[vsftpd] * Fri Aug 06 2010 Jiri Skala <jskala at redhat.com> - 2.2.2-8 - fixes #472880 - Configuration can cause
Jiri Skala
jskala at fedoraproject.org
Fri Aug 6 07:36:02 UTC 2010
commit f98f0189c6151b1c5247222de8c578c207aa19c7
Author: Jiri Skala <jskala at localhost.localdomain>
Date: Fri Aug 6 09:35:40 2010 +0200
* Fri Aug 06 2010 Jiri Skala <jskala at redhat.com> - 2.2.2-8
- fixes #472880 - Configuration can cause confusion because of selinux labels
vsftpd-2.1.0-configuration.patch | 21 +++++++++++++--------
vsftpd.spec | 5 ++++-
2 files changed, 17 insertions(+), 9 deletions(-)
---
diff --git a/vsftpd-2.1.0-configuration.patch b/vsftpd-2.1.0-configuration.patch
index 4f95607..5f04dea 100644
--- a/vsftpd-2.1.0-configuration.patch
+++ b/vsftpd-2.1.0-configuration.patch
@@ -378,20 +378,20 @@ diff -up vsftpd-2.2.0/vsftpd.conf.5.configuration vsftpd-2.2.0/vsftpd.conf.5
.TP
.B vsftpd_log_file
This option is the name of the file to which we write the vsftpd style
-diff -up vsftpd-2.2.0/vsftpd.conf.configuration vsftpd-2.2.0/vsftpd.conf
---- vsftpd-2.2.0/vsftpd.conf.configuration 2009-06-17 22:05:28.000000000 +0200
-+++ vsftpd-2.2.0/vsftpd.conf 2009-08-04 07:53:13.000000000 +0200
+--- vsftpd-2.2.2/vsftpd.conf.configuration 2009-10-19 04:04:23.000000000 +0200
++++ vsftpd-2.2.2/vsftpd.conf 2010-08-06 09:28:44.891173995 +0200
@@ -1,4 +1,4 @@
-# Example config file /etc/vsftpd.conf
+# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
-@@ -12,14 +12,14 @@
+@@ -12,18 +12,20 @@
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
-#local_enable=YES
++# When SELinux is enforcing check for SE bool ftp_home_dir
+local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
@@ -405,7 +405,12 @@ diff -up vsftpd-2.2.0/vsftpd.conf.configuration vsftpd-2.2.0/vsftpd.conf
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
-@@ -52,7 +52,7 @@ connect_from_port_20=YES
+ # obviously need to create a directory writable by the FTP user.
++# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
+ #anon_upload_enable=YES
+ #
+ # Uncomment this if you want the anonymous FTP user to be able to create
+@@ -52,7 +54,7 @@
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
@@ -414,7 +419,7 @@ diff -up vsftpd-2.2.0/vsftpd.conf.configuration vsftpd-2.2.0/vsftpd.conf
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
-@@ -87,7 +87,7 @@ connect_from_port_20=YES
+@@ -87,7 +89,7 @@
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
@@ -423,7 +428,7 @@ diff -up vsftpd-2.2.0/vsftpd.conf.configuration vsftpd-2.2.0/vsftpd.conf
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
-@@ -95,7 +95,7 @@ connect_from_port_20=YES
+@@ -95,7 +97,7 @@
#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
@@ -432,7 +437,7 @@ diff -up vsftpd-2.2.0/vsftpd.conf.configuration vsftpd-2.2.0/vsftpd.conf
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
-@@ -112,3 +112,7 @@ listen=YES
+@@ -112,3 +114,7 @@
# sockets, you must run two copies of vsftpd with two configuration files.
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES
diff --git a/vsftpd.spec b/vsftpd.spec
index 9862ee6..ab30c34 100644
--- a/vsftpd.spec
+++ b/vsftpd.spec
@@ -2,7 +2,7 @@
Name: vsftpd
Version: 2.2.2
-Release: 7%{?dist}
+Release: 8%{?dist}
Summary: Very Secure Ftp Daemon
Group: System Environment/Daemons
@@ -146,6 +146,9 @@ fi
%changelog
+* Fri Aug 06 2010 Jiri Skala <jskala at redhat.com> - 2.2.2-8
+- fixes #472880 - Configuration can cause confusion because of selinux labels
+
* Mon May 17 2010 Jiri Skala <jskala at redhat.com> - 2.2.2-7
- when listen_ipv6=YES sets socket option to listen IPv6 only
More information about the scm-commits
mailing list