From f98f0189c6151b1c5247222de8c578c207aa19c7 Mon Sep 17 00:00:00 2001 From: Jiri Skala Date: Fri, 6 Aug 2010 09:35:40 +0200 Subject: [PATCH] * Fri Aug 06 2010 Jiri Skala - 2.2.2-8 - fixes #472880 - Configuration can cause confusion because of selinux labels --- vsftpd-2.1.0-configuration.patch | 21 +++++++++++++-------- vsftpd.spec | 5 ++++- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/vsftpd-2.1.0-configuration.patch b/vsftpd-2.1.0-configuration.patch index 4f95607..5f04dea 100644 --- a/vsftpd-2.1.0-configuration.patch +++ b/vsftpd-2.1.0-configuration.patch @@ -378,20 +378,20 @@ diff -up vsftpd-2.2.0/vsftpd.conf.5.configuration vsftpd-2.2.0/vsftpd.conf.5 .TP .B vsftpd_log_file This option is the name of the file to which we write the vsftpd style -diff -up vsftpd-2.2.0/vsftpd.conf.configuration vsftpd-2.2.0/vsftpd.conf ---- vsftpd-2.2.0/vsftpd.conf.configuration 2009-06-17 22:05:28.000000000 +0200 -+++ vsftpd-2.2.0/vsftpd.conf 2009-08-04 07:53:13.000000000 +0200 +--- vsftpd-2.2.2/vsftpd.conf.configuration 2009-10-19 04:04:23.000000000 +0200 ++++ vsftpd-2.2.2/vsftpd.conf 2010-08-06 09:28:44.891173995 +0200 @@ -1,4 +1,4 @@ -# Example config file /etc/vsftpd.conf +# Example config file /etc/vsftpd/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. -@@ -12,14 +12,14 @@ +@@ -12,18 +12,20 @@ anonymous_enable=YES # # Uncomment this to allow local users to log in. -#local_enable=YES ++# When SELinux is enforcing check for SE bool ftp_home_dir +local_enable=YES # # Uncomment this to enable any form of FTP write command. @@ -405,7 +405,12 @@ diff -up vsftpd-2.2.0/vsftpd.conf.configuration vsftpd-2.2.0/vsftpd.conf # # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will -@@ -52,7 +52,7 @@ connect_from_port_20=YES + # obviously need to create a directory writable by the FTP user. ++# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access + #anon_upload_enable=YES + # + # Uncomment this if you want the anonymous FTP user to be able to create +@@ -52,7 +54,7 @@ # # If you want, you can have your log file in standard ftpd xferlog format. # Note that the default log file location is /var/log/xferlog in this case. @@ -414,7 +419,7 @@ diff -up vsftpd-2.2.0/vsftpd.conf.configuration vsftpd-2.2.0/vsftpd.conf # # You may change the default value for timing out an idle session. #idle_session_timeout=600 -@@ -87,7 +87,7 @@ connect_from_port_20=YES +@@ -87,7 +89,7 @@ # useful for combatting certain DoS attacks. #deny_email_enable=YES # (default follows) @@ -423,7 +428,7 @@ diff -up vsftpd-2.2.0/vsftpd.conf.configuration vsftpd-2.2.0/vsftpd.conf # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of -@@ -95,7 +95,7 @@ connect_from_port_20=YES +@@ -95,7 +97,7 @@ #chroot_local_user=YES #chroot_list_enable=YES # (default follows) @@ -432,7 +437,7 @@ diff -up vsftpd-2.2.0/vsftpd.conf.configuration vsftpd-2.2.0/vsftpd.conf # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large -@@ -112,3 +112,7 @@ listen=YES +@@ -112,3 +114,7 @@ # sockets, you must run two copies of vsftpd with two configuration files. # Make sure, that one of the listen options is commented !! #listen_ipv6=YES diff --git a/vsftpd.spec b/vsftpd.spec index 9862ee6..ab30c34 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 2.2.2 -Release: 7%{?dist} +Release: 8%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -146,6 +146,9 @@ fi %changelog +* Fri Aug 06 2010 Jiri Skala - 2.2.2-8 +- fixes #472880 - Configuration can cause confusion because of selinux labels + * Mon May 17 2010 Jiri Skala - 2.2.2-7 - when listen_ipv6=YES sets socket option to listen IPv6 only