CaROS/meta-openembedded
3
1
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-01-01 13:58:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Revert "vsftpd: add new package"

Browse Source 
wrong patch picked up from patchwork

This reverts commit f89d930201.
This commit is contained in:
Koen Kooi 2012-02-22 12:22:49 +01:00
parent f89d930201
commit a09b3ed3e1
13 changed files with 0 additions and 733 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
vsftpd/01-builddefs.patch
View File

@ -1,18 +0,0 @@
Author: Daniel Jacobowitz <dan@debian.org>
Description: Build with tcpwrapper and SSL support.
diff -Naurp vsftpd.orig/builddefs.h vsftpd/builddefs.h
--- vsftpd.orig/builddefs.h 2009-01-31 00:02:36.000000000 +0000
+++ vsftpd/builddefs.h 2009-01-31 00:26:34.000000000 +0000
@@ -1,9 +1,9 @@
#ifndef VSF_BUILDDEFS_H
#define VSF_BUILDDEFS_H
-#undef VSF_BUILD_TCPWRAPPERS
+#define VSF_BUILD_TCPWRAPPERS 1
#define VSF_BUILD_PAM
-#undef VSF_BUILD_SSL
+#define VSF_BUILD_SSL
#endif /* VSF_BUILDDEFS_H */

120
vsftpd/02-config.patch
View File

@ -1,120 +0,0 @@
Author: Daniel Jacobowitz <dan@debian.org>
Description: Set default configuration.
diff -Naurp vsftpd.orig/tunables.c vsftpd/tunables.c
--- vsftpd.orig/tunables.c 2009-07-15 22:08:27.000000000 +0200
+++ vsftpd/tunables.c 2009-11-06 13:33:34.000000000 +0100
@@ -246,7 +246,7 @@ tunables_load_defaults()
/* -rw------- */
tunable_chown_upload_mode = 0600;
- install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir);
+ install_str_setting("/var/run/vsftpd/empty", &tunable_secure_chroot_dir);
install_str_setting("ftp", &tunable_ftp_username);
install_str_setting("root", &tunable_chown_username);
install_str_setting("/var/log/xferlog", &tunable_xferlog_file);
@@ -256,7 +256,7 @@ tunables_load_defaults()
install_str_setting(0, &tunable_ftpd_banner);
install_str_setting("/etc/vsftpd.banned_emails", &tunable_banned_email_file);
install_str_setting("/etc/vsftpd.chroot_list", &tunable_chroot_list_file);
- install_str_setting("ftp", &tunable_pam_service_name);
+ install_str_setting("vsftpd", &tunable_pam_service_name);
install_str_setting("ftp", &tunable_guest_username);
install_str_setting("/etc/vsftpd.user_list", &tunable_userlist_file);
install_str_setting(0, &tunable_anon_root);
diff -Naurp vsftpd.orig/vsftpd.conf vsftpd/vsftpd.conf
--- vsftpd.orig/vsftpd.conf 2009-11-06 08:41:11.000000000 +0100
+++ vsftpd/vsftpd.conf 2009-11-06 13:35:37.000000000 +0100
@@ -8,6 +8,17 @@
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
+#
+# Run standalone? vsftpd can run either from an inetd or as a standalone
+# daemon started from an initscript.
+listen=YES
+#
+# Run standalone with IPv6?
+# Like the listen parameter, except vsftpd will listen on an IPv6 socket
+# instead of an IPv4 one. This parameter and the listen parameter are mutually
+# exclusive.
+#listen_ipv6=YES
+#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES
#
@@ -34,6 +45,12 @@ anonymous_enable=YES
# go into a certain directory.
dirmessage_enable=YES
#
+# If enabled, vsftpd will display directory listings with the time
+# in your local time zone. The default is to display GMT. The
+# times returned by the MDTM FTP command are also affected by this
+# option.
+use_localtime=YES
+#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
@@ -89,6 +106,11 @@ connect_from_port_20=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
+# You may restrict local users to their home directories. See the FAQ for
+# the possible risks in this before using chroot_local_user or
+# chroot_list_enable below.
+#chroot_local_user=YES
+#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
@@ -103,12 +125,20 @@ connect_from_port_20=YES
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
-# When "listen" directive is enabled, vsftpd runs in standalone mode and
-# listens on IPv4 sockets. This directive cannot be used in conjunction
-# with the listen_ipv6 directive.
-listen=YES
+# Customization
#
-# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
-# sockets, you must run two copies of vsftpd with two configuration files.
-# Make sure, that one of the listen options is commented !!
-#listen_ipv6=YES
+# Some of vsftpd's settings don't fit the filesystem layout by
+# default.
+#
+# This option should be the name of a directory which is empty. Also, the
+# directory should not be writable by the ftp user. This directory is used
+# as a secure chroot() jail at times vsftpd does not require filesystem
+# access.
+secure_chroot_dir=/var/run/vsftpd/empty
+#
+# This string is the name of the PAM service vsftpd will use.
+pam_service_name=vsftpd
+#
+# This option specifies the location of the RSA certificate to use for SSL
+# encrypted connections.
+rsa_cert_file=/etc/ssl/private/vsftpd.pem
diff -Naurp vsftpd.orig/vsftpd.conf.5 vsftpd/vsftpd.conf.5
--- vsftpd.orig/vsftpd.conf.5 2009-11-06 08:41:11.000000000 +0100
+++ vsftpd/vsftpd.conf.5 2009-11-06 13:37:10.000000000 +0100
@@ -940,7 +940,7 @@ Default: nobody
.B pam_service_name
This string is the name of the PAM service vsftpd will use.
-Default: ftp
+Default: vsftpd
.TP
.B pasv_address
Use this option to override the IP address that vsftpd will advertise in
@@ -969,7 +969,7 @@ This option should be the name of a dire
directory should not be writable by the ftp user. This directory is used
as a secure chroot() jail at times vsftpd does not require filesystem access.
-Default: /usr/share/empty
+Default: /var/run/vsftpd/empty
.TP
.B ssl_ciphers
This option can be used to select which SSL ciphers vsftpd will allow for

19
vsftpd/03-db-doc.patch
View File

@ -1,19 +0,0 @@
Author: shaul Karl <shaulkarl@yahoo.com>
Description:
A short explanation how to find out the right db version (Closes: #478282).
diff -Naurp vsftpd.orig/EXAMPLE/VIRTUAL_USERS/README vsftpd/EXAMPLE/VIRTUAL_USERS/README
--- vsftpd.orig/EXAMPLE/VIRTUAL_USERS/README 2009-01-31 00:02:36.000000000 +0000
+++ vsftpd/EXAMPLE/VIRTUAL_USERS/README 2009-01-31 01:38:11.000000000 +0000
@@ -21,7 +21,10 @@ NOTE: Many systems have multiple version
need to use e.g. db3_load for correct operation. This is known to affect
some Debian systems. The core issue is that pam_userdb expects its login
database to be a specific db version (often db3, whereas db4 may be installed
-on your system).
+on your system). You might check ahead what specific db version you'll need
+by looking at the dependcies of the pam module. Some methods to do that is to
+run ldd on the pam_userdb.so or look at the dependencies of the package with
+the pam modules.
This will create /etc/vsftpd_login.db. Obviously, you may want to make sure
the permissions are restricted:

91
vsftpd/04-link-local.patch
View File

@ -1,91 +0,0 @@
Author: Michael Stapelberg <michael@stapelberg.de>
Description:
vsftpd does not accept IPv6 scope identifier in listen_address6
(Closes: #544993).
.
When specifying a link-local address, you need a scope identifier (tha name of
the index usually), thus you cannot use the following:
listen_address6=fe80::21f:16ff:fe06:3aab
but you have to use:
listen_address6=fe80::21f:16ff:fe06:3aab%eth0
so that it is clear on which interface this link-local address should be used.
.
Unfortunately, vsftpd does not correctly parse the address mentioned above and
thus fails to be useful in link-local-only environments.
.
This patch fixes it.
diff -Naurp vsftpd.orig/standalone.c vsftpd/standalone.c
--- vsftpd.orig/standalone.c 2009-10-02 14:15:18.000000000 +0200
+++ vsftpd/standalone.c 2009-10-17 17:10:02.000000000 +0200
@@ -7,6 +7,8 @@
* Code to listen on the network and launch children servants.
*/
+#include <net/if.h>
+
#include "standalone.h"
#include "parseconf.h"
@@ -111,8 +113,17 @@ vsf_standalone_main(void)
else
{
struct mystr addr_str = INIT_MYSTR;
+ struct mystr scope_id = INIT_MYSTR;
const unsigned char* p_raw_addr;
+ unsigned int if_index = 0;
+
+ /* See if we got a scope id */
str_alloc_text(&addr_str, tunable_listen_address6);
+ str_split_char(&addr_str, &scope_id, '%');
+ if (str_getlen(&scope_id) > 0) {
+ if_index = if_nametoindex(str_getbuf(&scope_id));
+ str_free(&scope_id);
+ }
p_raw_addr = vsf_sysutil_parse_ipv6(&addr_str);
str_free(&addr_str);
if (!p_raw_addr)
@@ -120,6 +131,7 @@ vsf_standalone_main(void)
die2("bad listen_address6: ", tunable_listen_address6);
}
vsf_sysutil_sockaddr_set_ipv6addr(p_sockaddr, p_raw_addr);
+ vsf_sysutil_sockaddr_set_ipv6scope(p_sockaddr, if_index);
}
retval = vsf_sysutil_bind(listen_sock, p_sockaddr);
vsf_sysutil_free(p_sockaddr);
diff -Naurp vsftpd.orig/sysutil.c vsftpd/sysutil.c
--- vsftpd.orig/sysutil.c 2009-10-02 14:15:18.000000000 +0200
+++ vsftpd/sysutil.c 2009-10-17 17:10:02.000000000 +0200
@@ -2039,6 +2039,19 @@ vsf_sysutil_sockaddr_set_ipv6addr(struct
}
}
+int
+vsf_sysutil_sockaddr_get_ipv6scope(struct vsf_sysutil_sockaddr* p_sockptr)
+{
+ return p_sockptr->u.u_sockaddr_in6.sin6_scope_id;
+}
+
+void
+vsf_sysutil_sockaddr_set_ipv6scope(struct vsf_sysutil_sockaddr* p_sockptr,
+ const int scope_id)
+{
+ p_sockptr->u.u_sockaddr_in6.sin6_scope_id = scope_id;
+}
+
const void*
vsf_sysutil_sockaddr_ipv6_v4(const struct vsf_sysutil_sockaddr* p_addr)
{
diff -Naurp vsftpd.orig/sysutil.h vsftpd/sysutil.h
--- vsftpd.orig/sysutil.h 2009-10-02 14:15:18.000000000 +0200
+++ vsftpd/sysutil.h 2009-10-17 17:10:02.000000000 +0200
@@ -228,6 +228,9 @@ void vsf_sysutil_sockaddr_set_ipv4addr(s
const unsigned char* p_raw);
void vsf_sysutil_sockaddr_set_ipv6addr(struct vsf_sysutil_sockaddr* p_sockptr,
const unsigned char* p_raw);
+void vsf_sysutil_sockaddr_set_ipv6scope(struct vsf_sysutil_sockaddr* p_sockptr,
+ const int scope_id);
+int vsf_sysutil_sockaddr_get_ipv6scope(struct vsf_sysutil_sockaddr* p_sockptr);
void vsf_sysutil_sockaddr_set_any(struct vsf_sysutil_sockaddr* p_sockaddr);
unsigned short vsf_sysutil_sockaddr_get_port(
const struct vsf_sysutil_sockaddr* p_sockptr);

81
vsftpd/05-whitespaces.patch
View File

@ -1,81 +0,0 @@
Author: Jiri Skala <jskala@redhat.com>
Description: trim white spaces from option values (Closes: #419857, #536803).
diff -Naurp vsftpd.orig/parseconf.c vsftpd/parseconf.c
--- vsftpd.orig/parseconf.c 2009-10-02 14:15:18.000000000 +0200
+++ vsftpd/parseconf.c 2009-10-18 11:28:31.000000000 +0200
@@ -275,7 +275,7 @@ vsf_parseconf_load_setting(const char* p
}
else
{
- *p_curr_setting = str_strdup(&s_value_str);
+ *p_curr_setting = str_strdup_trimmed(&s_value_str);
}
return;
}
diff -Naurp vsftpd.orig/str.c vsftpd/str.c
--- vsftpd.orig/str.c 2009-10-02 14:15:18.000000000 +0200
+++ vsftpd/str.c 2009-10-18 11:28:31.000000000 +0200
@@ -89,6 +89,18 @@ str_strdup(const struct mystr* p_str)
return vsf_sysutil_strdup(str_getbuf(p_str));
}
+const char*
+str_strdup_trimmed(const struct mystr* p_str)
+{
+ const char* p_trimmed = str_getbuf(p_str);
+ int h, t, newlen;
+
+ for (h = 0; h < (int)str_getlen(p_str) && vsf_sysutil_isspace(p_trimmed[h]); h++) ;
+ for (t = str_getlen(p_str) - 1; t >= 0 && vsf_sysutil_isspace(p_trimmed[t]); t--) ;
+ newlen = t - h + 1;
+ return newlen ? vsf_sysutil_strndup(p_trimmed+h, (unsigned int)newlen) : 0L;
+}
+
void
str_alloc_alt_term(struct mystr* p_str, const char* p_src, char term)
{
diff -Naurp vsftpd.orig/str.h vsftpd/str.h
--- vsftpd.orig/str.h 2009-10-02 14:15:18.000000000 +0200
+++ vsftpd/str.h 2009-10-18 11:28:31.000000000 +0200
@@ -31,6 +31,7 @@ void str_alloc_ulong(struct mystr* p_str
void str_alloc_filesize_t(struct mystr* p_str, filesize_t the_filesize);
void str_copy(struct mystr* p_dest, const struct mystr* p_src);
const char* str_strdup(const struct mystr* p_str);
+const char* str_strdup_trimmed(const struct mystr* p_str);
void str_empty(struct mystr* p_str);
void str_free(struct mystr* p_str);
void str_trunc(struct mystr* p_str, unsigned int trunc_len);
diff -Naurp vsftpd.orig/sysutil.c vsftpd/sysutil.c
--- vsftpd.orig/sysutil.c 2009-10-02 14:15:18.000000000 +0200
+++ vsftpd/sysutil.c 2009-10-18 11:28:31.000000000 +0200
@@ -1033,6 +1033,18 @@ vsf_sysutil_strdup(const char* p_str)
return strdup(p_str);
}
+char*
+vsf_sysutil_strndup(const char* p_str, unsigned int p_len)
+{
+ char *new = (char *)malloc(p_len+1);
+
+ if (new == NULL)
+ return NULL;
+
+ new[p_len]='\0';
+ return (char *)memcpy(new, p_str, p_len);
+}
+
void
vsf_sysutil_memclr(void* p_dest, unsigned int size)
{
diff -Naurp vsftpd.orig/sysutil.h vsftpd/sysutil.h
--- vsftpd.orig/sysutil.h 2009-10-02 14:15:18.000000000 +0200
+++ vsftpd/sysutil.h 2009-10-18 11:28:31.000000000 +0200
@@ -186,6 +186,7 @@ int vsf_sysutil_wait_get_exitcode(
/* Various string functions */
unsigned int vsf_sysutil_strlen(const char* p_text);
char* vsf_sysutil_strdup(const char* p_str);
+char* vsf_sysutil_strndup(const char* p_str, unsigned int p_len);
void vsf_sysutil_memclr(void* p_dest, unsigned int size);
void vsf_sysutil_memcpy(void* p_dest, const void* p_src,
const unsigned int size);

32
vsftpd/06-greedy.patch
View File

@ -1,32 +0,0 @@
Author: Martin Nagy <mnagy@redhat.com>
Description: Fix file listing issue with wildcard (Bugzilla: #392181).
diff -Naurp vsftpd.orig/ls.c vsftpd/ls.c
--- vsftpd.orig/ls.c 2009-10-02 14:15:18.000000000 +0200
+++ vsftpd/ls.c 2009-10-18 11:48:29.000000000 +0200
@@ -281,6 +281,25 @@ vsf_filename_passes_filter(const struct
{
goto out;
}
+ if (!must_match_at_current_pos)
+ {
+ struct mystr scan_fwd = INIT_MYSTR;
+
+ str_mid_to_end(&name_remain_str, &scan_fwd,
+ indexx + str_getlen(&s_match_needed_str));
+ /* We're allowed to be greedy, test if it match further along
+ * keep advancing indexx while we can still match.
+ */
+ while( (locate_result = str_locate_str(&scan_fwd, &s_match_needed_str)),
+ locate_result.found )
+ {
+ indexx += locate_result.index + str_getlen(&s_match_needed_str);
+ str_mid_to_end(&scan_fwd, &temp_str,
+ locate_result.index + str_getlen(&s_match_needed_str));
+ str_copy(&scan_fwd, &temp_str);
+ }
+ str_free(&scan_fwd);
+ }
/* Chop matched string out of remainder */
str_mid_to_end(&name_remain_str, &temp_str,
indexx + str_getlen(&s_match_needed_str));

58
vsftpd/07-utf8.patch
View File

@ -1,58 +0,0 @@
Author: Chuck Short <zulcss@ubuntu.com>
Description: Adding support for UTF8.
diff -Naurp vsftpd.orig/features.c vsftpd/features.c
--- vsftpd.orig/features.c 2008-12-04 06:00:47.000000000 +0000
+++ vsftpd/features.c 2010-02-25 13:28:06.000000000 +0000
@@ -21,6 +21,10 @@ handle_feat(struct vsf_session* p_sess)
vsf_cmdio_write_raw(p_sess, " AUTH SSL\r\n");
vsf_cmdio_write_raw(p_sess, " AUTH TLS\r\n");
}
+ if (tunable_utf8_filesystem)
+ {
+ vsf_cmdio_write_raw(p_sess, " UTF8\r\n");
+ }
if (tunable_port_enable)
{
vsf_cmdio_write_raw(p_sess, " EPRT\r\n");
diff -Naurp vsftpd.orig/parseconf.c vsftpd/parseconf.c
--- vsftpd.orig/parseconf.c 2009-08-07 18:46:40.000000000 +0000
+++ vsftpd/parseconf.c 2010-02-25 13:28:06.000000000 +0000
@@ -28,6 +28,7 @@ static struct parseconf_bool_setting
parseconf_bool_array[] =
{
{ "anonymous_enable", &tunable_anonymous_enable },
+ { "utf8_filesystem", &tunable_utf8_filesystem },
{ "local_enable", &tunable_local_enable },
{ "pasv_enable", &tunable_pasv_enable },
{ "port_enable", &tunable_port_enable },
diff -Naurp vsftpd.orig/tunables.c vsftpd/tunables.c
--- vsftpd.orig/tunables.c 2009-07-15 20:08:27.000000000 +0000
+++ vsftpd/tunables.c 2010-02-25 13:28:06.000000000 +0000
@@ -10,6 +10,7 @@
int tunable_anonymous_enable;
int tunable_local_enable;
+int tunable_utf8_filesystem;
int tunable_pasv_enable;
int tunable_port_enable;
int tunable_chroot_local_user;
@@ -146,6 +147,7 @@ tunables_load_defaults()
{
tunable_anonymous_enable = 1;
tunable_local_enable = 0;
+ tunable_utf8_filesystem = 0;
tunable_pasv_enable = 1;
tunable_port_enable = 1;
tunable_chroot_local_user = 0;
diff -Naurp vsftpd.orig/tunables.h vsftpd/tunables.h
--- vsftpd.orig/tunables.h 2009-07-07 01:37:28.000000000 +0000
+++ vsftpd/tunables.h 2010-02-25 13:28:06.000000000 +0000
@@ -11,6 +11,7 @@ void tunables_load_defaults();
/* Booleans */
extern int tunable_anonymous_enable; /* Allow anon logins */
extern int tunable_local_enable; /* Allow local logins */
+extern int tunable_utf8_filesystem; /* Server uses UTF8 Filesystem */
extern int tunable_pasv_enable; /* Allow PASV */
extern int tunable_port_enable; /* Allow PORT */
extern int tunable_chroot_local_user; /* Restrict local to home dir */

23
vsftpd/08-manpage.patch
View File

@ -1,23 +0,0 @@
Author: Daniel Baumann <daniel.baumann@progress-technologies.net>
Description: Fixing manpage formating.
diff -Naurp vsftpd.orig/vsftpd.8 vsftpd/vsftpd.8
--- vsftpd.orig/vsftpd.8 2009-07-17 20:56:23.000000000 +0000
+++ vsftpd/vsftpd.8 2010-04-08 05:18:00.000000000 +0000
@@ -57,4 +57,3 @@ setting and any identical setting that w
.Pa /etc/vsftpd.conf
.Sh SEE ALSO
.Xr vsftpd.conf 5
-.end
diff -Naurp vsftpd.orig/vsftpd.conf.5 vsftpd/vsftpd.conf.5
--- vsftpd.orig/vsftpd.conf.5 2009-10-19 02:46:30.000000000 +0000
+++ vsftpd/vsftpd.conf.5 2010-04-08 05:18:08.000000000 +0000
@@ -404,7 +404,7 @@ reuse (which proves that they know the s
channel). Although this is a secure default, it may break many FTP clients,
so you may want to disable it. For a discussion of the consequences, see
http://scarybeastsecurity.blogspot.com/2009/02/vsftpd-210-released.html
-(Added in v2.1.0).
+ (Added in v2.1.0).
Default: YES
.TP

15
vsftpd/09-s390.patch
View File

@ -1,15 +0,0 @@
Author: Philipp Kern <pkern@debian.org>
Description: Fix vsftpd on s390 (Closes: #602726).
diff -Naurp vsftpd.orig/sysdeputil.c vsftpd/sysdeputil.c
--- vsftpd.orig/sysdeputil.c 2011-09-05 16:03:18.728857644 +0200
+++ vsftpd/sysdeputil.c 2011-09-05 16:05:12.909423834 +0200
@@ -64,7 +64,7 @@
#include <utmpx.h>
/* BEGIN config */
-#if defined(__linux__)
+#if defined(__linux__) && !defined(__s390__)
#include <errno.h>
#include <syscall.h>
#define VSF_SYSDEP_HAVE_LINUX_CLONE

69
vsftpd/10-remote-dos.patch
View File

@ -1,69 +0,0 @@
Author: Ben Hutchings <ben@decadent.org.uk>
Description: Remote DoS on Linux 2.6.32 (Closes: #629373).
diff -Naurp vsftpd.orig/sysdeputil.c vsftpd/sysdeputil.c
--- vsftpd.orig/sysdeputil.c 2010-03-26 04:25:33.000000000 +0100
+++ vsftpd/sysdeputil.c 2011-09-05 15:16:05.347070790 +0200
@@ -25,6 +25,11 @@
#define _LARGEFILE64_SOURCE 1
#endif
+#ifdef __linux__
+ #include <stdio.h>
+ #include <sys/utsname.h>
+#endif
+
/* For INT_MAX */
#include <limits.h>
@@ -1259,11 +1264,36 @@ vsf_set_term_if_parent_dies()
#endif
}
+#ifdef VSF_SYSDEP_HAVE_LINUX_CLONE
+/* On Linux versions <2.6.35, netns cleanup may be so slow that
+ * creating a netns per connection allows a remote denial-of-service.
+ * We therefore do not use CLONE_NEWNET on these versions.
+ */
+static int
+vsf_sysutil_netns_cleanup_is_fast(void)
+{
+#ifdef __linux__
+ struct utsname utsname;
+ int r1, r2, r3 = 0;
+ return (uname(&utsname) == 0 &&
+ sscanf(utsname.release, "%d.%d.%d", &r1, &r2, &r3) >= 2 &&
+ ((r1 << 16) | (r2 << 8) | r3) >= ((2 << 16) | (6 << 8) | 35));
+#else
+ /* Assume any other kernel that has the feature don't have this problem */
+ return 1;
+#endif
+}
+#endif
+
int
vsf_sysutil_fork_isolate_all_failok()
{
#ifdef VSF_SYSDEP_HAVE_LINUX_CLONE
- static int cloneflags_work = 1;
+ static int cloneflags_work = -1;
+ if (cloneflags_work < 0)
+ {
+ cloneflags_work = vsf_sysutil_netns_cleanup_is_fast();
+ }
if (cloneflags_work)
{
int ret = syscall(__NR_clone,
@@ -1309,7 +1339,11 @@ int
vsf_sysutil_fork_newnet()
{
#ifdef VSF_SYSDEP_HAVE_LINUX_CLONE
- static int cloneflags_work = 1;
+ static int cloneflags_work = -1;
+ if (cloneflags_work < 0)
+ {
+ cloneflags_work = vsf_sysutil_netns_cleanup_is_fast();
+ }
if (cloneflags_work)
{
int ret = syscall(__NR_clone, CLONE_NEWNET | SIGCHLD, NULL);

105
vsftpd/vsftpd.conf
View File

@ -1,105 +0,0 @@
# Opendreambox /etc/vsftpd.conf
#
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
#xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that turning on ascii_download_enable enables malicious remote parties
# to consume your I/O resources, by issuing the command "SIZE /big/file" in
# ASCII mode.
# These ASCII options are split into upload and download because you may wish
# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
# on the client anyway..
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
ftpd_banner=Welcome to the OpenDreambox FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
ls_recurse_enable=YES
#
secure_chroot_dir=/dev/shm
local_root=/

7
vsftpd/vsftpd.xinetd.in
View File

@ -1,7 +0,0 @@
service ftp
{
socket_type = stream
user = root
server = @SBINDIR@/vsftpd
wait = no
}

95
vsftpd_2.3.5.bb
View File

@ -1,95 +0,0 @@
DESCRIPTION = "lightweight, efficient FTP server written for security"
HOMEPAGE = "https://security.appspot.com/vsftpd.html"
SECTION = "console/network"
LICENSE = "GPL-2.0-with-OpenSSL-exception"
LIC_FILES_CHKSUM = "file://COPYING;md5=a6067ad950b28336613aed9dd47b1271"
DEPENDS = "libcap openssl"
DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
SRC_URI = " \
https://security.appspot.com/downloads/${BP}.tar.gz \
file://vsftpd.xinetd.in \
file://01-builddefs.patch \
file://02-config.patch \
file://03-db-doc.patch \
file://04-link-local.patch \
file://05-whitespaces.patch \
file://06-greedy.patch \
file://07-utf8.patch \
file://08-manpage.patch \
file://09-s390.patch \
file://10-remote-dos.patch \
"
SRC_URI[md5sum] = "01398a5bef8e85b6cf2c213a4b011eca"
SRC_URI[sha256sum] = "d87ee2987df8f03e1dbe294905f7907b2798deb89c67ca965f6e2f60879e54f1"
S = "${WORKDIR}/${BP}"
inherit useradd
CFLAGS = "${TARGET_CFLAGS}"
CFLAGS += "-DVSF_BUILD_SSL=1"
CFLAGS += "${@base_contains('DISTRO_FEATURES', 'pam', '-DVSF_BUILD_PAM=1', '', d)}"
LIBS = "-lcap -lcrypt -lssl -lcrypto"
LIBS += "${@base_contains('DISTRO_FEATURES', 'pam', '-lpam', '', d)}"
LINK = "${TARGET_LDFLAGS}"
SECURE_CHROOT_DIR = "${datadir}/${BPN}/chroot"
RSA_CERT_FILE = "${sysconfdir}/ssl/private/${BPN}.pem"
do_configure() {
rm -f builddefs.h
touch builddefs.h
set_default() {
NAME=$1
VALUE=$2
sed -e "s,^#\?${NAME}=.*,${NAME}=${VALUE}," -i vsftpd.conf
}
set_default listen NO
set_default listen_ipv6 NO
set_default anonymous_enable NO
set_default local_enable YES
set_default write_enable YES
set_default anon_upload_enable NO
set_default anon_mkdir_write_enable NO
set_default dirmessage_enable NO
set_default use_localtime YES
set_default xferlog_enable NO
set_default connect_from_port_20 YES
set_default chown_uploads NO
set_default nopriv_user vsftpd
set_default async_abor_enable YES
set_default ascii_upload_enable NO
set_default ascii_download_enable NO
set_default ftpd_banner "Welcome to the ${DISTRO_NAME} FTP service!"
set_default chroot_local_user NO
set_default chroot_list_enable NO
set_default ls_recurse_enable YES
set_default secure_chroot_dir "${SECURE_CHROOT_DIR}"
set_default rsa_cert_file "${RSA_CERT_FILE}"
sed -e 's,@SBINDIR@,${sbindir},' ${WORKDIR}/vsftpd.xinetd.in > vsftpd.xinetd
}
do_compile() {
oe_runmake 'CFLAGS=${CFLAGS}' 'LIBS=${LIBS}' 'LINK=${LINK}'
}
do_install() {
install -d ${D}${sysconfdir}
install -m 644 vsftpd.conf ${D}${sysconfdir}
install -d ${D}${sbindir}
install -m 755 vsftpd ${D}${sbindir}/vsftpd
install -d ${D}${mandir}/man8
install -m 644 vsftpd.8 ${D}${mandir}/man8/vsftpd.8
install -d ${D}${mandir}/man5
install -m 644 vsftpd.conf.5 ${D}${mandir}/man5/vsftpd.conf.5
install -d ${D}${sysconfdir}/xinetd.d
install -m 644 vsftpd.xinetd ${D}${sysconfdir}/xinetd.d/vsftpd
install -d ${D}${SECURE_CHROOT_DIR}
}
RDEPENDS_${PN} = "xinetd"
USERADD_PACKAGES = "${PN}"
USERADD_PARAM_${PN} = "--home-dir ${SECURE_CHROOT_DIR} --no-create-home --system --shell /bin/false --user-group vsftpd"