Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory checked in at 2012-02-22 15:55:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
and /work/SRC/openSUSE:Factory/.vsftpd.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "vsftpd", Maintainer is "MVyskocil@suse.com"
Changes:
--------
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes 2011-09-23 12:50:08.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2012-02-22 15:55:44.000000000 +0100
@@ -1,0 +2,47 @@
+Tue Feb 21 10:51:51 UTC 2012 - mvyskocil@suse.cz
+
+- follow Systemd Packaging guidelines
+ http://en.opensuse.org/openSUSE:Systemd_packaging_guidelines
+- add $local_fs and $remote_fs to init script
+
+-------------------------------------------------------------------
+Wed Feb 15 16:41:15 UTC 2012 - mvyskocil@suse.cz
+
+- use the original tarball, because the bz2 repacking madness disables
+ gpg --verify
+- revert a part oc changes utf converting
+
+-------------------------------------------------------------------
+Fri Dec 23 17:48:04 UTC 2011 - andreas.stieger@gmx.de
+
+- update to upstream 2.3.5:
+ * Try and force glibc to cache zoneinfo files in an attempt to work around
+ glibc parsing vulnerability. Thanks to Kingcope.
+ * Only report CHMOD in SITE HELP if it's enabled. Thanks to Martin Schwenke
+ .
+ * Some simple fixes and cleanups from Thorsten Brehm .
+ * Only advertise "AUTH SSL" if one of SSLv2, SSLv3 is enabled. Thanks to
+ steve willing .
+ * Handle connect() failures properly. Thanks to Takayuki Nagata
+ .
+ * Add stronger checks for the configuration error of running with a
+ writeable root directory inside a chroot(). This may bite people who
+ carelessly turned on chroot_local_user but such is life.
+- convert .changes file to unicode
+- refresh vsftpd-2.0.4-conf.diff to vsftpd-2.3.5-conf.patch
+- name patches explicitly without macro as per recommendations
+- remove INSTALL file from binary package
+- update license to GPL-2.0+
+- mark /etc/sysconfig/SuSEfirewall2/services/vsftpd as config file
+
+-------------------------------------------------------------------
+Sat Nov 26 16:31:20 UTC 2011 - crrodriguez@opensuse.org
+
+- fis copy/paste error in previous change
+
+-------------------------------------------------------------------
+Fri Nov 25 22:14:14 UTC 2011 - crrodriguez@opensuse.org
+
+- Add systemd unit
+
+-------------------------------------------------------------------
@@ -486,3 +533,3 @@
- � IPv6 support, so drop our patch
- � Many bugfixes and tunings
- � Build fixes
+ ˇ IPv6 support, so drop our patch
+ ˇ Many bugfixes and tunings
+ ˇ Build fixes
Old:
----
_service
_service:download_url:vsftpd-2.3.4.tar.gz
vsftpd-2.0.4-conf.diff
New:
----
vsftpd-2.3.5-conf.patch
vsftpd-2.3.5.tar.gz
vsftpd.service
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ vsftpd.spec ++++++
--- /var/tmp/diff_new_pack.gJn1nm/_old 2012-02-22 15:55:45.000000000 +0100
+++ /var/tmp/diff_new_pack.gJn1nm/_new 2012-02-22 15:55:45.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package vsftpd
#
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -15,20 +15,22 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
-# norootforbuild
-
Name: vsftpd
-BuildRequires: openssl-devel pam-devel
+BuildRequires: openssl-devel
+BuildRequires: pam-devel
%if 0%{?suse_version} < 1001
BuildRequires: libcap
%else
BuildRequires: libcap-devel
%endif
-Version: 2.3.4
-Release: 1
+%if 0%{?suse_version} > 1140
+BuildRequires: systemd
+%endif
+Version: 2.3.5
+Release: 0
Summary: Very Secure FTP Daemon - Written from Scratch
-License: GPLv2+
+License: GPL-2.0+
Group: Productivity/Networking/Ftp/Servers
Url: https://security.appspot.com/vsftpd.html
Source: %name-%version.tar.gz
@@ -38,17 +40,19 @@
Source4: README.SUSE
Source5: %name.xml
Source6: %name.firewall
-Patch1: %name-2.0.4-lib64.diff
-Patch3: %name-2.0.4-xinetd.diff
-Patch4: %name-2.0.4-enable-ssl.patch
-Patch5: %name-2.0.4-dmapi.patch
-Patch6: %name-2.0.5-vuser.patch
-Patch7: %name-2.0.5-enable-debuginfo.patch
-Patch8: %name-2.0.5-utf8-log-names.patch
-Patch9: %name-2.0.4-conf.diff
+Source7: vsftpd.service
+Patch1: vsftpd-2.0.4-lib64.diff
+Patch3: vsftpd-2.0.4-xinetd.diff
+Patch4: vsftpd-2.0.4-enable-ssl.patch
+Patch5: vsftpd-2.0.4-dmapi.patch
+Patch6: vsftpd-2.0.5-vuser.patch
+Patch7: vsftpd-2.0.5-enable-debuginfo.patch
+Patch8: vsftpd-2.0.5-utf8-log-names.patch
+Patch9: vsftpd-2.3.5-conf.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Provides: ftp-server
PreReq: %insserv_prereq /usr/sbin/useradd
+%{?systemd_requires}
Requires: logrotate
%description
@@ -94,25 +98,43 @@
install -D -m 644 %SOURCE5 $RPM_BUILD_ROOT/%_datadir/omc/svcinfo.d/
install -d $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/
install -m 644 %{S:6} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
+%if 0%{?suse_version} > 1140
+install -D -m 0644 %SOURCE7 %{buildroot}/%{_unitdir}/%{name}.service
+%endif
%pre
/usr/sbin/useradd -r -o -g nogroup -s /bin/false -c "Secure FTP User" -d /var/lib/empty ftpsecure 2> /dev/null || :
+%if 0%{?suse_version} > 1140
+%service_add_pre %{name}.service
+%endif
%preun
%stop_on_removal %name
+%if 0%{?suse_version} > 1140
+%service_del_preun %{name}.service
+%endif
%post
%{fillup_and_insserv -f %{name}}
+%if 0%{?suse_version} > 1140
+%service_add_post %{name}.service
+%endif
%postun
%insserv_cleanup
%restart_on_update %name
+%if 0%{?suse_version} > 1140
+%service_del_postun %{name}.service
+%endif
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root)
+%if 0%{?suse_version} > 1140
+%{_unitdir}/%{name}.service
+%endif
/usr/sbin/%name
/usr/sbin/rc%name
%config /etc/init.d/%name
@@ -124,9 +146,9 @@
%config(noreplace) /etc/logrotate.d/%name
%_mandir/man5/%name.conf.*
%_mandir/man8/%name.*
-%doc INSTALL BUGS AUDIT Changelog LICENSE README README.security
+%doc BUGS AUDIT Changelog LICENSE README README.security
%doc REWARD SPEED TODO SECURITY TUNING SIZE FAQ EXAMPLE COPYING
%doc README.SUSE
-%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
+%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
%changelog
++++++ vsftpd-2.3.5-conf.patch ++++++
Index: vsftpd.conf
===================================================================
--- vsftpd.conf.orig 2011-12-17 18:24:40.000000000 +0000
+++ vsftpd.conf 2011-12-23 17:16:43.000000000 +0000
@@ -4,23 +4,89 @@
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
+# If you do not change anything here you will have a minimum setup for an
+# anonymus FTP server.
+#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
-# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
-anonymous_enable=YES
-#
-# Uncomment this to allow local users to log in.
-#local_enable=YES
+# ################
+# General Settings
+# ################
#
# Uncomment this to enable any form of FTP write command.
-#write_enable=YES
+write_enable=NO
+#
+# Activate directory messages - messages given to remote users when they
+# go into a certain directory.
+dirmessage_enable=YES
+#
+# It is recommended that you define on your system a unique user which the
+# ftp server can use as a totally isolated and unprivileged user.
+nopriv_user=ftpsecure
+#
+# You may fully customise the login banner string:
+#ftpd_banner=Welcome to blah FTP service.
+#
+# You may activate the "-R" option to the builtin ls. This is disabled by
+# default to avoid remote users being able to cause excessive I/O on large
+# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
+# the presence of the "-R" option, so there is a strong case for enabling it.
+#ls_recurse_enable=YES
+#
+# You may specify a file of disallowed anonymous e-mail addresses. Apparently
+# useful for combatting certain DoS attacks.
+#deny_email_enable=YES
+# (default follows)
+#banned_email_file=/etc/vsftpd.banned_emails
+#
+# If enabled, all user and group information in
+# directory listings will be displayed as "ftp".
+#hide_ids=YES
+#
+# #######################
+# Local FTP user Settings
+# #######################
+#
+# Uncomment this to allow local users to log in.
+local_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#local_umask=022
#
+# You may specify an explicit list of local users to chroot() to their home
+# directory. If chroot_local_user is YES, then this list becomes a list of
+# users to NOT chroot().
+#chroot_local_user=YES
+#chroot_list_enable=YES
+# (default follows)
+#chroot_list_file=/etc/vsftpd.chroot_list
+#
+# The maximum data transfer rate permitted, in bytes per second, for
+# local authenticated users. The default is 0 (unlimited).
+#local_max_rate=7200
+#
+# ##########################
+# Anonymus FTP user Settings
+# ##########################
+#
+# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
+anonymous_enable=YES
+#
+# The maximum data transfer rate permitted, in bytes per second, for anonymous
+# authenticated users. The default is 0 (unlimited).
+#anon_max_rate=7200
+#
+# Anonymous users will only be allowed to download files which are
+# world readable.
+anon_world_readable_only=YES
+#
+# Default umask for anonymus users is 077. You may wish to change this to 022,
+# if your users expect that (022 is used by most other ftpd's)
+#anon_umask=022
+#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
@@ -30,15 +96,9 @@ anonymous_enable=YES
# new directories.
#anon_mkdir_write_enable=YES
#
-# Activate directory messages - messages given to remote users when they
-# go into a certain directory.
-dirmessage_enable=YES
-#
-# Activate logging of uploads/downloads.
-xferlog_enable=YES
-#
-# Make sure PORT transfer connections originate from port 20 (ftp-data).
-connect_from_port_20=YES
+# Uncomment this to enable anonymus FTP users to perform other write operations
+# like deletion and renaming.
+#anon_other_write_enable=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
@@ -46,24 +106,51 @@ connect_from_port_20=YES
#chown_uploads=YES
#chown_username=whoever
#
+# ############
+# Log Settings
+# ############
+#
+# Log to the syslog daemon instead of using an logfile.
+syslog_enable=YES
+#
+# Uncomment this to log all FTP requests and responses.
+#log_ftp_protocol=YES
+#
+# Activate logging of uploads/downloads.
+#xferlog_enable=YES
+#
# You may override where the log file goes if you like. The default is shown
# below.
-#xferlog_file=/var/log/vsftpd.log
+#
+#vsftpd_log_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
#xferlog_std_format=YES
#
+# You may override where the log file goes if you like. The default is shown
+# below.
+#xferlog_file=/var/log/vsftpd.log
+#
+# Enable this to have booth logfiles. Standard xferlog and vsftpd's own style log.
+#dual_log_enable=YES
+#
+# Uncomment this to enable session status information in the system process listing.
+#setproctitle_enable=YES
+#
+# #################
+# Transfer Settings
+# #################
+#
+# Make sure PORT transfer connections originate from port 20 (ftp-data).
+connect_from_port_20=YES
+#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
-# It is recommended that you define on your system a unique user which the
-# ftp server can use as a totally isolated and unprivileged user.
-#nopriv_user=ftpsecure
-#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
@@ -77,41 +164,29 @@ connect_from_port_20=YES
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
-#ascii_upload_enable=YES
+ascii_upload_enable=YES
#ascii_download_enable=YES
#
-# You may fully customise the login banner string:
-#ftpd_banner=Welcome to blah FTP service.
-#
-# You may specify a file of disallowed anonymous e-mail addresses. Apparently
-# useful for combatting certain DoS attacks.
-#deny_email_enable=YES
-# (default follows)
-#banned_email_file=/etc/vsftpd.banned_emails
-#
-# You may specify an explicit list of local users to chroot() to their home
-# directory. If chroot_local_user is YES, then this list becomes a list of
-# users to NOT chroot().
-# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
-# the user does not have write access to the top level directory within the
-# chroot)
-#chroot_local_user=YES
-#chroot_list_enable=YES
-# (default follows)
-#chroot_list_file=/etc/vsftpd.chroot_list
+# Set to NO if you want to disallow the PASV method of obtaining a data
+# connection.
+#pasv_enable=NO
#
-# You may activate the "-R" option to the builtin ls. This is disabled by
-# default to avoid remote users being able to cause excessive I/O on large
-# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
-# the presence of the "-R" option, so there is a strong case for enabling it.
-#ls_recurse_enable=YES
+# PAM setting. Do NOT change this unless you know what you do!
+pam_service_name=vsftpd
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
-listen=YES
+#listen=YES
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd with two configuration files.
# Make sure, that one of the listen options is commented !!
-#listen_ipv6=YES
+listen_ipv6=YES
+#
+# Set to ssl_enable=YES if you want to enable SSL
+ssl_enable=NO
+#
+# Limit passive ports to this range to assis firewalling
+pasv_min_port=30000
+pasv_max_port=30100
++++++ vsftpd.init ++++++
--- /var/tmp/diff_new_pack.gJn1nm/_old 2012-02-22 15:55:45.000000000 +0100
+++ /var/tmp/diff_new_pack.gJn1nm/_new 2012-02-22 15:55:45.000000000 +0100
@@ -24,8 +24,8 @@
#
### BEGIN INIT INFO
# Provides: ftpd
-# Required-Start: $syslog network-remotefs
-# Required-Stop: $syslog network-remotefs
+# Required-Start: $local_fs $remote_fs $syslog network-remotefs
+# Required-Stop: $local_fs $remote_fs $syslog network-remotefs
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Description: very secure ftp daemon
++++++ vsftpd.service ++++++
[Unit]
Description=Vsftpd ftp daemon
After=network.target
[Service]
Type=forking
ExecStart=/usr/sbin/vsftpd /etc/vsftpd.conf
[Install]
WantedBy=multi-user.target
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org