From cf84d93545896e1da8039fb91d3679438ee53036 Mon Sep 17 00:00:00 2001 From: Jiri Skala Date: Tue, 16 Sep 2014 09:59:31 +0200 Subject: [PATCH 01/85] added appropriate values to ssl_ciphers (dh and ecdh patches) --- vsftpd-3.0.2-dh.patch | 25 ++++++++++++++----------- vsftpd-3.0.2-ecdh.patch | 28 +++++++++++++++------------- vsftpd.spec | 5 ++++- 3 files changed, 33 insertions(+), 25 deletions(-) diff --git a/vsftpd-3.0.2-dh.patch b/vsftpd-3.0.2-dh.patch index 10feef3..d5e9c1a 100644 --- a/vsftpd-3.0.2-dh.patch +++ b/vsftpd-3.0.2-dh.patch @@ -1,6 +1,6 @@ diff -up vsftpd-3.0.2/parseconf.c.dh vsftpd-3.0.2/parseconf.c ---- vsftpd-3.0.2/parseconf.c.dh 2014-06-04 09:54:43.364747051 +0200 -+++ vsftpd-3.0.2/parseconf.c 2014-06-04 09:54:43.368747052 +0200 +--- vsftpd-3.0.2/parseconf.c.dh 2014-09-15 15:07:43.719909056 +0200 ++++ vsftpd-3.0.2/parseconf.c 2014-09-15 15:07:43.724909061 +0200 @@ -176,6 +176,7 @@ parseconf_str_array[] = { "email_password_file", &tunable_email_password_file }, { "rsa_cert_file", &tunable_rsa_cert_file }, @@ -11,7 +11,7 @@ diff -up vsftpd-3.0.2/parseconf.c.dh vsftpd-3.0.2/parseconf.c { "dsa_private_key_file", &tunable_dsa_private_key_file }, diff -up vsftpd-3.0.2/ssl.c.dh vsftpd-3.0.2/ssl.c --- vsftpd-3.0.2/ssl.c.dh 2012-04-03 02:23:42.000000000 +0200 -+++ vsftpd-3.0.2/ssl.c 2014-06-04 09:55:59.443770325 +0200 ++++ vsftpd-3.0.2/ssl.c 2014-09-15 15:07:43.725909062 +0200 @@ -28,6 +28,8 @@ #include #include @@ -155,8 +155,8 @@ diff -up vsftpd-3.0.2/ssl.c.dh vsftpd-3.0.2/ssl.c ssl_add_entropy(struct vsf_session* p_sess) { diff -up vsftpd-3.0.2/tunables.c.dh vsftpd-3.0.2/tunables.c ---- vsftpd-3.0.2/tunables.c.dh 2014-06-04 09:54:43.364747051 +0200 -+++ vsftpd-3.0.2/tunables.c 2014-06-04 09:54:43.369747052 +0200 +--- vsftpd-3.0.2/tunables.c.dh 2014-09-15 15:07:43.720909057 +0200 ++++ vsftpd-3.0.2/tunables.c 2014-09-15 15:12:46.516209941 +0200 @@ -140,6 +140,7 @@ const char* tunable_user_sub_token; const char* tunable_email_password_file; const char* tunable_rsa_cert_file; @@ -165,17 +165,20 @@ diff -up vsftpd-3.0.2/tunables.c.dh vsftpd-3.0.2/tunables.c const char* tunable_ssl_ciphers; const char* tunable_rsa_private_key_file; const char* tunable_dsa_private_key_file; -@@ -288,6 +289,7 @@ tunables_load_defaults() +@@ -288,7 +289,9 @@ tunables_load_defaults() install_str_setting("/usr/share/ssl/certs/vsftpd.pem", &tunable_rsa_cert_file); install_str_setting(0, &tunable_dsa_cert_file); +- install_str_setting("AES128-SHA:DES-CBC3-SHA", &tunable_ssl_ciphers); + install_str_setting(0, &tunable_dh_param_file); - install_str_setting("AES128-SHA:DES-CBC3-SHA", &tunable_ssl_ciphers); ++ install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA", ++ &tunable_ssl_ciphers); install_str_setting(0, &tunable_rsa_private_key_file); install_str_setting(0, &tunable_dsa_private_key_file); + install_str_setting(0, &tunable_ca_certs_file); diff -up vsftpd-3.0.2/tunables.h.dh vsftpd-3.0.2/tunables.h ---- vsftpd-3.0.2/tunables.h.dh 2014-06-04 09:54:43.364747051 +0200 -+++ vsftpd-3.0.2/tunables.h 2014-06-04 09:54:43.369747052 +0200 +--- vsftpd-3.0.2/tunables.h.dh 2014-09-15 15:07:43.720909057 +0200 ++++ vsftpd-3.0.2/tunables.h 2014-09-15 15:07:43.725909062 +0200 @@ -142,6 +142,7 @@ extern const char* tunable_user_sub_toke extern const char* tunable_email_password_file; extern const char* tunable_rsa_cert_file; @@ -185,8 +188,8 @@ diff -up vsftpd-3.0.2/tunables.h.dh vsftpd-3.0.2/tunables.h extern const char* tunable_rsa_private_key_file; extern const char* tunable_dsa_private_key_file; diff -up vsftpd-3.0.2/vsftpd.conf.5.dh vsftpd-3.0.2/vsftpd.conf.5 ---- vsftpd-3.0.2/vsftpd.conf.5.dh 2014-06-04 09:54:43.364747051 +0200 -+++ vsftpd-3.0.2/vsftpd.conf.5 2014-06-04 09:54:43.369747052 +0200 +--- vsftpd-3.0.2/vsftpd.conf.5.dh 2014-09-15 15:07:43.720909057 +0200 ++++ vsftpd-3.0.2/vsftpd.conf.5 2014-09-15 15:07:43.725909062 +0200 @@ -893,6 +893,12 @@ to be in the same file as the certificat Default: (none) diff --git a/vsftpd-3.0.2-ecdh.patch b/vsftpd-3.0.2-ecdh.patch index 571d820..95748ed 100644 --- a/vsftpd-3.0.2-ecdh.patch +++ b/vsftpd-3.0.2-ecdh.patch @@ -1,6 +1,6 @@ diff -up vsftpd-3.0.2/parseconf.c.ecdh vsftpd-3.0.2/parseconf.c ---- vsftpd-3.0.2/parseconf.c.ecdh 2014-06-04 09:56:56.358788746 +0200 -+++ vsftpd-3.0.2/parseconf.c 2014-06-04 09:56:56.360788747 +0200 +--- vsftpd-3.0.2/parseconf.c.ecdh 2014-09-15 15:49:48.801315298 +0200 ++++ vsftpd-3.0.2/parseconf.c 2014-09-15 15:49:48.804315301 +0200 @@ -177,6 +177,7 @@ parseconf_str_array[] = { "rsa_cert_file", &tunable_rsa_cert_file }, { "dsa_cert_file", &tunable_dsa_cert_file }, @@ -10,8 +10,8 @@ diff -up vsftpd-3.0.2/parseconf.c.ecdh vsftpd-3.0.2/parseconf.c { "rsa_private_key_file", &tunable_rsa_private_key_file }, { "dsa_private_key_file", &tunable_dsa_private_key_file }, diff -up vsftpd-3.0.2/ssl.c.ecdh vsftpd-3.0.2/ssl.c ---- vsftpd-3.0.2/ssl.c.ecdh 2014-06-04 09:56:56.358788746 +0200 -+++ vsftpd-3.0.2/ssl.c 2014-06-04 09:56:56.360788747 +0200 +--- vsftpd-3.0.2/ssl.c.ecdh 2014-09-15 15:49:48.802315299 +0200 ++++ vsftpd-3.0.2/ssl.c 2014-09-15 15:49:48.804315301 +0200 @@ -122,7 +122,7 @@ ssl_init(struct vsf_session* p_sess) { die("SSL: could not allocate SSL context"); @@ -64,8 +64,8 @@ diff -up vsftpd-3.0.2/ssl.c.ecdh vsftpd-3.0.2/ssl.c ssl_inited = 1; } diff -up vsftpd-3.0.2/tunables.c.ecdh vsftpd-3.0.2/tunables.c ---- vsftpd-3.0.2/tunables.c.ecdh 2014-06-04 09:56:56.358788746 +0200 -+++ vsftpd-3.0.2/tunables.c 2014-06-04 09:56:56.361788747 +0200 +--- vsftpd-3.0.2/tunables.c.ecdh 2014-09-15 15:49:48.802315299 +0200 ++++ vsftpd-3.0.2/tunables.c 2014-09-15 15:51:13.176386035 +0200 @@ -141,6 +141,7 @@ const char* tunable_email_password_file; const char* tunable_rsa_cert_file; const char* tunable_dsa_cert_file; @@ -74,17 +74,19 @@ diff -up vsftpd-3.0.2/tunables.c.ecdh vsftpd-3.0.2/tunables.c const char* tunable_ssl_ciphers; const char* tunable_rsa_private_key_file; const char* tunable_dsa_private_key_file; -@@ -290,6 +291,7 @@ tunables_load_defaults() +@@ -290,7 +291,8 @@ tunables_load_defaults() &tunable_rsa_cert_file); install_str_setting(0, &tunable_dsa_cert_file); install_str_setting(0, &tunable_dh_param_file); +- install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA", + install_str_setting(0, &tunable_ecdh_param_file); - install_str_setting("AES128-SHA:DES-CBC3-SHA", &tunable_ssl_ciphers); ++ install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA", + &tunable_ssl_ciphers); install_str_setting(0, &tunable_rsa_private_key_file); install_str_setting(0, &tunable_dsa_private_key_file); diff -up vsftpd-3.0.2/tunables.h.ecdh vsftpd-3.0.2/tunables.h ---- vsftpd-3.0.2/tunables.h.ecdh 2014-06-04 09:56:56.359788746 +0200 -+++ vsftpd-3.0.2/tunables.h 2014-06-04 09:56:56.361788747 +0200 +--- vsftpd-3.0.2/tunables.h.ecdh 2014-09-15 15:49:48.802315299 +0200 ++++ vsftpd-3.0.2/tunables.h 2014-09-15 15:49:48.804315301 +0200 @@ -143,6 +143,7 @@ extern const char* tunable_email_passwor extern const char* tunable_rsa_cert_file; extern const char* tunable_dsa_cert_file; @@ -94,9 +96,9 @@ diff -up vsftpd-3.0.2/tunables.h.ecdh vsftpd-3.0.2/tunables.h extern const char* tunable_rsa_private_key_file; extern const char* tunable_dsa_private_key_file; diff -up vsftpd-3.0.2/vsftpd.conf.5.ecdh vsftpd-3.0.2/vsftpd.conf.5 ---- vsftpd-3.0.2/vsftpd.conf.5.ecdh 2014-06-04 09:56:56.359788746 +0200 -+++ vsftpd-3.0.2/vsftpd.conf.5 2014-06-04 09:56:56.361788747 +0200 -@@ -899,6 +899,14 @@ ephemeral Diffie-Hellman key exchange in +--- vsftpd-3.0.2/vsftpd.conf.5.ecdh 2014-09-15 15:49:48.802315299 +0200 ++++ vsftpd-3.0.2/vsftpd.conf.5 2014-09-15 15:49:48.806315302 +0200 +@@ -899,6 +915,14 @@ ephemeral Diffie-Hellman key exchange in Default: (none - use built in parameters appropriate for certificate key size) .TP diff --git a/vsftpd.spec b/vsftpd.spec index 9b3e3fc..7b20e24 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -3,7 +3,7 @@ Name: vsftpd Version: 3.0.2 -Release: 12%{?dist} +Release: 13%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -167,6 +167,9 @@ rm -rf $RPM_BUILD_ROOT %{_var}/ftp %changelog +* Tue Sep 16 2014 Jiri Skala - 3.0.2-13 +- added appropriate values to ssl_ciphers (dh and ecdh patches) + * Mon Aug 18 2014 Fedora Release Engineering - 3.0.2-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild From d389529825e90fd846bba0dc506fa4e3e781d811 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Fri, 19 Jun 2015 02:09:49 +0000 Subject: [PATCH 02/85] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild --- vsftpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index 7b20e24..2e7c5e1 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -3,7 +3,7 @@ Name: vsftpd Version: 3.0.2 -Release: 13%{?dist} +Release: 14%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -167,6 +167,9 @@ rm -rf $RPM_BUILD_ROOT %{_var}/ftp %changelog +* Fri Jun 19 2015 Fedora Release Engineering - 3.0.2-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + * Tue Sep 16 2014 Jiri Skala - 3.0.2-13 - added appropriate values to ssl_ciphers (dh and ecdh patches) From 15b422966daf9d87b220648001a84fb503322821 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 5 Feb 2016 02:50:54 +0000 Subject: [PATCH 03/85] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild --- vsftpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index 2e7c5e1..80581cd 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -3,7 +3,7 @@ Name: vsftpd Version: 3.0.2 -Release: 14%{?dist} +Release: 15%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -167,6 +167,9 @@ rm -rf $RPM_BUILD_ROOT %{_var}/ftp %changelog +* Fri Feb 05 2016 Fedora Release Engineering - 3.0.2-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + * Fri Jun 19 2015 Fedora Release Engineering - 3.0.2-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild From 8167548a23300e20ba65871e2e5834fd74934298 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Thu, 17 Mar 2016 14:10:03 +0100 Subject: [PATCH 04/85] Update to 3.0.3 version --- .gitignore | 1 + sources | 2 +- vsftpd-2.0.5-fix_qm.patch | 26 + vsftpd-2.1.0-build_ssl.patch | 19 +- vsftpd-2.1.0-configuration.patch | 382 ++++---- vsftpd-2.1.0-filter.patch | 41 +- vsftpd-2.1.0-libs.patch | 21 +- vsftpd-2.1.0-pam_hostname.patch | 27 +- vsftpd-2.1.0-tcp_wrappers.patch | 19 +- vsftpd-2.1.0-trim.patch | 59 +- vsftpd-2.1.0-userlist_log.patch | 81 +- vsftpd-2.1.1-daemonize_plus.patch | 51 +- vsftpd-2.2.0-wildchar.patch | 21 +- vsftpd-2.2.2-clone.patch | 23 +- vsftpd-2.2.2-nfs-fail.patch | 1501 +++++++++++++++++++++++++++++ vsftpd-2.3.4-listen_ipv6.patch | 34 +- vsftpd-2.3.4-sd.patch | 29 +- vsftpd-2.3.4-sqb.patch | 36 +- vsftpd-2.3.5-aslim.patch | 8 +- vsftpd-3.0.0-logrotate.patch | 19 +- vsftpd-3.0.0-tz.patch | 21 +- vsftpd-3.0.0-xferlog.patch | 19 +- vsftpd-3.0.2-dh.patch | 63 +- vsftpd-3.0.2-docupd.patch | 19 +- vsftpd-3.0.2-ecdh.patch | 57 +- vsftpd-3.0.2-lookup.patch | 57 +- vsftpd-3.0.2-rc450.patch | 45 +- vsftpd-3.0.2-uint-uidgid.patch | 71 +- vsftpd-close-std-fds.patch | 21 +- vsftpd.spec | 17 +- 30 files changed, 2364 insertions(+), 426 deletions(-) create mode 100644 vsftpd-2.0.5-fix_qm.patch create mode 100644 vsftpd-2.2.2-nfs-fail.patch diff --git a/.gitignore b/.gitignore index a67692a..811254b 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ vsftpd-2.3.2.tar.gz /vsftpd-3.0.0.tar.gz /vsftpd-3.0.1.tar.gz /vsftpd-3.0.2.tar.gz +/vsftpd-3.0.3.tar.gz diff --git a/sources b/sources index a0f6918..b94676e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -8b00c749719089401315bd3c44dddbb2 vsftpd-3.0.2.tar.gz +da119d084bd3f98664636ea05b5bb398 vsftpd-3.0.3.tar.gz diff --git a/vsftpd-2.0.5-fix_qm.patch b/vsftpd-2.0.5-fix_qm.patch new file mode 100644 index 0000000..1890624 --- /dev/null +++ b/vsftpd-2.0.5-fix_qm.patch @@ -0,0 +1,26 @@ +From cdcb1c5f660fb4f72b4896f5145a34e9dd158252 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 17 Mar 2016 12:00:34 +0100 +Subject: [PATCH 26/26] Applied vsftpd-2.0.5-fix_qm.patch + +--- + ls.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/ls.c b/ls.c +index f18791d..de68c30 100644 +--- a/ls.c ++++ b/ls.c +@@ -459,7 +459,8 @@ vsf_filename_passes_filter(const struct mystr* p_filename_str, + must_match_at_current_pos = 0; + } + } while (locate_result.found && +- str_getlen(&name_remain_str) > 0 && last_token != '*'); ++ str_getlen(&name_remain_str) > 0 && ++ last_token != '*' && last_token != '?'); + } + /* Any incoming string left means no match unless we ended on the correct + * type of wildcard. +-- +2.5.0 + diff --git a/vsftpd-2.1.0-build_ssl.patch b/vsftpd-2.1.0-build_ssl.patch index e2ca633..ce183b5 100644 --- a/vsftpd-2.1.0-build_ssl.patch +++ b/vsftpd-2.1.0-build_ssl.patch @@ -1,6 +1,16 @@ -diff -up vsftpd-2.1.0/builddefs.h.build_ssl vsftpd-2.1.0/builddefs.h ---- vsftpd-2.1.0/builddefs.h.build_ssl 2009-01-08 18:49:33.000000000 +0100 -+++ vsftpd-2.1.0/builddefs.h 2009-01-08 18:49:41.000000000 +0100 +From 2ee718251d602abf6f4c5bb2fc6d829e32d3f3e1 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 17 Mar 2016 11:44:45 +0100 +Subject: [PATCH 02/26] Applied vsftpd-2.1.0-build_ssl.patch + +--- + builddefs.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/builddefs.h b/builddefs.h +index e908352..63cc62b 100644 +--- a/builddefs.h ++++ b/builddefs.h @@ -3,7 +3,7 @@ #undef VSF_BUILD_TCPWRAPPERS @@ -10,3 +20,6 @@ diff -up vsftpd-2.1.0/builddefs.h.build_ssl vsftpd-2.1.0/builddefs.h #endif /* VSF_BUILDDEFS_H */ +-- +2.5.0 + diff --git a/vsftpd-2.1.0-configuration.patch b/vsftpd-2.1.0-configuration.patch index 5f04dea..5675351 100644 --- a/vsftpd-2.1.0-configuration.patch +++ b/vsftpd-2.1.0-configuration.patch @@ -1,37 +1,27 @@ -diff -up vsftpd-2.2.0/defs.h.configuration vsftpd-2.2.0/defs.h ---- vsftpd-2.2.0/defs.h.configuration 2009-01-07 21:22:22.000000000 +0100 -+++ vsftpd-2.2.0/defs.h 2009-08-04 07:37:01.000000000 +0200 -@@ -1,7 +1,7 @@ - #ifndef VSF_DEFS_H - #define VSF_DEFS_H - --#define VSFTP_DEFAULT_CONFIG "/etc/vsftpd.conf" -+#define VSFTP_DEFAULT_CONFIG "/etc/vsftpd/vsftpd.conf" - - #define VSFTP_COMMAND_FD 0 - -diff -up vsftpd-2.2.0/EXAMPLE/INTERNET_SITE_NOINETD/README.configuration vsftpd-2.2.0/EXAMPLE/INTERNET_SITE_NOINETD/README ---- vsftpd-2.2.0/EXAMPLE/INTERNET_SITE_NOINETD/README.configuration 2008-02-02 02:30:40.000000000 +0100 -+++ vsftpd-2.2.0/EXAMPLE/INTERNET_SITE_NOINETD/README 2009-08-04 07:37:01.000000000 +0200 -@@ -17,7 +17,7 @@ even per-connect-IP configurability. - - To use this example config: - --1) Copy the vsftpd.conf file in this directory to /etc/vsftpd.conf. -+1) Copy the vsftpd.conf file in this directory to /etc/vsftpd/vsftpd.conf. - - 2) Start up vsftpd, e.g. - vsftpd & -@@ -51,5 +51,5 @@ in the vsftpd.conf: - listen_address=192.168.1.2 - - And launch vsftpd with a specific config file like this: --vsftpd /etc/vsftpd.conf.site1 & -+vsftpd /etc/vsftpd/vsftpd.conf.site1 & - -diff -up vsftpd-2.2.0/EXAMPLE/INTERNET_SITE/README.configuration vsftpd-2.2.0/EXAMPLE/INTERNET_SITE/README ---- vsftpd-2.2.0/EXAMPLE/INTERNET_SITE/README.configuration 2008-02-02 02:30:40.000000000 +0100 -+++ vsftpd-2.2.0/EXAMPLE/INTERNET_SITE/README 2009-08-04 07:37:01.000000000 +0200 +From 4c4dcfaa65c86da78d2cf49f0f4a5c8d63a78d3a Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 17 Mar 2016 11:44:45 +0100 +Subject: [PATCH 04/26] Applied vsftpd-2.1.0-configuration.patch + +--- + EXAMPLE/INTERNET_SITE/README | 6 +++--- + EXAMPLE/INTERNET_SITE_NOINETD/README | 4 ++-- + EXAMPLE/PER_IP_CONFIG/README | 4 ++-- + EXAMPLE/VIRTUAL_USERS/README | 14 +++++++------- + FAQ | 8 ++++---- + INSTALL | 10 +++++----- + README | 5 +++++ + defs.h | 2 +- + tunables.c | 10 +++++----- + vsftpd.8 | 10 +++++----- + vsftpd.conf | 20 +++++++++++++------- + vsftpd.conf.5 | 22 +++++++++++----------- + 12 files changed, 63 insertions(+), 52 deletions(-) + +diff --git a/EXAMPLE/INTERNET_SITE/README b/EXAMPLE/INTERNET_SITE/README +index 12b10a5..fe3d7ca 100644 +--- a/EXAMPLE/INTERNET_SITE/README ++++ b/EXAMPLE/INTERNET_SITE/README @@ -41,13 +41,13 @@ no_access = 192.168.1.3 As an example of how to ban certain sites from connecting, 192.168.1.3 will be denied access. @@ -48,7 +38,7 @@ diff -up vsftpd-2.2.0/EXAMPLE/INTERNET_SITE/README.configuration vsftpd-2.2.0/EX log_on_success += PID HOST DURATION log_on_failure += HOST -@@ -62,7 +62,7 @@ Step 2) Set up your vsftpd configuration +@@ -62,7 +62,7 @@ Step 2) Set up your vsftpd configuration file. An example file is supplied. Install it like this: @@ -57,10 +47,31 @@ diff -up vsftpd-2.2.0/EXAMPLE/INTERNET_SITE/README.configuration vsftpd-2.2.0/EX Let's example the contents of the file: -diff -up vsftpd-2.2.0/EXAMPLE/PER_IP_CONFIG/README.configuration vsftpd-2.2.0/EXAMPLE/PER_IP_CONFIG/README ---- vsftpd-2.2.0/EXAMPLE/PER_IP_CONFIG/README.configuration 2008-02-02 02:30:40.000000000 +0100 -+++ vsftpd-2.2.0/EXAMPLE/PER_IP_CONFIG/README 2009-08-04 07:37:01.000000000 +0200 -@@ -20,12 +20,12 @@ directory: hosts.allow. It lives at /etc +diff --git a/EXAMPLE/INTERNET_SITE_NOINETD/README b/EXAMPLE/INTERNET_SITE_NOINETD/README +index ce17af2..9198c5f 100644 +--- a/EXAMPLE/INTERNET_SITE_NOINETD/README ++++ b/EXAMPLE/INTERNET_SITE_NOINETD/README +@@ -17,7 +17,7 @@ even per-connect-IP configurability. + + To use this example config: + +-1) Copy the vsftpd.conf file in this directory to /etc/vsftpd.conf. ++1) Copy the vsftpd.conf file in this directory to /etc/vsftpd/vsftpd.conf. + + 2) Start up vsftpd, e.g. + vsftpd & +@@ -51,5 +51,5 @@ in the vsftpd.conf: + listen_address=192.168.1.2 + + And launch vsftpd with a specific config file like this: +-vsftpd /etc/vsftpd.conf.site1 & ++vsftpd /etc/vsftpd/vsftpd.conf.site1 & + +diff --git a/EXAMPLE/PER_IP_CONFIG/README b/EXAMPLE/PER_IP_CONFIG/README +index a9ef352..34924d5 100644 +--- a/EXAMPLE/PER_IP_CONFIG/README ++++ b/EXAMPLE/PER_IP_CONFIG/README +@@ -20,12 +20,12 @@ directory: hosts.allow. It lives at /etc/hosts.allow. Let's have a look at the example: @@ -75,10 +86,11 @@ diff -up vsftpd-2.2.0/EXAMPLE/PER_IP_CONFIG/README.configuration vsftpd-2.2.0/EX applied ON TOP of the default vsftpd.conf. This is obviously very powerful. You might use this to apply different access restrictions for some IPs (e.g. the ability to upload). -diff -up vsftpd-2.2.0/EXAMPLE/VIRTUAL_USERS/README.configuration vsftpd-2.2.0/EXAMPLE/VIRTUAL_USERS/README ---- vsftpd-2.2.0/EXAMPLE/VIRTUAL_USERS/README.configuration 2008-02-02 02:30:40.000000000 +0100 -+++ vsftpd-2.2.0/EXAMPLE/VIRTUAL_USERS/README 2009-08-04 07:37:01.000000000 +0200 -@@ -15,7 +15,7 @@ See example file "logins.txt" - this spe +diff --git a/EXAMPLE/VIRTUAL_USERS/README b/EXAMPLE/VIRTUAL_USERS/README +index b48995d..72972fa 100644 +--- a/EXAMPLE/VIRTUAL_USERS/README ++++ b/EXAMPLE/VIRTUAL_USERS/README +@@ -15,7 +15,7 @@ See example file "logins.txt" - this specifies "tom" with password "foo" and "fred" with password "bar". Whilst logged in as root, create the actual database file like this: @@ -87,7 +99,7 @@ diff -up vsftpd-2.2.0/EXAMPLE/VIRTUAL_USERS/README.configuration vsftpd-2.2.0/EX (Requires the Berkeley db program installed). NOTE: Many systems have multiple versions of "db" installed, so you may need to use e.g. db3_load for correct operation. This is known to affect -@@ -23,10 +23,10 @@ some Debian systems. The core issue is t +@@ -23,10 +23,10 @@ some Debian systems. The core issue is that pam_userdb expects its login database to be a specific db version (often db3, whereas db4 may be installed on your system). @@ -100,7 +112,7 @@ diff -up vsftpd-2.2.0/EXAMPLE/VIRTUAL_USERS/README.configuration vsftpd-2.2.0/EX For more information on maintaing your login database, look around for documentation on "Berkeley DB", e.g. -@@ -37,8 +37,8 @@ Step 2) Create a PAM file which uses you +@@ -37,8 +37,8 @@ Step 2) Create a PAM file which uses your new database. See the example file vsftpd.pam. It contains two lines: @@ -123,10 +135,11 @@ diff -up vsftpd-2.2.0/EXAMPLE/VIRTUAL_USERS/README.configuration vsftpd-2.2.0/EX Step 5) Start up vsftpd. -diff -up vsftpd-2.2.0/FAQ.configuration vsftpd-2.2.0/FAQ ---- vsftpd-2.2.0/FAQ.configuration 2009-02-18 23:33:04.000000000 +0100 -+++ vsftpd-2.2.0/FAQ 2009-08-04 07:37:01.000000000 +0200 -@@ -34,7 +34,7 @@ needs this user to run bits of itself wi +diff --git a/FAQ b/FAQ +index 59fe56b..0142a0d 100644 +--- a/FAQ ++++ b/FAQ +@@ -35,7 +35,7 @@ needs this user to run bits of itself with no privilege. Q) Help! Local users cannot log in. A) There are various possible problems. A1) By default, vsftpd disables any logins other than anonymous logins. Put @@ -135,7 +148,7 @@ diff -up vsftpd-2.2.0/FAQ.configuration vsftpd-2.2.0/FAQ A2) vsftpd tries to link with PAM. (Run "ldd vsftpd" and look for libpam to find out whether this has happened or not). If vsftpd links with PAM, then you will need to have a PAM file installed for the vsftpd service. There is -@@ -46,12 +46,12 @@ system have a "shadow.h" file in the inc +@@ -47,12 +47,12 @@ system have a "shadow.h" file in the include path? A4) If you are not using PAM, then vsftpd will do its own check for a valid user shell in /etc/shells. You may need to disable this if you use an invalid shell to disable logins other than FTP logins. Put check_shell=NO in your @@ -150,7 +163,7 @@ diff -up vsftpd-2.2.0/FAQ.configuration vsftpd-2.2.0/FAQ Q) Help! What are the security implications referred to in the "chroot_local_user" option? -@@ -87,7 +87,7 @@ A2) Alternatively, run as many copies as +@@ -88,7 +88,7 @@ A2) Alternatively, run as many copies as vsftpd as necessary, in standalone mode. Use "listen_address=x.x.x.x" to set the virtual IP. Q) Help! Does vsftpd support virtual users? @@ -159,9 +172,10 @@ diff -up vsftpd-2.2.0/FAQ.configuration vsftpd-2.2.0/FAQ has the effect of mapping every non-anonymous successful login to the local username specified in "guest_username". Then, use PAM and (e.g.) its pam_userdb module to provide authentication against an external (i.e. non-/etc/passwd) -diff -up vsftpd-2.2.0/INSTALL.configuration vsftpd-2.2.0/INSTALL ---- vsftpd-2.2.0/INSTALL.configuration 2008-02-02 02:30:39.000000000 +0100 -+++ vsftpd-2.2.0/INSTALL 2009-08-04 07:37:01.000000000 +0200 +diff --git a/INSTALL b/INSTALL +index 4f811aa..93a8a81 100644 +--- a/INSTALL ++++ b/INSTALL @@ -56,14 +56,14 @@ cp vsftpd.8 /usr/local/man/man8 "make install" doesn't copy the sample config file. It is recommended you @@ -194,10 +208,11 @@ diff -up vsftpd-2.2.0/INSTALL.configuration vsftpd-2.2.0/INSTALL The default configuration allows neither local user logins nor anonymous uploads. You may wish to change these defaults. -diff -up vsftpd-2.2.0/README.configuration vsftpd-2.2.0/README ---- vsftpd-2.2.0/README.configuration 2009-07-07 22:23:22.000000000 +0200 -+++ vsftpd-2.2.0/README 2009-08-04 07:37:01.000000000 +0200 -@@ -37,3 +37,8 @@ All configuration options are documented +diff --git a/README b/README +index 86643c1..adc7f42 100644 +--- a/README ++++ b/README +@@ -37,3 +37,8 @@ All configuration options are documented in the manual page vsftpd.conf.5. Various example configurations are discussed in the EXAMPLE directory. Frequently asked questions are tackled in the FAQ file. @@ -206,10 +221,24 @@ diff -up vsftpd-2.2.0/README.configuration vsftpd-2.2.0/README +The location of configuration files was changed to /etc/vsftpd/. If you want +to migrate your old conf files from /etc (files vsftpd.xxxx.rpmsave) use +/etc/vsfptd/vsftpd_conf_migrate.sh -diff -up vsftpd-2.2.0/tunables.c.configuration vsftpd-2.2.0/tunables.c ---- vsftpd-2.2.0/tunables.c.configuration 2009-07-15 22:08:27.000000000 +0200 -+++ vsftpd-2.2.0/tunables.c 2009-08-04 07:37:01.000000000 +0200 -@@ -186,7 +186,7 @@ tunables_load_defaults() +diff --git a/defs.h b/defs.h +index 0ff5864..ca11eac 100644 +--- a/defs.h ++++ b/defs.h +@@ -1,7 +1,7 @@ + #ifndef VSF_DEFS_H + #define VSF_DEFS_H + +-#define VSFTP_DEFAULT_CONFIG "/etc/vsftpd.conf" ++#define VSFTP_DEFAULT_CONFIG "/etc/vsftpd/vsftpd.conf" + + #define VSFTP_COMMAND_FD 0 + +diff --git a/tunables.c b/tunables.c +index 284a10d..0ac4c34 100644 +--- a/tunables.c ++++ b/tunables.c +@@ -190,7 +190,7 @@ tunables_load_defaults() tunable_listen_ipv6 = 0; tunable_dual_log_enable = 0; tunable_syslog_enable = 0; @@ -218,7 +247,7 @@ diff -up vsftpd-2.2.0/tunables.c.configuration vsftpd-2.2.0/tunables.c tunable_virtual_use_local_privs = 0; tunable_session_support = 0; tunable_download_enable = 1; -@@ -254,11 +254,11 @@ tunables_load_defaults() +@@ -262,11 +262,11 @@ tunables_load_defaults() install_str_setting(".message", &tunable_message_file); install_str_setting("nobody", &tunable_nopriv_user); install_str_setting(0, &tunable_ftpd_banner); @@ -233,7 +262,7 @@ diff -up vsftpd-2.2.0/tunables.c.configuration vsftpd-2.2.0/tunables.c install_str_setting(0, &tunable_anon_root); install_str_setting(0, &tunable_local_root); install_str_setting(0, &tunable_banner_file); -@@ -271,7 +271,7 @@ tunables_load_defaults() +@@ -279,7 +279,7 @@ tunables_load_defaults() install_str_setting(0, &tunable_hide_file); install_str_setting(0, &tunable_deny_file); install_str_setting(0, &tunable_user_sub_token); @@ -242,10 +271,11 @@ diff -up vsftpd-2.2.0/tunables.c.configuration vsftpd-2.2.0/tunables.c &tunable_email_password_file); install_str_setting("/usr/share/ssl/certs/vsftpd.pem", &tunable_rsa_cert_file); -diff -up vsftpd-2.2.0/vsftpd.8.configuration vsftpd-2.2.0/vsftpd.8 ---- vsftpd-2.2.0/vsftpd.8.configuration 2009-07-17 22:56:23.000000000 +0200 -+++ vsftpd-2.2.0/vsftpd.8 2009-08-04 07:40:27.000000000 +0200 -@@ -21,7 +21,7 @@ itself will listen on the network. This +diff --git a/vsftpd.8 b/vsftpd.8 +index 6640b57..c920e7d 100644 +--- a/vsftpd.8 ++++ b/vsftpd.8 +@@ -21,7 +21,7 @@ itself will listen on the network. This latter mode is easier to use, and recommended. It is activated by setting .Pa listen=YES in @@ -254,7 +284,7 @@ diff -up vsftpd-2.2.0/vsftpd.8.configuration vsftpd-2.2.0/vsftpd.8 Direct execution of the .Nm vsftpd binary will then launch the FTP service ready for immediate client connections. -@@ -33,7 +33,7 @@ as root. Any command line option not sta +@@ -33,7 +33,7 @@ as root. Any command line option not starting with a "-" character is treated as a config file that will be loaded. Note that config files are loaded in the strict order that they are encountered on the command line. If no config files are specified, the default configuration file of @@ -263,7 +293,7 @@ diff -up vsftpd-2.2.0/vsftpd.8.configuration vsftpd-2.2.0/vsftpd.8 will be loaded, after all other command line options are processed. .Pp Supported options are: -@@ -47,14 +47,14 @@ their appearance on the command line, in +@@ -47,14 +47,14 @@ their appearance on the command line, including intermingling with loading of config files. .El .Sh EXAMPLES @@ -281,105 +311,10 @@ diff -up vsftpd-2.2.0/vsftpd.8.configuration vsftpd-2.2.0/vsftpd.8 .Sh SEE ALSO .Xr vsftpd.conf 5 .end -diff -up vsftpd-2.2.0/vsftpd.conf.5.configuration vsftpd-2.2.0/vsftpd.conf.5 ---- vsftpd-2.2.0/vsftpd.conf.5.configuration 2009-07-17 22:57:04.000000000 +0200 -+++ vsftpd-2.2.0/vsftpd.conf.5 2009-08-04 07:37:01.000000000 +0200 -@@ -4,7 +4,7 @@ vsftpd.conf \- config file for vsftpd - .SH DESCRIPTION - vsftpd.conf may be used to control various aspects of vsftpd's behaviour. By - default, vsftpd looks for this file at the location --.BR /etc/vsftpd.conf . -+.BR /etc/vsftpd/vsftpd.conf . - However, you may override this by specifying a command line argument to - vsftpd. The command line argument is the pathname of the configuration file - for vsftpd. This behaviour is useful because you may wish to use an advanced -@@ -110,7 +110,7 @@ When enabled, and vsftpd is started in " - the listener process. i.e. control will immediately be returned to the shell - which launched vsftpd. - --Default: NO -+Default: YES - .TP - .B check_shell - Note! This option only has an effect for non-PAM builds of vsftpd. If disabled, -@@ -138,7 +138,7 @@ chroot() jail in their home directory up - different if chroot_local_user is set to YES. In this case, the list becomes - a list of users which are NOT to be placed in a chroot() jail. - By default, the file containing this list is --/etc/vsftpd.chroot_list, but you may override this with the -+/etc/vsftpd/chroot_list, but you may override this with the - .BR chroot_list_file - setting. - -@@ -177,7 +177,7 @@ Default: NO - .B deny_email_enable - If activated, you may provide a list of anonymous password e-mail responses - which cause login to be denied. By default, the file containing this list is --/etc/vsftpd.banned_emails, but you may override this with the -+/etc/vsftpd/banned_emails, but you may override this with the - .BR banned_email_file - setting. - -@@ -433,7 +433,7 @@ anonymous logins are prevented unless th - file specified by the - .BR email_password_file - setting. The file format is one password per line, no extra whitespace. The --default filename is /etc/vsftpd.email_passwords. -+default filename is /etc/vsftpd/email_passwords. - - Default: NO - .TP -@@ -764,7 +764,7 @@ passwords which are not permitted. This - .BR deny_email_enable - is enabled. - --Default: /etc/vsftpd.banned_emails -+Default: /etc/vsftpd/banned_emails - .TP - .B banner_file - This option is the name of a file containing text to display when someone -@@ -801,7 +801,7 @@ is enabled. If the option - is enabled, then the list file becomes a list of users to NOT place in a - chroot() jail. - --Default: /etc/vsftpd.chroot_list -+Default: /etvsftpd.confc/vsftpd.chroot_list - .TP - .B cmds_allowed - This options specifies a comma separated list of allowed FTP commands (post -@@ -862,7 +862,7 @@ This option can be used to provide an al - .BR secure_email_list_enable - setting. - --Default: /etc/vsftpd.email_passwords -+Default: /etc/vsftpd/email_passwords - .TP - .B ftp_username - This is the name of the user we use for handling anonymous FTP. The home -@@ -985,10 +985,10 @@ the manual page, on a per-user basis. Us - with an example. If you set - .BR user_config_dir - to be --.BR /etc/vsftpd_user_conf -+.BR /etc/vsftpd/user_conf - and then log on as the user "chris", then vsftpd will apply the settings in - the file --.BR /etc/vsftpd_user_conf/chris -+.BR /etc/vsftpd/user_conf/chris - for the duration of the session. The format of this file is as detailed in - this manual page! PLEASE NOTE that not all settings are effective on a - per-user basis. For example, many settings only prior to the user's session -@@ -1024,7 +1024,7 @@ This option is the name of the file load - .BR userlist_enable - option is active. - --Default: /etc/vsftpd.user_list -+Default: /etc/vsftpd/user_list - .TP - .B vsftpd_log_file - This option is the name of the file to which we write the vsftpd style ---- vsftpd-2.2.2/vsftpd.conf.configuration 2009-10-19 04:04:23.000000000 +0200 -+++ vsftpd-2.2.2/vsftpd.conf 2010-08-06 09:28:44.891173995 +0200 +diff --git a/vsftpd.conf b/vsftpd.conf +index cc1c607..db44170 100644 +--- a/vsftpd.conf ++++ b/vsftpd.conf @@ -1,4 +1,4 @@ -# Example config file /etc/vsftpd.conf +# Example config file /etc/vsftpd/vsftpd.conf @@ -410,7 +345,7 @@ diff -up vsftpd-2.2.0/vsftpd.conf.5.configuration vsftpd-2.2.0/vsftpd.conf.5 #anon_upload_enable=YES # # Uncomment this if you want the anonymous FTP user to be able to create -@@ -52,7 +54,7 @@ +@@ -52,7 +54,7 @@ connect_from_port_20=YES # # If you want, you can have your log file in standard ftpd xferlog format. # Note that the default log file location is /var/log/xferlog in this case. @@ -419,7 +354,7 @@ diff -up vsftpd-2.2.0/vsftpd.conf.5.configuration vsftpd-2.2.0/vsftpd.conf.5 # # You may change the default value for timing out an idle session. #idle_session_timeout=600 -@@ -87,7 +89,7 @@ +@@ -87,7 +89,7 @@ connect_from_port_20=YES # useful for combatting certain DoS attacks. #deny_email_enable=YES # (default follows) @@ -428,7 +363,7 @@ diff -up vsftpd-2.2.0/vsftpd.conf.5.configuration vsftpd-2.2.0/vsftpd.conf.5 # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of -@@ -95,7 +97,7 @@ +@@ -98,7 +100,7 @@ connect_from_port_20=YES #chroot_local_user=YES #chroot_list_enable=YES # (default follows) @@ -437,7 +372,7 @@ diff -up vsftpd-2.2.0/vsftpd.conf.5.configuration vsftpd-2.2.0/vsftpd.conf.5 # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large -@@ -112,3 +114,7 @@ +@@ -115,3 +117,7 @@ listen=YES # sockets, you must run two copies of vsftpd with two configuration files. # Make sure, that one of the listen options is commented !! #listen_ipv6=YES @@ -445,3 +380,104 @@ diff -up vsftpd-2.2.0/vsftpd.conf.5.configuration vsftpd-2.2.0/vsftpd.conf.5 +pam_service_name=vsftpd +userlist_enable=YES +tcp_wrappers=YES +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index fcc6022..5e46a2f 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -4,7 +4,7 @@ vsftpd.conf \- config file for vsftpd + .SH DESCRIPTION + vsftpd.conf may be used to control various aspects of vsftpd's behaviour. By + default, vsftpd looks for this file at the location +-.BR /etc/vsftpd.conf . ++.BR /etc/vsftpd/vsftpd.conf . + However, you may override this by specifying a command line argument to + vsftpd. The command line argument is the pathname of the configuration file + for vsftpd. This behaviour is useful because you may wish to use an advanced +@@ -110,7 +110,7 @@ When enabled, and vsftpd is started in "listen" mode, vsftpd will background + the listener process. i.e. control will immediately be returned to the shell + which launched vsftpd. + +-Default: NO ++Default: YES + .TP + .B check_shell + Note! This option only has an effect for non-PAM builds of vsftpd. If disabled, +@@ -138,7 +138,7 @@ chroot() jail in their home directory upon login. The meaning is slightly + different if chroot_local_user is set to YES. In this case, the list becomes + a list of users which are NOT to be placed in a chroot() jail. + By default, the file containing this list is +-/etc/vsftpd.chroot_list, but you may override this with the ++/etc/vsftpd/chroot_list, but you may override this with the + .BR chroot_list_file + setting. + +@@ -177,7 +177,7 @@ Default: NO + .B deny_email_enable + If activated, you may provide a list of anonymous password e-mail responses + which cause login to be denied. By default, the file containing this list is +-/etc/vsftpd.banned_emails, but you may override this with the ++/etc/vsftpd/banned_emails, but you may override this with the + .BR banned_email_file + setting. + +@@ -433,7 +433,7 @@ anonymous logins are prevented unless the password provided is listed in the + file specified by the + .BR email_password_file + setting. The file format is one password per line, no extra whitespace. The +-default filename is /etc/vsftpd.email_passwords. ++default filename is /etc/vsftpd/email_passwords. + + Default: NO + .TP +@@ -764,7 +764,7 @@ passwords which are not permitted. This file is consulted if the option + .BR deny_email_enable + is enabled. + +-Default: /etc/vsftpd.banned_emails ++Default: /etc/vsftpd/banned_emails + .TP + .B banner_file + This option is the name of a file containing text to display when someone +@@ -803,7 +803,7 @@ is enabled. If the option + is enabled, then the list file becomes a list of users to NOT place in a + chroot() jail. + +-Default: /etc/vsftpd.chroot_list ++Default: /etvsftpd.confc/vsftpd.chroot_list + .TP + .B cmds_allowed + This options specifies a comma separated list of allowed FTP commands (post +@@ -864,7 +864,7 @@ This option can be used to provide an alternate file for usage by the + .BR secure_email_list_enable + setting. + +-Default: /etc/vsftpd.email_passwords ++Default: /etc/vsftpd/email_passwords + .TP + .B ftp_username + This is the name of the user we use for handling anonymous FTP. The home +@@ -987,10 +987,10 @@ the manual page, on a per-user basis. Usage is simple, and is best illustrated + with an example. If you set + .BR user_config_dir + to be +-.BR /etc/vsftpd_user_conf ++.BR /etc/vsftpd/user_conf + and then log on as the user "chris", then vsftpd will apply the settings in + the file +-.BR /etc/vsftpd_user_conf/chris ++.BR /etc/vsftpd/user_conf/chris + for the duration of the session. The format of this file is as detailed in + this manual page! PLEASE NOTE that not all settings are effective on a + per-user basis. For example, many settings only prior to the user's session +@@ -1026,7 +1026,7 @@ This option is the name of the file loaded when the + .BR userlist_enable + option is active. + +-Default: /etc/vsftpd.user_list ++Default: /etc/vsftpd/user_list + .TP + .B vsftpd_log_file + This option is the name of the file to which we write the vsftpd style +-- +2.5.0 + diff --git a/vsftpd-2.1.0-filter.patch b/vsftpd-2.1.0-filter.patch index 26b6489..5632b62 100644 --- a/vsftpd-2.1.0-filter.patch +++ b/vsftpd-2.1.0-filter.patch @@ -1,7 +1,19 @@ -diff -up vsftpd-2.1.0/ls.c.filter vsftpd-2.1.0/ls.c ---- vsftpd-2.1.0/ls.c.filter 2008-02-02 02:30:41.000000000 +0100 -+++ vsftpd-2.1.0/ls.c 2009-01-08 19:31:15.000000000 +0100 -@@ -239,9 +239,31 @@ vsf_filename_passes_filter(const struct +From d8f1f584c96d3449265a54fa62c5944b1b7c915c Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 17 Mar 2016 11:44:45 +0100 +Subject: [PATCH 07/26] Applied vsftpd-2.1.0-filter.patch + +--- + ls.c | 26 ++++++++++++++++++++++++-- + str.c | 11 +++++++++++ + str.h | 1 + + 3 files changed, 36 insertions(+), 2 deletions(-) + +diff --git a/ls.c b/ls.c +index 7e1376d..e9302dd 100644 +--- a/ls.c ++++ b/ls.c +@@ -246,9 +246,31 @@ vsf_filename_passes_filter(const struct mystr* p_filename_str, int ret = 0; char last_token = 0; int must_match_at_current_pos = 1; @@ -35,10 +47,11 @@ diff -up vsftpd-2.1.0/ls.c.filter vsftpd-2.1.0/ls.c while (!str_isempty(&filter_remain_str) && *iters < VSFTP_MATCHITERS_MAX) { static struct mystr s_match_needed_str; -diff -up vsftpd-2.1.0/str.c.filter vsftpd-2.1.0/str.c ---- vsftpd-2.1.0/str.c.filter 2008-12-17 06:54:16.000000000 +0100 -+++ vsftpd-2.1.0/str.c 2009-01-08 19:31:15.000000000 +0100 -@@ -680,3 +680,14 @@ str_replace_unprintable(struct mystr* p_ +diff --git a/str.c b/str.c +index 6596204..ba4b92a 100644 +--- a/str.c ++++ b/str.c +@@ -711,3 +711,14 @@ str_replace_unprintable(struct mystr* p_str, char new_char) } } @@ -53,10 +66,11 @@ diff -up vsftpd-2.1.0/str.c.filter vsftpd-2.1.0/str.c + if (str_isempty(d_str)) + str_copy (d_str, path); +} -diff -up vsftpd-2.1.0/str.h.filter vsftpd-2.1.0/str.h ---- vsftpd-2.1.0/str.h.filter 2008-12-17 06:53:23.000000000 +0100 -+++ vsftpd-2.1.0/str.h 2009-01-08 19:32:14.000000000 +0100 -@@ -100,6 +100,7 @@ void str_replace_unprintable(struct myst +diff --git a/str.h b/str.h +index ab0a9a4..3a21b50 100644 +--- a/str.h ++++ b/str.h +@@ -100,6 +100,7 @@ void str_replace_unprintable(struct mystr* p_str, char new_char); int str_atoi(const struct mystr* p_str); filesize_t str_a_to_filesize_t(const struct mystr* p_str); unsigned int str_octal_to_uint(const struct mystr* p_str); @@ -64,3 +78,6 @@ diff -up vsftpd-2.1.0/str.h.filter vsftpd-2.1.0/str.h /* PURPOSE: Extract a line of text (delimited by \n or EOF) from a string * buffer, starting at character position 'p_pos'. The extracted line will +-- +2.5.0 + diff --git a/vsftpd-2.1.0-libs.patch b/vsftpd-2.1.0-libs.patch index 062ac6f..1bfa426 100644 --- a/vsftpd-2.1.0-libs.patch +++ b/vsftpd-2.1.0-libs.patch @@ -1,7 +1,17 @@ -diff -up vsftpd-3.0.0/Makefile.libs vsftpd-3.0.0/Makefile ---- vsftpd-3.0.0/Makefile.libs 2012-04-03 09:21:18.000000000 +0200 -+++ vsftpd-3.0.0/Makefile 2012-04-10 21:20:39.377248990 +0200 -@@ -8,7 +8,7 @@ CFLAGS = -O2 -fPIE -fstack-protector --p +From e007fc137c6bee2d359af9cfc88cd01fb672cc1e Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 17 Mar 2016 11:44:45 +0100 +Subject: [PATCH 01/26] Applied vsftpd-2.1.0-libs.patch + +--- + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile b/Makefile +index c63ed1b..98118dc 100644 +--- a/Makefile ++++ b/Makefile +@@ -8,7 +8,7 @@ CFLAGS = -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 \ -D_FORTIFY_SOURCE=2 \ #-pedantic -Wconversion @@ -10,3 +20,6 @@ diff -up vsftpd-3.0.0/Makefile.libs vsftpd-3.0.0/Makefile LINK = -Wl,-s LDFLAGS = -fPIE -pie -Wl,-z,relro -Wl,-z,now +-- +2.5.0 + diff --git a/vsftpd-2.1.0-pam_hostname.patch b/vsftpd-2.1.0-pam_hostname.patch index c3d8b1e..f523d30 100644 --- a/vsftpd-2.1.0-pam_hostname.patch +++ b/vsftpd-2.1.0-pam_hostname.patch @@ -1,6 +1,16 @@ -diff -up vsftpd-2.2.0/sysdeputil.c.pam_hostname vsftpd-2.2.0/sysdeputil.c ---- vsftpd-2.2.0/sysdeputil.c.pam_hostname 2009-08-08 03:51:10.000000000 +0200 -+++ vsftpd-2.2.0/sysdeputil.c 2009-08-24 12:24:07.220623773 +0200 +From fb9754bb10105b6c23d355fd448f55ab94c704b8 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 17 Mar 2016 11:44:45 +0100 +Subject: [PATCH 05/26] Applied vsftpd-2.1.0-pam_hostname.patch + +--- + sysdeputil.c | 19 ++++++++++++++++--- + 1 file changed, 16 insertions(+), 3 deletions(-) + +diff --git a/sysdeputil.c b/sysdeputil.c +index 06f01f4..b2782da 100644 +--- a/sysdeputil.c ++++ b/sysdeputil.c @@ -16,6 +16,10 @@ #include "tunables.h" #include "builddefs.h" @@ -12,7 +22,7 @@ diff -up vsftpd-2.2.0/sysdeputil.c.pam_hostname vsftpd-2.2.0/sysdeputil.c /* For Linux, this adds nothing :-) */ #include "port/porting_junk.h" -@@ -325,6 +329,10 @@ vsf_sysdep_check_auth(struct mystr* p_us +@@ -323,6 +327,10 @@ vsf_sysdep_check_auth(struct mystr* p_user_str, const struct mystr* p_remote_host) { int retval = -1; @@ -23,7 +33,7 @@ diff -up vsftpd-2.2.0/sysdeputil.c.pam_hostname vsftpd-2.2.0/sysdeputil.c pam_item_t item; const char* pam_user_name = 0; struct pam_conv the_conv = -@@ -345,7 +353,12 @@ vsf_sysdep_check_auth(struct mystr* p_us +@@ -346,7 +354,12 @@ vsf_sysdep_check_auth(struct mystr* p_user_str, return 0; } #ifdef PAM_RHOST @@ -37,7 +47,7 @@ diff -up vsftpd-2.2.0/sysdeputil.c.pam_hostname vsftpd-2.2.0/sysdeputil.c if (retval != PAM_SUCCESS) { (void) pam_end(s_pamh, retval); -@@ -558,7 +571,7 @@ vsf_sysdep_has_capabilities(void) +@@ -559,7 +572,7 @@ vsf_sysdep_has_capabilities(void) } return s_runtime_has_caps; } @@ -46,7 +56,7 @@ diff -up vsftpd-2.2.0/sysdeputil.c.pam_hostname vsftpd-2.2.0/sysdeputil.c #ifndef VSF_SYSDEP_HAVE_LIBCAP static int do_checkcap(void) -@@ -1080,7 +1093,7 @@ vsf_sysutil_recv_fd(const int sock_fd) +@@ -1081,7 +1094,7 @@ vsf_sysutil_recv_fd(const int sock_fd) msg.msg_flags = 0; /* In case something goes wrong, set the fd to -1 before the syscall */ p_fd = (int*)CMSG_DATA(CMSG_FIRSTHDR(&msg)); @@ -55,3 +65,6 @@ diff -up vsftpd-2.2.0/sysdeputil.c.pam_hostname vsftpd-2.2.0/sysdeputil.c retval = recvmsg(sock_fd, &msg, 0); if (retval != 1) { +-- +2.5.0 + diff --git a/vsftpd-2.1.0-tcp_wrappers.patch b/vsftpd-2.1.0-tcp_wrappers.patch index dc0bbce..4fe87d4 100644 --- a/vsftpd-2.1.0-tcp_wrappers.patch +++ b/vsftpd-2.1.0-tcp_wrappers.patch @@ -1,6 +1,16 @@ -diff -up vsftpd-2.1.0/builddefs.h.tcp_wrappers vsftpd-2.1.0/builddefs.h ---- vsftpd-2.1.0/builddefs.h.tcp_wrappers 2009-01-08 18:52:46.000000000 +0100 -+++ vsftpd-2.1.0/builddefs.h 2009-01-08 18:52:56.000000000 +0100 +From 3e01cb1388681f8a956c954570db4fe8ac61d1bc Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 17 Mar 2016 11:44:45 +0100 +Subject: [PATCH 03/26] Applied vsftpd-2.1.0-tcp_wrappers.patch + +--- + builddefs.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/builddefs.h b/builddefs.h +index 63cc62b..83de674 100644 +--- a/builddefs.h ++++ b/builddefs.h @@ -1,7 +1,7 @@ #ifndef VSF_BUILDDEFS_H #define VSF_BUILDDEFS_H @@ -10,3 +20,6 @@ diff -up vsftpd-2.1.0/builddefs.h.tcp_wrappers vsftpd-2.1.0/builddefs.h #define VSF_BUILD_PAM #define VSF_BUILD_SSL +-- +2.5.0 + diff --git a/vsftpd-2.1.0-trim.patch b/vsftpd-2.1.0-trim.patch index d80616d..8de7c1b 100644 --- a/vsftpd-2.1.0-trim.patch +++ b/vsftpd-2.1.0-trim.patch @@ -1,7 +1,21 @@ -diff -up vsftpd-2.2.0/parseconf.c.trim vsftpd-2.2.0/parseconf.c ---- vsftpd-2.2.0/parseconf.c.trim 2009-08-04 08:01:10.000000000 +0200 -+++ vsftpd-2.2.0/parseconf.c 2009-08-04 08:10:49.000000000 +0200 -@@ -275,7 +275,7 @@ vsf_parseconf_load_setting(const char* p +From aea6f1b484d06c56f636ae5ed7df232d6a94f57a Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 17 Mar 2016 11:44:45 +0100 +Subject: [PATCH 09/26] Applied vsftpd-2.1.0-trim.patch + +--- + parseconf.c | 2 +- + str.c | 12 ++++++++++++ + str.h | 1 + + sysutil.c | 12 ++++++++++++ + sysutil.h | 1 + + 5 files changed, 27 insertions(+), 1 deletion(-) + +diff --git a/parseconf.c b/parseconf.c +index 385afd2..30df598 100644 +--- a/parseconf.c ++++ b/parseconf.c +@@ -280,7 +280,7 @@ vsf_parseconf_load_setting(const char* p_setting, int errs_fatal) } else { @@ -10,10 +24,11 @@ diff -up vsftpd-2.2.0/parseconf.c.trim vsftpd-2.2.0/parseconf.c } return; } -diff -up vsftpd-2.2.0/str.c.trim vsftpd-2.2.0/str.c ---- vsftpd-2.2.0/str.c.trim 2009-08-04 08:01:10.000000000 +0200 -+++ vsftpd-2.2.0/str.c 2009-08-04 08:01:10.000000000 +0200 -@@ -89,6 +89,18 @@ str_strdup(const struct mystr* p_str) +diff --git a/str.c b/str.c +index ba4b92a..41b27db 100644 +--- a/str.c ++++ b/str.c +@@ -104,6 +104,18 @@ str_strdup(const struct mystr* p_str) return vsf_sysutil_strdup(str_getbuf(p_str)); } @@ -32,10 +47,11 @@ diff -up vsftpd-2.2.0/str.c.trim vsftpd-2.2.0/str.c void str_alloc_alt_term(struct mystr* p_str, const char* p_src, char term) { -diff -up vsftpd-2.2.0/str.h.trim vsftpd-2.2.0/str.h ---- vsftpd-2.2.0/str.h.trim 2009-08-04 08:01:10.000000000 +0200 -+++ vsftpd-2.2.0/str.h 2009-08-04 08:01:10.000000000 +0200 -@@ -31,6 +31,7 @@ void str_alloc_ulong(struct mystr* p_str +diff --git a/str.h b/str.h +index 3a21b50..44270da 100644 +--- a/str.h ++++ b/str.h +@@ -31,6 +31,7 @@ void str_alloc_ulong(struct mystr* p_str, unsigned long the_ulong); void str_alloc_filesize_t(struct mystr* p_str, filesize_t the_filesize); void str_copy(struct mystr* p_dest, const struct mystr* p_src); const char* str_strdup(const struct mystr* p_str); @@ -43,10 +59,11 @@ diff -up vsftpd-2.2.0/str.h.trim vsftpd-2.2.0/str.h void str_empty(struct mystr* p_str); void str_free(struct mystr* p_str); void str_trunc(struct mystr* p_str, unsigned int trunc_len); -diff -up vsftpd-2.2.0/sysutil.c.trim vsftpd-2.2.0/sysutil.c ---- vsftpd-2.2.0/sysutil.c.trim 2009-07-16 05:32:21.000000000 +0200 -+++ vsftpd-2.2.0/sysutil.c 2009-08-04 08:01:10.000000000 +0200 -@@ -1032,6 +1032,18 @@ vsf_sysutil_strdup(const char* p_str) +diff --git a/sysutil.c b/sysutil.c +index 5cdb6ef..428a34a 100644 +--- a/sysutil.c ++++ b/sysutil.c +@@ -1035,6 +1035,18 @@ vsf_sysutil_strdup(const char* p_str) return strdup(p_str); } @@ -65,9 +82,10 @@ diff -up vsftpd-2.2.0/sysutil.c.trim vsftpd-2.2.0/sysutil.c void vsf_sysutil_memclr(void* p_dest, unsigned int size) { -diff -up vsftpd-2.2.0/sysutil.h.trim vsftpd-2.2.0/sysutil.h ---- vsftpd-2.2.0/sysutil.h.trim 2009-07-16 05:31:53.000000000 +0200 -+++ vsftpd-2.2.0/sysutil.h 2009-08-04 08:01:10.000000000 +0200 +diff --git a/sysutil.h b/sysutil.h +index c34778c..c2ddd15 100644 +--- a/sysutil.h ++++ b/sysutil.h @@ -186,6 +186,7 @@ int vsf_sysutil_wait_get_exitcode( /* Various string functions */ unsigned int vsf_sysutil_strlen(const char* p_text); @@ -76,3 +94,6 @@ diff -up vsftpd-2.2.0/sysutil.h.trim vsftpd-2.2.0/sysutil.h void vsf_sysutil_memclr(void* p_dest, unsigned int size); void vsf_sysutil_memcpy(void* p_dest, const void* p_src, const unsigned int size); +-- +2.5.0 + diff --git a/vsftpd-2.1.0-userlist_log.patch b/vsftpd-2.1.0-userlist_log.patch index b435724..b855ca7 100644 --- a/vsftpd-2.1.0-userlist_log.patch +++ b/vsftpd-2.1.0-userlist_log.patch @@ -1,7 +1,23 @@ -diff -up vsftpd-2.1.0/logging.c.userlist_log vsftpd-2.1.0/logging.c ---- vsftpd-2.1.0/logging.c.userlist_log 2008-12-17 20:56:45.000000000 +0100 -+++ vsftpd-2.1.0/logging.c 2009-02-24 09:12:42.000000000 +0100 -@@ -95,6 +95,13 @@ vsf_log_line(struct vsf_session* p_sess, +From 2f563a92cf4c12d8a37e413ffdc14a7eb4637c03 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 17 Mar 2016 11:44:45 +0100 +Subject: [PATCH 08/26] Applied vsftpd-2.1.0-userlist_log.patch + +--- + logging.c | 7 +++++++ + logging.h | 11 +++++++++++ + parseconf.c | 1 + + prelogin.c | 14 ++++++++++++++ + tunables.c | 2 ++ + tunables.h | 1 + + vsftpd.conf.5 | 8 ++++++++ + 7 files changed, 44 insertions(+) + +diff --git a/logging.c b/logging.c +index ad531d6..99671b4 100644 +--- a/logging.c ++++ b/logging.c +@@ -103,6 +103,13 @@ vsf_log_line(struct vsf_session* p_sess, enum EVSFLogEntryType what, vsf_log_common(p_sess, 1, what, p_str); } @@ -15,10 +31,11 @@ diff -up vsftpd-2.1.0/logging.c.userlist_log vsftpd-2.1.0/logging.c int vsf_log_entry_pending(struct vsf_session* p_sess) { -diff -up vsftpd-2.1.0/logging.h.userlist_log vsftpd-2.1.0/logging.h ---- vsftpd-2.1.0/logging.h.userlist_log 2008-07-30 03:29:21.000000000 +0200 -+++ vsftpd-2.1.0/logging.h 2009-02-24 09:12:42.000000000 +0100 -@@ -80,5 +80,16 @@ void vsf_log_do_log(struct vsf_session* +diff --git a/logging.h b/logging.h +index 48f88ec..1ff57d1 100644 +--- a/logging.h ++++ b/logging.h +@@ -80,5 +80,16 @@ void vsf_log_do_log(struct vsf_session* p_sess, int succeeded); void vsf_log_line(struct vsf_session* p_sess, enum EVSFLogEntryType what, struct mystr* p_str); @@ -35,10 +52,11 @@ diff -up vsftpd-2.1.0/logging.h.userlist_log vsftpd-2.1.0/logging.h + #endif /* VSF_LOGGING_H */ -diff -up vsftpd-2.1.0/parseconf.c.userlist_log vsftpd-2.1.0/parseconf.c ---- vsftpd-2.1.0/parseconf.c.userlist_log 2008-12-18 07:21:41.000000000 +0100 -+++ vsftpd-2.1.0/parseconf.c 2009-02-24 09:12:42.000000000 +0100 -@@ -96,6 +96,7 @@ parseconf_bool_array[] = +diff --git a/parseconf.c b/parseconf.c +index ea2242b..385afd2 100644 +--- a/parseconf.c ++++ b/parseconf.c +@@ -91,6 +91,7 @@ parseconf_bool_array[] = { "mdtm_write", &tunable_mdtm_write }, { "lock_upload_files", &tunable_lock_upload_files }, { "pasv_addr_resolve", &tunable_pasv_addr_resolve }, @@ -46,10 +64,11 @@ diff -up vsftpd-2.1.0/parseconf.c.userlist_log vsftpd-2.1.0/parseconf.c { "debug_ssl", &tunable_debug_ssl }, { "require_cert", &tunable_require_cert }, { "validate_cert", &tunable_validate_cert }, -diff -up vsftpd-2.1.0/prelogin.c.userlist_log vsftpd-2.1.0/prelogin.c ---- vsftpd-2.1.0/prelogin.c.userlist_log 2009-02-18 23:23:53.000000000 +0100 -+++ vsftpd-2.1.0/prelogin.c 2009-02-24 09:17:41.000000000 +0100 -@@ -220,6 +220,20 @@ handle_user_command(struct vsf_session* +diff --git a/prelogin.c b/prelogin.c +index df4aade..1588bc1 100644 +--- a/prelogin.c ++++ b/prelogin.c +@@ -246,6 +246,20 @@ handle_user_command(struct vsf_session* p_sess) check_login_delay(); vsf_cmdio_write(p_sess, FTP_LOGINERR, "Permission denied."); check_login_fails(p_sess); @@ -70,9 +89,10 @@ diff -up vsftpd-2.1.0/prelogin.c.userlist_log vsftpd-2.1.0/prelogin.c str_empty(&p_sess->user_str); return; } -diff -up vsftpd-2.1.0/tunables.c.userlist_log vsftpd-2.1.0/tunables.c ---- vsftpd-2.1.0/tunables.c.userlist_log 2009-02-24 09:12:42.000000000 +0100 -+++ vsftpd-2.1.0/tunables.c 2009-02-24 09:12:42.000000000 +0100 +diff --git a/tunables.c b/tunables.c +index 0ac4c34..b30fca1 100644 +--- a/tunables.c ++++ b/tunables.c @@ -72,6 +72,7 @@ int tunable_force_anon_data_ssl; int tunable_mdtm_write; int tunable_lock_upload_files; @@ -81,7 +101,7 @@ diff -up vsftpd-2.1.0/tunables.c.userlist_log vsftpd-2.1.0/tunables.c int tunable_debug_ssl; int tunable_require_cert; int tunable_validate_cert; -@@ -206,6 +207,7 @@ tunables_load_defaults() +@@ -212,6 +213,7 @@ tunables_load_defaults() tunable_mdtm_write = 1; tunable_lock_upload_files = 1; tunable_pasv_addr_resolve = 0; @@ -89,10 +109,11 @@ diff -up vsftpd-2.1.0/tunables.c.userlist_log vsftpd-2.1.0/tunables.c tunable_debug_ssl = 0; tunable_require_cert = 0; tunable_validate_cert = 0; -diff -up vsftpd-2.1.0/tunables.h.userlist_log vsftpd-2.1.0/tunables.h ---- vsftpd-2.1.0/tunables.h.userlist_log 2008-12-17 06:47:11.000000000 +0100 -+++ vsftpd-2.1.0/tunables.h 2009-02-24 09:12:42.000000000 +0100 -@@ -73,6 +73,7 @@ extern int tunable_force_anon_data_ssl; +diff --git a/tunables.h b/tunables.h +index 05d2456..e44d64c 100644 +--- a/tunables.h ++++ b/tunables.h +@@ -73,6 +73,7 @@ extern int tunable_force_anon_data_ssl; /* Require anon data uses SSL */ extern int tunable_mdtm_write; /* Allow MDTM to set timestamps */ extern int tunable_lock_upload_files; /* Lock uploading files */ extern int tunable_pasv_addr_resolve; /* DNS resolve pasv_addr */ @@ -100,10 +121,11 @@ diff -up vsftpd-2.1.0/tunables.h.userlist_log vsftpd-2.1.0/tunables.h extern int tunable_debug_ssl; /* Verbose SSL logging */ extern int tunable_require_cert; /* SSL client cert required */ extern int tunable_validate_cert; /* SSL certs must be valid */ -diff -up vsftpd-2.1.0/vsftpd.conf.5.userlist_log vsftpd-2.1.0/vsftpd.conf.5 ---- vsftpd-2.1.0/vsftpd.conf.5.userlist_log 2009-02-24 09:12:42.000000000 +0100 -+++ vsftpd-2.1.0/vsftpd.conf.5 2009-02-24 09:12:42.000000000 +0100 -@@ -585,6 +585,14 @@ Self-signed certs do not constitute OK v +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index 5e46a2f..9d767b1 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -588,6 +588,14 @@ Self-signed certs do not constitute OK validation. (New in v2.0.6). Default: NO .TP @@ -118,3 +140,6 @@ diff -up vsftpd-2.1.0/vsftpd.conf.5.userlist_log vsftpd-2.1.0/vsftpd.conf.5 .B virtual_use_local_privs If enabled, virtual users will use the same privileges as local users. By default, virtual users will use the same privileges as anonymous users, which +-- +2.5.0 + diff --git a/vsftpd-2.1.1-daemonize_plus.patch b/vsftpd-2.1.1-daemonize_plus.patch index 5f89068..d9d7e04 100644 --- a/vsftpd-2.1.1-daemonize_plus.patch +++ b/vsftpd-2.1.1-daemonize_plus.patch @@ -1,6 +1,18 @@ -diff -up vsftpd-2.1.1/standalone.c.daemonize_plus vsftpd-2.1.1/standalone.c ---- vsftpd-2.1.1/standalone.c.daemonize_plus 2009-05-10 22:11:24.000000000 +0200 -+++ vsftpd-2.1.1/standalone.c 2009-05-10 22:11:24.000000000 +0200 +From 662531f296a0b7341e4e6817e084585a7e7a1d87 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 17 Mar 2016 11:44:45 +0100 +Subject: [PATCH 10/26] Applied vsftpd-2.1.1-daemonize_plus.patch + +--- + standalone.c | 38 +++++++++++++++++++++++++++++++++++++- + sysutil.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + sysutil.h | 7 ++++++- + 3 files changed, 102 insertions(+), 2 deletions(-) + +diff --git a/standalone.c b/standalone.c +index e0f2d5b..3b65ea2 100644 +--- a/standalone.c ++++ b/standalone.c @@ -26,6 +26,8 @@ static unsigned int s_ipaddr_size; static void handle_sigchld(void* duff); @@ -35,7 +47,7 @@ diff -up vsftpd-2.1.1/standalone.c.daemonize_plus vsftpd-2.1.1/standalone.c } /* Son, close standard FDs to avoid SSH hang-on-exit */ vsf_sysutil_reopen_standard_fds(); -@@ -98,6 +112,10 @@ vsf_standalone_main(void) +@@ -99,6 +113,10 @@ vsf_standalone_main(void) { die("could not bind listening IPv4 socket"); } @@ -46,7 +58,7 @@ diff -up vsftpd-2.1.1/standalone.c.daemonize_plus vsftpd-2.1.1/standalone.c } else { -@@ -127,6 +145,10 @@ vsf_standalone_main(void) +@@ -129,6 +147,10 @@ vsf_standalone_main(void) { die("could not bind listening IPv6 socket"); } @@ -57,7 +69,7 @@ diff -up vsftpd-2.1.1/standalone.c.daemonize_plus vsftpd-2.1.1/standalone.c } vsf_sysutil_close(0); vsf_sysutil_close(1); -@@ -252,6 +274,20 @@ handle_sighup(void* duff) +@@ -268,6 +290,20 @@ handle_sighup(void* duff) vsf_parseconf_load_file(0, 0); } @@ -78,10 +90,11 @@ diff -up vsftpd-2.1.1/standalone.c.daemonize_plus vsftpd-2.1.1/standalone.c static unsigned int hash_ip(unsigned int buckets, void* p_key) { -diff -up vsftpd-2.1.1/sysutil.c.daemonize_plus vsftpd-2.1.1/sysutil.c ---- vsftpd-2.1.1/sysutil.c.daemonize_plus 2009-05-10 22:11:24.000000000 +0200 -+++ vsftpd-2.1.1/sysutil.c 2009-05-10 22:11:59.000000000 +0200 -@@ -202,6 +202,9 @@ vsf_sysutil_translate_sig(const enum EVS +diff --git a/sysutil.c b/sysutil.c +index 428a34a..c848356 100644 +--- a/sysutil.c ++++ b/sysutil.c +@@ -201,6 +201,9 @@ vsf_sysutil_translate_sig(const enum EVSFSysUtilSignal sig) case kVSFSysUtilSigHUP: realsig = SIGHUP; break; @@ -91,7 +104,7 @@ diff -up vsftpd-2.1.1/sysutil.c.daemonize_plus vsftpd-2.1.1/sysutil.c default: bug("unknown signal in vsf_sysutil_translate_sig"); break; -@@ -539,6 +542,12 @@ vsf_sysutil_getpid(void) +@@ -549,6 +552,12 @@ vsf_sysutil_getpid(void) return (unsigned int) s_current_pid; } @@ -104,7 +117,7 @@ diff -up vsftpd-2.1.1/sysutil.c.daemonize_plus vsftpd-2.1.1/sysutil.c int vsf_sysutil_fork(void) { -@@ -2807,3 +2816,53 @@ vsf_sysutil_set_no_fds() +@@ -2871,3 +2880,53 @@ vsf_sysutil_post_fork() s_sig_details[i].pending = 0; } } @@ -158,10 +171,11 @@ diff -up vsftpd-2.1.1/sysutil.c.daemonize_plus vsftpd-2.1.1/sysutil.c +{ + return pause(); +} -diff -up vsftpd-2.1.1/sysutil.h.daemonize_plus vsftpd-2.1.1/sysutil.h ---- vsftpd-2.1.1/sysutil.h.daemonize_plus 2009-05-10 22:11:24.000000000 +0200 -+++ vsftpd-2.1.1/sysutil.h 2009-05-10 22:11:24.000000000 +0200 -@@ -29,7 +29,8 @@ enum EVSFSysUtilSignal +diff --git a/sysutil.h b/sysutil.h +index c2ddd15..bfc92cb 100644 +--- a/sysutil.h ++++ b/sysutil.h +@@ -30,7 +30,8 @@ enum EVSFSysUtilSignal kVSFSysUtilSigCHLD, kVSFSysUtilSigPIPE, kVSFSysUtilSigURG, @@ -171,7 +185,7 @@ diff -up vsftpd-2.1.1/sysutil.h.daemonize_plus vsftpd-2.1.1/sysutil.h }; enum EVSFSysUtilInterruptContext { -@@ -165,6 +165,7 @@ void vsf_sysutil_free(void* p_ptr); +@@ -165,6 +166,7 @@ void vsf_sysutil_free(void* p_ptr); /* Process creation/exit/process handling */ unsigned int vsf_sysutil_getpid(void); @@ -189,3 +203,6 @@ diff -up vsftpd-2.1.1/sysutil.h.daemonize_plus vsftpd-2.1.1/sysutil.h /* Various string functions */ unsigned int vsf_sysutil_strlen(const char* p_text); +-- +2.5.0 + diff --git a/vsftpd-2.2.0-wildchar.patch b/vsftpd-2.2.0-wildchar.patch index ca8480e..88c934b 100644 --- a/vsftpd-2.2.0-wildchar.patch +++ b/vsftpd-2.2.0-wildchar.patch @@ -1,7 +1,17 @@ -diff -up vsftpd-2.3.2/ls.c.tmp vsftpd-2.3.2/ls.c ---- vsftpd-2.3.2/ls.c.tmp 2010-08-20 13:18:54.397583558 +0200 -+++ vsftpd-2.3.2/ls.c 2010-08-20 13:14:59.047831385 +0200 -@@ -305,6 +305,20 @@ vsf_filename_passes_filter(const struct +From 46b1cacac22d4c5f0b7695579860f7ecc28d3efb Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 17 Mar 2016 11:44:45 +0100 +Subject: [PATCH 11/26] Applied vsftpd-2.2.0-wildchar.patch + +--- + ls.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/ls.c b/ls.c +index e9302dd..92be544 100644 +--- a/ls.c ++++ b/ls.c +@@ -311,6 +311,20 @@ vsf_filename_passes_filter(const struct mystr* p_filename_str, { goto out; } @@ -22,3 +32,6 @@ diff -up vsftpd-2.3.2/ls.c.tmp vsftpd-2.3.2/ls.c /* Chop matched string out of remainder */ str_mid_to_end(&name_remain_str, &temp_str, indexx + str_getlen(&s_match_needed_str)); +-- +2.5.0 + diff --git a/vsftpd-2.2.2-clone.patch b/vsftpd-2.2.2-clone.patch index b2a275f..82b8db7 100644 --- a/vsftpd-2.2.2-clone.patch +++ b/vsftpd-2.2.2-clone.patch @@ -1,7 +1,17 @@ -diff -up vsftpd-2.2.2/sysdeputil.c.clone vsftpd-2.2.2/sysdeputil.c ---- vsftpd-2.2.2/sysdeputil.c.clone 2010-05-13 13:26:32.099358732 +0200 -+++ vsftpd-2.2.2/sysdeputil.c 2010-05-13 13:26:43.894359985 +0200 -@@ -1279,7 +1279,7 @@ vsf_sysutil_fork_isolate_failok() +From 1220fb187aa6b114ae4877fd74a42979d580d8ef Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 17 Mar 2016 11:44:45 +0100 +Subject: [PATCH 12/26] Applied vsftpd-2.2.2-clone.patch + +--- + sysdeputil.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/sysdeputil.c b/sysdeputil.c +index b2782da..3bbabaa 100644 +--- a/sysdeputil.c ++++ b/sysdeputil.c +@@ -1306,7 +1306,7 @@ vsf_sysutil_fork_isolate_failok() static int cloneflags_work = 1; if (cloneflags_work) { @@ -10,7 +20,7 @@ diff -up vsftpd-2.2.2/sysdeputil.c.clone vsftpd-2.2.2/sysdeputil.c if (ret != -1 || (errno != EINVAL && errno != EPERM)) { if (ret == 0) -@@ -1301,7 +1301,7 @@ vsf_sysutil_fork_newnet() +@@ -1328,7 +1328,7 @@ vsf_sysutil_fork_newnet() static int cloneflags_work = 1; if (cloneflags_work) { @@ -19,3 +29,6 @@ diff -up vsftpd-2.2.2/sysdeputil.c.clone vsftpd-2.2.2/sysdeputil.c if (ret != -1 || (errno != EINVAL && errno != EPERM)) { if (ret == 0) +-- +2.5.0 + diff --git a/vsftpd-2.2.2-nfs-fail.patch b/vsftpd-2.2.2-nfs-fail.patch new file mode 100644 index 0000000..73c5f64 --- /dev/null +++ b/vsftpd-2.2.2-nfs-fail.patch @@ -0,0 +1,1501 @@ +From d30fce5908a608a93a30e276d01050c32d8f1542 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 17 Mar 2016 11:59:28 +0100 +Subject: [PATCH 25/26] Applied vsftpd-2.2.2-nfs-fail.patch + +--- + ftpcodes.h | 1 + + postlogin.c | 32 +- + sysutil.c | 21 + + sysutil.h | 1 + + tags | 1349 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 5 files changed, 1402 insertions(+), 2 deletions(-) + create mode 100644 tags + +diff --git a/ftpcodes.h b/ftpcodes.h +index 81e25c5..3950f92 100644 +--- a/ftpcodes.h ++++ b/ftpcodes.h +@@ -73,6 +73,7 @@ + #define FTP_NOHANDLEPROT 536 + #define FTP_FILEFAIL 550 + #define FTP_NOPERM 550 ++#define FTP_DISKQUOTA 552 + #define FTP_UPLOADFAIL 553 + + #endif /* VSF_FTPCODES_H */ +diff --git a/postlogin.c b/postlogin.c +index 29958c0..154c16a 100644 +--- a/postlogin.c ++++ b/postlogin.c +@@ -28,6 +28,8 @@ + #include "vsftpver.h" + #include "opts.h" + ++#include ++ + /* Private local functions */ + static void handle_pwd(struct vsf_session* p_sess); + static void handle_cwd(struct vsf_session* p_sess); +@@ -1028,8 +1030,10 @@ handle_upload_common(struct vsf_session* p_sess, int is_append, int is_unique) + struct vsf_transfer_ret trans_ret; + int new_file_fd; + int remote_fd; ++ int close_errno; + int success = 0; + int created = 0; ++ int closed = 0; + int do_truncate = 0; + filesize_t offset = p_sess->restart_pos; + p_sess->restart_pos = 0; +@@ -1142,6 +1146,18 @@ handle_upload_common(struct vsf_session* p_sess, int is_append, int is_unique) + trans_ret = vsf_ftpdataio_transfer_file(p_sess, remote_fd, + new_file_fd, 1, 0); + } ++ ++ /* Need to check close operation here because some errors ++ * like EIO, EDQUOT, ENOSPC can be detected only on close ++ * when using NFS ++ */ ++ close_errno = vsf_sysutil_close_errno(new_file_fd); ++ closed = 1; ++ if (close_errno != 0) ++ { ++ trans_ret.retval = -1; ++ } ++ + if (vsf_ftpdataio_dispose_transfer_fd(p_sess) != 1 && trans_ret.retval == 0) + { + trans_ret.retval = -2; +@@ -1154,7 +1170,16 @@ handle_upload_common(struct vsf_session* p_sess, int is_append, int is_unique) + } + if (trans_ret.retval == -1) + { +- vsf_cmdio_write(p_sess, FTP_BADSENDFILE, "Failure writing to local file."); ++ /* Disk quota exceeded */ ++ if (close_errno == EDQUOT) ++ { ++ vsf_cmdio_write(p_sess, FTP_DISKQUOTA, "Disk quota exceeded."); ++ } ++ /* any other local error */ ++ else ++ { ++ vsf_cmdio_write(p_sess, FTP_BADSENDFILE, "Failure writing to local file."); ++ } + } + else if (trans_ret.retval == -2) + { +@@ -1176,7 +1201,10 @@ port_pasv_cleanup_out: + { + str_unlink(p_filename); + } +- vsf_sysutil_close(new_file_fd); ++ if (!closed) ++ { ++ vsf_sysutil_close(new_file_fd); ++ } + } + + static void +diff --git a/sysutil.c b/sysutil.c +index a924edf..6dfe350 100644 +--- a/sysutil.c ++++ b/sysutil.c +@@ -1259,6 +1259,27 @@ vsf_sysutil_close(int fd) + } + + int ++vsf_sysutil_close_errno(int fd) ++{ ++ while (1) ++ { ++ int retval = close(fd); ++ if (retval != 0) ++ { ++ if (errno == EINTR) ++ { ++ vsf_sysutil_check_pending_actions(kVSFSysUtilUnknown, 0, 0); ++ continue; ++ } ++ else { ++ return errno; ++ } ++ } ++ return 0; ++ } ++} ++ ++int + vsf_sysutil_close_failok(int fd) + { + return close(fd); +diff --git a/sysutil.h b/sysutil.h +index c145bdf..26698cd 100644 +--- a/sysutil.h ++++ b/sysutil.h +@@ -92,6 +92,7 @@ int vsf_sysutil_create_or_open_file_append(const char* p_filename, + int vsf_sysutil_create_or_open_file(const char* p_filename, unsigned int mode); + void vsf_sysutil_dupfd2(int old_fd, int new_fd); + void vsf_sysutil_close(int fd); ++int vsf_sysutil_close_errno(int fd); + int vsf_sysutil_close_failok(int fd); + int vsf_sysutil_unlink(const char* p_dead); + int vsf_sysutil_write_access(const char* p_filename); +diff --git a/tags b/tags +new file mode 100644 +index 0000000..2afa58c +--- /dev/null ++++ b/tags +@@ -0,0 +1,1349 @@ ++!_TAG_FILE_FORMAT 2 /extended format; --format=1 will not append ;" to lines/ ++!_TAG_FILE_SORTED 1 /0=unsorted, 1=sorted, 2=foldcase/ ++!_TAG_PROGRAM_AUTHOR Darren Hiebert /dhiebert@users.sourceforge.net/ ++!_TAG_PROGRAM_NAME Exuberant Ctags // ++!_TAG_PROGRAM_URL http://ctags.sourceforge.net /official site/ ++!_TAG_PROGRAM_VERSION 5.8 // ++BUFTZSIZ sysutil.c 30;" d file: ++CC Makefile /^CC = gcc$/;" m ++CFLAGS Makefile /^CFLAGS = -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 \\$/;" m ++CLONE_NEWIPC sysdeputil.c 80;" d file: ++CLONE_NEWNET sysdeputil.c 83;" d file: ++CLONE_NEWPID sysdeputil.c 77;" d file: ++CMSG_ALIGN port/cmsg_extras.h 9;" d ++CMSG_LEN port/cmsg_extras.h 19;" d ++CMSG_SPACE port/cmsg_extras.h 14;" d ++DH_get_dh ssl.c /^ DH_get_dh(int size)$/;" f ++DH_get_prime ssl.c /^ DH_get_prime(int bits)$/;" f ++DIE_DEBUG utility.c 13;" d file: ++ESysdepCapabilities sysdeputil.h /^enum ESysdepCapabilities$/;" g ++EVSFLogEntryType logging.h /^enum EVSFLogEntryType$/;" g ++EVSFPrivopLoginResult privops.h /^enum EVSFPrivopLoginResult$/;" g ++EVSFRWTarget readwrite.h /^enum EVSFRWTarget$/;" g ++EVSFSysStrOpenMode sysstr.h /^enum EVSFSysStrOpenMode$/;" g ++EVSFSysUtilError sysutil.h /^enum EVSFSysUtilError$/;" g ++EVSFSysUtilInterruptContext sysutil.h /^enum EVSFSysUtilInterruptContext$/;" g ++EVSFSysUtilMapPermission sysutil.h /^enum EVSFSysUtilMapPermission$/;" g ++EVSFSysUtilOpenMode sysutil.h /^enum EVSFSysUtilOpenMode$/;" g ++EVSFSysUtilSignal sysutil.h /^enum EVSFSysUtilSignal$/;" g ++FTP_ABOROK ftpcodes.h 31;" d ++FTP_ABOR_NOCONN ftpcodes.h 29;" d ++FTP_ALLOOK ftpcodes.h 18;" d ++FTP_AUTHOK ftpcodes.h 35;" d ++FTP_BADAUTH ftpcodes.h 67;" d ++FTP_BADCMD ftpcodes.h 58;" d ++FTP_BADMODE ftpcodes.h 66;" d ++FTP_BADOPTS ftpcodes.h 59;" d ++FTP_BADPBSZ ftpcodes.h 63;" d ++FTP_BADPROT ftpcodes.h 64;" d ++FTP_BADSENDCONN ftpcodes.h 53;" d ++FTP_BADSENDFILE ftpcodes.h 56;" d ++FTP_BADSENDNET ftpcodes.h 54;" d ++FTP_BADSTRU ftpcodes.h 65;" d ++FTP_CHMODOK ftpcodes.h 11;" d ++FTP_COMMANDNOTIMPL ftpcodes.h 60;" d ++FTP_CWDOK ftpcodes.h 36;" d ++FTP_DATACONN ftpcodes.h 4;" d ++FTP_DATATLSBAD ftpcodes.h 71;" d ++FTP_DATA_TIMEOUT ftpcodes.h 48;" d ++FTP_DELEOK ftpcodes.h 38;" d ++FTP_EPRTOK ftpcodes.h 9;" d ++FTP_EPSVALLOK ftpcodes.h 12;" d ++FTP_EPSVBAD ftpcodes.h 70;" d ++FTP_EPSVOK ftpcodes.h 33;" d ++FTP_FEAT ftpcodes.h 19;" d ++FTP_FILEFAIL ftpcodes.h 74;" d ++FTP_FILETMPFAIL ftpcodes.h 55;" d ++FTP_GIVEPWORD ftpcodes.h 43;" d ++FTP_GOODBYE ftpcodes.h 28;" d ++FTP_GREET ftpcodes.h 27;" d ++FTP_HELP ftpcodes.h 25;" d ++FTP_IDLE_TIMEOUT ftpcodes.h 47;" d ++FTP_IP_DENY ftpcodes.h 51;" d ++FTP_IP_LIMIT ftpcodes.h 50;" d ++FTP_LOGINERR ftpcodes.h 72;" d ++FTP_LOGINOK ftpcodes.h 34;" d ++FTP_MDTMOK ftpcodes.h 22;" d ++FTP_MKDIROK ftpcodes.h 41;" d ++FTP_MODEOK ftpcodes.h 14;" d ++FTP_NEEDENCRYPT ftpcodes.h 69;" d ++FTP_NEEDRNFR ftpcodes.h 62;" d ++FTP_NEEDUSER ftpcodes.h 61;" d ++FTP_NOHANDLEPROT ftpcodes.h 73;" d ++FTP_NOOPOK ftpcodes.h 6;" d ++FTP_NOPERM ftpcodes.h 75;" d ++FTP_NOSUCHPROT ftpcodes.h 68;" d ++FTP_OPTSOK ftpcodes.h 17;" d ++FTP_PASVOK ftpcodes.h 32;" d ++FTP_PBSZOK ftpcodes.h 15;" d ++FTP_PORTOK ftpcodes.h 8;" d ++FTP_PROTOK ftpcodes.h 16;" d ++FTP_PWDOK ftpcodes.h 40;" d ++FTP_RENAMEOK ftpcodes.h 39;" d ++FTP_RESTOK ftpcodes.h 44;" d ++FTP_RMDIROK ftpcodes.h 37;" d ++FTP_RNFROK ftpcodes.h 45;" d ++FTP_SITEHELP ftpcodes.h 24;" d ++FTP_SIZEOK ftpcodes.h 21;" d ++FTP_STATFILE_OK ftpcodes.h 23;" d ++FTP_STATOK ftpcodes.h 20;" d ++FTP_STRUOK ftpcodes.h 13;" d ++FTP_SYSTOK ftpcodes.h 26;" d ++FTP_TLS_FAIL ftpcodes.h 52;" d ++FTP_TOO_MANY_USERS ftpcodes.h 49;" d ++FTP_TRANSFEROK ftpcodes.h 30;" d ++FTP_TYPEOK ftpcodes.h 7;" d ++FTP_UMASKOK ftpcodes.h 10;" d ++FTP_UPLOADFAIL ftpcodes.h 76;" d ++F_LOCALTIME sysutil.c 29;" d file: ++IFLAGS Makefile /^IFLAGS = -idirafter dummyinc$/;" m ++INIT_MYSTR str.h 18;" d ++INIT_STRLIST strlist.h 15;" d ++INSTALL Makefile /^INSTALL = install$/;" m ++LDFLAGS Makefile /^LDFLAGS = -fPIE -pie -Wl,-z,relro -Wl,-z,now$/;" m ++LIBS Makefile /^LIBS = -lwrap -lnsl -lpam -lcap -ldl -lcrypto$/;" m ++LINK Makefile /^LINK = -Wl,-s$/;" m ++MAP_ANON port/hpux_bogons.h 10;" d ++MAP_FAILED port/hpux_bogons.h 16;" d ++MAX_SYSCALL ptracesandbox.c 87;" d file: ++OBJS Makefile /^OBJS = main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o \\$/;" m ++O_CLOEXEC seccompsandbox.c 57;" d file: ++O_DIRECT ptracesandbox.c 74;" d file: ++O_DIRECTORY seccompsandbox.c 53;" d file: ++O_LARGEFILE seccompsandbox.c 49;" d file: ++PRIVATE_HANDS_OFF_alloc_bytes str.c 16;" d file: ++PRIVATE_HANDS_OFF_alloc_bytes str.h /^ unsigned int PRIVATE_HANDS_OFF_alloc_bytes;$/;" m struct:mystr ++PRIVATE_HANDS_OFF_alloc_len strlist.c 9;" d file: ++PRIVATE_HANDS_OFF_alloc_len strlist.h /^ unsigned int PRIVATE_HANDS_OFF_alloc_len;$/;" m struct:mystr_list ++PRIVATE_HANDS_OFF_exit_status sysutil.c 14;" d file: ++PRIVATE_HANDS_OFF_exit_status sysutil.h /^ int PRIVATE_HANDS_OFF_exit_status;$/;" m struct:vsf_sysutil_wait_retval ++PRIVATE_HANDS_OFF_len str.c 15;" d file: ++PRIVATE_HANDS_OFF_len str.h /^ unsigned int PRIVATE_HANDS_OFF_len;$/;" m struct:mystr ++PRIVATE_HANDS_OFF_list_len strlist.c 10;" d file: ++PRIVATE_HANDS_OFF_list_len strlist.h /^ unsigned int PRIVATE_HANDS_OFF_list_len;$/;" m struct:mystr_list ++PRIVATE_HANDS_OFF_p_buf str.c 14;" d file: ++PRIVATE_HANDS_OFF_p_buf str.h /^ char* PRIVATE_HANDS_OFF_p_buf;$/;" m struct:mystr ++PRIVATE_HANDS_OFF_p_nodes strlist.c 11;" d file: ++PRIVATE_HANDS_OFF_p_nodes strlist.h /^ struct mystr_list_node* PRIVATE_HANDS_OFF_p_nodes;$/;" m struct:mystr_list typeref:struct:mystr_list::mystr_list_node ++PRIVATE_HANDS_OFF_syscall_retval sysutil.c 13;" d file: ++PRIVATE_HANDS_OFF_syscall_retval sysutil.h /^ int PRIVATE_HANDS_OFF_syscall_retval;$/;" m struct:vsf_sysutil_wait_retval ++PRIV_SOCK_CHOWN privsock.h 160;" d ++PRIV_SOCK_DO_SSL_CLOSE privsock.h 165;" d ++PRIV_SOCK_DO_SSL_HANDSHAKE privsock.h 164;" d ++PRIV_SOCK_DO_SSL_READ privsock.h 166;" d ++PRIV_SOCK_DO_SSL_WRITE privsock.h 167;" d ++PRIV_SOCK_GET_DATA_SOCK privsock.h 161;" d ++PRIV_SOCK_GET_USER_CMD privsock.h 162;" d ++PRIV_SOCK_LOGIN privsock.h 159;" d ++PRIV_SOCK_PASV_ACCEPT privsock.h 171;" d ++PRIV_SOCK_PASV_ACTIVE privsock.h 169;" d ++PRIV_SOCK_PASV_CLEANUP privsock.h 168;" d ++PRIV_SOCK_PASV_LISTEN privsock.h 170;" d ++PRIV_SOCK_RESULT_BAD privsock.h 174;" d ++PRIV_SOCK_RESULT_OK privsock.h 173;" d ++PRIV_SOCK_WRITE_USER_RESP privsock.h 163;" d ++PR_SET_NO_NEW_PRIVS seccompsandbox.c 41;" d file: ++PR_SET_SECCOMP seccompsandbox.c 37;" d file: ++PTRACE_O_TRACECLONE ptracesandbox.c 70;" d file: ++PTRACE_O_TRACEFORK ptracesandbox.c 62;" d file: ++PTRACE_O_TRACESYSGOOD ptracesandbox.c 58;" d file: ++PTRACE_O_TRACEVFORK ptracesandbox.c 66;" d file: ++PTRACE_SANDBOX_ERR_API_ABUSE_STOPIT ptracesandbox.h 261;" d ++PTRACE_SANDBOX_ERR_BAD_SYSCALL ptracesandbox.h 257;" d ++PTRACE_SANDBOX_ERR_DEAD ptracesandbox.h 247;" d ++PTRACE_SANDBOX_ERR_POLICY_ARGS ptracesandbox.h 259;" d ++PTRACE_SANDBOX_ERR_POLICY_SYSCALL ptracesandbox.h 255;" d ++PTRACE_SANDBOX_ERR_PTRACE ptracesandbox.h 249;" d ++PTRACE_SANDBOX_ERR_WAITPID ptracesandbox.h 251;" d ++PTRACE_SANDBOX_ERR_WAIT_STATUS ptracesandbox.h 253;" d ++PTRACE_SETOPTIONS ptracesandbox.c 54;" d file: ++SHUT_RD sysutil.c 1921;" d file: ++SHUT_RDWR sysutil.c 1911;" d file: ++UNUSED ssl.c 792;" d file: ++VSFTP_ASCII_H ascii.h 2;" d ++VSFTP_AS_LIMIT defs.h 22;" d ++VSFTP_COMMAND_FD defs.h 6;" d ++VSFTP_CONF_FILE_MAX defs.h 15;" d ++VSFTP_DATA_BUFSIZE defs.h 11;" d ++VSFTP_DEFAULT_CONFIG defs.h 4;" d ++VSFTP_DIR_BUFSIZE defs.h 12;" d ++VSFTP_HASH_H hash.h 2;" d ++VSFTP_LISTEN_BACKLOG defs.h 16;" d ++VSFTP_MATCHITERS_MAX defs.h 13;" d ++VSFTP_MAX_COMMAND_LINE defs.h 10;" d ++VSFTP_MAX_MSGFILE_SIZE banner.c 24;" d file: ++VSFTP_MAX_VISIT_REMEMBER banner.c 23;" d file: ++VSFTP_NETSTR_H netstr.h 2;" d ++VSFTP_PASSWORD_MAX defs.h 8;" d ++VSFTP_PATH_MAX defs.h 14;" d ++VSFTP_PRIVSOCK_MAXSTR defs.h 21;" d ++VSFTP_ROOT_UID defs.h 18;" d ++VSFTP_SECURE_UMASK defs.h 17;" d ++VSFTP_STRING_HELPER filestr.c 13;" d file: ++VSFTP_STR_H str.h 2;" d ++VSFTP_USERNAME_MAX defs.h 9;" d ++VSF_ACCESS_H access.h 2;" d ++VSF_AIX_BOGONS_H port/aix_bogons.h 2;" d ++VSF_BANNER_H banner.h 2;" d ++VSF_BUILDDEFS_H builddefs.h 2;" d ++VSF_BUILD_PAM builddefs.h 5;" d ++VSF_BUILD_SSL builddefs.h 6;" d ++VSF_BUILD_SSL dummyinc/openssl/ssl.h 4;" d ++VSF_BUILD_TCPWRAPPERS builddefs.h 4;" d ++VSF_CMSG_EXTRAS_H port/cmsg_extras.h 2;" d ++VSF_DEFS_H defs.h 2;" d ++VSF_DIRFD_EXTRAS_H port/dirfd_extras.h 2;" d ++VSF_DUMMYINC_CAPABILITY_H dummyinc/sys/capability.h 2;" d ++VSF_DUMMYINC_CRYPT_H dummyinc/crypt.h 2;" d ++VSF_DUMMYINC_PAM_APPL_H dummyinc/security/pam_appl.h 2;" d ++VSF_DUMMYINC_PRCTL_H dummyinc/sys/prctl.h 2;" d ++VSF_DUMMYINC_SENDFILE_H dummyinc/sys/sendfile.h 2;" d ++VSF_DUMMYINC_SHADOW_H dummyinc/shadow.h 2;" d ++VSF_DUMMYINC_SSL_H dummyinc/openssl/ssl.h 2;" d ++VSF_DUMMYINC_UTMPX_H dummyinc/utmpx.h 2;" d ++VSF_FEATURES_H features.h 2;" d ++VSF_FILESIZE_H filesize.h 2;" d ++VSF_FILESTR_H filestr.h 2;" d ++VSF_FTPCMDIO_H ftpcmdio.h 2;" d ++VSF_FTPCODES_H ftpcodes.h 2;" d ++VSF_FTPDATAIO_H ftpdataio.h 2;" d ++VSF_FTPPOLICY_H ftppolicy.h 2;" d ++VSF_HPUX_BOGONS_H port/hpux_bogons.h 2;" d ++VSF_IPADDRPARSE_H ipaddrparse.h 2;" d ++VSF_IRIX_BOGONS_H port/irix_bogons.h 2;" d ++VSF_LOGGING_H logging.h 2;" d ++VSF_LOGINPRIVPARENT_H postprivparent.h 2;" d ++VSF_LS_H ls.h 2;" d ++VSF_ONEPROCESS_H oneprocess.h 2;" d ++VSF_OPTS_H opts.h 2;" d ++VSF_PARSECONF_H parseconf.h 2;" d ++VSF_PORTINGJUNK_H port/porting_junk.h 2;" d ++VSF_POSTLOGIN_H postlogin.h 2;" d ++VSF_PRELOGIN_H prelogin.h 2;" d ++VSF_PRIVOPS_H privops.h 2;" d ++VSF_PRIVSOCK_H privsock.h 2;" d ++VSF_PTRACESANDBOX_H ptracesandbox.h 2;" d ++VSF_READWRITE_H readwrite.h 2;" d ++VSF_SECBUF_H secbuf.h 2;" d ++VSF_SECCOMPSANDBOX_H seccompsandbox.h 2;" d ++VSF_SECUTIL_H secutil.h 2;" d ++VSF_SECUTIL_OPTION_ALLOW_WRITEABLE_ROOT secutil.h 36;" d ++VSF_SECUTIL_OPTION_CHANGE_EUID secutil.h 30;" d ++VSF_SECUTIL_OPTION_CHROOT secutil.h 26;" d ++VSF_SECUTIL_OPTION_NO_FDS secutil.h 32;" d ++VSF_SECUTIL_OPTION_NO_PROCS secutil.h 34;" d ++VSF_SECUTIL_OPTION_USE_GROUPS secutil.h 28;" d ++VSF_SESSION_H session.h 2;" d ++VSF_SOLARIS_BOGONS_H port/solaris_bogons.h 2;" d ++VSF_SSLSLAVE_H sslslave.h 2;" d ++VSF_SSL_H ssl.h 2;" d ++VSF_STANDALONE_H standalone.h 2;" d ++VSF_STRLIST_H strlist.h 2;" d ++VSF_SYSDEPUTIL_H sysdeputil.h 2;" d ++VSF_SYSDEP_HAVE_AIX_SENDFILE sysdeputil.c 154;" d file: ++VSF_SYSDEP_HAVE_AIX_SENDFILE sysdeputil.c 52;" d file: ++VSF_SYSDEP_HAVE_CAPABILITIES sysdeputil.c 46;" d file: ++VSF_SYSDEP_HAVE_CAPABILITIES sysdeputil.c 95;" d file: ++VSF_SYSDEP_HAVE_FREEBSD_SENDFILE sysdeputil.c 108;" d file: ++VSF_SYSDEP_HAVE_FREEBSD_SENDFILE sysdeputil.c 50;" d file: ++VSF_SYSDEP_HAVE_HPUX_SENDFILE sysdeputil.c 126;" d file: ++VSF_SYSDEP_HAVE_HPUX_SENDFILE sysdeputil.c 51;" d file: ++VSF_SYSDEP_HAVE_HPUX_SETPROCTITLE sysdeputil.c 131;" d file: ++VSF_SYSDEP_HAVE_HPUX_SETPROCTITLE sysdeputil.c 55;" d file: ++VSF_SYSDEP_HAVE_LIBCAP dummyinc/sys/capability.h 4;" d ++VSF_SYSDEP_HAVE_LIBCAP sysdeputil.c 144;" d file: ++VSF_SYSDEP_HAVE_LIBCAP sysdeputil.c 149;" d file: ++VSF_SYSDEP_HAVE_LIBCAP sysdeputil.c 64;" d file: ++VSF_SYSDEP_HAVE_LINUX_CLONE sysdeputil.c 58;" d file: ++VSF_SYSDEP_HAVE_LINUX_CLONE sysdeputil.c 74;" d file: ++VSF_SYSDEP_HAVE_LINUX_SENDFILE sysdeputil.c 49;" d file: ++VSF_SYSDEP_HAVE_LINUX_SENDFILE sysdeputil.c 96;" d file: ++VSF_SYSDEP_HAVE_MAP_ANON sysdeputil.c 139;" d file: ++VSF_SYSDEP_HAVE_MAP_ANON sysdeputil.c 156;" d file: ++VSF_SYSDEP_HAVE_MAP_ANON sysdeputil.c 56;" d file: ++VSF_SYSDEP_HAVE_PAM dummyinc/security/pam_appl.h 4;" d ++VSF_SYSDEP_HAVE_PAM sysdeputil.c 151;" d file: ++VSF_SYSDEP_HAVE_PAM sysdeputil.c 60;" d file: ++VSF_SYSDEP_HAVE_SETKEEPCAPS sysdeputil.c 47;" d file: ++VSF_SYSDEP_HAVE_SETKEEPCAPS sysdeputil.c 98;" d file: ++VSF_SYSDEP_HAVE_SETPDEATHSIG sysdeputil.c 101;" d file: ++VSF_SYSDEP_HAVE_SETPDEATHSIG sysdeputil.c 48;" d file: ++VSF_SYSDEP_HAVE_SETPROCTITLE sysdeputil.c 109;" d file: ++VSF_SYSDEP_HAVE_SETPROCTITLE sysdeputil.c 114;" d file: ++VSF_SYSDEP_HAVE_SETPROCTITLE sysdeputil.c 153;" d file: ++VSF_SYSDEP_HAVE_SETPROCTITLE sysdeputil.c 53;" d file: ++VSF_SYSDEP_HAVE_SHADOW dummyinc/shadow.h 4;" d ++VSF_SYSDEP_HAVE_SHADOW sysdeputil.c 152;" d file: ++VSF_SYSDEP_HAVE_SHADOW sysdeputil.c 62;" d file: ++VSF_SYSDEP_HAVE_SOLARIS_SENDFILE dummyinc/sys/sendfile.h 4;" d ++VSF_SYSDEP_HAVE_SOLARIS_SENDFILE sysdeputil.c 168;" d file: ++VSF_SYSDEP_HAVE_USERSHELL sysdeputil.c 143;" d file: ++VSF_SYSDEP_HAVE_USERSHELL sysdeputil.c 148;" d file: ++VSF_SYSDEP_HAVE_USERSHELL sysdeputil.c 160;" d file: ++VSF_SYSDEP_HAVE_USERSHELL sysdeputil.c 63;" d file: ++VSF_SYSDEP_HAVE_UTMPX dummyinc/utmpx.h 4;" d ++VSF_SYSDEP_HAVE_UTMPX sysdeputil.c 119;" d file: ++VSF_SYSDEP_HAVE_UTMPX sysdeputil.c 133;" d file: ++VSF_SYSDEP_HAVE_UTMPX sysdeputil.c 150;" d file: ++VSF_SYSDEP_HAVE_UTMPX sysdeputil.c 65;" d file: ++VSF_SYSDEP_NEED_OLD_FD_PASSING sysdeputil.c 164;" d file: ++VSF_SYSDEP_NEED_OLD_FD_PASSING sysdeputil.c 57;" d file: ++VSF_SYSDEP_TRY_LINUX_SETPROCTITLE_HACK sysdeputil.c 155;" d file: ++VSF_SYSDEP_TRY_LINUX_SETPROCTITLE_HACK sysdeputil.c 54;" d file: ++VSF_SYSDEP_TRY_LINUX_SETPROCTITLE_HACK sysdeputil.c 91;" d file: ++VSF_SYSSTR_H sysstr.h 2;" d ++VSF_SYSUTIL_H sysutil.h 2;" d ++VSF_TCPWRAP_H tcpwrap.h 2;" d ++VSF_TRU64_BOGONS_H port/tru64_bogons.h 2;" d ++VSF_TUNABLES_H tunables.h 2;" d ++VSF_TWOPROCESS_H twoprocess.h 2;" d ++VSF_UTILITY_H utility.h 2;" d ++VSF_VERSION vsftpver.h 4;" d ++VSF_VERSION_H vsftpver.h 2;" d ++WTMPX_FILE sysdeputil.c 117;" d file: ++_FILE_OFFSET_BITS port/solaris_bogons.h 11;" d ++_FILE_OFFSET_BITS sysdeputil.c 27;" d file: ++_FILE_OFFSET_BITS sysutil.c 21;" d file: ++_LARGEFILE64_SOURCE port/solaris_bogons.h 13;" d ++_LARGEFILE64_SOURCE sysdeputil.c 29;" d file: ++_LARGEFILE64_SOURCE sysutil.c 23;" d file: ++_LARGEFILE_SOURCE port/solaris_bogons.h 12;" d ++_LARGEFILE_SOURCE sysdeputil.c 28;" d file: ++_LARGEFILE_SOURCE sysutil.c 22;" d file: ++_LARGE_FILES sysutil.c 24;" d file: ++_XPG4_2 port/solaris_bogons.h 5;" d ++__EXTENSIONS__ port/solaris_bogons.h 8;" d ++__FDMASK sysdeputil.c 198;" d file: ++__NFDBITS sysdeputil.c 197;" d file: ++__NR_exit_group ptracesandbox.c 43;" d file: ++__NR_openat seccompsandbox.c 45;" d file: ++__NR_sendfile64 ptracesandbox.c 39;" d file: ++__NR_utimes ptracesandbox.c 47;" d file: ++__USE_GNU sysdeputil.c 67;" d file: ++__USE_GNU sysutil.c 62;" d file: ++abor_received session.h /^ int abor_received;$/;" m struct:vsf_session ++allow_nr seccompsandbox.c /^allow_nr(int nr)$/;" f file: ++allow_nr_1_arg_mask seccompsandbox.c /^allow_nr_1_arg_mask(int nr, int arg, int val)$/;" f file: ++allow_nr_1_arg_match seccompsandbox.c /^allow_nr_1_arg_match(int nr, int arg, int val)$/;" f file: ++allow_nr_2_arg_mask_match seccompsandbox.c /^allow_nr_2_arg_mask_match(int nr, int arg1, int val1, int arg2, int val2)$/;" f file: ++allow_nr_2_arg_match seccompsandbox.c /^allow_nr_2_arg_match(int nr, int arg1, int val1, int arg2, int val2)$/;" f file: ++allow_nr_3_arg_match seccompsandbox.c /^allow_nr_3_arg_match(int nr, int arg1, int val1, int arg2, int val2, int arg3,$/;" f file: ++allow_severity tcpwrap.c /^int allow_severity = LOG_INFO;$/;" v ++anon_ftp_uid session.h /^ unsigned int anon_ftp_uid;$/;" m struct:vsf_session ++anon_pass_str session.h /^ struct mystr anon_pass_str;$/;" m struct:vsf_session typeref:struct:vsf_session::mystr ++anon_upload_chown_uid session.h /^ unsigned int anon_upload_chown_uid;$/;" m struct:vsf_session ++ascii_to_bin_ret ascii.h /^struct ascii_to_bin_ret$/;" s ++banned_email_str session.h /^ struct mystr banned_email_str;$/;" m struct:vsf_session typeref:struct:vsf_session::mystr ++banner_str session.h /^ struct mystr banner_str;$/;" m struct:vsf_session typeref:struct:vsf_session::mystr ++bin_to_ascii_ret ascii.h /^struct bin_to_ascii_ret$/;" s ++bio_callback ssl.c /^bio_callback($/;" f file: ++buckets hash.c /^ unsigned int buckets;$/;" m struct:hash file: ++bug utility.c /^bug(const char* p_text)$/;" f ++build_dir_line ls.c /^build_dir_line(struct mystr* p_str, const struct mystr* p_filename_str,$/;" f file: ++bw_rate_max session.h /^ unsigned int bw_rate_max;$/;" m struct:vsf_session ++bw_send_start_sec session.h /^ long bw_send_start_sec;$/;" m struct:vsf_session ++bw_send_start_usec session.h /^ long bw_send_start_usec;$/;" m struct:vsf_session ++calc_num_send ftpdataio.c /^calc_num_send(int file_fd, filesize_t init_offset)$/;" f file: ++calculate_chdir_dir twoprocess.c /^calculate_chdir_dir(int anon_login, struct mystr* p_userdir_str,$/;" f file: ++capset sysdeputil.c /^int capset(cap_user_header_t header, const cap_user_data_t data)$/;" f ++char_found str.h /^ char char_found;$/;" m struct:str_locate_result ++check_abor postlogin.c /^check_abor(struct vsf_session* p_sess)$/;" f file: ++check_limits prelogin.c /^check_limits(struct vsf_session* p_sess)$/;" f file: ++check_login_delay prelogin.c /^static void check_login_delay()$/;" f file: ++check_login_fails prelogin.c /^static void check_login_fails(struct vsf_session* p_sess)$/;" f file: ++child_fd session.h /^ int child_fd;$/;" m struct:vsf_session ++cmd_process_chown postprivparent.c /^cmd_process_chown(struct vsf_session* p_sess)$/;" f file: ++cmd_process_get_data_sock postprivparent.c /^cmd_process_get_data_sock(struct vsf_session* p_sess)$/;" f file: ++cmd_process_pasv_accept postprivparent.c /^cmd_process_pasv_accept(struct vsf_session* p_sess)$/;" f file: ++cmd_process_pasv_active postprivparent.c /^cmd_process_pasv_active(struct vsf_session* p_sess)$/;" f file: ++cmd_process_pasv_cleanup postprivparent.c /^cmd_process_pasv_cleanup(struct vsf_session* p_sess)$/;" f file: ++cmd_process_pasv_listen postprivparent.c /^cmd_process_pasv_listen(struct vsf_session* p_sess)$/;" f file: ++common_do_login twoprocess.c /^common_do_login(struct vsf_session* p_sess, const struct mystr* p_user_str,$/;" f file: ++connect_validator ftppolicy.c /^connect_validator(struct pt_sandbox* p_sandbox, void* p_arg)$/;" f file: ++control_cert_digest session.h /^ struct mystr control_cert_digest;$/;" m struct:vsf_session typeref:struct:vsf_session::mystr ++control_getline ftpcmdio.c /^control_getline(struct mystr* p_str, struct vsf_session* p_sess)$/;" f file: ++control_use_ssl session.h /^ int control_use_ssl;$/;" m struct:vsf_session ++data_fd session.h /^ int data_fd;$/;" m struct:vsf_session ++data_progress session.h /^ int data_progress;$/;" m struct:vsf_session ++data_timeout session.h /^ int data_timeout;$/;" m struct:vsf_session ++data_transfer_checks_ok postlogin.c /^data_transfer_checks_ok(struct vsf_session* p_sess)$/;" f file: ++data_use_ssl session.h /^ int data_use_ssl;$/;" m struct:vsf_session ++debug_str ssl.c /^static struct mystr debug_str;$/;" v typeref:struct:mystr file: ++deny_severity tcpwrap.c /^int deny_severity = LOG_WARNING;$/;" v ++die utility.c /^die(const char* p_text)$/;" f ++die2 utility.c /^die2(const char* p_text1, const char* p_text2)$/;" f ++die_unless_privileged main.c /^die_unless_privileged(void)$/;" f file: ++dirfd port/dirfd_extras.h 4;" d ++do_checkcap sysdeputil.c /^do_checkcap(void)$/;" f file: ++do_file_recv ftpdataio.c /^do_file_recv(struct vsf_session* p_sess, int file_fd, int is_ascii)$/;" f file: ++do_file_send_rwloop ftpdataio.c /^do_file_send_rwloop(struct vsf_session* p_sess, int file_fd, int is_ascii)$/;" f file: ++do_file_send_sendfile ftpdataio.c /^do_file_send_sendfile(struct vsf_session* p_sess, int net_fd, int file_fd,$/;" f file: ++do_sanity_checks main.c /^do_sanity_checks(void)$/;" f file: ++do_sendfile sysdeputil.c /^static int do_sendfile(const int out_fd, const int in_fd,$/;" f file: ++drop_all_privs twoprocess.c /^drop_all_privs(void)$/;" f file: ++drop_ip_count standalone.c /^drop_ip_count(void* p_raw_addr)$/;" f file: ++email_passwords_str session.h /^ struct mystr email_passwords_str;$/;" m struct:vsf_session typeref:struct:vsf_session::mystr ++emit_greeting prelogin.c /^emit_greeting(struct vsf_session* p_sess)$/;" f file: ++env_init main.c /^env_init(void)$/;" f file: ++epsv_all session.h /^ int epsv_all;$/;" m struct:vsf_session ++exitfunc_t sysutil.h /^typedef void (*exitfunc_t)(void);$/;" t ++filesize_t filesize.h /^typedef long long filesize_t;$/;" t ++find_func vsf_findlibs.sh /^find_func() { egrep $1 $2 >\/dev\/null; }$/;" f ++found str.h /^ int found;$/;" m struct:str_locate_result ++ftp_arg_str session.h /^ struct mystr ftp_arg_str;$/;" m struct:vsf_session typeref:struct:vsf_session::mystr ++ftp_cmd_str session.h /^ struct mystr ftp_cmd_str;$/;" m struct:vsf_session typeref:struct:vsf_session::mystr ++ftp_getline readwrite.c /^ftp_getline(struct vsf_session* p_sess, struct mystr* p_str, char* p_buf)$/;" f ++ftp_read_data readwrite.c /^ftp_read_data(struct vsf_session* p_sess, char* p_buf, unsigned int len)$/;" f ++ftp_write_data readwrite.c /^ftp_write_data(const struct vsf_session* p_sess, const char* p_buf,$/;" f ++ftp_write_str readwrite.c /^ftp_write_str(const struct vsf_session* p_sess, const struct mystr* p_str,$/;" f ++ftp_write_str_common ftpcmdio.c /^ftp_write_str_common(struct vsf_session* p_sess, int status, char sep,$/;" f file: ++ftp_write_text_common ftpcmdio.c /^ftp_write_text_common(struct vsf_session* p_sess, int status,$/;" f file: ++get_action ptracesandbox.c /^get_action(struct pt_sandbox* p_sandbox)$/;" f file: ++get_chunk_size ftpdataio.c /^get_chunk_size()$/;" f file: ++get_remote_transfer_fd postlogin.c /^get_remote_transfer_fd(struct vsf_session* p_sess, const char* p_status_msg)$/;" f file: ++get_ssl ssl.c /^get_ssl(struct vsf_session* p_sess, int fd)$/;" f file: ++get_ssl_error ssl.c /^get_ssl_error()$/;" f file: ++get_unique_filename postlogin.c /^get_unique_filename(struct mystr* p_outstr, const struct mystr* p_base_str)$/;" f file: ++getsockopt_validator ftppolicy.c /^getsockopt_validator(struct pt_sandbox* p_sandbox, void* p_arg)$/;" f file: ++guest_user_uid session.h /^ unsigned int guest_user_uid;$/;" m struct:vsf_session ++handle_alarm_timeout ftpcmdio.c /^handle_alarm_timeout(void* p_private)$/;" f file: ++handle_anonymous_login privops.c /^handle_anonymous_login(struct vsf_session* p_sess,$/;" f file: ++handle_appe postlogin.c /^handle_appe(struct vsf_session* p_sess)$/;" f file: ++handle_auth ssl.c /^handle_auth(struct vsf_session* p_sess)$/;" f ++handle_cdup postlogin.c /^handle_cdup(struct vsf_session* p_sess)$/;" f file: ++handle_cwd postlogin.c /^handle_cwd(struct vsf_session* p_sess)$/;" f file: ++handle_dele postlogin.c /^handle_dele(struct vsf_session* p_sess)$/;" f file: ++handle_dir_common postlogin.c /^handle_dir_common(struct vsf_session* p_sess, int full_details, int stat_cmd)$/;" f file: ++handle_eprt postlogin.c /^handle_eprt(struct vsf_session* p_sess)$/;" f file: ++handle_feat features.c /^handle_feat(struct vsf_session* p_sess)$/;" f ++handle_get prelogin.c /^handle_get(struct vsf_session* p_sess)$/;" f file: ++handle_help postlogin.c /^handle_help(struct vsf_session* p_sess)$/;" f file: ++handle_http postlogin.c /^handle_http(struct vsf_session* p_sess)$/;" f file: ++handle_io ftpdataio.c /^handle_io(int retval, int fd, void* p_private)$/;" f file: ++handle_ip_count standalone.c /^handle_ip_count(void* p_ipaddr)$/;" f file: ++handle_list postlogin.c /^handle_list(struct vsf_session* p_sess)$/;" f file: ++handle_local_login privops.c /^handle_local_login(struct vsf_session* p_sess,$/;" f file: ++handle_logged_in_pass postlogin.c /^static void handle_logged_in_pass(struct vsf_session* p_sess)$/;" f file: ++handle_logged_in_user postlogin.c /^static void handle_logged_in_user(struct vsf_session* p_sess)$/;" f file: ++handle_login privops.c /^handle_login(struct vsf_session* p_sess, struct mystr* p_user_str,$/;" f file: ++handle_mdtm postlogin.c /^handle_mdtm(struct vsf_session* p_sess)$/;" f file: ++handle_mkd postlogin.c /^handle_mkd(struct vsf_session* p_sess)$/;" f file: ++handle_nlst postlogin.c /^handle_nlst(struct vsf_session* p_sess)$/;" f file: ++handle_opts opts.c /^handle_opts(struct vsf_session* p_sess)$/;" f ++handle_pass_command prelogin.c /^handle_pass_command(struct vsf_session* p_sess)$/;" f file: ++handle_pasv postlogin.c /^handle_pasv(struct vsf_session* p_sess, int is_epsv)$/;" f file: ++handle_pbsz ssl.c /^handle_pbsz(struct vsf_session* p_sess)$/;" f ++handle_per_user_config twoprocess.c /^handle_per_user_config(const struct mystr* p_user_str)$/;" f file: ++handle_port postlogin.c /^handle_port(struct vsf_session* p_sess)$/;" f file: ++handle_prot ssl.c /^handle_prot(struct vsf_session* p_sess)$/;" f ++handle_pwd postlogin.c /^handle_pwd(struct vsf_session* p_sess)$/;" f file: ++handle_rest postlogin.c /^handle_rest(struct vsf_session* p_sess)$/;" f file: ++handle_retr postlogin.c /^handle_retr(struct vsf_session* p_sess, int is_http)$/;" f file: ++handle_rmd postlogin.c /^handle_rmd(struct vsf_session* p_sess)$/;" f file: ++handle_rnfr postlogin.c /^handle_rnfr(struct vsf_session* p_sess)$/;" f file: ++handle_rnto postlogin.c /^handle_rnto(struct vsf_session* p_sess)$/;" f file: ++handle_sigalrm ftpdataio.c /^handle_sigalrm(void* p_private)$/;" f file: ++handle_sigalrm standalone.c /^handle_sigalrm(int sig)$/;" f file: ++handle_sigchld ptracesandbox.c /^handle_sigchld(int sig)$/;" f ++handle_sigchld standalone.c /^handle_sigchld(void* duff)$/;" f file: ++handle_sigchld twoprocess.c /^handle_sigchld(void* duff)$/;" f file: ++handle_sighup standalone.c /^handle_sighup(void* duff)$/;" f file: ++handle_sigsys seccompsandbox.c /^handle_sigsys(int sig)$/;" f ++handle_sigterm twoprocess.c /^handle_sigterm(void* duff)$/;" f file: ++handle_sigurg postlogin.c /^handle_sigurg(void* p_private)$/;" f file: ++handle_sigusr1 standalone.c /^handle_sigusr1(int sig)$/;" f file: ++handle_site postlogin.c /^handle_site(struct vsf_session* p_sess)$/;" f file: ++handle_site_chmod postlogin.c /^handle_site_chmod(struct vsf_session* p_sess, struct mystr* p_arg_str)$/;" f file: ++handle_site_umask postlogin.c /^handle_site_umask(struct vsf_session* p_sess, struct mystr* p_arg_str)$/;" f file: ++handle_size postlogin.c /^handle_size(struct vsf_session* p_sess)$/;" f file: ++handle_stat postlogin.c /^handle_stat(struct vsf_session* p_sess)$/;" f file: ++handle_stat_file postlogin.c /^handle_stat_file(struct vsf_session* p_sess)$/;" f file: ++handle_stor postlogin.c /^handle_stor(struct vsf_session* p_sess)$/;" f file: ++handle_stou postlogin.c /^handle_stou(struct vsf_session* p_sess)$/;" f file: ++handle_type postlogin.c /^handle_type(struct vsf_session* p_sess)$/;" f file: ++handle_upload_common postlogin.c /^handle_upload_common(struct vsf_session* p_sess, int is_append, int is_unique)$/;" f file: ++handle_user_command prelogin.c /^handle_user_command(struct vsf_session* p_sess)$/;" f file: ++hash hash.c /^struct hash$/;" s file: ++hash_add_entry hash.c /^hash_add_entry(struct hash* p_hash, void* p_key, void* p_value)$/;" f ++hash_alloc hash.c /^hash_alloc(unsigned int buckets, unsigned int key_size,$/;" f ++hash_free_entry hash.c /^hash_free_entry(struct hash* p_hash, void* p_key)$/;" f ++hash_func hash.c /^ hashfunc_t hash_func;$/;" m struct:hash file: ++hash_get_bucket hash.c /^hash_get_bucket(struct hash* p_hash, void* p_key)$/;" f ++hash_get_node_by_key hash.c /^hash_get_node_by_key(struct hash* p_hash, void* p_key)$/;" f ++hash_ip standalone.c /^hash_ip(unsigned int buckets, void* p_key)$/;" f file: ++hash_lookup_entry hash.c /^hash_lookup_entry(struct hash* p_hash, void* p_key)$/;" f ++hash_node hash.c /^struct hash_node$/;" s file: ++hash_pid standalone.c /^hash_pid(unsigned int buckets, void* p_key)$/;" f file: ++hashfunc_t hash.h /^typedef unsigned int (*hashfunc_t)(unsigned int, void*);$/;" t ++home_str session.h /^ struct mystr home_str;$/;" m struct:vsf_session typeref:struct:vsf_session::mystr ++http_get_arg session.h /^ struct mystr http_get_arg;$/;" m struct:vsf_session typeref:struct:vsf_session::mystr ++idle_timeout session.h /^ int idle_timeout;$/;" m struct:vsf_session ++index str.h /^ unsigned int index;$/;" m struct:str_locate_result ++init_connection prelogin.c /^init_connection(struct vsf_session* p_sess)$/;" f ++init_data_sock_params ftpdataio.c /^init_data_sock_params(struct vsf_session* p_sess, int sock_fd)$/;" f file: ++install_socketcall ptracesandbox.c /^install_socketcall(struct pt_sandbox* p_sandbox)$/;" f file: ++install_str_setting tunables.c /^install_str_setting(const char* p_value, const char** p_storage)$/;" f ++ipv4_parse_dotquad ipaddrparse.c /^ipv4_parse_dotquad(struct mystr* p_out_str, const struct mystr* p_in_str)$/;" f file: ++ipv6_parse_hex ipaddrparse.c /^ipv6_parse_hex(struct mystr* p_out_str, const struct mystr* p_in_str)$/;" f file: ++ipv6_parse_main ipaddrparse.c /^ipv6_parse_main(struct mystr* p_out_str, const struct mystr* p_in_str)$/;" f file: ++is_allowed ptracesandbox.c /^ int is_allowed[MAX_SYSCALL];$/;" m struct:pt_sandbox file: ++is_anonymous session.h /^ int is_anonymous;$/;" m struct:vsf_session ++is_ascii session.h /^ int is_ascii;$/;" m struct:vsf_session ++is_exit ptracesandbox.c /^ int is_exit;$/;" m struct:pt_sandbox file: ++is_guest session.h /^ int is_guest;$/;" m struct:vsf_session ++is_http session.h /^ int is_http;$/;" m struct:vsf_session ++is_socketcall_allowed ptracesandbox.c /^ int is_socketcall_allowed[NPROTO];$/;" m struct:pt_sandbox file: ++kCapabilityCAP_CHOWN sysdeputil.h /^ kCapabilityCAP_CHOWN = 1,$/;" e enum:ESysdepCapabilities ++kCapabilityCAP_NET_BIND_SERVICE sysdeputil.h /^ kCapabilityCAP_NET_BIND_SERVICE = 2$/;" e enum:ESysdepCapabilities ++kMaxStrlist strlist.c /^static const unsigned int kMaxStrlist = 10 * 1000 * 1000;$/;" v file: ++kMaxSyscalls seccompsandbox.c 60;" d file: ++kOpenFlags seccompsandbox.c /^static const int kOpenFlags =$/;" v file: ++kVSFLogEntryChmod logging.h /^ kVSFLogEntryChmod,$/;" e enum:EVSFLogEntryType ++kVSFLogEntryConnection logging.h /^ kVSFLogEntryConnection,$/;" e enum:EVSFLogEntryType ++kVSFLogEntryDebug logging.h /^ kVSFLogEntryDebug,$/;" e enum:EVSFLogEntryType ++kVSFLogEntryDelete logging.h /^ kVSFLogEntryDelete,$/;" e enum:EVSFLogEntryType ++kVSFLogEntryDownload logging.h /^ kVSFLogEntryDownload,$/;" e enum:EVSFLogEntryType ++kVSFLogEntryFTPInput logging.h /^ kVSFLogEntryFTPInput,$/;" e enum:EVSFLogEntryType ++kVSFLogEntryFTPOutput logging.h /^ kVSFLogEntryFTPOutput,$/;" e enum:EVSFLogEntryType ++kVSFLogEntryLogin logging.h /^ kVSFLogEntryLogin,$/;" e enum:EVSFLogEntryType ++kVSFLogEntryMkdir logging.h /^ kVSFLogEntryMkdir,$/;" e enum:EVSFLogEntryType ++kVSFLogEntryNull logging.h /^ kVSFLogEntryNull = 1,$/;" e enum:EVSFLogEntryType ++kVSFLogEntryRename logging.h /^ kVSFLogEntryRename,$/;" e enum:EVSFLogEntryType ++kVSFLogEntryRmdir logging.h /^ kVSFLogEntryRmdir,$/;" e enum:EVSFLogEntryType ++kVSFLogEntryUpload logging.h /^ kVSFLogEntryUpload,$/;" e enum:EVSFLogEntryType ++kVSFLoginAnon privops.h /^ kVSFLoginAnon,$/;" e enum:EVSFPrivopLoginResult ++kVSFLoginFail privops.h /^ kVSFLoginFail,$/;" e enum:EVSFPrivopLoginResult ++kVSFLoginNull privops.h /^ kVSFLoginNull = 0,$/;" e enum:EVSFPrivopLoginResult ++kVSFLoginReal privops.h /^ kVSFLoginReal$/;" e enum:EVSFPrivopLoginResult ++kVSFRWControl readwrite.h /^ kVSFRWControl = 1,$/;" e enum:EVSFRWTarget ++kVSFRWData readwrite.h /^ kVSFRWData$/;" e enum:EVSFRWTarget ++kVSFSysStrOpenReadOnly sysstr.h /^ kVSFSysStrOpenReadOnly = 1$/;" e enum:EVSFSysStrOpenMode ++kVSFSysStrOpenUnknown sysstr.h /^ kVSFSysStrOpenUnknown = 0,$/;" e enum:EVSFSysStrOpenMode ++kVSFSysUtilErrACCES sysutil.h /^ kVSFSysUtilErrACCES,$/;" e enum:EVSFSysUtilError ++kVSFSysUtilErrADDRINUSE sysutil.h /^ kVSFSysUtilErrADDRINUSE,$/;" e enum:EVSFSysUtilError ++kVSFSysUtilErrAGAIN sysutil.h /^ kVSFSysUtilErrAGAIN$/;" e enum:EVSFSysUtilError ++kVSFSysUtilErrINTR sysutil.h /^ kVSFSysUtilErrINTR,$/;" e enum:EVSFSysUtilError ++kVSFSysUtilErrINVAL sysutil.h /^ kVSFSysUtilErrINVAL,$/;" e enum:EVSFSysUtilError ++kVSFSysUtilErrNOENT sysutil.h /^ kVSFSysUtilErrNOENT,$/;" e enum:EVSFSysUtilError ++kVSFSysUtilErrNOSYS sysutil.h /^ kVSFSysUtilErrNOSYS,$/;" e enum:EVSFSysUtilError ++kVSFSysUtilErrOPNOTSUPP sysutil.h /^ kVSFSysUtilErrOPNOTSUPP,$/;" e enum:EVSFSysUtilError ++kVSFSysUtilErrUnknown sysutil.h /^ kVSFSysUtilErrUnknown = 1,$/;" e enum:EVSFSysUtilError ++kVSFSysUtilIO sysutil.h /^ kVSFSysUtilIO$/;" e enum:EVSFSysUtilInterruptContext ++kVSFSysUtilMapProtNone sysutil.h /^ kVSFSysUtilMapProtNone$/;" e enum:EVSFSysUtilMapPermission ++kVSFSysUtilMapProtReadOnly sysutil.h /^ kVSFSysUtilMapProtReadOnly = 1,$/;" e enum:EVSFSysUtilMapPermission ++kVSFSysUtilOpenReadOnly sysutil.h /^ kVSFSysUtilOpenReadOnly = 1,$/;" e enum:EVSFSysUtilOpenMode ++kVSFSysUtilOpenReadWrite sysutil.h /^ kVSFSysUtilOpenReadWrite$/;" e enum:EVSFSysUtilOpenMode ++kVSFSysUtilOpenWriteOnly sysutil.h /^ kVSFSysUtilOpenWriteOnly,$/;" e enum:EVSFSysUtilOpenMode ++kVSFSysUtilSigALRM sysutil.h /^ kVSFSysUtilSigALRM = 1,$/;" e enum:EVSFSysUtilSignal ++kVSFSysUtilSigCHLD sysutil.h /^ kVSFSysUtilSigCHLD,$/;" e enum:EVSFSysUtilSignal ++kVSFSysUtilSigHUP sysutil.h /^ kVSFSysUtilSigHUP,$/;" e enum:EVSFSysUtilSignal ++kVSFSysUtilSigPIPE sysutil.h /^ kVSFSysUtilSigPIPE,$/;" e enum:EVSFSysUtilSignal ++kVSFSysUtilSigTERM sysutil.h /^ kVSFSysUtilSigTERM,$/;" e enum:EVSFSysUtilSignal ++kVSFSysUtilSigURG sysutil.h /^ kVSFSysUtilSigURG,$/;" e enum:EVSFSysUtilSignal ++kVSFSysUtilSigUSR1 sysutil.h /^ kVSFSysUtilSigUSR1$/;" e enum:EVSFSysUtilSignal ++kVSFSysUtilUnknown sysutil.h /^ kVSFSysUtilUnknown,$/;" e enum:EVSFSysUtilInterruptContext ++key_size hash.c /^ unsigned int key_size;$/;" m struct:hash file: ++last_was_cr ascii.h /^ int last_was_cr;$/;" m struct:ascii_to_bin_ret ++last_was_cr ascii.h /^ int last_was_cr;$/;" m struct:bin_to_ascii_ret ++limits_init main.c /^limits_init(void)$/;" f file: ++lo_const sysdeputil.c 312;" d file: ++lo_const sysdeputil.c 314;" d file: ++locate_library vsf_findlibs.sh /^locate_library() { [ ! "$1*" = "`echo $1*`" ]; }$/;" f ++lock_internal sysutil.c /^lock_internal(int fd, int lock_type)$/;" f file: ++log_start_sec session.h /^ long log_start_sec;$/;" m struct:vsf_session ++log_start_usec session.h /^ long log_start_usec;$/;" m struct:vsf_session ++log_str session.h /^ struct mystr log_str;$/;" m struct:vsf_session typeref:struct:vsf_session::mystr ++log_type session.h /^ unsigned long log_type;$/;" m struct:vsf_session ++login_fails session.h /^ unsigned int login_fails;$/;" m struct:vsf_session ++main main.c /^main(int argc, const char* argv[])$/;" f ++match_dh_bits ssl.c 62;" d file: ++maybe_log_shutdown_state ssl.c /^maybe_log_shutdown_state(struct vsf_session* p_sess)$/;" f file: ++maybe_log_ssl_error_state ssl.c /^maybe_log_ssl_error_state(struct vsf_session* p_sess, int ret)$/;" f file: ++minimize_privilege postprivparent.c /^minimize_privilege(struct vsf_session* p_sess)$/;" f file: ++mystr str.h /^struct mystr$/;" s ++mystr_list strlist.h /^struct mystr_list$/;" s ++mystr_list_node strlist.c /^struct mystr_list_node$/;" s file: ++num_children standalone.h /^ unsigned int num_children;$/;" m struct:vsf_client_launch ++num_clients session.h /^ unsigned int num_clients;$/;" m struct:vsf_session ++num_this_ip session.h /^ unsigned int num_this_ip;$/;" m struct:vsf_session ++num_this_ip standalone.h /^ unsigned int num_this_ip;$/;" m struct:vsf_client_launch ++one_process_start oneprocess.c /^one_process_start(void* p_arg)$/;" f file: ++p_buf ascii.h /^ char* p_buf;$/;" m struct:ascii_to_bin_ret ++p_control_line_buf session.h /^ char* p_control_line_buf;$/;" m struct:vsf_session ++p_control_ssl session.h /^ void* p_control_ssl;$/;" m struct:vsf_session ++p_data_ssl session.h /^ void* p_data_ssl;$/;" m struct:vsf_session ++p_key hash.c /^ void* p_key;$/;" m struct:hash_node file: ++p_local_addr session.h /^ struct vsf_sysutil_sockaddr* p_local_addr;$/;" m struct:vsf_session typeref:struct:vsf_session::vsf_sysutil_sockaddr ++p_next hash.c /^ struct hash_node* p_next;$/;" m struct:hash_node typeref:struct:hash_node::hash_node file: ++p_nodes hash.c /^ struct hash_node** p_nodes;$/;" m struct:hash typeref:struct:hash::hash_node file: ++p_port_sockaddr session.h /^ struct vsf_sysutil_sockaddr* p_port_sockaddr;$/;" m struct:vsf_session typeref:struct:vsf_session::vsf_sysutil_sockaddr ++p_prev hash.c /^ struct hash_node* p_prev;$/;" m struct:hash_node typeref:struct:hash_node::hash_node file: ++p_private sysutil.c /^ void* p_private;$/;" m struct:vsf_sysutil_sig_details file: ++p_remote_addr session.h /^ struct vsf_sysutil_sockaddr* p_remote_addr;$/;" m struct:vsf_session typeref:struct:vsf_session::vsf_sysutil_sockaddr ++p_setting_name parseconf.c /^ const char* p_setting_name;$/;" m struct:parseconf_bool_setting file: ++p_setting_name parseconf.c /^ const char* p_setting_name;$/;" m struct:parseconf_str_setting file: ++p_setting_name parseconf.c /^ const char* p_setting_name;$/;" m struct:parseconf_uint_setting file: ++p_ssl_ctx session.h /^ void* p_ssl_ctx;$/;" m struct:vsf_session ++p_value hash.c /^ void* p_value;$/;" m struct:hash_node file: ++p_variable parseconf.c /^ const char** p_variable;$/;" m struct:parseconf_str_setting file: ++p_variable parseconf.c /^ int* p_variable;$/;" m struct:parseconf_bool_setting file: ++p_variable parseconf.c /^ unsigned int* p_variable;$/;" m struct:parseconf_uint_setting file: ++p_visited_dir_list session.h /^ struct mystr_list* p_visited_dir_list;$/;" m struct:vsf_session typeref:struct:vsf_session::mystr_list ++pam_conv_func sysdeputil.c /^pam_conv_func(int nmsg, const struct pam_message** p_msg,$/;" f file: ++pam_item_t sysdeputil.c /^typedef lo_const void* pam_item_t;$/;" t file: ++parent_fd session.h /^ int parent_fd;$/;" m struct:vsf_session ++parse_username_password prelogin.c /^parse_username_password(struct vsf_session* p_sess)$/;" f file: ++parseconf_bool_array parseconf.c /^parseconf_bool_array[] =$/;" v typeref:struct:parseconf_bool_setting file: ++parseconf_bool_setting parseconf.c /^static struct parseconf_bool_setting$/;" s file: ++parseconf_str_array parseconf.c /^parseconf_str_array[] =$/;" v typeref:struct:parseconf_str_setting file: ++parseconf_str_setting parseconf.c /^static struct parseconf_str_setting$/;" s file: ++parseconf_uint_array parseconf.c /^parseconf_uint_array[] =$/;" v typeref:struct:parseconf_uint_setting file: ++parseconf_uint_setting parseconf.c /^static struct parseconf_uint_setting$/;" s file: ++pasv_active postlogin.c /^pasv_active(struct vsf_session* p_sess)$/;" f file: ++pasv_cleanup postlogin.c /^pasv_cleanup(struct vsf_session* p_sess)$/;" f file: ++pasv_listen_fd session.h /^ int pasv_listen_fd;$/;" m struct:vsf_session ++pending sysutil.c /^ volatile sig_atomic_t pending;$/;" m struct:vsf_sysutil_sig_details file: ++pid ptracesandbox.c /^ pid_t pid;$/;" m struct:pt_sandbox file: ++plain_peek_adapter readwrite.c /^plain_peek_adapter(struct vsf_session* p_sess, char* p_buf, unsigned int len)$/;" f file: ++plain_read_adapter readwrite.c /^plain_read_adapter(struct vsf_session* p_sess, char* p_buf, unsigned int len)$/;" f file: ++policy_setup ftppolicy.c /^policy_setup(struct pt_sandbox* p_sandbox, const struct vsf_session* p_sess)$/;" f ++port_active postlogin.c /^port_active(struct vsf_session* p_sess)$/;" f file: ++port_cleanup postlogin.c /^port_cleanup(struct vsf_session* p_sess)$/;" f file: ++prepare_child standalone.c /^prepare_child(int new_client_sock)$/;" f file: ++prepend_path_to_filename postlogin.c /^prepend_path_to_filename(struct mystr* p_str)$/;" f file: ++priv_sock_close privsock.c /^priv_sock_close(struct vsf_session* p_sess)$/;" f ++priv_sock_get_cmd privsock.c /^priv_sock_get_cmd(int fd)$/;" f ++priv_sock_get_int privsock.c /^priv_sock_get_int(int fd)$/;" f ++priv_sock_get_result privsock.c /^priv_sock_get_result(int fd)$/;" f ++priv_sock_get_str privsock.c /^priv_sock_get_str(int fd, struct mystr* p_dest)$/;" f ++priv_sock_init privsock.c /^priv_sock_init(struct vsf_session* p_sess)$/;" f ++priv_sock_recv_buf privsock.c /^priv_sock_recv_buf(int fd, char* p_buf, unsigned int len)$/;" f ++priv_sock_recv_fd privsock.c /^priv_sock_recv_fd(int fd)$/;" f ++priv_sock_send_buf privsock.c /^priv_sock_send_buf(int fd, const char* p_buf, unsigned int len)$/;" f ++priv_sock_send_cmd privsock.c /^priv_sock_send_cmd(int fd, char cmd)$/;" f ++priv_sock_send_fd privsock.c /^priv_sock_send_fd(int fd, int send_fd)$/;" f ++priv_sock_send_int privsock.c /^priv_sock_send_int(int fd, int the_int)$/;" f ++priv_sock_send_result privsock.c /^priv_sock_send_result(int fd, char res)$/;" f ++priv_sock_send_str privsock.c /^priv_sock_send_str(int fd, const struct mystr* p_str)$/;" f ++priv_sock_set_child_context privsock.c /^priv_sock_set_child_context(struct vsf_session* p_sess)$/;" f ++priv_sock_set_parent_context privsock.c /^priv_sock_set_parent_context(struct vsf_session* p_sess)$/;" f ++private_str_alloc_memchunk str.c /^private_str_alloc_memchunk(struct mystr* p_str, const char* p_src,$/;" f ++private_str_append_memchunk str.c /^private_str_append_memchunk(struct mystr* p_str, const char* p_src,$/;" f ++process_login_req twoprocess.c /^process_login_req(struct vsf_session* p_sess)$/;" f file: ++process_post_login postlogin.c /^process_post_login(struct vsf_session* p_sess)$/;" f ++process_post_login_req postprivparent.c /^process_post_login_req(struct vsf_session* p_sess)$/;" f file: ++pt_sandbox ptracesandbox.c /^struct pt_sandbox$/;" s file: ++ptrace_sandbox_alloc ptracesandbox.c /^ptrace_sandbox_alloc()$/;" f ++ptrace_sandbox_attach_point ptracesandbox.c /^ptrace_sandbox_attach_point()$/;" f ++ptrace_sandbox_attach_point ptracesandbox.c /^ptrace_sandbox_attach_point(void)$/;" f ++ptrace_sandbox_continue_process ptracesandbox.c /^ptrace_sandbox_continue_process(struct pt_sandbox* p_sandbox, int sig)$/;" f ++ptrace_sandbox_free ptracesandbox.c /^ptrace_sandbox_free(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_get_arg ptracesandbox.c /^ptrace_sandbox_get_arg(struct pt_sandbox* p_sandbox,$/;" f ++ptrace_sandbox_get_buf ptracesandbox.c /^ptrace_sandbox_get_buf(struct pt_sandbox* p_sandbox,$/;" f ++ptrace_sandbox_get_event ptracesandbox.c /^ptrace_sandbox_get_event(struct pt_sandbox* p_sandbox, int* status, int block)$/;" f ++ptrace_sandbox_get_event_fd ptracesandbox.c /^ptrace_sandbox_get_event_fd(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_get_long ptracesandbox.c /^ptrace_sandbox_get_long(struct pt_sandbox* p_sandbox,$/;" f ++ptrace_sandbox_get_socketcall_arg ptracesandbox.c /^ptrace_sandbox_get_socketcall_arg(struct pt_sandbox* p_sandbox,$/;" f ++ptrace_sandbox_handle_event ptracesandbox.c /^ptrace_sandbox_handle_event(struct pt_sandbox* p_sandbox, int status)$/;" f ++ptrace_sandbox_kill_processes ptracesandbox.c /^ptrace_sandbox_kill_processes(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_launch_process ptracesandbox.c /^ptrace_sandbox_launch_process(struct pt_sandbox* p_sandbox,$/;" f ++ptrace_sandbox_permit_accept ptracesandbox.c /^ptrace_sandbox_permit_accept(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_alarm ptracesandbox.c /^ptrace_sandbox_permit_alarm(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_bind ptracesandbox.c /^ptrace_sandbox_permit_bind(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_brk ptracesandbox.c /^ptrace_sandbox_permit_brk(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_chdir ptracesandbox.c /^ptrace_sandbox_permit_chdir(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_chmod ptracesandbox.c /^ptrace_sandbox_permit_chmod(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_close ptracesandbox.c /^ptrace_sandbox_permit_close(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_connect ptracesandbox.c /^ptrace_sandbox_permit_connect(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_exit ptracesandbox.c /^ptrace_sandbox_permit_exit(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_fchmod ptracesandbox.c /^ptrace_sandbox_permit_fchmod(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_fchown ptracesandbox.c /^ptrace_sandbox_permit_fchown(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_fcntl ptracesandbox.c /^ptrace_sandbox_permit_fcntl(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_fd_stats ptracesandbox.c /^ptrace_sandbox_permit_fd_stats(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_file_stats ptracesandbox.c /^ptrace_sandbox_permit_file_stats(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_ftruncate ptracesandbox.c /^ptrace_sandbox_permit_ftruncate(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_getcwd ptracesandbox.c /^ptrace_sandbox_permit_getcwd(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_getdents ptracesandbox.c /^ptrace_sandbox_permit_getdents(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_getsockopt ptracesandbox.c /^ptrace_sandbox_permit_getsockopt(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_listen ptracesandbox.c /^ptrace_sandbox_permit_listen(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_mkdir ptracesandbox.c /^ptrace_sandbox_permit_mkdir(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_mmap ptracesandbox.c /^ptrace_sandbox_permit_mmap(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_mprotect ptracesandbox.c /^ptrace_sandbox_permit_mprotect(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_mremap ptracesandbox.c /^ptrace_sandbox_permit_mremap(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_open ptracesandbox.c /^ptrace_sandbox_permit_open(struct pt_sandbox* p_sandbox, int writeable)$/;" f ++ptrace_sandbox_permit_query_time ptracesandbox.c /^ptrace_sandbox_permit_query_time(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_read ptracesandbox.c /^ptrace_sandbox_permit_read(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_readlink ptracesandbox.c /^ptrace_sandbox_permit_readlink(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_recv ptracesandbox.c /^ptrace_sandbox_permit_recv(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_rename ptracesandbox.c /^ptrace_sandbox_permit_rename(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_rmdir ptracesandbox.c /^ptrace_sandbox_permit_rmdir(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_seek ptracesandbox.c /^ptrace_sandbox_permit_seek(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_select ptracesandbox.c /^ptrace_sandbox_permit_select(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_sendfile ptracesandbox.c /^ptrace_sandbox_permit_sendfile(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_setsockopt ptracesandbox.c /^ptrace_sandbox_permit_setsockopt(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_shutdown ptracesandbox.c /^ptrace_sandbox_permit_shutdown(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_sigaction ptracesandbox.c /^ptrace_sandbox_permit_sigaction(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_sigreturn ptracesandbox.c /^ptrace_sandbox_permit_sigreturn(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_sleep ptracesandbox.c /^ptrace_sandbox_permit_sleep(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_socket ptracesandbox.c /^ptrace_sandbox_permit_socket(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_umask ptracesandbox.c /^ptrace_sandbox_permit_umask(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_unlink ptracesandbox.c /^ptrace_sandbox_permit_unlink(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_utime ptracesandbox.c /^ptrace_sandbox_permit_utime(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_utimes ptracesandbox.c /^ptrace_sandbox_permit_utimes(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_permit_write ptracesandbox.c /^ptrace_sandbox_permit_write(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_run_processes ptracesandbox.c /^ptrace_sandbox_run_processes(struct pt_sandbox* p_sandbox)$/;" f ++ptrace_sandbox_set_bind_validator ptracesandbox.c /^ptrace_sandbox_set_bind_validator(struct pt_sandbox* p_sandbox,$/;" f ++ptrace_sandbox_set_connect_validator ptracesandbox.c /^ptrace_sandbox_set_connect_validator(struct pt_sandbox* p_sandbox,$/;" f ++ptrace_sandbox_set_getsockopt_validator ptracesandbox.c /^ptrace_sandbox_set_getsockopt_validator(struct pt_sandbox* p_sandbox,$/;" f ++ptrace_sandbox_set_setsockopt_validator ptracesandbox.c /^ptrace_sandbox_set_setsockopt_validator(struct pt_sandbox* p_sandbox,$/;" f ++ptrace_sandbox_set_socket_validator ptracesandbox.c /^ptrace_sandbox_set_socket_validator(struct pt_sandbox* p_sandbox,$/;" f ++ptrace_sandbox_validator_t ptracesandbox.h /^typedef int (*ptrace_sandbox_validator_t)(struct pt_sandbox*, void*);$/;" t ++read_event_fd ptracesandbox.c /^ int read_event_fd;$/;" m struct:pt_sandbox file: ++regs ptracesandbox.c /^ struct user_regs_struct regs;$/;" m struct:pt_sandbox typeref:struct:pt_sandbox::user_regs_struct file: ++reject_nr seccompsandbox.c /^reject_nr(int nr, int errcode)$/;" f file: ++remote_ip_str session.h /^ struct mystr remote_ip_str;$/;" m struct:vsf_session typeref:struct:vsf_session::mystr ++resolve_tilde postlogin.c /^resolve_tilde(struct mystr* p_str, struct vsf_session* p_sess)$/;" f file: ++restart_pos session.h /^ filesize_t restart_pos;$/;" m struct:vsf_session ++retval ftpdataio.h /^ int retval;$/;" m struct:vsf_transfer_ret ++rnfr_filename_str session.h /^ struct mystr rnfr_filename_str;$/;" m struct:vsf_session typeref:struct:vsf_session::mystr ++running sysutil.c /^ int running;$/;" m struct:vsf_sysutil_sig_details file: ++s_1_arg_validations seccompsandbox.c /^static size_t s_1_arg_validations;$/;" v file: ++s_2_arg_validations seccompsandbox.c /^static size_t s_2_arg_validations;$/;" v file: ++s_3_arg_validations seccompsandbox.c /^static size_t s_3_arg_validations;$/;" v file: ++s_args_1 seccompsandbox.c /^static int s_args_1[kMaxSyscalls];$/;" v file: ++s_args_2 seccompsandbox.c /^static int s_args_2[kMaxSyscalls];$/;" v file: ++s_args_3 seccompsandbox.c /^static int s_args_3[kMaxSyscalls];$/;" v file: ++s_children standalone.c /^static unsigned int s_children;$/;" v file: ++s_current_pid sysutil.c /^static int s_current_pid = -1;$/;" v file: ++s_current_time sysutil.c /^static struct timeval s_current_time;$/;" v typeref:struct:timeval file: ++s_current_umask sysutil.c /^static unsigned int s_current_umask;$/;" v file: ++s_errnos seccompsandbox.c /^static int s_errnos[kMaxSyscalls];$/;" v file: ++s_exit_func sysutil.c /^static exitfunc_t s_exit_func;$/;" v file: ++s_io_handler sysutil.c /^static vsf_context_io_t s_io_handler;$/;" v file: ++s_io_handler_running sysutil.c /^static int s_io_handler_running;$/;" v file: ++s_ipaddr_size standalone.c /^static unsigned int s_ipaddr_size;$/;" v file: ++s_null_str strlist.c /^static struct mystr s_null_str;$/;" v typeref:struct:mystr file: ++s_p_io_handler_private sysutil.c /^static void* s_p_io_handler_private;$/;" v file: ++s_p_ip_count_hash standalone.c /^static struct hash* s_p_ip_count_hash;$/;" v typeref:struct:hash file: ++s_p_pid_ip_hash standalone.c /^static struct hash* s_p_pid_ip_hash;$/;" v typeref:struct:hash file: ++s_p_proctitle sysdeputil.c /^static char* s_p_proctitle = 0;$/;" v file: ++s_p_saved_filename parseconf.c /^static const char* s_p_saved_filename;$/;" v file: ++s_pamh sysdeputil.c /^static pam_handle_t* s_pamh;$/;" v file: ++s_proctitle_inited sysdeputil.c /^static int s_proctitle_inited = 0;$/;" v file: ++s_proctitle_prefix_str sysdeputil.c /^static struct mystr s_proctitle_prefix_str;$/;" v typeref:struct:mystr file: ++s_proctitle_space sysdeputil.c /^static unsigned int s_proctitle_space = 0;$/;" v file: ++s_pword_str sysdeputil.c /^static struct mystr s_pword_str;$/;" v typeref:struct:mystr file: ++s_setbuf str.c /^s_setbuf(struct mystr* p_str, char* p_newbuf)$/;" f file: ++s_sig_details sysutil.c /^} s_sig_details[NSIG];$/;" v typeref:struct:vsf_sysutil_sig_details file: ++s_sigchld_fd ptracesandbox.c /^static int s_sigchld_fd = -1;$/;" v file: ++s_syscall_index seccompsandbox.c /^static size_t s_syscall_index;$/;" v file: ++s_syscalls seccompsandbox.c /^static int s_syscalls[kMaxSyscalls];$/;" v file: ++s_timezone sysutil.c /^static long s_timezone;$/;" v file: ++s_utent sysdeputil.c /^static struct utmpx s_utent;$/;" v typeref:struct:utmpx file: ++s_uwtmp_inserted sysdeputil.c /^static int s_uwtmp_inserted;$/;" v file: ++s_vals_1 seccompsandbox.c /^static int s_vals_1[kMaxSyscalls];$/;" v file: ++s_vals_2 seccompsandbox.c /^static int s_vals_2[kMaxSyscalls];$/;" v file: ++s_vals_3 seccompsandbox.c /^static int s_vals_3[kMaxSyscalls];$/;" v file: ++s_zero_fd sysdeputil.c /^static int s_zero_fd = -1;$/;" v file: ++sanitize_child ptracesandbox.c /^sanitize_child()$/;" f file: ++seccomp_sandbox_init seccompsandbox.c /^seccomp_sandbox_init()$/;" f ++seccomp_sandbox_lockdown seccompsandbox.c /^seccomp_sandbox_lockdown()$/;" f ++seccomp_sandbox_setup_base seccompsandbox.c /^seccomp_sandbox_setup_base()$/;" f file: ++seccomp_sandbox_setup_data_connections seccompsandbox.c /^seccomp_sandbox_setup_data_connections()$/;" f file: ++seccomp_sandbox_setup_postlogin seccompsandbox.c /^seccomp_sandbox_setup_postlogin(const struct vsf_session* p_sess)$/;" f ++seccomp_sandbox_setup_postlogin_broker seccompsandbox.c /^seccomp_sandbox_setup_postlogin_broker()$/;" f ++seccomp_sandbox_setup_prelogin seccompsandbox.c /^seccomp_sandbox_setup_prelogin(const struct vsf_session* p_sess)$/;" f ++session_init main.c /^session_init(struct vsf_session* p_sess)$/;" f file: ++setsockopt_validator ftppolicy.c /^setsockopt_validator(struct pt_sandbox* p_sandbox, void* p_arg)$/;" f file: ++setup_bio_callbacks ssl.c /^static void setup_bio_callbacks(SSL* p_ssl)$/;" f file: ++setup_username_globals privops.c /^setup_username_globals(struct vsf_session* p_sess, const struct mystr* p_str)$/;" f file: ++sigalr sysutil.c /^static struct sigaction sigalr, sigusr1;$/;" v typeref:struct:sigaction file: ++sigusr1 sysutil.c /^static struct sigaction sigalr, sigusr1;$/;" v typeref:struct: file: ++socket_one sysutil.h /^ int socket_one;$/;" m struct:vsf_sysutil_socketpair_retval ++socket_two sysutil.h /^ int socket_two;$/;" m struct:vsf_sysutil_socketpair_retval ++socket_validator ftppolicy.c /^socket_validator(struct pt_sandbox* p_sandbox, void* p_arg)$/;" f file: ++socketcall_validator ptracesandbox.c /^ ptrace_sandbox_validator_t socketcall_validator[NPROTO];$/;" m struct:pt_sandbox file: ++socketcall_validator_arg ptracesandbox.c /^ void* socketcall_validator_arg[NPROTO];$/;" m struct:pt_sandbox file: ++sort_compare_common strlist.c /^sort_compare_common(const void* p1, const void* p2, int reverse)$/;" f file: ++sort_compare_func strlist.c /^sort_compare_func(const void* p1, const void* p2)$/;" f file: ++sort_compare_func_reverse strlist.c /^sort_compare_func_reverse(const void* p1, const void* p2)$/;" f file: ++sort_key_str strlist.c /^ struct mystr sort_key_str;$/;" m struct:mystr_list_node typeref:struct:mystr_list_node::mystr file: ++ssl_accept ssl.c /^ssl_accept(struct vsf_session* p_sess, int fd)$/;" f ++ssl_add_entropy ssl.c /^ssl_add_entropy(struct vsf_session* p_sess)$/;" f ++ssl_cert_digest ssl.c /^ssl_cert_digest(SSL* p_ssl, struct vsf_session* p_sess, struct mystr* p_str)$/;" f file: ++ssl_comm_channel_init ssl.c /^ssl_comm_channel_init(struct vsf_session* p_sess)$/;" f ++ssl_comm_channel_set_consumer_context ssl.c /^ssl_comm_channel_set_consumer_context(struct vsf_session* p_sess)$/;" f ++ssl_comm_channel_set_producer_context ssl.c /^ssl_comm_channel_set_producer_context(struct vsf_session* p_sess)$/;" f ++ssl_consumer_fd session.h /^ int ssl_consumer_fd;$/;" m struct:vsf_session ++ssl_control_handshake ssl.c /^ssl_control_handshake(struct vsf_session* p_sess)$/;" f ++ssl_data_close ssl.c /^ssl_data_close(struct vsf_session* p_sess)$/;" f ++ssl_init ssl.c /^ssl_init(struct vsf_session* p_sess)$/;" f ++ssl_inited ssl.c /^static int ssl_inited;$/;" v file: ++ssl_peek ssl.c /^ssl_peek(struct vsf_session* p_sess, void* p_ssl, char* p_buf, unsigned int len)$/;" f ++ssl_peek_adapter readwrite.c /^ssl_peek_adapter(struct vsf_session* p_sess, char* p_buf, unsigned int len)$/;" f file: ++ssl_read ssl.c /^ssl_read(struct vsf_session* p_sess, void* p_ssl, char* p_buf, unsigned int len)$/;" f ++ssl_read_adapter readwrite.c /^ssl_read_adapter(struct vsf_session* p_sess, char* p_buf, unsigned int len)$/;" f file: ++ssl_read_common ssl.c /^ssl_read_common(struct vsf_session* p_sess,$/;" f file: ++ssl_read_into_str ssl.c /^ssl_read_into_str(struct vsf_session* p_sess, void* p_ssl, struct mystr* p_str)$/;" f ++ssl_session_init ssl.c /^ssl_session_init(struct vsf_session* p_sess)$/;" f file: ++ssl_slave sslslave.c /^ssl_slave(struct vsf_session* p_sess)$/;" f ++ssl_slave_active session.h /^ int ssl_slave_active;$/;" m struct:vsf_session ++ssl_slave_fd session.h /^ int ssl_slave_fd;$/;" m struct:vsf_session ++ssl_tmp_dh_callback ssl.c /^ssl_tmp_dh_callback(SSL *ssl, int is_export, int keylength)$/;" f file: ++ssl_verify_callback ssl.c /^ssl_verify_callback(int verify_ok, X509_STORE_CTX* p_ctx)$/;" f file: ++ssl_write ssl.c /^ssl_write(void* p_ssl, const char* p_buf, unsigned int len)$/;" f ++ssl_write_str ssl.c /^ssl_write_str(void* p_ssl, const struct mystr* p_str)$/;" f ++start_data_alarm ftpdataio.c /^start_data_alarm(struct vsf_session* p_sess)$/;" f ++stored ascii.h /^ unsigned int stored;$/;" m struct:ascii_to_bin_ret ++stored ascii.h /^ unsigned int stored;$/;" m struct:bin_to_ascii_ret ++str strlist.c /^ struct mystr str;$/;" m struct:mystr_list_node typeref:struct:mystr_list_node::mystr file: ++str_a_to_filesize_t str.c /^str_a_to_filesize_t(const struct mystr* p_str)$/;" f ++str_all_space str.c /^str_all_space(const struct mystr* p_str)$/;" f ++str_alloc_alt_term str.c /^str_alloc_alt_term(struct mystr* p_str, const char* p_src, char term)$/;" f ++str_alloc_filesize_t str.c /^str_alloc_filesize_t(struct mystr* p_str, filesize_t the_filesize)$/;" f ++str_alloc_memchunk str.h 22;" d ++str_alloc_text str.c /^str_alloc_text(struct mystr* p_str, const char* p_src)$/;" f ++str_alloc_ulong str.c /^str_alloc_ulong(struct mystr* p_str, unsigned long the_long)$/;" f ++str_append_char str.c /^str_append_char(struct mystr* p_str, char the_char)$/;" f ++str_append_double str.c /^str_append_double(struct mystr* p_str, double the_double)$/;" f ++str_append_filesize_t str.c /^str_append_filesize_t(struct mystr* p_str, filesize_t the_filesize)$/;" f ++str_append_str str.c /^str_append_str(struct mystr* p_str, const struct mystr* p_other)$/;" f ++str_append_text str.c /^str_append_text(struct mystr* p_str, const char* p_src)$/;" f ++str_append_ulong str.c /^str_append_ulong(struct mystr* p_str, unsigned long the_ulong)$/;" f ++str_atoi str.c /^str_atoi(const struct mystr* p_str)$/;" f ++str_basename str.c /^str_basename (struct mystr* d_str, const struct mystr* path)$/;" f ++str_chdir sysstr.c /^str_chdir(const struct mystr* p_str)$/;" f ++str_chmod sysstr.c /^str_chmod(const struct mystr* p_str, unsigned int mode)$/;" f ++str_contains_line str.c /^str_contains_line(const struct mystr* p_str, const struct mystr* p_line_str)$/;" f ++str_contains_space str.c /^str_contains_space(const struct mystr* p_str)$/;" f ++str_contains_unprintable str.c /^str_contains_unprintable(const struct mystr* p_str)$/;" f ++str_copy str.c /^str_copy(struct mystr* p_dest, const struct mystr* p_src)$/;" f ++str_create sysstr.c /^str_create(const struct mystr* p_str)$/;" f ++str_create_exclusive sysstr.c /^str_create_exclusive(const struct mystr* p_str)$/;" f ++str_empty str.c /^str_empty(struct mystr* p_str)$/;" f ++str_equal str.c /^str_equal(const struct mystr* p_str1, const struct mystr* p_str2)$/;" f ++str_equal_internal str.c /^str_equal_internal(const char* p_buf1, unsigned int buf1_len,$/;" f file: ++str_equal_text str.c /^str_equal_text(const struct mystr* p_str, const char* p_text)$/;" f ++str_fileread filestr.c /^str_fileread(struct mystr* p_str, const char* p_filename, unsigned int maxsize)$/;" f ++str_free str.c /^str_free(struct mystr* p_str)$/;" f ++str_get_char_at str.c /^str_get_char_at(const struct mystr* p_str, const unsigned int indexx)$/;" f ++str_getbuf str.c /^str_getbuf(const struct mystr* p_str)$/;" f ++str_getcwd sysstr.c /^str_getcwd(struct mystr* p_str)$/;" f ++str_getlen str.c /^str_getlen(const struct mystr* p_str)$/;" f ++str_getline str.c /^str_getline(const struct mystr* p_str, struct mystr* p_line_str,$/;" f ++str_getpwnam sysstr.c /^str_getpwnam(const struct mystr* p_user_str)$/;" f ++str_isempty str.c /^str_isempty(const struct mystr* p_str)$/;" f ++str_left str.c /^str_left(const struct mystr* p_str, struct mystr* p_out, unsigned int chars)$/;" f ++str_list_add strlist.c /^str_list_add(struct mystr_list* p_list, const struct mystr* p_str,$/;" f ++str_list_contains_str strlist.c /^str_list_contains_str(const struct mystr_list* p_list,$/;" f ++str_list_free strlist.c /^str_list_free(struct mystr_list* p_list)$/;" f ++str_list_get_length strlist.c /^str_list_get_length(const struct mystr_list* p_list)$/;" f ++str_list_get_pstr strlist.c /^str_list_get_pstr(const struct mystr_list* p_list, unsigned int indexx)$/;" f ++str_list_sort strlist.c /^str_list_sort(struct mystr_list* p_list, int reverse)$/;" f ++str_locate_char str.c /^str_locate_char(const struct mystr* p_str, char look_char)$/;" f ++str_locate_chars str.c /^str_locate_chars(const struct mystr* p_str, const char* p_chars)$/;" f ++str_locate_result str.h /^struct str_locate_result$/;" s ++str_locate_str str.c /^str_locate_str(const struct mystr* p_str, const struct mystr* p_look_str)$/;" f ++str_locate_str_reverse str.c /^str_locate_str_reverse(const struct mystr* p_str,$/;" f ++str_locate_text str.c /^str_locate_text(const struct mystr* p_str, const char* p_text)$/;" f ++str_locate_text_reverse str.c /^str_locate_text_reverse(const struct mystr* p_str, const char* p_text)$/;" f ++str_lpad str.c /^str_lpad(struct mystr* p_str, const unsigned int min_width)$/;" f ++str_lstat sysstr.c /^str_lstat(const struct mystr* p_str, struct vsf_sysutil_statbuf** p_ptr)$/;" f ++str_mid_to_end str.c /^str_mid_to_end(const struct mystr* p_str, struct mystr* p_out,$/;" f ++str_mkdir sysstr.c /^str_mkdir(const struct mystr* p_str, const unsigned int mode)$/;" f ++str_netfd_alloc netstr.c /^str_netfd_alloc(struct vsf_session* p_sess,$/;" f ++str_netfd_read netstr.c /^str_netfd_read(struct mystr* p_str, int fd, unsigned int len)$/;" f ++str_netfd_read_t netstr.h /^typedef int (*str_netfd_read_t)(struct vsf_session*$/;" t ++str_netfd_write netstr.c /^str_netfd_write(const struct mystr* p_str, int fd)$/;" f ++str_next_dirent sysstr.c /^str_next_dirent(struct mystr* p_filename_str, struct vsf_sysutil_dir* p_dir)$/;" f ++str_octal_to_uint str.c /^str_octal_to_uint(const struct mystr* p_str)$/;" f ++str_open sysstr.c /^str_open(const struct mystr* p_str, const enum EVSFSysStrOpenMode mode)$/;" f ++str_opendir sysstr.c /^str_opendir(const struct mystr* p_str)$/;" f ++str_read_loop sysstr.c /^str_read_loop(struct mystr* p_str, const int fd)$/;" f ++str_readlink sysstr.c /^str_readlink(struct mystr* p_str, const struct mystr* p_filename_str)$/;" f ++str_rename sysstr.c /^str_rename(const struct mystr* p_from_str, const struct mystr* p_to_str)$/;" f ++str_replace_char str.c /^str_replace_char(struct mystr* p_str, char from, char to)$/;" f ++str_replace_text str.c /^str_replace_text(struct mystr* p_str, const char* p_from, const char* p_to)$/;" f ++str_replace_unprintable str.c /^str_replace_unprintable(struct mystr* p_str, char new_char)$/;" f ++str_reserve str.c /^str_reserve(struct mystr* p_str, unsigned int res_len)$/;" f ++str_right str.c /^str_right(const struct mystr* p_str, struct mystr* p_out, unsigned int chars)$/;" f ++str_rmdir sysstr.c /^str_rmdir(const struct mystr* p_str)$/;" f ++str_rpad str.c /^str_rpad(struct mystr* p_str, const unsigned int min_width)$/;" f ++str_split_char str.c /^str_split_char(struct mystr* p_src, struct mystr* p_rhs, char c)$/;" f ++str_split_char_reverse str.c /^str_split_char_reverse(struct mystr* p_src, struct mystr* p_rhs, char c)$/;" f ++str_split_text str.c /^str_split_text(struct mystr* p_src, struct mystr* p_rhs, const char* p_text)$/;" f ++str_split_text_common str.c /^str_split_text_common(struct mystr* p_src, struct mystr* p_rhs,$/;" f file: ++str_split_text_reverse str.c /^str_split_text_reverse(struct mystr* p_src, struct mystr* p_rhs,$/;" f ++str_stat sysstr.c /^str_stat(const struct mystr* p_str, struct vsf_sysutil_statbuf** p_ptr)$/;" f ++str_strcmp str.c /^str_strcmp(const struct mystr* p_str1, const struct mystr* p_str2)$/;" f ++str_strdup str.c /^str_strdup(const struct mystr* p_str)$/;" f ++str_strdup_trimmed str.c /^str_strdup_trimmed(const struct mystr* p_str)$/;" f ++str_syslog sysstr.c /^str_syslog(const struct mystr* p_str, int severe)$/;" f ++str_trunc str.c /^str_trunc(struct mystr* p_str, unsigned int trunc_len)$/;" f ++str_unlink sysstr.c /^str_unlink(const struct mystr* p_str)$/;" f ++str_upper str.c /^str_upper(struct mystr* p_str)$/;" f ++str_write_loop sysstr.c /^str_write_loop(const struct mystr* p_str, const int fd)$/;" f ++sync_sig_handler sysutil.c /^ vsf_sighandle_t sync_sig_handler;$/;" m struct:vsf_sysutil_sig_details file: ++tcp_wrapper_ok session.h /^ int tcp_wrapper_ok;$/;" m struct:vsf_session ++transfer_dir_internal ftpdataio.c /^transfer_dir_internal(struct vsf_session* p_sess, int is_control,$/;" f file: ++transfer_size session.h /^ filesize_t transfer_size;$/;" m struct:vsf_session ++transferred ftpdataio.h /^ filesize_t transferred;$/;" m struct:vsf_transfer_ret ++tunable_accept_timeout tunables.c /^unsigned int tunable_accept_timeout;$/;" v ++tunable_allow_anon_ssl tunables.c /^int tunable_allow_anon_ssl;$/;" v ++tunable_allow_writeable_chroot tunables.c /^int tunable_allow_writeable_chroot;$/;" v ++tunable_anon_max_rate tunables.c /^unsigned int tunable_anon_max_rate;$/;" v ++tunable_anon_mkdir_write_enable tunables.c /^int tunable_anon_mkdir_write_enable;$/;" v ++tunable_anon_other_write_enable tunables.c /^int tunable_anon_other_write_enable;$/;" v ++tunable_anon_root tunables.c /^const char* tunable_anon_root;$/;" v ++tunable_anon_umask tunables.c /^unsigned int tunable_anon_umask;$/;" v ++tunable_anon_upload_enable tunables.c /^int tunable_anon_upload_enable;$/;" v ++tunable_anon_world_readable_only tunables.c /^int tunable_anon_world_readable_only;$/;" v ++tunable_anonymous_enable tunables.c /^int tunable_anonymous_enable;$/;" v ++tunable_ascii_download_enable tunables.c /^int tunable_ascii_download_enable;$/;" v ++tunable_ascii_upload_enable tunables.c /^int tunable_ascii_upload_enable;$/;" v ++tunable_async_abor_enable tunables.c /^int tunable_async_abor_enable;$/;" v ++tunable_background tunables.c /^int tunable_background;$/;" v ++tunable_banned_email_file tunables.c /^const char* tunable_banned_email_file;$/;" v ++tunable_banner_file tunables.c /^const char* tunable_banner_file;$/;" v ++tunable_ca_certs_file tunables.c /^const char* tunable_ca_certs_file;$/;" v ++tunable_check_shell tunables.c /^int tunable_check_shell;$/;" v ++tunable_chmod_enable tunables.c /^int tunable_chmod_enable;$/;" v ++tunable_chown_upload_mode tunables.c /^unsigned int tunable_chown_upload_mode;$/;" v ++tunable_chown_uploads tunables.c /^int tunable_chown_uploads;$/;" v ++tunable_chown_username tunables.c /^const char* tunable_chown_username;$/;" v ++tunable_chroot_list_enable tunables.c /^int tunable_chroot_list_enable;$/;" v ++tunable_chroot_list_file tunables.c /^const char* tunable_chroot_list_file;$/;" v ++tunable_chroot_local_user tunables.c /^int tunable_chroot_local_user;$/;" v ++tunable_cmds_allowed tunables.c /^const char* tunable_cmds_allowed;$/;" v ++tunable_cmds_denied tunables.c /^const char* tunable_cmds_denied;$/;" v ++tunable_connect_from_port_20 tunables.c /^int tunable_connect_from_port_20;$/;" v ++tunable_connect_timeout tunables.c /^unsigned int tunable_connect_timeout;$/;" v ++tunable_data_connection_timeout tunables.c /^unsigned int tunable_data_connection_timeout;$/;" v ++tunable_debug_ssl tunables.c /^int tunable_debug_ssl;$/;" v ++tunable_delay_failed_login tunables.c /^unsigned int tunable_delay_failed_login;$/;" v ++tunable_delay_successful_login tunables.c /^unsigned int tunable_delay_successful_login;$/;" v ++tunable_delete_failed_uploads tunables.c /^int tunable_delete_failed_uploads;$/;" v ++tunable_deny_email_enable tunables.c /^int tunable_deny_email_enable;$/;" v ++tunable_deny_file tunables.c /^const char* tunable_deny_file;$/;" v ++tunable_dh_param_file tunables.c /^const char* tunable_dh_param_file;$/;" v ++tunable_dirlist_enable tunables.c /^int tunable_dirlist_enable;$/;" v ++tunable_dirmessage_enable tunables.c /^int tunable_dirmessage_enable;$/;" v ++tunable_download_enable tunables.c /^int tunable_download_enable;$/;" v ++tunable_dsa_cert_file tunables.c /^const char* tunable_dsa_cert_file;$/;" v ++tunable_dsa_private_key_file tunables.c /^const char* tunable_dsa_private_key_file;$/;" v ++tunable_dual_log_enable tunables.c /^int tunable_dual_log_enable;$/;" v ++tunable_ecdh_param_file tunables.c /^const char* tunable_ecdh_param_file;$/;" v ++tunable_email_password_file tunables.c /^const char* tunable_email_password_file;$/;" v ++tunable_file_open_mode tunables.c /^unsigned int tunable_file_open_mode;$/;" v ++tunable_force_anon_data_ssl tunables.c /^int tunable_force_anon_data_ssl;$/;" v ++tunable_force_anon_logins_ssl tunables.c /^int tunable_force_anon_logins_ssl;$/;" v ++tunable_force_dot_files tunables.c /^int tunable_force_dot_files;$/;" v ++tunable_force_local_data_ssl tunables.c /^int tunable_force_local_data_ssl;$/;" v ++tunable_force_local_logins_ssl tunables.c /^int tunable_force_local_logins_ssl;$/;" v ++tunable_ftp_data_port tunables.c /^unsigned int tunable_ftp_data_port;$/;" v ++tunable_ftp_enable tunables.c /^int tunable_ftp_enable;$/;" v ++tunable_ftp_username tunables.c /^const char* tunable_ftp_username;$/;" v ++tunable_ftpd_banner tunables.c /^const char* tunable_ftpd_banner;$/;" v ++tunable_guest_enable tunables.c /^int tunable_guest_enable;$/;" v ++tunable_guest_username tunables.c /^const char* tunable_guest_username;$/;" v ++tunable_hide_file tunables.c /^const char* tunable_hide_file;$/;" v ++tunable_hide_ids tunables.c /^int tunable_hide_ids;$/;" v ++tunable_http_enable tunables.c /^int tunable_http_enable;$/;" v ++tunable_idle_session_timeout tunables.c /^unsigned int tunable_idle_session_timeout;$/;" v ++tunable_implicit_ssl tunables.c /^int tunable_implicit_ssl;$/;" v ++tunable_isolate tunables.c /^int tunable_isolate;$/;" v ++tunable_isolate_network tunables.c /^int tunable_isolate_network;$/;" v ++tunable_listen tunables.c /^int tunable_listen;$/;" v ++tunable_listen_address tunables.c /^const char* tunable_listen_address;$/;" v ++tunable_listen_address6 tunables.c /^const char* tunable_listen_address6;$/;" v ++tunable_listen_ipv6 tunables.c /^int tunable_listen_ipv6;$/;" v ++tunable_listen_port tunables.c /^unsigned int tunable_listen_port;$/;" v ++tunable_local_enable tunables.c /^int tunable_local_enable;$/;" v ++tunable_local_max_rate tunables.c /^unsigned int tunable_local_max_rate;$/;" v ++tunable_local_root tunables.c /^const char* tunable_local_root;$/;" v ++tunable_local_umask tunables.c /^unsigned int tunable_local_umask;$/;" v ++tunable_lock_upload_files tunables.c /^int tunable_lock_upload_files;$/;" v ++tunable_log_ftp_protocol tunables.c /^int tunable_log_ftp_protocol;$/;" v ++tunable_ls_recurse_enable tunables.c /^int tunable_ls_recurse_enable;$/;" v ++tunable_max_clients tunables.c /^unsigned int tunable_max_clients;$/;" v ++tunable_max_login_fails tunables.c /^unsigned int tunable_max_login_fails;$/;" v ++tunable_max_per_ip tunables.c /^unsigned int tunable_max_per_ip;$/;" v ++tunable_mdtm_write tunables.c /^int tunable_mdtm_write;$/;" v ++tunable_message_file tunables.c /^const char* tunable_message_file;$/;" v ++tunable_no_anon_password tunables.c /^int tunable_no_anon_password;$/;" v ++tunable_no_log_lock tunables.c /^int tunable_no_log_lock;$/;" v ++tunable_nopriv_user tunables.c /^const char* tunable_nopriv_user;$/;" v ++tunable_one_process_model tunables.c /^int tunable_one_process_model;$/;" v ++tunable_pam_service_name tunables.c /^const char* tunable_pam_service_name;$/;" v ++tunable_passwd_chroot_enable tunables.c /^int tunable_passwd_chroot_enable;$/;" v ++tunable_pasv_addr_resolve tunables.c /^int tunable_pasv_addr_resolve;$/;" v ++tunable_pasv_address tunables.c /^const char* tunable_pasv_address;$/;" v ++tunable_pasv_enable tunables.c /^int tunable_pasv_enable;$/;" v ++tunable_pasv_max_port tunables.c /^unsigned int tunable_pasv_max_port;$/;" v ++tunable_pasv_min_port tunables.c /^unsigned int tunable_pasv_min_port;$/;" v ++tunable_pasv_promiscuous tunables.c /^int tunable_pasv_promiscuous;$/;" v ++tunable_port_enable tunables.c /^int tunable_port_enable;$/;" v ++tunable_port_promiscuous tunables.c /^int tunable_port_promiscuous;$/;" v ++tunable_ptrace_sandbox tunables.c /^int tunable_ptrace_sandbox;$/;" v ++tunable_require_cert tunables.c /^int tunable_require_cert;$/;" v ++tunable_require_ssl_reuse tunables.c /^int tunable_require_ssl_reuse;$/;" v ++tunable_reverse_lookup_enable tunables.c /^int tunable_reverse_lookup_enable;$/;" v ++tunable_rsa_cert_file tunables.c /^const char* tunable_rsa_cert_file;$/;" v ++tunable_rsa_private_key_file tunables.c /^const char* tunable_rsa_private_key_file;$/;" v ++tunable_run_as_launching_user tunables.c /^int tunable_run_as_launching_user;$/;" v ++tunable_seccomp_sandbox tunables.c /^int tunable_seccomp_sandbox;$/;" v ++tunable_secure_chroot_dir tunables.c /^const char* tunable_secure_chroot_dir;$/;" v ++tunable_secure_email_list_enable tunables.c /^int tunable_secure_email_list_enable;$/;" v ++tunable_session_support tunables.c /^int tunable_session_support;$/;" v ++tunable_setproctitle_enable tunables.c /^int tunable_setproctitle_enable;$/;" v ++tunable_ssl_ciphers tunables.c /^const char* tunable_ssl_ciphers;$/;" v ++tunable_ssl_enable tunables.c /^int tunable_ssl_enable;$/;" v ++tunable_ssl_request_cert tunables.c /^int tunable_ssl_request_cert;$/;" v ++tunable_sslv2 tunables.c /^int tunable_sslv2;$/;" v ++tunable_sslv3 tunables.c /^int tunable_sslv3;$/;" v ++tunable_strict_ssl_read_eof tunables.c /^int tunable_strict_ssl_read_eof;$/;" v ++tunable_strict_ssl_write_shutdown tunables.c /^int tunable_strict_ssl_write_shutdown;$/;" v ++tunable_syslog_enable tunables.c /^int tunable_syslog_enable;$/;" v ++tunable_tcp_wrappers tunables.c /^int tunable_tcp_wrappers;$/;" v ++tunable_text_userdb_names tunables.c /^int tunable_text_userdb_names;$/;" v ++tunable_tilde_user_enable tunables.c /^int tunable_tilde_user_enable;$/;" v ++tunable_tlsv1 tunables.c /^int tunable_tlsv1;$/;" v ++tunable_trans_chunk_size tunables.c /^unsigned int tunable_trans_chunk_size;$/;" v ++tunable_use_localtime tunables.c /^int tunable_use_localtime;$/;" v ++tunable_use_sendfile tunables.c /^int tunable_use_sendfile;$/;" v ++tunable_user_config_dir tunables.c /^const char* tunable_user_config_dir;$/;" v ++tunable_user_sub_token tunables.c /^const char* tunable_user_sub_token;$/;" v ++tunable_userlist_deny tunables.c /^int tunable_userlist_deny;$/;" v ++tunable_userlist_enable tunables.c /^int tunable_userlist_enable;$/;" v ++tunable_userlist_file tunables.c /^const char* tunable_userlist_file;$/;" v ++tunable_userlist_log tunables.c /^int tunable_userlist_log;$/;" v ++tunable_validate_cert tunables.c /^int tunable_validate_cert;$/;" v ++tunable_virtual_use_local_privs tunables.c /^int tunable_virtual_use_local_privs;$/;" v ++tunable_vsftpd_log_file tunables.c /^const char* tunable_vsftpd_log_file;$/;" v ++tunable_write_enable tunables.c /^int tunable_write_enable;$/;" v ++tunable_xferlog_enable tunables.c /^int tunable_xferlog_enable;$/;" v ++tunable_xferlog_file tunables.c /^const char* tunable_xferlog_file;$/;" v ++tunable_xferlog_std_format tunables.c /^int tunable_xferlog_std_format;$/;" v ++tunables_load_defaults tunables.c /^tunables_load_defaults()$/;" f ++u sysutil.c /^ } u;$/;" m struct:vsf_sysutil_sockaddr typeref:union:vsf_sysutil_sockaddr::__anon1 file: ++u_sockaddr sysutil.c /^ struct sockaddr u_sockaddr;$/;" m union:vsf_sysutil_sockaddr::__anon1 typeref:struct:vsf_sysutil_sockaddr::__anon1::sockaddr file: ++u_sockaddr_in sysutil.c /^ struct sockaddr_in u_sockaddr_in;$/;" m union:vsf_sysutil_sockaddr::__anon1 typeref:struct:vsf_sysutil_sockaddr::__anon1::sockaddr_in file: ++u_sockaddr_in6 sysutil.c /^ struct sockaddr_in6 u_sockaddr_in6;$/;" m union:vsf_sysutil_sockaddr::__anon1 typeref:struct:vsf_sysutil_sockaddr::__anon1::sockaddr_in6 file: ++use_alarm sysutil.c /^ int use_alarm;$/;" m struct:vsf_sysutil_sig_details file: ++user_str session.h /^ struct mystr user_str;$/;" m struct:vsf_session typeref:struct:vsf_session::mystr ++userlist_str session.h /^ struct mystr userlist_str;$/;" m struct:vsf_session typeref:struct:vsf_session::mystr ++validate_fcntl ptracesandbox.c /^validate_fcntl(struct pt_sandbox* p_sandbox, void* p_arg)$/;" f file: ++validate_mmap2 ptracesandbox.c /^validate_mmap2(struct pt_sandbox* p_sandbox, void* p_arg)$/;" f file: ++validate_open_default ptracesandbox.c /^validate_open_default(struct pt_sandbox* p_sandbox, void* p_arg)$/;" f file: ++validate_open_readonly ptracesandbox.c /^validate_open_readonly(struct pt_sandbox* p_sandbox, void* p_arg)$/;" f file: ++validate_socketcall ptracesandbox.c /^validate_socketcall(struct pt_sandbox* p_sandbox, void* p_arg)$/;" f file: ++validator ptracesandbox.c /^ ptrace_sandbox_validator_t validator[MAX_SYSCALL];$/;" m struct:pt_sandbox file: ++validator_arg ptracesandbox.c /^ void* validator_arg[MAX_SYSCALL];$/;" m struct:pt_sandbox file: ++value_size hash.c /^ unsigned int value_size;$/;" m struct:hash file: ++vsf_access_check_file access.c /^vsf_access_check_file(const struct mystr* p_filename_str)$/;" f ++vsf_access_check_file_visible access.c /^vsf_access_check_file_visible(const struct mystr* p_filename_str)$/;" f ++vsf_ascii_ascii_to_bin ascii.c /^vsf_ascii_ascii_to_bin(char* p_buf, unsigned int in_len, int prev_cr)$/;" f ++vsf_ascii_bin_to_ascii ascii.c /^vsf_ascii_bin_to_ascii(const char* p_in,$/;" f ++vsf_async_sighandle_t sysutil.h /^typedef void (*vsf_async_sighandle_t)(int);$/;" t ++vsf_auth_shutdown sysdeputil.c /^vsf_auth_shutdown(void)$/;" f file: ++vsf_banner_dir_changed banner.c /^vsf_banner_dir_changed(struct vsf_session* p_sess, int ftpcode)$/;" f ++vsf_banner_write banner.c /^vsf_banner_write(struct vsf_session* p_sess, struct mystr* p_str, int ftpcode)$/;" f ++vsf_client_launch standalone.h /^struct vsf_client_launch$/;" s ++vsf_cmdio_get_cmd_and_arg ftpcmdio.c /^vsf_cmdio_get_cmd_and_arg(struct vsf_session* p_sess, struct mystr* p_cmd_str,$/;" f ++vsf_cmdio_set_alarm ftpcmdio.c /^vsf_cmdio_set_alarm(struct vsf_session* p_sess)$/;" f ++vsf_cmdio_sock_setup ftpcmdio.c /^vsf_cmdio_sock_setup(void)$/;" f ++vsf_cmdio_write ftpcmdio.c /^vsf_cmdio_write(struct vsf_session* p_sess, int status, const char* p_text)$/;" f ++vsf_cmdio_write_exit ftpcmdio.c /^vsf_cmdio_write_exit(struct vsf_session* p_sess, int status, const char* p_text,$/;" f ++vsf_cmdio_write_hyphen ftpcmdio.c /^vsf_cmdio_write_hyphen(struct vsf_session* p_sess, int status,$/;" f ++vsf_cmdio_write_raw ftpcmdio.c /^vsf_cmdio_write_raw(struct vsf_session* p_sess, const char* p_text)$/;" f ++vsf_cmdio_write_str ftpcmdio.c /^vsf_cmdio_write_str(struct vsf_session* p_sess, int status,$/;" f ++vsf_cmdio_write_str_hyphen ftpcmdio.c /^vsf_cmdio_write_str_hyphen(struct vsf_session* p_sess, int status,$/;" f ++vsf_context_io_t sysutil.h /^typedef void (*vsf_context_io_t)(int, int, void*);$/;" t ++vsf_exit utility.c /^vsf_exit(const char* p_text)$/;" f ++vsf_filename_passes_filter ls.c /^vsf_filename_passes_filter(const struct mystr* p_filename_str,$/;" f ++vsf_ftpdataio_dispose_transfer_fd ftpdataio.c /^vsf_ftpdataio_dispose_transfer_fd(struct vsf_session* p_sess)$/;" f ++vsf_ftpdataio_get_pasv_fd ftpdataio.c /^vsf_ftpdataio_get_pasv_fd(struct vsf_session* p_sess)$/;" f ++vsf_ftpdataio_get_port_fd ftpdataio.c /^vsf_ftpdataio_get_port_fd(struct vsf_session* p_sess)$/;" f ++vsf_ftpdataio_post_mark_connect ftpdataio.c /^vsf_ftpdataio_post_mark_connect(struct vsf_session* p_sess)$/;" f ++vsf_ftpdataio_transfer_dir ftpdataio.c /^vsf_ftpdataio_transfer_dir(struct vsf_session* p_sess, int is_control,$/;" f ++vsf_ftpdataio_transfer_file ftpdataio.c /^vsf_ftpdataio_transfer_file(struct vsf_session* p_sess, int remote_fd,$/;" f ++vsf_insert_uwtmp sysdeputil.c /^vsf_insert_uwtmp(const struct mystr* p_user_str,$/;" f ++vsf_log_clear_entry logging.c /^vsf_log_clear_entry(struct vsf_session* p_sess)$/;" f ++vsf_log_common logging.c /^vsf_log_common(struct vsf_session* p_sess, int succeeded,$/;" f file: ++vsf_log_do_log logging.c /^vsf_log_do_log(struct vsf_session* p_sess, int succeeded)$/;" f ++vsf_log_do_log_to_file logging.c /^vsf_log_do_log_to_file(int fd, struct mystr* p_str)$/;" f file: ++vsf_log_do_log_vsftpd_format logging.c /^vsf_log_do_log_vsftpd_format(struct vsf_session* p_sess, struct mystr* p_str,$/;" f file: ++vsf_log_do_log_wuftpd_format logging.c /^vsf_log_do_log_wuftpd_format(struct vsf_session* p_sess, struct mystr* p_str,$/;" f file: ++vsf_log_entry_pending logging.c /^vsf_log_entry_pending(struct vsf_session* p_sess)$/;" f ++vsf_log_failed_line logging.c /^vsf_log_failed_line(struct vsf_session* p_sess, enum EVSFLogEntryType what,$/;" f ++vsf_log_init logging.c /^vsf_log_init(struct vsf_session* p_sess)$/;" f ++vsf_log_line logging.c /^vsf_log_line(struct vsf_session* p_sess, enum EVSFLogEntryType what,$/;" f ++vsf_log_start_entry logging.c /^vsf_log_start_entry(struct vsf_session* p_sess, enum EVSFLogEntryType what)$/;" f ++vsf_log_type_is_transfer logging.c /^vsf_log_type_is_transfer(enum EVSFLogEntryType type)$/;" f file: ++vsf_ls_populate_dir_list ls.c /^vsf_ls_populate_dir_list(struct mystr_list* p_list,$/;" f ++vsf_one_process_chown_upload oneprocess.c /^vsf_one_process_chown_upload(struct vsf_session* p_sess, int fd)$/;" f ++vsf_one_process_get_pasv_fd oneprocess.c /^vsf_one_process_get_pasv_fd(struct vsf_session* p_sess)$/;" f ++vsf_one_process_get_priv_data_sock oneprocess.c /^vsf_one_process_get_priv_data_sock(struct vsf_session* p_sess)$/;" f ++vsf_one_process_listen oneprocess.c /^vsf_one_process_listen(struct vsf_session* p_sess)$/;" f ++vsf_one_process_login oneprocess.c /^vsf_one_process_login(struct vsf_session* p_sess,$/;" f ++vsf_one_process_pasv_active oneprocess.c /^vsf_one_process_pasv_active(struct vsf_session* p_sess)$/;" f ++vsf_one_process_pasv_cleanup oneprocess.c /^vsf_one_process_pasv_cleanup(struct vsf_session* p_sess)$/;" f ++vsf_one_process_start oneprocess.c /^vsf_one_process_start(struct vsf_session* p_sess)$/;" f ++vsf_parseconf_load_file parseconf.c /^vsf_parseconf_load_file(const char* p_filename, int errs_fatal)$/;" f ++vsf_parseconf_load_setting parseconf.c /^vsf_parseconf_load_setting(const char* p_setting, int errs_fatal)$/;" f ++vsf_priv_parent_postlogin postprivparent.c /^vsf_priv_parent_postlogin(struct vsf_session* p_sess)$/;" f ++vsf_privop_accept_pasv privops.c /^vsf_privop_accept_pasv(struct vsf_session* p_sess)$/;" f ++vsf_privop_do_file_chown privops.c /^vsf_privop_do_file_chown(struct vsf_session* p_sess, int fd)$/;" f ++vsf_privop_do_login privops.c /^vsf_privop_do_login(struct vsf_session* p_sess,$/;" f ++vsf_privop_get_ftp_port_sock privops.c /^vsf_privop_get_ftp_port_sock(struct vsf_session* p_sess,$/;" f ++vsf_privop_pasv_active privops.c /^vsf_privop_pasv_active(struct vsf_session* p_sess)$/;" f ++vsf_privop_pasv_cleanup privops.c /^vsf_privop_pasv_cleanup(struct vsf_session* p_sess)$/;" f ++vsf_privop_pasv_listen privops.c /^vsf_privop_pasv_listen(struct vsf_session* p_sess)$/;" f ++vsf_remove_uwtmp sysdeputil.c /^vsf_remove_uwtmp(void)$/;" f ++vsf_secbuf_alloc secbuf.c /^vsf_secbuf_alloc(char** p_ptr, unsigned int size)$/;" f ++vsf_secbuf_free secbuf.c /^vsf_secbuf_free(char** p_ptr)$/;" f ++vsf_secutil_change_credentials secutil.c /^vsf_secutil_change_credentials(const struct mystr* p_user_str,$/;" f ++vsf_session session.h /^struct vsf_session$/;" s ++vsf_set_die_if_parent_dies sysdeputil.c /^vsf_set_die_if_parent_dies()$/;" f ++vsf_set_term_if_parent_dies sysdeputil.c /^vsf_set_term_if_parent_dies()$/;" f ++vsf_sighandle_t sysutil.h /^typedef void (*vsf_sighandle_t)(void*);$/;" t ++vsf_standalone_main standalone.c /^vsf_standalone_main(void)$/;" f ++vsf_sysdep_adopt_capabilities sysdeputil.c /^vsf_sysdep_adopt_capabilities(unsigned int caps)$/;" f ++vsf_sysdep_check_auth sysdeputil.c /^vsf_sysdep_check_auth(struct mystr* p_user_str,$/;" f ++vsf_sysdep_has_capabilities sysdeputil.c /^vsf_sysdep_has_capabilities(void)$/;" f ++vsf_sysdep_has_capabilities_as_non_root sysdeputil.c /^vsf_sysdep_has_capabilities_as_non_root(void)$/;" f ++vsf_sysdep_keep_capabilities sysdeputil.c /^vsf_sysdep_keep_capabilities(void)$/;" f ++vsf_sysutil_a_to_filesize_t sysutil.c /^vsf_sysutil_a_to_filesize_t(const char* p_str)$/;" f ++vsf_sysutil_accept_timeout sysutil.c /^vsf_sysutil_accept_timeout(int fd, struct vsf_sysutil_sockaddr* p_sockaddr,$/;" f ++vsf_sysutil_activate_keepalive sysutil.c /^vsf_sysutil_activate_keepalive(int fd)$/;" f ++vsf_sysutil_activate_linger sysutil.c /^vsf_sysutil_activate_linger(int fd)$/;" f ++vsf_sysutil_activate_noblock sysutil.c /^vsf_sysutil_activate_noblock(int fd)$/;" f ++vsf_sysutil_activate_oobinline sysutil.c /^vsf_sysutil_activate_oobinline(int fd)$/;" f ++vsf_sysutil_activate_reuseaddr sysutil.c /^vsf_sysutil_activate_reuseaddr(int fd)$/;" f ++vsf_sysutil_activate_sigurg sysutil.c /^vsf_sysutil_activate_sigurg(int fd)$/;" f ++vsf_sysutil_alloc_statbuf sysutil.c /^vsf_sysutil_alloc_statbuf(struct vsf_sysutil_statbuf** p_ptr)$/;" f file: ++vsf_sysutil_alrm_sighandler sysutil.c /^vsf_sysutil_alrm_sighandler(int signum)$/;" f file: ++vsf_sysutil_atoi sysutil.c /^vsf_sysutil_atoi(const char* p_str)$/;" f ++vsf_sysutil_bind sysutil.c /^vsf_sysutil_bind(int fd, const struct vsf_sysutil_sockaddr* p_sockptr)$/;" f ++vsf_sysutil_block_sig sysutil.c /^vsf_sysutil_block_sig(const enum EVSFSysUtilSignal sig)$/;" f ++vsf_sysutil_chdir sysutil.c /^vsf_sysutil_chdir(const char* p_dirname)$/;" f ++vsf_sysutil_check_pending_actions sysutil.c /^vsf_sysutil_check_pending_actions($/;" f ++vsf_sysutil_chmod sysutil.c /^vsf_sysutil_chmod(const char* p_filename, unsigned int mode)$/;" f ++vsf_sysutil_chroot sysutil.c /^vsf_sysutil_chroot(const char* p_root_path)$/;" f ++vsf_sysutil_clear_alarm sysutil.c /^vsf_sysutil_clear_alarm(void)$/;" f ++vsf_sysutil_clear_supp_groups sysutil.c /^vsf_sysutil_clear_supp_groups(void)$/;" f ++vsf_sysutil_close sysutil.c /^vsf_sysutil_close(int fd)$/;" f ++vsf_sysutil_close_failok sysutil.c /^vsf_sysutil_close_failok(int fd)$/;" f ++vsf_sysutil_closedir sysutil.c /^vsf_sysutil_closedir(struct vsf_sysutil_dir* p_dir)$/;" f ++vsf_sysutil_closelog sysutil.c /^vsf_sysutil_closelog(void)$/;" f ++vsf_sysutil_common_sighandler sysutil.c /^vsf_sysutil_common_sighandler(int signum)$/;" f file: ++vsf_sysutil_connect_timeout sysutil.c /^vsf_sysutil_connect_timeout(int fd, const struct vsf_sysutil_sockaddr* p_addr,$/;" f ++vsf_sysutil_create_file_exclusive sysutil.c /^vsf_sysutil_create_file_exclusive(const char* p_filename)$/;" f ++vsf_sysutil_create_or_open_file sysutil.c /^vsf_sysutil_create_or_open_file(const char* p_filename, unsigned int mode)$/;" f ++vsf_sysutil_create_or_open_file_append sysutil.c /^vsf_sysutil_create_or_open_file_append(const char* p_filename,$/;" f ++vsf_sysutil_deactivate_linger_failok sysutil.c /^vsf_sysutil_deactivate_linger_failok(int fd)$/;" f ++vsf_sysutil_deactivate_noblock sysutil.c /^vsf_sysutil_deactivate_noblock(int fd)$/;" f ++vsf_sysutil_default_sig sysutil.c /^vsf_sysutil_default_sig(const enum EVSFSysUtilSignal sig)$/;" f ++vsf_sysutil_dir_stat sysutil.c /^vsf_sysutil_dir_stat(const struct vsf_sysutil_dir* p_dir,$/;" f ++vsf_sysutil_dns_resolve sysutil.c /^vsf_sysutil_dns_resolve(struct vsf_sysutil_sockaddr** p_sockptr,$/;" f ++vsf_sysutil_double_to_str sysutil.c /^vsf_sysutil_double_to_str(double the_double)$/;" f ++vsf_sysutil_dupfd2 sysutil.c /^vsf_sysutil_dupfd2(int old_fd, int new_fd)$/;" f ++vsf_sysutil_exit sysutil.c /^vsf_sysutil_exit(int exit_code)$/;" f ++vsf_sysutil_fchmod sysutil.c /^vsf_sysutil_fchmod(const int fd, unsigned int mode)$/;" f ++vsf_sysutil_fchown sysutil.c /^vsf_sysutil_fchown(const int fd, const unsigned int uid, const unsigned int gid)$/;" f ++vsf_sysutil_filesize_t_to_str sysutil.c /^vsf_sysutil_filesize_t_to_str(filesize_t the_filesize)$/;" f ++vsf_sysutil_fork sysutil.c /^vsf_sysutil_fork(void)$/;" f ++vsf_sysutil_fork_failok sysutil.c /^vsf_sysutil_fork_failok(void)$/;" f ++vsf_sysutil_fork_isolate_all_failok sysdeputil.c /^vsf_sysutil_fork_isolate_all_failok()$/;" f ++vsf_sysutil_fork_isolate_failok sysdeputil.c /^vsf_sysutil_fork_isolate_failok()$/;" f ++vsf_sysutil_fork_newnet sysdeputil.c /^vsf_sysutil_fork_newnet()$/;" f ++vsf_sysutil_free sysutil.c /^vsf_sysutil_free(void* p_ptr)$/;" f ++vsf_sysutil_fstat sysutil.c /^vsf_sysutil_fstat(int fd, struct vsf_sysutil_statbuf** p_ptr)$/;" f ++vsf_sysutil_ftruncate sysutil.c /^vsf_sysutil_ftruncate(int fd)$/;" f ++vsf_sysutil_get_current_date sysutil.c /^vsf_sysutil_get_current_date(void)$/;" f ++vsf_sysutil_get_error sysutil.c /^vsf_sysutil_get_error(void)$/;" f ++vsf_sysutil_get_file_offset sysutil.c /^vsf_sysutil_get_file_offset(const int file_fd)$/;" f ++vsf_sysutil_get_ipaddr_size sysutil.c /^vsf_sysutil_get_ipaddr_size(void)$/;" f ++vsf_sysutil_get_ipsock sysutil.c /^vsf_sysutil_get_ipsock(const struct vsf_sysutil_sockaddr* p_addr)$/;" f ++vsf_sysutil_get_ipv4_sock sysutil.c /^vsf_sysutil_get_ipv4_sock(void)$/;" f ++vsf_sysutil_get_ipv6_sock sysutil.c /^vsf_sysutil_get_ipv6_sock(void)$/;" f ++vsf_sysutil_get_random_byte sysutil.c /^vsf_sysutil_get_random_byte(void)$/;" f ++vsf_sysutil_get_time_sec sysutil.c /^vsf_sysutil_get_time_sec(void)$/;" f ++vsf_sysutil_get_time_usec sysutil.c /^vsf_sysutil_get_time_usec(void)$/;" f ++vsf_sysutil_get_tz sysutil.c /^char* vsf_sysutil_get_tz()$/;" f ++vsf_sysutil_get_umask sysutil.c /^vsf_sysutil_get_umask(void)$/;" f ++vsf_sysutil_getcwd sysutil.c /^vsf_sysutil_getcwd(char* p_dest, const unsigned int buf_size)$/;" f ++vsf_sysutil_getegid sysutil.c /^vsf_sysutil_getegid(void)$/;" f ++vsf_sysutil_getenv sysutil.c /^vsf_sysutil_getenv(const char* p_var)$/;" f ++vsf_sysutil_geteuid sysutil.c /^vsf_sysutil_geteuid(void)$/;" f ++vsf_sysutil_getgrgid sysutil.c /^vsf_sysutil_getgrgid(const unsigned int gid)$/;" f ++vsf_sysutil_getpagesize sysutil.c /^vsf_sysutil_getpagesize(void)$/;" f ++vsf_sysutil_getpeername sysutil.c /^vsf_sysutil_getpeername(int fd, struct vsf_sysutil_sockaddr** p_sockptr)$/;" f ++vsf_sysutil_getpid sysutil.c /^vsf_sysutil_getpid(void)$/;" f ++vsf_sysutil_getpid_nocache sysdeputil.c /^vsf_sysutil_getpid_nocache(void)$/;" f ++vsf_sysutil_getppid sysutil.c /^vsf_sysutil_getppid(void)$/;" f ++vsf_sysutil_getpwnam sysutil.c /^vsf_sysutil_getpwnam(const char* p_user)$/;" f ++vsf_sysutil_getpwuid sysutil.c /^vsf_sysutil_getpwuid(const unsigned int uid)$/;" f ++vsf_sysutil_getsockname sysutil.c /^vsf_sysutil_getsockname(int fd, struct vsf_sysutil_sockaddr** p_sockptr)$/;" f ++vsf_sysutil_getuid sysutil.c /^vsf_sysutil_getuid(void)$/;" f ++vsf_sysutil_group_getname sysutil.c /^vsf_sysutil_group_getname(const struct vsf_sysutil_group* p_group)$/;" f ++vsf_sysutil_inet_aton sysutil.c /^vsf_sysutil_inet_aton(const char* p_text, struct vsf_sysutil_sockaddr* p_addr)$/;" f ++vsf_sysutil_inet_ntoa sysutil.c /^vsf_sysutil_inet_ntoa(const void* p_raw_addr)$/;" f ++vsf_sysutil_inet_ntop sysutil.c /^vsf_sysutil_inet_ntop(const struct vsf_sysutil_sockaddr* p_sockptr)$/;" f ++vsf_sysutil_initgroups sysutil.c /^vsf_sysutil_initgroups(const struct vsf_sysutil_user* p_user)$/;" f ++vsf_sysutil_install_async_sighandler sysutil.c /^vsf_sysutil_install_async_sighandler(const enum EVSFSysUtilSignal sig,$/;" f ++vsf_sysutil_install_io_handler sysutil.c /^vsf_sysutil_install_io_handler(vsf_context_io_t handler, void* p_private)$/;" f ++vsf_sysutil_install_null_sighandler sysutil.c /^vsf_sysutil_install_null_sighandler(const enum EVSFSysUtilSignal sig)$/;" f ++vsf_sysutil_install_sighandler sysutil.c /^vsf_sysutil_install_sighandler(const enum EVSFSysUtilSignal sig,$/;" f ++vsf_sysutil_is_port_reserved sysutil.c /^vsf_sysutil_is_port_reserved(unsigned short the_port)$/;" f ++vsf_sysutil_isalnum sysutil.c /^vsf_sysutil_isalnum(int the_char)$/;" f ++vsf_sysutil_isdigit sysutil.c /^vsf_sysutil_isdigit(int the_char)$/;" f ++vsf_sysutil_isprint sysutil.c /^vsf_sysutil_isprint(int the_char)$/;" f ++vsf_sysutil_isspace sysutil.c /^vsf_sysutil_isspace(int the_char)$/;" f ++vsf_sysutil_kill sysutil.c /^vsf_sysutil_kill(int pid, int sig)$/;" f ++vsf_sysutil_listen sysutil.c /^vsf_sysutil_listen(int fd, const unsigned int backlog)$/;" f ++vsf_sysutil_lock_file_read sysutil.c /^vsf_sysutil_lock_file_read(int fd)$/;" f ++vsf_sysutil_lock_file_write sysutil.c /^vsf_sysutil_lock_file_write(int fd)$/;" f ++vsf_sysutil_lseek_end sysutil.c /^vsf_sysutil_lseek_end(const int fd)$/;" f ++vsf_sysutil_lseek_to sysutil.c /^vsf_sysutil_lseek_to(const int fd, filesize_t seek_pos)$/;" f ++vsf_sysutil_lstat sysutil.c /^vsf_sysutil_lstat(const char* p_name, struct vsf_sysutil_statbuf** p_ptr)$/;" f ++vsf_sysutil_make_session_leader sysutil.c /^vsf_sysutil_make_session_leader(void)$/;" f ++vsf_sysutil_malloc sysutil.c /^vsf_sysutil_malloc(unsigned int size)$/;" f ++vsf_sysutil_map_anon_pages sysdeputil.c /^vsf_sysutil_map_anon_pages(unsigned int length)$/;" f ++vsf_sysutil_map_anon_pages_init sysdeputil.c /^vsf_sysutil_map_anon_pages_init(void)$/;" f ++vsf_sysutil_memclr sysutil.c /^vsf_sysutil_memclr(void* p_dest, unsigned int size)$/;" f ++vsf_sysutil_memcmp sysutil.c /^vsf_sysutil_memcmp(const void* p_src1, const void* p_src2, unsigned int size)$/;" f ++vsf_sysutil_memcpy sysutil.c /^vsf_sysutil_memcpy(void* p_dest, const void* p_src, const unsigned int size)$/;" f ++vsf_sysutil_memprotect sysutil.c /^vsf_sysutil_memprotect(void* p_addr, unsigned int len,$/;" f ++vsf_sysutil_memunmap sysutil.c /^vsf_sysutil_memunmap(void* p_start, unsigned int length)$/;" f ++vsf_sysutil_mkdir sysutil.c /^vsf_sysutil_mkdir(const char* p_dirname, const unsigned int mode)$/;" f ++vsf_sysutil_next_dirent sysutil.c /^vsf_sysutil_next_dirent(struct vsf_sysutil_dir* p_dir)$/;" f ++vsf_sysutil_octal_to_uint sysutil.c /^vsf_sysutil_octal_to_uint(const char* p_str)$/;" f ++vsf_sysutil_open_file sysutil.c /^vsf_sysutil_open_file(const char* p_filename,$/;" f ++vsf_sysutil_opendir sysutil.c /^vsf_sysutil_opendir(const char* p_dirname)$/;" f ++vsf_sysutil_openlog sysutil.c /^vsf_sysutil_openlog(int force)$/;" f ++vsf_sysutil_parse_ipv4 ipaddrparse.c /^vsf_sysutil_parse_ipv4(const struct mystr* p_str)$/;" f ++vsf_sysutil_parse_ipv6 ipaddrparse.c /^vsf_sysutil_parse_ipv6(const struct mystr* p_str)$/;" f ++vsf_sysutil_parse_time sysutil.c /^vsf_sysutil_parse_time(const char* p_text)$/;" f ++vsf_sysutil_parse_uchar_string_sep ipaddrparse.c /^vsf_sysutil_parse_uchar_string_sep($/;" f ++vsf_sysutil_pause sysutil.c /^vsf_sysutil_pause()$/;" f ++vsf_sysutil_post_fork sysutil.c /^vsf_sysutil_post_fork()$/;" f ++vsf_sysutil_qsort sysutil.c /^vsf_sysutil_qsort(void* p_base, unsigned int num_elem, unsigned int elem_size,$/;" f ++vsf_sysutil_read sysutil.c /^vsf_sysutil_read(const int fd, void* p_buf, const unsigned int size)$/;" f ++vsf_sysutil_read_loop sysutil.c /^vsf_sysutil_read_loop(const int fd, void* p_buf, unsigned int size)$/;" f ++vsf_sysutil_readlink sysutil.c /^vsf_sysutil_readlink(const char* p_filename, char* p_dest, unsigned int bufsiz)$/;" f ++vsf_sysutil_realloc sysutil.c /^vsf_sysutil_realloc(void* p_ptr, unsigned int size)$/;" f ++vsf_sysutil_recv_fd sysdeputil.c /^vsf_sysutil_recv_fd(const int sock_fd)$/;" f ++vsf_sysutil_recv_fd sysdeputil.c /^vsf_sysutil_recv_fd(int sock_fd)$/;" f ++vsf_sysutil_recv_peek sysutil.c /^vsf_sysutil_recv_peek(const int fd, void* p_buf, unsigned int len)$/;" f ++vsf_sysutil_rename sysutil.c /^vsf_sysutil_rename(const char* p_from, const char* p_to)$/;" f ++vsf_sysutil_reopen_standard_fds sysutil.c /^vsf_sysutil_reopen_standard_fds(void)$/;" f ++vsf_sysutil_retval_is_error sysutil.c /^vsf_sysutil_retval_is_error(int retval)$/;" f ++vsf_sysutil_rmdir sysutil.c /^vsf_sysutil_rmdir(const char* p_dirname)$/;" f ++vsf_sysutil_running_as_root sysutil.c /^vsf_sysutil_running_as_root(void)$/;" f ++vsf_sysutil_send_fd sysdeputil.c /^vsf_sysutil_send_fd(int sock_fd, int send_fd)$/;" f ++vsf_sysutil_sendfile sysdeputil.c /^vsf_sysutil_sendfile(const int out_fd, const int in_fd,$/;" f ++vsf_sysutil_set_address_space_limit sysutil.c /^vsf_sysutil_set_address_space_limit(unsigned long bytes)$/;" f ++vsf_sysutil_set_alarm sysutil.c /^vsf_sysutil_set_alarm(const unsigned int trigger_seconds)$/;" f ++vsf_sysutil_set_exit_func sysutil.c /^vsf_sysutil_set_exit_func(exitfunc_t exitfunc)$/;" f ++vsf_sysutil_set_iptos_throughput sysutil.c /^vsf_sysutil_set_iptos_throughput(int fd)$/;" f ++vsf_sysutil_set_no_fds sysutil.c /^vsf_sysutil_set_no_fds()$/;" f ++vsf_sysutil_set_no_procs sysutil.c /^vsf_sysutil_set_no_procs()$/;" f ++vsf_sysutil_set_nodelay sysutil.c /^vsf_sysutil_set_nodelay(int fd)$/;" f ++vsf_sysutil_set_proctitle_prefix sysdeputil.c /^vsf_sysutil_set_proctitle_prefix(const struct mystr* p_str)$/;" f ++vsf_sysutil_set_sighandler sysutil.c /^vsf_sysutil_set_sighandler(int sig, void (*p_handlefunc)(int))$/;" f file: ++vsf_sysutil_set_umask sysutil.c /^vsf_sysutil_set_umask(unsigned int new_umask)$/;" f ++vsf_sysutil_setegid sysutil.c /^vsf_sysutil_setegid(const struct vsf_sysutil_user* p_user)$/;" f ++vsf_sysutil_setegid_numeric sysutil.c /^vsf_sysutil_setegid_numeric(int gid)$/;" f ++vsf_sysutil_seteuid sysutil.c /^vsf_sysutil_seteuid(const struct vsf_sysutil_user* p_user)$/;" f ++vsf_sysutil_seteuid_numeric sysutil.c /^vsf_sysutil_seteuid_numeric(int uid)$/;" f ++vsf_sysutil_setgid sysutil.c /^vsf_sysutil_setgid(const struct vsf_sysutil_user* p_user)$/;" f ++vsf_sysutil_setgid_numeric sysutil.c /^vsf_sysutil_setgid_numeric(int gid)$/;" f ++vsf_sysutil_setmodtime sysutil.c /^vsf_sysutil_setmodtime(const char* p_file, long the_time, int is_localtime)$/;" f ++vsf_sysutil_setproctitle sysdeputil.c /^vsf_sysutil_setproctitle(const char* p_text)$/;" f ++vsf_sysutil_setproctitle_init sysdeputil.c /^vsf_sysutil_setproctitle_init(int argc, const char* argv[])$/;" f ++vsf_sysutil_setproctitle_internal sysdeputil.c /^vsf_sysutil_setproctitle_internal(const char* p_buf)$/;" f ++vsf_sysutil_setproctitle_str sysdeputil.c /^vsf_sysutil_setproctitle_str(const struct mystr* p_str)$/;" f ++vsf_sysutil_setuid sysutil.c /^vsf_sysutil_setuid(const struct vsf_sysutil_user* p_user)$/;" f ++vsf_sysutil_setuid_numeric sysutil.c /^vsf_sysutil_setuid_numeric(int uid)$/;" f ++vsf_sysutil_shutdown_failok sysutil.c /^vsf_sysutil_shutdown_failok(int fd)$/;" f ++vsf_sysutil_shutdown_read_failok sysutil.c /^vsf_sysutil_shutdown_read_failok(int fd)$/;" f ++vsf_sysutil_sig_details sysutil.c /^static struct vsf_sysutil_sig_details$/;" s file: ++vsf_sysutil_sigaction sysutil.c /^vsf_sysutil_sigaction(const enum EVSFSysUtilSignal sig, void (*p_handlefunc)(int))$/;" f ++vsf_sysutil_sleep sysutil.c /^vsf_sysutil_sleep(double seconds)$/;" f ++vsf_sysutil_sockaddr sysutil.c /^struct vsf_sysutil_sockaddr$/;" s file: ++vsf_sysutil_sockaddr_addr_equal sysutil.c /^vsf_sysutil_sockaddr_addr_equal(const struct vsf_sysutil_sockaddr* p1,$/;" f ++vsf_sysutil_sockaddr_alloc sysutil.c /^vsf_sysutil_sockaddr_alloc(struct vsf_sysutil_sockaddr** p_sockptr)$/;" f ++vsf_sysutil_sockaddr_alloc_ipv4 sysutil.c /^vsf_sysutil_sockaddr_alloc_ipv4(struct vsf_sysutil_sockaddr** p_sockptr)$/;" f ++vsf_sysutil_sockaddr_alloc_ipv6 sysutil.c /^vsf_sysutil_sockaddr_alloc_ipv6(struct vsf_sysutil_sockaddr** p_sockptr)$/;" f ++vsf_sysutil_sockaddr_clear sysutil.c /^vsf_sysutil_sockaddr_clear(struct vsf_sysutil_sockaddr** p_sockptr)$/;" f ++vsf_sysutil_sockaddr_clone sysutil.c /^vsf_sysutil_sockaddr_clone(struct vsf_sysutil_sockaddr** p_sockptr,$/;" f ++vsf_sysutil_sockaddr_get_port sysutil.c /^vsf_sysutil_sockaddr_get_port(const struct vsf_sysutil_sockaddr* p_sockptr)$/;" f ++vsf_sysutil_sockaddr_get_raw_addr sysutil.c /^vsf_sysutil_sockaddr_get_raw_addr(struct vsf_sysutil_sockaddr* p_sockptr)$/;" f ++vsf_sysutil_sockaddr_ipv4_v6 sysutil.c /^vsf_sysutil_sockaddr_ipv4_v6(const struct vsf_sysutil_sockaddr* p_addr)$/;" f ++vsf_sysutil_sockaddr_ipv6_v4 sysutil.c /^vsf_sysutil_sockaddr_ipv6_v4(const struct vsf_sysutil_sockaddr* p_addr)$/;" f ++vsf_sysutil_sockaddr_is_ipv6 sysutil.c /^vsf_sysutil_sockaddr_is_ipv6(const struct vsf_sysutil_sockaddr* p_sockaddr)$/;" f ++vsf_sysutil_sockaddr_set_any sysutil.c /^vsf_sysutil_sockaddr_set_any(struct vsf_sysutil_sockaddr* p_sockaddr)$/;" f ++vsf_sysutil_sockaddr_set_ipv4addr sysutil.c /^vsf_sysutil_sockaddr_set_ipv4addr(struct vsf_sysutil_sockaddr* p_sockptr,$/;" f ++vsf_sysutil_sockaddr_set_ipv6addr sysutil.c /^vsf_sysutil_sockaddr_set_ipv6addr(struct vsf_sysutil_sockaddr* p_sockptr,$/;" f ++vsf_sysutil_sockaddr_set_port sysutil.c /^vsf_sysutil_sockaddr_set_port(struct vsf_sysutil_sockaddr* p_sockptr,$/;" f ++vsf_sysutil_socketpair_retval sysutil.h /^struct vsf_sysutil_socketpair_retval$/;" s ++vsf_sysutil_stat sysutil.c /^vsf_sysutil_stat(const char* p_name, struct vsf_sysutil_statbuf** p_ptr)$/;" f ++vsf_sysutil_statbuf_get_date sysutil.c /^vsf_sysutil_statbuf_get_date(const struct vsf_sysutil_statbuf* p_statbuf,$/;" f ++vsf_sysutil_statbuf_get_gid sysutil.c /^vsf_sysutil_statbuf_get_gid(const struct vsf_sysutil_statbuf* p_statbuf)$/;" f ++vsf_sysutil_statbuf_get_links sysutil.c /^vsf_sysutil_statbuf_get_links(const struct vsf_sysutil_statbuf* p_statbuf)$/;" f ++vsf_sysutil_statbuf_get_numeric_date sysutil.c /^vsf_sysutil_statbuf_get_numeric_date($/;" f ++vsf_sysutil_statbuf_get_perms sysutil.c /^vsf_sysutil_statbuf_get_perms(const struct vsf_sysutil_statbuf* p_statbuf)$/;" f ++vsf_sysutil_statbuf_get_size sysutil.c /^vsf_sysutil_statbuf_get_size(const struct vsf_sysutil_statbuf* p_statbuf)$/;" f ++vsf_sysutil_statbuf_get_sortkey_mtime sysutil.c /^vsf_sysutil_statbuf_get_sortkey_mtime($/;" f ++vsf_sysutil_statbuf_get_uid sysutil.c /^vsf_sysutil_statbuf_get_uid(const struct vsf_sysutil_statbuf* p_statbuf)$/;" f ++vsf_sysutil_statbuf_is_dir sysutil.c /^vsf_sysutil_statbuf_is_dir(const struct vsf_sysutil_statbuf* p_stat)$/;" f ++vsf_sysutil_statbuf_is_readable_other sysutil.c /^vsf_sysutil_statbuf_is_readable_other($/;" f ++vsf_sysutil_statbuf_is_regfile sysutil.c /^vsf_sysutil_statbuf_is_regfile(const struct vsf_sysutil_statbuf* p_stat)$/;" f ++vsf_sysutil_statbuf_is_socket sysutil.c /^vsf_sysutil_statbuf_is_socket(const struct vsf_sysutil_statbuf* p_stat)$/;" f ++vsf_sysutil_statbuf_is_symlink sysutil.c /^vsf_sysutil_statbuf_is_symlink(const struct vsf_sysutil_statbuf* p_stat)$/;" f ++vsf_sysutil_strcmp sysutil.c /^vsf_sysutil_strcmp(const char* p_src1, const char* p_src2)$/;" f ++vsf_sysutil_strcpy sysutil.c /^vsf_sysutil_strcpy(char* p_dest, const char* p_src, unsigned int maxsize)$/;" f ++vsf_sysutil_strdup sysutil.c /^vsf_sysutil_strdup(const char* p_str)$/;" f ++vsf_sysutil_strlen sysutil.c /^vsf_sysutil_strlen(const char* p_text)$/;" f ++vsf_sysutil_strndup sysutil.c /^vsf_sysutil_strndup(const char* p_str, unsigned int p_len)$/;" f ++vsf_sysutil_syslog sysutil.c /^vsf_sysutil_syslog(const char* p_text, int severe)$/;" f ++vsf_sysutil_toupper sysutil.c /^vsf_sysutil_toupper(int the_char)$/;" f ++vsf_sysutil_translate_memprot sysutil.c /^vsf_sysutil_translate_memprot(const enum EVSFSysUtilMapPermission perm)$/;" f file: ++vsf_sysutil_translate_openmode sysutil.c /^vsf_sysutil_translate_openmode(const enum EVSFSysUtilOpenMode mode)$/;" f file: ++vsf_sysutil_translate_sig sysutil.c /^vsf_sysutil_translate_sig(const enum EVSFSysUtilSignal sig)$/;" f file: ++vsf_sysutil_tzset sysutil.c /^vsf_sysutil_tzset(void)$/;" f ++vsf_sysutil_uint_to_octal sysutil.c /^vsf_sysutil_uint_to_octal(unsigned int the_uint)$/;" f ++vsf_sysutil_ulong_to_str sysutil.c /^vsf_sysutil_ulong_to_str(unsigned long the_ulong)$/;" f ++vsf_sysutil_unblock_sig sysutil.c /^vsf_sysutil_unblock_sig(const enum EVSFSysUtilSignal sig)$/;" f ++vsf_sysutil_uninstall_io_handler sysutil.c /^vsf_sysutil_uninstall_io_handler(void)$/;" f ++vsf_sysutil_unix_stream_socketpair sysutil.c /^vsf_sysutil_unix_stream_socketpair(void)$/;" f ++vsf_sysutil_unlink sysutil.c /^vsf_sysutil_unlink(const char* p_dead)$/;" f ++vsf_sysutil_unlock_file sysutil.c /^vsf_sysutil_unlock_file(int fd)$/;" f ++vsf_sysutil_user_get_homedir sysutil.c /^vsf_sysutil_user_get_homedir(const struct vsf_sysutil_user* p_user)$/;" f ++vsf_sysutil_user_getgid sysutil.c /^vsf_sysutil_user_getgid(const struct vsf_sysutil_user* p_user)$/;" f ++vsf_sysutil_user_getname sysutil.c /^vsf_sysutil_user_getname(const struct vsf_sysutil_user* p_user)$/;" f ++vsf_sysutil_user_getuid sysutil.c /^vsf_sysutil_user_getuid(const struct vsf_sysutil_user* p_user)$/;" f ++vsf_sysutil_wait sysutil.c /^vsf_sysutil_wait(void)$/;" f ++vsf_sysutil_wait_exited_normally sysutil.c /^vsf_sysutil_wait_exited_normally($/;" f ++vsf_sysutil_wait_get_exitcode sysutil.c /^vsf_sysutil_wait_get_exitcode(const struct vsf_sysutil_wait_retval* p_waitret)$/;" f ++vsf_sysutil_wait_get_retval sysutil.c /^vsf_sysutil_wait_get_retval(const struct vsf_sysutil_wait_retval* p_waitret)$/;" f ++vsf_sysutil_wait_reap_one sysutil.c /^vsf_sysutil_wait_reap_one(void)$/;" f ++vsf_sysutil_wait_retval sysutil.h /^struct vsf_sysutil_wait_retval$/;" s ++vsf_sysutil_write sysutil.c /^vsf_sysutil_write(const int fd, const void* p_buf, const unsigned int size)$/;" f ++vsf_sysutil_write_access sysutil.c /^vsf_sysutil_write_access(const char* p_filename)$/;" f ++vsf_sysutil_write_loop sysutil.c /^vsf_sysutil_write_loop(const int fd, const void* p_buf, unsigned int size)$/;" f ++vsf_tcp_wrapper_ok tcpwrap.c /^vsf_tcp_wrapper_ok(int remote_fd)$/;" f ++vsf_transfer_ret ftpdataio.h /^struct vsf_transfer_ret$/;" s ++vsf_two_process_chown_upload twoprocess.c /^vsf_two_process_chown_upload(struct vsf_session* p_sess, int fd)$/;" f ++vsf_two_process_get_pasv_fd twoprocess.c /^vsf_two_process_get_pasv_fd(struct vsf_session* p_sess)$/;" f ++vsf_two_process_get_priv_data_sock twoprocess.c /^vsf_two_process_get_priv_data_sock(struct vsf_session* p_sess)$/;" f ++vsf_two_process_listen twoprocess.c /^vsf_two_process_listen(struct vsf_session* p_sess)$/;" f ++vsf_two_process_login twoprocess.c /^vsf_two_process_login(struct vsf_session* p_sess,$/;" f ++vsf_two_process_pasv_active twoprocess.c /^vsf_two_process_pasv_active(struct vsf_session* p_sess)$/;" f ++vsf_two_process_pasv_cleanup twoprocess.c /^vsf_two_process_pasv_cleanup(struct vsf_session* p_sess)$/;" f ++vsf_two_process_start twoprocess.c /^vsf_two_process_start(struct vsf_session* p_sess)$/;" f ++vsftpd_log_fd session.h /^ int vsftpd_log_fd;$/;" m struct:vsf_session ++write_dir_list ftpdataio.c /^write_dir_list(struct vsf_session* p_sess, struct mystr_list* p_dir_list,$/;" f file: ++write_event_fd ptracesandbox.c /^ int write_event_fd;$/;" m struct:pt_sandbox file: ++xferlog_fd session.h /^ int xferlog_fd;$/;" m struct:vsf_session +-- +2.5.0 + diff --git a/vsftpd-2.3.4-listen_ipv6.patch b/vsftpd-2.3.4-listen_ipv6.patch index 8686574..ff28cc7 100644 --- a/vsftpd-2.3.4-listen_ipv6.patch +++ b/vsftpd-2.3.4-listen_ipv6.patch @@ -1,14 +1,27 @@ ---- vsftpd-2.3.4/vsftpd.conf~ 2011-11-21 13:15:03.888357116 +0000 -+++ vsftpd-2.3.4/vsftpd.conf 2011-11-21 13:17:43.676136602 +0000 -@@ -108,12 +108,16 @@ xferlog_std_format=YES +From d723e42f895f8bbf6888512a772aa549b0a396d9 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 17 Mar 2016 11:44:45 +0100 +Subject: [PATCH 15/26] Applied vsftpd-2.3.4-listen_ipv6.patch + +--- + vsftpd.conf | 14 +++++++++----- + vsftpd.conf.5 | 5 +++-- + 2 files changed, 12 insertions(+), 7 deletions(-) + +diff --git a/vsftpd.conf b/vsftpd.conf +index db44170..ae6c6c9 100644 +--- a/vsftpd.conf ++++ b/vsftpd.conf +@@ -111,12 +111,16 @@ xferlog_std_format=YES # When "listen" directive is enabled, vsftpd runs in standalone mode and # listens on IPv4 sockets. This directive cannot be used in conjunction # with the listen_ipv6 directive. -listen=YES -+listen=NO - # +-# -# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6 -# sockets, you must run two copies of vsftpd with two configuration files. ++listen=NO ++# +# This directive enables listening on IPv6 sockets. By default, listening +# on the IPv6 "any" address (::) will accept connections from both IPv6 +# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6 @@ -21,9 +34,11 @@ pam_service_name=vsftpd userlist_enable=YES ---- vsftpd-2.3.4/vsftpd.conf.5~ 2011-11-21 13:15:03.905357305 +0000 -+++ vsftpd-2.3.4/vsftpd.conf.5 2011-11-21 13:18:31.771672385 +0000 -@@ -281,8 +281,9 @@ Default: NO +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index 0744f85..72bb86f 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -297,8 +297,9 @@ Default: NO .TP .B listen_ipv6 Like the listen parameter, except vsftpd will listen on an IPv6 socket instead @@ -35,3 +50,6 @@ Default: NO .TP +-- +2.5.0 + diff --git a/vsftpd-2.3.4-sd.patch b/vsftpd-2.3.4-sd.patch index 706365a..bf6ac30 100644 --- a/vsftpd-2.3.4-sd.patch +++ b/vsftpd-2.3.4-sd.patch @@ -1,6 +1,17 @@ -diff -up vsftpd-3.0.2/vsftpd.8.sd vsftpd-3.0.2/vsftpd.8 ---- vsftpd-3.0.2/vsftpd.8.sd 2013-09-04 13:04:40.383348837 +0200 -+++ vsftpd-3.0.2/vsftpd.8 2013-09-04 13:45:00.370277842 +0200 +From 4b7a6eecf79ee63c21fa27e5f5c22f248824991c Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 17 Mar 2016 11:44:45 +0100 +Subject: [PATCH 13/26] Applied vsftpd-2.3.4-sd.patch + +--- + vsftpd.8 | 24 ++++++++++++++++++++++++ + vsftpd.conf.5 | 18 +++++++++++++++++- + 2 files changed, 41 insertions(+), 1 deletion(-) + +diff --git a/vsftpd.8 b/vsftpd.8 +index c920e7d..fbeb1a2 100644 +--- a/vsftpd.8 ++++ b/vsftpd.8 @@ -25,6 +25,23 @@ in Direct execution of the .Nm vsftpd @@ -25,7 +36,7 @@ diff -up vsftpd-3.0.2/vsftpd.8.sd vsftpd-3.0.2/vsftpd.8 .Sh OPTIONS An optional configuration file or files -@@ -55,6 +72,13 @@ the "ftpd_banner" setting is set to "bla +@@ -55,6 +72,13 @@ the "ftpd_banner" setting is set to "blah", which overrides any default vsftpd setting and any identical setting that was in the config file. .Sh FILES .Pa /etc/vsftpd/vsftpd.conf @@ -39,9 +50,10 @@ diff -up vsftpd-3.0.2/vsftpd.8.sd vsftpd-3.0.2/vsftpd.8 .Xr vsftpd.conf 5 +.Xr systemd.unit 5 .end -diff -up vsftpd-3.0.2/vsftpd.conf.5.sd vsftpd-3.0.2/vsftpd.conf.5 ---- vsftpd-3.0.2/vsftpd.conf.5.sd 2013-09-04 13:04:40.391348915 +0200 -+++ vsftpd-3.0.2/vsftpd.conf.5 2013-09-04 13:44:57.573250302 +0200 +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index 9d767b1..0744f85 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 @@ -12,7 +12,23 @@ inetd such as .BR xinetd to launch vsftpd with different configuration files on a per virtual host @@ -67,3 +79,6 @@ diff -up vsftpd-3.0.2/vsftpd.conf.5.sd vsftpd-3.0.2/vsftpd.conf.5 .SH FORMAT The format of vsftpd.conf is very simple. Each line is either a comment or a directive. Comment lines start with a # and are ignored. A directive line +-- +2.5.0 + diff --git a/vsftpd-2.3.4-sqb.patch b/vsftpd-2.3.4-sqb.patch index ce42f0d..163f247 100644 --- a/vsftpd-2.3.4-sqb.patch +++ b/vsftpd-2.3.4-sqb.patch @@ -1,7 +1,17 @@ -diff -up vsftpd-3.0.2/ls.c.sqb vsftpd-3.0.2/ls.c ---- vsftpd-3.0.2/ls.c.sqb 2014-07-04 09:55:57.899506894 +0200 -+++ vsftpd-3.0.2/ls.c 2014-07-04 09:58:02.187569017 +0200 -@@ -246,7 +246,7 @@ vsf_filename_passes_filter(const struct +From 9db0f2142b7d456af0a147a53c7555996e90dfd6 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 17 Mar 2016 11:44:45 +0100 +Subject: [PATCH 14/26] Applied vsftpd-2.3.4-sqb.patch + +--- + ls.c | 222 +++++++++++++++++++++++++++++++++++++++++++++---------------------- + 1 file changed, 150 insertions(+), 72 deletions(-) + +diff --git a/ls.c b/ls.c +index 92be544..0ad7f54 100644 +--- a/ls.c ++++ b/ls.c +@@ -246,7 +246,7 @@ vsf_filename_passes_filter(const struct mystr* p_filename_str, int ret = 0; char last_token = 0; int must_match_at_current_pos = 1; @@ -10,7 +20,7 @@ diff -up vsftpd-3.0.2/ls.c.sqb vsftpd-3.0.2/ls.c str_copy(&filter_remain_str, p_filter_str); -@@ -276,7 +276,7 @@ vsf_filename_passes_filter(const struct +@@ -276,7 +276,7 @@ vsf_filename_passes_filter(const struct mystr* p_filename_str, static struct mystr s_match_needed_str; /* Locate next special token */ struct str_locate_result locate_result = @@ -19,7 +29,7 @@ diff -up vsftpd-3.0.2/ls.c.sqb vsftpd-3.0.2/ls.c (*iters)++; /* Isolate text leading up to token (if any) - needs to be matched */ if (locate_result.found) -@@ -294,94 +294,172 @@ vsf_filename_passes_filter(const struct +@@ -294,94 +294,172 @@ vsf_filename_passes_filter(const struct mystr* p_filename_str, str_empty(&filter_remain_str); last_token = 0; } @@ -171,16 +181,15 @@ diff -up vsftpd-3.0.2/ls.c.sqb vsftpd-3.0.2/ls.c - str_copy(&filter_remain_str, &temp_str); - str_split_char(&brace_list_str, &temp_str, ','); - while (!str_isempty(&brace_list_str)) -- { -- str_copy(&new_filter_str, &brace_list_str); -- str_append_str(&new_filter_str, &filter_remain_str); -- if (vsf_filename_passes_filter(&name_remain_str, &new_filter_str, -- iters)) + struct str_locate_result end_sqb = + str_locate_char(&filter_remain_str, ']'); + must_match_at_current_pos = 1; + if (end_sqb.found) -+ { + { +- str_copy(&new_filter_str, &brace_list_str); +- str_append_str(&new_filter_str, &filter_remain_str); +- if (vsf_filename_passes_filter(&name_remain_str, &new_filter_str, +- iters)) + unsigned int cur_pos; + char stch, ench; + const char *p_brace; @@ -263,3 +272,6 @@ diff -up vsftpd-3.0.2/ls.c.sqb vsftpd-3.0.2/ls.c } /* Any incoming string left means no match unless we ended on the correct * type of wildcard. +-- +2.5.0 + diff --git a/vsftpd-2.3.5-aslim.patch b/vsftpd-2.3.5-aslim.patch index ba317b8..6f271e2 100644 --- a/vsftpd-2.3.5-aslim.patch +++ b/vsftpd-2.3.5-aslim.patch @@ -1,11 +1,11 @@ -diff -up vsftpd-2.3.5/defs.h.aslim vsftpd-2.3.5/defs.h ---- vsftpd-2.3.5/defs.h.aslim 2012-02-09 07:40:04.916658587 +0100 -+++ vsftpd-2.3.5/defs.h 2012-02-09 07:50:18.365278392 +0100 +diff -up vsftpd-3.0.3/defs.h.aslim vsftpd-3.0.3/defs.h +--- vsftpd-3.0.3/defs.h.aslim 2016-03-03 16:55:42.760819658 +0100 ++++ vsftpd-3.0.3/defs.h 2016-03-03 17:01:49.606873710 +0100 @@ -19,7 +19,7 @@ /* Must be at least the size of VSFTP_MAX_COMMAND_LINE, VSFTP_DIR_BUFSIZE and VSFTP_DATA_BUFSIZE*2 */ #define VSFTP_PRIVSOCK_MAXSTR VSFTP_DATA_BUFSIZE * 2 --#define VSFTP_AS_LIMIT 100UL * 1024 * 1024 +-#define VSFTP_AS_LIMIT 200UL * 1024 * 1024 +#define VSFTP_AS_LIMIT 400UL * 1024 * 1024 #endif /* VSF_DEFS_H */ diff --git a/vsftpd-3.0.0-logrotate.patch b/vsftpd-3.0.0-logrotate.patch index 06dc6b9..317821a 100644 --- a/vsftpd-3.0.0-logrotate.patch +++ b/vsftpd-3.0.0-logrotate.patch @@ -1,6 +1,16 @@ -diff -up vsftpd-3.0.0/RedHat/vsftpd.log.logrotate vsftpd-3.0.0/RedHat/vsftpd.log ---- vsftpd-3.0.0/RedHat/vsftpd.log.logrotate 2012-07-17 11:08:28.484061640 +0200 -+++ vsftpd-3.0.0/RedHat/vsftpd.log 2012-07-17 11:09:08.000020510 +0200 +From 5a4adb1078552f3f17f21dab9cacadbcacf593ec Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 17 Mar 2016 11:44:45 +0100 +Subject: [PATCH 18/26] Applied vsftpd-3.0.0-logrotate.patch + +--- + RedHat/vsftpd.log | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/RedHat/vsftpd.log b/RedHat/vsftpd.log +index d338de8..14731c1 100644 +--- a/RedHat/vsftpd.log ++++ b/RedHat/vsftpd.log @@ -3,3 +3,9 @@ nocompress missingok @@ -11,3 +21,6 @@ diff -up vsftpd-3.0.0/RedHat/vsftpd.log.logrotate vsftpd-3.0.0/RedHat/vsftpd.log + nocompress + missingok +} +-- +2.5.0 + diff --git a/vsftpd-3.0.0-tz.patch b/vsftpd-3.0.0-tz.patch index 81a083d..827b6c7 100644 --- a/vsftpd-3.0.0-tz.patch +++ b/vsftpd-3.0.0-tz.patch @@ -1,6 +1,16 @@ -diff -up vsftpd-2.2.2/sysutil.c.tz vsftpd-2.2.2/sysutil.c ---- vsftpd-2.2.2/sysutil.c.tz 2012-04-26 12:45:21.095145878 +0200 -+++ vsftpd-2.2.2/sysutil.c 2012-04-26 12:48:08.729618686 +0200 +From cc7c4ed98d69230f24a4437db2ba6bee20f4e494 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 17 Mar 2016 11:44:45 +0100 +Subject: [PATCH 16/26] Applied vsftpd-3.0.0-tz.patch + +--- + sysutil.c | 104 ++++++++++++++++++++++++++++++++++++++++++++++---------------- + 1 file changed, 77 insertions(+), 27 deletions(-) + +diff --git a/sysutil.c b/sysutil.c +index c848356..497d670 100644 +--- a/sysutil.c ++++ b/sysutil.c @@ -26,8 +26,10 @@ /* For Linux, this adds nothing :-) */ #include "port/porting_junk.h" @@ -25,7 +35,7 @@ diff -up vsftpd-2.2.2/sysutil.c.tz vsftpd-2.2.2/sysutil.c /* Private variables to this file */ /* Current umask() */ -@@ -2558,49 +2565,92 @@ error: +@@ -2574,49 +2581,92 @@ error: die("reopening standard file descriptors to /dev/null failed"); } @@ -144,3 +154,6 @@ diff -up vsftpd-2.2.2/sysutil.c.tz vsftpd-2.2.2/sysutil.c { s_timezone *= -1; } +-- +2.5.0 + diff --git a/vsftpd-3.0.0-xferlog.patch b/vsftpd-3.0.0-xferlog.patch index 54c563b..9c8c669 100644 --- a/vsftpd-3.0.0-xferlog.patch +++ b/vsftpd-3.0.0-xferlog.patch @@ -1,6 +1,16 @@ -diff -up vsftpd-3.0.0/vsftpd.conf.xferlog vsftpd-3.0.0/vsftpd.conf ---- vsftpd-3.0.0/vsftpd.conf.xferlog 2012-07-17 10:38:14.022601998 +0200 -+++ vsftpd-3.0.0/vsftpd.conf 2012-07-17 10:41:09.311073484 +0200 +From 26d555a940faf7c7c90d8a8a2b5d5e0d9988f714 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 17 Mar 2016 11:44:45 +0100 +Subject: [PATCH 17/26] Applied vsftpd-3.0.0-xferlog.patch + +--- + vsftpd.conf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/vsftpd.conf b/vsftpd.conf +index ae6c6c9..39d1955 100644 +--- a/vsftpd.conf ++++ b/vsftpd.conf @@ -50,7 +50,7 @@ connect_from_port_20=YES # # You may override where the log file goes if you like. The default is shown @@ -10,3 +20,6 @@ diff -up vsftpd-3.0.0/vsftpd.conf.xferlog vsftpd-3.0.0/vsftpd.conf # # If you want, you can have your log file in standard ftpd xferlog format. # Note that the default log file location is /var/log/xferlog in this case. +-- +2.5.0 + diff --git a/vsftpd-3.0.2-dh.patch b/vsftpd-3.0.2-dh.patch index d5e9c1a..397ad0d 100644 --- a/vsftpd-3.0.2-dh.patch +++ b/vsftpd-3.0.2-dh.patch @@ -1,6 +1,20 @@ -diff -up vsftpd-3.0.2/parseconf.c.dh vsftpd-3.0.2/parseconf.c ---- vsftpd-3.0.2/parseconf.c.dh 2014-09-15 15:07:43.719909056 +0200 -+++ vsftpd-3.0.2/parseconf.c 2014-09-15 15:07:43.724909061 +0200 +From 1c4cb55ed61ca962a051c7de7cca866af8e2b2fa Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 17 Mar 2016 11:44:45 +0100 +Subject: [PATCH 21/26] Applied vsftpd-3.0.2-dh.patch + +--- + parseconf.c | 1 + + ssl.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- + tunables.c | 5 +++- + tunables.h | 1 + + vsftpd.conf.5 | 6 ++++ + 5 files changed, 104 insertions(+), 2 deletions(-) + +diff --git a/parseconf.c b/parseconf.c +index 3e0dba4..38e3182 100644 +--- a/parseconf.c ++++ b/parseconf.c @@ -176,6 +176,7 @@ parseconf_str_array[] = { "email_password_file", &tunable_email_password_file }, { "rsa_cert_file", &tunable_rsa_cert_file }, @@ -9,9 +23,10 @@ diff -up vsftpd-3.0.2/parseconf.c.dh vsftpd-3.0.2/parseconf.c { "ssl_ciphers", &tunable_ssl_ciphers }, { "rsa_private_key_file", &tunable_rsa_private_key_file }, { "dsa_private_key_file", &tunable_dsa_private_key_file }, -diff -up vsftpd-3.0.2/ssl.c.dh vsftpd-3.0.2/ssl.c ---- vsftpd-3.0.2/ssl.c.dh 2012-04-03 02:23:42.000000000 +0200 -+++ vsftpd-3.0.2/ssl.c 2014-09-15 15:07:43.725909062 +0200 +diff --git a/ssl.c b/ssl.c +index c362983..22b69b3 100644 +--- a/ssl.c ++++ b/ssl.c @@ -28,6 +28,8 @@ #include #include @@ -29,7 +44,7 @@ diff -up vsftpd-3.0.2/ssl.c.dh vsftpd-3.0.2/ssl.c static int ssl_cert_digest( SSL* p_ssl, struct vsf_session* p_sess, struct mystr* p_str); static void maybe_log_shutdown_state(struct vsf_session* p_sess); -@@ -51,6 +54,60 @@ static int ssl_read_common(struct vsf_se +@@ -51,6 +54,60 @@ static int ssl_read_common(struct vsf_session* p_sess, static int ssl_inited; static struct mystr debug_str; @@ -125,7 +140,7 @@ diff -up vsftpd-3.0.2/ssl.c.dh vsftpd-3.0.2/ssl.c if (tunable_ssl_ciphers && SSL_CTX_set_cipher_list(p_ctx, tunable_ssl_ciphers) != 1) { -@@ -156,6 +232,9 @@ ssl_init(struct vsf_session* p_sess) +@@ -165,6 +241,9 @@ ssl_init(struct vsf_session* p_sess) /* Ensure cached session doesn't expire */ SSL_CTX_set_timeout(p_ctx, INT_MAX); } @@ -135,7 +150,7 @@ diff -up vsftpd-3.0.2/ssl.c.dh vsftpd-3.0.2/ssl.c p_sess->p_ssl_ctx = p_ctx; ssl_inited = 1; } -@@ -675,6 +754,18 @@ ssl_verify_callback(int verify_ok, X509_ +@@ -702,6 +781,18 @@ ssl_verify_callback(int verify_ok, X509_STORE_CTX* p_ctx) return 1; } @@ -154,9 +169,10 @@ diff -up vsftpd-3.0.2/ssl.c.dh vsftpd-3.0.2/ssl.c void ssl_add_entropy(struct vsf_session* p_sess) { -diff -up vsftpd-3.0.2/tunables.c.dh vsftpd-3.0.2/tunables.c ---- vsftpd-3.0.2/tunables.c.dh 2014-09-15 15:07:43.720909057 +0200 -+++ vsftpd-3.0.2/tunables.c 2014-09-15 15:12:46.516209941 +0200 +diff --git a/tunables.c b/tunables.c +index c737465..1ea7227 100644 +--- a/tunables.c ++++ b/tunables.c @@ -140,6 +140,7 @@ const char* tunable_user_sub_token; const char* tunable_email_password_file; const char* tunable_rsa_cert_file; @@ -169,17 +185,18 @@ diff -up vsftpd-3.0.2/tunables.c.dh vsftpd-3.0.2/tunables.c install_str_setting("/usr/share/ssl/certs/vsftpd.pem", &tunable_rsa_cert_file); install_str_setting(0, &tunable_dsa_cert_file); -- install_str_setting("AES128-SHA:DES-CBC3-SHA", &tunable_ssl_ciphers); +- install_str_setting("ECDHE-RSA-AES256-GCM-SHA384", &tunable_ssl_ciphers); + install_str_setting(0, &tunable_dh_param_file); + install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA", + &tunable_ssl_ciphers); install_str_setting(0, &tunable_rsa_private_key_file); install_str_setting(0, &tunable_dsa_private_key_file); install_str_setting(0, &tunable_ca_certs_file); -diff -up vsftpd-3.0.2/tunables.h.dh vsftpd-3.0.2/tunables.h ---- vsftpd-3.0.2/tunables.h.dh 2014-09-15 15:07:43.720909057 +0200 -+++ vsftpd-3.0.2/tunables.h 2014-09-15 15:07:43.725909062 +0200 -@@ -142,6 +142,7 @@ extern const char* tunable_user_sub_toke +diff --git a/tunables.h b/tunables.h +index 9553038..3995472 100644 +--- a/tunables.h ++++ b/tunables.h +@@ -142,6 +142,7 @@ extern const char* tunable_user_sub_token; extern const char* tunable_email_password_file; extern const char* tunable_rsa_cert_file; extern const char* tunable_dsa_cert_file; @@ -187,10 +204,11 @@ diff -up vsftpd-3.0.2/tunables.h.dh vsftpd-3.0.2/tunables.h extern const char* tunable_ssl_ciphers; extern const char* tunable_rsa_private_key_file; extern const char* tunable_dsa_private_key_file; -diff -up vsftpd-3.0.2/vsftpd.conf.5.dh vsftpd-3.0.2/vsftpd.conf.5 ---- vsftpd-3.0.2/vsftpd.conf.5.dh 2014-09-15 15:07:43.720909057 +0200 -+++ vsftpd-3.0.2/vsftpd.conf.5 2014-09-15 15:07:43.725909062 +0200 -@@ -893,6 +893,12 @@ to be in the same file as the certificat +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index fb6324e..ff94eca 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -893,6 +893,12 @@ to be in the same file as the certificate. Default: (none) .TP @@ -203,3 +221,6 @@ diff -up vsftpd-3.0.2/vsftpd.conf.5.dh vsftpd-3.0.2/vsftpd.conf.5 .B email_password_file This option can be used to provide an alternate file for usage by the .BR secure_email_list_enable +-- +2.5.0 + diff --git a/vsftpd-3.0.2-docupd.patch b/vsftpd-3.0.2-docupd.patch index 71f7f9a..612552d 100644 --- a/vsftpd-3.0.2-docupd.patch +++ b/vsftpd-3.0.2-docupd.patch @@ -1,6 +1,16 @@ -diff -up vsftpd-3.0.2/vsftpd.conf.5.docupd vsftpd-3.0.2/vsftpd.conf.5 ---- vsftpd-3.0.2/vsftpd.conf.5.docupd 2014-06-05 09:47:27.987876849 +0200 -+++ vsftpd-3.0.2/vsftpd.conf.5 2014-06-05 09:47:27.989876848 +0200 +From f7fb4f5c91ab132982c78f1b34f7fe1493fd1372 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 17 Mar 2016 11:44:46 +0100 +Subject: [PATCH 23/26] Applied vsftpd-3.0.2-docupd.patch + +--- + vsftpd.conf.5 | 22 +++++++++++++++++++--- + 1 file changed, 19 insertions(+), 3 deletions(-) + +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index e242873..7a8f130 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 @@ -652,6 +652,21 @@ change it with the setting .BR xferlog_file . @@ -46,3 +56,6 @@ diff -up vsftpd-3.0.2/vsftpd.conf.5.docupd vsftpd-3.0.2/vsftpd.conf.5 .TP .B pasv_max_port The maximum port to allocate for PASV style data connections. Can be used to +-- +2.5.0 + diff --git a/vsftpd-3.0.2-ecdh.patch b/vsftpd-3.0.2-ecdh.patch index 95748ed..fa68fb3 100644 --- a/vsftpd-3.0.2-ecdh.patch +++ b/vsftpd-3.0.2-ecdh.patch @@ -1,6 +1,20 @@ -diff -up vsftpd-3.0.2/parseconf.c.ecdh vsftpd-3.0.2/parseconf.c ---- vsftpd-3.0.2/parseconf.c.ecdh 2014-09-15 15:49:48.801315298 +0200 -+++ vsftpd-3.0.2/parseconf.c 2014-09-15 15:49:48.804315301 +0200 +From 400bd7cd3fc7478a668862cfba4b79e84a5034e9 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 17 Mar 2016 11:44:45 +0100 +Subject: [PATCH 22/26] Applied vsftpd-3.0.2-ecdh.patch + +--- + parseconf.c | 1 + + ssl.c | 37 ++++++++++++++++++++++++++++++++++++- + tunables.c | 4 +++- + tunables.h | 1 + + vsftpd.conf.5 | 8 ++++++++ + 5 files changed, 49 insertions(+), 2 deletions(-) + +diff --git a/parseconf.c b/parseconf.c +index 38e3182..a2c715b 100644 +--- a/parseconf.c ++++ b/parseconf.c @@ -177,6 +177,7 @@ parseconf_str_array[] = { "rsa_cert_file", &tunable_rsa_cert_file }, { "dsa_cert_file", &tunable_dsa_cert_file }, @@ -9,9 +23,10 @@ diff -up vsftpd-3.0.2/parseconf.c.ecdh vsftpd-3.0.2/parseconf.c { "ssl_ciphers", &tunable_ssl_ciphers }, { "rsa_private_key_file", &tunable_rsa_private_key_file }, { "dsa_private_key_file", &tunable_dsa_private_key_file }, -diff -up vsftpd-3.0.2/ssl.c.ecdh vsftpd-3.0.2/ssl.c ---- vsftpd-3.0.2/ssl.c.ecdh 2014-09-15 15:49:48.802315299 +0200 -+++ vsftpd-3.0.2/ssl.c 2014-09-15 15:49:48.804315301 +0200 +diff --git a/ssl.c b/ssl.c +index 22b69b3..96bf8ad 100644 +--- a/ssl.c ++++ b/ssl.c @@ -122,7 +122,7 @@ ssl_init(struct vsf_session* p_sess) { die("SSL: could not allocate SSL context"); @@ -21,7 +36,7 @@ diff -up vsftpd-3.0.2/ssl.c.ecdh vsftpd-3.0.2/ssl.c if (!tunable_sslv2) { options |= SSL_OP_NO_SSLv2; -@@ -235,6 +235,41 @@ ssl_init(struct vsf_session* p_sess) +@@ -244,6 +244,41 @@ ssl_init(struct vsf_session* p_sess) SSL_CTX_set_tmp_dh_callback(p_ctx, ssl_tmp_dh_callback); @@ -63,9 +78,10 @@ diff -up vsftpd-3.0.2/ssl.c.ecdh vsftpd-3.0.2/ssl.c p_sess->p_ssl_ctx = p_ctx; ssl_inited = 1; } -diff -up vsftpd-3.0.2/tunables.c.ecdh vsftpd-3.0.2/tunables.c ---- vsftpd-3.0.2/tunables.c.ecdh 2014-09-15 15:49:48.802315299 +0200 -+++ vsftpd-3.0.2/tunables.c 2014-09-15 15:51:13.176386035 +0200 +diff --git a/tunables.c b/tunables.c +index 1ea7227..93f85b1 100644 +--- a/tunables.c ++++ b/tunables.c @@ -141,6 +141,7 @@ const char* tunable_email_password_file; const char* tunable_rsa_cert_file; const char* tunable_dsa_cert_file; @@ -84,10 +100,11 @@ diff -up vsftpd-3.0.2/tunables.c.ecdh vsftpd-3.0.2/tunables.c &tunable_ssl_ciphers); install_str_setting(0, &tunable_rsa_private_key_file); install_str_setting(0, &tunable_dsa_private_key_file); -diff -up vsftpd-3.0.2/tunables.h.ecdh vsftpd-3.0.2/tunables.h ---- vsftpd-3.0.2/tunables.h.ecdh 2014-09-15 15:49:48.802315299 +0200 -+++ vsftpd-3.0.2/tunables.h 2014-09-15 15:49:48.804315301 +0200 -@@ -143,6 +143,7 @@ extern const char* tunable_email_passwor +diff --git a/tunables.h b/tunables.h +index 3995472..3e2d40c 100644 +--- a/tunables.h ++++ b/tunables.h +@@ -143,6 +143,7 @@ extern const char* tunable_email_password_file; extern const char* tunable_rsa_cert_file; extern const char* tunable_dsa_cert_file; extern const char* tunable_dh_param_file; @@ -95,10 +112,11 @@ diff -up vsftpd-3.0.2/tunables.h.ecdh vsftpd-3.0.2/tunables.h extern const char* tunable_ssl_ciphers; extern const char* tunable_rsa_private_key_file; extern const char* tunable_dsa_private_key_file; -diff -up vsftpd-3.0.2/vsftpd.conf.5.ecdh vsftpd-3.0.2/vsftpd.conf.5 ---- vsftpd-3.0.2/vsftpd.conf.5.ecdh 2014-09-15 15:49:48.802315299 +0200 -+++ vsftpd-3.0.2/vsftpd.conf.5 2014-09-15 15:49:48.806315302 +0200 -@@ -899,6 +915,14 @@ ephemeral Diffie-Hellman key exchange in +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index ff94eca..e242873 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -899,6 +899,14 @@ ephemeral Diffie-Hellman key exchange in SSL. Default: (none - use built in parameters appropriate for certificate key size) .TP @@ -113,3 +131,6 @@ diff -up vsftpd-3.0.2/vsftpd.conf.5.ecdh vsftpd-3.0.2/vsftpd.conf.5 .B email_password_file This option can be used to provide an alternate file for usage by the .BR secure_email_list_enable +-- +2.5.0 + diff --git a/vsftpd-3.0.2-lookup.patch b/vsftpd-3.0.2-lookup.patch index 8f5e5a6..553f6c3 100644 --- a/vsftpd-3.0.2-lookup.patch +++ b/vsftpd-3.0.2-lookup.patch @@ -1,6 +1,20 @@ -diff -up vsftpd-3.0.2/parseconf.c.lookup vsftpd-3.0.2/parseconf.c ---- vsftpd-3.0.2/parseconf.c.lookup 2014-04-17 10:01:50.862951491 +0200 -+++ vsftpd-3.0.2/parseconf.c 2014-04-17 10:02:42.343955443 +0200 +From 341ecdb33ac371d0efcfe428719fdf627ab253c2 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 17 Mar 2016 11:44:45 +0100 +Subject: [PATCH 19/26] Applied vsftpd-3.0.2-lookup.patch + +--- + parseconf.c | 1 + + sysdeputil.c | 14 +++++++++----- + tunables.c | 2 ++ + tunables.h | 1 + + vsftpd.conf.5 | 9 +++++++++ + 5 files changed, 22 insertions(+), 5 deletions(-) + +diff --git a/parseconf.c b/parseconf.c +index 30df598..3e0dba4 100644 +--- a/parseconf.c ++++ b/parseconf.c @@ -91,6 +91,7 @@ parseconf_bool_array[] = { "mdtm_write", &tunable_mdtm_write }, { "lock_upload_files", &tunable_lock_upload_files }, @@ -9,10 +23,11 @@ diff -up vsftpd-3.0.2/parseconf.c.lookup vsftpd-3.0.2/parseconf.c { "userlist_log", &tunable_userlist_log }, { "debug_ssl", &tunable_debug_ssl }, { "require_cert", &tunable_require_cert }, -diff -up vsftpd-3.0.2/sysdeputil.c.lookup vsftpd-3.0.2/sysdeputil.c ---- vsftpd-3.0.2/sysdeputil.c.lookup 2014-04-17 09:57:02.111933144 +0200 -+++ vsftpd-3.0.2/sysdeputil.c 2014-04-17 10:01:31.069950498 +0200 -@@ -354,12 +354,16 @@ vsf_sysdep_check_auth(struct mystr* p_us +diff --git a/sysdeputil.c b/sysdeputil.c +index 3bbabaa..2063c87 100644 +--- a/sysdeputil.c ++++ b/sysdeputil.c +@@ -354,12 +354,16 @@ vsf_sysdep_check_auth(struct mystr* p_user_str, return 0; } #ifdef PAM_RHOST @@ -34,9 +49,10 @@ diff -up vsftpd-3.0.2/sysdeputil.c.lookup vsftpd-3.0.2/sysdeputil.c if (retval != PAM_SUCCESS) { (void) pam_end(s_pamh, retval); -diff -up vsftpd-3.0.2/tunables.c.lookup vsftpd-3.0.2/tunables.c ---- vsftpd-3.0.2/tunables.c.lookup 2014-04-17 10:03:22.766958324 +0200 -+++ vsftpd-3.0.2/tunables.c 2014-04-17 10:04:52.004964675 +0200 +diff --git a/tunables.c b/tunables.c +index b30fca1..c737465 100644 +--- a/tunables.c ++++ b/tunables.c @@ -72,6 +72,7 @@ int tunable_force_anon_data_ssl; int tunable_mdtm_write; int tunable_lock_upload_files; @@ -53,10 +69,11 @@ diff -up vsftpd-3.0.2/tunables.c.lookup vsftpd-3.0.2/tunables.c tunable_userlist_log = 0; tunable_debug_ssl = 0; tunable_require_cert = 0; -diff -up vsftpd-3.0.2/tunables.h.lookup vsftpd-3.0.2/tunables.h ---- vsftpd-3.0.2/tunables.h.lookup 2014-04-17 10:03:27.405958676 +0200 -+++ vsftpd-3.0.2/tunables.h 2014-04-17 10:04:22.763963824 +0200 -@@ -73,6 +73,7 @@ extern int tunable_force_anon_data_ssl; +diff --git a/tunables.h b/tunables.h +index e44d64c..9553038 100644 +--- a/tunables.h ++++ b/tunables.h +@@ -73,6 +73,7 @@ extern int tunable_force_anon_data_ssl; /* Require anon data uses SSL */ extern int tunable_mdtm_write; /* Allow MDTM to set timestamps */ extern int tunable_lock_upload_files; /* Lock uploading files */ extern int tunable_pasv_addr_resolve; /* DNS resolve pasv_addr */ @@ -64,10 +81,11 @@ diff -up vsftpd-3.0.2/tunables.h.lookup vsftpd-3.0.2/tunables.h extern int tunable_userlist_log; /* Log every failed login attempt */ extern int tunable_debug_ssl; /* Verbose SSL logging */ extern int tunable_require_cert; /* SSL client cert required */ -diff -up vsftpd-3.0.2/vsftpd.conf.5.lookup vsftpd-3.0.2/vsftpd.conf.5 ---- vsftpd-3.0.2/vsftpd.conf.5.lookup 2014-04-17 10:05:30.956969003 +0200 -+++ vsftpd-3.0.2/vsftpd.conf.5 2014-04-17 10:06:36.586971828 +0200 -@@ -425,6 +425,15 @@ http://scarybeastsecurity.blogspot.com/2 +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index 72bb86f..fb6324e 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -425,6 +425,15 @@ http://scarybeastsecurity.blogspot.com/2009/02/vsftpd-210-released.html Default: YES .TP @@ -83,3 +101,6 @@ diff -up vsftpd-3.0.2/vsftpd.conf.5.lookup vsftpd-3.0.2/vsftpd.conf.5 .B run_as_launching_user Set to YES if you want vsftpd to run as the user which launched vsftpd. This is useful where root access is not available. MASSIVE WARNING! Do NOT enable this +-- +2.5.0 + diff --git a/vsftpd-3.0.2-rc450.patch b/vsftpd-3.0.2-rc450.patch index 63d6d01..8435446 100644 --- a/vsftpd-3.0.2-rc450.patch +++ b/vsftpd-3.0.2-rc450.patch @@ -1,6 +1,19 @@ -diff -up vsftpd-3.0.2/ftpcodes.h.rc450 vsftpd-3.0.2/ftpcodes.h ---- vsftpd-3.0.2/ftpcodes.h.rc450 2008-02-12 01:30:46.000000000 +0100 -+++ vsftpd-3.0.2/ftpcodes.h 2014-06-18 13:41:02.238821708 +0200 +From e8c21dbd87c5e46c246c2d08c1abc84bb649fc02 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 17 Mar 2016 11:44:46 +0100 +Subject: [PATCH 24/26] Applied vsftpd-3.0.2-rc450.patch + +--- + ftpcodes.h | 1 + + postlogin.c | 9 ++++++++- + sysutil.c | 3 +++ + sysutil.h | 3 ++- + 4 files changed, 14 insertions(+), 2 deletions(-) + +diff --git a/ftpcodes.h b/ftpcodes.h +index 93290c0..81e25c5 100644 +--- a/ftpcodes.h ++++ b/ftpcodes.h @@ -52,6 +52,7 @@ #define FTP_TLS_FAIL 421 #define FTP_BADSENDCONN 425 @@ -9,10 +22,11 @@ diff -up vsftpd-3.0.2/ftpcodes.h.rc450 vsftpd-3.0.2/ftpcodes.h #define FTP_BADSENDFILE 451 #define FTP_BADCMD 500 -diff -up vsftpd-3.0.2/postlogin.c.rc450 vsftpd-3.0.2/postlogin.c ---- vsftpd-3.0.2/postlogin.c.rc450 2012-09-18 11:59:37.000000000 +0200 -+++ vsftpd-3.0.2/postlogin.c 2014-06-18 13:41:02.238821708 +0200 -@@ -670,7 +670,14 @@ handle_retr(struct vsf_session* p_sess, +diff --git a/postlogin.c b/postlogin.c +index bf12970..29958c0 100644 +--- a/postlogin.c ++++ b/postlogin.c +@@ -679,7 +679,14 @@ handle_retr(struct vsf_session* p_sess, int is_http) opened_file = str_open(&p_sess->ftp_arg_str, kVSFSysStrOpenReadOnly); if (vsf_sysutil_retval_is_error(opened_file)) { @@ -28,9 +42,10 @@ diff -up vsftpd-3.0.2/postlogin.c.rc450 vsftpd-3.0.2/postlogin.c return; } /* Lock file if required */ -diff -up vsftpd-3.0.2/sysutil.c.rc450 vsftpd-3.0.2/sysutil.c ---- vsftpd-3.0.2/sysutil.c.rc450 2014-06-18 13:41:02.231821807 +0200 -+++ vsftpd-3.0.2/sysutil.c 2014-06-18 13:41:02.238821708 +0200 +diff --git a/sysutil.c b/sysutil.c +index 62d833d..a924edf 100644 +--- a/sysutil.c ++++ b/sysutil.c @@ -1632,6 +1632,9 @@ vsf_sysutil_get_error(void) case ENOENT: retval = kVSFSysUtilErrNOENT; @@ -41,9 +56,10 @@ diff -up vsftpd-3.0.2/sysutil.c.rc450 vsftpd-3.0.2/sysutil.c default: break; } -diff -up vsftpd-3.0.2/sysutil.h.rc450 vsftpd-3.0.2/sysutil.h ---- vsftpd-3.0.2/sysutil.h.rc450 2014-06-18 13:41:02.231821807 +0200 -+++ vsftpd-3.0.2/sysutil.h 2014-06-18 13:41:02.239821694 +0200 +diff --git a/sysutil.h b/sysutil.h +index 79b5514..c145bdf 100644 +--- a/sysutil.h ++++ b/sysutil.h @@ -18,7 +18,8 @@ enum EVSFSysUtilError kVSFSysUtilErrINVAL, kVSFSysUtilErrOPNOTSUPP, @@ -54,3 +70,6 @@ diff -up vsftpd-3.0.2/sysutil.h.rc450 vsftpd-3.0.2/sysutil.h }; enum EVSFSysUtilError vsf_sysutil_get_error(void); +-- +2.5.0 + diff --git a/vsftpd-3.0.2-uint-uidgid.patch b/vsftpd-3.0.2-uint-uidgid.patch index fb0d502..ef87284 100644 --- a/vsftpd-3.0.2-uint-uidgid.patch +++ b/vsftpd-3.0.2-uint-uidgid.patch @@ -1,7 +1,21 @@ -diff -up vsftpd-3.0.2/ls.c.uint-uidgid vsftpd-3.0.2/ls.c ---- vsftpd-3.0.2/ls.c.uint-uidgid 2014-04-17 13:47:01.835114063 +0200 -+++ vsftpd-3.0.2/ls.c 2014-04-17 13:47:01.845114063 +0200 -@@ -501,7 +501,7 @@ build_dir_line(struct mystr* p_str, cons +From 24a1132cfe48d4c8bd799494ca802c918ac9132b Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 17 Mar 2016 11:44:45 +0100 +Subject: [PATCH 20/26] Applied vsftpd-3.0.2-uint-uidgid.patch + +--- + ls.c | 4 ++-- + privops.c | 3 +-- + session.h | 6 +++--- + sysutil.c | 44 ++++++++++++++------------------------------ + sysutil.h | 20 ++++++++++---------- + 5 files changed, 30 insertions(+), 47 deletions(-) + +diff --git a/ls.c b/ls.c +index 0ad7f54..f18791d 100644 +--- a/ls.c ++++ b/ls.c +@@ -503,7 +503,7 @@ build_dir_line(struct mystr* p_str, const struct mystr* p_filename_str, } else { @@ -10,7 +24,7 @@ diff -up vsftpd-3.0.2/ls.c.uint-uidgid vsftpd-3.0.2/ls.c struct vsf_sysutil_user* p_user = 0; if (tunable_text_userdb_names) { -@@ -526,7 +526,7 @@ build_dir_line(struct mystr* p_str, cons +@@ -528,7 +528,7 @@ build_dir_line(struct mystr* p_str, const struct mystr* p_filename_str, } else { @@ -19,10 +33,11 @@ diff -up vsftpd-3.0.2/ls.c.uint-uidgid vsftpd-3.0.2/ls.c struct vsf_sysutil_group* p_group = 0; if (tunable_text_userdb_names) { -diff -up vsftpd-3.0.2/privops.c.uint-uidgid vsftpd-3.0.2/privops.c ---- vsftpd-3.0.2/privops.c.uint-uidgid 2012-09-16 09:21:24.000000000 +0200 -+++ vsftpd-3.0.2/privops.c 2014-04-17 13:48:26.431113895 +0200 -@@ -236,8 +236,7 @@ vsf_privop_do_file_chown(struct vsf_sess +diff --git a/privops.c b/privops.c +index 21d7267..f27c5c4 100644 +--- a/privops.c ++++ b/privops.c +@@ -236,8 +236,7 @@ vsf_privop_do_file_chown(struct vsf_session* p_sess, int fd) /* Drop it like a hot potato unless it's a regular file owned by * the the anonymous ftp user */ @@ -32,9 +47,10 @@ diff -up vsftpd-3.0.2/privops.c.uint-uidgid vsftpd-3.0.2/privops.c (vsf_sysutil_statbuf_get_uid(s_p_statbuf) != p_sess->anon_ftp_uid && vsf_sysutil_statbuf_get_uid(s_p_statbuf) != p_sess->guest_user_uid)) { -diff -up vsftpd-3.0.2/session.h.uint-uidgid vsftpd-3.0.2/session.h ---- vsftpd-3.0.2/session.h.uint-uidgid 2012-04-05 03:27:19.000000000 +0200 -+++ vsftpd-3.0.2/session.h 2014-04-17 13:47:01.845114063 +0200 +diff --git a/session.h b/session.h +index 27a488f..956bfb7 100644 +--- a/session.h ++++ b/session.h @@ -54,9 +54,9 @@ struct vsf_session struct mystr_list* p_visited_dir_list; @@ -48,10 +64,11 @@ diff -up vsftpd-3.0.2/session.h.uint-uidgid vsftpd-3.0.2/session.h /* Things we need to cache before we chroot() */ struct mystr banned_email_str; -diff -up vsftpd-3.0.2/sysutil.c.uint-uidgid vsftpd-3.0.2/sysutil.c ---- vsftpd-3.0.2/sysutil.c.uint-uidgid 2014-04-17 13:47:01.839114063 +0200 -+++ vsftpd-3.0.2/sysutil.c 2014-04-17 13:47:01.846114063 +0200 -@@ -1454,14 +1454,14 @@ vsf_sysutil_statbuf_get_size(const struc +diff --git a/sysutil.c b/sysutil.c +index 497d670..62d833d 100644 +--- a/sysutil.c ++++ b/sysutil.c +@@ -1454,14 +1454,14 @@ vsf_sysutil_statbuf_get_size(const struct vsf_sysutil_statbuf* p_statbuf) return p_stat->st_size; } @@ -77,7 +94,7 @@ diff -up vsftpd-3.0.2/sysutil.c.uint-uidgid vsftpd-3.0.2/sysutil.c { if (fchown(fd, uid, gid) != 0) { -@@ -2320,13 +2320,9 @@ vsf_sysutil_dns_resolve(struct vsf_sysut +@@ -2320,13 +2320,9 @@ vsf_sysutil_dns_resolve(struct vsf_sysutil_sockaddr** p_sockptr, } struct vsf_sysutil_user* @@ -93,7 +110,7 @@ diff -up vsftpd-3.0.2/sysutil.c.uint-uidgid vsftpd-3.0.2/sysutil.c } struct vsf_sysutil_user* -@@ -2349,14 +2345,14 @@ vsf_sysutil_user_get_homedir(const struc +@@ -2349,14 +2345,14 @@ vsf_sysutil_user_get_homedir(const struct vsf_sysutil_user* p_user) return p_passwd->pw_dir; } @@ -110,7 +127,7 @@ diff -up vsftpd-3.0.2/sysutil.c.uint-uidgid vsftpd-3.0.2/sysutil.c vsf_sysutil_user_getgid(const struct vsf_sysutil_user* p_user) { const struct passwd* p_passwd = (const struct passwd*) p_user; -@@ -2364,13 +2360,9 @@ vsf_sysutil_user_getgid(const struct vsf +@@ -2364,13 +2360,9 @@ vsf_sysutil_user_getgid(const struct vsf_sysutil_user* p_user) } struct vsf_sysutil_group* @@ -165,10 +182,11 @@ diff -up vsftpd-3.0.2/sysutil.c.uint-uidgid vsftpd-3.0.2/sysutil.c vsf_sysutil_getuid(void) { return getuid(); -diff -up vsftpd-3.0.2/sysutil.h.uint-uidgid vsftpd-3.0.2/sysutil.h ---- vsftpd-3.0.2/sysutil.h.uint-uidgid 2014-04-17 13:47:01.827114063 +0200 -+++ vsftpd-3.0.2/sysutil.h 2014-04-17 13:47:01.846114063 +0200 -@@ -129,15 +129,15 @@ const char* vsf_sysutil_statbuf_get_nume +diff --git a/sysutil.h b/sysutil.h +index bfc92cb..79b5514 100644 +--- a/sysutil.h ++++ b/sysutil.h +@@ -129,15 +129,15 @@ const char* vsf_sysutil_statbuf_get_numeric_date( const struct vsf_sysutil_statbuf* p_stat, int use_localtime); unsigned int vsf_sysutil_statbuf_get_links( const struct vsf_sysutil_statbuf* p_stat); @@ -207,7 +225,7 @@ diff -up vsftpd-3.0.2/sysutil.h.uint-uidgid vsftpd-3.0.2/sysutil.h const char* vsf_sysutil_group_getname(const struct vsf_sysutil_group* p_group); /* More random things */ -@@ -316,7 +316,7 @@ void vsf_sysutil_qsort(void* p_base, uns +@@ -316,7 +316,7 @@ void vsf_sysutil_qsort(void* p_base, unsigned int num_elem, char* vsf_sysutil_getenv(const char* p_var); typedef void (*exitfunc_t)(void); void vsf_sysutil_set_exit_func(exitfunc_t exitfunc); @@ -216,7 +234,7 @@ diff -up vsftpd-3.0.2/sysutil.h.uint-uidgid vsftpd-3.0.2/sysutil.h /* Syslogging (bah) */ void vsf_sysutil_openlog(int force); -@@ -329,8 +329,8 @@ void vsf_sysutil_setuid(const struct vsf +@@ -329,8 +329,8 @@ void vsf_sysutil_setuid(const struct vsf_sysutil_user* p_user); void vsf_sysutil_setgid(const struct vsf_sysutil_user* p_user); void vsf_sysutil_setuid_numeric(int uid); void vsf_sysutil_setgid_numeric(int gid); @@ -227,3 +245,6 @@ diff -up vsftpd-3.0.2/sysutil.h.uint-uidgid vsftpd-3.0.2/sysutil.h void vsf_sysutil_seteuid(const struct vsf_sysutil_user* p_user); void vsf_sysutil_setegid(const struct vsf_sysutil_user* p_user); void vsf_sysutil_seteuid_numeric(int uid); +-- +2.5.0 + diff --git a/vsftpd-close-std-fds.patch b/vsftpd-close-std-fds.patch index 73da6af..4811651 100644 --- a/vsftpd-close-std-fds.patch +++ b/vsftpd-close-std-fds.patch @@ -1,7 +1,17 @@ -diff -up vsftpd-2.0.7/standalone.c.close-fds vsftpd-2.0.7/standalone.c ---- vsftpd-2.0.7/standalone.c.close-fds 2008-09-08 23:36:32.000000000 -0400 -+++ vsftpd-2.0.7/standalone.c 2008-09-08 23:37:53.000000000 -0400 -@@ -131,6 +131,9 @@ vsf_standalone_main(void) +From 883736a0ad3b521c8210cc7e6cbc2cb302aca43c Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 17 Mar 2016 11:44:45 +0100 +Subject: [PATCH 06/26] Applied vsftpd-close-std-fds.patch + +--- + standalone.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/standalone.c b/standalone.c +index ba01ab1..e0f2d5b 100644 +--- a/standalone.c ++++ b/standalone.c +@@ -130,6 +130,9 @@ vsf_standalone_main(void) die("could not bind listening IPv6 socket"); } } @@ -11,3 +21,6 @@ diff -up vsftpd-2.0.7/standalone.c.close-fds vsftpd-2.0.7/standalone.c retval = vsf_sysutil_listen(listen_sock, VSFTP_LISTEN_BACKLOG); if (vsf_sysutil_retval_is_error(retval)) { +-- +2.5.0 + diff --git a/vsftpd.spec b/vsftpd.spec index 80581cd..d4fa0ce 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,8 +2,8 @@ %define _generatorsdir %{_prefix}/lib/systemd/system-generators Name: vsftpd -Version: 3.0.2 -Release: 15%{?dist} +Version: 3.0.3 +Release: 1%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -167,6 +167,9 @@ rm -rf $RPM_BUILD_ROOT %{_var}/ftp %changelog +* Thu Mar 17 2016 Martin Sehnoutka - 3.0.3-1 +- Update to 3.0.3 version + * Fri Feb 05 2016 Fedora Release Engineering - 3.0.2-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild @@ -320,7 +323,7 @@ rm -rf $RPM_BUILD_ROOT * Thu Aug 27 2009 Tomas Mraz - 2.2.0-2 - rebuilt with new openssl -* Tue Aug 24 2009 Martin Nagy - 2.2.0-1 +* Mon Aug 24 2009 Martin Nagy - 2.2.0-1 - update to latest upstream release 2.2.0 * Tue Aug 04 2009 Martin Nagy - 2.2.0-0.1.pre4 @@ -484,7 +487,7 @@ rm -rf $RPM_BUILD_ROOT * Tue Aug 08 2006 Maros Barabas - 2.0.5-5 - option to change listening to IPv6 protocol -* Thu Aug 01 2006 Maros Barabas - 2.0.5-4 +* Tue Aug 01 2006 Maros Barabas - 2.0.5-4 - listen to IPv4 connections in default conf file * Mon Jul 17 2006 Radek Vokal - 2.0.5-3 @@ -569,7 +572,7 @@ rm -rf $RPM_BUILD_ROOT * Tue Dec 14 2004 Radek Vokal 2.0.1-7 - fixing directory in vsftpd.pam file (#142805) -* Mon Nov 11 2004 Radek Vokal 2.0.1-6 +* Thu Nov 11 2004 Radek Vokal 2.0.1-6 - vsftpd. files moved to /etc/vsftpd - added vsftpd_conf_migrate.sh script for moving conf files @@ -709,10 +712,10 @@ rm -rf $RPM_BUILD_ROOT * Wed Feb 7 2001 Seth Vidal - updated to 0.0.11 -* Fri Feb 1 2001 Seth Vidal +* Thu Feb 1 2001 Seth Vidal - Update to 0.0.10 -* Fri Feb 1 2001 Seth Vidal +* Thu Feb 1 2001 Seth Vidal - First RPM packaging - Stolen items from wu-ftpd's pam setup - Separated rh 7 and rh 6.X's packages From 38e56d8e2889ce76f5cd20491adddae77deb3777 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Thu, 17 Mar 2016 14:58:25 +0100 Subject: [PATCH 05/85] removed ctags file from patch --- vsftpd-2.2.2-nfs-fail.patch | 1371 +---------------------------------- 1 file changed, 7 insertions(+), 1364 deletions(-) diff --git a/vsftpd-2.2.2-nfs-fail.patch b/vsftpd-2.2.2-nfs-fail.patch index 73c5f64..674a01e 100644 --- a/vsftpd-2.2.2-nfs-fail.patch +++ b/vsftpd-2.2.2-nfs-fail.patch @@ -1,16 +1,14 @@ -From d30fce5908a608a93a30e276d01050c32d8f1542 Mon Sep 17 00:00:00 2001 +From 1be2ebccc0a5e1040fa9bb5f1cac8040070830df Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:59:28 +0100 +Date: Thu, 17 Mar 2016 14:51:29 +0100 Subject: [PATCH 25/26] Applied vsftpd-2.2.2-nfs-fail.patch --- - ftpcodes.h | 1 + - postlogin.c | 32 +- - sysutil.c | 21 + - sysutil.h | 1 + - tags | 1349 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 5 files changed, 1402 insertions(+), 2 deletions(-) - create mode 100644 tags + ftpcodes.h | 1 + + postlogin.c | 32 ++++++++++++++++++++++++++++++-- + sysutil.c | 21 +++++++++++++++++++++ + sysutil.h | 1 + + 4 files changed, 53 insertions(+), 2 deletions(-) diff --git a/ftpcodes.h b/ftpcodes.h index 81e25c5..3950f92 100644 @@ -141,1361 +139,6 @@ index c145bdf..26698cd 100644 int vsf_sysutil_close_failok(int fd); int vsf_sysutil_unlink(const char* p_dead); int vsf_sysutil_write_access(const char* p_filename); -diff --git a/tags b/tags -new file mode 100644 -index 0000000..2afa58c ---- /dev/null -+++ b/tags -@@ -0,0 +1,1349 @@ -+!_TAG_FILE_FORMAT 2 /extended format; --format=1 will not append ;" to lines/ -+!_TAG_FILE_SORTED 1 /0=unsorted, 1=sorted, 2=foldcase/ -+!_TAG_PROGRAM_AUTHOR Darren Hiebert /dhiebert@users.sourceforge.net/ -+!_TAG_PROGRAM_NAME Exuberant Ctags // -+!_TAG_PROGRAM_URL http://ctags.sourceforge.net /official site/ -+!_TAG_PROGRAM_VERSION 5.8 // -+BUFTZSIZ sysutil.c 30;" d file: -+CC Makefile /^CC = gcc$/;" m -+CFLAGS Makefile /^CFLAGS = -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 \\$/;" m -+CLONE_NEWIPC sysdeputil.c 80;" d file: -+CLONE_NEWNET sysdeputil.c 83;" d file: -+CLONE_NEWPID sysdeputil.c 77;" d file: -+CMSG_ALIGN port/cmsg_extras.h 9;" d -+CMSG_LEN port/cmsg_extras.h 19;" d -+CMSG_SPACE port/cmsg_extras.h 14;" d -+DH_get_dh ssl.c /^ DH_get_dh(int size)$/;" f -+DH_get_prime ssl.c /^ DH_get_prime(int bits)$/;" f -+DIE_DEBUG utility.c 13;" d file: -+ESysdepCapabilities sysdeputil.h /^enum ESysdepCapabilities$/;" g -+EVSFLogEntryType logging.h /^enum EVSFLogEntryType$/;" g -+EVSFPrivopLoginResult privops.h /^enum EVSFPrivopLoginResult$/;" g -+EVSFRWTarget readwrite.h /^enum EVSFRWTarget$/;" g -+EVSFSysStrOpenMode sysstr.h /^enum EVSFSysStrOpenMode$/;" g -+EVSFSysUtilError sysutil.h /^enum EVSFSysUtilError$/;" g -+EVSFSysUtilInterruptContext sysutil.h /^enum EVSFSysUtilInterruptContext$/;" g -+EVSFSysUtilMapPermission sysutil.h /^enum EVSFSysUtilMapPermission$/;" g -+EVSFSysUtilOpenMode sysutil.h /^enum EVSFSysUtilOpenMode$/;" g -+EVSFSysUtilSignal sysutil.h /^enum EVSFSysUtilSignal$/;" g -+FTP_ABOROK ftpcodes.h 31;" d -+FTP_ABOR_NOCONN ftpcodes.h 29;" d -+FTP_ALLOOK ftpcodes.h 18;" d -+FTP_AUTHOK ftpcodes.h 35;" d -+FTP_BADAUTH ftpcodes.h 67;" d -+FTP_BADCMD ftpcodes.h 58;" d -+FTP_BADMODE ftpcodes.h 66;" d -+FTP_BADOPTS ftpcodes.h 59;" d -+FTP_BADPBSZ ftpcodes.h 63;" d -+FTP_BADPROT ftpcodes.h 64;" d -+FTP_BADSENDCONN ftpcodes.h 53;" d -+FTP_BADSENDFILE ftpcodes.h 56;" d -+FTP_BADSENDNET ftpcodes.h 54;" d -+FTP_BADSTRU ftpcodes.h 65;" d -+FTP_CHMODOK ftpcodes.h 11;" d -+FTP_COMMANDNOTIMPL ftpcodes.h 60;" d -+FTP_CWDOK ftpcodes.h 36;" d -+FTP_DATACONN ftpcodes.h 4;" d -+FTP_DATATLSBAD ftpcodes.h 71;" d -+FTP_DATA_TIMEOUT ftpcodes.h 48;" d -+FTP_DELEOK ftpcodes.h 38;" d -+FTP_EPRTOK ftpcodes.h 9;" d -+FTP_EPSVALLOK ftpcodes.h 12;" d -+FTP_EPSVBAD ftpcodes.h 70;" d -+FTP_EPSVOK ftpcodes.h 33;" d -+FTP_FEAT ftpcodes.h 19;" d -+FTP_FILEFAIL ftpcodes.h 74;" d -+FTP_FILETMPFAIL ftpcodes.h 55;" d -+FTP_GIVEPWORD ftpcodes.h 43;" d -+FTP_GOODBYE ftpcodes.h 28;" d -+FTP_GREET ftpcodes.h 27;" d -+FTP_HELP ftpcodes.h 25;" d -+FTP_IDLE_TIMEOUT ftpcodes.h 47;" d -+FTP_IP_DENY ftpcodes.h 51;" d -+FTP_IP_LIMIT ftpcodes.h 50;" d -+FTP_LOGINERR ftpcodes.h 72;" d -+FTP_LOGINOK ftpcodes.h 34;" d -+FTP_MDTMOK ftpcodes.h 22;" d -+FTP_MKDIROK ftpcodes.h 41;" d -+FTP_MODEOK ftpcodes.h 14;" d -+FTP_NEEDENCRYPT ftpcodes.h 69;" d -+FTP_NEEDRNFR ftpcodes.h 62;" d -+FTP_NEEDUSER ftpcodes.h 61;" d -+FTP_NOHANDLEPROT ftpcodes.h 73;" d -+FTP_NOOPOK ftpcodes.h 6;" d -+FTP_NOPERM ftpcodes.h 75;" d -+FTP_NOSUCHPROT ftpcodes.h 68;" d -+FTP_OPTSOK ftpcodes.h 17;" d -+FTP_PASVOK ftpcodes.h 32;" d -+FTP_PBSZOK ftpcodes.h 15;" d -+FTP_PORTOK ftpcodes.h 8;" d -+FTP_PROTOK ftpcodes.h 16;" d -+FTP_PWDOK ftpcodes.h 40;" d -+FTP_RENAMEOK ftpcodes.h 39;" d -+FTP_RESTOK ftpcodes.h 44;" d -+FTP_RMDIROK ftpcodes.h 37;" d -+FTP_RNFROK ftpcodes.h 45;" d -+FTP_SITEHELP ftpcodes.h 24;" d -+FTP_SIZEOK ftpcodes.h 21;" d -+FTP_STATFILE_OK ftpcodes.h 23;" d -+FTP_STATOK ftpcodes.h 20;" d -+FTP_STRUOK ftpcodes.h 13;" d -+FTP_SYSTOK ftpcodes.h 26;" d -+FTP_TLS_FAIL ftpcodes.h 52;" d -+FTP_TOO_MANY_USERS ftpcodes.h 49;" d -+FTP_TRANSFEROK ftpcodes.h 30;" d -+FTP_TYPEOK ftpcodes.h 7;" d -+FTP_UMASKOK ftpcodes.h 10;" d -+FTP_UPLOADFAIL ftpcodes.h 76;" d -+F_LOCALTIME sysutil.c 29;" d file: -+IFLAGS Makefile /^IFLAGS = -idirafter dummyinc$/;" m -+INIT_MYSTR str.h 18;" d -+INIT_STRLIST strlist.h 15;" d -+INSTALL Makefile /^INSTALL = install$/;" m -+LDFLAGS Makefile /^LDFLAGS = -fPIE -pie -Wl,-z,relro -Wl,-z,now$/;" m -+LIBS Makefile /^LIBS = -lwrap -lnsl -lpam -lcap -ldl -lcrypto$/;" m -+LINK Makefile /^LINK = -Wl,-s$/;" m -+MAP_ANON port/hpux_bogons.h 10;" d -+MAP_FAILED port/hpux_bogons.h 16;" d -+MAX_SYSCALL ptracesandbox.c 87;" d file: -+OBJS Makefile /^OBJS = main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o \\$/;" m -+O_CLOEXEC seccompsandbox.c 57;" d file: -+O_DIRECT ptracesandbox.c 74;" d file: -+O_DIRECTORY seccompsandbox.c 53;" d file: -+O_LARGEFILE seccompsandbox.c 49;" d file: -+PRIVATE_HANDS_OFF_alloc_bytes str.c 16;" d file: -+PRIVATE_HANDS_OFF_alloc_bytes str.h /^ unsigned int PRIVATE_HANDS_OFF_alloc_bytes;$/;" m struct:mystr -+PRIVATE_HANDS_OFF_alloc_len strlist.c 9;" d file: -+PRIVATE_HANDS_OFF_alloc_len strlist.h /^ unsigned int PRIVATE_HANDS_OFF_alloc_len;$/;" m struct:mystr_list -+PRIVATE_HANDS_OFF_exit_status sysutil.c 14;" d file: -+PRIVATE_HANDS_OFF_exit_status sysutil.h /^ int PRIVATE_HANDS_OFF_exit_status;$/;" m struct:vsf_sysutil_wait_retval -+PRIVATE_HANDS_OFF_len str.c 15;" d file: -+PRIVATE_HANDS_OFF_len str.h /^ unsigned int PRIVATE_HANDS_OFF_len;$/;" m struct:mystr -+PRIVATE_HANDS_OFF_list_len strlist.c 10;" d file: -+PRIVATE_HANDS_OFF_list_len strlist.h /^ unsigned int PRIVATE_HANDS_OFF_list_len;$/;" m struct:mystr_list -+PRIVATE_HANDS_OFF_p_buf str.c 14;" d file: -+PRIVATE_HANDS_OFF_p_buf str.h /^ char* PRIVATE_HANDS_OFF_p_buf;$/;" m struct:mystr -+PRIVATE_HANDS_OFF_p_nodes strlist.c 11;" d file: -+PRIVATE_HANDS_OFF_p_nodes strlist.h /^ struct mystr_list_node* PRIVATE_HANDS_OFF_p_nodes;$/;" m struct:mystr_list typeref:struct:mystr_list::mystr_list_node -+PRIVATE_HANDS_OFF_syscall_retval sysutil.c 13;" d file: -+PRIVATE_HANDS_OFF_syscall_retval sysutil.h /^ int PRIVATE_HANDS_OFF_syscall_retval;$/;" m struct:vsf_sysutil_wait_retval -+PRIV_SOCK_CHOWN privsock.h 160;" d -+PRIV_SOCK_DO_SSL_CLOSE privsock.h 165;" d -+PRIV_SOCK_DO_SSL_HANDSHAKE privsock.h 164;" d -+PRIV_SOCK_DO_SSL_READ privsock.h 166;" d -+PRIV_SOCK_DO_SSL_WRITE privsock.h 167;" d -+PRIV_SOCK_GET_DATA_SOCK privsock.h 161;" d -+PRIV_SOCK_GET_USER_CMD privsock.h 162;" d -+PRIV_SOCK_LOGIN privsock.h 159;" d -+PRIV_SOCK_PASV_ACCEPT privsock.h 171;" d -+PRIV_SOCK_PASV_ACTIVE privsock.h 169;" d -+PRIV_SOCK_PASV_CLEANUP privsock.h 168;" d -+PRIV_SOCK_PASV_LISTEN privsock.h 170;" d -+PRIV_SOCK_RESULT_BAD privsock.h 174;" d -+PRIV_SOCK_RESULT_OK privsock.h 173;" d -+PRIV_SOCK_WRITE_USER_RESP privsock.h 163;" d -+PR_SET_NO_NEW_PRIVS seccompsandbox.c 41;" d file: -+PR_SET_SECCOMP seccompsandbox.c 37;" d file: -+PTRACE_O_TRACECLONE ptracesandbox.c 70;" d file: -+PTRACE_O_TRACEFORK ptracesandbox.c 62;" d file: -+PTRACE_O_TRACESYSGOOD ptracesandbox.c 58;" d file: -+PTRACE_O_TRACEVFORK ptracesandbox.c 66;" d file: -+PTRACE_SANDBOX_ERR_API_ABUSE_STOPIT ptracesandbox.h 261;" d -+PTRACE_SANDBOX_ERR_BAD_SYSCALL ptracesandbox.h 257;" d -+PTRACE_SANDBOX_ERR_DEAD ptracesandbox.h 247;" d -+PTRACE_SANDBOX_ERR_POLICY_ARGS ptracesandbox.h 259;" d -+PTRACE_SANDBOX_ERR_POLICY_SYSCALL ptracesandbox.h 255;" d -+PTRACE_SANDBOX_ERR_PTRACE ptracesandbox.h 249;" d -+PTRACE_SANDBOX_ERR_WAITPID ptracesandbox.h 251;" d -+PTRACE_SANDBOX_ERR_WAIT_STATUS ptracesandbox.h 253;" d -+PTRACE_SETOPTIONS ptracesandbox.c 54;" d file: -+SHUT_RD sysutil.c 1921;" d file: -+SHUT_RDWR sysutil.c 1911;" d file: -+UNUSED ssl.c 792;" d file: -+VSFTP_ASCII_H ascii.h 2;" d -+VSFTP_AS_LIMIT defs.h 22;" d -+VSFTP_COMMAND_FD defs.h 6;" d -+VSFTP_CONF_FILE_MAX defs.h 15;" d -+VSFTP_DATA_BUFSIZE defs.h 11;" d -+VSFTP_DEFAULT_CONFIG defs.h 4;" d -+VSFTP_DIR_BUFSIZE defs.h 12;" d -+VSFTP_HASH_H hash.h 2;" d -+VSFTP_LISTEN_BACKLOG defs.h 16;" d -+VSFTP_MATCHITERS_MAX defs.h 13;" d -+VSFTP_MAX_COMMAND_LINE defs.h 10;" d -+VSFTP_MAX_MSGFILE_SIZE banner.c 24;" d file: -+VSFTP_MAX_VISIT_REMEMBER banner.c 23;" d file: -+VSFTP_NETSTR_H netstr.h 2;" d -+VSFTP_PASSWORD_MAX defs.h 8;" d -+VSFTP_PATH_MAX defs.h 14;" d -+VSFTP_PRIVSOCK_MAXSTR defs.h 21;" d -+VSFTP_ROOT_UID defs.h 18;" d -+VSFTP_SECURE_UMASK defs.h 17;" d -+VSFTP_STRING_HELPER filestr.c 13;" d file: -+VSFTP_STR_H str.h 2;" d -+VSFTP_USERNAME_MAX defs.h 9;" d -+VSF_ACCESS_H access.h 2;" d -+VSF_AIX_BOGONS_H port/aix_bogons.h 2;" d -+VSF_BANNER_H banner.h 2;" d -+VSF_BUILDDEFS_H builddefs.h 2;" d -+VSF_BUILD_PAM builddefs.h 5;" d -+VSF_BUILD_SSL builddefs.h 6;" d -+VSF_BUILD_SSL dummyinc/openssl/ssl.h 4;" d -+VSF_BUILD_TCPWRAPPERS builddefs.h 4;" d -+VSF_CMSG_EXTRAS_H port/cmsg_extras.h 2;" d -+VSF_DEFS_H defs.h 2;" d -+VSF_DIRFD_EXTRAS_H port/dirfd_extras.h 2;" d -+VSF_DUMMYINC_CAPABILITY_H dummyinc/sys/capability.h 2;" d -+VSF_DUMMYINC_CRYPT_H dummyinc/crypt.h 2;" d -+VSF_DUMMYINC_PAM_APPL_H dummyinc/security/pam_appl.h 2;" d -+VSF_DUMMYINC_PRCTL_H dummyinc/sys/prctl.h 2;" d -+VSF_DUMMYINC_SENDFILE_H dummyinc/sys/sendfile.h 2;" d -+VSF_DUMMYINC_SHADOW_H dummyinc/shadow.h 2;" d -+VSF_DUMMYINC_SSL_H dummyinc/openssl/ssl.h 2;" d -+VSF_DUMMYINC_UTMPX_H dummyinc/utmpx.h 2;" d -+VSF_FEATURES_H features.h 2;" d -+VSF_FILESIZE_H filesize.h 2;" d -+VSF_FILESTR_H filestr.h 2;" d -+VSF_FTPCMDIO_H ftpcmdio.h 2;" d -+VSF_FTPCODES_H ftpcodes.h 2;" d -+VSF_FTPDATAIO_H ftpdataio.h 2;" d -+VSF_FTPPOLICY_H ftppolicy.h 2;" d -+VSF_HPUX_BOGONS_H port/hpux_bogons.h 2;" d -+VSF_IPADDRPARSE_H ipaddrparse.h 2;" d -+VSF_IRIX_BOGONS_H port/irix_bogons.h 2;" d -+VSF_LOGGING_H logging.h 2;" d -+VSF_LOGINPRIVPARENT_H postprivparent.h 2;" d -+VSF_LS_H ls.h 2;" d -+VSF_ONEPROCESS_H oneprocess.h 2;" d -+VSF_OPTS_H opts.h 2;" d -+VSF_PARSECONF_H parseconf.h 2;" d -+VSF_PORTINGJUNK_H port/porting_junk.h 2;" d -+VSF_POSTLOGIN_H postlogin.h 2;" d -+VSF_PRELOGIN_H prelogin.h 2;" d -+VSF_PRIVOPS_H privops.h 2;" d -+VSF_PRIVSOCK_H privsock.h 2;" d -+VSF_PTRACESANDBOX_H ptracesandbox.h 2;" d -+VSF_READWRITE_H readwrite.h 2;" d -+VSF_SECBUF_H secbuf.h 2;" d -+VSF_SECCOMPSANDBOX_H seccompsandbox.h 2;" d -+VSF_SECUTIL_H secutil.h 2;" d -+VSF_SECUTIL_OPTION_ALLOW_WRITEABLE_ROOT secutil.h 36;" d -+VSF_SECUTIL_OPTION_CHANGE_EUID secutil.h 30;" d -+VSF_SECUTIL_OPTION_CHROOT secutil.h 26;" d -+VSF_SECUTIL_OPTION_NO_FDS secutil.h 32;" d -+VSF_SECUTIL_OPTION_NO_PROCS secutil.h 34;" d -+VSF_SECUTIL_OPTION_USE_GROUPS secutil.h 28;" d -+VSF_SESSION_H session.h 2;" d -+VSF_SOLARIS_BOGONS_H port/solaris_bogons.h 2;" d -+VSF_SSLSLAVE_H sslslave.h 2;" d -+VSF_SSL_H ssl.h 2;" d -+VSF_STANDALONE_H standalone.h 2;" d -+VSF_STRLIST_H strlist.h 2;" d -+VSF_SYSDEPUTIL_H sysdeputil.h 2;" d -+VSF_SYSDEP_HAVE_AIX_SENDFILE sysdeputil.c 154;" d file: -+VSF_SYSDEP_HAVE_AIX_SENDFILE sysdeputil.c 52;" d file: -+VSF_SYSDEP_HAVE_CAPABILITIES sysdeputil.c 46;" d file: -+VSF_SYSDEP_HAVE_CAPABILITIES sysdeputil.c 95;" d file: -+VSF_SYSDEP_HAVE_FREEBSD_SENDFILE sysdeputil.c 108;" d file: -+VSF_SYSDEP_HAVE_FREEBSD_SENDFILE sysdeputil.c 50;" d file: -+VSF_SYSDEP_HAVE_HPUX_SENDFILE sysdeputil.c 126;" d file: -+VSF_SYSDEP_HAVE_HPUX_SENDFILE sysdeputil.c 51;" d file: -+VSF_SYSDEP_HAVE_HPUX_SETPROCTITLE sysdeputil.c 131;" d file: -+VSF_SYSDEP_HAVE_HPUX_SETPROCTITLE sysdeputil.c 55;" d file: -+VSF_SYSDEP_HAVE_LIBCAP dummyinc/sys/capability.h 4;" d -+VSF_SYSDEP_HAVE_LIBCAP sysdeputil.c 144;" d file: -+VSF_SYSDEP_HAVE_LIBCAP sysdeputil.c 149;" d file: -+VSF_SYSDEP_HAVE_LIBCAP sysdeputil.c 64;" d file: -+VSF_SYSDEP_HAVE_LINUX_CLONE sysdeputil.c 58;" d file: -+VSF_SYSDEP_HAVE_LINUX_CLONE sysdeputil.c 74;" d file: -+VSF_SYSDEP_HAVE_LINUX_SENDFILE sysdeputil.c 49;" d file: -+VSF_SYSDEP_HAVE_LINUX_SENDFILE sysdeputil.c 96;" d file: -+VSF_SYSDEP_HAVE_MAP_ANON sysdeputil.c 139;" d file: -+VSF_SYSDEP_HAVE_MAP_ANON sysdeputil.c 156;" d file: -+VSF_SYSDEP_HAVE_MAP_ANON sysdeputil.c 56;" d file: -+VSF_SYSDEP_HAVE_PAM dummyinc/security/pam_appl.h 4;" d -+VSF_SYSDEP_HAVE_PAM sysdeputil.c 151;" d file: -+VSF_SYSDEP_HAVE_PAM sysdeputil.c 60;" d file: -+VSF_SYSDEP_HAVE_SETKEEPCAPS sysdeputil.c 47;" d file: -+VSF_SYSDEP_HAVE_SETKEEPCAPS sysdeputil.c 98;" d file: -+VSF_SYSDEP_HAVE_SETPDEATHSIG sysdeputil.c 101;" d file: -+VSF_SYSDEP_HAVE_SETPDEATHSIG sysdeputil.c 48;" d file: -+VSF_SYSDEP_HAVE_SETPROCTITLE sysdeputil.c 109;" d file: -+VSF_SYSDEP_HAVE_SETPROCTITLE sysdeputil.c 114;" d file: -+VSF_SYSDEP_HAVE_SETPROCTITLE sysdeputil.c 153;" d file: -+VSF_SYSDEP_HAVE_SETPROCTITLE sysdeputil.c 53;" d file: -+VSF_SYSDEP_HAVE_SHADOW dummyinc/shadow.h 4;" d -+VSF_SYSDEP_HAVE_SHADOW sysdeputil.c 152;" d file: -+VSF_SYSDEP_HAVE_SHADOW sysdeputil.c 62;" d file: -+VSF_SYSDEP_HAVE_SOLARIS_SENDFILE dummyinc/sys/sendfile.h 4;" d -+VSF_SYSDEP_HAVE_SOLARIS_SENDFILE sysdeputil.c 168;" d file: -+VSF_SYSDEP_HAVE_USERSHELL sysdeputil.c 143;" d file: -+VSF_SYSDEP_HAVE_USERSHELL sysdeputil.c 148;" d file: -+VSF_SYSDEP_HAVE_USERSHELL sysdeputil.c 160;" d file: -+VSF_SYSDEP_HAVE_USERSHELL sysdeputil.c 63;" d file: -+VSF_SYSDEP_HAVE_UTMPX dummyinc/utmpx.h 4;" d -+VSF_SYSDEP_HAVE_UTMPX sysdeputil.c 119;" d file: -+VSF_SYSDEP_HAVE_UTMPX sysdeputil.c 133;" d file: -+VSF_SYSDEP_HAVE_UTMPX sysdeputil.c 150;" d file: -+VSF_SYSDEP_HAVE_UTMPX sysdeputil.c 65;" d file: -+VSF_SYSDEP_NEED_OLD_FD_PASSING sysdeputil.c 164;" d file: -+VSF_SYSDEP_NEED_OLD_FD_PASSING sysdeputil.c 57;" d file: -+VSF_SYSDEP_TRY_LINUX_SETPROCTITLE_HACK sysdeputil.c 155;" d file: -+VSF_SYSDEP_TRY_LINUX_SETPROCTITLE_HACK sysdeputil.c 54;" d file: -+VSF_SYSDEP_TRY_LINUX_SETPROCTITLE_HACK sysdeputil.c 91;" d file: -+VSF_SYSSTR_H sysstr.h 2;" d -+VSF_SYSUTIL_H sysutil.h 2;" d -+VSF_TCPWRAP_H tcpwrap.h 2;" d -+VSF_TRU64_BOGONS_H port/tru64_bogons.h 2;" d -+VSF_TUNABLES_H tunables.h 2;" d -+VSF_TWOPROCESS_H twoprocess.h 2;" d -+VSF_UTILITY_H utility.h 2;" d -+VSF_VERSION vsftpver.h 4;" d -+VSF_VERSION_H vsftpver.h 2;" d -+WTMPX_FILE sysdeputil.c 117;" d file: -+_FILE_OFFSET_BITS port/solaris_bogons.h 11;" d -+_FILE_OFFSET_BITS sysdeputil.c 27;" d file: -+_FILE_OFFSET_BITS sysutil.c 21;" d file: -+_LARGEFILE64_SOURCE port/solaris_bogons.h 13;" d -+_LARGEFILE64_SOURCE sysdeputil.c 29;" d file: -+_LARGEFILE64_SOURCE sysutil.c 23;" d file: -+_LARGEFILE_SOURCE port/solaris_bogons.h 12;" d -+_LARGEFILE_SOURCE sysdeputil.c 28;" d file: -+_LARGEFILE_SOURCE sysutil.c 22;" d file: -+_LARGE_FILES sysutil.c 24;" d file: -+_XPG4_2 port/solaris_bogons.h 5;" d -+__EXTENSIONS__ port/solaris_bogons.h 8;" d -+__FDMASK sysdeputil.c 198;" d file: -+__NFDBITS sysdeputil.c 197;" d file: -+__NR_exit_group ptracesandbox.c 43;" d file: -+__NR_openat seccompsandbox.c 45;" d file: -+__NR_sendfile64 ptracesandbox.c 39;" d file: -+__NR_utimes ptracesandbox.c 47;" d file: -+__USE_GNU sysdeputil.c 67;" d file: -+__USE_GNU sysutil.c 62;" d file: -+abor_received session.h /^ int abor_received;$/;" m struct:vsf_session -+allow_nr seccompsandbox.c /^allow_nr(int nr)$/;" f file: -+allow_nr_1_arg_mask seccompsandbox.c /^allow_nr_1_arg_mask(int nr, int arg, int val)$/;" f file: -+allow_nr_1_arg_match seccompsandbox.c /^allow_nr_1_arg_match(int nr, int arg, int val)$/;" f file: -+allow_nr_2_arg_mask_match seccompsandbox.c /^allow_nr_2_arg_mask_match(int nr, int arg1, int val1, int arg2, int val2)$/;" f file: -+allow_nr_2_arg_match seccompsandbox.c /^allow_nr_2_arg_match(int nr, int arg1, int val1, int arg2, int val2)$/;" f file: -+allow_nr_3_arg_match seccompsandbox.c /^allow_nr_3_arg_match(int nr, int arg1, int val1, int arg2, int val2, int arg3,$/;" f file: -+allow_severity tcpwrap.c /^int allow_severity = LOG_INFO;$/;" v -+anon_ftp_uid session.h /^ unsigned int anon_ftp_uid;$/;" m struct:vsf_session -+anon_pass_str session.h /^ struct mystr anon_pass_str;$/;" m struct:vsf_session typeref:struct:vsf_session::mystr -+anon_upload_chown_uid session.h /^ unsigned int anon_upload_chown_uid;$/;" m struct:vsf_session -+ascii_to_bin_ret ascii.h /^struct ascii_to_bin_ret$/;" s -+banned_email_str session.h /^ struct mystr banned_email_str;$/;" m struct:vsf_session typeref:struct:vsf_session::mystr -+banner_str session.h /^ struct mystr banner_str;$/;" m struct:vsf_session typeref:struct:vsf_session::mystr -+bin_to_ascii_ret ascii.h /^struct bin_to_ascii_ret$/;" s -+bio_callback ssl.c /^bio_callback($/;" f file: -+buckets hash.c /^ unsigned int buckets;$/;" m struct:hash file: -+bug utility.c /^bug(const char* p_text)$/;" f -+build_dir_line ls.c /^build_dir_line(struct mystr* p_str, const struct mystr* p_filename_str,$/;" f file: -+bw_rate_max session.h /^ unsigned int bw_rate_max;$/;" m struct:vsf_session -+bw_send_start_sec session.h /^ long bw_send_start_sec;$/;" m struct:vsf_session -+bw_send_start_usec session.h /^ long bw_send_start_usec;$/;" m struct:vsf_session -+calc_num_send ftpdataio.c /^calc_num_send(int file_fd, filesize_t init_offset)$/;" f file: -+calculate_chdir_dir twoprocess.c /^calculate_chdir_dir(int anon_login, struct mystr* p_userdir_str,$/;" f file: -+capset sysdeputil.c /^int capset(cap_user_header_t header, const cap_user_data_t data)$/;" f -+char_found str.h /^ char char_found;$/;" m struct:str_locate_result -+check_abor postlogin.c /^check_abor(struct vsf_session* p_sess)$/;" f file: -+check_limits prelogin.c /^check_limits(struct vsf_session* p_sess)$/;" f file: -+check_login_delay prelogin.c /^static void check_login_delay()$/;" f file: -+check_login_fails prelogin.c /^static void check_login_fails(struct vsf_session* p_sess)$/;" f file: -+child_fd session.h /^ int child_fd;$/;" m struct:vsf_session -+cmd_process_chown postprivparent.c /^cmd_process_chown(struct vsf_session* p_sess)$/;" f file: -+cmd_process_get_data_sock postprivparent.c /^cmd_process_get_data_sock(struct vsf_session* p_sess)$/;" f file: -+cmd_process_pasv_accept postprivparent.c /^cmd_process_pasv_accept(struct vsf_session* p_sess)$/;" f file: -+cmd_process_pasv_active postprivparent.c /^cmd_process_pasv_active(struct vsf_session* p_sess)$/;" f file: -+cmd_process_pasv_cleanup postprivparent.c /^cmd_process_pasv_cleanup(struct vsf_session* p_sess)$/;" f file: -+cmd_process_pasv_listen postprivparent.c /^cmd_process_pasv_listen(struct vsf_session* p_sess)$/;" f file: -+common_do_login twoprocess.c /^common_do_login(struct vsf_session* p_sess, const struct mystr* p_user_str,$/;" f file: -+connect_validator ftppolicy.c /^connect_validator(struct pt_sandbox* p_sandbox, void* p_arg)$/;" f file: -+control_cert_digest session.h /^ struct mystr control_cert_digest;$/;" m struct:vsf_session typeref:struct:vsf_session::mystr -+control_getline ftpcmdio.c /^control_getline(struct mystr* p_str, struct vsf_session* p_sess)$/;" f file: -+control_use_ssl session.h /^ int control_use_ssl;$/;" m struct:vsf_session -+data_fd session.h /^ int data_fd;$/;" m struct:vsf_session -+data_progress session.h /^ int data_progress;$/;" m struct:vsf_session -+data_timeout session.h /^ int data_timeout;$/;" m struct:vsf_session -+data_transfer_checks_ok postlogin.c /^data_transfer_checks_ok(struct vsf_session* p_sess)$/;" f file: -+data_use_ssl session.h /^ int data_use_ssl;$/;" m struct:vsf_session -+debug_str ssl.c /^static struct mystr debug_str;$/;" v typeref:struct:mystr file: -+deny_severity tcpwrap.c /^int deny_severity = LOG_WARNING;$/;" v -+die utility.c /^die(const char* p_text)$/;" f -+die2 utility.c /^die2(const char* p_text1, const char* p_text2)$/;" f -+die_unless_privileged main.c /^die_unless_privileged(void)$/;" f file: -+dirfd port/dirfd_extras.h 4;" d -+do_checkcap sysdeputil.c /^do_checkcap(void)$/;" f file: -+do_file_recv ftpdataio.c /^do_file_recv(struct vsf_session* p_sess, int file_fd, int is_ascii)$/;" f file: -+do_file_send_rwloop ftpdataio.c /^do_file_send_rwloop(struct vsf_session* p_sess, int file_fd, int is_ascii)$/;" f file: -+do_file_send_sendfile ftpdataio.c /^do_file_send_sendfile(struct vsf_session* p_sess, int net_fd, int file_fd,$/;" f file: -+do_sanity_checks main.c /^do_sanity_checks(void)$/;" f file: -+do_sendfile sysdeputil.c /^static int do_sendfile(const int out_fd, const int in_fd,$/;" f file: -+drop_all_privs twoprocess.c /^drop_all_privs(void)$/;" f file: -+drop_ip_count standalone.c /^drop_ip_count(void* p_raw_addr)$/;" f file: -+email_passwords_str session.h /^ struct mystr email_passwords_str;$/;" m struct:vsf_session typeref:struct:vsf_session::mystr -+emit_greeting prelogin.c /^emit_greeting(struct vsf_session* p_sess)$/;" f file: -+env_init main.c /^env_init(void)$/;" f file: -+epsv_all session.h /^ int epsv_all;$/;" m struct:vsf_session -+exitfunc_t sysutil.h /^typedef void (*exitfunc_t)(void);$/;" t -+filesize_t filesize.h /^typedef long long filesize_t;$/;" t -+find_func vsf_findlibs.sh /^find_func() { egrep $1 $2 >\/dev\/null; }$/;" f -+found str.h /^ int found;$/;" m struct:str_locate_result -+ftp_arg_str session.h /^ struct mystr ftp_arg_str;$/;" m struct:vsf_session typeref:struct:vsf_session::mystr -+ftp_cmd_str session.h /^ struct mystr ftp_cmd_str;$/;" m struct:vsf_session typeref:struct:vsf_session::mystr -+ftp_getline readwrite.c /^ftp_getline(struct vsf_session* p_sess, struct mystr* p_str, char* p_buf)$/;" f -+ftp_read_data readwrite.c /^ftp_read_data(struct vsf_session* p_sess, char* p_buf, unsigned int len)$/;" f -+ftp_write_data readwrite.c /^ftp_write_data(const struct vsf_session* p_sess, const char* p_buf,$/;" f -+ftp_write_str readwrite.c /^ftp_write_str(const struct vsf_session* p_sess, const struct mystr* p_str,$/;" f -+ftp_write_str_common ftpcmdio.c /^ftp_write_str_common(struct vsf_session* p_sess, int status, char sep,$/;" f file: -+ftp_write_text_common ftpcmdio.c /^ftp_write_text_common(struct vsf_session* p_sess, int status,$/;" f file: -+get_action ptracesandbox.c /^get_action(struct pt_sandbox* p_sandbox)$/;" f file: -+get_chunk_size ftpdataio.c /^get_chunk_size()$/;" f file: -+get_remote_transfer_fd postlogin.c /^get_remote_transfer_fd(struct vsf_session* p_sess, const char* p_status_msg)$/;" f file: -+get_ssl ssl.c /^get_ssl(struct vsf_session* p_sess, int fd)$/;" f file: -+get_ssl_error ssl.c /^get_ssl_error()$/;" f file: -+get_unique_filename postlogin.c /^get_unique_filename(struct mystr* p_outstr, const struct mystr* p_base_str)$/;" f file: -+getsockopt_validator ftppolicy.c /^getsockopt_validator(struct pt_sandbox* p_sandbox, void* p_arg)$/;" f file: -+guest_user_uid session.h /^ unsigned int guest_user_uid;$/;" m struct:vsf_session -+handle_alarm_timeout ftpcmdio.c /^handle_alarm_timeout(void* p_private)$/;" f file: -+handle_anonymous_login privops.c /^handle_anonymous_login(struct vsf_session* p_sess,$/;" f file: -+handle_appe postlogin.c /^handle_appe(struct vsf_session* p_sess)$/;" f file: -+handle_auth ssl.c /^handle_auth(struct vsf_session* p_sess)$/;" f -+handle_cdup postlogin.c /^handle_cdup(struct vsf_session* p_sess)$/;" f file: -+handle_cwd postlogin.c /^handle_cwd(struct vsf_session* p_sess)$/;" f file: -+handle_dele postlogin.c /^handle_dele(struct vsf_session* p_sess)$/;" f file: -+handle_dir_common postlogin.c /^handle_dir_common(struct vsf_session* p_sess, int full_details, int stat_cmd)$/;" f file: -+handle_eprt postlogin.c /^handle_eprt(struct vsf_session* p_sess)$/;" f file: -+handle_feat features.c /^handle_feat(struct vsf_session* p_sess)$/;" f -+handle_get prelogin.c /^handle_get(struct vsf_session* p_sess)$/;" f file: -+handle_help postlogin.c /^handle_help(struct vsf_session* p_sess)$/;" f file: -+handle_http postlogin.c /^handle_http(struct vsf_session* p_sess)$/;" f file: -+handle_io ftpdataio.c /^handle_io(int retval, int fd, void* p_private)$/;" f file: -+handle_ip_count standalone.c /^handle_ip_count(void* p_ipaddr)$/;" f file: -+handle_list postlogin.c /^handle_list(struct vsf_session* p_sess)$/;" f file: -+handle_local_login privops.c /^handle_local_login(struct vsf_session* p_sess,$/;" f file: -+handle_logged_in_pass postlogin.c /^static void handle_logged_in_pass(struct vsf_session* p_sess)$/;" f file: -+handle_logged_in_user postlogin.c /^static void handle_logged_in_user(struct vsf_session* p_sess)$/;" f file: -+handle_login privops.c /^handle_login(struct vsf_session* p_sess, struct mystr* p_user_str,$/;" f file: -+handle_mdtm postlogin.c /^handle_mdtm(struct vsf_session* p_sess)$/;" f file: -+handle_mkd postlogin.c /^handle_mkd(struct vsf_session* p_sess)$/;" f file: -+handle_nlst postlogin.c /^handle_nlst(struct vsf_session* p_sess)$/;" f file: -+handle_opts opts.c /^handle_opts(struct vsf_session* p_sess)$/;" f -+handle_pass_command prelogin.c /^handle_pass_command(struct vsf_session* p_sess)$/;" f file: -+handle_pasv postlogin.c /^handle_pasv(struct vsf_session* p_sess, int is_epsv)$/;" f file: -+handle_pbsz ssl.c /^handle_pbsz(struct vsf_session* p_sess)$/;" f -+handle_per_user_config twoprocess.c /^handle_per_user_config(const struct mystr* p_user_str)$/;" f file: -+handle_port postlogin.c /^handle_port(struct vsf_session* p_sess)$/;" f file: -+handle_prot ssl.c /^handle_prot(struct vsf_session* p_sess)$/;" f -+handle_pwd postlogin.c /^handle_pwd(struct vsf_session* p_sess)$/;" f file: -+handle_rest postlogin.c /^handle_rest(struct vsf_session* p_sess)$/;" f file: -+handle_retr postlogin.c /^handle_retr(struct vsf_session* p_sess, int is_http)$/;" f file: -+handle_rmd postlogin.c /^handle_rmd(struct vsf_session* p_sess)$/;" f file: -+handle_rnfr postlogin.c /^handle_rnfr(struct vsf_session* p_sess)$/;" f file: -+handle_rnto postlogin.c /^handle_rnto(struct vsf_session* p_sess)$/;" f file: -+handle_sigalrm ftpdataio.c /^handle_sigalrm(void* p_private)$/;" f file: -+handle_sigalrm standalone.c /^handle_sigalrm(int sig)$/;" f file: -+handle_sigchld ptracesandbox.c /^handle_sigchld(int sig)$/;" f -+handle_sigchld standalone.c /^handle_sigchld(void* duff)$/;" f file: -+handle_sigchld twoprocess.c /^handle_sigchld(void* duff)$/;" f file: -+handle_sighup standalone.c /^handle_sighup(void* duff)$/;" f file: -+handle_sigsys seccompsandbox.c /^handle_sigsys(int sig)$/;" f -+handle_sigterm twoprocess.c /^handle_sigterm(void* duff)$/;" f file: -+handle_sigurg postlogin.c /^handle_sigurg(void* p_private)$/;" f file: -+handle_sigusr1 standalone.c /^handle_sigusr1(int sig)$/;" f file: -+handle_site postlogin.c /^handle_site(struct vsf_session* p_sess)$/;" f file: -+handle_site_chmod postlogin.c /^handle_site_chmod(struct vsf_session* p_sess, struct mystr* p_arg_str)$/;" f file: -+handle_site_umask postlogin.c /^handle_site_umask(struct vsf_session* p_sess, struct mystr* p_arg_str)$/;" f file: -+handle_size postlogin.c /^handle_size(struct vsf_session* p_sess)$/;" f file: -+handle_stat postlogin.c /^handle_stat(struct vsf_session* p_sess)$/;" f file: -+handle_stat_file postlogin.c /^handle_stat_file(struct vsf_session* p_sess)$/;" f file: -+handle_stor postlogin.c /^handle_stor(struct vsf_session* p_sess)$/;" f file: -+handle_stou postlogin.c /^handle_stou(struct vsf_session* p_sess)$/;" f file: -+handle_type postlogin.c /^handle_type(struct vsf_session* p_sess)$/;" f file: -+handle_upload_common postlogin.c /^handle_upload_common(struct vsf_session* p_sess, int is_append, int is_unique)$/;" f file: -+handle_user_command prelogin.c /^handle_user_command(struct vsf_session* p_sess)$/;" f file: -+hash hash.c /^struct hash$/;" s file: -+hash_add_entry hash.c /^hash_add_entry(struct hash* p_hash, void* p_key, void* p_value)$/;" f -+hash_alloc hash.c /^hash_alloc(unsigned int buckets, unsigned int key_size,$/;" f -+hash_free_entry hash.c /^hash_free_entry(struct hash* p_hash, void* p_key)$/;" f -+hash_func hash.c /^ hashfunc_t hash_func;$/;" m struct:hash file: -+hash_get_bucket hash.c /^hash_get_bucket(struct hash* p_hash, void* p_key)$/;" f -+hash_get_node_by_key hash.c /^hash_get_node_by_key(struct hash* p_hash, void* p_key)$/;" f -+hash_ip standalone.c /^hash_ip(unsigned int buckets, void* p_key)$/;" f file: -+hash_lookup_entry hash.c /^hash_lookup_entry(struct hash* p_hash, void* p_key)$/;" f -+hash_node hash.c /^struct hash_node$/;" s file: -+hash_pid standalone.c /^hash_pid(unsigned int buckets, void* p_key)$/;" f file: -+hashfunc_t hash.h /^typedef unsigned int (*hashfunc_t)(unsigned int, void*);$/;" t -+home_str session.h /^ struct mystr home_str;$/;" m struct:vsf_session typeref:struct:vsf_session::mystr -+http_get_arg session.h /^ struct mystr http_get_arg;$/;" m struct:vsf_session typeref:struct:vsf_session::mystr -+idle_timeout session.h /^ int idle_timeout;$/;" m struct:vsf_session -+index str.h /^ unsigned int index;$/;" m struct:str_locate_result -+init_connection prelogin.c /^init_connection(struct vsf_session* p_sess)$/;" f -+init_data_sock_params ftpdataio.c /^init_data_sock_params(struct vsf_session* p_sess, int sock_fd)$/;" f file: -+install_socketcall ptracesandbox.c /^install_socketcall(struct pt_sandbox* p_sandbox)$/;" f file: -+install_str_setting tunables.c /^install_str_setting(const char* p_value, const char** p_storage)$/;" f -+ipv4_parse_dotquad ipaddrparse.c /^ipv4_parse_dotquad(struct mystr* p_out_str, const struct mystr* p_in_str)$/;" f file: -+ipv6_parse_hex ipaddrparse.c /^ipv6_parse_hex(struct mystr* p_out_str, const struct mystr* p_in_str)$/;" f file: -+ipv6_parse_main ipaddrparse.c /^ipv6_parse_main(struct mystr* p_out_str, const struct mystr* p_in_str)$/;" f file: -+is_allowed ptracesandbox.c /^ int is_allowed[MAX_SYSCALL];$/;" m struct:pt_sandbox file: -+is_anonymous session.h /^ int is_anonymous;$/;" m struct:vsf_session -+is_ascii session.h /^ int is_ascii;$/;" m struct:vsf_session -+is_exit ptracesandbox.c /^ int is_exit;$/;" m struct:pt_sandbox file: -+is_guest session.h /^ int is_guest;$/;" m struct:vsf_session -+is_http session.h /^ int is_http;$/;" m struct:vsf_session -+is_socketcall_allowed ptracesandbox.c /^ int is_socketcall_allowed[NPROTO];$/;" m struct:pt_sandbox file: -+kCapabilityCAP_CHOWN sysdeputil.h /^ kCapabilityCAP_CHOWN = 1,$/;" e enum:ESysdepCapabilities -+kCapabilityCAP_NET_BIND_SERVICE sysdeputil.h /^ kCapabilityCAP_NET_BIND_SERVICE = 2$/;" e enum:ESysdepCapabilities -+kMaxStrlist strlist.c /^static const unsigned int kMaxStrlist = 10 * 1000 * 1000;$/;" v file: -+kMaxSyscalls seccompsandbox.c 60;" d file: -+kOpenFlags seccompsandbox.c /^static const int kOpenFlags =$/;" v file: -+kVSFLogEntryChmod logging.h /^ kVSFLogEntryChmod,$/;" e enum:EVSFLogEntryType -+kVSFLogEntryConnection logging.h /^ kVSFLogEntryConnection,$/;" e enum:EVSFLogEntryType -+kVSFLogEntryDebug logging.h /^ kVSFLogEntryDebug,$/;" e enum:EVSFLogEntryType -+kVSFLogEntryDelete logging.h /^ kVSFLogEntryDelete,$/;" e enum:EVSFLogEntryType -+kVSFLogEntryDownload logging.h /^ kVSFLogEntryDownload,$/;" e enum:EVSFLogEntryType -+kVSFLogEntryFTPInput logging.h /^ kVSFLogEntryFTPInput,$/;" e enum:EVSFLogEntryType -+kVSFLogEntryFTPOutput logging.h /^ kVSFLogEntryFTPOutput,$/;" e enum:EVSFLogEntryType -+kVSFLogEntryLogin logging.h /^ kVSFLogEntryLogin,$/;" e enum:EVSFLogEntryType -+kVSFLogEntryMkdir logging.h /^ kVSFLogEntryMkdir,$/;" e enum:EVSFLogEntryType -+kVSFLogEntryNull logging.h /^ kVSFLogEntryNull = 1,$/;" e enum:EVSFLogEntryType -+kVSFLogEntryRename logging.h /^ kVSFLogEntryRename,$/;" e enum:EVSFLogEntryType -+kVSFLogEntryRmdir logging.h /^ kVSFLogEntryRmdir,$/;" e enum:EVSFLogEntryType -+kVSFLogEntryUpload logging.h /^ kVSFLogEntryUpload,$/;" e enum:EVSFLogEntryType -+kVSFLoginAnon privops.h /^ kVSFLoginAnon,$/;" e enum:EVSFPrivopLoginResult -+kVSFLoginFail privops.h /^ kVSFLoginFail,$/;" e enum:EVSFPrivopLoginResult -+kVSFLoginNull privops.h /^ kVSFLoginNull = 0,$/;" e enum:EVSFPrivopLoginResult -+kVSFLoginReal privops.h /^ kVSFLoginReal$/;" e enum:EVSFPrivopLoginResult -+kVSFRWControl readwrite.h /^ kVSFRWControl = 1,$/;" e enum:EVSFRWTarget -+kVSFRWData readwrite.h /^ kVSFRWData$/;" e enum:EVSFRWTarget -+kVSFSysStrOpenReadOnly sysstr.h /^ kVSFSysStrOpenReadOnly = 1$/;" e enum:EVSFSysStrOpenMode -+kVSFSysStrOpenUnknown sysstr.h /^ kVSFSysStrOpenUnknown = 0,$/;" e enum:EVSFSysStrOpenMode -+kVSFSysUtilErrACCES sysutil.h /^ kVSFSysUtilErrACCES,$/;" e enum:EVSFSysUtilError -+kVSFSysUtilErrADDRINUSE sysutil.h /^ kVSFSysUtilErrADDRINUSE,$/;" e enum:EVSFSysUtilError -+kVSFSysUtilErrAGAIN sysutil.h /^ kVSFSysUtilErrAGAIN$/;" e enum:EVSFSysUtilError -+kVSFSysUtilErrINTR sysutil.h /^ kVSFSysUtilErrINTR,$/;" e enum:EVSFSysUtilError -+kVSFSysUtilErrINVAL sysutil.h /^ kVSFSysUtilErrINVAL,$/;" e enum:EVSFSysUtilError -+kVSFSysUtilErrNOENT sysutil.h /^ kVSFSysUtilErrNOENT,$/;" e enum:EVSFSysUtilError -+kVSFSysUtilErrNOSYS sysutil.h /^ kVSFSysUtilErrNOSYS,$/;" e enum:EVSFSysUtilError -+kVSFSysUtilErrOPNOTSUPP sysutil.h /^ kVSFSysUtilErrOPNOTSUPP,$/;" e enum:EVSFSysUtilError -+kVSFSysUtilErrUnknown sysutil.h /^ kVSFSysUtilErrUnknown = 1,$/;" e enum:EVSFSysUtilError -+kVSFSysUtilIO sysutil.h /^ kVSFSysUtilIO$/;" e enum:EVSFSysUtilInterruptContext -+kVSFSysUtilMapProtNone sysutil.h /^ kVSFSysUtilMapProtNone$/;" e enum:EVSFSysUtilMapPermission -+kVSFSysUtilMapProtReadOnly sysutil.h /^ kVSFSysUtilMapProtReadOnly = 1,$/;" e enum:EVSFSysUtilMapPermission -+kVSFSysUtilOpenReadOnly sysutil.h /^ kVSFSysUtilOpenReadOnly = 1,$/;" e enum:EVSFSysUtilOpenMode -+kVSFSysUtilOpenReadWrite sysutil.h /^ kVSFSysUtilOpenReadWrite$/;" e enum:EVSFSysUtilOpenMode -+kVSFSysUtilOpenWriteOnly sysutil.h /^ kVSFSysUtilOpenWriteOnly,$/;" e enum:EVSFSysUtilOpenMode -+kVSFSysUtilSigALRM sysutil.h /^ kVSFSysUtilSigALRM = 1,$/;" e enum:EVSFSysUtilSignal -+kVSFSysUtilSigCHLD sysutil.h /^ kVSFSysUtilSigCHLD,$/;" e enum:EVSFSysUtilSignal -+kVSFSysUtilSigHUP sysutil.h /^ kVSFSysUtilSigHUP,$/;" e enum:EVSFSysUtilSignal -+kVSFSysUtilSigPIPE sysutil.h /^ kVSFSysUtilSigPIPE,$/;" e enum:EVSFSysUtilSignal -+kVSFSysUtilSigTERM sysutil.h /^ kVSFSysUtilSigTERM,$/;" e enum:EVSFSysUtilSignal -+kVSFSysUtilSigURG sysutil.h /^ kVSFSysUtilSigURG,$/;" e enum:EVSFSysUtilSignal -+kVSFSysUtilSigUSR1 sysutil.h /^ kVSFSysUtilSigUSR1$/;" e enum:EVSFSysUtilSignal -+kVSFSysUtilUnknown sysutil.h /^ kVSFSysUtilUnknown,$/;" e enum:EVSFSysUtilInterruptContext -+key_size hash.c /^ unsigned int key_size;$/;" m struct:hash file: -+last_was_cr ascii.h /^ int last_was_cr;$/;" m struct:ascii_to_bin_ret -+last_was_cr ascii.h /^ int last_was_cr;$/;" m struct:bin_to_ascii_ret -+limits_init main.c /^limits_init(void)$/;" f file: -+lo_const sysdeputil.c 312;" d file: -+lo_const sysdeputil.c 314;" d file: -+locate_library vsf_findlibs.sh /^locate_library() { [ ! "$1*" = "`echo $1*`" ]; }$/;" f -+lock_internal sysutil.c /^lock_internal(int fd, int lock_type)$/;" f file: -+log_start_sec session.h /^ long log_start_sec;$/;" m struct:vsf_session -+log_start_usec session.h /^ long log_start_usec;$/;" m struct:vsf_session -+log_str session.h /^ struct mystr log_str;$/;" m struct:vsf_session typeref:struct:vsf_session::mystr -+log_type session.h /^ unsigned long log_type;$/;" m struct:vsf_session -+login_fails session.h /^ unsigned int login_fails;$/;" m struct:vsf_session -+main main.c /^main(int argc, const char* argv[])$/;" f -+match_dh_bits ssl.c 62;" d file: -+maybe_log_shutdown_state ssl.c /^maybe_log_shutdown_state(struct vsf_session* p_sess)$/;" f file: -+maybe_log_ssl_error_state ssl.c /^maybe_log_ssl_error_state(struct vsf_session* p_sess, int ret)$/;" f file: -+minimize_privilege postprivparent.c /^minimize_privilege(struct vsf_session* p_sess)$/;" f file: -+mystr str.h /^struct mystr$/;" s -+mystr_list strlist.h /^struct mystr_list$/;" s -+mystr_list_node strlist.c /^struct mystr_list_node$/;" s file: -+num_children standalone.h /^ unsigned int num_children;$/;" m struct:vsf_client_launch -+num_clients session.h /^ unsigned int num_clients;$/;" m struct:vsf_session -+num_this_ip session.h /^ unsigned int num_this_ip;$/;" m struct:vsf_session -+num_this_ip standalone.h /^ unsigned int num_this_ip;$/;" m struct:vsf_client_launch -+one_process_start oneprocess.c /^one_process_start(void* p_arg)$/;" f file: -+p_buf ascii.h /^ char* p_buf;$/;" m struct:ascii_to_bin_ret -+p_control_line_buf session.h /^ char* p_control_line_buf;$/;" m struct:vsf_session -+p_control_ssl session.h /^ void* p_control_ssl;$/;" m struct:vsf_session -+p_data_ssl session.h /^ void* p_data_ssl;$/;" m struct:vsf_session -+p_key hash.c /^ void* p_key;$/;" m struct:hash_node file: -+p_local_addr session.h /^ struct vsf_sysutil_sockaddr* p_local_addr;$/;" m struct:vsf_session typeref:struct:vsf_session::vsf_sysutil_sockaddr -+p_next hash.c /^ struct hash_node* p_next;$/;" m struct:hash_node typeref:struct:hash_node::hash_node file: -+p_nodes hash.c /^ struct hash_node** p_nodes;$/;" m struct:hash typeref:struct:hash::hash_node file: -+p_port_sockaddr session.h /^ struct vsf_sysutil_sockaddr* p_port_sockaddr;$/;" m struct:vsf_session typeref:struct:vsf_session::vsf_sysutil_sockaddr -+p_prev hash.c /^ struct hash_node* p_prev;$/;" m struct:hash_node typeref:struct:hash_node::hash_node file: -+p_private sysutil.c /^ void* p_private;$/;" m struct:vsf_sysutil_sig_details file: -+p_remote_addr session.h /^ struct vsf_sysutil_sockaddr* p_remote_addr;$/;" m struct:vsf_session typeref:struct:vsf_session::vsf_sysutil_sockaddr -+p_setting_name parseconf.c /^ const char* p_setting_name;$/;" m struct:parseconf_bool_setting file: -+p_setting_name parseconf.c /^ const char* p_setting_name;$/;" m struct:parseconf_str_setting file: -+p_setting_name parseconf.c /^ const char* p_setting_name;$/;" m struct:parseconf_uint_setting file: -+p_ssl_ctx session.h /^ void* p_ssl_ctx;$/;" m struct:vsf_session -+p_value hash.c /^ void* p_value;$/;" m struct:hash_node file: -+p_variable parseconf.c /^ const char** p_variable;$/;" m struct:parseconf_str_setting file: -+p_variable parseconf.c /^ int* p_variable;$/;" m struct:parseconf_bool_setting file: -+p_variable parseconf.c /^ unsigned int* p_variable;$/;" m struct:parseconf_uint_setting file: -+p_visited_dir_list session.h /^ struct mystr_list* p_visited_dir_list;$/;" m struct:vsf_session typeref:struct:vsf_session::mystr_list -+pam_conv_func sysdeputil.c /^pam_conv_func(int nmsg, const struct pam_message** p_msg,$/;" f file: -+pam_item_t sysdeputil.c /^typedef lo_const void* pam_item_t;$/;" t file: -+parent_fd session.h /^ int parent_fd;$/;" m struct:vsf_session -+parse_username_password prelogin.c /^parse_username_password(struct vsf_session* p_sess)$/;" f file: -+parseconf_bool_array parseconf.c /^parseconf_bool_array[] =$/;" v typeref:struct:parseconf_bool_setting file: -+parseconf_bool_setting parseconf.c /^static struct parseconf_bool_setting$/;" s file: -+parseconf_str_array parseconf.c /^parseconf_str_array[] =$/;" v typeref:struct:parseconf_str_setting file: -+parseconf_str_setting parseconf.c /^static struct parseconf_str_setting$/;" s file: -+parseconf_uint_array parseconf.c /^parseconf_uint_array[] =$/;" v typeref:struct:parseconf_uint_setting file: -+parseconf_uint_setting parseconf.c /^static struct parseconf_uint_setting$/;" s file: -+pasv_active postlogin.c /^pasv_active(struct vsf_session* p_sess)$/;" f file: -+pasv_cleanup postlogin.c /^pasv_cleanup(struct vsf_session* p_sess)$/;" f file: -+pasv_listen_fd session.h /^ int pasv_listen_fd;$/;" m struct:vsf_session -+pending sysutil.c /^ volatile sig_atomic_t pending;$/;" m struct:vsf_sysutil_sig_details file: -+pid ptracesandbox.c /^ pid_t pid;$/;" m struct:pt_sandbox file: -+plain_peek_adapter readwrite.c /^plain_peek_adapter(struct vsf_session* p_sess, char* p_buf, unsigned int len)$/;" f file: -+plain_read_adapter readwrite.c /^plain_read_adapter(struct vsf_session* p_sess, char* p_buf, unsigned int len)$/;" f file: -+policy_setup ftppolicy.c /^policy_setup(struct pt_sandbox* p_sandbox, const struct vsf_session* p_sess)$/;" f -+port_active postlogin.c /^port_active(struct vsf_session* p_sess)$/;" f file: -+port_cleanup postlogin.c /^port_cleanup(struct vsf_session* p_sess)$/;" f file: -+prepare_child standalone.c /^prepare_child(int new_client_sock)$/;" f file: -+prepend_path_to_filename postlogin.c /^prepend_path_to_filename(struct mystr* p_str)$/;" f file: -+priv_sock_close privsock.c /^priv_sock_close(struct vsf_session* p_sess)$/;" f -+priv_sock_get_cmd privsock.c /^priv_sock_get_cmd(int fd)$/;" f -+priv_sock_get_int privsock.c /^priv_sock_get_int(int fd)$/;" f -+priv_sock_get_result privsock.c /^priv_sock_get_result(int fd)$/;" f -+priv_sock_get_str privsock.c /^priv_sock_get_str(int fd, struct mystr* p_dest)$/;" f -+priv_sock_init privsock.c /^priv_sock_init(struct vsf_session* p_sess)$/;" f -+priv_sock_recv_buf privsock.c /^priv_sock_recv_buf(int fd, char* p_buf, unsigned int len)$/;" f -+priv_sock_recv_fd privsock.c /^priv_sock_recv_fd(int fd)$/;" f -+priv_sock_send_buf privsock.c /^priv_sock_send_buf(int fd, const char* p_buf, unsigned int len)$/;" f -+priv_sock_send_cmd privsock.c /^priv_sock_send_cmd(int fd, char cmd)$/;" f -+priv_sock_send_fd privsock.c /^priv_sock_send_fd(int fd, int send_fd)$/;" f -+priv_sock_send_int privsock.c /^priv_sock_send_int(int fd, int the_int)$/;" f -+priv_sock_send_result privsock.c /^priv_sock_send_result(int fd, char res)$/;" f -+priv_sock_send_str privsock.c /^priv_sock_send_str(int fd, const struct mystr* p_str)$/;" f -+priv_sock_set_child_context privsock.c /^priv_sock_set_child_context(struct vsf_session* p_sess)$/;" f -+priv_sock_set_parent_context privsock.c /^priv_sock_set_parent_context(struct vsf_session* p_sess)$/;" f -+private_str_alloc_memchunk str.c /^private_str_alloc_memchunk(struct mystr* p_str, const char* p_src,$/;" f -+private_str_append_memchunk str.c /^private_str_append_memchunk(struct mystr* p_str, const char* p_src,$/;" f -+process_login_req twoprocess.c /^process_login_req(struct vsf_session* p_sess)$/;" f file: -+process_post_login postlogin.c /^process_post_login(struct vsf_session* p_sess)$/;" f -+process_post_login_req postprivparent.c /^process_post_login_req(struct vsf_session* p_sess)$/;" f file: -+pt_sandbox ptracesandbox.c /^struct pt_sandbox$/;" s file: -+ptrace_sandbox_alloc ptracesandbox.c /^ptrace_sandbox_alloc()$/;" f -+ptrace_sandbox_attach_point ptracesandbox.c /^ptrace_sandbox_attach_point()$/;" f -+ptrace_sandbox_attach_point ptracesandbox.c /^ptrace_sandbox_attach_point(void)$/;" f -+ptrace_sandbox_continue_process ptracesandbox.c /^ptrace_sandbox_continue_process(struct pt_sandbox* p_sandbox, int sig)$/;" f -+ptrace_sandbox_free ptracesandbox.c /^ptrace_sandbox_free(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_get_arg ptracesandbox.c /^ptrace_sandbox_get_arg(struct pt_sandbox* p_sandbox,$/;" f -+ptrace_sandbox_get_buf ptracesandbox.c /^ptrace_sandbox_get_buf(struct pt_sandbox* p_sandbox,$/;" f -+ptrace_sandbox_get_event ptracesandbox.c /^ptrace_sandbox_get_event(struct pt_sandbox* p_sandbox, int* status, int block)$/;" f -+ptrace_sandbox_get_event_fd ptracesandbox.c /^ptrace_sandbox_get_event_fd(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_get_long ptracesandbox.c /^ptrace_sandbox_get_long(struct pt_sandbox* p_sandbox,$/;" f -+ptrace_sandbox_get_socketcall_arg ptracesandbox.c /^ptrace_sandbox_get_socketcall_arg(struct pt_sandbox* p_sandbox,$/;" f -+ptrace_sandbox_handle_event ptracesandbox.c /^ptrace_sandbox_handle_event(struct pt_sandbox* p_sandbox, int status)$/;" f -+ptrace_sandbox_kill_processes ptracesandbox.c /^ptrace_sandbox_kill_processes(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_launch_process ptracesandbox.c /^ptrace_sandbox_launch_process(struct pt_sandbox* p_sandbox,$/;" f -+ptrace_sandbox_permit_accept ptracesandbox.c /^ptrace_sandbox_permit_accept(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_alarm ptracesandbox.c /^ptrace_sandbox_permit_alarm(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_bind ptracesandbox.c /^ptrace_sandbox_permit_bind(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_brk ptracesandbox.c /^ptrace_sandbox_permit_brk(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_chdir ptracesandbox.c /^ptrace_sandbox_permit_chdir(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_chmod ptracesandbox.c /^ptrace_sandbox_permit_chmod(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_close ptracesandbox.c /^ptrace_sandbox_permit_close(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_connect ptracesandbox.c /^ptrace_sandbox_permit_connect(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_exit ptracesandbox.c /^ptrace_sandbox_permit_exit(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_fchmod ptracesandbox.c /^ptrace_sandbox_permit_fchmod(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_fchown ptracesandbox.c /^ptrace_sandbox_permit_fchown(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_fcntl ptracesandbox.c /^ptrace_sandbox_permit_fcntl(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_fd_stats ptracesandbox.c /^ptrace_sandbox_permit_fd_stats(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_file_stats ptracesandbox.c /^ptrace_sandbox_permit_file_stats(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_ftruncate ptracesandbox.c /^ptrace_sandbox_permit_ftruncate(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_getcwd ptracesandbox.c /^ptrace_sandbox_permit_getcwd(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_getdents ptracesandbox.c /^ptrace_sandbox_permit_getdents(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_getsockopt ptracesandbox.c /^ptrace_sandbox_permit_getsockopt(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_listen ptracesandbox.c /^ptrace_sandbox_permit_listen(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_mkdir ptracesandbox.c /^ptrace_sandbox_permit_mkdir(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_mmap ptracesandbox.c /^ptrace_sandbox_permit_mmap(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_mprotect ptracesandbox.c /^ptrace_sandbox_permit_mprotect(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_mremap ptracesandbox.c /^ptrace_sandbox_permit_mremap(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_open ptracesandbox.c /^ptrace_sandbox_permit_open(struct pt_sandbox* p_sandbox, int writeable)$/;" f -+ptrace_sandbox_permit_query_time ptracesandbox.c /^ptrace_sandbox_permit_query_time(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_read ptracesandbox.c /^ptrace_sandbox_permit_read(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_readlink ptracesandbox.c /^ptrace_sandbox_permit_readlink(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_recv ptracesandbox.c /^ptrace_sandbox_permit_recv(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_rename ptracesandbox.c /^ptrace_sandbox_permit_rename(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_rmdir ptracesandbox.c /^ptrace_sandbox_permit_rmdir(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_seek ptracesandbox.c /^ptrace_sandbox_permit_seek(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_select ptracesandbox.c /^ptrace_sandbox_permit_select(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_sendfile ptracesandbox.c /^ptrace_sandbox_permit_sendfile(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_setsockopt ptracesandbox.c /^ptrace_sandbox_permit_setsockopt(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_shutdown ptracesandbox.c /^ptrace_sandbox_permit_shutdown(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_sigaction ptracesandbox.c /^ptrace_sandbox_permit_sigaction(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_sigreturn ptracesandbox.c /^ptrace_sandbox_permit_sigreturn(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_sleep ptracesandbox.c /^ptrace_sandbox_permit_sleep(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_socket ptracesandbox.c /^ptrace_sandbox_permit_socket(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_umask ptracesandbox.c /^ptrace_sandbox_permit_umask(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_unlink ptracesandbox.c /^ptrace_sandbox_permit_unlink(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_utime ptracesandbox.c /^ptrace_sandbox_permit_utime(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_utimes ptracesandbox.c /^ptrace_sandbox_permit_utimes(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_permit_write ptracesandbox.c /^ptrace_sandbox_permit_write(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_run_processes ptracesandbox.c /^ptrace_sandbox_run_processes(struct pt_sandbox* p_sandbox)$/;" f -+ptrace_sandbox_set_bind_validator ptracesandbox.c /^ptrace_sandbox_set_bind_validator(struct pt_sandbox* p_sandbox,$/;" f -+ptrace_sandbox_set_connect_validator ptracesandbox.c /^ptrace_sandbox_set_connect_validator(struct pt_sandbox* p_sandbox,$/;" f -+ptrace_sandbox_set_getsockopt_validator ptracesandbox.c /^ptrace_sandbox_set_getsockopt_validator(struct pt_sandbox* p_sandbox,$/;" f -+ptrace_sandbox_set_setsockopt_validator ptracesandbox.c /^ptrace_sandbox_set_setsockopt_validator(struct pt_sandbox* p_sandbox,$/;" f -+ptrace_sandbox_set_socket_validator ptracesandbox.c /^ptrace_sandbox_set_socket_validator(struct pt_sandbox* p_sandbox,$/;" f -+ptrace_sandbox_validator_t ptracesandbox.h /^typedef int (*ptrace_sandbox_validator_t)(struct pt_sandbox*, void*);$/;" t -+read_event_fd ptracesandbox.c /^ int read_event_fd;$/;" m struct:pt_sandbox file: -+regs ptracesandbox.c /^ struct user_regs_struct regs;$/;" m struct:pt_sandbox typeref:struct:pt_sandbox::user_regs_struct file: -+reject_nr seccompsandbox.c /^reject_nr(int nr, int errcode)$/;" f file: -+remote_ip_str session.h /^ struct mystr remote_ip_str;$/;" m struct:vsf_session typeref:struct:vsf_session::mystr -+resolve_tilde postlogin.c /^resolve_tilde(struct mystr* p_str, struct vsf_session* p_sess)$/;" f file: -+restart_pos session.h /^ filesize_t restart_pos;$/;" m struct:vsf_session -+retval ftpdataio.h /^ int retval;$/;" m struct:vsf_transfer_ret -+rnfr_filename_str session.h /^ struct mystr rnfr_filename_str;$/;" m struct:vsf_session typeref:struct:vsf_session::mystr -+running sysutil.c /^ int running;$/;" m struct:vsf_sysutil_sig_details file: -+s_1_arg_validations seccompsandbox.c /^static size_t s_1_arg_validations;$/;" v file: -+s_2_arg_validations seccompsandbox.c /^static size_t s_2_arg_validations;$/;" v file: -+s_3_arg_validations seccompsandbox.c /^static size_t s_3_arg_validations;$/;" v file: -+s_args_1 seccompsandbox.c /^static int s_args_1[kMaxSyscalls];$/;" v file: -+s_args_2 seccompsandbox.c /^static int s_args_2[kMaxSyscalls];$/;" v file: -+s_args_3 seccompsandbox.c /^static int s_args_3[kMaxSyscalls];$/;" v file: -+s_children standalone.c /^static unsigned int s_children;$/;" v file: -+s_current_pid sysutil.c /^static int s_current_pid = -1;$/;" v file: -+s_current_time sysutil.c /^static struct timeval s_current_time;$/;" v typeref:struct:timeval file: -+s_current_umask sysutil.c /^static unsigned int s_current_umask;$/;" v file: -+s_errnos seccompsandbox.c /^static int s_errnos[kMaxSyscalls];$/;" v file: -+s_exit_func sysutil.c /^static exitfunc_t s_exit_func;$/;" v file: -+s_io_handler sysutil.c /^static vsf_context_io_t s_io_handler;$/;" v file: -+s_io_handler_running sysutil.c /^static int s_io_handler_running;$/;" v file: -+s_ipaddr_size standalone.c /^static unsigned int s_ipaddr_size;$/;" v file: -+s_null_str strlist.c /^static struct mystr s_null_str;$/;" v typeref:struct:mystr file: -+s_p_io_handler_private sysutil.c /^static void* s_p_io_handler_private;$/;" v file: -+s_p_ip_count_hash standalone.c /^static struct hash* s_p_ip_count_hash;$/;" v typeref:struct:hash file: -+s_p_pid_ip_hash standalone.c /^static struct hash* s_p_pid_ip_hash;$/;" v typeref:struct:hash file: -+s_p_proctitle sysdeputil.c /^static char* s_p_proctitle = 0;$/;" v file: -+s_p_saved_filename parseconf.c /^static const char* s_p_saved_filename;$/;" v file: -+s_pamh sysdeputil.c /^static pam_handle_t* s_pamh;$/;" v file: -+s_proctitle_inited sysdeputil.c /^static int s_proctitle_inited = 0;$/;" v file: -+s_proctitle_prefix_str sysdeputil.c /^static struct mystr s_proctitle_prefix_str;$/;" v typeref:struct:mystr file: -+s_proctitle_space sysdeputil.c /^static unsigned int s_proctitle_space = 0;$/;" v file: -+s_pword_str sysdeputil.c /^static struct mystr s_pword_str;$/;" v typeref:struct:mystr file: -+s_setbuf str.c /^s_setbuf(struct mystr* p_str, char* p_newbuf)$/;" f file: -+s_sig_details sysutil.c /^} s_sig_details[NSIG];$/;" v typeref:struct:vsf_sysutil_sig_details file: -+s_sigchld_fd ptracesandbox.c /^static int s_sigchld_fd = -1;$/;" v file: -+s_syscall_index seccompsandbox.c /^static size_t s_syscall_index;$/;" v file: -+s_syscalls seccompsandbox.c /^static int s_syscalls[kMaxSyscalls];$/;" v file: -+s_timezone sysutil.c /^static long s_timezone;$/;" v file: -+s_utent sysdeputil.c /^static struct utmpx s_utent;$/;" v typeref:struct:utmpx file: -+s_uwtmp_inserted sysdeputil.c /^static int s_uwtmp_inserted;$/;" v file: -+s_vals_1 seccompsandbox.c /^static int s_vals_1[kMaxSyscalls];$/;" v file: -+s_vals_2 seccompsandbox.c /^static int s_vals_2[kMaxSyscalls];$/;" v file: -+s_vals_3 seccompsandbox.c /^static int s_vals_3[kMaxSyscalls];$/;" v file: -+s_zero_fd sysdeputil.c /^static int s_zero_fd = -1;$/;" v file: -+sanitize_child ptracesandbox.c /^sanitize_child()$/;" f file: -+seccomp_sandbox_init seccompsandbox.c /^seccomp_sandbox_init()$/;" f -+seccomp_sandbox_lockdown seccompsandbox.c /^seccomp_sandbox_lockdown()$/;" f -+seccomp_sandbox_setup_base seccompsandbox.c /^seccomp_sandbox_setup_base()$/;" f file: -+seccomp_sandbox_setup_data_connections seccompsandbox.c /^seccomp_sandbox_setup_data_connections()$/;" f file: -+seccomp_sandbox_setup_postlogin seccompsandbox.c /^seccomp_sandbox_setup_postlogin(const struct vsf_session* p_sess)$/;" f -+seccomp_sandbox_setup_postlogin_broker seccompsandbox.c /^seccomp_sandbox_setup_postlogin_broker()$/;" f -+seccomp_sandbox_setup_prelogin seccompsandbox.c /^seccomp_sandbox_setup_prelogin(const struct vsf_session* p_sess)$/;" f -+session_init main.c /^session_init(struct vsf_session* p_sess)$/;" f file: -+setsockopt_validator ftppolicy.c /^setsockopt_validator(struct pt_sandbox* p_sandbox, void* p_arg)$/;" f file: -+setup_bio_callbacks ssl.c /^static void setup_bio_callbacks(SSL* p_ssl)$/;" f file: -+setup_username_globals privops.c /^setup_username_globals(struct vsf_session* p_sess, const struct mystr* p_str)$/;" f file: -+sigalr sysutil.c /^static struct sigaction sigalr, sigusr1;$/;" v typeref:struct:sigaction file: -+sigusr1 sysutil.c /^static struct sigaction sigalr, sigusr1;$/;" v typeref:struct: file: -+socket_one sysutil.h /^ int socket_one;$/;" m struct:vsf_sysutil_socketpair_retval -+socket_two sysutil.h /^ int socket_two;$/;" m struct:vsf_sysutil_socketpair_retval -+socket_validator ftppolicy.c /^socket_validator(struct pt_sandbox* p_sandbox, void* p_arg)$/;" f file: -+socketcall_validator ptracesandbox.c /^ ptrace_sandbox_validator_t socketcall_validator[NPROTO];$/;" m struct:pt_sandbox file: -+socketcall_validator_arg ptracesandbox.c /^ void* socketcall_validator_arg[NPROTO];$/;" m struct:pt_sandbox file: -+sort_compare_common strlist.c /^sort_compare_common(const void* p1, const void* p2, int reverse)$/;" f file: -+sort_compare_func strlist.c /^sort_compare_func(const void* p1, const void* p2)$/;" f file: -+sort_compare_func_reverse strlist.c /^sort_compare_func_reverse(const void* p1, const void* p2)$/;" f file: -+sort_key_str strlist.c /^ struct mystr sort_key_str;$/;" m struct:mystr_list_node typeref:struct:mystr_list_node::mystr file: -+ssl_accept ssl.c /^ssl_accept(struct vsf_session* p_sess, int fd)$/;" f -+ssl_add_entropy ssl.c /^ssl_add_entropy(struct vsf_session* p_sess)$/;" f -+ssl_cert_digest ssl.c /^ssl_cert_digest(SSL* p_ssl, struct vsf_session* p_sess, struct mystr* p_str)$/;" f file: -+ssl_comm_channel_init ssl.c /^ssl_comm_channel_init(struct vsf_session* p_sess)$/;" f -+ssl_comm_channel_set_consumer_context ssl.c /^ssl_comm_channel_set_consumer_context(struct vsf_session* p_sess)$/;" f -+ssl_comm_channel_set_producer_context ssl.c /^ssl_comm_channel_set_producer_context(struct vsf_session* p_sess)$/;" f -+ssl_consumer_fd session.h /^ int ssl_consumer_fd;$/;" m struct:vsf_session -+ssl_control_handshake ssl.c /^ssl_control_handshake(struct vsf_session* p_sess)$/;" f -+ssl_data_close ssl.c /^ssl_data_close(struct vsf_session* p_sess)$/;" f -+ssl_init ssl.c /^ssl_init(struct vsf_session* p_sess)$/;" f -+ssl_inited ssl.c /^static int ssl_inited;$/;" v file: -+ssl_peek ssl.c /^ssl_peek(struct vsf_session* p_sess, void* p_ssl, char* p_buf, unsigned int len)$/;" f -+ssl_peek_adapter readwrite.c /^ssl_peek_adapter(struct vsf_session* p_sess, char* p_buf, unsigned int len)$/;" f file: -+ssl_read ssl.c /^ssl_read(struct vsf_session* p_sess, void* p_ssl, char* p_buf, unsigned int len)$/;" f -+ssl_read_adapter readwrite.c /^ssl_read_adapter(struct vsf_session* p_sess, char* p_buf, unsigned int len)$/;" f file: -+ssl_read_common ssl.c /^ssl_read_common(struct vsf_session* p_sess,$/;" f file: -+ssl_read_into_str ssl.c /^ssl_read_into_str(struct vsf_session* p_sess, void* p_ssl, struct mystr* p_str)$/;" f -+ssl_session_init ssl.c /^ssl_session_init(struct vsf_session* p_sess)$/;" f file: -+ssl_slave sslslave.c /^ssl_slave(struct vsf_session* p_sess)$/;" f -+ssl_slave_active session.h /^ int ssl_slave_active;$/;" m struct:vsf_session -+ssl_slave_fd session.h /^ int ssl_slave_fd;$/;" m struct:vsf_session -+ssl_tmp_dh_callback ssl.c /^ssl_tmp_dh_callback(SSL *ssl, int is_export, int keylength)$/;" f file: -+ssl_verify_callback ssl.c /^ssl_verify_callback(int verify_ok, X509_STORE_CTX* p_ctx)$/;" f file: -+ssl_write ssl.c /^ssl_write(void* p_ssl, const char* p_buf, unsigned int len)$/;" f -+ssl_write_str ssl.c /^ssl_write_str(void* p_ssl, const struct mystr* p_str)$/;" f -+start_data_alarm ftpdataio.c /^start_data_alarm(struct vsf_session* p_sess)$/;" f -+stored ascii.h /^ unsigned int stored;$/;" m struct:ascii_to_bin_ret -+stored ascii.h /^ unsigned int stored;$/;" m struct:bin_to_ascii_ret -+str strlist.c /^ struct mystr str;$/;" m struct:mystr_list_node typeref:struct:mystr_list_node::mystr file: -+str_a_to_filesize_t str.c /^str_a_to_filesize_t(const struct mystr* p_str)$/;" f -+str_all_space str.c /^str_all_space(const struct mystr* p_str)$/;" f -+str_alloc_alt_term str.c /^str_alloc_alt_term(struct mystr* p_str, const char* p_src, char term)$/;" f -+str_alloc_filesize_t str.c /^str_alloc_filesize_t(struct mystr* p_str, filesize_t the_filesize)$/;" f -+str_alloc_memchunk str.h 22;" d -+str_alloc_text str.c /^str_alloc_text(struct mystr* p_str, const char* p_src)$/;" f -+str_alloc_ulong str.c /^str_alloc_ulong(struct mystr* p_str, unsigned long the_long)$/;" f -+str_append_char str.c /^str_append_char(struct mystr* p_str, char the_char)$/;" f -+str_append_double str.c /^str_append_double(struct mystr* p_str, double the_double)$/;" f -+str_append_filesize_t str.c /^str_append_filesize_t(struct mystr* p_str, filesize_t the_filesize)$/;" f -+str_append_str str.c /^str_append_str(struct mystr* p_str, const struct mystr* p_other)$/;" f -+str_append_text str.c /^str_append_text(struct mystr* p_str, const char* p_src)$/;" f -+str_append_ulong str.c /^str_append_ulong(struct mystr* p_str, unsigned long the_ulong)$/;" f -+str_atoi str.c /^str_atoi(const struct mystr* p_str)$/;" f -+str_basename str.c /^str_basename (struct mystr* d_str, const struct mystr* path)$/;" f -+str_chdir sysstr.c /^str_chdir(const struct mystr* p_str)$/;" f -+str_chmod sysstr.c /^str_chmod(const struct mystr* p_str, unsigned int mode)$/;" f -+str_contains_line str.c /^str_contains_line(const struct mystr* p_str, const struct mystr* p_line_str)$/;" f -+str_contains_space str.c /^str_contains_space(const struct mystr* p_str)$/;" f -+str_contains_unprintable str.c /^str_contains_unprintable(const struct mystr* p_str)$/;" f -+str_copy str.c /^str_copy(struct mystr* p_dest, const struct mystr* p_src)$/;" f -+str_create sysstr.c /^str_create(const struct mystr* p_str)$/;" f -+str_create_exclusive sysstr.c /^str_create_exclusive(const struct mystr* p_str)$/;" f -+str_empty str.c /^str_empty(struct mystr* p_str)$/;" f -+str_equal str.c /^str_equal(const struct mystr* p_str1, const struct mystr* p_str2)$/;" f -+str_equal_internal str.c /^str_equal_internal(const char* p_buf1, unsigned int buf1_len,$/;" f file: -+str_equal_text str.c /^str_equal_text(const struct mystr* p_str, const char* p_text)$/;" f -+str_fileread filestr.c /^str_fileread(struct mystr* p_str, const char* p_filename, unsigned int maxsize)$/;" f -+str_free str.c /^str_free(struct mystr* p_str)$/;" f -+str_get_char_at str.c /^str_get_char_at(const struct mystr* p_str, const unsigned int indexx)$/;" f -+str_getbuf str.c /^str_getbuf(const struct mystr* p_str)$/;" f -+str_getcwd sysstr.c /^str_getcwd(struct mystr* p_str)$/;" f -+str_getlen str.c /^str_getlen(const struct mystr* p_str)$/;" f -+str_getline str.c /^str_getline(const struct mystr* p_str, struct mystr* p_line_str,$/;" f -+str_getpwnam sysstr.c /^str_getpwnam(const struct mystr* p_user_str)$/;" f -+str_isempty str.c /^str_isempty(const struct mystr* p_str)$/;" f -+str_left str.c /^str_left(const struct mystr* p_str, struct mystr* p_out, unsigned int chars)$/;" f -+str_list_add strlist.c /^str_list_add(struct mystr_list* p_list, const struct mystr* p_str,$/;" f -+str_list_contains_str strlist.c /^str_list_contains_str(const struct mystr_list* p_list,$/;" f -+str_list_free strlist.c /^str_list_free(struct mystr_list* p_list)$/;" f -+str_list_get_length strlist.c /^str_list_get_length(const struct mystr_list* p_list)$/;" f -+str_list_get_pstr strlist.c /^str_list_get_pstr(const struct mystr_list* p_list, unsigned int indexx)$/;" f -+str_list_sort strlist.c /^str_list_sort(struct mystr_list* p_list, int reverse)$/;" f -+str_locate_char str.c /^str_locate_char(const struct mystr* p_str, char look_char)$/;" f -+str_locate_chars str.c /^str_locate_chars(const struct mystr* p_str, const char* p_chars)$/;" f -+str_locate_result str.h /^struct str_locate_result$/;" s -+str_locate_str str.c /^str_locate_str(const struct mystr* p_str, const struct mystr* p_look_str)$/;" f -+str_locate_str_reverse str.c /^str_locate_str_reverse(const struct mystr* p_str,$/;" f -+str_locate_text str.c /^str_locate_text(const struct mystr* p_str, const char* p_text)$/;" f -+str_locate_text_reverse str.c /^str_locate_text_reverse(const struct mystr* p_str, const char* p_text)$/;" f -+str_lpad str.c /^str_lpad(struct mystr* p_str, const unsigned int min_width)$/;" f -+str_lstat sysstr.c /^str_lstat(const struct mystr* p_str, struct vsf_sysutil_statbuf** p_ptr)$/;" f -+str_mid_to_end str.c /^str_mid_to_end(const struct mystr* p_str, struct mystr* p_out,$/;" f -+str_mkdir sysstr.c /^str_mkdir(const struct mystr* p_str, const unsigned int mode)$/;" f -+str_netfd_alloc netstr.c /^str_netfd_alloc(struct vsf_session* p_sess,$/;" f -+str_netfd_read netstr.c /^str_netfd_read(struct mystr* p_str, int fd, unsigned int len)$/;" f -+str_netfd_read_t netstr.h /^typedef int (*str_netfd_read_t)(struct vsf_session*$/;" t -+str_netfd_write netstr.c /^str_netfd_write(const struct mystr* p_str, int fd)$/;" f -+str_next_dirent sysstr.c /^str_next_dirent(struct mystr* p_filename_str, struct vsf_sysutil_dir* p_dir)$/;" f -+str_octal_to_uint str.c /^str_octal_to_uint(const struct mystr* p_str)$/;" f -+str_open sysstr.c /^str_open(const struct mystr* p_str, const enum EVSFSysStrOpenMode mode)$/;" f -+str_opendir sysstr.c /^str_opendir(const struct mystr* p_str)$/;" f -+str_read_loop sysstr.c /^str_read_loop(struct mystr* p_str, const int fd)$/;" f -+str_readlink sysstr.c /^str_readlink(struct mystr* p_str, const struct mystr* p_filename_str)$/;" f -+str_rename sysstr.c /^str_rename(const struct mystr* p_from_str, const struct mystr* p_to_str)$/;" f -+str_replace_char str.c /^str_replace_char(struct mystr* p_str, char from, char to)$/;" f -+str_replace_text str.c /^str_replace_text(struct mystr* p_str, const char* p_from, const char* p_to)$/;" f -+str_replace_unprintable str.c /^str_replace_unprintable(struct mystr* p_str, char new_char)$/;" f -+str_reserve str.c /^str_reserve(struct mystr* p_str, unsigned int res_len)$/;" f -+str_right str.c /^str_right(const struct mystr* p_str, struct mystr* p_out, unsigned int chars)$/;" f -+str_rmdir sysstr.c /^str_rmdir(const struct mystr* p_str)$/;" f -+str_rpad str.c /^str_rpad(struct mystr* p_str, const unsigned int min_width)$/;" f -+str_split_char str.c /^str_split_char(struct mystr* p_src, struct mystr* p_rhs, char c)$/;" f -+str_split_char_reverse str.c /^str_split_char_reverse(struct mystr* p_src, struct mystr* p_rhs, char c)$/;" f -+str_split_text str.c /^str_split_text(struct mystr* p_src, struct mystr* p_rhs, const char* p_text)$/;" f -+str_split_text_common str.c /^str_split_text_common(struct mystr* p_src, struct mystr* p_rhs,$/;" f file: -+str_split_text_reverse str.c /^str_split_text_reverse(struct mystr* p_src, struct mystr* p_rhs,$/;" f -+str_stat sysstr.c /^str_stat(const struct mystr* p_str, struct vsf_sysutil_statbuf** p_ptr)$/;" f -+str_strcmp str.c /^str_strcmp(const struct mystr* p_str1, const struct mystr* p_str2)$/;" f -+str_strdup str.c /^str_strdup(const struct mystr* p_str)$/;" f -+str_strdup_trimmed str.c /^str_strdup_trimmed(const struct mystr* p_str)$/;" f -+str_syslog sysstr.c /^str_syslog(const struct mystr* p_str, int severe)$/;" f -+str_trunc str.c /^str_trunc(struct mystr* p_str, unsigned int trunc_len)$/;" f -+str_unlink sysstr.c /^str_unlink(const struct mystr* p_str)$/;" f -+str_upper str.c /^str_upper(struct mystr* p_str)$/;" f -+str_write_loop sysstr.c /^str_write_loop(const struct mystr* p_str, const int fd)$/;" f -+sync_sig_handler sysutil.c /^ vsf_sighandle_t sync_sig_handler;$/;" m struct:vsf_sysutil_sig_details file: -+tcp_wrapper_ok session.h /^ int tcp_wrapper_ok;$/;" m struct:vsf_session -+transfer_dir_internal ftpdataio.c /^transfer_dir_internal(struct vsf_session* p_sess, int is_control,$/;" f file: -+transfer_size session.h /^ filesize_t transfer_size;$/;" m struct:vsf_session -+transferred ftpdataio.h /^ filesize_t transferred;$/;" m struct:vsf_transfer_ret -+tunable_accept_timeout tunables.c /^unsigned int tunable_accept_timeout;$/;" v -+tunable_allow_anon_ssl tunables.c /^int tunable_allow_anon_ssl;$/;" v -+tunable_allow_writeable_chroot tunables.c /^int tunable_allow_writeable_chroot;$/;" v -+tunable_anon_max_rate tunables.c /^unsigned int tunable_anon_max_rate;$/;" v -+tunable_anon_mkdir_write_enable tunables.c /^int tunable_anon_mkdir_write_enable;$/;" v -+tunable_anon_other_write_enable tunables.c /^int tunable_anon_other_write_enable;$/;" v -+tunable_anon_root tunables.c /^const char* tunable_anon_root;$/;" v -+tunable_anon_umask tunables.c /^unsigned int tunable_anon_umask;$/;" v -+tunable_anon_upload_enable tunables.c /^int tunable_anon_upload_enable;$/;" v -+tunable_anon_world_readable_only tunables.c /^int tunable_anon_world_readable_only;$/;" v -+tunable_anonymous_enable tunables.c /^int tunable_anonymous_enable;$/;" v -+tunable_ascii_download_enable tunables.c /^int tunable_ascii_download_enable;$/;" v -+tunable_ascii_upload_enable tunables.c /^int tunable_ascii_upload_enable;$/;" v -+tunable_async_abor_enable tunables.c /^int tunable_async_abor_enable;$/;" v -+tunable_background tunables.c /^int tunable_background;$/;" v -+tunable_banned_email_file tunables.c /^const char* tunable_banned_email_file;$/;" v -+tunable_banner_file tunables.c /^const char* tunable_banner_file;$/;" v -+tunable_ca_certs_file tunables.c /^const char* tunable_ca_certs_file;$/;" v -+tunable_check_shell tunables.c /^int tunable_check_shell;$/;" v -+tunable_chmod_enable tunables.c /^int tunable_chmod_enable;$/;" v -+tunable_chown_upload_mode tunables.c /^unsigned int tunable_chown_upload_mode;$/;" v -+tunable_chown_uploads tunables.c /^int tunable_chown_uploads;$/;" v -+tunable_chown_username tunables.c /^const char* tunable_chown_username;$/;" v -+tunable_chroot_list_enable tunables.c /^int tunable_chroot_list_enable;$/;" v -+tunable_chroot_list_file tunables.c /^const char* tunable_chroot_list_file;$/;" v -+tunable_chroot_local_user tunables.c /^int tunable_chroot_local_user;$/;" v -+tunable_cmds_allowed tunables.c /^const char* tunable_cmds_allowed;$/;" v -+tunable_cmds_denied tunables.c /^const char* tunable_cmds_denied;$/;" v -+tunable_connect_from_port_20 tunables.c /^int tunable_connect_from_port_20;$/;" v -+tunable_connect_timeout tunables.c /^unsigned int tunable_connect_timeout;$/;" v -+tunable_data_connection_timeout tunables.c /^unsigned int tunable_data_connection_timeout;$/;" v -+tunable_debug_ssl tunables.c /^int tunable_debug_ssl;$/;" v -+tunable_delay_failed_login tunables.c /^unsigned int tunable_delay_failed_login;$/;" v -+tunable_delay_successful_login tunables.c /^unsigned int tunable_delay_successful_login;$/;" v -+tunable_delete_failed_uploads tunables.c /^int tunable_delete_failed_uploads;$/;" v -+tunable_deny_email_enable tunables.c /^int tunable_deny_email_enable;$/;" v -+tunable_deny_file tunables.c /^const char* tunable_deny_file;$/;" v -+tunable_dh_param_file tunables.c /^const char* tunable_dh_param_file;$/;" v -+tunable_dirlist_enable tunables.c /^int tunable_dirlist_enable;$/;" v -+tunable_dirmessage_enable tunables.c /^int tunable_dirmessage_enable;$/;" v -+tunable_download_enable tunables.c /^int tunable_download_enable;$/;" v -+tunable_dsa_cert_file tunables.c /^const char* tunable_dsa_cert_file;$/;" v -+tunable_dsa_private_key_file tunables.c /^const char* tunable_dsa_private_key_file;$/;" v -+tunable_dual_log_enable tunables.c /^int tunable_dual_log_enable;$/;" v -+tunable_ecdh_param_file tunables.c /^const char* tunable_ecdh_param_file;$/;" v -+tunable_email_password_file tunables.c /^const char* tunable_email_password_file;$/;" v -+tunable_file_open_mode tunables.c /^unsigned int tunable_file_open_mode;$/;" v -+tunable_force_anon_data_ssl tunables.c /^int tunable_force_anon_data_ssl;$/;" v -+tunable_force_anon_logins_ssl tunables.c /^int tunable_force_anon_logins_ssl;$/;" v -+tunable_force_dot_files tunables.c /^int tunable_force_dot_files;$/;" v -+tunable_force_local_data_ssl tunables.c /^int tunable_force_local_data_ssl;$/;" v -+tunable_force_local_logins_ssl tunables.c /^int tunable_force_local_logins_ssl;$/;" v -+tunable_ftp_data_port tunables.c /^unsigned int tunable_ftp_data_port;$/;" v -+tunable_ftp_enable tunables.c /^int tunable_ftp_enable;$/;" v -+tunable_ftp_username tunables.c /^const char* tunable_ftp_username;$/;" v -+tunable_ftpd_banner tunables.c /^const char* tunable_ftpd_banner;$/;" v -+tunable_guest_enable tunables.c /^int tunable_guest_enable;$/;" v -+tunable_guest_username tunables.c /^const char* tunable_guest_username;$/;" v -+tunable_hide_file tunables.c /^const char* tunable_hide_file;$/;" v -+tunable_hide_ids tunables.c /^int tunable_hide_ids;$/;" v -+tunable_http_enable tunables.c /^int tunable_http_enable;$/;" v -+tunable_idle_session_timeout tunables.c /^unsigned int tunable_idle_session_timeout;$/;" v -+tunable_implicit_ssl tunables.c /^int tunable_implicit_ssl;$/;" v -+tunable_isolate tunables.c /^int tunable_isolate;$/;" v -+tunable_isolate_network tunables.c /^int tunable_isolate_network;$/;" v -+tunable_listen tunables.c /^int tunable_listen;$/;" v -+tunable_listen_address tunables.c /^const char* tunable_listen_address;$/;" v -+tunable_listen_address6 tunables.c /^const char* tunable_listen_address6;$/;" v -+tunable_listen_ipv6 tunables.c /^int tunable_listen_ipv6;$/;" v -+tunable_listen_port tunables.c /^unsigned int tunable_listen_port;$/;" v -+tunable_local_enable tunables.c /^int tunable_local_enable;$/;" v -+tunable_local_max_rate tunables.c /^unsigned int tunable_local_max_rate;$/;" v -+tunable_local_root tunables.c /^const char* tunable_local_root;$/;" v -+tunable_local_umask tunables.c /^unsigned int tunable_local_umask;$/;" v -+tunable_lock_upload_files tunables.c /^int tunable_lock_upload_files;$/;" v -+tunable_log_ftp_protocol tunables.c /^int tunable_log_ftp_protocol;$/;" v -+tunable_ls_recurse_enable tunables.c /^int tunable_ls_recurse_enable;$/;" v -+tunable_max_clients tunables.c /^unsigned int tunable_max_clients;$/;" v -+tunable_max_login_fails tunables.c /^unsigned int tunable_max_login_fails;$/;" v -+tunable_max_per_ip tunables.c /^unsigned int tunable_max_per_ip;$/;" v -+tunable_mdtm_write tunables.c /^int tunable_mdtm_write;$/;" v -+tunable_message_file tunables.c /^const char* tunable_message_file;$/;" v -+tunable_no_anon_password tunables.c /^int tunable_no_anon_password;$/;" v -+tunable_no_log_lock tunables.c /^int tunable_no_log_lock;$/;" v -+tunable_nopriv_user tunables.c /^const char* tunable_nopriv_user;$/;" v -+tunable_one_process_model tunables.c /^int tunable_one_process_model;$/;" v -+tunable_pam_service_name tunables.c /^const char* tunable_pam_service_name;$/;" v -+tunable_passwd_chroot_enable tunables.c /^int tunable_passwd_chroot_enable;$/;" v -+tunable_pasv_addr_resolve tunables.c /^int tunable_pasv_addr_resolve;$/;" v -+tunable_pasv_address tunables.c /^const char* tunable_pasv_address;$/;" v -+tunable_pasv_enable tunables.c /^int tunable_pasv_enable;$/;" v -+tunable_pasv_max_port tunables.c /^unsigned int tunable_pasv_max_port;$/;" v -+tunable_pasv_min_port tunables.c /^unsigned int tunable_pasv_min_port;$/;" v -+tunable_pasv_promiscuous tunables.c /^int tunable_pasv_promiscuous;$/;" v -+tunable_port_enable tunables.c /^int tunable_port_enable;$/;" v -+tunable_port_promiscuous tunables.c /^int tunable_port_promiscuous;$/;" v -+tunable_ptrace_sandbox tunables.c /^int tunable_ptrace_sandbox;$/;" v -+tunable_require_cert tunables.c /^int tunable_require_cert;$/;" v -+tunable_require_ssl_reuse tunables.c /^int tunable_require_ssl_reuse;$/;" v -+tunable_reverse_lookup_enable tunables.c /^int tunable_reverse_lookup_enable;$/;" v -+tunable_rsa_cert_file tunables.c /^const char* tunable_rsa_cert_file;$/;" v -+tunable_rsa_private_key_file tunables.c /^const char* tunable_rsa_private_key_file;$/;" v -+tunable_run_as_launching_user tunables.c /^int tunable_run_as_launching_user;$/;" v -+tunable_seccomp_sandbox tunables.c /^int tunable_seccomp_sandbox;$/;" v -+tunable_secure_chroot_dir tunables.c /^const char* tunable_secure_chroot_dir;$/;" v -+tunable_secure_email_list_enable tunables.c /^int tunable_secure_email_list_enable;$/;" v -+tunable_session_support tunables.c /^int tunable_session_support;$/;" v -+tunable_setproctitle_enable tunables.c /^int tunable_setproctitle_enable;$/;" v -+tunable_ssl_ciphers tunables.c /^const char* tunable_ssl_ciphers;$/;" v -+tunable_ssl_enable tunables.c /^int tunable_ssl_enable;$/;" v -+tunable_ssl_request_cert tunables.c /^int tunable_ssl_request_cert;$/;" v -+tunable_sslv2 tunables.c /^int tunable_sslv2;$/;" v -+tunable_sslv3 tunables.c /^int tunable_sslv3;$/;" v -+tunable_strict_ssl_read_eof tunables.c /^int tunable_strict_ssl_read_eof;$/;" v -+tunable_strict_ssl_write_shutdown tunables.c /^int tunable_strict_ssl_write_shutdown;$/;" v -+tunable_syslog_enable tunables.c /^int tunable_syslog_enable;$/;" v -+tunable_tcp_wrappers tunables.c /^int tunable_tcp_wrappers;$/;" v -+tunable_text_userdb_names tunables.c /^int tunable_text_userdb_names;$/;" v -+tunable_tilde_user_enable tunables.c /^int tunable_tilde_user_enable;$/;" v -+tunable_tlsv1 tunables.c /^int tunable_tlsv1;$/;" v -+tunable_trans_chunk_size tunables.c /^unsigned int tunable_trans_chunk_size;$/;" v -+tunable_use_localtime tunables.c /^int tunable_use_localtime;$/;" v -+tunable_use_sendfile tunables.c /^int tunable_use_sendfile;$/;" v -+tunable_user_config_dir tunables.c /^const char* tunable_user_config_dir;$/;" v -+tunable_user_sub_token tunables.c /^const char* tunable_user_sub_token;$/;" v -+tunable_userlist_deny tunables.c /^int tunable_userlist_deny;$/;" v -+tunable_userlist_enable tunables.c /^int tunable_userlist_enable;$/;" v -+tunable_userlist_file tunables.c /^const char* tunable_userlist_file;$/;" v -+tunable_userlist_log tunables.c /^int tunable_userlist_log;$/;" v -+tunable_validate_cert tunables.c /^int tunable_validate_cert;$/;" v -+tunable_virtual_use_local_privs tunables.c /^int tunable_virtual_use_local_privs;$/;" v -+tunable_vsftpd_log_file tunables.c /^const char* tunable_vsftpd_log_file;$/;" v -+tunable_write_enable tunables.c /^int tunable_write_enable;$/;" v -+tunable_xferlog_enable tunables.c /^int tunable_xferlog_enable;$/;" v -+tunable_xferlog_file tunables.c /^const char* tunable_xferlog_file;$/;" v -+tunable_xferlog_std_format tunables.c /^int tunable_xferlog_std_format;$/;" v -+tunables_load_defaults tunables.c /^tunables_load_defaults()$/;" f -+u sysutil.c /^ } u;$/;" m struct:vsf_sysutil_sockaddr typeref:union:vsf_sysutil_sockaddr::__anon1 file: -+u_sockaddr sysutil.c /^ struct sockaddr u_sockaddr;$/;" m union:vsf_sysutil_sockaddr::__anon1 typeref:struct:vsf_sysutil_sockaddr::__anon1::sockaddr file: -+u_sockaddr_in sysutil.c /^ struct sockaddr_in u_sockaddr_in;$/;" m union:vsf_sysutil_sockaddr::__anon1 typeref:struct:vsf_sysutil_sockaddr::__anon1::sockaddr_in file: -+u_sockaddr_in6 sysutil.c /^ struct sockaddr_in6 u_sockaddr_in6;$/;" m union:vsf_sysutil_sockaddr::__anon1 typeref:struct:vsf_sysutil_sockaddr::__anon1::sockaddr_in6 file: -+use_alarm sysutil.c /^ int use_alarm;$/;" m struct:vsf_sysutil_sig_details file: -+user_str session.h /^ struct mystr user_str;$/;" m struct:vsf_session typeref:struct:vsf_session::mystr -+userlist_str session.h /^ struct mystr userlist_str;$/;" m struct:vsf_session typeref:struct:vsf_session::mystr -+validate_fcntl ptracesandbox.c /^validate_fcntl(struct pt_sandbox* p_sandbox, void* p_arg)$/;" f file: -+validate_mmap2 ptracesandbox.c /^validate_mmap2(struct pt_sandbox* p_sandbox, void* p_arg)$/;" f file: -+validate_open_default ptracesandbox.c /^validate_open_default(struct pt_sandbox* p_sandbox, void* p_arg)$/;" f file: -+validate_open_readonly ptracesandbox.c /^validate_open_readonly(struct pt_sandbox* p_sandbox, void* p_arg)$/;" f file: -+validate_socketcall ptracesandbox.c /^validate_socketcall(struct pt_sandbox* p_sandbox, void* p_arg)$/;" f file: -+validator ptracesandbox.c /^ ptrace_sandbox_validator_t validator[MAX_SYSCALL];$/;" m struct:pt_sandbox file: -+validator_arg ptracesandbox.c /^ void* validator_arg[MAX_SYSCALL];$/;" m struct:pt_sandbox file: -+value_size hash.c /^ unsigned int value_size;$/;" m struct:hash file: -+vsf_access_check_file access.c /^vsf_access_check_file(const struct mystr* p_filename_str)$/;" f -+vsf_access_check_file_visible access.c /^vsf_access_check_file_visible(const struct mystr* p_filename_str)$/;" f -+vsf_ascii_ascii_to_bin ascii.c /^vsf_ascii_ascii_to_bin(char* p_buf, unsigned int in_len, int prev_cr)$/;" f -+vsf_ascii_bin_to_ascii ascii.c /^vsf_ascii_bin_to_ascii(const char* p_in,$/;" f -+vsf_async_sighandle_t sysutil.h /^typedef void (*vsf_async_sighandle_t)(int);$/;" t -+vsf_auth_shutdown sysdeputil.c /^vsf_auth_shutdown(void)$/;" f file: -+vsf_banner_dir_changed banner.c /^vsf_banner_dir_changed(struct vsf_session* p_sess, int ftpcode)$/;" f -+vsf_banner_write banner.c /^vsf_banner_write(struct vsf_session* p_sess, struct mystr* p_str, int ftpcode)$/;" f -+vsf_client_launch standalone.h /^struct vsf_client_launch$/;" s -+vsf_cmdio_get_cmd_and_arg ftpcmdio.c /^vsf_cmdio_get_cmd_and_arg(struct vsf_session* p_sess, struct mystr* p_cmd_str,$/;" f -+vsf_cmdio_set_alarm ftpcmdio.c /^vsf_cmdio_set_alarm(struct vsf_session* p_sess)$/;" f -+vsf_cmdio_sock_setup ftpcmdio.c /^vsf_cmdio_sock_setup(void)$/;" f -+vsf_cmdio_write ftpcmdio.c /^vsf_cmdio_write(struct vsf_session* p_sess, int status, const char* p_text)$/;" f -+vsf_cmdio_write_exit ftpcmdio.c /^vsf_cmdio_write_exit(struct vsf_session* p_sess, int status, const char* p_text,$/;" f -+vsf_cmdio_write_hyphen ftpcmdio.c /^vsf_cmdio_write_hyphen(struct vsf_session* p_sess, int status,$/;" f -+vsf_cmdio_write_raw ftpcmdio.c /^vsf_cmdio_write_raw(struct vsf_session* p_sess, const char* p_text)$/;" f -+vsf_cmdio_write_str ftpcmdio.c /^vsf_cmdio_write_str(struct vsf_session* p_sess, int status,$/;" f -+vsf_cmdio_write_str_hyphen ftpcmdio.c /^vsf_cmdio_write_str_hyphen(struct vsf_session* p_sess, int status,$/;" f -+vsf_context_io_t sysutil.h /^typedef void (*vsf_context_io_t)(int, int, void*);$/;" t -+vsf_exit utility.c /^vsf_exit(const char* p_text)$/;" f -+vsf_filename_passes_filter ls.c /^vsf_filename_passes_filter(const struct mystr* p_filename_str,$/;" f -+vsf_ftpdataio_dispose_transfer_fd ftpdataio.c /^vsf_ftpdataio_dispose_transfer_fd(struct vsf_session* p_sess)$/;" f -+vsf_ftpdataio_get_pasv_fd ftpdataio.c /^vsf_ftpdataio_get_pasv_fd(struct vsf_session* p_sess)$/;" f -+vsf_ftpdataio_get_port_fd ftpdataio.c /^vsf_ftpdataio_get_port_fd(struct vsf_session* p_sess)$/;" f -+vsf_ftpdataio_post_mark_connect ftpdataio.c /^vsf_ftpdataio_post_mark_connect(struct vsf_session* p_sess)$/;" f -+vsf_ftpdataio_transfer_dir ftpdataio.c /^vsf_ftpdataio_transfer_dir(struct vsf_session* p_sess, int is_control,$/;" f -+vsf_ftpdataio_transfer_file ftpdataio.c /^vsf_ftpdataio_transfer_file(struct vsf_session* p_sess, int remote_fd,$/;" f -+vsf_insert_uwtmp sysdeputil.c /^vsf_insert_uwtmp(const struct mystr* p_user_str,$/;" f -+vsf_log_clear_entry logging.c /^vsf_log_clear_entry(struct vsf_session* p_sess)$/;" f -+vsf_log_common logging.c /^vsf_log_common(struct vsf_session* p_sess, int succeeded,$/;" f file: -+vsf_log_do_log logging.c /^vsf_log_do_log(struct vsf_session* p_sess, int succeeded)$/;" f -+vsf_log_do_log_to_file logging.c /^vsf_log_do_log_to_file(int fd, struct mystr* p_str)$/;" f file: -+vsf_log_do_log_vsftpd_format logging.c /^vsf_log_do_log_vsftpd_format(struct vsf_session* p_sess, struct mystr* p_str,$/;" f file: -+vsf_log_do_log_wuftpd_format logging.c /^vsf_log_do_log_wuftpd_format(struct vsf_session* p_sess, struct mystr* p_str,$/;" f file: -+vsf_log_entry_pending logging.c /^vsf_log_entry_pending(struct vsf_session* p_sess)$/;" f -+vsf_log_failed_line logging.c /^vsf_log_failed_line(struct vsf_session* p_sess, enum EVSFLogEntryType what,$/;" f -+vsf_log_init logging.c /^vsf_log_init(struct vsf_session* p_sess)$/;" f -+vsf_log_line logging.c /^vsf_log_line(struct vsf_session* p_sess, enum EVSFLogEntryType what,$/;" f -+vsf_log_start_entry logging.c /^vsf_log_start_entry(struct vsf_session* p_sess, enum EVSFLogEntryType what)$/;" f -+vsf_log_type_is_transfer logging.c /^vsf_log_type_is_transfer(enum EVSFLogEntryType type)$/;" f file: -+vsf_ls_populate_dir_list ls.c /^vsf_ls_populate_dir_list(struct mystr_list* p_list,$/;" f -+vsf_one_process_chown_upload oneprocess.c /^vsf_one_process_chown_upload(struct vsf_session* p_sess, int fd)$/;" f -+vsf_one_process_get_pasv_fd oneprocess.c /^vsf_one_process_get_pasv_fd(struct vsf_session* p_sess)$/;" f -+vsf_one_process_get_priv_data_sock oneprocess.c /^vsf_one_process_get_priv_data_sock(struct vsf_session* p_sess)$/;" f -+vsf_one_process_listen oneprocess.c /^vsf_one_process_listen(struct vsf_session* p_sess)$/;" f -+vsf_one_process_login oneprocess.c /^vsf_one_process_login(struct vsf_session* p_sess,$/;" f -+vsf_one_process_pasv_active oneprocess.c /^vsf_one_process_pasv_active(struct vsf_session* p_sess)$/;" f -+vsf_one_process_pasv_cleanup oneprocess.c /^vsf_one_process_pasv_cleanup(struct vsf_session* p_sess)$/;" f -+vsf_one_process_start oneprocess.c /^vsf_one_process_start(struct vsf_session* p_sess)$/;" f -+vsf_parseconf_load_file parseconf.c /^vsf_parseconf_load_file(const char* p_filename, int errs_fatal)$/;" f -+vsf_parseconf_load_setting parseconf.c /^vsf_parseconf_load_setting(const char* p_setting, int errs_fatal)$/;" f -+vsf_priv_parent_postlogin postprivparent.c /^vsf_priv_parent_postlogin(struct vsf_session* p_sess)$/;" f -+vsf_privop_accept_pasv privops.c /^vsf_privop_accept_pasv(struct vsf_session* p_sess)$/;" f -+vsf_privop_do_file_chown privops.c /^vsf_privop_do_file_chown(struct vsf_session* p_sess, int fd)$/;" f -+vsf_privop_do_login privops.c /^vsf_privop_do_login(struct vsf_session* p_sess,$/;" f -+vsf_privop_get_ftp_port_sock privops.c /^vsf_privop_get_ftp_port_sock(struct vsf_session* p_sess,$/;" f -+vsf_privop_pasv_active privops.c /^vsf_privop_pasv_active(struct vsf_session* p_sess)$/;" f -+vsf_privop_pasv_cleanup privops.c /^vsf_privop_pasv_cleanup(struct vsf_session* p_sess)$/;" f -+vsf_privop_pasv_listen privops.c /^vsf_privop_pasv_listen(struct vsf_session* p_sess)$/;" f -+vsf_remove_uwtmp sysdeputil.c /^vsf_remove_uwtmp(void)$/;" f -+vsf_secbuf_alloc secbuf.c /^vsf_secbuf_alloc(char** p_ptr, unsigned int size)$/;" f -+vsf_secbuf_free secbuf.c /^vsf_secbuf_free(char** p_ptr)$/;" f -+vsf_secutil_change_credentials secutil.c /^vsf_secutil_change_credentials(const struct mystr* p_user_str,$/;" f -+vsf_session session.h /^struct vsf_session$/;" s -+vsf_set_die_if_parent_dies sysdeputil.c /^vsf_set_die_if_parent_dies()$/;" f -+vsf_set_term_if_parent_dies sysdeputil.c /^vsf_set_term_if_parent_dies()$/;" f -+vsf_sighandle_t sysutil.h /^typedef void (*vsf_sighandle_t)(void*);$/;" t -+vsf_standalone_main standalone.c /^vsf_standalone_main(void)$/;" f -+vsf_sysdep_adopt_capabilities sysdeputil.c /^vsf_sysdep_adopt_capabilities(unsigned int caps)$/;" f -+vsf_sysdep_check_auth sysdeputil.c /^vsf_sysdep_check_auth(struct mystr* p_user_str,$/;" f -+vsf_sysdep_has_capabilities sysdeputil.c /^vsf_sysdep_has_capabilities(void)$/;" f -+vsf_sysdep_has_capabilities_as_non_root sysdeputil.c /^vsf_sysdep_has_capabilities_as_non_root(void)$/;" f -+vsf_sysdep_keep_capabilities sysdeputil.c /^vsf_sysdep_keep_capabilities(void)$/;" f -+vsf_sysutil_a_to_filesize_t sysutil.c /^vsf_sysutil_a_to_filesize_t(const char* p_str)$/;" f -+vsf_sysutil_accept_timeout sysutil.c /^vsf_sysutil_accept_timeout(int fd, struct vsf_sysutil_sockaddr* p_sockaddr,$/;" f -+vsf_sysutil_activate_keepalive sysutil.c /^vsf_sysutil_activate_keepalive(int fd)$/;" f -+vsf_sysutil_activate_linger sysutil.c /^vsf_sysutil_activate_linger(int fd)$/;" f -+vsf_sysutil_activate_noblock sysutil.c /^vsf_sysutil_activate_noblock(int fd)$/;" f -+vsf_sysutil_activate_oobinline sysutil.c /^vsf_sysutil_activate_oobinline(int fd)$/;" f -+vsf_sysutil_activate_reuseaddr sysutil.c /^vsf_sysutil_activate_reuseaddr(int fd)$/;" f -+vsf_sysutil_activate_sigurg sysutil.c /^vsf_sysutil_activate_sigurg(int fd)$/;" f -+vsf_sysutil_alloc_statbuf sysutil.c /^vsf_sysutil_alloc_statbuf(struct vsf_sysutil_statbuf** p_ptr)$/;" f file: -+vsf_sysutil_alrm_sighandler sysutil.c /^vsf_sysutil_alrm_sighandler(int signum)$/;" f file: -+vsf_sysutil_atoi sysutil.c /^vsf_sysutil_atoi(const char* p_str)$/;" f -+vsf_sysutil_bind sysutil.c /^vsf_sysutil_bind(int fd, const struct vsf_sysutil_sockaddr* p_sockptr)$/;" f -+vsf_sysutil_block_sig sysutil.c /^vsf_sysutil_block_sig(const enum EVSFSysUtilSignal sig)$/;" f -+vsf_sysutil_chdir sysutil.c /^vsf_sysutil_chdir(const char* p_dirname)$/;" f -+vsf_sysutil_check_pending_actions sysutil.c /^vsf_sysutil_check_pending_actions($/;" f -+vsf_sysutil_chmod sysutil.c /^vsf_sysutil_chmod(const char* p_filename, unsigned int mode)$/;" f -+vsf_sysutil_chroot sysutil.c /^vsf_sysutil_chroot(const char* p_root_path)$/;" f -+vsf_sysutil_clear_alarm sysutil.c /^vsf_sysutil_clear_alarm(void)$/;" f -+vsf_sysutil_clear_supp_groups sysutil.c /^vsf_sysutil_clear_supp_groups(void)$/;" f -+vsf_sysutil_close sysutil.c /^vsf_sysutil_close(int fd)$/;" f -+vsf_sysutil_close_failok sysutil.c /^vsf_sysutil_close_failok(int fd)$/;" f -+vsf_sysutil_closedir sysutil.c /^vsf_sysutil_closedir(struct vsf_sysutil_dir* p_dir)$/;" f -+vsf_sysutil_closelog sysutil.c /^vsf_sysutil_closelog(void)$/;" f -+vsf_sysutil_common_sighandler sysutil.c /^vsf_sysutil_common_sighandler(int signum)$/;" f file: -+vsf_sysutil_connect_timeout sysutil.c /^vsf_sysutil_connect_timeout(int fd, const struct vsf_sysutil_sockaddr* p_addr,$/;" f -+vsf_sysutil_create_file_exclusive sysutil.c /^vsf_sysutil_create_file_exclusive(const char* p_filename)$/;" f -+vsf_sysutil_create_or_open_file sysutil.c /^vsf_sysutil_create_or_open_file(const char* p_filename, unsigned int mode)$/;" f -+vsf_sysutil_create_or_open_file_append sysutil.c /^vsf_sysutil_create_or_open_file_append(const char* p_filename,$/;" f -+vsf_sysutil_deactivate_linger_failok sysutil.c /^vsf_sysutil_deactivate_linger_failok(int fd)$/;" f -+vsf_sysutil_deactivate_noblock sysutil.c /^vsf_sysutil_deactivate_noblock(int fd)$/;" f -+vsf_sysutil_default_sig sysutil.c /^vsf_sysutil_default_sig(const enum EVSFSysUtilSignal sig)$/;" f -+vsf_sysutil_dir_stat sysutil.c /^vsf_sysutil_dir_stat(const struct vsf_sysutil_dir* p_dir,$/;" f -+vsf_sysutil_dns_resolve sysutil.c /^vsf_sysutil_dns_resolve(struct vsf_sysutil_sockaddr** p_sockptr,$/;" f -+vsf_sysutil_double_to_str sysutil.c /^vsf_sysutil_double_to_str(double the_double)$/;" f -+vsf_sysutil_dupfd2 sysutil.c /^vsf_sysutil_dupfd2(int old_fd, int new_fd)$/;" f -+vsf_sysutil_exit sysutil.c /^vsf_sysutil_exit(int exit_code)$/;" f -+vsf_sysutil_fchmod sysutil.c /^vsf_sysutil_fchmod(const int fd, unsigned int mode)$/;" f -+vsf_sysutil_fchown sysutil.c /^vsf_sysutil_fchown(const int fd, const unsigned int uid, const unsigned int gid)$/;" f -+vsf_sysutil_filesize_t_to_str sysutil.c /^vsf_sysutil_filesize_t_to_str(filesize_t the_filesize)$/;" f -+vsf_sysutil_fork sysutil.c /^vsf_sysutil_fork(void)$/;" f -+vsf_sysutil_fork_failok sysutil.c /^vsf_sysutil_fork_failok(void)$/;" f -+vsf_sysutil_fork_isolate_all_failok sysdeputil.c /^vsf_sysutil_fork_isolate_all_failok()$/;" f -+vsf_sysutil_fork_isolate_failok sysdeputil.c /^vsf_sysutil_fork_isolate_failok()$/;" f -+vsf_sysutil_fork_newnet sysdeputil.c /^vsf_sysutil_fork_newnet()$/;" f -+vsf_sysutil_free sysutil.c /^vsf_sysutil_free(void* p_ptr)$/;" f -+vsf_sysutil_fstat sysutil.c /^vsf_sysutil_fstat(int fd, struct vsf_sysutil_statbuf** p_ptr)$/;" f -+vsf_sysutil_ftruncate sysutil.c /^vsf_sysutil_ftruncate(int fd)$/;" f -+vsf_sysutil_get_current_date sysutil.c /^vsf_sysutil_get_current_date(void)$/;" f -+vsf_sysutil_get_error sysutil.c /^vsf_sysutil_get_error(void)$/;" f -+vsf_sysutil_get_file_offset sysutil.c /^vsf_sysutil_get_file_offset(const int file_fd)$/;" f -+vsf_sysutil_get_ipaddr_size sysutil.c /^vsf_sysutil_get_ipaddr_size(void)$/;" f -+vsf_sysutil_get_ipsock sysutil.c /^vsf_sysutil_get_ipsock(const struct vsf_sysutil_sockaddr* p_addr)$/;" f -+vsf_sysutil_get_ipv4_sock sysutil.c /^vsf_sysutil_get_ipv4_sock(void)$/;" f -+vsf_sysutil_get_ipv6_sock sysutil.c /^vsf_sysutil_get_ipv6_sock(void)$/;" f -+vsf_sysutil_get_random_byte sysutil.c /^vsf_sysutil_get_random_byte(void)$/;" f -+vsf_sysutil_get_time_sec sysutil.c /^vsf_sysutil_get_time_sec(void)$/;" f -+vsf_sysutil_get_time_usec sysutil.c /^vsf_sysutil_get_time_usec(void)$/;" f -+vsf_sysutil_get_tz sysutil.c /^char* vsf_sysutil_get_tz()$/;" f -+vsf_sysutil_get_umask sysutil.c /^vsf_sysutil_get_umask(void)$/;" f -+vsf_sysutil_getcwd sysutil.c /^vsf_sysutil_getcwd(char* p_dest, const unsigned int buf_size)$/;" f -+vsf_sysutil_getegid sysutil.c /^vsf_sysutil_getegid(void)$/;" f -+vsf_sysutil_getenv sysutil.c /^vsf_sysutil_getenv(const char* p_var)$/;" f -+vsf_sysutil_geteuid sysutil.c /^vsf_sysutil_geteuid(void)$/;" f -+vsf_sysutil_getgrgid sysutil.c /^vsf_sysutil_getgrgid(const unsigned int gid)$/;" f -+vsf_sysutil_getpagesize sysutil.c /^vsf_sysutil_getpagesize(void)$/;" f -+vsf_sysutil_getpeername sysutil.c /^vsf_sysutil_getpeername(int fd, struct vsf_sysutil_sockaddr** p_sockptr)$/;" f -+vsf_sysutil_getpid sysutil.c /^vsf_sysutil_getpid(void)$/;" f -+vsf_sysutil_getpid_nocache sysdeputil.c /^vsf_sysutil_getpid_nocache(void)$/;" f -+vsf_sysutil_getppid sysutil.c /^vsf_sysutil_getppid(void)$/;" f -+vsf_sysutil_getpwnam sysutil.c /^vsf_sysutil_getpwnam(const char* p_user)$/;" f -+vsf_sysutil_getpwuid sysutil.c /^vsf_sysutil_getpwuid(const unsigned int uid)$/;" f -+vsf_sysutil_getsockname sysutil.c /^vsf_sysutil_getsockname(int fd, struct vsf_sysutil_sockaddr** p_sockptr)$/;" f -+vsf_sysutil_getuid sysutil.c /^vsf_sysutil_getuid(void)$/;" f -+vsf_sysutil_group_getname sysutil.c /^vsf_sysutil_group_getname(const struct vsf_sysutil_group* p_group)$/;" f -+vsf_sysutil_inet_aton sysutil.c /^vsf_sysutil_inet_aton(const char* p_text, struct vsf_sysutil_sockaddr* p_addr)$/;" f -+vsf_sysutil_inet_ntoa sysutil.c /^vsf_sysutil_inet_ntoa(const void* p_raw_addr)$/;" f -+vsf_sysutil_inet_ntop sysutil.c /^vsf_sysutil_inet_ntop(const struct vsf_sysutil_sockaddr* p_sockptr)$/;" f -+vsf_sysutil_initgroups sysutil.c /^vsf_sysutil_initgroups(const struct vsf_sysutil_user* p_user)$/;" f -+vsf_sysutil_install_async_sighandler sysutil.c /^vsf_sysutil_install_async_sighandler(const enum EVSFSysUtilSignal sig,$/;" f -+vsf_sysutil_install_io_handler sysutil.c /^vsf_sysutil_install_io_handler(vsf_context_io_t handler, void* p_private)$/;" f -+vsf_sysutil_install_null_sighandler sysutil.c /^vsf_sysutil_install_null_sighandler(const enum EVSFSysUtilSignal sig)$/;" f -+vsf_sysutil_install_sighandler sysutil.c /^vsf_sysutil_install_sighandler(const enum EVSFSysUtilSignal sig,$/;" f -+vsf_sysutil_is_port_reserved sysutil.c /^vsf_sysutil_is_port_reserved(unsigned short the_port)$/;" f -+vsf_sysutil_isalnum sysutil.c /^vsf_sysutil_isalnum(int the_char)$/;" f -+vsf_sysutil_isdigit sysutil.c /^vsf_sysutil_isdigit(int the_char)$/;" f -+vsf_sysutil_isprint sysutil.c /^vsf_sysutil_isprint(int the_char)$/;" f -+vsf_sysutil_isspace sysutil.c /^vsf_sysutil_isspace(int the_char)$/;" f -+vsf_sysutil_kill sysutil.c /^vsf_sysutil_kill(int pid, int sig)$/;" f -+vsf_sysutil_listen sysutil.c /^vsf_sysutil_listen(int fd, const unsigned int backlog)$/;" f -+vsf_sysutil_lock_file_read sysutil.c /^vsf_sysutil_lock_file_read(int fd)$/;" f -+vsf_sysutil_lock_file_write sysutil.c /^vsf_sysutil_lock_file_write(int fd)$/;" f -+vsf_sysutil_lseek_end sysutil.c /^vsf_sysutil_lseek_end(const int fd)$/;" f -+vsf_sysutil_lseek_to sysutil.c /^vsf_sysutil_lseek_to(const int fd, filesize_t seek_pos)$/;" f -+vsf_sysutil_lstat sysutil.c /^vsf_sysutil_lstat(const char* p_name, struct vsf_sysutil_statbuf** p_ptr)$/;" f -+vsf_sysutil_make_session_leader sysutil.c /^vsf_sysutil_make_session_leader(void)$/;" f -+vsf_sysutil_malloc sysutil.c /^vsf_sysutil_malloc(unsigned int size)$/;" f -+vsf_sysutil_map_anon_pages sysdeputil.c /^vsf_sysutil_map_anon_pages(unsigned int length)$/;" f -+vsf_sysutil_map_anon_pages_init sysdeputil.c /^vsf_sysutil_map_anon_pages_init(void)$/;" f -+vsf_sysutil_memclr sysutil.c /^vsf_sysutil_memclr(void* p_dest, unsigned int size)$/;" f -+vsf_sysutil_memcmp sysutil.c /^vsf_sysutil_memcmp(const void* p_src1, const void* p_src2, unsigned int size)$/;" f -+vsf_sysutil_memcpy sysutil.c /^vsf_sysutil_memcpy(void* p_dest, const void* p_src, const unsigned int size)$/;" f -+vsf_sysutil_memprotect sysutil.c /^vsf_sysutil_memprotect(void* p_addr, unsigned int len,$/;" f -+vsf_sysutil_memunmap sysutil.c /^vsf_sysutil_memunmap(void* p_start, unsigned int length)$/;" f -+vsf_sysutil_mkdir sysutil.c /^vsf_sysutil_mkdir(const char* p_dirname, const unsigned int mode)$/;" f -+vsf_sysutil_next_dirent sysutil.c /^vsf_sysutil_next_dirent(struct vsf_sysutil_dir* p_dir)$/;" f -+vsf_sysutil_octal_to_uint sysutil.c /^vsf_sysutil_octal_to_uint(const char* p_str)$/;" f -+vsf_sysutil_open_file sysutil.c /^vsf_sysutil_open_file(const char* p_filename,$/;" f -+vsf_sysutil_opendir sysutil.c /^vsf_sysutil_opendir(const char* p_dirname)$/;" f -+vsf_sysutil_openlog sysutil.c /^vsf_sysutil_openlog(int force)$/;" f -+vsf_sysutil_parse_ipv4 ipaddrparse.c /^vsf_sysutil_parse_ipv4(const struct mystr* p_str)$/;" f -+vsf_sysutil_parse_ipv6 ipaddrparse.c /^vsf_sysutil_parse_ipv6(const struct mystr* p_str)$/;" f -+vsf_sysutil_parse_time sysutil.c /^vsf_sysutil_parse_time(const char* p_text)$/;" f -+vsf_sysutil_parse_uchar_string_sep ipaddrparse.c /^vsf_sysutil_parse_uchar_string_sep($/;" f -+vsf_sysutil_pause sysutil.c /^vsf_sysutil_pause()$/;" f -+vsf_sysutil_post_fork sysutil.c /^vsf_sysutil_post_fork()$/;" f -+vsf_sysutil_qsort sysutil.c /^vsf_sysutil_qsort(void* p_base, unsigned int num_elem, unsigned int elem_size,$/;" f -+vsf_sysutil_read sysutil.c /^vsf_sysutil_read(const int fd, void* p_buf, const unsigned int size)$/;" f -+vsf_sysutil_read_loop sysutil.c /^vsf_sysutil_read_loop(const int fd, void* p_buf, unsigned int size)$/;" f -+vsf_sysutil_readlink sysutil.c /^vsf_sysutil_readlink(const char* p_filename, char* p_dest, unsigned int bufsiz)$/;" f -+vsf_sysutil_realloc sysutil.c /^vsf_sysutil_realloc(void* p_ptr, unsigned int size)$/;" f -+vsf_sysutil_recv_fd sysdeputil.c /^vsf_sysutil_recv_fd(const int sock_fd)$/;" f -+vsf_sysutil_recv_fd sysdeputil.c /^vsf_sysutil_recv_fd(int sock_fd)$/;" f -+vsf_sysutil_recv_peek sysutil.c /^vsf_sysutil_recv_peek(const int fd, void* p_buf, unsigned int len)$/;" f -+vsf_sysutil_rename sysutil.c /^vsf_sysutil_rename(const char* p_from, const char* p_to)$/;" f -+vsf_sysutil_reopen_standard_fds sysutil.c /^vsf_sysutil_reopen_standard_fds(void)$/;" f -+vsf_sysutil_retval_is_error sysutil.c /^vsf_sysutil_retval_is_error(int retval)$/;" f -+vsf_sysutil_rmdir sysutil.c /^vsf_sysutil_rmdir(const char* p_dirname)$/;" f -+vsf_sysutil_running_as_root sysutil.c /^vsf_sysutil_running_as_root(void)$/;" f -+vsf_sysutil_send_fd sysdeputil.c /^vsf_sysutil_send_fd(int sock_fd, int send_fd)$/;" f -+vsf_sysutil_sendfile sysdeputil.c /^vsf_sysutil_sendfile(const int out_fd, const int in_fd,$/;" f -+vsf_sysutil_set_address_space_limit sysutil.c /^vsf_sysutil_set_address_space_limit(unsigned long bytes)$/;" f -+vsf_sysutil_set_alarm sysutil.c /^vsf_sysutil_set_alarm(const unsigned int trigger_seconds)$/;" f -+vsf_sysutil_set_exit_func sysutil.c /^vsf_sysutil_set_exit_func(exitfunc_t exitfunc)$/;" f -+vsf_sysutil_set_iptos_throughput sysutil.c /^vsf_sysutil_set_iptos_throughput(int fd)$/;" f -+vsf_sysutil_set_no_fds sysutil.c /^vsf_sysutil_set_no_fds()$/;" f -+vsf_sysutil_set_no_procs sysutil.c /^vsf_sysutil_set_no_procs()$/;" f -+vsf_sysutil_set_nodelay sysutil.c /^vsf_sysutil_set_nodelay(int fd)$/;" f -+vsf_sysutil_set_proctitle_prefix sysdeputil.c /^vsf_sysutil_set_proctitle_prefix(const struct mystr* p_str)$/;" f -+vsf_sysutil_set_sighandler sysutil.c /^vsf_sysutil_set_sighandler(int sig, void (*p_handlefunc)(int))$/;" f file: -+vsf_sysutil_set_umask sysutil.c /^vsf_sysutil_set_umask(unsigned int new_umask)$/;" f -+vsf_sysutil_setegid sysutil.c /^vsf_sysutil_setegid(const struct vsf_sysutil_user* p_user)$/;" f -+vsf_sysutil_setegid_numeric sysutil.c /^vsf_sysutil_setegid_numeric(int gid)$/;" f -+vsf_sysutil_seteuid sysutil.c /^vsf_sysutil_seteuid(const struct vsf_sysutil_user* p_user)$/;" f -+vsf_sysutil_seteuid_numeric sysutil.c /^vsf_sysutil_seteuid_numeric(int uid)$/;" f -+vsf_sysutil_setgid sysutil.c /^vsf_sysutil_setgid(const struct vsf_sysutil_user* p_user)$/;" f -+vsf_sysutil_setgid_numeric sysutil.c /^vsf_sysutil_setgid_numeric(int gid)$/;" f -+vsf_sysutil_setmodtime sysutil.c /^vsf_sysutil_setmodtime(const char* p_file, long the_time, int is_localtime)$/;" f -+vsf_sysutil_setproctitle sysdeputil.c /^vsf_sysutil_setproctitle(const char* p_text)$/;" f -+vsf_sysutil_setproctitle_init sysdeputil.c /^vsf_sysutil_setproctitle_init(int argc, const char* argv[])$/;" f -+vsf_sysutil_setproctitle_internal sysdeputil.c /^vsf_sysutil_setproctitle_internal(const char* p_buf)$/;" f -+vsf_sysutil_setproctitle_str sysdeputil.c /^vsf_sysutil_setproctitle_str(const struct mystr* p_str)$/;" f -+vsf_sysutil_setuid sysutil.c /^vsf_sysutil_setuid(const struct vsf_sysutil_user* p_user)$/;" f -+vsf_sysutil_setuid_numeric sysutil.c /^vsf_sysutil_setuid_numeric(int uid)$/;" f -+vsf_sysutil_shutdown_failok sysutil.c /^vsf_sysutil_shutdown_failok(int fd)$/;" f -+vsf_sysutil_shutdown_read_failok sysutil.c /^vsf_sysutil_shutdown_read_failok(int fd)$/;" f -+vsf_sysutil_sig_details sysutil.c /^static struct vsf_sysutil_sig_details$/;" s file: -+vsf_sysutil_sigaction sysutil.c /^vsf_sysutil_sigaction(const enum EVSFSysUtilSignal sig, void (*p_handlefunc)(int))$/;" f -+vsf_sysutil_sleep sysutil.c /^vsf_sysutil_sleep(double seconds)$/;" f -+vsf_sysutil_sockaddr sysutil.c /^struct vsf_sysutil_sockaddr$/;" s file: -+vsf_sysutil_sockaddr_addr_equal sysutil.c /^vsf_sysutil_sockaddr_addr_equal(const struct vsf_sysutil_sockaddr* p1,$/;" f -+vsf_sysutil_sockaddr_alloc sysutil.c /^vsf_sysutil_sockaddr_alloc(struct vsf_sysutil_sockaddr** p_sockptr)$/;" f -+vsf_sysutil_sockaddr_alloc_ipv4 sysutil.c /^vsf_sysutil_sockaddr_alloc_ipv4(struct vsf_sysutil_sockaddr** p_sockptr)$/;" f -+vsf_sysutil_sockaddr_alloc_ipv6 sysutil.c /^vsf_sysutil_sockaddr_alloc_ipv6(struct vsf_sysutil_sockaddr** p_sockptr)$/;" f -+vsf_sysutil_sockaddr_clear sysutil.c /^vsf_sysutil_sockaddr_clear(struct vsf_sysutil_sockaddr** p_sockptr)$/;" f -+vsf_sysutil_sockaddr_clone sysutil.c /^vsf_sysutil_sockaddr_clone(struct vsf_sysutil_sockaddr** p_sockptr,$/;" f -+vsf_sysutil_sockaddr_get_port sysutil.c /^vsf_sysutil_sockaddr_get_port(const struct vsf_sysutil_sockaddr* p_sockptr)$/;" f -+vsf_sysutil_sockaddr_get_raw_addr sysutil.c /^vsf_sysutil_sockaddr_get_raw_addr(struct vsf_sysutil_sockaddr* p_sockptr)$/;" f -+vsf_sysutil_sockaddr_ipv4_v6 sysutil.c /^vsf_sysutil_sockaddr_ipv4_v6(const struct vsf_sysutil_sockaddr* p_addr)$/;" f -+vsf_sysutil_sockaddr_ipv6_v4 sysutil.c /^vsf_sysutil_sockaddr_ipv6_v4(const struct vsf_sysutil_sockaddr* p_addr)$/;" f -+vsf_sysutil_sockaddr_is_ipv6 sysutil.c /^vsf_sysutil_sockaddr_is_ipv6(const struct vsf_sysutil_sockaddr* p_sockaddr)$/;" f -+vsf_sysutil_sockaddr_set_any sysutil.c /^vsf_sysutil_sockaddr_set_any(struct vsf_sysutil_sockaddr* p_sockaddr)$/;" f -+vsf_sysutil_sockaddr_set_ipv4addr sysutil.c /^vsf_sysutil_sockaddr_set_ipv4addr(struct vsf_sysutil_sockaddr* p_sockptr,$/;" f -+vsf_sysutil_sockaddr_set_ipv6addr sysutil.c /^vsf_sysutil_sockaddr_set_ipv6addr(struct vsf_sysutil_sockaddr* p_sockptr,$/;" f -+vsf_sysutil_sockaddr_set_port sysutil.c /^vsf_sysutil_sockaddr_set_port(struct vsf_sysutil_sockaddr* p_sockptr,$/;" f -+vsf_sysutil_socketpair_retval sysutil.h /^struct vsf_sysutil_socketpair_retval$/;" s -+vsf_sysutil_stat sysutil.c /^vsf_sysutil_stat(const char* p_name, struct vsf_sysutil_statbuf** p_ptr)$/;" f -+vsf_sysutil_statbuf_get_date sysutil.c /^vsf_sysutil_statbuf_get_date(const struct vsf_sysutil_statbuf* p_statbuf,$/;" f -+vsf_sysutil_statbuf_get_gid sysutil.c /^vsf_sysutil_statbuf_get_gid(const struct vsf_sysutil_statbuf* p_statbuf)$/;" f -+vsf_sysutil_statbuf_get_links sysutil.c /^vsf_sysutil_statbuf_get_links(const struct vsf_sysutil_statbuf* p_statbuf)$/;" f -+vsf_sysutil_statbuf_get_numeric_date sysutil.c /^vsf_sysutil_statbuf_get_numeric_date($/;" f -+vsf_sysutil_statbuf_get_perms sysutil.c /^vsf_sysutil_statbuf_get_perms(const struct vsf_sysutil_statbuf* p_statbuf)$/;" f -+vsf_sysutil_statbuf_get_size sysutil.c /^vsf_sysutil_statbuf_get_size(const struct vsf_sysutil_statbuf* p_statbuf)$/;" f -+vsf_sysutil_statbuf_get_sortkey_mtime sysutil.c /^vsf_sysutil_statbuf_get_sortkey_mtime($/;" f -+vsf_sysutil_statbuf_get_uid sysutil.c /^vsf_sysutil_statbuf_get_uid(const struct vsf_sysutil_statbuf* p_statbuf)$/;" f -+vsf_sysutil_statbuf_is_dir sysutil.c /^vsf_sysutil_statbuf_is_dir(const struct vsf_sysutil_statbuf* p_stat)$/;" f -+vsf_sysutil_statbuf_is_readable_other sysutil.c /^vsf_sysutil_statbuf_is_readable_other($/;" f -+vsf_sysutil_statbuf_is_regfile sysutil.c /^vsf_sysutil_statbuf_is_regfile(const struct vsf_sysutil_statbuf* p_stat)$/;" f -+vsf_sysutil_statbuf_is_socket sysutil.c /^vsf_sysutil_statbuf_is_socket(const struct vsf_sysutil_statbuf* p_stat)$/;" f -+vsf_sysutil_statbuf_is_symlink sysutil.c /^vsf_sysutil_statbuf_is_symlink(const struct vsf_sysutil_statbuf* p_stat)$/;" f -+vsf_sysutil_strcmp sysutil.c /^vsf_sysutil_strcmp(const char* p_src1, const char* p_src2)$/;" f -+vsf_sysutil_strcpy sysutil.c /^vsf_sysutil_strcpy(char* p_dest, const char* p_src, unsigned int maxsize)$/;" f -+vsf_sysutil_strdup sysutil.c /^vsf_sysutil_strdup(const char* p_str)$/;" f -+vsf_sysutil_strlen sysutil.c /^vsf_sysutil_strlen(const char* p_text)$/;" f -+vsf_sysutil_strndup sysutil.c /^vsf_sysutil_strndup(const char* p_str, unsigned int p_len)$/;" f -+vsf_sysutil_syslog sysutil.c /^vsf_sysutil_syslog(const char* p_text, int severe)$/;" f -+vsf_sysutil_toupper sysutil.c /^vsf_sysutil_toupper(int the_char)$/;" f -+vsf_sysutil_translate_memprot sysutil.c /^vsf_sysutil_translate_memprot(const enum EVSFSysUtilMapPermission perm)$/;" f file: -+vsf_sysutil_translate_openmode sysutil.c /^vsf_sysutil_translate_openmode(const enum EVSFSysUtilOpenMode mode)$/;" f file: -+vsf_sysutil_translate_sig sysutil.c /^vsf_sysutil_translate_sig(const enum EVSFSysUtilSignal sig)$/;" f file: -+vsf_sysutil_tzset sysutil.c /^vsf_sysutil_tzset(void)$/;" f -+vsf_sysutil_uint_to_octal sysutil.c /^vsf_sysutil_uint_to_octal(unsigned int the_uint)$/;" f -+vsf_sysutil_ulong_to_str sysutil.c /^vsf_sysutil_ulong_to_str(unsigned long the_ulong)$/;" f -+vsf_sysutil_unblock_sig sysutil.c /^vsf_sysutil_unblock_sig(const enum EVSFSysUtilSignal sig)$/;" f -+vsf_sysutil_uninstall_io_handler sysutil.c /^vsf_sysutil_uninstall_io_handler(void)$/;" f -+vsf_sysutil_unix_stream_socketpair sysutil.c /^vsf_sysutil_unix_stream_socketpair(void)$/;" f -+vsf_sysutil_unlink sysutil.c /^vsf_sysutil_unlink(const char* p_dead)$/;" f -+vsf_sysutil_unlock_file sysutil.c /^vsf_sysutil_unlock_file(int fd)$/;" f -+vsf_sysutil_user_get_homedir sysutil.c /^vsf_sysutil_user_get_homedir(const struct vsf_sysutil_user* p_user)$/;" f -+vsf_sysutil_user_getgid sysutil.c /^vsf_sysutil_user_getgid(const struct vsf_sysutil_user* p_user)$/;" f -+vsf_sysutil_user_getname sysutil.c /^vsf_sysutil_user_getname(const struct vsf_sysutil_user* p_user)$/;" f -+vsf_sysutil_user_getuid sysutil.c /^vsf_sysutil_user_getuid(const struct vsf_sysutil_user* p_user)$/;" f -+vsf_sysutil_wait sysutil.c /^vsf_sysutil_wait(void)$/;" f -+vsf_sysutil_wait_exited_normally sysutil.c /^vsf_sysutil_wait_exited_normally($/;" f -+vsf_sysutil_wait_get_exitcode sysutil.c /^vsf_sysutil_wait_get_exitcode(const struct vsf_sysutil_wait_retval* p_waitret)$/;" f -+vsf_sysutil_wait_get_retval sysutil.c /^vsf_sysutil_wait_get_retval(const struct vsf_sysutil_wait_retval* p_waitret)$/;" f -+vsf_sysutil_wait_reap_one sysutil.c /^vsf_sysutil_wait_reap_one(void)$/;" f -+vsf_sysutil_wait_retval sysutil.h /^struct vsf_sysutil_wait_retval$/;" s -+vsf_sysutil_write sysutil.c /^vsf_sysutil_write(const int fd, const void* p_buf, const unsigned int size)$/;" f -+vsf_sysutil_write_access sysutil.c /^vsf_sysutil_write_access(const char* p_filename)$/;" f -+vsf_sysutil_write_loop sysutil.c /^vsf_sysutil_write_loop(const int fd, const void* p_buf, unsigned int size)$/;" f -+vsf_tcp_wrapper_ok tcpwrap.c /^vsf_tcp_wrapper_ok(int remote_fd)$/;" f -+vsf_transfer_ret ftpdataio.h /^struct vsf_transfer_ret$/;" s -+vsf_two_process_chown_upload twoprocess.c /^vsf_two_process_chown_upload(struct vsf_session* p_sess, int fd)$/;" f -+vsf_two_process_get_pasv_fd twoprocess.c /^vsf_two_process_get_pasv_fd(struct vsf_session* p_sess)$/;" f -+vsf_two_process_get_priv_data_sock twoprocess.c /^vsf_two_process_get_priv_data_sock(struct vsf_session* p_sess)$/;" f -+vsf_two_process_listen twoprocess.c /^vsf_two_process_listen(struct vsf_session* p_sess)$/;" f -+vsf_two_process_login twoprocess.c /^vsf_two_process_login(struct vsf_session* p_sess,$/;" f -+vsf_two_process_pasv_active twoprocess.c /^vsf_two_process_pasv_active(struct vsf_session* p_sess)$/;" f -+vsf_two_process_pasv_cleanup twoprocess.c /^vsf_two_process_pasv_cleanup(struct vsf_session* p_sess)$/;" f -+vsf_two_process_start twoprocess.c /^vsf_two_process_start(struct vsf_session* p_sess)$/;" f -+vsftpd_log_fd session.h /^ int vsftpd_log_fd;$/;" m struct:vsf_session -+write_dir_list ftpdataio.c /^write_dir_list(struct vsf_session* p_sess, struct mystr_list* p_dir_list,$/;" f file: -+write_event_fd ptracesandbox.c /^ int write_event_fd;$/;" m struct:pt_sandbox file: -+xferlog_fd session.h /^ int xferlog_fd;$/;" m struct:vsf_session -- 2.5.0 From 8d113be5023bcc5625fa0ee5167198d7305eadc3 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Fri, 8 Apr 2016 15:10:28 +0200 Subject: [PATCH 06/85] Applied patches: - Readd seccomp disabled by default - vsftpd local_max_rate option doesn't work as expected - The vsftpd hangs in a SIGCHLD handler when the pam_exec.so is used in pam.d - configuration - The vsftpd doesn't remove failed upload when the delete_failed_uploads is - enabled and the network cable is unplagged - man pages bug - vsftpd segfaults in vsf_sysutil_strndup - Fix logging when syslog is used --- vsftpd-2.2.2-blank-chars-overflow.patch | 25 +++++ vsftpd-2.2.2-man-pages.patch | 26 +++++ vsftpd-2.2.2-syslog.patch | 25 +++++ vsftpd-3.0.2-del-upl.patch | 136 ++++++++++++++++++++++++ vsftpd-3.0.2-mrate.patch | 89 ++++++++++++++++ vsftpd-3.0.2-seccomp.patch | 25 +++++ vsftpd-3.0.2-wnohang.patch | 79 ++++++++++++++ vsftpd.spec | 30 +++++- 8 files changed, 434 insertions(+), 1 deletion(-) create mode 100644 vsftpd-2.2.2-blank-chars-overflow.patch create mode 100644 vsftpd-2.2.2-man-pages.patch create mode 100644 vsftpd-2.2.2-syslog.patch create mode 100644 vsftpd-3.0.2-del-upl.patch create mode 100644 vsftpd-3.0.2-mrate.patch create mode 100644 vsftpd-3.0.2-seccomp.patch create mode 100644 vsftpd-3.0.2-wnohang.patch diff --git a/vsftpd-2.2.2-blank-chars-overflow.patch b/vsftpd-2.2.2-blank-chars-overflow.patch new file mode 100644 index 0000000..c558db0 --- /dev/null +++ b/vsftpd-2.2.2-blank-chars-overflow.patch @@ -0,0 +1,25 @@ +From c7cbcc64c824d1a2a60f8d81c26d5c8215463623 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Fri, 8 Apr 2016 15:05:06 +0200 +Subject: [PATCH 6/7] vsftpd-2.2.2-blank-chars-overflow + +--- + str.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/str.c b/str.c +index 41b27db..82b8ae4 100644 +--- a/str.c ++++ b/str.c +@@ -113,7 +113,7 @@ str_strdup_trimmed(const struct mystr* p_str) + for (h = 0; h < (int)str_getlen(p_str) && vsf_sysutil_isspace(p_trimmed[h]); h++) ; + for (t = str_getlen(p_str) - 1; t >= 0 && vsf_sysutil_isspace(p_trimmed[t]); t--) ; + newlen = t - h + 1; +- return newlen ? vsf_sysutil_strndup(p_trimmed+h, (unsigned int)newlen) : 0L; ++ return (newlen > 0) ? vsf_sysutil_strndup(p_trimmed+h, (unsigned int)newlen) : 0L; + } + + void +-- +2.5.5 + diff --git a/vsftpd-2.2.2-man-pages.patch b/vsftpd-2.2.2-man-pages.patch new file mode 100644 index 0000000..d59104a --- /dev/null +++ b/vsftpd-2.2.2-man-pages.patch @@ -0,0 +1,26 @@ +From ab49bde79f81a422629210c23ccc83bc4e14ad2a Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Fri, 8 Apr 2016 15:03:16 +0200 +Subject: [PATCH 5/7] vsftpd-2.2.2-man-pages + +--- + vsftpd.conf.5 | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index 7a8f130..45cd3c0 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -495,7 +495,8 @@ Default: NO + .TP + .B ssl_request_cert + If enabled, vsftpd will request (but not necessarily require; see +-.BR require_cert) a certificate on incoming SSL connections. Normally this ++.BR require_cert ) ++a certificate on incoming SSL connections. Normally this + should not cause any trouble at all, but IBM zOS seems to have issues. + (New in v2.0.7). + +-- +2.5.5 + diff --git a/vsftpd-2.2.2-syslog.patch b/vsftpd-2.2.2-syslog.patch new file mode 100644 index 0000000..d92cdae --- /dev/null +++ b/vsftpd-2.2.2-syslog.patch @@ -0,0 +1,25 @@ +From a480a9659fb0cab1c44006f6c06013e6e7f78948 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Fri, 8 Apr 2016 15:05:53 +0200 +Subject: [PATCH 7/7] vsftpd-2.2.2-syslog + +--- + logging.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/logging.c b/logging.c +index 99671b4..c4461f7 100644 +--- a/logging.c ++++ b/logging.c +@@ -32,7 +32,7 @@ vsf_log_init(struct vsf_session* p_sess) + { + if (tunable_syslog_enable || tunable_tcp_wrappers) + { +- vsf_sysutil_openlog(1); ++ vsf_sysutil_openlog(0); + } + if (!tunable_xferlog_enable && !tunable_dual_log_enable) + { +-- +2.5.5 + diff --git a/vsftpd-3.0.2-del-upl.patch b/vsftpd-3.0.2-del-upl.patch new file mode 100644 index 0000000..e1216a8 --- /dev/null +++ b/vsftpd-3.0.2-del-upl.patch @@ -0,0 +1,136 @@ +From 9be8a4188420bba2075eacf9aea8fa26b6ebdcc5 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Fri, 8 Apr 2016 15:03:16 +0200 +Subject: [PATCH 4/7] vsftpd-3.0.2-del-upl + +--- + ftpcodes.h | 3 ++- + ftpdataio.c | 8 ++++++++ + main.c | 2 +- + postlogin.c | 9 ++++++++- + session.h | 1 + + sysutil.c | 10 ++++++++++ + sysutil.h | 1 + + 7 files changed, 31 insertions(+), 3 deletions(-) + +diff --git a/ftpcodes.h b/ftpcodes.h +index 3950f92..97801f3 100644 +--- a/ftpcodes.h ++++ b/ftpcodes.h +@@ -15,7 +15,8 @@ + #define FTP_PBSZOK 200 + #define FTP_PROTOK 200 + #define FTP_OPTSOK 200 +-#define FTP_ALLOOK 202 ++#define FTP_ALLOOK 200 ++#define FTP_ALLOIGN 202 + #define FTP_FEAT 211 + #define FTP_STATOK 211 + #define FTP_SIZEOK 213 +diff --git a/ftpdataio.c b/ftpdataio.c +index 00f9021..c859d80 100644 +--- a/ftpdataio.c ++++ b/ftpdataio.c +@@ -242,6 +242,10 @@ init_data_sock_params(struct vsf_session* p_sess, int sock_fd) + /* Start the timeout monitor */ + vsf_sysutil_install_io_handler(handle_io, p_sess); + start_data_alarm(p_sess); ++ if(tunable_delete_failed_uploads) ++ { ++ vsf_sysutil_rcvtimeo(sock_fd); ++ } + } + + static void +@@ -615,6 +619,10 @@ do_file_recv(struct vsf_session* p_sess, int file_fd, int is_ascii) + else if (retval == 0 && !prev_cr) + { + /* Transfer done, nifty */ ++ if (tunable_delete_failed_uploads && ++ !is_ascii && p_sess->upload_size > 0 && ++ p_sess->upload_size != ret_struct.transferred) ++ ret_struct.retval = -2; + return ret_struct; + } + num_to_write = (unsigned int) retval; +diff --git a/main.c b/main.c +index f1e2f69..f039081 100644 +--- a/main.c ++++ b/main.c +@@ -44,7 +44,7 @@ main(int argc, const char* argv[]) + /* Login */ + 1, 0, INIT_MYSTR, INIT_MYSTR, + /* Protocol state */ +- 0, 1, INIT_MYSTR, 0, 0, ++ 0, 0, 1, INIT_MYSTR, 0, 0, + /* HTTP hacks */ + 0, INIT_MYSTR, + /* Session state */ +diff --git a/postlogin.c b/postlogin.c +index 154c16a..8363c9c 100644 +--- a/postlogin.c ++++ b/postlogin.c +@@ -358,7 +358,14 @@ process_post_login(struct vsf_session* p_sess) + } + else if (str_equal_text(&p_sess->ftp_cmd_str, "ALLO")) + { +- vsf_cmdio_write(p_sess, FTP_ALLOOK, "ALLO command ignored."); ++ if (tunable_delete_failed_uploads && !p_sess->is_ascii) ++ { ++ p_sess->upload_size = (filesize_t)vsf_sysutil_atoi(str_getbuf(&p_sess->ftp_cmd_str)+5); ++ vsf_cmdio_write(p_sess, FTP_ALLOOK, "The filesize has been allocated."); ++ } ++ else { ++ vsf_cmdio_write(p_sess, FTP_ALLOIGN, "ALLO command ignored."); ++ } + } + else if (str_equal_text(&p_sess->ftp_cmd_str, "REIN")) + { +diff --git a/session.h b/session.h +index 3e8fdd5..4eccf46 100644 +--- a/session.h ++++ b/session.h +@@ -41,6 +41,7 @@ struct vsf_session + struct mystr anon_pass_str; + + /* Details of the FTP protocol state */ ++ filesize_t upload_size; + filesize_t restart_pos; + int is_ascii; + struct mystr rnfr_filename_str; +diff --git a/sysutil.c b/sysutil.c +index 61d9f28..3c4a337 100644 +--- a/sysutil.c ++++ b/sysutil.c +@@ -681,6 +681,16 @@ vsf_sysutil_activate_keepalive(int fd) + } + + void ++vsf_sysutil_rcvtimeo(int fd) ++{ ++ struct timeval tv; ++ ++ tv.tv_sec = tunable_data_connection_timeout; ++ tv.tv_usec = 0; ++ setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(struct timeval)); ++} ++ ++void + vsf_sysutil_activate_reuseaddr(int fd) + { + int reuseaddr = 1; +diff --git a/sysutil.h b/sysutil.h +index d341b5d..be727f5 100644 +--- a/sysutil.h ++++ b/sysutil.h +@@ -267,6 +267,7 @@ void vsf_sysutil_dns_resolve(struct vsf_sysutil_sockaddr** p_sockptr, + const char* p_name); + /* Option setting on sockets */ + void vsf_sysutil_activate_keepalive(int fd); ++void vsf_sysutil_rcvtimeo(int fd); + void vsf_sysutil_set_iptos_throughput(int fd); + void vsf_sysutil_activate_reuseaddr(int fd); + void vsf_sysutil_set_nodelay(int fd); +-- +2.5.5 + diff --git a/vsftpd-3.0.2-mrate.patch b/vsftpd-3.0.2-mrate.patch new file mode 100644 index 0000000..a3622a2 --- /dev/null +++ b/vsftpd-3.0.2-mrate.patch @@ -0,0 +1,89 @@ +From 4700495a07fe9423c8411a018cde4de413407f42 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Fri, 8 Apr 2016 15:03:16 +0200 +Subject: [PATCH 2/7] vsftpd-3.0.2-mrate + +--- + ftpdataio.c | 14 +++++++------- + main.c | 2 +- + session.h | 3 ++- + 3 files changed, 10 insertions(+), 9 deletions(-) + +diff --git a/ftpdataio.c b/ftpdataio.c +index 3e4e9c9..00f9021 100644 +--- a/ftpdataio.c ++++ b/ftpdataio.c +@@ -249,7 +249,7 @@ handle_io(int retval, int fd, void* p_private) + { + long curr_sec; + long curr_usec; +- unsigned int bw_rate; ++ unsigned long bw_rate; + double elapsed; + double pause_time; + double rate_ratio; +@@ -276,19 +276,16 @@ handle_io(int retval, int fd, void* p_private) + { + elapsed = (double) 0.01; + } +- bw_rate = (unsigned int) ((double) retval / elapsed); +- if (bw_rate <= p_sess->bw_rate_max) ++ p_sess->bw_retval += retval; ++ bw_rate = (unsigned long) ((double) p_sess->bw_retval / elapsed); ++ if (bw_rate <= p_sess->bw_rate_max || p_sess->bw_retval < (unsigned long)(10*retval)) + { +- p_sess->bw_send_start_sec = curr_sec; +- p_sess->bw_send_start_usec = curr_usec; + return; + } + /* Tut! Rate exceeded, calculate a pause to bring things back into line */ + rate_ratio = (double) bw_rate / (double) p_sess->bw_rate_max; + pause_time = (rate_ratio - (double) 1) * elapsed; + vsf_sysutil_sleep(pause_time); +- p_sess->bw_send_start_sec = vsf_sysutil_get_time_sec(); +- p_sess->bw_send_start_usec = vsf_sysutil_get_time_usec(); + } + + int +@@ -441,6 +438,9 @@ struct vsf_transfer_ret + vsf_ftpdataio_transfer_file(struct vsf_session* p_sess, int remote_fd, + int file_fd, int is_recv, int is_ascii) + { ++ p_sess->bw_send_start_sec = vsf_sysutil_get_time_sec(); ++ p_sess->bw_send_start_usec = vsf_sysutil_get_time_usec(); ++ p_sess->bw_retval = 0; + if (!is_recv) + { + if (is_ascii || p_sess->data_use_ssl) +diff --git a/main.c b/main.c +index eaba265..f1e2f69 100644 +--- a/main.c ++++ b/main.c +@@ -40,7 +40,7 @@ main(int argc, const char* argv[]) + /* Control connection */ + 0, 0, 0, 0, 0, + /* Data connection */ +- -1, 0, -1, 0, 0, 0, 0, ++ -1, 0, -1, 0, 0, 0, 0, 0, + /* Login */ + 1, 0, INIT_MYSTR, INIT_MYSTR, + /* Protocol state */ +diff --git a/session.h b/session.h +index 956bfb7..3e8fdd5 100644 +--- a/session.h ++++ b/session.h +@@ -29,9 +29,10 @@ struct vsf_session + struct vsf_sysutil_sockaddr* p_port_sockaddr; + int data_fd; + int data_progress; +- unsigned int bw_rate_max; ++ unsigned long bw_rate_max; + long bw_send_start_sec; + long bw_send_start_usec; ++ unsigned long bw_retval; + + /* Details of the login */ + int is_anonymous; +-- +2.5.5 + diff --git a/vsftpd-3.0.2-seccomp.patch b/vsftpd-3.0.2-seccomp.patch new file mode 100644 index 0000000..ebf2a64 --- /dev/null +++ b/vsftpd-3.0.2-seccomp.patch @@ -0,0 +1,25 @@ +From dd86a1c28f11fa67b1263d5dc79fa9953629d30d Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Fri, 8 Apr 2016 15:03:16 +0200 +Subject: [PATCH 1/7] vsftpd-3.0.2-seccomp + +--- + tunables.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tunables.c b/tunables.c +index 93f85b1..b024be4 100644 +--- a/tunables.c ++++ b/tunables.c +@@ -232,7 +232,7 @@ tunables_load_defaults() + tunable_isolate_network = 1; + tunable_ftp_enable = 1; + tunable_http_enable = 0; +- tunable_seccomp_sandbox = 1; ++ tunable_seccomp_sandbox = 0; + tunable_allow_writeable_chroot = 0; + + tunable_accept_timeout = 60; +-- +2.5.5 + diff --git a/vsftpd-3.0.2-wnohang.patch b/vsftpd-3.0.2-wnohang.patch new file mode 100644 index 0000000..a4dd4d1 --- /dev/null +++ b/vsftpd-3.0.2-wnohang.patch @@ -0,0 +1,79 @@ +From 1a14b13a1684f71ecfd5ed94b1aae7541b1a77a8 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Fri, 8 Apr 2016 15:03:16 +0200 +Subject: [PATCH 3/7] vsftpd-3.0.2-wnohang + +--- + sysutil.c | 4 ++-- + sysutil.h | 2 +- + twoprocess.c | 13 +++++++++++-- + 3 files changed, 14 insertions(+), 5 deletions(-) + +diff --git a/sysutil.c b/sysutil.c +index 6dfe350..61d9f28 100644 +--- a/sysutil.c ++++ b/sysutil.c +@@ -608,13 +608,13 @@ vsf_sysutil_exit(int exit_code) + } + + struct vsf_sysutil_wait_retval +-vsf_sysutil_wait(void) ++vsf_sysutil_wait(int hang) + { + struct vsf_sysutil_wait_retval retval; + vsf_sysutil_memclr(&retval, sizeof(retval)); + while (1) + { +- int sys_ret = wait(&retval.exit_status); ++ int sys_ret = waitpid(-1, &retval.exit_status, hang ? 0 : WNOHANG); + if (sys_ret < 0 && errno == EINTR) + { + vsf_sysutil_check_pending_actions(kVSFSysUtilUnknown, 0, 0); +diff --git a/sysutil.h b/sysutil.h +index 26698cd..d341b5d 100644 +--- a/sysutil.h ++++ b/sysutil.h +@@ -178,7 +178,7 @@ struct vsf_sysutil_wait_retval + int PRIVATE_HANDS_OFF_syscall_retval; + int PRIVATE_HANDS_OFF_exit_status; + }; +-struct vsf_sysutil_wait_retval vsf_sysutil_wait(void); ++struct vsf_sysutil_wait_retval vsf_sysutil_wait(int hang); + int vsf_sysutil_wait_reap_one(void); + int vsf_sysutil_wait_get_retval( + const struct vsf_sysutil_wait_retval* p_waitret); +diff --git a/twoprocess.c b/twoprocess.c +index 33d84dc..b1891e7 100644 +--- a/twoprocess.c ++++ b/twoprocess.c +@@ -47,8 +47,17 @@ static void + handle_sigchld(void* duff) + { + +- struct vsf_sysutil_wait_retval wait_retval = vsf_sysutil_wait(); ++ struct vsf_sysutil_wait_retval wait_retval = vsf_sysutil_wait(0); + (void) duff; ++ if (!vsf_sysutil_wait_get_exitcode(&wait_retval) && ++ !vsf_sysutil_wait_get_retval(&wait_retval)) ++ /* There was nobody to wait for, possibly caused by underlying library ++ * which created a new process through fork()/vfork() and already picked ++ * it up, e.g. by pam_exec.so or integrity check routines for libraries ++ * when FIPS mode is on (nss freebl), which can lead to calling prelink ++ * if the prelink package is installed. ++ */ ++ return; + /* Child died, so we'll do the same! Report it as an error unless the child + * exited normally with zero exit code + */ +@@ -390,7 +399,7 @@ common_do_login(struct vsf_session* p_sess, const struct mystr* p_user_str, + priv_sock_send_result(p_sess->parent_fd, PRIV_SOCK_RESULT_OK); + if (!p_sess->control_use_ssl) + { +- (void) vsf_sysutil_wait(); ++ (void) vsf_sysutil_wait(1); + } + else + { +-- +2.5.5 + diff --git a/vsftpd.spec b/vsftpd.spec index d4fa0ce..a8e95be 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -3,7 +3,7 @@ Name: vsftpd Version: 3.0.3 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -65,6 +65,13 @@ Patch28: vsftpd-3.0.2-dh.patch Patch29: vsftpd-3.0.2-ecdh.patch Patch30: vsftpd-3.0.2-docupd.patch Patch31: vsftpd-3.0.2-rc450.patch +Patch32: vsftpd-3.0.2-seccomp.patch +Patch33: vsftpd-3.0.2-mrate.patch +Patch34: vsftpd-3.0.2-wnohang.patch +Patch35: vsftpd-3.0.2-del-upl.patch +Patch36: vsftpd-2.2.2-man-pages.patch +Patch37: vsftpd-2.2.2-blank-chars-overflow.patch +Patch38: vsftpd-2.2.2-syslog.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -101,6 +108,15 @@ cp %{SOURCE1} . %patch29 -p1 -b .ecdh %patch30 -p1 -b .docupd %patch31 -p1 -b .rc450 +%patch32 -p1 -b .seccomp +%patch33 -p1 -b .mrate +%patch34 -p1 -b .wnohang +%patch35 -p1 -b .del-upl +%patch36 -p1 -b .man_pages +%patch37 -p1 -b .blank-char-overflow +%patch38 -p1 -b .syslog + + %build %ifarch s390x sparcv9 sparc64 @@ -167,6 +183,18 @@ rm -rf $RPM_BUILD_ROOT %{_var}/ftp %changelog +* Fri Apr 08 2016 Martin Sehnoutka - 3.0.3-2 +- Applied patches: +- Readd seccomp disabled by default +- vsftpd local_max_rate option doesn't work as expected +- The vsftpd hangs in a SIGCHLD handler when the pam_exec.so is used in pam.d +- configuration +- The vsftpd doesn't remove failed upload when the delete_failed_uploads is +- enabled and the network cable is unplagged +- man pages bug +- vsftpd segfaults in vsf_sysutil_strndup +- Fix logging when syslog is used + * Thu Mar 17 2016 Martin Sehnoutka - 3.0.3-1 - Update to 3.0.3 version From e000aa4ebebacb05a03c64dcb02bbcd1d79da13d Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Thu, 17 Nov 2016 14:35:34 +0100 Subject: [PATCH 07/85] Review patches and spec file. --- ...-provided-script-to-locate-libraries.patch | 10 +- ....patch => 0002-Enable-build-with-SSL.patch | 8 +- ...> 0003-Enable-build-with-TCP-Wrapper.patch | 8 +- ...-dir-for-config-files-instead-of-etc.patch | 8 +- ...en-calling-PAM-authentication-module.patch | 13 +- ...err-before-listening-for-incoming-co.patch | 35 ++++ ...> 0007-Make-filename-filters-smarter.patch | 51 ++++-- ...008-Write-denied-logins-into-the-log.patch | 10 +- ...itespaces-when-reading-configuration.patch | 8 +- ...us.patch => 0010-Improve-daemonizing.patch | 9 +- ...-Fix-listing-with-more-than-one-star.patch | 11 +- ...lace-syscall-__NR_clone-.-with-clone.patch | 9 +- ...3-Extend-man-pages-with-systemd-info.patch | 10 +- ...dd-support-for-square-brackets-in-ls.patch | 16 +- ...ch => 0015-Listen-on-IPv6-by-default.patch | 8 +- ...e-VSFTP_AS_LIMIT-from-200UL-to-400UL.patch | 27 +++ ...-an-issue-with-timestamps-during-DST.patch | 20 ++- ...he-default-log-file-in-configuration.patch | 43 +++++ ...troduce-reverse_lookup_enable-option.patch | 11 +- ...d-int-for-uid-and-gid-representation.patch | 12 +- ...-support-for-DHE-based-cipher-suites.patch | 8 +- ...upport-for-EDDHE-based-cipher-suites.patch | 8 +- ...n-for-isolate_-options.-Correct-defa.patch | 14 +- ... 0024-Introduce-new-return-value-450.patch | 12 +- ...> 0025-Improve-local_max_rate-option.patch | 9 +- ...6-Prevent-hanging-in-SIGCHLD-handler.patch | 16 +- ... 0027-Delete-files-when-upload-fails.patch | 22 +-- ...patch => 0028-Fix-man-page-rendering.patch | 10 +- ...9-Fix-segfault-in-config-file-parser.patch | 8 +- ...g-into-syslog-when-enabled-in-config.patch | 8 +- ...on-mark-wildcard-withing-a-file-name.patch | 12 +- ...errors-from-nfs-with-quota-to-client.patch | 31 ++-- ...ntroduce-TLSv1.1-and-TLSv1.2-options.patch | 153 +++++++++++++++++ ...omp-sandbox-because-it-is-too-strict.patch | 12 +- vsftpd-2.3.5-aslim.patch | 12 -- vsftpd-3.0.0-logrotate.patch | 26 --- vsftpd-3.0.0-xferlog.patch | 25 --- vsftpd-close-std-fds.patch | 26 --- vsftpd.spec | 159 +++++++----------- 39 files changed, 537 insertions(+), 361 deletions(-) rename vsftpd-2.1.0-libs.patch => 0001-Don-t-use-the-provided-script-to-locate-libraries.patch (64%) rename vsftpd-2.1.0-build_ssl.patch => 0002-Enable-build-with-SSL.patch (69%) rename vsftpd-2.1.0-tcp_wrappers.patch => 0003-Enable-build-with-TCP-Wrapper.patch (70%) rename vsftpd-2.1.0-configuration.patch => 0004-Use-etc-vsftpd-dir-for-config-files-instead-of-etc.patch (99%) rename vsftpd-2.1.0-pam_hostname.patch => 0005-Use-hostname-when-calling-PAM-authentication-module.patch (81%) create mode 100644 0006-Close-stdin-out-err-before-listening-for-incoming-co.patch rename vsftpd-2.1.0-filter.patch => 0007-Make-filename-filters-smarter.patch (67%) rename vsftpd-2.1.0-userlist_log.patch => 0008-Write-denied-logins-into-the-log.patch (94%) rename vsftpd-2.1.0-trim.patch => 0009-Trim-whitespaces-when-reading-configuration.patch (94%) rename vsftpd-2.1.1-daemonize_plus.patch => 0010-Improve-daemonizing.patch (96%) rename vsftpd-2.2.0-wildchar.patch => 0011-Fix-listing-with-more-than-one-star.patch (77%) rename vsftpd-2.2.2-clone.patch => 0012-Replace-syscall-__NR_clone-.-with-clone.patch (80%) rename vsftpd-2.3.4-sd.patch => 0013-Extend-man-pages-with-systemd-info.patch (92%) rename vsftpd-2.3.4-sqb.patch => 0014-Add-support-for-square-brackets-in-ls.patch (97%) rename vsftpd-2.3.4-listen_ipv6.patch => 0015-Listen-on-IPv6-by-default.patch (91%) create mode 100644 0016-Increase-VSFTP_AS_LIMIT-from-200UL-to-400UL.patch rename vsftpd-3.0.0-tz.patch => 0017-Fix-an-issue-with-timestamps-during-DST.patch (91%) create mode 100644 0018-Change-the-default-log-file-in-configuration.patch rename vsftpd-3.0.2-lookup.patch => 0019-Introduce-reverse_lookup_enable-option.patch (93%) rename vsftpd-3.0.2-uint-uidgid.patch => 0020-Use-unsigned-int-for-uid-and-gid-representation.patch (97%) rename vsftpd-3.0.2-dh.patch => 0021-Introduce-support-for-DHE-based-cipher-suites.patch (97%) rename vsftpd-3.0.2-ecdh.patch => 0022-Introduce-support-for-EDDHE-based-cipher-suites.patch (96%) rename vsftpd-3.0.2-docupd.patch => 0023-Add-documentation-for-isolate_-options.-Correct-defa.patch (85%) rename vsftpd-3.0.2-rc450.patch => 0024-Introduce-new-return-value-450.patch (87%) rename vsftpd-3.0.2-mrate.patch => 0025-Improve-local_max_rate-option.patch (92%) rename vsftpd-3.0.2-wnohang.patch => 0026-Prevent-hanging-in-SIGCHLD-handler.patch (86%) rename vsftpd-3.0.2-del-upl.patch => 0027-Delete-files-when-upload-fails.patch (87%) rename vsftpd-2.2.2-man-pages.patch => 0028-Fix-man-page-rendering.patch (76%) rename vsftpd-2.2.2-blank-chars-overflow.patch => 0029-Fix-segfault-in-config-file-parser.patch (79%) rename vsftpd-2.2.2-syslog.patch => 0030-Fix-logging-into-syslog-when-enabled-in-config.patch (72%) rename vsftpd-2.0.5-fix_qm.patch => 0031-Fix-question-mark-wildcard-withing-a-file-name.patch (68%) rename vsftpd-2.2.2-nfs-fail.patch => 0032-Propagate-errors-from-nfs-with-quota-to-client.patch (81%) create mode 100644 0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch rename vsftpd-3.0.2-seccomp.patch => 0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch (62%) delete mode 100644 vsftpd-2.3.5-aslim.patch delete mode 100644 vsftpd-3.0.0-logrotate.patch delete mode 100644 vsftpd-3.0.0-xferlog.patch delete mode 100644 vsftpd-close-std-fds.patch diff --git a/vsftpd-2.1.0-libs.patch b/0001-Don-t-use-the-provided-script-to-locate-libraries.patch similarity index 64% rename from vsftpd-2.1.0-libs.patch rename to 0001-Don-t-use-the-provided-script-to-locate-libraries.patch index 1bfa426..fdeb69e 100644 --- a/vsftpd-2.1.0-libs.patch +++ b/0001-Don-t-use-the-provided-script-to-locate-libraries.patch @@ -1,8 +1,10 @@ -From e007fc137c6bee2d359af9cfc88cd01fb672cc1e Mon Sep 17 00:00:00 2001 +From 7bd573d76e9c1996ad5a96f0289731a253a24301 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 01/26] Applied vsftpd-2.1.0-libs.patch +Date: Tue, 6 Sep 2016 13:35:51 +0200 +Subject: [PATCH 01/33] Don't use the provided script to locate libraries. +This branch is Fedora (RHEL) specific, so we know what +libraries we have and want to use. --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) @@ -21,5 +23,5 @@ index c63ed1b..98118dc 100644 LDFLAGS = -fPIE -pie -Wl,-z,relro -Wl,-z,now -- -2.5.0 +2.7.4 diff --git a/vsftpd-2.1.0-build_ssl.patch b/0002-Enable-build-with-SSL.patch similarity index 69% rename from vsftpd-2.1.0-build_ssl.patch rename to 0002-Enable-build-with-SSL.patch index ce183b5..41180fa 100644 --- a/vsftpd-2.1.0-build_ssl.patch +++ b/0002-Enable-build-with-SSL.patch @@ -1,7 +1,7 @@ -From 2ee718251d602abf6f4c5bb2fc6d829e32d3f3e1 Mon Sep 17 00:00:00 2001 +From 6fe24bc56694808ac7f8038855883a971967f0fb Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 02/26] Applied vsftpd-2.1.0-build_ssl.patch +Date: Tue, 6 Sep 2016 13:40:53 +0200 +Subject: [PATCH 02/33] Enable build with SSL. --- builddefs.h | 2 +- @@ -21,5 +21,5 @@ index e908352..63cc62b 100644 #endif /* VSF_BUILDDEFS_H */ -- -2.5.0 +2.7.4 diff --git a/vsftpd-2.1.0-tcp_wrappers.patch b/0003-Enable-build-with-TCP-Wrapper.patch similarity index 70% rename from vsftpd-2.1.0-tcp_wrappers.patch rename to 0003-Enable-build-with-TCP-Wrapper.patch index 4fe87d4..baa8881 100644 --- a/vsftpd-2.1.0-tcp_wrappers.patch +++ b/0003-Enable-build-with-TCP-Wrapper.patch @@ -1,7 +1,7 @@ -From 3e01cb1388681f8a956c954570db4fe8ac61d1bc Mon Sep 17 00:00:00 2001 +From 1e0e2b13836d40f5a3f4cb20f2b3ea8204115b51 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 03/26] Applied vsftpd-2.1.0-tcp_wrappers.patch +Date: Tue, 6 Sep 2016 13:42:09 +0200 +Subject: [PATCH 03/33] Enable build with TCP Wrapper --- builddefs.h | 2 +- @@ -21,5 +21,5 @@ index 63cc62b..83de674 100644 #define VSF_BUILD_SSL -- -2.5.0 +2.7.4 diff --git a/vsftpd-2.1.0-configuration.patch b/0004-Use-etc-vsftpd-dir-for-config-files-instead-of-etc.patch similarity index 99% rename from vsftpd-2.1.0-configuration.patch rename to 0004-Use-etc-vsftpd-dir-for-config-files-instead-of-etc.patch index 5675351..4380365 100644 --- a/vsftpd-2.1.0-configuration.patch +++ b/0004-Use-etc-vsftpd-dir-for-config-files-instead-of-etc.patch @@ -1,7 +1,7 @@ -From 4c4dcfaa65c86da78d2cf49f0f4a5c8d63a78d3a Mon Sep 17 00:00:00 2001 +From fff93602a4b252be8d674e27083dde68a7acf038 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 04/26] Applied vsftpd-2.1.0-configuration.patch +Date: Tue, 6 Sep 2016 13:46:03 +0200 +Subject: [PATCH 04/33] Use /etc/vsftpd/ dir for config files instead of /etc. --- EXAMPLE/INTERNET_SITE/README | 6 +++--- @@ -479,5 +479,5 @@ index fcc6022..5e46a2f 100644 .B vsftpd_log_file This option is the name of the file to which we write the vsftpd style -- -2.5.0 +2.7.4 diff --git a/vsftpd-2.1.0-pam_hostname.patch b/0005-Use-hostname-when-calling-PAM-authentication-module.patch similarity index 81% rename from vsftpd-2.1.0-pam_hostname.patch rename to 0005-Use-hostname-when-calling-PAM-authentication-module.patch index f523d30..7d8d7de 100644 --- a/vsftpd-2.1.0-pam_hostname.patch +++ b/0005-Use-hostname-when-calling-PAM-authentication-module.patch @@ -1,8 +1,13 @@ -From fb9754bb10105b6c23d355fd448f55ab94c704b8 Mon Sep 17 00:00:00 2001 +From 08c49b78942d40c99fae8c40e7668aa73e1bd695 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 05/26] Applied vsftpd-2.1.0-pam_hostname.patch +Date: Tue, 6 Sep 2016 15:01:23 +0200 +Subject: [PATCH 05/33] Use hostname when calling PAM authentication module. +Currently the vsftpd passes all logins as IP addresses +into PAM. This prevents administrators from setting up +ACLs based on domain (e.g. .example.com). This patch +enables reverse host lookup and use hostname instead +of address if there is one. --- sysdeputil.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) @@ -66,5 +71,5 @@ index 06f01f4..b2782da 100644 if (retval != 1) { -- -2.5.0 +2.7.4 diff --git a/0006-Close-stdin-out-err-before-listening-for-incoming-co.patch b/0006-Close-stdin-out-err-before-listening-for-incoming-co.patch new file mode 100644 index 0000000..22af9be --- /dev/null +++ b/0006-Close-stdin-out-err-before-listening-for-incoming-co.patch @@ -0,0 +1,35 @@ +From 423cbf4ddca6578b87e0f8a3fc425688cd1ca89c Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Tue, 6 Sep 2016 16:18:39 +0200 +Subject: [PATCH 06/33] Close stdin/out/err before listening for incoming + connections. + +When running vsftpd as a stand-alone FTP daemon, vsftpd +did not close stdin/out/err. This caused the start script +to hang waiting for stdin to close. Before this patch was +applied, one had to hit ctrl+c in order to get shell prompt +back. Correct behavior: +$ /etc/init.d/vsftpd start | tee +Starting vsftpd for vsftpd: [ OK ] +$ +--- + standalone.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/standalone.c b/standalone.c +index ba01ab1..e0f2d5b 100644 +--- a/standalone.c ++++ b/standalone.c +@@ -130,6 +130,9 @@ vsf_standalone_main(void) + die("could not bind listening IPv6 socket"); + } + } ++ vsf_sysutil_close(0); ++ vsf_sysutil_close(1); ++ vsf_sysutil_close(2); + retval = vsf_sysutil_listen(listen_sock, VSFTP_LISTEN_BACKLOG); + if (vsf_sysutil_retval_is_error(retval)) + { +-- +2.7.4 + diff --git a/vsftpd-2.1.0-filter.patch b/0007-Make-filename-filters-smarter.patch similarity index 67% rename from vsftpd-2.1.0-filter.patch rename to 0007-Make-filename-filters-smarter.patch index 5632b62..21c7b78 100644 --- a/vsftpd-2.1.0-filter.patch +++ b/0007-Make-filename-filters-smarter.patch @@ -1,36 +1,56 @@ -From d8f1f584c96d3449265a54fa62c5944b1b7c915c Mon Sep 17 00:00:00 2001 +From 548375b2122f83771dc0b8571f16e5b5adabba98 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 07/26] Applied vsftpd-2.1.0-filter.patch +Date: Wed, 7 Sep 2016 10:04:31 +0200 +Subject: [PATCH 07/33] Make filename filters smarter. +In the original version vsftpd was not able to prevent +users from downloading for instance /etc/passwd by +defining filters such as deny_file=/etc/passwd or /etc* +or passwd. Example of erroneous behavior: +230 Login successful. +Remote system type is UNIX. +Using binary mode to transfer files. +ftp> cd / +250 Directory successfully changed. +ftp> cd /etc +550 Permission denied. +ftp> cd etc +250 Directory successfully changed. +ftp> get passwd +local: passwd remote: passwd +227 Entering Passive Mode (127,0,0,1,99,251) +150 Opening BINARY mode data connection for passwd (2813 bytes). +226 File send OK. +2813 bytes received in 0.00016 seconds (1.7e+04 Kbytes/s) +ftp> quit +221 Goodbye. --- - ls.c | 26 ++++++++++++++++++++++++-- + ls.c | 24 +++++++++++++++++++++++- str.c | 11 +++++++++++ str.h | 1 + - 3 files changed, 36 insertions(+), 2 deletions(-) + 3 files changed, 35 insertions(+), 1 deletion(-) diff --git a/ls.c b/ls.c -index 7e1376d..e9302dd 100644 +index 7e1376d..f489478 100644 --- a/ls.c +++ b/ls.c -@@ -246,9 +246,31 @@ vsf_filename_passes_filter(const struct mystr* p_filename_str, +@@ -246,8 +246,30 @@ vsf_filename_passes_filter(const struct mystr* p_filename_str, int ret = 0; char last_token = 0; int must_match_at_current_pos = 1; -+ -+ ++ ++ str_copy(&filter_remain_str, p_filter_str); - str_copy(&name_remain_str, p_filename_str); -- -+ ++ + if (!str_isempty (&filter_remain_str) && !str_isempty(p_filename_str)) { + if (str_get_char_at(p_filter_str, 0) == '/') { + if (str_get_char_at(p_filename_str, 0) != '/') { + str_getcwd (&name_remain_str); -+ ++ + if (str_getlen(&name_remain_str) > 1) /* cwd != root dir */ + str_append_char (&name_remain_str, '/'); -+ ++ + str_append_str (&name_remain_str, p_filename_str); + } + else @@ -43,10 +63,9 @@ index 7e1376d..e9302dd 100644 + } + } else + str_copy(&name_remain_str, p_filename_str); -+ + while (!str_isempty(&filter_remain_str) && *iters < VSFTP_MATCHITERS_MAX) { - static struct mystr s_match_needed_str; diff --git a/str.c b/str.c index 6596204..ba4b92a 100644 --- a/str.c @@ -79,5 +98,5 @@ index ab0a9a4..3a21b50 100644 /* PURPOSE: Extract a line of text (delimited by \n or EOF) from a string * buffer, starting at character position 'p_pos'. The extracted line will -- -2.5.0 +2.7.4 diff --git a/vsftpd-2.1.0-userlist_log.patch b/0008-Write-denied-logins-into-the-log.patch similarity index 94% rename from vsftpd-2.1.0-userlist_log.patch rename to 0008-Write-denied-logins-into-the-log.patch index b855ca7..7a927ef 100644 --- a/vsftpd-2.1.0-userlist_log.patch +++ b/0008-Write-denied-logins-into-the-log.patch @@ -1,8 +1,10 @@ -From 2f563a92cf4c12d8a37e413ffdc14a7eb4637c03 Mon Sep 17 00:00:00 2001 +From 75c172596aa9e7a9f32062579f7f98783341c924 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 08/26] Applied vsftpd-2.1.0-userlist_log.patch +Date: Wed, 7 Sep 2016 10:17:17 +0200 +Subject: [PATCH 08/33] Write denied logins into the log. +This patch adds a new option 'userlist_log'. If enabled, +every login denial based on the user list will be logged. --- logging.c | 7 +++++++ logging.h | 11 +++++++++++ @@ -141,5 +143,5 @@ index 5e46a2f..9d767b1 100644 If enabled, virtual users will use the same privileges as local users. By default, virtual users will use the same privileges as anonymous users, which -- -2.5.0 +2.7.4 diff --git a/vsftpd-2.1.0-trim.patch b/0009-Trim-whitespaces-when-reading-configuration.patch similarity index 94% rename from vsftpd-2.1.0-trim.patch rename to 0009-Trim-whitespaces-when-reading-configuration.patch index 8de7c1b..6aa8c70 100644 --- a/vsftpd-2.1.0-trim.patch +++ b/0009-Trim-whitespaces-when-reading-configuration.patch @@ -1,7 +1,7 @@ -From aea6f1b484d06c56f636ae5ed7df232d6a94f57a Mon Sep 17 00:00:00 2001 +From d024bc27cee40f21e6a3841266062408c44e56fb Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 09/26] Applied vsftpd-2.1.0-trim.patch +Date: Wed, 7 Sep 2016 10:35:54 +0200 +Subject: [PATCH 09/33] Trim whitespaces when reading configuration. --- parseconf.c | 2 +- @@ -95,5 +95,5 @@ index c34778c..c2ddd15 100644 void vsf_sysutil_memcpy(void* p_dest, const void* p_src, const unsigned int size); -- -2.5.0 +2.7.4 diff --git a/vsftpd-2.1.1-daemonize_plus.patch b/0010-Improve-daemonizing.patch similarity index 96% rename from vsftpd-2.1.1-daemonize_plus.patch rename to 0010-Improve-daemonizing.patch index d9d7e04..366bee6 100644 --- a/vsftpd-2.1.1-daemonize_plus.patch +++ b/0010-Improve-daemonizing.patch @@ -1,8 +1,9 @@ -From 662531f296a0b7341e4e6817e084585a7e7a1d87 Mon Sep 17 00:00:00 2001 +From 569e7078244470ac0fcc2af3947c2735338555ec Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 10/26] Applied vsftpd-2.1.1-daemonize_plus.patch +Date: Wed, 7 Sep 2016 11:29:29 +0200 +Subject: [PATCH 10/33] Improve daemonizing +Init script gets correct return code if binding fails. --- standalone.c | 38 +++++++++++++++++++++++++++++++++++++- sysutil.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ @@ -204,5 +205,5 @@ index c2ddd15..bfc92cb 100644 /* Various string functions */ unsigned int vsf_sysutil_strlen(const char* p_text); -- -2.5.0 +2.7.4 diff --git a/vsftpd-2.2.0-wildchar.patch b/0011-Fix-listing-with-more-than-one-star.patch similarity index 77% rename from vsftpd-2.2.0-wildchar.patch rename to 0011-Fix-listing-with-more-than-one-star.patch index 88c934b..bc56d65 100644 --- a/vsftpd-2.2.0-wildchar.patch +++ b/0011-Fix-listing-with-more-than-one-star.patch @@ -1,14 +1,15 @@ -From 46b1cacac22d4c5f0b7695579860f7ecc28d3efb Mon Sep 17 00:00:00 2001 +From 32e6642640635d7305969f808b5badb706a11bff Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 11/26] Applied vsftpd-2.2.0-wildchar.patch +Date: Wed, 7 Sep 2016 11:36:17 +0200 +Subject: [PATCH 11/33] Fix listing with more than one star '*'. +This is a regression introduced by some previous patch. --- ls.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/ls.c b/ls.c -index e9302dd..92be544 100644 +index f489478..616b2d9 100644 --- a/ls.c +++ b/ls.c @@ -311,6 +311,20 @@ vsf_filename_passes_filter(const struct mystr* p_filename_str, @@ -33,5 +34,5 @@ index e9302dd..92be544 100644 str_mid_to_end(&name_remain_str, &temp_str, indexx + str_getlen(&s_match_needed_str)); -- -2.5.0 +2.7.4 diff --git a/vsftpd-2.2.2-clone.patch b/0012-Replace-syscall-__NR_clone-.-with-clone.patch similarity index 80% rename from vsftpd-2.2.2-clone.patch rename to 0012-Replace-syscall-__NR_clone-.-with-clone.patch index 82b8db7..de7aba4 100644 --- a/vsftpd-2.2.2-clone.patch +++ b/0012-Replace-syscall-__NR_clone-.-with-clone.patch @@ -1,8 +1,9 @@ -From 1220fb187aa6b114ae4877fd74a42979d580d8ef Mon Sep 17 00:00:00 2001 +From 0c3a1123c391995ab46cfde603fa025ff180a819 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 12/26] Applied vsftpd-2.2.2-clone.patch +Date: Wed, 7 Sep 2016 11:43:54 +0200 +Subject: [PATCH 12/33] Replace syscall(__NR_clone ..) with clone () +in order to fix incorrect order of params on s390 arch --- sysdeputil.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) @@ -30,5 +31,5 @@ index b2782da..3bbabaa 100644 { if (ret == 0) -- -2.5.0 +2.7.4 diff --git a/vsftpd-2.3.4-sd.patch b/0013-Extend-man-pages-with-systemd-info.patch similarity index 92% rename from vsftpd-2.3.4-sd.patch rename to 0013-Extend-man-pages-with-systemd-info.patch index bf6ac30..cde58f4 100644 --- a/vsftpd-2.3.4-sd.patch +++ b/0013-Extend-man-pages-with-systemd-info.patch @@ -1,8 +1,10 @@ -From 4b7a6eecf79ee63c21fa27e5f5c22f248824991c Mon Sep 17 00:00:00 2001 +From 813a4bc45d45f4af94c699893cb2d2ba998d5d31 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 13/26] Applied vsftpd-2.3.4-sd.patch +Date: Wed, 7 Sep 2016 11:53:07 +0200 +Subject: [PATCH 13/33] Extend man pages with systemd info. +Man pages now reflect how is vsftpd used as +systemd service. --- vsftpd.8 | 24 ++++++++++++++++++++++++ vsftpd.conf.5 | 18 +++++++++++++++++- @@ -80,5 +82,5 @@ index 9d767b1..0744f85 100644 The format of vsftpd.conf is very simple. Each line is either a comment or a directive. Comment lines start with a # and are ignored. A directive line -- -2.5.0 +2.7.4 diff --git a/vsftpd-2.3.4-sqb.patch b/0014-Add-support-for-square-brackets-in-ls.patch similarity index 97% rename from vsftpd-2.3.4-sqb.patch rename to 0014-Add-support-for-square-brackets-in-ls.patch index 163f247..b53b9ee 100644 --- a/vsftpd-2.3.4-sqb.patch +++ b/0014-Add-support-for-square-brackets-in-ls.patch @@ -1,25 +1,25 @@ -From 9db0f2142b7d456af0a147a53c7555996e90dfd6 Mon Sep 17 00:00:00 2001 +From ba0520650ae7f9f63e48ba9fb3a94297aebe2d0c Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 14/26] Applied vsftpd-2.3.4-sqb.patch +Date: Wed, 7 Sep 2016 14:22:21 +0200 +Subject: [PATCH 14/33] Add support for square brackets in ls. --- ls.c | 222 +++++++++++++++++++++++++++++++++++++++++++++---------------------- 1 file changed, 150 insertions(+), 72 deletions(-) diff --git a/ls.c b/ls.c -index 92be544..0ad7f54 100644 +index 616b2d9..b840136 100644 --- a/ls.c +++ b/ls.c @@ -246,7 +246,7 @@ vsf_filename_passes_filter(const struct mystr* p_filename_str, int ret = 0; char last_token = 0; int must_match_at_current_pos = 1; -- +- + int matched = 0; - + str_copy(&filter_remain_str, p_filter_str); - + @@ -276,7 +276,7 @@ vsf_filename_passes_filter(const struct mystr* p_filename_str, static struct mystr s_match_needed_str; /* Locate next special token */ @@ -273,5 +273,5 @@ index 92be544..0ad7f54 100644 /* Any incoming string left means no match unless we ended on the correct * type of wildcard. -- -2.5.0 +2.7.4 diff --git a/vsftpd-2.3.4-listen_ipv6.patch b/0015-Listen-on-IPv6-by-default.patch similarity index 91% rename from vsftpd-2.3.4-listen_ipv6.patch rename to 0015-Listen-on-IPv6-by-default.patch index ff28cc7..1e7a7f6 100644 --- a/vsftpd-2.3.4-listen_ipv6.patch +++ b/0015-Listen-on-IPv6-by-default.patch @@ -1,7 +1,7 @@ -From d723e42f895f8bbf6888512a772aa549b0a396d9 Mon Sep 17 00:00:00 2001 +From c5daaedf1efe23b397a5950f5503f5cbfac871c8 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 15/26] Applied vsftpd-2.3.4-listen_ipv6.patch +Date: Wed, 7 Sep 2016 14:25:28 +0200 +Subject: [PATCH 15/33] Listen on IPv6 by default. --- vsftpd.conf | 14 +++++++++----- @@ -51,5 +51,5 @@ index 0744f85..72bb86f 100644 Default: NO .TP -- -2.5.0 +2.7.4 diff --git a/0016-Increase-VSFTP_AS_LIMIT-from-200UL-to-400UL.patch b/0016-Increase-VSFTP_AS_LIMIT-from-200UL-to-400UL.patch new file mode 100644 index 0000000..31779c2 --- /dev/null +++ b/0016-Increase-VSFTP_AS_LIMIT-from-200UL-to-400UL.patch @@ -0,0 +1,27 @@ +From 048208a4db5d7164d89ba5d7545e281d0a3472d3 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Wed, 7 Sep 2016 15:35:59 +0200 +Subject: [PATCH 16/33] Increase VSFTP_AS_LIMIT from 200UL to 400UL. + +When using a PAM module to get users from LDAP or database the old +limit was insufficient. +--- + defs.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/defs.h b/defs.h +index ca11eac..bde3232 100644 +--- a/defs.h ++++ b/defs.h +@@ -19,7 +19,7 @@ + /* Must be at least the size of VSFTP_MAX_COMMAND_LINE, VSFTP_DIR_BUFSIZE and + VSFTP_DATA_BUFSIZE*2 */ + #define VSFTP_PRIVSOCK_MAXSTR VSFTP_DATA_BUFSIZE * 2 +-#define VSFTP_AS_LIMIT 200UL * 1024 * 1024 ++#define VSFTP_AS_LIMIT 400UL * 1024 * 1024 + + #endif /* VSF_DEFS_H */ + +-- +2.7.4 + diff --git a/vsftpd-3.0.0-tz.patch b/0017-Fix-an-issue-with-timestamps-during-DST.patch similarity index 91% rename from vsftpd-3.0.0-tz.patch rename to 0017-Fix-an-issue-with-timestamps-during-DST.patch index 827b6c7..ec3af9f 100644 --- a/vsftpd-3.0.0-tz.patch +++ b/0017-Fix-an-issue-with-timestamps-during-DST.patch @@ -1,14 +1,16 @@ -From cc7c4ed98d69230f24a4437db2ba6bee20f4e494 Mon Sep 17 00:00:00 2001 +From 5ec0b86e5c1ff060720b5a6cd1af9d93ec993650 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 16/26] Applied vsftpd-3.0.0-tz.patch +Date: Thu, 29 Sep 2016 11:14:03 +0200 +Subject: [PATCH 17/33] Fix an issue with timestamps during DST. +vsftpd now checks whether a file was uploaded during DST and +adjust the timestamp accordingly. --- sysutil.c | 104 ++++++++++++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 77 insertions(+), 27 deletions(-) diff --git a/sysutil.c b/sysutil.c -index c848356..497d670 100644 +index c848356..2abdd13 100644 --- a/sysutil.c +++ b/sysutil.c @@ -26,8 +26,10 @@ @@ -23,18 +25,18 @@ index c848356..497d670 100644 #include #include #include -@@ -55,6 +57,11 @@ - #include +@@ -56,6 +58,11 @@ #include #include -+ + +#ifndef __USE_GNU + #define __USE_GNU +#endif +#include - ++ /* Private variables to this file */ /* Current umask() */ + static unsigned int s_current_umask; @@ -2574,49 +2581,92 @@ error: die("reopening standard file descriptors to /dev/null failed"); } @@ -155,5 +157,5 @@ index c848356..497d670 100644 s_timezone *= -1; } -- -2.5.0 +2.7.4 diff --git a/0018-Change-the-default-log-file-in-configuration.patch b/0018-Change-the-default-log-file-in-configuration.patch new file mode 100644 index 0000000..990cf90 --- /dev/null +++ b/0018-Change-the-default-log-file-in-configuration.patch @@ -0,0 +1,43 @@ +From 61dac172bdb14c5a37713078828ea8c8f78c7eb6 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 29 Sep 2016 13:53:16 +0200 +Subject: [PATCH 18/33] Change the default log file in configuration. + +Previous "default" value was wrong. +tunables.c:262 => install_str_setting("/var/log/xferlog", +&tunable_xferlog_file); +--- + RedHat/vsftpd.log | 6 ++++++ + vsftpd.conf | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/RedHat/vsftpd.log b/RedHat/vsftpd.log +index d338de8..14731c1 100644 +--- a/RedHat/vsftpd.log ++++ b/RedHat/vsftpd.log +@@ -3,3 +3,9 @@ + nocompress + missingok + } ++ ++/var/log/xferlog { ++ # ftpd doesn't handle SIGHUP properly ++ nocompress ++ missingok ++} +diff --git a/vsftpd.conf b/vsftpd.conf +index ae6c6c9..39d1955 100644 +--- a/vsftpd.conf ++++ b/vsftpd.conf +@@ -50,7 +50,7 @@ connect_from_port_20=YES + # + # You may override where the log file goes if you like. The default is shown + # below. +-#xferlog_file=/var/log/vsftpd.log ++#xferlog_file=/var/log/xferlog + # + # If you want, you can have your log file in standard ftpd xferlog format. + # Note that the default log file location is /var/log/xferlog in this case. +-- +2.7.4 + diff --git a/vsftpd-3.0.2-lookup.patch b/0019-Introduce-reverse_lookup_enable-option.patch similarity index 93% rename from vsftpd-3.0.2-lookup.patch rename to 0019-Introduce-reverse_lookup_enable-option.patch index 553f6c3..dbf01c0 100644 --- a/vsftpd-3.0.2-lookup.patch +++ b/0019-Introduce-reverse_lookup_enable-option.patch @@ -1,8 +1,11 @@ -From 341ecdb33ac371d0efcfe428719fdf627ab253c2 Mon Sep 17 00:00:00 2001 +From 721de88621100f6ed33f1602415bc249f3ed3219 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 19/26] Applied vsftpd-3.0.2-lookup.patch +Date: Thu, 17 Nov 2016 10:22:32 +0100 +Subject: [PATCH 19/33] Introduce reverse_lookup_enable option. +vsftpd can transform IP address into hostname before +PAM authentication. You can disable it to prevent +performance issues. --- parseconf.c | 1 + sysdeputil.c | 14 +++++++++----- @@ -102,5 +105,5 @@ index 72bb86f..fb6324e 100644 Set to YES if you want vsftpd to run as the user which launched vsftpd. This is useful where root access is not available. MASSIVE WARNING! Do NOT enable this -- -2.5.0 +2.7.4 diff --git a/vsftpd-3.0.2-uint-uidgid.patch b/0020-Use-unsigned-int-for-uid-and-gid-representation.patch similarity index 97% rename from vsftpd-3.0.2-uint-uidgid.patch rename to 0020-Use-unsigned-int-for-uid-and-gid-representation.patch index ef87284..f5cd8f0 100644 --- a/vsftpd-3.0.2-uint-uidgid.patch +++ b/0020-Use-unsigned-int-for-uid-and-gid-representation.patch @@ -1,7 +1,7 @@ -From 24a1132cfe48d4c8bd799494ca802c918ac9132b Mon Sep 17 00:00:00 2001 +From dcaaf1e0dd3985e229a87de18b83f301d30b6ce9 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 20/26] Applied vsftpd-3.0.2-uint-uidgid.patch +Date: Thu, 17 Nov 2016 10:31:39 +0100 +Subject: [PATCH 20/33] Use unsigned int for uid and gid representation. --- ls.c | 4 ++-- @@ -12,7 +12,7 @@ Subject: [PATCH 20/26] Applied vsftpd-3.0.2-uint-uidgid.patch 5 files changed, 30 insertions(+), 47 deletions(-) diff --git a/ls.c b/ls.c -index 0ad7f54..f18791d 100644 +index b840136..3c0988c 100644 --- a/ls.c +++ b/ls.c @@ -503,7 +503,7 @@ build_dir_line(struct mystr* p_str, const struct mystr* p_filename_str, @@ -65,7 +65,7 @@ index 27a488f..956bfb7 100644 /* Things we need to cache before we chroot() */ struct mystr banned_email_str; diff --git a/sysutil.c b/sysutil.c -index 497d670..62d833d 100644 +index 2abdd13..9881a66 100644 --- a/sysutil.c +++ b/sysutil.c @@ -1454,14 +1454,14 @@ vsf_sysutil_statbuf_get_size(const struct vsf_sysutil_statbuf* p_statbuf) @@ -246,5 +246,5 @@ index bfc92cb..79b5514 100644 void vsf_sysutil_setegid(const struct vsf_sysutil_user* p_user); void vsf_sysutil_seteuid_numeric(int uid); -- -2.5.0 +2.7.4 diff --git a/vsftpd-3.0.2-dh.patch b/0021-Introduce-support-for-DHE-based-cipher-suites.patch similarity index 97% rename from vsftpd-3.0.2-dh.patch rename to 0021-Introduce-support-for-DHE-based-cipher-suites.patch index 397ad0d..ad7e5ba 100644 --- a/vsftpd-3.0.2-dh.patch +++ b/0021-Introduce-support-for-DHE-based-cipher-suites.patch @@ -1,7 +1,7 @@ -From 1c4cb55ed61ca962a051c7de7cca866af8e2b2fa Mon Sep 17 00:00:00 2001 +From 4eac1dbb5f70a652d31847eec7c28d245f36cdbb Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 21/26] Applied vsftpd-3.0.2-dh.patch +Date: Thu, 17 Nov 2016 10:48:28 +0100 +Subject: [PATCH 21/33] Introduce support for DHE based cipher suites. --- parseconf.c | 1 + @@ -222,5 +222,5 @@ index fb6324e..ff94eca 100644 This option can be used to provide an alternate file for usage by the .BR secure_email_list_enable -- -2.5.0 +2.7.4 diff --git a/vsftpd-3.0.2-ecdh.patch b/0022-Introduce-support-for-EDDHE-based-cipher-suites.patch similarity index 96% rename from vsftpd-3.0.2-ecdh.patch rename to 0022-Introduce-support-for-EDDHE-based-cipher-suites.patch index fa68fb3..b4eb574 100644 --- a/vsftpd-3.0.2-ecdh.patch +++ b/0022-Introduce-support-for-EDDHE-based-cipher-suites.patch @@ -1,7 +1,7 @@ -From 400bd7cd3fc7478a668862cfba4b79e84a5034e9 Mon Sep 17 00:00:00 2001 +From a6d641a0ccba1033587f6faa0e5e6749fa35f5c4 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 22/26] Applied vsftpd-3.0.2-ecdh.patch +Date: Thu, 17 Nov 2016 10:49:22 +0100 +Subject: [PATCH 22/33] Introduce support for EDDHE based cipher suites. --- parseconf.c | 1 + @@ -132,5 +132,5 @@ index ff94eca..e242873 100644 This option can be used to provide an alternate file for usage by the .BR secure_email_list_enable -- -2.5.0 +2.7.4 diff --git a/vsftpd-3.0.2-docupd.patch b/0023-Add-documentation-for-isolate_-options.-Correct-defa.patch similarity index 85% rename from vsftpd-3.0.2-docupd.patch rename to 0023-Add-documentation-for-isolate_-options.-Correct-defa.patch index 612552d..077d261 100644 --- a/vsftpd-3.0.2-docupd.patch +++ b/0023-Add-documentation-for-isolate_-options.-Correct-defa.patch @@ -1,14 +1,16 @@ -From f7fb4f5c91ab132982c78f1b34f7fe1493fd1372 Mon Sep 17 00:00:00 2001 +From 3d02ef3be17f37baf729e786a8f36af4982f70ad Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:46 +0100 -Subject: [PATCH 23/26] Applied vsftpd-3.0.2-docupd.patch +Date: Thu, 17 Nov 2016 10:52:16 +0100 +Subject: [PATCH 23/33] Add documentation for isolate_* options. Correct + default +values of max_clients, max_per_ip. --- vsftpd.conf.5 | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 -index e242873..7a8f130 100644 +index e242873..31d317f 100644 --- a/vsftpd.conf.5 +++ b/vsftpd.conf.5 @@ -652,6 +652,21 @@ change it with the setting @@ -20,7 +22,7 @@ index e242873..7a8f130 100644 +If enabled, use CLONE_NEWNET to isolate the untrusted processes so that +they can't do arbitrary connect() and instead have to ask the privileged +process for sockets ( -+.BR port_promiscuous ++.BR port_promiscuous +have to be disabled). + +Default: YES @@ -57,5 +59,5 @@ index e242873..7a8f130 100644 .B pasv_max_port The maximum port to allocate for PASV style data connections. Can be used to -- -2.5.0 +2.7.4 diff --git a/vsftpd-3.0.2-rc450.patch b/0024-Introduce-new-return-value-450.patch similarity index 87% rename from vsftpd-3.0.2-rc450.patch rename to 0024-Introduce-new-return-value-450.patch index 8435446..f8c7b8c 100644 --- a/vsftpd-3.0.2-rc450.patch +++ b/0024-Introduce-new-return-value-450.patch @@ -1,8 +1,10 @@ -From e8c21dbd87c5e46c246c2d08c1abc84bb649fc02 Mon Sep 17 00:00:00 2001 +From 1d5cdf309387ff92988ab17d746f015d833a4b92 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:46 +0100 -Subject: [PATCH 24/26] Applied vsftpd-3.0.2-rc450.patch +Date: Thu, 17 Nov 2016 11:08:52 +0100 +Subject: [PATCH 24/33] Introduce new return value 450: + *450 Requested file action not taken. + File unavailable (e.g., file busy). --- ftpcodes.h | 1 + postlogin.c | 9 ++++++++- @@ -43,7 +45,7 @@ index bf12970..29958c0 100644 } /* Lock file if required */ diff --git a/sysutil.c b/sysutil.c -index 62d833d..a924edf 100644 +index 9881a66..6d7cb3f 100644 --- a/sysutil.c +++ b/sysutil.c @@ -1632,6 +1632,9 @@ vsf_sysutil_get_error(void) @@ -71,5 +73,5 @@ index 79b5514..c145bdf 100644 enum EVSFSysUtilError vsf_sysutil_get_error(void); -- -2.5.0 +2.7.4 diff --git a/vsftpd-3.0.2-mrate.patch b/0025-Improve-local_max_rate-option.patch similarity index 92% rename from vsftpd-3.0.2-mrate.patch rename to 0025-Improve-local_max_rate-option.patch index a3622a2..3560d87 100644 --- a/vsftpd-3.0.2-mrate.patch +++ b/0025-Improve-local_max_rate-option.patch @@ -1,8 +1,9 @@ -From 4700495a07fe9423c8411a018cde4de413407f42 Mon Sep 17 00:00:00 2001 +From 386db86fe865fb552b1867af4bf4b78dbf9080cf Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Fri, 8 Apr 2016 15:03:16 +0200 -Subject: [PATCH 2/7] vsftpd-3.0.2-mrate +Date: Thu, 17 Nov 2016 12:44:26 +0100 +Subject: [PATCH 25/33] Improve local_max_rate option. +Now it should work as expected. --- ftpdataio.c | 14 +++++++------- main.c | 2 +- @@ -85,5 +86,5 @@ index 956bfb7..3e8fdd5 100644 /* Details of the login */ int is_anonymous; -- -2.5.5 +2.7.4 diff --git a/vsftpd-3.0.2-wnohang.patch b/0026-Prevent-hanging-in-SIGCHLD-handler.patch similarity index 86% rename from vsftpd-3.0.2-wnohang.patch rename to 0026-Prevent-hanging-in-SIGCHLD-handler.patch index a4dd4d1..9b186a8 100644 --- a/vsftpd-3.0.2-wnohang.patch +++ b/0026-Prevent-hanging-in-SIGCHLD-handler.patch @@ -1,8 +1,10 @@ -From 1a14b13a1684f71ecfd5ed94b1aae7541b1a77a8 Mon Sep 17 00:00:00 2001 +From 1e65a0a15f819b8bf1b551bd84f71d0da1f5a00c Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Fri, 8 Apr 2016 15:03:16 +0200 -Subject: [PATCH 3/7] vsftpd-3.0.2-wnohang +Date: Thu, 17 Nov 2016 13:02:27 +0100 +Subject: [PATCH 26/33] Prevent hanging in SIGCHLD handler. +vsftpd can now handle pam_exec.so in pam.d config without hanging +in SIGCHLD handler. --- sysutil.c | 4 ++-- sysutil.h | 2 +- @@ -10,7 +12,7 @@ Subject: [PATCH 3/7] vsftpd-3.0.2-wnohang 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/sysutil.c b/sysutil.c -index 6dfe350..61d9f28 100644 +index 6d7cb3f..099748f 100644 --- a/sysutil.c +++ b/sysutil.c @@ -608,13 +608,13 @@ vsf_sysutil_exit(int exit_code) @@ -30,10 +32,10 @@ index 6dfe350..61d9f28 100644 { vsf_sysutil_check_pending_actions(kVSFSysUtilUnknown, 0, 0); diff --git a/sysutil.h b/sysutil.h -index 26698cd..d341b5d 100644 +index c145bdf..13153cd 100644 --- a/sysutil.h +++ b/sysutil.h -@@ -178,7 +178,7 @@ struct vsf_sysutil_wait_retval +@@ -177,7 +177,7 @@ struct vsf_sysutil_wait_retval int PRIVATE_HANDS_OFF_syscall_retval; int PRIVATE_HANDS_OFF_exit_status; }; @@ -75,5 +77,5 @@ index 33d84dc..b1891e7 100644 else { -- -2.5.5 +2.7.4 diff --git a/vsftpd-3.0.2-del-upl.patch b/0027-Delete-files-when-upload-fails.patch similarity index 87% rename from vsftpd-3.0.2-del-upl.patch rename to 0027-Delete-files-when-upload-fails.patch index e1216a8..98222e1 100644 --- a/vsftpd-3.0.2-del-upl.patch +++ b/0027-Delete-files-when-upload-fails.patch @@ -1,8 +1,10 @@ -From 9be8a4188420bba2075eacf9aea8fa26b6ebdcc5 Mon Sep 17 00:00:00 2001 +From 6224ecc5ac209323baa775880c0602c3fde3590a Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Fri, 8 Apr 2016 15:03:16 +0200 -Subject: [PATCH 4/7] vsftpd-3.0.2-del-upl +Date: Thu, 17 Nov 2016 13:10:41 +0100 +Subject: [PATCH 27/33] Delete files when upload fails. +Previously the uploaded file wasn't removed when the network was +disconnected. Now it is successfully deleted. --- ftpcodes.h | 3 ++- ftpdataio.c | 8 ++++++++ @@ -14,7 +16,7 @@ Subject: [PATCH 4/7] vsftpd-3.0.2-del-upl 7 files changed, 31 insertions(+), 3 deletions(-) diff --git a/ftpcodes.h b/ftpcodes.h -index 3950f92..97801f3 100644 +index 81e25c5..54dfae7 100644 --- a/ftpcodes.h +++ b/ftpcodes.h @@ -15,7 +15,8 @@ @@ -67,10 +69,10 @@ index f1e2f69..f039081 100644 0, INIT_MYSTR, /* Session state */ diff --git a/postlogin.c b/postlogin.c -index 154c16a..8363c9c 100644 +index 29958c0..e473c34 100644 --- a/postlogin.c +++ b/postlogin.c -@@ -358,7 +358,14 @@ process_post_login(struct vsf_session* p_sess) +@@ -356,7 +356,14 @@ process_post_login(struct vsf_session* p_sess) } else if (str_equal_text(&p_sess->ftp_cmd_str, "ALLO")) { @@ -99,7 +101,7 @@ index 3e8fdd5..4eccf46 100644 int is_ascii; struct mystr rnfr_filename_str; diff --git a/sysutil.c b/sysutil.c -index 61d9f28..3c4a337 100644 +index 099748f..42bcdf8 100644 --- a/sysutil.c +++ b/sysutil.c @@ -681,6 +681,16 @@ vsf_sysutil_activate_keepalive(int fd) @@ -120,10 +122,10 @@ index 61d9f28..3c4a337 100644 { int reuseaddr = 1; diff --git a/sysutil.h b/sysutil.h -index d341b5d..be727f5 100644 +index 13153cd..2886bbc 100644 --- a/sysutil.h +++ b/sysutil.h -@@ -267,6 +267,7 @@ void vsf_sysutil_dns_resolve(struct vsf_sysutil_sockaddr** p_sockptr, +@@ -266,6 +266,7 @@ void vsf_sysutil_dns_resolve(struct vsf_sysutil_sockaddr** p_sockptr, const char* p_name); /* Option setting on sockets */ void vsf_sysutil_activate_keepalive(int fd); @@ -132,5 +134,5 @@ index d341b5d..be727f5 100644 void vsf_sysutil_activate_reuseaddr(int fd); void vsf_sysutil_set_nodelay(int fd); -- -2.5.5 +2.7.4 diff --git a/vsftpd-2.2.2-man-pages.patch b/0028-Fix-man-page-rendering.patch similarity index 76% rename from vsftpd-2.2.2-man-pages.patch rename to 0028-Fix-man-page-rendering.patch index d59104a..4d6e5e7 100644 --- a/vsftpd-2.2.2-man-pages.patch +++ b/0028-Fix-man-page-rendering.patch @@ -1,14 +1,14 @@ -From ab49bde79f81a422629210c23ccc83bc4e14ad2a Mon Sep 17 00:00:00 2001 +From ea99be1a7a5973bbe8ed798b65abe5ce3b92f5df Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Fri, 8 Apr 2016 15:03:16 +0200 -Subject: [PATCH 5/7] vsftpd-2.2.2-man-pages +Date: Thu, 17 Nov 2016 13:12:52 +0100 +Subject: [PATCH 28/33] Fix man page rendering. --- vsftpd.conf.5 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 -index 7a8f130..45cd3c0 100644 +index 31d317f..cf1ae34 100644 --- a/vsftpd.conf.5 +++ b/vsftpd.conf.5 @@ -495,7 +495,8 @@ Default: NO @@ -22,5 +22,5 @@ index 7a8f130..45cd3c0 100644 (New in v2.0.7). -- -2.5.5 +2.7.4 diff --git a/vsftpd-2.2.2-blank-chars-overflow.patch b/0029-Fix-segfault-in-config-file-parser.patch similarity index 79% rename from vsftpd-2.2.2-blank-chars-overflow.patch rename to 0029-Fix-segfault-in-config-file-parser.patch index c558db0..899bbd3 100644 --- a/vsftpd-2.2.2-blank-chars-overflow.patch +++ b/0029-Fix-segfault-in-config-file-parser.patch @@ -1,7 +1,7 @@ -From c7cbcc64c824d1a2a60f8d81c26d5c8215463623 Mon Sep 17 00:00:00 2001 +From 34b9e1d10c6be736f1b20be8795c655446f38c5e Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Fri, 8 Apr 2016 15:05:06 +0200 -Subject: [PATCH 6/7] vsftpd-2.2.2-blank-chars-overflow +Date: Thu, 17 Nov 2016 13:14:55 +0100 +Subject: [PATCH 29/33] Fix segfault in config file parser. --- str.c | 2 +- @@ -21,5 +21,5 @@ index 41b27db..82b8ae4 100644 void -- -2.5.5 +2.7.4 diff --git a/vsftpd-2.2.2-syslog.patch b/0030-Fix-logging-into-syslog-when-enabled-in-config.patch similarity index 72% rename from vsftpd-2.2.2-syslog.patch rename to 0030-Fix-logging-into-syslog-when-enabled-in-config.patch index d92cdae..c828c27 100644 --- a/vsftpd-2.2.2-syslog.patch +++ b/0030-Fix-logging-into-syslog-when-enabled-in-config.patch @@ -1,7 +1,7 @@ -From a480a9659fb0cab1c44006f6c06013e6e7f78948 Mon Sep 17 00:00:00 2001 +From 03ff061f18f555d7bec62fa6a597a275b4b3f1c7 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Fri, 8 Apr 2016 15:05:53 +0200 -Subject: [PATCH 7/7] vsftpd-2.2.2-syslog +Date: Thu, 17 Nov 2016 13:18:22 +0100 +Subject: [PATCH 30/33] Fix logging into syslog when enabled in config. --- logging.c | 2 +- @@ -21,5 +21,5 @@ index 99671b4..c4461f7 100644 if (!tunable_xferlog_enable && !tunable_dual_log_enable) { -- -2.5.5 +2.7.4 diff --git a/vsftpd-2.0.5-fix_qm.patch b/0031-Fix-question-mark-wildcard-withing-a-file-name.patch similarity index 68% rename from vsftpd-2.0.5-fix_qm.patch rename to 0031-Fix-question-mark-wildcard-withing-a-file-name.patch index 1890624..457404b 100644 --- a/vsftpd-2.0.5-fix_qm.patch +++ b/0031-Fix-question-mark-wildcard-withing-a-file-name.patch @@ -1,14 +1,16 @@ -From cdcb1c5f660fb4f72b4896f5145a34e9dd158252 Mon Sep 17 00:00:00 2001 +From 0da42468ac9518a544aad57d22d7697d6bdfa969 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 12:00:34 +0100 -Subject: [PATCH 26/26] Applied vsftpd-2.0.5-fix_qm.patch +Date: Thu, 17 Nov 2016 13:25:12 +0100 +Subject: [PATCH 31/33] Fix question mark wildcard withing a file name. +Previously '?' worked only at the end of a file name, now it can +be used anywhere. --- ls.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ls.c b/ls.c -index f18791d..de68c30 100644 +index 3c0988c..35c15c7 100644 --- a/ls.c +++ b/ls.c @@ -459,7 +459,8 @@ vsf_filename_passes_filter(const struct mystr* p_filename_str, @@ -22,5 +24,5 @@ index f18791d..de68c30 100644 /* Any incoming string left means no match unless we ended on the correct * type of wildcard. -- -2.5.0 +2.7.4 diff --git a/vsftpd-2.2.2-nfs-fail.patch b/0032-Propagate-errors-from-nfs-with-quota-to-client.patch similarity index 81% rename from vsftpd-2.2.2-nfs-fail.patch rename to 0032-Propagate-errors-from-nfs-with-quota-to-client.patch index 674a01e..46a60c4 100644 --- a/vsftpd-2.2.2-nfs-fail.patch +++ b/0032-Propagate-errors-from-nfs-with-quota-to-client.patch @@ -1,8 +1,11 @@ -From 1be2ebccc0a5e1040fa9bb5f1cac8040070830df Mon Sep 17 00:00:00 2001 +From aa9cb48373018502ef99a57aad70b69c0c75ff65 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 14:51:29 +0100 -Subject: [PATCH 25/26] Applied vsftpd-2.2.2-nfs-fail.patch +Date: Thu, 17 Nov 2016 13:29:59 +0100 +Subject: [PATCH 32/33] Propagate errors from nfs with quota to client. +vsftpd now checks for errors when closing newly uploaded file and +forward errors to the client (e.g. when file system quota was +exceeded) --- ftpcodes.h | 1 + postlogin.c | 32 ++++++++++++++++++++++++++++++-- @@ -11,10 +14,10 @@ Subject: [PATCH 25/26] Applied vsftpd-2.2.2-nfs-fail.patch 4 files changed, 53 insertions(+), 2 deletions(-) diff --git a/ftpcodes.h b/ftpcodes.h -index 81e25c5..3950f92 100644 +index 54dfae7..97801f3 100644 --- a/ftpcodes.h +++ b/ftpcodes.h -@@ -73,6 +73,7 @@ +@@ -74,6 +74,7 @@ #define FTP_NOHANDLEPROT 536 #define FTP_FILEFAIL 550 #define FTP_NOPERM 550 @@ -23,7 +26,7 @@ index 81e25c5..3950f92 100644 #endif /* VSF_FTPCODES_H */ diff --git a/postlogin.c b/postlogin.c -index 29958c0..154c16a 100644 +index e473c34..8363c9c 100644 --- a/postlogin.c +++ b/postlogin.c @@ -28,6 +28,8 @@ @@ -35,7 +38,7 @@ index 29958c0..154c16a 100644 /* Private local functions */ static void handle_pwd(struct vsf_session* p_sess); static void handle_cwd(struct vsf_session* p_sess); -@@ -1028,8 +1030,10 @@ handle_upload_common(struct vsf_session* p_sess, int is_append, int is_unique) +@@ -1035,8 +1037,10 @@ handle_upload_common(struct vsf_session* p_sess, int is_append, int is_unique) struct vsf_transfer_ret trans_ret; int new_file_fd; int remote_fd; @@ -46,7 +49,7 @@ index 29958c0..154c16a 100644 int do_truncate = 0; filesize_t offset = p_sess->restart_pos; p_sess->restart_pos = 0; -@@ -1142,6 +1146,18 @@ handle_upload_common(struct vsf_session* p_sess, int is_append, int is_unique) +@@ -1149,6 +1153,18 @@ handle_upload_common(struct vsf_session* p_sess, int is_append, int is_unique) trans_ret = vsf_ftpdataio_transfer_file(p_sess, remote_fd, new_file_fd, 1, 0); } @@ -65,7 +68,7 @@ index 29958c0..154c16a 100644 if (vsf_ftpdataio_dispose_transfer_fd(p_sess) != 1 && trans_ret.retval == 0) { trans_ret.retval = -2; -@@ -1154,7 +1170,16 @@ handle_upload_common(struct vsf_session* p_sess, int is_append, int is_unique) +@@ -1161,7 +1177,16 @@ handle_upload_common(struct vsf_session* p_sess, int is_append, int is_unique) } if (trans_ret.retval == -1) { @@ -83,7 +86,7 @@ index 29958c0..154c16a 100644 } else if (trans_ret.retval == -2) { -@@ -1176,7 +1201,10 @@ port_pasv_cleanup_out: +@@ -1183,7 +1208,10 @@ port_pasv_cleanup_out: { str_unlink(p_filename); } @@ -96,10 +99,10 @@ index 29958c0..154c16a 100644 static void diff --git a/sysutil.c b/sysutil.c -index a924edf..6dfe350 100644 +index 42bcdf8..1c0422e 100644 --- a/sysutil.c +++ b/sysutil.c -@@ -1259,6 +1259,27 @@ vsf_sysutil_close(int fd) +@@ -1269,6 +1269,27 @@ vsf_sysutil_close(int fd) } int @@ -128,7 +131,7 @@ index a924edf..6dfe350 100644 { return close(fd); diff --git a/sysutil.h b/sysutil.h -index c145bdf..26698cd 100644 +index 2886bbc..be727f5 100644 --- a/sysutil.h +++ b/sysutil.h @@ -92,6 +92,7 @@ int vsf_sysutil_create_or_open_file_append(const char* p_filename, @@ -140,5 +143,5 @@ index c145bdf..26698cd 100644 int vsf_sysutil_unlink(const char* p_dead); int vsf_sysutil_write_access(const char* p_filename); -- -2.5.0 +2.7.4 diff --git a/0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch b/0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch new file mode 100644 index 0000000..a7254e2 --- /dev/null +++ b/0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch @@ -0,0 +1,153 @@ +From 01bef55a1987700af3d43cdc5f5be88d3843ab85 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 17 Nov 2016 13:36:17 +0100 +Subject: [PATCH 33/33] Introduce TLSv1.1 and TLSv1.2 options. + +Users can now enable a specific version of TLS protocol. +--- + parseconf.c | 2 ++ + ssl.c | 8 ++++++++ + tunables.c | 9 +++++++-- + tunables.h | 2 ++ + vsftpd.conf.5 | 24 ++++++++++++++++++++---- + 5 files changed, 39 insertions(+), 6 deletions(-) + +diff --git a/parseconf.c b/parseconf.c +index a2c715b..33a1349 100644 +--- a/parseconf.c ++++ b/parseconf.c +@@ -85,6 +85,8 @@ parseconf_bool_array[] = + { "ssl_sslv2", &tunable_sslv2 }, + { "ssl_sslv3", &tunable_sslv3 }, + { "ssl_tlsv1", &tunable_tlsv1 }, ++ { "ssl_tlsv1_1", &tunable_tlsv1_1 }, ++ { "ssl_tlsv1_2", &tunable_tlsv1_2 }, + { "tilde_user_enable", &tunable_tilde_user_enable }, + { "force_anon_logins_ssl", &tunable_force_anon_logins_ssl }, + { "force_anon_data_ssl", &tunable_force_anon_data_ssl }, +diff --git a/ssl.c b/ssl.c +index 96bf8ad..ba8a613 100644 +--- a/ssl.c ++++ b/ssl.c +@@ -135,6 +135,14 @@ ssl_init(struct vsf_session* p_sess) + { + options |= SSL_OP_NO_TLSv1; + } ++ if (!tunable_tlsv1_1) ++ { ++ options |= SSL_OP_NO_TLSv1_1; ++ } ++ if (!tunable_tlsv1_2) ++ { ++ options |= SSL_OP_NO_TLSv1_2; ++ } + SSL_CTX_set_options(p_ctx, options); + if (tunable_rsa_cert_file) + { +diff --git a/tunables.c b/tunables.c +index 93f85b1..78f2bcd 100644 +--- a/tunables.c ++++ b/tunables.c +@@ -66,6 +66,8 @@ int tunable_force_local_data_ssl; + int tunable_sslv2; + int tunable_sslv3; + int tunable_tlsv1; ++int tunable_tlsv1_1; ++int tunable_tlsv1_2; + int tunable_tilde_user_enable; + int tunable_force_anon_logins_ssl; + int tunable_force_anon_data_ssl; +@@ -209,7 +211,10 @@ tunables_load_defaults() + tunable_force_local_data_ssl = 1; + tunable_sslv2 = 0; + tunable_sslv3 = 0; ++ /* TLSv1 up to TLSv1.2 is enabled by default */ + tunable_tlsv1 = 1; ++ tunable_tlsv1_1 = 1; ++ tunable_tlsv1_2 = 1; + tunable_tilde_user_enable = 0; + tunable_force_anon_logins_ssl = 0; + tunable_force_anon_data_ssl = 0; +@@ -292,8 +297,8 @@ tunables_load_defaults() + install_str_setting(0, &tunable_dsa_cert_file); + install_str_setting(0, &tunable_dh_param_file); + install_str_setting(0, &tunable_ecdh_param_file); +- install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA", +- &tunable_ssl_ciphers); ++ install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384", ++ &tunable_ssl_ciphers); + install_str_setting(0, &tunable_rsa_private_key_file); + install_str_setting(0, &tunable_dsa_private_key_file); + install_str_setting(0, &tunable_ca_certs_file); +diff --git a/tunables.h b/tunables.h +index 3e2d40c..a466427 100644 +--- a/tunables.h ++++ b/tunables.h +@@ -67,6 +67,8 @@ extern int tunable_force_local_data_ssl; /* Require local data uses SSL */ + extern int tunable_sslv2; /* Allow SSLv2 */ + extern int tunable_sslv3; /* Allow SSLv3 */ + extern int tunable_tlsv1; /* Allow TLSv1 */ ++extern int tunable_tlsv1_1; /* Allow TLSv1.1 */ ++extern int tunable_tlsv1_2; /* Allow TLSv1.2 */ + extern int tunable_tilde_user_enable; /* Support e.g. ~chris */ + extern int tunable_force_anon_logins_ssl; /* Require anon logins use SSL */ + extern int tunable_force_anon_data_ssl; /* Require anon data uses SSL */ +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index cf1ae34..a3d569e 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -506,7 +506,7 @@ Default: YES + Only applies if + .BR ssl_enable + is activated. If enabled, this option will permit SSL v2 protocol connections. +-TLS v1 connections are preferred. ++TLS v1.2 connections are preferred. + + Default: NO + .TP +@@ -514,7 +514,7 @@ Default: NO + Only applies if + .BR ssl_enable + is activated. If enabled, this option will permit SSL v3 protocol connections. +-TLS v1 connections are preferred. ++TLS v1.2 connections are preferred. + + Default: NO + .TP +@@ -522,7 +522,23 @@ Default: NO + Only applies if + .BR ssl_enable + is activated. If enabled, this option will permit TLS v1 protocol connections. +-TLS v1 connections are preferred. ++TLS v1.2 connections are preferred. ++ ++Default: YES ++.TP ++.B ssl_tlsv1_1 ++Only applies if ++.BR ssl_enable ++is activated. If enabled, this option will permit TLS v1.1 protocol connections. ++TLS v1.2 connections are preferred. ++ ++Default: YES ++.TP ++.B ssl_tlsv1_2 ++Only applies if ++.BR ssl_enable ++is activated. If enabled, this option will permit TLS v1.2 protocol connections. ++TLS v1.2 connections are preferred. + + Default: YES + .TP +@@ -1044,7 +1060,7 @@ man page for further details. Note that restricting ciphers can be a useful + security precaution as it prevents malicious remote parties forcing a cipher + which they have found problems with. + +-Default: DES-CBC3-SHA ++Default: AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384 + .TP + .B user_config_dir + This powerful option allows the override of any config option specified in +-- +2.7.4 + diff --git a/vsftpd-3.0.2-seccomp.patch b/0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch similarity index 62% rename from vsftpd-3.0.2-seccomp.patch rename to 0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch index ebf2a64..62fb66b 100644 --- a/vsftpd-3.0.2-seccomp.patch +++ b/0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch @@ -1,17 +1,17 @@ -From dd86a1c28f11fa67b1263d5dc79fa9953629d30d Mon Sep 17 00:00:00 2001 +From 4922e60589326540b2ee4f0bdfd6cb95f645f3d5 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka -Date: Fri, 8 Apr 2016 15:03:16 +0200 -Subject: [PATCH 1/7] vsftpd-3.0.2-seccomp +Date: Fri, 18 Nov 2016 10:23:29 +0100 +Subject: [PATCH] Turn off seccomp sandbox, because it is too strict. --- tunables.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tunables.c b/tunables.c -index 93f85b1..b024be4 100644 +index 78f2bcd..5440c00 100644 --- a/tunables.c +++ b/tunables.c -@@ -232,7 +232,7 @@ tunables_load_defaults() +@@ -237,7 +237,7 @@ tunables_load_defaults() tunable_isolate_network = 1; tunable_ftp_enable = 1; tunable_http_enable = 0; @@ -21,5 +21,5 @@ index 93f85b1..b024be4 100644 tunable_accept_timeout = 60; -- -2.5.5 +2.7.4 diff --git a/vsftpd-2.3.5-aslim.patch b/vsftpd-2.3.5-aslim.patch deleted file mode 100644 index 6f271e2..0000000 --- a/vsftpd-2.3.5-aslim.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up vsftpd-3.0.3/defs.h.aslim vsftpd-3.0.3/defs.h ---- vsftpd-3.0.3/defs.h.aslim 2016-03-03 16:55:42.760819658 +0100 -+++ vsftpd-3.0.3/defs.h 2016-03-03 17:01:49.606873710 +0100 -@@ -19,7 +19,7 @@ - /* Must be at least the size of VSFTP_MAX_COMMAND_LINE, VSFTP_DIR_BUFSIZE and - VSFTP_DATA_BUFSIZE*2 */ - #define VSFTP_PRIVSOCK_MAXSTR VSFTP_DATA_BUFSIZE * 2 --#define VSFTP_AS_LIMIT 200UL * 1024 * 1024 -+#define VSFTP_AS_LIMIT 400UL * 1024 * 1024 - - #endif /* VSF_DEFS_H */ - diff --git a/vsftpd-3.0.0-logrotate.patch b/vsftpd-3.0.0-logrotate.patch deleted file mode 100644 index 317821a..0000000 --- a/vsftpd-3.0.0-logrotate.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 5a4adb1078552f3f17f21dab9cacadbcacf593ec Mon Sep 17 00:00:00 2001 -From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 18/26] Applied vsftpd-3.0.0-logrotate.patch - ---- - RedHat/vsftpd.log | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/RedHat/vsftpd.log b/RedHat/vsftpd.log -index d338de8..14731c1 100644 ---- a/RedHat/vsftpd.log -+++ b/RedHat/vsftpd.log -@@ -3,3 +3,9 @@ - nocompress - missingok - } -+ -+/var/log/xferlog { -+ # ftpd doesn't handle SIGHUP properly -+ nocompress -+ missingok -+} --- -2.5.0 - diff --git a/vsftpd-3.0.0-xferlog.patch b/vsftpd-3.0.0-xferlog.patch deleted file mode 100644 index 9c8c669..0000000 --- a/vsftpd-3.0.0-xferlog.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 26d555a940faf7c7c90d8a8a2b5d5e0d9988f714 Mon Sep 17 00:00:00 2001 -From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 17/26] Applied vsftpd-3.0.0-xferlog.patch - ---- - vsftpd.conf | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/vsftpd.conf b/vsftpd.conf -index ae6c6c9..39d1955 100644 ---- a/vsftpd.conf -+++ b/vsftpd.conf -@@ -50,7 +50,7 @@ connect_from_port_20=YES - # - # You may override where the log file goes if you like. The default is shown - # below. --#xferlog_file=/var/log/vsftpd.log -+#xferlog_file=/var/log/xferlog - # - # If you want, you can have your log file in standard ftpd xferlog format. - # Note that the default log file location is /var/log/xferlog in this case. --- -2.5.0 - diff --git a/vsftpd-close-std-fds.patch b/vsftpd-close-std-fds.patch deleted file mode 100644 index 4811651..0000000 --- a/vsftpd-close-std-fds.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 883736a0ad3b521c8210cc7e6cbc2cb302aca43c Mon Sep 17 00:00:00 2001 -From: Martin Sehnoutka -Date: Thu, 17 Mar 2016 11:44:45 +0100 -Subject: [PATCH 06/26] Applied vsftpd-close-std-fds.patch - ---- - standalone.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/standalone.c b/standalone.c -index ba01ab1..e0f2d5b 100644 ---- a/standalone.c -+++ b/standalone.c -@@ -130,6 +130,9 @@ vsf_standalone_main(void) - die("could not bind listening IPv6 socket"); - } - } -+ vsf_sysutil_close(0); -+ vsf_sysutil_close(1); -+ vsf_sysutil_close(2); - retval = vsf_sysutil_listen(listen_sock, VSFTP_LISTEN_BACKLOG); - if (vsf_sysutil_retval_is_error(retval)) - { --- -2.5.0 - diff --git a/vsftpd.spec b/vsftpd.spec index a8e95be..d6ca350 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -1,123 +1,77 @@ -%{!?tcp_wrappers:%define tcp_wrappers 1} -%define _generatorsdir %{_prefix}/lib/systemd/system-generators +%global _generatorsdir %{_prefix}/lib/systemd/system-generators -Name: vsftpd +Name: vsftpd Version: 3.0.3 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Very Secure Ftp Daemon -Group: System Environment/Daemons +Group: System Environment/Daemons # OpenSSL link exception -License: GPLv2 with exceptions -URL: https://security.appspot.com/vsftpd.html -Source0: https://security.appspot.com/downloads/%{name}-%{version}.tar.gz -Source1: vsftpd.xinetd -Source2: vsftpd.pam -Source3: vsftpd.ftpusers -Source4: vsftpd.user_list -Source6: vsftpd_conf_migrate.sh -Source7: vsftpd.service -Source8: vsftpd@.service -Source9: vsftpd.target +License: GPLv2 with exceptions +URL: https://security.appspot.com/vsftpd.html +Source0: https://security.appspot.com/downloads/%{name}-%{version}.tar.gz +Source1: vsftpd.xinetd +Source2: vsftpd.pam +Source3: vsftpd.ftpusers +Source4: vsftpd.user_list +Source6: vsftpd_conf_migrate.sh +Source7: vsftpd.service +Source8: vsftpd@.service +Source9: vsftpd.target Source10: vsftpd-generator -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) - BuildRequires: pam-devel BuildRequires: libcap-devel BuildRequires: openssl-devel BuildRequires: systemd -%if %{tcp_wrappers} BuildRequires: tcp_wrappers-devel -%endif +BuildRequires: git Requires: logrotate -# Build patches -Patch1: vsftpd-2.1.0-libs.patch -Patch2: vsftpd-2.1.0-build_ssl.patch -Patch3: vsftpd-2.1.0-tcp_wrappers.patch - -# Use /etc/vsftpd/ instead of /etc/ -Patch4: vsftpd-2.1.0-configuration.patch - -# These need review -Patch5: vsftpd-2.1.0-pam_hostname.patch -Patch6: vsftpd-close-std-fds.patch -Patch7: vsftpd-2.1.0-filter.patch -Patch9: vsftpd-2.1.0-userlist_log.patch - -Patch10: vsftpd-2.1.0-trim.patch -Patch12: vsftpd-2.1.1-daemonize_plus.patch -Patch14: vsftpd-2.2.0-wildchar.patch - -Patch16: vsftpd-2.2.2-clone.patch -Patch19: vsftpd-2.3.4-sd.patch -Patch20: vsftpd-2.3.4-sqb.patch -Patch21: vsftpd-2.3.4-listen_ipv6.patch -Patch22: vsftpd-2.3.5-aslim.patch -Patch23: vsftpd-3.0.0-tz.patch -Patch24: vsftpd-3.0.0-xferlog.patch -Patch25: vsftpd-3.0.0-logrotate.patch -Patch26: vsftpd-3.0.2-lookup.patch -Patch27: vsftpd-3.0.2-uint-uidgid.patch -Patch28: vsftpd-3.0.2-dh.patch -Patch29: vsftpd-3.0.2-ecdh.patch -Patch30: vsftpd-3.0.2-docupd.patch -Patch31: vsftpd-3.0.2-rc450.patch -Patch32: vsftpd-3.0.2-seccomp.patch -Patch33: vsftpd-3.0.2-mrate.patch -Patch34: vsftpd-3.0.2-wnohang.patch -Patch35: vsftpd-3.0.2-del-upl.patch -Patch36: vsftpd-2.2.2-man-pages.patch -Patch37: vsftpd-2.2.2-blank-chars-overflow.patch -Patch38: vsftpd-2.2.2-syslog.patch +Patch1: 0001-Don-t-use-the-provided-script-to-locate-libraries.patch +Patch2: 0002-Enable-build-with-SSL.patch +Patch3: 0003-Enable-build-with-TCP-Wrapper.patch +Patch4: 0004-Use-etc-vsftpd-dir-for-config-files-instead-of-etc.patch +Patch5: 0005-Use-hostname-when-calling-PAM-authentication-module.patch +Patch6: 0006-Close-stdin-out-err-before-listening-for-incoming-co.patch +Patch7: 0007-Make-filename-filters-smarter.patch +Patch8: 0008-Write-denied-logins-into-the-log.patch +Patch9: 0009-Trim-whitespaces-when-reading-configuration.patch +Patch10: 0010-Improve-daemonizing.patch +Patch11: 0011-Fix-listing-with-more-than-one-star.patch +Patch12: 0012-Replace-syscall-__NR_clone-.-with-clone.patch +Patch13: 0013-Extend-man-pages-with-systemd-info.patch +Patch14: 0014-Add-support-for-square-brackets-in-ls.patch +Patch15: 0015-Listen-on-IPv6-by-default.patch +Patch16: 0016-Increase-VSFTP_AS_LIMIT-from-200UL-to-400UL.patch +Patch17: 0017-Fix-an-issue-with-timestamps-during-DST.patch +Patch18: 0018-Change-the-default-log-file-in-configuration.patch +Patch19: 0019-Introduce-reverse_lookup_enable-option.patch +Patch20: 0020-Use-unsigned-int-for-uid-and-gid-representation.patch +Patch21: 0021-Introduce-support-for-DHE-based-cipher-suites.patch +Patch22: 0022-Introduce-support-for-EDDHE-based-cipher-suites.patch +Patch23: 0023-Add-documentation-for-isolate_-options.-Correct-defa.patch +Patch24: 0024-Introduce-new-return-value-450.patch +Patch25: 0025-Improve-local_max_rate-option.patch +Patch26: 0026-Prevent-hanging-in-SIGCHLD-handler.patch +Patch27: 0027-Delete-files-when-upload-fails.patch +Patch28: 0028-Fix-man-page-rendering.patch +Patch29: 0029-Fix-segfault-in-config-file-parser.patch +Patch30: 0030-Fix-logging-into-syslog-when-enabled-in-config.patch +Patch31: 0031-Fix-question-mark-wildcard-withing-a-file-name.patch +Patch32: 0032-Propagate-errors-from-nfs-with-quota-to-client.patch +Patch33: 0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch +Patch34: 0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from scratch. %prep -%setup -q -n %{name}-%{version} +%autosetup -S git cp %{SOURCE1} . -%patch1 -p1 -b .libs -%patch2 -p1 -b .build_ssl -%if %{tcp_wrappers} -%patch3 -p1 -b .tcp_wrappers -%endif -%patch4 -p1 -b .configuration -%patch5 -p1 -b .pam_hostname -%patch6 -p1 -b .close_fds -%patch7 -p1 -b .filter -%patch9 -p1 -b .userlist_log -%patch10 -p1 -b .trim -%patch12 -p1 -b .daemonize_plus -%patch14 -p1 -b .wildchar -%patch16 -p1 -b .clone -%patch19 -p1 -b .sd -%patch20 -p1 -b .sqb -%patch21 -p1 -b .listen_ipv6 -%patch22 -p1 -b .aslim -%patch23 -p1 -b .tz -%patch24 -p1 -b .xferlog -%patch25 -p1 -b .logrotate -%patch26 -p1 -b .lookup -%patch27 -p1 -b .uint-uidgid -%patch28 -p1 -b .dh -%patch29 -p1 -b .ecdh -%patch30 -p1 -b .docupd -%patch31 -p1 -b .rc450 -%patch32 -p1 -b .seccomp -%patch33 -p1 -b .mrate -%patch34 -p1 -b .wnohang -%patch35 -p1 -b .del-upl -%patch36 -p1 -b .man_pages -%patch37 -p1 -b .blank-char-overflow -%patch38 -p1 -b .syslog - - - %build %ifarch s390x sparcv9 sparc64 make CFLAGS="$RPM_OPT_FLAGS -fPIE -pipe -Wextra -Werror" \ @@ -126,9 +80,7 @@ make CFLAGS="$RPM_OPT_FLAGS -fpie -pipe -Wextra -Werror" \ %endif LINK="-pie -lssl" %{?_smp_mflags} - %install -rm -rf $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT%{_sbindir} mkdir -p $RPM_BUILD_ROOT%{_sysconfdir} mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/{vsftpd,pam.d,logrotate.d} @@ -151,9 +103,6 @@ install -m 755 %{SOURCE10} $RPM_BUILD_ROOT%{_generatorsdir} mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub -%clean -rm -rf $RPM_BUILD_ROOT - %post %systemd_post vsftpd.service @@ -183,6 +132,12 @@ rm -rf $RPM_BUILD_ROOT %{_var}/ftp %changelog +* Thu Nov 17 2016 Martin Sehnoutka - 3.0.3-3 +- Review patches +- Add TLSv1.{1,2} options +- Fix question mark wildcard within a file name +- Seccomp patch removed + * Fri Apr 08 2016 Martin Sehnoutka - 3.0.3-2 - Applied patches: - Readd seccomp disabled by default From 86a81657335a1fbd25afc41ddf054ab440f9c50e Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Thu, 1 Dec 2016 15:57:29 +0100 Subject: [PATCH 08/85] Use OpenSSL compat library on rawhide --- vsftpd.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/vsftpd.spec b/vsftpd.spec index d6ca350..bf542db 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -22,7 +22,7 @@ Source10: vsftpd-generator BuildRequires: pam-devel BuildRequires: libcap-devel -BuildRequires: openssl-devel +BuildRequires: compat-openssl10-devel BuildRequires: systemd BuildRequires: tcp_wrappers-devel BuildRequires: git @@ -132,6 +132,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Thu Dec 01 2016 Martin Sehnoutka - 3.0.3-4 +- Use OpenSSL compat library on rawhide + * Thu Nov 17 2016 Martin Sehnoutka - 3.0.3-3 - Review patches - Add TLSv1.{1,2} options From d6e7ba7e274e1710024063eecd3ba99c8ddcd82d Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 11 Feb 2017 17:11:59 +0000 Subject: [PATCH 09/85] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild --- vsftpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index bf542db..2f9f03d 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 4%{?dist} +Release: 5%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -132,6 +132,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Sat Feb 11 2017 Fedora Release Engineering - 3.0.3-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + * Thu Dec 01 2016 Martin Sehnoutka - 3.0.3-4 - Use OpenSSL compat library on rawhide From 887286af04304ea494c538a7a45565853fab7675 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 27 Jul 2017 21:26:17 +0000 Subject: [PATCH 10/85] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild --- vsftpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index 2f9f03d..a627192 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 5%{?dist} +Release: 6%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -132,6 +132,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Thu Jul 27 2017 Fedora Release Engineering - 3.0.3-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + * Sat Feb 11 2017 Fedora Release Engineering - 3.0.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild From c0e8f38e23e2b3ae95d8ddfb9b24bf6bed345a49 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 3 Aug 2017 10:08:56 +0000 Subject: [PATCH 11/85] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild --- vsftpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index a627192..0a212ff 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 6%{?dist} +Release: 7%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -132,6 +132,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Thu Aug 03 2017 Fedora Release Engineering - 3.0.3-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + * Thu Jul 27 2017 Fedora Release Engineering - 3.0.3-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild From 255e73ec9e0839286f319b0c40cb3e653e6108b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Tue, 5 Sep 2017 15:27:42 +0200 Subject: [PATCH 12/85] Build against OpenSSL 1.1, redefine VSFTP_COMMAND_FD to 1 Build against OpenSSL 1.1. Redefine VSFTP_COMMAND_FD to 1 to get errors generated during startup picked up by systemd. Resolves: rhbz#1443055 --- ...ment-patch-to-build-with-OpenSSL-1.1.patch | 74 +++++++++++++++++++ 0036-Redefine-VSFTP_COMMAND_FD-to-1.patch | 29 ++++++++ vsftpd.spec | 12 ++- 3 files changed, 113 insertions(+), 2 deletions(-) create mode 100644 0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch create mode 100644 0036-Redefine-VSFTP_COMMAND_FD-to-1.patch diff --git a/0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch b/0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch new file mode 100644 index 0000000..ab3f35c --- /dev/null +++ b/0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch @@ -0,0 +1,74 @@ +From 6c8dd87f311e411bcb1c72c1c780497881a5621c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Mon, 4 Sep 2017 11:32:03 +0200 +Subject: [PATCH 35/35] Modify DH enablement patch to build with OpenSSL 1.1 + +--- + ssl.c | 41 ++++++++++++++++++++++++++++++++++++++--- + 1 file changed, 38 insertions(+), 3 deletions(-) + +diff --git a/ssl.c b/ssl.c +index ba8a613..09ec96a 100644 +--- a/ssl.c ++++ b/ssl.c +@@ -88,19 +88,54 @@ static struct mystr debug_str; + } + #endif + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) ++{ ++ /* If the fields p and g in d are NULL, the corresponding input ++ * parameters MUST be non-NULL. q may remain NULL. ++ */ ++ if ((dh->p == NULL && p == NULL) ++ || (dh->g == NULL && g == NULL)) ++ return 0; ++ ++ if (p != NULL) { ++ BN_free(dh->p); ++ dh->p = p; ++ } ++ if (q != NULL) { ++ BN_free(dh->q); ++ dh->q = q; ++ } ++ if (g != NULL) { ++ BN_free(dh->g); ++ dh->g = g; ++ } ++ ++ if (q != NULL) { ++ dh->length = BN_num_bits(q); ++ } ++ ++ return 1; ++} ++#endif ++ + #if !defined(DH_get_dh) + // Grab DH parameters + DH * + DH_get_dh(int size) + { ++ BIGNUM *g = NULL; ++ BIGNUM *p = NULL; + DH *dh = DH_new(); + if (!dh) { + return NULL; + } +- dh->p = DH_get_prime(match_dh_bits(size)); +- BN_dec2bn(&dh->g, "2"); +- if (!dh->p || !dh->g) ++ p = DH_get_prime(match_dh_bits(size)); ++ BN_dec2bn(&g, "2"); ++ if (!p || !g || !DH_set0_pqg(dh, p, NULL, g)) + { ++ BN_free(g); ++ BN_free(p); + DH_free(dh); + return NULL; + } +-- +2.9.5 + diff --git a/0036-Redefine-VSFTP_COMMAND_FD-to-1.patch b/0036-Redefine-VSFTP_COMMAND_FD-to-1.patch new file mode 100644 index 0000000..7f1911a --- /dev/null +++ b/0036-Redefine-VSFTP_COMMAND_FD-to-1.patch @@ -0,0 +1,29 @@ +From 18e0ab25a0d66088728b506cf64f5545637eda26 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Tue, 5 Sep 2017 14:26:08 +0200 +Subject: [PATCH 36/36] Redefine VSFTP_COMMAND_FD to 1 + +Redefine VSFTP_COMMAND_FD to 1 (stdout) so that error messages generated +during startup are picked up by systemd. + +Resolves: rhbz#1443055 +--- + defs.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/defs.h b/defs.h +index bde3232..315f0f0 100644 +--- a/defs.h ++++ b/defs.h +@@ -3,7 +3,7 @@ + + #define VSFTP_DEFAULT_CONFIG "/etc/vsftpd/vsftpd.conf" + +-#define VSFTP_COMMAND_FD 0 ++#define VSFTP_COMMAND_FD 1 + + #define VSFTP_PASSWORD_MAX 128 + #define VSFTP_USERNAME_MAX 128 +-- +2.9.5 + diff --git a/vsftpd.spec b/vsftpd.spec index 0a212ff..e3f1e06 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 7%{?dist} +Release: 8%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -22,7 +22,7 @@ Source10: vsftpd-generator BuildRequires: pam-devel BuildRequires: libcap-devel -BuildRequires: compat-openssl10-devel +BuildRequires: openssl-devel BuildRequires: systemd BuildRequires: tcp_wrappers-devel BuildRequires: git @@ -63,6 +63,8 @@ Patch31: 0031-Fix-question-mark-wildcard-withing-a-file-name.patch Patch32: 0032-Propagate-errors-from-nfs-with-quota-to-client.patch Patch33: 0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch Patch34: 0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch +Patch35: 0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch +Patch36: 0036-Redefine-VSFTP_COMMAND_FD-to-1.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -132,6 +134,12 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Tue Sep 05 2017 Ondřej Lysoněk - 3.0.3-8 +- Build against OpenSSL 1.1 +- Redefine VSFTP_COMMAND_FD to 1 to get errors generated during +- startup picked up by systemd +- Resolves: rhbz#1443055 + * Thu Aug 03 2017 Fedora Release Engineering - 3.0.3-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild From 178f53fd5f1af1eca8e4e460921396f39d6d4ccc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Thu, 26 Oct 2017 13:23:57 +0200 Subject: [PATCH 13/85] Document the relationship of text_userdb_names and chroot_local_user Resolves: rhbz#1439724 --- ...ationship-of-text_userdb_names-and-c.patch | 29 +++++++++++++++++++ vsftpd.spec | 7 ++++- 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 0037-Document-the-relationship-of-text_userdb_names-and-c.patch diff --git a/0037-Document-the-relationship-of-text_userdb_names-and-c.patch b/0037-Document-the-relationship-of-text_userdb_names-and-c.patch new file mode 100644 index 0000000..7bf92ae --- /dev/null +++ b/0037-Document-the-relationship-of-text_userdb_names-and-c.patch @@ -0,0 +1,29 @@ +From 221f35f302d53f5a89f8e79592492e7cb322e81a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Thu, 26 Oct 2017 13:08:32 +0200 +Subject: [PATCH 37/37] Document the relationship of text_userdb_names and + chroot_local_user + +Note in vsftpd.conf(5) that text_userdb_names may not work when +chroot_local_user is set to YES. +--- + vsftpd.conf.5 | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index a3d569e..45b3f9c 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -578,6 +578,9 @@ Default: NO + By default, numeric IDs are shown in the user and group fields of directory + listings. You can get textual names by enabling this parameter. It is off + by default for performance reasons. ++Note that textual names are not guaranteed when ++.BR chroot_local_user ++is set to YES. + + Default: NO + .TP +-- +2.14.3 + diff --git a/vsftpd.spec b/vsftpd.spec index e3f1e06..db2cbc8 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 8%{?dist} +Release: 9%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -65,6 +65,7 @@ Patch33: 0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch Patch34: 0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch Patch35: 0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch Patch36: 0036-Redefine-VSFTP_COMMAND_FD-to-1.patch +Patch37: 0037-Document-the-relationship-of-text_userdb_names-and-c.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -134,6 +135,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Thu Oct 26 2017 Ondřej Lysoněk - 3.0.3-9 +- Document the relationship of text_userdb_names and chroot_local_user +- Resolves: rhbz#1439724 + * Tue Sep 05 2017 Ondřej Lysoněk - 3.0.3-8 - Build against OpenSSL 1.1 - Redefine VSFTP_COMMAND_FD to 1 to get errors generated during From 0d16113de4272560193b1e7376beaf69bc52c69c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Tue, 31 Oct 2017 16:17:50 +0100 Subject: [PATCH 14/85] Document allow_writeable_chroot in the man page Resolves: rhbz#1507143 --- ...low_writeable_chroot-in-the-man-page.patch | 32 +++++++++++++++++++ vsftpd.spec | 7 +++- 2 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 0038-Document-allow_writeable_chroot-in-the-man-page.patch diff --git a/0038-Document-allow_writeable_chroot-in-the-man-page.patch b/0038-Document-allow_writeable_chroot-in-the-man-page.patch new file mode 100644 index 0000000..50aeee4 --- /dev/null +++ b/0038-Document-allow_writeable_chroot-in-the-man-page.patch @@ -0,0 +1,32 @@ +From a565aa70aafd5c955680e43bb396c8a371fee6a9 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Tue, 31 Oct 2017 16:13:46 +0100 +Subject: [PATCH 38/38] Document allow_writeable_chroot in the man page + +--- + vsftpd.conf.5 | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index 45b3f9c..d1f0db5 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -56,6 +56,15 @@ Only applies if + is active. If set to YES, anonymous users will be allowed to use secured SSL + connections. + ++Default: NO ++.TP ++.B allow_writeable_chroot ++Allow chroot()'ing a user to a directory writable by that user. Note that ++setting this to YES is potentially dangerous. For example, if the user ++creates an 'etc' directory in the new root directory, they could potentially ++trick the C library into loading a user-created configuration file from the ++/etc/ directory. ++ + Default: NO + .TP + .B anon_mkdir_write_enable +-- +2.14.3 + diff --git a/vsftpd.spec b/vsftpd.spec index db2cbc8..abd4948 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 9%{?dist} +Release: 10%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -66,6 +66,7 @@ Patch34: 0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch Patch35: 0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch Patch36: 0036-Redefine-VSFTP_COMMAND_FD-to-1.patch Patch37: 0037-Document-the-relationship-of-text_userdb_names-and-c.patch +Patch38: 0038-Document-allow_writeable_chroot-in-the-man-page.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -135,6 +136,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Tue Oct 31 2017 Ondřej Lysoněk - 3.0.3-10 +- Document allow_writeable_chroot in the man page +- Resolves: rhbz#1507143 + * Thu Oct 26 2017 Ondřej Lysoněk - 3.0.3-9 - Document the relationship of text_userdb_names and chroot_local_user - Resolves: rhbz#1439724 From e38d5f28a1ce9acd680b88c39a5f92ec8cfc5d54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Fri, 24 Nov 2017 11:24:56 +0100 Subject: [PATCH 15/85] Reset author in a patch Reset author in the patch 0038-Document-allow_writeable_chroot-in-the-man-page.patch --- 0038-Document-allow_writeable_chroot-in-the-man-page.patch | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/0038-Document-allow_writeable_chroot-in-the-man-page.patch b/0038-Document-allow_writeable_chroot-in-the-man-page.patch index 50aeee4..f8d8c1d 100644 --- a/0038-Document-allow_writeable_chroot-in-the-man-page.patch +++ b/0038-Document-allow_writeable_chroot-in-the-man-page.patch @@ -1,6 +1,6 @@ -From a565aa70aafd5c955680e43bb396c8a371fee6a9 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Tue, 31 Oct 2017 16:13:46 +0100 +From 35ec3be5427a54facd5f6299fda2da4c146d4846 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Fri, 24 Nov 2017 11:22:43 +0100 Subject: [PATCH 38/38] Document allow_writeable_chroot in the man page --- From f200da9342424e55a88d23823092fc626222dbaa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Fri, 24 Nov 2017 11:34:23 +0100 Subject: [PATCH 16/85] Improve documentation of ASCII mode in the man page Resolves: rhbz#1139409 --- ...tation-of-ASCII-mode-in-the-man-page.patch | 34 +++++++++++++++++++ vsftpd.spec | 7 +++- 2 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 0039-Improve-documentation-of-ASCII-mode-in-the-man-page.patch diff --git a/0039-Improve-documentation-of-ASCII-mode-in-the-man-page.patch b/0039-Improve-documentation-of-ASCII-mode-in-the-man-page.patch new file mode 100644 index 0000000..4b32923 --- /dev/null +++ b/0039-Improve-documentation-of-ASCII-mode-in-the-man-page.patch @@ -0,0 +1,34 @@ +From 7d4b76abb437184fa692533cb5537318026a30e8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Fri, 24 Nov 2017 11:26:37 +0100 +Subject: [PATCH 39/39] Improve documentation of ASCII mode in the man page + +--- + vsftpd.conf.5 | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index d1f0db5..3ca55e4 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -113,11 +113,17 @@ Default: YES + .TP + .B ascii_download_enable + When enabled, ASCII mode data transfers will be honoured on downloads. ++When disabled, the server will pretend to allow ASCII mode but in fact ++ignore the request. Turn this option on to have the server actually do ++ASCII mangling on files when in ASCII mode. + + Default: NO + .TP + .B ascii_upload_enable + When enabled, ASCII mode data transfers will be honoured on uploads. ++See also ++.BR ascii_download_enable ++for more details. + + Default: NO + .TP +-- +2.14.3 + diff --git a/vsftpd.spec b/vsftpd.spec index abd4948..b75f1c4 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 10%{?dist} +Release: 11%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -67,6 +67,7 @@ Patch35: 0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch Patch36: 0036-Redefine-VSFTP_COMMAND_FD-to-1.patch Patch37: 0037-Document-the-relationship-of-text_userdb_names-and-c.patch Patch38: 0038-Document-allow_writeable_chroot-in-the-man-page.patch +Patch39: 0039-Improve-documentation-of-ASCII-mode-in-the-man-page.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -136,6 +137,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Fri Nov 24 2017 Ondřej Lysoněk - 3.0.3-11 +- Improve documentation of ASCII mode in the man page +- Resolves: rhbz#1139409 + * Tue Oct 31 2017 Ondřej Lysoněk - 3.0.3-10 - Document allow_writeable_chroot in the man page - Resolves: rhbz#1507143 From 071c1c3826a8073a3e339108f11382a614179065 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Thu, 21 Dec 2017 12:26:20 +0100 Subject: [PATCH 17/85] Use system wide crypto policy Resolves: rhbz#1483970 --- 0040-Use-system-wide-crypto-policy.patch | 27 ++++++++++++++++++++++++ vsftpd.spec | 7 +++++- 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 0040-Use-system-wide-crypto-policy.patch diff --git a/0040-Use-system-wide-crypto-policy.patch b/0040-Use-system-wide-crypto-policy.patch new file mode 100644 index 0000000..d79530b --- /dev/null +++ b/0040-Use-system-wide-crypto-policy.patch @@ -0,0 +1,27 @@ +From b83be8b4f86bf1a8a6de4802a9486d084c4a46cd Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Tue, 29 Aug 2017 10:32:16 +0200 +Subject: [PATCH 40/40] Use system wide crypto policy + +Resolves: rhbz#1483970 +--- + tunables.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/tunables.c b/tunables.c +index 5440c00..354251c 100644 +--- a/tunables.c ++++ b/tunables.c +@@ -297,8 +297,7 @@ tunables_load_defaults() + install_str_setting(0, &tunable_dsa_cert_file); + install_str_setting(0, &tunable_dh_param_file); + install_str_setting(0, &tunable_ecdh_param_file); +- install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384", +- &tunable_ssl_ciphers); ++ install_str_setting("PROFILE=SYSTEM", &tunable_ssl_ciphers); + install_str_setting(0, &tunable_rsa_private_key_file); + install_str_setting(0, &tunable_dsa_private_key_file); + install_str_setting(0, &tunable_ca_certs_file); +-- +2.14.3 + diff --git a/vsftpd.spec b/vsftpd.spec index b75f1c4..f51ffba 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 11%{?dist} +Release: 12%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -68,6 +68,7 @@ Patch36: 0036-Redefine-VSFTP_COMMAND_FD-to-1.patch Patch37: 0037-Document-the-relationship-of-text_userdb_names-and-c.patch Patch38: 0038-Document-allow_writeable_chroot-in-the-man-page.patch Patch39: 0039-Improve-documentation-of-ASCII-mode-in-the-man-page.patch +Patch40: 0040-Use-system-wide-crypto-policy.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -137,6 +138,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Thu Dec 21 2017 Ondřej Lysoněk - 3.0.3-12 +- Use system wide crypto policy +- Resolves: rhbz#1483970 + * Fri Nov 24 2017 Ondřej Lysoněk - 3.0.3-11 - Improve documentation of ASCII mode in the man page - Resolves: rhbz#1139409 From adb9788c891574c0a83ddcfbb3aaff823a181b50 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Thu, 21 Dec 2017 14:43:27 +0100 Subject: [PATCH 18/85] Fix docs for ssl_ciphers, fix FEAT handling, disable TLSv1, TLSv1.1 Document the new default for ssl_ciphers in the man page Related: rhbz#1483970 When handling the FEAT command, check ssl_tlsv1_1 and ssl_tlsv1_2 Patch was written by Martin Sehnoutka Resolves: rhbz#1432054 Disable TLSv1 and TLSv1.1 - enable only TLSv1.2 by default. --- ...-default-for-ssl_ciphers-in-the-man-.patch | 31 +++++++++++ ...AT-command-check-ssl_tlsv1_1-and-ssl.patch | 32 +++++++++++ 0043-Enable-only-TLSv1.2-by-default.patch | 53 +++++++++++++++++++ vsftpd.spec | 13 ++++- 4 files changed, 128 insertions(+), 1 deletion(-) create mode 100644 0041-Document-the-new-default-for-ssl_ciphers-in-the-man-.patch create mode 100644 0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch create mode 100644 0043-Enable-only-TLSv1.2-by-default.patch diff --git a/0041-Document-the-new-default-for-ssl_ciphers-in-the-man-.patch b/0041-Document-the-new-default-for-ssl_ciphers-in-the-man-.patch new file mode 100644 index 0000000..e004e0f --- /dev/null +++ b/0041-Document-the-new-default-for-ssl_ciphers-in-the-man-.patch @@ -0,0 +1,31 @@ +From 2369d1ea5144d525d315aba90da528e7d9bfd1cc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Thu, 21 Dec 2017 14:19:18 +0100 +Subject: [PATCH 41/41] Document the new default for ssl_ciphers in the man + page + +Related: rhbz#1483970 +--- + vsftpd.conf.5 | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index 3ca55e4..2a7662e 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -1078,7 +1078,11 @@ man page for further details. Note that restricting ciphers can be a useful + security precaution as it prevents malicious remote parties forcing a cipher + which they have found problems with. + +-Default: AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384 ++By default, the system-wide crypto policy is used. See ++.BR update-crypto-policies(8) ++for further details. ++ ++Default: PROFILE=SYSTEM + .TP + .B user_config_dir + This powerful option allows the override of any config option specified in +-- +2.14.3 + diff --git a/0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch b/0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch new file mode 100644 index 0000000..542cd69 --- /dev/null +++ b/0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch @@ -0,0 +1,32 @@ +From 1c280a0b04e58ec63ce9ab5eb8d0ffe5ebbae115 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Thu, 21 Dec 2017 14:29:25 +0100 +Subject: [PATCH 42/42] When handling FEAT command, check ssl_tlsv1_1 and + ssl_tlsv1_2 + +Send 'AUTH SSL' in reply to the FEAT command when the ssl_tlsv1_1 +or ssl_tlsv1_2 configuration option is enabled. + +The patch was written by Martin Sehnoutka. + +Resolves: rhbz#1432054 +--- + features.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/features.c b/features.c +index 1212980..d024366 100644 +--- a/features.c ++++ b/features.c +@@ -22,7 +22,7 @@ handle_feat(struct vsf_session* p_sess) + { + vsf_cmdio_write_raw(p_sess, " AUTH SSL\r\n"); + } +- if (tunable_tlsv1) ++ if (tunable_tlsv1 || tunable_tlsv1_1 || tunable_tlsv1_2) + { + vsf_cmdio_write_raw(p_sess, " AUTH TLS\r\n"); + } +-- +2.14.3 + diff --git a/0043-Enable-only-TLSv1.2-by-default.patch b/0043-Enable-only-TLSv1.2-by-default.patch new file mode 100644 index 0000000..ca8b1d3 --- /dev/null +++ b/0043-Enable-only-TLSv1.2-by-default.patch @@ -0,0 +1,53 @@ +From 75c942c77aa575143c5b75637e64a925ad12641a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Thu, 21 Dec 2017 16:38:40 +0100 +Subject: [PATCH 43/43] Enable only TLSv1.2 by default + +Disable TLSv1 and TLSv1.1 - enable only TLSv1.2 by default. +--- + tunables.c | 6 +++--- + vsftpd.conf.5 | 4 ++-- + 2 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/tunables.c b/tunables.c +index 354251c..9680528 100644 +--- a/tunables.c ++++ b/tunables.c +@@ -211,9 +211,9 @@ tunables_load_defaults() + tunable_force_local_data_ssl = 1; + tunable_sslv2 = 0; + tunable_sslv3 = 0; +- /* TLSv1 up to TLSv1.2 is enabled by default */ +- tunable_tlsv1 = 1; +- tunable_tlsv1_1 = 1; ++ tunable_tlsv1 = 0; ++ tunable_tlsv1_1 = 0; ++ /* Only TLSv1.2 is enabled by default */ + tunable_tlsv1_2 = 1; + tunable_tilde_user_enable = 0; + tunable_force_anon_logins_ssl = 0; +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index 2a7662e..df14027 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -539,7 +539,7 @@ Only applies if + is activated. If enabled, this option will permit TLS v1 protocol connections. + TLS v1.2 connections are preferred. + +-Default: YES ++Default: NO + .TP + .B ssl_tlsv1_1 + Only applies if +@@ -547,7 +547,7 @@ Only applies if + is activated. If enabled, this option will permit TLS v1.1 protocol connections. + TLS v1.2 connections are preferred. + +-Default: YES ++Default: NO + .TP + .B ssl_tlsv1_2 + Only applies if +-- +2.14.3 + diff --git a/vsftpd.spec b/vsftpd.spec index f51ffba..35e803f 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 12%{?dist} +Release: 13%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -69,6 +69,9 @@ Patch37: 0037-Document-the-relationship-of-text_userdb_names-and-c.patch Patch38: 0038-Document-allow_writeable_chroot-in-the-man-page.patch Patch39: 0039-Improve-documentation-of-ASCII-mode-in-the-man-page.patch Patch40: 0040-Use-system-wide-crypto-policy.patch +Patch41: 0041-Document-the-new-default-for-ssl_ciphers-in-the-man-.patch +Patch42: 0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch +Patch43: 0043-Enable-only-TLSv1.2-by-default.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -138,6 +141,14 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Thu Dec 21 2017 Ondřej Lysoněk - 3.0.3-13 +- Document the new default for ssl_ciphers in the man page +- Related: rhbz#1483970 +- When handling FEAT command, check ssl_tlsv1_1 and ssl_tlsv1_2 +- Patch was written by Martin Sehnoutka +- Resolves: rhbz#1432054 +- Disable TLSv1 and TLSv1.1 - enable only TLSv1.2 by default + * Thu Dec 21 2017 Ondřej Lysoněk - 3.0.3-12 - Use system wide crypto policy - Resolves: rhbz#1483970 From d8fa56df7a02506135f4b562783604efbeb3ee0f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Tue, 2 Jan 2018 10:06:40 +0100 Subject: [PATCH 19/85] Disable anonymous_enable in default config file Resolves: rhbz#1338637 --- vsftpd.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index 35e803f..fbe289d 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 13%{?dist} +Release: 14%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -72,6 +72,7 @@ Patch40: 0040-Use-system-wide-crypto-policy.patch Patch41: 0041-Document-the-new-default-for-ssl_ciphers-in-the-man-.patch Patch42: 0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch Patch43: 0043-Enable-only-TLSv1.2-by-default.patch +Patch44: 0044-Disable-anonymous_enable-in-default-config-file.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -141,6 +142,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Tue Jan 02 2018 Ondřej Lysoněk - 3.0.3-14 +- Disable anonymous_enable in default config file +- Resolves: rhbz#1338637 + * Thu Dec 21 2017 Ondřej Lysoněk - 3.0.3-13 - Document the new default for ssl_ciphers in the man page - Related: rhbz#1483970 From a3ebf226c90633008e5a5cf4697885ed5335daab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Tue, 2 Jan 2018 10:07:55 +0100 Subject: [PATCH 20/85] Add patch forgotten in last commit --- ...nymous_enable-in-default-config-file.patch | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 0044-Disable-anonymous_enable-in-default-config-file.patch diff --git a/0044-Disable-anonymous_enable-in-default-config-file.patch b/0044-Disable-anonymous_enable-in-default-config-file.patch new file mode 100644 index 0000000..cc9eace --- /dev/null +++ b/0044-Disable-anonymous_enable-in-default-config-file.patch @@ -0,0 +1,26 @@ +From ffaeebcfdb56ba75392af21c68c0bac78a226b55 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Tue, 2 Jan 2018 09:54:43 +0100 +Subject: [PATCH 44/44] Disable anonymous_enable in default config file + +Resolves: rhbz#1338637 +--- + vsftpd.conf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/vsftpd.conf b/vsftpd.conf +index 39d1955..4626c1b 100644 +--- a/vsftpd.conf ++++ b/vsftpd.conf +@@ -9,7 +9,7 @@ + # capabilities. + # + # Allow anonymous FTP? (Beware - allowed by default if you comment this out). +-anonymous_enable=YES ++anonymous_enable=NO + # + # Uncomment this to allow local users to log in. + # When SELinux is enforcing check for SE bool ftp_home_dir +-- +2.14.3 + From fe56946d0eadb41a642e3044f534400455e56230 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Tue, 2 Jan 2018 16:49:50 +0100 Subject: [PATCH 21/85] Expand the explanation of the ascii_* options behaviour --- ...on-of-ascii_-options-behaviour-in-ma.patch | 52 +++++++++++++++++++ ...r-to-the-man-page-regarding-the-asci.patch | 27 ++++++++++ vsftpd.spec | 7 ++- 3 files changed, 85 insertions(+), 1 deletion(-) create mode 100644 0045-Expand-explanation-of-ascii_-options-behaviour-in-ma.patch create mode 100644 0046-vsftpd.conf-Refer-to-the-man-page-regarding-the-asci.patch diff --git a/0045-Expand-explanation-of-ascii_-options-behaviour-in-ma.patch b/0045-Expand-explanation-of-ascii_-options-behaviour-in-ma.patch new file mode 100644 index 0000000..b4a6f59 --- /dev/null +++ b/0045-Expand-explanation-of-ascii_-options-behaviour-in-ma.patch @@ -0,0 +1,52 @@ +From 61327320b54a59e319c522151f7a61c74ec94f2f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Tue, 2 Jan 2018 16:25:55 +0100 +Subject: [PATCH 45/46] Expand explanation of ascii_* options behaviour in man + page + +--- + vsftpd.conf.5 | 22 ++++++++++++++++++---- + 1 file changed, 18 insertions(+), 4 deletions(-) + +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index df14027..a5abeb2 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -114,16 +114,30 @@ Default: YES + .B ascii_download_enable + When enabled, ASCII mode data transfers will be honoured on downloads. + When disabled, the server will pretend to allow ASCII mode but in fact +-ignore the request. Turn this option on to have the server actually do ++ignore requests to activate it. So the client will think the ASCII mode ++is active and therefore may still translate any ++.BR ++character sequences in the received file. See the following article for ++a detailed explanation of the behaviour: ++https://access.redhat.com/articles/3250241. ++ ++Turn this option on to have the server actually do + ASCII mangling on files when in ASCII mode. + + Default: NO + .TP + .B ascii_upload_enable + When enabled, ASCII mode data transfers will be honoured on uploads. +-See also +-.BR ascii_download_enable +-for more details. ++When disabled, the server will pretend to allow ASCII mode but in fact ++ignore requests to activate it. So the client will think the ASCII mode ++is active and will translate native line terminators to the standard ++.BR ++line terminators for transmission, but the server will not do ++any translation. See the following article for a detailed explanation ++of the behaviour: https://access.redhat.com/articles/3250241. ++ ++Turn this option on to have the server actually do ++ASCII mangling on files when in ASCII mode. + + Default: NO + .TP +-- +2.14.3 + diff --git a/0046-vsftpd.conf-Refer-to-the-man-page-regarding-the-asci.patch b/0046-vsftpd.conf-Refer-to-the-man-page-regarding-the-asci.patch new file mode 100644 index 0000000..9e8b8ea --- /dev/null +++ b/0046-vsftpd.conf-Refer-to-the-man-page-regarding-the-asci.patch @@ -0,0 +1,27 @@ +From 446f7c1ec54e06b5da2e890e0cd8fbd7308322c9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Tue, 2 Jan 2018 16:33:18 +0100 +Subject: [PATCH 46/46] vsftpd.conf: Refer to the man page regarding the + ascii_* options + +--- + vsftpd.conf | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/vsftpd.conf b/vsftpd.conf +index 4626c1b..e70bc6d 100644 +--- a/vsftpd.conf ++++ b/vsftpd.conf +@@ -73,7 +73,8 @@ xferlog_std_format=YES + # + # By default the server will pretend to allow ASCII mode but in fact ignore + # the request. Turn on the below options to have the server actually do ASCII +-# mangling on files when in ASCII mode. ++# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains ++# the behaviour when these options are disabled. + # Beware that on some FTP servers, ASCII support allows a denial of service + # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd + # predicted this attack and has always been safe, reporting the size of the +-- +2.14.3 + diff --git a/vsftpd.spec b/vsftpd.spec index fbe289d..05e8dc2 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 14%{?dist} +Release: 15%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -73,6 +73,8 @@ Patch41: 0041-Document-the-new-default-for-ssl_ciphers-in-the-man-.patch Patch42: 0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch Patch43: 0043-Enable-only-TLSv1.2-by-default.patch Patch44: 0044-Disable-anonymous_enable-in-default-config-file.patch +Patch45: 0045-Expand-explanation-of-ascii_-options-behaviour-in-ma.patch +Patch46: 0046-vsftpd.conf-Refer-to-the-man-page-regarding-the-asci.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -142,6 +144,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Tue Jan 02 2018 Ondřej Lysoněk - 3.0.3-15 +- Expand the explanation of the ascii_* options behaviour + * Tue Jan 02 2018 Ondřej Lysoněk - 3.0.3-14 - Disable anonymous_enable in default config file - Resolves: rhbz#1338637 From c1815032433e064fcff3f2deac50290f163b88e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Fri, 5 Jan 2018 10:42:56 +0100 Subject: [PATCH 22/85] Disable tcp_wrappers support, fix man page Disable tcp_wrappers support Resolves: rhbz#1518796 Fix default value of strict_ssl_read_eof in man page --- 0047-Disable-tcp_wrappers-support.patch | 49 +++++++++++++++++++ ...e-of-strict_ssl_read_eof-in-man-page.patch | 29 +++++++++++ vsftpd.spec | 10 +++- 3 files changed, 86 insertions(+), 2 deletions(-) create mode 100644 0047-Disable-tcp_wrappers-support.patch create mode 100644 0048-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch diff --git a/0047-Disable-tcp_wrappers-support.patch b/0047-Disable-tcp_wrappers-support.patch new file mode 100644 index 0000000..ce64f2d --- /dev/null +++ b/0047-Disable-tcp_wrappers-support.patch @@ -0,0 +1,49 @@ +From b383ec42bb750419fea102fccf36af5216145eb2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Fri, 5 Jan 2018 09:17:13 +0100 +Subject: [PATCH 47/48] Disable tcp_wrappers support + +Resolves: rhbz#1518796 +--- + Makefile | 2 +- + builddefs.h | 1 - + vsftpd.conf | 1 - + 3 files changed, 1 insertion(+), 3 deletions(-) + +diff --git a/Makefile b/Makefile +index 98118dc..612994e 100644 +--- a/Makefile ++++ b/Makefile +@@ -8,7 +8,7 @@ CFLAGS = -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 \ + -D_FORTIFY_SOURCE=2 \ + #-pedantic -Wconversion + +-LIBS = -lwrap -lnsl -lpam -lcap -ldl -lcrypto ++LIBS = -lnsl -lpam -lcap -ldl -lcrypto + LINK = -Wl,-s + LDFLAGS = -fPIE -pie -Wl,-z,relro -Wl,-z,now + +diff --git a/builddefs.h b/builddefs.h +index 83de674..2aa3a4c 100644 +--- a/builddefs.h ++++ b/builddefs.h +@@ -1,7 +1,6 @@ + #ifndef VSF_BUILDDEFS_H + #define VSF_BUILDDEFS_H + +-#define VSF_BUILD_TCPWRAPPERS + #define VSF_BUILD_PAM + #define VSF_BUILD_SSL + +diff --git a/vsftpd.conf b/vsftpd.conf +index e70bc6d..6b8eebb 100644 +--- a/vsftpd.conf ++++ b/vsftpd.conf +@@ -125,4 +125,3 @@ listen_ipv6=YES + + pam_service_name=vsftpd + userlist_enable=YES +-tcp_wrappers=YES +-- +2.14.3 + diff --git a/0048-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch b/0048-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch new file mode 100644 index 0000000..5fbb2cc --- /dev/null +++ b/0048-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch @@ -0,0 +1,29 @@ +From 9cba9e81aa96e1d64ae2eaaf88330e09dadfce79 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Fri, 5 Jan 2018 09:40:09 +0100 +Subject: [PATCH 48/48] Fix default value of strict_ssl_read_eof in man page + +--- + vsftpd.conf.5 | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index a5abeb2..43b0435 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -574,10 +574,9 @@ Default: YES + .B strict_ssl_read_eof + If enabled, SSL data uploads are required to terminate via SSL, not an + EOF on the socket. This option is required to be sure that an attacker did +-not terminate an upload prematurely with a faked TCP FIN. Unfortunately, it +-is not enabled by default because so few clients get it right. (New in v2.0.7). ++not terminate an upload prematurely with a faked TCP FIN. (New in v2.0.7). + +-Default: NO ++Default: YES + .TP + .B strict_ssl_write_shutdown + If enabled, SSL data downloads are required to terminate via SSL, not an +-- +2.14.3 + diff --git a/vsftpd.spec b/vsftpd.spec index 05e8dc2..b95acb7 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 15%{?dist} +Release: 16%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -24,7 +24,6 @@ BuildRequires: pam-devel BuildRequires: libcap-devel BuildRequires: openssl-devel BuildRequires: systemd -BuildRequires: tcp_wrappers-devel BuildRequires: git Requires: logrotate @@ -75,6 +74,8 @@ Patch43: 0043-Enable-only-TLSv1.2-by-default.patch Patch44: 0044-Disable-anonymous_enable-in-default-config-file.patch Patch45: 0045-Expand-explanation-of-ascii_-options-behaviour-in-ma.patch Patch46: 0046-vsftpd.conf-Refer-to-the-man-page-regarding-the-asci.patch +Patch47: 0047-Disable-tcp_wrappers-support.patch +Patch48: 0048-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -144,6 +145,11 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Fri Jan 05 2018 Ondřej Lysoněk - 3.0.3-16 +- Disable tcp_wrappers support +- Resolves: rhbz#1518796 +- Fix default value of strict_ssl_read_eof in man page + * Tue Jan 02 2018 Ondřej Lysoněk - 3.0.3-15 - Expand the explanation of the ascii_* options behaviour From e413c71aa351a208815bc2f6c7883234a0f65a95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Wed, 17 Jan 2018 13:30:01 +0100 Subject: [PATCH 23/85] Add BuildRequires: libnsl2-devel Add BuildRequires: libnsl2-devel because of https://fedoraproject.org/wiki/Changes/NISIPv6 --- vsftpd.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index b95acb7..de2f47b 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 16%{?dist} +Release: 17%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -25,6 +25,7 @@ BuildRequires: libcap-devel BuildRequires: openssl-devel BuildRequires: systemd BuildRequires: git +BuildRequires: libnsl2-devel Requires: logrotate @@ -145,6 +146,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Wed Jan 10 2018 Ondřej Lysoněk - 3.0.3-17 +- Add BuildRequires: libnsl2-devel +- https://fedoraproject.org/wiki/Changes/NISIPv6 + * Fri Jan 05 2018 Ondřej Lysoněk - 3.0.3-16 - Disable tcp_wrappers support - Resolves: rhbz#1518796 From 37f8d87aad5c8f3c0f47f5698e73f94dcd12900f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Tue, 6 Feb 2018 15:07:15 +0100 Subject: [PATCH 24/85] Add new filename generation algorithm for STOU command A new configuration option 'better_stou' can be used to enable a better algorithm for generating unique filenames. Resolves: rhbz#1479237 --- ...-generation-algorithm-for-STOU-comma.patch | 322 ++++++++++++++++++ vsftpd.spec | 8 +- 2 files changed, 329 insertions(+), 1 deletion(-) create mode 100644 0049-Add-new-filename-generation-algorithm-for-STOU-comma.patch diff --git a/0049-Add-new-filename-generation-algorithm-for-STOU-comma.patch b/0049-Add-new-filename-generation-algorithm-for-STOU-comma.patch new file mode 100644 index 0000000..bfbb871 --- /dev/null +++ b/0049-Add-new-filename-generation-algorithm-for-STOU-comma.patch @@ -0,0 +1,322 @@ +From 1203b943b369651d96d057f8190f14f015e6ff0b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Tue, 6 Feb 2018 13:30:44 +0100 +Subject: [PATCH 49/49] Add new filename generation algorithm for STOU command + +A new configuration option 'better_stou' can be used to enable +a better algorithm for generating unique filenames. + +Resolves: rhbz#1479237 +--- + parseconf.c | 1 + + postlogin.c | 176 +++++++++++++++++++++++++++++++++++++++++++++++++--------- + sysutil.c | 3 + + sysutil.h | 3 +- + tunables.c | 2 + + tunables.h | 3 + + vsftpd.conf.5 | 5 ++ + 7 files changed, 166 insertions(+), 27 deletions(-) + +diff --git a/parseconf.c b/parseconf.c +index 33a1349..47b54f1 100644 +--- a/parseconf.c ++++ b/parseconf.c +@@ -111,6 +111,7 @@ parseconf_bool_array[] = + { "http_enable", &tunable_http_enable }, + { "seccomp_sandbox", &tunable_seccomp_sandbox }, + { "allow_writeable_chroot", &tunable_allow_writeable_chroot }, ++ { "better_stou", &tunable_better_stou }, + { 0, 0 } + }; + +diff --git a/postlogin.c b/postlogin.c +index 8363c9c..7c749ef 100644 +--- a/postlogin.c ++++ b/postlogin.c +@@ -29,6 +29,7 @@ + #include "opts.h" + + #include ++#include + + /* Private local functions */ + static void handle_pwd(struct vsf_session* p_sess); +@@ -1028,6 +1029,114 @@ handle_stor(struct vsf_session* p_sess) + handle_upload_common(p_sess, 0, 0); + } + ++/* Based on __gen_tempname() from glibc - thanks, glibc! Relicensed ++ * from LGPL2.1+ to GPL2. ++ */ ++static int ++create_unique_file(struct vsf_session* p_sess, struct mystr* p_outstr, ++ const struct mystr* p_base_str, ++ int (*access_checker)(const struct mystr*)) ++{ ++ struct mystr s_result = INIT_MYSTR; ++ const int suffix_len = 6; ++ unsigned int count; ++ static unsigned long long int value; ++ unsigned long long int random_time_bits; ++ int fd = -1; ++ /* These are the characters used in temporary file names. */ ++ struct mystr s_letters = INIT_MYSTR; ++ unsigned int s_letters_len; ++ int base_len; ++ ++ str_alloc_text(&s_letters, ++ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"); ++ s_letters_len = str_getlen(&s_letters); ++ ++ /* A lower bound on the number of temporary files to attempt to ++ generate. The maximum total number of temporary file names that ++ can exist for a given template is 62**6. It should never be ++ necessary to try all of these combinations. Instead if a reasonable ++ number of names is tried (we define reasonable as 62**3) fail to ++ give the system administrator the chance to remove the problems. */ ++#define ATTEMPTS_MIN (62 * 62 * 62) ++ ++ /* The number of times to attempt to generate a temporary file. */ ++#if ATTEMPTS_MIN < TMP_MAX ++ unsigned int attempts = TMP_MAX; ++#else ++ unsigned int attempts = ATTEMPTS_MIN; ++#endif ++#undef ATTEMPTS_MIN ++ ++ { ++ long sec = vsf_sysutil_get_time_sec(); ++ long usec = vsf_sysutil_get_time_usec(); ++ random_time_bits = ((unsigned long long int) usec << 16) ^ sec; ++ value += random_time_bits ^ vsf_sysutil_getpid(); ++ } ++ ++ if (str_isempty(p_base_str)) ++ { ++ const char *base = "STOU."; ++ base_len = vsf_sysutil_strlen(base); ++ str_reserve(&s_result, base_len + suffix_len); ++ str_alloc_text(&s_result, base); ++ } ++ else ++ { ++ str_reserve(&s_result, str_getlen(p_base_str) + suffix_len + 1); ++ str_copy(&s_result, p_base_str); ++ str_append_char(&s_result, '.'); ++ base_len = str_getlen(&s_result); ++ } ++ ++ for (count = 0; count < attempts; value += 7777, ++count) ++ { ++ unsigned long long v = value; ++ str_trunc(&s_result, base_len); ++ for (int i = 0; i < suffix_len; ++i) ++ { ++ char c; ++ c = str_get_char_at(&s_letters, v % s_letters_len); ++ v /= s_letters_len; ++ str_append_char(&s_result, c); ++ } ++ if (!access_checker(&s_result)) ++ { ++ /* If we generate a filename which is not allowed, we fail immediatelly, ++ * without trying any other possibilities. This is to prevent attackers ++ * from keeping us busy. ++ */ ++ vsf_cmdio_write(p_sess, FTP_NOPERM, "Permission denied."); ++ break; ++ } ++ fd = str_create_exclusive(&s_result); ++ if (vsf_sysutil_retval_is_error(fd)) ++ { ++ if (kVSFSysUtilErrEXIST == vsf_sysutil_get_error()) ++ { ++ continue; ++ } ++ else ++ { ++ vsf_cmdio_write(p_sess, FTP_UPLOADFAIL, "Could not create file."); ++ break; ++ } ++ } ++ else ++ { ++ break; ++ } ++ } ++ if (!vsf_sysutil_retval_is_error(fd)) ++ { ++ str_copy(p_outstr, &s_result); ++ } ++ str_free(&s_letters); ++ str_free(&s_result); ++ return fd; ++} ++ + static void + handle_upload_common(struct vsf_session* p_sess, int is_append, int is_unique) + { +@@ -1049,41 +1158,56 @@ handle_upload_common(struct vsf_session* p_sess, int is_append, int is_unique) + return; + } + resolve_tilde(&p_sess->ftp_arg_str, p_sess); +- p_filename = &p_sess->ftp_arg_str; +- if (is_unique) +- { +- get_unique_filename(&s_filename, p_filename); +- p_filename = &s_filename; +- } + vsf_log_start_entry(p_sess, kVSFLogEntryUpload); + str_copy(&p_sess->log_str, &p_sess->ftp_arg_str); + prepend_path_to_filename(&p_sess->log_str); +- if (!vsf_access_check_file(p_filename)) +- { +- vsf_cmdio_write(p_sess, FTP_NOPERM, "Permission denied."); +- return; +- } +- /* NOTE - actual file permissions will be governed by the tunable umask */ +- /* XXX - do we care about race between create and chown() of anonymous +- * upload? +- */ +- if (is_unique || (p_sess->is_anonymous && !tunable_anon_other_write_enable)) ++ p_filename = &p_sess->ftp_arg_str; ++ if (is_unique && tunable_better_stou) + { +- new_file_fd = str_create_exclusive(p_filename); ++ new_file_fd = create_unique_file(p_sess, &s_filename, p_filename, ++ vsf_access_check_file); ++ if (vsf_sysutil_retval_is_error(new_file_fd)) ++ { ++ return; ++ } ++ p_filename = &s_filename; + } + else + { +- /* For non-anonymous, allow open() to overwrite or append existing files */ +- new_file_fd = str_create(p_filename); +- if (!is_append && offset == 0) ++ if (is_unique) + { +- do_truncate = 1; ++ get_unique_filename(&s_filename, p_filename); ++ p_filename = &s_filename; ++ } ++ if (!vsf_access_check_file(p_filename)) ++ { ++ vsf_cmdio_write(p_sess, FTP_NOPERM, "Permission denied."); ++ return; ++ } ++ /* NOTE - actual file permissions will be governed by the tunable umask */ ++ /* XXX - do we care about race between create and chown() of anonymous ++ * upload? ++ */ ++ if (is_unique || (p_sess->is_anonymous && !tunable_anon_other_write_enable)) ++ { ++ new_file_fd = str_create_exclusive(p_filename); ++ } ++ else ++ { ++ /* For non-anonymous, allow open() to overwrite or append existing ++ * files ++ */ ++ new_file_fd = str_create(p_filename); ++ if (!is_append && offset == 0) ++ { ++ do_truncate = 1; ++ } ++ } ++ if (vsf_sysutil_retval_is_error(new_file_fd)) ++ { ++ vsf_cmdio_write(p_sess, FTP_UPLOADFAIL, "Could not create file."); ++ return; + } +- } +- if (vsf_sysutil_retval_is_error(new_file_fd)) +- { +- vsf_cmdio_write(p_sess, FTP_UPLOADFAIL, "Could not create file."); +- return; + } + created = 1; + vsf_sysutil_fstat(new_file_fd, &s_p_statbuf); +diff --git a/sysutil.c b/sysutil.c +index 1c0422e..e847650 100644 +--- a/sysutil.c ++++ b/sysutil.c +@@ -1666,6 +1666,9 @@ vsf_sysutil_get_error(void) + case EAGAIN: + retval = kVSFSysUtilErrAGAIN; + break; ++ case EEXIST: ++ retval = kVSFSysUtilErrEXIST; ++ break; + default: + break; + } +diff --git a/sysutil.h b/sysutil.h +index be727f5..7a59f13 100644 +--- a/sysutil.h ++++ b/sysutil.h +@@ -19,7 +19,8 @@ enum EVSFSysUtilError + kVSFSysUtilErrOPNOTSUPP, + kVSFSysUtilErrACCES, + kVSFSysUtilErrNOENT, +- kVSFSysUtilErrAGAIN ++ kVSFSysUtilErrAGAIN, ++ kVSFSysUtilErrEXIST + }; + enum EVSFSysUtilError vsf_sysutil_get_error(void); + +diff --git a/tunables.c b/tunables.c +index 9680528..5ec2bdc 100644 +--- a/tunables.c ++++ b/tunables.c +@@ -92,6 +92,7 @@ int tunable_ftp_enable; + int tunable_http_enable; + int tunable_seccomp_sandbox; + int tunable_allow_writeable_chroot; ++int tunable_better_stou; + + unsigned int tunable_accept_timeout; + unsigned int tunable_connect_timeout; +@@ -239,6 +240,7 @@ tunables_load_defaults() + tunable_http_enable = 0; + tunable_seccomp_sandbox = 0; + tunable_allow_writeable_chroot = 0; ++ tunable_better_stou = 0; + + tunable_accept_timeout = 60; + tunable_connect_timeout = 60; +diff --git a/tunables.h b/tunables.h +index a466427..85ea1a8 100644 +--- a/tunables.h ++++ b/tunables.h +@@ -93,6 +93,9 @@ extern int tunable_ftp_enable; /* Allow FTP protocol */ + extern int tunable_http_enable; /* Allow HTTP protocol */ + extern int tunable_seccomp_sandbox; /* seccomp filter sandbox */ + extern int tunable_allow_writeable_chroot; /* Allow misconfiguration */ ++extern int tunable_better_stou; /* Use better file name generation ++ * algorithm for the STOU command ++ */ + + /* Integer/numeric defines */ + extern unsigned int tunable_accept_timeout; +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index 43b0435..6911a73 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -65,6 +65,11 @@ creates an 'etc' directory in the new root directory, they could potentially + trick the C library into loading a user-created configuration file from the + /etc/ directory. + ++Default: NO ++.TP ++.B better_stou ++Use better file name generation algorithm for the STOU command. ++ + Default: NO + .TP + .B anon_mkdir_write_enable +-- +2.14.3 + diff --git a/vsftpd.spec b/vsftpd.spec index de2f47b..988cec6 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 17%{?dist} +Release: 18%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -77,6 +77,7 @@ Patch45: 0045-Expand-explanation-of-ascii_-options-behaviour-in-ma.patch Patch46: 0046-vsftpd.conf-Refer-to-the-man-page-regarding-the-asci.patch Patch47: 0047-Disable-tcp_wrappers-support.patch Patch48: 0048-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch +Patch49: 0049-Add-new-filename-generation-algorithm-for-STOU-comma.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -146,6 +147,11 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Tue Feb 06 2018 Ondřej Lysoněk - 3.0.3-18 +- Add a new config option 'better_stou', which can be used to enable + a better algorithm for generating unique filenames for the STOU command. +- Resolves: rhbz#1479237 + * Wed Jan 10 2018 Ondřej Lysoněk - 3.0.3-17 - Add BuildRequires: libnsl2-devel - https://fedoraproject.org/wiki/Changes/NISIPv6 From e26d2ceeaac4cf019aa3ab5a6650b2da9a1ef2ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Tue, 6 Feb 2018 18:17:12 +0100 Subject: [PATCH 25/85] Don't link with libnsl --- 0050-Don-t-link-with-libnsl.patch | 27 +++++++++++++++++++++++++++ vsftpd.spec | 7 +++++-- 2 files changed, 32 insertions(+), 2 deletions(-) create mode 100644 0050-Don-t-link-with-libnsl.patch diff --git a/0050-Don-t-link-with-libnsl.patch b/0050-Don-t-link-with-libnsl.patch new file mode 100644 index 0000000..c907980 --- /dev/null +++ b/0050-Don-t-link-with-libnsl.patch @@ -0,0 +1,27 @@ +From f8663f35d5d150f0533bb052e48306b9a5111d87 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Tue, 6 Feb 2018 18:04:53 +0100 +Subject: [PATCH 50/50] Don't link with libnsl + +Don't link with libnsl. It builds just fine without it and +vsf_findlibs.sh enables it only when tcp_wrappers is enabled. +--- + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile b/Makefile +index 612994e..0f7411c 100644 +--- a/Makefile ++++ b/Makefile +@@ -8,7 +8,7 @@ CFLAGS = -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 \ + -D_FORTIFY_SOURCE=2 \ + #-pedantic -Wconversion + +-LIBS = -lnsl -lpam -lcap -ldl -lcrypto ++LIBS = -lpam -lcap -ldl -lcrypto + LINK = -Wl,-s + LDFLAGS = -fPIE -pie -Wl,-z,relro -Wl,-z,now + +-- +2.14.3 + diff --git a/vsftpd.spec b/vsftpd.spec index 988cec6..821d997 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 18%{?dist} +Release: 19%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -25,7 +25,6 @@ BuildRequires: libcap-devel BuildRequires: openssl-devel BuildRequires: systemd BuildRequires: git -BuildRequires: libnsl2-devel Requires: logrotate @@ -78,6 +77,7 @@ Patch46: 0046-vsftpd.conf-Refer-to-the-man-page-regarding-the-asci.patch Patch47: 0047-Disable-tcp_wrappers-support.patch Patch48: 0048-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch Patch49: 0049-Add-new-filename-generation-algorithm-for-STOU-comma.patch +Patch50: 0050-Don-t-link-with-libnsl.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -147,6 +147,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Tue Feb 06 2018 Ondřej Lysoněk - 3.0.3-19 +- Don't link with libnsl + * Tue Feb 06 2018 Ondřej Lysoněk - 3.0.3-18 - Add a new config option 'better_stou', which can be used to enable a better algorithm for generating unique filenames for the STOU command. From 3617ae075ab985b3c5717821e8f57643ad7990b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Mon, 19 Feb 2018 14:28:33 +0100 Subject: [PATCH 26/85] Add gcc to BuildRequires --- vsftpd.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index 821d997..cfd4e2c 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 19%{?dist} +Release: 20%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -25,6 +25,7 @@ BuildRequires: libcap-devel BuildRequires: openssl-devel BuildRequires: systemd BuildRequires: git +BuildRequires: gcc Requires: logrotate @@ -147,6 +148,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Mon Feb 19 2018 Ondřej Lysoněk - 3.0.3-20 +- Add gcc to BuildRequires + * Tue Feb 06 2018 Ondřej Lysoněk - 3.0.3-19 - Don't link with libnsl From a5222c1cb2078df3a6f90bb9444b821cc384da89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Thu, 5 Apr 2018 12:34:02 +0200 Subject: [PATCH 27/85] Improve documentation of better_stou in the man page --- ...ation-of-better_stou-in-the-man-page.patch | 30 +++++++++++++++++++ vsftpd.spec | 6 +++- 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 0001-Improve-documentation-of-better_stou-in-the-man-page.patch diff --git a/0001-Improve-documentation-of-better_stou-in-the-man-page.patch b/0001-Improve-documentation-of-better_stou-in-the-man-page.patch new file mode 100644 index 0000000..e1293ab --- /dev/null +++ b/0001-Improve-documentation-of-better_stou-in-the-man-page.patch @@ -0,0 +1,30 @@ +From 765f99b26705c8d6fe2be4feb07f4c91e7eb96f9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Thu, 5 Apr 2018 12:29:03 +0200 +Subject: [PATCH] Improve documentation of better_stou in the man page + +--- + vsftpd.conf.5 | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index 6911a73..e9ae474 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -68,7 +68,12 @@ trick the C library into loading a user-created configuration file from the + Default: NO + .TP + .B better_stou +-Use better file name generation algorithm for the STOU command. ++Use a better file name generation algorithm for the STOU command. The default ++original algorithm simply adds an increasing number suffix to the file name, ++which is prone to race conditions if multiple uploaders use the STOU command ++with the same file name simultaneously, which can result in failure of the ++command. The new algorithm adds a unique random six character suffix to ++the file name, which works much better in face of concurrent uploads. + + Default: NO + .TP +-- +2.14.3 + diff --git a/vsftpd.spec b/vsftpd.spec index cfd4e2c..bfd1d68 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 20%{?dist} +Release: 21%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -79,6 +79,7 @@ Patch47: 0047-Disable-tcp_wrappers-support.patch Patch48: 0048-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch Patch49: 0049-Add-new-filename-generation-algorithm-for-STOU-comma.patch Patch50: 0050-Don-t-link-with-libnsl.patch +Patch51: 0001-Improve-documentation-of-better_stou-in-the-man-page.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -148,6 +149,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Thu Apr 05 2018 Ondřej Lysoněk - 3.0.3-21 +- Improve documentation of better_stou in the man page + * Mon Feb 19 2018 Ondřej Lysoněk - 3.0.3-20 - Add gcc to BuildRequires From 4d37c01b055ad622a6bdbcf58870ee6a8dca7ced Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Tue, 17 Apr 2018 13:46:13 +0200 Subject: [PATCH 28/85] Fix filename expansion in vsftpd_conf_migrate.sh --- vsftpd.spec | 5 ++++- vsftpd_conf_migrate.sh | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/vsftpd.spec b/vsftpd.spec index bfd1d68..a98b407 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 21%{?dist} +Release: 22%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -149,6 +149,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Fri Apr 27 2018 Ondřej Lysoněk - 3.0.3-22 +- Fix filename expansion in vsftpd_conf_migrate.sh + * Thu Apr 05 2018 Ondřej Lysoněk - 3.0.3-21 - Improve documentation of better_stou in the man page diff --git a/vsftpd_conf_migrate.sh b/vsftpd_conf_migrate.sh index 47abeb8..a94d6c1 100755 --- a/vsftpd_conf_migrate.sh +++ b/vsftpd_conf_migrate.sh @@ -2,7 +2,7 @@ #move old config files and symlink them #shipped with vsftpd-2.0.1-6 PREFIX="vsftpd" -for file in $( ls /etc/${PREFIX}.* ); do +for file in /etc/${PREFIX}.*; do if [ ! -L $file ]; then new=`echo $file | sed s/${PREFIX}\./${PREFIX}\\\\//g | sed s/\.rpmsave//g` mv -f ${file} ${new} From f2b42b7996447fde95825ccf6464b473e4d67108 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Thu, 10 May 2018 09:59:12 +0200 Subject: [PATCH 29/85] Fix issues found by Coverity Scan --- 0001-Fix-rDNS-with-IPv6.patch | 195 ++++++++++++++++++ 0002-Always-do-chdir-after-chroot.patch | 32 +++ ...imeo-Check-return-value-of-setsockop.patch | 33 +++ ...tz-Check-the-return-value-of-syscall.patch | 108 ++++++++++ vsftpd.spec | 9 +- 5 files changed, 376 insertions(+), 1 deletion(-) create mode 100644 0001-Fix-rDNS-with-IPv6.patch create mode 100644 0002-Always-do-chdir-after-chroot.patch create mode 100644 0003-vsf_sysutil_rcvtimeo-Check-return-value-of-setsockop.patch create mode 100644 0004-vsf_sysutil_get_tz-Check-the-return-value-of-syscall.patch diff --git a/0001-Fix-rDNS-with-IPv6.patch b/0001-Fix-rDNS-with-IPv6.patch new file mode 100644 index 0000000..2328968 --- /dev/null +++ b/0001-Fix-rDNS-with-IPv6.patch @@ -0,0 +1,195 @@ +From 01b646d2af0ed885d01d31a6479898a3c423a630 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Thu, 26 Apr 2018 10:00:19 +0200 +Subject: [PATCH 1/4] Fix rDNS with IPv6 + +Previously IPv6 addresses were not translated to hostnames for PAM to use. +--- + privops.c | 3 ++- + sysdeputil.c | 28 +++++++++++++++------------- + sysdeputil.h | 5 ++++- + sysutil.c | 35 +++++++++++++++++++++++++++++++++++ + sysutil.h | 4 ++++ + 5 files changed, 60 insertions(+), 15 deletions(-) + +diff --git a/privops.c b/privops.c +index f27c5c4..e577a27 100644 +--- a/privops.c ++++ b/privops.c +@@ -383,7 +383,8 @@ handle_local_login(struct vsf_session* p_sess, + struct mystr* p_user_str, + const struct mystr* p_pass_str) + { +- if (!vsf_sysdep_check_auth(p_user_str, p_pass_str, &p_sess->remote_ip_str)) ++ if (!vsf_sysdep_check_auth(p_sess, p_user_str, p_pass_str, ++ &p_sess->remote_ip_str)) + { + return kVSFLoginFail; + } +diff --git a/sysdeputil.c b/sysdeputil.c +index 2063c87..4fe56c2 100644 +--- a/sysdeputil.c ++++ b/sysdeputil.c +@@ -16,10 +16,6 @@ + #include "tunables.h" + #include "builddefs.h" + +-/* For gethostbyaddr, inet_addr */ +-#include +-#include +- + /* For Linux, this adds nothing :-) */ + #include "port/porting_junk.h" + +@@ -242,13 +238,15 @@ void vsf_remove_uwtmp(void); + + #ifndef VSF_SYSDEP_HAVE_PAM + int +-vsf_sysdep_check_auth(struct mystr* p_user_str, ++vsf_sysdep_check_auth(struct vsf_session* p_sess, ++ struct mystr* p_user_str, + const struct mystr* p_pass_str, + const struct mystr* p_remote_host) + { + const char* p_crypted; + const struct passwd* p_pwd = getpwnam(str_getbuf(p_user_str)); + (void) p_remote_host; ++ (void) p_sess; + if (p_pwd == NULL) + { + return 0; +@@ -322,14 +320,14 @@ static int pam_conv_func(int nmsg, const struct pam_message** p_msg, + static void vsf_auth_shutdown(void); + + int +-vsf_sysdep_check_auth(struct mystr* p_user_str, ++vsf_sysdep_check_auth(struct vsf_session* p_sess, ++ struct mystr* p_user_str, + const struct mystr* p_pass_str, + const struct mystr* p_remote_host) + { + int retval = -1; + #ifdef PAM_RHOST +- struct sockaddr_in sin; +- struct hostent *host; ++ struct mystr hostname = INIT_MYSTR; + #endif + pam_item_t item; + const char* pam_user_name = 0; +@@ -354,13 +352,17 @@ vsf_sysdep_check_auth(struct mystr* p_user_str, + return 0; + } + #ifdef PAM_RHOST +- if (tunable_reverse_lookup_enable) { +- sin.sin_addr.s_addr = inet_addr(str_getbuf(p_remote_host)); +- host = gethostbyaddr((char*)&sin.sin_addr.s_addr,sizeof(struct in_addr),AF_INET); +- if (host != (struct hostent*)0) +- retval = pam_set_item(s_pamh, PAM_RHOST, host->h_name); ++ if (tunable_reverse_lookup_enable) ++ { ++ if (vsf_sysutil_get_hostname(p_sess->p_remote_addr, &hostname) == 0) ++ { ++ retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(&hostname)); ++ str_free(&hostname); ++ } + else ++ { + retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host)); ++ } + } else { + retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host)); + } +diff --git a/sysdeputil.h b/sysdeputil.h +index 3b6b30a..6f2aa0a 100644 +--- a/sysdeputil.h ++++ b/sysdeputil.h +@@ -5,6 +5,8 @@ + #include "filesize.h" + #endif + ++#include "session.h" ++ + /* VSF_SYSDEPUTIL_H: + * Support for highly system dependent features, and querying for support + * or lack thereof +@@ -15,7 +17,8 @@ struct mystr; + + /* Authentication of local users */ + /* Return 0 for fail, 1 for success */ +-int vsf_sysdep_check_auth(struct mystr* p_user, ++int vsf_sysdep_check_auth(struct vsf_session* p_sess, ++ struct mystr* p_user, + const struct mystr* p_pass, + const struct mystr* p_remote_host); + +diff --git a/sysutil.c b/sysutil.c +index e847650..b68583b 100644 +--- a/sysutil.c ++++ b/sysutil.c +@@ -2356,6 +2356,41 @@ vsf_sysutil_dns_resolve(struct vsf_sysutil_sockaddr** p_sockptr, + } + } + ++int ++vsf_sysutil_get_hostname(struct vsf_sysutil_sockaddr *p_addr, ++ struct mystr* p_str) ++{ ++ struct sockaddr *sa; ++ socklen_t sa_len = 0; ++ char hostname[NI_MAXHOST]; ++ int res; ++ ++ sa = &p_addr->u.u_sockaddr; ++ if (sa->sa_family == AF_INET) ++ { ++ sa_len = sizeof(struct sockaddr_in); ++ } ++ else if (sa->sa_family == AF_INET6) ++ { ++ sa_len = sizeof(struct sockaddr_in6); ++ } ++ else ++ { ++ die("can only support ipv4 and ipv6 currently"); ++ } ++ res = getnameinfo(sa, sa_len, hostname, sizeof(hostname), NULL, 0, ++ NI_NAMEREQD); ++ if (res == 0) ++ { ++ str_alloc_text(p_str, hostname); ++ return 0; ++ } ++ else ++ { ++ return -1; ++ } ++} ++ + struct vsf_sysutil_user* + vsf_sysutil_getpwuid(const unsigned int uid) + { +diff --git a/sysutil.h b/sysutil.h +index 7a59f13..2df14ed 100644 +--- a/sysutil.h ++++ b/sysutil.h +@@ -7,6 +7,8 @@ + #include "filesize.h" + #endif + ++#include "str.h" ++ + /* Return value queries */ + int vsf_sysutil_retval_is_error(int retval); + enum EVSFSysUtilError +@@ -266,6 +268,8 @@ int vsf_sysutil_connect_timeout(int fd, + unsigned int wait_seconds); + void vsf_sysutil_dns_resolve(struct vsf_sysutil_sockaddr** p_sockptr, + const char* p_name); ++int vsf_sysutil_get_hostname(struct vsf_sysutil_sockaddr *p_addr, ++ struct mystr* p_str); + /* Option setting on sockets */ + void vsf_sysutil_activate_keepalive(int fd); + void vsf_sysutil_rcvtimeo(int fd); +-- +2.14.3 + diff --git a/0002-Always-do-chdir-after-chroot.patch b/0002-Always-do-chdir-after-chroot.patch new file mode 100644 index 0000000..566ca09 --- /dev/null +++ b/0002-Always-do-chdir-after-chroot.patch @@ -0,0 +1,32 @@ +From 315f9720db94af3319c9550feaf473b9cf09aeac Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Thu, 3 May 2018 13:20:28 +0200 +Subject: [PATCH 2/4] Always do chdir("/") after chroot() + +Always do chdir("/") after chroot() to be more sure we'll never get out +of it. This will not affect the working directory after calling +vsf_sysutil_chroot(), because in the current state vsftpd always calls +vsf_sysutil_chroot("."). +--- + sysutil.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/sysutil.c b/sysutil.c +index b68583b..3014c05 100644 +--- a/sysutil.c ++++ b/sysutil.c +@@ -2588,6 +2588,11 @@ vsf_sysutil_chroot(const char* p_root_path) + { + die("chroot"); + } ++ retval = chdir("/"); ++ if (retval != 0) ++ { ++ die("chdir"); ++ } + } + + unsigned int +-- +2.14.3 + diff --git a/0003-vsf_sysutil_rcvtimeo-Check-return-value-of-setsockop.patch b/0003-vsf_sysutil_rcvtimeo-Check-return-value-of-setsockop.patch new file mode 100644 index 0000000..337fa28 --- /dev/null +++ b/0003-vsf_sysutil_rcvtimeo-Check-return-value-of-setsockop.patch @@ -0,0 +1,33 @@ +From ca27e6e34d89fc247a164ed7330735644f97d7d8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Wed, 9 May 2018 20:15:29 +0200 +Subject: [PATCH 3/4] vsf_sysutil_rcvtimeo: Check return value of setsockopt + +--- + sysutil.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/sysutil.c b/sysutil.c +index 3014c05..de5f876 100644 +--- a/sysutil.c ++++ b/sysutil.c +@@ -684,10 +684,15 @@ void + vsf_sysutil_rcvtimeo(int fd) + { + struct timeval tv; ++ int retval; + + tv.tv_sec = tunable_data_connection_timeout; + tv.tv_usec = 0; +- setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(struct timeval)); ++ retval = setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(struct timeval)); ++ if (retval != 0) ++ { ++ die("setsockopt: rcvtimeo"); ++ } + } + + void +-- +2.14.3 + diff --git a/0004-vsf_sysutil_get_tz-Check-the-return-value-of-syscall.patch b/0004-vsf_sysutil_get_tz-Check-the-return-value-of-syscall.patch new file mode 100644 index 0000000..72f70b1 --- /dev/null +++ b/0004-vsf_sysutil_get_tz-Check-the-return-value-of-syscall.patch @@ -0,0 +1,108 @@ +From c7ac05fdf2a7b53d901bfc3afeb9a61916aaaaf1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Wed, 9 May 2018 20:26:37 +0200 +Subject: [PATCH 4/4] vsf_sysutil_get_tz: Check the return value of syscalls + +Check the return value of syscalls. There's always the possibility that +they'll fail. (Failure of close() is not handled though, apart from EINTR. +The file is open read-only so it shouldn't fail, and even if it does, +it's not tragic.) + +We return NULL in case of syscall failure. One might be tempted to simply +call die() when any kind of error occurs when parsing the timezone data, +but I think it's more in line with the behaviour of tzset(3) not to do +anything drastic in such a case (tzset() will silently use UTC when +the value given in the TZ environment variable is invalid). +--- + sysutil.c | 46 +++++++++++++++++++++++++++++++++++++--------- + 1 file changed, 37 insertions(+), 9 deletions(-) + +diff --git a/sysutil.c b/sysutil.c +index de5f876..fd07d99 100644 +--- a/sysutil.c ++++ b/sysutil.c +@@ -2647,12 +2647,12 @@ error: + die("reopening standard file descriptors to /dev/null failed"); + } + +-char* vsf_sysutil_get_tz() ++char* vsf_sysutil_get_tz(void) + { + char *ret_tz = NULL; + char buff[BUFTZSIZ]; + off_t s_pos, e_pos; +- size_t rcnt, rest; ++ ssize_t rcnt, rest; + int fd; + + if ((fd = open(F_LOCALTIME, O_RDONLY)) > -1) +@@ -2663,8 +2663,12 @@ char* vsf_sysutil_get_tz() + return NULL; + } + s_pos = e_pos > BUFTZSIZ ? e_pos - BUFTZSIZ : 0; +- lseek(fd, s_pos, SEEK_SET); +- rcnt = read(fd, buff, BUFTZSIZ); ++ if (lseek(fd, s_pos, SEEK_SET) == -1 || ++ (rcnt = vsf_sysutil_read(fd, buff, BUFTZSIZ)) == -1) ++ { ++ close(fd); ++ return NULL; ++ } + + if (rcnt && buff[rcnt-1] == '\n') + { +@@ -2680,10 +2684,25 @@ char* vsf_sysutil_get_tz() + int len = e_pos - s_pos - offset; + if (len) + { +- lseek(fd, s_pos + offset, SEEK_SET); ++ if (lseek(fd, s_pos + offset, SEEK_SET) == -1) ++ { ++ close(fd); ++ return NULL; ++ } + ret_tz = calloc(1, len+4); ++ if (ret_tz == NULL) ++ { ++ close(fd); ++ return NULL; ++ } + memcpy(ret_tz, "TZ=", 3); +- rcnt = read(fd, ret_tz+3, len); ++ rcnt = vsf_sysutil_read(fd, ret_tz+3, len); ++ if (rcnt == -1) ++ { ++ free(ret_tz); ++ close(fd); ++ return NULL; ++ } + } + break; + } +@@ -2693,11 +2712,20 @@ char* vsf_sysutil_get_tz() + } + rest = s_pos > BUFTZSIZ ? s_pos - BUFTZSIZ : 0; + s_pos -= rest; +- lseek(fd, s_pos, SEEK_SET); +- rcnt = read(fd, buff, rest); ++ if (lseek(fd, s_pos, SEEK_SET) == -1) ++ { ++ close(fd); ++ return NULL; ++ } ++ rcnt = vsf_sysutil_read(fd, buff, rest); ++ if (rcnt == -1) ++ { ++ close(fd); ++ return NULL; ++ } + } while (rcnt > 0); + +- close (fd); ++ (void) vsf_sysutil_close_errno(fd); + } + + return ret_tz; +-- +2.14.3 + diff --git a/vsftpd.spec b/vsftpd.spec index a98b407..745d1a2 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 22%{?dist} +Release: 23%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -80,6 +80,10 @@ Patch48: 0048-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch Patch49: 0049-Add-new-filename-generation-algorithm-for-STOU-comma.patch Patch50: 0050-Don-t-link-with-libnsl.patch Patch51: 0001-Improve-documentation-of-better_stou-in-the-man-page.patch +Patch52: 0001-Fix-rDNS-with-IPv6.patch +Patch53: 0002-Always-do-chdir-after-chroot.patch +Patch54: 0003-vsf_sysutil_rcvtimeo-Check-return-value-of-setsockop.patch +Patch55: 0004-vsf_sysutil_get_tz-Check-the-return-value-of-syscall.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -149,6 +153,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Thu May 10 2018 Ondřej Lysoněk - 3.0.3-23 +- Fix issues found by Coverity Scan + * Fri Apr 27 2018 Ondřej Lysoněk - 3.0.3-22 - Fix filename expansion in vsftpd_conf_migrate.sh From 81c7e83b2e0d5a8e793e813fcadb3e10c67a7876 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Fri, 1 Jun 2018 22:38:48 +0200 Subject: [PATCH 30/85] Fix filename expansion in vsftpd_conf_migrate.sh ... again We need to run 'shopt -s nullglob', otherwise the glob pattern will expand to itself if no matching files exist. --- vsftpd.spec | 5 ++++- vsftpd_conf_migrate.sh | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index 745d1a2..2ba5f82 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 23%{?dist} +Release: 24%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -153,6 +153,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Fri Jun 01 2018 Ondřej Lysoněk - 3.0.3-24 +- Fix filename expansion in vsftpd_conf_migrate.sh ... again + * Thu May 10 2018 Ondřej Lysoněk - 3.0.3-23 - Fix issues found by Coverity Scan diff --git a/vsftpd_conf_migrate.sh b/vsftpd_conf_migrate.sh index a94d6c1..582c20d 100755 --- a/vsftpd_conf_migrate.sh +++ b/vsftpd_conf_migrate.sh @@ -1,6 +1,7 @@ #!/bin/bash #move old config files and symlink them #shipped with vsftpd-2.0.1-6 +shopt -s nullglob PREFIX="vsftpd" for file in /etc/${PREFIX}.*; do if [ ! -L $file ]; then From 550be6b7d6dc5136b8d4699e64f0531807ec075c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Thu, 21 Jun 2018 10:09:03 +0200 Subject: [PATCH 31/85] Log error messages to syslog Add config option log_die allowing to pass error messages to syslog. Add config option bind_retries allowing to change the max number of attempts to find a listening port for the PASV/EPSV command. Resolves: rhbz#1318198 --- 0001-Log-die-calls-to-syslog.patch | 206 ++++++++++++++++++ ...ssage-when-max-number-of-bind-attemp.patch | 27 +++ ...e-max-number-of-bind-retries-tunable.patch | 103 +++++++++ vsftpd.spec | 11 +- 4 files changed, 346 insertions(+), 1 deletion(-) create mode 100644 0001-Log-die-calls-to-syslog.patch create mode 100644 0002-Improve-error-message-when-max-number-of-bind-attemp.patch create mode 100644 0003-Make-the-max-number-of-bind-retries-tunable.patch diff --git a/0001-Log-die-calls-to-syslog.patch b/0001-Log-die-calls-to-syslog.patch new file mode 100644 index 0000000..d6aa2f8 --- /dev/null +++ b/0001-Log-die-calls-to-syslog.patch @@ -0,0 +1,206 @@ +From ee6af258e8cb1a7fada5e6d3e54429b89f12b158 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Fri, 15 Jun 2018 12:02:21 +0200 +Subject: [PATCH 1/3] Log die() calls to syslog + +Pass messages given to die(), die2() and bug() to syslog. Currently this +functionality requires waiting for a short amount of time (1 second is +used) after logging the message and before exiting. This is a workaround +for the following systemd bug: +https://github.com/systemd/systemd/issues/2913 + +The need for this workaround is the main reason why I decided not to +enable this functionality by default. + +Resolves: rhbz#1318198 +Resolves: rhbz#1582672 +--- + logging.c | 13 +++++++++---- + logging.h | 2 ++ + main.c | 4 ++++ + parseconf.c | 1 + + tcpwrap.c | 3 --- + tunables.c | 2 ++ + tunables.h | 2 ++ + utility.c | 11 +++++++++++ + vsftpd.conf.5 | 10 ++++++++++ + 9 files changed, 41 insertions(+), 7 deletions(-) + +diff --git a/logging.c b/logging.c +index c4461f7..9e86808 100644 +--- a/logging.c ++++ b/logging.c +@@ -30,10 +30,6 @@ static void vsf_log_do_log_to_file(int fd, struct mystr* p_str); + void + vsf_log_init(struct vsf_session* p_sess) + { +- if (tunable_syslog_enable || tunable_tcp_wrappers) +- { +- vsf_sysutil_openlog(0); +- } + if (!tunable_xferlog_enable && !tunable_dual_log_enable) + { + return; +@@ -389,3 +385,12 @@ vsf_log_do_log_vsftpd_format(struct vsf_session* p_sess, struct mystr* p_str, + } + } + ++void ++vsf_log_die(const char* p_text) ++{ ++ struct mystr log_str = INIT_MYSTR; ++ ++ str_append_text(&log_str, "ERROR: "); ++ str_append_text(&log_str, p_text); ++ str_syslog(&log_str, 1); ++} +diff --git a/logging.h b/logging.h +index 1ff57d1..75f06c1 100644 +--- a/logging.h ++++ b/logging.h +@@ -91,5 +91,7 @@ void vsf_log_line(struct vsf_session* p_sess, enum EVSFLogEntryType what, + void vsf_log_failed_line(struct vsf_session* p_sess, enum EVSFLogEntryType what, + struct mystr* p_str); + ++void vsf_log_die(const char* p_text); ++ + #endif /* VSF_LOGGING_H */ + +diff --git a/main.c b/main.c +index f039081..1178d44 100644 +--- a/main.c ++++ b/main.c +@@ -120,6 +120,10 @@ main(int argc, const char* argv[]) + } + vsf_sysutil_free(p_statbuf); + } ++ if (tunable_log_die || tunable_syslog_enable || tunable_tcp_wrappers) ++ { ++ vsf_sysutil_openlog(0); ++ } + /* Resolve pasv_address if required */ + if (tunable_pasv_address && tunable_pasv_addr_resolve) + { +diff --git a/parseconf.c b/parseconf.c +index 47b54f1..aeb401a 100644 +--- a/parseconf.c ++++ b/parseconf.c +@@ -112,6 +112,7 @@ parseconf_bool_array[] = + { "seccomp_sandbox", &tunable_seccomp_sandbox }, + { "allow_writeable_chroot", &tunable_allow_writeable_chroot }, + { "better_stou", &tunable_better_stou }, ++ { "log_die", &tunable_log_die }, + { 0, 0 } + }; + +diff --git a/tcpwrap.c b/tcpwrap.c +index 5bf57d3..132b771 100644 +--- a/tcpwrap.c ++++ b/tcpwrap.c +@@ -27,15 +27,12 @@ int + vsf_tcp_wrapper_ok(int remote_fd) + { + struct request_info req; +- vsf_sysutil_openlog(0); + request_init(&req, RQ_DAEMON, "vsftpd", RQ_FILE, remote_fd, 0); + fromhost(&req); + if (!hosts_access(&req)) + { +- vsf_sysutil_closelog(); + return 0; + } +- vsf_sysutil_closelog(); + return 1; + } + +diff --git a/tunables.c b/tunables.c +index 5ec2bdc..63de8e6 100644 +--- a/tunables.c ++++ b/tunables.c +@@ -93,6 +93,7 @@ int tunable_http_enable; + int tunable_seccomp_sandbox; + int tunable_allow_writeable_chroot; + int tunable_better_stou; ++int tunable_log_die; + + unsigned int tunable_accept_timeout; + unsigned int tunable_connect_timeout; +@@ -241,6 +242,7 @@ tunables_load_defaults() + tunable_seccomp_sandbox = 0; + tunable_allow_writeable_chroot = 0; + tunable_better_stou = 0; ++ tunable_log_die = 0; + + tunable_accept_timeout = 60; + tunable_connect_timeout = 60; +diff --git a/tunables.h b/tunables.h +index 85ea1a8..8a4b8b2 100644 +--- a/tunables.h ++++ b/tunables.h +@@ -96,6 +96,8 @@ extern int tunable_allow_writeable_chroot; /* Allow misconfiguration */ + extern int tunable_better_stou; /* Use better file name generation + * algorithm for the STOU command + */ ++extern int tunable_log_die; /* Log calls to die(), die2() ++ * and bug() */ + + /* Integer/numeric defines */ + extern unsigned int tunable_accept_timeout; +diff --git a/utility.c b/utility.c +index 5fd714d..75e5bdd 100644 +--- a/utility.c ++++ b/utility.c +@@ -9,6 +9,8 @@ + #include "sysutil.h" + #include "str.h" + #include "defs.h" ++#include "logging.h" ++#include "tunables.h" + + #define DIE_DEBUG + +@@ -41,11 +43,20 @@ void + bug(const char* p_text) + { + /* Rats. Try and write the reason to the network for diagnostics */ ++ if (tunable_log_die) ++ { ++ vsf_log_die(p_text); ++ } + vsf_sysutil_activate_noblock(VSFTP_COMMAND_FD); + (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, "500 OOPS: ", 10); + (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, p_text, + vsf_sysutil_strlen(p_text)); + (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, "\r\n", 2); ++ if (tunable_log_die) ++ { ++ /* Workaround for https://github.com/systemd/systemd/issues/2913 */ ++ vsf_sysutil_sleep(1.0); ++ } + vsf_sysutil_exit(2); + } + +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index e9ae474..f246906 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -358,6 +358,16 @@ wanting to e.g. append a file. + + Default: YES + .TP ++.B log_die ++Log an error to syslog when some error condition occurs and vsftpd decides ++to quit. Internally, the error messages given to the functions die(), die2() ++and bug() are passed to syslog. Currently this functionality requires waiting ++for a short amount of time (1 second is used) after logging the message and ++before exiting. This is a workaround for the following systemd bug: ++https://github.com/systemd/systemd/issues/2913 ++ ++Default: NO ++.TP + .B log_ftp_protocol + When enabled, all FTP requests and responses are logged, providing the option + xferlog_std_format is not enabled. Useful for debugging. +-- +2.14.4 + diff --git a/0002-Improve-error-message-when-max-number-of-bind-attemp.patch b/0002-Improve-error-message-when-max-number-of-bind-attemp.patch new file mode 100644 index 0000000..221a2de --- /dev/null +++ b/0002-Improve-error-message-when-max-number-of-bind-attemp.patch @@ -0,0 +1,27 @@ +From 380e40930661d643c865bace4e1791ca8f9d74cf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Mon, 18 Jun 2018 14:01:46 +0200 +Subject: [PATCH 2/3] Improve error message when max number of bind attempts is + exceeded + +Resolves: rhbz#1318198 +--- + privops.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/privops.c b/privops.c +index e577a27..010d28d 100644 +--- a/privops.c ++++ b/privops.c +@@ -183,7 +183,7 @@ vsf_privop_pasv_listen(struct vsf_session* p_sess) + } + if (!bind_retries) + { +- die("vsf_sysutil_bind"); ++ die("vsf_sysutil_bind, maximum number of attempts to find a listening port exceeded"); + } + return the_port; + } +-- +2.14.4 + diff --git a/0003-Make-the-max-number-of-bind-retries-tunable.patch b/0003-Make-the-max-number-of-bind-retries-tunable.patch new file mode 100644 index 0000000..533bd29 --- /dev/null +++ b/0003-Make-the-max-number-of-bind-retries-tunable.patch @@ -0,0 +1,103 @@ +From be7c2d639127dd8af0139caf94f8c29f431d3753 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Mon, 18 Jun 2018 10:13:48 +0200 +Subject: [PATCH 3/3] Make the max number of bind retries tunable + +Resolves: rhbz#1318198 +--- + parseconf.c | 1 + + privops.c | 8 ++++++-- + tunables.c | 2 ++ + tunables.h | 1 + + vsftpd.conf.5 | 5 +++++ + 5 files changed, 15 insertions(+), 2 deletions(-) + +diff --git a/parseconf.c b/parseconf.c +index aeb401a..3cfe7da 100644 +--- a/parseconf.c ++++ b/parseconf.c +@@ -143,6 +143,7 @@ parseconf_uint_array[] = + { "delay_successful_login", &tunable_delay_successful_login }, + { "max_login_fails", &tunable_max_login_fails }, + { "chown_upload_mode", &tunable_chown_upload_mode }, ++ { "bind_retries", &tunable_bind_retries }, + { 0, 0 } + }; + +diff --git a/privops.c b/privops.c +index 010d28d..83b25c7 100644 +--- a/privops.c ++++ b/privops.c +@@ -120,8 +120,8 @@ unsigned short + vsf_privop_pasv_listen(struct vsf_session* p_sess) + { + static struct vsf_sysutil_sockaddr* s_p_sockaddr; +- int bind_retries = 10; +- unsigned short the_port; ++ int bind_retries = tunable_bind_retries + 1; ++ unsigned short the_port = 0; + /* IPPORT_RESERVED */ + unsigned short min_port = 1024; + unsigned short max_port = 65535; +@@ -131,6 +131,10 @@ vsf_privop_pasv_listen(struct vsf_session* p_sess) + die("listed fd already active"); + } + ++ if (bind_retries < 2) ++ { ++ bind_retries = 2; ++ } + if (tunable_pasv_min_port > min_port && tunable_pasv_min_port <= max_port) + { + min_port = (unsigned short) tunable_pasv_min_port; +diff --git a/tunables.c b/tunables.c +index 63de8e6..a7ce9c8 100644 +--- a/tunables.c ++++ b/tunables.c +@@ -115,6 +115,7 @@ unsigned int tunable_delay_failed_login; + unsigned int tunable_delay_successful_login; + unsigned int tunable_max_login_fails; + unsigned int tunable_chown_upload_mode; ++unsigned int tunable_bind_retries; + + const char* tunable_secure_chroot_dir; + const char* tunable_ftp_username; +@@ -268,6 +269,7 @@ tunables_load_defaults() + tunable_max_login_fails = 3; + /* -rw------- */ + tunable_chown_upload_mode = 0600; ++ tunable_bind_retries = 9; + + install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir); + install_str_setting("ftp", &tunable_ftp_username); +diff --git a/tunables.h b/tunables.h +index 8a4b8b2..029d645 100644 +--- a/tunables.h ++++ b/tunables.h +@@ -120,6 +120,7 @@ extern unsigned int tunable_delay_failed_login; + extern unsigned int tunable_delay_successful_login; + extern unsigned int tunable_max_login_fails; + extern unsigned int tunable_chown_upload_mode; ++extern unsigned int tunable_bind_retries; + + /* String defines */ + extern const char* tunable_secure_chroot_dir; +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index f246906..ce3fba3 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -760,6 +760,11 @@ value will be treated as a base 10 integer! + + Default: 077 + .TP ++.B bind_retries ++Maximum number of attempts to find a free listening port in passive mode. ++ ++Default: 9 ++.TP + .B chown_upload_mode + The file mode to force for chown()ed anonymous uploads. (Added in v2.0.6). + +-- +2.14.4 + diff --git a/vsftpd.spec b/vsftpd.spec index 2ba5f82..bb1afb5 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 24%{?dist} +Release: 25%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -84,6 +84,9 @@ Patch52: 0001-Fix-rDNS-with-IPv6.patch Patch53: 0002-Always-do-chdir-after-chroot.patch Patch54: 0003-vsf_sysutil_rcvtimeo-Check-return-value-of-setsockop.patch Patch55: 0004-vsf_sysutil_get_tz-Check-the-return-value-of-syscall.patch +Patch56: 0001-Log-die-calls-to-syslog.patch +Patch57: 0002-Improve-error-message-when-max-number-of-bind-attemp.patch +Patch58: 0003-Make-the-max-number-of-bind-retries-tunable.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -153,6 +156,12 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Tue Jun 19 2018 Ondřej Lysoněk - 3.0.3-25 +- Add config option log_die allowing to pass error messages to syslog +- Add config option bind_retries allowing to change the max number +- of attempts to find a listening port for the PASV/EPSV command +- Resolves: rhbz#1318198 + * Fri Jun 01 2018 Ondřej Lysoněk - 3.0.3-24 - Fix filename expansion in vsftpd_conf_migrate.sh ... again From 0f463f3dae5b58dd75f0e515473b9a0764606b8b Mon Sep 17 00:00:00 2001 From: Jason Tibbitts Date: Tue, 10 Jul 2018 01:43:48 -0500 Subject: [PATCH 32/85] Remove needless use of %defattr --- vsftpd.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index bb1afb5..1e52c42 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -138,7 +138,6 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %systemd_postun_with_restart vsftpd.service %files -%defattr(-,root,root,-) %{_unitdir}/* %{_generatorsdir}/* %{_sbindir}/vsftpd From 447ded995884ef496ee46d814d34e63f056aa145 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 14 Jul 2018 08:40:00 +0000 Subject: [PATCH 33/85] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- vsftpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index 1e52c42..5b455a0 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 25%{?dist} +Release: 26%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -155,6 +155,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Sat Jul 14 2018 Fedora Release Engineering - 3.0.3-26 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + * Tue Jun 19 2018 Ondřej Lysoněk - 3.0.3-25 - Add config option log_die allowing to pass error messages to syslog - Add config option bind_retries allowing to change the max number From 7c0626d6c4a7e178e71a4059eeed54bd4690a060 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Wed, 25 Jul 2018 13:28:40 +0200 Subject: [PATCH 34/85] Fix a segfault when running as PID 1 Also rebase the patches. --- ...-provided-script-to-locate-libraries.patch | 4 +- 0002-Enable-build-with-SSL.patch | 4 +- 0003-Enable-build-with-TCP-Wrapper.patch | 4 +- ...-dir-for-config-files-instead-of-etc.patch | 4 +- ...en-calling-PAM-authentication-module.patch | 4 +- ...err-before-listening-for-incoming-co.patch | 4 +- 0007-Make-filename-filters-smarter.patch | 4 +- 0008-Write-denied-logins-into-the-log.patch | 18 +++--- ...itespaces-when-reading-configuration.patch | 4 +- 0010-Improve-daemonizing.patch | 4 +- ...-Fix-listing-with-more-than-one-star.patch | 4 +- ...lace-syscall-__NR_clone-.-with-clone.patch | 4 +- 0013-Extend-man-pages-with-systemd-info.patch | 4 +- ...dd-support-for-square-brackets-in-ls.patch | 4 +- 0015-Listen-on-IPv6-by-default.patch | 4 +- ...e-VSFTP_AS_LIMIT-from-200UL-to-400UL.patch | 4 +- ...-an-issue-with-timestamps-during-DST.patch | 4 +- ...he-default-log-file-in-configuration.patch | 4 +- ...troduce-reverse_lookup_enable-option.patch | 18 +++--- ...d-int-for-uid-and-gid-representation.patch | 4 +- ...-support-for-DHE-based-cipher-suites.patch | 4 +- ...upport-for-EDDHE-based-cipher-suites.patch | 4 +- ...n-for-isolate_-options.-Correct-defa.patch | 4 +- 0024-Introduce-new-return-value-450.patch | 4 +- 0025-Improve-local_max_rate-option.patch | 4 +- 0026-Prevent-hanging-in-SIGCHLD-handler.patch | 4 +- 0027-Delete-files-when-upload-fails.patch | 12 ++-- 0028-Fix-man-page-rendering.patch | 4 +- 0029-Fix-segfault-in-config-file-parser.patch | 4 +- ...g-into-syslog-when-enabled-in-config.patch | 4 +- ...on-mark-wildcard-withing-a-file-name.patch | 4 +- ...errors-from-nfs-with-quota-to-client.patch | 12 ++-- ...ntroduce-TLSv1.1-and-TLSv1.2-options.patch | 4 +- ...omp-sandbox-because-it-is-too-strict.patch | 4 +- ...ment-patch-to-build-with-OpenSSL-1.1.patch | 4 +- 0036-Redefine-VSFTP_COMMAND_FD-to-1.patch | 4 +- ...ationship-of-text_userdb_names-and-c.patch | 4 +- ...low_writeable_chroot-in-the-man-page.patch | 4 +- ...tation-of-ASCII-mode-in-the-man-page.patch | 4 +- 0040-Use-system-wide-crypto-policy.patch | 4 +- ...-default-for-ssl_ciphers-in-the-man-.patch | 4 +- ...AT-command-check-ssl_tlsv1_1-and-ssl.patch | 4 +- 0043-Enable-only-TLSv1.2-by-default.patch | 4 +- ...nymous_enable-in-default-config-file.patch | 4 +- ...on-of-ascii_-options-behaviour-in-ma.patch | 4 +- ...r-to-the-man-page-regarding-the-asci.patch | 4 +- 0047-Disable-tcp_wrappers-support.patch | 4 +- ...e-of-strict_ssl_read_eof-in-man-page.patch | 4 +- ...-generation-algorithm-for-STOU-comma.patch | 4 +- 0050-Don-t-link-with-libnsl.patch | 4 +- ...ation-of-better_stou-in-the-man-page.patch | 4 +- ...Pv6.patch => 0052-Fix-rDNS-with-IPv6.patch | 4 +- ...=> 0053-Always-do-chdir-after-chroot.patch | 4 +- ...imeo-Check-return-value-of-setsockop.patch | 4 +- ...tz-Check-the-return-value-of-syscall.patch | 4 +- ...atch => 0056-Log-die-calls-to-syslog.patch | 2 +- ...ssage-when-max-number-of-bind-attemp.patch | 4 +- ...e-max-number-of-bind-retries-tunable.patch | 2 +- ...when-running-in-a-container-as-PID-1.patch | 58 +++++++++++++++++++ vsftpd.spec | 22 ++++--- 60 files changed, 207 insertions(+), 145 deletions(-) rename 0001-Improve-documentation-of-better_stou-in-the-man-page.patch => 0051-Improve-documentation-of-better_stou-in-the-man-page.patch (92%) rename 0001-Fix-rDNS-with-IPv6.patch => 0052-Fix-rDNS-with-IPv6.patch (99%) rename 0002-Always-do-chdir-after-chroot.patch => 0053-Always-do-chdir-after-chroot.patch (91%) rename 0003-vsf_sysutil_rcvtimeo-Check-return-value-of-setsockop.patch => 0054-vsf_sysutil_rcvtimeo-Check-return-value-of-setsockop.patch (89%) rename 0004-vsf_sysutil_get_tz-Check-the-return-value-of-syscall.patch => 0055-vsf_sysutil_get_tz-Check-the-return-value-of-syscall.patch (97%) rename 0001-Log-die-calls-to-syslog.patch => 0056-Log-die-calls-to-syslog.patch (99%) rename 0002-Improve-error-message-when-max-number-of-bind-attemp.patch => 0057-Improve-error-message-when-max-number-of-bind-attemp.patch (87%) rename 0003-Make-the-max-number-of-bind-retries-tunable.patch => 0058-Make-the-max-number-of-bind-retries-tunable.patch (97%) create mode 100644 0059-Fix-SEGFAULT-when-running-in-a-container-as-PID-1.patch diff --git a/0001-Don-t-use-the-provided-script-to-locate-libraries.patch b/0001-Don-t-use-the-provided-script-to-locate-libraries.patch index fdeb69e..f4a67e3 100644 --- a/0001-Don-t-use-the-provided-script-to-locate-libraries.patch +++ b/0001-Don-t-use-the-provided-script-to-locate-libraries.patch @@ -1,7 +1,7 @@ From 7bd573d76e9c1996ad5a96f0289731a253a24301 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Tue, 6 Sep 2016 13:35:51 +0200 -Subject: [PATCH 01/33] Don't use the provided script to locate libraries. +Subject: [PATCH 01/59] Don't use the provided script to locate libraries. This branch is Fedora (RHEL) specific, so we know what libraries we have and want to use. @@ -23,5 +23,5 @@ index c63ed1b..98118dc 100644 LDFLAGS = -fPIE -pie -Wl,-z,relro -Wl,-z,now -- -2.7.4 +2.14.4 diff --git a/0002-Enable-build-with-SSL.patch b/0002-Enable-build-with-SSL.patch index 41180fa..e772099 100644 --- a/0002-Enable-build-with-SSL.patch +++ b/0002-Enable-build-with-SSL.patch @@ -1,7 +1,7 @@ From 6fe24bc56694808ac7f8038855883a971967f0fb Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Tue, 6 Sep 2016 13:40:53 +0200 -Subject: [PATCH 02/33] Enable build with SSL. +Subject: [PATCH 02/59] Enable build with SSL. --- builddefs.h | 2 +- @@ -21,5 +21,5 @@ index e908352..63cc62b 100644 #endif /* VSF_BUILDDEFS_H */ -- -2.7.4 +2.14.4 diff --git a/0003-Enable-build-with-TCP-Wrapper.patch b/0003-Enable-build-with-TCP-Wrapper.patch index baa8881..e656776 100644 --- a/0003-Enable-build-with-TCP-Wrapper.patch +++ b/0003-Enable-build-with-TCP-Wrapper.patch @@ -1,7 +1,7 @@ From 1e0e2b13836d40f5a3f4cb20f2b3ea8204115b51 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Tue, 6 Sep 2016 13:42:09 +0200 -Subject: [PATCH 03/33] Enable build with TCP Wrapper +Subject: [PATCH 03/59] Enable build with TCP Wrapper --- builddefs.h | 2 +- @@ -21,5 +21,5 @@ index 63cc62b..83de674 100644 #define VSF_BUILD_SSL -- -2.7.4 +2.14.4 diff --git a/0004-Use-etc-vsftpd-dir-for-config-files-instead-of-etc.patch b/0004-Use-etc-vsftpd-dir-for-config-files-instead-of-etc.patch index 4380365..e82cd84 100644 --- a/0004-Use-etc-vsftpd-dir-for-config-files-instead-of-etc.patch +++ b/0004-Use-etc-vsftpd-dir-for-config-files-instead-of-etc.patch @@ -1,7 +1,7 @@ From fff93602a4b252be8d674e27083dde68a7acf038 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Tue, 6 Sep 2016 13:46:03 +0200 -Subject: [PATCH 04/33] Use /etc/vsftpd/ dir for config files instead of /etc. +Subject: [PATCH 04/59] Use /etc/vsftpd/ dir for config files instead of /etc. --- EXAMPLE/INTERNET_SITE/README | 6 +++--- @@ -479,5 +479,5 @@ index fcc6022..5e46a2f 100644 .B vsftpd_log_file This option is the name of the file to which we write the vsftpd style -- -2.7.4 +2.14.4 diff --git a/0005-Use-hostname-when-calling-PAM-authentication-module.patch b/0005-Use-hostname-when-calling-PAM-authentication-module.patch index 7d8d7de..af842f5 100644 --- a/0005-Use-hostname-when-calling-PAM-authentication-module.patch +++ b/0005-Use-hostname-when-calling-PAM-authentication-module.patch @@ -1,7 +1,7 @@ From 08c49b78942d40c99fae8c40e7668aa73e1bd695 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Tue, 6 Sep 2016 15:01:23 +0200 -Subject: [PATCH 05/33] Use hostname when calling PAM authentication module. +Subject: [PATCH 05/59] Use hostname when calling PAM authentication module. Currently the vsftpd passes all logins as IP addresses into PAM. This prevents administrators from setting up @@ -71,5 +71,5 @@ index 06f01f4..b2782da 100644 if (retval != 1) { -- -2.7.4 +2.14.4 diff --git a/0006-Close-stdin-out-err-before-listening-for-incoming-co.patch b/0006-Close-stdin-out-err-before-listening-for-incoming-co.patch index 22af9be..f030f35 100644 --- a/0006-Close-stdin-out-err-before-listening-for-incoming-co.patch +++ b/0006-Close-stdin-out-err-before-listening-for-incoming-co.patch @@ -1,7 +1,7 @@ From 423cbf4ddca6578b87e0f8a3fc425688cd1ca89c Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Tue, 6 Sep 2016 16:18:39 +0200 -Subject: [PATCH 06/33] Close stdin/out/err before listening for incoming +Subject: [PATCH 06/59] Close stdin/out/err before listening for incoming connections. When running vsftpd as a stand-alone FTP daemon, vsftpd @@ -31,5 +31,5 @@ index ba01ab1..e0f2d5b 100644 if (vsf_sysutil_retval_is_error(retval)) { -- -2.7.4 +2.14.4 diff --git a/0007-Make-filename-filters-smarter.patch b/0007-Make-filename-filters-smarter.patch index 21c7b78..6db2d1a 100644 --- a/0007-Make-filename-filters-smarter.patch +++ b/0007-Make-filename-filters-smarter.patch @@ -1,7 +1,7 @@ From 548375b2122f83771dc0b8571f16e5b5adabba98 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Wed, 7 Sep 2016 10:04:31 +0200 -Subject: [PATCH 07/33] Make filename filters smarter. +Subject: [PATCH 07/59] Make filename filters smarter. In the original version vsftpd was not able to prevent users from downloading for instance /etc/passwd by @@ -98,5 +98,5 @@ index ab0a9a4..3a21b50 100644 /* PURPOSE: Extract a line of text (delimited by \n or EOF) from a string * buffer, starting at character position 'p_pos'. The extracted line will -- -2.7.4 +2.14.4 diff --git a/0008-Write-denied-logins-into-the-log.patch b/0008-Write-denied-logins-into-the-log.patch index 7a927ef..5e16953 100644 --- a/0008-Write-denied-logins-into-the-log.patch +++ b/0008-Write-denied-logins-into-the-log.patch @@ -1,7 +1,7 @@ From 75c172596aa9e7a9f32062579f7f98783341c924 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Wed, 7 Sep 2016 10:17:17 +0200 -Subject: [PATCH 08/33] Write denied logins into the log. +Subject: [PATCH 08/59] Write denied logins into the log. This patch adds a new option 'userlist_log'. If enabled, every login denial based on the user list will be logged. @@ -127,21 +127,21 @@ diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 index 5e46a2f..9d767b1 100644 --- a/vsftpd.conf.5 +++ b/vsftpd.conf.5 -@@ -588,6 +588,14 @@ Self-signed certs do not constitute OK validation. (New in v2.0.6). +@@ -586,6 +586,14 @@ Default: NO + If set to yes, all SSL client certificates received must validate OK. + Self-signed certs do not constitute OK validation. (New in v2.0.6). - Default: NO - .TP ++Default: NO ++.TP +.B userlist_log +This option is examined if +.BR userlist_enable +is activated. If enabled, every login denial based on the user list will be +logged. + -+Default: NO -+.TP + Default: NO + .TP .B virtual_use_local_privs - If enabled, virtual users will use the same privileges as local users. By - default, virtual users will use the same privileges as anonymous users, which -- -2.7.4 +2.14.4 diff --git a/0009-Trim-whitespaces-when-reading-configuration.patch b/0009-Trim-whitespaces-when-reading-configuration.patch index 6aa8c70..97f3e4f 100644 --- a/0009-Trim-whitespaces-when-reading-configuration.patch +++ b/0009-Trim-whitespaces-when-reading-configuration.patch @@ -1,7 +1,7 @@ From d024bc27cee40f21e6a3841266062408c44e56fb Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Wed, 7 Sep 2016 10:35:54 +0200 -Subject: [PATCH 09/33] Trim whitespaces when reading configuration. +Subject: [PATCH 09/59] Trim whitespaces when reading configuration. --- parseconf.c | 2 +- @@ -95,5 +95,5 @@ index c34778c..c2ddd15 100644 void vsf_sysutil_memcpy(void* p_dest, const void* p_src, const unsigned int size); -- -2.7.4 +2.14.4 diff --git a/0010-Improve-daemonizing.patch b/0010-Improve-daemonizing.patch index 366bee6..d2de767 100644 --- a/0010-Improve-daemonizing.patch +++ b/0010-Improve-daemonizing.patch @@ -1,7 +1,7 @@ From 569e7078244470ac0fcc2af3947c2735338555ec Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Wed, 7 Sep 2016 11:29:29 +0200 -Subject: [PATCH 10/33] Improve daemonizing +Subject: [PATCH 10/59] Improve daemonizing Init script gets correct return code if binding fails. --- @@ -205,5 +205,5 @@ index c2ddd15..bfc92cb 100644 /* Various string functions */ unsigned int vsf_sysutil_strlen(const char* p_text); -- -2.7.4 +2.14.4 diff --git a/0011-Fix-listing-with-more-than-one-star.patch b/0011-Fix-listing-with-more-than-one-star.patch index bc56d65..a675978 100644 --- a/0011-Fix-listing-with-more-than-one-star.patch +++ b/0011-Fix-listing-with-more-than-one-star.patch @@ -1,7 +1,7 @@ From 32e6642640635d7305969f808b5badb706a11bff Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Wed, 7 Sep 2016 11:36:17 +0200 -Subject: [PATCH 11/33] Fix listing with more than one star '*'. +Subject: [PATCH 11/59] Fix listing with more than one star '*'. This is a regression introduced by some previous patch. --- @@ -34,5 +34,5 @@ index f489478..616b2d9 100644 str_mid_to_end(&name_remain_str, &temp_str, indexx + str_getlen(&s_match_needed_str)); -- -2.7.4 +2.14.4 diff --git a/0012-Replace-syscall-__NR_clone-.-with-clone.patch b/0012-Replace-syscall-__NR_clone-.-with-clone.patch index de7aba4..84d01e6 100644 --- a/0012-Replace-syscall-__NR_clone-.-with-clone.patch +++ b/0012-Replace-syscall-__NR_clone-.-with-clone.patch @@ -1,7 +1,7 @@ From 0c3a1123c391995ab46cfde603fa025ff180a819 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Wed, 7 Sep 2016 11:43:54 +0200 -Subject: [PATCH 12/33] Replace syscall(__NR_clone ..) with clone () +Subject: [PATCH 12/59] Replace syscall(__NR_clone ..) with clone () in order to fix incorrect order of params on s390 arch --- @@ -31,5 +31,5 @@ index b2782da..3bbabaa 100644 { if (ret == 0) -- -2.7.4 +2.14.4 diff --git a/0013-Extend-man-pages-with-systemd-info.patch b/0013-Extend-man-pages-with-systemd-info.patch index cde58f4..5dcd965 100644 --- a/0013-Extend-man-pages-with-systemd-info.patch +++ b/0013-Extend-man-pages-with-systemd-info.patch @@ -1,7 +1,7 @@ From 813a4bc45d45f4af94c699893cb2d2ba998d5d31 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Wed, 7 Sep 2016 11:53:07 +0200 -Subject: [PATCH 13/33] Extend man pages with systemd info. +Subject: [PATCH 13/59] Extend man pages with systemd info. Man pages now reflect how is vsftpd used as systemd service. @@ -82,5 +82,5 @@ index 9d767b1..0744f85 100644 The format of vsftpd.conf is very simple. Each line is either a comment or a directive. Comment lines start with a # and are ignored. A directive line -- -2.7.4 +2.14.4 diff --git a/0014-Add-support-for-square-brackets-in-ls.patch b/0014-Add-support-for-square-brackets-in-ls.patch index b53b9ee..27f5374 100644 --- a/0014-Add-support-for-square-brackets-in-ls.patch +++ b/0014-Add-support-for-square-brackets-in-ls.patch @@ -1,7 +1,7 @@ From ba0520650ae7f9f63e48ba9fb3a94297aebe2d0c Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Wed, 7 Sep 2016 14:22:21 +0200 -Subject: [PATCH 14/33] Add support for square brackets in ls. +Subject: [PATCH 14/59] Add support for square brackets in ls. --- ls.c | 222 +++++++++++++++++++++++++++++++++++++++++++++---------------------- @@ -273,5 +273,5 @@ index 616b2d9..b840136 100644 /* Any incoming string left means no match unless we ended on the correct * type of wildcard. -- -2.7.4 +2.14.4 diff --git a/0015-Listen-on-IPv6-by-default.patch b/0015-Listen-on-IPv6-by-default.patch index 1e7a7f6..b762b09 100644 --- a/0015-Listen-on-IPv6-by-default.patch +++ b/0015-Listen-on-IPv6-by-default.patch @@ -1,7 +1,7 @@ From c5daaedf1efe23b397a5950f5503f5cbfac871c8 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Wed, 7 Sep 2016 14:25:28 +0200 -Subject: [PATCH 15/33] Listen on IPv6 by default. +Subject: [PATCH 15/59] Listen on IPv6 by default. --- vsftpd.conf | 14 +++++++++----- @@ -51,5 +51,5 @@ index 0744f85..72bb86f 100644 Default: NO .TP -- -2.7.4 +2.14.4 diff --git a/0016-Increase-VSFTP_AS_LIMIT-from-200UL-to-400UL.patch b/0016-Increase-VSFTP_AS_LIMIT-from-200UL-to-400UL.patch index 31779c2..fae6b9c 100644 --- a/0016-Increase-VSFTP_AS_LIMIT-from-200UL-to-400UL.patch +++ b/0016-Increase-VSFTP_AS_LIMIT-from-200UL-to-400UL.patch @@ -1,7 +1,7 @@ From 048208a4db5d7164d89ba5d7545e281d0a3472d3 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Wed, 7 Sep 2016 15:35:59 +0200 -Subject: [PATCH 16/33] Increase VSFTP_AS_LIMIT from 200UL to 400UL. +Subject: [PATCH 16/59] Increase VSFTP_AS_LIMIT from 200UL to 400UL. When using a PAM module to get users from LDAP or database the old limit was insufficient. @@ -23,5 +23,5 @@ index ca11eac..bde3232 100644 #endif /* VSF_DEFS_H */ -- -2.7.4 +2.14.4 diff --git a/0017-Fix-an-issue-with-timestamps-during-DST.patch b/0017-Fix-an-issue-with-timestamps-during-DST.patch index ec3af9f..f331433 100644 --- a/0017-Fix-an-issue-with-timestamps-during-DST.patch +++ b/0017-Fix-an-issue-with-timestamps-during-DST.patch @@ -1,7 +1,7 @@ From 5ec0b86e5c1ff060720b5a6cd1af9d93ec993650 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Thu, 29 Sep 2016 11:14:03 +0200 -Subject: [PATCH 17/33] Fix an issue with timestamps during DST. +Subject: [PATCH 17/59] Fix an issue with timestamps during DST. vsftpd now checks whether a file was uploaded during DST and adjust the timestamp accordingly. @@ -157,5 +157,5 @@ index c848356..2abdd13 100644 s_timezone *= -1; } -- -2.7.4 +2.14.4 diff --git a/0018-Change-the-default-log-file-in-configuration.patch b/0018-Change-the-default-log-file-in-configuration.patch index 990cf90..369a69c 100644 --- a/0018-Change-the-default-log-file-in-configuration.patch +++ b/0018-Change-the-default-log-file-in-configuration.patch @@ -1,7 +1,7 @@ From 61dac172bdb14c5a37713078828ea8c8f78c7eb6 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Thu, 29 Sep 2016 13:53:16 +0200 -Subject: [PATCH 18/33] Change the default log file in configuration. +Subject: [PATCH 18/59] Change the default log file in configuration. Previous "default" value was wrong. tunables.c:262 => install_str_setting("/var/log/xferlog", @@ -39,5 +39,5 @@ index ae6c6c9..39d1955 100644 # If you want, you can have your log file in standard ftpd xferlog format. # Note that the default log file location is /var/log/xferlog in this case. -- -2.7.4 +2.14.4 diff --git a/0019-Introduce-reverse_lookup_enable-option.patch b/0019-Introduce-reverse_lookup_enable-option.patch index dbf01c0..85023c1 100644 --- a/0019-Introduce-reverse_lookup_enable-option.patch +++ b/0019-Introduce-reverse_lookup_enable-option.patch @@ -1,7 +1,7 @@ From 721de88621100f6ed33f1602415bc249f3ed3219 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Thu, 17 Nov 2016 10:22:32 +0100 -Subject: [PATCH 19/33] Introduce reverse_lookup_enable option. +Subject: [PATCH 19/59] Introduce reverse_lookup_enable option. vsftpd can transform IP address into hostname before PAM authentication. You can disable it to prevent @@ -88,10 +88,12 @@ diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 index 72bb86f..fb6324e 100644 --- a/vsftpd.conf.5 +++ b/vsftpd.conf.5 -@@ -425,6 +425,15 @@ http://scarybeastsecurity.blogspot.com/2009/02/vsftpd-210-released.html +@@ -423,6 +423,15 @@ so you may want to disable it. For a discussion of the consequences, see + http://scarybeastsecurity.blogspot.com/2009/02/vsftpd-210-released.html + (Added in v2.1.0). - Default: YES - .TP ++Default: YES ++.TP +.B reverse_lookup_enable +Set to YES if you want vsftpd to transform the ip address into the hostname, +before pam authentication. This is useful if you use pam_access including the @@ -99,11 +101,9 @@ index 72bb86f..fb6324e 100644 +for some hostname is available and the name server doesn't respond for a while, +you should set this to NO to avoid a performance issue. + -+Default: YES -+.TP + Default: YES + .TP .B run_as_launching_user - Set to YES if you want vsftpd to run as the user which launched vsftpd. This is - useful where root access is not available. MASSIVE WARNING! Do NOT enable this -- -2.7.4 +2.14.4 diff --git a/0020-Use-unsigned-int-for-uid-and-gid-representation.patch b/0020-Use-unsigned-int-for-uid-and-gid-representation.patch index f5cd8f0..ac3ac1f 100644 --- a/0020-Use-unsigned-int-for-uid-and-gid-representation.patch +++ b/0020-Use-unsigned-int-for-uid-and-gid-representation.patch @@ -1,7 +1,7 @@ From dcaaf1e0dd3985e229a87de18b83f301d30b6ce9 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Thu, 17 Nov 2016 10:31:39 +0100 -Subject: [PATCH 20/33] Use unsigned int for uid and gid representation. +Subject: [PATCH 20/59] Use unsigned int for uid and gid representation. --- ls.c | 4 ++-- @@ -246,5 +246,5 @@ index bfc92cb..79b5514 100644 void vsf_sysutil_setegid(const struct vsf_sysutil_user* p_user); void vsf_sysutil_seteuid_numeric(int uid); -- -2.7.4 +2.14.4 diff --git a/0021-Introduce-support-for-DHE-based-cipher-suites.patch b/0021-Introduce-support-for-DHE-based-cipher-suites.patch index ad7e5ba..1abe1e4 100644 --- a/0021-Introduce-support-for-DHE-based-cipher-suites.patch +++ b/0021-Introduce-support-for-DHE-based-cipher-suites.patch @@ -1,7 +1,7 @@ From 4eac1dbb5f70a652d31847eec7c28d245f36cdbb Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Thu, 17 Nov 2016 10:48:28 +0100 -Subject: [PATCH 21/33] Introduce support for DHE based cipher suites. +Subject: [PATCH 21/59] Introduce support for DHE based cipher suites. --- parseconf.c | 1 + @@ -222,5 +222,5 @@ index fb6324e..ff94eca 100644 This option can be used to provide an alternate file for usage by the .BR secure_email_list_enable -- -2.7.4 +2.14.4 diff --git a/0022-Introduce-support-for-EDDHE-based-cipher-suites.patch b/0022-Introduce-support-for-EDDHE-based-cipher-suites.patch index b4eb574..1428b86 100644 --- a/0022-Introduce-support-for-EDDHE-based-cipher-suites.patch +++ b/0022-Introduce-support-for-EDDHE-based-cipher-suites.patch @@ -1,7 +1,7 @@ From a6d641a0ccba1033587f6faa0e5e6749fa35f5c4 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Thu, 17 Nov 2016 10:49:22 +0100 -Subject: [PATCH 22/33] Introduce support for EDDHE based cipher suites. +Subject: [PATCH 22/59] Introduce support for EDDHE based cipher suites. --- parseconf.c | 1 + @@ -132,5 +132,5 @@ index ff94eca..e242873 100644 This option can be used to provide an alternate file for usage by the .BR secure_email_list_enable -- -2.7.4 +2.14.4 diff --git a/0023-Add-documentation-for-isolate_-options.-Correct-defa.patch b/0023-Add-documentation-for-isolate_-options.-Correct-defa.patch index 077d261..7cc0bfa 100644 --- a/0023-Add-documentation-for-isolate_-options.-Correct-defa.patch +++ b/0023-Add-documentation-for-isolate_-options.-Correct-defa.patch @@ -1,7 +1,7 @@ From 3d02ef3be17f37baf729e786a8f36af4982f70ad Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Thu, 17 Nov 2016 10:52:16 +0100 -Subject: [PATCH 23/33] Add documentation for isolate_* options. Correct +Subject: [PATCH 23/59] Add documentation for isolate_* options. Correct default values of max_clients, max_per_ip. @@ -59,5 +59,5 @@ index e242873..31d317f 100644 .B pasv_max_port The maximum port to allocate for PASV style data connections. Can be used to -- -2.7.4 +2.14.4 diff --git a/0024-Introduce-new-return-value-450.patch b/0024-Introduce-new-return-value-450.patch index f8c7b8c..86c5f8e 100644 --- a/0024-Introduce-new-return-value-450.patch +++ b/0024-Introduce-new-return-value-450.patch @@ -1,7 +1,7 @@ From 1d5cdf309387ff92988ab17d746f015d833a4b92 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Thu, 17 Nov 2016 11:08:52 +0100 -Subject: [PATCH 24/33] Introduce new return value 450: +Subject: [PATCH 24/59] Introduce new return value 450: *450 Requested file action not taken. File unavailable (e.g., file busy). @@ -73,5 +73,5 @@ index 79b5514..c145bdf 100644 enum EVSFSysUtilError vsf_sysutil_get_error(void); -- -2.7.4 +2.14.4 diff --git a/0025-Improve-local_max_rate-option.patch b/0025-Improve-local_max_rate-option.patch index 3560d87..e78f825 100644 --- a/0025-Improve-local_max_rate-option.patch +++ b/0025-Improve-local_max_rate-option.patch @@ -1,7 +1,7 @@ From 386db86fe865fb552b1867af4bf4b78dbf9080cf Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Thu, 17 Nov 2016 12:44:26 +0100 -Subject: [PATCH 25/33] Improve local_max_rate option. +Subject: [PATCH 25/59] Improve local_max_rate option. Now it should work as expected. --- @@ -86,5 +86,5 @@ index 956bfb7..3e8fdd5 100644 /* Details of the login */ int is_anonymous; -- -2.7.4 +2.14.4 diff --git a/0026-Prevent-hanging-in-SIGCHLD-handler.patch b/0026-Prevent-hanging-in-SIGCHLD-handler.patch index 9b186a8..f928cbc 100644 --- a/0026-Prevent-hanging-in-SIGCHLD-handler.patch +++ b/0026-Prevent-hanging-in-SIGCHLD-handler.patch @@ -1,7 +1,7 @@ From 1e65a0a15f819b8bf1b551bd84f71d0da1f5a00c Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Thu, 17 Nov 2016 13:02:27 +0100 -Subject: [PATCH 26/33] Prevent hanging in SIGCHLD handler. +Subject: [PATCH 26/59] Prevent hanging in SIGCHLD handler. vsftpd can now handle pam_exec.so in pam.d config without hanging in SIGCHLD handler. @@ -77,5 +77,5 @@ index 33d84dc..b1891e7 100644 else { -- -2.7.4 +2.14.4 diff --git a/0027-Delete-files-when-upload-fails.patch b/0027-Delete-files-when-upload-fails.patch index 98222e1..94a00bf 100644 --- a/0027-Delete-files-when-upload-fails.patch +++ b/0027-Delete-files-when-upload-fails.patch @@ -1,7 +1,7 @@ From 6224ecc5ac209323baa775880c0602c3fde3590a Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Thu, 17 Nov 2016 13:10:41 +0100 -Subject: [PATCH 27/33] Delete files when upload fails. +Subject: [PATCH 27/59] Delete files when upload fails. Previously the uploaded file wasn't removed when the network was disconnected. Now it is successfully deleted. @@ -104,10 +104,11 @@ diff --git a/sysutil.c b/sysutil.c index 099748f..42bcdf8 100644 --- a/sysutil.c +++ b/sysutil.c -@@ -681,6 +681,16 @@ vsf_sysutil_activate_keepalive(int fd) +@@ -680,6 +680,16 @@ vsf_sysutil_activate_keepalive(int fd) + } } - void ++void +vsf_sysutil_rcvtimeo(int fd) +{ + struct timeval tv; @@ -117,10 +118,9 @@ index 099748f..42bcdf8 100644 + setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(struct timeval)); +} + -+void + void vsf_sysutil_activate_reuseaddr(int fd) { - int reuseaddr = 1; diff --git a/sysutil.h b/sysutil.h index 13153cd..2886bbc 100644 --- a/sysutil.h @@ -134,5 +134,5 @@ index 13153cd..2886bbc 100644 void vsf_sysutil_activate_reuseaddr(int fd); void vsf_sysutil_set_nodelay(int fd); -- -2.7.4 +2.14.4 diff --git a/0028-Fix-man-page-rendering.patch b/0028-Fix-man-page-rendering.patch index 4d6e5e7..e91d6dc 100644 --- a/0028-Fix-man-page-rendering.patch +++ b/0028-Fix-man-page-rendering.patch @@ -1,7 +1,7 @@ From ea99be1a7a5973bbe8ed798b65abe5ce3b92f5df Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Thu, 17 Nov 2016 13:12:52 +0100 -Subject: [PATCH 28/33] Fix man page rendering. +Subject: [PATCH 28/59] Fix man page rendering. --- vsftpd.conf.5 | 3 ++- @@ -22,5 +22,5 @@ index 31d317f..cf1ae34 100644 (New in v2.0.7). -- -2.7.4 +2.14.4 diff --git a/0029-Fix-segfault-in-config-file-parser.patch b/0029-Fix-segfault-in-config-file-parser.patch index 899bbd3..65cb571 100644 --- a/0029-Fix-segfault-in-config-file-parser.patch +++ b/0029-Fix-segfault-in-config-file-parser.patch @@ -1,7 +1,7 @@ From 34b9e1d10c6be736f1b20be8795c655446f38c5e Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Thu, 17 Nov 2016 13:14:55 +0100 -Subject: [PATCH 29/33] Fix segfault in config file parser. +Subject: [PATCH 29/59] Fix segfault in config file parser. --- str.c | 2 +- @@ -21,5 +21,5 @@ index 41b27db..82b8ae4 100644 void -- -2.7.4 +2.14.4 diff --git a/0030-Fix-logging-into-syslog-when-enabled-in-config.patch b/0030-Fix-logging-into-syslog-when-enabled-in-config.patch index c828c27..04669c7 100644 --- a/0030-Fix-logging-into-syslog-when-enabled-in-config.patch +++ b/0030-Fix-logging-into-syslog-when-enabled-in-config.patch @@ -1,7 +1,7 @@ From 03ff061f18f555d7bec62fa6a597a275b4b3f1c7 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Thu, 17 Nov 2016 13:18:22 +0100 -Subject: [PATCH 30/33] Fix logging into syslog when enabled in config. +Subject: [PATCH 30/59] Fix logging into syslog when enabled in config. --- logging.c | 2 +- @@ -21,5 +21,5 @@ index 99671b4..c4461f7 100644 if (!tunable_xferlog_enable && !tunable_dual_log_enable) { -- -2.7.4 +2.14.4 diff --git a/0031-Fix-question-mark-wildcard-withing-a-file-name.patch b/0031-Fix-question-mark-wildcard-withing-a-file-name.patch index 457404b..acc8f6d 100644 --- a/0031-Fix-question-mark-wildcard-withing-a-file-name.patch +++ b/0031-Fix-question-mark-wildcard-withing-a-file-name.patch @@ -1,7 +1,7 @@ From 0da42468ac9518a544aad57d22d7697d6bdfa969 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Thu, 17 Nov 2016 13:25:12 +0100 -Subject: [PATCH 31/33] Fix question mark wildcard withing a file name. +Subject: [PATCH 31/59] Fix question mark wildcard withing a file name. Previously '?' worked only at the end of a file name, now it can be used anywhere. @@ -24,5 +24,5 @@ index 3c0988c..35c15c7 100644 /* Any incoming string left means no match unless we ended on the correct * type of wildcard. -- -2.7.4 +2.14.4 diff --git a/0032-Propagate-errors-from-nfs-with-quota-to-client.patch b/0032-Propagate-errors-from-nfs-with-quota-to-client.patch index 46a60c4..de56aa7 100644 --- a/0032-Propagate-errors-from-nfs-with-quota-to-client.patch +++ b/0032-Propagate-errors-from-nfs-with-quota-to-client.patch @@ -1,7 +1,7 @@ From aa9cb48373018502ef99a57aad70b69c0c75ff65 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Thu, 17 Nov 2016 13:29:59 +0100 -Subject: [PATCH 32/33] Propagate errors from nfs with quota to client. +Subject: [PATCH 32/59] Propagate errors from nfs with quota to client. vsftpd now checks for errors when closing newly uploaded file and forward errors to the client (e.g. when file system quota was @@ -102,10 +102,11 @@ diff --git a/sysutil.c b/sysutil.c index 42bcdf8..1c0422e 100644 --- a/sysutil.c +++ b/sysutil.c -@@ -1269,6 +1269,27 @@ vsf_sysutil_close(int fd) +@@ -1268,6 +1268,27 @@ vsf_sysutil_close(int fd) + } } - int ++int +vsf_sysutil_close_errno(int fd) +{ + while (1) @@ -126,10 +127,9 @@ index 42bcdf8..1c0422e 100644 + } +} + -+int + int vsf_sysutil_close_failok(int fd) { - return close(fd); diff --git a/sysutil.h b/sysutil.h index 2886bbc..be727f5 100644 --- a/sysutil.h @@ -143,5 +143,5 @@ index 2886bbc..be727f5 100644 int vsf_sysutil_unlink(const char* p_dead); int vsf_sysutil_write_access(const char* p_filename); -- -2.7.4 +2.14.4 diff --git a/0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch b/0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch index a7254e2..8d6228e 100644 --- a/0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch +++ b/0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch @@ -1,7 +1,7 @@ From 01bef55a1987700af3d43cdc5f5be88d3843ab85 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Thu, 17 Nov 2016 13:36:17 +0100 -Subject: [PATCH 33/33] Introduce TLSv1.1 and TLSv1.2 options. +Subject: [PATCH 33/59] Introduce TLSv1.1 and TLSv1.2 options. Users can now enable a specific version of TLS protocol. --- @@ -149,5 +149,5 @@ index cf1ae34..a3d569e 100644 .B user_config_dir This powerful option allows the override of any config option specified in -- -2.7.4 +2.14.4 diff --git a/0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch b/0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch index 62fb66b..0c0bdb7 100644 --- a/0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch +++ b/0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch @@ -1,7 +1,7 @@ From 4922e60589326540b2ee4f0bdfd6cb95f645f3d5 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Fri, 18 Nov 2016 10:23:29 +0100 -Subject: [PATCH] Turn off seccomp sandbox, because it is too strict. +Subject: [PATCH 34/59] Turn off seccomp sandbox, because it is too strict. --- tunables.c | 2 +- @@ -21,5 +21,5 @@ index 78f2bcd..5440c00 100644 tunable_accept_timeout = 60; -- -2.7.4 +2.14.4 diff --git a/0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch b/0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch index ab3f35c..1cebc18 100644 --- a/0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch +++ b/0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch @@ -1,7 +1,7 @@ From 6c8dd87f311e411bcb1c72c1c780497881a5621c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Mon, 4 Sep 2017 11:32:03 +0200 -Subject: [PATCH 35/35] Modify DH enablement patch to build with OpenSSL 1.1 +Subject: [PATCH 35/59] Modify DH enablement patch to build with OpenSSL 1.1 --- ssl.c | 41 ++++++++++++++++++++++++++++++++++++++--- @@ -70,5 +70,5 @@ index ba8a613..09ec96a 100644 return NULL; } -- -2.9.5 +2.14.4 diff --git a/0036-Redefine-VSFTP_COMMAND_FD-to-1.patch b/0036-Redefine-VSFTP_COMMAND_FD-to-1.patch index 7f1911a..4299b23 100644 --- a/0036-Redefine-VSFTP_COMMAND_FD-to-1.patch +++ b/0036-Redefine-VSFTP_COMMAND_FD-to-1.patch @@ -1,7 +1,7 @@ From 18e0ab25a0d66088728b506cf64f5545637eda26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Tue, 5 Sep 2017 14:26:08 +0200 -Subject: [PATCH 36/36] Redefine VSFTP_COMMAND_FD to 1 +Subject: [PATCH 36/59] Redefine VSFTP_COMMAND_FD to 1 Redefine VSFTP_COMMAND_FD to 1 (stdout) so that error messages generated during startup are picked up by systemd. @@ -25,5 +25,5 @@ index bde3232..315f0f0 100644 #define VSFTP_PASSWORD_MAX 128 #define VSFTP_USERNAME_MAX 128 -- -2.9.5 +2.14.4 diff --git a/0037-Document-the-relationship-of-text_userdb_names-and-c.patch b/0037-Document-the-relationship-of-text_userdb_names-and-c.patch index 7bf92ae..ae188d7 100644 --- a/0037-Document-the-relationship-of-text_userdb_names-and-c.patch +++ b/0037-Document-the-relationship-of-text_userdb_names-and-c.patch @@ -1,7 +1,7 @@ From 221f35f302d53f5a89f8e79592492e7cb322e81a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Thu, 26 Oct 2017 13:08:32 +0200 -Subject: [PATCH 37/37] Document the relationship of text_userdb_names and +Subject: [PATCH 37/59] Document the relationship of text_userdb_names and chroot_local_user Note in vsftpd.conf(5) that text_userdb_names may not work when @@ -25,5 +25,5 @@ index a3d569e..45b3f9c 100644 Default: NO .TP -- -2.14.3 +2.14.4 diff --git a/0038-Document-allow_writeable_chroot-in-the-man-page.patch b/0038-Document-allow_writeable_chroot-in-the-man-page.patch index f8d8c1d..ca073d3 100644 --- a/0038-Document-allow_writeable_chroot-in-the-man-page.patch +++ b/0038-Document-allow_writeable_chroot-in-the-man-page.patch @@ -1,7 +1,7 @@ From 35ec3be5427a54facd5f6299fda2da4c146d4846 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Fri, 24 Nov 2017 11:22:43 +0100 -Subject: [PATCH 38/38] Document allow_writeable_chroot in the man page +Subject: [PATCH 38/59] Document allow_writeable_chroot in the man page --- vsftpd.conf.5 | 9 +++++++++ @@ -28,5 +28,5 @@ index 45b3f9c..d1f0db5 100644 .TP .B anon_mkdir_write_enable -- -2.14.3 +2.14.4 diff --git a/0039-Improve-documentation-of-ASCII-mode-in-the-man-page.patch b/0039-Improve-documentation-of-ASCII-mode-in-the-man-page.patch index 4b32923..307ce35 100644 --- a/0039-Improve-documentation-of-ASCII-mode-in-the-man-page.patch +++ b/0039-Improve-documentation-of-ASCII-mode-in-the-man-page.patch @@ -1,7 +1,7 @@ From 7d4b76abb437184fa692533cb5537318026a30e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Fri, 24 Nov 2017 11:26:37 +0100 -Subject: [PATCH 39/39] Improve documentation of ASCII mode in the man page +Subject: [PATCH 39/59] Improve documentation of ASCII mode in the man page --- vsftpd.conf.5 | 6 ++++++ @@ -30,5 +30,5 @@ index d1f0db5..3ca55e4 100644 Default: NO .TP -- -2.14.3 +2.14.4 diff --git a/0040-Use-system-wide-crypto-policy.patch b/0040-Use-system-wide-crypto-policy.patch index d79530b..f59ba2b 100644 --- a/0040-Use-system-wide-crypto-policy.patch +++ b/0040-Use-system-wide-crypto-policy.patch @@ -1,7 +1,7 @@ From b83be8b4f86bf1a8a6de4802a9486d084c4a46cd Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Tue, 29 Aug 2017 10:32:16 +0200 -Subject: [PATCH 40/40] Use system wide crypto policy +Subject: [PATCH 40/59] Use system wide crypto policy Resolves: rhbz#1483970 --- @@ -23,5 +23,5 @@ index 5440c00..354251c 100644 install_str_setting(0, &tunable_dsa_private_key_file); install_str_setting(0, &tunable_ca_certs_file); -- -2.14.3 +2.14.4 diff --git a/0041-Document-the-new-default-for-ssl_ciphers-in-the-man-.patch b/0041-Document-the-new-default-for-ssl_ciphers-in-the-man-.patch index e004e0f..8b26c7b 100644 --- a/0041-Document-the-new-default-for-ssl_ciphers-in-the-man-.patch +++ b/0041-Document-the-new-default-for-ssl_ciphers-in-the-man-.patch @@ -1,7 +1,7 @@ From 2369d1ea5144d525d315aba90da528e7d9bfd1cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Thu, 21 Dec 2017 14:19:18 +0100 -Subject: [PATCH 41/41] Document the new default for ssl_ciphers in the man +Subject: [PATCH 41/59] Document the new default for ssl_ciphers in the man page Related: rhbz#1483970 @@ -27,5 +27,5 @@ index 3ca55e4..2a7662e 100644 .B user_config_dir This powerful option allows the override of any config option specified in -- -2.14.3 +2.14.4 diff --git a/0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch b/0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch index 542cd69..250a44c 100644 --- a/0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch +++ b/0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch @@ -1,7 +1,7 @@ From 1c280a0b04e58ec63ce9ab5eb8d0ffe5ebbae115 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Thu, 21 Dec 2017 14:29:25 +0100 -Subject: [PATCH 42/42] When handling FEAT command, check ssl_tlsv1_1 and +Subject: [PATCH 42/59] When handling FEAT command, check ssl_tlsv1_1 and ssl_tlsv1_2 Send 'AUTH SSL' in reply to the FEAT command when the ssl_tlsv1_1 @@ -28,5 +28,5 @@ index 1212980..d024366 100644 vsf_cmdio_write_raw(p_sess, " AUTH TLS\r\n"); } -- -2.14.3 +2.14.4 diff --git a/0043-Enable-only-TLSv1.2-by-default.patch b/0043-Enable-only-TLSv1.2-by-default.patch index ca8b1d3..eb157f8 100644 --- a/0043-Enable-only-TLSv1.2-by-default.patch +++ b/0043-Enable-only-TLSv1.2-by-default.patch @@ -1,7 +1,7 @@ From 75c942c77aa575143c5b75637e64a925ad12641a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Thu, 21 Dec 2017 16:38:40 +0100 -Subject: [PATCH 43/43] Enable only TLSv1.2 by default +Subject: [PATCH 43/59] Enable only TLSv1.2 by default Disable TLSv1 and TLSv1.1 - enable only TLSv1.2 by default. --- @@ -49,5 +49,5 @@ index 2a7662e..df14027 100644 .B ssl_tlsv1_2 Only applies if -- -2.14.3 +2.14.4 diff --git a/0044-Disable-anonymous_enable-in-default-config-file.patch b/0044-Disable-anonymous_enable-in-default-config-file.patch index cc9eace..4e62d76 100644 --- a/0044-Disable-anonymous_enable-in-default-config-file.patch +++ b/0044-Disable-anonymous_enable-in-default-config-file.patch @@ -1,7 +1,7 @@ From ffaeebcfdb56ba75392af21c68c0bac78a226b55 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Tue, 2 Jan 2018 09:54:43 +0100 -Subject: [PATCH 44/44] Disable anonymous_enable in default config file +Subject: [PATCH 44/59] Disable anonymous_enable in default config file Resolves: rhbz#1338637 --- @@ -22,5 +22,5 @@ index 39d1955..4626c1b 100644 # Uncomment this to allow local users to log in. # When SELinux is enforcing check for SE bool ftp_home_dir -- -2.14.3 +2.14.4 diff --git a/0045-Expand-explanation-of-ascii_-options-behaviour-in-ma.patch b/0045-Expand-explanation-of-ascii_-options-behaviour-in-ma.patch index b4a6f59..2243790 100644 --- a/0045-Expand-explanation-of-ascii_-options-behaviour-in-ma.patch +++ b/0045-Expand-explanation-of-ascii_-options-behaviour-in-ma.patch @@ -1,7 +1,7 @@ From 61327320b54a59e319c522151f7a61c74ec94f2f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Tue, 2 Jan 2018 16:25:55 +0100 -Subject: [PATCH 45/46] Expand explanation of ascii_* options behaviour in man +Subject: [PATCH 45/59] Expand explanation of ascii_* options behaviour in man page --- @@ -48,5 +48,5 @@ index df14027..a5abeb2 100644 Default: NO .TP -- -2.14.3 +2.14.4 diff --git a/0046-vsftpd.conf-Refer-to-the-man-page-regarding-the-asci.patch b/0046-vsftpd.conf-Refer-to-the-man-page-regarding-the-asci.patch index 9e8b8ea..61ed691 100644 --- a/0046-vsftpd.conf-Refer-to-the-man-page-regarding-the-asci.patch +++ b/0046-vsftpd.conf-Refer-to-the-man-page-regarding-the-asci.patch @@ -1,7 +1,7 @@ From 446f7c1ec54e06b5da2e890e0cd8fbd7308322c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Tue, 2 Jan 2018 16:33:18 +0100 -Subject: [PATCH 46/46] vsftpd.conf: Refer to the man page regarding the +Subject: [PATCH 46/59] vsftpd.conf: Refer to the man page regarding the ascii_* options --- @@ -23,5 +23,5 @@ index 4626c1b..e70bc6d 100644 # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd # predicted this attack and has always been safe, reporting the size of the -- -2.14.3 +2.14.4 diff --git a/0047-Disable-tcp_wrappers-support.patch b/0047-Disable-tcp_wrappers-support.patch index ce64f2d..f71aab0 100644 --- a/0047-Disable-tcp_wrappers-support.patch +++ b/0047-Disable-tcp_wrappers-support.patch @@ -1,7 +1,7 @@ From b383ec42bb750419fea102fccf36af5216145eb2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Fri, 5 Jan 2018 09:17:13 +0100 -Subject: [PATCH 47/48] Disable tcp_wrappers support +Subject: [PATCH 47/59] Disable tcp_wrappers support Resolves: rhbz#1518796 --- @@ -45,5 +45,5 @@ index e70bc6d..6b8eebb 100644 userlist_enable=YES -tcp_wrappers=YES -- -2.14.3 +2.14.4 diff --git a/0048-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch b/0048-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch index 5fbb2cc..513e128 100644 --- a/0048-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch +++ b/0048-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch @@ -1,7 +1,7 @@ From 9cba9e81aa96e1d64ae2eaaf88330e09dadfce79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Fri, 5 Jan 2018 09:40:09 +0100 -Subject: [PATCH 48/48] Fix default value of strict_ssl_read_eof in man page +Subject: [PATCH 48/59] Fix default value of strict_ssl_read_eof in man page --- vsftpd.conf.5 | 5 ++--- @@ -25,5 +25,5 @@ index a5abeb2..43b0435 100644 .B strict_ssl_write_shutdown If enabled, SSL data downloads are required to terminate via SSL, not an -- -2.14.3 +2.14.4 diff --git a/0049-Add-new-filename-generation-algorithm-for-STOU-comma.patch b/0049-Add-new-filename-generation-algorithm-for-STOU-comma.patch index bfbb871..22745b5 100644 --- a/0049-Add-new-filename-generation-algorithm-for-STOU-comma.patch +++ b/0049-Add-new-filename-generation-algorithm-for-STOU-comma.patch @@ -1,7 +1,7 @@ From 1203b943b369651d96d057f8190f14f015e6ff0b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Tue, 6 Feb 2018 13:30:44 +0100 -Subject: [PATCH 49/49] Add new filename generation algorithm for STOU command +Subject: [PATCH 49/59] Add new filename generation algorithm for STOU command A new configuration option 'better_stou' can be used to enable a better algorithm for generating unique filenames. @@ -318,5 +318,5 @@ index 43b0435..6911a73 100644 .TP .B anon_mkdir_write_enable -- -2.14.3 +2.14.4 diff --git a/0050-Don-t-link-with-libnsl.patch b/0050-Don-t-link-with-libnsl.patch index c907980..8b626bb 100644 --- a/0050-Don-t-link-with-libnsl.patch +++ b/0050-Don-t-link-with-libnsl.patch @@ -1,7 +1,7 @@ From f8663f35d5d150f0533bb052e48306b9a5111d87 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Tue, 6 Feb 2018 18:04:53 +0100 -Subject: [PATCH 50/50] Don't link with libnsl +Subject: [PATCH 50/59] Don't link with libnsl Don't link with libnsl. It builds just fine without it and vsf_findlibs.sh enables it only when tcp_wrappers is enabled. @@ -23,5 +23,5 @@ index 612994e..0f7411c 100644 LDFLAGS = -fPIE -pie -Wl,-z,relro -Wl,-z,now -- -2.14.3 +2.14.4 diff --git a/0001-Improve-documentation-of-better_stou-in-the-man-page.patch b/0051-Improve-documentation-of-better_stou-in-the-man-page.patch similarity index 92% rename from 0001-Improve-documentation-of-better_stou-in-the-man-page.patch rename to 0051-Improve-documentation-of-better_stou-in-the-man-page.patch index e1293ab..c2593be 100644 --- a/0001-Improve-documentation-of-better_stou-in-the-man-page.patch +++ b/0051-Improve-documentation-of-better_stou-in-the-man-page.patch @@ -1,7 +1,7 @@ From 765f99b26705c8d6fe2be4feb07f4c91e7eb96f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Thu, 5 Apr 2018 12:29:03 +0200 -Subject: [PATCH] Improve documentation of better_stou in the man page +Subject: [PATCH 51/59] Improve documentation of better_stou in the man page --- vsftpd.conf.5 | 7 ++++++- @@ -26,5 +26,5 @@ index 6911a73..e9ae474 100644 Default: NO .TP -- -2.14.3 +2.14.4 diff --git a/0001-Fix-rDNS-with-IPv6.patch b/0052-Fix-rDNS-with-IPv6.patch similarity index 99% rename from 0001-Fix-rDNS-with-IPv6.patch rename to 0052-Fix-rDNS-with-IPv6.patch index 2328968..eca9474 100644 --- a/0001-Fix-rDNS-with-IPv6.patch +++ b/0052-Fix-rDNS-with-IPv6.patch @@ -1,7 +1,7 @@ From 01b646d2af0ed885d01d31a6479898a3c423a630 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Thu, 26 Apr 2018 10:00:19 +0200 -Subject: [PATCH 1/4] Fix rDNS with IPv6 +Subject: [PATCH 52/59] Fix rDNS with IPv6 Previously IPv6 addresses were not translated to hostnames for PAM to use. --- @@ -191,5 +191,5 @@ index 7a59f13..2df14ed 100644 void vsf_sysutil_activate_keepalive(int fd); void vsf_sysutil_rcvtimeo(int fd); -- -2.14.3 +2.14.4 diff --git a/0002-Always-do-chdir-after-chroot.patch b/0053-Always-do-chdir-after-chroot.patch similarity index 91% rename from 0002-Always-do-chdir-after-chroot.patch rename to 0053-Always-do-chdir-after-chroot.patch index 566ca09..e1c0105 100644 --- a/0002-Always-do-chdir-after-chroot.patch +++ b/0053-Always-do-chdir-after-chroot.patch @@ -1,7 +1,7 @@ From 315f9720db94af3319c9550feaf473b9cf09aeac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Thu, 3 May 2018 13:20:28 +0200 -Subject: [PATCH 2/4] Always do chdir("/") after chroot() +Subject: [PATCH 53/59] Always do chdir("/") after chroot() Always do chdir("/") after chroot() to be more sure we'll never get out of it. This will not affect the working directory after calling @@ -28,5 +28,5 @@ index b68583b..3014c05 100644 unsigned int -- -2.14.3 +2.14.4 diff --git a/0003-vsf_sysutil_rcvtimeo-Check-return-value-of-setsockop.patch b/0054-vsf_sysutil_rcvtimeo-Check-return-value-of-setsockop.patch similarity index 89% rename from 0003-vsf_sysutil_rcvtimeo-Check-return-value-of-setsockop.patch rename to 0054-vsf_sysutil_rcvtimeo-Check-return-value-of-setsockop.patch index 337fa28..d67db00 100644 --- a/0003-vsf_sysutil_rcvtimeo-Check-return-value-of-setsockop.patch +++ b/0054-vsf_sysutil_rcvtimeo-Check-return-value-of-setsockop.patch @@ -1,7 +1,7 @@ From ca27e6e34d89fc247a164ed7330735644f97d7d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Wed, 9 May 2018 20:15:29 +0200 -Subject: [PATCH 3/4] vsf_sysutil_rcvtimeo: Check return value of setsockopt +Subject: [PATCH 54/59] vsf_sysutil_rcvtimeo: Check return value of setsockopt --- sysutil.c | 7 ++++++- @@ -29,5 +29,5 @@ index 3014c05..de5f876 100644 void -- -2.14.3 +2.14.4 diff --git a/0004-vsf_sysutil_get_tz-Check-the-return-value-of-syscall.patch b/0055-vsf_sysutil_get_tz-Check-the-return-value-of-syscall.patch similarity index 97% rename from 0004-vsf_sysutil_get_tz-Check-the-return-value-of-syscall.patch rename to 0055-vsf_sysutil_get_tz-Check-the-return-value-of-syscall.patch index 72f70b1..85d4f2f 100644 --- a/0004-vsf_sysutil_get_tz-Check-the-return-value-of-syscall.patch +++ b/0055-vsf_sysutil_get_tz-Check-the-return-value-of-syscall.patch @@ -1,7 +1,7 @@ From c7ac05fdf2a7b53d901bfc3afeb9a61916aaaaf1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Wed, 9 May 2018 20:26:37 +0200 -Subject: [PATCH 4/4] vsf_sysutil_get_tz: Check the return value of syscalls +Subject: [PATCH 55/59] vsf_sysutil_get_tz: Check the return value of syscalls Check the return value of syscalls. There's always the possibility that they'll fail. (Failure of close() is not handled though, apart from EINTR. @@ -104,5 +104,5 @@ index de5f876..fd07d99 100644 return ret_tz; -- -2.14.3 +2.14.4 diff --git a/0001-Log-die-calls-to-syslog.patch b/0056-Log-die-calls-to-syslog.patch similarity index 99% rename from 0001-Log-die-calls-to-syslog.patch rename to 0056-Log-die-calls-to-syslog.patch index d6aa2f8..46b93f6 100644 --- a/0001-Log-die-calls-to-syslog.patch +++ b/0056-Log-die-calls-to-syslog.patch @@ -1,7 +1,7 @@ From ee6af258e8cb1a7fada5e6d3e54429b89f12b158 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Fri, 15 Jun 2018 12:02:21 +0200 -Subject: [PATCH 1/3] Log die() calls to syslog +Subject: [PATCH 56/59] Log die() calls to syslog Pass messages given to die(), die2() and bug() to syslog. Currently this functionality requires waiting for a short amount of time (1 second is diff --git a/0002-Improve-error-message-when-max-number-of-bind-attemp.patch b/0057-Improve-error-message-when-max-number-of-bind-attemp.patch similarity index 87% rename from 0002-Improve-error-message-when-max-number-of-bind-attemp.patch rename to 0057-Improve-error-message-when-max-number-of-bind-attemp.patch index 221a2de..3a0effe 100644 --- a/0002-Improve-error-message-when-max-number-of-bind-attemp.patch +++ b/0057-Improve-error-message-when-max-number-of-bind-attemp.patch @@ -1,8 +1,8 @@ From 380e40930661d643c865bace4e1791ca8f9d74cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Mon, 18 Jun 2018 14:01:46 +0200 -Subject: [PATCH 2/3] Improve error message when max number of bind attempts is - exceeded +Subject: [PATCH 57/59] Improve error message when max number of bind attempts + is exceeded Resolves: rhbz#1318198 --- diff --git a/0003-Make-the-max-number-of-bind-retries-tunable.patch b/0058-Make-the-max-number-of-bind-retries-tunable.patch similarity index 97% rename from 0003-Make-the-max-number-of-bind-retries-tunable.patch rename to 0058-Make-the-max-number-of-bind-retries-tunable.patch index 533bd29..1350470 100644 --- a/0003-Make-the-max-number-of-bind-retries-tunable.patch +++ b/0058-Make-the-max-number-of-bind-retries-tunable.patch @@ -1,7 +1,7 @@ From be7c2d639127dd8af0139caf94f8c29f431d3753 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Mon, 18 Jun 2018 10:13:48 +0200 -Subject: [PATCH 3/3] Make the max number of bind retries tunable +Subject: [PATCH 58/59] Make the max number of bind retries tunable Resolves: rhbz#1318198 --- diff --git a/0059-Fix-SEGFAULT-when-running-in-a-container-as-PID-1.patch b/0059-Fix-SEGFAULT-when-running-in-a-container-as-PID-1.patch new file mode 100644 index 0000000..3adbd4c --- /dev/null +++ b/0059-Fix-SEGFAULT-when-running-in-a-container-as-PID-1.patch @@ -0,0 +1,58 @@ +From 970711fde95bee3de1e4a5e0b557c3132d0c3e3f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Tue, 6 Feb 2018 11:39:01 +0100 +Subject: [PATCH 59/59] Fix SEGFAULT when running in a container as PID 1 + +When vsftpd is running in a container as PID 1, it is possible +that it will get SIGCHILD for processes, which were not directly +created by it, but by some of its children. These processes will +not be in the s_p_pid_ip_hash hash table, and thus trying to +delete the entry from the hash table in standalone.c:handle_sigchld() +will result in segmentation fault. + +I can quite easily reproduce it with the upstream vsftpd and default +configuration, except for isolate=NO and isolate_network=NO being set +(it seems to me that network namespaces take a long time to create +and destroy, which hides the race condition), on a quad-core machine. +When connecting to vsftpd in a loop like this: +$ while true; do echo -en '' | nc localhost 21; done + +vsftpd crashes after a couple of seconds. +--- + standalone.c | 18 +++++++++++++----- + 1 file changed, 13 insertions(+), 5 deletions(-) + +diff --git a/standalone.c b/standalone.c +index 3b65ea2..3f35e9e 100644 +--- a/standalone.c ++++ b/standalone.c +@@ -270,13 +270,21 @@ handle_sigchld(void* duff) + if (reap_one) + { + struct vsf_sysutil_ipaddr* p_ip; +- /* Account total number of instances */ +- --s_children; +- /* Account per-IP limit */ + p_ip = (struct vsf_sysutil_ipaddr*) + hash_lookup_entry(s_p_pid_ip_hash, (void*)&reap_one); +- drop_ip_count(p_ip); +- hash_free_entry(s_p_pid_ip_hash, (void*)&reap_one); ++ /* If we are running in a container as PID 1, it is possible ++ * that we will get SIGCHILD for processes, which were not ++ * created directly by our process and which are not in the ++ * s_p_pid_ip_hash hash table. ++ */ ++ if (p_ip) ++ { ++ /* Account total number of instances */ ++ --s_children; ++ /* Account per-IP limit */ ++ drop_ip_count(p_ip); ++ hash_free_entry(s_p_pid_ip_hash, (void*)&reap_one); ++ } + } + } + } +-- +2.14.4 + diff --git a/vsftpd.spec b/vsftpd.spec index 5b455a0..e7d687b 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 26%{?dist} +Release: 27%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -79,14 +79,15 @@ Patch47: 0047-Disable-tcp_wrappers-support.patch Patch48: 0048-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch Patch49: 0049-Add-new-filename-generation-algorithm-for-STOU-comma.patch Patch50: 0050-Don-t-link-with-libnsl.patch -Patch51: 0001-Improve-documentation-of-better_stou-in-the-man-page.patch -Patch52: 0001-Fix-rDNS-with-IPv6.patch -Patch53: 0002-Always-do-chdir-after-chroot.patch -Patch54: 0003-vsf_sysutil_rcvtimeo-Check-return-value-of-setsockop.patch -Patch55: 0004-vsf_sysutil_get_tz-Check-the-return-value-of-syscall.patch -Patch56: 0001-Log-die-calls-to-syslog.patch -Patch57: 0002-Improve-error-message-when-max-number-of-bind-attemp.patch -Patch58: 0003-Make-the-max-number-of-bind-retries-tunable.patch +Patch51: 0051-Improve-documentation-of-better_stou-in-the-man-page.patch +Patch52: 0052-Fix-rDNS-with-IPv6.patch +Patch53: 0053-Always-do-chdir-after-chroot.patch +Patch54: 0054-vsf_sysutil_rcvtimeo-Check-return-value-of-setsockop.patch +Patch55: 0055-vsf_sysutil_get_tz-Check-the-return-value-of-syscall.patch +Patch56: 0056-Log-die-calls-to-syslog.patch +Patch57: 0057-Improve-error-message-when-max-number-of-bind-attemp.patch +Patch58: 0058-Make-the-max-number-of-bind-retries-tunable.patch +Patch59: 0059-Fix-SEGFAULT-when-running-in-a-container-as-PID-1.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -155,6 +156,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Wed Jul 25 2018 Ondřej Lysoněk - 3.0.3-27 +- Fix a segfault when running as PID 1 + * Sat Jul 14 2018 Fedora Release Engineering - 3.0.3-26 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild From 0d51f8f9e86498d6452552d9df2016fccd2ad710 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Wed, 25 Jul 2018 14:27:16 +0200 Subject: [PATCH 35/85] Switch to SHA512 source tarball hash --- sources | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources b/sources index b94676e..73f8cf5 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -da119d084bd3f98664636ea05b5bb398 vsftpd-3.0.3.tar.gz +SHA512 (vsftpd-3.0.3.tar.gz) = 5a4410a88e72ecf6f60a60a89771bcec300c9f63c2ea83b219bdf65fd9749b9853f9579f7257205b55659aefcd5dab243eba878dbbd4f0ff8532dd6e60884df7 From f6df692943c62c16bdc2a8471f75b1c25bcb5da0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Wed, 25 Jul 2018 15:27:57 +0200 Subject: [PATCH 36/85] Rebuilt, switched to SHA512 source tarball hash --- vsftpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index e7d687b..da2ee12 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 27%{?dist} +Release: 28%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -156,6 +156,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Wed Jul 25 2018 Ondřej Lysoněk - 3.0.3-28 +- Rebuilt, switched to SHA512 source tarball hash + * Wed Jul 25 2018 Ondřej Lysoněk - 3.0.3-27 - Fix a segfault when running as PID 1 From 71c2ae6e77beb3dde20989639b70b815a5eeba67 Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Mon, 28 Jan 2019 20:18:30 +0100 Subject: [PATCH 37/85] Remove obsolete Group tag References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag --- vsftpd.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index da2ee12..c395d84 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -5,7 +5,6 @@ Version: 3.0.3 Release: 28%{?dist} Summary: Very Secure Ftp Daemon -Group: System Environment/Daemons # OpenSSL link exception License: GPLv2 with exceptions URL: https://security.appspot.com/vsftpd.html From bb47596e0ad2719ce366c29b550cf5229e95f8f1 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sun, 3 Feb 2019 11:27:51 +0000 Subject: [PATCH 38/85] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- vsftpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index c395d84..a942f1a 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 28%{?dist} +Release: 29%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -155,6 +155,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Sun Feb 03 2019 Fedora Release Engineering - 3.0.3-29 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + * Wed Jul 25 2018 Ondřej Lysoněk - 3.0.3-28 - Rebuilt, switched to SHA512 source tarball hash From 2bc5223ce683850ce0d525589c4c08e3b036296e Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 27 Jul 2019 03:12:02 +0000 Subject: [PATCH 39/85] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- vsftpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index a942f1a..8c28e00 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 29%{?dist} +Release: 30%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -155,6 +155,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Sat Jul 27 2019 Fedora Release Engineering - 3.0.3-30 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + * Sun Feb 03 2019 Fedora Release Engineering - 3.0.3-29 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild From a0a47ca688760b418729728f80b6cc5d1074f2c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Sat, 3 Aug 2019 20:07:39 +0200 Subject: [PATCH 40/85] Fix segfault when listen() returns an error Resolves: rhbz#1666380 --- ...ve-closing-standard-FDs-after-listen.patch | 46 ++++++++ 0002-Prevent-recursion-in-bug.patch | 107 ++++++++++++++++++ vsftpd.spec | 8 +- 3 files changed, 160 insertions(+), 1 deletion(-) create mode 100644 0001-Move-closing-standard-FDs-after-listen.patch create mode 100644 0002-Prevent-recursion-in-bug.patch diff --git a/0001-Move-closing-standard-FDs-after-listen.patch b/0001-Move-closing-standard-FDs-after-listen.patch new file mode 100644 index 0000000..12511e7 --- /dev/null +++ b/0001-Move-closing-standard-FDs-after-listen.patch @@ -0,0 +1,46 @@ +From 40fea4552377504ce69935149e64e39a595f4600 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Sat, 3 Aug 2019 17:50:14 +0200 +Subject: [PATCH 1/2] Move closing standard FDs after listen() + +The vsf_sysutil_close() calls need to be moved a bit further so that +die() works properly in case listen() fails. + +I see no reason the calls should be placed before listen() +specifically, as they are now. My guess is that the author who added +the calls thought that listen() is a blocking call, which is not the +case. The only thing we need to satisfy is that close() is called +before accept, because that is a blocking call. That's all that is +needed to fix the bug that was fixed by adding the close() calls. + +Resolves: rhbz#1666380 +--- + standalone.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/standalone.c b/standalone.c +index 3f35e9e..b358ca1 100644 +--- a/standalone.c ++++ b/standalone.c +@@ -152,15 +152,15 @@ vsf_standalone_main(void) + vsf_sysutil_kill(vsf_sysutil_getppid(), kVSFSysUtilSigUSR1); + } + } +- vsf_sysutil_close(0); +- vsf_sysutil_close(1); +- vsf_sysutil_close(2); + retval = vsf_sysutil_listen(listen_sock, VSFTP_LISTEN_BACKLOG); + if (vsf_sysutil_retval_is_error(retval)) + { + die("could not listen"); + } + vsf_sysutil_sockaddr_alloc(&p_accept_addr); ++ vsf_sysutil_close(0); ++ vsf_sysutil_close(1); ++ vsf_sysutil_close(2); + while (1) + { + struct vsf_client_launch child_info; +-- +2.20.1 + diff --git a/0002-Prevent-recursion-in-bug.patch b/0002-Prevent-recursion-in-bug.patch new file mode 100644 index 0000000..061fd1e --- /dev/null +++ b/0002-Prevent-recursion-in-bug.patch @@ -0,0 +1,107 @@ +From e679a3ce0f2cf1558da31e0bccd9e2398b89c7e9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Tue, 30 Jul 2019 16:07:01 +0200 +Subject: [PATCH 2/2] Prevent recursion in bug() + +Resolves: rhbz#1666380 +--- + sysutil.c | 35 +++++++++++++++++++++++++++++++---- + sysutil.h | 1 + + utility.c | 12 +++++++----- + 3 files changed, 39 insertions(+), 9 deletions(-) + +diff --git a/sysutil.c b/sysutil.c +index fd07d99..e2df671 100644 +--- a/sysutil.c ++++ b/sysutil.c +@@ -774,21 +774,48 @@ vsf_sysutil_deactivate_linger_failok(int fd) + (void) setsockopt(fd, SOL_SOCKET, SO_LINGER, &the_linger, sizeof(the_linger)); + } + +-void +-vsf_sysutil_activate_noblock(int fd) ++static int ++vsf_sysutil_activate_noblock_internal(int fd, int return_err) + { + int retval; + int curr_flags = fcntl(fd, F_GETFL); + if (vsf_sysutil_retval_is_error(curr_flags)) + { +- die("fcntl"); ++ if (return_err) ++ { ++ return -1; ++ } ++ else ++ { ++ die("fcntl"); ++ } + } + curr_flags |= O_NONBLOCK; + retval = fcntl(fd, F_SETFL, curr_flags); + if (retval != 0) + { +- die("fcntl"); ++ if (return_err) ++ { ++ return -1; ++ } ++ else ++ { ++ die("fcntl"); ++ } + } ++ return 0; ++} ++ ++void ++vsf_sysutil_activate_noblock(int fd) ++{ ++ (void) vsf_sysutil_activate_noblock_internal(fd, 0); ++} ++ ++int ++vsf_sysutil_activate_noblock_no_die(int fd) ++{ ++ return vsf_sysutil_activate_noblock_internal(fd, 1); + } + + void +diff --git a/sysutil.h b/sysutil.h +index 2df14ed..0772423 100644 +--- a/sysutil.h ++++ b/sysutil.h +@@ -281,6 +281,7 @@ void vsf_sysutil_activate_oobinline(int fd); + void vsf_sysutil_activate_linger(int fd); + void vsf_sysutil_deactivate_linger_failok(int fd); + void vsf_sysutil_activate_noblock(int fd); ++int vsf_sysutil_activate_noblock_no_die(int fd); + void vsf_sysutil_deactivate_noblock(int fd); + /* This does SHUT_RDWR */ + void vsf_sysutil_shutdown_failok(int fd); +diff --git a/utility.c b/utility.c +index 75e5bdd..5619a04 100644 +--- a/utility.c ++++ b/utility.c +@@ -47,11 +47,13 @@ bug(const char* p_text) + { + vsf_log_die(p_text); + } +- vsf_sysutil_activate_noblock(VSFTP_COMMAND_FD); +- (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, "500 OOPS: ", 10); +- (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, p_text, +- vsf_sysutil_strlen(p_text)); +- (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, "\r\n", 2); ++ if (vsf_sysutil_activate_noblock_no_die(VSFTP_COMMAND_FD) == 0) ++ { ++ (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, "500 OOPS: ", 10); ++ (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, p_text, ++ vsf_sysutil_strlen(p_text)); ++ (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, "\r\n", 2); ++ } + if (tunable_log_die) + { + /* Workaround for https://github.com/systemd/systemd/issues/2913 */ +-- +2.20.1 + diff --git a/vsftpd.spec b/vsftpd.spec index 8c28e00..04a2f74 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 30%{?dist} +Release: 31%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -87,6 +87,8 @@ Patch56: 0056-Log-die-calls-to-syslog.patch Patch57: 0057-Improve-error-message-when-max-number-of-bind-attemp.patch Patch58: 0058-Make-the-max-number-of-bind-retries-tunable.patch Patch59: 0059-Fix-SEGFAULT-when-running-in-a-container-as-PID-1.patch +Patch61: 0001-Move-closing-standard-FDs-after-listen.patch +Patch62: 0002-Prevent-recursion-in-bug.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -155,6 +157,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Sat Aug 03 2019 Ondřej Lysoněk - 3.0.3-31 +- Fix segfault when listen() returns an error +- Resolves: rhbz#1666380 + * Sat Jul 27 2019 Fedora Release Engineering - 3.0.3-30 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild From 6848e2e801f862f48ccd5dfdc3fd33ec9100c875 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Mon, 5 Aug 2019 14:14:50 +0200 Subject: [PATCH 41/85] Partially fix problem with bad utmp entries when pututxline() fails Resolves: rhbz#1688848 --- ...rted-only-after-record-insertion-rem.patch | 53 +++++++++ ...at-pututxline-if-it-fails-with-EINTR.patch | 105 ++++++++++++++++++ vsftpd.spec | 8 +- 3 files changed, 165 insertions(+), 1 deletion(-) create mode 100644 0001-Set-s_uwtmp_inserted-only-after-record-insertion-rem.patch create mode 100644 0002-Repeat-pututxline-if-it-fails-with-EINTR.patch diff --git a/0001-Set-s_uwtmp_inserted-only-after-record-insertion-rem.patch b/0001-Set-s_uwtmp_inserted-only-after-record-insertion-rem.patch new file mode 100644 index 0000000..00bf82c --- /dev/null +++ b/0001-Set-s_uwtmp_inserted-only-after-record-insertion-rem.patch @@ -0,0 +1,53 @@ +From 96698a525784ad91cb27b572dd5f871c183fdfa5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Sun, 28 Jul 2019 12:25:35 +0200 +Subject: [PATCH 1/2] Set s_uwtmp_inserted only after record insertion/removal + +pututxline() is the function that actually inserts the new record, so +setting 's_uwtmp_inserted' before calling pututxline() doesn't make +sense. + +We'll need this change for other fixes. +--- + sysdeputil.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/sysdeputil.c b/sysdeputil.c +index 4fe56c2..bd1e8c9 100644 +--- a/sysdeputil.c ++++ b/sysdeputil.c +@@ -1224,7 +1224,6 @@ vsf_insert_uwtmp(const struct mystr* p_user_str, + sizeof(s_utent.ut_line)); + str_free(&line_str); + } +- s_uwtmp_inserted = 1; + s_utent.ut_type = USER_PROCESS; + s_utent.ut_pid = vsf_sysutil_getpid(); + vsf_sysutil_strcpy(s_utent.ut_user, str_getbuf(p_user_str), +@@ -1235,6 +1234,7 @@ vsf_insert_uwtmp(const struct mystr* p_user_str, + setutxent(); + (void) pututxline(&s_utent); + endutxent(); ++ s_uwtmp_inserted = 1; + updwtmpx(WTMPX_FILE, &s_utent); + } + +@@ -1245,7 +1245,6 @@ vsf_remove_uwtmp(void) + { + return; + } +- s_uwtmp_inserted = 0; + s_utent.ut_type = DEAD_PROCESS; + vsf_sysutil_memclr(s_utent.ut_user, sizeof(s_utent.ut_user)); + vsf_sysutil_memclr(s_utent.ut_host, sizeof(s_utent.ut_host)); +@@ -1253,6 +1252,7 @@ vsf_remove_uwtmp(void) + setutxent(); + (void) pututxline(&s_utent); + endutxent(); ++ s_uwtmp_inserted = 0; + s_utent.ut_tv.tv_sec = vsf_sysutil_get_time_sec(); + updwtmpx(WTMPX_FILE, &s_utent); + } +-- +2.20.1 + diff --git a/0002-Repeat-pututxline-if-it-fails-with-EINTR.patch b/0002-Repeat-pututxline-if-it-fails-with-EINTR.patch new file mode 100644 index 0000000..e89efcf --- /dev/null +++ b/0002-Repeat-pututxline-if-it-fails-with-EINTR.patch @@ -0,0 +1,105 @@ +From 896b3694ca062d747cd67e9e9ba246adb3fc706b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Mon, 5 Aug 2019 13:55:37 +0200 +Subject: [PATCH 2/2] Repeat pututxline() if it fails with EINTR + +This is a partial fix for rhbz#1688848. We cannot resolve it +completely until glibc bug rhbz#1734791 is fixed. See +https://bugzilla.redhat.com/show_bug.cgi?id=1688848#c13. + +The maximum number of attempts is currently 2, which might seem +low. However setting it to 2 was a decision based on data - see +https://bugzilla.redhat.com/show_bug.cgi?id=1688848#c16. + +Resolves: rhbz#1688848 +--- + sysdeputil.c | 53 +++++++++++++++++++++++++++++++++++++++++++++------- + 1 file changed, 46 insertions(+), 7 deletions(-) + +diff --git a/sysdeputil.c b/sysdeputil.c +index bd1e8c9..4fbcca7 100644 +--- a/sysdeputil.c ++++ b/sysdeputil.c +@@ -1203,6 +1203,8 @@ void + vsf_insert_uwtmp(const struct mystr* p_user_str, + const struct mystr* p_host_str) + { ++ int attempts; ++ + if (sizeof(s_utent.ut_line) < 16) + { + return; +@@ -1231,16 +1233,35 @@ vsf_insert_uwtmp(const struct mystr* p_user_str, + vsf_sysutil_strcpy(s_utent.ut_host, str_getbuf(p_host_str), + sizeof(s_utent.ut_host)); + s_utent.ut_tv.tv_sec = vsf_sysutil_get_time_sec(); +- setutxent(); +- (void) pututxline(&s_utent); +- endutxent(); +- s_uwtmp_inserted = 1; ++ for (attempts = 2; attempts > 0; --attempts) ++ { ++ struct utmpx* p_res; ++ setutxent(); ++ p_res = pututxline(&s_utent); ++ /* For now we'll ignore errors other than EINTR and EAGAIN */ ++ if (p_res != NULL || (errno != EINTR && errno != EAGAIN)) ++ { ++ break; ++ } ++ } ++ if (attempts == 0) ++ { ++ /* This makes us skip pututxline() in vsf_remove_uwtmp() */ ++ s_uwtmp_inserted = -1; ++ } ++ else ++ { ++ s_uwtmp_inserted = 1; ++ endutxent(); ++ } + updwtmpx(WTMPX_FILE, &s_utent); + } + + void + vsf_remove_uwtmp(void) + { ++ int attempts; ++ + if (!s_uwtmp_inserted) + { + return; +@@ -1249,9 +1270,27 @@ vsf_remove_uwtmp(void) + vsf_sysutil_memclr(s_utent.ut_user, sizeof(s_utent.ut_user)); + vsf_sysutil_memclr(s_utent.ut_host, sizeof(s_utent.ut_host)); + s_utent.ut_tv.tv_sec = 0; +- setutxent(); +- (void) pututxline(&s_utent); +- endutxent(); ++ if (s_uwtmp_inserted == 1) ++ { ++ for (attempts = 2; attempts > 0; --attempts) ++ { ++ struct utmpx* p_res; ++ setutxent(); ++ p_res = pututxline(&s_utent); ++ /* For now we'll ignore errors other than EINTR and EAGAIN */ ++ if (p_res != NULL || (errno != EINTR && errno != EAGAIN)) ++ { ++ break; ++ } ++ } ++ if (attempts != 0) ++ { ++ endutxent(); ++ } ++ } ++ /* Set s_uwtmp_inserted to 0 regardless of the result of ++ * pututxline() to make sure we won't run this function twice. ++ */ + s_uwtmp_inserted = 0; + s_utent.ut_tv.tv_sec = vsf_sysutil_get_time_sec(); + updwtmpx(WTMPX_FILE, &s_utent); +-- +2.20.1 + diff --git a/vsftpd.spec b/vsftpd.spec index 04a2f74..70b678c 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 31%{?dist} +Release: 32%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -89,6 +89,8 @@ Patch58: 0058-Make-the-max-number-of-bind-retries-tunable.patch Patch59: 0059-Fix-SEGFAULT-when-running-in-a-container-as-PID-1.patch Patch61: 0001-Move-closing-standard-FDs-after-listen.patch Patch62: 0002-Prevent-recursion-in-bug.patch +Patch63: 0001-Set-s_uwtmp_inserted-only-after-record-insertion-rem.patch +Patch64: 0002-Repeat-pututxline-if-it-fails-with-EINTR.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -157,6 +159,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Mon Aug 05 2019 Ondřej Lysoněk - 3.0.3-32 +- Partially fix problem with bad utmp entries when pututxline() fails +- Resolves: rhbz#1688848 + * Sat Aug 03 2019 Ondřej Lysoněk - 3.0.3-31 - Fix segfault when listen() returns an error - Resolves: rhbz#1666380 From a9d52cf4e1df09e9f229994b1e3d8ea90b5c7786 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Thu, 28 Nov 2019 16:00:19 +0100 Subject: [PATCH 42/85] Finish up the fix to the problem with bad utmp entries when pututxline() fails Resolves: rhbz#1688852 Resolves: rhbz#1737433 --- ...e-until-it-succeeds-if-it-fails-with.patch | 108 ++++++++++++++++++ vsftpd.spec | 8 +- 2 files changed, 115 insertions(+), 1 deletion(-) create mode 100644 0001-Repeat-pututxline-until-it-succeeds-if-it-fails-with.patch diff --git a/0001-Repeat-pututxline-until-it-succeeds-if-it-fails-with.patch b/0001-Repeat-pututxline-until-it-succeeds-if-it-fails-with.patch new file mode 100644 index 0000000..63d555e --- /dev/null +++ b/0001-Repeat-pututxline-until-it-succeeds-if-it-fails-with.patch @@ -0,0 +1,108 @@ +From 7957425ef5ab365fc96ea0615f99705581c6dbd8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Mon, 12 Aug 2019 18:15:36 +0200 +Subject: [PATCH] Repeat pututxline() until it succeeds if it fails with EINTR + +Since the pututxline() bug rhbz#1749439 is now fixed in glibc in +Fedora and RHEL-8, we can implement a complete solution for the stale +utmp entries issue originally reported as rhbz#1688848. + +This patch is a followup to commit 896b3694ca062d7. + +Resolves: rhbz#1688852 +Resolves: rhbz#1737433 +--- + sysdeputil.c | 53 +++++++++++++--------------------------------------- + 1 file changed, 13 insertions(+), 40 deletions(-) + +diff --git a/sysdeputil.c b/sysdeputil.c +index 4fbcca7..75be680 100644 +--- a/sysdeputil.c ++++ b/sysdeputil.c +@@ -1203,7 +1203,7 @@ void + vsf_insert_uwtmp(const struct mystr* p_user_str, + const struct mystr* p_host_str) + { +- int attempts; ++ struct utmpx* p_res; + + if (sizeof(s_utent.ut_line) < 16) + { +@@ -1233,34 +1233,21 @@ vsf_insert_uwtmp(const struct mystr* p_user_str, + vsf_sysutil_strcpy(s_utent.ut_host, str_getbuf(p_host_str), + sizeof(s_utent.ut_host)); + s_utent.ut_tv.tv_sec = vsf_sysutil_get_time_sec(); +- for (attempts = 2; attempts > 0; --attempts) ++ setutxent(); ++ do + { +- struct utmpx* p_res; +- setutxent(); + p_res = pututxline(&s_utent); + /* For now we'll ignore errors other than EINTR and EAGAIN */ +- if (p_res != NULL || (errno != EINTR && errno != EAGAIN)) +- { +- break; +- } +- } +- if (attempts == 0) +- { +- /* This makes us skip pututxline() in vsf_remove_uwtmp() */ +- s_uwtmp_inserted = -1; +- } +- else +- { +- s_uwtmp_inserted = 1; +- endutxent(); +- } ++ } while (p_res == NULL && (errno == EINTR || errno == EAGAIN)); ++ s_uwtmp_inserted = 1; ++ endutxent(); + updwtmpx(WTMPX_FILE, &s_utent); + } + + void + vsf_remove_uwtmp(void) + { +- int attempts; ++ struct utmpx* p_res; + + if (!s_uwtmp_inserted) + { +@@ -1270,27 +1257,13 @@ vsf_remove_uwtmp(void) + vsf_sysutil_memclr(s_utent.ut_user, sizeof(s_utent.ut_user)); + vsf_sysutil_memclr(s_utent.ut_host, sizeof(s_utent.ut_host)); + s_utent.ut_tv.tv_sec = 0; +- if (s_uwtmp_inserted == 1) ++ setutxent(); ++ do + { +- for (attempts = 2; attempts > 0; --attempts) +- { +- struct utmpx* p_res; +- setutxent(); +- p_res = pututxline(&s_utent); +- /* For now we'll ignore errors other than EINTR and EAGAIN */ +- if (p_res != NULL || (errno != EINTR && errno != EAGAIN)) +- { +- break; +- } +- } +- if (attempts != 0) +- { +- endutxent(); +- } +- } +- /* Set s_uwtmp_inserted to 0 regardless of the result of +- * pututxline() to make sure we won't run this function twice. +- */ ++ p_res = pututxline(&s_utent); ++ /* For now we'll ignore errors other than EINTR and EAGAIN */ ++ } while (p_res == NULL && (errno == EINTR || errno == EAGAIN)); ++ endutxent(); + s_uwtmp_inserted = 0; + s_utent.ut_tv.tv_sec = vsf_sysutil_get_time_sec(); + updwtmpx(WTMPX_FILE, &s_utent); +-- +2.20.1 + diff --git a/vsftpd.spec b/vsftpd.spec index 70b678c..e82d557 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 32%{?dist} +Release: 33%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -91,6 +91,7 @@ Patch61: 0001-Move-closing-standard-FDs-after-listen.patch Patch62: 0002-Prevent-recursion-in-bug.patch Patch63: 0001-Set-s_uwtmp_inserted-only-after-record-insertion-rem.patch Patch64: 0002-Repeat-pututxline-if-it-fails-with-EINTR.patch +Patch65: 0001-Repeat-pututxline-until-it-succeeds-if-it-fails-with.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -159,6 +160,11 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Thu Nov 28 2019 Ondřej Lysoněk - 3.0.3-33 +- Finish up the fix to the problem with bad utmp entries when pututxline() fails +- Resolves: rhbz#1688852 +- Resolves: rhbz#1737433 + * Mon Aug 05 2019 Ondřej Lysoněk - 3.0.3-32 - Partially fix problem with bad utmp entries when pututxline() fails - Resolves: rhbz#1688848 From fddc4aa22f1aa4befc60c34b009d3f5dc7a0a992 Mon Sep 17 00:00:00 2001 From: Tom Stellard Date: Fri, 17 Jan 2020 22:42:53 +0000 Subject: [PATCH 43/85] Use make_build macro The packaging guide[1] says that the make_build macro should be used. This also makes it possible for a build root to inject arguments to make by overriding the __make macro. [1] https://docs.fedoraproject.org/en-US/packaging-guidelines/#_parallel_make --- vsftpd.spec | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/vsftpd.spec b/vsftpd.spec index e82d557..20c3f4f 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 33%{?dist} +Release: 34%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -103,9 +103,9 @@ cp %{SOURCE1} . %build %ifarch s390x sparcv9 sparc64 -make CFLAGS="$RPM_OPT_FLAGS -fPIE -pipe -Wextra -Werror" \ +%make_build CFLAGS="$RPM_OPT_FLAGS -fPIE -pipe -Wextra -Werror" \ %else -make CFLAGS="$RPM_OPT_FLAGS -fpie -pipe -Wextra -Werror" \ +%make_build CFLAGS="$RPM_OPT_FLAGS -fpie -pipe -Wextra -Werror" \ %endif LINK="-pie -lssl" %{?_smp_mflags} @@ -160,6 +160,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Fri Jan 17 2020 Tom Stellard - 3.0.3-34 +- Use make_build macro + * Thu Nov 28 2019 Ondřej Lysoněk - 3.0.3-33 - Finish up the fix to the problem with bad utmp entries when pututxline() fails - Resolves: rhbz#1688852 From b7991404c40bafd2313d37f54ccd41775214ee07 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 31 Jan 2020 03:24:26 +0000 Subject: [PATCH 44/85] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- vsftpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index 20c3f4f..d618978 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 34%{?dist} +Release: 35%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -160,6 +160,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Fri Jan 31 2020 Fedora Release Engineering - 3.0.3-35 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + * Fri Jan 17 2020 Tom Stellard - 3.0.3-34 - Use make_build macro From f5375f041a83e9e4b859ed16e79e3c7146e514e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Fri, 7 Feb 2020 12:02:36 +0100 Subject: [PATCH 45/85] Fix build with gcc 10 Resolves: rhbz#1800239 --- ...of-an-enumerator-of-a-different-type.patch | 33 +++++++++++++++++++ vsftpd.spec | 7 +++- 2 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 0001-Fix-assignment-of-an-enumerator-of-a-different-type.patch diff --git a/0001-Fix-assignment-of-an-enumerator-of-a-different-type.patch b/0001-Fix-assignment-of-an-enumerator-of-a-different-type.patch new file mode 100644 index 0000000..e20404a --- /dev/null +++ b/0001-Fix-assignment-of-an-enumerator-of-a-different-type.patch @@ -0,0 +1,33 @@ +From 8882c5f7788fc2ea7cae824a7fa09b82782fc81e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Fri, 7 Feb 2020 11:51:46 +0100 +Subject: [PATCH] Fix assignment of an enumerator of a different type + +The kVSFSysStrOpenUnknown enumerator is not part of the +EVSFSysUtilOpenMode enum. The assignment causes a build failure with +gcc 10. + +The open_mode variable need not be initialized, because the switch +statement either sets the variable or causes us to exit. + +Resolves: rhbz#1800239 +--- + sysstr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sysstr.c b/sysstr.c +index d86cdf1..ff2671b 100644 +--- a/sysstr.c ++++ b/sysstr.c +@@ -74,7 +74,7 @@ str_chdir(const struct mystr* p_str) + int + str_open(const struct mystr* p_str, const enum EVSFSysStrOpenMode mode) + { +- enum EVSFSysUtilOpenMode open_mode = kVSFSysStrOpenUnknown; ++ enum EVSFSysUtilOpenMode open_mode; + switch (mode) + { + case kVSFSysStrOpenReadOnly: +-- +2.24.1 + diff --git a/vsftpd.spec b/vsftpd.spec index d618978..644221c 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 35%{?dist} +Release: 36%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -92,6 +92,7 @@ Patch62: 0002-Prevent-recursion-in-bug.patch Patch63: 0001-Set-s_uwtmp_inserted-only-after-record-insertion-rem.patch Patch64: 0002-Repeat-pututxline-if-it-fails-with-EINTR.patch Patch65: 0001-Repeat-pututxline-until-it-succeeds-if-it-fails-with.patch +Patch66: 0001-Fix-assignment-of-an-enumerator-of-a-different-type.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -160,6 +161,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Fri Feb 07 2020 Ondřej Lysoněk - 3.0.3-36 +- Fix build with gcc 10 +- Resolves: rhbz#1800239 + * Fri Jan 31 2020 Fedora Release Engineering - 3.0.3-35 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild From 9d90ef9e836a4e5206e4958396f0c03d2de33b60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Thu, 13 Feb 2020 17:38:33 +0100 Subject: [PATCH 46/85] Fix timestamp handling in MDTM Resolves: rhbz#1567855 --- 0001-Fix-timestamp-handling-in-MDTM.patch | 151 ++++++++++++++++++++++ 0002-Drop-an-unused-global-variable.patch | 56 ++++++++ vsftpd.spec | 8 +- 3 files changed, 214 insertions(+), 1 deletion(-) create mode 100644 0001-Fix-timestamp-handling-in-MDTM.patch create mode 100644 0002-Drop-an-unused-global-variable.patch diff --git a/0001-Fix-timestamp-handling-in-MDTM.patch b/0001-Fix-timestamp-handling-in-MDTM.patch new file mode 100644 index 0000000..3975bf3 --- /dev/null +++ b/0001-Fix-timestamp-handling-in-MDTM.patch @@ -0,0 +1,151 @@ +From 6a4dc470e569df38b8a7ea09ee6aace3c73b7353 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Wed, 28 Mar 2018 09:06:34 +0200 +Subject: [PATCH 1/2] Fix timestamp handling in MDTM + +There were two problems with the timestamp handling with MDTM: + +1. In vsf_sysutil_parse_time(), the `the_time.tm_isdst` attribute was + always set to 0, regardless of whether DST (daylight saving time) + is active on the given date or not. + + This made glibc shift the timestamp when DST was in fact active on + the given date, in an attempt to correct the discrepancy between + the given timestamp and the `tm_isdst` attribute. The shifting + produced incorrect results however. + + We fix this by setting `tm_isdst` to -1 to let glibc decide if DST + is active or not at the time of the timestamp. glibc won't touch + the timestamp then. + +2. vsftpd used to record the offset from UTC of the current timezone + in the global variable `s_timezone`. This variable was then + subtracted from the variable `the_time` in vsf_sysutil_setmodtime() + when the config option use_localtime=NO was set. This was done to + compensate for the fact that mktime(), used in + vsf_sysutil_parse_time(), expects a timestamp expressed as local + time, whereas vsftpd is dealing with universal time. + + However, this did not work in the case when the offset stored in + `s_timezone` did not match the timezone of the timestamp given to + mktime() - this happens when DST is active at the current time, but + DST is not active at the time of the timestamp, or vice versa. + + We fix this by subtracting the real timezone offset directly in + vsf_sysutil_parse_time(). + + Note that the `tm_gmtoff` attribute, used in this fix, is a + BSD/glic extension. However, using `tm_gmtoff` seems like the + simplest solution and we need to make this work only with glibc + anyway. + +The fix was tested in the following way. We checked that the timestamp +given to the MDTM command when setting modification time exactly +matches the timestamp received as response from MDTM when reading back +the modification time. Additionally, we checked that the modification +time was set correctly on the given file on disk. + +These two checks were performed under various conditions - all the +combinations of DST/non-DST system time, DST/non-DST modification +time, use_localtime=YES/NO. + +Note that (I think) this will still not work if the rules for when DST +is active change. For example, if DST is ever completely cancelled in +the Europe/Prague timezone, and vsftpd is dealing with a timestamp +from a time when DST was active, it will produce incorrect results. I +think we would need the full zone file to fix this, but the zone file +is hard to provide when we're chroot-ed. + +Resolves: rhbz#1567855 +--- + postlogin.c | 5 +++-- + sysutil.c | 17 ++++++++++------- + sysutil.h | 4 ++-- + 3 files changed, 15 insertions(+), 11 deletions(-) + +diff --git a/postlogin.c b/postlogin.c +index 7c749ef..8a3d9d2 100644 +--- a/postlogin.c ++++ b/postlogin.c +@@ -1788,7 +1788,8 @@ handle_mdtm(struct vsf_session* p_sess) + if (do_write != 0) + { + str_split_char(&p_sess->ftp_arg_str, &s_filename_str, ' '); +- modtime = vsf_sysutil_parse_time(str_getbuf(&p_sess->ftp_arg_str)); ++ modtime = vsf_sysutil_parse_time( ++ str_getbuf(&p_sess->ftp_arg_str), tunable_use_localtime); + str_copy(&p_sess->ftp_arg_str, &s_filename_str); + } + resolve_tilde(&p_sess->ftp_arg_str, p_sess); +@@ -1809,7 +1810,7 @@ handle_mdtm(struct vsf_session* p_sess) + else + { + retval = vsf_sysutil_setmodtime( +- str_getbuf(&p_sess->ftp_arg_str), modtime, tunable_use_localtime); ++ str_getbuf(&p_sess->ftp_arg_str), modtime); + if (retval != 0) + { + vsf_cmdio_write(p_sess, FTP_FILEFAIL, +diff --git a/sysutil.c b/sysutil.c +index e847650..66d4c5e 100644 +--- a/sysutil.c ++++ b/sysutil.c +@@ -2819,11 +2819,13 @@ vsf_sysutil_syslog(const char* p_text, int severe) + } + + long +-vsf_sysutil_parse_time(const char* p_text) ++vsf_sysutil_parse_time(const char* p_text, int is_localtime) + { ++ long res; + struct tm the_time; + unsigned int len = vsf_sysutil_strlen(p_text); + vsf_sysutil_memclr(&the_time, sizeof(the_time)); ++ the_time.tm_isdst = -1; + if (len >= 8) + { + char yr[5]; +@@ -2848,17 +2850,18 @@ vsf_sysutil_parse_time(const char* p_text) + the_time.tm_min = vsf_sysutil_atoi(mins); + the_time.tm_sec = vsf_sysutil_atoi(sec); + } +- return mktime(&the_time); ++ res = mktime(&the_time); ++ if (!is_localtime) ++ { ++ res += the_time.tm_gmtoff; ++ } ++ return res; + } + + int +-vsf_sysutil_setmodtime(const char* p_file, long the_time, int is_localtime) ++vsf_sysutil_setmodtime(const char* p_file, long the_time) + { + struct utimbuf new_times; +- if (!is_localtime) +- { +- the_time -= s_timezone; +- } + vsf_sysutil_memclr(&new_times, sizeof(new_times)); + new_times.actime = the_time; + new_times.modtime = the_time; +diff --git a/sysutil.h b/sysutil.h +index 7a59f13..b90f6ca 100644 +--- a/sysutil.h ++++ b/sysutil.h +@@ -349,9 +349,9 @@ void vsf_sysutil_chroot(const char* p_root_path); + */ + long vsf_sysutil_get_time_sec(void); + long vsf_sysutil_get_time_usec(void); +-long vsf_sysutil_parse_time(const char* p_text); ++long vsf_sysutil_parse_time(const char* p_text, int is_localtime); + void vsf_sysutil_sleep(double seconds); +-int vsf_sysutil_setmodtime(const char* p_file, long the_time, int is_localtime); ++int vsf_sysutil_setmodtime(const char* p_file, long the_time); + + /* Limits */ + void vsf_sysutil_set_address_space_limit(unsigned long bytes); +-- +2.24.1 + diff --git a/0002-Drop-an-unused-global-variable.patch b/0002-Drop-an-unused-global-variable.patch new file mode 100644 index 0000000..53af589 --- /dev/null +++ b/0002-Drop-an-unused-global-variable.patch @@ -0,0 +1,56 @@ +From d0045e35674d64d166d17c3c079ae03e8c2e6361 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Thu, 13 Feb 2020 17:29:06 +0100 +Subject: [PATCH 2/2] Drop an unused global variable + +The global variable `s_timezone` is not used anymore, so we can drop +it. +--- + sysutil.c | 17 +++-------------- + 1 file changed, 3 insertions(+), 14 deletions(-) + +diff --git a/sysutil.c b/sysutil.c +index 66d4c5e..0ccf551 100644 +--- a/sysutil.c ++++ b/sysutil.c +@@ -72,8 +72,6 @@ static struct timeval s_current_time; + static int s_current_pid = -1; + /* Exit function */ + static exitfunc_t s_exit_func; +-/* Difference in timezone from GMT in seconds */ +-static long s_timezone; + + /* Our internal signal handling implementation details */ + static struct vsf_sysutil_sig_details +@@ -2661,7 +2659,6 @@ char* vsf_sysutil_get_tz() + void + vsf_sysutil_tzset(void) + { +- int retval; + char *tz=NULL, tzbuf[sizeof("+HHMM!")]; + time_t the_time = time(NULL); + struct tm* p_tm; +@@ -2681,17 +2678,9 @@ vsf_sysutil_tzset(void) + { + die("localtime"); + } +- retval = strftime(tzbuf, sizeof(tzbuf), "%z", p_tm); +- tzbuf[sizeof(tzbuf) - 1] = '\0'; +- if (retval == 5) +- { +- s_timezone = ((tzbuf[1] - '0') * 10 + (tzbuf[2] - '0')) * 60 * 60; +- s_timezone += ((tzbuf[3] - '0') * 10 + (tzbuf[4] - '0')) * 60; +- if (tzbuf[0] == '+') +- { +- s_timezone *= -1; +- } +- } ++ /* Not sure if the following call to strftime() has any desired side ++ effects, so I'm keeping it to be safe. */ ++ (void) strftime(tzbuf, sizeof(tzbuf), "%z", p_tm); + /* Call in to the time subsystem again now that TZ is set, trying to force + * caching of the actual zoneinfo for the timezone. + */ +-- +2.24.1 + diff --git a/vsftpd.spec b/vsftpd.spec index 644221c..f81c2f8 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 36%{?dist} +Release: 37%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -93,6 +93,8 @@ Patch63: 0001-Set-s_uwtmp_inserted-only-after-record-insertion-rem.patch Patch64: 0002-Repeat-pututxline-if-it-fails-with-EINTR.patch Patch65: 0001-Repeat-pututxline-until-it-succeeds-if-it-fails-with.patch Patch66: 0001-Fix-assignment-of-an-enumerator-of-a-different-type.patch +Patch67: 0001-Fix-timestamp-handling-in-MDTM.patch +Patch68: 0002-Drop-an-unused-global-variable.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -161,6 +163,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Thu Feb 13 2020 Ondřej Lysoněk - 3.0.3-37 +- Fix timestamp handling in MDTM +- Resolves: rhbz#1567855 + * Fri Feb 07 2020 Ondřej Lysoněk - 3.0.3-36 - Fix build with gcc 10 - Resolves: rhbz#1800239 From d37bca598d7a7925579b9dcfcd9c221f42d0a936 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Tue, 17 Mar 2020 13:02:58 +0100 Subject: [PATCH 47/85] Remove a hint about the ftp_home_dir SELinux boolean from the config file Resolves: rhbz#1623424 --- ...out-the-ftp_home_dir-SELinux-boolean.patch | 25 +++++++++++++++++++ vsftpd.spec | 7 +++++- 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 0001-Remove-a-hint-about-the-ftp_home_dir-SELinux-boolean.patch diff --git a/0001-Remove-a-hint-about-the-ftp_home_dir-SELinux-boolean.patch b/0001-Remove-a-hint-about-the-ftp_home_dir-SELinux-boolean.patch new file mode 100644 index 0000000..88640ac --- /dev/null +++ b/0001-Remove-a-hint-about-the-ftp_home_dir-SELinux-boolean.patch @@ -0,0 +1,25 @@ +From ab797dcffc855b05c9e7c8db4e5be2fc7510831b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Tue, 17 Mar 2020 12:57:36 +0100 +Subject: [PATCH] Remove a hint about the ftp_home_dir SELinux boolean + +The boolean has been removed from SELinux. +--- + vsftpd.conf | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/vsftpd.conf b/vsftpd.conf +index 6b8eebb..ea20a72 100644 +--- a/vsftpd.conf ++++ b/vsftpd.conf +@@ -12,7 +12,6 @@ + anonymous_enable=NO + # + # Uncomment this to allow local users to log in. +-# When SELinux is enforcing check for SE bool ftp_home_dir + local_enable=YES + # + # Uncomment this to enable any form of FTP write command. +-- +2.25.1 + diff --git a/vsftpd.spec b/vsftpd.spec index f81c2f8..b878bdb 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 37%{?dist} +Release: 38%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -95,6 +95,7 @@ Patch65: 0001-Repeat-pututxline-until-it-succeeds-if-it-fails-with.patch Patch66: 0001-Fix-assignment-of-an-enumerator-of-a-different-type.patch Patch67: 0001-Fix-timestamp-handling-in-MDTM.patch Patch68: 0002-Drop-an-unused-global-variable.patch +Patch69: 0001-Remove-a-hint-about-the-ftp_home_dir-SELinux-boolean.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -163,6 +164,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Tue Mar 17 2020 Ondřej Lysoněk - 3.0.3-38 +- Removed a hint about the ftp_home_dir SELinux boolean from the config file +- Resolves: rhbz#1623424 + * Thu Feb 13 2020 Ondřej Lysoněk - 3.0.3-37 - Fix timestamp handling in MDTM - Resolves: rhbz#1567855 From 2526a74ac732414d31a20591f7b3e3e94a970363 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 29 Jul 2020 13:54:09 +0000 Subject: [PATCH 48/85] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- vsftpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index b878bdb..d605550 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 38%{?dist} +Release: 39%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -164,6 +164,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Wed Jul 29 2020 Fedora Release Engineering - 3.0.3-39 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + * Tue Mar 17 2020 Ondřej Lysoněk - 3.0.3-38 - Removed a hint about the ftp_home_dir SELinux boolean from the config file - Resolves: rhbz#1623424 From a745964126c155fa6083c67a3ebc7588f476c3d9 Mon Sep 17 00:00:00 2001 From: Artem Egorenkov Date: Tue, 3 Nov 2020 17:45:54 +0100 Subject: [PATCH 49/85] Unit files fixed "After=network-online.target" --- vsftpd.service | 2 +- vsftpd.spec | 5 ++++- vsftpd.target | 2 +- vsftpd@.service | 2 +- 4 files changed, 7 insertions(+), 4 deletions(-) diff --git a/vsftpd.service b/vsftpd.service index 8ebae44..4a41b72 100644 --- a/vsftpd.service +++ b/vsftpd.service @@ -1,6 +1,6 @@ [Unit] Description=Vsftpd ftp daemon -After=network.target +After=network-online.target [Service] Type=forking diff --git a/vsftpd.spec b/vsftpd.spec index d605550..b0556d4 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 39%{?dist} +Release: 40%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -164,6 +164,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Mon Nov 02 2020 Artem Egorenkov - 3.0.3-40 +- Unit files fixed "After=network-online.target" + * Wed Jul 29 2020 Fedora Release Engineering - 3.0.3-39 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild diff --git a/vsftpd.target b/vsftpd.target index 3f0a942..3828bf8 100644 --- a/vsftpd.target +++ b/vsftpd.target @@ -1,6 +1,6 @@ [Unit] Description=FTP daemon -After=network.target +After=network-online.target [Install] WantedBy=multi-user.target diff --git a/vsftpd@.service b/vsftpd@.service index f3a7a16..b063f8f 100644 --- a/vsftpd@.service +++ b/vsftpd@.service @@ -1,6 +1,6 @@ [Unit] Description=Vsftpd ftp daemon -After=network.target +After=network-online.target PartOf=vsftpd.target [Service] From a93b3655b0694e1c45b216da31583778be348253 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timm=20B=C3=A4der?= Date: Tue, 17 Nov 2020 10:16:57 +0100 Subject: [PATCH 50/85] Fix str_open() in a different way The original patch tried to fix it by not assigning anything to open_mode. That only works if the compiler is able to deduce that bug() will abort the process however (or just not warn about the uninitialized use of open_mode). clang does warn about open_mode being used uninitialized in this function. Solve this by rewriting the function to simply only consider one case, the mode == kVSFSysStrOpenReadOnly one. Otherwise, don't call vsf_sysutil_open_file() and just return -1 after calling bug(). --- ...of-an-enumerator-of-a-different-type.patch | 33 ------------------- fix-str_open.patch | 28 ++++++++++++++++ vsftpd.spec | 2 +- 3 files changed, 29 insertions(+), 34 deletions(-) delete mode 100644 0001-Fix-assignment-of-an-enumerator-of-a-different-type.patch create mode 100644 fix-str_open.patch diff --git a/0001-Fix-assignment-of-an-enumerator-of-a-different-type.patch b/0001-Fix-assignment-of-an-enumerator-of-a-different-type.patch deleted file mode 100644 index e20404a..0000000 --- a/0001-Fix-assignment-of-an-enumerator-of-a-different-type.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 8882c5f7788fc2ea7cae824a7fa09b82782fc81e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= -Date: Fri, 7 Feb 2020 11:51:46 +0100 -Subject: [PATCH] Fix assignment of an enumerator of a different type - -The kVSFSysStrOpenUnknown enumerator is not part of the -EVSFSysUtilOpenMode enum. The assignment causes a build failure with -gcc 10. - -The open_mode variable need not be initialized, because the switch -statement either sets the variable or causes us to exit. - -Resolves: rhbz#1800239 ---- - sysstr.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/sysstr.c b/sysstr.c -index d86cdf1..ff2671b 100644 ---- a/sysstr.c -+++ b/sysstr.c -@@ -74,7 +74,7 @@ str_chdir(const struct mystr* p_str) - int - str_open(const struct mystr* p_str, const enum EVSFSysStrOpenMode mode) - { -- enum EVSFSysUtilOpenMode open_mode = kVSFSysStrOpenUnknown; -+ enum EVSFSysUtilOpenMode open_mode; - switch (mode) - { - case kVSFSysStrOpenReadOnly: --- -2.24.1 - diff --git a/fix-str_open.patch b/fix-str_open.patch new file mode 100644 index 0000000..eef52ec --- /dev/null +++ b/fix-str_open.patch @@ -0,0 +1,28 @@ +diff -ruN vsftpd-3.0.3.orig/sysstr.c vsftpd-3.0.3/sysstr.c +--- vsftpd-3.0.3.orig/sysstr.c 2020-11-17 09:47:03.872923383 +0100 ++++ vsftpd-3.0.3/sysstr.c 2020-11-17 09:48:41.219754145 +0100 +@@ -74,19 +74,11 @@ + int + str_open(const struct mystr* p_str, const enum EVSFSysStrOpenMode mode) + { +- enum EVSFSysUtilOpenMode open_mode = kVSFSysStrOpenUnknown; +- switch (mode) +- { +- case kVSFSysStrOpenReadOnly: +- open_mode = kVSFSysUtilOpenReadOnly; +- break; +- case kVSFSysStrOpenUnknown: +- /* Fall through */ +- default: +- bug("unknown mode value in str_open"); +- break; +- } +- return vsf_sysutil_open_file(str_getbuf(p_str), open_mode); ++ if (mode == kVSFSysStrOpenReadOnly) ++ return vsf_sysutil_open_file(str_getbuf(p_str), kVSFSysUtilOpenReadOnly); ++ ++ bug("unknown mode value in str_open"); ++ return -1; + } + + int diff --git a/vsftpd.spec b/vsftpd.spec index b0556d4..9bb18a5 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -92,10 +92,10 @@ Patch62: 0002-Prevent-recursion-in-bug.patch Patch63: 0001-Set-s_uwtmp_inserted-only-after-record-insertion-rem.patch Patch64: 0002-Repeat-pututxline-if-it-fails-with-EINTR.patch Patch65: 0001-Repeat-pututxline-until-it-succeeds-if-it-fails-with.patch -Patch66: 0001-Fix-assignment-of-an-enumerator-of-a-different-type.patch Patch67: 0001-Fix-timestamp-handling-in-MDTM.patch Patch68: 0002-Drop-an-unused-global-variable.patch Patch69: 0001-Remove-a-hint-about-the-ftp_home_dir-SELinux-boolean.patch +Patch70: fix-str_open.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from From 9c2c73019c8236c5e6643ca5d846bb5ebe24867d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timm=20B=C3=A4der?= Date: Tue, 17 Nov 2020 10:19:59 +0100 Subject: [PATCH 51/85] spec: Pass $RPM_LD_FLAGS to LINK --- vsftpd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index 9bb18a5..b79ccff 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -111,7 +111,7 @@ cp %{SOURCE1} . %else %make_build CFLAGS="$RPM_OPT_FLAGS -fpie -pipe -Wextra -Werror" \ %endif - LINK="-pie -lssl" %{?_smp_mflags} + LINK="-pie -lssl $RPM_LD_FLAGS" %{?_smp_mflags} %install mkdir -p $RPM_BUILD_ROOT%{_sbindir} From eac39c3fbaa53849920beb57ea7c9b5b1810ecbb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timm=20B=C3=A4der?= Date: Fri, 27 Nov 2020 16:13:07 +0100 Subject: [PATCH 52/85] Update changelog --- vsftpd.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/vsftpd.spec b/vsftpd.spec index b79ccff..c5bc898 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -164,6 +164,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Wed Nov 27 2020 Timm Bäder - 3.0.3-41 +- Fix str_open() so it doesn't warn when compiled with clang +- Pass $RPM_LD_FLAGS when linking + * Mon Nov 02 2020 Artem Egorenkov - 3.0.3-40 - Unit files fixed "After=network-online.target" From ed85881b79c0d9edd57f3eb857161e7c7af68105 Mon Sep 17 00:00:00 2001 From: Artem Egorenkov Date: Mon, 30 Nov 2020 14:48:45 +0100 Subject: [PATCH 53/85] - Release bumped - Changelog date fixed --- vsftpd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vsftpd.spec b/vsftpd.spec index c5bc898..5c42478 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 40%{?dist} +Release: 41%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -164,7 +164,7 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog -* Wed Nov 27 2020 Timm Bäder - 3.0.3-41 +* Fri Nov 27 2020 Timm Bäder - 3.0.3-41 - Fix str_open() so it doesn't warn when compiled with clang - Pass $RPM_LD_FLAGS when linking From 2b0cc8cb30e916ca0ea159107dcd2275155a4ac1 Mon Sep 17 00:00:00 2001 From: Tom Stellard Date: Sat, 9 Jan 2021 00:47:59 +0000 Subject: [PATCH 54/85] Add BuildRequires: make https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot --- vsftpd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/vsftpd.spec b/vsftpd.spec index 5c42478..6933a11 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -19,6 +19,7 @@ Source8: vsftpd@.service Source9: vsftpd.target Source10: vsftpd-generator +BuildRequires: make BuildRequires: pam-devel BuildRequires: libcap-devel BuildRequires: openssl-devel From ba82eb63b783c0f54d46ad9114b7be94f1dbc4b7 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 27 Jan 2021 23:15:33 +0000 Subject: [PATCH 55/85] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- vsftpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index 6933a11..7d1fc6f 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 41%{?dist} +Release: 42%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -165,6 +165,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Wed Jan 27 2021 Fedora Release Engineering - 3.0.3-42 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + * Fri Nov 27 2020 Timm Bäder - 3.0.3-41 - Fix str_open() so it doesn't warn when compiled with clang - Pass $RPM_LD_FLAGS when linking From 87915b320db3de54f10142f32a4471532c9672ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 2 Mar 2021 16:12:03 +0100 Subject: [PATCH 56/85] Rebuilt for updated systemd-rpm-macros See https://pagure.io/fesco/issue/2583. --- vsftpd.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index 7d1fc6f..5d3b9ea 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 42%{?dist} +Release: 43%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -165,6 +165,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 3.0.3-43 +- Rebuilt for updated systemd-rpm-macros + See https://pagure.io/fesco/issue/2583. + * Wed Jan 27 2021 Fedora Release Engineering - 3.0.3-42 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild From d48775fd3a55a4468c43a9558bfcb2ba52a4cca5 Mon Sep 17 00:00:00 2001 From: Artem Egorenkov Date: Thu, 8 Apr 2021 15:11:14 +0200 Subject: [PATCH 57/85] Enable wide-character support in logs --- ...wc_logs-replace_unprintable_with_hex.patch | 215 ++++++++++++++++++ vsftpd.spec | 8 +- 2 files changed, 222 insertions(+), 1 deletion(-) create mode 100644 vsftpd-3.0.3-enable_wc_logs-replace_unprintable_with_hex.patch diff --git a/vsftpd-3.0.3-enable_wc_logs-replace_unprintable_with_hex.patch b/vsftpd-3.0.3-enable_wc_logs-replace_unprintable_with_hex.patch new file mode 100644 index 0000000..38de8f3 --- /dev/null +++ b/vsftpd-3.0.3-enable_wc_logs-replace_unprintable_with_hex.patch @@ -0,0 +1,215 @@ +diff --git a/logging.c b/logging.c +index 9e86808..613ff4b 100644 +--- a/logging.c ++++ b/logging.c +@@ -171,7 +171,14 @@ vsf_log_do_log_to_file(int fd, struct mystr* p_str) + return; + } + } +- str_replace_unprintable(p_str, '?'); ++ if (tunable_wc_logs_enable) ++ { ++ str_replace_unprintable_with_hex_wc(p_str); ++ } ++ else ++ { ++ str_replace_unprintable_with_hex(p_str); ++ } + str_append_char(p_str, '\n'); + /* Ignore write failure; maybe the disk filled etc. */ + (void) str_write_loop(p_str, fd); +diff --git a/parseconf.c b/parseconf.c +index 3cfe7da..3729818 100644 +--- a/parseconf.c ++++ b/parseconf.c +@@ -113,6 +113,7 @@ parseconf_bool_array[] = + { "allow_writeable_chroot", &tunable_allow_writeable_chroot }, + { "better_stou", &tunable_better_stou }, + { "log_die", &tunable_log_die }, ++ { "wc_logs_enable", &tunable_wc_logs_enable }, + { 0, 0 } + }; + +diff --git a/str.c b/str.c +index 82b8ae4..a4e81d6 100644 +--- a/str.c ++++ b/str.c +@@ -20,6 +20,11 @@ + #include "utility.h" + #include "sysutil.h" + ++#include ++#include ++#include ++#include ++ + /* File local functions */ + static void str_split_text_common(struct mystr* p_src, struct mystr* p_rhs, + const char* p_text, int is_reverse); +@@ -723,6 +728,102 @@ str_replace_unprintable(struct mystr* p_str, char new_char) + } + } + ++void ++str_replace_unprintable_with_hex(struct mystr* p_str) ++{ ++ unsigned int ups_size = sizeof(unsigned int) * (p_str->len); ++ if (ups_size < p_str->len) ++ { ++ str_replace_unprintable(p_str, '?'); ++ str_append_text(p_str, ": BUG: string is too long"); ++ bug(p_str->p_buf); ++ } ++ unsigned int* ups = vsf_sysutil_malloc(ups_size); ++ unsigned int up_count = 0; ++ for (unsigned int i=0; i < p_str->len; i++) ++ { ++ if (!vsf_sysutil_isprint(p_str->p_buf[i])) ++ { ++ ups[up_count++] = i; ++ } ++ } ++ str_replace_positions_with_hex(p_str, ups, up_count); ++ vsf_sysutil_free(ups); ++} ++ ++void str_replace_unprintable_with_hex_wc(struct mystr* p_str) ++{ ++ unsigned int ups_size = sizeof(unsigned int) * (p_str->len); ++ if (ups_size < p_str->len) ++ { ++ str_replace_unprintable(p_str, '?'); ++ str_append_text(p_str, ": BUG: string is too long"); ++ bug(p_str->p_buf); ++ } ++ unsigned int* ups = vsf_sysutil_malloc(ups_size); ++ unsigned int up_count = 0; ++ ++ size_t current = 0; ++ wchar_t pwc; ++ mbstate_t ps; ++ memset(&ps, 0, sizeof(ps)); ++ ssize_t len = 0; ++ while ((len = mbrtowc(&pwc, p_str->p_buf, p_str->len - current, &ps)) > 0) ++ { ++ if (!iswprint(pwc)) ++ { ++ for (unsigned int i = 0; i < len; i++) ++ { ++ ups[up_count++] = current++; ++ } ++ } ++ else ++ { ++ current += len; ++ } ++ } ++ if (len < 0) ++ { ++ while (current < p_str->len) ++ { ++ ups[up_count++] = current++; ++ } ++ } ++ str_replace_positions_with_hex(p_str, ups, up_count); ++ vsf_sysutil_free(ups); ++} ++ ++void ++str_replace_positions_with_hex(struct mystr* p_str, const unsigned int* poss, const unsigned int pos_count) ++{ ++ if (pos_count == 0) ++ return; ++ ++ struct mystr tmp_str = INIT_MYSTR; ++ str_reserve(&tmp_str, p_str->len + 3 * pos_count); ++ unsigned int current = 0; ++ ++ for (unsigned int i=0; i < pos_count; i++) ++ { ++ unsigned int pos = poss[i]; ++ ++ if (current < pos) ++ private_str_append_memchunk(&tmp_str, p_str->p_buf + current, pos - current); ++ ++ char hex_buf[5]; ++ memset(hex_buf, 0, sizeof(hex_buf)); ++ sprintf(hex_buf, "\\x%02X", (unsigned char) p_str->p_buf[pos]); ++ str_append_text(&tmp_str, hex_buf); ++ current = pos + 1; ++ } ++ ++ if (current < p_str->len) ++ private_str_append_memchunk(&tmp_str, p_str->p_buf + current, p_str->len - current); ++ ++ str_copy(p_str, &tmp_str); ++ str_free(&tmp_str); ++} ++ + void + str_basename (struct mystr* d_str, const struct mystr* path) + { +diff --git a/str.h b/str.h +index 44270da..95a83b5 100644 +--- a/str.h ++++ b/str.h +@@ -98,6 +98,10 @@ int str_contains_space(const struct mystr* p_str); + int str_all_space(const struct mystr* p_str); + int str_contains_unprintable(const struct mystr* p_str); + void str_replace_unprintable(struct mystr* p_str, char new_char); ++void str_replace_unprintable_with_hex(struct mystr* p_str); ++void str_replace_unprintable_with_hex_wc(struct mystr* p_str); ++void str_replace_positions_with_hex(struct mystr* p_str, const unsigned int* poss, ++ const unsigned int pos_count); + int str_atoi(const struct mystr* p_str); + filesize_t str_a_to_filesize_t(const struct mystr* p_str); + unsigned int str_octal_to_uint(const struct mystr* p_str); +diff --git a/tunables.c b/tunables.c +index a7ce9c8..c96c1ac 100644 +--- a/tunables.c ++++ b/tunables.c +@@ -94,6 +94,7 @@ int tunable_seccomp_sandbox; + int tunable_allow_writeable_chroot; + int tunable_better_stou; + int tunable_log_die; ++int tunable_wc_logs_enable; + + unsigned int tunable_accept_timeout; + unsigned int tunable_connect_timeout; +@@ -244,6 +245,7 @@ tunables_load_defaults() + tunable_allow_writeable_chroot = 0; + tunable_better_stou = 0; + tunable_log_die = 0; ++ tunable_wc_logs_enable = 0; + + tunable_accept_timeout = 60; + tunable_connect_timeout = 60; +diff --git a/tunables.h b/tunables.h +index 029d645..8d50150 100644 +--- a/tunables.h ++++ b/tunables.h +@@ -98,6 +98,7 @@ extern int tunable_better_stou; /* Use better file name generation + */ + extern int tunable_log_die; /* Log calls to die(), die2() + * and bug() */ ++extern int tunable_wc_logs_enable; /* Allow non ASCII characters in logs */ + + /* Integer/numeric defines */ + extern unsigned int tunable_accept_timeout; +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index ce3fba3..815773f 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -735,6 +735,12 @@ If enabled, use CLONE_NEWPID and CLONE_NEWIPC to isolate processes to their + ipc and pid namespaces. So separated processes can not interact with each other. + + Default: YES ++.TP ++.B wc_logs_enable ++If enabled, logs will be treated as wide-character strings and not just ++ASCII strings when filtering out non-printable characters. ++ ++Default: NO + + .SH NUMERIC OPTIONS + Below is a list of numeric options. A numeric option must be set to a non diff --git a/vsftpd.spec b/vsftpd.spec index 5d3b9ea..63f6a74 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 43%{?dist} +Release: 44%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -97,6 +97,8 @@ Patch67: 0001-Fix-timestamp-handling-in-MDTM.patch Patch68: 0002-Drop-an-unused-global-variable.patch Patch69: 0001-Remove-a-hint-about-the-ftp_home_dir-SELinux-boolean.patch Patch70: fix-str_open.patch +# upstream commits 56402c0, 8b82e73 +Patch71: vsftpd-3.0.3-enable_wc_logs-replace_unprintable_with_hex.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -165,6 +167,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Wed Apr 8 2021 Artem Egorenkov - 3.0.3-44 +- Enable support for wide-character strings in logs +- Replace unprintables with HEX code, not question marks + * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 3.0.3-43 - Rebuilt for updated systemd-rpm-macros See https://pagure.io/fesco/issue/2583. From 52a06d89792b58c4dbb8e783d293c328323fa375 Mon Sep 17 00:00:00 2001 From: Artem Egorenkov Date: Thu, 8 Apr 2021 16:22:32 +0200 Subject: [PATCH 58/85] failed build fixed --- ...pd-3.0.3-enable_wc_logs-replace_unprintable_with_hex.patch | 4 ++-- vsftpd.spec | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/vsftpd-3.0.3-enable_wc_logs-replace_unprintable_with_hex.patch b/vsftpd-3.0.3-enable_wc_logs-replace_unprintable_with_hex.patch index 38de8f3..914aebd 100644 --- a/vsftpd-3.0.3-enable_wc_logs-replace_unprintable_with_hex.patch +++ b/vsftpd-3.0.3-enable_wc_logs-replace_unprintable_with_hex.patch @@ -31,7 +31,7 @@ index 3cfe7da..3729818 100644 }; diff --git a/str.c b/str.c -index 82b8ae4..a4e81d6 100644 +index 82b8ae4..c03e7d8 100644 --- a/str.c +++ b/str.c @@ -20,6 +20,11 @@ @@ -94,7 +94,7 @@ index 82b8ae4..a4e81d6 100644 + { + if (!iswprint(pwc)) + { -+ for (unsigned int i = 0; i < len; i++) ++ for (int i = 0; i < len; i++) + { + ups[up_count++] = current++; + } diff --git a/vsftpd.spec b/vsftpd.spec index 63f6a74..69923a1 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -167,7 +167,7 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog -* Wed Apr 8 2021 Artem Egorenkov - 3.0.3-44 +* Thu Apr 8 2021 Artem Egorenkov - 3.0.3-44 - Enable support for wide-character strings in logs - Replace unprintables with HEX code, not question marks From 18928bb25ec3e20e013fb55206d10251a59a60bc Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 23 Jul 2021 20:41:02 +0000 Subject: [PATCH 59/85] - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- vsftpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index 69923a1..d340249 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 44%{?dist} +Release: 45%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -167,6 +167,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Fri Jul 23 2021 Fedora Release Engineering - 3.0.3-45 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + * Thu Apr 8 2021 Artem Egorenkov - 3.0.3-44 - Enable support for wide-character strings in logs - Replace unprintables with HEX code, not question marks From 6e276bfedb9bc01bfd4964f4c518a60cdedb608d Mon Sep 17 00:00:00 2001 From: Sahana Prasad Date: Tue, 14 Sep 2021 19:17:40 +0200 Subject: [PATCH 60/85] Rebuilt with OpenSSL 3.0.0 --- vsftpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index d340249..8fe341f 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 45%{?dist} +Release: 46%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -167,6 +167,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Tue Sep 14 2021 Sahana Prasad - 3.0.3-46 +- Rebuilt with OpenSSL 3.0.0 + * Fri Jul 23 2021 Fedora Release Engineering - 3.0.3-45 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild From 1fd680f423c46b8718ee2dd43e31b8c7e325d976 Mon Sep 17 00:00:00 2001 From: Ondrej Mejzlik Date: Wed, 22 Sep 2021 18:00:52 +0200 Subject: [PATCH 61/85] Adding fmf plan --- .fmf/version | 1 + plans/ci.fmf | 6 ++++++ 2 files changed, 7 insertions(+) create mode 100644 .fmf/version create mode 100644 plans/ci.fmf diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/plans/ci.fmf b/plans/ci.fmf new file mode 100644 index 0000000..3eeb9e9 --- /dev/null +++ b/plans/ci.fmf @@ -0,0 +1,6 @@ +summary: Test plan that runs all tests from tests repo. +discover: + how: fmf + url: https://src.fedoraproject.org/tests/vsftpd.git +execute: + how: tmt From ebaec574529e0220ee94569780d0bd6ca3ae7721 Mon Sep 17 00:00:00 2001 From: Artem Egorenkov Date: Wed, 13 Oct 2021 14:25:25 +0200 Subject: [PATCH 62/85] Temporary pass -Wno-deprecated-declarations to gcc to ignore deprecated warnings to be able to build against OpenSSL-3.0 Resolves: rhbz#1962603 --- vsftpd.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/vsftpd.spec b/vsftpd.spec index 8fe341f..1b8fdfe 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -109,10 +109,13 @@ scratch. cp %{SOURCE1} . %build +# temporary ignore deprecated warnings to be able to build against OpenSSL 3.0 +%define ignore_deprecated -Wno-deprecated-declarations + %ifarch s390x sparcv9 sparc64 -%make_build CFLAGS="$RPM_OPT_FLAGS -fPIE -pipe -Wextra -Werror" \ +%make_build CFLAGS="$RPM_OPT_FLAGS -fPIE -pipe -Wextra -Werror %ignore_deprecated" \ %else -%make_build CFLAGS="$RPM_OPT_FLAGS -fpie -pipe -Wextra -Werror" \ +%make_build CFLAGS="$RPM_OPT_FLAGS -fpie -pipe -Wextra -Werror %ignore_deprecated" \ %endif LINK="-pie -lssl $RPM_LD_FLAGS" %{?_smp_mflags} From eb81361da08585e78208800030f5955b399f951c Mon Sep 17 00:00:00 2001 From: Artem Egorenkov Date: Wed, 13 Oct 2021 14:49:10 +0200 Subject: [PATCH 63/85] release bump --- vsftpd.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index 1b8fdfe..15c23a2 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 46%{?dist} +Release: 47%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -170,6 +170,11 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Wed Oct 13 2021 Artem Egorenkov - 3.0.3-47 +- Temporary pass -Wno-deprecated-declarations to gcc to ignore + deprecated warnings to be able to build against OpenSSL-3.0 +- Resolves: rhbz#1962603 + * Tue Sep 14 2021 Sahana Prasad - 3.0.3-46 - Rebuilt with OpenSSL 3.0.0 From 28071690cee23a4500a70958bca509d535298dff Mon Sep 17 00:00:00 2001 From: Artem Egorenkov Date: Wed, 13 Oct 2021 16:52:15 +0200 Subject: [PATCH 64/85] ALPACA fix backported from upstram 3.0.5 version Related: rhbz#1975648 --- vsftpd-3.0.3-ALPACA.patch | 225 ++++++++++++++++++++++++++++++++++++++ vsftpd.spec | 7 +- 2 files changed, 231 insertions(+), 1 deletion(-) create mode 100644 vsftpd-3.0.3-ALPACA.patch diff --git a/vsftpd-3.0.3-ALPACA.patch b/vsftpd-3.0.3-ALPACA.patch new file mode 100644 index 0000000..336a1de --- /dev/null +++ b/vsftpd-3.0.3-ALPACA.patch @@ -0,0 +1,225 @@ +diff --git a/parseconf.c b/parseconf.c +index 3729818..ee1b8b4 100644 +--- a/parseconf.c ++++ b/parseconf.c +@@ -188,6 +188,7 @@ parseconf_str_array[] = + { "rsa_private_key_file", &tunable_rsa_private_key_file }, + { "dsa_private_key_file", &tunable_dsa_private_key_file }, + { "ca_certs_file", &tunable_ca_certs_file }, ++ { "ssl_sni_hostname", &tunable_ssl_sni_hostname }, + { "cmds_denied", &tunable_cmds_denied }, + { 0, 0 } + }; +diff --git a/ssl.c b/ssl.c +index 09ec96a..b622347 100644 +--- a/ssl.c ++++ b/ssl.c +@@ -41,6 +41,13 @@ static long bio_callback( + BIO* p_bio, int oper, const char* p_arg, int argi, long argl, long retval); + static int ssl_verify_callback(int verify_ok, X509_STORE_CTX* p_ctx); + static DH *ssl_tmp_dh_callback(SSL *ssl, int is_export, int keylength); ++static int ssl_alpn_callback(SSL* p_ssl, ++ const unsigned char** p_out, ++ unsigned char* outlen, ++ const unsigned char* p_in, ++ unsigned int inlen, ++ void* p_arg); ++static long ssl_sni_callback(SSL* p_ssl, int* p_al, void* p_arg); + static int ssl_cert_digest( + SSL* p_ssl, struct vsf_session* p_sess, struct mystr* p_str); + static void maybe_log_shutdown_state(struct vsf_session* p_sess); +@@ -285,6 +292,11 @@ ssl_init(struct vsf_session* p_sess) + SSL_CTX_set_timeout(p_ctx, INT_MAX); + } + ++ /* Set up ALPN to check for FTP protocol intention of client. */ ++ SSL_CTX_set_alpn_select_cb(p_ctx, ssl_alpn_callback, p_sess); ++ /* Set up SNI callback for an optional hostname check. */ ++ SSL_CTX_set_tlsext_servername_callback(p_ctx, ssl_sni_callback); ++ SSL_CTX_set_tlsext_servername_arg(p_ctx, p_sess); + SSL_CTX_set_tmp_dh_callback(p_ctx, ssl_tmp_dh_callback); + + if (tunable_ecdh_param_file) +@@ -871,6 +883,133 @@ ssl_tmp_dh_callback(SSL *ssl, int is_export, int keylength) + return DH_get_dh(keylength); + } + ++static int ++ssl_alpn_callback(SSL* p_ssl, ++ const unsigned char** p_out, ++ unsigned char* outlen, ++ const unsigned char* p_in, ++ unsigned int inlen, ++ void* p_arg) { ++ unsigned int i; ++ struct vsf_session* p_sess = (struct vsf_session*) p_arg; ++ int is_ok = 0; ++ ++ (void) p_ssl; ++ ++ /* Initialize just in case. */ ++ *p_out = p_in; ++ *outlen = 0; ++ ++ for (i = 0; i < inlen; ++i) { ++ unsigned int left = (inlen - i); ++ if (left < 4) { ++ continue; ++ } ++ if (p_in[i] == 3 && p_in[i + 1] == 'f' && p_in[i + 2] == 't' && ++ p_in[i + 3] == 'p') ++ { ++ is_ok = 1; ++ *p_out = &p_in[i + 1]; ++ *outlen = 3; ++ break; ++ } ++ } ++ ++ if (!is_ok) ++ { ++ str_alloc_text(&debug_str, "ALPN rejection"); ++ vsf_log_line(p_sess, kVSFLogEntryDebug, &debug_str); ++ } ++ if (!is_ok || tunable_debug_ssl) ++ { ++ str_alloc_text(&debug_str, "ALPN data: "); ++ for (i = 0; i < inlen; ++i) { ++ str_append_char(&debug_str, p_in[i]); ++ } ++ vsf_log_line(p_sess, kVSFLogEntryDebug, &debug_str); ++ } ++ ++ if (is_ok) ++ { ++ return SSL_TLSEXT_ERR_OK; ++ } ++ else ++ { ++ return SSL_TLSEXT_ERR_ALERT_FATAL; ++ } ++} ++ ++static long ++ssl_sni_callback(SSL* p_ssl, int* p_al, void* p_arg) ++{ ++ static struct mystr s_sni_expected_hostname; ++ static struct mystr s_sni_received_hostname; ++ ++ int servername_type; ++ const char* p_sni_servername; ++ struct vsf_session* p_sess = (struct vsf_session*) p_arg; ++ int is_ok = 0; ++ ++ (void) p_ssl; ++ (void) p_arg; ++ ++ if (tunable_ssl_sni_hostname) ++ { ++ str_alloc_text(&s_sni_expected_hostname, tunable_ssl_sni_hostname); ++ } ++ ++ /* The OpenSSL documentation says it is pre-initialized like this, but set ++ * it just in case. ++ */ ++ *p_al = SSL_AD_UNRECOGNIZED_NAME; ++ ++ servername_type = SSL_get_servername_type(p_ssl); ++ p_sni_servername = SSL_get_servername(p_ssl, TLSEXT_NAMETYPE_host_name); ++ if (p_sni_servername != NULL) { ++ str_alloc_text(&s_sni_received_hostname, p_sni_servername); ++ } ++ ++ if (str_isempty(&s_sni_expected_hostname)) ++ { ++ is_ok = 1; ++ } ++ else if (servername_type != TLSEXT_NAMETYPE_host_name) ++ { ++ /* Fail. */ ++ str_alloc_text(&debug_str, "SNI bad type: "); ++ str_append_ulong(&debug_str, servername_type); ++ vsf_log_line(p_sess, kVSFLogEntryDebug, &debug_str); ++ } ++ else ++ { ++ if (!str_strcmp(&s_sni_expected_hostname, &s_sni_received_hostname)) ++ { ++ is_ok = 1; ++ } ++ else ++ { ++ str_alloc_text(&debug_str, "SNI rejection"); ++ vsf_log_line(p_sess, kVSFLogEntryDebug, &debug_str); ++ } ++ } ++ ++ if (!is_ok || tunable_debug_ssl) ++ { ++ str_alloc_text(&debug_str, "SNI hostname: "); ++ str_append_str(&debug_str, &s_sni_received_hostname); ++ vsf_log_line(p_sess, kVSFLogEntryDebug, &debug_str); ++ } ++ ++ if (is_ok) ++ { ++ return SSL_TLSEXT_ERR_OK; ++ } ++ else ++ { ++ return SSL_TLSEXT_ERR_ALERT_FATAL; ++ } ++} ++ + void + ssl_add_entropy(struct vsf_session* p_sess) + { +diff --git a/tunables.c b/tunables.c +index c96c1ac..d8dfcde 100644 +--- a/tunables.c ++++ b/tunables.c +@@ -152,6 +152,7 @@ const char* tunable_ssl_ciphers; + const char* tunable_rsa_private_key_file; + const char* tunable_dsa_private_key_file; + const char* tunable_ca_certs_file; ++const char* tunable_ssl_sni_hostname; + + static void install_str_setting(const char* p_value, const char** p_storage); + +@@ -309,6 +310,7 @@ tunables_load_defaults() + install_str_setting(0, &tunable_rsa_private_key_file); + install_str_setting(0, &tunable_dsa_private_key_file); + install_str_setting(0, &tunable_ca_certs_file); ++ install_str_setting(0, &tunable_ssl_sni_hostname); + } + + void +diff --git a/tunables.h b/tunables.h +index 8d50150..de6cab0 100644 +--- a/tunables.h ++++ b/tunables.h +@@ -157,6 +157,7 @@ extern const char* tunable_ssl_ciphers; + extern const char* tunable_rsa_private_key_file; + extern const char* tunable_dsa_private_key_file; + extern const char* tunable_ca_certs_file; ++extern const char* tunable_ssl_sni_hostname; + extern const char* tunable_cmds_denied; + + #endif /* VSF_TUNABLES_H */ +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index 815773f..7006287 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -1128,6 +1128,12 @@ for further details. + + Default: PROFILE=SYSTEM + .TP ++.B ssl_sni_hostname ++If set, SSL connections will be rejected unless the SNI hostname in the ++incoming handshakes matches this value. ++ ++Default: (none) ++.TP + .B user_config_dir + This powerful option allows the override of any config option specified in + the manual page, on a per-user basis. Usage is simple, and is best illustrated diff --git a/vsftpd.spec b/vsftpd.spec index 15c23a2..be7f17f 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 47%{?dist} +Release: 48%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -99,6 +99,7 @@ Patch69: 0001-Remove-a-hint-about-the-ftp_home_dir-SELinux-boolean.patch Patch70: fix-str_open.patch # upstream commits 56402c0, 8b82e73 Patch71: vsftpd-3.0.3-enable_wc_logs-replace_unprintable_with_hex.patch +Patch72: vsftpd-3.0.3-ALPACA.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -170,6 +171,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Wed Oct 13 2021 Artem Egorenkov - 3.0.3-48 +- ALPACA fix backported from upstram 3.0.5 version +- Resolves: rhbz#1975648 + * Wed Oct 13 2021 Artem Egorenkov - 3.0.3-47 - Temporary pass -Wno-deprecated-declarations to gcc to ignore deprecated warnings to be able to build against OpenSSL-3.0 From 70e712403f9e6f92511307f81280db76d840e5db Mon Sep 17 00:00:00 2001 From: Artem Egorenkov Date: Wed, 27 Oct 2021 14:51:18 +0200 Subject: [PATCH 65/85] - add option to disable TLSv1.3 - Resolves: rhbz#2017705 --- vsftpd-3.0.3-option_to_disable_TLSv1_3.patch | 96 ++++++++++++++++++++ vsftpd.spec | 7 +- 2 files changed, 102 insertions(+), 1 deletion(-) create mode 100644 vsftpd-3.0.3-option_to_disable_TLSv1_3.patch diff --git a/vsftpd-3.0.3-option_to_disable_TLSv1_3.patch b/vsftpd-3.0.3-option_to_disable_TLSv1_3.patch new file mode 100644 index 0000000..b215273 --- /dev/null +++ b/vsftpd-3.0.3-option_to_disable_TLSv1_3.patch @@ -0,0 +1,96 @@ +diff --git a/features.c b/features.c +index d024366..3a60b88 100644 +--- a/features.c ++++ b/features.c +@@ -22,7 +22,7 @@ handle_feat(struct vsf_session* p_sess) + { + vsf_cmdio_write_raw(p_sess, " AUTH SSL\r\n"); + } +- if (tunable_tlsv1 || tunable_tlsv1_1 || tunable_tlsv1_2) ++ if (tunable_tlsv1 || tunable_tlsv1_1 || tunable_tlsv1_2 || tunable_tlsv1_3) + { + vsf_cmdio_write_raw(p_sess, " AUTH TLS\r\n"); + } +diff --git a/parseconf.c b/parseconf.c +index ee1b8b4..5188088 100644 +--- a/parseconf.c ++++ b/parseconf.c +@@ -87,6 +87,7 @@ parseconf_bool_array[] = + { "ssl_tlsv1", &tunable_tlsv1 }, + { "ssl_tlsv1_1", &tunable_tlsv1_1 }, + { "ssl_tlsv1_2", &tunable_tlsv1_2 }, ++ { "ssl_tlsv1_3", &tunable_tlsv1_3 }, + { "tilde_user_enable", &tunable_tilde_user_enable }, + { "force_anon_logins_ssl", &tunable_force_anon_logins_ssl }, + { "force_anon_data_ssl", &tunable_force_anon_data_ssl }, +diff --git a/ssl.c b/ssl.c +index b622347..3af67ad 100644 +--- a/ssl.c ++++ b/ssl.c +@@ -185,6 +185,10 @@ ssl_init(struct vsf_session* p_sess) + { + options |= SSL_OP_NO_TLSv1_2; + } ++ if (!tunable_tlsv1_3) ++ { ++ options |= SSL_OP_NO_TLSv1_3; ++ } + SSL_CTX_set_options(p_ctx, options); + if (tunable_rsa_cert_file) + { +diff --git a/tunables.c b/tunables.c +index d8dfcde..dc001ac 100644 +--- a/tunables.c ++++ b/tunables.c +@@ -68,6 +68,7 @@ int tunable_sslv3; + int tunable_tlsv1; + int tunable_tlsv1_1; + int tunable_tlsv1_2; ++int tunable_tlsv1_3; + int tunable_tilde_user_enable; + int tunable_force_anon_logins_ssl; + int tunable_force_anon_data_ssl; +@@ -218,8 +219,9 @@ tunables_load_defaults() + tunable_sslv3 = 0; + tunable_tlsv1 = 0; + tunable_tlsv1_1 = 0; +- /* Only TLSv1.2 is enabled by default */ ++ /* Only TLSv1.2 and TLSv1.3 are enabled by default */ + tunable_tlsv1_2 = 1; ++ tunable_tlsv1_3 = 1; + tunable_tilde_user_enable = 0; + tunable_force_anon_logins_ssl = 0; + tunable_force_anon_data_ssl = 0; +diff --git a/tunables.h b/tunables.h +index de6cab0..ff0eebc 100644 +--- a/tunables.h ++++ b/tunables.h +@@ -69,6 +69,7 @@ extern int tunable_sslv3; /* Allow SSLv3 */ + extern int tunable_tlsv1; /* Allow TLSv1 */ + extern int tunable_tlsv1_1; /* Allow TLSv1.1 */ + extern int tunable_tlsv1_2; /* Allow TLSv1.2 */ ++extern int tunable_tlsv1_3; /* Allow TLSv1.3 */ + extern int tunable_tilde_user_enable; /* Support e.g. ~chris */ + extern int tunable_force_anon_logins_ssl; /* Require anon logins use SSL */ + extern int tunable_force_anon_data_ssl; /* Require anon data uses SSL */ +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index 7006287..d181e50 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -587,7 +587,15 @@ Default: NO + Only applies if + .BR ssl_enable + is activated. If enabled, this option will permit TLS v1.2 protocol connections. +-TLS v1.2 connections are preferred. ++TLS v1.2 and TLS v1.3 connections are preferred. ++ ++Default: YES ++.TP ++.B ssl_tlsv1_3 ++Only applies if ++.BR ssl_enable ++is activated. If enabled, this option will permit TLS v1.3 protocol connections. ++TLS v1.2 and TLS v1.3 connections are preferred. + + Default: YES + .TP diff --git a/vsftpd.spec b/vsftpd.spec index be7f17f..b34672d 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 48%{?dist} +Release: 49%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -100,6 +100,7 @@ Patch70: fix-str_open.patch # upstream commits 56402c0, 8b82e73 Patch71: vsftpd-3.0.3-enable_wc_logs-replace_unprintable_with_hex.patch Patch72: vsftpd-3.0.3-ALPACA.patch +Patch73: vsftpd-3.0.3-option_to_disable_TLSv1_3.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -171,6 +172,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Wed Oct 27 2021 Artem Egorenkov - 3.0.3-49 +- add option to disable TLSv1.3 +- Resolves: rhbz#2017705 + * Wed Oct 13 2021 Artem Egorenkov - 3.0.3-48 - ALPACA fix backported from upstram 3.0.5 version - Resolves: rhbz#1975648 From 729620f9a2db253803f2974ace4115781d7401fe Mon Sep 17 00:00:00 2001 From: Ondrej Mejzlik Date: Wed, 15 Dec 2021 11:48:23 +0100 Subject: [PATCH 66/85] adding gating yaml --- gating.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 gating.yaml diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..ce1b655 --- /dev/null +++ b/gating.yaml @@ -0,0 +1,16 @@ +--- !Policy +product_versions: + - fedora-* +decision_contexts: [bodhi_update_push_testing] +subject_type: koji_build +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + +#gating rawhide +--- !Policy +product_versions: + - fedora-* +decision_contexts: [bodhi_update_push_stable] +subject_type: koji_build +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} From 44f20150044d239c8dbd150be6d8046f592aebb6 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 22 Jan 2022 04:11:34 +0000 Subject: [PATCH 67/85] - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- vsftpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index b34672d..61b890b 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 49%{?dist} +Release: 50%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -172,6 +172,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Sat Jan 22 2022 Fedora Release Engineering - 3.0.3-50 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + * Wed Oct 27 2021 Artem Egorenkov - 3.0.3-49 - add option to disable TLSv1.3 - Resolves: rhbz#2017705 From b7d0384436ee83513ec4e1444ac559b10efedfeb Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 23 Jul 2022 12:07:25 +0000 Subject: [PATCH 68/85] Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- vsftpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index 61b890b..ab63318 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 50%{?dist} +Release: 51%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -172,6 +172,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Sat Jul 23 2022 Fedora Release Engineering - 3.0.3-51 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + * Sat Jan 22 2022 Fedora Release Engineering - 3.0.3-50 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild From 63f4fa04b225188aed90f98db682c86858d2cbdc Mon Sep 17 00:00:00 2001 From: Richard Lescak Date: Fri, 29 Jul 2022 20:10:46 +0200 Subject: [PATCH 69/85] rebase to version 3.0.5 --- .gitignore | 1 + ...-support-for-DHE-based-cipher-suites.patch | 26 +++++++++---------- ...upport-for-EDDHE-based-cipher-suites.patch | 10 +++---- 0025-Improve-local_max_rate-option.patch | 4 +-- 0040-Use-system-wide-crypto-policy.patch | 6 ++--- ...-default-for-ssl_ciphers-in-the-man-.patch | 6 ++--- fix-str_open.patch | 7 +++-- sources | 2 +- ...wc_logs-replace_unprintable_with_hex.patch | 0 vsftpd.spec | 17 ++++++------ 10 files changed, 40 insertions(+), 39 deletions(-) rename vsftpd-3.0.3-enable_wc_logs-replace_unprintable_with_hex.patch => vsftpd-3.0.5-enable_wc_logs-replace_unprintable_with_hex.patch (100%) diff --git a/.gitignore b/.gitignore index 811254b..d4e96bd 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ vsftpd-2.3.2.tar.gz /vsftpd-3.0.1.tar.gz /vsftpd-3.0.2.tar.gz /vsftpd-3.0.3.tar.gz +/vsftpd-3.0.5.tar.gz diff --git a/0021-Introduce-support-for-DHE-based-cipher-suites.patch b/0021-Introduce-support-for-DHE-based-cipher-suites.patch index 1abe1e4..cfa23bb 100644 --- a/0021-Introduce-support-for-DHE-based-cipher-suites.patch +++ b/0021-Introduce-support-for-DHE-based-cipher-suites.patch @@ -36,14 +36,14 @@ index c362983..22b69b3 100644 #include #include -@@ -38,6 +40,7 @@ static void setup_bio_callbacks(); +@@ -38,6 +40,7 @@ + static char* get_ssl_error(); + static SSL* get_ssl(struct vsf_session* p_sess, int fd); + static int ssl_session_init(struct vsf_session* p_sess); ++static DH *ssl_tmp_dh_callback(SSL *ssl, int is_export, int keylength); + static void setup_bio_callbacks(); static long bio_callback( BIO* p_bio, int oper, const char* p_arg, int argi, long argl, long retval); - static int ssl_verify_callback(int verify_ok, X509_STORE_CTX* p_ctx); -+static DH *ssl_tmp_dh_callback(SSL *ssl, int is_export, int keylength); - static int ssl_cert_digest( - SSL* p_ssl, struct vsf_session* p_sess, struct mystr* p_str); - static void maybe_log_shutdown_state(struct vsf_session* p_sess); @@ -51,6 +54,60 @@ static int ssl_read_common(struct vsf_session* p_sess, static int ssl_inited; static struct mystr debug_str; @@ -140,18 +140,18 @@ index c362983..22b69b3 100644 if (tunable_ssl_ciphers && SSL_CTX_set_cipher_list(p_ctx, tunable_ssl_ciphers) != 1) { -@@ -165,6 +241,9 @@ ssl_init(struct vsf_session* p_sess) +@@ -184,6 +260,9 @@ /* Ensure cached session doesn't expire */ SSL_CTX_set_timeout(p_ctx, INT_MAX); } -+ ++ + SSL_CTX_set_tmp_dh_callback(p_ctx, ssl_tmp_dh_callback); + - p_sess->p_ssl_ctx = p_ctx; - ssl_inited = 1; + /* Set up ALPN to check for FTP protocol intention of client. */ + SSL_CTX_set_alpn_select_cb(p_ctx, ssl_alpn_callback, p_sess); + /* Set up SNI callback for an optional hostname check. */ +@@ -854,6 +933,18 @@ ssl_verify_callback(int verify_ok, X509_STORE_CTX* p_ctx) } -@@ -702,6 +781,18 @@ ssl_verify_callback(int verify_ok, X509_STORE_CTX* p_ctx) - return 1; } +#define UNUSED(x) ( (void)(x) ) @@ -162,7 +162,7 @@ index c362983..22b69b3 100644 + // strict compiler bypassing + UNUSED(ssl); + UNUSED(is_export); -+ ++ + return DH_get_dh(keylength); +} + diff --git a/0022-Introduce-support-for-EDDHE-based-cipher-suites.patch b/0022-Introduce-support-for-EDDHE-based-cipher-suites.patch index 1428b86..9cb56cd 100644 --- a/0022-Introduce-support-for-EDDHE-based-cipher-suites.patch +++ b/0022-Introduce-support-for-EDDHE-based-cipher-suites.patch @@ -36,8 +36,8 @@ index 22b69b3..96bf8ad 100644 if (!tunable_sslv2) { options |= SSL_OP_NO_SSLv2; -@@ -244,6 +244,41 @@ ssl_init(struct vsf_session* p_sess) - +@@ -244,6 +244,41 @@ + SSL_CTX_set_tmp_dh_callback(p_ctx, ssl_tmp_dh_callback); + if (tunable_ecdh_param_file) @@ -75,9 +75,9 @@ index 22b69b3..96bf8ad 100644 +#endif + } + - p_sess->p_ssl_ctx = p_ctx; - ssl_inited = 1; - } + /* Set up ALPN to check for FTP protocol intention of client. */ + SSL_CTX_set_alpn_select_cb(p_ctx, ssl_alpn_callback, p_sess); + /* Set up SNI callback for an optional hostname check. */ diff --git a/tunables.c b/tunables.c index 1ea7227..93f85b1 100644 --- a/tunables.c diff --git a/0025-Improve-local_max_rate-option.patch b/0025-Improve-local_max_rate-option.patch index e78f825..2c74c7a 100644 --- a/0025-Improve-local_max_rate-option.patch +++ b/0025-Improve-local_max_rate-option.patch @@ -60,9 +60,9 @@ diff --git a/main.c b/main.c index eaba265..f1e2f69 100644 --- a/main.c +++ b/main.c -@@ -40,7 +40,7 @@ main(int argc, const char* argv[]) +@@ -40,7 +40,7 @@ /* Control connection */ - 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, /* Data connection */ - -1, 0, -1, 0, 0, 0, 0, + -1, 0, -1, 0, 0, 0, 0, 0, diff --git a/0040-Use-system-wide-crypto-policy.patch b/0040-Use-system-wide-crypto-policy.patch index f59ba2b..940a5b2 100644 --- a/0040-Use-system-wide-crypto-policy.patch +++ b/0040-Use-system-wide-crypto-policy.patch @@ -3,7 +3,7 @@ From: Martin Sehnoutka Date: Tue, 29 Aug 2017 10:32:16 +0200 Subject: [PATCH 40/59] Use system wide crypto policy -Resolves: rhbz#1483970 +Resolves: rhbz# --- tunables.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) @@ -16,8 +16,8 @@ index 5440c00..354251c 100644 install_str_setting(0, &tunable_dsa_cert_file); install_str_setting(0, &tunable_dh_param_file); install_str_setting(0, &tunable_ecdh_param_file); -- install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384", -- &tunable_ssl_ciphers); +- install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA", +- &tunable_ssl_ciphers); + install_str_setting("PROFILE=SYSTEM", &tunable_ssl_ciphers); install_str_setting(0, &tunable_rsa_private_key_file); install_str_setting(0, &tunable_dsa_private_key_file); diff --git a/0041-Document-the-new-default-for-ssl_ciphers-in-the-man-.patch b/0041-Document-the-new-default-for-ssl_ciphers-in-the-man-.patch index 8b26c7b..93e2ce8 100644 --- a/0041-Document-the-new-default-for-ssl_ciphers-in-the-man-.patch +++ b/0041-Document-the-new-default-for-ssl_ciphers-in-the-man-.patch @@ -17,15 +17,15 @@ index 3ca55e4..2a7662e 100644 security precaution as it prevents malicious remote parties forcing a cipher which they have found problems with. --Default: AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384 +-Default: DES-CBC3-SHA +By default, the system-wide crypto policy is used. See +.BR update-crypto-policies(8) +for further details. + +Default: PROFILE=SYSTEM .TP - .B user_config_dir - This powerful option allows the override of any config option specified in + .B ssl_sni_hostname + If set, SSL connections will be rejected unless the SNI hostname in the -- 2.14.4 diff --git a/fix-str_open.patch b/fix-str_open.patch index eef52ec..e5d5bd9 100644 --- a/fix-str_open.patch +++ b/fix-str_open.patch @@ -1,11 +1,10 @@ -diff -ruN vsftpd-3.0.3.orig/sysstr.c vsftpd-3.0.3/sysstr.c ---- vsftpd-3.0.3.orig/sysstr.c 2020-11-17 09:47:03.872923383 +0100 -+++ vsftpd-3.0.3/sysstr.c 2020-11-17 09:48:41.219754145 +0100 +--- sysstr-orig.c 2022-07-27 09:44:52.606408000 +0200 ++++ sysstr.c 2022-07-27 09:54:24.043081352 +0200 @@ -74,19 +74,11 @@ int str_open(const struct mystr* p_str, const enum EVSFSysStrOpenMode mode) { -- enum EVSFSysUtilOpenMode open_mode = kVSFSysStrOpenUnknown; +- enum EVSFSysUtilOpenMode open_mode = kVSFSysUtilOpenUnknown; - switch (mode) - { - case kVSFSysStrOpenReadOnly: diff --git a/sources b/sources index 73f8cf5..e0f928f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (vsftpd-3.0.3.tar.gz) = 5a4410a88e72ecf6f60a60a89771bcec300c9f63c2ea83b219bdf65fd9749b9853f9579f7257205b55659aefcd5dab243eba878dbbd4f0ff8532dd6e60884df7 +SHA512 (vsftpd-3.0.5.tar.gz) = 9e9f9bde8c460fbc6b1d29ca531327fb2e40e336358f1cc19e1da205ef81b553719a148ad4613ceead25499d1ac3f03301a0ecd3776e5c228acccb7f9461a7ee diff --git a/vsftpd-3.0.3-enable_wc_logs-replace_unprintable_with_hex.patch b/vsftpd-3.0.5-enable_wc_logs-replace_unprintable_with_hex.patch similarity index 100% rename from vsftpd-3.0.3-enable_wc_logs-replace_unprintable_with_hex.patch rename to vsftpd-3.0.5-enable_wc_logs-replace_unprintable_with_hex.patch diff --git a/vsftpd.spec b/vsftpd.spec index ab63318..18f9361 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -1,8 +1,8 @@ %global _generatorsdir %{_prefix}/lib/systemd/system-generators Name: vsftpd -Version: 3.0.3 -Release: 51%{?dist} +Version: 3.0.5 +Release: 1%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -61,7 +61,7 @@ Patch29: 0029-Fix-segfault-in-config-file-parser.patch Patch30: 0030-Fix-logging-into-syslog-when-enabled-in-config.patch Patch31: 0031-Fix-question-mark-wildcard-withing-a-file-name.patch Patch32: 0032-Propagate-errors-from-nfs-with-quota-to-client.patch -Patch33: 0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch +#Patch33: 0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch Patch34: 0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch Patch35: 0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch Patch36: 0036-Redefine-VSFTP_COMMAND_FD-to-1.patch @@ -70,8 +70,8 @@ Patch38: 0038-Document-allow_writeable_chroot-in-the-man-page.patch Patch39: 0039-Improve-documentation-of-ASCII-mode-in-the-man-page.patch Patch40: 0040-Use-system-wide-crypto-policy.patch Patch41: 0041-Document-the-new-default-for-ssl_ciphers-in-the-man-.patch -Patch42: 0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch -Patch43: 0043-Enable-only-TLSv1.2-by-default.patch +#Patch42: 0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch +#Patch43: 0043-Enable-only-TLSv1.2-by-default.patch Patch44: 0044-Disable-anonymous_enable-in-default-config-file.patch Patch45: 0045-Expand-explanation-of-ascii_-options-behaviour-in-ma.patch Patch46: 0046-vsftpd.conf-Refer-to-the-man-page-regarding-the-asci.patch @@ -97,10 +97,8 @@ Patch67: 0001-Fix-timestamp-handling-in-MDTM.patch Patch68: 0002-Drop-an-unused-global-variable.patch Patch69: 0001-Remove-a-hint-about-the-ftp_home_dir-SELinux-boolean.patch Patch70: fix-str_open.patch +Patch71: vsftpd-3.0.5-enable_wc_logs-replace_unprintable_with_hex.patch # upstream commits 56402c0, 8b82e73 -Patch71: vsftpd-3.0.3-enable_wc_logs-replace_unprintable_with_hex.patch -Patch72: vsftpd-3.0.3-ALPACA.patch -Patch73: vsftpd-3.0.3-option_to_disable_TLSv1_3.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -172,6 +170,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Thu Jul 28 2022 Richard Lescak 3.0.5-1 +- rebase to version 3.0.5 + * Sat Jul 23 2022 Fedora Release Engineering - 3.0.3-51 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild From 8ce1361c8ca80c4fe35b4c99094d21bfd57c5efa Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 21 Jan 2023 06:31:03 +0000 Subject: [PATCH 70/85] Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- vsftpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index 18f9361..7efc847 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.5 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -170,6 +170,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Sat Jan 21 2023 Fedora Release Engineering - 3.0.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + * Thu Jul 28 2022 Richard Lescak 3.0.5-1 - rebase to version 3.0.5 From 57c94df2dcebe0b75f65519fac394b377237234c Mon Sep 17 00:00:00 2001 From: Richard Lescak Date: Fri, 17 Feb 2023 16:32:19 +0100 Subject: [PATCH 71/85] make vsftpd compatible with Openssl 3.0+ replace old network functions --- ...-support-for-DHE-based-cipher-suites.patch | 112 +++----------- ...upport-for-EDDHE-based-cipher-suites.patch | 28 ++-- ...ment-patch-to-build-with-OpenSSL-1.1.patch | 74 ---------- ...replace-deprecated-openssl-functions.patch | 70 +++++++++ ...5-replace-old-network-addr-functions.patch | 139 ++++++++++++++++++ vsftpd.spec | 16 +- 6 files changed, 252 insertions(+), 187 deletions(-) delete mode 100644 0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch create mode 100644 vsftpd-3.0.5-replace-deprecated-openssl-functions.patch create mode 100644 vsftpd-3.0.5-replace-old-network-addr-functions.patch diff --git a/0021-Introduce-support-for-DHE-based-cipher-suites.patch b/0021-Introduce-support-for-DHE-based-cipher-suites.patch index cfa23bb..bbf99a8 100644 --- a/0021-Introduce-support-for-DHE-based-cipher-suites.patch +++ b/0021-Introduce-support-for-DHE-based-cipher-suites.patch @@ -31,81 +31,36 @@ index c362983..22b69b3 100644 #include #include #include -+#include +#include ++#include #include #include -@@ -38,6 +40,7 @@ - static char* get_ssl_error(); - static SSL* get_ssl(struct vsf_session* p_sess, int fd); - static int ssl_session_init(struct vsf_session* p_sess); -+static DH *ssl_tmp_dh_callback(SSL *ssl, int is_export, int keylength); - static void setup_bio_callbacks(); - static long bio_callback( - BIO* p_bio, int oper, const char* p_arg, int argi, long argl, long retval); -@@ -51,6 +54,60 @@ static int ssl_read_common(struct vsf_session* p_sess, +@@ -58,6 +60,23 @@ static int ssl_inited; static struct mystr debug_str; ++EVP_PKEY * ++DH_get_dh() ++{ ++ OSSL_PARAM dh_params[2]; ++ EVP_PKEY *dh_key = NULL; ++ EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL); + -+// Grab prime number from OpenSSL; -+// (get_rfc*) for all available primes. -+// wraps selection of comparable algorithm strength -+#if !defined(match_dh_bits) -+ #define match_dh_bits(keylen) \ -+ keylen >= 8191 ? 8192 : \ -+ keylen >= 6143 ? 6144 : \ -+ keylen >= 4095 ? 4096 : \ -+ keylen >= 3071 ? 3072 : \ -+ keylen >= 2047 ? 2048 : \ -+ keylen >= 1535 ? 1536 : \ -+ keylen >= 1023 ? 1024 : 768 -+#endif ++ dh_params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0); ++ dh_params[1] = OSSL_PARAM_construct_end(); + -+#if !defined(DH_get_prime) -+ BIGNUM * -+ DH_get_prime(int bits) -+ { -+ switch (bits) { -+ case 768: return get_rfc2409_prime_768(NULL); -+ case 1024: return get_rfc2409_prime_1024(NULL); -+ case 1536: return get_rfc3526_prime_1536(NULL); -+ case 2048: return get_rfc3526_prime_2048(NULL); -+ case 3072: return get_rfc3526_prime_3072(NULL); -+ case 4096: return get_rfc3526_prime_4096(NULL); -+ case 6144: return get_rfc3526_prime_6144(NULL); -+ case 8192: return get_rfc3526_prime_8192(NULL); -+ // shouldn't happen when used match_dh_bits; strict compiler -+ default: return NULL; -+ } ++ if (EVP_PKEY_keygen_init(pctx) <= 0 || EVP_PKEY_CTX_set_params(pctx, dh_params) <= 0) ++ return NULL; ++ EVP_PKEY_generate(pctx, &dh_key); ++ EVP_PKEY_CTX_free(pctx); ++ return dh_key; +} -+#endif -+ -+#if !defined(DH_get_dh) -+ // Grab DH parameters -+ DH * -+ DH_get_dh(int size) -+ { -+ DH *dh = DH_new(); -+ if (!dh) { -+ return NULL; -+ } -+ dh->p = DH_get_prime(match_dh_bits(size)); -+ BN_dec2bn(&dh->g, "2"); -+ if (!dh->p || !dh->g) -+ { -+ DH_free(dh); -+ return NULL; -+ } -+ return dh; -+ } -+#endif + void ssl_init(struct vsf_session* p_sess) { -@@ -65,7 +122,7 @@ ssl_init(struct vsf_session* p_sess) +@@ -72,7 +89,7 @@ { die("SSL: could not allocate SSL context"); } @@ -114,61 +69,42 @@ index c362983..22b69b3 100644 if (!tunable_sslv2) { options |= SSL_OP_NO_SSLv2; -@@ -111,6 +168,25 @@ ssl_init(struct vsf_session* p_sess) +@@ -130,6 +147,25 @@ die("SSL: cannot load DSA private key"); } } + if (tunable_dh_param_file) + { + BIO *bio; -+ DH *dhparams = NULL; ++ EVP_PKEY *dh_params = NULL; + if ((bio = BIO_new_file(tunable_dh_param_file, "r")) == NULL) + { + die("SSL: cannot load custom DH params"); + } + else + { -+ dhparams = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); ++ dh_params = PEM_read_bio_Parameters(bio, NULL); + BIO_free(bio); + -+ if (!SSL_CTX_set_tmp_dh(p_ctx, dhparams)) -+ { ++ if (!SSL_CTX_set0_tmp_dh_pkey(p_ctx, dh_params)) ++ { + die("SSL: setting custom DH params failed"); -+ } ++ } + } + } if (tunable_ssl_ciphers && SSL_CTX_set_cipher_list(p_ctx, tunable_ssl_ciphers) != 1) { -@@ -184,6 +260,9 @@ +@@ -184,6 +226,9 @@ /* Ensure cached session doesn't expire */ SSL_CTX_set_timeout(p_ctx, INT_MAX); } + -+ SSL_CTX_set_tmp_dh_callback(p_ctx, ssl_tmp_dh_callback); ++ SSL_CTX_set0_tmp_dh_pkey(p_ctx, DH_get_dh()); + /* Set up ALPN to check for FTP protocol intention of client. */ SSL_CTX_set_alpn_select_cb(p_ctx, ssl_alpn_callback, p_sess); /* Set up SNI callback for an optional hostname check. */ -@@ -854,6 +933,18 @@ ssl_verify_callback(int verify_ok, X509_STORE_CTX* p_ctx) - } - } - -+#define UNUSED(x) ( (void)(x) ) -+ -+static DH * -+ssl_tmp_dh_callback(SSL *ssl, int is_export, int keylength) -+{ -+ // strict compiler bypassing -+ UNUSED(ssl); -+ UNUSED(is_export); -+ -+ return DH_get_dh(keylength); -+} -+ - void - ssl_add_entropy(struct vsf_session* p_sess) - { diff --git a/tunables.c b/tunables.c index c737465..1ea7227 100644 --- a/tunables.c diff --git a/0022-Introduce-support-for-EDDHE-based-cipher-suites.patch b/0022-Introduce-support-for-EDDHE-based-cipher-suites.patch index 9cb56cd..0a09a2c 100644 --- a/0022-Introduce-support-for-EDDHE-based-cipher-suites.patch +++ b/0022-Introduce-support-for-EDDHE-based-cipher-suites.patch @@ -36,45 +36,37 @@ index 22b69b3..96bf8ad 100644 if (!tunable_sslv2) { options |= SSL_OP_NO_SSLv2; -@@ -244,6 +244,41 @@ +@@ -244,6 +244,33 @@ - SSL_CTX_set_tmp_dh_callback(p_ctx, ssl_tmp_dh_callback); + SSL_CTX_set0_tmp_dh_pkey(p_ctx, DH_get_dh()); + if (tunable_ecdh_param_file) + { + BIO *bio; -+ int nid; -+ EC_GROUP *ecparams = NULL; -+ EC_KEY *eckey; ++ EVP_PKEY *ec_params = NULL; + + if ((bio = BIO_new_file(tunable_ecdh_param_file, "r")) == NULL) + die("SSL: cannot load custom ec params"); + else + { -+ ecparams = PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL); ++ ec_params = PEM_read_bio_Parameters(bio, NULL); + BIO_free(bio); + -+ if (ecparams && (nid = EC_GROUP_get_curve_name(ecparams)) && -+ (eckey = EC_KEY_new_by_curve_name(nid))) ++ if (ec_params != NULL) + { -+ if (!SSL_CTX_set_tmp_ecdh(p_ctx, eckey)) ++ if (!SSL_CTX_set1_groups_list(p_ctx, ec_params)) + die("SSL: setting custom EC params failed"); -+ } -+ else ++ } ++ else + { + die("SSL: getting ec group or key failed"); -+ } ++ } + } + } + else + { -+#if defined(SSL_CTX_set_ecdh_auto) -+ SSL_CTX_set_ecdh_auto(p_ctx, 1); -+#else -+ SSL_CTX_set_tmp_ecdh(p_ctx, EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); -+#endif ++ SSL_CTX_set1_groups_list(p_ctx, "P-256"); + } -+ /* Set up ALPN to check for FTP protocol intention of client. */ SSL_CTX_set_alpn_select_cb(p_ctx, ssl_alpn_callback, p_sess); /* Set up SNI callback for an optional hostname check. */ diff --git a/0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch b/0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch deleted file mode 100644 index 1cebc18..0000000 --- a/0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 6c8dd87f311e411bcb1c72c1c780497881a5621c Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= -Date: Mon, 4 Sep 2017 11:32:03 +0200 -Subject: [PATCH 35/59] Modify DH enablement patch to build with OpenSSL 1.1 - ---- - ssl.c | 41 ++++++++++++++++++++++++++++++++++++++--- - 1 file changed, 38 insertions(+), 3 deletions(-) - -diff --git a/ssl.c b/ssl.c -index ba8a613..09ec96a 100644 ---- a/ssl.c -+++ b/ssl.c -@@ -88,19 +88,54 @@ static struct mystr debug_str; - } - #endif - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) -+{ -+ /* If the fields p and g in d are NULL, the corresponding input -+ * parameters MUST be non-NULL. q may remain NULL. -+ */ -+ if ((dh->p == NULL && p == NULL) -+ || (dh->g == NULL && g == NULL)) -+ return 0; -+ -+ if (p != NULL) { -+ BN_free(dh->p); -+ dh->p = p; -+ } -+ if (q != NULL) { -+ BN_free(dh->q); -+ dh->q = q; -+ } -+ if (g != NULL) { -+ BN_free(dh->g); -+ dh->g = g; -+ } -+ -+ if (q != NULL) { -+ dh->length = BN_num_bits(q); -+ } -+ -+ return 1; -+} -+#endif -+ - #if !defined(DH_get_dh) - // Grab DH parameters - DH * - DH_get_dh(int size) - { -+ BIGNUM *g = NULL; -+ BIGNUM *p = NULL; - DH *dh = DH_new(); - if (!dh) { - return NULL; - } -- dh->p = DH_get_prime(match_dh_bits(size)); -- BN_dec2bn(&dh->g, "2"); -- if (!dh->p || !dh->g) -+ p = DH_get_prime(match_dh_bits(size)); -+ BN_dec2bn(&g, "2"); -+ if (!p || !g || !DH_set0_pqg(dh, p, NULL, g)) - { -+ BN_free(g); -+ BN_free(p); - DH_free(dh); - return NULL; - } --- -2.14.4 - diff --git a/vsftpd-3.0.5-replace-deprecated-openssl-functions.patch b/vsftpd-3.0.5-replace-deprecated-openssl-functions.patch new file mode 100644 index 0000000..c6f8f7d --- /dev/null +++ b/vsftpd-3.0.5-replace-deprecated-openssl-functions.patch @@ -0,0 +1,70 @@ +diff --git a/ssl.c b/ssl.c +--- ssl.c ++++ ssl.c +@@ -28,17 +28,17 @@ + #include + #include + #include + #include + #include + #include + #include + + static char* get_ssl_error(); + static SSL* get_ssl(struct vsf_session* p_sess, int fd); + static int ssl_session_init(struct vsf_session* p_sess); + static void setup_bio_callbacks(); + static long bio_callback( +- BIO* p_bio, int oper, const char* p_arg, int argi, long argl, long retval); ++ BIO* p_bio, int oper, const char* p_arg, size_t len, int argi, long argl, int ret, size_t *processed); + static int ssl_verify_callback(int verify_ok, X509_STORE_CTX* p_ctx); + static int ssl_alpn_callback(SSL* p_ssl, + const unsigned char** p_out, +@@ -88,7 +88,7 @@ + long options; + int verify_option = 0; + SSL_library_init(); +- p_ctx = SSL_CTX_new(SSLv23_server_method()); ++ p_ctx = SSL_CTX_new_ex(NULL, NULL, SSLv23_server_method()); + if (p_ctx == NULL) + { + die("SSL: could not allocate SSL context"); +@@ -180,13 +180,10 @@ + die("SSL: RNG is not seeded"); + } + { +- EC_KEY* key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); +- if (key == NULL) ++ if (!SSL_CTX_set1_groups_list(p_ctx, "P-256")) + { + die("SSL: failed to get curve p256"); + } +- SSL_CTX_set_tmp_ecdh(p_ctx, key); +- EC_KEY_free(key); + } + if (tunable_ssl_request_cert) + { +@@ -692,17 +689,19 @@ + static void setup_bio_callbacks(SSL* p_ssl) + { + BIO* p_bio = SSL_get_rbio(p_ssl); +- BIO_set_callback(p_bio, bio_callback); ++ BIO_set_callback_ex(p_bio, bio_callback); + p_bio = SSL_get_wbio(p_ssl); +- BIO_set_callback(p_bio, bio_callback); ++ BIO_set_callback_ex(p_bio, bio_callback); + } + + static long + bio_callback( +- BIO* p_bio, int oper, const char* p_arg, int argi, long argl, long ret) ++ BIO* p_bio, int oper, const char* p_arg, size_t len, int argi, long argl, int ret, size_t *processed) + { + int retval = 0; + int fd = 0; ++ (void) len; ++ (void) processed; + (void) p_arg; + (void) argi; + (void) argl; + diff --git a/vsftpd-3.0.5-replace-old-network-addr-functions.patch b/vsftpd-3.0.5-replace-old-network-addr-functions.patch new file mode 100644 index 0000000..89e6257 --- /dev/null +++ b/vsftpd-3.0.5-replace-old-network-addr-functions.patch @@ -0,0 +1,139 @@ +diff -urN vsftpd-3.0.5-orig/postlogin.c vsftpd-3.0.5/postlogin.c +--- vsftpd-3.0.5-orig/postlogin.c 2015-07-22 21:03:22.000000000 +0200 ++++ vsftpd-3.0.5/postlogin.c 2023-02-13 16:34:05.244467476 +0100 +@@ -27,4 +27,6 @@ + #include "ssl.h" + #include "vsftpver.h" ++#include ++#include + #include "opts.h" + +@@ -628,9 +629,10 @@ + else + { + const void* p_v4addr = vsf_sysutil_sockaddr_ipv6_v4(s_p_sockaddr); ++ static char result[INET_ADDRSTRLEN]; + if (p_v4addr) + { +- str_append_text(&s_pasv_res_str, vsf_sysutil_inet_ntoa(p_v4addr)); ++ str_append_text(&s_pasv_res_str, inet_ntop(AF_INET, p_v4addr, result, INET_ADDRSTRLEN)); + } + else + { +diff -urN vsftpd-3.0.5-orig/sysutil.c vsftpd-3.0.5/sysutil.c +--- vsftpd-3.0.5-orig/sysutil.c 2012-09-16 09:07:38.000000000 +0200 ++++ vsftpd-3.0.5/sysutil.c 2023-02-13 16:08:58.557153109 +0100 +@@ -2205,20 +2205,13 @@ + const struct sockaddr* p_sockaddr = &p_sockptr->u.u_sockaddr; + if (p_sockaddr->sa_family == AF_INET) + { +- return inet_ntoa(p_sockptr->u.u_sockaddr_in.sin_addr); ++ static char result[INET_ADDRSTRLEN]; ++ return inet_ntop(AF_INET, &p_sockptr->u.u_sockaddr_in.sin_addr, result, INET_ADDRSTRLEN); + } + else if (p_sockaddr->sa_family == AF_INET6) + { +- static char inaddr_buf[64]; +- const char* p_ret = inet_ntop(AF_INET6, +- &p_sockptr->u.u_sockaddr_in6.sin6_addr, +- inaddr_buf, sizeof(inaddr_buf)); +- inaddr_buf[sizeof(inaddr_buf) - 1] = '\0'; +- if (p_ret == NULL) +- { +- inaddr_buf[0] = '\0'; +- } +- return inaddr_buf; ++ static char result[INET6_ADDRSTRLEN]; ++ return inet_ntop(AF_INET6, &p_sockptr->u.u_sockaddr_in6.sin6_addr, result, INET6_ADDRSTRLEN); + } + else + { +@@ -2227,12 +2220,6 @@ + } + } + +-const char* +-vsf_sysutil_inet_ntoa(const void* p_raw_addr) +-{ +- return inet_ntoa(*((struct in_addr*)p_raw_addr)); +-} +- + int + vsf_sysutil_inet_aton(const char* p_text, struct vsf_sysutil_sockaddr* p_addr) + { +@@ -2241,7 +2228,7 @@ + { + bug("bad family"); + } +- if (inet_aton(p_text, &sin_addr)) ++ if (inet_pton(AF_INET, p_text, &sin_addr)) + { + vsf_sysutil_memcpy(&p_addr->u.u_sockaddr_in.sin_addr, + &sin_addr, sizeof(p_addr->u.u_sockaddr_in.sin_addr)); +@@ -2257,37 +2244,46 @@ + vsf_sysutil_dns_resolve(struct vsf_sysutil_sockaddr** p_sockptr, + const char* p_name) + { +- struct hostent* hent = gethostbyname(p_name); +- if (hent == NULL) ++ struct addrinfo *result; ++ struct addrinfo hints; ++ int ret; ++ ++ memset(&hints, 0, sizeof(struct addrinfo)); ++ hints.ai_family = AF_UNSPEC; ++ ++ if ((ret = getaddrinfo(p_name, NULL, &hints, &result)) != 0) + { ++ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(ret)); + die2("cannot resolve host:", p_name); + } + vsf_sysutil_sockaddr_clear(p_sockptr); +- if (hent->h_addrtype == AF_INET) ++ if (result->ai_family == AF_INET) + { +- unsigned int len = hent->h_length; ++ unsigned int len = result->ai_addrlen; + if (len > sizeof((*p_sockptr)->u.u_sockaddr_in.sin_addr)) + { + len = sizeof((*p_sockptr)->u.u_sockaddr_in.sin_addr); + } + vsf_sysutil_sockaddr_alloc_ipv4(p_sockptr); + vsf_sysutil_memcpy(&(*p_sockptr)->u.u_sockaddr_in.sin_addr, +- hent->h_addr_list[0], len); ++ &result->ai_addrlen, len); + } +- else if (hent->h_addrtype == AF_INET6) ++ else if (result->ai_family == AF_INET6) + { +- unsigned int len = hent->h_length; ++ unsigned int len = result->ai_addrlen; + if (len > sizeof((*p_sockptr)->u.u_sockaddr_in6.sin6_addr)) + { + len = sizeof((*p_sockptr)->u.u_sockaddr_in6.sin6_addr); + } + vsf_sysutil_sockaddr_alloc_ipv6(p_sockptr); + vsf_sysutil_memcpy(&(*p_sockptr)->u.u_sockaddr_in6.sin6_addr, +- hent->h_addr_list[0], len); ++ &result->ai_addrlen, len); + } + else + { +- die("gethostbyname(): neither IPv4 nor IPv6"); ++ freeaddrinfo(result); ++ die("getaddrinfo(): neither IPv4 nor IPv6"); + } ++ freeaddrinfo(result); + } + +diff -urN vsftpd-3.0.5-orig/sysutil.h vsftpd-3.0.5/sysutil.h +--- vsftpd-3.0.5-orig/sysutil.h 2021-05-18 08:50:21.000000000 +0200 ++++ vsftpd-3.0.5/sysutil.h 2023-02-13 15:59:22.088331075 +0100 +@@ -277,7 +277,6 @@ + + const char* vsf_sysutil_inet_ntop( + const struct vsf_sysutil_sockaddr* p_sockptr); +-const char* vsf_sysutil_inet_ntoa(const void* p_raw_addr); + int vsf_sysutil_inet_aton( + const char* p_text, struct vsf_sysutil_sockaddr* p_addr); + diff --git a/vsftpd.spec b/vsftpd.spec index 7efc847..72ce764 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.5 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -63,7 +63,6 @@ Patch31: 0031-Fix-question-mark-wildcard-withing-a-file-name.patch Patch32: 0032-Propagate-errors-from-nfs-with-quota-to-client.patch #Patch33: 0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch Patch34: 0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch -Patch35: 0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch Patch36: 0036-Redefine-VSFTP_COMMAND_FD-to-1.patch Patch37: 0037-Document-the-relationship-of-text_userdb_names-and-c.patch Patch38: 0038-Document-allow_writeable_chroot-in-the-man-page.patch @@ -98,7 +97,8 @@ Patch68: 0002-Drop-an-unused-global-variable.patch Patch69: 0001-Remove-a-hint-about-the-ftp_home_dir-SELinux-boolean.patch Patch70: fix-str_open.patch Patch71: vsftpd-3.0.5-enable_wc_logs-replace_unprintable_with_hex.patch -# upstream commits 56402c0, 8b82e73 +Patch72: vsftpd-3.0.5-replace-old-network-addr-functions.patch +Patch73: vsftpd-3.0.5-replace-deprecated-openssl-functions.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -109,13 +109,11 @@ scratch. cp %{SOURCE1} . %build -# temporary ignore deprecated warnings to be able to build against OpenSSL 3.0 -%define ignore_deprecated -Wno-deprecated-declarations %ifarch s390x sparcv9 sparc64 -%make_build CFLAGS="$RPM_OPT_FLAGS -fPIE -pipe -Wextra -Werror %ignore_deprecated" \ +%make_build CFLAGS="$RPM_OPT_FLAGS -fPIE -pipe -Wextra -Werror" \ %else -%make_build CFLAGS="$RPM_OPT_FLAGS -fpie -pipe -Wextra -Werror %ignore_deprecated" \ +%make_build CFLAGS="$RPM_OPT_FLAGS -fpie -pipe -Wextra -Werror" \ %endif LINK="-pie -lssl $RPM_LD_FLAGS" %{?_smp_mflags} @@ -170,6 +168,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Fri Feb 17 2023 Richard Lescak - 3.0.5-3 +- make vsftpd compatible with Openssl 3.0+ +- replace old network functions + * Sat Jan 21 2023 Fedora Release Engineering - 3.0.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild From 9f310a0dd2a73294b1f1bcc81c3c245d2549c225 Mon Sep 17 00:00:00 2001 From: Ondrej Mejzlik Date: Tue, 18 Apr 2023 12:45:29 +0200 Subject: [PATCH 72/85] Adding fmf plans and gating --- ci.fmf | 1 + gating.yaml | 23 +++++++++++++++++------ plans/ci.fmf | 6 ------ plans/public.fmf | 6 ++++++ plans/tier1-internal.fmf | 12 ++++++++++++ 5 files changed, 36 insertions(+), 12 deletions(-) create mode 100644 ci.fmf delete mode 100644 plans/ci.fmf create mode 100644 plans/public.fmf create mode 100644 plans/tier1-internal.fmf diff --git a/ci.fmf b/ci.fmf new file mode 100644 index 0000000..c5aa0e0 --- /dev/null +++ b/ci.fmf @@ -0,0 +1 @@ +resultsdb-testcase: separate diff --git a/gating.yaml b/gating.yaml index ce1b655..de5c323 100644 --- a/gating.yaml +++ b/gating.yaml @@ -1,16 +1,27 @@ --- !Policy product_versions: - fedora-* -decision_contexts: [bodhi_update_push_testing] +decision_context: bodhi_update_push_testing subject_type: koji_build rules: - - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} - -#gating rawhide + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/public.functional} + +#Rawhide --- !Policy product_versions: - fedora-* -decision_contexts: [bodhi_update_push_stable] +decision_context: bodhi_update_push_stable subject_type: koji_build rules: - - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/public.functional} + +#gating rhel +--- !Policy +product_versions: + - rhel-* +decision_context: osci_compose_gate +rules: + - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional} + - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tedude.validation} + - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-internal.functional} + - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/public.functional} diff --git a/plans/ci.fmf b/plans/ci.fmf deleted file mode 100644 index 3eeb9e9..0000000 --- a/plans/ci.fmf +++ /dev/null @@ -1,6 +0,0 @@ -summary: Test plan that runs all tests from tests repo. -discover: - how: fmf - url: https://src.fedoraproject.org/tests/vsftpd.git -execute: - how: tmt diff --git a/plans/public.fmf b/plans/public.fmf new file mode 100644 index 0000000..95682f5 --- /dev/null +++ b/plans/public.fmf @@ -0,0 +1,6 @@ +summary: Test plan with all Fedora tests +discover: + how: fmf + url: https://src.fedoraproject.org/tests/vsftpd.git +execute: + how: tmt diff --git a/plans/tier1-internal.fmf b/plans/tier1-internal.fmf new file mode 100644 index 0000000..d1dd032 --- /dev/null +++ b/plans/tier1-internal.fmf @@ -0,0 +1,12 @@ +summary: CI plan, picks internal Tier1 tests, runs in beakerlib. +discover: + - name: rhel + how: fmf + filter: 'tier: 1' + url: git://pkgs.devel.redhat.com/tests/vsftpd +execute: + how: tmt +adjust: + enabled: false + when: distro == centos-stream, fedora + because: They don't have access to internal repos. From 17a18d5fda02aca5d33e681a51fb3c4ba4bbd33a Mon Sep 17 00:00:00 2001 From: Richard Lescak Date: Fri, 5 May 2023 14:50:38 +0200 Subject: [PATCH 73/85] add option for TLSv1.3 ciphersuites SPDX migration --- ...-support-for-DHE-based-cipher-suites.patch | 4 +- ...-add-option-for-tlsv1.3-ciphersuites.patch | 79 +++++++++++++++++++ ...replace-deprecated-openssl-functions.patch | 2 +- vsftpd-3.0.5-use-old-tlsv-options.patch | 15 ++++ vsftpd.spec | 10 ++- 5 files changed, 106 insertions(+), 4 deletions(-) create mode 100644 vsftpd-3.0.5-add-option-for-tlsv1.3-ciphersuites.patch create mode 100644 vsftpd-3.0.5-use-old-tlsv-options.patch diff --git a/0021-Introduce-support-for-DHE-based-cipher-suites.patch b/0021-Introduce-support-for-DHE-based-cipher-suites.patch index bbf99a8..3460c2a 100644 --- a/0021-Introduce-support-for-DHE-based-cipher-suites.patch +++ b/0021-Introduce-support-for-DHE-based-cipher-suites.patch @@ -69,7 +69,7 @@ index c362983..22b69b3 100644 if (!tunable_sslv2) { options |= SSL_OP_NO_SSLv2; -@@ -130,6 +147,25 @@ +@@ -149,8 +166,27 @@ die("SSL: cannot load DSA private key"); } } @@ -95,6 +95,8 @@ index c362983..22b69b3 100644 if (tunable_ssl_ciphers && SSL_CTX_set_cipher_list(p_ctx, tunable_ssl_ciphers) != 1) { + die("SSL: could not set cipher list"); + } @@ -184,6 +226,9 @@ /* Ensure cached session doesn't expire */ SSL_CTX_set_timeout(p_ctx, INT_MAX); diff --git a/vsftpd-3.0.5-add-option-for-tlsv1.3-ciphersuites.patch b/vsftpd-3.0.5-add-option-for-tlsv1.3-ciphersuites.patch new file mode 100644 index 0000000..1f1925e --- /dev/null +++ b/vsftpd-3.0.5-add-option-for-tlsv1.3-ciphersuites.patch @@ -0,0 +1,79 @@ +diff -urN a/parseconf.c b/parseconf.c +--- a/parseconf.c 2021-05-29 23:39:19.000000000 +0200 ++++ b/parseconf.c 2023-03-03 10:22:38.256439634 +0100 +@@ -185,6 +185,7 @@ + { "dsa_cert_file", &tunable_dsa_cert_file }, + { "dh_param_file", &tunable_dh_param_file }, + { "ecdh_param_file", &tunable_ecdh_param_file }, ++ { "ssl_ciphersuites", &tunable_ssl_ciphersuites }, + { "ssl_ciphers", &tunable_ssl_ciphers }, + { "rsa_private_key_file", &tunable_rsa_private_key_file }, + { "dsa_private_key_file", &tunable_dsa_private_key_file }, +diff -urN a/ssl.c b/ssl.c +--- a/ssl.c 2021-08-02 08:24:35.000000000 +0200 ++++ b/ssl.c 2023-03-03 10:28:05.989757655 +0100 +@@ -135,6 +135,11 @@ + { + die("SSL: could not set cipher list"); + } ++ if (tunable_ssl_ciphersuites && ++ SSL_CTX_set_ciphersuites(p_ctx, tunable_ssl_ciphersuites) != 1) ++ { ++ die("SSL: could not set ciphersuites"); ++ } + if (RAND_status() != 1) + { + die("SSL: RNG is not seeded"); +diff -urN a/tunables.c b/tunables.c +--- a/tunables.c 2021-05-29 23:39:00.000000000 +0200 ++++ b/tunables.c 2023-03-03 10:13:30.566868026 +0100 +@@ -154,6 +154,7 @@ + const char* tunable_dsa_cert_file; + const char* tunable_dh_param_file; + const char* tunable_ecdh_param_file; + const char* tunable_ssl_ciphers; ++const char* tunable_ssl_ciphersuites; + const char* tunable_rsa_private_key_file; + const char* tunable_dsa_private_key_file; +@@ -293,6 +293,7 @@ + install_str_setting(0, &tunable_dh_param_file); + install_str_setting(0, &tunable_ecdh_param_file); + install_str_setting("PROFILE=SYSTEM", &tunable_ssl_ciphers); ++ install_str_setting("TLS_AES_256_GCM_SHA384", &tunable_ssl_ciphersuites); + install_str_setting(0, &tunable_rsa_private_key_file); + install_str_setting(0, &tunable_dsa_private_key_file); + install_str_setting(0, &tunable_ca_certs_file); +diff -urN a/tunables.h b/tunables.h +--- a/tunables.h ++++ b/tunables.h +@@ -144,6 +144,7 @@ + extern const char* tunable_dsa_cert_file; + extern const char* tunable_dh_param_file; + extern const char* tunable_ecdh_param_file; + extern const char* tunable_ssl_ciphers; ++extern const char* tunable_ssl_ciphersuites; + extern const char* tunable_rsa_private_key_file; + extern const char* tunable_dsa_private_key_file; +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -1009,6 +1009,20 @@ + + Default: PROFILE=SYSTEM + .TP ++.B ssl_ciphersuites ++This option can be used to select which SSL cipher suites vsftpd will allow for ++encrypted SSL connections with TLSv1.3. See the ++.BR ciphers ++man page for further details. Note that restricting ciphers can be a useful ++security precaution as it prevents malicious remote parties forcing a cipher ++which they have found problems with. ++ ++By default, the system-wide crypto policy is used. See ++.BR update-crypto-policies(8) ++for further details. ++ ++Default: TLS_AES_256_GCM_SHA384 ++.TP + .B ssl_sni_hostname + If set, SSL connections will be rejected unless the SNI hostname in the + incoming handshakes matches this value. diff --git a/vsftpd-3.0.5-replace-deprecated-openssl-functions.patch b/vsftpd-3.0.5-replace-deprecated-openssl-functions.patch index c6f8f7d..8e3792b 100644 --- a/vsftpd-3.0.5-replace-deprecated-openssl-functions.patch +++ b/vsftpd-3.0.5-replace-deprecated-openssl-functions.patch @@ -25,7 +25,7 @@ diff --git a/ssl.c b/ssl.c int verify_option = 0; SSL_library_init(); - p_ctx = SSL_CTX_new(SSLv23_server_method()); -+ p_ctx = SSL_CTX_new_ex(NULL, NULL, SSLv23_server_method()); ++ p_ctx = SSL_CTX_new_ex(NULL, NULL, TLS_server_method()); if (p_ctx == NULL) { die("SSL: could not allocate SSL context"); diff --git a/vsftpd-3.0.5-use-old-tlsv-options.patch b/vsftpd-3.0.5-use-old-tlsv-options.patch new file mode 100644 index 0000000..7c37ce9 --- /dev/null +++ b/vsftpd-3.0.5-use-old-tlsv-options.patch @@ -0,0 +1,15 @@ +--- parseconf-orig.c 2022-10-25 15:17:18.990701984 +0200 ++++ parseconf.c 2022-10-25 15:12:44.213480000 +0200 +@@ -85,9 +85,9 @@ + { "ssl_sslv2", &tunable_sslv2 }, + { "ssl_sslv3", &tunable_sslv3 }, + { "ssl_tlsv1", &tunable_tlsv1 }, +- { "ssl_tlsv11", &tunable_tlsv1_1 }, +- { "ssl_tlsv12", &tunable_tlsv1_2 }, +- { "ssl_tlsv13", &tunable_tlsv1_3 }, ++ { "ssl_tlsv1_1", &tunable_tlsv1_1 }, ++ { "ssl_tlsv1_2", &tunable_tlsv1_2 }, ++ { "ssl_tlsv1_3", &tunable_tlsv1_3 }, + { "tilde_user_enable", &tunable_tilde_user_enable }, + { "force_anon_logins_ssl", &tunable_force_anon_logins_ssl }, + { "force_anon_data_ssl", &tunable_force_anon_data_ssl }, diff --git a/vsftpd.spec b/vsftpd.spec index 72ce764..3df6d73 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,11 +2,11 @@ Name: vsftpd Version: 3.0.5 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception -License: GPLv2 with exceptions +License: GPL-2.0-only WITH vsftpd-openssl-exception URL: https://security.appspot.com/vsftpd.html Source0: https://security.appspot.com/downloads/%{name}-%{version}.tar.gz Source1: vsftpd.xinetd @@ -99,6 +99,8 @@ Patch70: fix-str_open.patch Patch71: vsftpd-3.0.5-enable_wc_logs-replace_unprintable_with_hex.patch Patch72: vsftpd-3.0.5-replace-old-network-addr-functions.patch Patch73: vsftpd-3.0.5-replace-deprecated-openssl-functions.patch +Patch74: vsftpd-3.0.5-add-option-for-tlsv1.3-ciphersuites.patch +Patch75: vsftpd-3.0.5-use-old-tlsv-options.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -168,6 +170,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Thu May 04 2023 Richard Lescak - 3.0.5-4 +- add option for TLSv1.3 ciphersuites +- SPDX migration + * Fri Feb 17 2023 Richard Lescak - 3.0.5-3 - make vsftpd compatible with Openssl 3.0+ - replace old network functions From e4f583e81fda55cd092b506fc61b02874ec24e15 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 22 Jul 2023 17:53:13 +0000 Subject: [PATCH 74/85] Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- vsftpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index 3df6d73..e76e3b7 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.5 -Release: 4%{?dist} +Release: 5%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -170,6 +170,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Sat Jul 22 2023 Fedora Release Engineering - 3.0.5-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + * Thu May 04 2023 Richard Lescak - 3.0.5-4 - add option for TLSv1.3 ciphersuites - SPDX migration From bbcf7c122fa17ea053fb8967d03a555ebd64bb0c Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 27 Jan 2024 08:14:07 +0000 Subject: [PATCH 75/85] Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild --- vsftpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index e76e3b7..a05c3f7 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.5 -Release: 5%{?dist} +Release: 6%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -170,6 +170,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Sat Jan 27 2024 Fedora Release Engineering - 3.0.5-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + * Sat Jul 22 2023 Fedora Release Engineering - 3.0.5-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild From 4b2c95303c888c07d7ebbd069e4f2fac597da46b Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 20 Jul 2024 09:02:01 +0000 Subject: [PATCH 76/85] Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild --- vsftpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index a05c3f7..397535d 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.5 -Release: 6%{?dist} +Release: 7%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -170,6 +170,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Sat Jul 20 2024 Fedora Release Engineering - 3.0.5-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + * Sat Jan 27 2024 Fedora Release Engineering - 3.0.5-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild From dff0329ff427009514de510649f81d7d600f85e4 Mon Sep 17 00:00:00 2001 From: Tomas Korbar Date: Mon, 19 Aug 2024 14:09:20 +0200 Subject: [PATCH 77/85] Fix FEAT command to list AUTH TLS when TLSv1.3 is enabled --- ...ntroduce-TLSv1.1-and-TLSv1.2-options.patch | 153 ------------------ ...AT-command-check-ssl_tlsv1_1-and-ssl.patch | 2 +- 0043-Enable-only-TLSv1.2-by-default.patch | 53 ------ vsftpd.spec | 9 +- 4 files changed, 6 insertions(+), 211 deletions(-) delete mode 100644 0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch delete mode 100644 0043-Enable-only-TLSv1.2-by-default.patch diff --git a/0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch b/0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch deleted file mode 100644 index 8d6228e..0000000 --- a/0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch +++ /dev/null @@ -1,153 +0,0 @@ -From 01bef55a1987700af3d43cdc5f5be88d3843ab85 Mon Sep 17 00:00:00 2001 -From: Martin Sehnoutka -Date: Thu, 17 Nov 2016 13:36:17 +0100 -Subject: [PATCH 33/59] Introduce TLSv1.1 and TLSv1.2 options. - -Users can now enable a specific version of TLS protocol. ---- - parseconf.c | 2 ++ - ssl.c | 8 ++++++++ - tunables.c | 9 +++++++-- - tunables.h | 2 ++ - vsftpd.conf.5 | 24 ++++++++++++++++++++---- - 5 files changed, 39 insertions(+), 6 deletions(-) - -diff --git a/parseconf.c b/parseconf.c -index a2c715b..33a1349 100644 ---- a/parseconf.c -+++ b/parseconf.c -@@ -85,6 +85,8 @@ parseconf_bool_array[] = - { "ssl_sslv2", &tunable_sslv2 }, - { "ssl_sslv3", &tunable_sslv3 }, - { "ssl_tlsv1", &tunable_tlsv1 }, -+ { "ssl_tlsv1_1", &tunable_tlsv1_1 }, -+ { "ssl_tlsv1_2", &tunable_tlsv1_2 }, - { "tilde_user_enable", &tunable_tilde_user_enable }, - { "force_anon_logins_ssl", &tunable_force_anon_logins_ssl }, - { "force_anon_data_ssl", &tunable_force_anon_data_ssl }, -diff --git a/ssl.c b/ssl.c -index 96bf8ad..ba8a613 100644 ---- a/ssl.c -+++ b/ssl.c -@@ -135,6 +135,14 @@ ssl_init(struct vsf_session* p_sess) - { - options |= SSL_OP_NO_TLSv1; - } -+ if (!tunable_tlsv1_1) -+ { -+ options |= SSL_OP_NO_TLSv1_1; -+ } -+ if (!tunable_tlsv1_2) -+ { -+ options |= SSL_OP_NO_TLSv1_2; -+ } - SSL_CTX_set_options(p_ctx, options); - if (tunable_rsa_cert_file) - { -diff --git a/tunables.c b/tunables.c -index 93f85b1..78f2bcd 100644 ---- a/tunables.c -+++ b/tunables.c -@@ -66,6 +66,8 @@ int tunable_force_local_data_ssl; - int tunable_sslv2; - int tunable_sslv3; - int tunable_tlsv1; -+int tunable_tlsv1_1; -+int tunable_tlsv1_2; - int tunable_tilde_user_enable; - int tunable_force_anon_logins_ssl; - int tunable_force_anon_data_ssl; -@@ -209,7 +211,10 @@ tunables_load_defaults() - tunable_force_local_data_ssl = 1; - tunable_sslv2 = 0; - tunable_sslv3 = 0; -+ /* TLSv1 up to TLSv1.2 is enabled by default */ - tunable_tlsv1 = 1; -+ tunable_tlsv1_1 = 1; -+ tunable_tlsv1_2 = 1; - tunable_tilde_user_enable = 0; - tunable_force_anon_logins_ssl = 0; - tunable_force_anon_data_ssl = 0; -@@ -292,8 +297,8 @@ tunables_load_defaults() - install_str_setting(0, &tunable_dsa_cert_file); - install_str_setting(0, &tunable_dh_param_file); - install_str_setting(0, &tunable_ecdh_param_file); -- install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA", -- &tunable_ssl_ciphers); -+ install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384", -+ &tunable_ssl_ciphers); - install_str_setting(0, &tunable_rsa_private_key_file); - install_str_setting(0, &tunable_dsa_private_key_file); - install_str_setting(0, &tunable_ca_certs_file); -diff --git a/tunables.h b/tunables.h -index 3e2d40c..a466427 100644 ---- a/tunables.h -+++ b/tunables.h -@@ -67,6 +67,8 @@ extern int tunable_force_local_data_ssl; /* Require local data uses SSL */ - extern int tunable_sslv2; /* Allow SSLv2 */ - extern int tunable_sslv3; /* Allow SSLv3 */ - extern int tunable_tlsv1; /* Allow TLSv1 */ -+extern int tunable_tlsv1_1; /* Allow TLSv1.1 */ -+extern int tunable_tlsv1_2; /* Allow TLSv1.2 */ - extern int tunable_tilde_user_enable; /* Support e.g. ~chris */ - extern int tunable_force_anon_logins_ssl; /* Require anon logins use SSL */ - extern int tunable_force_anon_data_ssl; /* Require anon data uses SSL */ -diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 -index cf1ae34..a3d569e 100644 ---- a/vsftpd.conf.5 -+++ b/vsftpd.conf.5 -@@ -506,7 +506,7 @@ Default: YES - Only applies if - .BR ssl_enable - is activated. If enabled, this option will permit SSL v2 protocol connections. --TLS v1 connections are preferred. -+TLS v1.2 connections are preferred. - - Default: NO - .TP -@@ -514,7 +514,7 @@ Default: NO - Only applies if - .BR ssl_enable - is activated. If enabled, this option will permit SSL v3 protocol connections. --TLS v1 connections are preferred. -+TLS v1.2 connections are preferred. - - Default: NO - .TP -@@ -522,7 +522,23 @@ Default: NO - Only applies if - .BR ssl_enable - is activated. If enabled, this option will permit TLS v1 protocol connections. --TLS v1 connections are preferred. -+TLS v1.2 connections are preferred. -+ -+Default: YES -+.TP -+.B ssl_tlsv1_1 -+Only applies if -+.BR ssl_enable -+is activated. If enabled, this option will permit TLS v1.1 protocol connections. -+TLS v1.2 connections are preferred. -+ -+Default: YES -+.TP -+.B ssl_tlsv1_2 -+Only applies if -+.BR ssl_enable -+is activated. If enabled, this option will permit TLS v1.2 protocol connections. -+TLS v1.2 connections are preferred. - - Default: YES - .TP -@@ -1044,7 +1060,7 @@ man page for further details. Note that restricting ciphers can be a useful - security precaution as it prevents malicious remote parties forcing a cipher - which they have found problems with. - --Default: DES-CBC3-SHA -+Default: AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384 - .TP - .B user_config_dir - This powerful option allows the override of any config option specified in --- -2.14.4 - diff --git a/0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch b/0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch index 250a44c..1e14813 100644 --- a/0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch +++ b/0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch @@ -23,7 +23,7 @@ index 1212980..d024366 100644 vsf_cmdio_write_raw(p_sess, " AUTH SSL\r\n"); } - if (tunable_tlsv1) -+ if (tunable_tlsv1 || tunable_tlsv1_1 || tunable_tlsv1_2) ++ if (tunable_tlsv1 || tunable_tlsv1_1 || tunable_tlsv1_2 || tunable_tlsv1_3) { vsf_cmdio_write_raw(p_sess, " AUTH TLS\r\n"); } diff --git a/0043-Enable-only-TLSv1.2-by-default.patch b/0043-Enable-only-TLSv1.2-by-default.patch deleted file mode 100644 index eb157f8..0000000 --- a/0043-Enable-only-TLSv1.2-by-default.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 75c942c77aa575143c5b75637e64a925ad12641a Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= -Date: Thu, 21 Dec 2017 16:38:40 +0100 -Subject: [PATCH 43/59] Enable only TLSv1.2 by default - -Disable TLSv1 and TLSv1.1 - enable only TLSv1.2 by default. ---- - tunables.c | 6 +++--- - vsftpd.conf.5 | 4 ++-- - 2 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/tunables.c b/tunables.c -index 354251c..9680528 100644 ---- a/tunables.c -+++ b/tunables.c -@@ -211,9 +211,9 @@ tunables_load_defaults() - tunable_force_local_data_ssl = 1; - tunable_sslv2 = 0; - tunable_sslv3 = 0; -- /* TLSv1 up to TLSv1.2 is enabled by default */ -- tunable_tlsv1 = 1; -- tunable_tlsv1_1 = 1; -+ tunable_tlsv1 = 0; -+ tunable_tlsv1_1 = 0; -+ /* Only TLSv1.2 is enabled by default */ - tunable_tlsv1_2 = 1; - tunable_tilde_user_enable = 0; - tunable_force_anon_logins_ssl = 0; -diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 -index 2a7662e..df14027 100644 ---- a/vsftpd.conf.5 -+++ b/vsftpd.conf.5 -@@ -539,7 +539,7 @@ Only applies if - is activated. If enabled, this option will permit TLS v1 protocol connections. - TLS v1.2 connections are preferred. - --Default: YES -+Default: NO - .TP - .B ssl_tlsv1_1 - Only applies if -@@ -547,7 +547,7 @@ Only applies if - is activated. If enabled, this option will permit TLS v1.1 protocol connections. - TLS v1.2 connections are preferred. - --Default: YES -+Default: NO - .TP - .B ssl_tlsv1_2 - Only applies if --- -2.14.4 - diff --git a/vsftpd.spec b/vsftpd.spec index 397535d..668b321 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.5 -Release: 7%{?dist} +Release: 8%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -61,7 +61,6 @@ Patch29: 0029-Fix-segfault-in-config-file-parser.patch Patch30: 0030-Fix-logging-into-syslog-when-enabled-in-config.patch Patch31: 0031-Fix-question-mark-wildcard-withing-a-file-name.patch Patch32: 0032-Propagate-errors-from-nfs-with-quota-to-client.patch -#Patch33: 0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch Patch34: 0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch Patch36: 0036-Redefine-VSFTP_COMMAND_FD-to-1.patch Patch37: 0037-Document-the-relationship-of-text_userdb_names-and-c.patch @@ -69,8 +68,7 @@ Patch38: 0038-Document-allow_writeable_chroot-in-the-man-page.patch Patch39: 0039-Improve-documentation-of-ASCII-mode-in-the-man-page.patch Patch40: 0040-Use-system-wide-crypto-policy.patch Patch41: 0041-Document-the-new-default-for-ssl_ciphers-in-the-man-.patch -#Patch42: 0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch -#Patch43: 0043-Enable-only-TLSv1.2-by-default.patch +Patch42: 0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch Patch44: 0044-Disable-anonymous_enable-in-default-config-file.patch Patch45: 0045-Expand-explanation-of-ascii_-options-behaviour-in-ma.patch Patch46: 0046-vsftpd.conf-Refer-to-the-man-page-regarding-the-asci.patch @@ -170,6 +168,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Mon Aug 19 2024 Tomas Korbar - 3.0.5-8 +- Fix FEAT command to list AUTH TLS when TLSv1.3 is enabled + * Sat Jul 20 2024 Fedora Release Engineering - 3.0.5-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild From 3c842e7696eeb3786e7f97d365a66928b0f5dc0a Mon Sep 17 00:00:00 2001 From: Ondrej Mejzlik Date: Mon, 14 Oct 2024 10:28:43 +0200 Subject: [PATCH 78/85] Update plans and gating --- gating.yaml | 13 +++++------ plans.fmf | 47 ++++++++++++++++++++++++++++++++++++++++ plans/public.fmf | 6 ----- plans/tier1-internal.fmf | 12 ---------- 4 files changed, 53 insertions(+), 25 deletions(-) create mode 100644 plans.fmf delete mode 100644 plans/public.fmf delete mode 100644 plans/tier1-internal.fmf diff --git a/gating.yaml b/gating.yaml index de5c323..9b2646f 100644 --- a/gating.yaml +++ b/gating.yaml @@ -4,8 +4,8 @@ product_versions: decision_context: bodhi_update_push_testing subject_type: koji_build rules: - - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/public.functional} - + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional} + #Rawhide --- !Policy product_versions: @@ -13,15 +13,14 @@ product_versions: decision_context: bodhi_update_push_stable subject_type: koji_build rules: - - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/public.functional} - + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional} + #gating rhel --- !Policy product_versions: - rhel-* decision_context: osci_compose_gate rules: - - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional} - - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tedude.validation} + - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-public.functional} - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-internal.functional} - - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/public.functional} + diff --git a/plans.fmf b/plans.fmf new file mode 100644 index 0000000..a2a8046 --- /dev/null +++ b/plans.fmf @@ -0,0 +1,47 @@ +/tier1-internal: + plan: + import: + url: https://src.fedoraproject.org/tests/vsftpd.git + name: /plans/tier1/internal + adjust: + enabled: false + when: distro == centos-stream, fedora + because: They don't have access to internal repos. + +/tier1-public: + plan: + import: + url: https://src.fedoraproject.org/tests/vsftpd.git + name: /plans/tier1/public + +/tier2-tier3-internal: + plan: + import: + url: https://src.fedoraproject.org/tests/vsftpd.git + name: /plans/tier2-tier3/internal + adjust: + enabled: false + when: distro == centos-stream, fedora + because: They don't have access to internal repos. + +/tier2-tier3-public: + plan: + import: + url: https://src.fedoraproject.org/tests/vsftpd.git + name: /plans/tier2-tier3/public + +/others-internal: + plan: + import: + url: https://src.fedoraproject.org/tests/vsftpd.git + name: /plans/others/internal + adjust: + enabled: false + when: distro == centos-stream, fedora + because: They don't have access to internal repos. + +/others-public: + plan: + import: + url: https://src.fedoraproject.org/tests/vsftpd.git + name: /plans/others/public diff --git a/plans/public.fmf b/plans/public.fmf deleted file mode 100644 index 95682f5..0000000 --- a/plans/public.fmf +++ /dev/null @@ -1,6 +0,0 @@ -summary: Test plan with all Fedora tests -discover: - how: fmf - url: https://src.fedoraproject.org/tests/vsftpd.git -execute: - how: tmt diff --git a/plans/tier1-internal.fmf b/plans/tier1-internal.fmf deleted file mode 100644 index d1dd032..0000000 --- a/plans/tier1-internal.fmf +++ /dev/null @@ -1,12 +0,0 @@ -summary: CI plan, picks internal Tier1 tests, runs in beakerlib. -discover: - - name: rhel - how: fmf - filter: 'tier: 1' - url: git://pkgs.devel.redhat.com/tests/vsftpd -execute: - how: tmt -adjust: - enabled: false - when: distro == centos-stream, fedora - because: They don't have access to internal repos. From 3c9948ba72339fa187099c3f5cfe1208d380b99c Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sun, 19 Jan 2025 14:38:47 +0000 Subject: [PATCH 79/85] Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild --- vsftpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index 668b321..8147c6c 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.5 -Release: 8%{?dist} +Release: 9%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -168,6 +168,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Sun Jan 19 2025 Fedora Release Engineering - 3.0.5-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + * Mon Aug 19 2024 Tomas Korbar - 3.0.5-8 - Fix FEAT command to list AUTH TLS when TLSv1.3 is enabled From c31087744900967ff4d572706a296bf6c8c4a68e Mon Sep 17 00:00:00 2001 From: Stepan Broz Date: Fri, 24 Jan 2025 12:47:37 +0100 Subject: [PATCH 80/85] Correct the definition of setup_bio_callbacks() in ssl.c. --- ...nition-of-setup_bio_callbacks-in-ssl.patch | 25 +++++++++++++++++++ vsftpd.spec | 6 ++++- 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 0076-Correct-the-definition-of-setup_bio_callbacks-in-ssl.patch diff --git a/0076-Correct-the-definition-of-setup_bio_callbacks-in-ssl.patch b/0076-Correct-the-definition-of-setup_bio_callbacks-in-ssl.patch new file mode 100644 index 0000000..4fb8420 --- /dev/null +++ b/0076-Correct-the-definition-of-setup_bio_callbacks-in-ssl.patch @@ -0,0 +1,25 @@ +From f3a745be207831ebd07add16e66ac2b43a743dc1 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Fri, 24 Jan 2025 11:42:39 +0100 +Subject: [PATCH] Correct the definition of setup_bio_callbacks() in ssl.c + +--- + ssl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ssl.c b/ssl.c +index e518097..02ed489 100644 +--- a/ssl.c ++++ b/ssl.c +@@ -36,7 +36,7 @@ + static char* get_ssl_error(); + static SSL* get_ssl(struct vsf_session* p_sess, int fd); + static int ssl_session_init(struct vsf_session* p_sess); +-static void setup_bio_callbacks(); ++static void setup_bio_callbacks(SSL* p_ssl); + static long bio_callback( + BIO* p_bio, int oper, const char* p_arg, size_t len, int argi, long argl, int ret, size_t *processed); + static int ssl_verify_callback(int verify_ok, X509_STORE_CTX* p_ctx); +-- +2.48.1 + diff --git a/vsftpd.spec b/vsftpd.spec index 8147c6c..c60435d 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.5 -Release: 9%{?dist} +Release: 10%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -99,6 +99,7 @@ Patch72: vsftpd-3.0.5-replace-old-network-addr-functions.patch Patch73: vsftpd-3.0.5-replace-deprecated-openssl-functions.patch Patch74: vsftpd-3.0.5-add-option-for-tlsv1.3-ciphersuites.patch Patch75: vsftpd-3.0.5-use-old-tlsv-options.patch +Patch76: 0076-Correct-the-definition-of-setup_bio_callbacks-in-ssl.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -168,6 +169,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Fri Jan 24 2025 Stepan Broz - 3.0.5-10 +- Correct the definition of setup_bio_callbacks() in ssl.c + * Sun Jan 19 2025 Fedora Release Engineering - 3.0.5-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild From be372735b51e078f9eefc212382bd8a6ae477edb Mon Sep 17 00:00:00 2001 From: Tomas Korbar Date: Tue, 15 Apr 2025 13:26:28 +0200 Subject: [PATCH 81/85] Move executable to bindir --- vsftpd.spec | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/vsftpd.spec b/vsftpd.spec index c60435d..74e6b37 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.5 -Release: 10%{?dist} +Release: 11%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -119,13 +119,13 @@ cp %{SOURCE1} . LINK="-pie -lssl $RPM_LD_FLAGS" %{?_smp_mflags} %install -mkdir -p $RPM_BUILD_ROOT%{_sbindir} +mkdir -p $RPM_BUILD_ROOT%{_bindir} mkdir -p $RPM_BUILD_ROOT%{_sysconfdir} mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/{vsftpd,pam.d,logrotate.d} mkdir -p $RPM_BUILD_ROOT%{_mandir}/man{5,8} mkdir -p $RPM_BUILD_ROOT%{_unitdir} mkdir -p $RPM_BUILD_ROOT%{_generatorsdir} -install -m 755 vsftpd $RPM_BUILD_ROOT%{_sbindir}/vsftpd +install -m 755 vsftpd $RPM_BUILD_ROOT%{_bindir}/vsftpd install -m 600 vsftpd.conf $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/vsftpd.conf install -m 644 vsftpd.conf.5 $RPM_BUILD_ROOT/%{_mandir}/man5/ install -m 644 vsftpd.8 $RPM_BUILD_ROOT/%{_mandir}/man8/ @@ -154,7 +154,7 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %files %{_unitdir}/* %{_generatorsdir}/* -%{_sbindir}/vsftpd +%{_bindir}/vsftpd %dir %{_sysconfdir}/vsftpd %{_sysconfdir}/vsftpd/vsftpd_conf_migrate.sh %config(noreplace) %{_sysconfdir}/vsftpd/ftpusers @@ -169,6 +169,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Tue Apr 15 2025 Tomas Korbar - 3.0.5-11 +- Move executable to bindir + * Fri Jan 24 2025 Stepan Broz - 3.0.5-10 - Correct the definition of setup_bio_callbacks() in ssl.c From 09634b741a0eea01a67484408ed979d159bc269f Mon Sep 17 00:00:00 2001 From: Ondrej Mejzlik Date: Wed, 18 Jun 2025 20:46:58 +0200 Subject: [PATCH 82/85] Testing moves to RH gitlab centos-stream space --- plans.fmf | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/plans.fmf b/plans.fmf index a2a8046..900f2e5 100644 --- a/plans.fmf +++ b/plans.fmf @@ -1,7 +1,7 @@ /tier1-internal: plan: import: - url: https://src.fedoraproject.org/tests/vsftpd.git + url: https://gitlab.com/redhat/centos-stream/tests/vsftpd.git name: /plans/tier1/internal adjust: enabled: false @@ -11,13 +11,13 @@ /tier1-public: plan: import: - url: https://src.fedoraproject.org/tests/vsftpd.git + url: https://gitlab.com/redhat/centos-stream/tests/vsftpd.git name: /plans/tier1/public /tier2-tier3-internal: plan: import: - url: https://src.fedoraproject.org/tests/vsftpd.git + url: https://gitlab.com/redhat/centos-stream/tests/vsftpd.git name: /plans/tier2-tier3/internal adjust: enabled: false @@ -27,13 +27,13 @@ /tier2-tier3-public: plan: import: - url: https://src.fedoraproject.org/tests/vsftpd.git + url: https://gitlab.com/redhat/centos-stream/tests/vsftpd.git name: /plans/tier2-tier3/public /others-internal: plan: import: - url: https://src.fedoraproject.org/tests/vsftpd.git + url: https://gitlab.com/redhat/centos-stream/tests/vsftpd.git name: /plans/others/internal adjust: enabled: false @@ -43,5 +43,5 @@ /others-public: plan: import: - url: https://src.fedoraproject.org/tests/vsftpd.git + url: https://gitlab.com/redhat/centos-stream/tests/vsftpd.git name: /plans/others/public From 42db2f076b51cb83a54a5b422fe6ea8e5672250f Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 25 Jul 2025 20:14:23 +0000 Subject: [PATCH 83/85] Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild --- vsftpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index 74e6b37..dbea734 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.5 -Release: 11%{?dist} +Release: 12%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -169,6 +169,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Fri Jul 25 2025 Fedora Release Engineering - 3.0.5-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + * Tue Apr 15 2025 Tomas Korbar - 3.0.5-11 - Move executable to bindir From 67e7d68dac924c323dd54546cc35435d9828d810 Mon Sep 17 00:00:00 2001 From: Fedor Vorobev Date: Wed, 17 Dec 2025 14:11:37 +0100 Subject: [PATCH 84/85] Add a tmpfiles.d config. (image mode support) --- vsftpd-tmpfiles.conf | 2 ++ vsftpd.spec | 8 +++++++- 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 vsftpd-tmpfiles.conf diff --git a/vsftpd-tmpfiles.conf b/vsftpd-tmpfiles.conf new file mode 100644 index 0000000..f1a385c --- /dev/null +++ b/vsftpd-tmpfiles.conf @@ -0,0 +1,2 @@ +d /var/ftp 0755 root root - +d /var/ftp/pub 0755 root root - diff --git a/vsftpd.spec b/vsftpd.spec index dbea734..d06c02d 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.5 -Release: 12%{?dist} +Release: 13%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -18,6 +18,7 @@ Source7: vsftpd.service Source8: vsftpd@.service Source9: vsftpd.target Source10: vsftpd-generator +Source11: vsftpd-tmpfiles.conf BuildRequires: make BuildRequires: pam-devel @@ -138,6 +139,7 @@ install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_unitdir} install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_unitdir} install -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{_unitdir} install -m 755 %{SOURCE10} $RPM_BUILD_ROOT%{_generatorsdir} +install -Dpm 644 %{SOURCE11} $RPM_BUILD_ROOT%{_tmpfilesdir}/vsftpd.conf mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub @@ -167,8 +169,12 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_mandir}/man5/vsftpd.conf.* %{_mandir}/man8/vsftpd.* %{_var}/ftp +%{_tmpfilesdir}/vsftpd.conf %changelog +* Thu Dec 18 2025 Fedor Vorobev - 3.0.5-13 +- Add a tmpfiles.d config. (image mode support) + * Fri Jul 25 2025 Fedora Release Engineering - 3.0.5-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild From 2ed5ba6e77f1c3e365fb4b0028945f762c456131 Mon Sep 17 00:00:00 2001 From: Tomas Korbar Date: Wed, 14 Jan 2026 15:58:44 +0100 Subject: [PATCH 85/85] Resolve CVE-2025-14242 --- ...dd-support-for-square-brackets-in-ls.patch | 19 +++++++------------ vsftpd.spec | 5 ++++- 2 files changed, 11 insertions(+), 13 deletions(-) diff --git a/0014-Add-support-for-square-brackets-in-ls.patch b/0014-Add-support-for-square-brackets-in-ls.patch index 27f5374..5035675 100644 --- a/0014-Add-support-for-square-brackets-in-ls.patch +++ b/0014-Add-support-for-square-brackets-in-ls.patch @@ -1,14 +1,11 @@ -From ba0520650ae7f9f63e48ba9fb3a94297aebe2d0c Mon Sep 17 00:00:00 2001 -From: Martin Sehnoutka -Date: Wed, 7 Sep 2016 14:22:21 +0200 -Subject: [PATCH 14/59] Add support for square brackets in ls. +commit de556b2643b5da622f501b435740c651b9f82554 +Author: Tomas Korbar +Date: Mon Dec 15 02:00:00 2025 +0200 ---- - ls.c | 222 +++++++++++++++++++++++++++++++++++++++++++++---------------------- - 1 file changed, 150 insertions(+), 72 deletions(-) + Add support for square brackets in ls. diff --git a/ls.c b/ls.c -index 616b2d9..b840136 100644 +index 616b2d9..ab69af9 100644 --- a/ls.c +++ b/ls.c @@ -246,7 +246,7 @@ vsf_filename_passes_filter(const struct mystr* p_filename_str, @@ -191,7 +188,7 @@ index 616b2d9..b840136 100644 - if (vsf_filename_passes_filter(&name_remain_str, &new_filter_str, - iters)) + unsigned int cur_pos; -+ char stch, ench; ++ unsigned char stch, ench; + const char *p_brace; + + str_split_char(&filter_remain_str, &temp_str, ']'); @@ -216,7 +213,7 @@ index 616b2d9..b840136 100644 + cur_pos++; + } + // expand char[s] -+ for (;stch <= ench && !str_isempty(&brace_list_str); stch++) ++ for (;stch <= ench && !str_isempty(&brace_list_str) && stch != 0; stch++) + { + str_empty(&new_filter_str); + if (!matched) @@ -272,6 +269,4 @@ index 616b2d9..b840136 100644 } /* Any incoming string left means no match unless we ended on the correct * type of wildcard. --- -2.14.4 diff --git a/vsftpd.spec b/vsftpd.spec index d06c02d..d8e0a58 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.5 -Release: 13%{?dist} +Release: 14%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -172,6 +172,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_tmpfilesdir}/vsftpd.conf %changelog +* Wed Jan 14 2026 Tomas Korbar - 3.0.5-14 +- Resolve CVE-2025-14242 + * Thu Dec 18 2025 Fedor Vorobev - 3.0.5-13 - Add a tmpfiles.d config. (image mode support)