From fafd5d042c845f69cd331108e325ce742520a3f2 Mon Sep 17 00:00:00 2001 From: Jiri Skala Date: Nov 15 2011 14:20:44 +0000 Subject: removes exclusivity between listen and listen_ipv6 BZ#450853 --- diff --git a/vsftpd-2.2.2-v6only.patch b/vsftpd-2.2.2-v6only.patch deleted file mode 100644 index f0931e2..0000000 --- a/vsftpd-2.2.2-v6only.patch +++ /dev/null @@ -1,44 +0,0 @@ -diff -up vsftpd-2.2.2/standalone.c.v6only vsftpd-2.2.2/standalone.c ---- vsftpd-2.2.2/standalone.c.v6only 2010-05-14 16:09:38.181388723 +0200 -+++ vsftpd-2.2.2/standalone.c 2010-05-14 16:09:38.207398800 +0200 -@@ -77,6 +77,7 @@ vsf_standalone_main(void) - else - { - listen_sock = vsf_sysutil_get_ipv6_sock(); -+ vsf_sysutil_v6only(listen_sock); - } - vsf_sysutil_activate_reuseaddr(listen_sock); - -diff -up vsftpd-2.2.2/sysutil.c.v6only vsftpd-2.2.2/sysutil.c ---- vsftpd-2.2.2/sysutil.c.v6only 2010-05-17 09:09:59.848587511 +0200 -+++ vsftpd-2.2.2/sysutil.c 2010-05-17 09:11:04.965806472 +0200 -@@ -649,6 +649,18 @@ vsf_sysutil_wait_get_exitcode(const stru - status = ((struct vsf_sysutil_wait_retval*) p_waitret)->exit_status; - return WEXITSTATUS(status); - } -+ -+void -+vsf_sysutil_v6only(int fd) -+{ -+ int v6only = 1; -+ int retval = setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &v6only, -+ sizeof(v6only)); -+ if (retval != 0) -+ { -+ die("setsockopt: ipv6_v6only"); -+ } -+} - - void - vsf_sysutil_activate_keepalive(int fd) -diff -up vsftpd-2.2.2/sysutil.h.v6only vsftpd-2.2.2/sysutil.h ---- vsftpd-2.2.2/sysutil.h.v6only 2010-05-17 09:10:04.021567360 +0200 -+++ vsftpd-2.2.2/sysutil.h 2010-05-17 09:11:24.343557618 +0200 -@@ -264,6 +264,7 @@ int vsf_sysutil_connect_timeout(int fd, - void vsf_sysutil_dns_resolve(struct vsf_sysutil_sockaddr** p_sockptr, - const char* p_name); - /* Option setting on sockets */ -+void vsf_sysutil_v6only(int fd); - void vsf_sysutil_activate_keepalive(int fd); - void vsf_sysutil_set_iptos_throughput(int fd); - void vsf_sysutil_activate_reuseaddr(int fd); diff --git a/vsftpd-2.3.4-noexclusive.patch b/vsftpd-2.3.4-noexclusive.patch new file mode 100644 index 0000000..4a088d3 --- /dev/null +++ b/vsftpd-2.3.4-noexclusive.patch @@ -0,0 +1,13 @@ +diff -up vsftpd-2.3.4/vsftpd.conf.5.noexclusive vsftpd-2.3.4/vsftpd.conf.5 +--- vsftpd-2.3.4/vsftpd.conf.5.noexclusive 2011-11-15 12:56:01.777161200 +0100 ++++ vsftpd-2.3.4/vsftpd.conf.5 2011-11-15 12:59:22.037565778 +0100 +@@ -284,8 +284,7 @@ Default: NO + .TP + .B listen_ipv6 + Like the listen parameter, except vsftpd will listen on an IPv6 socket instead +-of an IPv4 one. This parameter and the listen parameter are mutually +-exclusive. ++of an IPv4 one. + + Default: NO + .TP diff --git a/vsftpd.spec b/vsftpd.spec index 4017896..3eeab57 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 2.3.4 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -51,7 +51,7 @@ Patch13: vsftpd-2.2.0-openssl.patch Patch14: vsftpd-2.2.0-wildchar.patch Patch16: vsftpd-2.2.2-clone.patch -Patch17: vsftpd-2.2.2-v6only.patch +Patch17: vsftpd-2.3.4-noexclusive.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -77,7 +77,7 @@ cp %{SOURCE1} . %patch13 -p1 -b .openssl %patch14 -p1 -b .wildchar %patch16 -p1 -b .clone -%patch17 -p1 -b .v6only +%patch17 -p1 -b .noexclusive %build %ifarch s390x sparcv9 sparc64 @@ -142,6 +142,9 @@ fi %changelog +* Tue Nov 15 2011 Jiri Skala - 2.3.4-2 +- removes exclusivity between listen and listen_ipv6 BZ#450853 + * Thu Mar 03 2011 Jiri Skala - 2.3.4-1 - update to latest upstream 2.3.4 - fixes #681935 - CVE-2011-0762 vsftpd: remote DoS via crafted glob pattern