[vsftpd] fixes #753365 - multiple issues with vsftpd's systemd unit removes exclusivity between listen and li
Jiri Skala
jskala at fedoraproject.org
Tue Nov 15 12:34:46 UTC 2011
commit 09c09a59c9fafc0fda6632018b856c0e1c1cbefd
Author: Jiri Skala <jskala at redhat.com>
Date: Tue Nov 15 13:34:41 2011 +0100
fixes #753365 - multiple issues with vsftpd's systemd unit
removes exclusivity between listen and listen_ipv6 BZ#450853
ls wildchars supports square brackets
vsftpd-2.2.2-v6only.patch | 44 -------
vsftpd-2.3.4-noexclusive.patch | 13 ++
vsftpd-2.3.4-sd.patch | 22 ++--
vsftpd-2.3.4-sqb.patch | 264 ++++++++++++++++++++++++++++++++++++++++
vsftpd.spec | 25 +++--
5 files changed, 301 insertions(+), 67 deletions(-)
---
diff --git a/vsftpd-2.3.4-noexclusive.patch b/vsftpd-2.3.4-noexclusive.patch
new file mode 100644
index 0000000..4a088d3
--- /dev/null
+++ b/vsftpd-2.3.4-noexclusive.patch
@@ -0,0 +1,13 @@
+diff -up vsftpd-2.3.4/vsftpd.conf.5.noexclusive vsftpd-2.3.4/vsftpd.conf.5
+--- vsftpd-2.3.4/vsftpd.conf.5.noexclusive 2011-11-15 12:56:01.777161200 +0100
++++ vsftpd-2.3.4/vsftpd.conf.5 2011-11-15 12:59:22.037565778 +0100
+@@ -284,8 +284,7 @@ Default: NO
+ .TP
+ .B listen_ipv6
+ Like the listen parameter, except vsftpd will listen on an IPv6 socket instead
+-of an IPv4 one. This parameter and the listen parameter are mutually
+-exclusive.
++of an IPv4 one.
+
+ Default: NO
+ .TP
diff --git a/vsftpd-2.3.4-sd.patch b/vsftpd-2.3.4-sd.patch
index 5ee2ff8..c54aca2 100644
--- a/vsftpd-2.3.4-sd.patch
+++ b/vsftpd-2.3.4-sd.patch
@@ -1,38 +1,34 @@
diff -up vsftpd-2.3.4/vsftpd.8.sd vsftpd-2.3.4/vsftpd.8
---- vsftpd-2.3.4/vsftpd.8.sd 2011-08-03 11:02:30.509291451 +0200
-+++ vsftpd-2.3.4/vsftpd.8 2011-08-03 15:50:00.024014865 +0200
+--- vsftpd-2.3.4/vsftpd.8.sd 2011-11-14 15:22:50.363265369 +0100
++++ vsftpd-2.3.4/vsftpd.8 2011-11-15 08:32:55.270895429 +0100
@@ -25,6 +25,8 @@ in
Direct execution of the
.Nm vsftpd
binary will then launch the FTP service ready for immediate client connections.
+.Pp
-+Systemd changes the vsftpd start-up. When the SysV initscript attempts to start one instance of the vsftpd daemon for each of /etc/vsftpd/*.conf file, each configuration file requires a correct symbolic link to the vsftpd at .service file.The name of the symbolic link must contain the name of the configuration file. See systemd.unit(5) for details. Each instance of the vsftpd daemon is started separately. See systemd.unit(5).
++Systemd changes the vsftpd start-up. When the SysV initscript attempts to start one instance of the vsftpd daemon for each of /etc/vsftpd/*.conf file, each configuration file requires a proper unit file. Each instance of the vsftpd daemon is started separately. See systemd.unit(5).
.Sh OPTIONS
An optional
configuration file or files
-@@ -55,6 +57,11 @@ the "ftpd_banner" setting is set to "bla
+@@ -55,6 +57,9 @@ the "ftpd_banner" setting is set to "bla
setting and any identical setting that was in the config file.
.Sh FILES
.Pa /etc/vsftpd/vsftpd.conf
+.Pp
-+.Pa /lib/systemd/system/vsftpd at .conf
-+.Pp
-+.Pa /lib/systemd/system/vsftpd at vsftpd.conf
++.Pa /lib/systemd/system/vsftpd.service
.Sh SEE ALSO
.Xr vsftpd.conf 5
+.Xr systemd.unit 5
.end
diff -up vsftpd-2.3.4/vsftpd.conf.5.sd vsftpd-2.3.4/vsftpd.conf.5
---- vsftpd-2.3.4/vsftpd.conf.5.sd 2011-08-03 11:02:37.480372306 +0200
-+++ vsftpd-2.3.4/vsftpd.conf.5 2011-08-03 15:50:29.435371891 +0200
-@@ -13,6 +13,11 @@ inetd such as
+--- vsftpd-2.3.4/vsftpd.conf.5.sd 2011-11-14 15:22:50.546267713 +0100
++++ vsftpd-2.3.4/vsftpd.conf.5 2011-11-15 08:48:42.872580090 +0100
+@@ -13,6 +13,9 @@ inetd such as
to launch vsftpd with different configuration files on a per virtual host
basis.
+Systemd changes the vsftpd daemon start-up. Each configuration file
-+requires a correct symbolic link to the vsftpd at .service file. The name
-+of the symbolic link must contain the name of the configuration file.
-+See systemd.unit(5) for details.
++requires a proper unit file that can be obtained by cloning and modifying default vsftpd.service. This additional unit file should be placed to /etc/systemd/system. See systemd.unit(5) for details.
+
.SH FORMAT
The format of vsftpd.conf is very simple. Each line is either a comment or
diff --git a/vsftpd-2.3.4-sqb.patch b/vsftpd-2.3.4-sqb.patch
new file mode 100644
index 0000000..5bf8fce
--- /dev/null
+++ b/vsftpd-2.3.4-sqb.patch
@@ -0,0 +1,264 @@
+diff -up vsftpd-2.3.4/ls.c.sqb vsftpd-2.3.4/ls.c
+--- vsftpd-2.3.4/ls.c.sqb 2011-09-13 10:37:05.222089078 +0200
++++ vsftpd-2.3.4/ls.c 2011-09-13 10:59:19.550508941 +0200
+@@ -245,7 +245,7 @@ vsf_filename_passes_filter(const struct
+ int ret = 0;
+ char last_token = 0;
+ int must_match_at_current_pos = 1;
+-
++ int matched = 0;
+
+ str_copy(&filter_remain_str, p_filter_str);
+
+@@ -275,7 +275,7 @@ vsf_filename_passes_filter(const struct
+ static struct mystr s_match_needed_str;
+ /* Locate next special token */
+ struct str_locate_result locate_result =
+- str_locate_chars(&filter_remain_str, "*?{");
++ str_locate_chars(&filter_remain_str, "*?{[");
+ (*iters)++;
+ /* Isolate text leading up to token (if any) - needs to be matched */
+ if (locate_result.found)
+@@ -293,94 +293,170 @@ vsf_filename_passes_filter(const struct
+ str_empty(&filter_remain_str);
+ last_token = 0;
+ }
+- if (!str_isempty(&s_match_needed_str))
+- {
+- /* Need to match something.. could be a match which has to start at
+- * current position, or we could allow it to start anywhere
+- */
+- unsigned int indexx;
+- locate_result = str_locate_str(&name_remain_str, &s_match_needed_str);
+- if (!locate_result.found)
+- {
+- /* Fail */
+- goto out;
+- }
+- indexx = locate_result.index;
+- if (must_match_at_current_pos && indexx > 0)
+- {
+- goto out;
+- }
+- if (!must_match_at_current_pos && last_token == 0)
+- {
+- struct mystr last_str = INIT_MYSTR;
+- str_mid_to_end(&name_remain_str, &last_str,
+- str_getlen(&name_remain_str) - str_getlen(&s_match_needed_str));
+- locate_result = str_locate_str(&last_str, &s_match_needed_str);
+- str_free(&last_str);
+
+- if (locate_result.found)
++ matched = 0;
++ do {
++ if (!str_isempty(&s_match_needed_str))
++ {
++ if (!matched)
++ {
++ matched = 1;
++ }
++ /* Need to match something.. could be a match which has to start at
++ * current position, or we could allow it to start anywhere
++ */
++ unsigned int indexx;
++ locate_result = str_locate_str(&name_remain_str, &s_match_needed_str);
++ if (!locate_result.found)
++ {
++ /* Fail */
++ goto out;
++ }
++ indexx = locate_result.index;
++ if (must_match_at_current_pos && indexx > 0)
+ {
+- ret = 1;
++ goto out;
+ }
+- goto out;
++ if (!must_match_at_current_pos && last_token == 0)
++ {
++ struct mystr last_str = INIT_MYSTR;
++ str_mid_to_end(&name_remain_str, &last_str,
++ str_getlen(&name_remain_str) - str_getlen(&s_match_needed_str));
++ locate_result = str_locate_str(&last_str, &s_match_needed_str);
++ str_free(&last_str);
++
++ if (locate_result.found)
++ {
++ ret = 1;
++ }
++ goto out;
++ }
++ /* Chop matched string out of remainder */
++ str_mid_to_end(&name_remain_str, &temp_str,
++ indexx + str_getlen(&s_match_needed_str));
++ str_copy(&name_remain_str, &temp_str);
+ }
+- /* Chop matched string out of remainder */
+- str_mid_to_end(&name_remain_str, &temp_str,
+- indexx + str_getlen(&s_match_needed_str));
+- str_copy(&name_remain_str, &temp_str);
+- }
+- if (last_token == '?')
+- {
+- if (str_isempty(&name_remain_str))
++ if (last_token == '?')
+ {
+- goto out;
++ if (str_isempty(&name_remain_str))
++ {
++ goto out;
++ }
++ str_right(&name_remain_str, &temp_str, str_getlen(&name_remain_str) - 1);
++ str_copy(&name_remain_str, &temp_str);
++ must_match_at_current_pos = 1;
+ }
+- str_right(&name_remain_str, &temp_str, str_getlen(&name_remain_str) - 1);
+- str_copy(&name_remain_str, &temp_str);
+- must_match_at_current_pos = 1;
+- }
+- else if (last_token == '{')
+- {
+- struct str_locate_result end_brace =
+- str_locate_char(&filter_remain_str, '}');
+- must_match_at_current_pos = 1;
+- if (end_brace.found)
++ else if (last_token == '{')
+ {
+- str_split_char(&filter_remain_str, &temp_str, '}');
+- str_copy(&brace_list_str, &filter_remain_str);
+- str_copy(&filter_remain_str, &temp_str);
+- str_split_char(&brace_list_str, &temp_str, ',');
+- while (!str_isempty(&brace_list_str))
+- {
+- str_copy(&new_filter_str, &brace_list_str);
+- str_append_str(&new_filter_str, &filter_remain_str);
+- if (vsf_filename_passes_filter(&name_remain_str, &new_filter_str,
+- iters))
++ struct str_locate_result end_brace =
++ str_locate_char(&filter_remain_str, '}');
++ must_match_at_current_pos = 1;
++ if (end_brace.found)
++ {
++ str_split_char(&filter_remain_str, &temp_str, '}');
++ str_copy(&brace_list_str, &filter_remain_str);
++ str_copy(&filter_remain_str, &temp_str);
++ str_split_char(&brace_list_str, &temp_str, ',');
++ while (!str_isempty(&brace_list_str))
+ {
+- ret = 1;
+- goto out;
++ str_empty(&new_filter_str);
++ if (!matched)
++ {
++ str_append_char(&new_filter_str, '*');
++ }
++ str_append_str(&new_filter_str, &brace_list_str);
++ str_append_str(&new_filter_str, &filter_remain_str);
++ if (vsf_filename_passes_filter(&name_remain_str, &new_filter_str,
++ iters))
++ {
++ ret = 1;
++ goto out;
++ }
++ str_copy(&brace_list_str, &temp_str);
++ str_split_char(&brace_list_str, &temp_str, ',');
+ }
+- str_copy(&brace_list_str, &temp_str);
+- str_split_char(&brace_list_str, &temp_str, ',');
++ goto out;
++ }
++ else if (str_isempty(&name_remain_str) ||
++ str_get_char_at(&name_remain_str, 0) != '{')
++ {
++ goto out;
++ }
++ else
++ {
++ str_right(&name_remain_str, &temp_str,
++ str_getlen(&name_remain_str) - 1);
++ str_copy(&name_remain_str, &temp_str);
+ }
+- goto out;
+ }
+- else if (str_isempty(&name_remain_str) ||
+- str_get_char_at(&name_remain_str, 0) != '{')
++ else if (last_token == '[')
+ {
+- goto out;
++ struct str_locate_result end_sqb =
++ str_locate_char(&filter_remain_str, ']');
++ must_match_at_current_pos = 1;
++ if (end_sqb.found)
++ {
++ unsigned int cur_pos;
++ char stch, ench;
++ const char *p_brace;
++
++ str_split_char(&filter_remain_str, &temp_str, ']');
++ str_copy(&brace_list_str, &filter_remain_str);
++ str_copy(&filter_remain_str, &temp_str);
++ p_brace = str_getbuf(&brace_list_str);
++ for (cur_pos = 0; cur_pos < str_getlen(&brace_list_str);)
++ {
++ stch = p_brace[cur_pos];
++ // char vers. range
++ if (cur_pos + 2 < str_getlen(&brace_list_str) &&
++ p_brace[cur_pos+1] == '-')
++ {
++ ench = p_brace[cur_pos+2];
++ cur_pos += 3;
++ }
++ else
++ {
++ ench = stch;
++ cur_pos++;
++ }
++ // expand char[s]
++ for (;stch <= ench && !str_isempty(&brace_list_str); stch++)
++ {
++ str_empty(&new_filter_str);
++ if (!matched)
++ {
++ str_append_char(&new_filter_str, '*');
++ }
++ str_append_char(&new_filter_str, stch);
++ str_append_str(&new_filter_str, &filter_remain_str);
++ if (vsf_filename_passes_filter(&name_remain_str, &new_filter_str,
++ iters))
++ {
++ ret = 1;
++ goto out;
++ }
++ }
++ }
++ goto out;
++ }
++ else if (str_isempty(&name_remain_str) ||
++ str_get_char_at(&name_remain_str, 0) != '[')
++ {
++ goto out;
++ }
++ else
++ {
++ str_right(&name_remain_str, &temp_str,
++ str_getlen(&name_remain_str) - 1);
++ str_copy(&name_remain_str, &temp_str);
++ }
+ }
+ else
+ {
+- str_right(&name_remain_str, &temp_str,
+- str_getlen(&name_remain_str) - 1);
+- str_copy(&name_remain_str, &temp_str);
++ must_match_at_current_pos = 0;
+ }
+- }
+- else
+- {
+- must_match_at_current_pos = 0;
+- }
++ } while (locate_result.found &&
++ str_getlen(&name_remain_str) > 0 && last_token != '*');
+ }
+ /* Any incoming string left means no match unless we ended on the correct
+ * type of wildcard.
diff --git a/vsftpd.spec b/vsftpd.spec
index 3b796b9..0f600b6 100644
--- a/vsftpd.spec
+++ b/vsftpd.spec
@@ -2,7 +2,7 @@
Name: vsftpd
Version: 2.3.4
-Release: 5%{?dist}
+Release: 6%{?dist}
Summary: Very Secure Ftp Daemon
Group: System Environment/Daemons
@@ -16,7 +16,7 @@ Source3: vsftpd.ftpusers
Source4: vsftpd.user_list
Source5: vsftpd.init
Source6: vsftpd_conf_migrate.sh
-Source7: vsftpd at .service
+Source7: vsftpd.service
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -51,9 +51,10 @@ Patch13: vsftpd-2.2.0-openssl.patch
Patch14: vsftpd-2.2.0-wildchar.patch
Patch16: vsftpd-2.2.2-clone.patch
-Patch17: vsftpd-2.2.2-v6only.patch
Patch18: vsftpd-2.3.4-tout.patch
Patch19: vsftpd-2.3.4-sd.patch
+Patch20: vsftpd-2.3.4-sqb.patch
+Patch21: vsftpd-2.3.4-noexclusive.patch
%description
vsftpd is a Very Secure FTP daemon. It was written completely from
@@ -88,9 +89,10 @@ cp %{SOURCE1} .
%patch13 -p1 -b .openssl
%patch14 -p1 -b .wildchar
%patch16 -p1 -b .clone
-%patch17 -p1 -b .v6only
%patch18 -p1 -b .tout
%patch19 -p1 -b .sd
+%patch20 -p1 -b .sqb
+%patch21 -p1 -b .noexclusive
%build
%ifarch s390x sparcv9 sparc64
@@ -119,7 +121,6 @@ install -m 600 %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/user_list
install -m 755 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/vsftpd
install -m 744 %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/vsftpd_conf_migrate.sh
install -m 644 %{SOURCE7} $RPM_BUILD_ROOT/lib/systemd/system/
-ln -s /lib/systemd/system/vsftpd at .service $RPM_BUILD_ROOT/lib/systemd/system/vsftpd at vsftpd.service
mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub
@@ -131,8 +132,8 @@ rm -rf $RPM_BUILD_ROOT
%preun
if [ $1 = 0 ]; then
- /bin/systemctl disable vsftpd at vsftpd.service > /dev/null 2>&1 || :
- /bin/systemctl stop vsftpd at vsftpd.service > /dev/null 2>&1 || :
+ /bin/systemctl disable vsftpd.service > /dev/null 2>&1 || :
+ /bin/systemctl stop vsftpd.service > /dev/null 2>&1 || :
fi
%postun
@@ -140,15 +141,14 @@ fi
%triggerun -- %{name} < 2.3.4-5
/sbin/chkconfig --del vsftpd >/dev/null 2>&1 || :
- /bin/systemctl try-restart vsftpd at vsftpd.service >/dev/null 2>&1 || :
+ /bin/systemctl try-restart vsftpd.service >/dev/null 2>&1 || :
%triggerpostun -n %{name}-sysvinit -- %{name} < 2.3.4-5
/sbin/chkconfig --add vsftpd >/dev/null 2>&1 || :
%files
%defattr(-,root,root,-)
-/lib/systemd/system/vsftpd at .service
-/lib/systemd/system/vsftpd at vsftpd.service
+/lib/systemd/system/vsftpd.service
%{_sbindir}/vsftpd
%dir %{_sysconfdir}/vsftpd
%{_sysconfdir}/vsftpd/vsftpd_conf_migrate.sh
@@ -167,6 +167,11 @@ fi
%{_sysconfdir}/rc.d/init.d/vsftpd
%changelog
+* Tue Nov 15 2011 Jiri Skala <jskala at redhat.com> - 2.3.4-6
+- fixes #753365 - multiple issues with vsftpd's systemd unit
+- removes exclusivity between listen and listen_ipv6 BZ#450853
+- ls wildchars supports square brackets
+
* Wed Aug 03 2011 Jiri Skala <jskala at redhat.com> - 2.3.4-5
- fixes #719434 - Provide native systemd unit file
- moving SysV initscript into subpackage
More information about the scm-commits
mailing list