diff --git a/.cvsignore b/.cvsignore index f6b6ef6..1ccbdcc 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -vsftpd-2.0.5.tar.gz +vsftpd-2.0.6.tar.gz diff --git a/sources b/sources index 0803b81..0d624cb 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -146062e8b2f93af43ff6c2c770feea94 vsftpd-2.0.5.tar.gz +f7a742690d7f86e356fb66d3840079c7 vsftpd-2.0.6.tar.gz diff --git a/vsftpd-2.0.1-kickline.patch b/vsftpd-2.0.1-kickline.patch deleted file mode 100644 index 8fa3aef..0000000 --- a/vsftpd-2.0.1-kickline.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- vsftpd-2.0.1/postlogin.c.suniq 2005-08-03 22:18:03.719180808 +0530 -+++ vsftpd-2.0.1/postlogin.c 2005-08-03 22:17:25.910928536 +0530 -@@ -1013,7 +1013,6 @@ - struct mystr resp_str = INIT_MYSTR; - str_alloc_text(&resp_str, "FILE: "); - str_append_str(&resp_str, p_filename); -- vsf_cmdio_write_str(p_sess, FTP_DATACONN, &resp_str); - remote_fd = get_remote_transfer_fd(p_sess, str_getbuf(&resp_str)); - str_free(&resp_str); - } diff --git a/vsftpd-2.0.5-anon_umask.patch b/vsftpd-2.0.5-anon_umask.patch deleted file mode 100644 index 086ce02..0000000 --- a/vsftpd-2.0.5-anon_umask.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- vsftpd-2.0.5/postlogin.c.old 2007-01-19 12:52:52.000000000 +0100 -+++ vsftpd-2.0.5/postlogin.c 2007-01-30 10:42:05.000000000 +0100 -@@ -1016,7 +1016,6 @@ - /* Are we required to chown() this file for security? */ - if (p_sess->is_anonymous && tunable_chown_uploads) - { -- vsf_sysutil_fchmod(new_file_fd, 0600); - if (tunable_one_process_model) - { - vsf_one_process_chown_upload(p_sess, new_file_fd); diff --git a/vsftpd-2.0.5-confspell.patch b/vsftpd-2.0.5-confspell.patch deleted file mode 100644 index 1cd5335..0000000 --- a/vsftpd-2.0.5-confspell.patch +++ /dev/null @@ -1,17 +0,0 @@ ---- vsftpd-2.0.5/vsftpd.conf.5.old 2006-12-04 17:10:51.000000000 +0100 -+++ vsftpd-2.0.5/vsftpd.conf.5 2006-12-04 17:11:57.000000000 +0100 -@@ -588,12 +588,12 @@ - - Default: 300 - .TP --.B delay_failed_logins -+.B delay_failed_login - The number of seconds to pause prior to reporting a failed login. - - Default: 1 - .TP --.B delay_successful_logins -+.B delay_successful_login - The number of seconds to pause prior to allowing a successful login. - - Default: 0 diff --git a/vsftpd-2.0.5-userlist_log.patch b/vsftpd-2.0.5-userlist_log.patch deleted file mode 100644 index bcbe589..0000000 --- a/vsftpd-2.0.5-userlist_log.patch +++ /dev/null @@ -1,112 +0,0 @@ -diff -up vsftpd-2.0.5/tunables.c.userlist_log vsftpd-2.0.5/tunables.c ---- vsftpd-2.0.5/tunables.c.userlist_log 2007-11-30 12:44:22.000000000 +0100 -+++ vsftpd-2.0.5/tunables.c 2007-11-30 12:46:52.000000000 +0100 -@@ -71,6 +71,7 @@ int tunable_force_anon_data_ssl = 0; - int tunable_mdtm_write = 1; - int tunable_lock_upload_files = 1; - int tunable_pasv_addr_resolve = 0; -+int tunable_userlist_log = 0; - - unsigned int tunable_accept_timeout = 60; - unsigned int tunable_connect_timeout = 60; -diff -up vsftpd-2.0.5/parseconf.c.userlist_log vsftpd-2.0.5/parseconf.c ---- vsftpd-2.0.5/parseconf.c.userlist_log 2007-11-30 12:44:48.000000000 +0100 -+++ vsftpd-2.0.5/parseconf.c 2007-11-30 12:46:50.000000000 +0100 -@@ -100,6 +100,7 @@ parseconf_bool_array[] = - { "mdtm_write", &tunable_mdtm_write }, - { "lock_upload_files", &tunable_lock_upload_files }, - { "pasv_addr_resolve", &tunable_pasv_addr_resolve }, -+ { "userlist_log", &tunable_userlist_log }, - { 0, 0 } - }; - -diff -up vsftpd-2.0.5/prelogin.c.userlist_log vsftpd-2.0.5/prelogin.c ---- vsftpd-2.0.5/prelogin.c.userlist_log 2007-11-30 12:43:45.000000000 +0100 -+++ vsftpd-2.0.5/prelogin.c 2007-11-30 12:46:41.000000000 +0100 -@@ -189,6 +189,20 @@ handle_user_command(struct vsf_session* - (!located && !tunable_userlist_deny)) - { - vsf_cmdio_write(p_sess, FTP_LOGINERR, "Permission denied."); -+ if (tunable_userlist_log) -+ { -+ struct mystr str_log_line = INIT_MYSTR; -+ if (tunable_userlist_deny) -+ { -+ str_alloc_text(&str_log_line, "User is in the deny user list."); -+ } -+ else -+ { -+ str_alloc_text(&str_log_line, "User is not in the allow user list."); -+ } -+ vsf_log_failed_line(p_sess, kVSFLogEntryLogin, &str_log_line); -+ str_free(&str_log_line); -+ } - str_empty(&p_sess->user_str); - return; - } -diff -up vsftpd-2.0.5/tunables.h.userlist_log vsftpd-2.0.5/tunables.h ---- vsftpd-2.0.5/tunables.h.userlist_log 2007-11-30 12:44:28.000000000 +0100 -+++ vsftpd-2.0.5/tunables.h 2007-11-30 12:46:46.000000000 +0100 -@@ -67,6 +67,7 @@ extern int tunable_force_anon_data_ssl; - extern int tunable_mdtm_write; /* Allow MDTM to set timestamps */ - extern int tunable_lock_upload_files; /* Lock uploading files */ - extern int tunable_pasv_addr_resolve; /* DNS resolve pasv_addr */ -+extern int tunable_userlist_log; /* Log every failed login attempt */ - - /* Integer/numeric defines */ - extern unsigned int tunable_accept_timeout; -diff -up vsftpd-2.0.5/logging.h.userlist_log vsftpd-2.0.5/logging.h ---- vsftpd-2.0.5/logging.h.userlist_log 2007-11-30 12:44:05.000000000 +0100 -+++ vsftpd-2.0.5/logging.h 2007-11-30 12:46:43.000000000 +0100 -@@ -73,5 +73,16 @@ void vsf_log_do_log(struct vsf_session* - void vsf_log_line(struct vsf_session* p_sess, enum EVSFLogEntryType what, - struct mystr* p_str); - -+/* vsf_log_failed_line() -+ * PURPOSE -+ * Same as vsf_log_line(), except that it logs the line as failed operation. -+ * PARAMETERS -+ * p_sess - the current session object -+ * what - the type of operation to log -+ * p_str - the string to log -+ */ -+void vsf_log_failed_line(struct vsf_session* p_sess, enum EVSFLogEntryType what, -+ struct mystr* p_str); -+ - #endif /* VSF_LOGGING_H */ - -diff -up vsftpd-2.0.5/vsftpd.conf.5.userlist_log vsftpd-2.0.5/vsftpd.conf.5 ---- vsftpd-2.0.5/vsftpd.conf.5.userlist_log 2007-11-30 12:45:07.000000000 +0100 -+++ vsftpd-2.0.5/vsftpd.conf.5 2007-11-30 12:46:48.000000000 +0100 -@@ -520,6 +520,14 @@ cleartext passwords being transmitted. S - - Default: NO - .TP -+.B userlist_log -+This option is examined if -+.BR userlist_enable -+is activated. If enabled, every login denial based on the user list will be -+logged. -+ -+Default: NO -+.TP - .B virtual_use_local_privs - If enabled, virtual users will use the same privileges as local users. By - default, virtual users will use the same privileges as anonymous users, which -diff -up vsftpd-2.0.5/logging.c.userlist_log vsftpd-2.0.5/logging.c ---- vsftpd-2.0.5/logging.c.userlist_log 2007-11-30 12:43:30.000000000 +0100 -+++ vsftpd-2.0.5/logging.c 2007-11-30 12:46:39.000000000 +0100 -@@ -95,6 +95,13 @@ vsf_log_line(struct vsf_session* p_sess, - vsf_log_common(p_sess, 1, what, p_str); - } - -+void -+vsf_log_failed_line(struct vsf_session* p_sess, enum EVSFLogEntryType what, -+ struct mystr* p_str) -+{ -+ vsf_log_common(p_sess, 0, what, p_str); -+} -+ - int - vsf_log_entry_pending(struct vsf_session* p_sess) - { diff --git a/vsftpd-2.0.6-userlist_log.patch b/vsftpd-2.0.6-userlist_log.patch new file mode 100644 index 0000000..57924c5 --- /dev/null +++ b/vsftpd-2.0.6-userlist_log.patch @@ -0,0 +1,112 @@ +diff -up vsftpd-2.0.6/tunables.c.userlist_log vsftpd-2.0.6/tunables.c +--- vsftpd-2.0.6/tunables.c.userlist_log 2008-02-22 12:49:36.000000000 +0100 ++++ vsftpd-2.0.6/tunables.c 2008-02-22 12:56:49.000000000 +0100 +@@ -71,6 +71,7 @@ int tunable_force_anon_data_ssl = 0; + int tunable_mdtm_write = 1; + int tunable_lock_upload_files = 1; + int tunable_pasv_addr_resolve = 0; ++int tunable_userlist_log = 0; + int tunable_debug_ssl = 0; + int tunable_require_cert = 0; + int tunable_validate_cert = 0; +diff -up vsftpd-2.0.6/parseconf.c.userlist_log vsftpd-2.0.6/parseconf.c +--- vsftpd-2.0.6/parseconf.c.userlist_log 2008-02-22 12:49:36.000000000 +0100 ++++ vsftpd-2.0.6/parseconf.c 2008-02-22 12:58:19.000000000 +0100 +@@ -100,6 +100,7 @@ parseconf_bool_array[] = + { "mdtm_write", &tunable_mdtm_write }, + { "lock_upload_files", &tunable_lock_upload_files }, + { "pasv_addr_resolve", &tunable_pasv_addr_resolve }, ++ { "userlist_log", &tunable_userlist_log }, + { "debug_ssl", &tunable_debug_ssl }, + { "require_cert", &tunable_require_cert }, + { "validate_cert", &tunable_validate_cert }, +diff -up vsftpd-2.0.6/prelogin.c.userlist_log vsftpd-2.0.6/prelogin.c +--- vsftpd-2.0.6/prelogin.c.userlist_log 2008-02-12 04:57:07.000000000 +0100 ++++ vsftpd-2.0.6/prelogin.c 2008-02-22 12:49:36.000000000 +0100 +@@ -194,6 +194,20 @@ handle_user_command(struct vsf_session* + (!located && !tunable_userlist_deny)) + { + vsf_cmdio_write(p_sess, FTP_LOGINERR, "Permission denied."); ++ if (tunable_userlist_log) ++ { ++ struct mystr str_log_line = INIT_MYSTR; ++ if (tunable_userlist_deny) ++ { ++ str_alloc_text(&str_log_line, "User is in the deny user list."); ++ } ++ else ++ { ++ str_alloc_text(&str_log_line, "User is not in the allow user list."); ++ } ++ vsf_log_failed_line(p_sess, kVSFLogEntryLogin, &str_log_line); ++ str_free(&str_log_line); ++ } + str_empty(&p_sess->user_str); + return; + } +diff -up vsftpd-2.0.6/tunables.h.userlist_log vsftpd-2.0.6/tunables.h +--- vsftpd-2.0.6/tunables.h.userlist_log 2008-02-12 05:52:49.000000000 +0100 ++++ vsftpd-2.0.6/tunables.h 2008-02-22 12:59:01.000000000 +0100 +@@ -67,6 +67,7 @@ extern int tunable_force_anon_data_ssl; + extern int tunable_mdtm_write; /* Allow MDTM to set timestamps */ + extern int tunable_lock_upload_files; /* Lock uploading files */ + extern int tunable_pasv_addr_resolve; /* DNS resolve pasv_addr */ ++extern int tunable_userlist_log; /* Log every failed login attempt */ + extern int tunable_debug_ssl; /* Verbose SSL logging */ + extern int tunable_require_cert; /* SSL client cert required */ + extern int tunable_validate_cert; /* SSL certs must be valid */ +diff -up vsftpd-2.0.6/logging.h.userlist_log vsftpd-2.0.6/logging.h +--- vsftpd-2.0.6/logging.h.userlist_log 2008-02-08 02:29:59.000000000 +0100 ++++ vsftpd-2.0.6/logging.h 2008-02-22 12:49:36.000000000 +0100 +@@ -80,5 +80,16 @@ void vsf_log_do_log(struct vsf_session* + void vsf_log_line(struct vsf_session* p_sess, enum EVSFLogEntryType what, + struct mystr* p_str); + ++/* vsf_log_failed_line() ++ * PURPOSE ++ * Same as vsf_log_line(), except that it logs the line as failed operation. ++ * PARAMETERS ++ * p_sess - the current session object ++ * what - the type of operation to log ++ * p_str - the string to log ++ */ ++void vsf_log_failed_line(struct vsf_session* p_sess, enum EVSFLogEntryType what, ++ struct mystr* p_str); ++ + #endif /* VSF_LOGGING_H */ + +diff -up vsftpd-2.0.6/vsftpd.conf.5.userlist_log vsftpd-2.0.6/vsftpd.conf.5 +--- vsftpd-2.0.6/vsftpd.conf.5.userlist_log 2008-02-22 12:49:36.000000000 +0100 ++++ vsftpd-2.0.6/vsftpd.conf.5 2008-02-22 12:49:36.000000000 +0100 +@@ -541,6 +541,14 @@ Self-signed certs do not constitute OK v + + Default: NO + .TP ++.B userlist_log ++This option is examined if ++.BR userlist_enable ++is activated. If enabled, every login denial based on the user list will be ++logged. ++ ++Default: NO ++.TP + .B virtual_use_local_privs + If enabled, virtual users will use the same privileges as local users. By + default, virtual users will use the same privileges as anonymous users, which +diff -up vsftpd-2.0.6/logging.c.userlist_log vsftpd-2.0.6/logging.c +--- vsftpd-2.0.6/logging.c.userlist_log 2008-02-08 02:30:40.000000000 +0100 ++++ vsftpd-2.0.6/logging.c 2008-02-22 12:49:36.000000000 +0100 +@@ -95,6 +95,13 @@ vsf_log_line(struct vsf_session* p_sess, + vsf_log_common(p_sess, 1, what, p_str); + } + ++void ++vsf_log_failed_line(struct vsf_session* p_sess, enum EVSFLogEntryType what, ++ struct mystr* p_str) ++{ ++ vsf_log_common(p_sess, 0, what, p_str); ++} ++ + int + vsf_log_entry_pending(struct vsf_session* p_sess) + { diff --git a/vsftpd.spec b/vsftpd.spec index d6a59bd..be9c542 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,8 +2,8 @@ Summary: Very Secure Ftp Daemon Name: vsftpd -Version: 2.0.5 -Release: 22%{?dist} +Version: 2.0.6 +Release: 1%{?dist} License: GPL Group: System Environment/Daemons URL: http://vsftpd.beasts.org/ @@ -26,7 +26,6 @@ Patch9: vsftpd-2.0.1-dir.patch Patch11: vsftpd-1.2.1-nonrootconf.patch Patch13: vsftpd-2.0.3-background.patch Patch14: vsftpd-2.0.3-daemonize_fds.patch -Patch15: vsftpd-2.0.1-kickline.patch Patch17: vsftpd-2.0.3-pam_hostname.patch Patch18: vsftpd-close-std-fds.patch Patch19: vsftpd-2.0.5-default_ipv6.patch @@ -35,17 +34,15 @@ Patch21: vsftpd-2.0.5-correct_comments.patch Patch22: vsftpd-2.0.5-man.patch Patch23: vsftpd-2.0.4-filter.patch Patch24: vsftpd-2.0.5-file_stat.patch -Patch25: vsftpd-2.0.5-confspell.patch Patch26: vsftpd-2.0.5-bind_denied.patch -Patch28: vsftpd-2.0.5-anon_umask.patch Patch29: vsftpd-2.0.5-pasv_dot.patch Patch30: vsftpd-2.0.5-pam_end.patch Patch31: vsftpd-2.0.5-write_race.patch Patch32: vsftpd-2.0.5-fix_unique.patch -Patch33: vsftpd-2.0.5-userlist_log.patch Patch34: vsftpd-2.0.5-underscore_uname.patch Patch35: vsftpd-2.0.5-uname_size.patch Patch36: vsftpd-2.0.5-greedy.patch +Patch37: vsftpd-2.0.6-userlist_log.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root %if %{tcp_wrappers} @@ -86,7 +83,6 @@ cp %{SOURCE1} . %patch11 -p1 -b .nonrootconf %patch13 -p1 -b .background %patch14 -p1 -b .fds -%patch15 -p1 -b .kickline %patch17 -p1 -b .old-pam %patch18 -p1 -b .close-fds %patch19 -p1 -b .ipv6 @@ -95,17 +91,15 @@ cp %{SOURCE1} . %patch22 -p1 -b .manp %patch23 -p1 -b .filter %patch24 -p1 -b .file_stat -%patch25 -p1 %patch26 -p1 -b .bind_denied -%patch28 -p1 -b .anon_umask %patch29 -p1 -b .pasv_dot %patch30 -p1 -b .pam_end %patch31 -p1 -b .write_race %patch32 -p1 -b .fix_unique -%patch33 -p1 -b .userlist_log %patch34 -p1 -b .underscore_uname %patch35 -p1 -b .uname_size %patch36 -p1 -b .greedy +%patch37 -p1 -b .userlist_log %build %ifarch s390x @@ -164,6 +158,10 @@ fi %{_var}/ftp %changelog +* Fri Feb 22 2008 Martin Nagy - 2.0.6-1 +- rebase for new upstream version +- remove patches that were fixed in upstream: kickline, confspell, anon_umask + * Mon Feb 11 2008 Martin Nagy - 2.0.5-22 - rebuild for gcc-4.3