temporary changed default value of seccomp_sandbox to 0

updated man pages - systemd multiple instances
fixed #913519 - login fails fixed #719434 - Provide native systemd unit file replaced systemd path by _unitdir macro
2013-09-10 09:32:07 +02:00 · 2013-09-10 09:22:08 +02:00 · 2012-09-19 13:11:48 +02:00 · 2012-09-17 15:36:22 +02:00
10 changed files with 134 additions and 38 deletions
--- a/.gitignore
+++ b/.gitignore
@ -3,3 +3,5 @@ vsftpd-2.3.2.tar.gz
 /vsftpd-2.3.4.tar.gz
 /vsftpd-2.3.5.tar.gz
 /vsftpd-3.0.0.tar.gz
+/vsftpd-3.0.1.tar.gz
+/vsftpd-3.0.2.tar.gz
--- a/2
+++ b/2
@ -1 +1 @@
-ad9fa952558c2c5b0426ccaccff0f972  vsftpd-3.0.0.tar.gz
+8b00c749719089401315bd3c44dddbb2  vsftpd-3.0.2.tar.gz
--- a/vsftpd-2.1.0-pam_hostname.patch
+++ b/vsftpd-2.1.0-pam_hostname.patch
@ -15,7 +15,7 @@ diff -up vsftpd-2.2.0/sysdeputil.c.pam_hostname vsftpd-2.2.0/sysdeputil.c
@@ -325,6 +329,10 @@ vsf_sysdep_check_auth(struct mystr* p_us
                       const struct mystr* p_remote_host)
 {
-   int retval;
+   int retval = -1;
 +#ifdef PAM_RHOST
 +  struct sockaddr_in sin;
 +  struct hostent *host;
--- a/vsftpd-2.3.4-sd.patch
+++ b/vsftpd-2.3.4-sd.patch
@ -1,35 +1,69 @@
-diff -up vsftpd-2.3.4/vsftpd.8.sd vsftpd-2.3.4/vsftpd.8
--- vsftpd-2.3.4/vsftpd.8.sd	2011-11-14 15:22:50.363265369 +0100
-+++ vsftpd-2.3.4/vsftpd.8	2011-11-15 08:32:55.270895429 +0100
-@@ -25,6 +25,8 @@ in
+diff -up vsftpd-3.0.2/vsftpd.8.sd vsftpd-3.0.2/vsftpd.8
+--- vsftpd-3.0.2/vsftpd.8.sd	2013-09-04 13:04:40.383348837 +0200
+++ vsftpd-3.0.2/vsftpd.8	2013-09-04 13:45:00.370277842 +0200
+@@ -25,6 +25,23 @@ in
 Direct execution of the
 .Nm vsftpd
 binary will then launch the FTP service ready for immediate client connections.
 +.Pp
-+Systemd changes the vsftpd start-up. When the SysV initscript attempts to start one instance of the vsftpd daemon for each of /etc/vsftpd/*.conf file, each configuration file requires a proper unit file. Each instance of the vsftpd daemon is started separately. See systemd.unit(5).
+Systemd changes the vsftpd daemon start-up. The vsftpd package contains vsftpd-generator script generating symbolic links to /var/run/systemd/generator/vsftpd.target.wants directory. The generator is called during e.g. 'systemctl --system daemon-reload'. All these symbolic links link /usr/lib/systemd/system/vsftpd@.service file.
+The vsftpd daemon(s) is/are controlled by one of following ways:
+.Pp
+1. Single daemon using default /etc/vsftpd/vsftpd.conf configuration file
+.br
+# systemctl {start,stop,...} vsftpd[.service]
+.Pp
+2. Single daemon using /etc/vsftpd/<conf-name>.conf
+.br
+# systemctl {start,stop,...} vsftpd@<conf-name>[.service]
+.Pp
+3. All instances together
+.br
+# systemctl {restart,stop} vsftpd.target
+.Pp
+See systemd.unit(5), systemd.target(5) for further details.
 .Sh OPTIONS
 An optional
 configuration file or files
-@@ -55,6 +57,9 @@ the "ftpd_banner" setting is set to "bla
+@@ -55,6 +72,13 @@ the "ftpd_banner" setting is set to "bla
 setting and any identical setting that was in the config file.
 .Sh FILES
 .Pa /etc/vsftpd/vsftpd.conf
 +.Pp
-+.Pa /lib/systemd/system/vsftpd.service
+.Pa /usr/lib/systemd/system/vsftpd.service
+.Pp
+.Pa /usr/lib/systemd/system/vsftpd@.service
+.Pp
+.Pa /usr/lib/systemd/system/vsftpd.target
 .Sh SEE ALSO
 .Xr vsftpd.conf 5
 +.Xr systemd.unit 5
 .end
-diff -up vsftpd-2.3.4/vsftpd.conf.5.sd vsftpd-2.3.4/vsftpd.conf.5
--- vsftpd-2.3.4/vsftpd.conf.5.sd	2011-11-14 15:22:50.546267713 +0100
-+++ vsftpd-2.3.4/vsftpd.conf.5	2011-11-15 08:48:42.872580090 +0100
-@@ -13,6 +13,9 @@ inetd such as
+diff -up vsftpd-3.0.2/vsftpd.conf.5.sd vsftpd-3.0.2/vsftpd.conf.5
+--- vsftpd-3.0.2/vsftpd.conf.5.sd	2013-09-04 13:04:40.391348915 +0200
+++ vsftpd-3.0.2/vsftpd.conf.5	2013-09-04 13:44:57.573250302 +0200
+@@ -12,7 +12,23 @@ inetd such as
+ .BR xinetd
 to launch vsftpd with different configuration files on a per virtual host
 basis.
- 
-+Systemd changes the vsftpd daemon start-up. Each configuration file 
-+requires a proper unit file that can be obtained by cloning and modifying default vsftpd.service. This additional unit file should be placed to /etc/systemd/system. See systemd.unit(5) for details.
-+
+-
+.P
+Systemd changes the vsftpd daemon start-up. The vsftpd package contains vsftpd-generator script generating symbolic links to /var/run/systemd/generator/vsftpd.target.wants directory. The generator is called during e. g. 'systemctl --system daemon-reload'. All these symbolic links link /usr/lib/systemd/system/vsftpd@.service file.
+The vsftpd daemon(s) is/are controlled by one of following ways:
+.P
+1. Single daemon using default /etc/vsftpd/vsftpd.conf configuration file
+.br
+# systemctl {start,stop,...} vsftpd[.service]
+.P
+2. Single daemon using /etc/vsftpd/<config-filename>.conf
+.br
+# systemctl {start,stop,...} vsftpd@<config-filename-without-extension>[.service]
+.P
+3. All instances together
+.br
+# systemctl {restart,stop} vsftpd.target
+.P
+See systemd.unit(5), systemd.target(5) for further details.
 .SH FORMAT
 The format of vsftpd.conf is very simple. Each line is either a comment or
 a directive. Comment lines start with a # and are ignored. A directive line
--- a/vsftpd-2.3.5-aslim.patch
+++ b/vsftpd-2.3.5-aslim.patch
@ -6,7 +6,7 @@ diff -up vsftpd-2.3.5/defs.h.aslim vsftpd-2.3.5/defs.h
    VSFTP_DATA_BUFSIZE*2 */
 #define VSFTP_PRIVSOCK_MAXSTR   VSFTP_DATA_BUFSIZE * 2
 -#define VSFTP_AS_LIMIT          100UL * 1024 * 1024
-+#define VSFTP_AS_LIMIT          200UL * 1024 * 1024
+#define VSFTP_AS_LIMIT          400UL * 1024 * 1024
 
 #endif /* VSF_DEFS_H */
 
--- a/vsftpd-3.0.2-seccomp.patch
+++ b/vsftpd-3.0.2-seccomp.patch
@ -0,0 +1,12 @@
+diff -up vsftpd-3.0.2/tunables.c.seccomp vsftpd-3.0.2/tunables.c
+--- vsftpd-3.0.2/tunables.c.seccomp	2013-09-10 09:24:50.997413380 +0200
+++ vsftpd-3.0.2/tunables.c	2013-09-10 09:25:19.236401339 +0200
+@@ -228,7 +228,7 @@ tunables_load_defaults()
+   tunable_isolate_network = 1;
+   tunable_ftp_enable = 1;
+   tunable_http_enable = 0;
+-  tunable_seccomp_sandbox = 1;
+  tunable_seccomp_sandbox = 0;
+   tunable_allow_writeable_chroot = 0;
+ 
+   tunable_accept_timeout = 60;
--- a/15
+++ b/15
@ -0,0 +1,15 @@
+#!/bin/bash
+
+confdir=/etc/vsftpd
+unitdir=/usr/lib/systemd/system
+targetdir=$1/vsftpd.target.wants
+
+mkdir -p ${targetdir}
+
+for f in $(ls -1 ${confdir}/*.conf | awk -F "." '{print $1}' | awk -F "/" '{print $4}')
+do
+  echo "Generating systemd units for $f"
+  ln -s ${unitdir}/vsftpd\@.service ${targetdir}/vsftpd\@$f.service > /dev/null 2>&1
+done
+
+exit 0
--- a/vsftpd.spec
+++ b/vsftpd.spec
@ -1,8 +1,9 @@
 %{!?tcp_wrappers:%define tcp_wrappers 1}
+%define _generatorsdir %{_prefix}/lib/systemd/system-generators

 Name: vsftpd
-Version: 3.0.0
-Release: 4%{?dist}
+Version: 3.0.2
+Release: 2%{?dist}
 Summary: Very Secure Ftp Daemon

 Group: System Environment/Daemons
@ -17,19 +18,21 @@ Source4: vsftpd.user_list
 Source5: vsftpd.init
 Source6: vsftpd_conf_migrate.sh
 Source7: vsftpd.service
+Source8: vsftpd@.service
+Source9: vsftpd.target
+Source10: vsftpd-generator

 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

 BuildRequires: pam-devel
 BuildRequires: libcap-devel
 BuildRequires: openssl-devel
+BuildRequires: systemd
 %if %{tcp_wrappers}
 BuildRequires: tcp_wrappers-devel
 %endif

 Requires: logrotate
-Requires (preun): /sbin/chkconfig
-Requires (post): /sbin/chkconfig

 # Build patches
 Patch1: vsftpd-2.1.0-libs.patch
@ -57,6 +60,7 @@ Patch22: vsftpd-2.3.5-aslim.patch
 Patch23: vsftpd-3.0.0-tz.patch
 Patch24: vsftpd-3.0.0-xferlog.patch
 Patch25: vsftpd-3.0.0-logrotate.patch
+Patch26: vsftpd-3.0.2-seccomp.patch

 %description
 vsftpd is a Very Secure FTP daemon. It was written completely from
@ -97,6 +101,7 @@ cp %{SOURCE1} .
 %patch23 -p1 -b .tz
 %patch24 -p1 -b .xferlog
 %patch25 -p1 -b .logrotate
+%patch26 -p1 -b .seccomp

 %build
 %ifarch s390x sparcv9 sparc64
@ -113,7 +118,8 @@ mkdir -p $RPM_BUILD_ROOT%{_sbindir}
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/{vsftpd,pam.d,logrotate.d,rc.d/init.d}
 mkdir -p $RPM_BUILD_ROOT%{_mandir}/man{5,8}
-mkdir -p $RPM_BUILD_ROOT/lib/systemd/system
+mkdir -p $RPM_BUILD_ROOT%{_unitdir}
+mkdir -p $RPM_BUILD_ROOT%{_generatorsdir}
 install -m 755 vsftpd  $RPM_BUILD_ROOT%{_sbindir}/vsftpd
 install -m 600 vsftpd.conf $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/vsftpd.conf
 install -m 644 vsftpd.conf.5 $RPM_BUILD_ROOT/%{_mandir}/man5/
@ -124,7 +130,10 @@ install -m 600 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/ftpusers
 install -m 600 %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/user_list
 install -m 755 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/vsftpd
 install -m 744 %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/vsftpd_conf_migrate.sh
-install -m 644 %{SOURCE7} $RPM_BUILD_ROOT/lib/systemd/system/
+install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_unitdir}
+install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_unitdir}
+install -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{_unitdir}
+install -m 755 %{SOURCE10} $RPM_BUILD_ROOT%{_generatorsdir}
                            
 mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub

@ -132,27 +141,19 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub
 rm -rf $RPM_BUILD_ROOT

 %post
-/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+%systemd_post vsftpd.service

 %preun
-if [ $1 = 0 ]; then
-	/bin/systemctl disable vsftpd.service > /dev/null 2>&1 || :
-	/bin/systemctl stop vsftpd.service > /dev/null 2>&1 || :
-fi
+%systemd_preun vsftpd.service
+%systemd_preun vsftpd.target

 %postun
-/bin/systemctl daemon-reload >/dev/null 2>&1 || :
-
-%triggerun --  %{name} < 2.3.4-5
-	/sbin/chkconfig --del vsftpd >/dev/null 2>&1 || :
-	/bin/systemctl try-restart vsftpd.service >/dev/null 2>&1 || :
-
-%triggerpostun -n %{name}-sysvinit -- %{name} < 2.3.4-5
-	/sbin/chkconfig --add vsftpd >/dev/null 2>&1 || :
+%systemd_postun_with_restart vsftpd.service

 %files
 %defattr(-,root,root,-)
-/lib/systemd/system/vsftpd.service
+%{_unitdir}/*
+%{_generatorsdir}/*
 %{_sbindir}/vsftpd
 %dir %{_sysconfdir}/vsftpd
 %{_sysconfdir}/vsftpd/vsftpd_conf_migrate.sh
@ -171,6 +172,21 @@ fi
 %{_sysconfdir}/rc.d/init.d/vsftpd

 %changelog
+* Tue Sep 10 2013 Jiri Skala <jskala@redhat.com> - 3.0.2-2
+- updated man pages - systemd multiple instances
+- fixed #913519 - login fails
+- fixed #719434 - Provide native systemd unit file
+- replaced systemd path by _unitdir macro
+- temporary changed default value of seccomp_sandbox to 0
+
+* Wed Sep 19 2012 Jiri Skala <jskala@redhat.com> - 3.0.2-1
+- update to latest upstream vsftpd-3.0.2
+
+* Mon Sep 17 2012 Jiri Skala <jskala@redhat.com> - 3.0.1-1
+- update to latest upstream vsftpd-3.0.1
+- fixes #845980 - vsftpd seccomp filter is too strict
+- fixes #851441 - Introduce new systemd-rpm macros in vsftpd spec file
+
 * Sun Jul 22 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.0.0-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

--- a/vsftpd.target
+++ b/vsftpd.target
@ -0,0 +1,6 @@
+[Unit]
+Description=FTP daemon
+After=network.target
+
+[Install]
+WantedBy=multi-user.target
--- a/vsftpd@.service
+++ b/vsftpd@.service
@ -0,0 +1,11 @@
+[Unit]
+Description=Vsftpd ftp daemon
+After=network.target
+PartOf=vsftpd.target
+
+[Service]
+Type=forking
+ExecStart=/usr/sbin/vsftpd /etc/vsftpd/%i.conf
+
+[Install]
+WantedBy=vsftpd.target
Author	SHA1	Message	Date
Jiri Skala	65222d877e	temporary changed default value of seccomp_sandbox to 0	2013-09-10 09:32:07 +02:00
Jiri Skala	23839f758d	updated man pages - systemd multiple instances fixed #913519 - login fails fixed #719434 - Provide native systemd unit file replaced systemd path by _unitdir macro	2013-09-10 09:22:08 +02:00
Jiri Skala	e71d956600	update to latest upstream vsftpd-3.0.2	2012-09-19 13:11:48 +02:00
Jiri Skala	b9ffcf8af0	update to latest upstream 3.0.1 fixes #851441 - Introduce new systemd-rpm macros in vsftpd spec file fixes #845980 - vsftpd seccomp filter is too strict	2012-09-17 15:36:22 +02:00