Hello community,
here is the log from the commit of package vsftpd
checked in at Sat Sep 13 12:26:55 CEST 2008.
--------
--- vsftpd/vsftpd.changes 2008-06-11 13:02:45.000000000 +0200
+++ /mounts/work_src_done/STABLE/vsftpd/vsftpd.changes 2008-09-08 15:34:19.000000000 +0200
@@ -1,0 +2,12 @@
+Mon Sep 8 15:30:43 CEST 2008 - hvogel@suse.de
+
+- version 2.0.7
+ * Fix man page typo
+ * Enhance logging for debug_ssl
+ * Shutdown the SSL data connections properly
+ * Add option to enforce proper SSL shutdown on uploads
+ * Add option to delete failed uploads
+- limit port range for passv to 1024:2024 to assist firewalling
+ [bnc#420671]
+
+-------------------------------------------------------------------
Old:
----
vsftpd-2.0.6-listen-retry.patch
vsftpd-2.0.6.tar.bz2
New:
----
vsftpd-2.0.7.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ vsftpd.spec ++++++
--- /var/tmp/diff_new_pack.EKc971/_old 2008-09-13 12:26:46.000000000 +0200
+++ /var/tmp/diff_new_pack.EKc971/_new 2008-09-13 12:26:46.000000000 +0200
@@ -1,10 +1,17 @@
#
-# spec file for package vsftpd (Version 2.0.6)
+# spec file for package vsftpd (Version 2.0.7)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
-# This file and all modifications and additions to the pristine
-# package are under the same license as the package itself.
#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
@@ -18,8 +25,8 @@
%else
BuildRequires: libcap-devel
%endif
-Version: 2.0.6
-Release: 27
+Version: 2.0.7
+Release: 1
Summary: Very Secure FTP Daemon - Written from Scratch
License: GPL v2 or later
Group: Productivity/Networking/Ftp/Servers
@@ -42,7 +49,6 @@
Patch8: %name-2.0.5-utf8-log-names.patch
Patch9: %name-2.0.6-libcap2-fix.diff
Patch10: %name-2.0.6-write_race.patch
-Patch11: %name-2.0.6-listen-retry.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Provides: ftp-server
PreReq: %insserv_prereq /usr/sbin/useradd
@@ -66,7 +72,6 @@
%prep
%setup -q
-%patch
%patch1 -p1
%patch2 -p1
%patch3 -p1
@@ -76,8 +81,8 @@
%patch7
%patch8 -p1
%patch9
-%patch10 -p1
-%patch11 -p1
+%patch10
+%patch
%build
rm -f dummyinc/sys/capability.h
@@ -133,6 +138,15 @@
%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
%changelog
+* Mon Sep 08 2008 hvogel@suse.de
+- version 2.0.7
+ * Fix man page typo
+ * Enhance logging for debug_ssl
+ * Shutdown the SSL data connections properly
+ * Add option to enforce proper SSL shutdown on uploads
+ * Add option to delete failed uploads
+- limit port range for passv to 1024:2024 to assist firewalling
+ [bnc#420671]
* Wed Jun 11 2008 hvogel@suse.de
- Fix simultaneous ftp put of the same file [bnc#361559, bnc#273454]
- dont die on EADDRINUSE but try again [bnc#395899]
++++++ vsftpd-2.0.4-conf.diff ++++++
--- /var/tmp/diff_new_pack.EKc971/_old 2008-09-13 12:26:46.000000000 +0200
+++ /var/tmp/diff_new_pack.EKc971/_new 2008-09-13 12:26:46.000000000 +0200
@@ -1,6 +1,6 @@
--- vsftpd.conf
+++ vsftpd.conf
-@@ -4,100 +4,214 @@
+@@ -4,100 +4,218 @@
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
@@ -254,6 +254,10 @@
-# the presence of the "-R" option, so there is a strong case for enabling it.
-#ls_recurse_enable=YES
+listen=YES
-
++
+# Set to ssl_enable=YES if you want to enable SSL
+ssl_enable=NO
+
++# Limit passive ports to this range to assis firewalling
++pasv_min_port=1024
++pasv_max_port=2024
++++++ vsftpd-2.0.4-lib64.diff ++++++
--- /var/tmp/diff_new_pack.EKc971/_old 2008-09-13 12:26:46.000000000 +0200
+++ /var/tmp/diff_new_pack.EKc971/_new 2008-09-13 12:26:46.000000000 +0200
@@ -16,11 +16,3 @@
locate_library /usr/lib/libcrypt.so && echo "-lcrypt";
fi
-@@ -44,6 +46,7 @@
-
- # Look for libcap (capabilities)
- locate_library /lib/libcap.so.1 && echo "/lib/libcap.so.1";
-+locate_library /lib64/libcap.so.1 && echo "/lib64/libcap.so.1";
- locate_library /usr/lib/libcap.so && echo "-lcap";
-
- # Solaris needs this for nanosleep()..
++++++ vsftpd-2.0.5-utf8-log-names.patch ++++++
--- /var/tmp/diff_new_pack.EKc971/_old 2008-09-13 12:26:46.000000000 +0200
+++ /var/tmp/diff_new_pack.EKc971/_new 2008-09-13 12:26:46.000000000 +0200
@@ -1,8 +1,8 @@
Index: vsftpd-1.2.1/str.c
-===================================================================
---- vsftpd-1.2.1.orig/str.c
-+++ vsftpd-1.2.1/str.c
-@@ -27,6 +27,24 @@ static int str_equal_internal(const char
+================================================================================
+--- vsftpd-2.0.7/str.c
++++ vsftpd-2.0.7/str.c
+@@ -27,6 +27,24 @@
const char* p_buf2, unsigned int buf2_len);
/* Private functions */
@@ -27,8 +27,8 @@
static void
s_setbuf(struct mystr* p_str, char* p_newbuf)
{
-@@ -153,6 +171,45 @@ str_reserve(struct mystr* p_str, unsigne
- }
+@@ -158,6 +176,45 @@
+ p_str->p_buf[res_len - 1] = '\0';
}
+int str_is_utf8( const struct mystr* p_str )
@@ -73,7 +73,7 @@
int
str_isempty(const struct mystr* p_str)
{
-@@ -648,11 +705,13 @@ void
+@@ -657,11 +714,13 @@
str_replace_unprintable(struct mystr* p_str, char new_char)
{
unsigned int i;
@@ -91,11 +91,9 @@
}
}
}
-Index: vsftpd-1.2.1/str.h
-===================================================================
---- vsftpd-1.2.1.orig/str.h
-+++ vsftpd-1.2.1/str.h
-@@ -36,6 +36,7 @@ void str_free(struct mystr* p_str);
+--- vsftpd-2.0.7/str.h
++++ vsftpd-2.0.7/str.h
+@@ -36,6 +36,7 @@
void str_trunc(struct mystr* p_str, unsigned int trunc_len);
void str_reserve(struct mystr* p_str, unsigned int res_len);
++++++ vsftpd-2.0.6-libcap2-fix.diff ++++++
--- /var/tmp/diff_new_pack.EKc971/_old 2008-09-13 12:26:46.000000000 +0200
+++ /var/tmp/diff_new_pack.EKc971/_new 2008-09-13 12:26:46.000000000 +0200
@@ -1,15 +1,14 @@
---- vsf_findlibs.sh-dist 2008-05-02 09:44:39.000000000 +0200
-+++ vsf_findlibs.sh 2008-05-02 09:46:35.000000000 +0200
+--- vsf_findlibs.sh
++++ vsf_findlibs.sh
@@ -45,9 +45,10 @@
locate_library /usr/lib/libsec.sl && echo "-lsec";
# Look for libcap (capabilities)
-locate_library /lib/libcap.so.1 && echo "/lib/libcap.so.1";
--locate_library /lib64/libcap.so.1 && echo "/lib64/libcap.so.1";
-+# locate_library /lib/libcap.so.1 && echo "/lib/libcap.so.1";
-+# locate_library /lib64/libcap.so.1 && echo "/lib64/libcap.so.1";
locate_library /usr/lib/libcap.so && echo "-lcap";
+ locate_library /lib/libcap.so && echo "-lcap";
+locate_library /usr/lib64/libcap.so && echo "-lcap";
++locate_library /lib64/libcap.so && echo "-lcap";
# Solaris needs this for nanosleep()..
locate_library /lib/libposix4.so && echo "-lposix4";
++++++ vsftpd-2.0.6-write_race.patch ++++++
--- /var/tmp/diff_new_pack.EKc971/_old 2008-09-13 12:26:46.000000000 +0200
+++ /var/tmp/diff_new_pack.EKc971/_new 2008-09-13 12:26:46.000000000 +0200
@@ -1,27 +1,14 @@
-diff -up vsftpd-2.0.5/sysutil.h.write_race vsftpd-2.0.5/sysutil.h
---- vsftpd-2.0.5/sysutil.h.write_race 2007-11-21 08:48:28.000000000 +0100
-+++ vsftpd-2.0.5/sysutil.h 2007-11-21 08:48:28.000000000 +0100
-@@ -91,6 +91,8 @@ void vsf_sysutil_close(int fd);
- int vsf_sysutil_close_failok(int fd);
- int vsf_sysutil_unlink(const char* p_dead);
- int vsf_sysutil_write_access(const char* p_filename);
-+/* Trucate after open */
-+int vsf_sysutil_truncate(int fd, filesize_t length);
-
- /* Reading and writing */
- void vsf_sysutil_lseek_to(const int fd, filesize_t seek_pos);
-diff -up vsftpd-2.0.5/postlogin.c.write_race vsftpd-2.0.5/postlogin.c
---- vsftpd-2.0.5/postlogin.c.write_race 2007-11-21 08:48:28.000000000 +0100
-+++ vsftpd-2.0.5/postlogin.c 2007-11-21 08:51:59.000000000 +0100
-@@ -953,6 +953,7 @@ handle_upload_common(struct vsf_session*
- struct vsf_transfer_ret trans_ret;
- int new_file_fd;
+--- postlogin.c
++++ postlogin.c
+@@ -983,6 +983,7 @@
int remote_fd;
+ int success = 0;
+ int created = 0;
+ int truncit = 0;
filesize_t offset = p_sess->restart_pos;
p_sess->restart_pos = 0;
if (!data_transfer_checks_ok(p_sess))
-@@ -987,7 +988,15 @@ handle_upload_common(struct vsf_session*
+@@ -1017,7 +1018,15 @@
/* For non-anonymous, allow open() to overwrite or append existing files */
if (!is_append && offset == 0)
{
@@ -38,7 +25,7 @@
}
else
{
-@@ -1023,6 +1032,11 @@ handle_upload_common(struct vsf_session*
+@@ -1060,6 +1069,11 @@
if (tunable_lock_upload_files)
{
vsf_sysutil_lock_file_write(new_file_fd);
@@ -50,10 +37,9 @@
}
if (!is_append && offset != 0)
{
-diff -up vsftpd-2.0.5/sysutil.c.write_race vsftpd-2.0.5/sysutil.c
---- vsftpd-2.0.5/sysutil.c.write_race 2007-11-21 08:48:28.000000000 +0100
-+++ vsftpd-2.0.5/sysutil.c 2007-11-21 08:48:28.000000000 +0100
-@@ -1196,6 +1196,12 @@ vsf_sysutil_close_failok(int fd)
+--- sysutil.c
++++ sysutil.c
+@@ -1200,6 +1200,12 @@
}
int
@@ -66,3 +52,14 @@
vsf_sysutil_unlink(const char* p_dead)
{
return unlink(p_dead);
+--- sysutil.h
++++ sysutil.h
+@@ -90,6 +90,8 @@
+ int vsf_sysutil_close_failok(int fd);
+ int vsf_sysutil_unlink(const char* p_dead);
+ int vsf_sysutil_write_access(const char* p_filename);
++/* Trucate after open */
++int vsf_sysutil_truncate(int fd, filesize_t length);
+
+ /* Reading and writing */
+ void vsf_sysutil_lseek_to(const int fd, filesize_t seek_pos);
++++++ vsftpd-2.0.6.tar.bz2 -> vsftpd-2.0.7.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/vsftpd-2.0.6/Changelog new/vsftpd-2.0.7/Changelog
--- old/vsftpd-2.0.6/Changelog 2008-02-12 06:34:34.000000000 +0100
+++ new/vsftpd-2.0.7/Changelog 2008-07-30 05:55:17.000000000 +0200
@@ -975,3 +975,20 @@
At this point: v2.0.6 released!
===============================
+
+- Fix finding libcap for the link on Slackware systems, thanks to Roman
+Kravchenko .
+- Fix build on Solaris 2.8 due to non-standard C, thanks to IIDA Yosiaki
+.
+- Fix man page typo, thanks Matt Selsky .
+- Bring the PASV listen() into the bind() retry loop to resolve a race under
+extreme load. Thanks to Curtis Taylor .
+- Enhance logging for debug_ssl.
+- Shutdown the SSL data connections properly. This prevents clients such as
+recent FileZilla from complaining. Reported by various people.
+- Add option to enforce proper SSL shutdown on uploads. Left it off after much
+agonizing because clients are so broken in this area.
+- Add option to delete failed uploads.
+
+At this point: v2.0.7 released!
+===============================
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/vsftpd-2.0.6/ftpdataio.c new/vsftpd-2.0.7/ftpdataio.c
--- old/vsftpd-2.0.6/ftpdataio.c 2008-02-03 19:45:35.000000000 +0100
+++ new/vsftpd-2.0.7/ftpdataio.c 2008-07-29 06:54:55.000000000 +0200
@@ -51,9 +51,10 @@
enum EVSFRWTarget target);
static unsigned int get_chunk_size();
-void
+int
vsf_ftpdataio_dispose_transfer_fd(struct vsf_session* p_sess)
{
+ int dispose_ret = 1;
int retval;
if (p_sess->data_fd == -1)
{
@@ -64,7 +65,7 @@
vsf_sysutil_uninstall_io_handler();
if (p_sess->p_data_ssl != 0)
{
- ssl_data_close(p_sess);
+ dispose_ret = ssl_data_close(p_sess);
}
/* This close() blocks because we set SO_LINGER */
retval = vsf_sysutil_close_failok(p_sess->data_fd);
@@ -76,6 +77,7 @@
}
vsf_sysutil_clear_alarm();
p_sess->data_fd = -1;
+ return dispose_ret;
}
int
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/vsftpd-2.0.6/ftpdataio.h new/vsftpd-2.0.7/ftpdataio.h
--- old/vsftpd-2.0.6/ftpdataio.h 2008-02-02 02:30:39.000000000 +0100
+++ new/vsftpd-2.0.7/ftpdataio.h 2008-07-29 06:53:56.000000000 +0200
@@ -15,8 +15,11 @@
* timeout goes off, or the connection is severed).
* PARAMETERS
* p_sess - the current FTP session object
+ * RETURNS
+ * 1 on success, 0 otherwise.
+ *
*/
-void vsf_ftpdataio_dispose_transfer_fd(struct vsf_session* p_sess);
+int vsf_ftpdataio_dispose_transfer_fd(struct vsf_session* p_sess);
/* vsf_ftpdataio_get_pasv_fd()
* PURPOSE
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/vsftpd-2.0.6/parseconf.c new/vsftpd-2.0.7/parseconf.c
--- old/vsftpd-2.0.6/parseconf.c 2008-02-12 05:53:32.000000000 +0100
+++ new/vsftpd-2.0.7/parseconf.c 2008-07-30 03:53:05.000000000 +0200
@@ -102,6 +102,10 @@
{ "debug_ssl", &tunable_debug_ssl },
{ "require_cert", &tunable_require_cert },
{ "validate_cert", &tunable_validate_cert },
+ { "strict_ssl_read_eof", &tunable_strict_ssl_read_eof },
+ { "strict_ssl_write_shutdown", &tunable_strict_ssl_write_shutdown },
+ { "ssl_request_cert", &tunable_ssl_request_cert },
+ { "delete_failed_uploads", &tunable_delete_failed_uploads },
{ 0, 0 }
};
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/vsftpd-2.0.6/postlogin.c new/vsftpd-2.0.7/postlogin.c
--- old/vsftpd-2.0.6/postlogin.c 2008-02-12 04:53:06.000000000 +0100
+++ new/vsftpd-2.0.7/postlogin.c 2008-07-30 03:51:09.000000000 +0200
@@ -568,19 +568,22 @@
retval = vsf_sysutil_bind(p_sess->pasv_listen_fd, s_p_sockaddr);
if (!vsf_sysutil_retval_is_error(retval))
{
- break;
+ retval = vsf_sysutil_listen(p_sess->pasv_listen_fd, 1);
+ if (!vsf_sysutil_retval_is_error(retval))
+ {
+ break;
+ }
}
if (vsf_sysutil_get_error() == kVSFSysUtilErrADDRINUSE)
{
continue;
}
- die("vsf_sysutil_bind");
+ die("vsf_sysutil_bind / listen");
}
if (!bind_retries)
{
die("vsf_sysutil_bind");
}
- vsf_sysutil_listen(p_sess->pasv_listen_fd, 1);
if (is_epsv)
{
str_alloc_text(&s_pasv_res_str, "Entering Extended Passive Mode (|||");
@@ -718,7 +721,10 @@
}
trans_ret = vsf_ftpdataio_transfer_file(p_sess, remote_fd,
opened_file, 0, is_ascii);
- vsf_ftpdataio_dispose_transfer_fd(p_sess);
+ if (vsf_ftpdataio_dispose_transfer_fd(p_sess) != 1 && trans_ret.retval == 0)
+ {
+ trans_ret.retval = -2;
+ }
p_sess->transfer_size = trans_ret.transferred;
/* Log _after_ the blocking dispose call, so we get transfer times right */
if (trans_ret.retval == 0)
@@ -863,7 +869,10 @@
}
if (!stat_cmd)
{
- vsf_ftpdataio_dispose_transfer_fd(p_sess);
+ if (vsf_ftpdataio_dispose_transfer_fd(p_sess) != 1 && retval == 0)
+ {
+ retval = -1;
+ }
}
if (stat_cmd)
{
@@ -972,6 +981,8 @@
struct vsf_transfer_ret trans_ret;
int new_file_fd;
int remote_fd;
+ int success = 0;
+ int created = 0;
filesize_t offset = p_sess->restart_pos;
p_sess->restart_pos = 0;
if (!data_transfer_checks_ok(p_sess))
@@ -1018,6 +1029,7 @@
vsf_cmdio_write(p_sess, FTP_UPLOADFAIL, "Could not create file.");
return;
}
+ created = 1;
vsf_sysutil_fstat(new_file_fd, &s_p_statbuf);
if (vsf_sysutil_statbuf_is_regfile(s_p_statbuf))
{
@@ -1075,11 +1087,14 @@
trans_ret = vsf_ftpdataio_transfer_file(p_sess, remote_fd,
new_file_fd, 1, 0);
}
- vsf_ftpdataio_dispose_transfer_fd(p_sess);
+ if (vsf_ftpdataio_dispose_transfer_fd(p_sess) != 1 && trans_ret.retval == 0)
+ {
+ trans_ret.retval = -2;
+ }
p_sess->transfer_size = trans_ret.transferred;
- /* XXX - handle failure, delete file? */
if (trans_ret.retval == 0)
{
+ success = 1;
vsf_log_do_log(p_sess, 1);
}
if (trans_ret.retval == -1)
@@ -1098,6 +1113,10 @@
port_pasv_cleanup_out:
port_cleanup(p_sess);
pasv_cleanup(p_sess);
+ if (tunable_delete_failed_uploads && created && !success)
+ {
+ str_unlink(p_filename);
+ }
vsf_sysutil_close(new_file_fd);
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/vsftpd-2.0.6/privops.c new/vsftpd-2.0.7/privops.c
--- old/vsftpd-2.0.6/privops.c 2008-02-04 14:22:23.000000000 +0100
+++ new/vsftpd-2.0.7/privops.c 2008-07-29 04:00:33.000000000 +0200
@@ -44,6 +44,7 @@
*/
for (i = 0; i < 2; ++i)
{
+ double sleep_for;
vsf_sysutil_sockaddr_clone(&p_sockaddr, p_sess->p_local_addr);
vsf_sysutil_sockaddr_set_port(p_sockaddr, tunable_ftp_data_port);
retval = vsf_sysutil_bind(s, p_sockaddr);
@@ -55,7 +56,7 @@
{
die("vsf_sysutil_bind");
}
- double sleep_for = vsf_sysutil_get_random_byte();
+ sleep_for = vsf_sysutil_get_random_byte();
sleep_for /= 256.0;
sleep_for += 1.0;
vsf_sysutil_sleep(sleep_for);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/vsftpd-2.0.6/README new/vsftpd-2.0.7/README
--- old/vsftpd-2.0.6/README 2008-02-12 05:42:21.000000000 +0100
+++ new/vsftpd-2.0.7/README 2008-07-29 06:15:28.000000000 +0200
@@ -1,4 +1,4 @@
-This is vsftpd, version 2.0.6
+This is vsftpd, version 2.0.7
Author: Chris Evans
Contact: scarybeasts@gmail.com
Website: http://vsftpd.beasts.org/
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/vsftpd-2.0.6/readwrite.c new/vsftpd-2.0.7/readwrite.c
--- old/vsftpd-2.0.6/readwrite.c 2008-02-02 02:30:40.000000000 +0100
+++ new/vsftpd-2.0.7/readwrite.c 2008-07-30 03:30:16.000000000 +0200
@@ -51,11 +51,11 @@
}
int
-ftp_read_data(const struct vsf_session* p_sess, char* p_buf, unsigned int len)
+ftp_read_data(struct vsf_session* p_sess, char* p_buf, unsigned int len)
{
if (p_sess->data_use_ssl)
{
- return ssl_read(p_sess->p_data_ssl, p_buf, len);
+ return ssl_read(p_sess, p_buf, len);
}
else
{
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/vsftpd-2.0.6/readwrite.h new/vsftpd-2.0.7/readwrite.h
--- old/vsftpd-2.0.6/readwrite.h 2008-02-02 02:30:40.000000000 +0100
+++ new/vsftpd-2.0.7/readwrite.h 2008-07-30 03:30:08.000000000 +0200
@@ -12,8 +12,7 @@
int ftp_write_str(const struct vsf_session* p_sess, const struct mystr* p_str,
enum EVSFRWTarget target);
-int ftp_read_data(const struct vsf_session* p_sess, char* p_buf,
- unsigned int len);
+int ftp_read_data(struct vsf_session* p_sess, char* p_buf, unsigned int len);
int ftp_write_data(const struct vsf_session* p_sess, const char* p_buf,
unsigned int len);
void ftp_getline(const struct vsf_session* p_sess, struct mystr* p_str,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/vsftpd-2.0.6/ssl.c new/vsftpd-2.0.7/ssl.c
--- old/vsftpd-2.0.6/ssl.c 2008-02-12 05:57:58.000000000 +0100
+++ new/vsftpd-2.0.7/ssl.c 2008-07-30 05:56:39.000000000 +0200
@@ -28,6 +28,7 @@
#include
#include
#include
+#include
static char* get_ssl_error();
static SSL* get_ssl(struct vsf_session* p_sess, int fd);
@@ -38,6 +39,8 @@
static int ssl_verify_callback(int verify_ok, X509_STORE_CTX* p_ctx);
static int ssl_cert_digest(
SSL* p_ssl, struct vsf_session* p_sess, struct mystr* p_str);
+static void maybe_log_shutdown_state(struct vsf_session* p_sess);
+static void maybe_log_ssl_error_state(struct vsf_session* p_sess, int ret);
static int ssl_inited;
static struct mystr debug_str;
@@ -111,17 +114,23 @@
{
die("SSL: RNG is not seeded");
}
- verify_option = SSL_VERIFY_PEER;
+ if (tunable_ssl_request_cert)
+ {
+ verify_option |= SSL_VERIFY_PEER;
+ }
if (tunable_require_cert)
{
verify_option |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
}
- SSL_CTX_set_verify(p_ctx, verify_option, ssl_verify_callback);
- if (tunable_ca_certs_file)
+ if (verify_option)
{
- if (!SSL_CTX_load_verify_locations(p_ctx, tunable_ca_certs_file, NULL))
+ SSL_CTX_set_verify(p_ctx, verify_option, ssl_verify_callback);
+ if (tunable_ca_certs_file)
{
- die("SSL: could not load verify file");
+ if (!SSL_CTX_load_verify_locations(p_ctx, tunable_ca_certs_file, NULL))
+ {
+ die("SSL: could not load verify file");
+ }
}
}
p_sess->p_ssl_ctx = p_ctx;
@@ -207,11 +216,12 @@
ssl_getline(const struct vsf_session* p_sess, struct mystr* p_str,
char end_char, char* p_buf, unsigned int buflen)
{
+ char* p_buf_start;
if (buflen == 0)
{
return;
}
- char* p_buf_start = p_buf;
+ p_buf_start = p_buf;
p_buf[buflen - 1] = end_char;
buflen--;
while (1)
@@ -238,17 +248,30 @@
}
int
-ssl_read(void* p_ssl, char* p_buf, unsigned int len)
+ssl_read(struct vsf_session* p_sess, char* p_buf, unsigned int len)
{
int retval;
int err;
+ SSL* p_ssl = p_sess->p_data_ssl;
do
{
- retval = SSL_read((SSL*) p_ssl, p_buf, len);
- err = SSL_get_error((SSL*) p_ssl, retval);
+ retval = SSL_read(p_ssl, p_buf, len);
+ err = SSL_get_error(p_ssl, retval);
}
while (retval < 0 && (err == SSL_ERROR_WANT_READ ||
err == SSL_ERROR_WANT_WRITE));
+ // If we hit an EOF, make sure it was from the peer, not injected by the
+ // attacker.
+ if (retval == 0 && SSL_get_shutdown(p_ssl) != SSL_RECEIVED_SHUTDOWN)
+ {
+ str_alloc_text(&debug_str, "Connection terminated without SSL shutdown "
+ "- buggy client?");
+ vsf_log_line(p_sess, kVSFLogEntryDebug, &debug_str);
+ if (tunable_strict_ssl_read_eof)
+ {
+ return -1;
+ }
+ }
return retval;
}
@@ -279,14 +302,93 @@
return 0;
}
-void
-ssl_data_close(struct vsf_session* p_sess)
+static void
+maybe_log_shutdown_state(struct vsf_session* p_sess)
{
- if (p_sess->p_data_ssl)
+ if (tunable_debug_ssl)
{
- SSL_free(p_sess->p_data_ssl);
+ int ret = SSL_get_shutdown(p_sess->p_data_ssl);
+ str_alloc_text(&debug_str, "SSL shutdown state is: ");
+ if (ret == 0)
+ {
+ str_append_text(&debug_str, "NONE");
+ }
+ else if (ret == SSL_SENT_SHUTDOWN)
+ {
+ str_append_text(&debug_str, "SSL_SENT_SHUTDOWN");
+ }
+ else if (ret == SSL_RECEIVED_SHUTDOWN)
+ {
+ str_append_text(&debug_str, "SSL_RECEIVED_SHUTDOWN");
+ }
+ else
+ {
+ str_append_ulong(&debug_str, ret);
+ }
+ vsf_log_line(p_sess, kVSFLogEntryDebug, &debug_str);
+ }
+}
+
+static void
+maybe_log_ssl_error_state(struct vsf_session* p_sess, int ret)
+{
+ if (tunable_debug_ssl)
+ {
+ str_alloc_text(&debug_str, "SSL ret: ");
+ str_append_ulong(&debug_str, ret);
+ str_append_text(&debug_str, ", SSL error: ");
+ str_append_text(&debug_str, get_ssl_error());
+ str_append_text(&debug_str, ", errno: ");
+ str_append_ulong(&debug_str, errno);
+ vsf_log_line(p_sess, kVSFLogEntryDebug, &debug_str);
+ }
+}
+
+int
+ssl_data_close(struct vsf_session* p_sess)
+{
+ int success = 1;
+ SSL* p_ssl = p_sess->p_data_ssl;
+ if (p_ssl)
+ {
+ int ret;
+ maybe_log_shutdown_state(p_sess);
+ // This is a mess. Ideally, when we're the sender, we'd like to get to the
+ // SSL_RECEIVED_SHUTDOWN state to get a cryptographic guarantee that the
+ // peer received all the data and shut the connection down cleanly. It
+ // doesn't matter hugely apart from logging, but it's a nagging detail.
+ // Unfortunately, no FTP client I found was able to get sends into that
+ // state, so the best we can do is issue SSL_shutdown but not check the
+ // errors / returns. At least this enables the receiver to be sure of the
+ // integrity of the send in terms of unwanted truncation.
+ ret = SSL_shutdown(p_ssl);
+ maybe_log_shutdown_state(p_sess);
+ if (ret == 0)
+ {
+ ret = SSL_shutdown(p_ssl);
+ maybe_log_shutdown_state(p_sess);
+ if (ret != 1)
+ {
+ if (tunable_strict_ssl_write_shutdown)
+ {
+ success = 0;
+ }
+ maybe_log_shutdown_state(p_sess);
+ maybe_log_ssl_error_state(p_sess, ret);
+ }
+ }
+ else if (ret < 0)
+ {
+ if (tunable_strict_ssl_write_shutdown)
+ {
+ success = 0;
+ }
+ maybe_log_ssl_error_state(p_sess, ret);
+ }
+ SSL_free(p_ssl);
p_sess->p_data_ssl = NULL;
}
+ return success;
}
int
@@ -296,11 +398,12 @@
* protocol. If a client sends an unfortunately optional client cert then
* we can check for a match between the control and data connections.
*/
+ SSL* p_ssl;
if (p_sess->p_data_ssl != NULL)
{
die("p_data_ssl should be NULL.");
}
- SSL* p_ssl = get_ssl(p_sess, fd);
+ p_ssl = get_ssl(p_sess, fd);
if (p_ssl == NULL)
{
return 0;
@@ -549,9 +652,9 @@
}
int
-ssl_read(void* p_ssl, char* p_buf, unsigned int len)
+ssl_read(struct vsf_session* p_sess, char* p_buf, unsigned int len)
{
- (void) p_ssl;
+ (void) p_sess;
(void) p_buf;
(void) len;
return -1;
@@ -582,10 +685,11 @@
return -1;
}
-void
+int
ssl_data_close(struct vsf_session* p_sess)
{
(void) p_sess;
+ return 1;
}
void
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/vsftpd-2.0.6/ssl.h new/vsftpd-2.0.7/ssl.h
--- old/vsftpd-2.0.6/ssl.h 2008-02-02 02:30:41.000000000 +0100
+++ new/vsftpd-2.0.7/ssl.h 2008-07-30 03:24:26.000000000 +0200
@@ -6,12 +6,12 @@
void ssl_getline(const struct vsf_session* p_sess, struct mystr* p_str,
char end_char, char* p_buf, unsigned int buflen);
-int ssl_read(void* p_ssl, char* p_buf, unsigned int len);
+int ssl_read(struct vsf_session* p_sess, char* p_buf, unsigned int len);
int ssl_write(void* p_ssl, const char* p_buf, unsigned int len);
int ssl_write_str(void* p_ssl, const struct mystr* p_str);
void ssl_init(struct vsf_session* p_sess);
int ssl_accept(struct vsf_session* p_sess, int fd);
-void ssl_data_close(struct vsf_session* p_sess);
+int ssl_data_close(struct vsf_session* p_sess);
void ssl_comm_channel_init(struct vsf_session* p_sess);
void handle_auth(struct vsf_session* p_sess);
void handle_pbsz(struct vsf_session* p_sess);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/vsftpd-2.0.6/standalone.c new/vsftpd-2.0.7/standalone.c
--- old/vsftpd-2.0.6/standalone.c 2008-02-02 02:30:40.000000000 +0100
+++ new/vsftpd-2.0.7/standalone.c 2008-07-29 05:22:25.000000000 +0200
@@ -130,7 +130,11 @@
die("could not bind listening IPv6 socket");
}
}
- vsf_sysutil_listen(listen_sock, VSFTP_LISTEN_BACKLOG);
+ retval = vsf_sysutil_listen(listen_sock, VSFTP_LISTEN_BACKLOG);
+ if (vsf_sysutil_retval_is_error(retval))
+ {
+ die("could not listen");
+ }
vsf_sysutil_sockaddr_alloc(&p_accept_addr);
while (1)
{
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/vsftpd-2.0.6/sysutil.c new/vsftpd-2.0.7/sysutil.c
--- old/vsftpd-2.0.6/sysutil.c 2008-02-02 02:30:41.000000000 +0100
+++ new/vsftpd-2.0.7/sysutil.c 2008-07-29 05:21:02.000000000 +0200
@@ -917,10 +917,11 @@
char*
vsf_sysutil_getcwd(char* p_dest, const unsigned int buf_size)
{
+ char* p_retval;
if (buf_size == 0) {
return p_dest;
}
- char* p_retval = getcwd(p_dest, buf_size);
+ p_retval = getcwd(p_dest, buf_size);
p_dest[buf_size - 1] = '\0';
return p_retval;
}
@@ -1515,10 +1516,11 @@
int
vsf_sysutil_readlink(const char* p_filename, char* p_dest, unsigned int bufsiz)
{
+ int retval;
if (bufsiz == 0) {
return -1;
}
- int retval = readlink(p_filename, p_dest, bufsiz - 1);
+ retval = readlink(p_filename, p_dest, bufsiz - 1);
if (retval < 0)
{
return retval;
@@ -1620,14 +1622,16 @@
return bind(fd, p_sockaddr, len);
}
-void
+int
vsf_sysutil_listen(int fd, const unsigned int backlog)
{
int retval = listen(fd, backlog);
- if (retval != 0)
+ if (vsf_sysutil_retval_is_error(retval) &&
+ vsf_sysutil_get_error() != kVSFSysUtilErrADDRINUSE)
{
die("listen");
}
+ return retval;
}
/* Warning: callers of this function assume it does NOT make use of any
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/vsftpd-2.0.6/sysutil.h new/vsftpd-2.0.7/sysutil.h
--- old/vsftpd-2.0.6/sysutil.h 2008-02-02 02:30:39.000000000 +0100
+++ new/vsftpd-2.0.7/sysutil.h 2008-07-29 05:18:32.000000000 +0200
@@ -239,7 +239,7 @@
struct vsf_sysutil_socketpair_retval
vsf_sysutil_unix_stream_socketpair(void);
int vsf_sysutil_bind(int fd, const struct vsf_sysutil_sockaddr* p_sockptr);
-void vsf_sysutil_listen(int fd, const unsigned int backlog);
+int vsf_sysutil_listen(int fd, const unsigned int backlog);
void vsf_sysutil_getsockname(int fd, struct vsf_sysutil_sockaddr** p_sockptr);
void vsf_sysutil_getpeername(int fd, struct vsf_sysutil_sockaddr** p_sockptr);
int vsf_sysutil_accept_timeout(int fd, struct vsf_sysutil_sockaddr* p_sockaddr,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/vsftpd-2.0.6/tunables.c new/vsftpd-2.0.7/tunables.c
--- old/vsftpd-2.0.6/tunables.c 2008-02-12 05:53:01.000000000 +0100
+++ new/vsftpd-2.0.7/tunables.c 2008-07-30 03:52:23.000000000 +0200
@@ -74,6 +74,10 @@
int tunable_debug_ssl = 0;
int tunable_require_cert = 0;
int tunable_validate_cert = 0;
+int tunable_strict_ssl_read_eof = 0;
+int tunable_strict_ssl_write_shutdown = 0;
+int tunable_ssl_request_cert = 1;
+int tunable_delete_failed_uploads = 0;
unsigned int tunable_accept_timeout = 60;
unsigned int tunable_connect_timeout = 60;
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/vsftpd-2.0.6/tunables.h new/vsftpd-2.0.7/tunables.h
--- old/vsftpd-2.0.6/tunables.h 2008-02-12 05:52:49.000000000 +0100
+++ new/vsftpd-2.0.7/tunables.h 2008-07-30 03:52:11.000000000 +0200
@@ -70,6 +70,10 @@
extern int tunable_debug_ssl; /* Verbose SSL logging */
extern int tunable_require_cert; /* SSL client cert required */
extern int tunable_validate_cert; /* SSL certs must be valid */
+extern int tunable_strict_ssl_read_eof; /* Need SSL_shutdown() on read */
+extern int tunable_strict_ssl_write_shutdown; /* Need SSL_shutdown() on write */
+extern int tunable_ssl_request_cert; /* Ask client for cert */
+extern int tunable_delete_failed_uploads; /* Delete an upload that failed */
/* Integer/numeric defines */
extern unsigned int tunable_accept_timeout;
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/vsftpd-2.0.6/vsf_findlibs.sh new/vsftpd-2.0.7/vsf_findlibs.sh
--- old/vsftpd-2.0.6/vsf_findlibs.sh 2008-02-02 02:30:40.000000000 +0100
+++ new/vsftpd-2.0.7/vsf_findlibs.sh 2008-07-29 03:52:35.000000000 +0200
@@ -45,6 +45,7 @@
# Look for libcap (capabilities)
locate_library /lib/libcap.so.1 && echo "/lib/libcap.so.1";
locate_library /usr/lib/libcap.so && echo "-lcap";
+locate_library /lib/libcap.so && echo "-lcap";
# Solaris needs this for nanosleep()..
locate_library /lib/libposix4.so && echo "-lposix4";
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/vsftpd-2.0.6/vsftpd.conf.5 new/vsftpd-2.0.7/vsftpd.conf.5
--- old/vsftpd-2.0.6/vsftpd.conf.5 2008-02-12 05:56:32.000000000 +0100
+++ new/vsftpd-2.0.7/vsftpd.conf.5 2008-07-30 03:56:30.000000000 +0200
@@ -169,6 +169,11 @@
Default: NO
.TP
+.B delete_failed_uploads
+If true, any failed upload files are deleted. (Added in v2.0.7).
+
+Default: NO
+.TP
.B deny_email_enable
If activated, you may provide a list of anonymous password e-mail responses
which cause login to be denied. By default, the file containing this list is
@@ -445,6 +450,14 @@
Default: NO
.TP
+.B ssl_request_cert
+If enabled, vsftpd will request (but not necessarily require; see
+.BR require_cert) a certificate on incoming SSL connections. Normally this
+should not cause any trouble at all, but IBM zOS seems to have issues.
+(New in v2.0.7).
+
+Default: YES
+.TP
.B ssl_sslv2
Only applies if
.BR ssl_enable
@@ -469,6 +482,23 @@
Default: YES
.TP
+.B strict_ssl_read_eof
+If enabled, SSL data uploads are required to terminate via SSL, not an
+EOF on the socket. This option is required to be sure that an attacker did
+not terminate an upload prematurely with a faked TCP FIN. Unfortunately, it
+is not enabled by default because so few clients get it right. (New in v2.0.7).
+
+Default: NO
+.TP
+.B strict_ssl_write_shutdown
+If enabled, SSL data downloads are required to terminate via SSL, not an
+EOF on the socket. This is off by default as I was unable to find a single
+FTP client that does this. It is minor. All it affects is our ability to tell
+whether the client confirmed full receipt of the file. Even without this option,
+the client is able to check the integrity of the download. (New in v2.0.7).
+
+Default: NO
+.TP
.B syslog_enable
If enabled, then any log output which would have gone to /var/log/vsftpd.log
goes to the system log instead. Logging is done under the FTPD facility.
@@ -915,7 +945,7 @@
.TP
.B ssl_ciphers
This option can be used to select which SSL ciphers vsftpd will allow for
-encrpyted SSL connections. See the
+encrypted SSL connections. See the
.BR ciphers
man page for further details. Note that restricting ciphers can be a useful
security precaution as it prevents malicious remote parties forcing a cipher
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/vsftpd-2.0.6/vsftpver.h new/vsftpd-2.0.7/vsftpver.h
--- old/vsftpd-2.0.6/vsftpver.h 2008-02-02 02:30:41.000000000 +0100
+++ new/vsftpd-2.0.7/vsftpver.h 2008-07-29 06:15:16.000000000 +0200
@@ -1,7 +1,7 @@
#ifndef VSF_VERSION_H
#define VSF_VERSION_H
-#define VSF_VERSION "2.0.6"
+#define VSF_VERSION "2.0.7"
#endif /* VSF_VERSION_H */
++++++ vsftpd.firewall ++++++
--- vsftpd/vsftpd.firewall 2007-02-28 08:40:21.000000000 +0100
+++ /mounts/work_src_done/STABLE/vsftpd/vsftpd.firewall 2008-09-09 16:48:17.000000000 +0200
@@ -2,10 +2,10 @@
## Description: Opens ports for vsftpd Server.
# space separated list of allowed TCP ports
-TCP="ftp ftp-data"
+TCP="ftp 1024:2024"
# space separated list of allowed UDP ports
-UDP="ftp-data"
+UDP=""
# space separated list of allowed RPC services
RPC=""
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org