Ubuntu
vsftpd package

Merge lp:~lucyllewy/ubuntu/raring/vsftpd/bug-1160372 into lp:ubuntu/raring/vsftpd

  1. Raring (13.04)
  2. bug-1160372
  3. Merge into raring
Proposed by Lucy Llewellyn
Status: Merged
Merge reported by: Stéphane Graber
Merged at revision: not available
Proposed branch: lp:~lucyllewy/ubuntu/raring/vsftpd/bug-1160372
Merge into: lp:ubuntu/raring/vsftpd
Diff against target: 64 lines (+44/-0)
3 files modified
debian/changelog (+8/-0)
debian/patches/13-disable-clone-newpid.patch (+35/-0)
debian/patches/series (+1/-0)
To merge this branch: bzr merge lp:~lucyllewy/ubuntu/raring/vsftpd/bug-1160372
Reviewer Review Type Date Requested Status
Sebastien Bacher Approve
Ubuntu branches Pending
Review via email: mp+162980@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Sebastien Bacher (seb128) wrote :

Thank you for your work, I've reformated slightly the change (updated the version number, set the release, listed the patch name and change the url to the bugzilla which is shorter to read and cause no extra wrapping) and uploaded to saucy and raring

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2012-12-18 19:59:37 +0000
3+++ debian/changelog 2013-05-08 13:47:27 +0000
4@@ -1,3 +1,11 @@
5+vsftpd (3.0.2-1ubuntu1) UNRELEASED; urgency=low
6+
7+ * patch to remove CLONE_NEWPID syscall
8+ see: https://build.opensuse.org/package/view_file?file=vsftpd-drop-newpid-from-clone.patch&package=vsftpd&project=openSUSE%3AFactory&rev=3ed24d12e1827ea673331e213ab3d477
9+ Fixes LP: #1160372
10+
11+ -- Daniel Llewellyn (Bang Communications) <dan@bang-on.net> Wed, 08 May 2013 14:08:53 +0100
12+
13 vsftpd (3.0.2-1ubuntu1) raring; urgency=low
14
15 * Merge from debian unstable (LP: #1092076), remaining changes:
16
17=== added file 'debian/patches/13-disable-clone-newpid.patch'
18--- debian/patches/13-disable-clone-newpid.patch 1970-01-01 00:00:00 +0000
19+++ debian/patches/13-disable-clone-newpid.patch 2013-05-08 13:47:27 +0000
20@@ -0,0 +1,35 @@
21+From: Michal Vyskocil <mvyskocil@suse.cz>
22+Subject: Drop CLONE_NEWPID from clone call
23+
24+Kernel autid system prohibits the processes created with CLONE_NEWPID, so an
25+attempt to log into ftp server ends with
26+
27+audit_log_acct_message() failed: Operation not permitted
28+
29+https://bugzilla.novell.com/show_bug.cgi?id=786024#c38
30+
31+identified-by: Tony Jones <tonyj@suse.com>
32+fixes: bnc#786024
33+
34+Index: vsftpd-3.0.2/sysdeputil.c
35+===================================================================
36+--- vsftpd-3.0.2.orig/sysdeputil.c
37++++ vsftpd-3.0.2/sysdeputil.c
38+@@ -1272,7 +1272,7 @@ vsf_sysutil_fork_isolate_all_failok()
39+ if (cloneflags_work)
40+ {
41+ int ret = syscall(__NR_clone,
42+- CLONE_NEWPID | CLONE_NEWIPC | CLONE_NEWNET | SIGCHLD,
43++ CLONE_NEWIPC | CLONE_NEWNET | SIGCHLD,
44+ NULL);
45+ if (ret != -1 || (errno != EINVAL && errno != EPERM))
46+ {
47+@@ -1295,7 +1295,7 @@ vsf_sysutil_fork_isolate_failok()
48+ static int cloneflags_work = 1;
49+ if (cloneflags_work)
50+ {
51+- int ret = syscall(__NR_clone, CLONE_NEWPID | CLONE_NEWIPC | SIGCHLD, NULL);
52++ int ret = syscall(__NR_clone, CLONE_NEWIPC | SIGCHLD, NULL);
53+ if (ret != -1 || (errno != EINVAL && errno != EPERM))
54+ {
55+ if (ret == 0)
56
57=== modified file 'debian/patches/series'
58--- debian/patches/series 2012-12-18 19:59:37 +0000
59+++ debian/patches/series 2013-05-08 13:47:27 +0000
60@@ -12,3 +12,4 @@
61 12-buildflags.patch
62 09-disable-anonymous.patch
63 12-ubuntu-use-snakeoil-ssl.patch
64+13-disable-clone-newpid.patch

Subscribers

People subscribed via source and target branches