!11 [sync] PR-10: Support build with clang

From: @openeuler-sync-bot 
Reviewed-by: @sunsuwan 
Signed-off-by: @sunsuwan

0001-Fix-timestamp-handling-in-MDTM.patch

@@ -0,0 +1,151 @@
+From 6a4dc470e569df38b8a7ea09ee6aace3c73b7353 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek@redhat.com>
+Date: Wed, 28 Mar 2018 09:06:34 +0200
+Subject: [PATCH 1/2] Fix timestamp handling in MDTM
+
+There were two problems with the timestamp handling with MDTM:
+
+1. In vsf_sysutil_parse_time(), the `the_time.tm_isdst` attribute was
+   always set to 0, regardless of whether DST (daylight saving time)
+   is active on the given date or not.
+
+   This made glibc shift the timestamp when DST was in fact active on
+   the given date, in an attempt to correct the discrepancy between
+   the given timestamp and the `tm_isdst` attribute. The shifting
+   produced incorrect results however.
+
+   We fix this by setting `tm_isdst` to -1 to let glibc decide if DST
+   is active or not at the time of the timestamp. glibc won't touch
+   the timestamp then.
+
+2. vsftpd used to record the offset from UTC of the current timezone
+   in the global variable `s_timezone`. This variable was then
+   subtracted from the variable `the_time` in vsf_sysutil_setmodtime()
+   when the config option use_localtime=NO was set. This was done to
+   compensate for the fact that mktime(), used in
+   vsf_sysutil_parse_time(), expects a timestamp expressed as local
+   time, whereas vsftpd is dealing with universal time.
+
+   However, this did not work in the case when the offset stored in
+   `s_timezone` did not match the timezone of the timestamp given to
+   mktime() - this happens when DST is active at the current time, but
+   DST is not active at the time of the timestamp, or vice versa.
+
+   We fix this by subtracting the real timezone offset directly in
+   vsf_sysutil_parse_time().
+
+   Note that the `tm_gmtoff` attribute, used in this fix, is a
+   BSD/glic extension. However, using `tm_gmtoff` seems like the
+   simplest solution and we need to make this work only with glibc
+   anyway.
+
+The fix was tested in the following way. We checked that the timestamp
+given to the MDTM command when setting modification time exactly
+matches the timestamp received as response from MDTM when reading back
+the modification time. Additionally, we checked that the modification
+time was set correctly on the given file on disk.
+
+These two checks were performed under various conditions - all the
+combinations of DST/non-DST system time, DST/non-DST modification
+time, use_localtime=YES/NO.
+
+Note that (I think) this will still not work if the rules for when DST
+is active change. For example, if DST is ever completely cancelled in
+the Europe/Prague timezone, and vsftpd is dealing with a timestamp
+from a time when DST was active, it will produce incorrect results. I
+think we would need the full zone file to fix this, but the zone file
+is hard to provide when we're chroot-ed.
+
+Resolves: rhbz#1567855
+---
+ postlogin.c |  5 +++--
+ sysutil.c   | 17 ++++++++++-------
+ sysutil.h   |  4 ++--
+ 3 files changed, 15 insertions(+), 11 deletions(-)
+
+diff --git a/postlogin.c b/postlogin.c
+index 7c749ef..8a3d9d2 100644
+--- a/postlogin.c
++++ b/postlogin.c
+@@ -1788,7 +1788,8 @@ handle_mdtm(struct vsf_session* p_sess)
+   if (do_write != 0)
+   {
+     str_split_char(&p_sess->ftp_arg_str, &s_filename_str, ' ');
+-    modtime = vsf_sysutil_parse_time(str_getbuf(&p_sess->ftp_arg_str));
++    modtime = vsf_sysutil_parse_time(
++      str_getbuf(&p_sess->ftp_arg_str), tunable_use_localtime);
+     str_copy(&p_sess->ftp_arg_str, &s_filename_str);
+   }
+   resolve_tilde(&p_sess->ftp_arg_str, p_sess);
+@@ -1809,7 +1810,7 @@ handle_mdtm(struct vsf_session* p_sess)
+     else
+     {
+       retval = vsf_sysutil_setmodtime(
+-        str_getbuf(&p_sess->ftp_arg_str), modtime, tunable_use_localtime);
++        str_getbuf(&p_sess->ftp_arg_str), modtime);
+       if (retval != 0)
+       {
+         vsf_cmdio_write(p_sess, FTP_FILEFAIL,
+diff --git a/sysutil.c b/sysutil.c
+index e847650..66d4c5e 100644
+--- a/sysutil.c
++++ b/sysutil.c
+@@ -2819,11 +2819,13 @@ vsf_sysutil_syslog(const char* p_text, int severe)
+ }
+ 
+ long
+-vsf_sysutil_parse_time(const char* p_text)
++vsf_sysutil_parse_time(const char* p_text, int is_localtime)
+ {
++  long res;
+   struct tm the_time;
+   unsigned int len = vsf_sysutil_strlen(p_text);
+   vsf_sysutil_memclr(&the_time, sizeof(the_time));
++  the_time.tm_isdst = -1;
+   if (len >= 8)
+   {
+     char yr[5];
+@@ -2848,17 +2850,18 @@ vsf_sysutil_parse_time(const char* p_text)
+     the_time.tm_min = vsf_sysutil_atoi(mins);
+     the_time.tm_sec = vsf_sysutil_atoi(sec);
+   }
+-  return mktime(&the_time);
++  res = mktime(&the_time);
++  if (!is_localtime)
++  {
++    res += the_time.tm_gmtoff;
++  }
++  return res;
+ }
+ 
+ int
+-vsf_sysutil_setmodtime(const char* p_file, long the_time, int is_localtime)
++vsf_sysutil_setmodtime(const char* p_file, long the_time)
+ {
+   struct utimbuf new_times;
+-  if (!is_localtime)
+-  {
+-    the_time -= s_timezone;
+-  }
+   vsf_sysutil_memclr(&new_times, sizeof(new_times));
+   new_times.actime = the_time;
+   new_times.modtime = the_time;
+diff --git a/sysutil.h b/sysutil.h
+index 7a59f13..b90f6ca 100644
+--- a/sysutil.h
++++ b/sysutil.h
+@@ -349,9 +349,9 @@ void vsf_sysutil_chroot(const char* p_root_path);
+  */
+ long vsf_sysutil_get_time_sec(void);
+ long vsf_sysutil_get_time_usec(void);
+-long vsf_sysutil_parse_time(const char* p_text);
++long vsf_sysutil_parse_time(const char* p_text, int is_localtime);
+ void vsf_sysutil_sleep(double seconds);
+-int vsf_sysutil_setmodtime(const char* p_file, long the_time, int is_localtime);
++int vsf_sysutil_setmodtime(const char* p_file, long the_time);
+ 
+ /* Limits */
+ void vsf_sysutil_set_address_space_limit(unsigned long bytes);
+-- 
+2.24.1
+

0001-Move-closing-standard-FDs-after-listen.patch

@@ -0,0 +1,46 @@
+From 40fea4552377504ce69935149e64e39a595f4600 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek@redhat.com>
+Date: Sat, 3 Aug 2019 17:50:14 +0200
+Subject: [PATCH 1/2] Move closing standard FDs after listen()
+
+The vsf_sysutil_close() calls need to be moved a bit further so that
+die() works properly in case listen() fails.
+
+I see no reason the calls should be placed before listen()
+specifically, as they are now. My guess is that the author who added
+the calls thought that listen() is a blocking call, which is not the
+case. The only thing we need to satisfy is that close() is called
+before accept, because that is a blocking call. That's all that is
+needed to fix the bug that was fixed by adding the close() calls.
+
+Resolves: rhbz#1666380
+---
+ standalone.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/standalone.c b/standalone.c
+index 3f35e9e..b358ca1 100644
+--- a/standalone.c
++++ b/standalone.c
+@@ -152,15 +152,15 @@ vsf_standalone_main(void)
+       vsf_sysutil_kill(vsf_sysutil_getppid(), kVSFSysUtilSigUSR1);
+     }
+   }
+-  vsf_sysutil_close(0);
+-  vsf_sysutil_close(1);
+-  vsf_sysutil_close(2);
+   retval = vsf_sysutil_listen(listen_sock, VSFTP_LISTEN_BACKLOG);
+   if (vsf_sysutil_retval_is_error(retval))
+   {
+     die("could not listen");
+   }
+   vsf_sysutil_sockaddr_alloc(&p_accept_addr);
++  vsf_sysutil_close(0);
++  vsf_sysutil_close(1);
++  vsf_sysutil_close(2);
+   while (1)
+   {
+     struct vsf_client_launch child_info;
+-- 
+2.20.1
+

0001-Remove-a-hint-about-the-ftp_home_dir-SELinux-boolean.patch

@@ -0,0 +1,25 @@
+From ab797dcffc855b05c9e7c8db4e5be2fc7510831b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek@redhat.com>
+Date: Tue, 17 Mar 2020 12:57:36 +0100
+Subject: [PATCH] Remove a hint about the ftp_home_dir SELinux boolean
+
+The boolean has been removed from SELinux.
+---
+ vsftpd.conf | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/vsftpd.conf b/vsftpd.conf
+index 6b8eebb..ea20a72 100644
+--- a/vsftpd.conf
++++ b/vsftpd.conf
+@@ -12,7 +12,6 @@
+ anonymous_enable=NO
+ #
+ # Uncomment this to allow local users to log in.
+-# When SELinux is enforcing check for SE bool ftp_home_dir
+ local_enable=YES
+ #
+ # Uncomment this to enable any form of FTP write command.
+-- 
+2.25.1
+

0001-Repeat-pututxline-until-it-succeeds-if-it-fails-with.patch

@@ -0,0 +1,108 @@
+From 7957425ef5ab365fc96ea0615f99705581c6dbd8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek@redhat.com>
+Date: Mon, 12 Aug 2019 18:15:36 +0200
+Subject: [PATCH] Repeat pututxline() until it succeeds if it fails with EINTR
+
+Since the pututxline() bug rhbz#1749439 is now fixed in glibc in
+Fedora and RHEL-8, we can implement a complete solution for the stale
+utmp entries issue originally reported as rhbz#1688848.
+
+This patch is a followup to commit 896b3694ca062d7.
+
+Resolves: rhbz#1688852
+Resolves: rhbz#1737433
+---
+ sysdeputil.c | 53 +++++++++++++---------------------------------------
+ 1 file changed, 13 insertions(+), 40 deletions(-)
+
+diff --git a/sysdeputil.c b/sysdeputil.c
+index 4fbcca7..75be680 100644
+--- a/sysdeputil.c
++++ b/sysdeputil.c
+@@ -1203,7 +1203,7 @@ void
+ vsf_insert_uwtmp(const struct mystr* p_user_str,
+                  const struct mystr* p_host_str)
+ {
+-  int attempts;
++  struct utmpx* p_res;
+ 
+   if (sizeof(s_utent.ut_line) < 16)
+   {
+@@ -1233,34 +1233,21 @@ vsf_insert_uwtmp(const struct mystr* p_user_str,
+   vsf_sysutil_strcpy(s_utent.ut_host, str_getbuf(p_host_str),
+                      sizeof(s_utent.ut_host));
+   s_utent.ut_tv.tv_sec = vsf_sysutil_get_time_sec();
+-  for (attempts = 2; attempts > 0; --attempts)
++  setutxent();
++  do
+   {
+-    struct utmpx* p_res;
+-    setutxent();
+     p_res = pututxline(&s_utent);
+     /* For now we'll ignore errors other than EINTR and EAGAIN */
+-    if (p_res != NULL || (errno != EINTR && errno != EAGAIN))
+-    {
+-      break;
+-    }
+-  }
+-  if (attempts == 0)
+-  {
+-    /* This makes us skip pututxline() in vsf_remove_uwtmp() */
+-    s_uwtmp_inserted = -1;
+-  }
+-  else
+-  {
+-    s_uwtmp_inserted = 1;
+-    endutxent();
+-  }
++  } while (p_res == NULL && (errno == EINTR || errno == EAGAIN));
++  s_uwtmp_inserted = 1;
++  endutxent();
+   updwtmpx(WTMPX_FILE, &s_utent);
+ }
+ 
+ void
+ vsf_remove_uwtmp(void)
+ {
+-  int attempts;
++  struct utmpx* p_res;
+ 
+   if (!s_uwtmp_inserted)
+   {
+@@ -1270,27 +1257,13 @@ vsf_remove_uwtmp(void)
+   vsf_sysutil_memclr(s_utent.ut_user, sizeof(s_utent.ut_user));
+   vsf_sysutil_memclr(s_utent.ut_host, sizeof(s_utent.ut_host));
+   s_utent.ut_tv.tv_sec = 0;
+-  if (s_uwtmp_inserted == 1)
++  setutxent();
++  do
+   {
+-    for (attempts = 2; attempts > 0; --attempts)
+-    {
+-      struct utmpx* p_res;
+-      setutxent();
+-      p_res = pututxline(&s_utent);
+-      /* For now we'll ignore errors other than EINTR and EAGAIN */
+-      if (p_res != NULL || (errno != EINTR && errno != EAGAIN))
+-      {
+-        break;
+-      }
+-    }
+-    if (attempts != 0)
+-    {
+-      endutxent();
+-    }
+-  }
+-  /* Set s_uwtmp_inserted to 0 regardless of the result of
+-   * pututxline() to make sure we won't run this function twice.
+-   */
++    p_res = pututxline(&s_utent);
++    /* For now we'll ignore errors other than EINTR and EAGAIN */
++  } while (p_res == NULL && (errno == EINTR || errno == EAGAIN));
++  endutxent();
+   s_uwtmp_inserted = 0;
+   s_utent.ut_tv.tv_sec = vsf_sysutil_get_time_sec();
+   updwtmpx(WTMPX_FILE, &s_utent);
+-- 
+2.20.1
+

0001-Set-s_uwtmp_inserted-only-after-record-insertion-rem.patch

@@ -0,0 +1,53 @@
+From 96698a525784ad91cb27b572dd5f871c183fdfa5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek@redhat.com>
+Date: Sun, 28 Jul 2019 12:25:35 +0200
+Subject: [PATCH 1/2] Set s_uwtmp_inserted only after record insertion/removal
+
+pututxline() is the function that actually inserts the new record, so
+setting 's_uwtmp_inserted' before calling pututxline() doesn't make
+sense.
+
+We'll need this change for other fixes.
+---
+ sysdeputil.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/sysdeputil.c b/sysdeputil.c
+index 4fe56c2..bd1e8c9 100644
+--- a/sysdeputil.c
++++ b/sysdeputil.c
+@@ -1224,7 +1224,6 @@ vsf_insert_uwtmp(const struct mystr* p_user_str,
+                        sizeof(s_utent.ut_line));
+     str_free(&line_str);
+   }
+-  s_uwtmp_inserted = 1;
+   s_utent.ut_type = USER_PROCESS;
+   s_utent.ut_pid = vsf_sysutil_getpid();
+   vsf_sysutil_strcpy(s_utent.ut_user, str_getbuf(p_user_str),
+@@ -1235,6 +1234,7 @@ vsf_insert_uwtmp(const struct mystr* p_user_str,
+   setutxent();
+   (void) pututxline(&s_utent);
+   endutxent();
++  s_uwtmp_inserted = 1;
+   updwtmpx(WTMPX_FILE, &s_utent);
+ }
+ 
+@@ -1245,7 +1245,6 @@ vsf_remove_uwtmp(void)
+   {
+     return;
+   }
+-  s_uwtmp_inserted = 0;
+   s_utent.ut_type = DEAD_PROCESS;
+   vsf_sysutil_memclr(s_utent.ut_user, sizeof(s_utent.ut_user));
+   vsf_sysutil_memclr(s_utent.ut_host, sizeof(s_utent.ut_host));
+@@ -1253,6 +1252,7 @@ vsf_remove_uwtmp(void)
+   setutxent();
+   (void) pututxline(&s_utent);
+   endutxent();
++  s_uwtmp_inserted = 0;
+   s_utent.ut_tv.tv_sec = vsf_sysutil_get_time_sec();
+   updwtmpx(WTMPX_FILE, &s_utent);
+ }
+-- 
+2.20.1
+

0002-Drop-an-unused-global-variable.patch

@@ -0,0 +1,56 @@
+From d0045e35674d64d166d17c3c079ae03e8c2e6361 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek@redhat.com>
+Date: Thu, 13 Feb 2020 17:29:06 +0100
+Subject: [PATCH 2/2] Drop an unused global variable
+
+The global variable `s_timezone` is not used anymore, so we can drop
+it.
+---
+ sysutil.c | 17 +++--------------
+ 1 file changed, 3 insertions(+), 14 deletions(-)
+
+diff --git a/sysutil.c b/sysutil.c
+index 66d4c5e..0ccf551 100644
+--- a/sysutil.c
++++ b/sysutil.c
+@@ -72,8 +72,6 @@ static struct timeval s_current_time;
+ static int s_current_pid = -1;
+ /* Exit function */
+ static exitfunc_t s_exit_func;
+-/* Difference in timezone from GMT in seconds */
+-static long s_timezone;
+ 
+ /* Our internal signal handling implementation details */
+ static struct vsf_sysutil_sig_details
+@@ -2661,7 +2659,6 @@ char* vsf_sysutil_get_tz()
+ void
+ vsf_sysutil_tzset(void)
+ {
+-  int retval;
+   char *tz=NULL, tzbuf[sizeof("+HHMM!")];
+   time_t the_time = time(NULL);
+   struct tm* p_tm;
+@@ -2681,17 +2678,9 @@ vsf_sysutil_tzset(void)
+   {
+     die("localtime");
+   }
+-  retval = strftime(tzbuf, sizeof(tzbuf), "%z", p_tm);
+-  tzbuf[sizeof(tzbuf) - 1] = '\0';
+-  if (retval == 5)
+-  {
+-    s_timezone = ((tzbuf[1] - '0') * 10 + (tzbuf[2] - '0')) * 60 * 60;
+-    s_timezone += ((tzbuf[3] - '0') * 10 + (tzbuf[4] - '0')) * 60;
+-    if (tzbuf[0] == '+')
+-    {
+-      s_timezone *= -1;
+-    }
+-  }
++  /* Not sure if the following call to strftime() has any desired side
++     effects, so I'm keeping it to be safe. */
++  (void) strftime(tzbuf, sizeof(tzbuf), "%z", p_tm);
+   /* Call in to the time subsystem again now that TZ is set, trying to force
+    * caching of the actual zoneinfo for the timezone.
+    */
+-- 
+2.24.1
+

0002-Prevent-recursion-in-bug.patch

@@ -0,0 +1,107 @@
+From e679a3ce0f2cf1558da31e0bccd9e2398b89c7e9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek@redhat.com>
+Date: Tue, 30 Jul 2019 16:07:01 +0200
+Subject: [PATCH 2/2] Prevent recursion in bug()
+
+Resolves: rhbz#1666380
+---
+ sysutil.c | 35 +++++++++++++++++++++++++++++++----
+ sysutil.h |  1 +
+ utility.c | 12 +++++++-----
+ 3 files changed, 39 insertions(+), 9 deletions(-)
+
+diff --git a/sysutil.c b/sysutil.c
+index fd07d99..e2df671 100644
+--- a/sysutil.c
++++ b/sysutil.c
+@@ -774,21 +774,48 @@ vsf_sysutil_deactivate_linger_failok(int fd)
+   (void) setsockopt(fd, SOL_SOCKET, SO_LINGER, &the_linger, sizeof(the_linger));
+ }
+ 
+-void
+-vsf_sysutil_activate_noblock(int fd)
++static int
++vsf_sysutil_activate_noblock_internal(int fd, int return_err)
+ {
+   int retval;
+   int curr_flags = fcntl(fd, F_GETFL);
+   if (vsf_sysutil_retval_is_error(curr_flags))
+   {
+-    die("fcntl");
++    if (return_err)
++    {
++      return -1;
++    }
++    else
++    {
++      die("fcntl");
++    }
+   }
+   curr_flags |= O_NONBLOCK;
+   retval = fcntl(fd, F_SETFL, curr_flags);
+   if (retval != 0)
+   {
+-    die("fcntl");
++    if (return_err)
++    {
++      return -1;
++    }
++    else
++    {
++      die("fcntl");
++    }
+   }
++  return 0;
++}
++
++void
++vsf_sysutil_activate_noblock(int fd)
++{
++  (void) vsf_sysutil_activate_noblock_internal(fd, 0);
++}
++
++int
++vsf_sysutil_activate_noblock_no_die(int fd)
++{
++  return vsf_sysutil_activate_noblock_internal(fd, 1);
+ }
+ 
+ void
+diff --git a/sysutil.h b/sysutil.h
+index 2df14ed..0772423 100644
+--- a/sysutil.h
++++ b/sysutil.h
+@@ -281,6 +281,7 @@ void vsf_sysutil_activate_oobinline(int fd);
+ void vsf_sysutil_activate_linger(int fd);
+ void vsf_sysutil_deactivate_linger_failok(int fd);
+ void vsf_sysutil_activate_noblock(int fd);
++int vsf_sysutil_activate_noblock_no_die(int fd);
+ void vsf_sysutil_deactivate_noblock(int fd);
+ /* This does SHUT_RDWR */
+ void vsf_sysutil_shutdown_failok(int fd);
+diff --git a/utility.c b/utility.c
+index 75e5bdd..5619a04 100644
+--- a/utility.c
++++ b/utility.c
+@@ -47,11 +47,13 @@ bug(const char* p_text)
+   {
+     vsf_log_die(p_text);
+   }
+-  vsf_sysutil_activate_noblock(VSFTP_COMMAND_FD);
+-  (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, "500 OOPS: ", 10);
+-  (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, p_text,
+-                                vsf_sysutil_strlen(p_text));
+-  (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, "\r\n", 2);
++  if (vsf_sysutil_activate_noblock_no_die(VSFTP_COMMAND_FD) == 0)
++  {
++    (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, "500 OOPS: ", 10);
++    (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, p_text,
++				  vsf_sysutil_strlen(p_text));
++    (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, "\r\n", 2);
++  }
+   if (tunable_log_die)
+   {
+     /* Workaround for https://github.com/systemd/systemd/issues/2913 */
+-- 
+2.20.1
+

0002-Repeat-pututxline-if-it-fails-with-EINTR.patch

@@ -0,0 +1,105 @@
+From 896b3694ca062d747cd67e9e9ba246adb3fc706b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek@redhat.com>
+Date: Mon, 5 Aug 2019 13:55:37 +0200
+Subject: [PATCH 2/2] Repeat pututxline() if it fails with EINTR
+
+This is a partial fix for rhbz#1688848. We cannot resolve it
+completely until glibc bug rhbz#1734791 is fixed. See
+https://bugzilla.redhat.com/show_bug.cgi?id=1688848#c13.
+
+The maximum number of attempts is currently 2, which might seem
+low. However setting it to 2 was a decision based on data - see
+https://bugzilla.redhat.com/show_bug.cgi?id=1688848#c16.
+
+Resolves: rhbz#1688848
+---
+ sysdeputil.c | 53 +++++++++++++++++++++++++++++++++++++++++++++-------
+ 1 file changed, 46 insertions(+), 7 deletions(-)
+
+diff --git a/sysdeputil.c b/sysdeputil.c
+index bd1e8c9..4fbcca7 100644
+--- a/sysdeputil.c
++++ b/sysdeputil.c
+@@ -1203,6 +1203,8 @@ void
+ vsf_insert_uwtmp(const struct mystr* p_user_str,
+                  const struct mystr* p_host_str)
+ {
++  int attempts;
++
+   if (sizeof(s_utent.ut_line) < 16)
+   {
+     return;
+@@ -1231,16 +1233,35 @@ vsf_insert_uwtmp(const struct mystr* p_user_str,
+   vsf_sysutil_strcpy(s_utent.ut_host, str_getbuf(p_host_str),
+                      sizeof(s_utent.ut_host));
+   s_utent.ut_tv.tv_sec = vsf_sysutil_get_time_sec();
+-  setutxent();
+-  (void) pututxline(&s_utent);
+-  endutxent();
+-  s_uwtmp_inserted = 1;
++  for (attempts = 2; attempts > 0; --attempts)
++  {
++    struct utmpx* p_res;
++    setutxent();
++    p_res = pututxline(&s_utent);
++    /* For now we'll ignore errors other than EINTR and EAGAIN */
++    if (p_res != NULL || (errno != EINTR && errno != EAGAIN))
++    {
++      break;
++    }
++  }
++  if (attempts == 0)
++  {
++    /* This makes us skip pututxline() in vsf_remove_uwtmp() */
++    s_uwtmp_inserted = -1;
++  }
++  else
++  {
++    s_uwtmp_inserted = 1;
++    endutxent();
++  }
+   updwtmpx(WTMPX_FILE, &s_utent);
+ }
+ 
+ void
+ vsf_remove_uwtmp(void)
+ {
++  int attempts;
++
+   if (!s_uwtmp_inserted)
+   {
+     return;
+@@ -1249,9 +1270,27 @@ vsf_remove_uwtmp(void)
+   vsf_sysutil_memclr(s_utent.ut_user, sizeof(s_utent.ut_user));
+   vsf_sysutil_memclr(s_utent.ut_host, sizeof(s_utent.ut_host));
+   s_utent.ut_tv.tv_sec = 0;
+-  setutxent();
+-  (void) pututxline(&s_utent);
+-  endutxent();
++  if (s_uwtmp_inserted == 1)
++  {
++    for (attempts = 2; attempts > 0; --attempts)
++    {
++      struct utmpx* p_res;
++      setutxent();
++      p_res = pututxline(&s_utent);
++      /* For now we'll ignore errors other than EINTR and EAGAIN */
++      if (p_res != NULL || (errno != EINTR && errno != EAGAIN))
++      {
++        break;
++      }
++    }
++    if (attempts != 0)
++    {
++      endutxent();
++    }
++  }
++  /* Set s_uwtmp_inserted to 0 regardless of the result of
++   * pututxline() to make sure we won't run this function twice.
++   */
+   s_uwtmp_inserted = 0;
+   s_utent.ut_tv.tv_sec = vsf_sysutil_get_time_sec();
+   updwtmpx(WTMPX_FILE, &s_utent);
+-- 
+2.20.1
+

0021-Introduce-support-for-DHE-based-cipher-suites.patch

@@ -41,9 +41,9 @@ index c362983..22b69b3 100644
    BIO* p_bio, int oper, const char* p_arg, int argi, long argl, long retval);
  static int ssl_verify_callback(int verify_ok, X509_STORE_CTX* p_ctx);
 +static DH *ssl_tmp_dh_callback(SSL *ssl, int is_export, int keylength);
- static int ssl_cert_digest(
-   SSL* p_ssl, struct vsf_session* p_sess, struct mystr* p_str);
- static void maybe_log_shutdown_state(struct vsf_session* p_sess);
+ static int ssl_alpn_callback(SSL* p_ssl,
+                              const unsigned char** p_out,
+                              unsigned char* outlen,
 @@ -51,6 +54,60 @@ static int ssl_read_common(struct vsf_session* p_sess,
  static int ssl_inited;
  static struct mystr debug_str;
@@ -147,11 +147,11 @@ index c362983..22b69b3 100644
 +    
 +    SSL_CTX_set_tmp_dh_callback(p_ctx, ssl_tmp_dh_callback);
 +
-     p_sess->p_ssl_ctx = p_ctx;
-     ssl_inited = 1;
-   }
+     /* Set up ALPN to check for FTP protocol intention of client. */
+     SSL_CTX_set_alpn_select_cb(p_ctx, ssl_alpn_callback, p_sess);
+     /* Set up SNI callback for an optional hostname check. */
 @@ -702,6 +781,18 @@ ssl_verify_callback(int verify_ok, X509_STORE_CTX* p_ctx)
-   return 1;
+   }
  }
  
 +#define UNUSED(x) ( (void)(x) )

0022-Introduce-support-for-EDDHE-based-cipher-suites.patch

@@ -75,9 +75,9 @@ index 22b69b3..96bf8ad 100644
 +#endif
 +    }
 +
-     p_sess->p_ssl_ctx = p_ctx;
-     ssl_inited = 1;
-   }
+     /* Set up ALPN to check for FTP protocol intention of client. */
+     SSL_CTX_set_alpn_select_cb(p_ctx, ssl_alpn_callback, p_sess);
+     /* Set up SNI callback for an optional hostname check. */
 diff --git a/tunables.c b/tunables.c
 index 1ea7227..93f85b1 100644
 --- a/tunables.c

0025-Improve-local_max_rate-option.patch

@@ -62,7 +62,7 @@ index eaba265..f1e2f69 100644
 +++ b/main.c
 @@ -40,7 +40,7 @@ main(int argc, const char* argv[])
      /* Control connection */
-     0, 0, 0, 0, 0,
+     0, 0, 0, 0, 0, 0,
      /* Data connection */
 -    -1, 0, -1, 0, 0, 0, 0,
 +    -1, 0, -1, 0, 0, 0, 0, 0,

0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch

@@ -1,153 +0,0 @@
-From 01bef55a1987700af3d43cdc5f5be88d3843ab85 Mon Sep 17 00:00:00 2001
-From: Martin Sehnoutka <msehnout@redhat.com>
-Date: Thu, 17 Nov 2016 13:36:17 +0100
-Subject: [PATCH 33/59] Introduce TLSv1.1 and TLSv1.2 options.
-
-Users can now enable a specific version of TLS protocol.
----
- parseconf.c   |  2 ++
- ssl.c         |  8 ++++++++
- tunables.c    |  9 +++++++--
- tunables.h    |  2 ++
- vsftpd.conf.5 | 24 ++++++++++++++++++++----
- 5 files changed, 39 insertions(+), 6 deletions(-)
-
-diff --git a/parseconf.c b/parseconf.c
-index a2c715b..33a1349 100644
---- a/parseconf.c
-+++ b/parseconf.c
-@@ -85,6 +85,8 @@ parseconf_bool_array[] =
-   { "ssl_sslv2", &tunable_sslv2 },
-   { "ssl_sslv3", &tunable_sslv3 },
-   { "ssl_tlsv1", &tunable_tlsv1 },
-+  { "ssl_tlsv1_1", &tunable_tlsv1_1 },
-+  { "ssl_tlsv1_2", &tunable_tlsv1_2 },
-   { "tilde_user_enable", &tunable_tilde_user_enable },
-   { "force_anon_logins_ssl", &tunable_force_anon_logins_ssl },
-   { "force_anon_data_ssl", &tunable_force_anon_data_ssl },
-diff --git a/ssl.c b/ssl.c
-index 96bf8ad..ba8a613 100644
---- a/ssl.c
-+++ b/ssl.c
-@@ -135,6 +135,14 @@ ssl_init(struct vsf_session* p_sess)
-     {
-       options |= SSL_OP_NO_TLSv1;
-     }
-+    if (!tunable_tlsv1_1)
-+    {
-+      options |= SSL_OP_NO_TLSv1_1;
-+    }
-+    if (!tunable_tlsv1_2)
-+    {
-+      options |= SSL_OP_NO_TLSv1_2;
-+    }
-     SSL_CTX_set_options(p_ctx, options);
-     if (tunable_rsa_cert_file)
-     {
-diff --git a/tunables.c b/tunables.c
-index 93f85b1..78f2bcd 100644
---- a/tunables.c
-+++ b/tunables.c
-@@ -66,6 +66,8 @@ int tunable_force_local_data_ssl;
- int tunable_sslv2;
- int tunable_sslv3;
- int tunable_tlsv1;
-+int tunable_tlsv1_1;
-+int tunable_tlsv1_2;
- int tunable_tilde_user_enable;
- int tunable_force_anon_logins_ssl;
- int tunable_force_anon_data_ssl;
-@@ -209,7 +211,10 @@ tunables_load_defaults()
-   tunable_force_local_data_ssl = 1;
-   tunable_sslv2 = 0;
-   tunable_sslv3 = 0;
-+  /* TLSv1 up to TLSv1.2 is enabled by default */
-   tunable_tlsv1 = 1;
-+  tunable_tlsv1_1 = 1;
-+  tunable_tlsv1_2 = 1;
-   tunable_tilde_user_enable = 0;
-   tunable_force_anon_logins_ssl = 0;
-   tunable_force_anon_data_ssl = 0;
-@@ -292,8 +297,8 @@ tunables_load_defaults()
-   install_str_setting(0, &tunable_dsa_cert_file);
-   install_str_setting(0, &tunable_dh_param_file);
-   install_str_setting(0, &tunable_ecdh_param_file);
--  install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA",
--                      &tunable_ssl_ciphers);
-+  install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384",
-+          &tunable_ssl_ciphers);
-   install_str_setting(0, &tunable_rsa_private_key_file);
-   install_str_setting(0, &tunable_dsa_private_key_file);
-   install_str_setting(0, &tunable_ca_certs_file);
-diff --git a/tunables.h b/tunables.h
-index 3e2d40c..a466427 100644
---- a/tunables.h
-+++ b/tunables.h
-@@ -67,6 +67,8 @@ extern int tunable_force_local_data_ssl;      /* Require local data uses SSL */
- extern int tunable_sslv2;                     /* Allow SSLv2 */
- extern int tunable_sslv3;                     /* Allow SSLv3 */
- extern int tunable_tlsv1;                     /* Allow TLSv1 */
-+extern int tunable_tlsv1_1;                   /* Allow TLSv1.1 */
-+extern int tunable_tlsv1_2;                   /* Allow TLSv1.2 */
- extern int tunable_tilde_user_enable;         /* Support e.g. ~chris */
- extern int tunable_force_anon_logins_ssl;     /* Require anon logins use SSL */
- extern int tunable_force_anon_data_ssl;       /* Require anon data uses SSL */
-diff --git a/vsftpd.conf.5 b/vsftpd.conf.5
-index cf1ae34..a3d569e 100644
---- a/vsftpd.conf.5
-+++ b/vsftpd.conf.5
-@@ -506,7 +506,7 @@ Default: YES
- Only applies if
- .BR ssl_enable
- is activated. If enabled, this option will permit SSL v2 protocol connections.
--TLS v1 connections are preferred.
-+TLS v1.2 connections are preferred.
- 
- Default: NO
- .TP
-@@ -514,7 +514,7 @@ Default: NO
- Only applies if
- .BR ssl_enable
- is activated. If enabled, this option will permit SSL v3 protocol connections.
--TLS v1 connections are preferred.
-+TLS v1.2 connections are preferred.
- 
- Default: NO
- .TP
-@@ -522,7 +522,23 @@ Default: NO
- Only applies if
- .BR ssl_enable
- is activated. If enabled, this option will permit TLS v1 protocol connections.
--TLS v1 connections are preferred.
-+TLS v1.2 connections are preferred.
-+
-+Default: YES
-+.TP
-+.B ssl_tlsv1_1
-+Only applies if
-+.BR ssl_enable
-+is activated. If enabled, this option will permit TLS v1.1 protocol connections.
-+TLS v1.2 connections are preferred.
-+
-+Default: YES
-+.TP
-+.B ssl_tlsv1_2
-+Only applies if
-+.BR ssl_enable
-+is activated. If enabled, this option will permit TLS v1.2 protocol connections.
-+TLS v1.2 connections are preferred.
- 
- Default: YES
- .TP
-@@ -1044,7 +1060,7 @@ man page for further details. Note that restricting ciphers can be a useful
- security precaution as it prevents malicious remote parties forcing a cipher
- which they have found problems with.
- 
--Default: DES-CBC3-SHA
-+Default: AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384
- .TP
- .B user_config_dir
- This powerful option allows the override of any config option specified in
--- 
-2.14.4
-

0040-Use-system-wide-crypto-policy.patch

@@ -16,8 +16,8 @@ index 5440c00..354251c 100644
    install_str_setting(0, &tunable_dsa_cert_file);
    install_str_setting(0, &tunable_dh_param_file);
    install_str_setting(0, &tunable_ecdh_param_file);
--  install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384",
--          &tunable_ssl_ciphers);
+-  install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA",
+-                      &tunable_ssl_ciphers);
 +  install_str_setting("PROFILE=SYSTEM", &tunable_ssl_ciphers);
    install_str_setting(0, &tunable_rsa_private_key_file);
    install_str_setting(0, &tunable_dsa_private_key_file);

0041-Document-the-new-default-for-ssl_ciphers-in-the-man-.patch

@@ -17,15 +17,15 @@ index 3ca55e4..2a7662e 100644
  security precaution as it prevents malicious remote parties forcing a cipher
  which they have found problems with.
  
--Default: AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384
+-Default: DES-CBC3-SHA
 +By default, the system-wide crypto policy is used. See
 +.BR update-crypto-policies(8)
 +for further details.
 +
 +Default: PROFILE=SYSTEM
  .TP
- .B user_config_dir
- This powerful option allows the override of any config option specified in
+ .B ssl_sni_hostname
+ If set, SSL connections will be rejected unless the SNI hostname in the
 -- 
 2.14.4
 

0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch

@@ -1,32 +0,0 @@
-From 1c280a0b04e58ec63ce9ab5eb8d0ffe5ebbae115 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek@redhat.com>
-Date: Thu, 21 Dec 2017 14:29:25 +0100
-Subject: [PATCH 42/59] When handling FEAT command, check ssl_tlsv1_1 and
- ssl_tlsv1_2
-
-Send 'AUTH SSL' in reply to the FEAT command when the ssl_tlsv1_1
-or ssl_tlsv1_2 configuration option is enabled.
-
-The patch was written by Martin Sehnoutka.
-
-Resolves: rhbz#1432054
----
- features.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/features.c b/features.c
-index 1212980..d024366 100644
---- a/features.c
-+++ b/features.c
-@@ -22,7 +22,7 @@ handle_feat(struct vsf_session* p_sess)
-     {
-       vsf_cmdio_write_raw(p_sess, " AUTH SSL\r\n");
-     }
--    if (tunable_tlsv1)
-+    if (tunable_tlsv1 || tunable_tlsv1_1 || tunable_tlsv1_2)
-     {
-       vsf_cmdio_write_raw(p_sess, " AUTH TLS\r\n");
-     }
--- 
-2.14.4
-

0043-Enable-only-TLSv1.2-by-default.patch

@@ -1,53 +0,0 @@
-From 75c942c77aa575143c5b75637e64a925ad12641a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek@redhat.com>
-Date: Thu, 21 Dec 2017 16:38:40 +0100
-Subject: [PATCH 43/59] Enable only TLSv1.2 by default
-
-Disable TLSv1 and TLSv1.1 - enable only TLSv1.2 by default.
----
- tunables.c    | 6 +++---
- vsftpd.conf.5 | 4 ++--
- 2 files changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/tunables.c b/tunables.c
-index 354251c..9680528 100644
---- a/tunables.c
-+++ b/tunables.c
-@@ -211,9 +211,9 @@ tunables_load_defaults()
-   tunable_force_local_data_ssl = 1;
-   tunable_sslv2 = 0;
-   tunable_sslv3 = 0;
--  /* TLSv1 up to TLSv1.2 is enabled by default */
--  tunable_tlsv1 = 1;
--  tunable_tlsv1_1 = 1;
-+  tunable_tlsv1 = 0;
-+  tunable_tlsv1_1 = 0;
-+  /* Only TLSv1.2 is enabled by default */
-   tunable_tlsv1_2 = 1;
-   tunable_tilde_user_enable = 0;
-   tunable_force_anon_logins_ssl = 0;
-diff --git a/vsftpd.conf.5 b/vsftpd.conf.5
-index 2a7662e..df14027 100644
---- a/vsftpd.conf.5
-+++ b/vsftpd.conf.5
-@@ -539,7 +539,7 @@ Only applies if
- is activated. If enabled, this option will permit TLS v1 protocol connections.
- TLS v1.2 connections are preferred.
- 
--Default: YES
-+Default: NO
- .TP
- .B ssl_tlsv1_1
- Only applies if
-@@ -547,7 +547,7 @@ Only applies if
- is activated. If enabled, this option will permit TLS v1.1 protocol connections.
- TLS v1.2 connections are preferred.
- 
--Default: YES
-+Default: NO
- .TP
- .B ssl_tlsv1_2
- Only applies if
--- 
-2.14.4
-

0072-support-clang-build.patch

@@ -0,0 +1,23 @@
+From 82e326f7edba4ea35bf4d5488664947e36de5de7 Mon Sep 17 00:00:00 2001
+From: luofeng <luofeng13@huawei.com>
+Date: Mon, 11 Mar 2024 11:12:24 +0800
+Subject: [PATCH] support clang build
+
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index 0f7411c..3f736e2 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,5 +1,5 @@
+ # Makefile for systems with GNU tools
+-CC 	=	gcc
++CC 	?=	gcc
+ INSTALL	=	install
+ IFLAGS  = -idirafter dummyinc
+ #CFLAGS = -g
+-- 
+2.19.1
+

fix-str_open.patch

@@ -0,0 +1,28 @@
+diff -ruN vsftpd-3.0.3.orig/sysstr.c vsftpd-3.0.3/sysstr.c
+--- vsftpd-3.0.3.orig/sysstr.c	2020-11-17 09:47:03.872923383 +0100
++++ vsftpd-3.0.3/sysstr.c	2020-11-17 09:48:41.219754145 +0100
+@@ -74,19 +74,11 @@
+ int
+ str_open(const struct mystr* p_str, const enum EVSFSysStrOpenMode mode)
+ {
+-  enum EVSFSysUtilOpenMode open_mode = kVSFSysUtilOpenUnknown;
+-  switch (mode)
+-  {
+-    case kVSFSysStrOpenReadOnly:
+-      open_mode = kVSFSysUtilOpenReadOnly;
+-      break;
+-    case kVSFSysStrOpenUnknown:
+-      /* Fall through */
+-    default:
+-      bug("unknown mode value in str_open");
+-      break;
+-  }
+-  return vsf_sysutil_open_file(str_getbuf(p_str), open_mode);
++  if (mode == kVSFSysStrOpenReadOnly)
++    return vsf_sysutil_open_file(str_getbuf(p_str), kVSFSysUtilOpenReadOnly);
++
++  bug("unknown mode value in str_open");
++  return -1;
+ }
+ 
+ int

vsftpd-3.0.5-enable_wc_logs-replace_unprintable_with_hex.patch

@@ -0,0 +1,215 @@
+diff --git a/logging.c b/logging.c
+index 9e86808..613ff4b 100644
+--- a/logging.c
++++ b/logging.c
+@@ -171,7 +171,14 @@ vsf_log_do_log_to_file(int fd, struct mystr* p_str)
+       return;
+     }
+   }
+-  str_replace_unprintable(p_str, '?');
++  if (tunable_wc_logs_enable)
++  {
++    str_replace_unprintable_with_hex_wc(p_str);
++  }
++  else
++  {
++    str_replace_unprintable_with_hex(p_str);
++  }
+   str_append_char(p_str, '\n');
+   /* Ignore write failure; maybe the disk filled etc. */
+   (void) str_write_loop(p_str, fd);
+diff --git a/parseconf.c b/parseconf.c
+index 3cfe7da..3729818 100644
+--- a/parseconf.c
++++ b/parseconf.c
+@@ -113,6 +113,7 @@ parseconf_bool_array[] =
+   { "allow_writeable_chroot", &tunable_allow_writeable_chroot },
+   { "better_stou", &tunable_better_stou },
+   { "log_die", &tunable_log_die },
++  { "wc_logs_enable", &tunable_wc_logs_enable },
+   { 0, 0 }
+ };
+ 
+diff --git a/str.c b/str.c
+index 82b8ae4..c03e7d8 100644
+--- a/str.c
++++ b/str.c
+@@ -20,6 +20,11 @@
+ #include "utility.h"
+ #include "sysutil.h"
+ 
++#include <stdio.h>
++#include <string.h>
++#include <wchar.h>
++#include <wctype.h>
++
+ /* File local functions */
+ static void str_split_text_common(struct mystr* p_src, struct mystr* p_rhs,
+                                   const char* p_text, int is_reverse);
+@@ -723,6 +728,102 @@ str_replace_unprintable(struct mystr* p_str, char new_char)
+   }
+ }
+ 
++void
++str_replace_unprintable_with_hex(struct mystr* p_str)
++{
++  unsigned int ups_size = sizeof(unsigned int) * (p_str->len);
++  if (ups_size < p_str->len)
++  {
++    str_replace_unprintable(p_str, '?');
++    str_append_text(p_str, ": BUG: string is too long");
++    bug(p_str->p_buf);
++  }
++  unsigned int* ups = vsf_sysutil_malloc(ups_size);
++  unsigned int up_count = 0;
++  for (unsigned int i=0; i < p_str->len; i++)
++  {
++    if (!vsf_sysutil_isprint(p_str->p_buf[i]))
++    {
++      ups[up_count++] = i;
++    }
++  }
++  str_replace_positions_with_hex(p_str, ups, up_count);
++  vsf_sysutil_free(ups);
++}
++
++void str_replace_unprintable_with_hex_wc(struct mystr* p_str)
++{
++  unsigned int ups_size = sizeof(unsigned int) * (p_str->len);
++  if (ups_size < p_str->len)
++  {
++    str_replace_unprintable(p_str, '?');
++    str_append_text(p_str, ": BUG: string is too long");
++    bug(p_str->p_buf);
++  }
++  unsigned int* ups = vsf_sysutil_malloc(ups_size);
++  unsigned int up_count = 0;
++
++  size_t current = 0;
++  wchar_t pwc;
++  mbstate_t ps;
++  memset(&ps, 0, sizeof(ps));
++  ssize_t len = 0;
++  while ((len = mbrtowc(&pwc, p_str->p_buf, p_str->len - current, &ps)) > 0)
++  {
++    if (!iswprint(pwc))
++    {
++      for (int i = 0; i < len; i++)
++      {
++        ups[up_count++] = current++;
++      }
++    }
++    else
++    {
++      current += len;
++    }
++  }
++  if (len < 0)
++  {
++    while (current < p_str->len)
++    {
++      ups[up_count++] = current++;
++    }
++  }
++  str_replace_positions_with_hex(p_str, ups, up_count);
++  vsf_sysutil_free(ups);
++}
++
++void
++str_replace_positions_with_hex(struct mystr* p_str, const unsigned int* poss, const unsigned int pos_count)
++{
++  if (pos_count == 0)
++    return;
++
++  struct mystr tmp_str = INIT_MYSTR;
++  str_reserve(&tmp_str, p_str->len + 3 * pos_count);
++  unsigned int current = 0;
++
++  for (unsigned int i=0; i < pos_count; i++)
++  {
++    unsigned int pos = poss[i];
++
++    if (current < pos)
++      private_str_append_memchunk(&tmp_str, p_str->p_buf + current, pos - current);
++
++    char hex_buf[5];
++    memset(hex_buf, 0, sizeof(hex_buf));
++    sprintf(hex_buf, "\\x%02X", (unsigned char) p_str->p_buf[pos]);
++    str_append_text(&tmp_str, hex_buf);
++    current = pos + 1;
++  }
++
++  if (current < p_str->len)
++    private_str_append_memchunk(&tmp_str, p_str->p_buf + current, p_str->len - current);
++
++  str_copy(p_str, &tmp_str);
++  str_free(&tmp_str);
++}
++
+ void
+ str_basename (struct mystr* d_str, const struct mystr* path)
+ {
+diff --git a/str.h b/str.h
+index 44270da..95a83b5 100644
+--- a/str.h
++++ b/str.h
+@@ -98,6 +98,10 @@ int str_contains_space(const struct mystr* p_str);
+ int str_all_space(const struct mystr* p_str);
+ int str_contains_unprintable(const struct mystr* p_str);
+ void str_replace_unprintable(struct mystr* p_str, char new_char);
++void str_replace_unprintable_with_hex(struct mystr* p_str);
++void str_replace_unprintable_with_hex_wc(struct mystr* p_str);
++void str_replace_positions_with_hex(struct mystr* p_str, const unsigned int* poss,
++                                    const unsigned int pos_count);
+ int str_atoi(const struct mystr* p_str);
+ filesize_t str_a_to_filesize_t(const struct mystr* p_str);
+ unsigned int str_octal_to_uint(const struct mystr* p_str);
+diff --git a/tunables.c b/tunables.c
+index a7ce9c8..c96c1ac 100644
+--- a/tunables.c
++++ b/tunables.c
+@@ -94,6 +94,7 @@ int tunable_seccomp_sandbox;
+ int tunable_allow_writeable_chroot;
+ int tunable_better_stou;
+ int tunable_log_die;
++int tunable_wc_logs_enable;
+ 
+ unsigned int tunable_accept_timeout;
+ unsigned int tunable_connect_timeout;
+@@ -244,6 +245,7 @@ tunables_load_defaults()
+   tunable_allow_writeable_chroot = 0;
+   tunable_better_stou = 0;
+   tunable_log_die = 0;
++  tunable_wc_logs_enable = 0;
+ 
+   tunable_accept_timeout = 60;
+   tunable_connect_timeout = 60;
+diff --git a/tunables.h b/tunables.h
+index 029d645..8d50150 100644
+--- a/tunables.h
++++ b/tunables.h
+@@ -98,6 +98,7 @@ extern int tunable_better_stou;               /* Use better file name generation
+ 					       */
+ extern int tunable_log_die;                   /* Log calls to die(), die2()
+                                                * and bug() */
++extern int tunable_wc_logs_enable;            /* Allow non ASCII characters in logs */
+ 
+ /* Integer/numeric defines */
+ extern unsigned int tunable_accept_timeout;
+diff --git a/vsftpd.conf.5 b/vsftpd.conf.5
+index ce3fba3..815773f 100644
+--- a/vsftpd.conf.5
++++ b/vsftpd.conf.5
+@@ -735,6 +735,12 @@ If enabled, use CLONE_NEWPID and CLONE_NEWIPC to isolate processes to their
+ ipc and pid namespaces. So separated processes can not interact with each other.
+ 
+ Default: YES
++.TP
++.B wc_logs_enable
++If enabled, logs will be treated as wide-character strings and not just
++ASCII strings when filtering out non-printable characters.
++
++Default: NO
+ 
+ .SH NUMERIC OPTIONS
+ Below is a list of numeric options. A numeric option must be set to a non

vsftpd.service

@@ -1,6 +1,6 @@
 [Unit]
 Description=Vsftpd ftp daemon
-After=network.target
+After=network-online.target
 
 [Service]
 Type=forking

vsftpd.spec

@@ -1,8 +1,8 @@
 %define generator_dir %{_prefix}/lib/systemd/system-generators
 
 Name:          vsftpd
-Version:       3.0.3
-Release:       30
+Version:       3.0.5
+Release:       2
 Summary:       It is a secure FTP server for Unix-like systems
 # OpenSSL link exception
 License:       GPLv2 with exceptions
@@ -18,10 +18,9 @@ Source7:       vsftpd@.service
 Source8:       vsftpd.target
 Source9:       vsftpd-generator
 Source10:      vsftpd.default.log
-BuildRequires: pam-devel libcap-devel openssl-devel systemd
+BuildRequires: pam-devel libcap-devel openssl-devel systemd vim make gcc
 Requires:      logrotate
 
-#patches from redhat see descriptions in each patch file for detailed information
 Patch1:        0001-Don-t-use-the-provided-script-to-locate-libraries.patch
 Patch2:        0002-Enable-build-with-SSL.patch
 Patch3:        0003-Enable-build-with-TCP-Wrapper.patch
@@ -54,7 +53,6 @@ Patch29:       0029-Fix-segfault-in-config-file-parser.patch
 Patch30:       0030-Fix-logging-into-syslog-when-enabled-in-config.patch
 Patch31:       0031-Fix-question-mark-wildcard-withing-a-file-name.patch
 Patch32:       0032-Propagate-errors-from-nfs-with-quota-to-client.patch
-Patch33:       0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch
 Patch34:       0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch
 Patch35:       0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch
 Patch36:       0036-Redefine-VSFTP_COMMAND_FD-to-1.patch
@@ -63,8 +61,6 @@ Patch38:       0038-Document-allow_writeable_chroot-in-the-man-page.patch
 Patch39:       0039-Improve-documentation-of-ASCII-mode-in-the-man-page.patch
 Patch40:       0040-Use-system-wide-crypto-policy.patch
 Patch41:       0041-Document-the-new-default-for-ssl_ciphers-in-the-man-.patch
-Patch42:       0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch
-Patch43:       0043-Enable-only-TLSv1.2-by-default.patch
 Patch44:       0044-Disable-anonymous_enable-in-default-config-file.patch
 Patch45:       0045-Expand-explanation-of-ascii_-options-behaviour-in-ma.patch
 Patch46:       0046-vsftpd.conf-Refer-to-the-man-page-regarding-the-asci.patch
@@ -81,6 +77,17 @@ Patch56:       0056-Log-die-calls-to-syslog.patch
 Patch57:       0057-Improve-error-message-when-max-number-of-bind-attemp.patch
 Patch58:       0058-Make-the-max-number-of-bind-retries-tunable.patch
 Patch59:       0059-Fix-SEGFAULT-when-running-in-a-container-as-PID-1.patch
+Patch61:       0001-Move-closing-standard-FDs-after-listen.patch
+Patch62:       0002-Prevent-recursion-in-bug.patch
+Patch63:       0001-Set-s_uwtmp_inserted-only-after-record-insertion-rem.patch
+Patch64:       0002-Repeat-pututxline-if-it-fails-with-EINTR.patch
+Patch65:       0001-Repeat-pututxline-until-it-succeeds-if-it-fails-with.patch
+Patch67:       0001-Fix-timestamp-handling-in-MDTM.patch
+Patch68:       0002-Drop-an-unused-global-variable.patch
+Patch69:       0001-Remove-a-hint-about-the-ftp_home_dir-SELinux-boolean.patch
+Patch70:       fix-str_open.patch
+Patch71:       vsftpd-3.0.5-enable_wc_logs-replace_unprintable_with_hex.patch
+Patch72:       0072-support-clang-build.patch
 
 Patch9000:     bugfix-change-the-default-value-of-tunable_reverse_lookup_e.patch
 
@@ -99,7 +106,7 @@ This package contains man directory manuals.
 %autosetup -p1
 
 %build
-make CFLAGS="$RPM_OPT_FLAGS -fpie -pipe -Wextra -Werror" LINK="-pie -lssl" %{?_smp_mflags}
+make CFLAGS="$RPM_OPT_FLAGS -fpie -pipe -Wextra" LINK="-pie -lssl $RPM_LD_FLAGS" %{?_smp_mflags}
 
 %install
 install -d %{buildroot}{%{_unitdir},%{generator_dir},%{_var}/ftp/pub}
@@ -147,6 +154,30 @@ cp -f %{SOURCE1} ./
 %{_mandir}/man8/vsftpd.*
 
 %changelog
+* Fri Mar 1 2024 luofeng <luofeng13@huawei.com> - 3.0.5-2
+- support clang build
+
+* Thu Nov 17 2022 zhouyihang <zhouyihang3@h-partners.com> - 3.0.5-1
+- Type:requirement
+- ID:NA
+- SUG:NA
+- DESC:update vsftpd to 3.0.5
+
+* Tue Jan 26 2021 orange-snn <songnannan2@huawei.com> - 3.0.3-33
+- remove Werror in build flags to fix building error.
+
+* Tue Dec 15 2020 xihaochen <xihaochen@huawei.com> - 3.0.3-32
+- Type:requirement
+- ID:NA
+- SUG:NA
+- DESC:remove redhat keyword
+
+* Sat Sep 05 2020 zengwefeng<zwfeng@huawei.com> - 3.0.3-31
+- Type:NA
+- Id:NA
+- SUG:NA
+- DESC: add yaml file
+
 * Fri Dec 20 2019 openEuler Buildteam <buildteam@openeuler.org> - 3.0.3-30
 - Type:bugfix
 - Id:NA

vsftpd.target

@@ -1,6 +1,6 @@
 [Unit]
 Description=FTP daemon
-After=network.target
+After=network-online.target
 
 [Install]
 WantedBy=multi-user.target

vsftpd.yaml

@@ -0,0 +1,4 @@
+version_control: github
+src_repo: dagwieers/vsftpd
+tag_prefix: ^v
+separator: .

vsftpd@.service

@@ -1,6 +1,6 @@
 [Unit]
 Description=Vsftpd ftp daemon
-After=network.target
+After=network-online.target
 PartOf=vsftpd.target
 
 [Service]