vsftpd (GPL) and openssl?

Wed Sep 8 09:28:05 UTC 2004

I just noticed this in cvs-commits.  Another new instance of GPL linking 
with openssl.  Problematic?

Even if the vsftpd authors wont sue us for any possible GPL violation, 
does this possibly open a weak link in vsftpd's supposedly "very 
secure"ness?  Even if ssl is disabled by default in our config?  Please 
be sure...

Warren Togami
wtogami at redhat.com

-------- Original Message --------
Subject: rpms/vsftpd vsftpd-2.0.1-build_ssl.patch,NONE,1.1 
vsftpd.spec,1.44,1.45
Date: Wed, 8 Sep 2004 03:55:46 -0400
From: Radek Vokal <rvokal at redhat.com>
Reply-To: cvs-commits-list at redhat.com
Organization: Red Hat Inc. Internal News
Newsgroups: rhat.general.cvs.cvs-rhlinux

Update of /cvs/pkgs/rpms/vsftpd
In directory cvs.devel.redhat.com:/tmp/cvs-serv32111

Modified Files:
	vsftpd.spec
Added Files:
	vsftpd-2.0.1-build_ssl.patch
Log Message:

- added patch by Jan Kratochvil for SSL support


vsftpd-2.0.1-build_ssl.patch:
  builddefs.h |    2 +-
  1 files changed, 1 insertion(+), 1 deletion(-)

--- NEW FILE vsftpd-2.0.1-build_ssl.patch ---
--- vsftpd-2.0.1/builddefs.h-orig	2004-07-02 16:36:59.000000000 +0200
+++ vsftpd-2.0.1/builddefs.h	2004-08-17 13:40:42.834402983 +0200
@@ -3,7 +3,7 @@

  #undef VSF_BUILD_TCPWRAPPERS
  #define VSF_BUILD_PAM
-#undef VSF_BUILD_SSL
+#define VSF_BUILD_SSL

  #endif /* VSF_BUILDDEFS_H */



Index: vsftpd.spec
===================================================================
RCS file: /cvs/pkgs/rpms/vsftpd/vsftpd.spec,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -r1.44 -r1.45
--- vsftpd.spec	27 Aug 2004 10:56:11 -0000	1.44
+++ vsftpd.spec	8 Sep 2004 07:55:44 -0000	1.45
@@ -3,7 +3,7 @@
  Summary: vsftpd - Very Secure Ftp Daemon
  Name: vsftpd
  Version: 2.0.1
-Release: 2
+Release: 3
  License: GPL
  Group: System Environment/Daemons
  URL: http://vsftpd.beasts.org/
@@ -19,10 +19,17 @@
  Patch4: vsftpd-1.5.1-libs.patch
  Patch5: vsftpd-2.0.1-signal.patch
  Patch6: vsftpd-1.2.1-conffile.patch
+Patch7: vsftpd-2.0.1-build_ssl.patch
  BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
  %if %{tcp_wrappers}
  BuildPrereq: tcp_wrappers
  %endif
+BuildRequires: pam-devel
+Requires: pam
+BuildRequires: libcap-devel
+Requires: libcap
+BuildRequires: openssl-devel
+Requires: openssl
  # for -fpie
  BuildPrereq: gcc > gcc-3.2.3-13, binutils > binutils-2.14.90.0.4-24, 
glibc-devel >= 2.3.2-45
  Requires: logrotate
@@ -45,6 +52,7 @@
  cp %{SOURCE1} .
  %patch5 -p1 -b .signal
  %patch6 -p1
+%patch7 -p1 -b .build_ssl

  %build
  %ifarch s390x
@@ -52,7 +60,7 @@
  %else
  make CFLAGS="$RPM_OPT_FLAGS -fpie -pipe" \
  %endif
-	LINK="-pie" \
+	LINK="-pie -lssl" \
  	%{?_smp_mflags}

  %install
@@ -102,10 +110,13 @@
  /var/ftp

  %changelog
-* Fri Aug 27 2004 Radek Vokal <rvokal at redhat.com>
+* Wed Sep 08 2004 Jan Kratochvil <project-vsftpd at jankratochvil.net>
+- update for 2.0.1 for SSL
+
+* Fri Aug 27 2004 Radek Vokal <rvokal at redhat.com> 2.0.1-2
  - vsftpd.conf file changed, default IPv6 support

-* Fri Aug 20 2004 Radek Vokal <rvokal at redhat.com>
+* Fri Aug 20 2004 Radek Vokal <rvokal at redhat.com> 2.0.1-1
  - tcp_wrapper patch updated, signal patch updated
  - upgrade to 2.0.1, fixes several bugs, RHEL and FC builds




