diff --git a/0014-Add-support-for-square-brackets-in-ls.patch b/0014-Add-support-for-square-brackets-in-ls.patch index 27f5374..5035675 100644 --- a/0014-Add-support-for-square-brackets-in-ls.patch +++ b/0014-Add-support-for-square-brackets-in-ls.patch @@ -1,14 +1,11 @@ -From ba0520650ae7f9f63e48ba9fb3a94297aebe2d0c Mon Sep 17 00:00:00 2001 -From: Martin Sehnoutka -Date: Wed, 7 Sep 2016 14:22:21 +0200 -Subject: [PATCH 14/59] Add support for square brackets in ls. +commit de556b2643b5da622f501b435740c651b9f82554 +Author: Tomas Korbar +Date: Mon Dec 15 02:00:00 2025 +0200 ---- - ls.c | 222 +++++++++++++++++++++++++++++++++++++++++++++---------------------- - 1 file changed, 150 insertions(+), 72 deletions(-) + Add support for square brackets in ls. diff --git a/ls.c b/ls.c -index 616b2d9..b840136 100644 +index 616b2d9..ab69af9 100644 --- a/ls.c +++ b/ls.c @@ -246,7 +246,7 @@ vsf_filename_passes_filter(const struct mystr* p_filename_str, @@ -191,7 +188,7 @@ index 616b2d9..b840136 100644 - if (vsf_filename_passes_filter(&name_remain_str, &new_filter_str, - iters)) + unsigned int cur_pos; -+ char stch, ench; ++ unsigned char stch, ench; + const char *p_brace; + + str_split_char(&filter_remain_str, &temp_str, ']'); @@ -216,7 +213,7 @@ index 616b2d9..b840136 100644 + cur_pos++; + } + // expand char[s] -+ for (;stch <= ench && !str_isempty(&brace_list_str); stch++) ++ for (;stch <= ench && !str_isempty(&brace_list_str) && stch != 0; stch++) + { + str_empty(&new_filter_str); + if (!matched) @@ -272,6 +269,4 @@ index 616b2d9..b840136 100644 } /* Any incoming string left means no match unless we ended on the correct * type of wildcard. --- -2.14.4 diff --git a/0076-Correct-the-definition-of-setup_bio_callbacks-in-ssl.patch b/0076-Correct-the-definition-of-setup_bio_callbacks-in-ssl.patch new file mode 100644 index 0000000..4fb8420 --- /dev/null +++ b/0076-Correct-the-definition-of-setup_bio_callbacks-in-ssl.patch @@ -0,0 +1,25 @@ +From f3a745be207831ebd07add16e66ac2b43a743dc1 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Fri, 24 Jan 2025 11:42:39 +0100 +Subject: [PATCH] Correct the definition of setup_bio_callbacks() in ssl.c + +--- + ssl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ssl.c b/ssl.c +index e518097..02ed489 100644 +--- a/ssl.c ++++ b/ssl.c +@@ -36,7 +36,7 @@ + static char* get_ssl_error(); + static SSL* get_ssl(struct vsf_session* p_sess, int fd); + static int ssl_session_init(struct vsf_session* p_sess); +-static void setup_bio_callbacks(); ++static void setup_bio_callbacks(SSL* p_ssl); + static long bio_callback( + BIO* p_bio, int oper, const char* p_arg, size_t len, int argi, long argl, int ret, size_t *processed); + static int ssl_verify_callback(int verify_ok, X509_STORE_CTX* p_ctx); +-- +2.48.1 + diff --git a/gating.yaml b/gating.yaml index de5c323..9b2646f 100644 --- a/gating.yaml +++ b/gating.yaml @@ -4,8 +4,8 @@ product_versions: decision_context: bodhi_update_push_testing subject_type: koji_build rules: - - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/public.functional} - + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional} + #Rawhide --- !Policy product_versions: @@ -13,15 +13,14 @@ product_versions: decision_context: bodhi_update_push_stable subject_type: koji_build rules: - - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/public.functional} - + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional} + #gating rhel --- !Policy product_versions: - rhel-* decision_context: osci_compose_gate rules: - - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional} - - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tedude.validation} + - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-public.functional} - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-internal.functional} - - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/public.functional} + diff --git a/plans.fmf b/plans.fmf new file mode 100644 index 0000000..900f2e5 --- /dev/null +++ b/plans.fmf @@ -0,0 +1,47 @@ +/tier1-internal: + plan: + import: + url: https://gitlab.com/redhat/centos-stream/tests/vsftpd.git + name: /plans/tier1/internal + adjust: + enabled: false + when: distro == centos-stream, fedora + because: They don't have access to internal repos. + +/tier1-public: + plan: + import: + url: https://gitlab.com/redhat/centos-stream/tests/vsftpd.git + name: /plans/tier1/public + +/tier2-tier3-internal: + plan: + import: + url: https://gitlab.com/redhat/centos-stream/tests/vsftpd.git + name: /plans/tier2-tier3/internal + adjust: + enabled: false + when: distro == centos-stream, fedora + because: They don't have access to internal repos. + +/tier2-tier3-public: + plan: + import: + url: https://gitlab.com/redhat/centos-stream/tests/vsftpd.git + name: /plans/tier2-tier3/public + +/others-internal: + plan: + import: + url: https://gitlab.com/redhat/centos-stream/tests/vsftpd.git + name: /plans/others/internal + adjust: + enabled: false + when: distro == centos-stream, fedora + because: They don't have access to internal repos. + +/others-public: + plan: + import: + url: https://gitlab.com/redhat/centos-stream/tests/vsftpd.git + name: /plans/others/public diff --git a/plans/public.fmf b/plans/public.fmf deleted file mode 100644 index 95682f5..0000000 --- a/plans/public.fmf +++ /dev/null @@ -1,6 +0,0 @@ -summary: Test plan with all Fedora tests -discover: - how: fmf - url: https://src.fedoraproject.org/tests/vsftpd.git -execute: - how: tmt diff --git a/plans/tier1-internal.fmf b/plans/tier1-internal.fmf deleted file mode 100644 index d1dd032..0000000 --- a/plans/tier1-internal.fmf +++ /dev/null @@ -1,12 +0,0 @@ -summary: CI plan, picks internal Tier1 tests, runs in beakerlib. -discover: - - name: rhel - how: fmf - filter: 'tier: 1' - url: git://pkgs.devel.redhat.com/tests/vsftpd -execute: - how: tmt -adjust: - enabled: false - when: distro == centos-stream, fedora - because: They don't have access to internal repos. diff --git a/vsftpd-tmpfiles.conf b/vsftpd-tmpfiles.conf new file mode 100644 index 0000000..f1a385c --- /dev/null +++ b/vsftpd-tmpfiles.conf @@ -0,0 +1,2 @@ +d /var/ftp 0755 root root - +d /var/ftp/pub 0755 root root - diff --git a/vsftpd.spec b/vsftpd.spec index 668b321..d8e0a58 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.5 -Release: 8%{?dist} +Release: 14%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -18,6 +18,7 @@ Source7: vsftpd.service Source8: vsftpd@.service Source9: vsftpd.target Source10: vsftpd-generator +Source11: vsftpd-tmpfiles.conf BuildRequires: make BuildRequires: pam-devel @@ -99,6 +100,7 @@ Patch72: vsftpd-3.0.5-replace-old-network-addr-functions.patch Patch73: vsftpd-3.0.5-replace-deprecated-openssl-functions.patch Patch74: vsftpd-3.0.5-add-option-for-tlsv1.3-ciphersuites.patch Patch75: vsftpd-3.0.5-use-old-tlsv-options.patch +Patch76: 0076-Correct-the-definition-of-setup_bio_callbacks-in-ssl.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -118,13 +120,13 @@ cp %{SOURCE1} . LINK="-pie -lssl $RPM_LD_FLAGS" %{?_smp_mflags} %install -mkdir -p $RPM_BUILD_ROOT%{_sbindir} +mkdir -p $RPM_BUILD_ROOT%{_bindir} mkdir -p $RPM_BUILD_ROOT%{_sysconfdir} mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/{vsftpd,pam.d,logrotate.d} mkdir -p $RPM_BUILD_ROOT%{_mandir}/man{5,8} mkdir -p $RPM_BUILD_ROOT%{_unitdir} mkdir -p $RPM_BUILD_ROOT%{_generatorsdir} -install -m 755 vsftpd $RPM_BUILD_ROOT%{_sbindir}/vsftpd +install -m 755 vsftpd $RPM_BUILD_ROOT%{_bindir}/vsftpd install -m 600 vsftpd.conf $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/vsftpd.conf install -m 644 vsftpd.conf.5 $RPM_BUILD_ROOT/%{_mandir}/man5/ install -m 644 vsftpd.8 $RPM_BUILD_ROOT/%{_mandir}/man8/ @@ -137,6 +139,7 @@ install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_unitdir} install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_unitdir} install -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{_unitdir} install -m 755 %{SOURCE10} $RPM_BUILD_ROOT%{_generatorsdir} +install -Dpm 644 %{SOURCE11} $RPM_BUILD_ROOT%{_tmpfilesdir}/vsftpd.conf mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub @@ -153,7 +156,7 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %files %{_unitdir}/* %{_generatorsdir}/* -%{_sbindir}/vsftpd +%{_bindir}/vsftpd %dir %{_sysconfdir}/vsftpd %{_sysconfdir}/vsftpd/vsftpd_conf_migrate.sh %config(noreplace) %{_sysconfdir}/vsftpd/ftpusers @@ -166,8 +169,27 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_mandir}/man5/vsftpd.conf.* %{_mandir}/man8/vsftpd.* %{_var}/ftp +%{_tmpfilesdir}/vsftpd.conf %changelog +* Wed Jan 14 2026 Tomas Korbar - 3.0.5-14 +- Resolve CVE-2025-14242 + +* Thu Dec 18 2025 Fedor Vorobev - 3.0.5-13 +- Add a tmpfiles.d config. (image mode support) + +* Fri Jul 25 2025 Fedora Release Engineering - 3.0.5-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + +* Tue Apr 15 2025 Tomas Korbar - 3.0.5-11 +- Move executable to bindir + +* Fri Jan 24 2025 Stepan Broz - 3.0.5-10 +- Correct the definition of setup_bio_callbacks() in ssl.c + +* Sun Jan 19 2025 Fedora Release Engineering - 3.0.5-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + * Mon Aug 19 2024 Tomas Korbar - 3.0.5-8 - Fix FEAT command to list AUTH TLS when TLSv1.3 is enabled