diff --git a/.gitignore b/.gitignore index 10b9305..a67692a 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,5 @@ vsftpd-2.3.2.tar.gz /vsftpd-2.3.4.tar.gz /vsftpd-2.3.5.tar.gz /vsftpd-3.0.0.tar.gz +/vsftpd-3.0.1.tar.gz +/vsftpd-3.0.2.tar.gz diff --git a/sources b/sources index bfad59d..a0f6918 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -ad9fa952558c2c5b0426ccaccff0f972 vsftpd-3.0.0.tar.gz +8b00c749719089401315bd3c44dddbb2 vsftpd-3.0.2.tar.gz diff --git a/vsftpd-2.1.0-pam_hostname.patch b/vsftpd-2.1.0-pam_hostname.patch index 18f7695..c3d8b1e 100644 --- a/vsftpd-2.1.0-pam_hostname.patch +++ b/vsftpd-2.1.0-pam_hostname.patch @@ -15,7 +15,7 @@ diff -up vsftpd-2.2.0/sysdeputil.c.pam_hostname vsftpd-2.2.0/sysdeputil.c @@ -325,6 +329,10 @@ vsf_sysdep_check_auth(struct mystr* p_us const struct mystr* p_remote_host) { - int retval; + int retval = -1; +#ifdef PAM_RHOST + struct sockaddr_in sin; + struct hostent *host; diff --git a/vsftpd-2.3.4-sd.patch b/vsftpd-2.3.4-sd.patch index c54aca2..706365a 100644 --- a/vsftpd-2.3.4-sd.patch +++ b/vsftpd-2.3.4-sd.patch @@ -1,35 +1,69 @@ -diff -up vsftpd-2.3.4/vsftpd.8.sd vsftpd-2.3.4/vsftpd.8 ---- vsftpd-2.3.4/vsftpd.8.sd 2011-11-14 15:22:50.363265369 +0100 -+++ vsftpd-2.3.4/vsftpd.8 2011-11-15 08:32:55.270895429 +0100 -@@ -25,6 +25,8 @@ in +diff -up vsftpd-3.0.2/vsftpd.8.sd vsftpd-3.0.2/vsftpd.8 +--- vsftpd-3.0.2/vsftpd.8.sd 2013-09-04 13:04:40.383348837 +0200 ++++ vsftpd-3.0.2/vsftpd.8 2013-09-04 13:45:00.370277842 +0200 +@@ -25,6 +25,23 @@ in Direct execution of the .Nm vsftpd binary will then launch the FTP service ready for immediate client connections. +.Pp -+Systemd changes the vsftpd start-up. When the SysV initscript attempts to start one instance of the vsftpd daemon for each of /etc/vsftpd/*.conf file, each configuration file requires a proper unit file. Each instance of the vsftpd daemon is started separately. See systemd.unit(5). ++Systemd changes the vsftpd daemon start-up. The vsftpd package contains vsftpd-generator script generating symbolic links to /var/run/systemd/generator/vsftpd.target.wants directory. The generator is called during e.g. 'systemctl --system daemon-reload'. All these symbolic links link /usr/lib/systemd/system/vsftpd@.service file. ++The vsftpd daemon(s) is/are controlled by one of following ways: ++.Pp ++1. Single daemon using default /etc/vsftpd/vsftpd.conf configuration file ++.br ++# systemctl {start,stop,...} vsftpd[.service] ++.Pp ++2. Single daemon using /etc/vsftpd/.conf ++.br ++# systemctl {start,stop,...} vsftpd@[.service] ++.Pp ++3. All instances together ++.br ++# systemctl {restart,stop} vsftpd.target ++.Pp ++See systemd.unit(5), systemd.target(5) for further details. .Sh OPTIONS An optional configuration file or files -@@ -55,6 +57,9 @@ the "ftpd_banner" setting is set to "bla +@@ -55,6 +72,13 @@ the "ftpd_banner" setting is set to "bla setting and any identical setting that was in the config file. .Sh FILES .Pa /etc/vsftpd/vsftpd.conf +.Pp -+.Pa /lib/systemd/system/vsftpd.service ++.Pa /usr/lib/systemd/system/vsftpd.service ++.Pp ++.Pa /usr/lib/systemd/system/vsftpd@.service ++.Pp ++.Pa /usr/lib/systemd/system/vsftpd.target .Sh SEE ALSO .Xr vsftpd.conf 5 +.Xr systemd.unit 5 .end -diff -up vsftpd-2.3.4/vsftpd.conf.5.sd vsftpd-2.3.4/vsftpd.conf.5 ---- vsftpd-2.3.4/vsftpd.conf.5.sd 2011-11-14 15:22:50.546267713 +0100 -+++ vsftpd-2.3.4/vsftpd.conf.5 2011-11-15 08:48:42.872580090 +0100 -@@ -13,6 +13,9 @@ inetd such as +diff -up vsftpd-3.0.2/vsftpd.conf.5.sd vsftpd-3.0.2/vsftpd.conf.5 +--- vsftpd-3.0.2/vsftpd.conf.5.sd 2013-09-04 13:04:40.391348915 +0200 ++++ vsftpd-3.0.2/vsftpd.conf.5 2013-09-04 13:44:57.573250302 +0200 +@@ -12,7 +12,23 @@ inetd such as + .BR xinetd to launch vsftpd with different configuration files on a per virtual host basis. - -+Systemd changes the vsftpd daemon start-up. Each configuration file -+requires a proper unit file that can be obtained by cloning and modifying default vsftpd.service. This additional unit file should be placed to /etc/systemd/system. See systemd.unit(5) for details. -+ +- ++.P ++Systemd changes the vsftpd daemon start-up. The vsftpd package contains vsftpd-generator script generating symbolic links to /var/run/systemd/generator/vsftpd.target.wants directory. The generator is called during e. g. 'systemctl --system daemon-reload'. All these symbolic links link /usr/lib/systemd/system/vsftpd@.service file. ++The vsftpd daemon(s) is/are controlled by one of following ways: ++.P ++1. Single daemon using default /etc/vsftpd/vsftpd.conf configuration file ++.br ++# systemctl {start,stop,...} vsftpd[.service] ++.P ++2. Single daemon using /etc/vsftpd/.conf ++.br ++# systemctl {start,stop,...} vsftpd@[.service] ++.P ++3. All instances together ++.br ++# systemctl {restart,stop} vsftpd.target ++.P ++See systemd.unit(5), systemd.target(5) for further details. .SH FORMAT The format of vsftpd.conf is very simple. Each line is either a comment or a directive. Comment lines start with a # and are ignored. A directive line diff --git a/vsftpd-2.3.5-aslim.patch b/vsftpd-2.3.5-aslim.patch index 4f28d09..ba317b8 100644 --- a/vsftpd-2.3.5-aslim.patch +++ b/vsftpd-2.3.5-aslim.patch @@ -6,7 +6,7 @@ diff -up vsftpd-2.3.5/defs.h.aslim vsftpd-2.3.5/defs.h VSFTP_DATA_BUFSIZE*2 */ #define VSFTP_PRIVSOCK_MAXSTR VSFTP_DATA_BUFSIZE * 2 -#define VSFTP_AS_LIMIT 100UL * 1024 * 1024 -+#define VSFTP_AS_LIMIT 200UL * 1024 * 1024 ++#define VSFTP_AS_LIMIT 400UL * 1024 * 1024 #endif /* VSF_DEFS_H */ diff --git a/vsftpd-3.0.2-seccomp.patch b/vsftpd-3.0.2-seccomp.patch new file mode 100644 index 0000000..8e8707d --- /dev/null +++ b/vsftpd-3.0.2-seccomp.patch @@ -0,0 +1,12 @@ +diff -up vsftpd-3.0.2/tunables.c.seccomp vsftpd-3.0.2/tunables.c +--- vsftpd-3.0.2/tunables.c.seccomp 2013-09-10 09:24:50.997413380 +0200 ++++ vsftpd-3.0.2/tunables.c 2013-09-10 09:25:19.236401339 +0200 +@@ -228,7 +228,7 @@ tunables_load_defaults() + tunable_isolate_network = 1; + tunable_ftp_enable = 1; + tunable_http_enable = 0; +- tunable_seccomp_sandbox = 1; ++ tunable_seccomp_sandbox = 0; + tunable_allow_writeable_chroot = 0; + + tunable_accept_timeout = 60; diff --git a/vsftpd-generator b/vsftpd-generator new file mode 100755 index 0000000..f1c4cdc --- /dev/null +++ b/vsftpd-generator @@ -0,0 +1,15 @@ +#!/bin/bash + +confdir=/etc/vsftpd +unitdir=/usr/lib/systemd/system +targetdir=$1/vsftpd.target.wants + +mkdir -p ${targetdir} + +for f in $(ls -1 ${confdir}/*.conf | awk -F "." '{print $1}' | awk -F "/" '{print $4}') +do + echo "Generating systemd units for $f" + ln -s ${unitdir}/vsftpd\@.service ${targetdir}/vsftpd\@$f.service > /dev/null 2>&1 +done + +exit 0 diff --git a/vsftpd.spec b/vsftpd.spec index 9bac8bc..4f9a804 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -1,8 +1,9 @@ %{!?tcp_wrappers:%define tcp_wrappers 1} +%define _generatorsdir %{_prefix}/lib/systemd/system-generators Name: vsftpd -Version: 3.0.0 -Release: 4%{?dist} +Version: 3.0.2 +Release: 2%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -17,19 +18,21 @@ Source4: vsftpd.user_list Source5: vsftpd.init Source6: vsftpd_conf_migrate.sh Source7: vsftpd.service +Source8: vsftpd@.service +Source9: vsftpd.target +Source10: vsftpd-generator BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: pam-devel BuildRequires: libcap-devel BuildRequires: openssl-devel +BuildRequires: systemd %if %{tcp_wrappers} BuildRequires: tcp_wrappers-devel %endif Requires: logrotate -Requires (preun): /sbin/chkconfig -Requires (post): /sbin/chkconfig # Build patches Patch1: vsftpd-2.1.0-libs.patch @@ -57,6 +60,7 @@ Patch22: vsftpd-2.3.5-aslim.patch Patch23: vsftpd-3.0.0-tz.patch Patch24: vsftpd-3.0.0-xferlog.patch Patch25: vsftpd-3.0.0-logrotate.patch +Patch26: vsftpd-3.0.2-seccomp.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -97,6 +101,7 @@ cp %{SOURCE1} . %patch23 -p1 -b .tz %patch24 -p1 -b .xferlog %patch25 -p1 -b .logrotate +%patch26 -p1 -b .seccomp %build %ifarch s390x sparcv9 sparc64 @@ -113,7 +118,8 @@ mkdir -p $RPM_BUILD_ROOT%{_sbindir} mkdir -p $RPM_BUILD_ROOT%{_sysconfdir} mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/{vsftpd,pam.d,logrotate.d,rc.d/init.d} mkdir -p $RPM_BUILD_ROOT%{_mandir}/man{5,8} -mkdir -p $RPM_BUILD_ROOT/lib/systemd/system +mkdir -p $RPM_BUILD_ROOT%{_unitdir} +mkdir -p $RPM_BUILD_ROOT%{_generatorsdir} install -m 755 vsftpd $RPM_BUILD_ROOT%{_sbindir}/vsftpd install -m 600 vsftpd.conf $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/vsftpd.conf install -m 644 vsftpd.conf.5 $RPM_BUILD_ROOT/%{_mandir}/man5/ @@ -124,7 +130,10 @@ install -m 600 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/ftpusers install -m 600 %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/user_list install -m 755 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/vsftpd install -m 744 %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/vsftpd_conf_migrate.sh -install -m 644 %{SOURCE7} $RPM_BUILD_ROOT/lib/systemd/system/ +install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_unitdir} +install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_unitdir} +install -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{_unitdir} +install -m 755 %{SOURCE10} $RPM_BUILD_ROOT%{_generatorsdir} mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub @@ -132,27 +141,19 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub rm -rf $RPM_BUILD_ROOT %post -/bin/systemctl daemon-reload >/dev/null 2>&1 || : +%systemd_post vsftpd.service %preun -if [ $1 = 0 ]; then - /bin/systemctl disable vsftpd.service > /dev/null 2>&1 || : - /bin/systemctl stop vsftpd.service > /dev/null 2>&1 || : -fi +%systemd_preun vsftpd.service +%systemd_preun vsftpd.target %postun -/bin/systemctl daemon-reload >/dev/null 2>&1 || : - -%triggerun -- %{name} < 2.3.4-5 - /sbin/chkconfig --del vsftpd >/dev/null 2>&1 || : - /bin/systemctl try-restart vsftpd.service >/dev/null 2>&1 || : - -%triggerpostun -n %{name}-sysvinit -- %{name} < 2.3.4-5 - /sbin/chkconfig --add vsftpd >/dev/null 2>&1 || : +%systemd_postun_with_restart vsftpd.service %files %defattr(-,root,root,-) -/lib/systemd/system/vsftpd.service +%{_unitdir}/* +%{_generatorsdir}/* %{_sbindir}/vsftpd %dir %{_sysconfdir}/vsftpd %{_sysconfdir}/vsftpd/vsftpd_conf_migrate.sh @@ -171,6 +172,21 @@ fi %{_sysconfdir}/rc.d/init.d/vsftpd %changelog +* Tue Sep 10 2013 Jiri Skala - 3.0.2-2 +- updated man pages - systemd multiple instances +- fixed #913519 - login fails +- fixed #719434 - Provide native systemd unit file +- replaced systemd path by _unitdir macro +- temporary changed default value of seccomp_sandbox to 0 + +* Wed Sep 19 2012 Jiri Skala - 3.0.2-1 +- update to latest upstream vsftpd-3.0.2 + +* Mon Sep 17 2012 Jiri Skala - 3.0.1-1 +- update to latest upstream vsftpd-3.0.1 +- fixes #845980 - vsftpd seccomp filter is too strict +- fixes #851441 - Introduce new systemd-rpm macros in vsftpd spec file + * Sun Jul 22 2012 Fedora Release Engineering - 3.0.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild diff --git a/vsftpd.target b/vsftpd.target new file mode 100644 index 0000000..3f0a942 --- /dev/null +++ b/vsftpd.target @@ -0,0 +1,6 @@ +[Unit] +Description=FTP daemon +After=network.target + +[Install] +WantedBy=multi-user.target diff --git a/vsftpd@.service b/vsftpd@.service new file mode 100644 index 0000000..f3a7a16 --- /dev/null +++ b/vsftpd@.service @@ -0,0 +1,11 @@ +[Unit] +Description=Vsftpd ftp daemon +After=network.target +PartOf=vsftpd.target + +[Service] +Type=forking +ExecStart=/usr/sbin/vsftpd /etc/vsftpd/%i.conf + +[Install] +WantedBy=vsftpd.target