vsftpd (GPL) and openssl?

Warren Togami <wtogami@xxxxxxxxxx> · Tue, 07 Sep 2004 23:28:05 -1000

I just noticed this in cvs-commits.  Another new instance of GPL linking 
with openssl.  Problematic?



Even if the vsftpd authors wont sue us for any possible GPL violation, 
does this possibly open a weak link in vsftpd's supposedly "very 
secure"ness?  Even if ssl is disabled by default in our config?  Please 
be sure...



Warren Togami
wtogami@xxxxxxxxxx


-------- Original Message --------

Subject: rpms/vsftpd vsftpd-2.0.1-build_ssl.patch,NONE,1.1 
vsftpd.spec,1.44,1.45

Date: Wed, 8 Sep 2004 03:55:46 -0400

From: Radek Vokal <rvokal@xxxxxxxxxx>

Reply-To: cvs-commits-list@xxxxxxxxxx

Organization: Red Hat Inc. Internal News

Newsgroups: rhat.general.cvs.cvs-rhlinux



Update of /cvs/pkgs/rpms/vsftpd
In directory cvs.devel.redhat.com:/tmp/cvs-serv32111


Modified Files:
	vsftpd.spec
Added Files:
	vsftpd-2.0.1-build_ssl.patch
Log Message:


- added patch by Jan Kratochvil for SSL support



vsftpd-2.0.1-build_ssl.patch:
 builddefs.h |    2 +-
 1 files changed, 1 insertion(+), 1 deletion(-)

--- NEW FILE vsftpd-2.0.1-build_ssl.patch ---
--- vsftpd-2.0.1/builddefs.h-orig	2004-07-02 16:36:59.000000000 +0200
+++ vsftpd-2.0.1/builddefs.h	2004-08-17 13:40:42.834402983 +0200
@@ -3,7 +3,7 @@


 #undef VSF_BUILD_TCPWRAPPERS
 #define VSF_BUILD_PAM
-#undef VSF_BUILD_SSL
+#define VSF_BUILD_SSL


 #endif /* VSF_BUILDDEFS_H */





Index: vsftpd.spec

===================================================================

RCS file: /cvs/pkgs/rpms/vsftpd/vsftpd.spec,v

retrieving revision 1.44

retrieving revision 1.45

diff -u -r1.44 -r1.45

--- vsftpd.spec	27 Aug 2004 10:56:11 -0000	1.44

+++ vsftpd.spec	8 Sep 2004 07:55:44 -0000	1.45

@@ -3,7 +3,7 @@

 Summary: vsftpd - Very Secure Ftp Daemon

 Name: vsftpd

 Version: 2.0.1

-Release: 2

+Release: 3

 License: GPL

 Group: System Environment/Daemons

 URL: http://vsftpd.beasts.org/

@@ -19,10 +19,17 @@

 Patch4: vsftpd-1.5.1-libs.patch

 Patch5: vsftpd-2.0.1-signal.patch

 Patch6: vsftpd-1.2.1-conffile.patch

+Patch7: vsftpd-2.0.1-build_ssl.patch

 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root

 %if %{tcp_wrappers}

 BuildPrereq: tcp_wrappers

 %endif

+BuildRequires: pam-devel

+Requires: pam

+BuildRequires: libcap-devel

+Requires: libcap

+BuildRequires: openssl-devel

+Requires: openssl

 # for -fpie

 BuildPrereq: gcc > gcc-3.2.3-13, binutils > binutils-2.14.90.0.4-24, 
glibc-devel >= 2.3.2-45

 Requires: logrotate

@@ -45,6 +52,7 @@

 cp %{SOURCE1} .

 %patch5 -p1 -b .signal

 %patch6 -p1

+%patch7 -p1 -b .build_ssl



 %build
 %ifarch s390x
@@ -52,7 +60,7 @@
 %else
 make CFLAGS="$RPM_OPT_FLAGS -fpie -pipe" \
 %endif
-	LINK="-pie" \
+	LINK="-pie -lssl" \
 	%{?_smp_mflags}


 %install
@@ -102,10 +110,13 @@
 /var/ftp


 %changelog
-* Fri Aug 27 2004 Radek Vokal <rvokal@xxxxxxxxxx>
+* Wed Sep 08 2004 Jan Kratochvil <project-vsftpd@xxxxxxxxxxxxxxxxx>
+- update for 2.0.1 for SSL
+
+* Fri Aug 27 2004 Radek Vokal <rvokal@xxxxxxxxxx> 2.0.1-2
 - vsftpd.conf file changed, default IPv6 support


-* Fri Aug 20 2004 Radek Vokal <rvokal@xxxxxxxxxx>
+* Fri Aug 20 2004 Radek Vokal <rvokal@xxxxxxxxxx> 2.0.1-1
 - tcp_wrapper patch updated, signal patch updated
 - upgrade to 2.0.1, fixes several bugs, RHEL and FC builds









