Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package vsftpd for openSUSE:Factory checked in at 2022-02-03 23:15:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/vsftpd (Old) and /work/SRC/openSUSE:Factory/.vsftpd.new.1898 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "vsftpd" Thu Feb 3 23:15:47 2022 rev:78 rq:950708 version:3.0.5 Changes: -------- --- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes 2022-01-26 21:26:36.710146561 +0100 +++ /work/SRC/openSUSE:Factory/.vsftpd.new.1898/vsftpd.changes 2022-02-03 23:16:01.304803105 +0100 @@ -1,0 +2,46 @@ +Tue Feb 1 18:42:41 UTC 2022 - Peter Simons <psim...@suse.com> + +- Add "seccomp-fixes.patch" to fix the syscall architecture offset + from 4 to 5, this change was documented in + <https://lore.kernel.org/patchwork/patch/554803/>. + +- Add "vsftpd-openlog-force.patch" to a logic error in the way the + force option for syslog's openlog() call was handled. + +- Add "vsftpd-seccomp-getrandom.patch" to fix a seccomp failure in + FIPS mode when SSL was enabled. [bsc#1052900] + +- Add "vsftpd-seccomp-ssl.patch" to allow stat() to be called, + which is required during SSL initialization by RAND_load_file(). + +- Add "vsftpd-seccomp-wait4.patch" to allow wait4() to be called so + that the broker can wait for its child processes. [bsc#1021387] + +- Refresh patches to -p1 style so that we can use %autosetup: + * vsftpd-2.0.4-dmapi.patch + * vsftpd-2.0.4-enable-ssl.patch + * vsftpd-2.0.5-enable-debuginfo.patch + * vsftpd-2.0.5-utf8-log-names.patch + * vsftpd-2.0.5-vuser.patch + * vsftpd-2.3.5-conf.patch + +- Apply "revert-undocumented-config-file-format-changes.patch" to + revert the "ssl_tlsv1_X"-style config file options back to their + original spelling. The changes that dropped the underscore from + the version numbers in release 3.0.4 breaks existing + configurations and it was never documented anywhere -- not in the + package's changelog and not in the packages's own man page. + +- Apply "use-system-wide-tls-cipher-policy.patch" so that vsftpd + follows the system-wide TLS cipher policy "DEFAULT_SUSE" by + default. Run the command "openssl ciphers -v DEFAULT_SUSE" to see + which ciphers this includes. + +- Apply "add vsftpd-allow-dev-log-socket.patch" to allow sendto() + syscall when /dev/log support is enabled. [bnc#786024] + +- Apply "vsftpd-enable-sendto-for-prelogin-syslog.patch" to allow + sendto() to be called from check_limits(), which is necessary for + vsftpd to write to the system log. + +------------------------------------------------------------------- @@ -24,0 +71,4 @@ + * The options "ssl_tlsv1_1", "ssl_tlsv1_2", and "ssl_tlsv1_3" + have been renamed to "ssl_tlsv11", "ssl_tlsv12", and + "ssl_tlsv13" respectively. Note that the man page has not been + updated accordingly. @@ -29,0 +80,18 @@ +- "0001-Introduce-TLSv1.3-option.patch" is now obsolete. + +- "vsftpd-seccomp-syslog.patch" is now obsolete. + +------------------------------------------------------------------- +Mon Jun 14 14:26:05 UTC 2021 - Peter Simons <psim...@suse.com> + +- OpenSSL was updated to version 1.1.1 in SLE-15-SP2, adding + support for the TLSv1.3 protocol. As a consequence, some SLE-15 + applications that link OpenSSL for TLS support -- like vsftpd --, + gained the ability to use the newer TLS protocol, which created + interoperability problems with FTP clients in some cases. To + remedy the situation, "0001-Introduce-TLSv1.3-option.patch" was + applied in a forked SLE-15-SP2 version of vsftpd. The patch adds + the configuration option "ssl_tlsv1_3" that system administrators + can use to disable TLSv1.3 support on their servers. + [bsc#1187188] + @@ -108 +176,2 @@ - required for the daemon to work properly on SLE-15. [bsc#1089088] + required for the daemon to work properly on SLE-15. [bsc#1089088, + bsc#1180314] @@ -207,0 +277,6 @@ + +------------------------------------------------------------------- +Tue Mar 22 14:56:05 UTC 2016 - tchva...@suse.com + +- Fix hang when using seccomp and syslog bnc#971784: + * vsftpd-seccomp-syslog.patch New: ---- revert-undocumented-config-file-format-changes.patch use-system-wide-tls-cipher-policy.patch vsftpd-allow-dev-log-socket.patch vsftpd-enable-sendto-for-prelogin-syslog.patch vsftpd-openlog-force.patch vsftpd-seccomp-getrandom.patch vsftpd-seccomp-ssl.patch vsftpd-seccomp-wait4.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ vsftpd.spec ++++++ --- /var/tmp/diff_new_pack.NZ64Yy/_old 2022-02-03 23:16:02.528794751 +0100 +++ /var/tmp/diff_new_pack.NZ64Yy/_new 2022-02-03 23:16:02.532794723 +0100 @@ -1,7 +1,7 @@ # # spec file for package vsftpd # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -88,6 +88,14 @@ Patch35: 0001-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch # PATCH-FIX-UPSTREAM https://bugzilla.suse.com/show_bug.cgi?id=1179553 Patch36: seccomp-fixes.patch +Patch37: vsftpd-openlog-force.patch +Patch38: vsftpd-seccomp-getrandom.patch +Patch39: vsftpd-seccomp-ssl.patch +Patch40: vsftpd-seccomp-wait4.patch +Patch41: revert-undocumented-config-file-format-changes.patch +Patch42: use-system-wide-tls-cipher-policy.patch +Patch43: vsftpd-allow-dev-log-socket.patch +Patch44: vsftpd-enable-sendto-for-prelogin-syslog.patch BuildRequires: libcap-devel BuildRequires: libopenssl-devel BuildRequires: pam-devel @@ -121,40 +129,7 @@ tests. %prep -%setup -q -%patch1 -p1 -%patch3 -p1 -%patch4 -%patch5 -%patch6 -%patch7 -%patch8 -%patch9 -%patch10 -p1 -%patch11 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 -%patch16 -p1 -%patch17 -p1 -%patch18 -p1 -%patch19 -p1 -%patch20 -p1 -%patch21 -p1 -%patch22 -p1 -%patch23 -p1 -%patch24 -p1 -%patch25 -p1 -%patch26 -p1 -%patch27 -p1 -%patch28 -p1 -%patch29 -p1 -%patch30 -p1 -%patch31 -p1 -%patch32 -p1 -%patch33 -p1 -%patch35 -p1 -%patch36 -p1 +%autosetup -p1 %build %define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP ++++++ revert-undocumented-config-file-format-changes.patch ++++++ Index: vsftpd-3.0.5/parseconf.c =================================================================== --- vsftpd-3.0.5.orig/parseconf.c 2022-02-01 20:35:02.703078850 +0100 +++ vsftpd-3.0.5/parseconf.c 2022-02-01 20:35:44.042486850 +0100 @@ -85,9 +85,9 @@ parseconf_bool_array[] = { "ssl_sslv2", &tunable_sslv2 }, { "ssl_sslv3", &tunable_sslv3 }, { "ssl_tlsv1", &tunable_tlsv1 }, - { "ssl_tlsv11", &tunable_tlsv1_1 }, - { "ssl_tlsv12", &tunable_tlsv1_2 }, - { "ssl_tlsv13", &tunable_tlsv1_3 }, + { "ssl_tlsv1_1", &tunable_tlsv1_1 }, + { "ssl_tlsv1_2", &tunable_tlsv1_2 }, + { "ssl_tlsv1_3", &tunable_tlsv1_3 }, { "tilde_user_enable", &tunable_tilde_user_enable }, { "force_anon_logins_ssl", &tunable_force_anon_logins_ssl }, { "force_anon_data_ssl", &tunable_force_anon_data_ssl }, ++++++ use-system-wide-tls-cipher-policy.patch ++++++ Index: vsftpd-3.0.5/tunables.c =================================================================== --- vsftpd-3.0.5.orig/tunables.c 2022-02-02 10:58:56.589962539 +0100 +++ vsftpd-3.0.5/tunables.c 2022-02-02 11:00:17.600782133 +0100 @@ -295,7 +295,7 @@ tunables_load_defaults() install_str_setting("/usr/share/ssl/certs/vsftpd.pem", &tunable_rsa_cert_file); install_str_setting(0, &tunable_dsa_cert_file); - install_str_setting("ECDHE-RSA-AES256-GCM-SHA384", &tunable_ssl_ciphers); + install_str_setting("DEFAULT_SUSE", &tunable_ssl_ciphers); install_str_setting(0, &tunable_rsa_private_key_file); install_str_setting(0, &tunable_dsa_private_key_file); install_str_setting(0, &tunable_ca_certs_file); Index: vsftpd-3.0.5/vsftpd.conf.5 =================================================================== --- vsftpd-3.0.5.orig/vsftpd.conf.5 2022-02-02 10:58:56.589962539 +0100 +++ vsftpd-3.0.5/vsftpd.conf.5 2022-02-02 11:01:58.855306755 +0100 @@ -1025,7 +1025,7 @@ man page for further details. Note that security precaution as it prevents malicious remote parties forcing a cipher which they have found problems with. -Default: DES-CBC3-SHA +Default: DEFAULT_SUSE .TP .B ssl_sni_hostname If set, SSL connections will be rejected unless the SNI hostname in the ++++++ vsftpd-2.0.4-dmapi.patch ++++++ --- /var/tmp/diff_new_pack.NZ64Yy/_old 2022-02-03 23:16:02.584794368 +0100 +++ /var/tmp/diff_new_pack.NZ64Yy/_new 2022-02-03 23:16:02.584794368 +0100 @@ -1,8 +1,8 @@ -Index: postlogin.c +Index: vsftpd-3.0.5/postlogin.c =================================================================== ---- postlogin.c.orig 2012-04-10 16:09:50.440384915 +0200 -+++ postlogin.c 2012-04-10 16:10:01.193753389 +0200 -@@ -1053,6 +1053,11 @@ +--- vsftpd-3.0.5.orig/postlogin.c 2015-07-22 21:03:22.000000000 +0200 ++++ vsftpd-3.0.5/postlogin.c 2022-02-01 20:12:02.710908421 +0100 +@@ -1061,6 +1061,11 @@ handle_upload_common(struct vsf_session* { do_truncate = 1; } ++++++ vsftpd-2.0.4-enable-ssl.patch ++++++ --- /var/tmp/diff_new_pack.NZ64Yy/_old 2022-02-03 23:16:02.596794286 +0100 +++ /var/tmp/diff_new_pack.NZ64Yy/_new 2022-02-03 23:16:02.596794286 +0100 @@ -1,5 +1,7 @@ ---- builddefs.h.orig -+++ builddefs.h +Index: vsftpd-3.0.5/builddefs.h +=================================================================== +--- vsftpd-3.0.5.orig/builddefs.h 2021-08-02 09:01:43.000000000 +0200 ++++ vsftpd-3.0.5/builddefs.h 2022-02-01 20:12:01.538925293 +0100 @@ -3,7 +3,7 @@ #undef VSF_BUILD_TCPWRAPPERS ++++++ vsftpd-2.0.5-enable-debuginfo.patch ++++++ --- /var/tmp/diff_new_pack.NZ64Yy/_old 2022-02-03 23:16:02.612794177 +0100 +++ /var/tmp/diff_new_pack.NZ64Yy/_new 2022-02-03 23:16:02.616794150 +0100 @@ -1,8 +1,8 @@ -Index: Makefile +Index: vsftpd-3.0.5/Makefile =================================================================== ---- Makefile.orig 2012-04-03 09:21:18.000000000 +0200 -+++ Makefile 2012-04-10 16:10:53.545547162 +0200 -@@ -9,7 +9,6 @@ +--- vsftpd-3.0.5.orig/Makefile 2012-09-16 09:27:35.000000000 +0200 ++++ vsftpd-3.0.5/Makefile 2022-02-01 20:12:04.538882105 +0100 +@@ -9,7 +9,6 @@ CFLAGS = -O2 -fPIE -fstack-protector --p #-pedantic -Wconversion LIBS = `./vsf_findlibs.sh` @@ -10,7 +10,7 @@ LDFLAGS = -fPIE -pie -Wl,-z,relro -Wl,-z,now OBJS = main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o \ -@@ -26,7 +25,7 @@ +@@ -26,7 +25,7 @@ OBJS = main.o utility.o prelogin.o ftpcm $(CC) -c $*.c $(CFLAGS) $(IFLAGS) vsftpd: $(OBJS) ++++++ vsftpd-2.0.5-utf8-log-names.patch ++++++ --- /var/tmp/diff_new_pack.NZ64Yy/_old 2022-02-03 23:16:02.624794095 +0100 +++ /var/tmp/diff_new_pack.NZ64Yy/_new 2022-02-03 23:16:02.628794068 +0100 @@ -1,8 +1,8 @@ -Index: str.c +Index: vsftpd-3.0.5/str.c =================================================================== ---- str.c.orig 2012-03-28 17:25:40.000000000 +0200 -+++ str.c 2012-04-10 16:10:59.965767345 +0200 -@@ -27,6 +27,24 @@ +--- vsftpd-3.0.5.orig/str.c 2012-09-16 09:09:06.000000000 +0200 ++++ vsftpd-3.0.5/str.c 2022-02-01 20:12:05.458868861 +0100 +@@ -27,6 +27,24 @@ static int str_equal_internal(const char const char* p_buf2, unsigned int buf2_len); /* Private functions */ @@ -27,7 +27,7 @@ static void s_setbuf(struct mystr* p_str, char* p_newbuf) { -@@ -181,6 +199,45 @@ +@@ -181,6 +199,45 @@ str_reserve(struct mystr* p_str, unsigne p_str->p_buf[res_len - 1] = '\0'; } @@ -73,29 +73,26 @@ int str_isempty(const struct mystr* p_str) { -@@ -702,11 +759,13 @@ +@@ -702,6 +759,7 @@ void str_replace_unprintable(struct mystr* p_str, char new_char) { unsigned int i; -- for (i=0; i < p_str->len; i++) -- { -- if (!vsf_sysutil_isprint(p_str->p_buf[i])) + if( !str_is_utf8( p_str ) ) { -+ for (i=0; i < p_str->len; i++) - { -- p_str->p_buf[i] = new_char; -+ if (!vsf_sysutil_isprint(p_str->p_buf[i])) -+ { -+ p_str->p_buf[i] = new_char; -+ } + for (i=0; i < p_str->len; i++) + { + if (!vsf_sysutil_isprint(p_str->p_buf[i])) +@@ -709,5 +767,6 @@ str_replace_unprintable(struct mystr* p_ + p_str->p_buf[i] = new_char; } } ++ } } -Index: str.h + +Index: vsftpd-3.0.5/str.h =================================================================== ---- str.h.orig 2008-12-17 06:53:23.000000000 +0100 -+++ str.h 2012-04-10 16:10:59.965767345 +0200 -@@ -36,6 +36,7 @@ +--- vsftpd-3.0.5.orig/str.h 2012-09-16 09:01:52.000000000 +0200 ++++ vsftpd-3.0.5/str.h 2022-02-01 20:12:05.458868861 +0100 +@@ -36,6 +36,7 @@ void str_free(struct mystr* p_str); void str_trunc(struct mystr* p_str, unsigned int trunc_len); void str_reserve(struct mystr* p_str, unsigned int res_len); ++++++ vsftpd-2.0.5-vuser.patch ++++++ --- /var/tmp/diff_new_pack.NZ64Yy/_old 2022-02-03 23:16:02.636794013 +0100 +++ /var/tmp/diff_new_pack.NZ64Yy/_new 2022-02-03 23:16:02.640793986 +0100 @@ -1,5 +1,7 @@ ---- EXAMPLE/VIRTUAL_USERS/vsftpd.pam.orig -+++ EXAMPLE/VIRTUAL_USERS/vsftpd.pam +Index: vsftpd-3.0.5/EXAMPLE/VIRTUAL_USERS/vsftpd.pam +=================================================================== +--- vsftpd-3.0.5.orig/EXAMPLE/VIRTUAL_USERS/vsftpd.pam 2008-02-02 02:30:40.000000000 +0100 ++++ vsftpd-3.0.5/EXAMPLE/VIRTUAL_USERS/vsftpd.pam 2022-02-01 20:12:03.670894600 +0100 @@ -1,2 +1,2 @@ -auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login -account required /lib/security/pam_userdb.so db=/etc/vsftpd_login ++++++ vsftpd-2.3.5-conf.patch ++++++ --- /var/tmp/diff_new_pack.NZ64Yy/_old 2022-02-03 23:16:02.656793876 +0100 +++ /var/tmp/diff_new_pack.NZ64Yy/_new 2022-02-03 23:16:02.660793849 +0100 @@ -1,7 +1,7 @@ -Index: vsftpd.conf +Index: vsftpd-3.0.5/vsftpd.conf =================================================================== ---- vsftpd.conf.orig -+++ vsftpd.conf +--- vsftpd-3.0.5.orig/vsftpd.conf 2011-12-17 19:24:40.000000000 +0100 ++++ vsftpd-3.0.5/vsftpd.conf 2022-02-01 20:12:06.546853199 +0100 @@ -4,23 +4,89 @@ # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. ++++++ vsftpd-allow-dev-log-socket.patch ++++++ From: mvysko...@suse.com Subject: enable /dev/log related socket call Linux-PAM try to open /dev/log, but as socket is not enabled in seccomp sandbox, daemon is killed by SIGSYS. Because the attempt is made by process with RLIMIT_NOFILE, the correct fix would be to test if we can open a new fd in pam. Anyway I would say the risc is small, and other socket syscalls are disabled. Fixes: https://bugzilla.novell.com/show_bug.cgi?id=786024 Index: vsftpd-3.0.5/seccompsandbox.c =================================================================== --- vsftpd-3.0.5.orig/seccompsandbox.c 2022-02-02 11:03:38.133860169 +0100 +++ vsftpd-3.0.5/seccompsandbox.c 2022-02-02 11:03:38.177859528 +0100 @@ -366,6 +366,15 @@ seccomp_sandbox_init() { bug("bad state in seccomp_sandbox_init"); } + + //this is very probably an attempt to open /dev/log + //it fails because process cannot open any file, so it might be safe + //socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = -1 EMFILE (Too many open files) + allow_nr_3_arg_match(__NR_socket, + 1, PF_FILE, + 2, SOCK_DGRAM | SOCK_CLOEXEC, + 3, 0); + } void ++++++ vsftpd-enable-sendto-for-prelogin-syslog.patch ++++++ Enable sendto for syslog logging to /dev/log in prelogin We write to log from check_limits() and therefore we have to allow sendto() for syslog otherwise sandbox will kill the child. Index: vsftpd-3.0.2/seccompsandbox.c =================================================================== --- vsftpd-3.0.2.orig/seccompsandbox.c +++ vsftpd-3.0.2/seccompsandbox.c @@ -388,6 +388,11 @@ seccomp_sandbox_setup_prelogin(const str 1, PF_FILE, 2, SOCK_DGRAM | SOCK_CLOEXEC, 3, 0); + // allow syslog logs from check_limits() + if (tunable_syslog_enable) + { + allow_nr_1_arg_match(__NR_sendto, 6, 0); + } } ++++++ vsftpd-openlog-force.patch ++++++ Force openlog() to open log immediately iff force!=0. Otherwise is log opened on first syslog() call which may be after the privileges are dropped and new file descriptors cannot be created. Index: vsftpd-3.0.5/sysutil.c =================================================================== --- vsftpd-3.0.5.orig/sysutil.c 2022-02-01 19:38:36.487789134 +0100 +++ vsftpd-3.0.5/sysutil.c 2022-02-01 19:44:08.787005494 +0100 @@ -2700,7 +2700,7 @@ vsf_sysutil_openlog(int force) { int facility = LOG_DAEMON; int option = LOG_PID; - if (!force) + if (force) { option |= LOG_NDELAY; } ++++++ vsftpd-seccomp-getrandom.patch ++++++ Index: vsftpd-3.0.5/seccompsandbox.c =================================================================== --- vsftpd-3.0.5.orig/seccompsandbox.c 2022-02-01 19:47:13.916340458 +0100 +++ vsftpd-3.0.5/seccompsandbox.c 2022-02-01 19:51:24.196737535 +0100 @@ -406,6 +406,10 @@ seccomp_sandbox_setup_prelogin(const str { allow_nr_1_arg_match(__NR_recvmsg, 3, 0); allow_nr_2_arg_match(__NR_setsockopt, 2, IPPROTO_TCP, 3, TCP_NODELAY); + // called from openssl's RAND_poll which is invoked in FIPS mode when the DRBG is seeded + allow_nr(__NR_getrandom); + allow_nr_1_arg_mask(__NR_open, 2, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_CLOEXEC); + allow_nr(__NR_getuid); } if (tunable_syslog_enable) { ++++++ vsftpd-seccomp-ssl.patch ++++++ SSL initialization calls RAND_load_file() which needs stat() enabled. Index: vsftpd-3.0.3/seccompsandbox.c =================================================================== --- vsftpd-3.0.3.orig/seccompsandbox.c 2021-12-21 15:33:01.491786690 +0100 +++ vsftpd-3.0.3/seccompsandbox.c 2021-12-21 15:33:01.499786535 +0100 @@ -559,6 +559,8 @@ seccomp_sandbox_setup_postlogin_broker() allow_nr(__NR_fstat); allow_nr(__NR_fchown); allow_nr_1_arg_match(__NR_recvmsg, 3, 0); + // called by RAND_load_file + allow_nr(__NR_stat); } if (tunable_syslog_enable) { ++++++ vsftpd-seccomp-wait4.patch ++++++ Broker has to wait for its child. Index: vsftpd-3.0.2/seccompsandbox.c =================================================================== --- vsftpd-3.0.2.orig/seccompsandbox.c +++ vsftpd-3.0.2/seccompsandbox.c @@ -540,6 +540,7 @@ seccomp_sandbox_setup_postlogin_broker() seccomp_sandbox_setup_base(); seccomp_sandbox_setup_data_connections(); allow_nr_1_arg_match(__NR_sendmsg, 3, 0); + allow_nr(__NR_wait4); if (tunable_chown_uploads) { allow_nr(__NR_fstat);