[arch-commits] Commit in vsftpd/repos (11 files)

Evangelos Foutras foutrelis at archlinux.org
Tue Jul 7 19:25:43 UTC 2020


    Date: Tuesday, July 7, 2020 @ 19:25:42
  Author: foutrelis
Revision: 660157

archrelease: copy trunk to community-staging-x86_64

Added:
  vsftpd/repos/community-staging-x86_64/
  vsftpd/repos/community-staging-x86_64/PKGBUILD
    (from rev 660156, vsftpd/trunk/PKGBUILD)
  vsftpd/repos/community-staging-x86_64/vsftpd-conf-pam.patch
    (from rev 660156, vsftpd/trunk/vsftpd-conf-pam.patch)
  vsftpd/repos/community-staging-x86_64/vsftpd-disable-anonymous-access-by-default.patch
    (from rev 660156, vsftpd/trunk/vsftpd-disable-anonymous-access-by-default.patch)
  vsftpd/repos/community-staging-x86_64/vsftpd-fix-seccomp.patch
    (from rev 660156, vsftpd/trunk/vsftpd-fix-seccomp.patch)
  vsftpd/repos/community-staging-x86_64/vsftpd-ssl.service
    (from rev 660156, vsftpd/trunk/vsftpd-ssl.service)
  vsftpd/repos/community-staging-x86_64/vsftpd-ssl.socket
    (from rev 660156, vsftpd/trunk/vsftpd-ssl.socket)
  vsftpd/repos/community-staging-x86_64/vsftpd-ssl at .service
    (from rev 660156, vsftpd/trunk/vsftpd-ssl at .service)
  vsftpd/repos/community-staging-x86_64/vsftpd.service
    (from rev 660156, vsftpd/trunk/vsftpd.service)
  vsftpd/repos/community-staging-x86_64/vsftpd.socket
    (from rev 660156, vsftpd/trunk/vsftpd.socket)
  vsftpd/repos/community-staging-x86_64/vsftpd at .service
    (from rev 660156, vsftpd/trunk/vsftpd at .service)

--------------------------------------------------+
 PKGBUILD                                         |   81 +++++++++++++++++++++
 vsftpd-conf-pam.patch                            |   12 +++
 vsftpd-disable-anonymous-access-by-default.patch |   26 ++++++
 vsftpd-fix-seccomp.patch                         |   37 +++++++++
 vsftpd-ssl.service                               |   10 ++
 vsftpd-ssl.socket                                |    9 ++
 vsftpd-ssl at .service                              |    9 ++
 vsftpd.service                                   |   11 ++
 vsftpd.socket                                    |    9 ++
 vsftpd at .service                                  |    8 ++
 10 files changed, 212 insertions(+)

Copied: vsftpd/repos/community-staging-x86_64/PKGBUILD (from rev 660156, vsftpd/trunk/PKGBUILD)
===================================================================
--- community-staging-x86_64/PKGBUILD	                        (rev 0)
+++ community-staging-x86_64/PKGBUILD	2020-07-07 19:25:42 UTC (rev 660157)
@@ -0,0 +1,81 @@
+# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org>
+# Contributor: Jonathan Steel <jsteel at archlinux.org>
+# Contributor: Bartłomiej Piotrowski <nospam at bpiotrowski.pl>
+# Contributor: Andreas Radke <andyrtr at archlinux.org>
+# Contributor: judd <jvinet at zeroflux.org>
+
+pkgname=vsftpd
+pkgver=3.0.3
+pkgrel=7
+pkgdesc='Very Secure FTP daemon'
+url='https://security.appspot.com/vsftpd.html'
+arch=('x86_64')
+license=('GPL2')
+depends=('glibc' 'openssl' 'libcap' 'pam' 'libnsl')
+optdepends=('logrotate')
+backup=('etc/vsftpd.conf'
+        'etc/xinetd.d/vsftpd'
+        "etc/logrotate.d/vsftpd")
+source=(https://security.appspot.com/downloads/${pkgname}-${pkgver}.tar.gz{,.asc}
+        vsftpd-ssl.socket
+        vsftpd.socket
+        vsftpd.service
+        vsftpd at .service
+        vsftpd-ssl.service
+        vsftpd-ssl at .service
+        vsftpd-fix-seccomp.patch
+        vsftpd-conf-pam.patch
+        vsftpd-disable-anonymous-access-by-default.patch)
+sha256sums=('9d4d2bf6e6e2884852ba4e69e157a2cecd68c5a7635d66a3a8cf8d898c955ef7'
+            'SKIP'
+            'd5185e48fffc6253499a55e0fe0f90a3424fc639640af11a9d38df33fb145afe'
+            '9fdbfd2ec0207170371ca3cf2b0ddca2dc2fe3d062e5792e0d3e51474c3198c9'
+            '0597e571718ba0f4dc4b32a4ddd148103758c48c7d65dcb8bbedafc9e810e83d'
+            'd7b8e4827d4f6bafcbf52f9d2d7380958c7b08bb3f757806aa89d4bc06c9671c'
+            'b88a50fc68b3bf746d13c9a777df77791cd3eac6eb7c2df655418071c2adf422'
+            '4a55c2468b08d858f71bacf1f4885847bec8e548b0e92088068d9bdd3884af84'
+            '8bb7e4e4640137d38a2944859c2f443eea559ecb7f594c0fa4e962539107af66'
+            '751715726c4b888d5c96846ac0bd0d64238cceb28ef3c2ef447af85cdc2b79f1'
+            '4baa5a2db122974fa2a9603d335aed59dee5ad4217615fbe247301d129281d20')
+validpgpkeys=('8660FD3291B184CDBC2F6418AA62EC463C0E751C') # Chris Evans
+
+prepare() {
+  cd ${pkgname}-${pkgver}
+  # build-time config
+  sed -e 's|^#undef VSF_BUILD_SSL$|#define VSF_BUILD_SSL|' -i builddefs.h
+  sed -e 's|/usr/share/empty|/var/empty|g' -i tunables.c vsftpd.conf.5 INSTALL
+  sed -e 's|/usr/local/sbin/vsftpd|/usr/bin/vsftpd|' -i EXAMPLE/INTERNET_SITE/${pkgname}.xinetd
+
+  # fix linking to openssl 1.1
+  sed -e 's|SSL_library_init|SSL_CTX_new|' -i vsf_findlibs.sh
+
+  patch -Np1 < ../vsftpd-fix-seccomp.patch
+  patch -Np1 < ../vsftpd-conf-pam.patch
+  patch -Np1 < ../vsftpd-disable-anonymous-access-by-default.patch
+}
+
+build() {
+  cd ${pkgname}-${pkgver}
+  make LINK='' CFLAGS="${CFLAGS} ${CPPFLAGS}" LDFLAGS="${LDFLAGS}"
+}
+
+package() {
+  cd ${pkgname}-${pkgver}
+
+  install -Dm 755 ${pkgname} -t "${pkgdir}/usr/bin"
+  install -dm 755 "${pkgdir}/var/empty"
+  install -Dm 644 "${srcdir}"/{*.service,*.socket} -t "${pkgdir}/usr/lib/systemd/system"
+
+  install -Dm 644 ${pkgname}.conf -t "${pkgdir}/etc"
+  install -Dm 644 EXAMPLE/INTERNET_SITE/${pkgname}.xinetd "${pkgdir}/etc/xinetd.d/${pkgname}"
+  install -Dm 644 RedHat/vsftpd.log "${pkgdir}/etc/logrotate.d/${pkgname}"
+  install -Dm 644 RedHat/vsftpd.pam "${pkgdir}/etc/pam.d/${pkgname}"
+  # TODO: check pam /etc/ftpusers files from debian and redhat, its linked
+
+  install -Dm 644 ${pkgname}.8 -t "${pkgdir}/usr/share/man/man8"
+  install -Dm 644 ${pkgname}.conf.5 -t "${pkgdir}/usr/share/man/man5"
+  install -Dm 644 BENCHMARKS BUGS Changelog FAQ INSTALL README README.ssl REFS \
+    REWARD SPEED TODO TUNING -t "${pkgdir}/usr/share/doc/${pkgname}"
+}
+
+# vim: ts=2 sw=2 et:

Copied: vsftpd/repos/community-staging-x86_64/vsftpd-conf-pam.patch (from rev 660156, vsftpd/trunk/vsftpd-conf-pam.patch)
===================================================================
--- community-staging-x86_64/vsftpd-conf-pam.patch	                        (rev 0)
+++ community-staging-x86_64/vsftpd-conf-pam.patch	2020-07-07 19:25:42 UTC (rev 660157)
@@ -0,0 +1,12 @@
+diff --git a/vsftpd.conf b/vsftpd.conf
+index 5868675..9543536 100644
+--- a/vsftpd.conf
++++ b/vsftpd.conf
+@@ -127,3 +127,7 @@ listen=NO
+ # sockets, you must run two copies of vsftpd with two configuration files.
+ # Make sure, that one of the listen options is commented !!
+ #listen_ipv6=YES
++
++# Set own PAM service name to detect authentication settings specified
++# for vsftpd by the system package.
++pam_service_name=vsftpd

Copied: vsftpd/repos/community-staging-x86_64/vsftpd-disable-anonymous-access-by-default.patch (from rev 660156, vsftpd/trunk/vsftpd-disable-anonymous-access-by-default.patch)
===================================================================
--- community-staging-x86_64/vsftpd-disable-anonymous-access-by-default.patch	                        (rev 0)
+++ community-staging-x86_64/vsftpd-disable-anonymous-access-by-default.patch	2020-07-07 19:25:42 UTC (rev 660157)
@@ -0,0 +1,26 @@
+From ffaeebcfdb56ba75392af21c68c0bac78a226b55 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek at redhat.com>
+Date: Tue, 2 Jan 2018 09:54:43 +0100
+Subject: [PATCH 44/44] Disable anonymous_enable in default config file
+
+Resolves: rhbz#1338637
+---
+ vsftpd.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/vsftpd.conf b/vsftpd.conf
+index 39d1955..4626c1b 100644
+--- a/vsftpd.conf
++++ b/vsftpd.conf
+@@ -9,7 +9,7 @@
+ # capabilities.
+ #
+ # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
+-anonymous_enable=YES
++anonymous_enable=NO
+ #
+ # Uncomment this to allow local users to log in.
+ # When SELinux is enforcing check for SE bool ftp_home_dir
+-- 
+2.14.3
+

Copied: vsftpd/repos/community-staging-x86_64/vsftpd-fix-seccomp.patch (from rev 660156, vsftpd/trunk/vsftpd-fix-seccomp.patch)
===================================================================
--- community-staging-x86_64/vsftpd-fix-seccomp.patch	                        (rev 0)
+++ community-staging-x86_64/vsftpd-fix-seccomp.patch	2020-07-07 19:25:42 UTC (rev 660157)
@@ -0,0 +1,37 @@
+From ecaa07c31a68bca0e4c8159d447e0b9ef7c5b350 Mon Sep 17 00:00:00 2001
+From: Olivier Brunel <jjk at jjacky.com>
+Date: Fri, 14 Apr 2017 22:50:31 +0200
+Subject: [PATCH] Fix unable to list dirs w/ more than 31 items
+
+Trying to list directories with more than 31 items would fail due to seccomp
+filter being too strict:
+
+ftp> ls dir
+200 PORT command successful. Consider using PASV.
+150 Here comes the directory listing.
+500 OOPS: 421 Service not available, remote server has closed connection
+
+This was due to vsftpd calling qsort() and glibc in turn calling
+sysinfo(), which wasn't allowed, hence SIGSYS.
+
+Signed-off-by: Olivier Brunel <jjk at jjacky.com>
+---
+ seccompsandbox.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/seccompsandbox.c b/seccompsandbox.c
+index 2c350a9..13c8c78 100644
+--- a/seccompsandbox.c
++++ b/seccompsandbox.c
+@@ -297,6 +297,8 @@ seccomp_sandbox_setup_base()
+   allow_nr_1_arg_mask(__NR_mprotect, 3, PROT_READ);
+   allow_nr(__NR_munmap);
+   allow_nr(__NR_brk);
++  allow_nr(__NR_sysinfo);
++  allow_nr(__NR_getdents64);
+   /* glibc falls back gracefully if mremap() fails during realloc(). */
+   reject_nr(__NR_mremap, ENOSYS);
+ 
+-- 
+2.12.2
+

Copied: vsftpd/repos/community-staging-x86_64/vsftpd-ssl.service (from rev 660156, vsftpd/trunk/vsftpd-ssl.service)
===================================================================
--- community-staging-x86_64/vsftpd-ssl.service	                        (rev 0)
+++ community-staging-x86_64/vsftpd-ssl.service	2020-07-07 19:25:42 UTC (rev 660157)
@@ -0,0 +1,10 @@
+[Unit]
+Description=vsftpd daemon (legacy implicit SSL)
+
+[Service]
+ExecStart=/usr/bin/vsftpd -oimplicit_ssl=yes
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+
+[Install]
+WantedBy=multi-user.target

Copied: vsftpd/repos/community-staging-x86_64/vsftpd-ssl.socket (from rev 660156, vsftpd/trunk/vsftpd-ssl.socket)
===================================================================
--- community-staging-x86_64/vsftpd-ssl.socket	                        (rev 0)
+++ community-staging-x86_64/vsftpd-ssl.socket	2020-07-07 19:25:42 UTC (rev 660157)
@@ -0,0 +1,9 @@
+[Unit]
+Conflicts=vsftpd.service
+
+[Socket]
+ListenStream=990
+Accept=yes
+
+[Install]
+WantedBy=sockets.target

Copied: vsftpd/repos/community-staging-x86_64/vsftpd-ssl at .service (from rev 660156, vsftpd/trunk/vsftpd-ssl at .service)
===================================================================
--- community-staging-x86_64/vsftpd-ssl at .service	                        (rev 0)
+++ community-staging-x86_64/vsftpd-ssl at .service	2020-07-07 19:25:42 UTC (rev 660157)
@@ -0,0 +1,9 @@
+[Unit]
+Description=vsftpd per-connection server (legacy implicit SSL)
+
+[Service]
+ExecStart=-/usr/bin/vsftpd -oimplicit_ssl=yes
+ExecReload=/bin/kill -HUP $MAINPID
+StandardInput=socket
+StandardOutput=socket
+StandardError=syslog

Copied: vsftpd/repos/community-staging-x86_64/vsftpd.service (from rev 660156, vsftpd/trunk/vsftpd.service)
===================================================================
--- community-staging-x86_64/vsftpd.service	                        (rev 0)
+++ community-staging-x86_64/vsftpd.service	2020-07-07 19:25:42 UTC (rev 660157)
@@ -0,0 +1,11 @@
+[Unit]
+Description=vsftpd daemon
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/vsftpd
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+
+[Install]
+WantedBy=multi-user.target

Copied: vsftpd/repos/community-staging-x86_64/vsftpd.socket (from rev 660156, vsftpd/trunk/vsftpd.socket)
===================================================================
--- community-staging-x86_64/vsftpd.socket	                        (rev 0)
+++ community-staging-x86_64/vsftpd.socket	2020-07-07 19:25:42 UTC (rev 660157)
@@ -0,0 +1,9 @@
+[Unit]
+Conflicts=vsftpd.service
+
+[Socket]
+ListenStream=21
+Accept=yes
+
+[Install]
+WantedBy=sockets.target

Copied: vsftpd/repos/community-staging-x86_64/vsftpd at .service (from rev 660156, vsftpd/trunk/vsftpd at .service)
===================================================================
--- community-staging-x86_64/vsftpd at .service	                        (rev 0)
+++ community-staging-x86_64/vsftpd at .service	2020-07-07 19:25:42 UTC (rev 660157)
@@ -0,0 +1,8 @@
+[Unit]
+Description=vsftpd per-connection server
+
+[Service]
+ExecStart=-/usr/bin/vsftpd
+ExecReload=/bin/kill -HUP $MAINPID
+StandardInput=socket
+StandardError=syslog



More information about the arch-commits mailing list