commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2014-04-11 13:42:43
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
Package is "vsftpd"
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2013-07-22
14:56:50.0 +0200
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2014-04-11
13:42:44.0 +0200
@@ -1,0 +2,47 @@
+Thu Apr 10 12:56:03 UTC 2014 - tchva...@suse.com
+
+- Move the enabling of timeofday and alarm one level deeper to
+ be sure it is whitelisted everytime.
+ Also should possibly fix bnc#872215.
+
+- Updated patch:
+ * vsftpd-enable-gettimeofday-sec.patch
+
+---
+Thu Apr 10 12:06:25 UTC 2014 - tchva...@suse.com
+
+- Remove forking from service type as it hangs in endless loop.
+
+---
+Wed Apr 2 07:47:05 UTC 2014 - tchva...@suse.com
+
+- Fix warning about dangling symlink on rcvsftpd from rpmlint and
+ remove also clean section while at it.
+
+---
+Wed Apr 2 07:35:27 UTC 2014 - tchva...@suse.com
+
+- Add patch to allow gettimeofday and alarm calls with seccomp
+ enabled. bnc#870122
+- Added patch:
+ * vsftpd-enable-gettimeofday-sec.patch
+
+---
+Tue Apr 1 07:17:50 UTC 2014 - tchva...@suse.com
+
+- Specify that the service type is forking
+
+---
+Mon Jan 27 13:04:19 UTC 2014 - mvysko...@suse.com
+
+- changed license to SUSE-GPL-2.0-with-openssl-exception
+ * suggested by legal team
+
+---
+Tue Jan 21 11:00:13 UTC 2014 - mvysko...@suse.com
+
+- add allow_root_squashed_chroot option to enable chroot on nsf
+ mounted with squash_root option (fate#311051)
+ * vsftpd-root-squashed-chroot.patch
+
+---
New:
vsftpd-enable-gettimeofday-sec.patch
vsftpd-root-squashed-chroot.patch
Other differences:
--
++ vsftpd.spec ++
--- /var/tmp/diff_new_pack.BRp2nn/_old 2014-04-11 13:42:45.0 +0200
+++ /var/tmp/diff_new_pack.BRp2nn/_new 2014-04-11 13:42:45.0 +0200
@@ -1,7 +1,7 @@
#
# spec file for package vsftpd
#
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -32,7 +32,7 @@
Version:3.0.2
Release:0
Summary:Very Secure FTP Daemon - Written from Scratch
-License:GPL-2.0+
+License:SUSE-GPL-2.0-with-openssl-exception
Group: Productivity/Networking/Ftp/Servers
Url:https://security.appspot.com/vsftpd.html
Source0:
https://security.appspot.com/downloads/%{name}-%{version}.tar.gz
@@ -63,9 +63,13 @@
Patch14:vsftpd-enable-fcntl-f_setfl.patch
#PATCH-FIX-OPENSUSE: bnc#812406
Patch15:vsftpd-enable-dev-log-sendto.patch
+#PATCH-FEATURE-SUSE: FATE#311051, call chroot with user credentials to enable
nsf with squash_root option
+Patch16:vsftpd-root-squashed-chroot.patch
+#PATCH-FIX-UPSTREAM: bnc#870122
+Patch17:vsftpd-enable-gettimeofday-sec.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Provides: ftp-server
-PreReq: %insserv_prereq /usr/sbin/useradd
+Requires(pre): %insserv_prereq /usr/sbin/useradd
%{?systemd_requires}
Requires: logrotate
@@ -97,6 +101,8 @@
%patch13 -p1
%patch14 -p1
%patch15 -p1
+%patch16 -p1
+%patch17 -p1
%build
%define seccomp_opts %{nil}
@@ -121,7 +127,7 @@
install -D -m 755 %SOURCE3 $RPM_BUILD_ROOT/etc/init.d/%name
ln -sf ../../etc/init.d/%name $RPM_BUILD_ROOT/%_prefix/sbin/rc%name
%else
-ln -sf ../../sbin/service $RPM_BUILD_ROOT/%{_prefix}/sbin/rc%{name}
+ln -sf service $RPM_BUILD_ROOT/%{_prefix}/sbin/rc%{name}
%endif
install -d $RPM_BUILD_ROOT/%_datadir/omc/svcinfo.d/
install -D -m 644 %SOURCE5 $RPM_BUILD_ROOT/%_datadir/omc/svcinfo.d/
@@ -165,9 +171,6 @@
%service_del_postun %{name}.service
%endif
-%clean
-rm -rf $RPM_BUILD_ROOT
-
%files
%defattr(-,root,root)
%if 0%{?suse_version} > 1140
++ vsftpd-enable-gettimeofday-sec.patch ++
diff -urN vsftpd-3.0.2/seccompsandbox.c vsftpd-3.0.2.new/seccompsandbox.c
--- vsftpd-3.0.2/seccompsandbox.c 2012-09-18 08:52:30.0 +0200
+++ vsftpd-3.0.2.new/seccompsandbox.c 20
commit vsftpd for openSUSE:Factory
Hello community, here is the log from the commit of package vsftpd for openSUSE:Factory checked in at Thu Sep 22 14:48:09 CEST 2011. --- vsftpd/vsftpd.changes 2011-02-25 02:37:55.0 +0100 +++ /mounts/work_src_done/STABLE/vsftpd/vsftpd.changes 2011-09-22 13:33:03.0 +0200 @@ -1,0 +2,8 @@ +Thu Sep 22 11:17:04 UTC 2011 - mvysko...@suse.cz + +- fix bnc#713588 - bogus logrotate config for vsftpd + call /sbin/killproc -HUP /usr/sbin/vsftpd like init script +- change the url and service file to the new location at + security.appspot.com/vsftpd + +--- calling whatdependson for head-i586 Other differences: -- ++ vsftpd.spec ++ --- /var/tmp/diff_new_pack.AURvEw/_old 2011-09-22 14:48:05.0 +0200 +++ /var/tmp/diff_new_pack.AURvEw/_new 2011-09-22 14:48:05.0 +0200 @@ -30,7 +30,7 @@ Summary:Very Secure FTP Daemon - Written from Scratch License:GPLv2+ Group: Productivity/Networking/Ftp/Servers -Url:http://vsftpd.beasts.org +Url:https://security.appspot.com/vsftpd.html Source: %name-%version.tar.gz Source1:%name.pam Source2:%name.logrotate ++ _service ++ --- /var/tmp/diff_new_pack.AURvEw/_old 2011-09-22 14:48:05.0 +0200 +++ /var/tmp/diff_new_pack.AURvEw/_new 2011-09-22 14:48:05.0 +0200 @@ -1,13 +1,12 @@ - -ftp -vsftpd.beasts.org -/users/cevans/vsftpd-2.3.4.tar.gz +https +security.appspot.com +/downloads/vsftpd-2.3.4.tar.gz _service:download_url:vsftpd-2.3.4.tar.gz sha256 b466edf96437afa2b2bea6981d4ab8b0204b83ca0a2ac94bef6b62b42cc71a5a - + \ No newline at end of file ++ vsftpd.logrotate ++ --- /var/tmp/diff_new_pack.AURvEw/_old 2011-09-22 14:48:05.0 +0200 +++ /var/tmp/diff_new_pack.AURvEw/_new 2011-09-22 14:48:05.0 +0200 @@ -9,6 +9,6 @@ create 600 root root sharedscripts postrotate - killall -HUP vsftpd + /sbin/killproc -HUP /usr/sbin/vsftpd endscript } Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2012-02-22 15:55:42
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
Package is "vsftpd", Maintainer is "mvysko...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2011-09-23
12:50:08.0 +0200
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2012-02-22
15:55:44.0 +0100
@@ -1,0 +2,47 @@
+Tue Feb 21 10:51:51 UTC 2012 - mvysko...@suse.cz
+
+- follow Systemd Packaging guidelines
+ http://en.opensuse.org/openSUSE:Systemd_packaging_guidelines
+- add $local_fs and $remote_fs to init script
+
+---
+Wed Feb 15 16:41:15 UTC 2012 - mvysko...@suse.cz
+
+- use the original tarball, because the bz2 repacking madness disables
+ gpg --verify
+- revert a part oc changes utf converting
+
+---
+Fri Dec 23 17:48:04 UTC 2011 - andreas.stie...@gmx.de
+
+- update to upstream 2.3.5:
+ * Try and force glibc to cache zoneinfo files in an attempt to work around
+glibc parsing vulnerability. Thanks to Kingcope.
+ * Only report CHMOD in SITE HELP if it's enabled. Thanks to Martin Schwenke
+.
+ * Some simple fixes and cleanups from Thorsten Brehm .
+ * Only advertise "AUTH SSL" if one of SSLv2, SSLv3 is enabled. Thanks to
+steve willing .
+ * Handle connect() failures properly. Thanks to Takayuki Nagata
+.
+ * Add stronger checks for the configuration error of running with a
+writeable root directory inside a chroot(). This may bite people who
+carelessly turned on chroot_local_user but such is life.
+- convert .changes file to unicode
+- refresh vsftpd-2.0.4-conf.diff to vsftpd-2.3.5-conf.patch
+- name patches explicitly without macro as per recommendations
+- remove INSTALL file from binary package
+- update license to GPL-2.0+
+- mark /etc/sysconfig/SuSEfirewall2/services/vsftpd as config file
+
+---
+Sat Nov 26 16:31:20 UTC 2011 - crrodrig...@opensuse.org
+
+- fis copy/paste error in previous change
+
+---
+Fri Nov 25 22:14:14 UTC 2011 - crrodrig...@opensuse.org
+
+- Add systemd unit
+
+---
@@ -486,3 +533,3 @@
- � IPv6 support, so drop our patch
- � Many bugfixes and tunings
- � Build fixes
+ ˇ IPv6 support, so drop our patch
+ ˇ Many bugfixes and tunings
+ ˇ Build fixes
Old:
_service
_service:download_url:vsftpd-2.3.4.tar.gz
vsftpd-2.0.4-conf.diff
New:
vsftpd-2.3.5-conf.patch
vsftpd-2.3.5.tar.gz
vsftpd.service
Other differences:
--
++ vsftpd.spec ++
--- /var/tmp/diff_new_pack.gJn1nm/_old 2012-02-22 15:55:45.0 +0100
+++ /var/tmp/diff_new_pack.gJn1nm/_new 2012-02-22 15:55:45.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package vsftpd
#
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -15,20 +15,22 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
-# norootforbuild
-
Name: vsftpd
-BuildRequires: openssl-devel pam-devel
+BuildRequires: openssl-devel
+BuildRequires: pam-devel
%if 0%{?suse_version} < 1001
BuildRequires: libcap
%else
BuildRequires: libcap-devel
%endif
-Version:2.3.4
-Release:1
+%if 0%{?suse_version} > 1140
+BuildRequires: systemd
+%endif
+Version:2.3.5
+Release:0
Summary:Very Secure FTP Daemon - Written from Scratch
-License:GPLv2+
+License:GPL-2.0+
Group: Productivity/Networking/Ftp/Servers
Url:https://security.appspot.com/vsftpd.html
Source: %name-%version.tar.gz
@@ -38,17 +40,19 @@
Source4:README.SUSE
Source5:%name.xml
Source6:%name.firewall
-Patch1: %name-2.0.4-lib64.diff
-Patch3: %name-2.0.4-xinetd.diff
-Patch4: %name-2.0.4-enable-ssl.patch
-Patch5: %name-2.0.4-dmapi.patch
-Patch6: %name-2.0.5-vuser.patch
-Patch7: %name-2.0.5-enable-debuginfo.patch
-Patch8: %name-2.0.5-utf8-log-names.patch
-Patch9: %name-2.0.4-conf.diff
+Source7:vsftpd.service
+Patch1: vsftpd-2.0.4-lib64.diff
+Patch3: vsftpd-2.0.4-xinetd.diff
+Patch4: vsftpd-2.0.4-enable-ssl.patch
+Patch5:
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2012-05-08 06:49:05
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
Package is "vsftpd", Maintainer is "mvysko...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2012-04-12
09:55:58.0 +0200
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2012-05-08
06:50:19.0 +0200
@@ -1,0 +2,7 @@
+Mon Apr 23 10:38:40 UTC 2012 - br...@aljex.com
+
+- fix building on 11.4 x86_64 and lower
+ * fix where, when, & how __USE_GNU gets #defined
+ * make seccomp optional and disable it on 10.3 and lower
+
+---
New:
vsftpd-3.0.0-optional-seccomp.patch
vsftpd-3.0.0_gnu_source_defines.patch
Other differences:
--
++ vsftpd.spec ++
--- /var/tmp/diff_new_pack.PJSjJK/_old 2012-05-08 06:50:21.0 +0200
+++ /var/tmp/diff_new_pack.PJSjJK/_new 2012-05-08 06:50:21.0 +0200
@@ -52,6 +52,8 @@
#PATCH-FIX-OPENSUSE: turn the seccomp_sanbox feature off by default
# revert it when seccomp feature will be in suse/vanilla kernel
Patch10:vsftpd-3.0.0-turn-seccomp-sandbox-off.patch
+Patch11:vsftpd-3.0.0_gnu_source_defines.patch
+Patch12:vsftpd-3.0.0-optional-seccomp.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Provides: ftp-server
PreReq: %insserv_prereq /usr/sbin/useradd
@@ -80,10 +82,16 @@
%patch8
%patch9
%patch10 -p1
+%patch11 -p1
+%patch12 -p1
%build
+%define seccomp_opts %{nil}
+%if 0%{?suse_version} > 1030
+%define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP
+%endif
rm -f dummyinc/sys/capability.h
-make CFLAGS="$RPM_OPT_FLAGS -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fPIE
-fstack-protector --param=ssp-buffer-size=4" \
+make CFLAGS="$RPM_OPT_FLAGS -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fPIE
-fstack-protector --param=ssp-buffer-size=4 %{seccomp_opts}" \
LDFLAGS="-fPIE -pie -Wl,-z,relro -Wl,-z,now" LINK=
%install
++ vsftpd-3.0.0-optional-seccomp.patch ++
--- vsftpd-3.0.0/seccompsandbox.c 2012-04-04 18:41:51.0 -0400
+++ vsftpd-3.0.0+/seccompsandbox.c 2012-04-23 06:06:00.0 -0400
@@ -10,7 +10,7 @@
#include "seccompsandbox.h"
-#if defined(__linux__) && defined(__x86_64__)
+#if defined(__linux__) && defined(__x86_64__) && defined(USE_SECCOMP)
#include "session.h"
#include "sysutil.h"
++ vsftpd-3.0.0_gnu_source_defines.patch ++
diff -aur vsftpd-3.0.0/sysdeputil.c vsftpd-3.0.0+/sysdeputil.c
--- vsftpd-3.0.0/sysdeputil.c 2010-03-25 23:25:33.0 -0400
+++ vsftpd-3.0.0+/sysdeputil.c 2012-04-23 04:39:39.0 -0400
@@ -60,7 +60,9 @@
#define VSF_SYSDEP_HAVE_LIBCAP
#define VSF_SYSDEP_HAVE_UTMPX
+#ifndef __USE_GNU
#define __USE_GNU
+#endif
#include
/* BEGIN config */
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2012-04-12 09:55:49
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
Package is "vsftpd", Maintainer is "mvysko...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2012-02-22
15:55:44.0 +0100
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2012-04-12
09:55:58.0 +0200
@@ -1,0 +2,51 @@
+Tue Apr 10 14:13:12 UTC 2012 - mvysko...@suse.cz
+
+- update to upstream 3.0.0:
+ * Make listen mode the default.
+ * Fix missing "const" in ssl.c
+ * Add seccompsandbox.c to support a seccomp filter sandbox; works against
+Ubuntu 12.04 ABI.
+ * Rearrange ftppolicy.c a bit so the syscall list is easily comparable with
+seccompsandbox.c
+ * Rename deprecated "sandbox" to "ptrace_sandbox".
+ * Add a few more state checks to the privileged helper processes.
+ * Add tunable "seccomp_sandbox", default on.
+ * Use hardened build flags.
+ * Retry creating a PASV socket upon port reuse race between bind() and
+listen(), patch from Ralph Wuerthner .
+ * Don't die() if recv() indicates a closed remote connection. Problem report
+on a Windows client from Herbert van den Bergh,
+.
+ * Add new config setting "allow_writeable_chroot" to help people in a bit of
+a spot with the v2.3.5 defensive change. Only applies to non-anonymous.
+ * Remove a couple of fixed things from BUGS.
+ * strlen() trunction fix -- no particular impact.
+ * Apply some tidyups from mmou...@yorku.ca.
+ * Fix delete_failed_uploads if there is a timeout. Report from Alejandro
+Hernández Hdez .
+ * Fix other data channel bugs such as failure to log failure upon timeout.
+ * Use exit codes a bit more consistently.
+ * Fix bad interaction between SSL and trans_chunk_size.
+ * Redo data timeout to fire properly for SSL sessions.
+ * Redo idle timeout to fire properly for SSL sessions.
+ * Make sure PROT_EXEC isn't allowed, thanks to Will Drewry for noticing.
+ * Use 10 minutes as a max linger time just in case an alarm gets lost.
+ * Change PR_SET_NO_NEW_PRIVS define, from Kees Cook.
+ * Add AES128-SHA to default SSL cipher suites for FileZilla compatibility.
+Unfortunately the default vsftpd SSL confiuration still doesn't fully work
with
+FileZilla, because FileZilla has a data connection security problem: no
client
+certificate presentation and no session reuse. At least the error message
is
+now very clear.
+ * Add restart_syscall to seccomp policy. Triggers reliably if you strace
whilst
+a data transfer is in progress.
+ * Fix delete_failed_uploads for anonymous sessions.
+ * Don't listen for urgent data if the control connection is SSL, due to
possible
+protocol synchronization issues.
+- SUSE specific changes:
+ * turn off the listen mode (listen=NO) by default and change README.SUSE
+ * merge new hardended flags for build and linking
+ * fix the wrong Type=forking from systemd service file
+ * turn off the seccomp_sandbox off by default as SUSE kernel does not support
+it (yet)
+
+---
Old:
vsftpd-2.3.5.tar.gz
New:
vsftpd-3.0.0-turn-seccomp-sandbox-off.patch
vsftpd-3.0.0.tar.gz
Other differences:
--
++ vsftpd.spec ++
--- /var/tmp/diff_new_pack.5GUCYl/_old 2012-04-12 09:55:59.0 +0200
+++ /var/tmp/diff_new_pack.5GUCYl/_new 2012-04-12 09:55:59.0 +0200
@@ -27,7 +27,7 @@
%if 0%{?suse_version} > 1140
BuildRequires: systemd
%endif
-Version:2.3.5
+Version:3.0.0
Release:0
Summary:Very Secure FTP Daemon - Written from Scratch
License:GPL-2.0+
@@ -49,6 +49,9 @@
Patch7: vsftpd-2.0.5-enable-debuginfo.patch
Patch8: vsftpd-2.0.5-utf8-log-names.patch
Patch9: vsftpd-2.3.5-conf.patch
+#PATCH-FIX-OPENSUSE: turn the seccomp_sanbox feature off by default
+# revert it when seccomp feature will be in suse/vanilla kernel
+Patch10:vsftpd-3.0.0-turn-seccomp-sandbox-off.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Provides: ftp-server
PreReq: %insserv_prereq /usr/sbin/useradd
@@ -76,11 +79,12 @@
%patch7
%patch8
%patch9
+%patch10 -p1
%build
rm -f dummyinc/sys/capability.h
-make CFLAGS="$RPM_OPT_FLAGS -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fPIE
-fstack-protector" \
- LDFLAGS="-pie" LINK=
+make CFLAGS="$RPM_OPT_FLAGS -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fPIE
-fstack-protector --param=ssp-buffer-size=4" \
+ LDFLAGS="-fPIE -pie -Wl,-z,relro -Wl,-z,now" LINK=
%install
mkdir -p $RPM_BUILD_ROOT/usr/sha
commit vsftpd for openSUSE:Factory
Hello community, here is the log from the commit of package vsftpd for openSUSE:Factory checked in at Fri Feb 25 11:57:14 CET 2011. --- vsftpd/vsftpd.changes 2010-09-21 18:40:38.0 +0200 +++ /mounts/work_src_done/STABLE/vsftpd/vsftpd.changes 2011-02-25 02:37:55.0 +0100 @@ -1,0 +2,9 @@ +Fri Feb 25 01:37:38 UTC 2011 - crrodrig...@opensuse.org + +- Update to 2.3.4 +- Avoid consuming excessive CPU when matching filenames to patterns. Thanks to +Maksymilian Arciemowicz . +- Some bugfixes from Raphaël Rigo -- good bugs but +no apparent security impact. + +--- calling whatdependson for head-i586 Old: vsftpd-2.3.2.tar.bz2 New: _service _service:download_url:vsftpd-2.3.4.tar.gz Other differences: -- ++ vsftpd.spec ++ --- /var/tmp/diff_new_pack.k5QE7P/_old 2011-02-25 11:56:38.0 +0100 +++ /var/tmp/diff_new_pack.k5QE7P/_new 2011-02-25 11:56:38.0 +0100 @@ -1,7 +1,7 @@ # -# spec file for package vsftpd (Version 2.3.2) +# spec file for package vsftpd # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,13 +25,13 @@ %else BuildRequires: libcap-devel %endif -Version:2.3.2 +Version:2.3.4 Release:1 Summary:Very Secure FTP Daemon - Written from Scratch License:GPLv2+ Group: Productivity/Networking/Ftp/Servers Url:http://vsftpd.beasts.org -Source: %name-%version.tar.bz2 +Source: %name-%version.tar.gz Source1:%name.pam Source2:%name.logrotate Source3:%name.init Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2013-07-22 14:56:49
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
Package is "vsftpd"
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2013-04-05
07:43:40.0 +0200
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2013-07-22
14:56:50.0 +0200
@@ -1,0 +2,7 @@
+Sat Jul 20 21:23:31 UTC 2013 - crrodrig...@opensuse.org
+
+- build with OPENSSL_NO_SSL_INTERN this hides internal struct
+ members or functions that if changed in future openssl versions
+ will break the ABI of the calling applications.
+
+---
Other differences:
--
++ vsftpd.spec ++
--- /var/tmp/diff_new_pack.rQOKn4/_old 2013-07-22 14:56:50.0 +0200
+++ /var/tmp/diff_new_pack.rQOKn4/_new 2013-07-22 14:56:50.0 +0200
@@ -104,7 +104,7 @@
%define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP
%endif
rm -f dummyinc/sys/capability.h
-make CFLAGS="$RPM_OPT_FLAGS -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fPIE
-fstack-protector --param=ssp-buffer-size=4 %{seccomp_opts}" \
+make CFLAGS="$RPM_OPT_FLAGS -DOPENSSL_NO_SSL_INTERN -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -fPIE -fstack-protector --param=ssp-buffer-size=4
%{seccomp_opts}" \
LDFLAGS="-fPIE -pie -Wl,-z,relro -Wl,-z,now" LINK=
%install
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2012-08-31 10:02:42
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
Package is "vsftpd", Maintainer is "mvysko...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2012-05-08
06:50:19.0 +0200
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2012-08-31
10:02:43.0 +0200
@@ -1,0 +2,6 @@
+Fri Aug 24 07:07:55 UTC 2012 - mvysko...@suse.cz
+
+- make seccomp sandbox enabled by default
+ * dropped vsftpd-3.0.0-turn-seccomp-sandbox-off.patch
+
+---
Old:
vsftpd-3.0.0-turn-seccomp-sandbox-off.patch
Other differences:
--
++ vsftpd.spec ++
--- /var/tmp/diff_new_pack.0eaZnT/_old 2012-08-31 10:02:45.0 +0200
+++ /var/tmp/diff_new_pack.0eaZnT/_new 2012-08-31 10:02:45.0 +0200
@@ -49,11 +49,8 @@
Patch7: vsftpd-2.0.5-enable-debuginfo.patch
Patch8: vsftpd-2.0.5-utf8-log-names.patch
Patch9: vsftpd-2.3.5-conf.patch
-#PATCH-FIX-OPENSUSE: turn the seccomp_sanbox feature off by default
-# revert it when seccomp feature will be in suse/vanilla kernel
-Patch10:vsftpd-3.0.0-turn-seccomp-sandbox-off.patch
-Patch11:vsftpd-3.0.0_gnu_source_defines.patch
-Patch12:vsftpd-3.0.0-optional-seccomp.patch
+Patch10:vsftpd-3.0.0_gnu_source_defines.patch
+Patch11:vsftpd-3.0.0-optional-seccomp.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Provides: ftp-server
PreReq: %insserv_prereq /usr/sbin/useradd
@@ -83,7 +80,6 @@
%patch9
%patch10 -p1
%patch11 -p1
-%patch12 -p1
%build
%define seccomp_opts %{nil}
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2012-11-20 20:19:24
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
Package is "vsftpd", Maintainer is "mvysko...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2012-10-24
10:24:24.0 +0200
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2012-11-20
20:19:27.0 +0100
@@ -1,0 +2,6 @@
+Tue Nov 20 09:21:17 UTC 2012 - dims...@opensuse.org
+
+- Fix useradd invocation: -o is useless without -u and newer
+ versions of pwdutils/shadowutils fail on this now.
+
+---
Other differences:
--
++ vsftpd.spec ++
--- /var/tmp/diff_new_pack.KbkXnP/_old 2012-11-20 20:19:28.0 +0100
+++ /var/tmp/diff_new_pack.KbkXnP/_new 2012-11-20 20:19:28.0 +0100
@@ -112,7 +112,7 @@
%endif
%pre
-/usr/sbin/useradd -r -o -g nogroup -s /bin/false -c "Secure FTP User" -d
/var/lib/empty ftpsecure 2> /dev/null || :
+/usr/sbin/useradd -r -g nogroup -s /bin/false -c "Secure FTP User" -d
/var/lib/empty ftpsecure 2> /dev/null || :
%if 0%{?suse_version} > 1140
%service_add_pre %{name}.service
%endif
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2012-12-19 13:42:31
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
Package is "vsftpd", Maintainer is "mvysko...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2012-11-20
20:19:27.0 +0100
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2012-12-19
13:42:33.0 +0100
@@ -1,0 +2,5 @@
+Tue Nov 20 17:19:03 CET 2012 - sbra...@suse.cz
+
+- Verify GPG signature.
+
+---
New:
vsftpd.keyring
Other differences:
--
++ vsftpd.spec ++
--- /var/tmp/diff_new_pack.FsJgCx/_old 2012-12-19 13:42:34.0 +0100
+++ /var/tmp/diff_new_pack.FsJgCx/_new 2012-12-19 13:42:34.0 +0100
@@ -17,6 +17,7 @@
Name: vsftpd
+BuildRequires: gpg-offline
BuildRequires: openssl-devel
BuildRequires: pam-devel
%if 0%{?suse_version} < 1001
@@ -41,6 +42,7 @@
Source5:%name.xml
Source6:%name.firewall
Source7:vsftpd.service
+Source9:%name.keyring
Source1000:
https://security.appspot.com/downloads/%{name}-%{version}.tar.gz.asc
Patch1: vsftpd-2.0.4-lib64.diff
Patch3: vsftpd-2.0.4-xinetd.diff
@@ -70,6 +72,7 @@
tests.
%prep
+%gpg_verify %{S:1000}
%setup -q
%patch1
%patch3
++ vsftpd.keyring ++
pub 1024D/3C0E751C 2004-06-29
uid Chris Evans
sub 1024g/0A9EB17D 2004-06-29
-BEGIN PGP PUBLIC KEY BLOCK-
Version: GnuPG v2.0.19 (GNU/Linux)
mQGiBEDh9hcRBACkPpPw2Pm4v6i+dQccbPAmiGyf6Hn7hHyKx25lJD7sK5vQ/L/w
7sKDLBF1JO76+9xN9UQb4emgmRW5T+tll4KD4uaTP1+bopg+RlRSD2S8MqAoYBE/
kUu1je49FNV3VyNHLvi77XkjHd4C0+hoZhnBK/OMo3FXo9vEWrFokXwCtwCgsgxn
USwXet4jojSt+//E7W6AYV8D/jUMh02PbxHhbCHYQnITB9aiaMQtCoeAlbj3HAQA
+ZgNxApZ6hbhE0I27i4MrGte3O/9l5j3V0rXltpNY9E6tm8HT2UeLc1m7aMCXy+0
IUrtQtuEx50jD3oaKbqix6UcBpDAZh+aeqTGansCHUHvlOuQQFO4vAPSr6aHPDmS
1Dc7A/9JImvSvwq5xbDQWpWMMvpQXkDgCqjkRnvqBHqoXXy7R8xEaYAqcRYVHCo4
hmVYyRXsdY7iPxQkugbLBAPTHq2ajWsZGmrJymVZP7FGz+Rn/j/XoGYrbdJ86fgs
XnydJY+/uBaS/A+P/+xeHByr4fqG2T60LUVXtwQP2oP/xYN8kbQkQ2hyaXMgRXZh
bnMgPGNocmlzQHNjYXJ5LmJlYXN0cy5vcmc+iF4EExECAB4FAkDh9hcCGwMGCwkI
BwMCAxUCAwMWAgECHgECF4AACgkQqmLsRjwOdRwHOACgp9BubQZNeDf+cbTyuhfo
+qEedNsAoJIde2sM6Waxd4utyNEGG4pQ3sKeuQENBEDh9h0QBACTJBc/TYG3jVRL
4dI0R1M42DqyaTpm+qDgIgZ6YoXMzw9Z7NiHZaVVrnxYN98mCsNvvevaVT6Jy8Rr
FWMf4jx82ulH6NWZ9rKu3V9CXK9VXxt03VAWK2mGaKWlb7QKuiAuxSSrWTFO9neL
wWAixHsL0w9l19grtn1eKW9e61wIawADBgP/ab8QxketqpzecJhsIr/XM3k2oeKH
mj2BhegIaZzMAqrdvqGIj0cVGpun0tcoB2w4J1S8PyhM0/1PDaTKT+U83Ewljghw
Z+J5KUzG8T5xz9Qi3MyG4GnDqCSwZ9gKN8gt354tVd1qioX+ur5rovfVw+21iciW
IENPG81Z/P+DJzSISQQYEQIACQUCQOH2HQIbDAAKCRCqYuxGPA51HJUGAJ9ynmOj
Hu3p4DUdukkZfSuqyJaAXgCbBxgmdB7hOfSIGyou31PfdaIeFqU=
=BKUG
-END PGP PUBLIC KEY BLOCK-
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2013-03-01 09:06:02
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
Package is "vsftpd", Maintainer is "mvysko...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2012-12-19
13:42:33.0 +0100
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2013-03-01
09:06:03.0 +0100
@@ -1,0 +2,6 @@
+Thu Feb 28 13:30:07 UTC 2013 - mvysko...@suse.com
+
+- add vsftpd-allow-dev-log-socket.patch (bnc#786024)
+ * whitelist /dev/log related socket syscall
+
+---
New:
vsftpd-allow-dev-log-socket.patch
Other differences:
--
++ vsftpd.spec ++
--- /var/tmp/diff_new_pack.22JKe5/_old 2013-03-01 09:06:04.0 +0100
+++ /var/tmp/diff_new_pack.22JKe5/_new 2013-03-01 09:06:04.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package vsftpd
#
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -54,6 +54,7 @@
Patch9: vsftpd-2.3.5-conf.patch
Patch10:vsftpd-3.0.0_gnu_source_defines.patch
Patch11:vsftpd-3.0.0-optional-seccomp.patch
+Patch12:vsftpd-allow-dev-log-socket.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Provides: ftp-server
PreReq: %insserv_prereq /usr/sbin/useradd
@@ -84,6 +85,7 @@
%patch9
%patch10 -p1
%patch11 -p1
+%patch12 -p1
%build
%define seccomp_opts %{nil}
++ vsftpd-allow-dev-log-socket.patch ++
From: mvysko...@suse.com
Subject: enable /dev/log related socket call
Linux-PAM try to open /dev/log, but as socket is not enabled in seccomp
sandbox, daemon is killed by SIGSYS. Because the attempt is made by process
with RLIMIT_NOFILE, the correct fix would be to test if we can open a new fd in
pam. Anyway I would say the risc is small, and other socket syscalls are
disabled.
Fixes: https://bugzilla.novell.com/show_bug.cgi?id=786024
Index: vsftpd-3.0.2/seccompsandbox.c
===
--- vsftpd-3.0.2.orig/seccompsandbox.c
+++ vsftpd-3.0.2/seccompsandbox.c
@@ -353,6 +353,15 @@ seccomp_sandbox_setup_prelogin(const str
{
allow_nr_1_arg_match(__NR_recvmsg, 3, 0);
}
+
+ //this is very probably an attempt to open /dev/log
+ //it fails because process cannot open any file, so it might be safe
+ //socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = -1 EMFILE (Too many open
files)
+ allow_nr_3_arg_match(__NR_socket,
+ 1, PF_FILE,
+ 2, SOCK_DGRAM | SOCK_CLOEXEC,
+ 3, 0);
+
}
void
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit vsftpd for openSUSE:Factory
Hello community, here is the log from the commit of package vsftpd for openSUSE:Factory checked in at 2013-03-07 07:35:30 Comparing /work/SRC/openSUSE:Factory/vsftpd (Old) and /work/SRC/openSUSE:Factory/.vsftpd.new (New) Package is "vsftpd", Maintainer is "mvysko...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2013-03-01 09:06:03.0 +0100 +++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2013-03-07 07:35:31.0 +0100 @@ -1,0 +2,6 @@ +Thu Feb 28 16:02:17 UTC 2013 - lnus...@suse.de + +- add isolate_network and seccomp_sandbox options to template to make them + easier to find (bnc#786024) + +--- Other differences: -- ++ vsftpd-2.3.5-conf.patch ++ --- /var/tmp/diff_new_pack.TOdHrP/_old 2013-03-07 07:35:33.0 +0100 +++ /var/tmp/diff_new_pack.TOdHrP/_new 2013-03-07 07:35:33.0 +0100 @@ -1,7 +1,7 @@ Index: vsftpd.conf === vsftpd.conf.orig 2011-12-17 19:24:40.0 +0100 -+++ vsftpd.conf2012-04-11 10:19:06.192238657 +0200 +--- vsftpd.conf.orig vsftpd.conf @@ -4,23 +4,89 @@ # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. @@ -98,7 +98,7 @@ # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. -@@ -30,15 +96,9 @@ +@@ -30,15 +96,9 @@ anonymous_enable=YES # new directories. #anon_mkdir_write_enable=YES # @@ -117,7 +117,7 @@ # # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using "root" for uploaded files is not -@@ -46,24 +106,51 @@ +@@ -46,24 +106,51 @@ connect_from_port_20=YES #chown_uploads=YES #chown_username=whoever # @@ -174,7 +174,7 @@ # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. -@@ -77,41 +164,29 @@ +@@ -77,41 +164,34 @@ connect_from_port_20=YES # predicted this attack and has always been safe, reporting the size of the # raw file. # ASCII mangling is a horrible feature of the protocol. @@ -231,3 +231,8 @@ +# Limit passive ports to this range to assis firewalling +pasv_min_port=3 +pasv_max_port=30100 ++ ++# security features that are incompatible with some other settings. Try to ++# uncomment if vsftpd dies with weird errors. ++#isolate_network=NO ++#seccomp_sandbox=NO -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2013-04-05 07:43:21
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
Package is "vsftpd", Maintainer is "mvysko...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2013-03-07
07:35:31.0 +0100
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2013-04-05
07:43:40.0 +0200
@@ -1,0 +2,18 @@
+Thu Apr 4 08:35:40 UTC 2013 - mvysko...@suse.com
+
+- add vsftpd-enable-dev-log-sendto.patch (bnc#812406#c1)
+ * this enabled a sendto on /dev/log socket when syslog is enabled
+- provide more verbose explanation about isolate_network and seccomp_sanbox in
+ config file template
+- don't install init file on openSUSE 13.1+
+- drop a build support for SL 10 and older
+
+---
+Fri Mar 29 13:15:46 UTC 2013 - mvysko...@suse.com
+
+- add vsftpd-drop-newpid-from-clone.patch (bnc#786024#c38)
+ * drop CLONE_NEWPID from clone to enable audit system
+- add vsftpd-enable-fcntl-f_setfl.patch (bnc#812406)
+ * unconditionally enable F_SETFL patch - might be safe to do
+
+---
New:
vsftpd-drop-newpid-from-clone.patch
vsftpd-enable-dev-log-sendto.patch
vsftpd-enable-fcntl-f_setfl.patch
Other differences:
--
++ vsftpd.spec ++
--- /var/tmp/diff_new_pack.9sFmFQ/_old 2013-04-05 07:43:55.0 +0200
+++ /var/tmp/diff_new_pack.9sFmFQ/_new 2013-04-05 07:43:55.0 +0200
@@ -16,15 +16,16 @@
#
+%global with_sysvinit 0
+%if 0%{?suse_version} < 1310
+%global with_sysvinit 1
+%endif
+
Name: vsftpd
BuildRequires: gpg-offline
+BuildRequires: libcap-devel
BuildRequires: openssl-devel
BuildRequires: pam-devel
-%if 0%{?suse_version} < 1001
-BuildRequires: libcap
-%else
-BuildRequires: libcap-devel
-%endif
%if 0%{?suse_version} > 1140
BuildRequires: systemd
%endif
@@ -54,7 +55,14 @@
Patch9: vsftpd-2.3.5-conf.patch
Patch10:vsftpd-3.0.0_gnu_source_defines.patch
Patch11:vsftpd-3.0.0-optional-seccomp.patch
+#PATCH-FIX-OPENSUSE: bnc#786024
Patch12:vsftpd-allow-dev-log-socket.patch
+#PATCH-FIX-OPENSUSE: bnc#786024, second issue with pam_login_acct
+Patch13:vsftpd-drop-newpid-from-clone.patch
+#PATCH-FIX-OPENSUSE: bnc#812406
+Patch14:vsftpd-enable-fcntl-f_setfl.patch
+#PATCH-FIX-OPENSUSE: bnc#812406
+Patch15:vsftpd-enable-dev-log-sendto.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Provides: ftp-server
PreReq: %insserv_prereq /usr/sbin/useradd
@@ -86,6 +94,9 @@
%patch10 -p1
%patch11 -p1
%patch12 -p1
+%patch13 -p1
+%patch14 -p1
+%patch15 -p1
%build
%define seccomp_opts %{nil}
@@ -106,8 +117,12 @@
install -D -m 644 $RPM_SOURCE_DIR/%name.logrotate
$RPM_BUILD_ROOT/etc/logrotate.d/%name
install -D -m 644 %name.conf.5 $RPM_BUILD_ROOT/%_mandir/man5/%name.conf.5
install -D -m 644 %name.8 $RPM_BUILD_ROOT/%_mandir/man8/%name.8
+%if %{with_sysvinit}
install -D -m 755 %SOURCE3 $RPM_BUILD_ROOT/etc/init.d/%name
ln -sf ../../etc/init.d/%name $RPM_BUILD_ROOT/%_prefix/sbin/rc%name
+%else
+ln -sf ../../sbin/service $RPM_BUILD_ROOT/%{_prefix}/sbin/rc%{name}
+%endif
install -d $RPM_BUILD_ROOT/%_datadir/omc/svcinfo.d/
install -D -m 644 %SOURCE5 $RPM_BUILD_ROOT/%_datadir/omc/svcinfo.d/
install -d $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/
@@ -123,20 +138,29 @@
%endif
%preun
+if [ -e /etc/init.d/%{name} ]; then
%stop_on_removal %name
+fi
+
%if 0%{?suse_version} > 1140
%service_del_preun %{name}.service
%endif
%post
+%if %{with_sysvinit}
%{fillup_and_insserv -f %{name}}
+%endif
+
%if 0%{?suse_version} > 1140
%service_add_post %{name}.service
%endif
%postun
+%if %{with_sysvinit}
%insserv_cleanup
%restart_on_update %name
+%endif
+
%if 0%{?suse_version} > 1140
%service_del_postun %{name}.service
%endif
@@ -151,7 +175,9 @@
%endif
/usr/sbin/%name
/usr/sbin/rc%name
+%if %{with_sysvinit}
%config /etc/init.d/%name
+%endif
%_datadir/omc/svcinfo.d/vsftpd.xml
%dir /usr/share/empty
%config(noreplace) /etc/xinetd.d/%name
++ vsftpd-2.3.5-conf.patch ++
--- /var/tmp/diff_new_pack.9sFmFQ/_old 2013-04-05 07:43:55.0 +0200
+++ /var/tmp/diff_new_pack.9sFmFQ/_new 2013-04-05 07:43:55.0 +0200
@@ -174,7 +174,7 @@
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
-@@ -77,41 +164,34 @@ connect_from_port_20=YES
+@@ -77,41 +164,46 @@ connect_from_
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2012-10-24 07:19:35
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
Package is "vsftpd", Maintainer is "mvysko...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2012-08-31
10:02:43.0 +0200
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2012-10-24
10:24:24.0 +0200
@@ -1,0 +2,17 @@
+Mon Oct 22 13:38:57 UTC 2012 - mvysko...@suse.com
+
+- update to 3.0.2 (bnc#786024)
+ * Fix some seccomp related build errors on certain CentOS and Debian
versions.
+ * Seccomp filter sandbox: missing munmap() -- oops. Did you know that qsort()
+ opens and maps /proc/meminfo but only for larger item counts?
+ * Seccomp filter sandbox: deny socket() gracefully for text_userdb_names.
+ * Fix various NULL crashes with nonsensical config settings. Noted by Tianyin
+ Xu .
+ * Force cast to unsigned char in is* char functions.
+ * Fix harmless integer issues in strlist.c.
+ * Started on a (possibly ill-advised?) crusade to compile cleanly with
+ Wconversion. Decided to suspend the effort half-way through.
+ * One more seccomp policy fix: mremap (denied).
+ * Support STOU with no filename, uses a STOU. prefix.
+
+---
Old:
vsftpd-3.0.0.tar.gz
New:
vsftpd-3.0.2.tar.gz
vsftpd-3.0.2.tar.gz.asc
Other differences:
--
++ vsftpd.spec ++
--- /var/tmp/diff_new_pack.SGqW67/_old 2012-10-24 10:24:30.0 +0200
+++ /var/tmp/diff_new_pack.SGqW67/_new 2012-10-24 10:24:30.0 +0200
@@ -27,13 +27,13 @@
%if 0%{?suse_version} > 1140
BuildRequires: systemd
%endif
-Version:3.0.0
+Version:3.0.2
Release:0
Summary:Very Secure FTP Daemon - Written from Scratch
License:GPL-2.0+
Group: Productivity/Networking/Ftp/Servers
Url:https://security.appspot.com/vsftpd.html
-Source: %name-%version.tar.gz
+Source0:
https://security.appspot.com/downloads/%{name}-%{version}.tar.gz
Source1:%name.pam
Source2:%name.logrotate
Source3:%name.init
@@ -41,6 +41,7 @@
Source5:%name.xml
Source6:%name.firewall
Source7:vsftpd.service
+Source1000:
https://security.appspot.com/downloads/%{name}-%{version}.tar.gz.asc
Patch1: vsftpd-2.0.4-lib64.diff
Patch3: vsftpd-2.0.4-xinetd.diff
Patch4: vsftpd-2.0.4-enable-ssl.patch
++ vsftpd-3.0.0.tar.gz -> vsftpd-3.0.2.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/vsftpd-3.0.0/Changelog new/vsftpd-3.0.2/Changelog
--- old/vsftpd-3.0.0/Changelog 2012-04-05 04:57:54.0 +0200
+++ new/vsftpd-3.0.2/Changelog 2012-09-18 12:03:15.0 +0200
@@ -1323,3 +1323,23 @@
At this point: v3.0.0 released!
===
+
+- Fix some seccomp related build errors on certain CentOS and Debian versions.
+- Seccomp filter sandbox: missing munmap() -- oops. Did you know that qsort()
+opens and maps /proc/meminfo but only for larger item counts?
+- Seccomp filter sandbox: deny socket() gracefully for text_userdb_names.
+- Fix various NULL crashes with nonsensical config settings. Noted by Tianyin
Xu
+.
+- Force cast to unsigned char in is* char functions.
+- Fix harmless integer issues in strlist.c.
+- Started on a (possibly ill-advised?) crusade to compile cleanly with
+Wconversion. Decided to suspend the effort half-way through.
+
+At this point: v3.0.1 released!
+===
+
+- One more seccomp policy fix: mremap (denied).
+- Support STOU with no filename, uses a STOU. prefix.
+
+At this point: v3.0.2 released!
+===
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/vsftpd-3.0.0/README new/vsftpd-3.0.2/README
--- old/vsftpd-3.0.0/README 2012-01-06 00:17:47.0 +0100
+++ new/vsftpd-3.0.2/README 2012-09-18 12:02:27.0 +0200
@@ -1,4 +1,4 @@
-This is vsftpd, version 3.0.0
+This is vsftpd, version 3.0.2
Author: Chris Evans
Contact: scarybea...@gmail.com
Website: http://vsftpd.beasts.org/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/vsftpd-3.0.0/banner.c new/vsftpd-3.0.2/banner.c
--- old/vsftpd-3.0.0/banner.c 2008-02-02 02:30:41.0 +0100
+++ new/vsftpd-3.0.2/banner.c 2012-09-16 06:14:33.0 +0200
@@ -53,8 +53,11 @@
*/
{
struct mystr msg_file_str = INIT_MYSTR;
- (void) str_fileread(&msg_file_str, tunable_message_file,
-
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2015-04-22 01:13:40
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
Package is "vsftpd"
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2015-04-07
09:28:56.0 +0200
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2015-04-22
01:13:42.0 +0200
@@ -1,0 +2,6 @@
+Fri Apr 17 16:35:14 UTC 2015 - tchva...@suse.com
+
+- Fix hide_file option wrt bnc#927612:
+ * vsftpd-path-normalize.patch
+
+---
Other differences:
--
++ vsftpd-path-normalize.patch ++
--- /var/tmp/diff_new_pack.HHNsGW/_old 2015-04-22 01:13:43.0 +0200
+++ /var/tmp/diff_new_pack.HHNsGW/_new 2015-04-22 01:13:43.0 +0200
@@ -116,11 +116,48 @@
if (do_stat)
{
/* lstat() the file. Of course there's a race condition - the
-@@ -249,6 +249,7 @@ vsf_filename_passes_filter(const struct
+@@ -239,6 +239,7 @@ vsf_filename_passes_filter(const struct
+* for /a/?/c will not.
+*/
+ struct mystr filter_remain_str = INIT_MYSTR;
++ struct mystr basic_name_str = INIT_MYSTR;
+ struct mystr name_remain_str = INIT_MYSTR;
+ struct mystr temp_str = INIT_MYSTR;
+ struct mystr brace_list_str = INIT_MYSTR;
+@@ -249,27 +250,29 @@ vsf_filename_passes_filter(const struct
int matched = 0;
str_copy(&filter_remain_str, p_filter_str);
-+ str_normalize_filepath(p_filename_str);
++ str_copy(&basic_name_str, p_filename_str);
++ str_normalize_filepath(&basic_name_str);
- if (!str_isempty (&filter_remain_str) && !str_isempty(p_filename_str)) {
+- if (!str_isempty (&filter_remain_str) && !str_isempty(p_filename_str)) {
++ if (!str_isempty (&filter_remain_str) && !str_isempty(&basic_name_str)) {
if (str_get_char_at(p_filter_str, 0) == '/') {
+- if (str_get_char_at(p_filename_str, 0) != '/') {
++ if (str_get_char_at(&basic_name_str, 0) != '/') {
+ str_getcwd (&name_remain_str);
+
+ if (str_getlen(&name_remain_str) > 1) /* cwd != root dir */
+ str_append_char (&name_remain_str, '/');
+
+-str_append_str (&name_remain_str, p_filename_str);
++str_append_str (&name_remain_str, &basic_name_str);
+ }
+ else
+- str_copy (&name_remain_str, p_filename_str);
++ str_copy (&name_remain_str, &basic_name_str);
+ } else {
+ if (str_get_char_at(p_filter_str, 0) != '{')
+-str_basename (&name_remain_str, p_filename_str);
++str_basename (&name_remain_str, &basic_name_str);
+ else
+-str_copy (&name_remain_str, p_filename_str);
++str_copy (&name_remain_str, &basic_name_str);
+ }
+ } else
+-str_copy(&name_remain_str, p_filename_str);
++str_copy(&name_remain_str, &basic_name_str);
+
+ while (!str_isempty(&filter_remain_str) && *iters < VSFTP_MATCHITERS_MAX)
+ {
commit vsftpd for openSUSE:Factory
Hello community, here is the log from the commit of package vsftpd for openSUSE:Factory checked in at 2015-09-19 06:53:10 Comparing /work/SRC/openSUSE:Factory/vsftpd (Old) and /work/SRC/openSUSE:Factory/.vsftpd.new (New) Package is "vsftpd" Changes: --- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2015-07-02 22:45:28.0 +0200 +++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2015-09-19 06:53:10.0 +0200 @@ -1,0 +2,33 @@ +Tue Sep 8 10:57:55 UTC 2015 - tchva...@suse.com + +- Version bump to 3.0.3: + * Increase VSFTP_AS_LIMIT to 200MB; various reports. + * Make the PWD response more RFC compliant; report from Barry Kelly +. + * Remove the trailing period from EPSV response to work around BT Internet +issues; report from Tim Bishop . + * Fix syslog_enable issues vs. seccomp filtering. Report from Michal Vyskocil +. At least, syslogging seems to work on my Fedora now. + * Allow gettimeofday() in the seccomp sandbox. I can't repro failures, but I +probably have a different distro / libc / etc. and there are multiple reports. + * Some kernels support PR_SET_NO_NEW_PRIVS but not PR_SET_SECCOMP, so handle +this case gracefully. Report from Vasily Averin . + * List the TLS1.2 cipher AES128-GCM-SHA256 as first preference by default. + * Make some compile-time SSL defaults (such as correct client shutdown +handling) stricter. + * Disable Nagle algorithm during SSL data connection shutdown, to avoid 200ms +delays. From Tim Kosse . + * Kill the FTP session if we see HTTP protocol commands, to avoid +cross-protocol attacks. A report from Jann Horn . + * Kill the FTP session if we see session re-use failure. A report from +Tim Kosse . + * Enable ECDHE, Tim Kosse . + * Default cipher list is now just ECDHE-RSA-AES256-GCM-SHA384. + * Minor SSL logging improvements. + * Un-default tunable_strict_ssl_write_shutdown again. We still have +tunable_strict_ssl_read_eof defaulted now, which is the important one to prove +upload integrity. +- Drop patch vsftpd-allow-dev-log-socket.patch should be included + upstream, se above bullet with mvyskocil's email + +--- Old: vsftpd-3.0.2.tar.gz vsftpd-3.0.2.tar.gz.asc vsftpd-allow-dev-log-socket.patch New: vsftpd-3.0.3.tar.gz vsftpd-3.0.3.tar.gz.asc Other differences: -- ++ vsftpd.spec ++ --- /var/tmp/diff_new_pack.A3hBd6/_old 2015-09-19 06:53:11.0 +0200 +++ /var/tmp/diff_new_pack.A3hBd6/_new 2015-09-19 06:53:11.0 +0200 @@ -17,7 +17,7 @@ Name: vsftpd -Version:3.0.2 +Version:3.0.3 Release:0 Summary:Very Secure FTP Daemon - Written from Scratch License:SUSE-GPL-2.0-with-openssl-exception @@ -44,8 +44,6 @@ Patch9: vsftpd-2.3.5-conf.patch Patch10:vsftpd-3.0.0_gnu_source_defines.patch Patch11:vsftpd-3.0.0-optional-seccomp.patch -#PATCH-FIX-OPENSUSE: bnc#786024 -Patch12:vsftpd-allow-dev-log-socket.patch #PATCH-FIX-OPENSUSE: bnc#786024, second issue with pam_login_acct Patch13:vsftpd-drop-newpid-from-clone.patch #PATCH-FIX-OPENSUSE: bnc#812406 @@ -96,7 +94,6 @@ %patch9 %patch10 -p1 %patch11 -p1 -%patch12 -p1 %patch13 -p1 %patch14 -p1 %patch15 -p1 ++ vsftpd-3.0.2.tar.gz -> vsftpd-3.0.3.tar.gz ++ Files old/vsftpd-3.0.2/.ftpcmdio.h.swp and new/vsftpd-3.0.3/.ftpcmdio.h.swp differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vsftpd-3.0.2/Changelog new/vsftpd-3.0.3/Changelog --- old/vsftpd-3.0.2/Changelog 2012-09-18 12:03:15.0 +0200 +++ new/vsftpd-3.0.3/Changelog 2015-07-23 08:01:55.0 +0200 @@ -1343,3 +1343,35 @@ At this point: v3.0.2 released! === + +- Increase VSFTP_AS_LIMIT to 200MB; various reports. +- Make the PWD response more RFC compliant; report from Barry Kelly +. +- Remove the trailing period from EPSV response to work around BT Internet +issues; report from Tim Bishop . +- Fix syslog_enable issues vs. seccomp filtering. Report from Michal Vyskocil +. At least, syslogging seems to work on my Fedora now. +- Allow gettimeofday() in the seccomp sandbox. I can't repro failures, but I +probably have a different distro / libc / etc. and there are multiple reports. +- Some kernels support PR_SET_NO_NEW_PRIVS but not PR_SET_SECCOMP, so handle +this case gracefully. Report from Vasily Averin . +- List the TLS1.2 cipher AES128-GCM-SHA256 as first preference by default. +- Make some compile-time SSL defaults (such as correct client shutdown +handling) stricter. +- Disable Nagle algorithm during SSL data connection shutdown, to av
commit vsftpd for openSUSE:Factory
Hello community, here is the log from the commit of package vsftpd for openSUSE:Factory checked in at 2015-07-02 22:45:27 Comparing /work/SRC/openSUSE:Factory/vsftpd (Old) and /work/SRC/openSUSE:Factory/.vsftpd.new (New) Package is "vsftpd" Changes: --- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2015-04-22 01:13:42.0 +0200 +++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2015-07-02 22:45:28.0 +0200 @@ -1,0 +2,6 @@ +Tue Jun 23 08:51:32 UTC 2015 - tchva...@suse.com + +- Fix logrotate script to not fail when vsftpd is not running, + bnc#935279 + +--- Other differences: -- ++ vsftpd.logrotate ++ --- /var/tmp/diff_new_pack.CRUfFC/_old 2015-07-02 22:45:29.0 +0200 +++ /var/tmp/diff_new_pack.CRUfFC/_new 2015-07-02 22:45:29.0 +0200 @@ -9,6 +9,6 @@ create 600 root root sharedscripts postrotate - /sbin/killproc -HUP /usr/sbin/vsftpd + pgrep vsftpd && killall -HUP vsftpd || exit 0 endscript }
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2015-10-14 16:38:04
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
Package is "vsftpd"
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2015-09-19
06:53:10.0 +0200
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2015-10-14
16:38:05.0 +0200
@@ -1,0 +2,10 @@
+Mon Sep 21 11:34:46 UTC 2015 - tchva...@suse.com
+
+- Clean-up the init.d support to be bit more readable and add missing dep
+
+---
+Mon Sep 21 11:14:59 UTC 2015 - joop.boo...@opensuse.org
+
+- Brought back additional systemv support so it also builds for SLES 10 and 11
+
+---
New:
vsftpd.init
Other differences:
--
++ vsftpd.spec ++
--- /var/tmp/diff_new_pack.WYONwR/_old 2015-10-14 16:38:06.0 +0200
+++ /var/tmp/diff_new_pack.WYONwR/_new 2015-10-14 16:38:06.0 +0200
@@ -16,6 +16,11 @@
#
+%if 0%{?suse_version} > 1210
+%global with_systemd 1
+%else
+%global with_systemd 0
+%endif
Name: vsftpd
Version:3.0.3
Release:0
@@ -26,6 +31,7 @@
Source0:
https://security.appspot.com/downloads/%{name}-%{version}.tar.gz
Source1:%{name}.pam
Source2:%{name}.logrotate
+Source3:%{name}.init
Source4:README.SUSE
Source5:%{name}.xml
Source6:%{name}.firewall
@@ -64,12 +70,16 @@
BuildRequires: libcap-devel
BuildRequires: openssl-devel
BuildRequires: pam-devel
-BuildRequires: systemd
Requires: logrotate
Requires(pre): %{_sbindir}/useradd
Provides: ftp-server
BuildRoot: %{_tmppath}/%{name}-%{version}-build
+%if %{with_systemd}
+BuildRequires: systemd
%{?systemd_requires}
+%else
+Requires(post): %insserv_prereq
+%endif
%description
Vsftpd is an FTP server, or daemon. The "vs" stands for Very Secure.
@@ -121,10 +131,15 @@
install -D -m 644 $RPM_SOURCE_DIR/%{name}.logrotate
%{buildroot}%{_sysconfdir}/logrotate.d/%{name}
install -D -m 644 %{name}.conf.5 %{buildroot}/%{_mandir}/man5/%{name}.conf.5
install -D -m 644 %{name}.8 %{buildroot}/%{_mandir}/man8/%{name}.8
+%if %{with_systemd}
ln -sf service %{buildroot}/%{_sbindir}/rc%{name}
install -D -m 0644 %{SOURCE7} %{buildroot}/%{_unitdir}/%{name}.service
install -D -m 0644 %{SOURCE8} %{buildroot}/%{_unitdir}/%{name}@.service
install -D -m 0644 %{SOURCE10} %{buildroot}/%{_unitdir}/%{name}.socket
+%else
+install -D -m 755 %{SOURCE3} %{buildroot}%{_initddir}/%{name}
+ln -sf %{_initddir}/%{name} %{buildroot}/%{_sbindir}/rc%{name}
+%endif
install -d %{buildroot}/%{_datadir}/omc/svcinfo.d/
install -D -m 644 %{SOURCE5} %{buildroot}/%{_datadir}/omc/svcinfo.d/
install -d %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/
@@ -132,22 +147,42 @@
%pre
%{_sbindir}/useradd -r -g nogroup -s /bin/false -c "Secure FTP User" -d
%{_localstatedir}/lib/empty ftpsecure 2> /dev/null || :
+%if %{with_systemd}
%service_add_pre %{name}.service %{name}@.service %{name}.socket
+%endif
%preun
+%if %{with_systemd}
%service_del_preun %{name}.service %{name}@.service %{name}.socket
+%else
+%stop_on_removal %{name}
+%endif
%post
+%if %{with_systemd}
%service_add_post %{name}.service %{name}@.service %{name}.socket
+%else
+%insserv_cleanup
+%restart_on_update %{name}
+%endif
%postun
+%if %{with_systemd}
%service_del_postun %{name}.service %{name}@.service %{name}.socket
+%else
+%insserv_cleanup
+%restart_on_update %{name}
+%endif
%files
%defattr(-,root,root)
+%if %{with_systemd}
%{_unitdir}/%{name}.service
%{_unitdir}/%{name}.socket
%{_unitdir}/%{name}@.service
+%else
+%{_initddir}/%{name}
+%endif
%{_sbindir}/%{name}
%{_sbindir}/rc%{name}
%{_datadir}/omc/svcinfo.d/vsftpd.xml
++ vsftpd.init ++
#! /bin/sh
# Copyright (c) 1995-2005 SUSE Linux GmbH, Nuernberg, Germany.
# All rights reserved.
#
# Author: Mads Martin Joergensen
#
# /etc/init.d/vsftpd
# and its symbolic link
# /usr/sbin/rcvsftpd
#
#This program is free software; you can redistribute it and/or modify
#it under the terms of the GNU General Public License as published by
#the Free Software Foundation; either version 2 of the License, or
#(at your option) any later version.
#
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
#GNU General Public License for more details.
#
#You should have received a copy of the GNU General Publi
commit vsftpd for openSUSE:Factory
Hello community, here is the log from the commit of package vsftpd for openSUSE:Factory checked in at 2016-09-05 21:12:24 Comparing /work/SRC/openSUSE:Factory/vsftpd (Old) and /work/SRC/openSUSE:Factory/.vsftpd.new (New) Package is "vsftpd" Changes: --- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2016-08-16 13:02:20.0 +0200 +++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2016-09-05 21:12:26.0 +0200 @@ -1,0 +2,6 @@ +Wed Aug 31 17:21:04 UTC 2016 - dims...@opensuse.org + +- Extend vsftpd-2.0.4-lib64.diff to also find libcap.so.* in + /usr/lib64. + +--- Other differences: -- ++ vsftpd-2.0.4-lib64.diff ++ --- /var/tmp/diff_new_pack.VWEOvJ/_old 2016-09-05 21:12:27.0 +0200 +++ /var/tmp/diff_new_pack.VWEOvJ/_new 2016-09-05 21:12:27.0 +0200 @@ -1,8 +1,8 @@ Index: vsf_findlibs.sh === vsf_findlibs.sh.orig 2012-04-10 16:09:50.571389404 +0200 -+++ vsf_findlibs.sh2012-04-10 16:09:53.709496934 +0200 -@@ -14,6 +14,7 @@ +--- vsf_findlibs.sh.orig vsf_findlibs.sh +@@ -14,6 +14,7 @@ fi # crypt library. if find_func pam_start sysdeputil.o; then locate_library /lib/libpam.so.0 && echo "/lib/libpam.so.0"; @@ -10,7 +10,7 @@ locate_library /usr/lib/libpam.so && echo "-lpam"; locate_library /usr/lib64/libpam.so && echo "-lpam"; locate_library /lib/x86_64-linux-gnu/libpam.so.0 && echo "-lpam"; -@@ -23,6 +24,7 @@ +@@ -23,6 +24,7 @@ if find_func pam_start sysdeputil.o; the locate_library /usr/lib/libpam.a && echo "-lpam"; else locate_library /lib/libcrypt.so && echo "-lcrypt"; @@ -18,3 +18,11 @@ locate_library /usr/lib/libcrypt.so && echo "-lcrypt"; locate_library /usr/lib64/libcrypt.so && echo "-lcrypt"; locate_library /lib/x86_64-linux-gnu/libcrypt.so && echo "-lcrypt"; +@@ -54,6 +56,7 @@ elif locate_library /lib/libcap.so.2; th + echo "/lib/libcap.so.2"; + else + locate_library /usr/lib/libcap.so && echo "-lcap"; ++ locate_library /usr/lib64/libcap.so && echo "-lcap"; + locate_library /lib/libcap.so && echo "-lcap"; + locate_library /lib64/libcap.so && echo "-lcap"; + fi
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2016-03-16 10:26:34
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
Package is "vsftpd"
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2015-10-14
16:38:05.0 +0200
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2016-03-16
10:26:35.0 +0100
@@ -1,0 +2,9 @@
+Thu Mar 10 18:15:03 UTC 2016 - jce...@suse.com
+
+- Fix memory leaks in ls.c bnc#968138
+ * Add patch vsftpd-ls-memleak.patch
+ * Update patch vsftpd-path-normalize.patch
+- Fix wildcard ? matching bnc#969411
+ * Update patch vsftpd-2.3.4-sqb.patch
+
+---
New:
vsftpd-ls-memleak.patch
Other differences:
--
++ vsftpd.spec ++
--- /var/tmp/diff_new_pack.XZX0ap/_old 2016-03-16 10:26:36.0 +0100
+++ /var/tmp/diff_new_pack.XZX0ap/_new 2016-03-16 10:26:36.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package vsftpd
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -67,6 +67,7 @@
Patch20:vsftpd-2.2.0-wildchar.patch
Patch21:vsftpd-2.3.4-sqb.patch
Patch22:vsftpd-path-normalize.patch
+Patch23:vsftpd-ls-memleak.patch
BuildRequires: libcap-devel
BuildRequires: openssl-devel
BuildRequires: pam-devel
@@ -114,6 +115,7 @@
%patch20 -p1
%patch21 -p1
%patch22 -p1
+%patch23 -p1
%build
%define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP
++ vsftpd-2.3.4-sqb.patch ++
--- /var/tmp/diff_new_pack.XZX0ap/_old 2016-03-16 10:26:36.0 +0100
+++ /var/tmp/diff_new_pack.XZX0ap/_new 2016-03-16 10:26:36.0 +0100
@@ -1,7 +1,8 @@
-diff -up vsftpd-3.0.2/ls.c.sqb vsftpd-3.0.2/ls.c
vsftpd-3.0.2/ls.c.sqb 2014-07-04 09:55:57.899506894 +0200
-+++ vsftpd-3.0.2/ls.c 2014-07-04 09:58:02.187569017 +0200
-@@ -246,7 +246,7 @@ vsf_filename_passes_filter(const struct
+Index: vsftpd-2.0.7/ls.c
+===
+--- vsftpd-2.0.7.orig/ls.c
vsftpd-2.0.7/ls.c
+@@ -243,7 +243,7 @@ vsf_filename_passes_filter(const struct
int ret = 0;
char last_token = 0;
int must_match_at_current_pos = 1;
@@ -10,7 +11,7 @@
str_copy(&filter_remain_str, p_filter_str);
-@@ -276,7 +276,7 @@ vsf_filename_passes_filter(const struct
+@@ -273,7 +273,7 @@ vsf_filename_passes_filter(const struct
static struct mystr s_match_needed_str;
/* Locate next special token */
struct str_locate_result locate_result =
@@ -19,104 +20,93 @@
(*iters)++;
/* Isolate text leading up to token (if any) - needs to be matched */
if (locate_result.found)
-@@ -294,94 +294,172 @@ vsf_filename_passes_filter(const struct
+@@ -291,8 +291,14 @@ vsf_filename_passes_filter(const struct
str_empty(&filter_remain_str);
last_token = 0;
}
--if (!str_isempty(&s_match_needed_str))
--{
-- /* Need to match something.. could be a match which has to start at
-- * current position, or we could allow it to start anywhere
-- */
-- unsigned int indexx;
-- locate_result = str_locate_str(&name_remain_str, &s_match_needed_str);
-- if (!locate_result.found)
+
+matched = 0;
-+do {
-+ if (!str_isempty(&s_match_needed_str))
+ if (!str_isempty(&s_match_needed_str))
+ {
++ if (!matched)
++ {
++matched = 1;
++ }
+ /* Need to match something.. could be a match which has to start at
+* current position, or we could allow it to start anywhere
+*/
+@@ -344,13 +350,20 @@ vsf_filename_passes_filter(const struct
+ must_match_at_current_pos = 1;
+ if (end_brace.found)
{
--/* Fail */
--goto out;
-+if (!matched)
-+{
-+ matched = 1;
-+}
-+/* Need to match something.. could be a match which has to start at
-+ * current position, or we could allow it to start anywhere
-+ */
-+unsigned int indexx;
-+locate_result = str_locate_str(&name_remain_str, &s_match_needed_str);
-+if (!locate_result.found)
-+{
-+ /* Fail */
-+ goto out;
-+}
-+indexx = locate_result.index;
-+if (must_match_at_current_pos && indexx > 0)
-+{
-+ goto out;
-+}
-+if (!must_match_at_current_pos && last_token == 0)
-+{
-+ struct mystr l
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2017-05-10 20:32:31
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
Package is "vsftpd"
Wed May 10 20:32:31 2017 rev:59 rq:492476 version:3.0.3
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2016-09-27
13:41:11.0 +0200
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2017-05-10
20:32:35.750569152 +0200
@@ -1,0 +2,5 @@
+Tue May 2 14:20:06 CEST 2017 - ku...@suse.de
+
+- Adjust to new system user/group RPMs
+
+---
Other differences:
--
++ vsftpd.spec ++
--- /var/tmp/diff_new_pack.ELDQ1A/_old 2017-05-10 20:32:38.186225521 +0200
+++ /var/tmp/diff_new_pack.ELDQ1A/_new 2017-05-10 20:32:38.186225521 +0200
@@ -1,7 +1,7 @@
#
# spec file for package vsftpd
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -75,6 +75,9 @@
BuildRequires: pam-devel
Requires: logrotate
Requires(pre): shadow
+%if 0%{?suse_version} >= 1330
+Requires(pre): group(nobody)
+%endif
Provides: ftp-server
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if %{with_systemd}
@@ -150,7 +153,7 @@
install -m 644 %{SOURCE6}
%{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
%pre
-getent passwd ftpsecure >/dev/null || useradd -r -g nogroup -s /bin/false -c
"Secure FTP User" -d %{_localstatedir}/lib/empty ftpsecure
+getent passwd ftpsecure >/dev/null || useradd -r -g nobody -s /bin/false -c
"Secure FTP User" -d %{_localstatedir}/lib/empty ftpsecure
%if %{with_systemd}
%service_add_pre %{name}.service %{name}@.service %{name}.socket
%endif
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2015-02-27 11:03:46
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
Package is "vsftpd"
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2015-01-09
01:11:17.0 +0100
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2015-02-27
11:03:47.0 +0100
@@ -1,0 +2,7 @@
+Fri Feb 20 12:13:42 UTC 2015 - tchva...@suse.com
+
+- Add service calls for other unit files too
+- Udate filter patch to work as expected:
+ * vsftpd-2.1.0-filter.patch
+
+---
@@ -5 +12 @@
- from fedora. bnc#900326
+ from fedora. bnc#900326 bnc#915522 CVE-2015-1419
Other differences:
--
++ vsftpd.spec ++
--- /var/tmp/diff_new_pack.NTKCN5/_old 2015-02-27 11:03:48.0 +0100
+++ /var/tmp/diff_new_pack.NTKCN5/_new 2015-02-27 11:03:48.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package vsftpd
#
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -129,16 +129,16 @@
%pre
%{_sbindir}/useradd -r -g nogroup -s /bin/false -c "Secure FTP User" -d
%{_localstatedir}/lib/empty ftpsecure 2> /dev/null || :
-%service_add_pre %{name}.service
+%service_add_pre %{name}.service %{name}@.service %{name}.socket
%preun
-%service_del_preun %{name}.service
+%service_del_preun %{name}.service %{name}@.service %{name}.socket
%post
-%service_add_post %{name}.service
+%service_add_post %{name}.service %{name}@.service %{name}.socket
%postun
-%service_del_postun %{name}.service
+%service_del_postun %{name}.service %{name}@.service %{name}.socket
%files
%defattr(-,root,root)
++ vsftpd-2.1.0-filter.patch ++
--- /var/tmp/diff_new_pack.NTKCN5/_old 2015-02-27 11:03:48.0 +0100
+++ /var/tmp/diff_new_pack.NTKCN5/_new 2015-02-27 11:03:48.0 +0100
@@ -1,44 +1,74 @@
-diff -up vsftpd-2.1.0/ls.c.filter vsftpd-2.1.0/ls.c
vsftpd-2.1.0/ls.c.filter 2008-02-02 02:30:41.0 +0100
-+++ vsftpd-2.1.0/ls.c 2009-01-08 19:31:15.0 +0100
-@@ -239,9 +239,31 @@ vsf_filename_passes_filter(const struct
+Index: vsftpd-3.0.2/ls.c
+===
+--- vsftpd-3.0.2.orig/ls.c
vsftpd-3.0.2/ls.c
+@@ -7,6 +7,7 @@
+ * Would you believe, code to handle directory listing.
+ */
+
++#include
+ #include "ls.h"
+ #include "access.h"
+ #include "defs.h"
+@@ -243,11 +244,42 @@ vsf_filename_passes_filter(const struct
+ struct mystr temp_str = INIT_MYSTR;
+ struct mystr brace_list_str = INIT_MYSTR;
+ struct mystr new_filter_str = INIT_MYSTR;
++ struct mystr normalize_filename_str = INIT_MYSTR;
++ const char *normname;
++ const char *path;
int ret = 0;
char last_token = 0;
int must_match_at_current_pos = 1;
-+
-+
++
str_copy(&filter_remain_str, p_filter_str);
- str_copy(&name_remain_str, p_filename_str);
--
-+
-+ if (!str_isempty (&filter_remain_str) && !str_isempty(p_filename_str)) {
++
++ /* normalize filepath */
++ path = str_strdup(p_filename_str);
++ normname = realpath(path, NULL);
++ if (normname == NULL)
++ goto out;
++ str_alloc_text(&normalize_filename_str, normname);
++
++ if (!str_isempty (&filter_remain_str) &&
!str_isempty(&normalize_filename_str)) {
+if (str_get_char_at(p_filter_str, 0) == '/') {
-+ if (str_get_char_at(p_filename_str, 0) != '/') {
++ if (str_get_char_at(&normalize_filename_str, 0) != '/') {
+str_getcwd (&name_remain_str);
-+
++
+if (str_getlen(&name_remain_str) > 1) /* cwd != root dir */
+ str_append_char (&name_remain_str, '/');
-+
-+str_append_str (&name_remain_str, p_filename_str);
++
++str_append_str (&name_remain_str, &normalize_filename_str);
+ }
+ else
-+ str_copy (&name_remain_str, p_filename_str);
++ str_copy (&name_remain_str, &normalize_filename_str);
+} else {
+ if (str_get_char_at(p_filter_str, 0) != '{')
-+str_basename (&name_remain_str, p_filename_str);
++str_basename (&name_remain_str, &normalize_filename_str);
+ else
-+str_copy (&name_remain_str, p_filename_str);
++str_copy (&name_remain_str, &normalize_filename_str);
+}
+ } else
-+str_copy(&name_remain_str, p_filename_str);
-+
++str_copy(&name_remain_str, &normalize_filename_str);
+
while (!str_isempty(&filter_remain_str) && *iters
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2015-01-08 23:20:01
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
Package is "vsftpd"
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2014-11-24
11:11:19.0 +0100
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2015-01-09
01:11:17.0 +0100
@@ -1,0 +2,7 @@
+Fri Jan 2 10:32:53 UTC 2015 - tchva...@suse.com
+
+- Try to fix deny_file parsing to do more what is expected. Taken
+ from fedora. bnc#900326
+ * vsftpd-2.1.0-filter.patch
+
+---
New:
vsftpd-2.1.0-filter.patch
Other differences:
--
++ vsftpd.spec ++
--- /var/tmp/diff_new_pack.BZ0FnO/_old 2015-01-09 01:11:18.0 +0100
+++ /var/tmp/diff_new_pack.BZ0FnO/_new 2015-01-09 01:11:18.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package vsftpd
#
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -58,6 +58,8 @@
Patch17:vsftpd-enable-gettimeofday-sec.patch
#PATCH-FIX-UPSTREAM: bnc#890469 fix broken syscall on s390
Patch18:vsftpd-3.0.2-s390.patch
+#PATCH-FIX-UPSTREAM: bnc#900326 deny_file filtering acts weirdly
+Patch19:vsftpd-2.1.0-filter.patch
BuildRequires: libcap-devel
BuildRequires: openssl-devel
BuildRequires: pam-devel
@@ -98,6 +100,7 @@
%patch16 -p1
%patch17 -p1
%patch18 -p1
+%patch19 -p1
%build
%define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP
++ vsftpd-2.1.0-filter.patch ++
diff -up vsftpd-2.1.0/ls.c.filter vsftpd-2.1.0/ls.c
--- vsftpd-2.1.0/ls.c.filter2008-02-02 02:30:41.0 +0100
+++ vsftpd-2.1.0/ls.c 2009-01-08 19:31:15.0 +0100
@@ -239,9 +239,31 @@ vsf_filename_passes_filter(const struct
int ret = 0;
char last_token = 0;
int must_match_at_current_pos = 1;
+
+
str_copy(&filter_remain_str, p_filter_str);
- str_copy(&name_remain_str, p_filename_str);
-
+
+ if (!str_isempty (&filter_remain_str) && !str_isempty(p_filename_str)) {
+if (str_get_char_at(p_filter_str, 0) == '/') {
+ if (str_get_char_at(p_filename_str, 0) != '/') {
+str_getcwd (&name_remain_str);
+
+if (str_getlen(&name_remain_str) > 1) /* cwd != root dir */
+ str_append_char (&name_remain_str, '/');
+
+str_append_str (&name_remain_str, p_filename_str);
+ }
+ else
+ str_copy (&name_remain_str, p_filename_str);
+} else {
+ if (str_get_char_at(p_filter_str, 0) != '{')
+str_basename (&name_remain_str, p_filename_str);
+ else
+str_copy (&name_remain_str, p_filename_str);
+}
+ } else
+str_copy(&name_remain_str, p_filename_str);
+
while (!str_isempty(&filter_remain_str) && *iters < VSFTP_MATCHITERS_MAX)
{
static struct mystr s_match_needed_str;
diff -up vsftpd-2.1.0/str.c.filter vsftpd-2.1.0/str.c
--- vsftpd-2.1.0/str.c.filter 2008-12-17 06:54:16.0 +0100
+++ vsftpd-2.1.0/str.c 2009-01-08 19:31:15.0 +0100
@@ -680,3 +680,14 @@ str_replace_unprintable(struct mystr* p_
}
}
+void
+str_basename (struct mystr* d_str, const struct mystr* path)
+{
+ static struct mystr tmp;
+
+ str_copy (&tmp, path);
+ str_split_char_reverse(&tmp, d_str, '/');
+
+ if (str_isempty(d_str))
+ str_copy (d_str, path);
+}
diff -up vsftpd-2.1.0/str.h.filter vsftpd-2.1.0/str.h
--- vsftpd-2.1.0/str.h.filter 2008-12-17 06:53:23.0 +0100
+++ vsftpd-2.1.0/str.h 2009-01-08 19:32:14.0 +0100
@@ -100,6 +100,7 @@ void str_replace_unprintable(struct myst
int str_atoi(const struct mystr* p_str);
filesize_t str_a_to_filesize_t(const struct mystr* p_str);
unsigned int str_octal_to_uint(const struct mystr* p_str);
+void str_basename (struct mystr* d_str, const struct mystr* path);
/* PURPOSE: Extract a line of text (delimited by \n or EOF) from a string
* buffer, starting at character position 'p_pos'. The extracted line will
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2015-04-07 09:28:55
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
Package is "vsftpd"
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2015-02-27
11:03:47.0 +0100
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2015-04-07
09:28:56.0 +0200
@@ -1,0 +2,38 @@
+Sun Apr 5 10:25:50 UTC 2015 - tchva...@suse.com
+
+- bnc#925963 stat is sometimes run on wrong path and results with
+ ENOENT, ensure we sent both dir+file to filter verification:
+ * vsftpd-path-normalize.patch
+
+---
+Wed Mar 25 10:08:03 UTC 2015 - tchva...@suse.com
+
+- Update patch bit more for sanity checks. Done by rsa...@suse.de:
+ * vsftpd-path-normalize.patch
+
+---
+Mon Mar 23 20:13:51 UTC 2015 - tchva...@suse.com
+
+- Add back patch attempting to fix bnc#900326 bnc#915522 and
+ bnc#922538:
+ * vsftpd-path-normalize.patch
+
+---
+Mon Mar 23 20:08:19 UTC 2015 - tchva...@suse.com
+
+- Reset filter patch to match fedora, my work will be restarted
+ in one-off patch to make the changes stand out. Add rest of
+ RH filtering patches:
+ * vsftpd-2.2.0-wildchar.patch
+ * vsftpd-2.3.4-sqb.patch
+ * vsftpd-2.1.0-filter.patch
+
+---
+Mon Mar 23 19:56:11 UTC 2015 - tchva...@suse.com
+
+- Work on the filter patch and split out the normalisation of the
+ path to separate str function, currently commented out so I
+ avoid huge diffing.
+ * vsftpd-2.1.0-filter.patch
+
+---
New:
vsftpd-2.2.0-wildchar.patch
vsftpd-2.3.4-sqb.patch
vsftpd-path-normalize.patch
Other differences:
--
++ vsftpd.spec ++
--- /var/tmp/diff_new_pack.YZCLsy/_old 2015-04-07 09:28:57.0 +0200
+++ /var/tmp/diff_new_pack.YZCLsy/_new 2015-04-07 09:28:57.0 +0200
@@ -58,8 +58,11 @@
Patch17:vsftpd-enable-gettimeofday-sec.patch
#PATCH-FIX-UPSTREAM: bnc#890469 fix broken syscall on s390
Patch18:vsftpd-3.0.2-s390.patch
-#PATCH-FIX-UPSTREAM: bnc#900326 deny_file filtering acts weirdly
+#PATCH-FIX-UPSTREAM: bnc#900326 deny_file filtering acts weirdly (19-22)
Patch19:vsftpd-2.1.0-filter.patch
+Patch20:vsftpd-2.2.0-wildchar.patch
+Patch21:vsftpd-2.3.4-sqb.patch
+Patch22:vsftpd-path-normalize.patch
BuildRequires: libcap-devel
BuildRequires: openssl-devel
BuildRequires: pam-devel
@@ -101,6 +104,9 @@
%patch17 -p1
%patch18 -p1
%patch19 -p1
+%patch20 -p1
+%patch21 -p1
+%patch22 -p1
%build
%define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP
++ vsftpd-2.1.0-filter.patch ++
--- /var/tmp/diff_new_pack.YZCLsy/_old 2015-04-07 09:28:57.0 +0200
+++ /var/tmp/diff_new_pack.YZCLsy/_new 2015-04-07 09:28:57.0 +0200
@@ -1,74 +1,44 @@
-Index: vsftpd-3.0.2/ls.c
-===
vsftpd-3.0.2.orig/ls.c
-+++ vsftpd-3.0.2/ls.c
-@@ -7,6 +7,7 @@
- * Would you believe, code to handle directory listing.
- */
-
-+#include
- #include "ls.h"
- #include "access.h"
- #include "defs.h"
-@@ -243,11 +244,42 @@ vsf_filename_passes_filter(const struct
- struct mystr temp_str = INIT_MYSTR;
- struct mystr brace_list_str = INIT_MYSTR;
- struct mystr new_filter_str = INIT_MYSTR;
-+ struct mystr normalize_filename_str = INIT_MYSTR;
-+ const char *normname;
-+ const char *path;
+diff -up vsftpd-2.1.0/ls.c.filter vsftpd-2.1.0/ls.c
+--- vsftpd-2.1.0/ls.c.filter 2008-02-02 02:30:41.0 +0100
vsftpd-2.1.0/ls.c 2009-01-08 19:31:15.0 +0100
+@@ -239,9 +239,31 @@ vsf_filename_passes_filter(const struct
int ret = 0;
char last_token = 0;
int must_match_at_current_pos = 1;
-+
++
++
str_copy(&filter_remain_str, p_filter_str);
- str_copy(&name_remain_str, p_filename_str);
-+
-+ /* normalize filepath */
-+ path = str_strdup(p_filename_str);
-+ normname = realpath(path, NULL);
-+ if (normname == NULL)
-+ goto out;
-+ str_alloc_text(&normalize_filename_str, normname);
-+
-+ if (!str_isempty (&filter_remain_str) &&
!str_isempty(&normalize_filename_str)) {
+-
++
++ if (!str_isempty (&filter_remain_str) && !str_isempty(p_filename_str)) {
+if (str_get_char_at(p_filter_str, 0) == '/') {
-+ if (str_get_char_at(&normalize_filename_str, 0) != '/') {
++ if (str_get_char_at(p_filename_str, 0) != '/') {
+str_getcwd (&name
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2014-05-27 12:03:19
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
Package is "vsftpd"
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2014-04-11
13:42:44.0 +0200
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2014-05-27
12:03:21.0 +0200
@@ -1,0 +2,22 @@
+Mon May 26 13:13:44 UTC 2014 - tchva...@suse.com
+
+- Cleanup with spec-cleaner
+- Remove conditions about init files as we do not build for < 12.1
+ anyway.
+- Update the README.SUSE file to describe more the listen option.
+
+---
+Mon May 26 12:52:56 UTC 2014 - tchva...@suse.com
+
+- Add socket service for vsftpd to avoid the need for xinetd here.
+
+---
+Mon May 26 12:42:21 UTC 2014 - tchva...@suse.com
+
+- Add comment about listen variables for xinetd configuration.
+ Fixes bnc#872221.
+- Add default configuration as arg to xinetd started vsftpd.
+- Updated patch:
+ * vsftpd-2.0.4-xinetd.diff
+
+---
Old:
vsftpd.init
New:
vsftpd.socket
vsftpd@.service
Other differences:
--
++ vsftpd.spec ++
--- /var/tmp/diff_new_pack.8QPaEd/_old 2014-05-27 12:03:22.0 +0200
+++ /var/tmp/diff_new_pack.8QPaEd/_new 2014-05-27 12:03:22.0 +0200
@@ -16,19 +16,7 @@
#
-%global with_sysvinit 0
-%if 0%{?suse_version} < 1310
-%global with_sysvinit 1
-%endif
-
Name: vsftpd
-BuildRequires: gpg-offline
-BuildRequires: libcap-devel
-BuildRequires: openssl-devel
-BuildRequires: pam-devel
-%if 0%{?suse_version} > 1140
-BuildRequires: systemd
-%endif
Version:3.0.2
Release:0
Summary:Very Secure FTP Daemon - Written from Scratch
@@ -36,14 +24,15 @@
Group: Productivity/Networking/Ftp/Servers
Url:https://security.appspot.com/vsftpd.html
Source0:
https://security.appspot.com/downloads/%{name}-%{version}.tar.gz
-Source1:%name.pam
-Source2:%name.logrotate
-Source3:%name.init
+Source1:%{name}.pam
+Source2:%{name}.logrotate
Source4:README.SUSE
-Source5:%name.xml
-Source6:%name.firewall
+Source5:%{name}.xml
+Source6:%{name}.firewall
Source7:vsftpd.service
-Source9:%name.keyring
+Source8:vsftpd@.service
+Source9:%{name}.keyring
+Source10: vsftpd.socket
Source1000:
https://security.appspot.com/downloads/%{name}-%{version}.tar.gz.asc
Patch1: vsftpd-2.0.4-lib64.diff
Patch3: vsftpd-2.0.4-xinetd.diff
@@ -67,11 +56,16 @@
Patch16:vsftpd-root-squashed-chroot.patch
#PATCH-FIX-UPSTREAM: bnc#870122
Patch17:vsftpd-enable-gettimeofday-sec.patch
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
+BuildRequires: gpg-offline
+BuildRequires: libcap-devel
+BuildRequires: openssl-devel
+BuildRequires: pam-devel
+BuildRequires: systemd
+Requires: logrotate
+Requires(pre): %{_sbindir}/useradd
Provides: ftp-server
-Requires(pre): %insserv_prereq /usr/sbin/useradd
+BuildRoot: %{_tmppath}/%{name}-%{version}-build
%{?systemd_requires}
-Requires: logrotate
%description
Vsftpd is an FTP server, or daemon. The "vs" stands for Very Secure.
@@ -88,7 +82,7 @@
%gpg_verify %{S:1000}
%setup -q
%patch1
-%patch3
+%patch3 -p1
%patch4
%patch5
%patch6
@@ -105,90 +99,58 @@
%patch17 -p1
%build
-%define seccomp_opts %{nil}
-%if 0%{?suse_version} > 1030
%define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP
-%endif
rm -f dummyinc/sys/capability.h
-make CFLAGS="$RPM_OPT_FLAGS -DOPENSSL_NO_SSL_INTERN -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -fPIE -fstack-protector --param=ssp-buffer-size=4
%{seccomp_opts}" \
+make CFLAGS="%{optflags} -DOPENSSL_NO_SSL_INTERN -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -fPIE -fstack-protector --param=ssp-buffer-size=4
%{seccomp_opts}" \
LDFLAGS="-fPIE -pie -Wl,-z,relro -Wl,-z,now" LINK=
%install
-mkdir -p $RPM_BUILD_ROOT/usr/share/empty
-cp %SOURCE4 .
-install -D -m 755 %name $RPM_BUILD_ROOT/usr/sbin/%name
-install -D -m 600 %name.conf $RPM_BUILD_ROOT/etc/%name.conf
-install -D -m 600 xinetd.d/%name $RPM_BUILD_ROOT/etc/xinetd.d/%name
-install -D -m 644 $RPM_SOURCE_DIR/%name.pam $RPM_BUILD_ROOT/etc/pam.d/%name
-install -D -m 644 $RPM_SOURCE_DIR/%name.logrotate
$RPM_BUILD_ROOT/etc/logrotate.d/%name
-install -D -m 644 %name.conf.5 $RPM_BUILD_ROOT/%_mandir/man5/%name.conf.5
-install -D -m 644 %name.8 $RPM_BUILD_ROOT/%_mandir/man8
commit vsftpd for openSUSE:Factory
Hello community, here is the log from the commit of package vsftpd for openSUSE:Factory checked in at 2014-09-03 18:21:32 Comparing /work/SRC/openSUSE:Factory/vsftpd (Old) and /work/SRC/openSUSE:Factory/.vsftpd.new (New) Package is "vsftpd" Changes: --- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2014-05-27 12:03:21.0 +0200 +++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2014-09-03 21:17:40.0 +0200 @@ -1,0 +2,6 @@ +Thu Aug 21 14:21:51 UTC 2014 - jmate...@suse.com + +- force using fork() instead of clone() on s390 - fixes bnc#890469 + * vsftpd-3.0.2-s390.patch + +--- New: vsftpd-3.0.2-s390.patch Other differences: -- ++ vsftpd.spec ++ --- /var/tmp/diff_new_pack.NHnlkt/_old 2014-09-03 21:17:42.0 +0200 +++ /var/tmp/diff_new_pack.NHnlkt/_new 2014-09-03 21:17:42.0 +0200 @@ -56,6 +56,8 @@ Patch16:vsftpd-root-squashed-chroot.patch #PATCH-FIX-UPSTREAM: bnc#870122 Patch17:vsftpd-enable-gettimeofday-sec.patch +#PATCH-FIX-UPSTREAM: bnc#890469 fix broken syscall on s390 +Patch18:vsftpd-3.0.2-s390.patch BuildRequires: gpg-offline BuildRequires: libcap-devel BuildRequires: openssl-devel @@ -97,6 +99,7 @@ %patch15 -p1 %patch16 -p1 %patch17 -p1 +%patch18 -p1 %build %define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP ++ vsftpd-3.0.2-s390.patch ++ Index: vsftpd-3.0.2/sysdeputil.c === --- vsftpd-3.0.2.orig/sysdeputil.c 2014-08-21 16:12:59.845872489 +0200 +++ vsftpd-3.0.2/sysdeputil.c 2014-08-21 16:14:59.641431931 +0200 @@ -66,7 +66,7 @@ #include /* BEGIN config */ -#if defined(__linux__) +#if defined(__linux__) && !defined(__s390__) #include #include #define VSF_SYSDEP_HAVE_LINUX_CLONE -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2014-11-24 11:11:13
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
Package is "vsftpd"
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2014-09-03
21:17:40.0 +0200
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2014-11-24
11:11:19.0 +0100
@@ -1,0 +2,8 @@
+Fri Nov 14 09:19:22 UTC 2014 - dims...@opensuse.org
+
+- No longer perform gpg validation; osc source_validator does it
+ implicit:
+ + Drop gpg-offline BuildRequires.
+ + No longer execute gpg_verify.
+
+---
Other differences:
--
++ vsftpd.spec ++
--- /var/tmp/diff_new_pack.ivSUa7/_old 2014-11-24 11:11:20.0 +0100
+++ /var/tmp/diff_new_pack.ivSUa7/_new 2014-11-24 11:11:20.0 +0100
@@ -58,7 +58,6 @@
Patch17:vsftpd-enable-gettimeofday-sec.patch
#PATCH-FIX-UPSTREAM: bnc#890469 fix broken syscall on s390
Patch18:vsftpd-3.0.2-s390.patch
-BuildRequires: gpg-offline
BuildRequires: libcap-devel
BuildRequires: openssl-devel
BuildRequires: pam-devel
@@ -81,7 +80,6 @@
tests.
%prep
-%gpg_verify %{S:1000}
%setup -q
%patch1
%patch3 -p1
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2016-09-27 13:41:09
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
Package is "vsftpd"
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2016-09-05
21:12:26.0 +0200
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2016-09-27
13:41:11.0 +0200
@@ -1,0 +2,8 @@
+Mon Sep 19 11:39:04 UTC 2016 - psim...@suse.com
+
+- Add vsftpd-3.0.2-fix-chown-uploads.patch to fix a bug in vsftpd
+ where files uploaded by an anonymous user could not be chown()ed
+ to the desired UID as specified in the daemon's configuration
+ file. [bnc#996370]
+
+---
New:
vsftpd-3.0.2-fix-chown-uploads.patch
Other differences:
--
++ vsftpd.spec ++
--- /var/tmp/diff_new_pack.von4JE/_old 2016-09-27 13:41:14.0 +0200
+++ /var/tmp/diff_new_pack.von4JE/_new 2016-09-27 13:41:14.0 +0200
@@ -69,6 +69,7 @@
Patch23:vsftpd-ls-memleak.patch
#PATCH-FIX-UPSTREAM: bnc#970982
Patch24:vsftpd-3.0.2-wnohang.patch
+Patch25:vsftpd-3.0.2-fix-chown-uploads.patch
BuildRequires: libcap-devel
BuildRequires: openssl-devel
BuildRequires: pam-devel
@@ -118,6 +119,7 @@
%patch22 -p1
%patch23 -p1
%patch24 -p1
+%patch25 -p1
%build
%define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP
++ vsftpd-3.0.2-fix-chown-uploads.patch ++
Index: vsftpd-3.0.2/seccompsandbox.c
===
--- vsftpd-3.0.2.orig/seccompsandbox.c
+++ vsftpd-3.0.2/seccompsandbox.c
@@ -475,6 +475,10 @@ seccomp_sandbox_setup_postlogin(const st
/* Need to send file descriptors to privileged broker. */
allow_nr_1_arg_match(__NR_sendmsg, 3, 0);
}
+if (is_anon && tunable_chown_uploads)
+{
+ allow_nr(__NR_fchmod);
+}
}
if (tunable_syslog_enable)
@@ -538,6 +542,12 @@ seccomp_sandbox_setup_postlogin_broker()
seccomp_sandbox_setup_base();
seccomp_sandbox_setup_data_connections();
allow_nr_1_arg_match(__NR_sendmsg, 3, 0);
+ if (tunable_chown_uploads)
+ {
+allow_nr(__NR_fstat);
+allow_nr(__NR_fchown);
+allow_nr_1_arg_match(__NR_recvmsg, 3, 0);
+ }
}
void
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2016-04-01 13:01:56
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
Package is "vsftpd"
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2016-03-16
10:26:35.0 +0100
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2016-04-01
13:01:58.0 +0200
@@ -1,0 +2,17 @@
+Wed Mar 23 10:07:55 UTC 2016 - tchva...@suse.com
+
+- Require shadow and do not output the error out of useradd
+
+---
+Tue Mar 22 14:27:27 UTC 2016 - tchva...@suse.com
+
+- Fix user creation to not report error when user alredy exist
+ bnc#972169
+
+---
+Mon Mar 21 12:53:59 UTC 2016 - tchva...@suse.com
+
+- Fix bnc#970982 hanging on pam_exec in pam.d
+ * Add patch vsftpd-3.0.2-wnohang.patch
+
+---
New:
vsftpd-3.0.2-wnohang.patch
Other differences:
--
++ vsftpd.spec ++
--- /var/tmp/diff_new_pack.eHdCZ9/_old 2016-04-01 13:01:59.0 +0200
+++ /var/tmp/diff_new_pack.eHdCZ9/_new 2016-04-01 13:01:59.0 +0200
@@ -68,11 +68,13 @@
Patch21:vsftpd-2.3.4-sqb.patch
Patch22:vsftpd-path-normalize.patch
Patch23:vsftpd-ls-memleak.patch
+#PATCH-FIX-UPSTREAM: bnc#970982
+Patch24:vsftpd-3.0.2-wnohang.patch
BuildRequires: libcap-devel
BuildRequires: openssl-devel
BuildRequires: pam-devel
Requires: logrotate
-Requires(pre): %{_sbindir}/useradd
+Requires(pre): shadow
Provides: ftp-server
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if %{with_systemd}
@@ -116,6 +118,7 @@
%patch21 -p1
%patch22 -p1
%patch23 -p1
+%patch24 -p1
%build
%define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP
@@ -148,7 +151,7 @@
install -m 644 %{SOURCE6}
%{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
%pre
-%{_sbindir}/useradd -r -g nogroup -s /bin/false -c "Secure FTP User" -d
%{_localstatedir}/lib/empty ftpsecure 2> /dev/null || :
+getent passwd ftpsecure >/dev/null || useradd -r -g nogroup -s /bin/false -c
"Secure FTP User" -d %{_localstatedir}/lib/empty ftpsecure
%if %{with_systemd}
%service_add_pre %{name}.service %{name}@.service %{name}.socket
%endif
++ vsftpd-3.0.2-wnohang.patch ++
--- vsftpd-3.0.2/sysutil.c.wnohang 2015-08-03 07:35:33.619620425 +0200
+++ vsftpd-3.0.2/sysutil.c 2015-08-03 07:35:33.626620480 +0200
@@ -608,13 +608,13 @@ vsf_sysutil_exit(int exit_code)
}
struct vsf_sysutil_wait_retval
-vsf_sysutil_wait(void)
+vsf_sysutil_wait(int hang)
{
struct vsf_sysutil_wait_retval retval;
vsf_sysutil_memclr(&retval, sizeof(retval));
while (1)
{
-int sys_ret = wait(&retval.exit_status);
+int sys_ret = waitpid(-1, &retval.exit_status, hang ? 0 : WNOHANG);
if (sys_ret < 0 && errno == EINTR)
{
vsf_sysutil_check_pending_actions(kVSFSysUtilUnknown, 0, 0);
--- vsftpd-3.0.2/sysutil.h.wnohang 2015-08-03 07:35:33.610620354 +0200
+++ vsftpd-3.0.2/sysutil.h 2015-08-03 07:35:33.626620480 +0200
@@ -176,7 +176,7 @@ struct vsf_sysutil_wait_retval
int PRIVATE_HANDS_OFF_syscall_retval;
int PRIVATE_HANDS_OFF_exit_status;
};
-struct vsf_sysutil_wait_retval vsf_sysutil_wait(void);
+struct vsf_sysutil_wait_retval vsf_sysutil_wait(int hang);
int vsf_sysutil_wait_reap_one(void);
int vsf_sysutil_wait_get_retval(
const struct vsf_sysutil_wait_retval* p_waitret);
--- vsftpd-3.0.2/twoprocess.c.wnohang 2012-09-16 09:15:49.0 +0200
+++ vsftpd-3.0.2/twoprocess.c 2015-08-03 07:35:33.626620480 +0200
@@ -47,8 +47,17 @@ static void
handle_sigchld(void* duff)
{
- struct vsf_sysutil_wait_retval wait_retval = vsf_sysutil_wait();
+ struct vsf_sysutil_wait_retval wait_retval = vsf_sysutil_wait(0);
(void) duff;
+ if (!vsf_sysutil_wait_get_exitcode(&wait_retval) &&
+ !vsf_sysutil_wait_get_retval(&wait_retval))
+/* There was nobody to wait for, possibly caused by underlying library
+ * which created a new process through fork()/vfork() and already picked
+ * it up, e.g. by pam_exec.so or integrity check routines for libraries
+ * when FIPS mode is on (nss freebl), which can lead to calling prelink
+ * if the prelink package is installed.
+ */
+return;
/* Child died, so we'll do the same! Report it as an error unless the child
* exited normally with zero exit code
*/
@@ -390,7 +399,7 @@ common_do_login(struct vsf_session* p_se
priv_sock_send_result(p_sess->parent_fd, PRIV_SOCK_RESULT_OK);
if (!p_sess->control_use_
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2016-08-16 13:02:18
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
Package is "vsftpd"
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2016-04-01
13:01:58.0 +0200
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2016-08-16
13:02:20.0 +0200
@@ -1,0 +2,5 @@
+Fri Aug 5 11:27:39 UTC 2016 - tchva...@suse.com
+
+- Do not bother with omc xml configs, useless nowdays
+
+---
Old:
vsftpd.xml
Other differences:
--
++ vsftpd.spec ++
--- /var/tmp/diff_new_pack.RY9vHm/_old 2016-08-16 13:02:22.0 +0200
+++ /var/tmp/diff_new_pack.RY9vHm/_new 2016-08-16 13:02:22.0 +0200
@@ -33,7 +33,6 @@
Source2:%{name}.logrotate
Source3:%{name}.init
Source4:README.SUSE
-Source5:%{name}.xml
Source6:%{name}.firewall
Source7:vsftpd.service
Source8:vsftpd@.service
@@ -145,8 +144,6 @@
install -D -m 755 %{SOURCE3} %{buildroot}%{_initddir}/%{name}
ln -sf %{_initddir}/%{name} %{buildroot}/%{_sbindir}/rc%{name}
%endif
-install -d %{buildroot}/%{_datadir}/omc/svcinfo.d/
-install -D -m 644 %{SOURCE5} %{buildroot}/%{_datadir}/omc/svcinfo.d/
install -d %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/
install -m 644 %{SOURCE6}
%{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
@@ -190,7 +187,6 @@
%endif
%{_sbindir}/%{name}
%{_sbindir}/rc%{name}
-%{_datadir}/omc/svcinfo.d/vsftpd.xml
%dir %{_datadir}/empty
%config(noreplace) %{_sysconfdir}/xinetd.d/%{name}
%config(noreplace) %{_sysconfdir}/%{name}.conf
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2018-04-06 17:43:01
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
Package is "vsftpd"
Fri Apr 6 17:43:01 2018 rev:64 rq:593273 version:3.0.3
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2017-12-16
20:45:24.492611586 +0100
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2018-04-06
17:43:01.325632616 +0200
@@ -1,0 +2,5 @@
+Tue Apr 3 11:48:08 UTC 2018 - vci...@suse.com
+
+- Add firewalld service file (bsc#1083705)
+
+---
New:
vsftpd.firewalld
Other differences:
--
++ vsftpd.spec ++
--- /var/tmp/diff_new_pack.6EdJvF/_old 2018-04-06 17:43:03.881540292 +0200
+++ /var/tmp/diff_new_pack.6EdJvF/_new 2018-04-06 17:43:03.885540147 +0200
@@ -1,7 +1,7 @@
#
# spec file for package vsftpd
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -21,6 +21,11 @@
%else
%global with_systemd 0
%endif
+%if 0%{?suse_version} >= 1500
+%define use_firewalld 1
+%else
+%define use_firewalld 0
+%endif
Name: vsftpd
Version:3.0.3
Release:0
@@ -38,6 +43,7 @@
Source8:vsftpd@.service
Source9:%{name}.keyring
Source10: vsftpd.socket
+Source11: %{name}.firewalld
Source1000:
https://security.appspot.com/downloads/%{name}-%{version}.tar.gz.asc
Patch1: vsftpd-2.0.4-lib64.diff
Patch3: vsftpd-2.0.4-xinetd.diff
@@ -81,13 +87,15 @@
BuildRequires: pam-devel
Requires: logrotate
Requires(pre): shadow
+Provides: ftp-server
+%if %{use_firewalld}
+Requires(post): firewall-macros
+%endif
%if 0%{?suse_version} >= 1330
-Requires(pre): group(nobody)
Requires: group(nobody)
Requires: user(ftp)
+Requires(pre): group(nobody)
%endif
-Provides: ftp-server
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if %{with_systemd}
BuildRequires: systemd
%{?systemd_requires}
@@ -164,8 +172,13 @@
install -D -m 755 %{SOURCE3} %{buildroot}%{_initddir}/%{name}
ln -sf %{_initddir}/%{name} %{buildroot}/%{_sbindir}/rc%{name}
%endif
+# install firewall information file
+%if %{use_firewalld}
+install -D -m 644 %{SOURCE11}
%{buildroot}%{_libexecdir}/firewalld/services/%{name}.xml
+%else
install -d %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/
install -m 644 %{SOURCE6}
%{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
+%endif
%pre
getent passwd ftpsecure >/dev/null || useradd -r -g nobody -s /bin/false -c
"Secure FTP User" -d %{_localstatedir}/lib/empty ftpsecure
@@ -187,6 +200,9 @@
%insserv_cleanup
%restart_on_update %{name}
%endif
+%if %{use_firewalld}
+%{firewalld_reload}
+%endif
%postun
%if %{with_systemd}
@@ -197,7 +213,6 @@
%endif
%files
-%defattr(-,root,root)
%if %{with_systemd}
%{_unitdir}/%{name}.service
%{_unitdir}/%{name}.socket
@@ -216,9 +231,17 @@
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%{_mandir}/man5/%{name}.conf.*
%{_mandir}/man8/%{name}.*
-%doc BUGS AUDIT Changelog LICENSE README README.security
-%doc REWARD SPEED TODO SECURITY TUNING SIZE FAQ EXAMPLE COPYING
+%license LICENSE
+%doc BUGS AUDIT Changelog README README.security
+%license COPYING
+%doc REWARD SPEED TODO SECURITY TUNING SIZE FAQ EXAMPLE
%doc README.SUSE
+%if %{use_firewalld}
+%dir %{_libexecdir}/firewalld
+%dir %{_libexecdir}/firewalld/services
+%{_libexecdir}/firewalld/services/%{name}.xml
+%else
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
+%endif
%changelog
++ vsftpd.firewalld ++
vsftpd ports
vsftpd ports for both active and passive
connections
commit vsftpd for openSUSE:Factory
Hello community, here is the log from the commit of package vsftpd for openSUSE:Factory checked in at 2018-05-16 11:25:11 Comparing /work/SRC/openSUSE:Factory/vsftpd (Old) and /work/SRC/openSUSE:Factory/.vsftpd.new (New) Package is "vsftpd" Wed May 16 11:25:11 2018 rev:65 rq:607030 version:3.0.3 Changes: --- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2018-04-06 17:43:01.325632616 +0200 +++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2018-05-16 11:25:16.175914144 +0200 @@ -1,0 +2,7 @@ +Wed Apr 25 06:32:25 UTC 2018 - psim...@suse.com + +- vsftpd-enable-syscalls-needed-by-sle15.patch: Enable wait4(), + sysinfo(), and shutdown() syscalls in seccomp sandbox. These are + required for the daemon to work properly on SLE-15. [bsc#1089088] + +--- New: vsftpd-enable-syscalls-needed-by-sle15.patch Other differences: -- ++ vsftpd.spec ++ --- /var/tmp/diff_new_pack.6jovgT/_old 2018-05-16 11:25:17.267874471 +0200 +++ /var/tmp/diff_new_pack.6jovgT/_new 2018-05-16 11:25:17.267874471 +0200 @@ -82,6 +82,7 @@ Patch28:vsftpd-die-with-session.patch Patch29:vsftpd-append-seek-pipe.patch Patch30:vsftpd-3.0.3-address_space_limit.patch +Patch31:vsftpd-enable-syscalls-needed-by-sle15.patch BuildRequires: libcap-devel BuildRequires: libopenssl-devel BuildRequires: pam-devel @@ -144,6 +145,7 @@ %patch28 -p1 %patch29 -p1 %patch30 -p1 +%patch31 -p1 %build %define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP ++ vsftpd-enable-syscalls-needed-by-sle15.patch ++ Index: vsftpd-3.0.3/seccompsandbox.c === --- vsftpd-3.0.3.orig/seccompsandbox.c 2018-04-25 06:34:52.154728803 + +++ vsftpd-3.0.3/seccompsandbox.c 2018-04-25 06:37:43.071314942 + @@ -306,6 +306,13 @@ seccomp_sandbox_setup_base() allow_nr(__NR_restart_syscall); allow_nr(__NR_close); + /* Required on SLE-15 because of changes in 3rd party libraries. + * Reported in bsc#1089088. + */ + allow_nr(__NR_wait4); + allow_nr(__NR_sysinfo); + allow_nr(__NR_shutdown); + /* * Calls to alarm and date * Seems to be some part of the logging
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2018-05-23 16:06:01
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
Package is "vsftpd"
Wed May 23 16:06:01 2018 rev:66 rq:609848 version:3.0.3
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2018-05-16
11:25:16.175914144 +0200
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2018-05-23
16:06:05.524596434 +0200
@@ -1,0 +2,8 @@
+Wed May 16 15:25:02 UTC 2018 - psim...@suse.com
+
+- Don't start/stop parameterized systemd units in pre/post actions.
+ These units cannot be used without an explicit parameter and
+ attempts to do so lead to a confusing "failed to try-restart"
+ error message. [bsc#1093179, bsc#1010177]
+
+---
Other differences:
--
++ vsftpd.spec ++
--- /var/tmp/diff_new_pack.qX8ImM/_old 2018-05-23 16:06:06.724552478 +0200
+++ /var/tmp/diff_new_pack.qX8ImM/_new 2018-05-23 16:06:06.732552184 +0200
@@ -185,19 +185,19 @@
%pre
getent passwd ftpsecure >/dev/null || useradd -r -g nobody -s /bin/false -c
"Secure FTP User" -d %{_localstatedir}/lib/empty ftpsecure
%if %{with_systemd}
-%service_add_pre %{name}.service %{name}@.service %{name}.socket
+%service_add_pre %{name}.service %{name}.socket
%endif
%preun
%if %{with_systemd}
-%service_del_preun %{name}.service %{name}@.service %{name}.socket
+%service_del_preun %{name}.service %{name}.socket
%else
%stop_on_removal %{name}
%endif
%post
%if %{with_systemd}
-%service_add_post %{name}.service %{name}@.service %{name}.socket
+%service_add_post %{name}.service %{name}.socket
%else
%insserv_cleanup
%restart_on_update %{name}
@@ -208,7 +208,7 @@
%postun
%if %{with_systemd}
-%service_del_postun %{name}.service %{name}@.service %{name}.socket
+%service_del_postun %{name}.service %{name}.socket
%else
%insserv_cleanup
%restart_on_update %{name}
commit vsftpd for openSUSE:Factory
Hello community, here is the log from the commit of package vsftpd for openSUSE:Factory checked in at 2018-06-25 11:34:14 Comparing /work/SRC/openSUSE:Factory/vsftpd (Old) and /work/SRC/openSUSE:Factory/.vsftpd.new (New) Package is "vsftpd" Mon Jun 25 11:34:14 2018 rev:67 rq:618293 version:3.0.3 Changes: --- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2018-05-23 16:06:05.524596434 +0200 +++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2018-06-25 11:34:19.395369718 +0200 @@ -1,0 +2,12 @@ +Thu Jun 21 11:06:33 UTC 2018 - psim...@suse.com + +- Apply "vsftpd-support-dsa-only-setups.patch" to disable the + problematic default setting for rsa_cert_file. Upstream + initializes that value to "/usr/share/ssl/certs/vsftpd.pem" and + vsftpd won't start up if that file does not exist (or if it does + not contain an RSA certificate). Therefore, users who copy a DSA + certificate into that location or properly configure a DSA + certificate via dsa_cert_file without explicitly disabling the + RSA certificate won't be able to start vsftpd. [bsc#975538] + +--- New: vsftpd-support-dsa-only-setups.patch Other differences: -- ++ vsftpd.spec ++ --- /var/tmp/diff_new_pack.geaYbo/_old 2018-06-25 11:34:21.287299889 +0200 +++ /var/tmp/diff_new_pack.geaYbo/_new 2018-06-25 11:34:21.291299741 +0200 @@ -83,6 +83,7 @@ Patch29:vsftpd-append-seek-pipe.patch Patch30:vsftpd-3.0.3-address_space_limit.patch Patch31:vsftpd-enable-syscalls-needed-by-sle15.patch +Patch32:vsftpd-support-dsa-only-setups.patch BuildRequires: libcap-devel BuildRequires: libopenssl-devel BuildRequires: pam-devel @@ -146,6 +147,7 @@ %patch29 -p1 %patch30 -p1 %patch31 -p1 +%patch32 -p1 %build %define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP ++ vsftpd-support-dsa-only-setups.patch ++ Index: vsftpd-3.0.3/vsftpd.conf === --- vsftpd-3.0.3.orig/vsftpd.conf 2018-06-21 11:01:12.125258812 + +++ vsftpd-3.0.3/vsftpd.conf2018-06-21 11:04:43.355979116 + @@ -188,8 +188,12 @@ listen=NO # Make sure, that one of the listen options is commented !! listen_ipv6=YES # -# Set to ssl_enable=YES if you want to enable SSL +# Set "ssl_enable=YES" to enable SSL support and configure the location of +# your local certificate (RSA, DSA, or both). Note that vsftpd won't start +# if either of the "xxx_cert_file" options sets a path that doesn't exist. ssl_enable=NO +rsa_cert_file= +dsa_cert_file= # # Limit passive ports to this range to assis firewalling pasv_min_port=3
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2019-06-26 16:01:55
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new.4615 (New)
Package is "vsftpd"
Wed Jun 26 16:01:55 2019 rev:70 rq:710591 version:3.0.3
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2018-11-06
14:03:52.991492450 +0100
+++ /work/SRC/openSUSE:Factory/.vsftpd.new.4615/vsftpd.changes 2019-06-26
16:01:58.439457275 +0200
@@ -1,0 +2,13 @@
+Tue Jun 18 15:37:38 UTC 2019 - Peter Simons
+
+- Apply "vsftpd-avoid-bogus-ssl-write.patch" to fix a segmentation
+ fault that occurred while trying to write to an invalid TLS
+ context. [bsc#1125951]
+
+---
+Wed Jun 12 14:16:40 UTC 2019 - Dominique Leuenberger
+
+- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
+ shortcut the build queues by allowing usage of systemd-mini
+
+---
New:
vsftpd-avoid-bogus-ssl-write.patch
Other differences:
--
++ vsftpd.spec ++
--- /var/tmp/diff_new_pack.0IwoMh/_old 2019-06-26 16:01:59.395458598 +0200
+++ /var/tmp/diff_new_pack.0IwoMh/_new 2019-06-26 16:01:59.399458604 +0200
@@ -1,7 +1,7 @@
#
# spec file for package vsftpd
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -84,6 +84,7 @@
Patch30:vsftpd-3.0.3-address_space_limit.patch
Patch31:vsftpd-enable-syscalls-needed-by-sle15.patch
Patch32:vsftpd-support-dsa-only-setups.patch
+Patch33:vsftpd-avoid-bogus-ssl-write.patch
BuildRequires: libcap-devel
BuildRequires: libopenssl-devel
BuildRequires: pam-devel
@@ -99,7 +100,7 @@
Requires(pre): group(nobody)
%endif
%if %{with_systemd}
-BuildRequires: systemd
+BuildRequires: pkgconfig(systemd)
%{?systemd_requires}
%else
Requires(post): %insserv_prereq
@@ -148,6 +149,7 @@
%patch30 -p1
%patch31 -p1
%patch32 -p1
+%patch33 -p1
%build
%define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP
++ vsftpd-avoid-bogus-ssl-write.patch ++
Index: vsftpd-3.0.2/utility.c
===
--- vsftpd-3.0.2.orig/utility.c
+++ vsftpd-3.0.2/utility.c
@@ -104,11 +104,13 @@ bug(const char* p_text)
{
if (s_p_sess->ssl_slave_active)
{
+ /* Write error through ssl_slave process */
priv_sock_send_cmd(s_p_sess->ssl_consumer_fd, PRIV_SOCK_WRITE_USER_RESP);
priv_sock_send_buf(s_p_sess->ssl_consumer_fd, text_buffer, text_len);
}
-else
+else if (s_p_sess->p_control_ssl)
{
+ /* From ssl_slave write the message directly */
(void)ssl_write(s_p_sess->p_control_ssl, text_buffer, text_len);
}
}
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2017-06-07 09:53:51
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
Package is "vsftpd"
Wed Jun 7 09:53:51 2017 rev:60 rq:500193 version:3.0.3
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2017-05-10
20:32:35.750569152 +0200
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2017-06-07
09:53:53.803627756 +0200
@@ -1,0 +2,6 @@
+Wed May 31 15:02:14 UTC 2017 - psim...@suse.com
+
+- Explicitly depend on OpenSSL version 1.0.x since vsftpd doesn't
+ compile against the API provided by newer versions.
+
+---
Other differences:
--
++ vsftpd.spec ++
--- /var/tmp/diff_new_pack.rJ55Ks/_old 2017-06-07 09:53:55.023455374 +0200
+++ /var/tmp/diff_new_pack.rJ55Ks/_new 2017-06-07 09:53:55.027454809 +0200
@@ -71,12 +71,14 @@
Patch24:vsftpd-3.0.2-wnohang.patch
Patch25:vsftpd-3.0.2-fix-chown-uploads.patch
BuildRequires: libcap-devel
-BuildRequires: openssl-devel
BuildRequires: pam-devel
Requires: logrotate
Requires(pre): shadow
%if 0%{?suse_version} >= 1330
Requires(pre): group(nobody)
+BuildRequires: libopenssl-1_0_0-devel
+%else
+BuildRequires: libopenssl-devel
%endif
Provides: ftp-server
BuildRoot: %{_tmppath}/%{name}-%{version}-build
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2017-12-16 20:45:20
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
Package is "vsftpd"
Sat Dec 16 20:45:20 2017 rev:63 rq:556627 version:3.0.3
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2017-09-14
21:09:34.562204671 +0200
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2017-12-16
20:45:24.492611586 +0100
@@ -1,0 +2,5 @@
+Wed Dec 13 09:41:39 UTC 2017 - tchva...@suse.com
+
+- Make sure to also require group nobody and user ftp bsc#1070653
+
+---
Other differences:
--
++ vsftpd.spec ++
--- /var/tmp/diff_new_pack.btIXk8/_old 2017-12-16 20:45:27.024489361 +0100
+++ /var/tmp/diff_new_pack.btIXk8/_new 2017-12-16 20:45:27.028489168 +0100
@@ -83,6 +83,8 @@
Requires(pre): shadow
%if 0%{?suse_version} >= 1330
Requires(pre): group(nobody)
+Requires: group(nobody)
+Requires: user(ftp)
%endif
Provides: ftp-server
BuildRoot: %{_tmppath}/%{name}-%{version}-build
commit vsftpd for openSUSE:Factory
Hello community, here is the log from the commit of package vsftpd for openSUSE:Factory checked in at 2019-12-11 12:01:44 Comparing /work/SRC/openSUSE:Factory/vsftpd (Old) and /work/SRC/openSUSE:Factory/.vsftpd.new.4691 (New) Package is "vsftpd" Wed Dec 11 12:01:44 2019 rev:71 rq:754435 version:3.0.3 Changes: --- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2019-06-26 16:01:58.439457275 +0200 +++ /work/SRC/openSUSE:Factory/.vsftpd.new.4691/vsftpd.changes 2019-12-11 12:02:59.268794296 +0100 @@ -1,0 +2,6 @@ +Thu Dec 5 14:04:59 UTC 2019 - Josef Möllers + +- Add pam_keyinit.so to PAM config file. + [vsftpd.pam, bsc#1144062] + +--- Other differences: -- ++ vsftpd.pam ++ --- /var/tmp/diff_new_pack.khigYn/_old 2019-12-11 12:03:00.932793596 +0100 +++ /var/tmp/diff_new_pack.khigYn/_new 2019-12-11 12:03:00.932793596 +0100 @@ -10,5 +10,6 @@ auth includecommon-auth account includecommon-account password includecommon-password +session required pam_keyinit.so force revoke session required pam_loginuid.so session includecommon-session
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2018-11-06 14:03:51
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
Package is "vsftpd"
Tue Nov 6 14:03:51 2018 rev:69 rq:644184 version:3.0.3
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2018-07-04
23:53:37.415991937 +0200
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2018-11-06
14:03:52.991492450 +0100
@@ -1,0 +2,6 @@
+Tue Oct 23 22:05:43 UTC 2018 - Christian Boltz
+
+- firewall-macros should be BuildRequires, not Requires(post)
+ (the macro gets expanded during package build)
+
+---
Other differences:
--
++ vsftpd.spec ++
--- /var/tmp/diff_new_pack.NDGt8S/_old 2018-11-06 14:03:54.403490607 +0100
+++ /var/tmp/diff_new_pack.NDGt8S/_new 2018-11-06 14:03:54.403490607 +0100
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -91,7 +91,7 @@
Requires(pre): shadow
Provides: ftp-server
%if %{use_firewalld}
-Requires(post): firewall-macros
+BuildRequires: firewall-macros
%endif
%if 0%{?suse_version} >= 1330
Requires: group(nobody)
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2018-07-04 23:52:43
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
Package is "vsftpd"
Wed Jul 4 23:52:43 2018 rev:68 rq:619612 version:3.0.3
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2018-06-25
11:34:19.395369718 +0200
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2018-07-04
23:53:37.415991937 +0200
@@ -1,0 +2,7 @@
+Thu Jun 28 15:57:13 UTC 2018 - psim...@suse.com
+
+- Extend "vsftpd-3.0.3-address_space_limit.patch" to mention the
+ new 'address_space_limit' option in the installed vsftpd.conf(5)
+ man page. [bsc#1075060]
+
+---
Other differences:
--
++ vsftpd-3.0.3-address_space_limit.patch ++
--- /var/tmp/diff_new_pack.WV7g8r/_old 2018-07-04 23:53:38.243991023 +0200
+++ /var/tmp/diff_new_pack.WV7g8r/_new 2018-07-04 23:53:38.243991023 +0200
@@ -1,8 +1,8 @@
-Index: vsftpd-3.0.3/main.c
+Index: vsftpd-3.0.2/main.c
===
vsftpd-3.0.3.orig/main.c
-+++ vsftpd-3.0.3/main.c
-@@ -317,7 +317,7 @@ env_init(void)
+--- vsftpd-3.0.2.orig/main.c 2018-06-28 15:45:11.373254606 +
vsftpd-3.0.2/main.c2018-06-28 15:45:16.700973780 +
+@@ -320,7 +320,7 @@ env_init(void)
static void
limits_init(void)
{
@@ -11,10 +11,10 @@
if (tunable_text_userdb_names)
{
/* Turns out, LDAP lookups for lots of userid -> name mappings can really
-Index: vsftpd-3.0.3/parseconf.c
+Index: vsftpd-3.0.2/parseconf.c
===
vsftpd-3.0.3.orig/parseconf.c
-+++ vsftpd-3.0.3/parseconf.c
+--- vsftpd-3.0.2.orig/parseconf.c 2018-06-28 15:45:11.373254606 +
vsftpd-3.0.2/parseconf.c 2018-06-28 15:45:16.700973780 +
@@ -138,6 +138,7 @@ parseconf_uint_array[] =
{ "delay_successful_login", &tunable_delay_successful_login },
{ "max_login_fails", &tunable_max_login_fails },
@@ -23,10 +23,10 @@
{ 0, 0 }
};
-Index: vsftpd-3.0.3/tunables.c
+Index: vsftpd-3.0.2/tunables.c
===
vsftpd-3.0.3.orig/tunables.c
-+++ vsftpd-3.0.3/tunables.c
+--- vsftpd-3.0.2.orig/tunables.c 2018-06-28 15:45:11.373254606 +
vsftpd-3.0.2/tunables.c2018-06-28 15:45:16.700973780 +
@@ -110,6 +110,7 @@ unsigned int tunable_delay_failed_login;
unsigned int tunable_delay_successful_login;
unsigned int tunable_max_login_fails;
@@ -43,10 +43,10 @@
install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir);
install_str_setting("ftp", &tunable_ftp_username);
-Index: vsftpd-3.0.3/tunables.h
+Index: vsftpd-3.0.2/tunables.h
===
vsftpd-3.0.3.orig/tunables.h
-+++ vsftpd-3.0.3/tunables.h
+--- vsftpd-3.0.2.orig/tunables.h 2018-06-28 15:45:11.373254606 +
vsftpd-3.0.2/tunables.h2018-06-28 15:45:16.700973780 +
@@ -112,6 +112,7 @@ extern unsigned int tunable_delay_failed
extern unsigned int tunable_delay_successful_login;
extern unsigned int tunable_max_login_fails;
@@ -55,3 +55,27 @@
/* String defines */
extern const char* tunable_secure_chroot_dir;
+Index: vsftpd-3.0.2/vsftpd.conf.5
+===
+--- vsftpd-3.0.2.orig/vsftpd.conf.52018-06-28 15:45:06.882648441 +
vsftpd-3.0.2/vsftpd.conf.5 2018-06-28 15:55:42.806639732 +
+@@ -639,6 +639,19 @@ The timeout, in seconds, for a remote cl
+ a PASV style data connection.
+
+ Default: 60
++
++.TP
++.B address_space_limit
++Set the amount of memory vsftpd can use (in bytes). This limit exists so that
++attackers cannot exploit any potential bugs in the server that might result in
++vsftpd allocating huge amounts of memory that would affect the host system
++negatively, e.g. causing thrashing or killing random processes due to Linux's
++OOM system. If the value is configured too low, vsftpd will fail with "out of
++memory" errors during normal operations. Oftentimes, this occurs inside of the
++PAM stack on systems that have many memory-intensive PAM modules enabled.
++
++Default: 104857600 (100MB)
++
+ .TP
+ .B anon_max_rate
+ The maximum data transfer rate permitted, in bytes per second, for anonymous
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2017-06-15 11:18:41
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
Package is "vsftpd"
Thu Jun 15 11:18:41 2017 rev:61 rq:503674 version:3.0.3
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2017-06-07
09:53:53.803627756 +0200
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2017-06-15
11:18:42.419113399 +0200
@@ -1,0 +2,14 @@
+Wed Jun 14 11:42:26 UTC 2017 - tchva...@suse.com
+
+- Conditionally install xinetd service only on older releases
+ * On current distributions we support the same functionality
+via systemd socket activation
+
+---
+Mon Jun 12 17:57:38 UTC 2017 - daniel.molken...@suse.com
+
+- Fix build against OpenSSL 1.1. Remove lock on 1.0.x libs
+ adds vsftpd-3.0.3-build-with-openssl-1.1.patch
+ (bsc#1042673)
+
+---
New:
vsftpd-3.0.3-build-with-openssl-1.1.patch
Other differences:
--
++ vsftpd.spec ++
--- /var/tmp/diff_new_pack.RIdXrQ/_old 2017-06-15 11:18:44.290848966 +0200
+++ /var/tmp/diff_new_pack.RIdXrQ/_new 2017-06-15 11:18:44.298847836 +0200
@@ -70,15 +70,15 @@
#PATCH-FIX-UPSTREAM: bnc#970982
Patch24:vsftpd-3.0.2-wnohang.patch
Patch25:vsftpd-3.0.2-fix-chown-uploads.patch
+#FIX-FIX-OPENSUSE: bsc#1042673
+Patch26:vsftpd-3.0.3-build-with-openssl-1.1.patch
BuildRequires: libcap-devel
+BuildRequires: libopenssl-devel
BuildRequires: pam-devel
Requires: logrotate
Requires(pre): shadow
%if 0%{?suse_version} >= 1330
Requires(pre): group(nobody)
-BuildRequires: libopenssl-1_0_0-devel
-%else
-BuildRequires: libopenssl-devel
%endif
Provides: ftp-server
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -125,6 +125,7 @@
%patch23 -p1
%patch24 -p1
%patch25 -p1
+%patch26 -p1
%build
%define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP
@@ -137,7 +138,9 @@
cp %{SOURCE4} .
install -D -m 755 %{name} %{buildroot}%{_sbindir}/%{name}
install -D -m 600 %{name}.conf %{buildroot}%{_sysconfdir}/%{name}.conf
+%if 0%{?suse_version} < 1330
install -D -m 600 xinetd.d/%{name} %{buildroot}%{_sysconfdir}/xinetd.d/%{name}
+%endif
install -D -m 644 $RPM_SOURCE_DIR/%{name}.pam
%{buildroot}%{_sysconfdir}/pam.d/%{name}
install -D -m 644 $RPM_SOURCE_DIR/%{name}.logrotate
%{buildroot}%{_sysconfdir}/logrotate.d/%{name}
install -D -m 644 %{name}.conf.5 %{buildroot}/%{_mandir}/man5/%{name}.conf.5
@@ -195,7 +198,9 @@
%{_sbindir}/%{name}
%{_sbindir}/rc%{name}
%dir %{_datadir}/empty
+%if 0%{?suse_version} < 1330
%config(noreplace) %{_sysconfdir}/xinetd.d/%{name}
+%endif
%config(noreplace) %{_sysconfdir}/%{name}.conf
%config %{_sysconfdir}/pam.d/%{name}
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
++ vsftpd-3.0.3-build-with-openssl-1.1.patch ++
Index: vsftpd-3.0.3/vsf_findlibs.sh
===
--- vsftpd-3.0.3.orig/vsf_findlibs.sh
+++ vsftpd-3.0.3/vsf_findlibs.sh
@@ -72,7 +72,7 @@ locate_library /usr/shlib/librt.so && ec
locate_library /usr/lib/libsendfile.so && echo "-lsendfile";
# OpenSSL
-if find_func SSL_library_init ssl.o; then
+if find_func SSL_CTX_new ssl.o; then
echo "-lssl -lcrypto";
fi
commit vsftpd for openSUSE:Factory
Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked
in at 2020-08-21 19:01:23
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new.3399 (New)
Package is "vsftpd"
Fri Aug 21 19:01:23 2020 rev:72 rq:827923 version:3.0.3
Changes:
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes2019-12-11
12:02:59.268794296 +0100
+++ /work/SRC/openSUSE:Factory/.vsftpd.new.3399/vsftpd.changes 2020-08-21
19:01:44.072269131 +0200
@@ -1,0 +2,5 @@
+Wed Aug 19 09:46:05 UTC 2020 - Dominique Leuenberger
+
+- Use %{_prefix}/lib instead of misused %{_libexecdir}.
+
+---
Other differences:
--
++ vsftpd.spec ++
--- /var/tmp/diff_new_pack.mmogOq/_old 2020-08-21 19:01:48.176271570 +0200
+++ /var/tmp/diff_new_pack.mmogOq/_new 2020-08-21 19:01:48.176271570 +0200
@@ -1,7 +1,7 @@
#
# spec file for package vsftpd
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -32,7 +32,7 @@
Summary:Very Secure FTP Daemon - Written from Scratch
License:SUSE-GPL-2.0-with-openssl-exception
Group: Productivity/Networking/Ftp/Servers
-Url:https://security.appspot.com/vsftpd.html
+URL:https://security.appspot.com/vsftpd.html
Source0:
https://security.appspot.com/downloads/%{name}-%{version}.tar.gz
Source1:%{name}.pam
Source2:%{name}.logrotate
@@ -180,7 +180,7 @@
%endif
# install firewall information file
%if %{use_firewalld}
-install -D -m 644 %{SOURCE11}
%{buildroot}%{_libexecdir}/firewalld/services/%{name}.xml
+install -D -m 644 %{SOURCE11}
%{buildroot}%{_prefix}/lib/firewalld/services/%{name}.xml
%else
install -d %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/
install -m 644 %{SOURCE6}
%{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
@@ -243,9 +243,9 @@
%doc REWARD SPEED TODO SECURITY TUNING SIZE FAQ EXAMPLE
%doc README.SUSE
%if %{use_firewalld}
-%dir %{_libexecdir}/firewalld
-%dir %{_libexecdir}/firewalld/services
-%{_libexecdir}/firewalld/services/%{name}.xml
+%dir %{_prefix}/lib/firewalld
+%dir %{_prefix}/lib/firewalld/services
+%{_prefix}/lib/firewalld/services/%{name}.xml
%else
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
%endif
