From 3df458e772bf2a341ebdc133f108f98471033f15 Mon Sep 17 00:00:00 2001
From: psimons <>
Date: Jun 11 2025 17:02:18 +0000
Subject: Update vsftpd to version 3.0.5 / rev 92 via SR 1284733


https://build.opensuse.org/request/show/1284733
by user psimons + anag_factory
- Apply "terminate-peers-on-quit.patch" to introduce the new
  internal PRIV_SOCK_QUIT command which vsftpd sends to privileged
  parent processes to properly shut down the TLS connection in case
  we've received QUIT from the session client. This change avoids
  misleading error messages in the servers log file. [bsc#1199250]

---

diff --git a/.files b/.files
index 6d48989..92a5a2d 100644
Binary files a/.files and b/.files differ
diff --git a/.rev b/.rev
index 9aea941..bd32984 100644
--- a/.rev
+++ b/.rev
@@ -973,4 +973,16 @@ confusing &quot;failed to try-restart&quot; error message. [bsc#1093179, bsc#101
     <comment></comment>
     <requestid>1268459</requestid>
   </revision>
+  <revision rev="92" vrev="17">
+    <srcmd5>545b23d0d3865f4e1afb868184e9534f</srcmd5>
+    <version>3.0.5</version>
+    <time>1749659671</time>
+    <user>anag_factory</user>
+    <comment>- Apply &quot;terminate-peers-on-quit.patch&quot; to introduce the new
+  internal PRIV_SOCK_QUIT command which vsftpd sends to privileged
+  parent processes to properly shut down the TLS connection in case
+  we've received QUIT from the session client. This change avoids
+  misleading error messages in the servers log file. [bsc#1199250]</comment>
+    <requestid>1284733</requestid>
+  </revision>
 </revisionlist>
diff --git a/terminate-peers-on-quit.patch b/terminate-peers-on-quit.patch
new file mode 100644
index 0000000..c66bb4f
--- /dev/null
+++ b/terminate-peers-on-quit.patch
@@ -0,0 +1,118 @@
+
+ 
+Index: vsftpd-3.0.5/postlogin.c
+===================================================================
+--- vsftpd-3.0.5.orig/postlogin.c
++++ vsftpd-3.0.5/postlogin.c
+@@ -184,6 +184,10 @@ process_post_login(struct vsf_session* p
+     }
+     else if (str_equal_text(&p_sess->ftp_cmd_str, "QUIT"))
+     {
++      if (!tunable_one_process_model)
++      {
++        vsf_two_process_quit(p_sess);
++      }
+       vsf_cmdio_write_exit(p_sess, FTP_GOODBYE, "Goodbye.", 0);
+     }
+     else if (str_equal_text(&p_sess->ftp_cmd_str, "PWD") ||
+Index: vsftpd-3.0.5/postprivparent.c
+===================================================================
+--- vsftpd-3.0.5.orig/postprivparent.c
++++ vsftpd-3.0.5/postprivparent.c
+@@ -73,6 +73,10 @@ process_post_login_req(struct vsf_sessio
+   {
+     cmd_process_pasv_accept(p_sess);
+   }
++  else if (cmd == PRIV_SOCK_QUIT)
++  {
++    vsf_sysutil_exit(0);
++  }
+   else
+   {
+     die("bad request in process_post_login_req");
+Index: vsftpd-3.0.5/privsock.h
+===================================================================
+--- vsftpd-3.0.5.orig/privsock.h
++++ vsftpd-3.0.5/privsock.h
+@@ -169,6 +169,7 @@ int priv_sock_get_int(int fd);
+ #define PRIV_SOCK_PASV_ACTIVE       11
+ #define PRIV_SOCK_PASV_LISTEN       12
+ #define PRIV_SOCK_PASV_ACCEPT       13
++#define PRIV_SOCK_QUIT              127
+ 
+ #define PRIV_SOCK_RESULT_OK         1
+ #define PRIV_SOCK_RESULT_BAD        2
+Index: vsftpd-3.0.5/twoprocess.c
+===================================================================
+--- vsftpd-3.0.5.orig/twoprocess.c
++++ vsftpd-3.0.5/twoprocess.c
+@@ -267,6 +267,12 @@ vsf_two_process_pasv_active(struct vsf_s
+   return priv_sock_get_int(p_sess->child_fd);
+ }
+ 
++void
++vsf_two_process_quit(struct vsf_session* p_sess)
++{
++  priv_sock_send_cmd(p_sess->child_fd, PRIV_SOCK_QUIT);
++}
++
+ unsigned short
+ vsf_two_process_listen(struct vsf_session* p_sess)
+ {
+Index: vsftpd-3.0.5/twoprocess.h
+===================================================================
+--- vsftpd-3.0.5.orig/twoprocess.h
++++ vsftpd-3.0.5/twoprocess.h
+@@ -51,6 +51,14 @@ void vsf_two_process_pasv_cleanup(struct
+  */
+ int vsf_two_process_pasv_active(struct vsf_session* p_sess);
+ 
++/* vsf_two_process_quit()
++ * PURPOSE
++ * Terminate privileged side.
++ * PARAMETERS
++ * p_sess       - the current session object
++ */
++void vsf_two_process_quit(struct vsf_session* p_sess);
++
+ /* vsf_two_process_listen()
+  * PURPOSE
+  * Start listening for an incoming connection on the passive socket in the
+Index: vsftpd-3.0.5/ftpcmdio.c
+===================================================================
+--- vsftpd-3.0.5.orig/ftpcmdio.c
++++ vsftpd-3.0.5/ftpcmdio.c
+@@ -19,6 +19,7 @@
+ #include "logging.h"
+ #include "session.h"
+ #include "readwrite.h"
++#include "privsock.h"
+ 
+ /* Internal functions */
+ static int control_getline(struct mystr* p_str, struct vsf_session* p_sess);
+@@ -87,6 +88,10 @@ vsf_cmdio_write_exit(struct vsf_session*
+   vsf_sysutil_shutdown_read_failok(VSFTP_COMMAND_FD);
+   vsf_cmdio_write(p_sess, status, p_text);
+   vsf_sysutil_shutdown_failok(VSFTP_COMMAND_FD);
++  if (p_sess->data_use_ssl && p_sess->ssl_slave_active)
++  {
++    priv_sock_send_cmd(p_sess->ssl_consumer_fd, PRIV_SOCK_QUIT);
++  }
+   vsf_sysutil_exit(exit_val);
+ }
+ 
+Index: vsftpd-3.0.5/sslslave.c
+===================================================================
+--- vsftpd-3.0.5.orig/sslslave.c
++++ vsftpd-3.0.5/sslslave.c
+@@ -43,6 +43,10 @@ ssl_slave(struct vsf_session* p_sess)
+         priv_sock_send_str(p_sess->ssl_slave_fd, &p_sess->ftp_cmd_str);
+       }
+     }
++    else if (cmd == PRIV_SOCK_QUIT)
++    {
++      vsf_sysutil_exit(0);
++    }
+     else if (cmd == PRIV_SOCK_WRITE_USER_RESP)
+     {
+       priv_sock_get_str(p_sess->ssl_slave_fd, &p_sess->ftp_cmd_str);
diff --git a/vsftpd.changes b/vsftpd.changes
index a569907..d135077 100644
--- a/vsftpd.changes
+++ b/vsftpd.changes
@@ -1,4 +1,13 @@
 -------------------------------------------------------------------
+Wed Jun 11 09:05:12 UTC 2025 - Peter Simons <psimons@suse.com>
+
+- Apply "terminate-peers-on-quit.patch" to introduce the new
+  internal PRIV_SOCK_QUIT command which vsftpd sends to privileged
+  parent processes to properly shut down the TLS connection in case
+  we've received QUIT from the session client. This change avoids
+  misleading error messages in the servers log file. [bsc#1199250]
+
+-------------------------------------------------------------------
 Tue Apr  8 09:45:09 UTC 2025 - Friedrich Haubensak <hsk17@mail.de>
 
 - add -std=gnu17 to CFLAGS to fix gcc15 compile time error
diff --git a/vsftpd.spec b/vsftpd.spec
index 96bb067..24bd859 100644
--- a/vsftpd.spec
+++ b/vsftpd.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package vsftpd
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -101,6 +101,7 @@ Patch45:        disable-tls13-to-support-older-openssl-versions.patch
 Patch46:        0001-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch
 #PATCH-FIX-OPENSUSE bsc#1211301 Enable crypto-policies support
 Patch47:        vsftpd-use-system-wide-crypto-policy.patch
+Patch48:        terminate-peers-on-quit.patch
 BuildRequires:  libcap-devel
 %if 0%{?suse_version} == 1315
 BuildRequires:  libopenssl-1_1-devel >= 1.1.1
@@ -189,6 +190,7 @@ tests.
 %endif
 %patch -P 46 -p1
 %patch -P 47 -p1
+%patch -P 48 -p1
 
 %build
 %define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP