciphers can be a useful + security precaution as it prevents malicious remote parties forcing a cipher + which they have found problems with. + +-Default: DES-CBC3-SHA ++Default: AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384 + .TP + .B user_config_dir + This powerful option allows the override of any config option specified in +-- +2.7.4 + diff --git a/vsftpd-3.0.2-seccomp.patch b/0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch similarity index 62% rename from vsftpd-3.0.2-seccomp.patch rename to 0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch index ebf2a64..62fb66b 100644 --- a/vsftpd-3.0.2-seccomp.patch +++ b/0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch @@ -1,17 +1,17 @@ -From dd86a1c28f11fa67b1263d5dc79fa9953629d30d Mon Sep 17 00:00:00 2001 +From 4922e60589326540b2ee4f0bdfd6cb95f645f3d5 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Fri, 8 Apr 2016 15:03:16 +0200 -Subject: [PATCH 1/7] vsftpd-3.0.2-seccomp +Date: Fri, 18 Nov 2016 10:23:29 +0100 +Subject: [PATCH] Turn off seccomp sandbox, because it is too strict. --- tunables.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tunables.c b/tunables.c -index 93f85b1..b024be4 100644 +index 78f2bcd..5440c00 100644 --- a/tunables.c +++ b/tunables.c -@@ -232,7 +232,7 @@ tunables_load_defaults() +@@ -237,7 +237,7 @@ tunables_load_defaults() tunable_isolate_network = 1; tunable_ftp_enable = 1; tunable_http_enable = 0; @@ -21,5 +21,5 @@ index 93f85b1..b024be4 100644 tunable_accept_timeout = 60; -- -2.5.5 +2.7.4 diff --git a/vsftpd-2.3.5-aslim.patch b/vsftpd-2.3.5-aslim.patch deleted file mode 100644 index 6f271e2..0000000 --- a/vsftpd-2.3.5-aslim.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up vsftpd-3.0.3/defs.h.aslim vsftpd-3.0.3/defs.h ---- vsftpd-3.0.3/defs.h.aslim 2016-03-03 16:55:42.760819658 +0100 -+++ vsftpd-3.0.3/defs.h 2016-03-03 17:01:49.606873710 +0100 -@@ -19,7 +19,7 @@ - /* Must be at least the size of VSFTP_MAX_COMMAND_LINE, VSFTP_DIR_BUFSIZE and - VSFTP_DATA_BUFSIZE*2 */ - #define VSFTP_PRIVSOCK_MAXSTR VSFTP_DATA_BUFSIZE * 2 --#define VSFTP_AS_LIMIT 200UL * 1024 * 1024 -+#define VSFTP_AS_LIMIT 400UL * 1024 * 1024 - - #endif /* VSF_DEFS_H */ - diff --git a/vsftpd-3.0.0-logrotate.patch b/vsftpd-3.0.0-logrotate.patch deleted file mode 100644 index 317821a..0000000 --- a/vsftpd-3.0.0-logrotate.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 5a4adb1078552f3f17f21dab9cacadbcacf593ec Mon Sep 17 00:00:00 2001 -From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 18/26] Applied vsftpd-3.0.0-logrotate.patch - ---- - RedHat/vsftpd.log | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/RedHat/vsftpd.log b/RedHat/vsftpd.log -index d338de8..14731c1 100644 ---- a/RedHat/vsftpd.log -+++ b/RedHat/vsftpd.log -@@ -3,3 +3,9 @@ - nocompress - missingok - } -+ -+/var/log/xferlog { -+ # ftpd doesn't handle SIGHUP properly -+ nocompress -+ missingok -+} --- -2.5.0 - diff --git a/vsftpd-3.0.0-xferlog.patch b/vsftpd-3.0.0-xferlog.patch deleted file mode 100644 index 9c8c669..0000000 --- a/vsftpd-3.0.0-xferlog.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 26d555a940faf7c7c90d8a8a2b5d5e0d9988f714 Mon Sep 17 00:00:00 2001 -From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 17/26] Applied vsftpd-3.0.0-xferlog.patch - ---- - vsftpd.conf | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/vsftpd.conf b/vsftpd.conf -index ae6c6c9..39d1955 100644 ---- a/vsftpd.conf -+++ b/vsftpd.conf -@@ -50,7 +50,7 @@ connect_from_port_20=YES - # - # You may override where the log file goes if you like. The default is shown - # below. --#xferlog_file=/var/log/vsftpd.log -+#xferlog_file=/var/log/xferlog - # - # If you want, you can have your log file in standard ftpd xferlog format. - # Note that the default log file location is /var/log/xferlog in this case. --- -2.5.0 - diff --git a/vsftpd-close-std-fds.patch b/vsftpd-close-std-fds.patch deleted file mode 100644 index 4811651..0000000 --- a/vsftpd-close-std-fds.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 883736a0ad3b521c8210cc7e6cbc2cb302aca43c Mon Sep 17 00:00:00 2001 -From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 06/26] Applied vsftpd-close-std-fds.patch - ---- - standalone.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/standalone.c b/standalone.c -index ba01ab1..e0f2d5b 100644 ---- a/standalone.c -+++ b/standalone.c -@@ -130,6 +130,9 @@ vsf_standalone_main(void) - die("could not bind listening IPv6 socket"); - } - } -+ vsf_sysutil_close(0); -+ vsf_sysutil_close(1); -+ vsf_sysutil_close(2); - retval = vsf_sysutil_listen(listen_sock, VSFTP_LISTEN_BACKLOG); - if (vsf_sysutil_retval_is_error(retval)) - { --- -2.5.0 - diff --git a/vsftpd.spec b/vsftpd.spec index a8e95be..d6ca350 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -1,123 +1,77 @@ -%{!?tcp_wrappers:%define tcp_wrappers 1} -%define _generatorsdir %{_prefix}/lib/systemd/system-generators +%global _generatorsdir %{_prefix}/lib/systemd/system-generators -Name: vsftpd +Name: vsftpd Version: 3.0.3 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Very Secure Ftp Daemon -Group: System Environment/Daemons +Group: System Environment/Daemons # OpenSSL link exception -License: GPLv2 with exceptions -URL: https://security.appspot.com/vsftpd.html -Source0: https://security.appspot.com/downloads/%{name}-%{version}.tar.gz -Source1: vsftpd.xinetd -Source2: vsftpd.pam -Source3: vsftpd.ftpusers -Source4: vsftpd.user_list -Source6: vsftpd_conf_migrate.sh -Source7: vsftpd.service -Source8: vsftpd@.service -Source9: vsftpd.target +License: GPLv2 with exceptions +URL: https://security.appspot.com/vsftpd.html +Source0: https://security.appspot.com/downloads/%{name}-%{version}.tar.gz +Source1: vsftpd.xinetd +Source2: vsftpd.pam +Source3: vsftpd.ftpusers +Source4: vsftpd.user_list +Source6: vsftpd_conf_migrate.sh +Source7: vsftpd.service +Source8: vsftpd@.service +Source9: vsftpd.target Source10: vsftpd-generator -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) - BuildRequires: pam-devel BuildRequires: libcap-devel BuildRequires: openssl-devel BuildRequires: systemd -%if %{tcp_wrappers} BuildRequires: tcp_wrappers-devel -%endif +BuildRequires: git Requires: logrotate -# Build patches -Patch1: vsftpd-2.1.0-libs.patch -Patch2: vsftpd-2.1.0-build_ssl.patch -Patch3: vsftpd-2.1.0-tcp_wrappers.patch - -# Use /etc/vsftpd/ instead of /etc/ -Patch4: vsftpd-2.1.0-configuration.patch - -# These need review -Patch5: vsftpd-2.1.0-pam_hostname.patch -Patch6: vsftpd-close-std-fds.patch -Patch7: vsftpd-2.1.0-filter.patch -Patch9: vsftpd-2.1.0-userlist_log.patch - -Patch10: vsftpd-2.1.0-trim.patch -Patch12: vsftpd-2.1.1-daemonize_plus.patch -Patch14: vsftpd-2.2.0-wildchar.patch - -Patch16: vsftpd-2.2.2-clone.patch -Patch19: vsftpd-2.3.4-sd.patch -Patch20: vsftpd-2.3.4-sqb.patch -Patch21: vsftpd-2.3.4-listen_ipv6.patch -Patch22: vsftpd-2.3.5-aslim.patch -Patch23: vsftpd-3.0.0-tz.patch -Patch24: vsftpd-3.0.0-xferlog.patch -Patch25: vsftpd-3.0.0-logrotate.patch -Patch26: vsftpd-3.0.2-lookup.patch -Patch27: vsftpd-3.0.2-uint-uidgid.patch -Patch28: vsftpd-3.0.2-dh.patch -Patch29: vsftpd-3.0.2-ecdh.patch -Patch30: vsftpd-3.0.2-docupd.patch -Patch31: vsftpd-3.0.2-rc450.patch -Patch32: vsftpd-3.0.2-seccomp.patch -Patch33: vsftpd-3.0.2-mrate.patch -Patch34: vsftpd-3.0.2-wnohang.patch -Patch35: vsftpd-3.0.2-del-upl.patch -Patch36: vsftpd-2.2.2-man-pages.patch -Patch37: vsftpd-2.2.2-blank-chars-overflow.patch -Patch38: vsftpd-2.2.2-syslog.patch +Patch1: 0001-Don-t-use-the-provided-script-to-locate-libraries.patch +Patch2: 0002-Enable-build-with-SSL.patch +Patch3: 0003-Enable-build-with-TCP-Wrapper.patch +Patch4: 0004-Use-etc-vsftpd-dir-for-config-files-instead-of-etc.patch +Patch5: 0005-Use-hostname-when-calling-PAM-authentication-module.patch +Patch6: 0006-Close-stdin-out-err-before-listening-for-incoming-co.patch +Patch7: 0007-Make-filename-filters-smarter.patch +Patch8: 0008-Write-denied-logins-into-the-log.patch +Patch9: 0009-Trim-whitespaces-when-reading-configuration.patch +Patch10: 0010-Improve-daemonizing.patch +Patch11: 0011-Fix-listing-with-more-than-one-star.patch +Patch12: 0012-Replace-syscall-__NR_clone-.-with-clone.patch +Patch13: 0013-Extend-man-pages-with-systemd-info.patch +Patch14: 0014-Add-support-for-square-brackets-in-ls.patch +Patch15: 0015-Listen-on-IPv6-by-default.patch +Patch16: 0016-Increase-VSFTP_AS_LIMIT-from-200UL-to-400UL.patch +Patch17: 0017-Fix-an-issue-with-timestamps-during-DST.patch +Patch18: 0018-Change-the-default-log-file-in-configuration.patch +Patch19: 0019-Introduce-reverse_lookup_enable-option.patch +Patch20: 0020-Use-unsigned-int-for-uid-and-gid-representation.patch +Patch21: 0021-Introduce-support-for-DHE-based-cipher-suites.patch +Patch22: 0022-Introduce-support-for-EDDHE-based-cipher-suites.patch +Patch23: 0023-Add-documentation-for-isolate_-options.-Correct-defa.patch +Patch24: 0024-Introduce-new-return-value-450.patch +Patch25: 0025-Improve-local_max_rate-option.patch +Patch26: 0026-Prevent-hanging-in-SIGCHLD-handler.patch +Patch27: 0027-Delete-files-when-upload-fails.patch +Patch28: 0028-Fix-man-page-rendering.patch +Patch29: 0029-Fix-segfault-in-config-file-parser.patch +Patch30: 0030-Fix-logging-into-syslog-when-enabled-in-config.patch +Patch31: 0031-Fix-question-mark-wildcard-withing-a-file-name.patch +Patch32: 0032-Propagate-errors-from-nfs-with-quota-to-client.patch +Patch33: 0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch +Patch34: 0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from scratch. %prep -%setup -q -n %{name}-%{version} +%autosetup -S git cp %{SOURCE1} . -%patch1 -p1 -b .libs -%patch2 -p1 -b .build_ssl -%if %{tcp_wrappers} -%patch3 -p1 -b .tcp_wrappers -%endif -%patch4 -p1 -b .configuration -%patch5 -p1 -b .pam_hostname -%patch6 -p1 -b .close_fds -%patch7 -p1 -b .filter -%patch9 -p1 -b .userlist_log -%patch10 -p1 -b .trim -%patch12 -p1 -b .daemonize_plus -%patch14 -p1 -b .wildchar -%patch16 -p1 -b .clone -%patch19 -p1 -b .sd -%patch20 -p1 -b .sqb -%patch21 -p1 -b .listen_ipv6 -%patch22 -p1 -b .aslim -%patch23 -p1 -b .tz -%patch24 -p1 -b .xferlog -%patch25 -p1 -b .logrotate -%patch26 -p1 -b .lookup -%patch27 -p1 -b .uint-uidgid -%patch28 -p1 -b .dh -%patch29 -p1 -b .ecdh -%patch30 -p1 -b .docupd -%patch31 -p1 -b .rc450 -%patch32 -p1 -b .seccomp -%patch33 -p1 -b .mrate -%patch34 -p1 -b .wnohang -%patch35 -p1 -b .del-upl -%patch36 -p1 -b .man_pages -%patch37 -p1 -b .blank-char-overflow -%patch38 -p1 -b .syslog - - - %build %ifarch s390x sparcv9 sparc64 make CFLAGS="$RPM_OPT_FLAGS -fPIE -pipe -Wextra -Werror" \ @@ -126,9 +80,7 @@ make CFLAGS="$RPM_OPT_FLAGS -fpie -pipe -Wextra -Werror" \ %endif LINK="-pie -lssl" %{?_smp_mflags} - %install -rm -rf $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT%{_sbindir} mkdir -p $RPM_BUILD_ROOT%{_sysconfdir} mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/{vsftpd,pam.d,logrotate.d} @@ -151,9 +103,6 @@ install -m 755 %{SOURCE10} $RPM_BUILD_ROOT%{_generatorsdir} mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub -%clean -rm -rf $RPM_BUILD_ROOT - %post %systemd_post vsftpd.service @@ -183,6 +132,12 @@ rm -rf $RPM_BUILD_ROOT %{_var}/ftp %changelog +* Thu Nov 17 2016 Martin Sehnoutka - 3.0.3-3 +- Review patches +- Add TLSv1.{1,2} options +- Fix question mark wildcard within a file name +- Seccomp patch removed + * Fri Apr 08 2016 Martin Sehnoutka - 3.0.3-2 - Applied patches: - Readd seccomp disabled by default